diff options
Diffstat (limited to 'tests/auto/network/ssl/qsslcertificate')
54 files changed, 2223 insertions, 0 deletions
diff --git a/tests/auto/network/ssl/qsslcertificate/.gitignore b/tests/auto/network/ssl/qsslcertificate/.gitignore new file mode 100644 index 0000000000..25b34756b7 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/.gitignore @@ -0,0 +1 @@ +tst_qsslcertificate diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/ca-cert.pem b/tests/auto/network/ssl/qsslcertificate/certificates/ca-cert.pem new file mode 100644 index 0000000000..bcba68aefa --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/ca-cert.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIC5TCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVTET +MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx +HDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0IGJpdCkwHhcNOTkxMjAyMjEzODUxWhcN +MDUwNzEwMjEzODUxWjBbMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu +ZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxGzAZBgNVBAMTElRlc3QgQ0Eg +KDEwMjQgYml0KTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo7ujy3XXpU/p +yDJtOxkMJmGv3mdiVm7JrdoKLUgqjO2rBaeNuYMUiuI6oYU+tlD6agwRML0Pn2JF +b90VdK/UXrmRr9djaEuH17EIKjte5RwOzndCndsjcCYyoeODMTyg7dqPIkDMmRNM +5R5xBTabD+Aji0wzQupYxBLuW5PLj7ECAwEAAaOBtzCBtDAdBgNVHQ4EFgQU1WWA +U42mkhi3ecgey1dsJjU61+UwgYQGA1UdIwR9MHuAFE0RaEcrj18q1dw+G6nJbsTW +R213oWCkXjBcMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG +A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxHDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0 +IGJpdCmCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBb39BRphHL +6aRAQyymsvBvPSCiG9+kR0R1L23aTpNbhXp2BebyFjbEQYZc2kWGiKKcHkNECA35 +3d4LoqUlVey8DFyafOIJd9hxdZfg+rxlHMxnL7uCJRmx9+xB411Jtsol9/wg1uCK +sleGpgB4j8cG2SVCz7V2MNZNK+d5QCnR7A== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425 +gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd +2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB +AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6 +hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2 +J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs +HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL +21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s +nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz +MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa +pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb +KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2 +XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ +-----END RSA PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/ca-cert.pem.digest-md5 b/tests/auto/network/ssl/qsslcertificate/certificates/ca-cert.pem.digest-md5 new file mode 100644 index 0000000000..800a05b030 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/ca-cert.pem.digest-md5 @@ -0,0 +1 @@ +MD5 Fingerprint=EF:02:83:EA:AC:AF:6A:D0:8D:4F:56:A8:2B:A1:C5:D3 diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/ca-cert.pem.digest-sha1 b/tests/auto/network/ssl/qsslcertificate/certificates/ca-cert.pem.digest-sha1 new file mode 100644 index 0000000000..df311a8dcb --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/ca-cert.pem.digest-sha1 @@ -0,0 +1 @@ +SHA1 Fingerprint=A6:CC:2A:D7:E3:8F:49:E7:8B:4F:76:E8:E0:FA:37:5E:62:2F:66:23 diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss-san-utf8.pem b/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss-san-utf8.pem new file mode 100644 index 0000000000..e1b731d69b --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss-san-utf8.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICkTCCAfqgAwIBAgIJAL1nF+PLAF2KMA0GCSqGSIb3DQEBBQUAMGkxKzApBgNV +BAoMIkjElcSCxrLDvyDKjeG6v8qI4bq34bi7IFLDqWPDtnJkxZ0xFTATBgNVBAsM +DOOIp0HjiYHvvatCQzEWMBQGA1UEAwwNSm9obm55IEd1aXRhcjELMAkGA1UEBhMC +Tk8wHhcNMTEwNTA1MDgxMzEwWhcNMTEwNjA0MDgxMzEwWjBpMSswKQYDVQQKDCJI +xJXEgsayw78gyo3hur/KiOG6t+G4uyBSw6ljw7ZyZMWdMRUwEwYDVQQLDAzjiKdB +44mB772rQkMxFjAUBgNVBAMMDUpvaG5ueSBHdWl0YXIxCzAJBgNVBAYTAk5PMIGf +MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2zSxS17I6596dJE/VAmGz+06D9S8n +3C0hnIGNVu+LwbgDJTvOw0SzNj4UP72UGgd3UI1KLBg5XWIsRNmE3COJMMh6syjI +L1Ept+tVXxGL6n4gl+0nZ7dkUyxJmeFtigYrL+qCH1yd5rmf3sC3jO4IosuAiG66 +IDkJEVo64NT8ZQIDAQABo0EwPzA9BgNVHREENjA0gQ9hcm5lQGZvb2Jhci5vcmeC +Dnd3dy5mb29iYXIub3JngRFiamFybmVAZm9vYmFyLm9yZzANBgkqhkiG9w0BAQUF +AAOBgQAqVhbC0/EUFdnKlYV3PrknwGX1dPEPGJuIQHa0KpoicvNiOhs1HxBDYbzc +F6wcAMEynq4YwGKhcQLZOs2mo0LreAjA9rU/yBnqrnUW/4gxtUUvmJKK+62IjfLp +eO1L+1NcEMJiaZf8fip4VXhXdOYUhgE8WUZ1UJRC6w3T/yAgcQ== +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss-san-utf8.pem.san b/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss-san-utf8.pem.san new file mode 100644 index 0000000000..f46a637da4 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss-san-utf8.pem.san @@ -0,0 +1,5 @@ +[subj_alt_name] +subjectAltName=\ + email:arne@foobar.org,\ + DNS:www.foobar.org,\ + email:bjarne@foobar.org diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss-san.pem b/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss-san.pem new file mode 100644 index 0000000000..3d0bdfcee8 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss-san.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB9zCCAWCgAwIBAgIJAIyyZjJFdeyIMA0GCSqGSIb3DQEBBQUAMBwxGjAYBgNV +BAMTEUpvaG5ueSBHdWl0YXJDPU5PMB4XDTA3MDQyMDEwMzIzOVoXDTA3MDUyMDEw +MzIzOVowHDEaMBgGA1UEAxMRSm9obm55IEd1aXRhckM9Tk8wgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBANPgV/8gMg5Gh4vhfcoUTHXTqhcEuCh5VE/h57Ea7uj4 +1/bQtUNUvRZO21KtAmLHkFLoNQqeYbFJ4ZP7u/R/WDNk76EQtYNcMmJgSu/QRlxj +bEFFBOPPflQH7nYdneMegszzijRQ25oZhnjbyI0xZgqpNZwipBkC5lPgsrmlOckd +AgMBAAGjQTA/MD0GA1UdEQQ2MDSBD2FybmVAZm9vYmFyLm9yZ4IOd3d3LmZvb2Jh +ci5vcmeBEWJqYXJuZUBmb29iYXIub3JnMA0GCSqGSIb3DQEBBQUAA4GBAFVqCnFr +5EevQiVtAbDlTSbTJ3XWJSzjU0yf+tNYvPEIEqoDVh25YhSNWqRCMYFiUomj55WY +Rf7C4JM/eRlo99xnR4OtJzfLi+q1eKhl53cuwooajRjVOxQsdHpke51L9UzibKGw +0o8D/FNBw+D4GwIC1sdKw2UWAeaMhNzSEWKA +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss-san.pem.san b/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss-san.pem.san new file mode 100644 index 0000000000..f46a637da4 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss-san.pem.san @@ -0,0 +1,5 @@ +[subj_alt_name] +subjectAltName=\ + email:arne@foobar.org,\ + DNS:www.foobar.org,\ + email:bjarne@foobar.org diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss.der b/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss.der Binary files differnew file mode 100644 index 0000000000..ea9eedc643 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss.der diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss.der.pubkey b/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss.der.pubkey Binary files differnew file mode 100644 index 0000000000..48d2b99c3a --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss.der.pubkey diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss.pem b/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss.pem new file mode 100644 index 0000000000..b2626f3d1a --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIByTCCATICCQDiwxj6Xps7zDANBgkqhkiG9w0BAQUFADApMRowGAYDVQQDExFu +YW1lL3dpdGgvc2xhc2hlczELMAkGA1UEBhMCTk8wHhcNMDcwNDE3MDc0MDI2WhcN +MDcwNTE3MDc0MDI2WjApMRowGAYDVQQDExFuYW1lL3dpdGgvc2xhc2hlczELMAkG +A1UEBhMCTk8wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOud6QOsME+pWANE +xxgmL0iT1ayg++hTxHsqAYnm/FoMxfUh+NdKkgJn2/GfNppinfPOSI667VqonU+7 +JBZDTLV5CPbZIo9fFQpDJQN6naev4yaxU1VeYFfI7S8c8zYKeGSR+RenNNeLvfH8 +0YxPpZZ1snv8IfDH2V8MVxiyr7lLAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAT9Kz +0kg75nMzcg23J0q6OGvkj0VO6QOaAwqt6v+Kp5kgOzUEisbVt9oxZrWwkEw6dFNN +cl7Blq6HQm6beezJobhEsi3G8OjVBrTDFb+jqPi/kwXuKL3QyfY2r/LRuINGrBDi +Ewg7KuI0qZPe0bQ9NCM5TCD6qCj4vx3HdIHU4Ew= +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss.pem.digest-md5 b/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss.pem.digest-md5 new file mode 100644 index 0000000000..62f4d76072 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss.pem.digest-md5 @@ -0,0 +1 @@ +MD5 Fingerprint=F4:2B:9D:73:2B:C8:26:56:60:9C:7F:58:66:07:4A:46 diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss.pem.digest-sha1 b/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss.pem.digest-sha1 new file mode 100644 index 0000000000..02430ed89b --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss.pem.digest-sha1 @@ -0,0 +1 @@ +SHA1 Fingerprint=B5:CF:31:AE:89:FB:BA:20:31:89:BA:71:06:7C:D7:84:9D:39:9E:46 diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss.pem.pubkey b/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss.pem.pubkey new file mode 100644 index 0000000000..5344d112cb --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/cert-ss.pem.pubkey @@ -0,0 +1,6 @@ +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrnekDrDBPqVgDRMcYJi9Ik9Ws +oPvoU8R7KgGJ5vxaDMX1IfjXSpICZ9vxnzaaYp3zzkiOuu1aqJ1PuyQWQ0y1eQj2 +2SKPXxUKQyUDep2nr+MmsVNVXmBXyO0vHPM2CnhkkfkXpzTXi73x/NGMT6WWdbJ7 +/CHwx9lfDFcYsq+5SwIDAQAB +-----END PUBLIC KEY----- diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/cert.der b/tests/auto/network/ssl/qsslcertificate/certificates/cert.der Binary files differnew file mode 100644 index 0000000000..aeb8571817 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/cert.der diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/cert.der.pubkey b/tests/auto/network/ssl/qsslcertificate/certificates/cert.der.pubkey Binary files differnew file mode 100644 index 0000000000..48d2b99c3a --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/cert.der.pubkey diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/cert.pem b/tests/auto/network/ssl/qsslcertificate/certificates/cert.pem new file mode 100644 index 0000000000..295010c210 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/cert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB8zCCAVwCAREwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV +BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD +VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDcwNDE3MDc0MDI2WhcNMDcwNTE3 +MDc0MDI2WjApMRowGAYDVQQDExFuYW1lL3dpdGgvc2xhc2hlczELMAkGA1UEBhMC +Tk8wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOud6QOsME+pWANExxgmL0iT +1ayg++hTxHsqAYnm/FoMxfUh+NdKkgJn2/GfNppinfPOSI667VqonU+7JBZDTLV5 +CPbZIo9fFQpDJQN6naev4yaxU1VeYFfI7S8c8zYKeGSR+RenNNeLvfH80YxPpZZ1 +snv8IfDH2V8MVxiyr7lLAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAleaU4pgzV6KY ++q9QuXapUYMsC2GiNtDmkG3k+MTHUO8XlE4hqPrIM6rRf7zKQdZ950R2wL9FSnYl +Qm1Tdv38dCka6ivMBqvRuOt9axH3m0G7nzHL7U3zaCbtEx3yVln+b3yYtiVpTuq0 +3MLrt7tQGAW6ra8ISf6YY1W65/uVXZE= +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/cert.pem.digest-md5 b/tests/auto/network/ssl/qsslcertificate/certificates/cert.pem.digest-md5 new file mode 100644 index 0000000000..5333f63f06 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/cert.pem.digest-md5 @@ -0,0 +1 @@ +MD5 Fingerprint=B6:CF:57:34:DA:A9:73:21:82:F7:CF:4D:3D:85:31:88 diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/cert.pem.digest-sha1 b/tests/auto/network/ssl/qsslcertificate/certificates/cert.pem.digest-sha1 new file mode 100644 index 0000000000..62f84deb96 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/cert.pem.digest-sha1 @@ -0,0 +1 @@ +SHA1 Fingerprint=B6:D1:51:82:E0:29:CA:59:96:38:BD:B6:F9:40:05:91:6D:49:09:60 diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/cert.pem.pubkey b/tests/auto/network/ssl/qsslcertificate/certificates/cert.pem.pubkey new file mode 100644 index 0000000000..5344d112cb --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/cert.pem.pubkey @@ -0,0 +1,6 @@ +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrnekDrDBPqVgDRMcYJi9Ik9Ws +oPvoU8R7KgGJ5vxaDMX1IfjXSpICZ9vxnzaaYp3zzkiOuu1aqJ1PuyQWQ0y1eQj2 +2SKPXxUKQyUDep2nr+MmsVNVXmBXyO0vHPM2CnhkkfkXpzTXi73x/NGMT6WWdbJ7 +/CHwx9lfDFcYsq+5SwIDAQAB +-----END PUBLIC KEY----- diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/gencertificates.sh b/tests/auto/network/ssl/qsslcertificate/certificates/gencertificates.sh new file mode 100755 index 0000000000..0bac191326 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/gencertificates.sh @@ -0,0 +1,104 @@ +#!/bin/sh +############################################################################# +## +## Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies). +## All rights reserved. +## Contact: Nokia Corporation (qt-info@nokia.com) +## +## This file is the build configuration utility of the Qt Toolkit. +## +## $QT_BEGIN_LICENSE:LGPL$ +## GNU Lesser General Public License Usage +## This file may be used under the terms of the GNU Lesser General Public +## License version 2.1 as published by the Free Software Foundation and +## appearing in the file LICENSE.LGPL included in the packaging of this +## file. Please review the following information to ensure the GNU Lesser +## General Public License version 2.1 requirements will be met: +## http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. +## +## In addition, as a special exception, Nokia gives you certain additional +## rights. These rights are described in the Nokia Qt LGPL Exception +## version 1.1, included in the file LGPL_EXCEPTION.txt in this package. +## +## GNU General Public License Usage +## Alternatively, this file may be used under the terms of the GNU General +## Public License version 3.0 as published by the Free Software Foundation +## and appearing in the file LICENSE.GPL included in the packaging of this +## file. Please review the following information to ensure the GNU General +## Public License version 3.0 requirements will be met: +## http://www.gnu.org/copyleft/gpl.html. +## +## Other Usage +## Alternatively, this file may be used in accordance with the terms and +## conditions contained in a signed written agreement between you and Nokia. +## +## +## +## +## +## $QT_END_LICENSE$ +## +############################################################################# + +# This script generates digital certificates of different types. + +#--- Certificates --------------------------------------------------------------------------- +echo -e "\ngenerating 1024-bit RSA private key to PEM file ..." +openssl genrsa -out rsa-pri-1024.pem 1024 + +echo -e "\ngenerating the corresponding public key to PEM and DER file ..." +openssl rsa -in rsa-pri-1024.pem -pubout -out rsa-pub-1024.pem +openssl rsa -in rsa-pri-1024.pem -pubout -out rsa-pub-1024.der -outform der + +echo -e "\ngenerating certificate signing request (CSR) ..." +openssl req -out req.pem -new -key rsa-pri-1024.pem -subj "/CN=name\/with\/slashes/C=NO" + +echo -e "\n generating a self-signed certifificate to PEM file ..." +openssl x509 -req -in req.pem -out cert-ss.pem -signkey rsa-pri-1024.pem + +echo -e "\n generating a self-signed certifificate to DER file ..." +openssl x509 -req -in req.pem -out cert-ss.der -signkey rsa-pri-1024.pem -outform der + +echo -e "\n generating a certifificate signed by a dummy CA to PEM file ..." +openssl x509 -req -in req.pem -out cert.pem -CA ca-cert.pem -set_serial 17 + +echo -e "\n generating a certifificate signed by a dummy CA to DER file ..." +openssl x509 -req -in req.pem -out cert.der -CA ca-cert.pem -set_serial 17 -outform der + +#--- Public keys -------------------------------------------------------------------------------- +echo -e "\n associate public keys with all certificates ..." +# Note: For now, there is only one public key (encoded in both PEM and DER), but that could change. +/bin/cp rsa-pub-1024.pem cert-ss.pem.pubkey +/bin/cp rsa-pub-1024.der cert-ss.der.pubkey +/bin/cp rsa-pub-1024.pem cert.pem.pubkey +/bin/cp rsa-pub-1024.der cert.der.pubkey + +#--- Digests -------------------------------------------------------------------------------- +echo -e "\n generating md5 and sha1 digests of all certificates ..." +for digest in md5 sha1 +do + openssl x509 -in ca-cert.pem -noout -fingerprint -$digest > ca-cert.pem.digest-$digest + openssl x509 -in cert-ss.pem -noout -fingerprint -$digest > cert-ss.pem.digest-$digest + openssl x509 -in cert.pem -noout -fingerprint -$digest > cert.pem.digest-$digest +done + +#--- Subjet Alternative Name extension ---------------------------------------------------- +echo -e "\n generating self signed root cert. with Subject Alternative Name extension (X509v3) ..." +outname=cert-ss-san.pem +openssl req -out req-san.pem -new -key rsa-pri-1024.pem -subj "/CN=Johnny GuitarC=NO" +openssl req -x509 -in req-san.pem -out $outname -key rsa-pri-1024.pem \ + -config san.cnf -extensions subj_alt_name +/bin/cp san.cnf $outname.san + +#--- Non-ASCII Subject --------------------------------------------------------------------- +echo -e "\n generating self signed root cert. with Subject containing UTF-8 characters ..." +outname=cert-ss-san-utf8.pem +#subject="/O=HĕĂƲÿ ʍếʈặḻ Récördŝ/OU=㈧A㉁ォBC/CN=Johnny Guitar/C=NO" +subject=$'/O=H\xc4\x95\xc4\x82\xc6\xb2\xc3\xbf \xca\x8d\xe1\xba\xbf\xca\x88\xe1\xba\xb7\xe1\xb8\xbb R\xc3\xa9c\xc3\xb6rd\xc5\x9d/OU=\xe3\x88\xa7A\xe3\x89\x81\xef\xbd\xabBC/CN=Johnny Guitar/C=NO' +openssl req -out req-san.pem -new -key rsa-pri-1024.pem -utf8 -subj "$subject" +openssl req -x509 -in req-san.pem -out $outname -key rsa-pri-1024.pem \ + -config san.cnf -extensions subj_alt_name -nameopt multiline,utf8,-esc_msb +/bin/cp san.cnf $outname.san + +echo -e "\n cleaning up ..." +/bin/rm rsa-pri-1024.pem rsa-pub-1024.* req*.pem diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/san.cnf b/tests/auto/network/ssl/qsslcertificate/certificates/san.cnf new file mode 100644 index 0000000000..f46a637da4 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/certificates/san.cnf @@ -0,0 +1,5 @@ +[subj_alt_name] +subjectAltName=\ + email:arne@foobar.org,\ + DNS:www.foobar.org,\ + email:bjarne@foobar.org diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/badguy-nul-cn.crt b/tests/auto/network/ssl/qsslcertificate/more-certificates/badguy-nul-cn.crt new file mode 100644 index 0000000000..b899733bbd --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/more-certificates/badguy-nul-cn.crt @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=GB, ST=Berkshire, L=Newbury, O=My Company Ltd, OU=CA, CN=NULL-friendly CA + Validity + Not Before: Aug 4 07:33:43 2009 GMT + Not After : Aug 2 07:33:43 2019 GMT + Subject: CN=www.bank.com\x00.badguy.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:cd:26:70:96:a9:a6:5d:3e:9c:ed:0f:08:15:5a: + 7c:17:25:68:68:af:13:b9:ad:41:fa:12:54:e2:84: + 72:7d:58:d1:e2:40:42:c1:59:ed:05:3d:aa:10:53: + 70:00:88:3a:77:a0:c0:56:9e:ac:7d:21:2a:71:44: + 51:08:bc:17:07:da:a8:a3:76:dc:51:bc:1b:8a:f6: + 02:1a:55:bf:46:b4:44:6b:27:5e:be:e5:17:8b:56: + b2:c6:82:36:11:83:a8:bf:f7:2f:0d:17:f6:cd:47: + b5:6f:2b:a6:41:b6:8d:33:5f:ea:ea:8b:b1:1a:e2: + 99:38:ff:59:5b:0a:a1:71:13:ca:37:3f:b9:b0:1e: + 91:9a:c8:93:35:0c:4a:e0:9d:f4:d2:61:c7:4e:5b: + 41:0a:7c:31:54:99:db:f5:65:ce:80:d3:c2:02:37: + 64:fd:54:12:7b:ea:ac:85:59:5c:17:e1:2e:f6:d0: + a8:f2:d0:2e:94:59:2f:c2:a6:5f:da:07:de:7b:2e: + 14:07:ed:e4:27:24:37:9d:09:2e:b1:f9:5a:48:b9: + 80:24:43:e6:cb:c7:6e:35:df:d5:69:34:ff:e6:d6: + 9e:e8:76:66:6e:5f:59:01:3c:96:3b:ec:72:0b:3c: + 1e:95:0f:ce:68:13:9c:22:dd:1b:b5:44:28:50:4a: + 05:7f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 33:15:24:BE:DA:66:3A:06:8B:D9:27:34:3A:AF:62:40:E4:95:66:5D + X509v3 Authority Key Identifier: + keyid:0A:69:39:5F:9D:30:04:18:08:2E:02:0E:E6:EA:9D:B2:26:F6:E2:6A + + Signature Algorithm: sha1WithRSAEncryption + 32:65:23:1f:c8:d9:53:84:82:d0:0a:eb:14:51:24:03:bc:6c: + 1b:2a:5a:fe:1b:f0:e8:69:0c:2b:19:86:cf:7f:32:76:d8:2b: + d2:cf:8b:c4:d1:b6:5b:9c:60:a3:99:2e:92:72:06:ce:de:8b: + d2:a2:d2:89:7c:13:a9:0b:4e:be:12:09:e5:d6:28:3a:ac:a7: + 26:56:94:7f:13:ee:64:7d:de:94:60:75:c1:bc:55:97:d4:aa: + 13:8e:02:d8:b0:b0:70:53:ae:18:53:ce:aa:b2:2c:85:3e:e3: + f3:e1:26:f3:fa:5c:ee:f8:7b:0b:c6:39:b5:04:33:5e:ae:b8: + 5e:0e:66:cc:a8:c0:6a:0d:ec:60:c1:c5:d9:39:ea:bd:1b:8f: + 1c:7d:16:38:b1:e8:c8:37:01:aa:4b:99:df:e4:0f:10:be:61: + ee:9a:cf:cd:27:05:46:00:60:d8:6a:74:08:32:3c:8b:90:01: + 6a:07:33:0c:6c:90:db:ea:fb:6a:17:1a:76:bb:73:14:27:e1: + a4:7e:d5:dd:30:b1:5d:f2:0e:aa:d4:b2:d5:4c:f6:4f:91:2a: + 07:f4:37:c1:cf:48:19:c5:fe:7e:92:96:a8:df:50:6a:31:92: + a3:b1:14:fe:41:cc:49:62:98:4d:ea:c5:ba:05:2d:49:c3:22: + 72:ef:41:09 +-----BEGIN CERTIFICATE----- +MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQUFADB0MQswCQYDVQQGEwJHQjES +MBAGA1UECBMJQmVya3NoaXJlMRAwDgYDVQQHEwdOZXdidXJ5MRcwFQYDVQQKEw5N +eSBDb21wYW55IEx0ZDELMAkGA1UECxMCQ0ExGTAXBgNVBAMTEE5VTEwtZnJpZW5k +bHkgQ0EwHhcNMDkwODA0MDczMzQzWhcNMTkwODAyMDczMzQzWjAjMSEwHwYDVQQD +Exh3d3cuYmFuay5jb20ALmJhZGd1eS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDNJnCWqaZdPpztDwgVWnwXJWhorxO5rUH6ElTihHJ9WNHiQELB +We0FPaoQU3AAiDp3oMBWnqx9ISpxRFEIvBcH2qijdtxRvBuK9gIaVb9GtERrJ16+ +5ReLVrLGgjYRg6i/9y8NF/bNR7VvK6ZBto0zX+rqi7Ea4pk4/1lbCqFxE8o3P7mw +HpGayJM1DErgnfTSYcdOW0EKfDFUmdv1Zc6A08ICN2T9VBJ76qyFWVwX4S720Kjy +0C6UWS/Cpl/aB957LhQH7eQnJDedCS6x+VpIuYAkQ+bLx24139VpNP/m1p7odmZu +X1kBPJY77HILPB6VD85oE5wi3Ru1RChQSgV/AgMBAAGjezB5MAkGA1UdEwQCMAAw +LAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0G +A1UdDgQWBBQzFSS+2mY6BovZJzQ6r2JA5JVmXTAfBgNVHSMEGDAWgBQKaTlfnTAE +GAguAg7m6p2yJvbiajANBgkqhkiG9w0BAQUFAAOCAQEAMmUjH8jZU4SC0ArrFFEk +A7xsGypa/hvw6GkMKxmGz38ydtgr0s+LxNG2W5xgo5kuknIGzt6L0qLSiXwTqQtO +vhIJ5dYoOqynJlaUfxPuZH3elGB1wbxVl9SqE44C2LCwcFOuGFPOqrIshT7j8+Em +8/pc7vh7C8Y5tQQzXq64Xg5mzKjAag3sYMHF2TnqvRuPHH0WOLHoyDcBqkuZ3+QP +EL5h7prPzScFRgBg2Gp0CDI8i5ABagczDGyQ2+r7ahcadrtzFCfhpH7V3TCxXfIO +qtSy1Uz2T5EqB/Q3wc9IGcX+fpKWqN9QajGSo7EU/kHMSWKYTerFugUtScMicu9B +CQ== +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/badguy-nul-san.crt b/tests/auto/network/ssl/qsslcertificate/more-certificates/badguy-nul-san.crt new file mode 100644 index 0000000000..d897c3915e --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/more-certificates/badguy-nul-san.crt @@ -0,0 +1,83 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=GB, ST=Berkshire, L=Newbury, O=My Company Ltd, OU=CA, CN=NULL-friendly CA + Validity + Not Before: Aug 4 06:53:05 2009 GMT + Not After : Aug 2 06:53:05 2019 GMT + Subject: CN=www.badguy.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:cd:26:70:96:a9:a6:5d:3e:9c:ed:0f:08:15:5a: + 7c:17:25:68:68:af:13:b9:ad:41:fa:12:54:e2:84: + 72:7d:58:d1:e2:40:42:c1:59:ed:05:3d:aa:10:53: + 70:00:88:3a:77:a0:c0:56:9e:ac:7d:21:2a:71:44: + 51:08:bc:17:07:da:a8:a3:76:dc:51:bc:1b:8a:f6: + 02:1a:55:bf:46:b4:44:6b:27:5e:be:e5:17:8b:56: + b2:c6:82:36:11:83:a8:bf:f7:2f:0d:17:f6:cd:47: + b5:6f:2b:a6:41:b6:8d:33:5f:ea:ea:8b:b1:1a:e2: + 99:38:ff:59:5b:0a:a1:71:13:ca:37:3f:b9:b0:1e: + 91:9a:c8:93:35:0c:4a:e0:9d:f4:d2:61:c7:4e:5b: + 41:0a:7c:31:54:99:db:f5:65:ce:80:d3:c2:02:37: + 64:fd:54:12:7b:ea:ac:85:59:5c:17:e1:2e:f6:d0: + a8:f2:d0:2e:94:59:2f:c2:a6:5f:da:07:de:7b:2e: + 14:07:ed:e4:27:24:37:9d:09:2e:b1:f9:5a:48:b9: + 80:24:43:e6:cb:c7:6e:35:df:d5:69:34:ff:e6:d6: + 9e:e8:76:66:6e:5f:59:01:3c:96:3b:ec:72:0b:3c: + 1e:95:0f:ce:68:13:9c:22:dd:1b:b5:44:28:50:4a: + 05:7f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 33:15:24:BE:DA:66:3A:06:8B:D9:27:34:3A:AF:62:40:E4:95:66:5D + X509v3 Authority Key Identifier: + keyid:0A:69:39:5F:9D:30:04:18:08:2E:02:0E:E6:EA:9D:B2:26:F6:E2:6A + + X509v3 Subject Alternative Name: + DNS:www.bank.com + Signature Algorithm: sha1WithRSAEncryption + 27:6e:7d:b3:a9:86:52:57:6a:a0:c6:30:6c:1e:94:09:a7:6f: + ad:fe:11:9f:be:32:8d:01:7b:8b:94:66:d7:7c:b6:b1:90:fc: + e4:f5:b6:32:bc:6c:71:23:b1:18:88:d6:47:bc:da:07:c7:5e: + 46:71:3a:e6:40:6e:c1:7f:1d:56:96:70:65:d8:51:a9:dc:9e: + a5:06:00:98:e7:1e:10:bc:82:ba:00:e5:4e:a2:0f:3e:ec:8a: + dd:6f:c6:c9:c1:ec:ed:6d:7c:31:3e:66:87:47:a1:8b:15:3c: + 21:7e:ec:21:78:3d:21:70:72:ba:70:c3:64:f8:1d:4f:d9:d0: + 27:3c:3e:7e:a2:59:ae:be:9a:d3:00:44:a7:72:3a:e3:3f:c8: + 9b:c5:8f:b1:94:fe:00:0f:6e:b8:14:88:f1:03:50:91:51:af: + f0:1e:f7:b8:5a:a4:57:35:2d:f1:ad:c8:ae:dd:29:61:14:7d: + ea:d1:34:80:5c:1b:fd:eb:43:dc:21:6d:c6:44:f9:3b:54:76: + c4:91:5b:ac:a4:8e:72:e7:d8:24:ff:a7:5a:c0:ef:27:c3:d7: + e4:f9:7f:55:8d:0d:30:ec:a2:d9:6d:c8:76:f4:be:94:3d:12: + 32:4a:91:4f:db:c3:e7:76:07:5a:12:97:18:b7:15:00:98:59: + 21:89:3e:35 +-----BEGIN CERTIFICATE----- +MIIDrTCCApWgAwIBAgIBADANBgkqhkiG9w0BAQUFADB0MQswCQYDVQQGEwJHQjES +MBAGA1UECBMJQmVya3NoaXJlMRAwDgYDVQQHEwdOZXdidXJ5MRcwFQYDVQQKEw5N +eSBDb21wYW55IEx0ZDELMAkGA1UECxMCQ0ExGTAXBgNVBAMTEE5VTEwtZnJpZW5k +bHkgQ0EwHhcNMDkwODA0MDY1MzA1WhcNMTkwODAyMDY1MzA1WjAZMRcwFQYDVQQD +Ew53d3cuYmFkZ3V5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AM0mcJappl0+nO0PCBVafBclaGivE7mtQfoSVOKEcn1Y0eJAQsFZ7QU9qhBTcACI +OnegwFaerH0hKnFEUQi8FwfaqKN23FG8G4r2AhpVv0a0RGsnXr7lF4tWssaCNhGD +qL/3Lw0X9s1HtW8rpkG2jTNf6uqLsRrimTj/WVsKoXETyjc/ubAekZrIkzUMSuCd +9NJhx05bQQp8MVSZ2/VlzoDTwgI3ZP1UEnvqrIVZXBfhLvbQqPLQLpRZL8KmX9oH +3nsuFAft5CckN50JLrH5Wki5gCRD5svHbjXf1Wk0/+bWnuh2Zm5fWQE8ljvscgs8 +HpUPzmgTnCLdG7VEKFBKBX8CAwEAAaOBpDCBoTAJBgNVHRMEAjAAMCwGCWCGSAGG ++EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU +MxUkvtpmOgaL2Sc0Oq9iQOSVZl0wHwYDVR0jBBgwFoAUCmk5X50wBBgILgIO5uqd +sib24mowJgYDVR0RBB8wHYIbd3d3LmJhbmsuY29tAHd3dy5iYWRndXkuY29tMA0G +CSqGSIb3DQEBBQUAA4IBAQAnbn2zqYZSV2qgxjBsHpQJp2+t/hGfvjKNAXuLlGbX +fLaxkPzk9bYyvGxxI7EYiNZHvNoHx15GcTrmQG7Bfx1WlnBl2FGp3J6lBgCY5x4Q +vIK6AOVOog8+7Irdb8bJweztbXwxPmaHR6GLFTwhfuwheD0hcHK6cMNk+B1P2dAn +PD5+olmuvprTAESncjrjP8ibxY+xlP4AD264FIjxA1CRUa/wHve4WqRXNS3xrciu +3SlhFH3q0TSAXBv960PcIW3GRPk7VHbEkVuspI5y59gk/6dawO8nw9fk+X9VjQ0w +7KLZbch29L6UPRIySpFP28PndgdaEpcYtxUAmFkhiT41 +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted-google.com-diginotar.pem b/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted-google.com-diginotar.pem new file mode 100644 index 0000000000..12bbcae082 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted-google.com-diginotar.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFKDCCBBCgAwIBAgIQBeLmpM0J6lTWZbB1/iKiVjANBgkqhkiG9w0BAQUFADBm +MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdp +Tm90YXIgUHVibGljIENBIDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5v +dGFyLm5sMB4XDTExMDcxMDE5MDYzMFoXDTEzMDcwOTE5MDYzMFowajELMAkGA1UE +BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxFjAUBgNVBAcTDU1vdW50YWluIFZp +ZXcxFzAVBgNVBAUTDlBLMDAwMjI5MjAwMDAyMRUwEwYDVQQDEwwqLmdvb2dsZS5j +b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNbeKubCV0aCxhOiOS +CSQ/w9HXTYuD5BLKuiqXNw3setdTymeJz2L8aWOHo3nicFNDVwWTgwWomGNr2J6Q +7g1iINNSW0rR4E1l2szRkcnAY6c6i/Eke93nF4i2hDsnIBveolF5yjpuRm73uQQD +ulHjA3BFRF/PTi0fw2/Yt+8ieoMuNcMWN6Eou5Gqt5YZkWv176ofeCbsBmMrP87x +OhhtTDckCapk4VQZG2XrfzZcV6tdzCp5TI8uHdu17cdzXm1imZ8tyvzFeiCEOQN8 +vPNzB/fIr3CJQ5q4uM5aKT3DD5PeVzf4rfJKQNgCTWiIBc9XcWEUuszwAsnmg7e2 +EJRdAgMBAAGjggHMMIIByDA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0 +dHA6Ly92YWxpZGF0aW9uLmRpZ2lub3Rhci5ubDAfBgNVHSMEGDAWgBTfM8Cvkv43 +/LbYFhbQ2bGR1fpupTAJBgNVHRMEAjAAMIHGBgNVHSAEgb4wgbswgbgGDmCEEAGH +aQEBAQIEAQICMIGlMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lub3Rhci5u +bC9jcHMwegYIKwYBBQUHAgIwbhpsQ29uZGl0aW9ucywgYXMgbWVudGlvbmVkIG9u +IG91ciB3ZWJzaXRlICh3d3cuZGlnaW5vdGFyLm5sKSwgYXJlIGFwcGxpY2FibGUg +dG8gYWxsIG91ciBwcm9kdWN0cyBhbmQgc2VydmljZXMuMEkGA1UdHwRCMEAwPqA8 +oDqGOGh0dHA6Ly9zZXJ2aWNlLmRpZ2lub3Rhci5ubC9jcmwvcHVibGljMjAyNS9s +YXRlc3RDUkwuY3JsMA4GA1UdDwEB/wQEAwIEsDAbBgNVHREEFDASgRBhZG1pbkBn +b29nbGUuY29tMB0GA1UdDgQWBBQHSn0WJzIo0eMBMQUNsMqN6eF/7TANBgkqhkiG +9w0BAQUFAAOCAQEAAs5dL7N9wzRJkI4Aq4lC5t8j5ZadqnqUcgYLADzSv4ExytNH +UY2nH6iVTihC0UPSsILWraoeApdT7Rphz/8DLQEBRGdeKWAptNM3EbiXtQaZT2uB +pidL8UoafX0kch3f71Y1scpBEjvu5ZZLnjg0A8AL0tnsereOVdDpU98bKqdbbrnM +FRmBlSf7xdaNca6JJHeEpga4E9Ty683CmccrSGXdU2tTCuHEJww+iOAUtPIZcsum +U7/eYeY1pMyGLyIjbNgRY7nDzRwvM/BsbL9eh4/mSQj/4nncqJd22sVQpCggQiVK +baB2sVGcVNBkK55bT8gPqnx8JypubyUvayzZGg== +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted1.pem b/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted1.pem new file mode 100644 index 0000000000..7fc0a054c0 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted1.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDDzCCAnigAwIBAgIQBH7L6fylX3vQnq424QyuHjANBgkqhkiG9w0BAQUFADBf +MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 +ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRgwFgYDVQQDEw9tYWlsLmdvb2dsZS5jb20w +HhcNMTEwODMwMTAxOTI2WhcNMjEwODI3MTAxOTI2WjBfMQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMRgwFgYDVQQDEw9tYWlsLmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEB +BQADgY0AMIGJAoGBANOvJQGm9vyX8f61SP1XDp23sEDS2SAsDNIxdeONmFthfQRh +EBlJMNDByegnImZPMN4tA2T2iKcvdkxyQhC9vnQ+HEqJxxu0EhOwO+UdsSII7Lns +yQZVj2QAoTvC0+MFHPo+wl39JEe3ZytNwQZLjfZSLdS/j0cAyoTkFNconK0bAgMB +AAGjgcswgcgwHQYDVR0OBBYEFGFxxhfk1fvT8zPfLKPE0YYp9HZEMIGYBgNVHSME +gZAwgY2AFGFxxhfk1fvT8zPfLKPE0YYp9HZEoWOkYTBfMQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMRgwFgYDVQQDEw9tYWlsLmdvb2dsZS5jb22CEAR+y+n8pV970J6uNuEM +rh4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAldVSTJ4lNG9Qxx2GG +/y/ccH/BBYkpPXBklKP/U528Zk48jypWsbnZ07rQrPIlSXYQHffdNH3JsEiF/el9 +bIu+6tGJzmjqvtl5fD5S+yBvI3ySx3Fz6lWmUlqT6UY1X8Oob2PsR6u6mfT8Q1da +d02x97EUSiAzYvzxndqD6g8R1w== +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted2.pem b/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted2.pem new file mode 100644 index 0000000000..3c8489fbcd --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted2.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDDjCCAnegAwIBAgIRAPXIavNhYvE6ZPVPbclYfAYwDQYJKoZIhvcNAQEFBQAw +XjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu +dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAxMOd3d3Lmdvb2dsZS5jb20w +HhcNMTEwODMwMTAxOTUxWhcNMjEwODI3MTAxOTUxWjBeMQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMRcwFQYDVQQDEw53d3cuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAriNo6jkVPi+gyynL2YiPBqDsBa4MuM4rQwM7vcHDRO9GizKi +6gV7/loaqvr7zqKnHmoARP6OqxDMMEWfZ4QGJjToVKS6srE7dPJEh1lRzK+bsl02 +xGCP/RKJqnZcW1oUpFUceRBQ8TWynZ1L7cE/YUlOhqXnMO9aPibqbWj8AGcCAwEA +AaOByzCByDAdBgNVHQ4EFgQUo/E6UVU6oRgxQF8yftx0/9dvzMgwgZgGA1UdIwSB +kDCBjYAUo/E6UVU6oRgxQF8yftx0/9dvzMihYqRgMF4xCzAJBgNVBAYTAkFVMRMw +EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0 +eSBMdGQxFzAVBgNVBAMTDnd3dy5nb29nbGUuY29tghEA9chq82Fi8Tpk9U9tyVh8 +BjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAESHOPB9eAsTKkO4lY8d +EKr2XrRqUkk5KqMFraAHWRekJFwl0R39Q6MDjRHr6NpPJkSKuBPppkr9nk6WDfpt +TG+oN3Yb1rFmJv6eZw8ud9btoquc8jAtaQnihbjFPEP9cCLBw3Gz1C/JBjDw1tgK +zXKNU+jMZYk7c5Z64DocggBH +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted3.pem b/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted3.pem new file mode 100644 index 0000000000..fa458cca36 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted3.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDETCCAnqgAwIBAgIRANdVj9r18RBbshMoK3B3KaMwDQYJKoZIhvcNAQEFBQAw +XzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu +dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEYMBYGA1UEAxMPbG9naW4ueWFob28uY29t +MB4XDTExMDgzMDEwMjAzNloXDTIxMDgyNzEwMjAzNlowXzELMAkGA1UEBhMCQVUx +EzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg +UHR5IEx0ZDEYMBYGA1UEAxMPbG9naW4ueWFob28uY29tMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQC3TVwiPfNClgadKYuX50szBlIaVWDd+UFHsakbGk0bgqlu +YKgC/cmbjgOyrmsEC2HbJISceTz9CK6mCewEgGFWuq6gjYi4UnSFk1o6h6WJV86A +tLpeVti7lN9/04IW7XHyxuhvS71V+JWlqfu3zboyaVoMIlHDrPFtRiAh7vTTjQID +AQABo4HMMIHJMB0GA1UdDgQWBBQrVExlI4rixsrub6IMDDsLPNB4ezCBmQYDVR0j +BIGRMIGOgBQrVExlI4rixsrub6IMDDsLPNB4e6FjpGEwXzELMAkGA1UEBhMCQVUx +EzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg +UHR5IEx0ZDEYMBYGA1UEAxMPbG9naW4ueWFob28uY29tghEA11WP2vXxEFuyEygr +cHcpozAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAFB5SF2ujZzH9KMj +m4ZDTsyy94/YQZdwgLncKUYTxmZe4BdX+42j799pCG+UeQGwqz9hU/soPgibAvGT +1KCEGQ6qtWSqKJYmC8VKenYvvEFIySj5cbSFmId5aNwhjl8AYoLuM0E+2FRVJQ6a +pWyzYUIOqhsCkt9hEPsDVP4hIhP+ +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted4.pem b/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted4.pem new file mode 100644 index 0000000000..53761bb36a --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted4.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDDzCCAnigAwIBAgIQOSpDTw4H3x+KowXeNODCKTANBgkqhkiG9w0BAQUFADBf +MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 +ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRgwFgYDVQQDEw9sb2dpbi55YWhvby5jb20w +HhcNMTEwODMwMTAyMTE5WhcNMjEwODI3MTAyMTE5WjBfMQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMRgwFgYDVQQDEw9sb2dpbi55YWhvby5jb20wgZ8wDQYJKoZIhvcNAQEB +BQADgY0AMIGJAoGBAML+Z5hpY4VfSeTPbMCGaqe5shwcw3yW/egYY6cXcfxtUkjs +Eai48hP/sqtQeFwi3puJ7HO2iGUX72/UnO0t9qwEGtGOHS1qqAYdTcncY5pTpO9L +e4Tn6CkPwFE4VNXVU96xPlUjP/KBZ43VH6gW3M1xDI0DmNh2QUXHN5ErQE8nAgMB +AAGjgcswgcgwHQYDVR0OBBYEFI+gG6PT7vQtUVn2xf+wCYZV5Ht8MIGYBgNVHSME +gZAwgY2AFI+gG6PT7vQtUVn2xf+wCYZV5Ht8oWOkYTBfMQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMRgwFgYDVQQDEw9sb2dpbi55YWhvby5jb22CEDkqQ08OB98fiqMF3jTg +wikwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA3eZG/dOXrL7YBPCA8 +joDGfhra98T1iCpul4/L/L4dt/9+QVAu+agbZmHWLYzuAvuB1zj8go0BLIE7b4ap +HPLFYXV3iAWjIRhNEix4FWohlds1B+IwpvWdsl3Op1pZfHQ0yq8wFGawdQTAKUII +lLu1cd6E8B6pCfWwSr+9h6gnTg== +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted5.pem b/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted5.pem new file mode 100644 index 0000000000..81211ee694 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted5.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDDzCCAnigAwIBAgIQPnXO1GtpMCEhiDCuhqgqcTANBgkqhkiG9w0BAQUFADBf +MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 +ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRgwFgYDVQQDEw9sb2dpbi55YWhvby5jb20w +HhcNMTEwODMwMTAyMTQ4WhcNMjEwODI3MTAyMTQ4WjBfMQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMRgwFgYDVQQDEw9sb2dpbi55YWhvby5jb20wgZ8wDQYJKoZIhvcNAQEB +BQADgY0AMIGJAoGBAL5IeUbbQ7HxCBLQaOASV2HyI1tRwPm/7JNsRfh5ipM1sCWE +xnPoqFznX6ZUKi8d61/EIycwUd+FvOp9zoRxDlngoRdhqMCTTG3JfxNf6ZXJPCYd +qPjOKAkMwyG8bbhGCsoCws9b2rpN9536qVXc2QR39F9/ZE5t73oKtEd1fyNnAgMB +AAGjgcswgcgwHQYDVR0OBBYEFNXCkfGdW3WYzBBqB2jWppl6sL99MIGYBgNVHSME +gZAwgY2AFNXCkfGdW3WYzBBqB2jWppl6sL99oWOkYTBfMQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMRgwFgYDVQQDEw9sb2dpbi55YWhvby5jb22CED51ztRraTAhIYgwroao +KnEwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCOeih7N7fmkqECWZD/ +bYsFLtbKOwD4YMPIV2wayvaLg2dFwqhBkGml+5ulOh5KTiUh0/nnGmGAU/3K9nt5 +TCMjwMGHm/C5pp7THQriiY8Qw0QVtnFiJGnjblhAbJVIvBJJ42/Qq7T4IzEwqShW +hO2g1M0MUGiOw4vyXJRGc4dg2w== +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted6.pem b/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted6.pem new file mode 100644 index 0000000000..4264a678f1 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted6.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDETCCAnqgAwIBAgIRAOkCi5V45BXcGnEKK4gVREcwDQYJKoZIhvcNAQEFBQAw +XzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu +dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEYMBYGA1UEAxMPbG9naW4uc2t5cGUuY29t +MB4XDTExMDgzMDEwMjIxOFoXDTIxMDgyNzEwMjIxOFowXzELMAkGA1UEBhMCQVUx +EzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg +UHR5IEx0ZDEYMBYGA1UEAxMPbG9naW4uc2t5cGUuY29tMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQDAAkuUFRdz1bm95jFsyQRb4PBrly4pJK4f5pSZy99eY8FM +iZbr7brnkiheN4qeJfS1dv/B/B4kAVoGD2Y0KmpZ5ZZYmm3TxopoP0Yeg6juWNKa +iFlfKQIvk0GEmD8oGfEqW1+72p040jAuTn+OQx+7VpydqB/RJoY8qK3zEXbB7wID +AQABo4HMMIHJMB0GA1UdDgQWBBSE9drle8VwSlwYIX5mKaIEvQYX/zCBmQYDVR0j +BIGRMIGOgBSE9drle8VwSlwYIX5mKaIEvQYX/6FjpGEwXzELMAkGA1UEBhMCQVUx +EzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg +UHR5IEx0ZDEYMBYGA1UEAxMPbG9naW4uc2t5cGUuY29tghEA6QKLlXjkFdwacQor +iBVERzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACm4/Q6e001Fg9uu +ieqHOAxfBafkOsXtgKqTFFdpt9Hbmo9j/BfvrtvfFN5Ph4fV46useGjW79P1IeNK ++KqcaqOKy2q6j1em4j8C5Mx6S4ksZJC25jIPEM7cdxiDGcV505X5mynlu1+WkZAf +nQhnJpA8o3p462ON4S+GXTfOLfoN +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted7.pem b/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted7.pem new file mode 100644 index 0000000000..03ab7d46b0 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted7.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDGjCCAoOgAwIBAgIRAJI51TSPQNFpWnRUcOHyP0MwDQYJKoZIhvcNAQEFBQAw +YjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu +dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEbMBkGA1UEAxMSYWRkb25zLm1vemlsbGEu +b3JnMB4XDTExMDgzMDEwMjIzOVoXDTIxMDgyNzEwMjIzOVowYjELMAkGA1UEBhMC +QVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdp +dHMgUHR5IEx0ZDEbMBkGA1UEAxMSYWRkb25zLm1vemlsbGEub3JnMIGfMA0GCSqG +SIb3DQEBAQUAA4GNADCBiQKBgQC9Yo3DJvs+vewelK5qoK+0Xn4zeRIQ/wJCrQBg +5tNXja+NZsHb0/enlwAZ3dAwCfI0G12mTowgSuZyDX7oN2+G+k6Q5LPnGhj1E5s5 +OJ+ZYsAjTdU0SCAPquva55+jyhqo5w/B5Il7w84mppUrAZgqEGhYkhXeDOULe1Vm +4iLMQwIDAQABo4HPMIHMMB0GA1UdDgQWBBSb8lAIgOnUitVOuZIx3s+5MN1sBzCB +nAYDVR0jBIGUMIGRgBSb8lAIgOnUitVOuZIx3s+5MN1sB6FmpGQwYjELMAkGA1UE +BhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdp +ZGdpdHMgUHR5IEx0ZDEbMBkGA1UEAxMSYWRkb25zLm1vemlsbGEub3JnghEAkjnV +NI9A0WladFRw4fI/QzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAFpg +tcp6ynOZ/hwr2axTYK+4rtXmTUJdsg7NUHhXSwGANAuYuc7PYwqtmz3B2W90t3TA +D3pNMRBEXrBXufC0p9vu/hQgb+mdQ7DG6j1Gkkpq4Sq/Puv1bO96KpAufmevnWWB +48kzCgAdfk/N04k7kdPHCp5MjjgmY3kGdsg+jroj +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted8.pem b/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted8.pem new file mode 100644 index 0000000000..acef06ffb0 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted8.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDDjCCAnegAwIBAgIRALC3Ez7Qlvm1b66RyHS9OsAwDQYJKoZIhvcNAQEFBQAw +XjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu +dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAxMObG9naW4ubGl2ZS5jb20w +HhcNMTEwODMwMTAyMzA0WhcNMjEwODI3MTAyMzA0WjBeMQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMRcwFQYDVQQDEw5sb2dpbi5saXZlLmNvbTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEA5JK77+1zFatj8xeItZaDW5XaU+ssc5jq2Ww4ANaxJi+wdRVU +qVLauEJPKEXC51fuYHa7U8yoSTgJZA7JL07cdSxgsVj8RR4Uf5k4Jf5Vdz5w8+TT +W33I3zurA2xB+wfup2VPmS8Alg07w6POrzlQYgtcUcELZhjcdypk96NOdPECAwEA +AaOByzCByDAdBgNVHQ4EFgQUTWM20msyZUcNEYOyNbgevBPIoF8wgZgGA1UdIwSB +kDCBjYAUTWM20msyZUcNEYOyNbgevBPIoF+hYqRgMF4xCzAJBgNVBAYTAkFVMRMw +EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0 +eSBMdGQxFzAVBgNVBAMTDmxvZ2luLmxpdmUuY29tghEAsLcTPtCW+bVvrpHIdL06 +wDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACQqnu1KywflnNiqIU01 +95z/qjmZTvSWafM/HLOFUg8ls7g32l5gCCrsc8ypiCff+S3+9teYQOII7oW3hzw4 +BH10m0LTRxGig5U9XVkH4076SALkPoky1z+onMmLk7AE96kSJ+rq30VvcSSl9BaW +DwcQGIhCZANgZrNW9AJ+cweQ +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted9.pem b/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted9.pem new file mode 100644 index 0000000000..cc99b08e5f --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/more-certificates/blacklisted9.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDDjCCAnegAwIBAgIRANjzX063hystqwaS4xU4L7AwDQYJKoZIhvcNAQEFBQAw +XjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu +dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAxMOZ2xvYmFsIHRydXN0ZWUw +HhcNMTEwODMwMTAyMzI1WhcNMjEwODI3MTAyMzI1WjBeMQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMRcwFQYDVQQDEw5nbG9iYWwgdHJ1c3RlZTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAw0CpZXrd6oI8/PHo8/bnNwB7UA7OKsRFuqKljr9F5lCJAVkT +zRDlXuTDeXGfQiYhJTF7GRunPRJ7O5SsflwoxktH/F91yFpgxY5DqRZ1ZHdZgW3b +W0uweBxJv9684ihXY4YR3Yznf0js7YAgVd8a3qhOUODiC/Beb8tmDBNL2c0CAwEA +AaOByzCByDAdBgNVHQ4EFgQU/rUvQ2rG7pg2muUiLm6V93ZgmGcwgZgGA1UdIwSB +kDCBjYAU/rUvQ2rG7pg2muUiLm6V93ZgmGehYqRgMF4xCzAJBgNVBAYTAkFVMRMw +EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0 +eSBMdGQxFzAVBgNVBAMTDmdsb2JhbCB0cnVzdGVlghEA2PNfTreHKy2rBpLjFTgv +sDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALvmmUx47DcUAIsPkI0Y +DTvcXV6k2JHwdrdlPsrn9A5TLppfxPNrDMiweitr8cMkKEtkm6LRTt2yvDFcMIwy +/+F5+XO0k9sKde6xHfWvOvndIycj3Lt4tIRW8jUauJENyMa4M57qpqkgkJEmflkI +/pb9fQZbfg70o9wvbNK0RONo +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.pem b/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.pem new file mode 100644 index 0000000000..416dd4da04 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICWjCCAcOgAwIBAgIJAM7bMShFxAVAMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQwIBcNMTAwODA0MDk1MzQxWhgPMjA1MTA4MjkwOTUzNDFa +MEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJ +bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ +AoGBAM2q22/WNMmn8cC+5EEYGeICySLmp9W6Ay6eKHr0Xxp3X3epETuPfvAuxp7r +OtkS18EMUegkUj8jw0IMEcbyHKFC/rTCaYOt93CxGBXMIChiMPAsFeYzGa/D6xzA +kfcRaJRQ+Ek3CDLXPnXfo7xpABXezYcPXAJrgsgBfWrwHdxzAgMBAAGjUDBOMB0G +A1UdDgQWBBSKbhnnl5uP2X+zuwFP6GovUpUN2TAfBgNVHSMEGDAWgBSKbhnnl5uP +2X+zuwFP6GovUpUN2TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKF0 +jl02liwFfupmzC5oxz2T3IyjEa21fm7QBMQJvQr5OTuX1/C7DAl7g/6/h7BH6JS3 +qpx5rXGet8SZmG8dODL4o3U4xOXnNzch7HtQixWwlx4XnFAXPMHflFX7YC5QQNHq +I8Y8IW+XjAYWpYJywWMUZIbr1/9y9gn1beYEE3pq +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.0.9.8 b/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.0.9.8 new file mode 100644 index 0000000000..20500b221f --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.0.9.8 @@ -0,0 +1,42 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + ce:db:31:28:45:c4:05:40 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd + Validity + Not Before: Aug 4 09:53:41 2010 GMT + Not After : Aug 29 09:53:41 2051 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:cd:aa:db:6f:d6:34:c9:a7:f1:c0:be:e4:41:18: + 19:e2:02:c9:22:e6:a7:d5:ba:03:2e:9e:28:7a:f4: + 5f:1a:77:5f:77:a9:11:3b:8f:7e:f0:2e:c6:9e:eb: + 3a:d9:12:d7:c1:0c:51:e8:24:52:3f:23:c3:42:0c: + 11:c6:f2:1c:a1:42:fe:b4:c2:69:83:ad:f7:70:b1: + 18:15:cc:20:28:62:30:f0:2c:15:e6:33:19:af:c3: + eb:1c:c0:91:f7:11:68:94:50:f8:49:37:08:32:d7: + 3e:75:df:a3:bc:69:00:15:de:cd:87:0f:5c:02:6b: + 82:c8:01:7d:6a:f0:1d:dc:73 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 8A:6E:19:E7:97:9B:8F:D9:7F:B3:BB:01:4F:E8:6A:2F:52:95:0D:D9 + X509v3 Authority Key Identifier: + keyid:8A:6E:19:E7:97:9B:8F:D9:7F:B3:BB:01:4F:E8:6A:2F:52:95:0D:D9 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + a1:74:8e:5d:36:96:2c:05:7e:ea:66:cc:2e:68:c7:3d:93:dc: + 8c:a3:11:ad:b5:7e:6e:d0:04:c4:09:bd:0a:f9:39:3b:97:d7: + f0:bb:0c:09:7b:83:fe:bf:87:b0:47:e8:94:b7:aa:9c:79:ad: + 71:9e:b7:c4:99:98:6f:1d:38:32:f8:a3:75:38:c4:e5:e7:37: + 37:21:ec:7b:50:8b:15:b0:97:1e:17:9c:50:17:3c:c1:df:94: + 55:fb:60:2e:50:40:d1:ea:23:c6:3c:21:6f:97:8c:06:16:a5: + 82:72:c1:63:14:64:86:eb:d7:ff:72:f6:09:f5:6d:e6:04:13: + 7a:6a diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.1.0.0 b/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.1.0.0 new file mode 100644 index 0000000000..b2ccb2751e --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.1.0.0 @@ -0,0 +1,42 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + ce:db:31:28:45:c4:05:40 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd + Validity + Not Before: Aug 4 09:53:41 2010 GMT + Not After : Aug 29 09:53:41 2051 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:cd:aa:db:6f:d6:34:c9:a7:f1:c0:be:e4:41:18: + 19:e2:02:c9:22:e6:a7:d5:ba:03:2e:9e:28:7a:f4: + 5f:1a:77:5f:77:a9:11:3b:8f:7e:f0:2e:c6:9e:eb: + 3a:d9:12:d7:c1:0c:51:e8:24:52:3f:23:c3:42:0c: + 11:c6:f2:1c:a1:42:fe:b4:c2:69:83:ad:f7:70:b1: + 18:15:cc:20:28:62:30:f0:2c:15:e6:33:19:af:c3: + eb:1c:c0:91:f7:11:68:94:50:f8:49:37:08:32:d7: + 3e:75:df:a3:bc:69:00:15:de:cd:87:0f:5c:02:6b: + 82:c8:01:7d:6a:f0:1d:dc:73 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 8A:6E:19:E7:97:9B:8F:D9:7F:B3:BB:01:4F:E8:6A:2F:52:95:0D:D9 + X509v3 Authority Key Identifier: + keyid:8A:6E:19:E7:97:9B:8F:D9:7F:B3:BB:01:4F:E8:6A:2F:52:95:0D:D9 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + a1:74:8e:5d:36:96:2c:05:7e:ea:66:cc:2e:68:c7:3d:93:dc: + 8c:a3:11:ad:b5:7e:6e:d0:04:c4:09:bd:0a:f9:39:3b:97:d7: + f0:bb:0c:09:7b:83:fe:bf:87:b0:47:e8:94:b7:aa:9c:79:ad: + 71:9e:b7:c4:99:98:6f:1d:38:32:f8:a3:75:38:c4:e5:e7:37: + 37:21:ec:7b:50:8b:15:b0:97:1e:17:9c:50:17:3c:c1:df:94: + 55:fb:60:2e:50:40:d1:ea:23:c6:3c:21:6f:97:8c:06:16:a5: + 82:72:c1:63:14:64:86:eb:d7:ff:72:f6:09:f5:6d:e6:04:13: + 7a:6a diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-serial-number.pem b/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-serial-number.pem new file mode 100644 index 0000000000..ecb6c35632 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-serial-number.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICGjCCAYMCFAECAwQFBgcICRCqu8zd7v8XGBkgMA0GCSqGSIb3DQEBBQUAMEwx +CzAJBgNVBAYTAkdCMRIwEAYDVQQIEwlCZXJrc2hpcmUxEDAOBgNVBAcTB05ld2J1 +cnkxFzAVBgNVBAoTDk15IENvbXBhbnkgTHRkMB4XDTEwMDYwMTE1MDI0MVoXDTEx +MDYwMTE1MDI0MVowTDELMAkGA1UEBhMCR0IxEjAQBgNVBAgTCUJlcmtzaGlyZTEQ +MA4GA1UEBxMHTmV3YnVyeTEXMBUGA1UEChMOTXkgQ29tcGFueSBMdGQwgZ8wDQYJ +KoZIhvcNAQEBBQADgY0AMIGJAoGBAM2q22/WNMmn8cC+5EEYGeICySLmp9W6Ay6e +KHr0Xxp3X3epETuPfvAuxp7rOtkS18EMUegkUj8jw0IMEcbyHKFC/rTCaYOt93Cx +GBXMIChiMPAsFeYzGa/D6xzAkfcRaJRQ+Ek3CDLXPnXfo7xpABXezYcPXAJrgsgB +fWrwHdxzAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAtlScqSn4IHFLRiQYQdfOgsPi +wdqD1MPZEniQE0Xp8McZ7kuYbGgdEqzeVgMHqitlzkNNtTz+2u37CbFNXDGCTy5D +2JCgZxaAWNkh1w+4VB91HfMwEU0MqvAO7SB31FwbKNaB3gVnua++NL1cAkujyRny +yR3PatYZCfESQ7oZgds= +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/malformed-just-begin-no-newline.pem b/tests/auto/network/ssl/qsslcertificate/more-certificates/malformed-just-begin-no-newline.pem new file mode 100644 index 0000000000..75f3c32241 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/more-certificates/malformed-just-begin-no-newline.pem @@ -0,0 +1 @@ +-----BEGIN CERTIFICATE-----
\ No newline at end of file diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/malformed-just-begin.pem b/tests/auto/network/ssl/qsslcertificate/more-certificates/malformed-just-begin.pem new file mode 100644 index 0000000000..a71aecf9af --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/more-certificates/malformed-just-begin.pem @@ -0,0 +1 @@ +-----BEGIN CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/natwest-banking.pem b/tests/auto/network/ssl/qsslcertificate/more-certificates/natwest-banking.pem new file mode 100644 index 0000000000..c3e303c770 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/more-certificates/natwest-banking.pem @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGTTCCBTWgAwIBAgIQEdaGfQ9bnSLsmQJm4rWlBjANBgkqhkiG9w0BAQUFADCB +vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug +YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv +VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew +HhcNMDkwOTE1MDAwMDAwWhcNMTExMTA5MjM1OTU5WjCCAQAxEzARBgsrBgEEAYI3 +PAIBAxMCR0IxGzAZBgNVBA8TElYxLjAsIENsYXVzZSA1LihiKTERMA8GA1UEBRMI +U0MwNDU1NTExCzAJBgNVBAYTAkdCMRAwDgYDVQQRFAdFSDMgNlVZMRAwDgYDVQQI +EwdMb3RoaWFuMRIwEAYDVQQHFAlFZGluYnVyZ2gxFjAUBgNVBAkUDTM0IEZldHRl +cyBSb3cxLTArBgNVBAoUJFRoZSBSb3lhbCBCYW5rIG9mIFNjb3RsYW5kIEdyb3Vw +IFBsYzEVMBMGA1UECxQMV2ViIFNlcnZpY2VzMRYwFAYDVQQDFA13d3cubndvbGIu +Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4bRz9mxrbicnYun +uYoobkfDBjmmJKpSDBbcZCsZDWyLsLvoZh2Ez6Ux9GAbf4m5pLoIQnzQORy40NAt +bNDFhMJV0Iq65ju8qdYaUaWUdrxkLiwrIsiZwUMgcDOwdOvgO4qTev2OjkQg6syj +J+3HTaRrqekfrV5RvBNZ8vPVXK3cWERykzxwqXHwr9QL/n3wqDn4hCOb11Ic2rUf +H9TcPvxv7eFFnGL4ZJ3EU83tE/CmOYgz086BUDBKSvOHqHt2QWiPN/tHAgwfHYKj +eYCMWM21G0rDugeN+urZN+p364kO+VygBxnNIPSr/ZY+4DCdjaKGe8sOJdvI6ip5 +4a1q3QIDAQABo4ICADCCAfwwCQYDVR0TBAIwADAdBgNVHQ4EFgQUX5AjzSTKUsk2 +KfB+nbH+CODuafAwCwYDVR0PBAQDAgWgMD4GA1UdHwQ3MDUwM6AxoC+GLWh0dHA6 +Ly9FVkludGwtY3JsLnZlcmlzaWduLmNvbS9FVkludGwyMDA2LmNybDBEBgNVHSAE +PTA7MDkGC2CGSAGG+EUBBxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZl +cmlzaWduLmNvbS9ycGEwNAYDVR0lBC0wKwYIKwYBBQUHAwEGCCsGAQUFBwMCBglg +hkgBhvhCBAEGCisGAQQBgjcKAwMwHwYDVR0jBBgwFoAUTkPIHXbvN1N6T/JYb5Tz +OOLVvd8wdgYIKwYBBQUHAQEEajBoMCsGCCsGAQUFBzABhh9odHRwOi8vRVZJbnRs +LW9jc3AudmVyaXNpZ24uY29tMDkGCCsGAQUFBzAChi1odHRwOi8vRVZJbnRsLWFp +YS52ZXJpc2lnbi5jb20vRVZJbnRsMjAwNi5jZXIwbgYIKwYBBQUHAQwEYjBgoV6g +XDBaMFgwVhYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUS2u5KJYGDLvQUjibKaxL +B4shBRgwJhYkaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nbzEuZ2lmMA0G +CSqGSIb3DQEBBQUAA4IBAQCT64k2YepUu257B3pA4pjbKr/dmlOztUYS/IAtlJpo +As+R+T9dohGP+4liqHtlMMSKPRnwmSCj/KucJJ9UnIC89D3bVAP1Drvk5+gTwGZ5 +JkqPQqZsfEaeihmf8iu9stkYSQxMJcr24S4VEiGt2rdHhESq0OUel4SkMhlmSp5P +sZxqX1HByBJnsF4bcvIY3C4eTrso5awqNgomGhxizJWmK8/sdEcys82SHgSjG4Bp +05gUpXQrLTqWXDDOg5Uy745Gc8TpgqW1ZfpGg7EkjJX7EhBSKF0/2cNKVYUE9bnO +VGd7vK10NOhK7Uk9CkDALK+MvIIkxmRBmAFuQ4D+eqNF +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/no-ending-newline.pem b/tests/auto/network/ssl/qsslcertificate/more-certificates/no-ending-newline.pem new file mode 100644 index 0000000000..f8056c72d0 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/more-certificates/no-ending-newline.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB8zCCAVwCAREwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV +BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD +VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDcwNDE3MDc0MDI2WhcNMDcwNTE3 +MDc0MDI2WjApMRowGAYDVQQDExFuYW1lL3dpdGgvc2xhc2hlczELMAkGA1UEBhMC +Tk8wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOud6QOsME+pWANExxgmL0iT +1ayg++hTxHsqAYnm/FoMxfUh+NdKkgJn2/GfNppinfPOSI667VqonU+7JBZDTLV5 +CPbZIo9fFQpDJQN6naev4yaxU1VeYFfI7S8c8zYKeGSR+RenNNeLvfH80YxPpZZ1 +snv8IfDH2V8MVxiyr7lLAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAleaU4pgzV6KY ++q9QuXapUYMsC2GiNtDmkG3k+MTHUO8XlE4hqPrIM6rRf7zKQdZ950R2wL9FSnYl +Qm1Tdv38dCka6ivMBqvRuOt9axH3m0G7nzHL7U3zaCbtEx3yVln+b3yYtiVpTuq0 +3MLrt7tQGAW6ra8ISf6YY1W65/uVXZE= +-----END CERTIFICATE-----
\ No newline at end of file diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/test-cn-two-cns-cert.pem b/tests/auto/network/ssl/qsslcertificate/more-certificates/test-cn-two-cns-cert.pem new file mode 100644 index 0000000000..08176289d7 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/more-certificates/test-cn-two-cns-cert.pem @@ -0,0 +1,67 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10 (0xa) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=Westpoint Certificate Test CA, ST=Lancashire, C=UK/emailAddress=ca@example.com, O=Westpoint Certificate Test Root Certification Authority + Validity + Not Before: Jul 31 21:01:17 2011 GMT + Not After : Jul 28 21:01:17 2021 GMT + Subject: CN=www.example.com, CN=www2.example.com, ST=Lancashire, C=UK, O=Some organisation + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:e8:61:96:bd:d0:d2:c6:54:92:15:fe:42:2b:86: + 20:dc:74:51:82:c8:b4:5e:5e:c5:3b:01:6e:1e:84: + 8d:4a:8c:6f:d8:63:21:a7:74:16:02:62:c3:84:1f: + ac:83:00:ad:6d:f8:79:d0:48:19:4a:a4:45:bf:24: + 88:db:89:f7:96:80:70:b1:f9:94:46:8d:52:cd:47: + 11:86:74:3b:04:c6:d2:08:3b:4d:70:b0:d4:a2:5a: + ae:54:43:4e:8c:26:05:77:b4:52:8b:bf:43:26:cd: + 6e:b6:04:ca:36:e1:cf:c3:70:52:7b:73:40:1d:1f: + 2a:44:b9:fc:d3:be:77:5a:df + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Authority Information Access: + OCSP - URI:http://ocsp.example.com:8888/ + + Signature Algorithm: sha1WithRSAEncryption + a7:ce:f4:72:aa:54:01:d5:a0:ef:fb:54:a5:79:d0:51:87:27: + 93:37:d7:a8:92:a0:51:a4:56:a6:93:ea:3b:f4:e2:07:68:29: + 2b:59:e6:eb:71:d8:78:0a:b2:e2:df:13:9f:68:f9:6b:d8:42: + c6:ff:3b:e1:2e:01:91:9b:eb:90:7f:da:54:7e:5a:47:ba:40: + 18:fb:a5:f7:8a:3a:b0:05:37:03:a8:b8:23:61:d4:58:37:97: + 87:54:57:62:aa:7f:e6:73:8f:74:f4:3b:57:29:af:bb:f7:bc: + 33:72:d4:f3:02:22:44:3e:70:1f:48:59:7d:6e:a0:af:c4:91: + 58:4c:99:6b:33:28:36:09:59:c7:71:a7:94:ba:0e:af:87:d2: + 47:75:86:c1:ac:2d:ab:89:83:03:a9:97:cb:50:39:c1:66:a3: + a2:92:f6:c8:42:05:5b:d3:e4:13:17:84:10:57:8f:3e:ae:d0: + 5e:f7:15:54:dd:04:61:2f:d6:d4:25:00:d6:6f:02:bb:b9:9f: + ff:ab:d2:a0:32:87:a0:d2:ff:91:29:bf:5d:74:61:d8:86:e5: + 89:29:5e:c0:85:b1:05:e1:79:68:50:fa:21:98:cc:26:09:d1: + 86:18:4d:2e:84:21:33:d1:ff:b5:bf:78:2d:0b:9e:8c:51:82: + 09:9c:03:ec +-----BEGIN CERTIFICATE----- +MIIDXjCCAkagAwIBAgIBCjANBgkqhkiG9w0BAQUFADCBqzEmMCQGA1UEAxMdV2Vz +dHBvaW50IENlcnRpZmljYXRlIFRlc3QgQ0ExEzARBgNVBAgTCkxhbmNhc2hpcmUx +CzAJBgNVBAYTAlVLMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNvbTFAMD4G +A1UEChM3V2VzdHBvaW50IENlcnRpZmljYXRlIFRlc3QgUm9vdCBDZXJ0aWZpY2F0 +aW9uIEF1dGhvcml0eTAeFw0xMTA3MzEyMTAxMTdaFw0yMTA3MjgyMTAxMTdaMHMx +GDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbTEZMBcGA1UEAxMQd3d3Mi5leGFtcGxl +LmNvbTETMBEGA1UECBMKTGFuY2FzaGlyZTELMAkGA1UEBhMCVUsxGjAYBgNVBAoT +EVNvbWUgb3JnYW5pc2F0aW9uMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDo +YZa90NLGVJIV/kIrhiDcdFGCyLReXsU7AW4ehI1KjG/YYyGndBYCYsOEH6yDAK1t ++HnQSBlKpEW/JIjbifeWgHCx+ZRGjVLNRxGGdDsExtIIO01wsNSiWq5UQ06MJgV3 +tFKLv0MmzW62BMo24c/DcFJ7c0AdHypEufzTvnda3wIDAQABo0gwRjAJBgNVHRME +AjAAMDkGCCsGAQUFBwEBBC0wKzApBggrBgEFBQcwAYYdaHR0cDovL29jc3AuZXhh +bXBsZS5jb206ODg4OC8wDQYJKoZIhvcNAQEFBQADggEBAKfO9HKqVAHVoO/7VKV5 +0FGHJ5M316iSoFGkVqaT6jv04gdoKStZ5utx2HgKsuLfE59o+WvYQsb/O+EuAZGb +65B/2lR+Wke6QBj7pfeKOrAFNwOouCNh1Fg3l4dUV2Kqf+Zzj3T0O1cpr7v3vDNy +1PMCIkQ+cB9IWX1uoK/EkVhMmWszKDYJWcdxp5S6Dq+H0kd1hsGsLauJgwOpl8tQ +OcFmo6KS9shCBVvT5BMXhBBXjz6u0F73FVTdBGEv1tQlANZvAru5n/+r0qAyh6DS +/5Epv110YdiG5YkpXsCFsQXheWhQ+iGYzCYJ0YYYTS6EITPR/7W/eC0LnoxRggmc +A+w= +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/test-cn-with-drink-cert.pem b/tests/auto/network/ssl/qsslcertificate/more-certificates/test-cn-with-drink-cert.pem new file mode 100644 index 0000000000..ed8823a520 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/more-certificates/test-cn-with-drink-cert.pem @@ -0,0 +1,66 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11 (0xb) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=Westpoint Certificate Test CA, ST=Lancashire, C=UK/emailAddress=ca@example.com, O=Westpoint Certificate Test Root Certification Authority + Validity + Not Before: Jul 31 21:01:17 2011 GMT + Not After : Jul 28 21:01:17 2021 GMT + Subject: CN=example.com/emailAddress=test@example.com/favouriteDrink=tequila + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:b8:2a:88:dd:a3:5b:4a:44:69:03:d5:6e:18:e9: + 9e:55:0d:35:d0:e6:9a:c2:cc:f8:b5:c5:b6:15:00: + a1:24:33:af:e8:fb:93:b9:cc:b9:22:28:ef:69:57: + b0:a2:d0:e3:9e:e5:73:3e:90:55:5b:91:26:0b:c4: + 1a:a6:b6:9d:a2:68:5b:e8:5b:45:3f:21:ff:84:64: + a7:84:bb:61:b7:72:e7:ea:cb:49:66:40:23:be:bf: + f0:8d:60:f2:fb:71:b2:fc:fe:6b:e7:07:94:35:65: + 66:d8:06:90:82:4d:b1:ba:6c:78:f4:42:17:cb:3c: + 0e:10:70:21:a9:31:3b:88:41 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Authority Information Access: + OCSP - URI:http://ocsp.example.com:8888/ + + Signature Algorithm: sha1WithRSAEncryption + 4b:a3:3d:37:e4:fa:61:3b:8c:94:c7:b1:49:55:a6:63:c4:b8: + 13:33:8c:0b:ad:c9:f6:38:d1:a6:d3:5e:7f:10:23:be:d5:4c: + 63:de:15:9b:eb:f1:08:0c:32:95:ff:87:bc:c7:41:c3:17:af: + 73:c9:ac:18:2c:3d:6d:87:9b:41:71:92:e4:57:f0:da:b7:f4: + f3:92:dd:db:a0:b3:82:1a:8d:88:d4:ff:b2:8e:ac:65:6f:b0: + 59:0a:4e:cf:12:cd:fe:ce:35:85:da:13:1c:5e:d0:30:38:8a: + ec:46:eb:d7:a7:87:93:1b:08:a0:28:b0:2d:fc:7d:36:51:2f: + df:6b:67:57:15:b3:a7:cf:dd:55:ee:81:fc:66:fc:a7:22:5f: + e7:86:91:0b:3f:35:56:5f:fa:41:9c:71:06:03:d0:62:d2:3b: + e2:08:ab:af:42:2b:1f:68:9f:17:0a:20:3b:de:a1:fa:0a:44: + a8:67:67:c2:96:7a:ec:fa:92:4d:8f:c8:ba:be:d7:0c:c7:c8: + 6d:9f:b1:6c:c8:1d:e9:b9:5c:30:f3:a2:52:43:e5:43:2a:54: + 24:15:b3:d5:95:af:f8:01:ab:f3:c3:3f:1d:8e:35:58:11:6c: + 12:82:6f:ad:c3:78:c1:cd:43:ff:93:90:25:9f:97:17:36:8e: + 74:28:e8:a9 +-----BEGIN CERTIFICATE----- +MIIDOzCCAiOgAwIBAgIBCzANBgkqhkiG9w0BAQUFADCBqzEmMCQGA1UEAxMdV2Vz +dHBvaW50IENlcnRpZmljYXRlIFRlc3QgQ0ExEzARBgNVBAgTCkxhbmNhc2hpcmUx +CzAJBgNVBAYTAlVLMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNvbTFAMD4G +A1UEChM3V2VzdHBvaW50IENlcnRpZmljYXRlIFRlc3QgUm9vdCBDZXJ0aWZpY2F0 +aW9uIEF1dGhvcml0eTAeFw0xMTA3MzEyMTAxMTdaFw0yMTA3MjgyMTAxMTdaMFAx +FDASBgNVBAMTC2V4YW1wbGUuY29tMR8wHQYJKoZIhvcNAQkBFhB0ZXN0QGV4YW1w +bGUuY29tMRcwFQYKCZImiZPyLGQBBRMHdGVxdWlsYTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAuCqI3aNbSkRpA9VuGOmeVQ010Oaawsz4tcW2FQChJDOv6PuT +ucy5IijvaVewotDjnuVzPpBVW5EmC8Qapradomhb6FtFPyH/hGSnhLtht3Ln6stJ +ZkAjvr/wjWDy+3Gy/P5r5weUNWVm2AaQgk2xumx49EIXyzwOEHAhqTE7iEECAwEA +AaNIMEYwCQYDVR0TBAIwADA5BggrBgEFBQcBAQQtMCswKQYIKwYBBQUHMAGGHWh0 +dHA6Ly9vY3NwLmV4YW1wbGUuY29tOjg4ODgvMA0GCSqGSIb3DQEBBQUAA4IBAQBL +oz035PphO4yUx7FJVaZjxLgTM4wLrcn2ONGm015/ECO+1Uxj3hWb6/EIDDKV/4e8 +x0HDF69zyawYLD1th5tBcZLkV/Dat/Tzkt3boLOCGo2I1P+yjqxlb7BZCk7PEs3+ +zjWF2hMcXtAwOIrsRuvXp4eTGwigKLAt/H02US/fa2dXFbOnz91V7oH8ZvynIl/n +hpELPzVWX/pBnHEGA9Bi0jviCKuvQisfaJ8XCiA73qH6CkSoZ2fClnrs+pJNj8i6 +vtcMx8htn7FsyB3puVww86JSQ+VDKlQkFbPVla/4Aavzwz8djjVYEWwSgm+tw3jB +zUP/k5Aln5cXNo50KOip +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/trailing-whitespace.pem b/tests/auto/network/ssl/qsslcertificate/more-certificates/trailing-whitespace.pem new file mode 100644 index 0000000000..e48195d15e --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/more-certificates/trailing-whitespace.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB8zCCAVwCAREwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV +BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD +VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDcwNDE3MDc0MDI2WhcNMDcwNTE3 +MDc0MDI2WjApMRowGAYDVQQDExFuYW1lL3dpdGgvc2xhc2hlczELMAkGA1UEBhMC +Tk8wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOud6QOsME+pWANExxgmL0iT +1ayg++hTxHsqAYnm/FoMxfUh+NdKkgJn2/GfNppinfPOSI667VqonU+7JBZDTLV5 +CPbZIo9fFQpDJQN6naev4yaxU1VeYFfI7S8c8zYKeGSR+RenNNeLvfH80YxPpZZ1 +snv8IfDH2V8MVxiyr7lLAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAleaU4pgzV6KY ++q9QuXapUYMsC2GiNtDmkG3k+MTHUO8XlE4hqPrIM6rRf7zKQdZ950R2wL9FSnYl +Qm1Tdv38dCka6ivMBqvRuOt9axH3m0G7nzHL7U3zaCbtEx3yVln+b3yYtiVpTuq0 +3MLrt7tQGAW6ra8ISf6YY1W65/uVXZE= +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/qsslcertificate.pro b/tests/auto/network/ssl/qsslcertificate/qsslcertificate.pro new file mode 100644 index 0000000000..05cce8e509 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/qsslcertificate.pro @@ -0,0 +1,29 @@ +load(qttest_p4) + +SOURCES += tst_qsslcertificate.cpp +!wince*:win32:LIBS += -lws2_32 +QT = core network + +TARGET = tst_qsslcertificate + +win32 { + CONFIG(debug, debug|release) { + DESTDIR = debug +} else { + DESTDIR = release + } +} + +wince*|symbian: { + certFiles.files = certificates more-certificates + certFiles.path = . + DEPLOYMENT += certFiles +} + +wince*: { + DEFINES += SRCDIR=\\\".\\\" +} else:!symbian { + DEFINES += SRCDIR=\\\"$$PWD/\\\" +} + +symbian:TARGET.CAPABILITY = NetworkServices ReadUserData diff --git a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp new file mode 100644 index 0000000000..bcd21eefe2 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp @@ -0,0 +1,995 @@ +/**************************************************************************** +** +** Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies). +** All rights reserved. +** Contact: Nokia Corporation (qt-info@nokia.com) +** +** This file is part of the test suite of the Qt Toolkit. +** +** $QT_BEGIN_LICENSE:LGPL$ +** GNU Lesser General Public License Usage +** This file may be used under the terms of the GNU Lesser General Public +** License version 2.1 as published by the Free Software Foundation and +** appearing in the file LICENSE.LGPL included in the packaging of this +** file. Please review the following information to ensure the GNU Lesser +** General Public License version 2.1 requirements will be met: +** http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. +** +** In addition, as a special exception, Nokia gives you certain additional +** rights. These rights are described in the Nokia Qt LGPL Exception +** version 1.1, included in the file LGPL_EXCEPTION.txt in this package. +** +** GNU General Public License Usage +** Alternatively, this file may be used under the terms of the GNU General +** Public License version 3.0 as published by the Free Software Foundation +** and appearing in the file LICENSE.GPL included in the packaging of this +** file. Please review the following information to ensure the GNU General +** Public License version 3.0 requirements will be met: +** http://www.gnu.org/copyleft/gpl.html. +** +** Other Usage +** Alternatively, this file may be used in accordance with the terms and +** conditions contained in a signed written agreement between you and Nokia. +** +** +** +** +** +** $QT_END_LICENSE$ +** +****************************************************************************/ + + +#include <QtTest/QtTest> +#include <qsslcertificate.h> +#include <qsslkey.h> +#include <qsslsocket.h> + +#ifdef Q_OS_SYMBIAN +// In Symbian OS test data is located in applications private dir +// Current path (C:\private\<UID>) contains only ascii chars +#define SRCDIR "./" +#endif + +class tst_QSslCertificate : public QObject +{ + Q_OBJECT + + struct CertInfo { + QFileInfo fileInfo; + QFileInfo fileInfo_digest_md5; + QFileInfo fileInfo_digest_sha1; + QSsl::EncodingFormat format; + CertInfo(const QFileInfo &fileInfo, QSsl::EncodingFormat format) + : fileInfo(fileInfo), format(format) {} + }; + + QList<CertInfo> certInfoList; + QMap<QString, QString> subjAltNameMap; + QMap<QString, QString> pubkeyMap; + QMap<QString, QString> md5Map; + QMap<QString, QString> sha1Map; + + void createTestRows(); +#ifndef QT_NO_OPENSSL + void compareCertificates(const QSslCertificate & cert1, const QSslCertificate & cert2); +#endif + + QString oldCurrentDir; +public: + tst_QSslCertificate(); + virtual ~tst_QSslCertificate(); + +public slots: + void initTestCase_data(); + void init(); + void cleanup(); + +#ifndef QT_NO_OPENSSL +private slots: + void emptyConstructor(); + void constructor_data(); + void constructor(); + void constructingGarbage(); + void copyAndAssign_data(); + void copyAndAssign(); + void digest_data(); + void digest(); + void subjectAlternativeNames_data(); + void utf8SubjectNames(); + void subjectAlternativeNames(); + void publicKey_data(); + void publicKey(); + void toPemOrDer_data(); + void toPemOrDer(); + void fromDevice(); + void fromPath_data(); + void fromPath(); + void certInfo(); + void certInfoQByteArray(); + void task256066toPem(); + void nulInCN(); + void nulInSan(); + void largeSerialNumber(); + void largeExpirationDate(); + void blacklistedCertificates(); + void toText(); + void multipleCommonNames(); + void subjectAndIssuerAttributes(); + void verify(); + + // helper for verbose test failure messages + QString toString(const QList<QSslError>&); + +// ### add tests for certificate bundles (multiple certificates concatenated into a single +// structure); both PEM and DER formatted +#endif +}; + +tst_QSslCertificate::tst_QSslCertificate() +{ + QDir dir(SRCDIR + QLatin1String("/certificates")); + QFileInfoList fileInfoList = dir.entryInfoList(QDir::Files | QDir::Readable); + QRegExp rxCert(QLatin1String("^.+\\.(pem|der)$")); + QRegExp rxSan(QLatin1String("^(.+\\.(?:pem|der))\\.san$")); + QRegExp rxPubKey(QLatin1String("^(.+\\.(?:pem|der))\\.pubkey$")); + QRegExp rxDigest(QLatin1String("^(.+\\.(?:pem|der))\\.digest-(md5|sha1)$")); + foreach (QFileInfo fileInfo, fileInfoList) { + if (rxCert.indexIn(fileInfo.fileName()) >= 0) + certInfoList << + CertInfo(fileInfo, + rxCert.cap(1) == QLatin1String("pem") ? QSsl::Pem : QSsl::Der); + if (rxSan.indexIn(fileInfo.fileName()) >= 0) + subjAltNameMap.insert(rxSan.cap(1), fileInfo.absoluteFilePath()); + if (rxPubKey.indexIn(fileInfo.fileName()) >= 0) + pubkeyMap.insert(rxPubKey.cap(1), fileInfo.absoluteFilePath()); + if (rxDigest.indexIn(fileInfo.fileName()) >= 0) { + if (rxDigest.cap(2) == QLatin1String("md5")) + md5Map.insert(rxDigest.cap(1), fileInfo.absoluteFilePath()); + else + sha1Map.insert(rxDigest.cap(1), fileInfo.absoluteFilePath()); + } + } +} + +tst_QSslCertificate::~tst_QSslCertificate() +{ +} + +void tst_QSslCertificate::initTestCase_data() +{ +} + +void tst_QSslCertificate::init() +{ + QString srcdir(QLatin1String(SRCDIR)); + if (!srcdir.isEmpty()) { + oldCurrentDir = QDir::current().absolutePath(); + QDir::setCurrent(srcdir); + } +} + +void tst_QSslCertificate::cleanup() +{ + if (!oldCurrentDir.isEmpty()) { + QDir::setCurrent(oldCurrentDir); + } + +} + +static QByteArray readFile(const QString &absFilePath) +{ + QFile file(absFilePath); + if (!file.open(QIODevice::ReadOnly)) { + QWARN("failed to open file"); + return QByteArray(); + } + return file.readAll(); +} + +#ifndef QT_NO_OPENSSL + +void tst_QSslCertificate::emptyConstructor() +{ + if (!QSslSocket::supportsSsl()) + return; + + QSslCertificate certificate; + QVERIFY(certificate.isNull()); + //make sure none of the functions crash (task 203035) + QVERIFY(!certificate.isValid()); + QCOMPARE(certificate.version() , QByteArray()); + QCOMPARE(certificate.serialNumber(), QByteArray()); + QCOMPARE(certificate.digest(), QCryptographicHash::hash(QByteArray(), QCryptographicHash::Md5)); + QCOMPARE(certificate.issuerInfo(QSslCertificate::Organization), QStringList()); + QCOMPARE(certificate.subjectInfo(QSslCertificate::Organization), QStringList()); + QCOMPARE(certificate.subjectAlternativeNames(),(QMultiMap<QSsl::AlternativeNameEntryType, QString>())); +#ifndef QT_NO_TEXTSTREAM + QCOMPARE(certificate.effectiveDate(), QDateTime()); + QCOMPARE(certificate.expiryDate(), QDateTime()); +#endif +} + +Q_DECLARE_METATYPE(QSsl::EncodingFormat); + +void tst_QSslCertificate::createTestRows() +{ + QTest::addColumn<QString>("absFilePath"); + QTest::addColumn<QSsl::EncodingFormat>("format"); + foreach (CertInfo certInfo, certInfoList) { + QTest::newRow(certInfo.fileInfo.fileName().toLatin1()) + << certInfo.fileInfo.absoluteFilePath() << certInfo.format; + } +} + +void tst_QSslCertificate::constructor_data() +{ + createTestRows(); +} + +void tst_QSslCertificate::constructor() +{ + if (!QSslSocket::supportsSsl()) + return; + + QFETCH(QString, absFilePath); + QFETCH(QSsl::EncodingFormat, format); + + QByteArray encoded = readFile(absFilePath); + QSslCertificate certificate(encoded, format); + QVERIFY(!certificate.isNull()); +} + +void tst_QSslCertificate::constructingGarbage() +{ + if (!QSslSocket::supportsSsl()) + return; + + QByteArray garbage("garbage"); + QSslCertificate certificate(garbage); + QVERIFY(certificate.isNull()); +} + +void tst_QSslCertificate::copyAndAssign_data() +{ + createTestRows(); +} + +void tst_QSslCertificate::compareCertificates( + const QSslCertificate & cert1, const QSslCertificate & cert2) +{ + QCOMPARE(cert1.isNull(), cert2.isNull()); + // Note: in theory, the next line could fail even if the certificates are identical! + QCOMPARE(cert1.isValid(), cert2.isValid()); + QCOMPARE(cert1.version(), cert2.version()); + QCOMPARE(cert1.serialNumber(), cert2.serialNumber()); + QCOMPARE(cert1.digest(), cert2.digest()); + QCOMPARE(cert1.toPem(), cert2.toPem()); + QCOMPARE(cert1.toDer(), cert2.toDer()); + for (int info = QSslCertificate::Organization; + info <= QSslCertificate::StateOrProvinceName; info++) { + const QSslCertificate::SubjectInfo subjectInfo = (QSslCertificate::SubjectInfo)info; + QCOMPARE(cert1.issuerInfo(subjectInfo), cert2.issuerInfo(subjectInfo)); + QCOMPARE(cert1.subjectInfo(subjectInfo), cert2.subjectInfo(subjectInfo)); + } + QCOMPARE(cert1.subjectAlternativeNames(), cert2.subjectAlternativeNames()); + QCOMPARE(cert1.effectiveDate(), cert2.effectiveDate()); + QCOMPARE(cert1.expiryDate(), cert2.expiryDate()); + QCOMPARE(cert1.version(), cert2.version()); + QCOMPARE(cert1.serialNumber(), cert2.serialNumber()); + // ### add more functions here ... +} + +void tst_QSslCertificate::copyAndAssign() +{ + if (!QSslSocket::supportsSsl()) + return; + + QFETCH(QString, absFilePath); + QFETCH(QSsl::EncodingFormat, format); + + QByteArray encoded = readFile(absFilePath); + QSslCertificate certificate(encoded, format); + + QVERIFY(!certificate.isNull()); + + QSslCertificate copied(certificate); + compareCertificates(certificate, copied); + + QSslCertificate assigned = certificate; + compareCertificates(certificate, assigned); +} + +void tst_QSslCertificate::digest_data() +{ + QTest::addColumn<QString>("absFilePath"); + QTest::addColumn<QSsl::EncodingFormat>("format"); + QTest::addColumn<QString>("absFilePath_digest_md5"); + QTest::addColumn<QString>("absFilePath_digest_sha1"); + foreach (CertInfo certInfo, certInfoList) { + QString certName = certInfo.fileInfo.fileName(); + QTest::newRow(certName.toLatin1()) + << certInfo.fileInfo.absoluteFilePath() + << certInfo.format + << md5Map.value(certName) + << sha1Map.value(certName); + } +} + +// Converts a digest of the form '{MD5|SHA1} Fingerprint=AB:B8:32...' to binary format. +static QByteArray convertDigest(const QByteArray &input) +{ + QByteArray result; + QRegExp rx(QLatin1String("(?:=|:)([0-9A-Fa-f]{2})")); + int pos = 0; + while ((pos = rx.indexIn(input, pos)) != -1) { + result.append(rx.cap(1).toLatin1()); + pos += rx.matchedLength(); + } + return QByteArray::fromHex(result); +} + +void tst_QSslCertificate::digest() +{ + if (!QSslSocket::supportsSsl()) + return; + + QFETCH(QString, absFilePath); + QFETCH(QSsl::EncodingFormat, format); + QFETCH(QString, absFilePath_digest_md5); + QFETCH(QString, absFilePath_digest_sha1); + + QByteArray encoded = readFile(absFilePath); + QSslCertificate certificate(encoded, format); + QVERIFY(!certificate.isNull()); + + if (!absFilePath_digest_md5.isEmpty()) + QCOMPARE(convertDigest(readFile(absFilePath_digest_md5)), + certificate.digest(QCryptographicHash::Md5)); + + if (!absFilePath_digest_sha1.isEmpty()) + QCOMPARE(convertDigest(readFile(absFilePath_digest_sha1)), + certificate.digest(QCryptographicHash::Sha1)); +} + +void tst_QSslCertificate::subjectAlternativeNames_data() +{ + QTest::addColumn<QString>("certFilePath"); + QTest::addColumn<QSsl::EncodingFormat>("format"); + QTest::addColumn<QString>("subjAltNameFilePath"); + + foreach (CertInfo certInfo, certInfoList) { + QString certName = certInfo.fileInfo.fileName(); + if (subjAltNameMap.contains(certName)) + QTest::newRow(certName.toLatin1()) + << certInfo.fileInfo.absoluteFilePath() + << certInfo.format + << subjAltNameMap.value(certName); + } +} + +void tst_QSslCertificate::subjectAlternativeNames() +{ + if (!QSslSocket::supportsSsl()) + return; + + QFETCH(QString, certFilePath); + QFETCH(QSsl::EncodingFormat, format); + QFETCH(QString, subjAltNameFilePath); + + QByteArray encodedCert = readFile(certFilePath); + QSslCertificate certificate(encodedCert, format); + QVERIFY(!certificate.isNull()); + + QByteArray fileContents = readFile(subjAltNameFilePath); + + const QMultiMap<QSsl::AlternativeNameEntryType, QString> altSubjectNames = + certificate.subjectAlternativeNames(); + + // verify that each entry in subjAltNames is present in fileContents + QMapIterator<QSsl::AlternativeNameEntryType, QString> it(altSubjectNames); + while (it.hasNext()) { + it.next(); + QString type; + if (it.key() == QSsl::EmailEntry) + type = QLatin1String("email"); + else if (it.key() == QSsl::DnsEntry) + type = QLatin1String("DNS"); + else + QFAIL("unsupported alternative name type"); + QString entry = QString("%1:%2").arg(type).arg(it.value()); + QVERIFY(fileContents.contains(entry.toAscii())); + } + + // verify that each entry in fileContents is present in subjAltNames + QRegExp rx(QLatin1String("(email|DNS):([^,\\r\\n]+)")); + for (int pos = 0; (pos = rx.indexIn(fileContents, pos)) != -1; pos += rx.matchedLength()) { + QSsl::AlternativeNameEntryType key; + if (rx.cap(1) == QLatin1String("email")) + key = QSsl::EmailEntry; + else if (rx.cap(1) == QLatin1String("DNS")) + key = QSsl::DnsEntry; + else + QFAIL("unsupported alternative name type"); + QVERIFY(altSubjectNames.contains(key, rx.cap(2))); + } +} + +void tst_QSslCertificate::utf8SubjectNames() +{ + QSslCertificate cert = QSslCertificate::fromPath("certificates/cert-ss-san-utf8.pem", QSsl::Pem, + QRegExp::FixedString).first(); + QVERIFY(!cert.isNull()); + + // O is "Heavy Metal Records" with heavy use of "decorations" like accents, umlauts etc., + // OU uses arabian / asian script letters near codepoint 64K. + // strings split where the compiler would otherwise find three-digit hex numbers + static const char *o = "H\xc4\x95\xc4\x82\xc6\xb2\xc3\xbf \xca\x8d\xe1\xba\xbf\xca\x88\xe1\xba" + "\xb7\xe1\xb8\xbb R\xc3\xa9" "c" "\xc3\xb6rd\xc5\x9d"; + static const char *ou = "\xe3\x88\xa7" "A" "\xe3\x89\x81\xef\xbd\xab" "BC"; + + // the following two tests should help find "\x"-literal encoding bugs in the test itself + QCOMPARE(cert.subjectInfo("O")[0].length(), QString::fromUtf8(o).length()); + QCOMPARE (cert.subjectInfo("O")[0].toUtf8().toHex(), QByteArray(o).toHex()); + + QCOMPARE(cert.subjectInfo("O")[0], QString::fromUtf8(o)); + QCOMPARE(cert.subjectInfo("OU")[0], QString::fromUtf8(ou)); +} + +void tst_QSslCertificate::publicKey_data() +{ + QTest::addColumn<QString>("certFilePath"); + QTest::addColumn<QSsl::EncodingFormat>("format"); + QTest::addColumn<QString>("pubkeyFilePath"); + + foreach (CertInfo certInfo, certInfoList) { + QString certName = certInfo.fileInfo.fileName(); + if (pubkeyMap.contains(certName)) + QTest::newRow(certName.toLatin1()) + << certInfo.fileInfo.absoluteFilePath() + << certInfo.format + << pubkeyMap.value(certName); + } +} + +void tst_QSslCertificate::publicKey() +{ + if (!QSslSocket::supportsSsl()) + return; + + QFETCH(QString, certFilePath); + QFETCH(QSsl::EncodingFormat, format); + QFETCH(QString, pubkeyFilePath); + + QByteArray encodedCert = readFile(certFilePath); + QSslCertificate certificate(encodedCert, format); + QVERIFY(!certificate.isNull()); + + QByteArray encodedPubkey = readFile(pubkeyFilePath); + QSslKey pubkey(encodedPubkey, QSsl::Rsa, format, QSsl::PublicKey); // ### support DSA as well! + QVERIFY(!pubkey.isNull()); + + QCOMPARE(certificate.publicKey(), pubkey); +} + +void tst_QSslCertificate::toPemOrDer_data() +{ + createTestRows(); +} + +static const char BeginCertString[] = "-----BEGIN CERTIFICATE-----"; +static const char EndCertString[] = "-----END CERTIFICATE-----"; + +// Returns, in Pem-format, the first certificate found in a Pem-formatted block +// (Note that such a block may contain e.g. a private key at the end). +static QByteArray firstPemCertificateFromPem(const QByteArray &pem) +{ + int startPos = pem.indexOf(BeginCertString); + int endPos = pem.indexOf(EndCertString); + if (startPos == -1 || endPos == -1) + return QByteArray(); + return pem.mid(startPos, endPos + sizeof(EndCertString) - startPos); +} + +void tst_QSslCertificate::toPemOrDer() +{ + if (!QSslSocket::supportsSsl()) + return; + + QFETCH(QString, absFilePath); + QFETCH(QSsl::EncodingFormat, format); + + QByteArray encoded = readFile(absFilePath); + QSslCertificate certificate(encoded, format); + QVERIFY(!certificate.isNull()); + if (format == QSsl::Pem) { + encoded.replace('\r',""); + QByteArray firstPem = firstPemCertificateFromPem(encoded); + QCOMPARE(certificate.toPem(), firstPem); + } else { + // ### for now, we assume that DER-encoded certificates don't contain bundled stuff + QCOMPARE(certificate.toDer(), encoded); + } +} + +void tst_QSslCertificate::fromDevice() +{ + QTest::ignoreMessage(QtWarningMsg, "QSslCertificate::fromDevice: cannot read from a null device"); + QList<QSslCertificate> certs = QSslCertificate::fromDevice(0); // don't crash + QVERIFY(certs.isEmpty()); +} + +void tst_QSslCertificate::fromPath_data() +{ + QTest::addColumn<QString>("path"); + QTest::addColumn<int>("syntax"); + QTest::addColumn<bool>("pemencoding"); + QTest::addColumn<int>("numCerts"); + + QTest::newRow("empty fixed pem") << QString() << int(QRegExp::FixedString) << true << 0; + QTest::newRow("empty fixed der") << QString() << int(QRegExp::FixedString) << false << 0; + QTest::newRow("empty regexp pem") << QString() << int(QRegExp::RegExp) << true << 0; + QTest::newRow("empty regexp der") << QString() << int(QRegExp::RegExp) << false << 0; + QTest::newRow("empty wildcard pem") << QString() << int(QRegExp::Wildcard) << true << 0; + QTest::newRow("empty wildcard der") << QString() << int(QRegExp::Wildcard) << false << 0; + QTest::newRow("\"certificates\" fixed pem") << QString("certificates") << int(QRegExp::FixedString) << true << 0; + QTest::newRow("\"certificates\" fixed der") << QString("certificates") << int(QRegExp::FixedString) << false << 0; + QTest::newRow("\"certificates\" regexp pem") << QString("certificates") << int(QRegExp::RegExp) << true << 0; + QTest::newRow("\"certificates\" regexp der") << QString("certificates") << int(QRegExp::RegExp) << false << 0; + QTest::newRow("\"certificates\" wildcard pem") << QString("certificates") << int(QRegExp::Wildcard) << true << 0; + QTest::newRow("\"certificates\" wildcard der") << QString("certificates") << int(QRegExp::Wildcard) << false << 0; + QTest::newRow("\"certificates/cert.pem\" fixed pem") << QString("certificates/cert.pem") << int(QRegExp::FixedString) << true << 1; + QTest::newRow("\"certificates/cert.pem\" fixed der") << QString("certificates/cert.pem") << int(QRegExp::FixedString) << false << 0; + QTest::newRow("\"certificates/cert.pem\" regexp pem") << QString("certificates/cert.pem") << int(QRegExp::RegExp) << true << 1; + QTest::newRow("\"certificates/cert.pem\" regexp der") << QString("certificates/cert.pem") << int(QRegExp::RegExp) << false << 0; + QTest::newRow("\"certificates/cert.pem\" wildcard pem") << QString("certificates/cert.pem") << int(QRegExp::Wildcard) << true << 1; + QTest::newRow("\"certificates/cert.pem\" wildcard der") << QString("certificates/cert.pem") << int(QRegExp::Wildcard) << false << 0; + QTest::newRow("\"certificates/*\" fixed pem") << QString("certificates/*") << int(QRegExp::FixedString) << true << 0; + QTest::newRow("\"certificates/*\" fixed der") << QString("certificates/*") << int(QRegExp::FixedString) << false << 0; + QTest::newRow("\"certificates/*\" regexp pem") << QString("certificates/*") << int(QRegExp::RegExp) << true << 0; + QTest::newRow("\"certificates/*\" regexp der") << QString("certificates/*") << int(QRegExp::RegExp) << false << 0; + QTest::newRow("\"certificates/*\" wildcard pem") << QString("certificates/*") << int(QRegExp::Wildcard) << true << 5; + QTest::newRow("\"certificates/*\" wildcard der") << QString("certificates/*") << int(QRegExp::Wildcard) << false << 0; + QTest::newRow("\"c*/c*.pem\" fixed pem") << QString("c*/c*.pem") << int(QRegExp::FixedString) << true << 0; + QTest::newRow("\"c*/c*.pem\" fixed der") << QString("c*/c*.pem") << int(QRegExp::FixedString) << false << 0; + QTest::newRow("\"c*/c*.pem\" regexp pem") << QString("c*/c*.pem") << int(QRegExp::RegExp) << true << 0; + QTest::newRow("\"c*/c*.pem\" regexp der") << QString("c*/c*.pem") << int(QRegExp::RegExp) << false << 0; + QTest::newRow("\"c*/c*.pem\" wildcard pem") << QString("c*/c*.pem") << int(QRegExp::Wildcard) << true << 5; + QTest::newRow("\"c*/c*.pem\" wildcard der") << QString("c*/c*.pem") << int(QRegExp::Wildcard) << false << 0; + QTest::newRow("\"d*/c*.pem\" fixed pem") << QString("d*/c*.pem") << int(QRegExp::FixedString) << true << 0; + QTest::newRow("\"d*/c*.pem\" fixed der") << QString("d*/c*.pem") << int(QRegExp::FixedString) << false << 0; + QTest::newRow("\"d*/c*.pem\" regexp pem") << QString("d*/c*.pem") << int(QRegExp::RegExp) << true << 0; + QTest::newRow("\"d*/c*.pem\" regexp der") << QString("d*/c*.pem") << int(QRegExp::RegExp) << false << 0; + QTest::newRow("\"d*/c*.pem\" wildcard pem") << QString("d*/c*.pem") << int(QRegExp::Wildcard) << true << 0; + QTest::newRow("\"d*/c*.pem\" wildcard der") << QString("d*/c*.pem") << int(QRegExp::Wildcard) << false << 0; + QTest::newRow("\"c.*/c.*.pem\" fixed pem") << QString("c.*/c.*.pem") << int(QRegExp::FixedString) << true << 0; + QTest::newRow("\"c.*/c.*.pem\" fixed der") << QString("c.*/c.*.pem") << int(QRegExp::FixedString) << false << 0; + QTest::newRow("\"c.*/c.*.pem\" regexp pem") << QString("c.*/c.*.pem") << int(QRegExp::RegExp) << true << 5; + QTest::newRow("\"c.*/c.*.pem\" regexp der") << QString("c.*/c.*.pem") << int(QRegExp::RegExp) << false << 0; + QTest::newRow("\"c.*/c.*.pem\" wildcard pem") << QString("c.*/c.*.pem") << int(QRegExp::Wildcard) << true << 0; + QTest::newRow("\"c.*/c.*.pem\" wildcard der") << QString("c.*/c.*.pem") << int(QRegExp::Wildcard) << false << 0; + QTest::newRow("\"d.*/c.*.pem\" fixed pem") << QString("d.*/c.*.pem") << int(QRegExp::FixedString) << true << 0; + QTest::newRow("\"d.*/c.*.pem\" fixed der") << QString("d.*/c.*.pem") << int(QRegExp::FixedString) << false << 0; + QTest::newRow("\"d.*/c.*.pem\" regexp pem") << QString("d.*/c.*.pem") << int(QRegExp::RegExp) << true << 0; + QTest::newRow("\"d.*/c.*.pem\" regexp der") << QString("d.*/c.*.pem") << int(QRegExp::RegExp) << false << 0; + QTest::newRow("\"d.*/c.*.pem\" wildcard pem") << QString("d.*/c.*.pem") << int(QRegExp::Wildcard) << true << 0; + QTest::newRow("\"d.*/c.*.pem\" wildcard der") << QString("d.*/c.*.pem") << int(QRegExp::Wildcard) << false << 0; +#ifdef Q_OS_LINUX + QTest::newRow("absolute path wildcard pem") << QString(QDir::currentPath() + "/certificates/*.pem") << int(QRegExp::Wildcard) << true << 5; +#endif + + QTest::newRow("trailing-whitespace") << QString("more-certificates/trailing-whitespace.pem") << int(QRegExp::FixedString) << true << 1; + QTest::newRow("no-ending-newline") << QString("more-certificates/no-ending-newline.pem") << int(QRegExp::FixedString) << true << 1; + QTest::newRow("malformed-just-begin") << QString("more-certificates/malformed-just-begin.pem") << int(QRegExp::FixedString) << true << 0; + QTest::newRow("malformed-just-begin-no-newline") << QString("more-certificates/malformed-just-begin-no-newline.pem") << int(QRegExp::FixedString) << true << 0; +} + +void tst_QSslCertificate::fromPath() +{ + QFETCH(QString, path); + QFETCH(int, syntax); + QFETCH(bool, pemencoding); + QFETCH(int, numCerts); + + QCOMPARE(QSslCertificate::fromPath(path, + pemencoding ? QSsl::Pem : QSsl::Der, + QRegExp::PatternSyntax(syntax)).size(), + numCerts); +} + +void tst_QSslCertificate::certInfo() +{ +// MD5 Fingerprint=B6:CF:57:34:DA:A9:73:21:82:F7:CF:4D:3D:85:31:88 +// SHA1 Fingerprint=B6:D1:51:82:E0:29:CA:59:96:38:BD:B6:F9:40:05:91:6D:49:09:60 +// Certificate: +// Data: +// Version: 1 (0x0) +// Serial Number: 17 (0x11) +// Signature Algorithm: sha1WithRSAEncryption +// Issuer: C=AU, ST=Queensland, O=CryptSoft Pty Ltd, CN=Test CA (1024 bit) +// Validity +// Not Before: Apr 17 07:40:26 2007 GMT +// Not After : May 17 07:40:26 2007 GMT +// Subject: CN=name/with/slashes, C=NO +// Subject Public Key Info: +// Public Key Algorithm: rsaEncryption +// RSA Public Key: (1024 bit) +// Modulus (1024 bit): +// 00:eb:9d:e9:03:ac:30:4f:a9:58:03:44:c7:18:26: +// 2f:48:93:d5:ac:a0:fb:e8:53:c4:7b:2a:01:89:e6: +// fc:5a:0c:c5:f5:21:f8:d7:4a:92:02:67:db:f1:9f: +// 36:9a:62:9d:f3:ce:48:8e:ba:ed:5a:a8:9d:4f:bb: +// 24:16:43:4c:b5:79:08:f6:d9:22:8f:5f:15:0a:43: +// 25:03:7a:9d:a7:af:e3:26:b1:53:55:5e:60:57:c8: +// ed:2f:1c:f3:36:0a:78:64:91:f9:17:a7:34:d7:8b: +// bd:f1:fc:d1:8c:4f:a5:96:75:b2:7b:fc:21:f0:c7: +// d9:5f:0c:57:18:b2:af:b9:4b +// Exponent: 65537 (0x10001) +// Signature Algorithm: sha1WithRSAEncryption +// 95:e6:94:e2:98:33:57:a2:98:fa:af:50:b9:76:a9:51:83:2c: +// 0b:61:a2:36:d0:e6:90:6d:e4:f8:c4:c7:50:ef:17:94:4e:21: +// a8:fa:c8:33:aa:d1:7f:bc:ca:41:d6:7d:e7:44:76:c0:bf:45: +// 4a:76:25:42:6d:53:76:fd:fc:74:29:1a:ea:2b:cc:06:ab:d1: +// b8:eb:7d:6b:11:f7:9b:41:bb:9f:31:cb:ed:4d:f3:68:26:ed: +// 13:1d:f2:56:59:fe:6f:7c:98:b6:25:69:4e:ea:b4:dc:c2:eb: +// b7:bb:50:18:05:ba:ad:af:08:49:fe:98:63:55:ba:e7:fb:95: +// 5d:91 + static const char pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIB8zCCAVwCAREwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV\n" + "BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD\n" + "VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDcwNDE3MDc0MDI2WhcNMDcwNTE3\n" + "MDc0MDI2WjApMRowGAYDVQQDExFuYW1lL3dpdGgvc2xhc2hlczELMAkGA1UEBhMC\n" + "Tk8wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOud6QOsME+pWANExxgmL0iT\n" + "1ayg++hTxHsqAYnm/FoMxfUh+NdKkgJn2/GfNppinfPOSI667VqonU+7JBZDTLV5\n" + "CPbZIo9fFQpDJQN6naev4yaxU1VeYFfI7S8c8zYKeGSR+RenNNeLvfH80YxPpZZ1\n" + "snv8IfDH2V8MVxiyr7lLAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAleaU4pgzV6KY\n" + "+q9QuXapUYMsC2GiNtDmkG3k+MTHUO8XlE4hqPrIM6rRf7zKQdZ950R2wL9FSnYl\n" + "Qm1Tdv38dCka6ivMBqvRuOt9axH3m0G7nzHL7U3zaCbtEx3yVln+b3yYtiVpTuq0\n" + "3MLrt7tQGAW6ra8ISf6YY1W65/uVXZE=\n" + "-----END CERTIFICATE-----\n"; + static const char der[] = // hex encoded + "30:82:01:f3:30:82:01:5c:02:01:11:30:0d:06:09:2a" + "86:48:86:f7:0d:01:01:05:05:00:30:5b:31:0b:30:09" + "06:03:55:04:06:13:02:41:55:31:13:30:11:06:03:55" + "04:08:13:0a:51:75:65:65:6e:73:6c:61:6e:64:31:1a" + "30:18:06:03:55:04:0a:13:11:43:72:79:70:74:53:6f" + "66:74:20:50:74:79:20:4c:74:64:31:1b:30:19:06:03" + "55:04:03:13:12:54:65:73:74:20:43:41:20:28:31:30" + "32:34:20:62:69:74:29:30:1e:17:0d:30:37:30:34:31" + "37:30:37:34:30:32:36:5a:17:0d:30:37:30:35:31:37" + "30:37:34:30:32:36:5a:30:29:31:1a:30:18:06:03:55" + "04:03:13:11:6e:61:6d:65:2f:77:69:74:68:2f:73:6c" + "61:73:68:65:73:31:0b:30:09:06:03:55:04:06:13:02" + "4e:4f:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01" + "01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb" + "9d:e9:03:ac:30:4f:a9:58:03:44:c7:18:26:2f:48:93" + "d5:ac:a0:fb:e8:53:c4:7b:2a:01:89:e6:fc:5a:0c:c5" + "f5:21:f8:d7:4a:92:02:67:db:f1:9f:36:9a:62:9d:f3" + "ce:48:8e:ba:ed:5a:a8:9d:4f:bb:24:16:43:4c:b5:79" + "08:f6:d9:22:8f:5f:15:0a:43:25:03:7a:9d:a7:af:e3" + "26:b1:53:55:5e:60:57:c8:ed:2f:1c:f3:36:0a:78:64" + "91:f9:17:a7:34:d7:8b:bd:f1:fc:d1:8c:4f:a5:96:75" + "b2:7b:fc:21:f0:c7:d9:5f:0c:57:18:b2:af:b9:4b:02" + "03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01" + "05:05:00:03:81:81:00:95:e6:94:e2:98:33:57:a2:98" + "fa:af:50:b9:76:a9:51:83:2c:0b:61:a2:36:d0:e6:90" + "6d:e4:f8:c4:c7:50:ef:17:94:4e:21:a8:fa:c8:33:aa" + "d1:7f:bc:ca:41:d6:7d:e7:44:76:c0:bf:45:4a:76:25" + "42:6d:53:76:fd:fc:74:29:1a:ea:2b:cc:06:ab:d1:b8" + "eb:7d:6b:11:f7:9b:41:bb:9f:31:cb:ed:4d:f3:68:26" + "ed:13:1d:f2:56:59:fe:6f:7c:98:b6:25:69:4e:ea:b4" + "dc:c2:eb:b7:bb:50:18:05:ba:ad:af:08:49:fe:98:63" + "55:ba:e7:fb:95:5d:91"; + + QSslCertificate cert = QSslCertificate::fromPath("certificates/cert.pem", QSsl::Pem, + QRegExp::FixedString).first(); + QVERIFY(!cert.isNull()); + + QCOMPARE(cert.issuerInfo(QSslCertificate::Organization)[0], QString("CryptSoft Pty Ltd")); + QCOMPARE(cert.issuerInfo(QSslCertificate::CommonName)[0], QString("Test CA (1024 bit)")); + QCOMPARE(cert.issuerInfo(QSslCertificate::LocalityName), QStringList()); + QCOMPARE(cert.issuerInfo(QSslCertificate::OrganizationalUnitName), QStringList()); + QCOMPARE(cert.issuerInfo(QSslCertificate::CountryName)[0], QString("AU")); + QCOMPARE(cert.issuerInfo(QSslCertificate::StateOrProvinceName)[0], QString("Queensland")); + + QCOMPARE(cert.issuerInfo("O")[0], QString("CryptSoft Pty Ltd")); + QCOMPARE(cert.issuerInfo("CN")[0], QString("Test CA (1024 bit)")); + QCOMPARE(cert.issuerInfo("L"), QStringList()); + QCOMPARE(cert.issuerInfo("OU"), QStringList()); + QCOMPARE(cert.issuerInfo("C")[0], QString("AU")); + QCOMPARE(cert.issuerInfo("ST")[0], QString("Queensland")); + + QCOMPARE(cert.subjectInfo(QSslCertificate::Organization), QStringList()); + QCOMPARE(cert.subjectInfo(QSslCertificate::CommonName)[0], QString("name/with/slashes")); + QCOMPARE(cert.subjectInfo(QSslCertificate::LocalityName), QStringList()); + QCOMPARE(cert.subjectInfo(QSslCertificate::OrganizationalUnitName), QStringList()); + QCOMPARE(cert.subjectInfo(QSslCertificate::CountryName)[0], QString("NO")); + QCOMPARE(cert.subjectInfo(QSslCertificate::StateOrProvinceName), QStringList()); + + QCOMPARE(cert.subjectInfo("O"), QStringList()); + QCOMPARE(cert.subjectInfo("CN")[0], QString("name/with/slashes")); + QCOMPARE(cert.subjectInfo("L"), QStringList()); + QCOMPARE(cert.subjectInfo("OU"), QStringList()); + QCOMPARE(cert.subjectInfo("C")[0], QString("NO")); + QCOMPARE(cert.subjectInfo("ST"), QStringList()); + + QCOMPARE(cert.version(), QByteArray::number(1)); + QCOMPARE(cert.serialNumber(), QByteArray::number(17)); + + QCOMPARE(cert.toPem().constData(), (const char*)pem); + QCOMPARE(cert.toDer(), QByteArray::fromHex(der)); + + QCOMPARE(cert.digest(QCryptographicHash::Md5), + QByteArray::fromHex("B6:CF:57:34:DA:A9:73:21:82:F7:CF:4D:3D:85:31:88")); + QCOMPARE(cert.digest(QCryptographicHash::Sha1), + QByteArray::fromHex("B6:D1:51:82:E0:29:CA:59:96:38:BD:B6:F9:40:05:91:6D:49:09:60")); + + QCOMPARE(cert.effectiveDate().toUTC(), QDateTime(QDate(2007, 4, 17), QTime(7,40,26), Qt::UTC)); + QCOMPARE(cert.expiryDate().toUTC(), QDateTime(QDate(2007, 5, 17), QTime(7,40,26), Qt::UTC)); + QVERIFY(!cert.isValid()); // cert has expired + + QSslCertificate copy = cert; + QVERIFY(cert == copy); + QVERIFY(!(cert != copy)); + + QCOMPARE(cert, QSslCertificate(pem, QSsl::Pem)); + QCOMPARE(cert, QSslCertificate(QByteArray::fromHex(der), QSsl::Der)); +} + +void tst_QSslCertificate::certInfoQByteArray() +{ + QSslCertificate cert = QSslCertificate::fromPath("certificates/cert.pem", QSsl::Pem, + QRegExp::FixedString).first(); + QVERIFY(!cert.isNull()); + + // in this test, check the bytearray variants before the enum variants to see if + // we fixed a bug we had with lazy initialization of the values. + QCOMPARE(cert.issuerInfo("CN")[0], QString("Test CA (1024 bit)")); + QCOMPARE(cert.subjectInfo("CN")[0], QString("name/with/slashes")); +} + +void tst_QSslCertificate::task256066toPem() +{ + // a certificate whose PEM encoding's length is a multiple of 64 + const char *mycert = "-----BEGIN CERTIFICATE-----\n" \ + "MIIEGjCCAwKgAwIBAgIESikYSjANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJF\n" \ + "RTEiMCAGA1UEChMZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEPMA0GA1UECxMG\n" \ + "RVNURUlEMRcwFQYDVQQDEw5FU1RFSUQtU0sgMjAwNzAeFw0wOTA2MDUxMzA2MTha\n" \ + "Fw0xNDA2MDkyMTAwMDBaMIGRMQswCQYDVQQGEwJFRTEPMA0GA1UEChMGRVNURUlE\n" \ + "MRcwFQYDVQQLEw5hdXRoZW50aWNhdGlvbjEhMB8GA1UEAxMYSEVJQkVSRyxTVkVO\n" \ + "LDM3NzA5MjcwMjg1MRAwDgYDVQQEEwdIRUlCRVJHMQ0wCwYDVQQqEwRTVkVOMRQw\n" \ + "EgYDVQQFEwszNzcwOTI3MDI4NTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n" \ + "k2Euwhm34vu1jOFp02J5fQRx9LW2C7x78CbJ7yInoAKn7QR8UdxTU7mJk90Opejo\n" \ + "71RUi2/aYl4jCr9gr99v2YoLufMRwAuqdmwmwqH1WAHRUtIcD0oPdKyelmmn9ig0\n" \ + "RV+yJLNT3dnyrwPw+uuzDe3DeKepGKE4lxexliCaAx0CAyCMW6OCATEwggEtMA4G\n" \ + "A1UdDwEB/wQEAwIEsDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwPAYD\n" \ + "VR0fBDUwMzAxoC+gLYYraHR0cDovL3d3dy5zay5lZS9jcmxzL2VzdGVpZC9lc3Rl\n" \ + "aWQyMDA3LmNybDAgBgNVHREEGTAXgRVzdmVuLmhlaWJlcmdAZWVzdGkuZWUwUQYD\n" \ + "VR0gBEowSDBGBgsrBgEEAc4fAQEBATA3MBIGCCsGAQUFBwICMAYaBG5vbmUwIQYI\n" \ + "KwYBBQUHAgEWFWh0dHA6Ly93d3cuc2suZWUvY3BzLzAfBgNVHSMEGDAWgBRIBt6+\n" \ + "jIdXlYB4Y/qcIysroDoYdTAdBgNVHQ4EFgQUKCjpDf+LcvL6AH0QOiW6rMTtB/0w\n" \ + "CQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEABRyRuUm9zt8V27WuNeXtCDmU\n" \ + "MGzA6g4QXNAd2nxFzT3k+kNzzQTOcgRdmjiEPuK49On+GWnBr/5MSBNhbCJVPWr/\n" \ + "yym1UYTBisaqhRt/N/kwZqd0bHeLJk+ZxSePXRyqkp9H8KPWqz7H+O/FxRS4ffxo\n" \ + "Q9Clem+e0bcjNlL5xXiRGycBeZq8cKj+0+A/UuattznQlvHdlCEsSeu1fPOORqFV\n" \ + "fZur4HC31lQD7xVvETLiL83CtOQC78+29XPD6Zlrrc5OF2yibSVParY19b8Zh6yu\n" \ + "p1dNvN8pBgXGrsyxRonwHooV2ghGNmGILkpdvlQfnxeCUg4erfHjDdSY9vmT7w==\n" \ + "-----END CERTIFICATE-----\n"; + + QByteArray pem1(mycert); + QSslCertificate cert1(pem1); + QVERIFY(!cert1.isNull()); + QByteArray pem2(cert1.toPem()); + QSslCertificate cert2(pem2); + QVERIFY(!cert2.isNull()); + QCOMPARE(pem1, pem2); +} + +void tst_QSslCertificate::nulInCN() +{ + QList<QSslCertificate> certList = + QSslCertificate::fromPath(SRCDIR "more-certificates/badguy-nul-cn.crt"); + QCOMPARE(certList.size(), 1); + + const QSslCertificate &cert = certList.at(0); + QVERIFY(!cert.isNull()); + + QString cn = cert.subjectInfo(QSslCertificate::CommonName)[0]; + QVERIFY(cn != "www.bank.com"); + + static const char realCN[] = "www.bank.com\0.badguy.com"; + QCOMPARE(cn, QString::fromLatin1(realCN, sizeof realCN - 1)); +} + +void tst_QSslCertificate::nulInSan() +{ + QList<QSslCertificate> certList = + QSslCertificate::fromPath(SRCDIR "more-certificates/badguy-nul-san.crt"); + QCOMPARE(certList.size(), 1); + + const QSslCertificate &cert = certList.at(0); + QVERIFY(!cert.isNull()); + + QMultiMap<QSsl::AlternativeNameEntryType, QString> san = cert.subjectAlternativeNames(); + QVERIFY(!san.isEmpty()); + + QString dnssan = san.value(QSsl::DnsEntry); + QVERIFY(!dnssan.isEmpty()); + QVERIFY(dnssan != "www.bank.com"); + + static const char realSAN[] = "www.bank.com\0www.badguy.com"; + QCOMPARE(dnssan, QString::fromLatin1(realSAN, sizeof realSAN - 1)); +} + +void tst_QSslCertificate::largeSerialNumber() +{ + QList<QSslCertificate> certList = + QSslCertificate::fromPath(SRCDIR "more-certificates/cert-large-serial-number.pem"); + + QCOMPARE(certList.size(), 1); + + const QSslCertificate &cert = certList.at(0); + QVERIFY(!cert.isNull()); + QCOMPARE(cert.serialNumber(), QByteArray("01:02:03:04:05:06:07:08:09:10:aa:bb:cc:dd:ee:ff:17:18:19:20")); +} + +void tst_QSslCertificate::largeExpirationDate() // QTBUG-12489 +{ + QList<QSslCertificate> certList = + QSslCertificate::fromPath(SRCDIR "more-certificates/cert-large-expiration-date.pem"); + + QCOMPARE(certList.size(), 1); + + const QSslCertificate &cert = certList.at(0); + QVERIFY(!cert.isNull()); + QCOMPARE(cert.effectiveDate().toUTC(), QDateTime(QDate(2010, 8, 4), QTime(9, 53, 41), Qt::UTC)); + // if the date is larger than 2049, then the generalized time format is used + QCOMPARE(cert.expiryDate().toUTC(), QDateTime(QDate(2051, 8, 29), QTime(9, 53, 41), Qt::UTC)); +} + +void tst_QSslCertificate::blacklistedCertificates() +{ + QList<QSslCertificate> blacklistedCerts = QSslCertificate::fromPath("more-certificates/blacklisted*.pem", QSsl::Pem, QRegExp::Wildcard); + QVERIFY2(blacklistedCerts.count() > 0, "Please run this test from the source directory"); + for (int a = 0; a < blacklistedCerts.count(); a++) { + QVERIFY(! blacklistedCerts.at(a).isValid()); + } +} + +void tst_QSslCertificate::toText() +{ + QList<QSslCertificate> certList = + QSslCertificate::fromPath(SRCDIR "more-certificates/cert-large-expiration-date.pem"); + + QCOMPARE(certList.size(), 1); + const QSslCertificate &cert = certList.at(0); + + // Openssl's cert dump method changed slightly between 0.9.8 and 1.0.0 versions, so we want it to match any output + + QFile fOld(SRCDIR "more-certificates/cert-large-expiration-date.txt.0.9.8"); + QVERIFY(fOld.open(QIODevice::ReadOnly)); + QByteArray txtOld = fOld.readAll(); + + QFile fNew(SRCDIR "more-certificates/cert-large-expiration-date.txt.1.0.0"); + QVERIFY(fNew.open(QIODevice::ReadOnly)); + QByteArray txtNew = fNew.readAll(); + QVERIFY(txtOld == cert.toText() || txtNew == cert.toText()); +} + +void tst_QSslCertificate::multipleCommonNames() +{ + QList<QSslCertificate> certList = + QSslCertificate::fromPath(SRCDIR "more-certificates/test-cn-two-cns-cert.pem"); + QVERIFY2(certList.count() > 0, "Please run this test from the source directory"); + + QStringList commonNames = certList[0].subjectInfo(QSslCertificate::CommonName); + QVERIFY(commonNames.contains(QString("www.example.com"))); + QVERIFY(commonNames.contains(QString("www2.example.com"))); +} + +void tst_QSslCertificate::subjectAndIssuerAttributes() +{ + QList<QSslCertificate> certList = + QSslCertificate::fromPath(SRCDIR "more-certificates/test-cn-with-drink-cert.pem"); + QVERIFY2(certList.count() > 0, "Please run this test from the source directory"); + + QList<QByteArray> attributes = certList[0].subjectInfoAttributes(); + QVERIFY(attributes.contains(QByteArray("favouriteDrink"))); + attributes.clear(); + + certList = QSslCertificate::fromPath(SRCDIR "more-certificates/natwest-banking.pem"); + QVERIFY2(certList.count() > 0, "Please run this test from the source directory"); + + attributes = certList[0].subjectInfoAttributes(); + QVERIFY(attributes.contains(QByteArray("1.3.6.1.4.1.311.60.2.1.3"))); +} + +void tst_QSslCertificate::verify() +{ + QList<QSslError> errors; + QList<QSslCertificate> toVerify; + + // Like QVERIFY, but be verbose about the content of `errors' when failing +#define VERIFY_VERBOSE(A) \ + QVERIFY2((A), \ + qPrintable(QString("errors: %1").arg(toString(errors))) \ + ) + + // Empty chain is unspecified error + errors = QSslCertificate::verify(toVerify); + VERIFY_VERBOSE(errors.count() == 1); + VERIFY_VERBOSE(errors[0] == QSslError(QSslError::UnspecifiedError)); + errors.clear(); + + // Verify a valid cert signed by a CA + QList<QSslCertificate> caCerts = QSslCertificate::fromPath(SRCDIR "verify-certs/cacert.pem"); + QSslSocket::addDefaultCaCertificate(caCerts.first()); + + toVerify = QSslCertificate::fromPath(SRCDIR "verify-certs/test-ocsp-good-cert.pem"); + + errors = QSslCertificate::verify(toVerify); + VERIFY_VERBOSE(errors.count() == 0); + errors.clear(); + + // Test a blacklisted certificate + toVerify = QSslCertificate::fromPath(SRCDIR "verify-certs/test-addons-mozilla-org-cert.pem"); + errors = QSslCertificate::verify(toVerify); + bool foundBlack = false; + foreach (const QSslError &error, errors) { + if (error.error() == QSslError::CertificateBlacklisted) { + foundBlack = true; + break; + } + } + QVERIFY(foundBlack); + errors.clear(); + + // This one is expired and untrusted + toVerify = QSslCertificate::fromPath(SRCDIR "more-certificates/cert-large-serial-number.pem"); + errors = QSslCertificate::verify(toVerify); + VERIFY_VERBOSE(errors.contains(QSslError(QSslError::SelfSignedCertificate, toVerify[0]))); + VERIFY_VERBOSE(errors.contains(QSslError(QSslError::CertificateExpired, toVerify[0]))); + errors.clear(); + toVerify.clear(); + + // This one is signed by a valid cert, but the signer is not a valid CA + toVerify << QSslCertificate::fromPath(SRCDIR "verify-certs/test-intermediate-not-ca-cert.pem").first(); + toVerify << QSslCertificate::fromPath(SRCDIR "verify-certs/test-ocsp-good-cert.pem").first(); + errors = QSslCertificate::verify(toVerify); + VERIFY_VERBOSE(errors.contains(QSslError(QSslError::InvalidCaCertificate, toVerify[1]))); + toVerify.clear(); + + // This one is signed by a valid cert, and the signer is a valid CA + toVerify << QSslCertificate::fromPath(SRCDIR "verify-certs/test-intermediate-is-ca-cert.pem").first(); + toVerify << QSslCertificate::fromPath(SRCDIR "verify-certs/test-intermediate-ca-cert.pem").first(); + errors = QSslCertificate::verify(toVerify); + VERIFY_VERBOSE(errors.count() == 0); + + // Recheck the above with hostname validation + errors = QSslCertificate::verify(toVerify, QLatin1String("example.com")); + VERIFY_VERBOSE(errors.count() == 0); + + // Recheck the above with a bad hostname + errors = QSslCertificate::verify(toVerify, QLatin1String("fail.example.com")); + VERIFY_VERBOSE(errors.contains(QSslError(QSslError::HostNameMismatch, toVerify[0]))); + toVerify.clear(); + +#undef VERIFY_VERBOSE +} + +QString tst_QSslCertificate::toString(const QList<QSslError>& errors) +{ + QStringList errorStrings; + + foreach (const QSslError& error, errors) { + errorStrings.append(QLatin1String("\"") + error.errorString() + QLatin1String("\"")); + } + + return QLatin1String("[ ") + errorStrings.join(QLatin1String(", ")) + QLatin1String(" ]"); +} + +#endif // QT_NO_OPENSSL + +QTEST_MAIN(tst_QSslCertificate) +#include "tst_qsslcertificate.moc" diff --git a/tests/auto/network/ssl/qsslcertificate/verify-certs/README b/tests/auto/network/ssl/qsslcertificate/verify-certs/README new file mode 100644 index 0000000000..87cb293ef6 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/verify-certs/README @@ -0,0 +1,2 @@ +openssl verify -CAfile cacert.pem -untrusted test-intermediate-ca-cert.pem test-intermediate-is-ca-cert.pem +openssl verify -CAfile cacert.pem -untrusted test-ocsp-good-cert.pem test-intermediate-not-ca-cert.pem diff --git a/tests/auto/network/ssl/qsslcertificate/verify-certs/cacert.pem b/tests/auto/network/ssl/qsslcertificate/verify-certs/cacert.pem new file mode 100644 index 0000000000..8c75c54bcb --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/verify-certs/cacert.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID6zCCAtOgAwIBAgIJAP4bjANFSx0BMA0GCSqGSIb3DQEBBQUAMIGrMSYwJAYD +VQQDEx1XZXN0cG9pbnQgQ2VydGlmaWNhdGUgVGVzdCBDQTETMBEGA1UECBMKTGFu +Y2FzaGlyZTELMAkGA1UEBhMCVUsxHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUu +Y29tMUAwPgYDVQQKEzdXZXN0cG9pbnQgQ2VydGlmaWNhdGUgVGVzdCBSb290IENl +cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTExMDczMTIxMDExNloXDTIxMDcyODIx +MDExNlowgasxJjAkBgNVBAMTHVdlc3Rwb2ludCBDZXJ0aWZpY2F0ZSBUZXN0IENB +MRMwEQYDVQQIEwpMYW5jYXNoaXJlMQswCQYDVQQGEwJVSzEdMBsGCSqGSIb3DQEJ +ARYOY2FAZXhhbXBsZS5jb20xQDA+BgNVBAoTN1dlc3Rwb2ludCBDZXJ0aWZpY2F0 +ZSBUZXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQC5xMKXviXuxFO67WzFIImO5RY3Y+dqt7maTB+p +JiHkn98rJoBB4J1cDnEUIs5ErO+kqOjW7JwF50fePNJ5K+I6SbRVn9gxAI59ZA6O +9UvOPZOw4/6GM24UY4B4mUcp8oXg9fhwgtjVhfXiMD2GvKQq3RazIiCoSW4aJWEq +L58Q+sIo+jL72qwk648xIwIhuC3XzcOOE/+rCOtZmu812/NN08UfsL2qup0aaaGv +aL36n6OIx5AYFcCD5uOxXAmUy14mhwQyDHAl6K42ghSm5b43VMMSQ+N9AQpentWl +RH6Vt1eY52YTxjNxpRlj88GBnYxdr8WgjKOV7v8OPGXP6zWlAgMBAAGjEDAOMAwG +A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADptDEfvsh8aq/tTc7ciGkHG +jh7WFELVTcdWBTyveZ24298Hl9UOfsAfLqjMGMs3delAaZocchba9Og2xSZyRstH +GUtlJXd4PnSJSx/TksPf2DCANo5sxBWBITs1Iprm3Nlm3/xPZM2QLIamRYi2J6Ed +JTfWvMpoaW1umJX49jKqk1gfdcS6eUSaXetgYP2FQV7DstqPLYfQ731nEXZ1LXFM +PO7IoPccqk4YJ0KOV7hFb7NCq4a6cz/Gf0S0qJ44vqHz6iRZpmWIo5UFivwtLw9r +iMbdJ1mCCMR0oN5om3muKc7Sz+l2ItxdYMcLkZ1/3ouvQqOX+qIOrYEUN1RZCzI= +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/verify-certs/test-addons-mozilla-org-cert.pem b/tests/auto/network/ssl/qsslcertificate/verify-certs/test-addons-mozilla-org-cert.pem new file mode 100644 index 0000000000..07123e8577 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/verify-certs/test-addons-mozilla-org-cert.pem @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF+DCCBOCgAwIBAgIRAJI51TSPQNFpWnRUcOHyP0MwDQYJKoZIhvcNAQEFBQAw +gZcxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtl +IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMY +aHR0cDovL3d3dy51c2VydHJ1c3QuY29tMR8wHQYDVQQDExZVVE4tVVNFUkZpcnN0 +LUhhcmR3YXJlMB4XDTExMDMxNTAwMDAwMFoXDTE0MDMxNDIzNTk1OVowgeIxCzAJ +BgNVBAYTAlVTMQ4wDAYDVQQREwUzODQ3NzEQMA4GA1UECBMHRmxvcmlkYTEQMA4G +A1UEBxMHRW5nbGlzaDEXMBUGA1UECRMOU2VhIFZpbGxhZ2UgMTAxFDASBgNVBAoT +C0dvb2dsZSBMdGQuMRMwEQYDVQQLEwpUZWNoIERlcHQuMSgwJgYDVQQLEx9Ib3N0 +ZWQgYnkgR1RJIEdyb3VwIENvcnBvcmF0aW9uMRQwEgYDVQQLEwtQbGF0aW51bVNT +TDEbMBkGA1UEAxMSYWRkb25zLm1vemlsbGEub3JnMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAq8ZtNvMVc3iDc850hdWu7LLw4CQfE4O4IKy7mv6Iu6uh +HQsfRQCqSbc1Nwxq70dMudG+41cSBI2Sx7bsAby22seBOCCtcoXmDvyBbAetaHY4 +xUTXzMZKxZc+ZPRR5vB+suxW9yWCTUmYyxaY3SPxiZHRF5dAmSbW4qIrXt+9ifIb +GlMtzFBBetA9KgxVcBQB6VhJEHoLk4KL4R7tOoAQgs6WijTwzNfTubRQh1VUCbid +QihVAOWMNVS/3SWRRrcN5V2DqOWL+4TkPK522sRDK1t0C/i+XWjxeFu1zn3xXZlA +2sruOIFQvpihbLgkrfOvjA/XESgshBhMfbXZjzC1GwIDAQABo4IB8DCCAewwHwYD +VR0jBBgwFoAUoXJfJhsomEOVXQc31YWWnUvSw0UwHQYDVR0OBBYEFN2A0lQ990xw +yqOw3TR6MuToO1o7MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBGBgNVHSAEPzA9MDsGDCsGAQQBsjEB +AgEDBDArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQ +UzB7BgNVHR8EdDByMDigNqA0hjJodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9VVE4t +VVNFUkZpcnN0LUhhcmR3YXJlLmNybDA2oDSgMoYwaHR0cDovL2NybC5jb21vZG8u +bmV0L1VUTi1VU0VSRmlyc3QtSGFyZHdhcmUuY3JsMHEGCCsGAQUFBwEBBGUwYzA7 +BggrBgEFBQcwAoYvaHR0cDovL2NydC5jb21vZG9jYS5jb20vVVROQWRkVHJ1c3RT +ZXJ2ZXJDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNv +bTA1BgNVHREELjAsghJhZGRvbnMubW96aWxsYS5vcmeCFnd3dy5hZGRvbnMubW96 +aWxsYS5vcmcwDQYJKoZIhvcNAQEFBQADggEBADM7YxX8sewULJPddZTegVrZTpm+ ++0qkOVVNoUB63hMqh6k3z+jV+63Re21vjCCHglTmV0m8ICiEzdYB2ZOLF24jZuWE +yIA/xqFwgOTsTR35/JFac2IpmvcgHGHgizmfyrx+jd282bHjn57fFVORIVIL2Roj +D2Y226yTlkqjpSLPKfeimaj2ttlArtl+tvZYLpusNspkj2VS3IacgqtuUEvaX/oF +AIgwDt6NVr+BR409BuKyYpJnj57ImrLlBrhwJLh3fCMKOMN5CNixUZ2slRHHQBee +oxyP8hGnaCfaSQWEGHxYLQFnXOWfoSm7SjlFL78Rqnmi7bTUtWVDt5NGitM= +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/verify-certs/test-intermediate-ca-cert.pem b/tests/auto/network/ssl/qsslcertificate/verify-certs/test-intermediate-ca-cert.pem new file mode 100644 index 0000000000..d00490caba --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/verify-certs/test-intermediate-ca-cert.pem @@ -0,0 +1,66 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 28 (0x1c) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=Westpoint Certificate Test CA, ST=Lancashire, C=UK/emailAddress=ca@example.com, O=Westpoint Certificate Test Root Certification Authority + Validity + Not Before: Jul 31 21:01:18 2011 GMT + Not After : Jul 28 21:01:18 2021 GMT + Subject: ST=Lancashire, C=UK/emailAddress=test@example.com, O=Test intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:bc:bd:83:c1:bc:36:d8:9c:74:68:5a:46:48:25: + 83:59:f8:35:1e:8f:dc:2c:52:3b:7c:2e:ea:40:c4: + 93:b6:39:31:df:f5:a6:f8:01:17:67:93:21:59:9b: + 89:7f:ed:2a:19:7b:25:a5:e1:71:12:99:e5:14:28: + df:75:b5:17:1c:3b:1d:3d:74:48:4f:b7:42:f4:3a: + ab:56:05:2b:fc:d3:27:97:01:08:5b:ad:26:9b:f2: + 87:51:9c:7e:e1:f1:ef:1c:bf:ad:7e:38:d9:76:89: + 30:a6:8c:2f:6f:87:9f:9e:57:13:14:b4:45:30:f3: + be:58:df:8a:d2:ee:7b:1d:89 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://ocsp.example.com:8888/ + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 33:84:9d:0e:b2:59:04:dc:ef:e3:04:8b:00:6c:64:ea:58:9e: + 36:59:76:27:59:a0:b8:ee:0d:86:83:ff:db:65:eb:6c:1f:16: + 47:e7:f5:e6:c3:88:81:73:7e:ed:12:8d:7e:fd:5e:b1:5c:68: + 47:f8:f9:ca:e3:e0:c0:f3:12:b2:24:3b:77:2c:98:de:05:6d: + a8:ec:27:b8:af:ab:84:25:26:73:b4:58:4c:7c:c1:74:97:98: + ab:0e:e6:99:70:bc:38:b0:9a:e3:d9:5c:75:fa:46:d2:87:55: + 09:86:8f:ef:4a:e4:ef:3e:32:c6:ac:9d:27:86:29:b8:78:38: + 7b:87:6c:57:72:bd:57:99:73:36:db:fa:52:bd:7b:a7:05:cd: + 28:b8:85:fc:11:47:5e:c6:77:72:6a:fb:73:3e:8b:a4:6d:f8: + 17:f4:12:d5:36:e0:ef:5c:f8:b2:a1:69:3e:4c:cf:86:5f:63: + f6:02:60:95:7f:61:e8:cb:7f:14:66:da:36:2e:78:13:3e:68: + ae:3f:13:c1:79:88:18:18:3f:23:f3:9a:e1:e7:7e:ae:50:e4: + b7:80:76:31:92:74:79:2c:de:d0:74:fe:81:7c:f6:01:14:6a: + 1f:5f:88:85:6a:11:1d:50:af:f1:97:4d:67:40:c3:e9:ae:6f: + 60:e2:bc:e2 +-----BEGIN CERTIFICATE----- +MIIDUDCCAjigAwIBAgIBHDANBgkqhkiG9w0BAQUFADCBqzEmMCQGA1UEAxMdV2Vz +dHBvaW50IENlcnRpZmljYXRlIFRlc3QgQ0ExEzARBgNVBAgTCkxhbmNhc2hpcmUx +CzAJBgNVBAYTAlVLMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNvbTFAMD4G +A1UEChM3V2VzdHBvaW50IENlcnRpZmljYXRlIFRlc3QgUm9vdCBDZXJ0aWZpY2F0 +aW9uIEF1dGhvcml0eTAeFw0xMTA3MzEyMTAxMThaFw0yMTA3MjgyMTAxMThaMGIx +EzARBgNVBAgTCkxhbmNhc2hpcmUxCzAJBgNVBAYTAlVLMR8wHQYJKoZIhvcNAQkB +FhB0ZXN0QGV4YW1wbGUuY29tMR0wGwYDVQQKExRUZXN0IGludGVybWVkaWF0ZSBD +QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvL2Dwbw22Jx0aFpGSCWDWfg1 +Ho/cLFI7fC7qQMSTtjkx3/Wm+AEXZ5MhWZuJf+0qGXslpeFxEpnlFCjfdbUXHDsd +PXRIT7dC9DqrVgUr/NMnlwEIW60mm/KHUZx+4fHvHL+tfjjZdokwpowvb4efnlcT +FLRFMPO+WN+K0u57HYkCAwEAAaNLMEkwOQYIKwYBBQUHAQEELTArMCkGCCsGAQUF +BzABhh1odHRwOi8vb2NzcC5leGFtcGxlLmNvbTo4ODg4LzAMBgNVHRMEBTADAQH/ +MA0GCSqGSIb3DQEBBQUAA4IBAQAzhJ0OslkE3O/jBIsAbGTqWJ42WXYnWaC47g2G +g//bZetsHxZH5/Xmw4iBc37tEo1+/V6xXGhH+PnK4+DA8xKyJDt3LJjeBW2o7Ce4 +r6uEJSZztFhMfMF0l5irDuaZcLw4sJrj2Vx1+kbSh1UJho/vSuTvPjLGrJ0nhim4 +eDh7h2xXcr1XmXM22/pSvXunBc0ouIX8EUdexndyavtzPoukbfgX9BLVNuDvXPiy +oWk+TM+GX2P2AmCVf2Hoy38UZto2LngTPmiuPxPBeYgYGD8j85rh536uUOS3gHYx +knR5LN7QdP6BfPYBFGofX4iFahEdUK/xl01nQMPprm9g4rzi +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/verify-certs/test-intermediate-is-ca-cert.pem b/tests/auto/network/ssl/qsslcertificate/verify-certs/test-intermediate-is-ca-cert.pem new file mode 100644 index 0000000000..396cad86cb --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/verify-certs/test-intermediate-is-ca-cert.pem @@ -0,0 +1,53 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 29 (0x1d) + Signature Algorithm: sha1WithRSAEncryption + Issuer: ST=Lancashire, C=UK/emailAddress=test@example.com, O=Test intermediate CA + Validity + Not Before: Jul 31 21:01:18 2011 GMT + Not After : Jul 28 21:01:18 2021 GMT + Subject: CN=example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:c9:bb:98:5b:27:cd:b1:8a:a9:38:fc:aa:bb:ad: + a1:ed:cb:94:94:3e:79:90:ae:35:f3:87:b1:2a:4e: + d5:ff:55:93:e0:1a:68:2a:36:94:05:38:a7:72:64: + a3:31:0f:61:5c:ec:76:41:f1:35:4a:5e:bc:ef:51: + 90:9e:33:b4:08:7a:3f:f0:04:a8:46:99:96:25:b3: + 03:c8:cd:8c:33:42:76:82:b9:db:61:c6:91:ed:76: + 86:ae:04:38:d7:e5:5c:a9:a9:f9:b6:13:f4:90:40: + 6d:ec:2f:ba:ed:bc:ff:88:05:f0:7b:c8:ac:bd:d0: + 72:3a:91:64:86:06:89:66:0d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Authority Information Access: + OCSP - URI:http://ocsp.example.com:8888/ + + Signature Algorithm: sha1WithRSAEncryption + 22:30:97:01:ea:d0:a8:d8:b5:32:97:c8:c9:8b:7d:01:02:53: + 74:f8:0a:10:dc:fc:73:b2:50:bb:59:47:f3:e4:9f:44:94:d5: + ca:c0:64:da:83:00:95:43:15:a5:e3:30:ce:66:ca:55:8c:16: + 03:1e:55:02:8b:c7:ad:ed:2e:ae:ee:31:59:53:37:ff:26:86: + 93:9d:e2:69:2e:c0:2a:66:38:a5:b5:54:a1:02:0a:83:67:e0: + 91:cf:fc:09:c3:70:71:b6:cf:fc:d3:e9:9f:f5:1c:4d:55:ec: + 66:f7:07:71:fc:d6:17:de:e1:ab:e6:f2:7b:83:46:1e:b9:96: + 95:8f +-----BEGIN CERTIFICATE----- +MIICNjCCAZ+gAwIBAgIBHTANBgkqhkiG9w0BAQUFADBiMRMwEQYDVQQIEwpMYW5j +YXNoaXJlMQswCQYDVQQGEwJVSzEfMB0GCSqGSIb3DQEJARYQdGVzdEBleGFtcGxl +LmNvbTEdMBsGA1UEChMUVGVzdCBpbnRlcm1lZGlhdGUgQ0EwHhcNMTEwNzMxMjEw +MTE4WhcNMjEwNzI4MjEwMTE4WjAWMRQwEgYDVQQDEwtleGFtcGxlLmNvbTCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAybuYWyfNsYqpOPyqu62h7cuUlD55kK41 +84exKk7V/1WT4BpoKjaUBTincmSjMQ9hXOx2QfE1Sl6871GQnjO0CHo/8ASoRpmW +JbMDyM2MM0J2grnbYcaR7XaGrgQ41+Vcqan5thP0kEBt7C+67bz/iAXwe8isvdBy +OpFkhgaJZg0CAwEAAaNIMEYwCQYDVR0TBAIwADA5BggrBgEFBQcBAQQtMCswKQYI +KwYBBQUHMAGGHWh0dHA6Ly9vY3NwLmV4YW1wbGUuY29tOjg4ODgvMA0GCSqGSIb3 +DQEBBQUAA4GBACIwlwHq0KjYtTKXyMmLfQECU3T4ChDc/HOyULtZR/Pkn0SU1crA +ZNqDAJVDFaXjMM5mylWMFgMeVQKLx63tLq7uMVlTN/8mhpOd4mkuwCpmOKW1VKEC +CoNn4JHP/AnDcHG2z/zT6Z/1HE1V7Gb3B3H81hfe4avm8nuDRh65lpWP +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/verify-certs/test-intermediate-not-ca-cert.pem b/tests/auto/network/ssl/qsslcertificate/verify-certs/test-intermediate-not-ca-cert.pem new file mode 100644 index 0000000000..34ad2b10a8 --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/verify-certs/test-intermediate-not-ca-cert.pem @@ -0,0 +1,54 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 27 (0x1b) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=example.com, ST=Lancashire, C=UK/emailAddress=test@example.com, O=Some organisation + Validity + Not Before: Jul 31 21:01:18 2011 GMT + Not After : Jul 28 21:01:18 2021 GMT + Subject: CN=example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:ea:d6:97:b5:3c:f4:37:8a:58:b4:7a:49:31:55: + dd:c8:84:ee:36:f6:72:3a:31:99:d1:df:af:bb:f9: + 17:e9:d8:47:d2:20:4b:94:ce:ea:c1:6b:23:9a:da: + 02:41:29:51:34:05:13:c0:98:4d:87:f8:91:a8:85: + 81:e4:ab:26:3d:26:59:29:16:7d:04:db:57:7b:f0: + b6:2b:5d:cf:e7:82:ba:83:a7:bc:63:43:03:2a:2b: + 18:40:89:4c:1e:90:bc:bf:10:24:81:50:0d:2e:e8: + 8e:a9:0a:fc:f8:cd:97:98:3c:cc:55:b7:f2:b2:0d: + 0e:36:53:3a:b2:d0:45:90:8b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Authority Information Access: + OCSP - URI:http://ocsp.example.com:8888/ + + Signature Algorithm: sha1WithRSAEncryption + 82:d8:53:9c:d8:0b:0a:b3:9d:b4:0a:9f:93:ec:96:a6:31:6b: + 79:c9:d2:1c:76:0b:b7:f3:9f:b9:7a:dd:d7:b7:7b:26:ba:0a: + 54:2a:a3:ad:89:8e:3c:b8:8e:ea:09:53:58:73:9a:b3:a0:40: + 90:02:f2:60:04:b8:f0:2a:61:bd:91:9b:5e:81:5f:bf:cc:f2: + 33:33:8a:70:07:f5:ea:c0:05:38:34:f7:dc:ea:0c:74:01:5d: + dd:92:ab:f2:87:64:1b:7c:be:ae:37:c1:6c:ae:99:73:a5:aa: + 45:20:32:57:19:cb:30:45:61:2c:3b:23:52:ee:f0:cc:12:80: + 97:34 +-----BEGIN CERTIFICATE----- +MIICSTCCAbKgAwIBAgIBGzANBgkqhkiG9w0BAQUFADB1MRQwEgYDVQQDEwtleGFt +cGxlLmNvbTETMBEGA1UECBMKTGFuY2FzaGlyZTELMAkGA1UEBhMCVUsxHzAdBgkq +hkiG9w0BCQEWEHRlc3RAZXhhbXBsZS5jb20xGjAYBgNVBAoTEVNvbWUgb3JnYW5p +c2F0aW9uMB4XDTExMDczMTIxMDExOFoXDTIxMDcyODIxMDExOFowFjEUMBIGA1UE +AxMLZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOrWl7U8 +9DeKWLR6STFV3ciE7jb2cjoxmdHfr7v5F+nYR9IgS5TO6sFrI5raAkEpUTQFE8CY +TYf4kaiFgeSrJj0mWSkWfQTbV3vwtitdz+eCuoOnvGNDAyorGECJTB6QvL8QJIFQ +DS7ojqkK/PjNl5g8zFW38rINDjZTOrLQRZCLAgMBAAGjSDBGMAkGA1UdEwQCMAAw +OQYIKwYBBQUHAQEELTArMCkGCCsGAQUFBzABhh1odHRwOi8vb2NzcC5leGFtcGxl +LmNvbTo4ODg4LzANBgkqhkiG9w0BAQUFAAOBgQCC2FOc2AsKs520Cp+T7JamMWt5 +ydIcdgu385+5et3Xt3smugpUKqOtiY48uI7qCVNYc5qzoECQAvJgBLjwKmG9kZte +gV+/zPIzM4pwB/XqwAU4NPfc6gx0AV3dkqvyh2QbfL6uN8FsrplzpapFIDJXGcsw +RWEsOyNS7vDMEoCXNA== +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/verify-certs/test-ocsp-good-cert.pem b/tests/auto/network/ssl/qsslcertificate/verify-certs/test-ocsp-good-cert.pem new file mode 100644 index 0000000000..34b26c6d5e --- /dev/null +++ b/tests/auto/network/ssl/qsslcertificate/verify-certs/test-ocsp-good-cert.pem @@ -0,0 +1,67 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=Westpoint Certificate Test CA, ST=Lancashire, C=UK/emailAddress=ca@example.com, O=Westpoint Certificate Test Root Certification Authority + Validity + Not Before: Jul 31 21:01:16 2011 GMT + Not After : Jul 28 21:01:16 2021 GMT + Subject: CN=example.com, ST=Lancashire, C=UK/emailAddress=test@example.com, O=Some organisation + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:97:c9:92:27:81:a7:4c:64:82:a2:30:d6:07:b7: + 57:e0:9c:ea:cd:eb:53:be:ea:b6:b5:47:66:d0:68: + 54:25:a7:ed:21:5c:dc:fd:da:41:f6:c7:c0:35:ae: + 97:72:fd:8b:af:29:3d:38:5a:67:8b:39:8a:ce:86: + 25:0f:38:a7:b5:38:b3:8e:81:f0:ea:79:99:cb:f5: + 23:64:55:f3:4b:a4:b6:23:64:29:ea:ba:f3:29:52: + a7:7f:32:dc:0d:b6:d9:d4:e6:13:de:01:41:86:9a: + 2d:8f:bb:0c:18:88:09:ac:d4:6a:e9:cb:8a:17:8a: + 85:09:a6:ae:a6:1c:05:e9:55 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Authority Information Access: + OCSP - URI:http://ocsp.example.com:8888/ + + Signature Algorithm: sha1WithRSAEncryption + 8b:9b:96:fb:8e:1b:77:f5:70:39:fe:76:51:ac:a9:6b:80:a5: + b7:95:8b:c3:1a:9c:1f:bb:d1:d1:68:43:40:96:62:d6:a6:da: + d9:fd:9d:9a:9e:8a:84:fa:f5:54:ce:a8:d7:37:c7:0c:95:fc: + 11:8b:e9:32:53:e5:59:61:0a:53:70:f3:d6:ed:3f:b1:f4:49: + bf:86:c1:77:0d:b1:ac:65:7e:62:d2:f2:5a:31:50:a7:ed:28: + bb:63:d5:f3:4f:43:3a:3f:bf:3b:d0:94:aa:a1:74:95:be:a4: + 0f:8b:e0:6f:d8:33:84:76:71:b2:da:f4:0e:1e:d2:eb:f0:c3: + 1e:33:79:21:35:93:18:05:38:db:63:85:1a:e4:84:41:0a:c3: + fb:fd:5c:69:3d:18:0a:38:b8:16:18:d3:23:b9:51:47:2e:54: + 08:d1:fc:2e:b6:63:62:78:9c:26:59:c2:5e:5a:38:76:47:e7: + f0:f8:7b:b7:00:46:34:b0:44:28:a9:33:d7:e5:1d:52:c8:fb: + 32:a5:25:86:21:0c:80:f0:4b:37:60:a0:45:69:9f:6b:b0:34: + 91:5e:4c:62:45:99:83:1d:80:48:78:bb:ee:d4:83:39:76:c3: + e6:fb:31:e9:20:f0:64:90:24:4e:c6:07:75:40:1f:7e:97:77: + 1f:bf:a2:ef +-----BEGIN CERTIFICATE----- +MIIDYDCCAkigAwIBAgIBATANBgkqhkiG9w0BAQUFADCBqzEmMCQGA1UEAxMdV2Vz +dHBvaW50IENlcnRpZmljYXRlIFRlc3QgQ0ExEzARBgNVBAgTCkxhbmNhc2hpcmUx +CzAJBgNVBAYTAlVLMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNvbTFAMD4G +A1UEChM3V2VzdHBvaW50IENlcnRpZmljYXRlIFRlc3QgUm9vdCBDZXJ0aWZpY2F0 +aW9uIEF1dGhvcml0eTAeFw0xMTA3MzEyMTAxMTZaFw0yMTA3MjgyMTAxMTZaMHUx +FDASBgNVBAMTC2V4YW1wbGUuY29tMRMwEQYDVQQIEwpMYW5jYXNoaXJlMQswCQYD +VQQGEwJVSzEfMB0GCSqGSIb3DQEJARYQdGVzdEBleGFtcGxlLmNvbTEaMBgGA1UE +ChMRU29tZSBvcmdhbmlzYXRpb24wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +AJfJkieBp0xkgqIw1ge3V+Cc6s3rU77qtrVHZtBoVCWn7SFc3P3aQfbHwDWul3L9 +i68pPThaZ4s5is6GJQ84p7U4s46B8Op5mcv1I2RV80uktiNkKeq68ylSp38y3A22 +2dTmE94BQYaaLY+7DBiICazUaunLiheKhQmmrqYcBelVAgMBAAGjSDBGMAkGA1Ud +EwQCMAAwOQYIKwYBBQUHAQEELTArMCkGCCsGAQUFBzABhh1odHRwOi8vb2NzcC5l +eGFtcGxlLmNvbTo4ODg4LzANBgkqhkiG9w0BAQUFAAOCAQEAi5uW+44bd/VwOf52 +Uaypa4Clt5WLwxqcH7vR0WhDQJZi1qba2f2dmp6KhPr1VM6o1zfHDJX8EYvpMlPl +WWEKU3Dz1u0/sfRJv4bBdw2xrGV+YtLyWjFQp+0ou2PV809DOj+/O9CUqqF0lb6k +D4vgb9gzhHZxstr0Dh7S6/DDHjN5ITWTGAU422OFGuSEQQrD+/1caT0YCji4FhjT +I7lRRy5UCNH8LrZjYnicJlnCXlo4dkfn8Ph7twBGNLBEKKkz1+UdUsj7MqUlhiEM +gPBLN2CgRWmfa7A0kV5MYkWZgx2ASHi77tSDOXbD5vsx6SDwZJAkTsYHdUAffpd3 +H7+i7w== +-----END CERTIFICATE----- |