mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-22 10:10:06 +00:00
Code Issues Releases Wiki Activity

Extend the 'doth' system test with Strict/Mutual TLS checks

Browse Source 
This commit extends the 'doth' system test with a set of Strict/Mutual
TLS related checks.

This commit also makes each doth NS instance use its own TLS
certificate that includes FQDN, IPv4, and IPv6 addresses, issued using
a common Certificate Authority, instead of ad-hoc certs.

Extend servers initialisation timeout to 60 seconds to improve the
tests stability in the CI as certain configurations could fail to
initialise on time under load.
This commit is contained in:
Artem Boldariev 2022-02-08 19:02:05 +02:00
parent 7b9318bf72
commit cfea9a3aec
45 changed files with 4676 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.reuse/dep5
View File

@ -33,6 +33,11 @@ Files: **/*.after*
bin/tests/system/checkzone/zones/bad1.db
bin/tests/system/checkzone/zones/crashzone.db
bin/tests/system/dnstap/large-answer.fstrm
bin/tests/system/doth/CA/CA.cfg
bin/tests/system/doth/CA/README
bin/tests/system/doth/CA/index.txt
bin/tests/system/doth/CA/index.txt.attr
bin/tests/system/doth/CA/serial
bin/tests/system/notify/ns4/named.port.in
bin/tests/system/formerr/nametoolong
bin/tests/system/formerr/noquestions

5
bin/tests/system/doth/.gitignore vendored
View File

@ -2,3 +2,8 @@ gnutls-cli.*
headers.*
ns*/example.db
ns*/named.conf
# temporary files generated by "openssl ca"
/CA/*.old
# there is little point in keeping the certificate requests
# for the issued certificates
/CA/certs/*.csr

121
bin/tests/system/doth/CA/CA.cfg Normal file
View File

@ -0,0 +1,121 @@
## How To
# To issue a certificate:
#
# 1. Generate the next certificate serial (if the file does not exist):
# xxd -l 8 -u -ps /dev/urandom > ./serial
# 2. Create the new certificate request (e.g. for foo.example.com):
# openssl req -config ./CA.cfg -new -subj "/CN=foo.example.com" \
# -addext "subjectAltName=DNS:foo.example.com,IP=X.X.X.X" \
# -newkey rsa -keyout ./certs/foo.example.com.key \
# -out ./certs/foo.example.com.csr
#
# The above will generate request for an RSA-based certificate. One
# can issue an ECDSA-based certificate by replacing "-newkey rsa" with
# "-newkey ec -pkeyopt ec_paramgen_curve:secp384r1".
#
# 3. Issue the certificate:
# openssl ca -config ./CA.cfg -in ./certs/foo.example.com.csr \
# -out ./certs/foo.example.com.pem
#
# To cleanup the internal database from expired certificates:
#
# 1. openssl ca -config ./CA.cfg -updatedb
#
# To revoke a certificate:
#
# 1. Revoke the certificate via file (e.g. for foo.example.com):
# openssl ca -config ./CA.cfg -revoke ./certs/foo.example.com.pem
# 2. Optionally remove the certificate file if you do not need it anymore:
# rm ./certs/foo.example.com.pem
# 3. Generate the certificate revocation list file: CRL (e.g. revoked.crl):
# openssl ca -config ./CA.cfg -gencrl > ./revoked.crl
#
# The key for CA was generated like follows
# openssl genrsa -out ./CA.key 3072
# openssl req -x509 -new -key ./CA.key -days 10950 -out ./CA.pem
#
# See also:
#
# - https://jamielinux.com/docs/openssl-certificate-authority/index.html
# - https://www.openssl.org/docs/man1.1.1/man1/ca.html
# - https://www.openssl.org/docs/man1.1.1/man1/openssl-req.html
# - https://security.stackexchange.com/questions/74345/provide-subjectaltname-to-openssl-directly-on-the-command-line
# - https://security.stackexchange.com/a/190646 - for ECDSA certificates
# - https://gist.github.com/Soarez/9688998
# - https://habr.com/ru/post/192446/ - Beware, your screen might "go Cyrillic"!
# certificate authority configuration
[ca]
default_ca = CA_default # The default ca section
[CA_default]
dir = .
new_certs_dir = $dir/newcerts # new certs dir (must be created)
certificate = $dir/CA.pem # The CA cert
private_key = $dir/private/CA.key # CA private key
serial = $dir/serial # serial number file for the next certificate
# Update before issuing it:
# xxd -l 8 -u -ps /dev/urandom > ./serial
database = $dir/index.txt # (must be created manually: touch ./index.txt)
default_days = 10950 # how long to certify for
#default_crl_days = 30 # the number of days before the
default_crl_days = 10950 # next CRL is due. That is the
# days from now to place in the
# CRL nextUpdate field. If CRL
# is expired, certificate
# verifications will fail even
# for otherwise valid
# certificates. Clients might
# cache the CRL, so the expiry
# period should normally be
# relatively short (default:
# 30) for production CAs.
default_md = sha256 # digest to use
policy = policy_default # default policy
email_in_dn = no # Don't add the email into cert DN
name_opt = ca_default # Subject name display option
cert_opt = ca_default # Certificate display option
# We need the following in order to copy Subject Alt Name(s) from a
# request to the certificate.
copy_extensions = copy # copy extensions from request
[policy_default]
countryName = optional
stateOrProvinceName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# default certificate requests settings
[req]
# Options for the `req` tool (`man req`).
default_bits = 3072 # for RSA only
distinguished_name = req_default
string_mask = utf8only
# SHA-1 is deprecated, so use SHA-256 instead.
default_md = sha256
# do not encrypt the private key file
encrypt_key = no
[req_default]
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
countryName = Country Name (2 letter code)
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (e.g., city)
0.organizationName = Organization Name (e.g., company)
organizationalUnitName = Organizational Unit Name (e.g. department)
commonName = Common Name (e.g. server FQDN or YOUR name)
emailAddress = Email Address
# defaults
countryName_default = UA
stateOrProvinceName_default = Kharkiv Oblast
localityName_default = Kharkiv
0.organizationName_default = ISC
organizationalUnitName_default = Software Engeneering (BIND 9)

29
bin/tests/system/doth/CA/CA.pem Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIE3TCCA0WgAwIBAgIUeZPKrvbGEBZaRc2jNczlIsJXyPYwDQYJKoZIhvcNAQEL
BQAwfTELMAkGA1UEBhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4G
A1UEBwwHS2hhcmtpdjEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0
aXVtMRwwGgYDVQQDDBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDEyNDEyNDA1
NFoYDzIwNTIwMTE3MTI0MDU0WjB9MQswCQYDVQQGEwJVQTEYMBYGA1UECAwPS2hh
cmtpdiBPYmxhc3QnMRAwDgYDVQQHDAdLaGFya2l2MSQwIgYDVQQKDBtJbnRlcm5l
dCBTeXN0ZW1zIENvbnNvcnRpdW0xHDAaBgNVBAMME2NhLnRlc3QuZXhhbXBsZS5j
b20wggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCi6hEegBzpUKbE1NTo
Z7uz7EMUY7TBckkiw/7ydTLKNa8YI4JpBguFvWQsDY0dGFJIoVwyHyNx3seW/LoI
B5zWPZ2xbOvLLceA+t2NZpbc98E7jUOVS123yED+nqlfZjCq9Zt0r/ezwnQtjnFF
ko1mcU4H9Jvg8aIgnU2AxE78zciU9CY8799pFFNThIjbooI8oVbfjbzbpmLzxjA5
3rDmZBTh+ySTlMa2U2oT4WPjRltZWnJVegRRLpG95GnTbQ1fkJAbj1Iu10XTkCee
wBOqaA1UJem0a6pby5odE414Y7c0ETKcmaJtYENQyO0IJwZWDKtVe5OTIAklakia
eyFTCAw1h5tHCYLaJW/Yu2wlLl5RNQcRZ9+cWXnldTY+TI1iBjfmADjLdKJYUlhX
z7kWJtTi63Sdv6WYcEXxaWpxT+R3e2kaR/R7GOo4gdkWpX1siGlRteHHH2/36CSQ
ZD2etcTUpGW+KDHFR4grnEfL1rt9UgvCjpa4KcssmZtWSSUCAwEAAaNTMFEwHQYD
VR0OBBYEFHyJ6Fzr5R9ySATFj/uSCJz1YCY5MB8GA1UdIwQYMBaAFHyJ6Fzr5R9y
SATFj/uSCJz1YCY5MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGB
AF3y0hvzyZWtmuG1JwIcOcc1aPl1KdRy8bao/5iHYGYYrsdDgcO5/e+y9S/izalc
TdW7SKB5iBOCiE8fBNtToCvGP+fxNxHijpAmTr37G5sWuSo1T1VYFizHWL+df/Ig
TcSvDrEjSnAwaEdNJUWtjoIC4VzNKTLtZf16QIATTzTZa3bfgSetpWS7LhLQbHod
CSGI2QB1LRbqGC+a1Y85QxHv81jWzPWPzXYvnOLrDdQyBMOBcxDzrN4b6zg+5Itz
qGYt+IS71jAH0IhxAyD/U5n1jGJv02BnSq0ynLEOD6gsnZjqAwPbt/PM9pGbtbXO
70Q9rxr+vQc1IISKAEiH3txaEPi10wU98d6LbInJvQrmgHo/ntet8skWNYuxlEzS
wvynuE9KvvQtOTodWt5AePtKrhHdxu527a4CHVp59nYUjKSdMKjvmhMRXM1cNjFE
rA/pyyhozR47w3RzHMJVHw2GJ2B/HeqmxpXr1CmJjoRP38QCR7N+mqiZy85Fq2j2
8Q==
-----END CERTIFICATE-----

2
bin/tests/system/doth/CA/README Normal file
View File

@ -0,0 +1,2 @@
Please take a look at the contents of the CA.cfg file for further
instructions and configurations options.

6
bin/tests/system/doth/CA/certs/srv01.client01.example.com.key Normal file
View File

@ -0,0 +1,6 @@
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCq9Z95YLiCPSevj5Xm
lB/ijFFlZb8AT2bHUyL1fmivBm8JfjSa/j3pZePAF7rltyChZANiAARek2p62nXM
ZAjk+PkvK4U27uHf+s1MYPFEtRZ7+QPPoAhnb64no5WKaB5jq88uIGJS54w+Hu/e
DWlkZbbk3/4aSPhodYSDEfuBWQ7Blkh/JNoR3azLCsUJeCQxOt835rM=
-----END PRIVATE KEY-----

68
bin/tests/system/doth/CA/certs/srv01.client01.example.com.pem Normal file
View File

@ -0,0 +1,68 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7760573232607207431 (0x6bb3183cdef52007)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Feb 10 17:44:20 2022 GMT
Not After : Feb 3 17:44:20 2052 GMT
Subject: CN=srv01.client01.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:5e:93:6a:7a:da:75:cc:64:08:e4:f8:f9:2f:2b:
85:36:ee:e1:df:fa:cd:4c:60:f1:44:b5:16:7b:f9:
03:cf:a0:08:67:6f:ae:27:a3:95:8a:68:1e:63:ab:
cf:2e:20:62:52:e7:8c:3e:1e:ef:de:0d:69:64:65:
b6:e4:df:fe:1a:48:f8:68:75:84:83:11:fb:81:59:
0e:c1:96:48:7f:24:da:11:dd:ac:cb:0a:c5:09:78:
24:31:3a:df:37:e6:b3
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv01.client01.example.com
Signature Algorithm: sha256WithRSAEncryption
82:bd:eb:8f:4e:a5:d2:46:c7:d8:70:3c:34:1d:58:43:1b:81:
16:5d:c2:b0:76:4b:a9:f2:10:14:23:e4:ef:dc:59:03:b6:7f:
b0:40:34:e5:d0:82:4b:95:a6:07:9a:45:51:94:cf:08:c2:4e:
c9:44:d5:f3:b6:ed:f2:a0:01:94:ad:e0:0e:0f:ab:85:6f:35:
4b:07:c8:97:25:fb:69:ff:a1:99:bc:ec:70:6c:51:b5:32:95:
e9:c9:45:cf:45:e2:c5:5e:b1:59:a2:e1:f2:83:c8:87:68:c4:
60:e2:db:50:6c:18:64:1b:9a:9a:cc:7c:e7:fd:d9:f2:b7:d1:
de:1d:ec:29:c9:58:db:7b:9a:a1:06:9a:ce:36:a0:45:10:dc:
7d:81:24:21:34:30:4c:71:f9:fc:96:37:d6:cf:0d:9d:11:12:
c7:62:bc:19:5b:79:e5:e0:37:e8:17:36:4b:13:af:fa:2c:2e:
36:d9:be:53:e1:c3:f9:bc:94:a6:7a:97:14:99:36:f9:14:38:
11:20:3a:2a:9d:fd:64:63:d0:a2:8f:f0:99:a9:02:ca:57:48:
d2:7d:65:44:b6:85:a0:38:ec:e8:19:7e:c2:48:e3:1d:22:53:
cf:3b:d4:0a:98:e1:72:62:ec:8b:01:3f:5a:ea:26:2c:8c:16:
c3:80:5a:c2:5d:40:c5:65:1c:e2:9a:e3:d6:65:16:ee:dc:17:
30:d8:26:87:92:d0:ef:c7:72:07:99:86:05:9e:49:35:41:33:
b9:bb:cb:1b:25:50:70:85:e3:0f:c7:b9:b2:37:00:1b:87:a2:
47:97:34:5b:cd:dc:66:22:e5:de:25:ec:57:fe:37:75:2c:03:
10:f4:d4:a7:cc:f5:4b:0b:ff:eb:d3:a6:78:2e:cd:8f:65:51:
a7:8c:ef:83:67:ec:94:13:c2:1f:74:74:55:7c:a3:0b:b7:2f:
80:5a:62:04:1d:a2:c0:c1:de:b2:7d:31:3b:a1:fa:f7:40:a7:
bd:12:25:95:5b:8b
-----BEGIN CERTIFICATE-----
MIIDITCCAYmgAwIBAgIIa7MYPN71IAcwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDIxMDE3NDQyMFoYDzIwNTIwMjAz
MTc0NDIwWjAlMSMwIQYDVQQDDBpzcnYwMS5jbGllbnQwMS5leGFtcGxlLmNvbTB2
MBAGByqGSM49AgEGBSuBBAAiA2IABF6TanradcxkCOT4+S8rhTbu4d/6zUxg8US1
Fnv5A8+gCGdvriejlYpoHmOrzy4gYlLnjD4e794NaWRltuTf/hpI+Gh1hIMR+4FZ
DsGWSH8k2hHdrMsKxQl4JDE63zfms6MpMCcwJQYDVR0RBB4wHIIac3J2MDEuY2xp
ZW50MDEuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggGBAIK9649OpdJGx9hw
PDQdWEMbgRZdwrB2S6nyEBQj5O/cWQO2f7BANOXQgkuVpgeaRVGUzwjCTslE1fO2
7fKgAZSt4A4Pq4VvNUsHyJcl+2n/oZm87HBsUbUylenJRc9F4sVesVmi4fKDyIdo
xGDi21BsGGQbmprMfOf92fK30d4d7CnJWNt7mqEGms42oEUQ3H2BJCE0MExx+fyW
N9bPDZ0REsdivBlbeeXgN+gXNksTr/osLjbZvlPhw/m8lKZ6lxSZNvkUOBEgOiqd
/WRj0KKP8JmpAspXSNJ9ZUS2haA47OgZfsJI4x0iU8871AqY4XJi7IsBP1rqJiyM
FsOAWsJdQMVlHOKa49ZlFu7cFzDYJoeS0O/HcgeZhgWeSTVBM7m7yxslUHCF4w/H
ubI3ABuHokeXNFvN3GYi5d4l7Ff+N3UsAxD01KfM9UsL/+vTpnguzY9lUaeM74Nn
7JQTwh90dFV8owu3L4BaYgQdosDB3rJ9MTuh+vdAp70SJZVbiw==
-----END CERTIFICATE-----

6
bin/tests/system/doth/CA/certs/srv01.client02-ns2.example.com.key Normal file
View File

@ -0,0 +1,6 @@
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDD1/sp/yNsAc9Z6TPhm
0xT0ZhSf/9XJD6daSpdUDJ/nEJKa+sBXDWJHuXrbNRqUK2qhZANiAATmRfpXEmxZ
ECOLelx2M+s7Qfq3HJCzLzMtRXvj5baloqKkFPRQnbDGOLrpRWWkZbkQMi+Tm9XY
z7QpW9xOyOymn1h2JPTF0UhVUutdsIWThe4+uMSxzQhZlRL/e5vuark=
-----END PRIVATE KEY-----

68
bin/tests/system/doth/CA/certs/srv01.client02-ns2.example.com.pem Normal file
View File

@ -0,0 +1,68 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7760573232607207432 (0x6bb3183cdef52008)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Feb 11 13:21:12 2022 GMT
Not After : Feb 4 13:21:12 2052 GMT
Subject: CN=srv01.client02-ns2.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:e6:45:fa:57:12:6c:59:10:23:8b:7a:5c:76:33:
eb:3b:41:fa:b7:1c:90:b3:2f:33:2d:45:7b:e3:e5:
b6:a5:a2:a2:a4:14:f4:50:9d:b0:c6:38:ba:e9:45:
65:a4:65:b9:10:32:2f:93:9b:d5:d8:cf:b4:29:5b:
dc:4e:c8:ec:a6:9f:58:76:24:f4:c5:d1:48:55:52:
eb:5d:b0:85:93:85:ee:3e:b8:c4:b1:cd:08:59:95:
12:ff:7b:9b:ee:6a:b9
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv01.client02-ns2.example.com
Signature Algorithm: sha256WithRSAEncryption
43:ec:0f:62:17:f6:f4:90:3b:7c:36:21:f2:18:94:a6:42:51:
1e:1d:2a:43:8f:05:b7:8d:3c:ca:f0:20:2f:65:4b:be:48:ad:
6a:0a:cc:2d:1f:d6:27:1d:af:4a:36:86:ed:0d:03:75:c5:71:
ec:58:9b:ec:f9:0f:e4:83:ef:6f:91:da:20:73:47:ac:e7:c7:
8b:22:b2:d1:6e:a0:b0:d6:1c:4c:70:1e:74:08:1d:7f:61:06:
e5:be:f3:e8:c4:15:60:e2:b0:02:9b:f0:13:af:76:5b:a8:c7:
91:2c:10:5f:0d:32:89:51:5a:7f:17:1b:7c:c6:46:97:ee:e7:
bb:8a:48:38:a2:52:d4:ff:3b:1c:ec:4a:a9:8c:a5:23:3a:04:
bb:d7:b8:ad:5b:69:7f:1d:be:ca:96:e0:eb:56:05:43:ee:c8:
ff:2c:48:03:00:c6:c2:ac:fc:4e:15:47:86:c5:33:ed:70:f6:
98:bc:0b:07:b9:5b:1a:ec:fd:3c:bf:26:61:68:fc:db:02:55:
07:ae:76:0e:be:ff:c5:b8:56:fb:52:54:a4:b1:2d:64:b4:1d:
55:02:4f:da:06:bd:26:e4:22:d2:94:1f:7e:29:c4:97:10:d1:
75:7d:41:53:be:46:52:70:b1:d9:ff:bb:9f:96:19:e3:a0:ba:
d0:4a:5a:8d:da:22:73:89:f0:4c:e6:18:80:53:be:bd:64:56:
6a:c9:58:71:40:66:9e:4a:3e:31:3b:74:9e:6e:6a:f5:65:ca:
93:06:52:00:74:65:a0:3a:eb:2e:56:56:d2:a5:4b:0e:85:17:
25:78:cb:f3:f9:53:7b:85:f9:82:15:87:bc:36:70:b5:69:64:
48:11:79:b9:2c:2e:cc:09:fd:0f:b0:b7:cd:97:3b:c7:0f:49:
1a:fc:15:49:d6:1c:a9:dc:14:ff:44:d2:be:5a:36:00:66:0c:
d5:b8:bf:16:9e:60:27:79:c0:f5:b4:ff:2f:af:8c:b2:49:75:
61:44:05:1a:e8:cd
-----BEGIN CERTIFICATE-----
MIIDKTCCAZGgAwIBAgIIa7MYPN71IAgwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDIxMTEzMjExMloYDzIwNTIwMjA0
MTMyMTEyWjApMScwJQYDVQQDDB5zcnYwMS5jbGllbnQwMi1uczIuZXhhbXBsZS5j
b20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATmRfpXEmxZECOLelx2M+s7Qfq3HJCz
LzMtRXvj5baloqKkFPRQnbDGOLrpRWWkZbkQMi+Tm9XYz7QpW9xOyOymn1h2JPTF
0UhVUutdsIWThe4+uMSxzQhZlRL/e5vuarmjLTArMCkGA1UdEQQiMCCCHnNydjAx
LmNsaWVudDAyLW5zMi5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAYEAQ+wP
Yhf29JA7fDYh8hiUpkJRHh0qQ48Ft408yvAgL2VLvkitagrMLR/WJx2vSjaG7Q0D
dcVx7Fib7PkP5IPvb5HaIHNHrOfHiyKy0W6gsNYcTHAedAgdf2EG5b7z6MQVYOKw
ApvwE692W6jHkSwQXw0yiVFafxcbfMZGl+7nu4pIOKJS1P87HOxKqYylIzoEu9e4
rVtpfx2+ypbg61YFQ+7I/yxIAwDGwqz8ThVHhsUz7XD2mLwLB7lbGuz9PL8mYWj8
2wJVB652Dr7/xbhW+1JUpLEtZLQdVQJP2ga9JuQi0pQffinElxDRdX1BU75GUnCx
2f+7n5YZ46C60Epajdoic4nwTOYYgFO+vWRWaslYcUBmnko+MTt0nm5q9WXKkwZS
AHRloDrrLlZW0qVLDoUXJXjL8/lTe4X5ghWHvDZwtWlkSBF5uSwuzAn9D7C3zZc7
xw9JGvwVSdYcqdwU/0TSvlo2AGYM1bi/Fp5gJ3nA9bT/L6+Mskl1YUQFGujN
-----END CERTIFICATE-----

6
bin/tests/system/doth/CA/certs/srv01.client03-ns2-expired.example.com.key Normal file
View File

@ -0,0 +1,6 @@
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCQvnl9FD/mrb+KQaC8
VMhKW2sxrYFHhZnUYBc3Luz/X3vECNVqLVc5asLu+NrkioyhZANiAAQ4mpvCaoKm
0VCKeHrRvmG+1LbT1qICl6RIUMDFHdgtIxklbpECHWnCd9bxqE9Kmh08aVqJQQry
4GRXGw6e359MezxC3CHILJWrs0xfVsRw7oqk5EbEnpj1yHuyc9dFk/A=
-----END PRIVATE KEY-----

69
bin/tests/system/doth/CA/certs/srv01.client03-ns2-expired.example.com.pem Normal file
View File

@ -0,0 +1,69 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7760573232607207433 (0x6bb3183cdef52009)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Aug 14 05:00:00 2012 GMT
Not After : Aug 14 06:00:00 2012 GMT
Subject: CN=srv01.client03-ns2-expired.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:38:9a:9b:c2:6a:82:a6:d1:50:8a:78:7a:d1:be:
61:be:d4:b6:d3:d6:a2:02:97:a4:48:50:c0:c5:1d:
d8:2d:23:19:25:6e:91:02:1d:69:c2:77:d6:f1:a8:
4f:4a:9a:1d:3c:69:5a:89:41:0a:f2:e0:64:57:1b:
0e:9e:df:9f:4c:7b:3c:42:dc:21:c8:2c:95:ab:b3:
4c:5f:56:c4:70:ee:8a:a4:e4:46:c4:9e:98:f5:c8:
7b:b2:73:d7:45:93:f0
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv01.client03-ns2-expired.example.com
Signature Algorithm: sha256WithRSAEncryption
38:12:1f:5f:26:b6:8e:9b:3f:77:89:5a:b8:e8:46:78:c3:d6:
f0:0c:67:5f:d5:a3:9c:f6:f2:0a:ae:9c:87:74:9f:a3:5b:8a:
27:58:47:e5:78:1a:e9:db:b5:cc:28:a7:f8:18:e3:e7:20:43:
cf:82:06:5d:a1:d0:82:ab:15:be:86:46:1e:e6:4d:ad:78:a4:
16:6c:99:41:3d:29:21:c8:6b:9d:3d:4a:cd:93:37:1f:1c:88:
c7:ae:b6:7c:73:42:57:57:32:9d:e8:c6:e2:3e:da:12:57:3e:
c8:56:4a:bb:d4:01:fc:8e:30:8d:19:fe:61:3d:5e:02:64:65:
a2:46:b3:6e:ea:f9:cb:4e:f0:b9:f6:bc:6b:38:10:19:d0:93:
f8:f7:d9:4c:d2:87:2c:7f:dc:f5:00:c6:29:dd:00:5e:d2:f4:
df:52:fb:7a:5a:ad:98:36:77:72:1f:01:ed:48:91:48:16:2d:
35:a5:15:21:98:ff:7e:5d:a1:45:c9:5f:9d:c2:3e:e5:98:e2:
ee:ce:4d:18:76:3d:8a:0a:64:9b:f1:19:9d:b6:82:af:1b:15:
d3:48:69:f1:9b:67:76:1b:41:8e:1d:69:d5:31:64:95:01:41:
73:c1:a9:29:53:6b:f3:29:ad:e0:96:52:8e:3e:8d:c1:8e:d8:
b5:0c:94:5f:a2:6c:3c:0f:3e:5b:10:af:21:00:74:d0:b7:30:
6c:44:fb:3d:09:46:8d:1d:e6:c2:e4:0a:5b:f4:eb:e1:71:c7:
d5:36:13:90:05:fe:65:16:61:24:b5:41:f2:10:bd:2c:c3:34:
69:15:25:d1:32:f2:b3:d7:da:23:1b:e9:5b:33:63:43:c8:dc:
68:f2:31:b5:93:0e:64:ea:9a:45:36:9f:96:44:38:1e:4e:d8:
45:ba:37:68:06:4d:da:d4:16:d3:3e:77:86:4e:8d:58:d6:06:
a8:60:11:4d:d9:81:f3:85:2b:ee:58:50:6e:ea:2b:f7:84:00:
9c:ec:a1:90:d4:94
-----BEGIN CERTIFICATE-----
MIIDNzCCAZ+gAwIBAgIIa7MYPN71IAkwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
DBNjYS50ZXN0LmV4YW1wbGUuY29tMB4XDTEyMDgxNDA1MDAwMFoXDTEyMDgxNDA2
MDAwMFowMTEvMC0GA1UEAwwmc3J2MDEuY2xpZW50MDMtbnMyLWV4cGlyZWQuZXhh
bXBsZS5jb20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQ4mpvCaoKm0VCKeHrRvmG+
1LbT1qICl6RIUMDFHdgtIxklbpECHWnCd9bxqE9Kmh08aVqJQQry4GRXGw6e359M
ezxC3CHILJWrs0xfVsRw7oqk5EbEnpj1yHuyc9dFk/CjNTAzMDEGA1UdEQQqMCiC
JnNydjAxLmNsaWVudDAzLW5zMi1leHBpcmVkLmV4YW1wbGUuY29tMA0GCSqGSIb3
DQEBCwUAA4IBgQA4Eh9fJraOmz93iVq46EZ4w9bwDGdf1aOc9vIKrpyHdJ+jW4on
WEfleBrp27XMKKf4GOPnIEPPggZdodCCqxW+hkYe5k2teKQWbJlBPSkhyGudPUrN
kzcfHIjHrrZ8c0JXVzKd6MbiPtoSVz7IVkq71AH8jjCNGf5hPV4CZGWiRrNu6vnL
TvC59rxrOBAZ0JP499lM0ocsf9z1AMYp3QBe0vTfUvt6Wq2YNndyHwHtSJFIFi01
pRUhmP9+XaFFyV+dwj7lmOLuzk0Ydj2KCmSb8RmdtoKvGxXTSGnxm2d2G0GOHWnV
MWSVAUFzwakpU2vzKa3gllKOPo3Bjti1DJRfomw8Dz5bEK8hAHTQtzBsRPs9CUaN
HebC5Apb9OvhccfVNhOQBf5lFmEktUHyEL0swzRpFSXRMvKz19ojG+lbM2NDyNxo
8jG1kw5k6ppFNp+WRDgeTthFujdoBk3a1BbTPneGTo1Y1gaoYBFN2YHzhSvuWFBu
6iv3hACc7KGQ1JQ=
-----END CERTIFICATE-----

6
bin/tests/system/doth/CA/certs/srv01.crt01.example.com.key Normal file
View File

@ -0,0 +1,6 @@
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDB/BdYjkgkVy4gTuXX3
20DWo80uWsQkKDwMeOoaQ2cYy5Cm2AdTALDdBihGKRfACPqhZANiAAQSoXsPefIp
9Y9qBtAogxRDjxlMKZE2MA8GplbnV5tYLJ78nKNO9uNvkEDVCf2Ulo4UaHRv6Ken
q4w1lvLWj12XXdG5IlvvMRWh4ettb6+xL4Dlpak48m/5ZRRwp6Ws4Ro=
-----END PRIVATE KEY-----

69
bin/tests/system/doth/CA/certs/srv01.crt01.example.com.pem Normal file
View File

@ -0,0 +1,69 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7760573232607207425 (0x6bb3183cdef52001)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Feb 8 17:18:52 2022 GMT
Not After : Feb 1 17:18:52 2052 GMT
Subject: CN=srv01.crt01.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:12:a1:7b:0f:79:f2:29:f5:8f:6a:06:d0:28:83:
14:43:8f:19:4c:29:91:36:30:0f:06:a6:56:e7:57:
9b:58:2c:9e:fc:9c:a3:4e:f6:e3:6f:90:40:d5:09:
fd:94:96:8e:14:68:74:6f:e8:a7:a7:ab:8c:35:96:
f2:d6:8f:5d:97:5d:d1:b9:22:5b:ef:31:15:a1:e1:
eb:6d:6f:af:b1:2f:80:e5:a5:a9:38:f2:6f:f9:65:
14:70:a7:a5:ac:e1:1a
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv01.crt01.example.com, IP Address:10.53.0.1, IP Address:FD92:7065:B8E:FFFF:0:0:0:1
Signature Algorithm: sha256WithRSAEncryption
79:0f:08:ab:18:cc:f9:7a:bd:47:21:99:a1:a3:76:04:7f:d7:
08:33:91:49:3d:2d:fc:8d:ff:c5:c1:8d:b8:70:05:65:32:cd:
e2:26:21:49:19:66:a2:94:4f:42:7d:83:3c:4f:ed:c1:87:89:
5b:73:2c:64:64:67:29:f5:73:83:23:72:b7:a8:2e:d6:9a:de:
13:0c:ba:35:d3:38:b1:c4:51:7d:81:fc:25:ca:a6:d9:d2:fa:
bb:6d:1f:a4:61:90:50:2d:8a:ed:70:1a:eb:56:2f:fc:7b:f3:
76:df:68:8d:e8:a4:7d:82:b9:5c:c6:cb:d8:06:f7:78:dc:a7:
94:35:d4:83:98:28:51:36:1c:73:47:e4:5b:32:d2:cd:de:1c:
44:f6:de:37:8a:46:d0:14:8d:71:e5:10:22:b1:f9:73:f7:1b:
4f:82:e1:a1:00:73:18:17:71:a2:bf:a2:0c:59:aa:43:58:46:
82:f8:38:c4:5a:5a:9f:13:d7:a9:54:1f:58:9b:5d:52:16:d3:
a0:ba:6b:aa:cf:68:3a:d1:12:9c:94:ac:78:6b:7e:bc:69:6c:
75:07:5d:fb:68:cd:e8:8d:bb:8c:b0:7c:6c:9e:f6:a5:7c:32:
74:ef:c5:b1:1f:1d:ec:7b:2f:79:c0:3b:52:60:9b:48:89:09:
b4:46:34:69:d3:7b:1b:15:ef:0c:dd:64:1d:58:fe:a7:0b:b1:
9d:28:1f:1e:9e:3c:c0:b1:a6:38:ab:9d:54:24:0e:75:6c:9e:
90:13:b9:39:dc:43:fe:37:e3:14:0f:78:7e:2b:56:a2:d2:60:
51:57:88:3b:4c:cf:24:67:36:77:21:bb:c8:07:eb:48:f7:b0:
1e:e4:99:61:84:15:bb:61:3a:21:55:df:31:43:67:73:8f:6b:
e9:04:83:be:2d:8b:94:39:89:cf:40:d5:04:f7:6b:c9:c6:8c:
6e:36:0f:5d:7a:9b:57:86:36:76:2c:75:35:47:50:ed:9a:84:
7e:37:83:b5:21:a2
-----BEGIN CERTIFICATE-----
MIIDMzCCAZugAwIBAgIIa7MYPN71IAEwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDIwODE3MTg1MloYDzIwNTIwMjAx
MTcxODUyWjAiMSAwHgYDVQQDDBdzcnYwMS5jcnQwMS5leGFtcGxlLmNvbTB2MBAG
ByqGSM49AgEGBSuBBAAiA2IABBKhew958in1j2oG0CiDFEOPGUwpkTYwDwamVudX
m1gsnvyco07242+QQNUJ/ZSWjhRodG/op6erjDWW8taPXZdd0bkiW+8xFaHh621v
r7EvgOWlqTjyb/llFHCnpazhGqM+MDwwOgYDVR0RBDMwMYIXc3J2MDEuY3J0MDEu
ZXhhbXBsZS5jb22HBAo1AAGHEP2ScGULjv//AAAAAAAAAAEwDQYJKoZIhvcNAQEL
BQADggGBAHkPCKsYzPl6vUchmaGjdgR/1wgzkUk9LfyN/8XBjbhwBWUyzeImIUkZ
ZqKUT0J9gzxP7cGHiVtzLGRkZyn1c4MjcreoLtaa3hMMujXTOLHEUX2B/CXKptnS
+rttH6RhkFAtiu1wGutWL/x783bfaI3opH2CuVzGy9gG93jcp5Q11IOYKFE2HHNH
5Fsy0s3eHET23jeKRtAUjXHlECKx+XP3G0+C4aEAcxgXcaK/ogxZqkNYRoL4OMRa
Wp8T16lUH1ibXVIW06C6a6rPaDrREpyUrHhrfrxpbHUHXftozeiNu4ywfGye9qV8
MnTvxbEfHex7L3nAO1Jgm0iJCbRGNGnTexsV7wzdZB1Y/qcLsZ0oHx6ePMCxpjir
nVQkDnVsnpATuTncQ/434xQPeH4rVqLSYFFXiDtMzyRnNnchu8gH60j3sB7kmWGE
FbthOiFV3zFDZ3OPa+kEg74ti5Q5ic9A1QT3a8nGjG42D116m1eGNnYsdTVHUO2a
hH43g7Uhog==
-----END CERTIFICATE-----

6
bin/tests/system/doth/CA/certs/srv01.crt02-no-san.example.com.key Normal file
View File

@ -0,0 +1,6 @@
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDC3sc7RaI9GyH5Z1e0D
WcccNjr43zpavmMqA8bcS9dBBjkiEdvGH47r3EIXTjp0f46hZANiAASjLTP9kpDc
A+82+aSokPFHab7ojmUI2uWzgmMcr5o3tHV8zkb7GRe8kHJPdLZFOfeWs0SFHK1q
26R2hu6OJz33YXjf4QSK65GLAWe2aTJUUBxWhtov7+Q9lLr3WwIUtRM=
-----END PRIVATE KEY-----

64
bin/tests/system/doth/CA/certs/srv01.crt02-no-san.example.com.pem Normal file
View File

@ -0,0 +1,64 @@
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 7760573232607207426 (0x6bb3183cdef52002)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Feb 8 17:21:43 2022 GMT
Not After : Feb 1 17:21:43 2052 GMT
Subject: CN=srv01.crt02-no-san.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:a3:2d:33:fd:92:90:dc:03:ef:36:f9:a4:a8:90:
f1:47:69:be:e8:8e:65:08:da:e5:b3:82:63:1c:af:
9a:37:b4:75:7c:ce:46:fb:19:17:bc:90:72:4f:74:
b6:45:39:f7:96:b3:44:85:1c:ad:6a:db:a4:76:86:
ee:8e:27:3d:f7:61:78:df:e1:04:8a:eb:91:8b:01:
67:b6:69:32:54:50:1c:56:86:da:2f:ef:e4:3d:94:
ba:f7:5b:02:14:b5:13
ASN1 OID: secp384r1
NIST CURVE: P-384
Signature Algorithm: sha256WithRSAEncryption
07:20:2a:a6:7a:52:52:ba:1e:b7:79:cf:e6:11:9c:ca:3f:43:
2b:f3:d7:2e:74:74:57:81:a1:aa:e6:68:c9:fd:d1:a8:a6:5b:
a2:ff:ea:f7:f0:b7:46:dc:a0:5a:64:5f:ce:e7:0f:76:63:14:
6d:c2:51:4b:30:ea:51:7e:4a:1b:d3:b2:f8:c2:3d:3f:c1:bf:
ad:db:4d:f8:28:31:e7:75:ae:84:37:90:00:e5:0b:6b:dc:23:
98:69:d5:ef:ce:e2:0d:e7:19:f1:31:01:1f:2a:6c:23:a3:94:
62:7a:bf:b3:b0:13:d0:62:fc:a5:a6:0d:52:bb:f4:31:ff:f3:
ce:3a:74:66:30:7f:29:04:8d:34:90:7a:9b:8f:da:82:2e:5c:
81:dd:af:fa:3a:a1:4e:bb:0a:4c:62:01:40:39:67:9c:29:27:
6e:2f:76:81:2d:33:68:ee:ee:ed:00:7f:12:7a:af:43:00:7b:
2d:34:8a:26:9a:66:1c:e5:96:17:7c:f8:6d:1e:8c:17:39:ce:
4f:0b:9e:40:72:e1:5e:33:3f:9e:84:b5:07:f5:ab:58:d7:37:
ed:d0:29:ad:ce:02:0d:fa:6f:96:a9:0e:6c:6e:32:d2:dc:11:
23:a3:4a:60:54:b4:98:31:db:8f:4b:4c:58:64:39:4f:ff:27:
d0:02:e5:cc:b2:17:e8:46:dc:aa:cb:dc:3d:ed:14:52:ec:6d:
a6:cd:04:2f:fd:54:16:6c:7e:63:34:17:f1:1d:b8:37:dd:20:
6c:f6:21:19:6f:bb:62:dd:bc:6c:41:34:ad:b1:90:eb:2a:e0:
63:ea:70:60:6a:02:e8:fe:46:51:b1:9d:3c:54:54:73:25:b7:
41:d1:4c:34:aa:88:48:b8:01:21:ae:d8:d3:06:38:05:65:78:
e7:38:f0:f6:e6:2e:61:c0:42:5e:3b:09:59:eb:09:48:4d:55:
7c:af:f4:de:c1:09:a0:b4:60:f7:9e:a2:d5:46:fc:05:61:69:
e0:c1:2d:26:dc:42
-----BEGIN CERTIFICATE-----
MIIC9TCCAV0CCGuzGDze9SACMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNVBAYTAlVB
MRgwFgYDVQQIDA9LaGFya2l2IE9ibGFzdCcxEDAOBgNVBAcMB0toYXJraXYxJDAi
BgNVBAoMG0ludGVybmV0IFN5c3RlbXMgQ29uc29ydGl1bTEcMBoGA1UEAwwTY2Eu
dGVzdC5leGFtcGxlLmNvbTAgFw0yMjAyMDgxNzIxNDNaGA8yMDUyMDIwMTE3MjE0
M1owKTEnMCUGA1UEAwwec3J2MDEuY3J0MDItbm8tc2FuLmV4YW1wbGUuY29tMHYw
EAYHKoZIzj0CAQYFK4EEACIDYgAEoy0z/ZKQ3APvNvmkqJDxR2m+6I5lCNrls4Jj
HK+aN7R1fM5G+xkXvJByT3S2RTn3lrNEhRytatukdobujic992F43+EEiuuRiwFn
tmkyVFAcVobaL+/kPZS691sCFLUTMA0GCSqGSIb3DQEBCwUAA4IBgQAHICqmelJS
uh63ec/mEZzKP0Mr89cudHRXgaGq5mjJ/dGoplui/+r38LdG3KBaZF/O5w92YxRt
wlFLMOpRfkob07L4wj0/wb+t2034KDHnda6EN5AA5Qtr3COYadXvzuIN5xnxMQEf
Kmwjo5Rier+zsBPQYvylpg1Su/Qx//POOnRmMH8pBI00kHqbj9qCLlyB3a/6OqFO
uwpMYgFAOWecKSduL3aBLTNo7u7tAH8Seq9DAHstNIommmYc5ZYXfPhtHowXOc5P
C55AcuFeMz+ehLUH9atY1zft0CmtzgIN+m+WqQ5sbjLS3BEjo0pgVLSYMduPS0xY
ZDlP/yfQAuXMshfoRtyqy9w97RRS7G2mzQQv/VQWbH5jNBfxHbg33SBs9iEZb7ti
3bxsQTStsZDrKuBj6nBgagLo/kZRsZ08VFRzJbdB0Uw0qohIuAEhrtjTBjgFZXjn
OPD25i5hwEJeOwlZ6wlITVV8r/TewQmgtGD3nqLVRvwFYWngwS0m3EI=
-----END CERTIFICATE-----

6
bin/tests/system/doth/CA/certs/srv01.crt03-expired.example.com.key Normal file
View File

@ -0,0 +1,6 @@
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAtAQNSdzyxR3sm6gyx
2Ob3SNCsYvdsE6+gobSUJWYbdus0CCFBIN6Qpms9oc0hAgqhZANiAAQf1Xurc7Jw
Ff0zJgJcdhaADHB9V4N1rDy3SgJGNcEbwXq9vvIEmn9pg39UmhsQYtdwve8mkFFQ
EHdWtxovRF6RRjbhLqRMZy5iqH8aFRBEaIsY6s+4lgm/tTrR7xCPn7s=
-----END PRIVATE KEY-----

69
bin/tests/system/doth/CA/certs/srv01.crt03-expired.example.com.pem Normal file
View File

@ -0,0 +1,69 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7760573232607207430 (0x6bb3183cdef52006)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Aug 15 08:00:00 2012 GMT
Not After : Aug 15 09:00:00 2012 GMT
Subject: CN=srv01.crt03-expired.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:1f:d5:7b:ab:73:b2:70:15:fd:33:26:02:5c:76:
16:80:0c:70:7d:57:83:75:ac:3c:b7:4a:02:46:35:
c1:1b:c1:7a:bd:be:f2:04:9a:7f:69:83:7f:54:9a:
1b:10:62:d7:70:bd:ef:26:90:51:50:10:77:56:b7:
1a:2f:44:5e:91:46:36:e1:2e:a4:4c:67:2e:62:a8:
7f:1a:15:10:44:68:8b:18:ea:cf:b8:96:09:bf:b5:
3a:d1:ef:10:8f:9f:bb
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv01.crt03-expired.example.com, IP Address:10.53.0.1, IP Address:FD92:7065:B8E:FFFF:0:0:0:1
Signature Algorithm: sha256WithRSAEncryption
25:35:08:f6:e7:f0:83:81:be:65:31:1b:78:a8:04:84:fe:6a:
2a:1a:5d:c1:73:20:88:08:11:d8:27:be:a5:8e:3c:df:e2:a6:
19:c5:41:40:ea:01:91:85:99:8d:17:4e:4d:9a:3c:03:f9:78:
4c:8a:20:41:5e:96:d6:64:83:2f:b2:fe:e7:77:09:f9:91:bd:
22:1a:57:8b:f6:24:bc:7b:48:2b:2e:14:b7:32:bd:46:91:99:
5e:21:9a:d3:15:a7:27:e1:c0:3a:c7:f5:f9:94:3f:6d:14:7e:
0b:02:bf:05:d9:ac:10:8a:7e:b0:37:36:cd:cb:4a:b4:e1:01:
c7:04:8d:83:f3:c6:79:ff:ff:6c:f0:a4:bf:3c:12:61:ea:15:
ac:30:62:26:e3:c3:4e:7d:5c:68:d8:88:de:35:8d:44:75:8c:
a8:c1:0d:07:67:b5:d0:42:43:41:1f:39:a0:47:35:46:d7:0f:
89:aa:e8:d3:86:45:9a:fb:33:01:06:23:64:53:24:48:5b:69:
fa:cf:d9:81:fb:5e:7e:7b:82:65:56:c6:46:65:5c:e1:4f:f2:
3c:09:3c:28:5f:c9:e3:a5:24:e3:7b:aa:b5:b1:8a:6a:b2:02:
32:5f:24:05:f1:67:c8:54:17:0c:cd:ca:3d:e4:44:3e:23:3a:
7c:63:b6:f9:61:3a:21:e7:8f:27:ad:c3:26:86:39:49:6c:41:
40:7f:1d:48:69:8d:db:6f:42:e4:09:fe:24:62:bd:8e:2e:54:
25:f0:14:c2:d8:43:95:09:2e:5f:72:4f:43:b5:9a:8b:bb:8c:
44:c6:77:c9:05:fb:1a:9f:d7:b6:a6:42:d9:5c:3d:a5:09:0f:
9e:e0:c7:06:32:f1:ff:c9:53:5e:42:d4:2a:33:ad:06:ea:ec:
b0:26:d3:3c:ef:65:af:15:8e:7b:20:49:ad:f1:56:ef:17:6b:
fc:f4:d8:7c:82:9f:30:19:d0:bc:9c:79:e2:dc:9d:a7:f9:6b:
6f:65:ae:21:a0:94
-----BEGIN CERTIFICATE-----
MIIDQTCCAamgAwIBAgIIa7MYPN71IAYwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
DBNjYS50ZXN0LmV4YW1wbGUuY29tMB4XDTEyMDgxNTA4MDAwMFoXDTEyMDgxNTA5
MDAwMFowKjEoMCYGA1UEAwwfc3J2MDEuY3J0MDMtZXhwaXJlZC5leGFtcGxlLmNv
bTB2MBAGByqGSM49AgEGBSuBBAAiA2IABB/Ve6tzsnAV/TMmAlx2FoAMcH1Xg3Ws
PLdKAkY1wRvBer2+8gSaf2mDf1SaGxBi13C97yaQUVAQd1a3Gi9EXpFGNuEupExn
LmKofxoVEERoixjqz7iWCb+1OtHvEI+fu6NGMEQwQgYDVR0RBDswOYIfc3J2MDEu
Y3J0MDMtZXhwaXJlZC5leGFtcGxlLmNvbYcECjUAAYcQ/ZJwZQuO//8AAAAAAAAA
ATANBgkqhkiG9w0BAQsFAAOCAYEAJTUI9ufwg4G+ZTEbeKgEhP5qKhpdwXMgiAgR
2Ce+pY483+KmGcVBQOoBkYWZjRdOTZo8A/l4TIogQV6W1mSDL7L+53cJ+ZG9IhpX
i/YkvHtIKy4UtzK9RpGZXiGa0xWnJ+HAOsf1+ZQ/bRR+CwK/BdmsEIp+sDc2zctK
tOEBxwSNg/PGef//bPCkvzwSYeoVrDBiJuPDTn1caNiI3jWNRHWMqMENB2e10EJD
QR85oEc1RtcPiaro04ZFmvszAQYjZFMkSFtp+s/ZgftefnuCZVbGRmVc4U/yPAk8
KF/J46Uk43uqtbGKarICMl8kBfFnyFQXDM3KPeREPiM6fGO2+WE6IeePJ63DJoY5
SWxBQH8dSGmN229C5An+JGK9ji5UJfAUwthDlQkuX3JPQ7Wai7uMRMZ3yQX7Gp/X
tqZC2Vw9pQkPnuDHBjLx/8lTXkLUKjOtBurssCbTPO9lrxWOeyBJrfFW7xdr/PTY
fIKfMBnQvJx54tydp/lrb2WuIaCU
-----END CERTIFICATE-----

6
bin/tests/system/doth/CA/certs/srv02.crt01.example.com.key Normal file
View File

@ -0,0 +1,6 @@
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDC/rdGBnhOuZ8hc7fUO
6v0LO2xd2LMjTS0TCb0pVwsccYN/f6OxWJtu0uGSt0DaN6ihZANiAARD1PvMuIhg
lRaqKtAxlss+qFzkdqzBv807ZYW7LMv6w0g8g8gI7txZFZciuEIXjHUJ+T62nPLF
2122impDSAqi3RPCNuRzs2RUebv41H5I9AW+DHdjAf5PMLCqYrzy7fk=
-----END PRIVATE KEY-----

69
bin/tests/system/doth/CA/certs/srv02.crt01.example.com.pem Normal file
View File

@ -0,0 +1,69 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7760573232607207427 (0x6bb3183cdef52003)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Feb 8 17:57:59 2022 GMT
Not After : Feb 1 17:57:59 2052 GMT
Subject: CN=srv02.crt01.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:43:d4:fb:cc:b8:88:60:95:16:aa:2a:d0:31:96:
cb:3e:a8:5c:e4:76:ac:c1:bf:cd:3b:65:85:bb:2c:
cb:fa:c3:48:3c:83:c8:08:ee:dc:59:15:97:22:b8:
42:17:8c:75:09:f9:3e:b6:9c:f2:c5:db:5d:b6:8a:
6a:43:48:0a:a2:dd:13:c2:36:e4:73:b3:64:54:79:
bb:f8:d4:7e:48:f4:05:be:0c:77:63:01:fe:4f:30:
b0:aa:62:bc:f2:ed:f9
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv02.crt01.example.com, IP Address:10.53.0.2, IP Address:FD92:7065:B8E:FFFF:0:0:0:2
Signature Algorithm: sha256WithRSAEncryption
89:ba:ae:4f:f8:3e:da:48:1f:5c:8f:ff:ee:d8:42:b0:0b:9b:
f1:b5:e2:90:c9:76:40:09:77:a3:31:d5:73:8f:eb:7d:69:94:
1c:2b:10:31:da:d4:0c:29:e7:80:4e:61:53:ba:15:9d:e1:e8:
0c:0d:19:77:2b:a8:74:46:e3:03:ae:ab:96:ea:af:80:c3:18:
e0:93:8e:e9:58:0e:79:47:98:a4:06:95:6b:8f:2c:d1:f7:29:
b1:98:85:e8:a4:9c:45:52:ad:c8:60:20:dc:3a:6a:40:78:15:
d1:b4:d0:c3:c5:f3:ac:fe:ec:d3:94:ef:66:0b:d7:8c:46:f3:
62:30:c4:c2:78:65:de:40:4e:d8:26:84:8e:18:a7:71:f2:b7:
65:d8:d0:c2:c8:e6:a0:fb:ea:01:de:2f:03:8a:50:3d:f6:6c:
0b:ef:ce:f5:25:1f:80:54:3e:c2:6d:2c:d3:2b:bd:23:b7:3b:
82:6b:91:7f:ea:ff:e6:11:37:d3:f0:d4:db:9f:32:ac:12:cc:
ec:25:25:81:58:16:18:90:73:c3:ad:7c:09:a7:08:99:16:ce:
e8:6c:4b:9a:e6:09:96:11:c2:f1:cf:19:43:a6:a6:81:f2:57:
21:fa:b1:91:58:39:76:17:89:32:4c:4b:df:fa:59:03:b2:32:
b4:b3:95:89:af:f4:5e:94:b1:df:e9:bf:21:73:14:06:5d:08:
1e:0f:d2:84:14:44:20:91:19:72:b9:38:0b:3c:2e:4f:ea:3a:
9b:ef:93:61:e7:36:82:df:49:e2:d7:45:ea:87:45:1d:74:36:
18:f4:aa:30:d5:65:da:1f:c7:98:61:ab:64:2a:49:98:64:a1:
8c:33:3a:a5:97:4a:69:a6:9d:6f:00:b9:6b:81:8d:09:0f:98:
63:0f:85:ae:e4:21:70:a3:da:5a:27:eb:df:6d:82:ac:bb:48:
6b:01:4e:36:95:5a:d3:f0:b9:30:43:72:87:af:41:7a:30:13:
f2:92:15:f1:69:e7
-----BEGIN CERTIFICATE-----
MIIDMzCCAZugAwIBAgIIa7MYPN71IAMwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDIwODE3NTc1OVoYDzIwNTIwMjAx
MTc1NzU5WjAiMSAwHgYDVQQDDBdzcnYwMi5jcnQwMS5leGFtcGxlLmNvbTB2MBAG
ByqGSM49AgEGBSuBBAAiA2IABEPU+8y4iGCVFqoq0DGWyz6oXOR2rMG/zTtlhbss
y/rDSDyDyAju3FkVlyK4QheMdQn5Prac8sXbXbaKakNICqLdE8I25HOzZFR5u/jU
fkj0Bb4Md2MB/k8wsKpivPLt+aM+MDwwOgYDVR0RBDMwMYIXc3J2MDIuY3J0MDEu
ZXhhbXBsZS5jb22HBAo1AAKHEP2ScGULjv//AAAAAAAAAAIwDQYJKoZIhvcNAQEL
BQADggGBAIm6rk/4PtpIH1yP/+7YQrALm/G14pDJdkAJd6Mx1XOP631plBwrEDHa
1Awp54BOYVO6FZ3h6AwNGXcrqHRG4wOuq5bqr4DDGOCTjulYDnlHmKQGlWuPLNH3
KbGYheiknEVSrchgINw6akB4FdG00MPF86z+7NOU72YL14xG82IwxMJ4Zd5ATtgm
hI4Yp3Hyt2XY0MLI5qD76gHeLwOKUD32bAvvzvUlH4BUPsJtLNMrvSO3O4JrkX/q
/+YRN9Pw1NufMqwSzOwlJYFYFhiQc8OtfAmnCJkWzuhsS5rmCZYRwvHPGUOmpoHy
VyH6sZFYOXYXiTJMS9/6WQOyMrSzlYmv9F6Usd/pvyFzFAZdCB4P0oQURCCRGXK5
OAs8Lk/qOpvvk2HnNoLfSeLXReqHRR10Nhj0qjDVZdofx5hhq2QqSZhkoYwzOqWX
SmmmnW8AuWuBjQkPmGMPha7kIXCj2lon699tgqy7SGsBTjaVWtPwuTBDcoevQXow
E/KSFfFp5w==
-----END CERTIFICATE-----

6
bin/tests/system/doth/CA/certs/srv03.crt01.example.com.key Normal file
View File

@ -0,0 +1,6 @@
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBMJxQaJB76ywjBuhZI
LUz05LQuwmDBAFeZFqe10HG+r0cZvVw4Cr5M7jr2RVLqKRChZANiAARF27kbN2W/
saGKWjkAjUoVO0OauC//qH2Zg6ic3LbCqp/4UaEOLpcPkBMiTIvx/zxr65EpfUzf
fAXdrepKTK0K1m+OUbCIWEKILBbURx24j7NODRLfTBT2JyA/lJojgUg=
-----END PRIVATE KEY-----

69
bin/tests/system/doth/CA/certs/srv03.crt01.example.com.pem Normal file
View File

@ -0,0 +1,69 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7760573232607207428 (0x6bb3183cdef52004)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Feb 8 17:58:15 2022 GMT
Not After : Feb 1 17:58:15 2052 GMT
Subject: CN=srv03.crt01.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:45:db:b9:1b:37:65:bf:b1:a1:8a:5a:39:00:8d:
4a:15:3b:43:9a:b8:2f:ff:a8:7d:99:83:a8:9c:dc:
b6:c2:aa:9f:f8:51:a1:0e:2e:97:0f:90:13:22:4c:
8b:f1:ff:3c:6b:eb:91:29:7d:4c:df:7c:05:dd:ad:
ea:4a:4c:ad:0a:d6:6f:8e:51:b0:88:58:42:88:2c:
16:d4:47:1d:b8:8f:b3:4e:0d:12:df:4c:14:f6:27:
20:3f:94:9a:23:81:48
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv03.crt01.example.com, IP Address:10.53.0.3, IP Address:FD92:7065:B8E:FFFF:0:0:0:3
Signature Algorithm: sha256WithRSAEncryption
8f:96:88:82:94:76:8e:97:b6:75:8b:e9:2b:4f:f3:8f:14:5c:
50:00:ca:67:96:9e:2e:bd:53:25:25:40:6d:c5:56:e6:1a:f6:
cb:fb:58:fc:b3:56:9d:fc:0b:e2:8e:99:7e:e8:e6:ad:b6:e7:
e6:3e:8a:59:ef:3e:76:a4:ed:7b:58:fd:a3:4b:aa:4e:11:e1:
57:bf:b1:23:a5:a1:00:f8:95:07:c8:7d:ee:ac:a7:c8:24:ee:
cf:e8:c5:a4:9f:96:27:c9:47:c1:7d:11:de:66:d0:6d:d1:8d:
e7:8f:a0:0f:46:d9:2e:70:f3:9f:ac:6a:b0:3f:5a:dc:70:d4:
b9:a5:f3:ff:5c:21:50:5d:c2:a2:46:26:25:2a:2f:8a:aa:7a:
fd:76:31:5f:e0:25:a3:ee:df:36:f0:ab:05:a1:5d:0d:3c:6b:
2c:1d:d5:c5:73:9c:a0:57:1f:c4:26:e6:dc:a1:7c:25:08:21:
61:28:e2:b3:f5:51:83:20:73:14:19:8f:47:79:69:bc:2b:22:
f2:17:62:1d:83:f7:4f:a9:c4:51:68:e0:a9:d7:9f:17:6a:d2:
fd:f7:04:ce:a4:f5:8e:eb:31:b4:bf:c6:2d:da:0c:70:6e:0c:
a5:75:21:54:3c:f6:3d:36:b8:8a:d8:b6:7b:77:7e:54:1d:9f:
91:8f:02:a6:d1:2c:a7:30:d1:cc:e6:d9:6b:76:80:15:4b:ba:
fd:55:20:cc:b2:99:85:57:60:11:97:c5:e7:28:50:a6:17:af:
d2:bd:1b:7e:06:48:7f:63:dc:70:f8:3f:22:9f:41:a1:66:f5:
a7:81:99:cb:07:0e:8a:9a:bb:12:f6:c0:fe:59:0c:00:37:15:
b2:9d:f0:f9:93:d1:1a:b6:f8:0a:6b:bd:9e:92:32:45:f5:a2:
44:f0:45:8d:1a:d0:10:b2:db:98:c4:c7:5e:c1:e8:f3:94:33:
6c:06:f5:1a:cc:51:23:72:ae:37:2f:57:d4:f8:ac:1f:25:b4:
d3:bf:99:9b:ac:fc
-----BEGIN CERTIFICATE-----
MIIDMzCCAZugAwIBAgIIa7MYPN71IAQwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDIwODE3NTgxNVoYDzIwNTIwMjAx
MTc1ODE1WjAiMSAwHgYDVQQDDBdzcnYwMy5jcnQwMS5leGFtcGxlLmNvbTB2MBAG
ByqGSM49AgEGBSuBBAAiA2IABEXbuRs3Zb+xoYpaOQCNShU7Q5q4L/+ofZmDqJzc
tsKqn/hRoQ4ulw+QEyJMi/H/PGvrkSl9TN98Bd2t6kpMrQrWb45RsIhYQogsFtRH
HbiPs04NEt9MFPYnID+UmiOBSKM+MDwwOgYDVR0RBDMwMYIXc3J2MDMuY3J0MDEu
ZXhhbXBsZS5jb22HBAo1AAOHEP2ScGULjv//AAAAAAAAAAMwDQYJKoZIhvcNAQEL
BQADggGBAI+WiIKUdo6XtnWL6StP848UXFAAymeWni69UyUlQG3FVuYa9sv7WPyz
Vp38C+KOmX7o5q225+Y+ilnvPnak7XtY/aNLqk4R4Ve/sSOloQD4lQfIfe6sp8gk
7s/oxaSflifJR8F9Ed5m0G3RjeePoA9G2S5w85+sarA/Wtxw1Lml8/9cIVBdwqJG
JiUqL4qqev12MV/gJaPu3zbwqwWhXQ08aywd1cVznKBXH8Qm5tyhfCUIIWEo4rP1
UYMgcxQZj0d5abwrIvIXYh2D90+pxFFo4KnXnxdq0v33BM6k9Y7rMbS/xi3aDHBu
DKV1IVQ89j02uIrYtnt3flQdn5GPAqbRLKcw0czm2Wt2gBVLuv1VIMyymYVXYBGX
xecoUKYXr9K9G34GSH9j3HD4PyKfQaFm9aeBmcsHDoqauxL2wP5ZDAA3FbKd8PmT
0Rq2+AprvZ6SMkX1okTwRY0a0BCy25jEx17B6POUM2wG9RrMUSNyrjcvV9T4rB8l
tNO/mZus/A==
-----END CERTIFICATE-----

6
bin/tests/system/doth/CA/certs/srv04.crt01.example.com.key Normal file
View File

@ -0,0 +1,6 @@
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDq5a0oiMxJiOdwaSmk
U2NPPJXOWPZVWpIGxB0kczGcCS6Xq0VinNqLe5YI9M1YwXehZANiAASeQ9fMKeGO
SzWhj7ePMA9Ws1t/wGKbIyFwsSvnc/nqOAFmS1JDMc8QaRW/awjzaQc/mbu4cNA7
iSId8iVCWj5VkcP8tL7HLYZRFMSr/nxUNGfHXtuGhMxm61SvnX3czhg=
-----END PRIVATE KEY-----

69
bin/tests/system/doth/CA/certs/srv04.crt01.example.com.pem Normal file
View File

@ -0,0 +1,69 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7760573232607207429 (0x6bb3183cdef52005)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Feb 8 17:59:14 2022 GMT
Not After : Feb 1 17:59:14 2052 GMT
Subject: CN=srv04.crt01.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:9e:43:d7:cc:29:e1:8e:4b:35:a1:8f:b7:8f:30:
0f:56:b3:5b:7f:c0:62:9b:23:21:70:b1:2b:e7:73:
f9:ea:38:01:66:4b:52:43:31:cf:10:69:15:bf:6b:
08:f3:69:07:3f:99:bb:b8:70:d0:3b:89:22:1d:f2:
25:42:5a:3e:55:91:c3:fc:b4:be:c7:2d:86:51:14:
c4:ab:fe:7c:54:34:67:c7:5e:db:86:84:cc:66:eb:
54:af:9d:7d:dc:ce:18
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv04.crt01.example.com, IP Address:10.53.0.4, IP Address:FD92:7065:B8E:FFFF:0:0:0:4
Signature Algorithm: sha256WithRSAEncryption
48:b5:38:59:79:e6:51:a6:ea:80:d7:d1:3c:29:03:70:31:e4:
43:b4:e3:09:e7:e1:37:8c:d0:0f:2a:19:7a:f2:5a:6d:76:cd:
17:7a:66:1c:3e:74:56:24:b8:29:06:55:b2:1c:af:9a:42:05:
93:a4:70:cb:a5:68:85:ab:71:53:da:d9:29:a3:f4:2a:1e:df:
0c:ec:7d:52:55:fa:9b:e6:a0:18:d5:4c:da:e6:d2:60:da:bc:
09:5b:13:53:6d:c7:d2:30:b9:a8:a5:02:7f:a3:66:28:34:93:
de:55:a0:de:b5:c8:dc:43:7b:b9:03:06:1f:ce:8c:5f:82:d8:
af:40:56:ce:f8:b9:d4:73:1c:ae:c9:cb:1d:0f:a2:52:71:9b:
8b:05:f4:d6:0b:1e:a8:db:0f:29:a0:43:b5:2f:56:09:d8:68:
58:9c:e5:6a:df:38:91:56:9d:44:e5:d2:ca:9a:b1:41:a1:01:
0c:68:a0:f5:0a:f7:98:4f:d5:a0:6f:99:59:a0:e0:cb:49:57:
26:20:09:5a:fa:c2:75:40:f6:1b:6a:ac:55:47:50:8d:38:81:
61:79:44:e7:d5:d1:b3:c7:3b:db:ec:44:59:ef:e1:82:31:a3:
38:4c:de:40:11:31:52:8b:bb:1c:af:be:ce:c5:2b:f5:0d:c0:
60:13:fb:7e:da:22:41:d4:85:5e:4d:ba:db:f8:f7:26:61:32:
26:fe:fe:9e:37:a3:cc:25:3b:3c:c8:b5:a7:a5:5c:d9:4d:8f:
a8:f2:86:98:79:b3:00:08:0f:f2:c9:1f:c6:3f:07:ad:e4:a7:
8d:86:3d:15:fa:5b:1a:0f:96:67:b6:0a:78:0a:bb:6e:05:a6:
54:29:48:b4:f9:48:0d:7f:f0:13:65:32:2f:c5:ee:ab:b8:e8:
0d:b2:f9:c9:96:d2:cf:51:a2:64:3c:58:0f:65:6f:c6:99:93:
76:2c:42:08:d9:f3:f3:13:cd:41:b6:67:8f:1d:9a:2f:da:93:
3d:26:4c:9a:11:c1
-----BEGIN CERTIFICATE-----
MIIDMzCCAZugAwIBAgIIa7MYPN71IAUwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDIwODE3NTkxNFoYDzIwNTIwMjAx
MTc1OTE0WjAiMSAwHgYDVQQDDBdzcnYwNC5jcnQwMS5leGFtcGxlLmNvbTB2MBAG
ByqGSM49AgEGBSuBBAAiA2IABJ5D18wp4Y5LNaGPt48wD1azW3/AYpsjIXCxK+dz
+eo4AWZLUkMxzxBpFb9rCPNpBz+Zu7hw0DuJIh3yJUJaPlWRw/y0vscthlEUxKv+
fFQ0Z8de24aEzGbrVK+dfdzOGKM+MDwwOgYDVR0RBDMwMYIXc3J2MDQuY3J0MDEu
ZXhhbXBsZS5jb22HBAo1AASHEP2ScGULjv//AAAAAAAAAAQwDQYJKoZIhvcNAQEL
BQADggGBAEi1OFl55lGm6oDX0TwpA3Ax5EO04wnn4TeM0A8qGXryWm12zRd6Zhw+
dFYkuCkGVbIcr5pCBZOkcMulaIWrcVPa2Smj9Coe3wzsfVJV+pvmoBjVTNrm0mDa
vAlbE1Ntx9IwuailAn+jZig0k95VoN61yNxDe7kDBh/OjF+C2K9AVs74udRzHK7J
yx0PolJxm4sF9NYLHqjbDymgQ7UvVgnYaFic5WrfOJFWnUTl0sqasUGhAQxooPUK
95hP1aBvmVmg4MtJVyYgCVr6wnVA9htqrFVHUI04gWF5ROfV0bPHO9vsRFnv4YIx
ozhM3kARMVKLuxyvvs7FK/UNwGAT+37aIkHUhV5Nutv49yZhMib+/p43o8wlOzzI
taelXNlNj6jyhph5swAID/LJH8Y/B63kp42GPRX6WxoPlme2CngKu24FplQpSLT5
SA1/8BNlMi/F7qu46A2y+cmW0s9RomQ8WA9lb8aZk3YsQgjZ8/MTzUG2Z48dmi/a
kz0mTJoRwQ==
-----END CERTIFICATE-----

9
bin/tests/system/doth/CA/index.txt Normal file
View File

@ -0,0 +1,9 @@
V 20520201171852Z 6BB3183CDEF52001 unknown /CN=srv01.crt01.example.com
V 20520201172143Z 6BB3183CDEF52002 unknown /CN=srv01.crt02-no-san.example.com
V 20520201175759Z 6BB3183CDEF52003 unknown /CN=srv02.crt01.example.com
V 20520201175815Z 6BB3183CDEF52004 unknown /CN=srv03.crt01.example.com
V 20520201175914Z 6BB3183CDEF52005 unknown /CN=srv04.crt01.example.com
V 120815090000Z 6BB3183CDEF52006 unknown /CN=srv01.crt03-expired.example.com
V 20520203174420Z 6BB3183CDEF52007 unknown /CN=srv01.client01.example.com
V 20520204132112Z 6BB3183CDEF52008 unknown /CN=srv01.client02-ns2.example.com
V 120814060000Z 6BB3183CDEF52009 unknown /CN=srv01.client03-ns2-expired.example.com

1
bin/tests/system/doth/CA/index.txt.attr Normal file
View File

@ -0,0 +1 @@
unique_subject = yes

69
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52001.pem Normal file
View File

@ -0,0 +1,69 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7760573232607207425 (0x6bb3183cdef52001)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Feb 8 17:18:52 2022 GMT
Not After : Feb 1 17:18:52 2052 GMT
Subject: CN=srv01.crt01.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:12:a1:7b:0f:79:f2:29:f5:8f:6a:06:d0:28:83:
14:43:8f:19:4c:29:91:36:30:0f:06:a6:56:e7:57:
9b:58:2c:9e:fc:9c:a3:4e:f6:e3:6f:90:40:d5:09:
fd:94:96:8e:14:68:74:6f:e8:a7:a7:ab:8c:35:96:
f2:d6:8f:5d:97:5d:d1:b9:22:5b:ef:31:15:a1:e1:
eb:6d:6f:af:b1:2f:80:e5:a5:a9:38:f2:6f:f9:65:
14:70:a7:a5:ac:e1:1a
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv01.crt01.example.com, IP Address:10.53.0.1, IP Address:FD92:7065:B8E:FFFF:0:0:0:1
Signature Algorithm: sha256WithRSAEncryption
79:0f:08:ab:18:cc:f9:7a:bd:47:21:99:a1:a3:76:04:7f:d7:
08:33:91:49:3d:2d:fc:8d:ff:c5:c1:8d:b8:70:05:65:32:cd:
e2:26:21:49:19:66:a2:94:4f:42:7d:83:3c:4f:ed:c1:87:89:
5b:73:2c:64:64:67:29:f5:73:83:23:72:b7:a8:2e:d6:9a:de:
13:0c:ba:35:d3:38:b1:c4:51:7d:81:fc:25:ca:a6:d9:d2:fa:
bb:6d:1f:a4:61:90:50:2d:8a:ed:70:1a:eb:56:2f:fc:7b:f3:
76:df:68:8d:e8:a4:7d:82:b9:5c:c6:cb:d8:06:f7:78:dc:a7:
94:35:d4:83:98:28:51:36:1c:73:47:e4:5b:32:d2:cd:de:1c:
44:f6:de:37:8a:46:d0:14:8d:71:e5:10:22:b1:f9:73:f7:1b:
4f:82:e1:a1:00:73:18:17:71:a2:bf:a2:0c:59:aa:43:58:46:
82:f8:38:c4:5a:5a:9f:13:d7:a9:54:1f:58:9b:5d:52:16:d3:
a0:ba:6b:aa:cf:68:3a:d1:12:9c:94:ac:78:6b:7e:bc:69:6c:
75:07:5d:fb:68:cd:e8:8d:bb:8c:b0:7c:6c:9e:f6:a5:7c:32:
74:ef:c5:b1:1f:1d:ec:7b:2f:79:c0:3b:52:60:9b:48:89:09:
b4:46:34:69:d3:7b:1b:15:ef:0c:dd:64:1d:58:fe:a7:0b:b1:
9d:28:1f:1e:9e:3c:c0:b1:a6:38:ab:9d:54:24:0e:75:6c:9e:
90:13:b9:39:dc:43:fe:37:e3:14:0f:78:7e:2b:56:a2:d2:60:
51:57:88:3b:4c:cf:24:67:36:77:21:bb:c8:07:eb:48:f7:b0:
1e:e4:99:61:84:15:bb:61:3a:21:55:df:31:43:67:73:8f:6b:
e9:04:83:be:2d:8b:94:39:89:cf:40:d5:04:f7:6b:c9:c6:8c:
6e:36:0f:5d:7a:9b:57:86:36:76:2c:75:35:47:50:ed:9a:84:
7e:37:83:b5:21:a2
-----BEGIN CERTIFICATE-----
MIIDMzCCAZugAwIBAgIIa7MYPN71IAEwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDIwODE3MTg1MloYDzIwNTIwMjAx
MTcxODUyWjAiMSAwHgYDVQQDDBdzcnYwMS5jcnQwMS5leGFtcGxlLmNvbTB2MBAG
ByqGSM49AgEGBSuBBAAiA2IABBKhew958in1j2oG0CiDFEOPGUwpkTYwDwamVudX
m1gsnvyco07242+QQNUJ/ZSWjhRodG/op6erjDWW8taPXZdd0bkiW+8xFaHh621v
r7EvgOWlqTjyb/llFHCnpazhGqM+MDwwOgYDVR0RBDMwMYIXc3J2MDEuY3J0MDEu
ZXhhbXBsZS5jb22HBAo1AAGHEP2ScGULjv//AAAAAAAAAAEwDQYJKoZIhvcNAQEL
BQADggGBAHkPCKsYzPl6vUchmaGjdgR/1wgzkUk9LfyN/8XBjbhwBWUyzeImIUkZ
ZqKUT0J9gzxP7cGHiVtzLGRkZyn1c4MjcreoLtaa3hMMujXTOLHEUX2B/CXKptnS
+rttH6RhkFAtiu1wGutWL/x783bfaI3opH2CuVzGy9gG93jcp5Q11IOYKFE2HHNH
5Fsy0s3eHET23jeKRtAUjXHlECKx+XP3G0+C4aEAcxgXcaK/ogxZqkNYRoL4OMRa
Wp8T16lUH1ibXVIW06C6a6rPaDrREpyUrHhrfrxpbHUHXftozeiNu4ywfGye9qV8
MnTvxbEfHex7L3nAO1Jgm0iJCbRGNGnTexsV7wzdZB1Y/qcLsZ0oHx6ePMCxpjir
nVQkDnVsnpATuTncQ/434xQPeH4rVqLSYFFXiDtMzyRnNnchu8gH60j3sB7kmWGE
FbthOiFV3zFDZ3OPa+kEg74ti5Q5ic9A1QT3a8nGjG42D116m1eGNnYsdTVHUO2a
hH43g7Uhog==
-----END CERTIFICATE-----

64
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52002.pem Normal file
View File

@ -0,0 +1,64 @@
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 7760573232607207426 (0x6bb3183cdef52002)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Feb 8 17:21:43 2022 GMT
Not After : Feb 1 17:21:43 2052 GMT
Subject: CN=srv01.crt02-no-san.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:a3:2d:33:fd:92:90:dc:03:ef:36:f9:a4:a8:90:
f1:47:69:be:e8:8e:65:08:da:e5:b3:82:63:1c:af:
9a:37:b4:75:7c:ce:46:fb:19:17:bc:90:72:4f:74:
b6:45:39:f7:96:b3:44:85:1c:ad:6a:db:a4:76:86:
ee:8e:27:3d:f7:61:78:df:e1:04:8a:eb:91:8b:01:
67:b6:69:32:54:50:1c:56:86:da:2f:ef:e4:3d:94:
ba:f7:5b:02:14:b5:13
ASN1 OID: secp384r1
NIST CURVE: P-384
Signature Algorithm: sha256WithRSAEncryption
07:20:2a:a6:7a:52:52:ba:1e:b7:79:cf:e6:11:9c:ca:3f:43:
2b:f3:d7:2e:74:74:57:81:a1:aa:e6:68:c9:fd:d1:a8:a6:5b:
a2:ff:ea:f7:f0:b7:46:dc:a0:5a:64:5f:ce:e7:0f:76:63:14:
6d:c2:51:4b:30:ea:51:7e:4a:1b:d3:b2:f8:c2:3d:3f:c1:bf:
ad:db:4d:f8:28:31:e7:75:ae:84:37:90:00:e5:0b:6b:dc:23:
98:69:d5:ef:ce:e2:0d:e7:19:f1:31:01:1f:2a:6c:23:a3:94:
62:7a:bf:b3:b0:13:d0:62:fc:a5:a6:0d:52:bb:f4:31:ff:f3:
ce:3a:74:66:30:7f:29:04:8d:34:90:7a:9b:8f:da:82:2e:5c:
81:dd:af:fa:3a:a1:4e:bb:0a:4c:62:01:40:39:67:9c:29:27:
6e:2f:76:81:2d:33:68:ee:ee:ed:00:7f:12:7a:af:43:00:7b:
2d:34:8a:26:9a:66:1c:e5:96:17:7c:f8:6d:1e:8c:17:39:ce:
4f:0b:9e:40:72:e1:5e:33:3f:9e:84:b5:07:f5:ab:58:d7:37:
ed:d0:29:ad:ce:02:0d:fa:6f:96:a9:0e:6c:6e:32:d2:dc:11:
23:a3:4a:60:54:b4:98:31:db:8f:4b:4c:58:64:39:4f:ff:27:
d0:02:e5:cc:b2:17:e8:46:dc:aa:cb:dc:3d:ed:14:52:ec:6d:
a6:cd:04:2f:fd:54:16:6c:7e:63:34:17:f1:1d:b8:37:dd:20:
6c:f6:21:19:6f:bb:62:dd:bc:6c:41:34:ad:b1:90:eb:2a:e0:
63:ea:70:60:6a:02:e8:fe:46:51:b1:9d:3c:54:54:73:25:b7:
41:d1:4c:34:aa:88:48:b8:01:21:ae:d8:d3:06:38:05:65:78:
e7:38:f0:f6:e6:2e:61:c0:42:5e:3b:09:59:eb:09:48:4d:55:
7c:af:f4:de:c1:09:a0:b4:60:f7:9e:a2:d5:46:fc:05:61:69:
e0:c1:2d:26:dc:42
-----BEGIN CERTIFICATE-----
MIIC9TCCAV0CCGuzGDze9SACMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNVBAYTAlVB
MRgwFgYDVQQIDA9LaGFya2l2IE9ibGFzdCcxEDAOBgNVBAcMB0toYXJraXYxJDAi
BgNVBAoMG0ludGVybmV0IFN5c3RlbXMgQ29uc29ydGl1bTEcMBoGA1UEAwwTY2Eu
dGVzdC5leGFtcGxlLmNvbTAgFw0yMjAyMDgxNzIxNDNaGA8yMDUyMDIwMTE3MjE0
M1owKTEnMCUGA1UEAwwec3J2MDEuY3J0MDItbm8tc2FuLmV4YW1wbGUuY29tMHYw
EAYHKoZIzj0CAQYFK4EEACIDYgAEoy0z/ZKQ3APvNvmkqJDxR2m+6I5lCNrls4Jj
HK+aN7R1fM5G+xkXvJByT3S2RTn3lrNEhRytatukdobujic992F43+EEiuuRiwFn
tmkyVFAcVobaL+/kPZS691sCFLUTMA0GCSqGSIb3DQEBCwUAA4IBgQAHICqmelJS
uh63ec/mEZzKP0Mr89cudHRXgaGq5mjJ/dGoplui/+r38LdG3KBaZF/O5w92YxRt
wlFLMOpRfkob07L4wj0/wb+t2034KDHnda6EN5AA5Qtr3COYadXvzuIN5xnxMQEf
Kmwjo5Rier+zsBPQYvylpg1Su/Qx//POOnRmMH8pBI00kHqbj9qCLlyB3a/6OqFO
uwpMYgFAOWecKSduL3aBLTNo7u7tAH8Seq9DAHstNIommmYc5ZYXfPhtHowXOc5P
C55AcuFeMz+ehLUH9atY1zft0CmtzgIN+m+WqQ5sbjLS3BEjo0pgVLSYMduPS0xY
ZDlP/yfQAuXMshfoRtyqy9w97RRS7G2mzQQv/VQWbH5jNBfxHbg33SBs9iEZb7ti
3bxsQTStsZDrKuBj6nBgagLo/kZRsZ08VFRzJbdB0Uw0qohIuAEhrtjTBjgFZXjn
OPD25i5hwEJeOwlZ6wlITVV8r/TewQmgtGD3nqLVRvwFYWngwS0m3EI=
-----END CERTIFICATE-----

69
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52003.pem Normal file
View File

@ -0,0 +1,69 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7760573232607207427 (0x6bb3183cdef52003)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Feb 8 17:57:59 2022 GMT
Not After : Feb 1 17:57:59 2052 GMT
Subject: CN=srv02.crt01.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:43:d4:fb:cc:b8:88:60:95:16:aa:2a:d0:31:96:
cb:3e:a8:5c:e4:76:ac:c1:bf:cd:3b:65:85:bb:2c:
cb:fa:c3:48:3c:83:c8:08:ee:dc:59:15:97:22:b8:
42:17:8c:75:09:f9:3e:b6:9c:f2:c5:db:5d:b6:8a:
6a:43:48:0a:a2:dd:13:c2:36:e4:73:b3:64:54:79:
bb:f8:d4:7e:48:f4:05:be:0c:77:63:01:fe:4f:30:
b0:aa:62:bc:f2:ed:f9
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv02.crt01.example.com, IP Address:10.53.0.2, IP Address:FD92:7065:B8E:FFFF:0:0:0:2
Signature Algorithm: sha256WithRSAEncryption
89:ba:ae:4f:f8:3e:da:48:1f:5c:8f:ff:ee:d8:42:b0:0b:9b:
f1:b5:e2:90:c9:76:40:09:77:a3:31:d5:73:8f:eb:7d:69:94:
1c:2b:10:31:da:d4:0c:29:e7:80:4e:61:53:ba:15:9d:e1:e8:
0c:0d:19:77:2b:a8:74:46:e3:03:ae:ab:96:ea:af:80:c3:18:
e0:93:8e:e9:58:0e:79:47:98:a4:06:95:6b:8f:2c:d1:f7:29:
b1:98:85:e8:a4:9c:45:52:ad:c8:60:20:dc:3a:6a:40:78:15:
d1:b4:d0:c3:c5:f3:ac:fe:ec:d3:94:ef:66:0b:d7:8c:46:f3:
62:30:c4:c2:78:65:de:40:4e:d8:26:84:8e:18:a7:71:f2:b7:
65:d8:d0:c2:c8:e6:a0:fb:ea:01:de:2f:03:8a:50:3d:f6:6c:
0b:ef:ce:f5:25:1f:80:54:3e:c2:6d:2c:d3:2b:bd:23:b7:3b:
82:6b:91:7f:ea:ff:e6:11:37:d3:f0:d4:db:9f:32:ac:12:cc:
ec:25:25:81:58:16:18:90:73:c3:ad:7c:09:a7:08:99:16:ce:
e8:6c:4b:9a:e6:09:96:11:c2:f1:cf:19:43:a6:a6:81:f2:57:
21:fa:b1:91:58:39:76:17:89:32:4c:4b:df:fa:59:03:b2:32:
b4:b3:95:89:af:f4:5e:94:b1:df:e9:bf:21:73:14:06:5d:08:
1e:0f:d2:84:14:44:20:91:19:72:b9:38:0b:3c:2e:4f:ea:3a:
9b:ef:93:61:e7:36:82:df:49:e2:d7:45:ea:87:45:1d:74:36:
18:f4:aa:30:d5:65:da:1f:c7:98:61:ab:64:2a:49:98:64:a1:
8c:33:3a:a5:97:4a:69:a6:9d:6f:00:b9:6b:81:8d:09:0f:98:
63:0f:85:ae:e4:21:70:a3:da:5a:27:eb:df:6d:82:ac:bb:48:
6b:01:4e:36:95:5a:d3:f0:b9:30:43:72:87:af:41:7a:30:13:
f2:92:15:f1:69:e7
-----BEGIN CERTIFICATE-----
MIIDMzCCAZugAwIBAgIIa7MYPN71IAMwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDIwODE3NTc1OVoYDzIwNTIwMjAx
MTc1NzU5WjAiMSAwHgYDVQQDDBdzcnYwMi5jcnQwMS5leGFtcGxlLmNvbTB2MBAG
ByqGSM49AgEGBSuBBAAiA2IABEPU+8y4iGCVFqoq0DGWyz6oXOR2rMG/zTtlhbss
y/rDSDyDyAju3FkVlyK4QheMdQn5Prac8sXbXbaKakNICqLdE8I25HOzZFR5u/jU
fkj0Bb4Md2MB/k8wsKpivPLt+aM+MDwwOgYDVR0RBDMwMYIXc3J2MDIuY3J0MDEu
ZXhhbXBsZS5jb22HBAo1AAKHEP2ScGULjv//AAAAAAAAAAIwDQYJKoZIhvcNAQEL
BQADggGBAIm6rk/4PtpIH1yP/+7YQrALm/G14pDJdkAJd6Mx1XOP631plBwrEDHa
1Awp54BOYVO6FZ3h6AwNGXcrqHRG4wOuq5bqr4DDGOCTjulYDnlHmKQGlWuPLNH3
KbGYheiknEVSrchgINw6akB4FdG00MPF86z+7NOU72YL14xG82IwxMJ4Zd5ATtgm
hI4Yp3Hyt2XY0MLI5qD76gHeLwOKUD32bAvvzvUlH4BUPsJtLNMrvSO3O4JrkX/q
/+YRN9Pw1NufMqwSzOwlJYFYFhiQc8OtfAmnCJkWzuhsS5rmCZYRwvHPGUOmpoHy
VyH6sZFYOXYXiTJMS9/6WQOyMrSzlYmv9F6Usd/pvyFzFAZdCB4P0oQURCCRGXK5
OAs8Lk/qOpvvk2HnNoLfSeLXReqHRR10Nhj0qjDVZdofx5hhq2QqSZhkoYwzOqWX
SmmmnW8AuWuBjQkPmGMPha7kIXCj2lon699tgqy7SGsBTjaVWtPwuTBDcoevQXow
E/KSFfFp5w==
-----END CERTIFICATE-----

69
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52004.pem Normal file
View File

@ -0,0 +1,69 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7760573232607207428 (0x6bb3183cdef52004)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Feb 8 17:58:15 2022 GMT
Not After : Feb 1 17:58:15 2052 GMT
Subject: CN=srv03.crt01.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:45:db:b9:1b:37:65:bf:b1:a1:8a:5a:39:00:8d:
4a:15:3b:43:9a:b8:2f:ff:a8:7d:99:83:a8:9c:dc:
b6:c2:aa:9f:f8:51:a1:0e:2e:97:0f:90:13:22:4c:
8b:f1:ff:3c:6b:eb:91:29:7d:4c:df:7c:05:dd:ad:
ea:4a:4c:ad:0a:d6:6f:8e:51:b0:88:58:42:88:2c:
16:d4:47:1d:b8:8f:b3:4e:0d:12:df:4c:14:f6:27:
20:3f:94:9a:23:81:48
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv03.crt01.example.com, IP Address:10.53.0.3, IP Address:FD92:7065:B8E:FFFF:0:0:0:3
Signature Algorithm: sha256WithRSAEncryption
8f:96:88:82:94:76:8e:97:b6:75:8b:e9:2b:4f:f3:8f:14:5c:
50:00:ca:67:96:9e:2e:bd:53:25:25:40:6d:c5:56:e6:1a:f6:
cb:fb:58:fc:b3:56:9d:fc:0b:e2:8e:99:7e:e8:e6:ad:b6:e7:
e6:3e:8a:59:ef:3e:76:a4:ed:7b:58:fd:a3:4b:aa:4e:11:e1:
57:bf:b1:23:a5:a1:00:f8:95:07:c8:7d:ee:ac:a7:c8:24:ee:
cf:e8:c5:a4:9f:96:27:c9:47:c1:7d:11:de:66:d0:6d:d1:8d:
e7:8f:a0:0f:46:d9:2e:70:f3:9f:ac:6a:b0:3f:5a:dc:70:d4:
b9:a5:f3:ff:5c:21:50:5d:c2:a2:46:26:25:2a:2f:8a:aa:7a:
fd:76:31:5f:e0:25:a3:ee:df:36:f0:ab:05:a1:5d:0d:3c:6b:
2c:1d:d5:c5:73:9c:a0:57:1f:c4:26:e6:dc:a1:7c:25:08:21:
61:28:e2:b3:f5:51:83:20:73:14:19:8f:47:79:69:bc:2b:22:
f2:17:62:1d:83:f7:4f:a9:c4:51:68:e0:a9:d7:9f:17:6a:d2:
fd:f7:04:ce:a4:f5:8e:eb:31:b4:bf:c6:2d:da:0c:70:6e:0c:
a5:75:21:54:3c:f6:3d:36:b8:8a:d8:b6:7b:77:7e:54:1d:9f:
91:8f:02:a6:d1:2c:a7:30:d1:cc:e6:d9:6b:76:80:15:4b:ba:
fd:55:20:cc:b2:99:85:57:60:11:97:c5:e7:28:50:a6:17:af:
d2:bd:1b:7e:06:48:7f:63:dc:70:f8:3f:22:9f:41:a1:66:f5:
a7:81:99:cb:07:0e:8a:9a:bb:12:f6:c0:fe:59:0c:00:37:15:
b2:9d:f0:f9:93:d1:1a:b6:f8:0a:6b:bd:9e:92:32:45:f5:a2:
44:f0:45:8d:1a:d0:10:b2:db:98:c4:c7:5e:c1:e8:f3:94:33:
6c:06:f5:1a:cc:51:23:72:ae:37:2f:57:d4:f8:ac:1f:25:b4:
d3:bf:99:9b:ac:fc
-----BEGIN CERTIFICATE-----
MIIDMzCCAZugAwIBAgIIa7MYPN71IAQwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDIwODE3NTgxNVoYDzIwNTIwMjAx
MTc1ODE1WjAiMSAwHgYDVQQDDBdzcnYwMy5jcnQwMS5leGFtcGxlLmNvbTB2MBAG
ByqGSM49AgEGBSuBBAAiA2IABEXbuRs3Zb+xoYpaOQCNShU7Q5q4L/+ofZmDqJzc
tsKqn/hRoQ4ulw+QEyJMi/H/PGvrkSl9TN98Bd2t6kpMrQrWb45RsIhYQogsFtRH
HbiPs04NEt9MFPYnID+UmiOBSKM+MDwwOgYDVR0RBDMwMYIXc3J2MDMuY3J0MDEu
ZXhhbXBsZS5jb22HBAo1AAOHEP2ScGULjv//AAAAAAAAAAMwDQYJKoZIhvcNAQEL
BQADggGBAI+WiIKUdo6XtnWL6StP848UXFAAymeWni69UyUlQG3FVuYa9sv7WPyz
Vp38C+KOmX7o5q225+Y+ilnvPnak7XtY/aNLqk4R4Ve/sSOloQD4lQfIfe6sp8gk
7s/oxaSflifJR8F9Ed5m0G3RjeePoA9G2S5w85+sarA/Wtxw1Lml8/9cIVBdwqJG
JiUqL4qqev12MV/gJaPu3zbwqwWhXQ08aywd1cVznKBXH8Qm5tyhfCUIIWEo4rP1
UYMgcxQZj0d5abwrIvIXYh2D90+pxFFo4KnXnxdq0v33BM6k9Y7rMbS/xi3aDHBu
DKV1IVQ89j02uIrYtnt3flQdn5GPAqbRLKcw0czm2Wt2gBVLuv1VIMyymYVXYBGX
xecoUKYXr9K9G34GSH9j3HD4PyKfQaFm9aeBmcsHDoqauxL2wP5ZDAA3FbKd8PmT
0Rq2+AprvZ6SMkX1okTwRY0a0BCy25jEx17B6POUM2wG9RrMUSNyrjcvV9T4rB8l
tNO/mZus/A==
-----END CERTIFICATE-----

69
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52005.pem Normal file
View File

@ -0,0 +1,69 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7760573232607207429 (0x6bb3183cdef52005)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Feb 8 17:59:14 2022 GMT
Not After : Feb 1 17:59:14 2052 GMT
Subject: CN=srv04.crt01.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:9e:43:d7:cc:29:e1:8e:4b:35:a1:8f:b7:8f:30:
0f:56:b3:5b:7f:c0:62:9b:23:21:70:b1:2b:e7:73:
f9:ea:38:01:66:4b:52:43:31:cf:10:69:15:bf:6b:
08:f3:69:07:3f:99:bb:b8:70:d0:3b:89:22:1d:f2:
25:42:5a:3e:55:91:c3:fc:b4:be:c7:2d:86:51:14:
c4:ab:fe:7c:54:34:67:c7:5e:db:86:84:cc:66:eb:
54:af:9d:7d:dc:ce:18
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv04.crt01.example.com, IP Address:10.53.0.4, IP Address:FD92:7065:B8E:FFFF:0:0:0:4
Signature Algorithm: sha256WithRSAEncryption
48:b5:38:59:79:e6:51:a6:ea:80:d7:d1:3c:29:03:70:31:e4:
43:b4:e3:09:e7:e1:37:8c:d0:0f:2a:19:7a:f2:5a:6d:76:cd:
17:7a:66:1c:3e:74:56:24:b8:29:06:55:b2:1c:af:9a:42:05:
93:a4:70:cb:a5:68:85:ab:71:53:da:d9:29:a3:f4:2a:1e:df:
0c:ec:7d:52:55:fa:9b:e6:a0:18:d5:4c:da:e6:d2:60:da:bc:
09:5b:13:53:6d:c7:d2:30:b9:a8:a5:02:7f:a3:66:28:34:93:
de:55:a0:de:b5:c8:dc:43:7b:b9:03:06:1f:ce:8c:5f:82:d8:
af:40:56:ce:f8:b9:d4:73:1c:ae:c9:cb:1d:0f:a2:52:71:9b:
8b:05:f4:d6:0b:1e:a8:db:0f:29:a0:43:b5:2f:56:09:d8:68:
58:9c:e5:6a:df:38:91:56:9d:44:e5:d2:ca:9a:b1:41:a1:01:
0c:68:a0:f5:0a:f7:98:4f:d5:a0:6f:99:59:a0:e0:cb:49:57:
26:20:09:5a:fa:c2:75:40:f6:1b:6a:ac:55:47:50:8d:38:81:
61:79:44:e7:d5:d1:b3:c7:3b:db:ec:44:59:ef:e1:82:31:a3:
38:4c:de:40:11:31:52:8b:bb:1c:af:be:ce:c5:2b:f5:0d:c0:
60:13:fb:7e:da:22:41:d4:85:5e:4d:ba:db:f8:f7:26:61:32:
26:fe:fe:9e:37:a3:cc:25:3b:3c:c8:b5:a7:a5:5c:d9:4d:8f:
a8:f2:86:98:79:b3:00:08:0f:f2:c9:1f:c6:3f:07:ad:e4:a7:
8d:86:3d:15:fa:5b:1a:0f:96:67:b6:0a:78:0a:bb:6e:05:a6:
54:29:48:b4:f9:48:0d:7f:f0:13:65:32:2f:c5:ee:ab:b8:e8:
0d:b2:f9:c9:96:d2:cf:51:a2:64:3c:58:0f:65:6f:c6:99:93:
76:2c:42:08:d9:f3:f3:13:cd:41:b6:67:8f:1d:9a:2f:da:93:
3d:26:4c:9a:11:c1
-----BEGIN CERTIFICATE-----
MIIDMzCCAZugAwIBAgIIa7MYPN71IAUwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDIwODE3NTkxNFoYDzIwNTIwMjAx
MTc1OTE0WjAiMSAwHgYDVQQDDBdzcnYwNC5jcnQwMS5leGFtcGxlLmNvbTB2MBAG
ByqGSM49AgEGBSuBBAAiA2IABJ5D18wp4Y5LNaGPt48wD1azW3/AYpsjIXCxK+dz
+eo4AWZLUkMxzxBpFb9rCPNpBz+Zu7hw0DuJIh3yJUJaPlWRw/y0vscthlEUxKv+
fFQ0Z8de24aEzGbrVK+dfdzOGKM+MDwwOgYDVR0RBDMwMYIXc3J2MDQuY3J0MDEu
ZXhhbXBsZS5jb22HBAo1AASHEP2ScGULjv//AAAAAAAAAAQwDQYJKoZIhvcNAQEL
BQADggGBAEi1OFl55lGm6oDX0TwpA3Ax5EO04wnn4TeM0A8qGXryWm12zRd6Zhw+
dFYkuCkGVbIcr5pCBZOkcMulaIWrcVPa2Smj9Coe3wzsfVJV+pvmoBjVTNrm0mDa
vAlbE1Ntx9IwuailAn+jZig0k95VoN61yNxDe7kDBh/OjF+C2K9AVs74udRzHK7J
yx0PolJxm4sF9NYLHqjbDymgQ7UvVgnYaFic5WrfOJFWnUTl0sqasUGhAQxooPUK
95hP1aBvmVmg4MtJVyYgCVr6wnVA9htqrFVHUI04gWF5ROfV0bPHO9vsRFnv4YIx
ozhM3kARMVKLuxyvvs7FK/UNwGAT+37aIkHUhV5Nutv49yZhMib+/p43o8wlOzzI
taelXNlNj6jyhph5swAID/LJH8Y/B63kp42GPRX6WxoPlme2CngKu24FplQpSLT5
SA1/8BNlMi/F7qu46A2y+cmW0s9RomQ8WA9lb8aZk3YsQgjZ8/MTzUG2Z48dmi/a
kz0mTJoRwQ==
-----END CERTIFICATE-----

69
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52006.pem Normal file
View File

@ -0,0 +1,69 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7760573232607207430 (0x6bb3183cdef52006)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Aug 15 08:00:00 2012 GMT
Not After : Aug 15 09:00:00 2012 GMT
Subject: CN=srv01.crt03-expired.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:1f:d5:7b:ab:73:b2:70:15:fd:33:26:02:5c:76:
16:80:0c:70:7d:57:83:75:ac:3c:b7:4a:02:46:35:
c1:1b:c1:7a:bd:be:f2:04:9a:7f:69:83:7f:54:9a:
1b:10:62:d7:70:bd:ef:26:90:51:50:10:77:56:b7:
1a:2f:44:5e:91:46:36:e1:2e:a4:4c:67:2e:62:a8:
7f:1a:15:10:44:68:8b:18:ea:cf:b8:96:09:bf:b5:
3a:d1:ef:10:8f:9f:bb
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv01.crt03-expired.example.com, IP Address:10.53.0.1, IP Address:FD92:7065:B8E:FFFF:0:0:0:1
Signature Algorithm: sha256WithRSAEncryption
25:35:08:f6:e7:f0:83:81:be:65:31:1b:78:a8:04:84:fe:6a:
2a:1a:5d:c1:73:20:88:08:11:d8:27:be:a5:8e:3c:df:e2:a6:
19:c5:41:40:ea:01:91:85:99:8d:17:4e:4d:9a:3c:03:f9:78:
4c:8a:20:41:5e:96:d6:64:83:2f:b2:fe:e7:77:09:f9:91:bd:
22:1a:57:8b:f6:24:bc:7b:48:2b:2e:14:b7:32:bd:46:91:99:
5e:21:9a:d3:15:a7:27:e1:c0:3a:c7:f5:f9:94:3f:6d:14:7e:
0b:02:bf:05:d9:ac:10:8a:7e:b0:37:36:cd:cb:4a:b4:e1:01:
c7:04:8d:83:f3:c6:79:ff:ff:6c:f0:a4:bf:3c:12:61:ea:15:
ac:30:62:26:e3:c3:4e:7d:5c:68:d8:88:de:35:8d:44:75:8c:
a8:c1:0d:07:67:b5:d0:42:43:41:1f:39:a0:47:35:46:d7:0f:
89:aa:e8:d3:86:45:9a:fb:33:01:06:23:64:53:24:48:5b:69:
fa:cf:d9:81:fb:5e:7e:7b:82:65:56:c6:46:65:5c:e1:4f:f2:
3c:09:3c:28:5f:c9:e3:a5:24:e3:7b:aa:b5:b1:8a:6a:b2:02:
32:5f:24:05:f1:67:c8:54:17:0c:cd:ca:3d:e4:44:3e:23:3a:
7c:63:b6:f9:61:3a:21:e7:8f:27:ad:c3:26:86:39:49:6c:41:
40:7f:1d:48:69:8d:db:6f:42:e4:09:fe:24:62:bd:8e:2e:54:
25:f0:14:c2:d8:43:95:09:2e:5f:72:4f:43:b5:9a:8b:bb:8c:
44:c6:77:c9:05:fb:1a:9f:d7:b6:a6:42:d9:5c:3d:a5:09:0f:
9e:e0:c7:06:32:f1:ff:c9:53:5e:42:d4:2a:33:ad:06:ea:ec:
b0:26:d3:3c:ef:65:af:15:8e:7b:20:49:ad:f1:56:ef:17:6b:
fc:f4:d8:7c:82:9f:30:19:d0:bc:9c:79:e2:dc:9d:a7:f9:6b:
6f:65:ae:21:a0:94
-----BEGIN CERTIFICATE-----
MIIDQTCCAamgAwIBAgIIa7MYPN71IAYwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
DBNjYS50ZXN0LmV4YW1wbGUuY29tMB4XDTEyMDgxNTA4MDAwMFoXDTEyMDgxNTA5
MDAwMFowKjEoMCYGA1UEAwwfc3J2MDEuY3J0MDMtZXhwaXJlZC5leGFtcGxlLmNv
bTB2MBAGByqGSM49AgEGBSuBBAAiA2IABB/Ve6tzsnAV/TMmAlx2FoAMcH1Xg3Ws
PLdKAkY1wRvBer2+8gSaf2mDf1SaGxBi13C97yaQUVAQd1a3Gi9EXpFGNuEupExn
LmKofxoVEERoixjqz7iWCb+1OtHvEI+fu6NGMEQwQgYDVR0RBDswOYIfc3J2MDEu
Y3J0MDMtZXhwaXJlZC5leGFtcGxlLmNvbYcECjUAAYcQ/ZJwZQuO//8AAAAAAAAA
ATANBgkqhkiG9w0BAQsFAAOCAYEAJTUI9ufwg4G+ZTEbeKgEhP5qKhpdwXMgiAgR
2Ce+pY483+KmGcVBQOoBkYWZjRdOTZo8A/l4TIogQV6W1mSDL7L+53cJ+ZG9IhpX
i/YkvHtIKy4UtzK9RpGZXiGa0xWnJ+HAOsf1+ZQ/bRR+CwK/BdmsEIp+sDc2zctK
tOEBxwSNg/PGef//bPCkvzwSYeoVrDBiJuPDTn1caNiI3jWNRHWMqMENB2e10EJD
QR85oEc1RtcPiaro04ZFmvszAQYjZFMkSFtp+s/ZgftefnuCZVbGRmVc4U/yPAk8
KF/J46Uk43uqtbGKarICMl8kBfFnyFQXDM3KPeREPiM6fGO2+WE6IeePJ63DJoY5
SWxBQH8dSGmN229C5An+JGK9ji5UJfAUwthDlQkuX3JPQ7Wai7uMRMZ3yQX7Gp/X
tqZC2Vw9pQkPnuDHBjLx/8lTXkLUKjOtBurssCbTPO9lrxWOeyBJrfFW7xdr/PTY
fIKfMBnQvJx54tydp/lrb2WuIaCU
-----END CERTIFICATE-----

68
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52007.pem Normal file
View File

@ -0,0 +1,68 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7760573232607207431 (0x6bb3183cdef52007)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Feb 10 17:44:20 2022 GMT
Not After : Feb 3 17:44:20 2052 GMT
Subject: CN=srv01.client01.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:5e:93:6a:7a:da:75:cc:64:08:e4:f8:f9:2f:2b:
85:36:ee:e1:df:fa:cd:4c:60:f1:44:b5:16:7b:f9:
03:cf:a0:08:67:6f:ae:27:a3:95:8a:68:1e:63:ab:
cf:2e:20:62:52:e7:8c:3e:1e:ef:de:0d:69:64:65:
b6:e4:df:fe:1a:48:f8:68:75:84:83:11:fb:81:59:
0e:c1:96:48:7f:24:da:11:dd:ac:cb:0a:c5:09:78:
24:31:3a:df:37:e6:b3
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv01.client01.example.com
Signature Algorithm: sha256WithRSAEncryption
82:bd:eb:8f:4e:a5:d2:46:c7:d8:70:3c:34:1d:58:43:1b:81:
16:5d:c2:b0:76:4b:a9:f2:10:14:23:e4:ef:dc:59:03:b6:7f:
b0:40:34:e5:d0:82:4b:95:a6:07:9a:45:51:94:cf:08:c2:4e:
c9:44:d5:f3:b6:ed:f2:a0:01:94:ad:e0:0e:0f:ab:85:6f:35:
4b:07:c8:97:25:fb:69:ff:a1:99:bc:ec:70:6c:51:b5:32:95:
e9:c9:45:cf:45:e2:c5:5e:b1:59:a2:e1:f2:83:c8:87:68:c4:
60:e2:db:50:6c:18:64:1b:9a:9a:cc:7c:e7:fd:d9:f2:b7:d1:
de:1d:ec:29:c9:58:db:7b:9a:a1:06:9a:ce:36:a0:45:10:dc:
7d:81:24:21:34:30:4c:71:f9:fc:96:37:d6:cf:0d:9d:11:12:
c7:62:bc:19:5b:79:e5:e0:37:e8:17:36:4b:13:af:fa:2c:2e:
36:d9:be:53:e1:c3:f9:bc:94:a6:7a:97:14:99:36:f9:14:38:
11:20:3a:2a:9d:fd:64:63:d0:a2:8f:f0:99:a9:02:ca:57:48:
d2:7d:65:44:b6:85:a0:38:ec:e8:19:7e:c2:48:e3:1d:22:53:
cf:3b:d4:0a:98:e1:72:62:ec:8b:01:3f:5a:ea:26:2c:8c:16:
c3:80:5a:c2:5d:40:c5:65:1c:e2:9a:e3:d6:65:16:ee:dc:17:
30:d8:26:87:92:d0:ef:c7:72:07:99:86:05:9e:49:35:41:33:
b9:bb:cb:1b:25:50:70:85:e3:0f:c7:b9:b2:37:00:1b:87:a2:
47:97:34:5b:cd:dc:66:22:e5:de:25:ec:57:fe:37:75:2c:03:
10:f4:d4:a7:cc:f5:4b:0b:ff:eb:d3:a6:78:2e:cd:8f:65:51:
a7:8c:ef:83:67:ec:94:13:c2:1f:74:74:55:7c:a3:0b:b7:2f:
80:5a:62:04:1d:a2:c0:c1:de:b2:7d:31:3b:a1:fa:f7:40:a7:
bd:12:25:95:5b:8b
-----BEGIN CERTIFICATE-----
MIIDITCCAYmgAwIBAgIIa7MYPN71IAcwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDIxMDE3NDQyMFoYDzIwNTIwMjAz
MTc0NDIwWjAlMSMwIQYDVQQDDBpzcnYwMS5jbGllbnQwMS5leGFtcGxlLmNvbTB2
MBAGByqGSM49AgEGBSuBBAAiA2IABF6TanradcxkCOT4+S8rhTbu4d/6zUxg8US1
Fnv5A8+gCGdvriejlYpoHmOrzy4gYlLnjD4e794NaWRltuTf/hpI+Gh1hIMR+4FZ
DsGWSH8k2hHdrMsKxQl4JDE63zfms6MpMCcwJQYDVR0RBB4wHIIac3J2MDEuY2xp
ZW50MDEuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggGBAIK9649OpdJGx9hw
PDQdWEMbgRZdwrB2S6nyEBQj5O/cWQO2f7BANOXQgkuVpgeaRVGUzwjCTslE1fO2
7fKgAZSt4A4Pq4VvNUsHyJcl+2n/oZm87HBsUbUylenJRc9F4sVesVmi4fKDyIdo
xGDi21BsGGQbmprMfOf92fK30d4d7CnJWNt7mqEGms42oEUQ3H2BJCE0MExx+fyW
N9bPDZ0REsdivBlbeeXgN+gXNksTr/osLjbZvlPhw/m8lKZ6lxSZNvkUOBEgOiqd
/WRj0KKP8JmpAspXSNJ9ZUS2haA47OgZfsJI4x0iU8871AqY4XJi7IsBP1rqJiyM
FsOAWsJdQMVlHOKa49ZlFu7cFzDYJoeS0O/HcgeZhgWeSTVBM7m7yxslUHCF4w/H
ubI3ABuHokeXNFvN3GYi5d4l7Ff+N3UsAxD01KfM9UsL/+vTpnguzY9lUaeM74Nn
7JQTwh90dFV8owu3L4BaYgQdosDB3rJ9MTuh+vdAp70SJZVbiw==
-----END CERTIFICATE-----

68
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52008.pem Normal file
View File

@ -0,0 +1,68 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7760573232607207432 (0x6bb3183cdef52008)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Feb 11 13:21:12 2022 GMT
Not After : Feb 4 13:21:12 2052 GMT
Subject: CN=srv01.client02-ns2.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:e6:45:fa:57:12:6c:59:10:23:8b:7a:5c:76:33:
eb:3b:41:fa:b7:1c:90:b3:2f:33:2d:45:7b:e3:e5:
b6:a5:a2:a2:a4:14:f4:50:9d:b0:c6:38:ba:e9:45:
65:a4:65:b9:10:32:2f:93:9b:d5:d8:cf:b4:29:5b:
dc:4e:c8:ec:a6:9f:58:76:24:f4:c5:d1:48:55:52:
eb:5d:b0:85:93:85:ee:3e:b8:c4:b1:cd:08:59:95:
12:ff:7b:9b:ee:6a:b9
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv01.client02-ns2.example.com
Signature Algorithm: sha256WithRSAEncryption
43:ec:0f:62:17:f6:f4:90:3b:7c:36:21:f2:18:94:a6:42:51:
1e:1d:2a:43:8f:05:b7:8d:3c:ca:f0:20:2f:65:4b:be:48:ad:
6a:0a:cc:2d:1f:d6:27:1d:af:4a:36:86:ed:0d:03:75:c5:71:
ec:58:9b:ec:f9:0f:e4:83:ef:6f:91:da:20:73:47:ac:e7:c7:
8b:22:b2:d1:6e:a0:b0:d6:1c:4c:70:1e:74:08:1d:7f:61:06:
e5:be:f3:e8:c4:15:60:e2:b0:02:9b:f0:13:af:76:5b:a8:c7:
91:2c:10:5f:0d:32:89:51:5a:7f:17:1b:7c:c6:46:97:ee:e7:
bb:8a:48:38:a2:52:d4:ff:3b:1c:ec:4a:a9:8c:a5:23:3a:04:
bb:d7:b8:ad:5b:69:7f:1d:be:ca:96:e0:eb:56:05:43:ee:c8:
ff:2c:48:03:00:c6:c2:ac:fc:4e:15:47:86:c5:33:ed:70:f6:
98:bc:0b:07:b9:5b:1a:ec:fd:3c:bf:26:61:68:fc:db:02:55:
07:ae:76:0e:be:ff:c5:b8:56:fb:52:54:a4:b1:2d:64:b4:1d:
55:02:4f:da:06:bd:26:e4:22:d2:94:1f:7e:29:c4:97:10:d1:
75:7d:41:53:be:46:52:70:b1:d9:ff:bb:9f:96:19:e3:a0:ba:
d0:4a:5a:8d:da:22:73:89:f0:4c:e6:18:80:53:be:bd:64:56:
6a:c9:58:71:40:66:9e:4a:3e:31:3b:74:9e:6e:6a:f5:65:ca:
93:06:52:00:74:65:a0:3a:eb:2e:56:56:d2:a5:4b:0e:85:17:
25:78:cb:f3:f9:53:7b:85:f9:82:15:87:bc:36:70:b5:69:64:
48:11:79:b9:2c:2e:cc:09:fd:0f:b0:b7:cd:97:3b:c7:0f:49:
1a:fc:15:49:d6:1c:a9:dc:14:ff:44:d2:be:5a:36:00:66:0c:
d5:b8:bf:16:9e:60:27:79:c0:f5:b4:ff:2f:af:8c:b2:49:75:
61:44:05:1a:e8:cd
-----BEGIN CERTIFICATE-----
MIIDKTCCAZGgAwIBAgIIa7MYPN71IAgwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDIxMTEzMjExMloYDzIwNTIwMjA0
MTMyMTEyWjApMScwJQYDVQQDDB5zcnYwMS5jbGllbnQwMi1uczIuZXhhbXBsZS5j
b20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATmRfpXEmxZECOLelx2M+s7Qfq3HJCz
LzMtRXvj5baloqKkFPRQnbDGOLrpRWWkZbkQMi+Tm9XYz7QpW9xOyOymn1h2JPTF
0UhVUutdsIWThe4+uMSxzQhZlRL/e5vuarmjLTArMCkGA1UdEQQiMCCCHnNydjAx
LmNsaWVudDAyLW5zMi5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAYEAQ+wP
Yhf29JA7fDYh8hiUpkJRHh0qQ48Ft408yvAgL2VLvkitagrMLR/WJx2vSjaG7Q0D
dcVx7Fib7PkP5IPvb5HaIHNHrOfHiyKy0W6gsNYcTHAedAgdf2EG5b7z6MQVYOKw
ApvwE692W6jHkSwQXw0yiVFafxcbfMZGl+7nu4pIOKJS1P87HOxKqYylIzoEu9e4
rVtpfx2+ypbg61YFQ+7I/yxIAwDGwqz8ThVHhsUz7XD2mLwLB7lbGuz9PL8mYWj8
2wJVB652Dr7/xbhW+1JUpLEtZLQdVQJP2ga9JuQi0pQffinElxDRdX1BU75GUnCx
2f+7n5YZ46C60Epajdoic4nwTOYYgFO+vWRWaslYcUBmnko+MTt0nm5q9WXKkwZS
AHRloDrrLlZW0qVLDoUXJXjL8/lTe4X5ghWHvDZwtWlkSBF5uSwuzAn9D7C3zZc7
xw9JGvwVSdYcqdwU/0TSvlo2AGYM1bi/Fp5gJ3nA9bT/L6+Mskl1YUQFGujN
-----END CERTIFICATE-----

69
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52009.pem Normal file
View File

@ -0,0 +1,69 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7760573232607207433 (0x6bb3183cdef52009)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Aug 14 05:00:00 2012 GMT
Not After : Aug 14 06:00:00 2012 GMT
Subject: CN=srv01.client03-ns2-expired.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:38:9a:9b:c2:6a:82:a6:d1:50:8a:78:7a:d1:be:
61:be:d4:b6:d3:d6:a2:02:97:a4:48:50:c0:c5:1d:
d8:2d:23:19:25:6e:91:02:1d:69:c2:77:d6:f1:a8:
4f:4a:9a:1d:3c:69:5a:89:41:0a:f2:e0:64:57:1b:
0e:9e:df:9f:4c:7b:3c:42:dc:21:c8:2c:95:ab:b3:
4c:5f:56:c4:70:ee:8a:a4:e4:46:c4:9e:98:f5:c8:
7b:b2:73:d7:45:93:f0
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv01.client03-ns2-expired.example.com
Signature Algorithm: sha256WithRSAEncryption
38:12:1f:5f:26:b6:8e:9b:3f:77:89:5a:b8:e8:46:78:c3:d6:
f0:0c:67:5f:d5:a3:9c:f6:f2:0a:ae:9c:87:74:9f:a3:5b:8a:
27:58:47:e5:78:1a:e9:db:b5:cc:28:a7:f8:18:e3:e7:20:43:
cf:82:06:5d:a1:d0:82:ab:15:be:86:46:1e:e6:4d:ad:78:a4:
16:6c:99:41:3d:29:21:c8:6b:9d:3d:4a:cd:93:37:1f:1c:88:
c7:ae:b6:7c:73:42:57:57:32:9d:e8:c6:e2:3e:da:12:57:3e:
c8:56:4a:bb:d4:01:fc:8e:30:8d:19:fe:61:3d:5e:02:64:65:
a2:46:b3:6e:ea:f9:cb:4e:f0:b9:f6:bc:6b:38:10:19:d0:93:
f8:f7:d9:4c:d2:87:2c:7f:dc:f5:00:c6:29:dd:00:5e:d2:f4:
df:52:fb:7a:5a:ad:98:36:77:72:1f:01:ed:48:91:48:16:2d:
35:a5:15:21:98:ff:7e:5d:a1:45:c9:5f:9d:c2:3e:e5:98:e2:
ee:ce:4d:18:76:3d:8a:0a:64:9b:f1:19:9d:b6:82:af:1b:15:
d3:48:69:f1:9b:67:76:1b:41:8e:1d:69:d5:31:64:95:01:41:
73:c1:a9:29:53:6b:f3:29:ad:e0:96:52:8e:3e:8d:c1:8e:d8:
b5:0c:94:5f:a2:6c:3c:0f:3e:5b:10:af:21:00:74:d0:b7:30:
6c:44:fb:3d:09:46:8d:1d:e6:c2:e4:0a:5b:f4:eb:e1:71:c7:
d5:36:13:90:05:fe:65:16:61:24:b5:41:f2:10:bd:2c:c3:34:
69:15:25:d1:32:f2:b3:d7:da:23:1b:e9:5b:33:63:43:c8:dc:
68:f2:31:b5:93:0e:64:ea:9a:45:36:9f:96:44:38:1e:4e:d8:
45:ba:37:68:06:4d:da:d4:16:d3:3e:77:86:4e:8d:58:d6:06:
a8:60:11:4d:d9:81:f3:85:2b:ee:58:50:6e:ea:2b:f7:84:00:
9c:ec:a1:90:d4:94
-----BEGIN CERTIFICATE-----
MIIDNzCCAZ+gAwIBAgIIa7MYPN71IAkwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
DBNjYS50ZXN0LmV4YW1wbGUuY29tMB4XDTEyMDgxNDA1MDAwMFoXDTEyMDgxNDA2
MDAwMFowMTEvMC0GA1UEAwwmc3J2MDEuY2xpZW50MDMtbnMyLWV4cGlyZWQuZXhh
bXBsZS5jb20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQ4mpvCaoKm0VCKeHrRvmG+
1LbT1qICl6RIUMDFHdgtIxklbpECHWnCd9bxqE9Kmh08aVqJQQry4GRXGw6e359M
ezxC3CHILJWrs0xfVsRw7oqk5EbEnpj1yHuyc9dFk/CjNTAzMDEGA1UdEQQqMCiC
JnNydjAxLmNsaWVudDAzLW5zMi1leHBpcmVkLmV4YW1wbGUuY29tMA0GCSqGSIb3
DQEBCwUAA4IBgQA4Eh9fJraOmz93iVq46EZ4w9bwDGdf1aOc9vIKrpyHdJ+jW4on
WEfleBrp27XMKKf4GOPnIEPPggZdodCCqxW+hkYe5k2teKQWbJlBPSkhyGudPUrN
kzcfHIjHrrZ8c0JXVzKd6MbiPtoSVz7IVkq71AH8jjCNGf5hPV4CZGWiRrNu6vnL
TvC59rxrOBAZ0JP499lM0ocsf9z1AMYp3QBe0vTfUvt6Wq2YNndyHwHtSJFIFi01
pRUhmP9+XaFFyV+dwj7lmOLuzk0Ydj2KCmSb8RmdtoKvGxXTSGnxm2d2G0GOHWnV
MWSVAUFzwakpU2vzKa3gllKOPo3Bjti1DJRfomw8Dz5bEK8hAHTQtzBsRPs9CUaN
HebC5Apb9OvhccfVNhOQBf5lFmEktUHyEL0swzRpFSXRMvKz19ojG+lbM2NDyNxo
8jG1kw5k6ppFNp+WRDgeTthFujdoBk3a1BbTPneGTo1Y1gaoYBFN2YHzhSvuWFBu
6iv3hACc7KGQ1JQ=
-----END CERTIFICATE-----

39
bin/tests/system/doth/CA/private/CA.key Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG5AIBAAKCAYEAouoRHoAc6VCmxNTU6Ge7s+xDFGO0wXJJIsP+8nUyyjWvGCOC
aQYLhb1kLA2NHRhSSKFcMh8jcd7Hlvy6CAec1j2dsWzryy3HgPrdjWaW3PfBO41D
lUtdt8hA/p6pX2YwqvWbdK/3s8J0LY5xRZKNZnFOB/Sb4PGiIJ1NgMRO/M3IlPQm
PO/faRRTU4SI26KCPKFW342826Zi88YwOd6w5mQU4fskk5TGtlNqE+Fj40ZbWVpy
VXoEUS6RveRp020NX5CQG49SLtdF05AnnsATqmgNVCXptGuqW8uaHRONeGO3NBEy
nJmibWBDUMjtCCcGVgyrVXuTkyAJJWpImnshUwgMNYebRwmC2iVv2LtsJS5eUTUH
EWffnFl55XU2PkyNYgY35gA4y3SiWFJYV8+5FibU4ut0nb+lmHBF8WlqcU/kd3tp
Gkf0exjqOIHZFqV9bIhpUbXhxx9v9+gkkGQ9nrXE1KRlvigxxUeIK5xHy9a7fVIL
wo6WuCnLLJmbVkklAgMBAAECggGBAI5ZV3v/FUQIZK+4CBDKEwizeClotZgR9DWc
bDgOj8KABe5hmKGL1qWVRuH3NUYm6j7sP1LMQnxM3LjhOuupOzE3xYIyWhW+eoQI
r23OJiQNl5ohZNweblUXdTMGD5h8AipfUOY0m4tGbZ0gyXixBTxt5HCvG0UB3VgC
GqZY4Wujo5ADhSXZsqxuRiDDvZGr/YBcuTu87Tg/ulam5ZyrKIcnC9gpSVxqsva9
DAMy/cSoxUjd7ukhJISK3G3AF3fV4GSslQcJTlyJ2D3+LnqPuHJKYTI4hc46lN3x
E2g24GdSCPYf6SoEPwACXtbavV8TXwQPJrHN+f+0/ePCI4jkYe5NoA3gwVgMb/WB
wFchxzVh3V4e8tPGiG+ofKl81DSAW8VZCJLUIbTEce9oxafPT78WJxdC0wWbh5S8
V/qN6sW/yWnK3oY9SilWhJGRwKOZ+8xtStaDeCzyCaOqEcWi8ZR0QfC33UozlhdC
SrMKnOXmn/rUuXGrVR56IzIl0M7YAQKBwQDM3GJDdlFuHn6L0syKYdHDS8gXD9ke
s+ochIP6jvkEPcayaEoZGl8s7RT3iztqXod7wLaZdotktxfDAZnJfeuOcVrCu+Bx
HLytnBvV6czMfp3REGgQAJQeusSgtlBCTHHVOsDzIjdnkY3WBa7IiFYWO5wnYrGx
r3ucnwnHaUVDMj1r4YI7mYIpCuYQl6eGyW7mhWewyhVwoQXKbifdrXxjvOigL0Cp
tgsoU9pql3hpphOaYMX6hLOincTfaMxfnCECgcEAy5UXp3dA0OwK+4iDGKr+cUpk
AtGTheiE+8zEVh2KYFLt921mW/QZiB1+xtnkknp3c7u07Ugk8jAEXzCkwMnN5ZCx
LrJ72fC+cLIAbRm6/vMMP8iz83wyttao4qNMeoOBBfE9rEiP+lrugpv282V3ZHYa
IUZWTeugJbckUHTbD3RZQExmQcRVG3m/TzonBfoZ8HoRj/n3d7V2T911cHUhi8Xn
RQIi2m63VofOIep86LgartlKneMWnL0oOPq4RKyFAoHAZUzpDkD4nUJZAx025Yrf
ZfoYNEcy7vq6XmWsuX5vZoiBs4DcezNOMvH9NzdTJxMdXbV61cIHxcK/7j7hZABv
NZ2Z6sdqgaRbLGIQZaPaEJjfwxygyKDwnY1vY6UjZNVWSMFn3hJiYUVZZKakuiao
ow/Q9KzZ/2ot7tG5zTCh/ktekfUOKBiNg2wPPc8wGPeMblMzZflXxrzpFyOHdRev
dcZZJbSX/hO1yrhEPgculNd5xBHsdCegiF4JlwvEW9bhAoHAZQQiy5bx03j8bhkr
q6bVQFPAUmG5iL16lxLg7TYVPnyH1bk0DDaQIKk6CeN+dmxML2IZgY/FvWK0GKOj
bIH2J43nTRuFNvwtEvBQI9KbpfvlvRSSriOXaoATJvoObdAoylEM4BrVTk2mgapw
HA/h8Thk+NPU6S8ctPouC7ogJIf/7Va7erC35j0//0kEqgOSsW9wnXdUItMo1LI3
nsiQD7Hwcp5/utErKcWTM+MNfdA0dUQesT9ILhfyCGvn2TOdAoHBAKldZkDyRcu9
r9uDF1bhUEnpV2k4hgvTuCvQ3rzyx3WrVT8ChEmePC8Ke5A54ffu/YdbpDLbdf2c
j4n5CQhHbMIZs3P2hB3WqDCImApCfMbXaltfBbaT0j7uLJPMp+2+f/wWYpc3R+bn
HVnaRI2PoXXmG9OjQSQdVZ5gNpkEuemAo3dJOSS6BMqQaSxUynGy7o/a/d4izBjd
B58Fwq3sZI/Xv90Se9+b6ICST3YJ3p0vn8RKzmlCQjLg/xynpCByiw==
-----END RSA PRIVATE KEY-----

1
bin/tests/system/doth/CA/serial Normal file
View File

@ -0,0 +1 @@
6BB3183CDEF5200A

0
bin/tests/system/doth/ns2/dhparam3072.pem → bin/tests/system/doth/dhparam3072.pem
View File

2676
bin/tests/system/doth/example8.axfr.good Normal file
View File

File diff suppressed because it is too large Load Diff

16
bin/tests/system/doth/get_openssl_version.py Executable file
View File

@ -0,0 +1,16 @@
#!/usr/bin/env python
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
import ssl
version = ssl.OPENSSL_VERSION_INFO
print(version[0], version[1], version[2])

99
bin/tests/system/doth/ns1/named.conf.in
View File

@ -25,18 +25,46 @@ tls tls-forward-secrecy {
protocols { TLSv1.2; };
ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384";
prefer-server-ciphers yes;
key-file "../ns2/key.pem";
cert-file "../ns2/cert.pem";
dhparam-file "../ns2/dhparam3072.pem";
key-file "../CA/certs/srv01.crt01.example.com.key";
cert-file "../CA/certs/srv01.crt01.example.com.pem";
dhparam-file "../dhparam3072.pem";
};
tls tls-pfs-aes256 {
protocols { TLSv1.2; };
ciphers "AES256:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384";
prefer-server-ciphers yes;
key-file "../ns2/key.pem";
cert-file "../ns2/cert.pem";
dhparam-file "../ns2/dhparam3072.pem";
key-file "../CA/certs/srv01.crt01.example.com.key";
cert-file "../CA/certs/srv01.crt01.example.com.pem";
dhparam-file "../dhparam3072.pem";
};
tls tls-no-subject-alt-name {
protocols { TLSv1.2; };
ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384";
prefer-server-ciphers yes;
key-file "../CA/certs/srv01.crt02-no-san.example.com.key";
cert-file "../CA/certs/srv01.crt02-no-san.example.com.pem";
dhparam-file "../dhparam3072.pem";
};
tls tls-expired {
protocols { TLSv1.2; };
ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384";
prefer-server-ciphers yes;
key-file "../CA/certs/srv01.crt03-expired.example.com.key";
cert-file "../CA/certs/srv01.crt03-expired.example.com.pem";
dhparam-file "../dhparam3072.pem";
};
tls tls-forward-secrecy-mutual-tls {
protocols { TLSv1.2; };
ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384";
prefer-server-ciphers yes;
key-file "../CA/certs/srv01.crt01.example.com.key";
cert-file "../CA/certs/srv01.crt01.example.com.pem";
dhparam-file "../dhparam3072.pem";
ca-file "../CA/CA.pem";
};
options {
@ -55,6 +83,11 @@ options {
listen-on-v6 { none; };
listen-on port @EXTRAPORT1@ tls tls-pfs-aes256 { 10.53.0.1; }; // DoT
listen-on-v6 port @EXTRAPORT1@ tls tls-pfs-aes256 { fd92:7065:b8e:ffff::1;};
listen-on port @EXTRAPORT2@ tls tls-no-subject-alt-name { 10.53.0.1; }; // DoT
listen-on port @EXTRAPORT3@ tls tls-no-subject-alt-name http local { 10.53.0.1; }; // DoH
listen-on port @EXTRAPORT4@ tls tls-expired { 10.53.0.1; }; // DoT
listen-on port @EXTRAPORT5@ tls tls-forward-secrecy-mutual-tls { 10.53.0.1; }; // DoT
listen-on port @EXTRAPORT6@ tls tls-forward-secrecy-mutual-tls http local { 10.53.0.1; }; // DoH
recursion no;
notify explicit;
also-notify { 10.53.0.2 port @PORT@; };
@ -80,3 +113,57 @@ zone "example2" {
file "example.db";
allow-transfer port @EXTRAPORT1@ transport tls { any; };
};
zone "example3" {
type primary;
file "example.db";
allow-transfer port @EXTRAPORT3@ transport tls { any; };
};
zone "example4" {
type primary;
file "example.db";
allow-transfer transport tls { any; };
};
zone "example5" {
type primary;
file "example.db";
allow-transfer transport tls { any; };
};
zone "example6" {
type primary;
file "example.db";
allow-transfer transport tls { any; };
};
zone "example7" {
type primary;
file "example.db";
allow-transfer transport tls { any; };
};
zone "example8" {
type primary;
file "example.db";
allow-transfer transport tls { any; };
};
zone "example9" {
type primary;
file "example.db";
allow-transfer port @EXTRAPORT5@ transport tls { any; };
};
zone "example10" {
type primary;
file "example.db";
allow-transfer port @EXTRAPORT5@ transport tls { any; };
};
zone "example11" {
type primary;
file "example.db";
allow-transfer port @EXTRAPORT5@ transport tls { any; };
};

125
bin/tests/system/doth/ns2/named.conf.in
View File

@ -18,9 +18,9 @@ controls {
};
tls local {
key-file "key.pem";
cert-file "cert.pem";
dhparam-file "dhparam3072.pem";
key-file "../CA/certs/srv02.crt01.example.com.key";
cert-file "../CA/certs/srv02.crt01.example.com.pem";
dhparam-file "../dhparam3072.pem";
};
http local {
@ -56,9 +56,126 @@ zone "." {
file "../../common/root.hint";
};
tls tls-example-primary {
hostname "srv01.crt01.example.com"; // enable Strict TLS
ca-file "../CA/CA.pem";
};
zone "example" {
type secondary;
primaries { 10.53.0.1 tls ephemeral; };
primaries { 10.53.0.1 tls tls-example-primary; };
file "example.db";
allow-transfer { any; };
};
# the server's certificate does not contain SubjectAltName, which is required for DoT
tls tls-example-primary-no-san {
hostname "srv01.crt02-no-san.example.com"; // enable Strict TLS
ca-file "../CA/CA.pem";
};
zone "example3" {
type secondary;
primaries { 10.53.0.1 port @EXTRAPORT2@ tls tls-example-primary-no-san; };
file "example3.db";
allow-transfer { any; };
};
# As you can see, the "hostname" is missing, but "ca-file" is
# specified. As the result, the primaries server certificate will be
# verified using the IP address instead of hostname. That is fine,
# because the server certificate is issued with IP address in the
# SubjectAltName section.
tls tls-example-primary-strict-tls-no-hostname {
ca-file "../CA/CA.pem"; // enable Strict TLS
};
zone "example4" {
type secondary;
primaries { 10.53.0.1 tls tls-example-primary-strict-tls-no-hostname; };
file "example4.db";
allow-transfer { any; };
};
tls tls-example-primary-strict-tls-ipv4 {
hostname "10.53.0.1"; # the IP is in the server's cert SAN
ca-file "../CA/CA.pem"; # enable Strict TLS
};
zone "example5" {
type secondary;
primaries { 10.53.0.1 tls tls-example-primary-strict-tls-ipv4; };
file "example5.db";
allow-transfer { any; };
};
tls tls-example-primary-strict-tls-ipv6 {
hostname "fd92:7065:b8e:ffff::1"; # the IP is in the server's cert SAN
ca-file "../CA/CA.pem"; # enable Strict TLS
};
zone "example6" {
type secondary;
primaries { 10.53.0.1 tls tls-example-primary-strict-tls-ipv6; };
file "example6.db";
allow-transfer { any; };
};
tls tls-example-primary-strict-tls-wrong-host {
hostname "not-present.example.com"; # this is not present in the server's cert SAN
ca-file "../CA/CA.pem"; # enable Strict TLS
};
zone "example7" {
type secondary;
primaries { 10.53.0.1 tls tls-example-primary-strict-tls-wrong-host; };
file "example7.db";
allow-transfer { any; };
};
tls tls-example-primary-strict-tls-expired {
hostname "srv01.crt03-expired.example.com";
ca-file "../CA/CA.pem";
};
zone "example8" {
type secondary;
primaries { 10.53.0.1 port @EXTRAPORT4@ tls tls-example-primary-strict-tls-expired; };
file "example8.db";
allow-transfer { any; };
};
tls tls-example-primary-mutual-tls {
hostname "srv01.crt01.example.com";
ca-file "../CA/CA.pem";
cert-file "../CA/certs/srv01.client02-ns2.example.com.pem";
key-file "../CA/certs/srv01.client02-ns2.example.com.key";
};
zone "example9" {
type secondary;
primaries { 10.53.0.1 port @EXTRAPORT5@ tls tls-example-primary-mutual-tls; };
file "example9.db";
allow-transfer { any; };
};
zone "example10" {
type secondary;
primaries { 10.53.0.1 port @EXTRAPORT5@ tls tls-example-primary; };
file "example10.db";
allow-transfer { any; };
};
tls tls-example-primary-mutual-tls-expired {
hostname "srv01.crt01.example.com";
ca-file "../CA/CA.pem";
cert-file "../CA/certs/srv01.client03-ns2-expired.example.com.pem";
key-file "../CA/certs/srv01.client03-ns2-expired.example.com.key";
};
zone "example11" {
type secondary;
primaries { 10.53.0.1 port @EXTRAPORT5@ tls tls-example-primary-mutual-tls-expired; };
file "example11.db";
allow-transfer { any; };
};

6
bin/tests/system/doth/ns3/named.conf.in
View File

@ -18,9 +18,9 @@ controls {
};
tls local {
key-file "../ns2/key.pem";
cert-file "../ns2/cert.pem";
dhparam-file "../ns2/dhparam3072.pem";
key-file "../CA/certs/srv03.crt01.example.com.key";
cert-file "../CA/certs/srv03.crt01.example.com.pem";
dhparam-file "../dhparam3072.pem";
};
http local {

6
bin/tests/system/doth/ns4/named.conf.in
View File

@ -25,9 +25,9 @@ controls {
};
tls local {
key-file "../ns2/key.pem";
cert-file "../ns2/cert.pem";
dhparam-file "../ns2/dhparam3072.pem";
key-file "../CA/certs/srv04.crt01.example.com.key";
cert-file "../CA/certs/srv04.crt01.example.com.pem";
dhparam-file "../dhparam3072.pem";
};
http local {

268
bin/tests/system/doth/tests.sh
View File

@ -16,6 +16,38 @@
common_dig_options="+noadd +nosea +nostat +noquest +nocmd"
msg_xfrs_not_allowed=";; zone transfers over the established TLS connection are not allowed"
msg_peer_verification_failed=";; TLS peer certificate verification"
ca_file="./CA/CA.pem"
if [ -x "$PYTHON" ]; then
OPENSSL_VERSION=$("$PYTHON" "$TOP_SRCDIR/bin/tests/system/doth/get_openssl_version.py")
OPENSSL_VERSION_MAJOR=$(echo "$OPENSSL_VERSION" | cut -d ' ' -f 1)
OPENSSL_VERSION_MINOR=$(echo "$OPENSSL_VERSION" | cut -d ' ' -f 2)
fi
# According to the RFC 8310, Section 8.1, Subject field MUST
# NOT be inspected when verifying a hostname when using
# DoT. Only SubjectAltName must be checked instead. That is
# not the case for HTTPS, though.
# Unfortunately, some quite old versions of OpenSSL (< 1.1.1)
# might lack the functionality to implement that. It should
# have very little real-world consequences, as most of the
# production-ready certificates issued by real CAs will have
# SubjectAltName set. In such a case, the Subject field is
# ignored.
#
# On the platforms with too old TLS versions, e.g. RedHat 7, we should
# ignore the tests checking the correct handling of absence of
# SubjectAltName.
if [ -n "$OPENSSL_VERSION" ]; then
if [ $OPENSSL_VERSION_MAJOR -gt 1 ]; then
run_san_tests=1
elif [ $OPENSSL_VERSION_MAJOR -eq 1 ] && [ $OPENSSL_VERSION_MINOR -ge 1 ]; then
run_san_tests=1
fi
fi
dig_with_tls_opts() {
# shellcheck disable=SC2086
@ -73,6 +105,120 @@ fi
if test $ret != 0 ; then echo_i "failed"; fi
status=$((status+ret))
if [ -n "$run_san_tests" ]; then
n=$((n + 1))
echo_i "testing incoming XoT functionality (from the first secondary, no SubjectAltName, failure expected) ($n)"
ret=0
if retry_quiet 10 wait_for_tls_xfer 2 example3; then
grep "^;" "dig.out.ns2.example3.test$n" | cat_i
test -f "ns2/example3.db" && ret=1
else
echo_i "timed out waiting for zone transfer"
fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
fi
n=$((n + 1))
echo_i "testing incoming XoT functionality (from the first secondary, StrictTLS via implicit IP) ($n)"
ret=0
if retry_quiet 10 wait_for_tls_xfer 2 example4; then
grep "^;" "dig.out.ns2.example4.test$n" | cat_i
test -f "ns2/example4.db" || ret=1
else
echo_i "timed out waiting for zone transfer"
ret=1
fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
n=$((n + 1))
echo_i "testing incoming XoT functionality (from the first secondary, StrictTLS via specified IPv4) ($n)"
ret=0
if retry_quiet 10 wait_for_tls_xfer 2 example5; then
grep "^;" "dig.out.ns2.example5.test$n" | cat_i
test -f "ns2/example5.db" || ret=1
else
echo_i "timed out waiting for zone transfer"
ret=1
fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
n=$((n + 1))
echo_i "testing incoming XoT functionality (from the first secondary, StrictTLS via specified IPv6) ($n)"
ret=0
if retry_quiet 10 wait_for_tls_xfer 2 example6; then
grep "^;" "dig.out.ns2.example6.test$n" | cat_i
test -f "ns2/example6.db" || ret=1
else
echo_i "timed out waiting for zone transfer"
ret=1
fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
n=$((n + 1))
echo_i "testing incoming XoT functionality (from the first secondary, wrong hostname, failure expected) ($n)"
ret=0
if retry_quiet 10 wait_for_tls_xfer 2 example7; then
grep "^;" "dig.out.ns2.example7.test$n" | cat_i
test -f "ns2/example7.db" && ret=1
else
echo_i "timed out waiting for zone transfer"
fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
n=$((n + 1))
echo_i "testing incoming XoT functionality (from the first secondary, expired certificate, failure expected) ($n)"
ret=0
if retry_quiet 10 wait_for_tls_xfer 2 example8; then
grep "^;" "dig.out.ns2.example8.test$n" | cat_i
test -f "ns2/example8.db" && ret=1
else
echo_i "timed out waiting for zone transfer"
fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
n=$((n + 1))
echo_i "testing incoming XoT functionality (from the first secondary, MutualTLS) ($n)"
ret=0
if retry_quiet 10 wait_for_tls_xfer 2 example9; then
grep "^;" "dig.out.ns2.example9.test$n" | cat_i
test -f "ns2/example9.db" || ret=1
else
echo_i "timed out waiting for zone transfer"
ret=1
fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
n=$((n + 1))
echo_i "testing incoming XoT functionality (from the first secondary, MutualTLS, no client cert, failure expected) ($n)"
ret=0
if retry_quiet 10 wait_for_tls_xfer 2 example10; then
grep "^;" "dig.out.ns2.example10.test$n" | cat_i
test -f "ns2/example10.db" && ret=1
else
echo_i "timed out waiting for zone transfer"
fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
n=$((n + 1))
echo_i "testing incoming XoT functionality (from the first secondary, MutualTLS, expired client cert, failure expected) ($n)"
ret=0
if retry_quiet 10 wait_for_tls_xfer 2 example11; then
grep "^;" "dig.out.ns2.example11.test$n" | cat_i
test -f "ns2/example11.db" && ret=1
else
echo_i "timed out waiting for zone transfer"
fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
n=$((n+1))
echo_i "testing incoming XoT functionality (from the second secondary) ($n)"
ret=0
@ -474,6 +620,128 @@ grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
n=$((n + 1))
echo_i "checking DoT query (with TLS verification enabled) ($n)"
ret=0
dig_with_tls_opts +tls-ca="$ca_file" +tls-hostname="srv01.crt01.example.com" @10.53.0.1 . SOA > dig.out.test$n
grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
n=$((n + 1))
echo_i "checking DoH query (with TLS verification enabled, self-signed cert, failure expected) ($n)"
ret=0
dig_with_https_opts +tls-ca="$ca_file" +tls-hostname="srv01.crt01.example.com" @10.53.0.1 . SOA > dig.out.test$n
grep "$msg_peer_verification_failed" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
n=$((n + 1))
echo_i "checking DoT query (with TLS verification using the system's CA store, failure expected) ($n)"
ret=0
dig_with_tls_opts +tls-ca +tls-hostname="srv01.crt01.example.com" @10.53.0.1 . SOA > dig.out.test$n
grep "$msg_peer_verification_failed" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
n=$((n + 1))
echo_i "checking DoH query (with TLS verification using the system's CA store, failure expected) ($n)"
ret=0
dig_with_https_opts +tls-ca +tls-hostname="srv01.crt01.example.com" @10.53.0.1 . SOA > dig.out.test$n
grep "$msg_peer_verification_failed" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
# the primary server's certificate contains the IP address in the
# SubjectAltName section
n=$((n + 1))
echo_i "checking DoT query (with TLS verification, hostname is not specified, IP address is used instead) ($n)"
ret=0
dig_with_tls_opts +tls-ca="$ca_file" @10.53.0.1 . SOA > dig.out.test$n
grep "$msg_peer_verification_failed" dig.out.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
if [ -n "$run_san_tests" ]; then
# SubjectAltName is required for DoT as according to RFC 8310, Subject
# field MUST NOT be inspected when verifying hostname for DoT.
n=$((n + 1))
echo_i "checking DoT query (with TLS verification enabled when SubjectAltName is not set, failure expected) ($n)"
ret=0
dig_with_tls_opts +tls-ca="$ca_file" +tls-hostname="srv01.crt02-no-san.example.com" @10.53.0.1 . SOA > dig.out.test$n
grep "$msg_peer_verification_failed" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
n=$((n + 1))
echo_i "checking DoT XFR over a TLS port where SubjectAltName is not set (failure expected) ($n)"
ret=0
# shellcheck disable=SC2086
dig_with_tls_opts +tls-ca="$ca_file" +tls-hostname="srv01.crt02-no-san.example.com" -p "${EXTRAPORT2}" +comm @10.53.0.1 . AXFR > dig.out.test$n
grep "$msg_peer_verification_failed" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
fi
# SubjectAltName is not required for HTTPS. Having a properly set
# Common Name in the Subject field is enough.
n=$((n + 1))
echo_i "checking DoH query (when SubjectAltName is not set) ($n)"
ret=0
dig_with_https_opts +tls-ca="$ca_file" +tls-hostname="srv01.crt02-no-san.example.com" -p "${EXTRAPORT3}" +comm @10.53.0.1 . SOA > dig.out.test$n
grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
n=$((n + 1))
echo_i "checking DoT query (expired certificate, Opportunistic TLS) ($n)"
ret=0
dig_with_tls_opts +tls -p "${EXTRAPORT4}" +comm @10.53.0.1 . SOA > dig.out.test$n
grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
n=$((n + 1))
echo_i "checking DoT query (expired certificate, Strict TLS, failure expected) ($n)"
ret=0
dig_with_tls_opts +tls-ca="$ca_file" -p "${EXTRAPORT4}" +comm @10.53.0.1 . SOA > dig.out.test$n
grep "$msg_peer_verification_failed" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
n=$((n+1))
echo_i "testing XoT server functionality (using dig, client certificate required, failure expected) ($n)"
ret=0
dig_with_tls_opts +tls-ca="$ca_file" -p "${EXTRAPORT5}" example8. -b 10.53.0.10 @10.53.0.1 axfr > dig.out.ns1.test$n
grep "; Transfer failed." dig.out.ns1.test$n > /dev/null || ret=1
if test $ret != 0 ; then echo_i "failed"; fi
status=$((status + ret))
n=$((n+1))
echo_i "testing XoT server functionality (using dig, client certificate used) ($n)"
ret=0
dig_with_tls_opts +tls-ca="$ca_file" +tls-certfile="./CA/certs/srv01.client01.example.com.pem" +tls-keyfile="./CA/certs/srv01.client01.example.com.key" -p "${EXTRAPORT5}" example8. -b 10.53.0.10 @10.53.0.1 axfr > dig.out.ns1.test$n
digcomp dig.out.ns1.test$n example8.axfr.good > /dev/null || ret=1
if test $ret != 0 ; then echo_i "failed"; fi
status=$((status + ret))
n=$((n + 1))
echo_i "checking DoH query (client certificate required, failure expected) ($n)"
ret=0
dig_with_https_opts +tls-ca="$ca_file" -p "${EXTRAPORT6}" +comm @10.53.0.1 . SOA > dig.out.test$n
grep "status: NOERROR" dig.out.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
n=$((n + 1))
echo_i "checking DoH query (client certificate used) ($n)"
ret=0
# shellcheck disable=SC2086
dig_with_https_opts +https +tls-ca="$ca_file" +tls-certfile="./CA/certs/srv01.client01.example.com.pem" +tls-keyfile="./CA/certs/srv01.client01.example.com.key" -p "${EXTRAPORT6}" +comm @10.53.0.1 . SOA > dig.out.test$n
grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
test_opcodes() {
EXPECT_STATUS="$1"
shift

4
bin/tests/system/start.pl
View File

@ -204,12 +204,12 @@ sub start_server {
my $child = `$command`;
chomp($child);
# wait up to 40 seconds for the server to start and to write the
# wait up to 60 seconds for the server to start and to write the
# pid file otherwise kill this server and any others that have
# already been started
my $tries = 0;
while (!-s $pid_file) {
if (++$tries > 400) {
if (++$tries > 600) {
print "I:$test:Couldn't start server $command (pid=$child)\n";
print "I:$test:failed\n";
kill "ABRT", $child if ("$child" ne "");