diff --git a/test/certs/cca-clientAuth.pem b/test/certs/cca-clientAuth.pem index 0f31101ff4bf04a9d1fccd1d828a1dbc1baff38a..5e44dce78702dbaaf1f6b1a55fd539d5e9e44aef 100644 --- a/test/certs/cca-clientAuth.pem +++ b/test/certs/cca-clientAuth.pem @@ -15,5 +15,5 @@ YZYCppu6PTwp3UYgAFw6VN+2Hv6fWCwu2rsWLcqkJIJPkmjYATZJU2RkWrRpn23D SWwnam7i+uiJpot8uKhOCIQtrCtP+0Q8lG+6reWHpaNRU3Gcsrc+I98wyWhsx5jd fiLl1Cgb5G7Xz3Ff1ObdR6JdP4Wc9krj3Czbjv3oYFZ2p8LPgui+C7XDb4RBxGUu c4mETHtGSRoX6n25uEXvIia2KCcS44VfA6wYaZtO/Lq7FmJI0QwI8tsm7FG6ccj+ -y54iNhHRG7FCAXOLy2RBrEwQddq5MAwwCgYIKwYBBQUHAwI= +y54iNhHRG7FCAXOLy2RBrEwQddq5MAygCgYIKwYBBQUHAwI= -----END TRUSTED CERTIFICATE----- diff --git a/test/certs/nca+anyEKU.pem b/test/certs/nca+anyEKU.pem index b97a4559fa4ac1543b5ac5c31dbedcee35122443..3ebfede09ca8d08b65dc4ca4e57507c290fd1487 100644 --- a/test/certs/nca+anyEKU.pem +++ b/test/certs/nca+anyEKU.pem @@ -1,6 +1,6 @@ -----BEGIN TRUSTED CERTIFICATE----- MIIDDTCCAfWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 -IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD +IENBMCAXDTIwMTIxMjIwMTcwNFoYDzIxMjAxMjEzMjAxNzA0WjANMQswCQYDVQQD DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W @@ -10,10 +10,10 @@ ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 CLNNsUcCAwEAAaNxMG8wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAkGA1UdEwQCMAAwEwYDVR0l BAwwCgYIKwYBBQUHAwEwDQYDVR0RBAYwBIICQ0EwDQYJKoZIhvcNAQELBQADggEB -AL/aEy4Nk2W2UQNi/0h9MLkiq4J5IkjUocJp4grPUsdUJKu68GFYgWnJSBZjKMhs -X390IUWrRJ8C7SJtyGOhbh2E6Zn7TveI77Mnw2CZpGhy+xieqTFmaIIWJgZVzaTT -3hMhnXImn06k8eJiJiQQAHKr9XKDK9HIiESyBpujIW5hI7wrklkn0asl6DwiXcUw -AuXqNffWpomWI4ZZceOJkr5dSFM9HyksQi4uzj0qYTDyDHJ6BLuGYWbUoB64pnKF -wCn0cPOmbo866l0XqzJlxQYPvwOicAptX8jTjSpYsx5SLripS4KwyfxbGy5If8mT -X4st+BN48+n9wHuDQJ97sBswDDAKBggrBgEFBQcDAQ== +AGMZ+jXtPoEaGGj3vBOxw4Uf9h8G5PWIZOqV8EGdJkPVWSUJ7NM12vqTN8Lfv7UO ++gv1VJL02UO1UWrvDcid37XWBbVLwSjk963se+S8Xzd+I2FQY8+Yy4m5VN6m6Krc +pZt64zsgYROre5yP3gWIvzNa8Ayk/1nmQX1ADAe2tQJeWHROFBim0K3FcjIrhqZ8 +3MUAVJ5Nt3THrVrt3ojIWBOatBJHv+Q2Ii52UZVKG5HMGogRuMjFQy/mwshcBQSz +pxAWfqT2oVmP+K/iBGxikYjtrOOYNW8L8RwShU3j1dFulQZb2SLRRj8/eDBSV++6 +KsEzVayX0uF80Hohuxbq7OAwCDAGBgRVHSUA -----END TRUSTED CERTIFICATE----- diff --git a/test/certs/setup.sh b/test/certs/setup.sh index 43f773e6b4c8ca13fc81a3fb940543e5c7d129ab..c4a6f28fc9c2f8e828658dd2e1f50267ce4a64ae 100755 --- a/test/certs/setup.sh +++ b/test/certs/setup.sh @@ -44,7 +44,7 @@ OPENSSL_KEYBITS=768 \ # primary client-EKU root: croot-cert ./mkcert.sh genroot "Root CA" root-key croot-cert clientAuth -# trust variants: +serverAuth -serverAuth +clientAuth +anyEKU -anyEKU +# trust variants: +serverAuth -serverAuth +clientAuth -clientAuth +anyEKU -anyEKU openssl x509 -in croot-cert.pem -trustout \ -addtrust serverAuth -out croot+serverAuth.pem openssl x509 -in croot-cert.pem -trustout \ @@ -97,11 +97,11 @@ openssl x509 -in ca-cert.pem -trustout \ -addtrust anyExtendedKeyUsage -out ca+anyEKU.pem openssl x509 -in ca-cert.pem -trustout \ -addreject anyExtendedKeyUsage -out ca-anyEKU.pem -# ca-nonca trust variants: +serverAuth, -serverAuth +# ca-nonca trust variants: +serverAuth, +anyEKU openssl x509 -in ca-nonca.pem -trustout \ -addtrust serverAuth -out nca+serverAuth.pem openssl x509 -in ca-nonca.pem -trustout \ - -addtrust serverAuth -out nca+anyEKU.pem + -addtrust anyExtendedKeyUsage -out nca+anyEKU.pem # Intermediate CA security variants: # MD5 issuer signature, @@ -129,7 +129,7 @@ openssl x509 -in cca-cert.pem -trustout \ openssl x509 -in cca-cert.pem -trustout \ -addtrust clientAuth -out cca+clientAuth.pem openssl x509 -in cca-cert.pem -trustout \ - -addtrust clientAuth -out cca-clientAuth.pem + -addreject clientAuth -out cca-clientAuth.pem openssl x509 -in cca-cert.pem -trustout \ -addtrust anyExtendedKeyUsage -out cca+anyEKU.pem openssl x509 -in cca-cert.pem -trustout \