mirror of https://github.com/postgres/postgres
It's not run by the global "check" or "installcheck" targets, because the temporary installation it creates accepts TCP connections from any user the same host, which is insecure.pull/14/head
Heikki Linnakangas
11 years ago
parent
dcbfc00aba
commit
e39250c644
@ -0,0 +1,126 @@ |
|||||||
|
#-------------------------------------------------------------------------
|
||||||
|
#
|
||||||
|
# Makefile for src/test/ssl
|
||||||
|
#
|
||||||
|
# Portions Copyright (c) 1996-2014, PostgreSQL Global Development Group
|
||||||
|
# Portions Copyright (c) 1994, Regents of the University of California
|
||||||
|
#
|
||||||
|
# src/test/ssl/Makefile
|
||||||
|
#
|
||||||
|
#-------------------------------------------------------------------------
|
||||||
|
|
||||||
|
subdir = src/test/ssl
|
||||||
|
top_builddir = ../../..
|
||||||
|
include $(top_builddir)/src/Makefile.global |
||||||
|
|
||||||
|
CERTIFICATES := server_ca server-cn-and-alt-names \
|
||||||
|
server-cn-only server-single-alt-name server-multiple-alt-names \
|
||||||
|
server-no-names server-revoked server-ss \
|
||||||
|
client_ca client client-revoked \
|
||||||
|
root_ca
|
||||||
|
|
||||||
|
SSLFILES := $(CERTIFICATES:%=ssl/%.key) $(CERTIFICATES:%=ssl/%.crt) \
|
||||||
|
ssl/client.crl ssl/server.crl ssl/root.crl \
|
||||||
|
ssl/both-cas-1.crt ssl/both-cas-2.crt \
|
||||||
|
ssl/root+server_ca.crt ssl/root+server.crl \
|
||||||
|
ssl/root+client_ca.crt ssl/root+client.crl
|
||||||
|
|
||||||
|
# This target generates all the key and certificate files.
|
||||||
|
sslfiles: $(SSLFILES) |
||||||
|
|
||||||
|
# Openssl requires a directory to put all generated certificates in. We don't
|
||||||
|
# use this for anything, but we need a location.
|
||||||
|
ssl/new_certs_dir: |
||||||
|
mkdir ssl/new_certs_dir
|
||||||
|
|
||||||
|
# Rule for creating private/public key pairs.
|
||||||
|
ssl/%.key: |
||||||
|
openssl genrsa -out $@ 1024
|
||||||
|
chmod 0600 $@
|
||||||
|
|
||||||
|
# Root CA certificate
|
||||||
|
ssl/root_ca.crt: ssl/root_ca.key cas.config |
||||||
|
touch ssl/root_ca-certindex
|
||||||
|
openssl req -new -out ssl/root_ca.crt -x509 -config cas.config -config root_ca.config -key ssl/root_ca.key
|
||||||
|
echo "01" > ssl/root_ca.srl
|
||||||
|
|
||||||
|
# Client and server CAs
|
||||||
|
ssl/%_ca.crt: ssl/%_ca.key %_ca.config ssl/root_ca.crt ssl/new_certs_dir |
||||||
|
touch ssl/$*_ca-certindex
|
||||||
|
openssl req -new -out ssl/temp_ca.crt -config cas.config -config $*_ca.config -key ssl/$*_ca.key
|
||||||
|
# Sign the certificate with the root CA
|
||||||
|
openssl ca -name root_ca -batch -config cas.config -in ssl/temp_ca.crt -out ssl/temp_ca_signed.crt
|
||||||
|
openssl x509 -in ssl/temp_ca_signed.crt -out ssl/$*_ca.crt # to keep just the PEM cert
|
||||||
|
rm ssl/temp_ca.crt ssl/temp_ca_signed.crt
|
||||||
|
echo "01" > ssl/$*_ca.srl
|
||||||
|
|
||||||
|
# Server certificates, signed by server CA:
|
||||||
|
ssl/server-%.crt: ssl/server-%.key ssl/server_ca.crt server-%.config |
||||||
|
openssl req -new -key ssl/server-$*.key -out ssl/server-$*.csr -config server-$*.config
|
||||||
|
openssl ca -name server_ca -batch -config cas.config -in ssl/server-$*.csr -out ssl/temp.crt -extensions v3_req -extfile server-$*.config
|
||||||
|
openssl x509 -in ssl/temp.crt -out ssl/server-$*.crt # to keep just the PEM cert
|
||||||
|
rm ssl/server-$*.csr
|
||||||
|
|
||||||
|
# Self-signed version of server-cn-only.crt
|
||||||
|
ssl/server-ss.crt: ssl/server-cn-only.key ssl/server-cn-only.crt server-cn-only.config |
||||||
|
openssl req -new -key ssl/server-cn-only.key -out ssl/server-ss.csr -config server-cn-only.config
|
||||||
|
openssl x509 -req -days 10000 -in ssl/server-ss.csr -signkey ssl/server-cn-only.key -out ssl/server-ss.crt -extensions v3_req -extfile server-cn-only.config
|
||||||
|
rm ssl/server-ss.csr
|
||||||
|
|
||||||
|
# Client certificate, signed by the client CA:
|
||||||
|
ssl/client.crt: ssl/client.key ssl/client_ca.crt |
||||||
|
openssl req -new -key ssl/client.key -out ssl/client.csr -config client.config
|
||||||
|
openssl ca -name client_ca -batch -out ssl/temp.crt -config cas.config -infiles ssl/client.csr
|
||||||
|
openssl x509 -in ssl/temp.crt -out ssl/client.crt # to keep just the PEM cert
|
||||||
|
rm ssl/client.csr ssl/temp.crt
|
||||||
|
|
||||||
|
# Another client certificate, signed by the client CA. This one is revoked.
|
||||||
|
ssl/client-revoked.crt: ssl/client-revoked.key ssl/client_ca.crt client.config |
||||||
|
openssl req -new -key ssl/client-revoked.key -out ssl/client-revoked.csr -config client.config
|
||||||
|
openssl ca -name client_ca -batch -out ssl/temp.crt -config cas.config -infiles ssl/client-revoked.csr
|
||||||
|
openssl x509 -in ssl/temp.crt -out ssl/client-revoked.crt # to keep just the PEM cert
|
||||||
|
rm ssl/client-revoked.csr ssl/temp.crt
|
||||||
|
|
||||||
|
# Root certificate files that contains both CA certificates, for testing
|
||||||
|
# that multiple certificates can be used.
|
||||||
|
ssl/both-cas-1.crt: ssl/root_ca.crt ssl/client_ca.crt ssl/server_ca.crt |
||||||
|
cat $^ > $@
|
||||||
|
|
||||||
|
# The same, but the certs are in different order
|
||||||
|
ssl/both-cas-2.crt: ssl/root_ca.crt ssl/server_ca.crt ssl/client_ca.crt |
||||||
|
cat $^ > $@
|
||||||
|
|
||||||
|
# A root certificate file for the client, to validate server certs.
|
||||||
|
ssl/root+server_ca.crt: ssl/root_ca.crt ssl/server_ca.crt |
||||||
|
cat $^ > $@
|
||||||
|
|
||||||
|
# and for the server, to validate client certs
|
||||||
|
ssl/root+client_ca.crt: ssl/root_ca.crt ssl/client_ca.crt |
||||||
|
cat $^ > $@
|
||||||
|
|
||||||
|
#### CRLs
|
||||||
|
|
||||||
|
ssl/client.crl: ssl/client-revoked.crt |
||||||
|
openssl ca -config cas.config -name client_ca -revoke ssl/client-revoked.crt
|
||||||
|
openssl ca -config cas.config -name client_ca -gencrl -out ssl/client.crl
|
||||||
|
|
||||||
|
ssl/server.crl: ssl/server-revoked.crt |
||||||
|
openssl ca -config cas.config -name server_ca -revoke ssl/server-revoked.crt
|
||||||
|
openssl ca -config cas.config -name server_ca -gencrl -out ssl/server.crl
|
||||||
|
|
||||||
|
ssl/root.crl: ssl/root_ca.crt |
||||||
|
openssl ca -config cas.config -name root_ca -gencrl -out ssl/root.crl
|
||||||
|
|
||||||
|
# If a CRL is used, OpenSSL requires a CRL file for *all* the CAs in the
|
||||||
|
# chain, even if some of them are empty.
|
||||||
|
ssl/root+server.crl: ssl/root.crl ssl/server.crl |
||||||
|
cat $^ > $@
|
||||||
|
ssl/root+client.crl: ssl/root.crl ssl/client.crl |
||||||
|
cat $^ > $@
|
||||||
|
|
||||||
|
.PHONY: sslfiles-clean |
||||||
|
sslfiles-clean: |
||||||
|
rm -f $(SSLFILES) ssl/client_ca.srl ssl/server_ca.srl ssl/client_ca-certindex* ssl/server_ca-certindex* ssl/root_ca-certindex* ssl/root_ca.srl ssl/temp_ca.crt ssl/temp_ca_signed.crt
|
||||||
|
|
||||||
|
check: |
||||||
|
$(prove_check)
|
||||||
@ -0,0 +1,83 @@ |
|||||||
|
src/test/ssl/README |
||||||
|
|
||||||
|
SSL regression tests |
||||||
|
==================== |
||||||
|
|
||||||
|
This directory contains a test suite for SSL support. It tests both |
||||||
|
client-side functionality, i.e. verifying server certificates, and |
||||||
|
server-side functionality, i.e. certificate authorization. |
||||||
|
|
||||||
|
Running the tests |
||||||
|
================= |
||||||
|
|
||||||
|
make check |
||||||
|
|
||||||
|
NOTE: This creates a temporary installation, and sets it up to listen for TCP |
||||||
|
connections on localhost. Any user on the same host is allowed to log in to |
||||||
|
the test installation while the tests are running. Do not run this suite |
||||||
|
on a multi-user system where you don't trust all local users! |
||||||
|
|
||||||
|
Certificates |
||||||
|
============ |
||||||
|
|
||||||
|
The test suite needs a set of public/private key pairs and certificates to |
||||||
|
run: |
||||||
|
|
||||||
|
root_ca |
||||||
|
root CA, use to sign the server and client CA certificates. |
||||||
|
|
||||||
|
server_ca |
||||||
|
CA used to sign server certificates. |
||||||
|
|
||||||
|
client_ca |
||||||
|
CA used to sign client certificates. |
||||||
|
|
||||||
|
server-cn-only |
||||||
|
server-cn-and-alt-names |
||||||
|
server-single-alt-name |
||||||
|
server-multiple-alt-names |
||||||
|
server-no-names |
||||||
|
server certificates, with small variations in the hostnames present |
||||||
|
in the certificate. Signed by server_ca. |
||||||
|
|
||||||
|
server-ss |
||||||
|
same as server-cn-only, but self-signed. |
||||||
|
|
||||||
|
client |
||||||
|
a client certificate, for user "ssltestuser". Signed by client_ca. |
||||||
|
|
||||||
|
client-revoked |
||||||
|
like "client", but marked as revoked in the client CA's CRL. |
||||||
|
|
||||||
|
In addition, there are a few files that combine various certificates together |
||||||
|
in the same file: |
||||||
|
|
||||||
|
both-cas-1 |
||||||
|
Contains root_ca.crt, client_ca.crt and server_ca.crt, in that order. |
||||||
|
|
||||||
|
both-cas-2 |
||||||
|
Contains root_ca.crt, server_ca.crt and client_ca.crt, in that order. |
||||||
|
|
||||||
|
root+server_ca |
||||||
|
Contains root_crt and server_ca.crt. For use as client's "sslrootcert" |
||||||
|
option. |
||||||
|
|
||||||
|
root+client_ca |
||||||
|
Contains root_crt and client_ca.crt. For use as server's "ssl_ca_file". |
||||||
|
|
||||||
|
There are also CRLs for each of the CAs: root.crl, server.crl and client.crl. |
||||||
|
|
||||||
|
For convenience, all of these keypairs and certificates are included in the |
||||||
|
ssl/ subdirectory. The Makefile also contains a rule, "make sslfiles", to |
||||||
|
recreate them if you need to make changes. |
||||||
|
|
||||||
|
TODO |
||||||
|
==== |
||||||
|
|
||||||
|
* Allow the client-side of the tests to be run on different host easily. |
||||||
|
Currently, you have to manually set up the certificates for the right |
||||||
|
hostname, and modify the test file to skip setting up the server. And you |
||||||
|
have to modify the server to accept connections from the client host. |
||||||
|
|
||||||
|
* Test having multiple server certificates, so that the private key chooses |
||||||
|
the certificate to present to clients. (And the same in the client-side.) |
||||||
@ -0,0 +1,96 @@ |
|||||||
|
# This module sets up a test server, for the SSL regression tests. |
||||||
|
# |
||||||
|
# The server is configured as follows: |
||||||
|
# |
||||||
|
# - SSL enabled, with the server certificate specified by argument to |
||||||
|
# switch_server_cert function. |
||||||
|
# - ssl/root+client_ca.crt as the CA root for validating client certs. |
||||||
|
# - reject non-SSL connections |
||||||
|
# - a database called trustdb that lets anyone in |
||||||
|
# - another database called certdb that uses certificate authentiction, ie. |
||||||
|
# the client must present a valid certificate signed by the client CA |
||||||
|
# - two users, called ssltestuser and anotheruser. |
||||||
|
# |
||||||
|
# The server is configured to only accept connections from localhost. If you |
||||||
|
# want to run the client from another host, you'll have to configure that |
||||||
|
# manually. |
||||||
|
package ServerSetup; |
||||||
|
|
||||||
|
use strict; |
||||||
|
use warnings; |
||||||
|
use TestLib; |
||||||
|
use Test::More; |
||||||
|
|
||||||
|
use Exporter 'import'; |
||||||
|
our @EXPORT = qw( |
||||||
|
configure_test_server_for_ssl switch_server_cert |
||||||
|
); |
||||||
|
|
||||||
|
sub configure_test_server_for_ssl |
||||||
|
{ |
||||||
|
my $tempdir = $_[0]; |
||||||
|
|
||||||
|
# Create test users and databases |
||||||
|
psql 'postgres', "CREATE USER ssltestuser"; |
||||||
|
psql 'postgres', "CREATE USER anotheruser"; |
||||||
|
psql 'postgres', "CREATE DATABASE trustdb"; |
||||||
|
psql 'postgres', "CREATE DATABASE certdb"; |
||||||
|
|
||||||
|
# enable logging etc. |
||||||
|
open CONF, ">>$tempdir/pgdata/postgresql.conf"; |
||||||
|
print CONF "fsync=off\n"; |
||||||
|
print CONF "log_connections=on\n"; |
||||||
|
print CONF "log_hostname=on\n"; |
||||||
|
print CONF "log_statement=all\n"; |
||||||
|
|
||||||
|
# enable SSL and set up server key |
||||||
|
print CONF "include 'sslconfig.conf'"; |
||||||
|
|
||||||
|
close CONF; |
||||||
|
|
||||||
|
|
||||||
|
# Copy all server certificates and keys, and client root cert, to the data dir |
||||||
|
system_or_bail "cp ssl/server-*.crt '$tempdir'/pgdata"; |
||||||
|
system_or_bail "cp ssl/server-*.key '$tempdir'/pgdata"; |
||||||
|
system_or_bail "chmod 0600 '$tempdir'/pgdata/server-*.key"; |
||||||
|
system_or_bail "cp ssl/root+client_ca.crt '$tempdir'/pgdata"; |
||||||
|
system_or_bail "cp ssl/root+client.crl '$tempdir'/pgdata"; |
||||||
|
|
||||||
|
# Only accept SSL connections from localhost. Our tests don't depend on this |
||||||
|
# but seems best to keep it as narrow as possible for security reasons. |
||||||
|
# |
||||||
|
# When connecting to certdb, also check the client certificate. |
||||||
|
open HBA, ">$tempdir/pgdata/pg_hba.conf"; |
||||||
|
print HBA "# TYPE DATABASE USER ADDRESS METHOD\n"; |
||||||
|
print HBA "hostssl trustdb ssltestuser 127.0.0.1/32 trust\n"; |
||||||
|
print HBA "hostssl trustdb ssltestuser ::1/128 trust\n"; |
||||||
|
print HBA "hostssl certdb ssltestuser 127.0.0.1/32 cert\n"; |
||||||
|
print HBA "hostssl certdb ssltestuser ::1/128 cert\n"; |
||||||
|
close HBA; |
||||||
|
} |
||||||
|
|
||||||
|
# Change the configuration to use given server cert file, and restart |
||||||
|
# the server so that the configuration takes effect. |
||||||
|
sub switch_server_cert |
||||||
|
{ |
||||||
|
my $tempdir = $_[0]; |
||||||
|
my $certfile = $_[1]; |
||||||
|
|
||||||
|
diag "Restarting server with certfile \"$certfile\"..."; |
||||||
|
|
||||||
|
open SSLCONF, ">$tempdir/pgdata/sslconfig.conf"; |
||||||
|
print SSLCONF "ssl=on\n"; |
||||||
|
print SSLCONF "ssl_ca_file='root+client_ca.crt'\n"; |
||||||
|
print SSLCONF "ssl_cert_file='$certfile.crt'\n"; |
||||||
|
print SSLCONF "ssl_key_file='$certfile.key'\n"; |
||||||
|
print SSLCONF "ssl_crl_file='root+client.crl'\n"; |
||||||
|
close SSLCONF; |
||||||
|
|
||||||
|
# Stop and restart server to reload the new config. We cannot use |
||||||
|
# restart_test_server() because that overrides listen_addresses to only all |
||||||
|
# Unix domain socket connections. |
||||||
|
|
||||||
|
system_or_bail 'pg_ctl', 'stop', '-D', "$tempdir/pgdata", '-w'; |
||||||
|
system_or_bail 'pg_ctl', 'start', '-D', "$tempdir/pgdata", '-w', '-l', |
||||||
|
"$tempdir/logfile"; |
||||||
|
} |
||||||
@ -0,0 +1,65 @@ |
|||||||
|
# This file contains the configuration for all the CAs. |
||||||
|
|
||||||
|
[ req ] |
||||||
|
prompt = no |
||||||
|
req_extensions = v3_req |
||||||
|
|
||||||
|
# For Subject Alternative Names |
||||||
|
[ v3_req ] |
||||||
|
subjectAltName = @alt_names |
||||||
|
|
||||||
|
# Root CA, used to sign the certificates of the intermediary server and |
||||||
|
# client CAs. |
||||||
|
[ root_ca ] |
||||||
|
dir = ./ssl/ |
||||||
|
database = ./ssl/root_ca-certindex |
||||||
|
serial = ./ssl/root_ca.srl |
||||||
|
default_md = sha1 |
||||||
|
default_days= 10000 |
||||||
|
default_crl_days= 10000 |
||||||
|
certificate = ./ssl/root_ca.crt |
||||||
|
private_key = ./ssl/root_ca.key |
||||||
|
new_certs_dir = ./ssl/new_certs_dir |
||||||
|
policy = policy_match |
||||||
|
email_in_dn = no |
||||||
|
|
||||||
|
# CA used to sign all the server certificates. |
||||||
|
[ server_ca ] |
||||||
|
dir = ./ssl/ |
||||||
|
database = ./ssl/server_ca-certindex |
||||||
|
default_md = sha1 |
||||||
|
default_days= 10000 |
||||||
|
default_crl_days= 10000 |
||||||
|
certificate = ./ssl/server_ca.crt |
||||||
|
private_key = ./ssl/server_ca.key |
||||||
|
new_certs_dir = ./ssl/new_certs_dir |
||||||
|
serial = ./ssl/server_ca.srl |
||||||
|
policy = policy_match |
||||||
|
email_in_dn = no |
||||||
|
unique_subject = no |
||||||
|
crl = ./ssl/server.crl |
||||||
|
|
||||||
|
# CA used to sign all the client certificates. |
||||||
|
[ client_ca ] |
||||||
|
dir = ./ssl/ |
||||||
|
database = ./ssl/client_ca-certindex |
||||||
|
default_md = sha1 |
||||||
|
default_days= 10000 |
||||||
|
default_crl_days= 10000 |
||||||
|
certificate = ./ssl/client_ca.crt |
||||||
|
private_key = ./ssl/client_ca.key |
||||||
|
new_certs_dir = ./ssl/new_certs_dir |
||||||
|
serial = ./ssl/client_ca.srl |
||||||
|
policy = policy_match |
||||||
|
email_in_dn = no |
||||||
|
unique_subject = no |
||||||
|
crl = ./ssl/client.crl |
||||||
|
|
||||||
|
# This is common for all CAs. |
||||||
|
[ policy_match ] |
||||||
|
countryName = optional |
||||||
|
stateOrProvinceName = optional |
||||||
|
organizationName = optional |
||||||
|
organizationalUnitName = optional |
||||||
|
commonName = optional |
||||||
|
emailAddress = optional |
||||||
@ -0,0 +1,13 @@ |
|||||||
|
# An OpenSSL format CSR config file for creating a client certificate. |
||||||
|
# |
||||||
|
# The certificate is for user "ssltestuser". |
||||||
|
|
||||||
|
[ req ] |
||||||
|
distinguished_name = req_distinguished_name |
||||||
|
prompt = no |
||||||
|
|
||||||
|
[ req_distinguished_name ] |
||||||
|
CN = ssltestuser |
||||||
|
|
||||||
|
# no extensions in client certs |
||||||
|
[ v3_req ] |
||||||
@ -0,0 +1,11 @@ |
|||||||
|
# An OpenSSL format CSR config file for creating the client root certificate. |
||||||
|
# This configuration file is also used when operating the CA. |
||||||
|
# |
||||||
|
# This certificate is used to sign client certificates. It is self-signed. |
||||||
|
|
||||||
|
[ req ] |
||||||
|
distinguished_name = req_distinguished_name |
||||||
|
prompt = no |
||||||
|
|
||||||
|
[ req_distinguished_name ] |
||||||
|
CN = Test CA for PostgreSQL SSL regression test client certs |
||||||
@ -0,0 +1,9 @@ |
|||||||
|
# A root certificate authority. The server and client CA's certificates |
||||||
|
# are signed by this root CA. |
||||||
|
|
||||||
|
[ req ] |
||||||
|
distinguished_name = req_distinguished_name |
||||||
|
prompt = no |
||||||
|
|
||||||
|
[ req_distinguished_name ] |
||||||
|
CN = Test root CA for PostgreSQL SSL regression test suite |
||||||
@ -0,0 +1,25 @@ |
|||||||
|
# An OpenSSL format CSR config file for creating a server certificate. |
||||||
|
# |
||||||
|
# This certificate contains both a CN, and SANs. |
||||||
|
|
||||||
|
|
||||||
|
[ req ] |
||||||
|
distinguished_name = req_distinguished_name |
||||||
|
req_extensions = v3_req |
||||||
|
prompt = no |
||||||
|
|
||||||
|
[ req_distinguished_name ] |
||||||
|
# Note: According to RFC 2818 and 6125, the CN is ignored, when SANs are |
||||||
|
# present. In practice, the hostname that's put in the CN field is always |
||||||
|
# also listed as a SAN, but we intentionally don't do that here so that we |
||||||
|
# can test adherence to those RFCs. |
||||||
|
CN = common-name.pg-ssltest.test |
||||||
|
OU = PostgreSQL test suite |
||||||
|
|
||||||
|
# For Subject Alternative Names |
||||||
|
[ v3_req ] |
||||||
|
subjectAltName = @alt_names |
||||||
|
|
||||||
|
[ alt_names ] |
||||||
|
DNS.1 = dns1.alt-name.pg-ssltest.test |
||||||
|
DNS.2 = dns2.alt-name.pg-ssltest.test |
||||||
@ -0,0 +1,15 @@ |
|||||||
|
# An OpenSSL format CSR config file for creating a server certificate. |
||||||
|
# |
||||||
|
|
||||||
|
[ req ] |
||||||
|
distinguished_name = req_distinguished_name |
||||||
|
req_extensions = v3_req |
||||||
|
prompt = no |
||||||
|
|
||||||
|
[ req_distinguished_name ] |
||||||
|
CN = common-name.pg-ssltest.test |
||||||
|
OU = PostgreSQL test suite |
||||||
|
|
||||||
|
# For Subject Alternative Names |
||||||
|
[ v3_req ] |
||||||
|
|
||||||
@ -0,0 +1,20 @@ |
|||||||
|
# An OpenSSL format CSR config file for creating a server certificate. |
||||||
|
# |
||||||
|
# This certificate contains multiple SANs, and no CN. |
||||||
|
|
||||||
|
[ req ] |
||||||
|
distinguished_name = req_distinguished_name |
||||||
|
req_extensions = v3_req |
||||||
|
prompt = no |
||||||
|
|
||||||
|
[ req_distinguished_name ] |
||||||
|
OU = PostgreSQL test suite |
||||||
|
|
||||||
|
# For Subject Alternative Names |
||||||
|
[ v3_req ] |
||||||
|
subjectAltName = @alt_names |
||||||
|
|
||||||
|
[ alt_names ] |
||||||
|
DNS.1 = dns1.alt-name.pg-ssltest.test |
||||||
|
DNS.2 = dns2.alt-name.pg-ssltest.test |
||||||
|
DNS.3 = *.wildcard.pg-ssltest.test |
||||||
@ -0,0 +1,17 @@ |
|||||||
|
# An OpenSSL format CSR config file for creating a server certificate. |
||||||
|
# |
||||||
|
# This certificate contains no CN, nor SANs. Not very useful, but make |
||||||
|
# sure the client can handle it gracefully. |
||||||
|
|
||||||
|
[ req ] |
||||||
|
distinguished_name = req_distinguished_name |
||||||
|
req_extensions = v3_req |
||||||
|
prompt = no |
||||||
|
|
||||||
|
[ req_distinguished_name ] |
||||||
|
OU = PostgreSQL test suite |
||||||
|
|
||||||
|
# For Subject Alternative Names |
||||||
|
[ v3_req ] |
||||||
|
|
||||||
|
[ alt_names ] |
||||||
@ -0,0 +1,17 @@ |
|||||||
|
# An OpenSSL format CSR config file for creating a server certificate. |
||||||
|
# |
||||||
|
# This is identical to server-cn-only certificate, but this one is revoked |
||||||
|
# later. |
||||||
|
|
||||||
|
[ req ] |
||||||
|
distinguished_name = req_distinguished_name |
||||||
|
req_extensions = v3_req |
||||||
|
prompt = no |
||||||
|
|
||||||
|
[ req_distinguished_name ] |
||||||
|
CN = common-name.pg-ssltest.test |
||||||
|
OU = PostgreSQL test suite |
||||||
|
|
||||||
|
# For Subject Alternative Names |
||||||
|
[ v3_req ] |
||||||
|
|
||||||
@ -0,0 +1,18 @@ |
|||||||
|
# An OpenSSL format CSR config file for creating a server certificate. |
||||||
|
# |
||||||
|
# This certificate has a single SAN, and no CN. |
||||||
|
|
||||||
|
[ req ] |
||||||
|
distinguished_name = req_distinguished_name |
||||||
|
req_extensions = v3_req |
||||||
|
prompt = no |
||||||
|
|
||||||
|
[ req_distinguished_name ] |
||||||
|
OU = PostgreSQL test suite |
||||||
|
|
||||||
|
# For Subject Alternative Names |
||||||
|
[ v3_req ] |
||||||
|
subjectAltName = @alt_names |
||||||
|
|
||||||
|
[ alt_names ] |
||||||
|
DNS.1 = single.alt-name.pg-ssltest.test |
||||||
@ -0,0 +1,11 @@ |
|||||||
|
# An OpenSSL format CSR config file for creating the server root certificate. |
||||||
|
# This configuration file is also used when operating the CA. |
||||||
|
# |
||||||
|
# This certificate is used to sign server certificates. It is self-signed. |
||||||
|
|
||||||
|
[ req ] |
||||||
|
distinguished_name = req_distinguished_name |
||||||
|
prompt = no |
||||||
|
|
||||||
|
[ req_distinguished_name ] |
||||||
|
CN = Test CA for PostgreSQL SSL regression test server certs |
||||||
@ -0,0 +1,2 @@ |
|||||||
|
*.old |
||||||
|
new_certs_dir |
||||||
@ -0,0 +1,39 @@ |
|||||||
|
-----BEGIN CERTIFICATE----- |
||||||
|
MIIB9zCCAWACCQD13ziQMRDLGTANBgkqhkiG9w0BAQsFADBAMT4wPAYDVQQDDDVU |
||||||
|
ZXN0IHJvb3QgQ0EgZm9yIFBvc3RncmVTUUwgU1NMIHJlZ3Jlc3Npb24gdGVzdCBz |
||||||
|
dWl0ZTAeFw0xNDEyMDQxMTUyMDFaFw0xNTAxMDMxMTUyMDFaMEAxPjA8BgNVBAMM |
||||||
|
NVRlc3Qgcm9vdCBDQSBmb3IgUG9zdGdyZVNRTCBTU0wgcmVncmVzc2lvbiB0ZXN0 |
||||||
|
IHN1aXRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC7TLars/P/obbNlsz |
||||||
|
cX/wZFnZ97L4dAiJAE+ZusoTqLalRnPbQEtrPfMA/eL/gjq69ehnPcehMIxnYRAV |
||||||
|
+xqOnMiUacf+6TQBrjrnfCQZkYkngzYajTqhQogdM7sUHtvBvTs1EkjdVznQUN9B |
||||||
|
BRZi6zEvUMkc8/+KaiEKc0zAKQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAAhmmj+R |
||||||
|
XP1+AREKWE33P8AkXTTGkXMvULZSgteHWxbBc08TbxJLTsqDvwp0lY/9nH48Ejx5 |
||||||
|
XYIdDAED9Bwsm50y9u5p5OsO9YqHJfIsC9+Ui3paDHU543Y8CtZC4Ye5OcFn4/lp |
||||||
|
ew5Ix9E0LHJlY+LCfVEKSV0jDP6aMsYETpIe |
||||||
|
-----END CERTIFICATE----- |
||||||
|
-----BEGIN CERTIFICATE----- |
||||||
|
MIIB8TCCAVoCAQIwDQYJKoZIhvcNAQEFBQAwQDE+MDwGA1UEAww1VGVzdCByb290 |
||||||
|
IENBIGZvciBQb3N0Z3JlU1FMIFNTTCByZWdyZXNzaW9uIHRlc3Qgc3VpdGUwHhcN |
||||||
|
MTQxMjA0MTE1MjAxWhcNNDIwNDIxMTE1MjAxWjBCMUAwPgYDVQQDDDdUZXN0IENB |
||||||
|
IGZvciBQb3N0Z3JlU1FMIFNTTCByZWdyZXNzaW9uIHRlc3QgY2xpZW50IGNlcnRz |
||||||
|
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIJfmyeyPe6g3+16+WsGB8LRMW |
||||||
|
zfMXKKjxsBd3Zu2ka7jvfKe4ockw87kY01k0G4NHJgWH5zO2OuCNDOa8z+GLqSSO |
||||||
|
LYoMvik9+BLgFR8zBPshy77Rpb3CtpDjJUAU8TWQOT0cC56IwEgj2zswctqKIeFg |
||||||
|
ogkTbfg5KTNKSd4VUwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAIHyYzFTIvvrUFFD |
||||||
|
yxhU3xyH6nx7HC47fxN+1kQjDa4MjvNsm/dOKETvS4b6GUKOudEKENBHzJW08hhs |
||||||
|
vn8uvmWEmyYcUyhp9r5lH2oaa6fySbnc+PE8YD2WNe+et1OdIMwqVwOegCeI85FN |
||||||
|
UtZk2tJjiRXJxBlheaaBxrzYjOBO |
||||||
|
-----END CERTIFICATE----- |
||||||
|
-----BEGIN CERTIFICATE----- |
||||||
|
MIIB8TCCAVoCAQEwDQYJKoZIhvcNAQEFBQAwQDE+MDwGA1UEAww1VGVzdCByb290 |
||||||
|
IENBIGZvciBQb3N0Z3JlU1FMIFNTTCByZWdyZXNzaW9uIHRlc3Qgc3VpdGUwHhcN |
||||||
|
MTQxMjA0MTE1MjAxWhcNNDIwNDIxMTE1MjAxWjBCMUAwPgYDVQQDDDdUZXN0IENB |
||||||
|
IGZvciBQb3N0Z3JlU1FMIFNTTCByZWdyZXNzaW9uIHRlc3Qgc2VydmVyIGNlcnRz |
||||||
|
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC15tOzDBVKaCRDz9L5LMpPk8DR |
||||||
|
RGHHOe4OuO6WTkUzjbjuKyiQbmtcp00R4dULbSM57ESvI/Ny0gPt+J/QKAOG8S5t |
||||||
|
09wDpKxKcgZSZ6Nd6FaK+D+ZhUVAkP3hB0ba0wo1JZff/0e4B+VJhXTjl7RRHfbr |
||||||
|
AEuDYFxv9T3K/Jq04wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAJys1pnYvO+u8Wca |
||||||
|
6xUToGMpqTnImKa+dX8tMKsp6mXAN/dWrOVMDWnjBhQxShhAZBsaJ4iUeXPJlctw |
||||||
|
KzkUCQo6BsUbPMTSQlPuyHHdZBOTHDIW4SylKaBQvkundkhhBO7aHwFV3QjxZKcH |
||||||
|
XqpGyY2ryrgdj2D4+H55NDXYjj/m |
||||||
|
-----END CERTIFICATE----- |
||||||
@ -0,0 +1,39 @@ |
|||||||
|
-----BEGIN CERTIFICATE----- |
||||||
|
MIIB9zCCAWACCQD13ziQMRDLGTANBgkqhkiG9w0BAQsFADBAMT4wPAYDVQQDDDVU |
||||||
|
ZXN0IHJvb3QgQ0EgZm9yIFBvc3RncmVTUUwgU1NMIHJlZ3Jlc3Npb24gdGVzdCBz |
||||||
|
dWl0ZTAeFw0xNDEyMDQxMTUyMDFaFw0xNTAxMDMxMTUyMDFaMEAxPjA8BgNVBAMM |
||||||
|
NVRlc3Qgcm9vdCBDQSBmb3IgUG9zdGdyZVNRTCBTU0wgcmVncmVzc2lvbiB0ZXN0 |
||||||
|
IHN1aXRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC7TLars/P/obbNlsz |
||||||
|
cX/wZFnZ97L4dAiJAE+ZusoTqLalRnPbQEtrPfMA/eL/gjq69ehnPcehMIxnYRAV |
||||||
|
+xqOnMiUacf+6TQBrjrnfCQZkYkngzYajTqhQogdM7sUHtvBvTs1EkjdVznQUN9B |
||||||
|
BRZi6zEvUMkc8/+KaiEKc0zAKQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAAhmmj+R |
||||||
|
XP1+AREKWE33P8AkXTTGkXMvULZSgteHWxbBc08TbxJLTsqDvwp0lY/9nH48Ejx5 |
||||||
|
XYIdDAED9Bwsm50y9u5p5OsO9YqHJfIsC9+Ui3paDHU543Y8CtZC4Ye5OcFn4/lp |
||||||
|
ew5Ix9E0LHJlY+LCfVEKSV0jDP6aMsYETpIe |
||||||
|
-----END CERTIFICATE----- |
||||||
|
-----BEGIN CERTIFICATE----- |
||||||
|
MIIB8TCCAVoCAQEwDQYJKoZIhvcNAQEFBQAwQDE+MDwGA1UEAww1VGVzdCByb290 |
||||||
|
IENBIGZvciBQb3N0Z3JlU1FMIFNTTCByZWdyZXNzaW9uIHRlc3Qgc3VpdGUwHhcN |
||||||
|
MTQxMjA0MTE1MjAxWhcNNDIwNDIxMTE1MjAxWjBCMUAwPgYDVQQDDDdUZXN0IENB |
||||||
|
IGZvciBQb3N0Z3JlU1FMIFNTTCByZWdyZXNzaW9uIHRlc3Qgc2VydmVyIGNlcnRz |
||||||
|
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC15tOzDBVKaCRDz9L5LMpPk8DR |
||||||
|
RGHHOe4OuO6WTkUzjbjuKyiQbmtcp00R4dULbSM57ESvI/Ny0gPt+J/QKAOG8S5t |
||||||
|
09wDpKxKcgZSZ6Nd6FaK+D+ZhUVAkP3hB0ba0wo1JZff/0e4B+VJhXTjl7RRHfbr |
||||||
|
AEuDYFxv9T3K/Jq04wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAJys1pnYvO+u8Wca |
||||||
|
6xUToGMpqTnImKa+dX8tMKsp6mXAN/dWrOVMDWnjBhQxShhAZBsaJ4iUeXPJlctw |
||||||
|
KzkUCQo6BsUbPMTSQlPuyHHdZBOTHDIW4SylKaBQvkundkhhBO7aHwFV3QjxZKcH |
||||||
|
XqpGyY2ryrgdj2D4+H55NDXYjj/m |
||||||
|
-----END CERTIFICATE----- |
||||||
|
-----BEGIN CERTIFICATE----- |
||||||
|
MIIB8TCCAVoCAQIwDQYJKoZIhvcNAQEFBQAwQDE+MDwGA1UEAww1VGVzdCByb290 |
||||||
|
IENBIGZvciBQb3N0Z3JlU1FMIFNTTCByZWdyZXNzaW9uIHRlc3Qgc3VpdGUwHhcN |
||||||
|
MTQxMjA0MTE1MjAxWhcNNDIwNDIxMTE1MjAxWjBCMUAwPgYDVQQDDDdUZXN0IENB |
||||||
|
IGZvciBQb3N0Z3JlU1FMIFNTTCByZWdyZXNzaW9uIHRlc3QgY2xpZW50IGNlcnRz |
||||||
|
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIJfmyeyPe6g3+16+WsGB8LRMW |
||||||
|
zfMXKKjxsBd3Zu2ka7jvfKe4ockw87kY01k0G4NHJgWH5zO2OuCNDOa8z+GLqSSO |
||||||
|
LYoMvik9+BLgFR8zBPshy77Rpb3CtpDjJUAU8TWQOT0cC56IwEgj2zswctqKIeFg |
||||||
|
ogkTbfg5KTNKSd4VUwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAIHyYzFTIvvrUFFD |
||||||
|
yxhU3xyH6nx7HC47fxN+1kQjDa4MjvNsm/dOKETvS4b6GUKOudEKENBHzJW08hhs |
||||||
|
vn8uvmWEmyYcUyhp9r5lH2oaa6fySbnc+PE8YD2WNe+et1OdIMwqVwOegCeI85FN |
||||||
|
UtZk2tJjiRXJxBlheaaBxrzYjOBO |
||||||
|
-----END CERTIFICATE----- |
||||||
@ -0,0 +1,12 @@ |
|||||||
|
-----BEGIN CERTIFICATE----- |
||||||
|
MIIBxzCCATACAQIwDQYJKoZIhvcNAQEFBQAwQjFAMD4GA1UEAww3VGVzdCBDQSBm |
||||||
|
b3IgUG9zdGdyZVNRTCBTU0wgcmVncmVzc2lvbiB0ZXN0IGNsaWVudCBjZXJ0czAe |
||||||
|
Fw0xNDEyMDQxMTUyMDFaFw00MjA0MjExMTUyMDFaMBYxFDASBgNVBAMMC3NzbHRl |
||||||
|
c3R1c2VyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg8LJSdf9nhkMSYmhn |
||||||
|
+F3yqVSu+UXTcmPejKTBZRd4moLL2ti41K3M2xZDiZOn8V7To9AAD/tN3lPkn2y4 |
||||||
|
ZqKD+zChVPJ5yUSpenVxKRckyK2pO4aNItgt60YJp119IG7mH/nfobl6nraI3xxk |
||||||
|
WGyT7O2sOOpokW9fF4DJfLe6lQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAMTRz+Nl |
||||||
|
hJeym72oGRIiJ7ODsIS4cVRQ13TwEtV/wPZ+skc/V7RFfHro5hyRwkbfIoZvhCld |
||||||
|
ZkyAXhQyiru0JzoklfEbOtwuC+J+XvXQ7aupIrnGRHF0yyEIYAEhgSRzaUvKWKlB |
||||||
|
gttm9tKwJuVCBYHh+cCGU0LnR3jhxVUqaL9d |
||||||
|
-----END CERTIFICATE----- |
||||||
@ -0,0 +1,15 @@ |
|||||||
|
-----BEGIN RSA PRIVATE KEY----- |
||||||
|
MIICXgIBAAKBgQDg8LJSdf9nhkMSYmhn+F3yqVSu+UXTcmPejKTBZRd4moLL2ti4 |
||||||
|
1K3M2xZDiZOn8V7To9AAD/tN3lPkn2y4ZqKD+zChVPJ5yUSpenVxKRckyK2pO4aN |
||||||
|
Itgt60YJp119IG7mH/nfobl6nraI3xxkWGyT7O2sOOpokW9fF4DJfLe6lQIDAQAB |
||||||
|
AoGBAKh3PGaL3zPuly8eqqkrl1kVPsopAQXCx083MHFzP+fgeJMqnWOYTW5+qyb7 |
||||||
|
061VFbsWFcLmNUV1fIleaTOWEqG0BXkG8VgS0sxEEV6N4sR6ePK2tOA81ZxFhXOR |
||||||
|
bJx8oys2U0kZZVRLvuj5+KjLMSBwWHEIpobE+zz4F9xcTXjlAkEA/6O0yApJ7sBQ |
||||||
|
XS54tK3m7NCYU8yEUD3Yidg9SmaYjiNwhLZ2e9KreQEkcbiHR8R0FHUxzKb/dItt |
||||||
|
2SauaHpCzwJBAOFB6DF0KM0XsfK209LoGvcA6t/aazOtbBlq9I49siKBE74Z7wJu |
||||||
|
0xsH8ndCkBPatoSn2ZuuXv3ozGNU9J+JFVsCQQDAOdk2koYFgZbseoVJV3rNmAzy |
||||||
|
9laH//lTrcZoq70LJJr3MDzn3wIRe0psONWAobinqXhI60or2KxBHVUIOucBAkEA |
||||||
|
qfDSHzU2bvx4aNeb2Vr4tO7BRB8Bj5w/mLGDTSiokrV00o+4LMq1g4gsWeMi1YfE |
||||||
|
+TG0z2nvCnoucKYwY4fFTwJAbW0FLKUzRvX8dM3nXxs8vGktH8TH+dqsUfrZt9ms |
||||||
|
2nF1wwAD2OUXf94dnRvlgSMC7RMbTPAeoHnkqCpb1w++lg== |
||||||
|
-----END RSA PRIVATE KEY----- |
||||||
@ -0,0 +1,9 @@ |
|||||||
|
-----BEGIN X509 CRL----- |
||||||
|
MIIBHTCBhzANBgkqhkiG9w0BAQUFADBCMUAwPgYDVQQDDDdUZXN0IENBIGZvciBQ |
||||||
|
b3N0Z3JlU1FMIFNTTCByZWdyZXNzaW9uIHRlc3QgY2xpZW50IGNlcnRzFw0xNDEy |
||||||
|
MDQxMTUyMDFaFw00MjA0MjExMTUyMDFaMBQwEgIBAhcNMTQxMjA0MTE1MjAxWjAN |
||||||
|
BgkqhkiG9w0BAQUFAAOBgQDGZTiMkukrcJheXCzKlNKKTyteOmR/sQYj36nyyV2U |
||||||
|
Iac9gYSYAb8ecjUrtcL/innhDAupGUxGR3QltSPo6q1yn9L8BJWJIz+BqK6aV4fb |
||||||
|
3lqGtTQKr+8qaKC7mi5TBafJmkUiNsbclNZl/ooQPW+Gzm++JpunK4uGzdW+4I6/ |
||||||
|
fQ== |
||||||
|
-----END X509 CRL----- |
||||||
@ -0,0 +1,12 @@ |
|||||||
|
-----BEGIN CERTIFICATE----- |
||||||
|
MIIBxzCCATACAQEwDQYJKoZIhvcNAQEFBQAwQjFAMD4GA1UEAww3VGVzdCBDQSBm |
||||||
|
b3IgUG9zdGdyZVNRTCBTU0wgcmVncmVzc2lvbiB0ZXN0IGNsaWVudCBjZXJ0czAe |
||||||
|
Fw0xNDEyMDQxMTUyMDFaFw00MjA0MjExMTUyMDFaMBYxFDASBgNVBAMMC3NzbHRl |
||||||
|
c3R1c2VyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDErK6Z/Mv8oTKe026e |
||||||
|
SXhtrAeHPVAWM69Sb3zeQb8bnoqusfc0jQhaqvQqq6UYyCPRsH2qAp8B8Cdf93/B |
||||||
|
I5WIKGWcj107fB+dxqeuCS8QHyvO9Ygr9KYHWMKMz4DR+AsWYqoBXxgFjzwDAQB9 |
||||||
|
SZRMRgUyHR+qQRGEXkgMLgwrbQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACnd/MjL |
||||||
|
pGmAHIdbMKcIqMPmAhnkzyfoPE+V6V/6Fm3f9iwHYr4ivxTMhdTffFFyVMxvCDEw |
||||||
|
a0Hlx/wPPnbvsJLiWCHYzXJsyISarIU+euxUYQY1w2tTkmgITESM1eDq2SOMnvqK |
||||||
|
iLoSyGNPrq2tAWPTyx7il1Q72ZNl6w3w+uY4 |
||||||
|
-----END CERTIFICATE----- |
||||||
@ -0,0 +1,15 @@ |
|||||||
|
-----BEGIN RSA PRIVATE KEY----- |
||||||
|
MIICXgIBAAKBgQDErK6Z/Mv8oTKe026eSXhtrAeHPVAWM69Sb3zeQb8bnoqusfc0 |
||||||
|
jQhaqvQqq6UYyCPRsH2qAp8B8Cdf93/BI5WIKGWcj107fB+dxqeuCS8QHyvO9Ygr |
||||||
|
9KYHWMKMz4DR+AsWYqoBXxgFjzwDAQB9SZRMRgUyHR+qQRGEXkgMLgwrbQIDAQAB |
||||||
|
AoGAbbKLaKRR+sTGgUQY7Py5ySIsyMfwBZIqdeZtVWKCf5s8axgkdBE92aSEr9Ax |
||||||
|
M9Nd9zVjwhHYMrKKo8JeZZG9csrt/XxgHXDbp+6y4lx0SW1XOmOp39K7h9mUmEVj |
||||||
|
XtICn75z4xYvJDG61xjqtrkh0lKaDr87VDJuuIjbcB2RdNkCQQD3A0Jue8hjoKhN |
||||||
|
H/CjtF/zfL/rkY0BO2Ryyp882AsUZu4y6YbAkrUJbySVIEU7oHleZaTJ/tzC7Ifs |
||||||
|
3XNO7iTnAkEAy9SPQNGU0SNkR2/H7x5JdllMOlOZzl+YUMQpDzH08o/u3RnfcFM8 |
||||||
|
72rYJenxLorKpuG5YXTYxRFet4GIhMqOiwJBAOHStgoh2lrSxurzl2FihxIoa6Em |
||||||
|
iP2mWbfkbF4IuWBmlcAv5QTrWt0MIiq/vOu9Uxgs3tHY0eTWr5GqB0AS0eMCQQCw |
||||||
|
S80LlzpMGXxmfTxEicGoZ1wTJrPlV7F6Se/pgKAIHI3RFsu3b4dI3PTO9iTwyIK3 |
||||||
|
DI02ycWjzX5K4fKeSEQ5AkEAr87kSTl5xM9Z9Cew+FX3ICJRbRNChJEsMPgo+2GW |
||||||
|
PVrzAxEMk/zP0vb3Mjf5yYjpCYPF0BCgVRsbmN86DE5bng== |
||||||
|
-----END RSA PRIVATE KEY----- |
||||||
@ -0,0 +1,13 @@ |
|||||||
|
-----BEGIN CERTIFICATE----- |
||||||
|
MIIB8TCCAVoCAQIwDQYJKoZIhvcNAQEFBQAwQDE+MDwGA1UEAww1VGVzdCByb290 |
||||||
|
IENBIGZvciBQb3N0Z3JlU1FMIFNTTCByZWdyZXNzaW9uIHRlc3Qgc3VpdGUwHhcN |
||||||
|
MTQxMjA0MTE1MjAxWhcNNDIwNDIxMTE1MjAxWjBCMUAwPgYDVQQDDDdUZXN0IENB |
||||||
|
IGZvciBQb3N0Z3JlU1FMIFNTTCByZWdyZXNzaW9uIHRlc3QgY2xpZW50IGNlcnRz |
||||||
|
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIJfmyeyPe6g3+16+WsGB8LRMW |
||||||
|
zfMXKKjxsBd3Zu2ka7jvfKe4ockw87kY01k0G4NHJgWH5zO2OuCNDOa8z+GLqSSO |
||||||
|
LYoMvik9+BLgFR8zBPshy77Rpb3CtpDjJUAU8TWQOT0cC56IwEgj2zswctqKIeFg |
||||||
|
ogkTbfg5KTNKSd4VUwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAIHyYzFTIvvrUFFD |
||||||
|
yxhU3xyH6nx7HC47fxN+1kQjDa4MjvNsm/dOKETvS4b6GUKOudEKENBHzJW08hhs |
||||||
|
vn8uvmWEmyYcUyhp9r5lH2oaa6fySbnc+PE8YD2WNe+et1OdIMwqVwOegCeI85FN |
||||||
|
UtZk2tJjiRXJxBlheaaBxrzYjOBO |
||||||
|
-----END CERTIFICATE----- |
||||||
@ -0,0 +1,15 @@ |
|||||||
|
-----BEGIN RSA PRIVATE KEY----- |
||||||
|
MIICXgIBAAKBgQDIJfmyeyPe6g3+16+WsGB8LRMWzfMXKKjxsBd3Zu2ka7jvfKe4 |
||||||
|
ockw87kY01k0G4NHJgWH5zO2OuCNDOa8z+GLqSSOLYoMvik9+BLgFR8zBPshy77R |
||||||
|
pb3CtpDjJUAU8TWQOT0cC56IwEgj2zswctqKIeFgogkTbfg5KTNKSd4VUwIDAQAB |
||||||
|
AoGBALNvsFu+IFuiFKgLsGT1fZr2Qi3ot+5kSopbp74pbhZBaUxzwl451YjoiGJk |
||||||
|
YI3huKEZyk2cDvVp9ZUfIuHVsUsRkUtlMYAWJoxypbLWFw0efa9TNDbsoxGSjs8N |
||||||
|
TCZOqK6VKEbckTd2Mg8vanB+A8PswOPW94es32Y9XKwBaFsJAkEA5WVHtYs8aczd |
||||||
|
uJMuteUkv2R0OFL8wgIgkXRyk0BNJjVYwe/DbvW/J6W2DTsvoeFMZ9U+p2tEX9ab |
||||||
|
ak7RlCFNtwJBAN9cWRfVzKY6P62UZmIdsvDYJNaWaamfZguKx69q0FD1jcjl0C8R |
||||||
|
3w6xCVrGQCPbbQibNTLbIKPC/jrUcu6c9UUCQQDNiNGXeAnJQiXnGvjfQVCLrBX1 |
||||||
|
4WVW71D/Arcl+JcnhOTh31HcOZPski1r7XvgL12mKwrYNuQser0Fo1lkv/JBAkBx |
||||||
|
VOUrz+KP8Xw/8c1lOVaDF9jRPO6OD3/ymU8qtZLPkViIt/rC91lrle5+LZt71ilj |
||||||
|
tYTvsfnEvfrLFOLgKanVAkEAvyofcM5gr7gTiC+XxhjUyDNn2lYwoog+D67E6YvL |
||||||
|
chheY2FNRrqpCi0Zhi8KlUXnp4wtHA6zBW46l1xSxz4lYg== |
||||||
|
-----END RSA PRIVATE KEY----- |
||||||
@ -0,0 +1,17 @@ |
|||||||
|
-----BEGIN X509 CRL----- |
||||||
|
MIIBBDBvMA0GCSqGSIb3DQEBBQUAMEAxPjA8BgNVBAMMNVRlc3Qgcm9vdCBDQSBm |
||||||
|
b3IgUG9zdGdyZVNRTCBTU0wgcmVncmVzc2lvbiB0ZXN0IHN1aXRlFw0xNDEyMDQx |
||||||
|
MTUyMDFaFw00MjA0MjExMTUyMDFaMA0GCSqGSIb3DQEBBQUAA4GBAK7EbBLD03t6 |
||||||
|
zv2yRS6ByDg7X9CPbPVReUQ21ntI652lsJ4veAJeSWQXITEjC/mt+VkN8pKH8eEg |
||||||
|
hp0vZmS7zIzL+UdPZkJYokAdmBsmP1ymDvOHd52XssjM1e6d7pNKwk6Z40x6Tpvq |
||||||
|
cStL3sC4tomx+vn7zzSUcS3hwdcHvnwZ |
||||||
|
-----END X509 CRL----- |
||||||
|
-----BEGIN X509 CRL----- |
||||||
|
MIIBHTCBhzANBgkqhkiG9w0BAQUFADBCMUAwPgYDVQQDDDdUZXN0IENBIGZvciBQ |
||||||
|
b3N0Z3JlU1FMIFNTTCByZWdyZXNzaW9uIHRlc3QgY2xpZW50IGNlcnRzFw0xNDEy |
||||||
|
MDQxMTUyMDFaFw00MjA0MjExMTUyMDFaMBQwEgIBAhcNMTQxMjA0MTE1MjAxWjAN |
||||||
|
BgkqhkiG9w0BAQUFAAOBgQDGZTiMkukrcJheXCzKlNKKTyteOmR/sQYj36nyyV2U |
||||||
|
Iac9gYSYAb8ecjUrtcL/innhDAupGUxGR3QltSPo6q1yn9L8BJWJIz+BqK6aV4fb |
||||||
|
3lqGtTQKr+8qaKC7mi5TBafJmkUiNsbclNZl/ooQPW+Gzm++JpunK4uGzdW+4I6/ |
||||||
|
fQ== |
||||||
|
-----END X509 CRL----- |
||||||
@ -0,0 +1,26 @@ |
|||||||
|
-----BEGIN CERTIFICATE----- |
||||||
|
MIIB9zCCAWACCQD13ziQMRDLGTANBgkqhkiG9w0BAQsFADBAMT4wPAYDVQQDDDVU |
||||||
|
ZXN0IHJvb3QgQ0EgZm9yIFBvc3RncmVTUUwgU1NMIHJlZ3Jlc3Npb24gdGVzdCBz |
||||||
|
dWl0ZTAeFw0xNDEyMDQxMTUyMDFaFw0xNTAxMDMxMTUyMDFaMEAxPjA8BgNVBAMM |
||||||
|
NVRlc3Qgcm9vdCBDQSBmb3IgUG9zdGdyZVNRTCBTU0wgcmVncmVzc2lvbiB0ZXN0 |
||||||
|
IHN1aXRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC7TLars/P/obbNlsz |
||||||
|
cX/wZFnZ97L4dAiJAE+ZusoTqLalRnPbQEtrPfMA/eL/gjq69ehnPcehMIxnYRAV |
||||||
|
+xqOnMiUacf+6TQBrjrnfCQZkYkngzYajTqhQogdM7sUHtvBvTs1EkjdVznQUN9B |
||||||
|
BRZi6zEvUMkc8/+KaiEKc0zAKQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAAhmmj+R |
||||||
|
XP1+AREKWE33P8AkXTTGkXMvULZSgteHWxbBc08TbxJLTsqDvwp0lY/9nH48Ejx5 |
||||||
|
XYIdDAED9Bwsm50y9u5p5OsO9YqHJfIsC9+Ui3paDHU543Y8CtZC4Ye5OcFn4/lp |
||||||
|
ew5Ix9E0LHJlY+LCfVEKSV0jDP6aMsYETpIe |
||||||
|
-----END CERTIFICATE----- |
||||||
|
-----BEGIN CERTIFICATE----- |
||||||
|
MIIB8TCCAVoCAQIwDQYJKoZIhvcNAQEFBQAwQDE+MDwGA1UEAww1VGVzdCByb290 |
||||||
|
IENBIGZvciBQb3N0Z3JlU1FMIFNTTCByZWdyZXNzaW9uIHRlc3Qgc3VpdGUwHhcN |
||||||
|
MTQxMjA0MTE1MjAxWhcNNDIwNDIxMTE1MjAxWjBCMUAwPgYDVQQDDDdUZXN0IENB |
||||||
|
IGZvciBQb3N0Z3JlU1FMIFNTTCByZWdyZXNzaW9uIHRlc3QgY2xpZW50IGNlcnRz |
||||||
|
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIJfmyeyPe6g3+16+WsGB8LRMW |
||||||
|
zfMXKKjxsBd3Zu2ka7jvfKe4ockw87kY01k0G4NHJgWH5zO2OuCNDOa8z+GLqSSO |
||||||
|
LYoMvik9+BLgFR8zBPshy77Rpb3CtpDjJUAU8TWQOT0cC56IwEgj2zswctqKIeFg |
||||||
|
ogkTbfg5KTNKSd4VUwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAIHyYzFTIvvrUFFD |
||||||
|
yxhU3xyH6nx7HC47fxN+1kQjDa4MjvNsm/dOKETvS4b6GUKOudEKENBHzJW08hhs |
||||||
|
vn8uvmWEmyYcUyhp9r5lH2oaa6fySbnc+PE8YD2WNe+et1OdIMwqVwOegCeI85FN |
||||||
|
UtZk2tJjiRXJxBlheaaBxrzYjOBO |
||||||
|
-----END CERTIFICATE----- |
||||||
@ -0,0 +1,17 @@ |
|||||||
|
-----BEGIN X509 CRL----- |
||||||
|
MIIBBDBvMA0GCSqGSIb3DQEBBQUAMEAxPjA8BgNVBAMMNVRlc3Qgcm9vdCBDQSBm |
||||||
|
b3IgUG9zdGdyZVNRTCBTU0wgcmVncmVzc2lvbiB0ZXN0IHN1aXRlFw0xNDEyMDQx |
||||||
|
MTUyMDFaFw00MjA0MjExMTUyMDFaMA0GCSqGSIb3DQEBBQUAA4GBAK7EbBLD03t6 |
||||||
|
zv2yRS6ByDg7X9CPbPVReUQ21ntI652lsJ4veAJeSWQXITEjC/mt+VkN8pKH8eEg |
||||||
|
hp0vZmS7zIzL+UdPZkJYokAdmBsmP1ymDvOHd52XssjM1e6d7pNKwk6Z40x6Tpvq |
||||||
|
cStL3sC4tomx+vn7zzSUcS3hwdcHvnwZ |
||||||
|
-----END X509 CRL----- |
||||||
|
-----BEGIN X509 CRL----- |
||||||
|
MIIBHTCBhzANBgkqhkiG9w0BAQUFADBCMUAwPgYDVQQDDDdUZXN0IENBIGZvciBQ |
||||||
|
b3N0Z3JlU1FMIFNTTCByZWdyZXNzaW9uIHRlc3Qgc2VydmVyIGNlcnRzFw0xNDEy |
||||||
|
MDQxMTUyMDFaFw00MjA0MjExMTUyMDFaMBQwEgIBBhcNMTQxMjA0MTE1MjAxWjAN |
||||||
|
BgkqhkiG9w0BAQUFAAOBgQCmFnFkEt0+Ialw4E+4nIAJWJO9XDE71FdRfX3QChs8 |
||||||
|
ZJtBseaMNeUC1FY1zHOYQhtMy+Uatda6hx/QiyidF2oP5KpWp+R11M554Ifxem3X |
||||||
|
KDQDBQNee+1IIJ7a1kxAUxeSNP+0a3/bmUxI5sbomINnKeIDqDO8d2vmO2VLxJm6 |
||||||
|
MA== |
||||||
|
-----END X509 CRL----- |
||||||
@ -0,0 +1,26 @@ |
|||||||
|
-----BEGIN CERTIFICATE----- |
||||||
|
MIIB9zCCAWACCQD13ziQMRDLGTANBgkqhkiG9w0BAQsFADBAMT4wPAYDVQQDDDVU |
||||||
|
ZXN0IHJvb3QgQ0EgZm9yIFBvc3RncmVTUUwgU1NMIHJlZ3Jlc3Npb24gdGVzdCBz |
||||||
|
dWl0ZTAeFw0xNDEyMDQxMTUyMDFaFw0xNTAxMDMxMTUyMDFaMEAxPjA8BgNVBAMM |
||||||
|
NVRlc3Qgcm9vdCBDQSBmb3IgUG9zdGdyZVNRTCBTU0wgcmVncmVzc2lvbiB0ZXN0 |
||||||
|
IHN1aXRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC7TLars/P/obbNlsz |
||||||
|
cX/wZFnZ97L4dAiJAE+ZusoTqLalRnPbQEtrPfMA/eL/gjq69ehnPcehMIxnYRAV |
||||||
|
+xqOnMiUacf+6TQBrjrnfCQZkYkngzYajTqhQogdM7sUHtvBvTs1EkjdVznQUN9B |
||||||
|
BRZi6zEvUMkc8/+KaiEKc0zAKQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAAhmmj+R |
||||||
|
XP1+AREKWE33P8AkXTTGkXMvULZSgteHWxbBc08TbxJLTsqDvwp0lY/9nH48Ejx5 |
||||||
|
XYIdDAED9Bwsm50y9u5p5OsO9YqHJfIsC9+Ui3paDHU543Y8CtZC4Ye5OcFn4/lp |
||||||
|
ew5Ix9E0LHJlY+LCfVEKSV0jDP6aMsYETpIe |
||||||
|
-----END CERTIFICATE----- |
||||||
|
-----BEGIN CERTIFICATE----- |
||||||
|
MIIB8TCCAVoCAQEwDQYJKoZIhvcNAQEFBQAwQDE+MDwGA1UEAww1VGVzdCByb290 |
||||||
|
IENBIGZvciBQb3N0Z3JlU1FMIFNTTCByZWdyZXNzaW9uIHRlc3Qgc3VpdGUwHhcN |
||||||
|
MTQxMjA0MTE1MjAxWhcNNDIwNDIxMTE1MjAxWjBCMUAwPgYDVQQDDDdUZXN0IENB |
||||||
|
IGZvciBQb3N0Z3JlU1FMIFNTTCByZWdyZXNzaW9uIHRlc3Qgc2VydmVyIGNlcnRz |
||||||
|
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC15tOzDBVKaCRDz9L5LMpPk8DR |
||||||
|
RGHHOe4OuO6WTkUzjbjuKyiQbmtcp00R4dULbSM57ESvI/Ny0gPt+J/QKAOG8S5t |
||||||
|
09wDpKxKcgZSZ6Nd6FaK+D+ZhUVAkP3hB0ba0wo1JZff/0e4B+VJhXTjl7RRHfbr |
||||||
|
AEuDYFxv9T3K/Jq04wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAJys1pnYvO+u8Wca |
||||||
|
6xUToGMpqTnImKa+dX8tMKsp6mXAN/dWrOVMDWnjBhQxShhAZBsaJ4iUeXPJlctw |
||||||
|
KzkUCQo6BsUbPMTSQlPuyHHdZBOTHDIW4SylKaBQvkundkhhBO7aHwFV3QjxZKcH |
||||||
|
XqpGyY2ryrgdj2D4+H55NDXYjj/m |
||||||
|
-----END CERTIFICATE----- |
||||||
@ -0,0 +1,8 @@ |
|||||||
|
-----BEGIN X509 CRL----- |
||||||
|
MIIBBDBvMA0GCSqGSIb3DQEBBQUAMEAxPjA8BgNVBAMMNVRlc3Qgcm9vdCBDQSBm |
||||||
|
b3IgUG9zdGdyZVNRTCBTU0wgcmVncmVzc2lvbiB0ZXN0IHN1aXRlFw0xNDEyMDQx |
||||||
|
MTUyMDFaFw00MjA0MjExMTUyMDFaMA0GCSqGSIb3DQEBBQUAA4GBAK7EbBLD03t6 |
||||||
|
zv2yRS6ByDg7X9CPbPVReUQ21ntI652lsJ4veAJeSWQXITEjC/mt+VkN8pKH8eEg |
||||||
|
hp0vZmS7zIzL+UdPZkJYokAdmBsmP1ymDvOHd52XssjM1e6d7pNKwk6Z40x6Tpvq |
||||||
|
cStL3sC4tomx+vn7zzSUcS3hwdcHvnwZ |
||||||
|
-----END X509 CRL----- |
||||||
@ -0,0 +1,13 @@ |
|||||||
|
-----BEGIN CERTIFICATE----- |
||||||
|
MIIB9zCCAWACCQD13ziQMRDLGTANBgkqhkiG9w0BAQsFADBAMT4wPAYDVQQDDDVU |
||||||
|
ZXN0IHJvb3QgQ0EgZm9yIFBvc3RncmVTUUwgU1NMIHJlZ3Jlc3Npb24gdGVzdCBz |
||||||
|
dWl0ZTAeFw0xNDEyMDQxMTUyMDFaFw0xNTAxMDMxMTUyMDFaMEAxPjA8BgNVBAMM |
||||||
|
NVRlc3Qgcm9vdCBDQSBmb3IgUG9zdGdyZVNRTCBTU0wgcmVncmVzc2lvbiB0ZXN0 |
||||||
|
IHN1aXRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC7TLars/P/obbNlsz |
||||||
|
cX/wZFnZ97L4dAiJAE+ZusoTqLalRnPbQEtrPfMA/eL/gjq69ehnPcehMIxnYRAV |
||||||
|
+xqOnMiUacf+6TQBrjrnfCQZkYkngzYajTqhQogdM7sUHtvBvTs1EkjdVznQUN9B |
||||||
|
BRZi6zEvUMkc8/+KaiEKc0zAKQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAAhmmj+R |
||||||
|
XP1+AREKWE33P8AkXTTGkXMvULZSgteHWxbBc08TbxJLTsqDvwp0lY/9nH48Ejx5 |
||||||
|
XYIdDAED9Bwsm50y9u5p5OsO9YqHJfIsC9+Ui3paDHU543Y8CtZC4Ye5OcFn4/lp |
||||||
|
ew5Ix9E0LHJlY+LCfVEKSV0jDP6aMsYETpIe |
||||||
|
-----END CERTIFICATE----- |
||||||
@ -0,0 +1,15 @@ |
|||||||
|
-----BEGIN RSA PRIVATE KEY----- |
||||||
|
MIICWwIBAAKBgQDC7TLars/P/obbNlszcX/wZFnZ97L4dAiJAE+ZusoTqLalRnPb |
||||||
|
QEtrPfMA/eL/gjq69ehnPcehMIxnYRAV+xqOnMiUacf+6TQBrjrnfCQZkYkngzYa |
||||||
|
jTqhQogdM7sUHtvBvTs1EkjdVznQUN9BBRZi6zEvUMkc8/+KaiEKc0zAKQIDAQAB |
||||||
|
AoGAa1z8kqiQe86Edr9UslwEjOKo/r5IzEIU5WjPbywL25Ikr5nDfHLIV5QygUxV |
||||||
|
uEgBkzKYxCyqBOVZoCM9Ge5JrGcWO+N7IVVpirJRLgafu17sWyOsFIdT0QfNBYEl |
||||||
|
sdcz70c0Rsfk+hnsJ3KDOAxEhmPZe1mT9Rl6g1qpzva1/1ECQQDkxzDyhm8/F41B |
||||||
|
1z9m6Gz8X3fIb4cx1WpMZHG3XNyD5rzPiUhuIqATUHTCGIig0nYzYr1AOVNSN6pb |
||||||
|
5whOuW4VAkEA2h7bIZd3yfn1YNZYk24ORwZssE5r5ryQeOwuDGJH8FxPk/LqZE8T |
||||||
|
OX+ptPRyDowd2UZFRz0jxKl3RR4W/VtixQJAehaK2oI/j+3jpkVWQna64puX8tEB |
||||||
|
1uhLR+U6gl3+GC3kiOR8ULoNrwD6rjIlh52JErcYw9NT0cZ/FXhfiJOQWQJAFr3a |
||||||
|
2RDC05M1K0iN6aky4eLgmC1FAMSuR31Qe8gPehcV0PYlzBmWhosx9YT7E1s2jX3P |
||||||
|
IVNVlF6a6eDuQrIxhQJAL8ELX6MNW05PzETZpYSOTvkOeGND7INc5Md28Yv9SkPd |
||||||
|
c/HvFDVQF0OsgFrIcuBP8o7YaQBETJPqFHMao+WB6w== |
||||||
|
-----END RSA PRIVATE KEY----- |
||||||
@ -0,0 +1,15 @@ |
|||||||
|
-----BEGIN CERTIFICATE----- |
||||||
|
MIICSTCCAbKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBCMUAwPgYDVQQDDDdUZXN0 |
||||||
|
IENBIGZvciBQb3N0Z3JlU1FMIFNTTCByZWdyZXNzaW9uIHRlc3Qgc2VydmVyIGNl |
||||||
|
cnRzMB4XDTE0MTIwNDExNTIwMVoXDTQyMDQyMTExNTIwMVowRjEeMBwGA1UECwwV |
||||||
|
UG9zdGdyZVNRTCB0ZXN0IHN1aXRlMSQwIgYDVQQDDBtjb21tb24tbmFtZS5wZy1z |
||||||
|
c2x0ZXN0LnRlc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ0ERoXVz7aK |
||||||
|
ZLL2W8psViLKVorl1pvLz4m0Uw0X8iQkHgN+/gMNs2nHDzQFtbOc3NVbBxnnosbF |
||||||
|
XuGeCrlz+xK3J4Y5g6up9xNPCbtLM+RxBtMx/a/8naO+4yraQD51pZgNUMjSYeIL |
||||||
|
9UeB3VFg928+swacichtJIlwU3KAiEzRAgMBAAGjSzBJMEcGA1UdEQRAMD6CHWRu |
||||||
|
czEuYWx0LW5hbWUucGctc3NsdGVzdC50ZXN0gh1kbnMyLmFsdC1uYW1lLnBnLXNz |
||||||
|
bHRlc3QudGVzdDANBgkqhkiG9w0BAQUFAAOBgQBwQP7EuwvnURefrRvLKP+Txzwg |
||||||
|
xEZK/ZG/dSExX7CP8ib5JZQUuJpMzYmyGFbTpLJOU5qrE+vI2rxfHrWOYZU4IB1f |
||||||
|
u053N3slzi5ClKGKZt4y7LM4hupQ13xRfgIpasSJdEI3n/BCmeEdFVBqzKMQJxQe |
||||||
|
tHn3NapFkra7DHe2xQ== |
||||||
|
-----END CERTIFICATE----- |
||||||
@ -0,0 +1,15 @@ |
|||||||
|
-----BEGIN RSA PRIVATE KEY----- |
||||||
|
MIICWwIBAAKBgQCdBEaF1c+2imSy9lvKbFYiylaK5daby8+JtFMNF/IkJB4Dfv4D |
||||||
|
DbNpxw80BbWznNzVWwcZ56LGxV7hngq5c/sStyeGOYOrqfcTTwm7SzPkcQbTMf2v |
||||||
|
/J2jvuMq2kA+daWYDVDI0mHiC/VHgd1RYPdvPrMGnInIbSSJcFNygIhM0QIDAQAB |
||||||
|
AoGAFVtJhFaqo/d67uSXY5cMuDqxPr84S4STO/Ws/jDtnIDVHECfqCaq6o5KwRat |
||||||
|
ujpxxwtUke9xsnuSBjoK12KxGYoEFCstNJx2L77TvjkxcC85C6aGHWxLWCELqnn3 |
||||||
|
3HmCE4I9i/kltO2YTje12nEWVkntqjvnqpAaFeQQ2vRO9KkCQQDOQo2FT0DX7VI7 |
||||||
|
riSNjspfPQS5ESB1xTlcJL7aBS7iubAkVmRPBGM/UZpLLXacgV2WqUp6swcXculc |
||||||
|
SXyx15zDAkEAwuGxNx+SzoLxHzRi2P64+xCo3O4OOP7Fle0/Uyk+DyS9dFljdZbf |
||||||
|
mh28uKqflF0LRe+J4vKKqSHb3dqLdOrm2wJARAFdd96xmn/85QB9vM6fmtcbf4lO |
||||||
|
EoZ8aw0Sf//FfauLj++MEyF3N6FIJhFPUjq1CL+4dswgQnL4zhzMqDZW0QJAchas |
||||||
|
p8e9K1bvEESb5cthweGj6gsXmnhUdgw5eVb4tObeXuIB3xJffxsPo9CHsdSyx9OP |
||||||
|
FqTFVnSzAfNylxT55wJAICUYlyM6/VVMKb9bAoMz7nqg7N/utGEMijT2AqukQues |
||||||
|
jYm2TNtP033yibtWHjwBPDKL5JxsgDfG2x1LYiG6Kw== |
||||||
|
-----END RSA PRIVATE KEY----- |
||||||
@ -0,0 +1,13 @@ |
|||||||
|
-----BEGIN CERTIFICATE----- |
||||||
|
MIIB/DCCAWWgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBCMUAwPgYDVQQDDDdUZXN0 |
||||||
|
IENBIGZvciBQb3N0Z3JlU1FMIFNTTCByZWdyZXNzaW9uIHRlc3Qgc2VydmVyIGNl |
||||||
|
cnRzMB4XDTE0MTIwNDExNTIwMVoXDTQyMDQyMTExNTIwMVowRjEeMBwGA1UECwwV |
||||||
|
UG9zdGdyZVNRTCB0ZXN0IHN1aXRlMSQwIgYDVQQDDBtjb21tb24tbmFtZS5wZy1z |
||||||
|
c2x0ZXN0LnRlc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAON0emWfWbLb |
||||||
|
4cSdixPiKiSwwiRbVw371L2t90jVY1ucJc/8YRUrRMhdsKdsP2NuwtFx1Mghspzt |
||||||
|
c/v6Dj/V9raYsHDGKK7OSPDF97GT9xM6yqm3FAY3l0QdP78XhiIZOhTO4fOJkAfQ |
||||||
|
LVhXca2X0krl0jF57/o5in6GHuyhulLPAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEA |
||||||
|
V7NgLA+RVPeWo5/TLsJyEf3tPnvpdq4Dfr/nDNDyWLhfrmny3Nuykfwap8JZHXG7 |
||||||
|
oo+owRzgAXaJnr++5PvCo82Jp+gCNf5foZBx3GWdPsJY8d/0oREhFXhpqLCUUoiO |
||||||
|
2295A+mrgwfXoI+tlFypNb0T9x6qHOQlBUX+o1JBdnw= |
||||||
|
-----END CERTIFICATE----- |
||||||
@ -0,0 +1,15 @@ |
|||||||
|
-----BEGIN RSA PRIVATE KEY----- |
||||||
|
MIICXgIBAAKBgQDjdHpln1my2+HEnYsT4ioksMIkW1cN+9S9rfdI1WNbnCXP/GEV |
||||||
|
K0TIXbCnbD9jbsLRcdTIIbKc7XP7+g4/1fa2mLBwxiiuzkjwxfexk/cTOsqptxQG |
||||||
|
N5dEHT+/F4YiGToUzuHziZAH0C1YV3Gtl9JK5dIxee/6OYp+hh7sobpSzwIDAQAB |
||||||
|
AoGAHzYfiYxZQarcix9XM05InCpJKbYC9x9EbRbPJQZrEOoXYjfulnoOgTQiBodb |
||||||
|
F2jegOEO4ruFB/Wpgb0pcWcJ6Hgqh+GptulX1yWl7XzivvTDN6DO796pyNa581kN |
||||||
|
CrS9Sy0owktidlX5SJiXw2AOV1bNsvUBNapwyBFKsB3+XgECQQD/4yTJEAdRMZw1 |
||||||
|
3czmcmzw+Aq/IBsd3w/GgX6jME02Br3LqnTIelNTPVNqEpy4wb6rNug2Dm79OWwh |
||||||
|
PNr799vPAkEA444gzKEUB7O2N8RnfLD5/n7Gl+P1MGOH0Rk6lxxAJ+Py8Itm1pV/ |
||||||
|
3o9xwi1kguXdd+wqpL+B2gJDCpgSmJDZAQJBAIxbn5XaAOl8eN7jJr1RDoiuxdZI |
||||||
|
Whdsf063QStqFzAHSpwoh55f2szR2qtYQjblrxxjJcRg7mhf0vv4UXXcYukCQQDR |
||||||
|
wqZBewp3vxVtesLaklkgW8S9JwlRva3o9hSoTwZkvx+m1RnLHKxugFQg5q8MatAo |
||||||
|
R69XhqEwUX1zOpOJx5wBAkEAkvuuVdjo4baxildMPWSH/CcYlZs8c7ofs/Y6VkdV |
||||||
|
zIYMoGnGS7CfJbKLkXP7amlp9Gn1xgCPpbRJrik3Nafa9Q== |
||||||
|
-----END RSA PRIVATE KEY----- |
||||||
@ -0,0 +1,15 @@ |
|||||||
|
-----BEGIN CERTIFICATE----- |
||||||
|
MIICPzCCAaigAwIBAgIBBDANBgkqhkiG9w0BAQUFADBCMUAwPgYDVQQDDDdUZXN0 |
||||||
|
IENBIGZvciBQb3N0Z3JlU1FMIFNTTCByZWdyZXNzaW9uIHRlc3Qgc2VydmVyIGNl |
||||||
|
cnRzMB4XDTE0MTIwNDExNTIwMVoXDTQyMDQyMTExNTIwMVowIDEeMBwGA1UECwwV |
||||||
|
UG9zdGdyZVNRTCB0ZXN0IHN1aXRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB |
||||||
|
gQDMaR3uJ4+1P76DaUDWklA4L3Uic0ogorawfGuBO9pFB0w/kV6AAJGwhEy1DTi2 |
||||||
|
neaAraa383F+e0Kpmbp1hXZ8k5DwKe6pHCv+R1RwRMqGrC6nQPM/tRsU97z7ROM8 |
||||||
|
+5QDE64zYtWkJGjQrpXmLC2sHSFIFyrHoi6MIzopKNSCpwIDAQABo2cwZTBjBgNV |
||||||
|
HREEXDBagh1kbnMxLmFsdC1uYW1lLnBnLXNzbHRlc3QudGVzdIIdZG5zMi5hbHQt |
||||||
|
bmFtZS5wZy1zc2x0ZXN0LnRlc3SCGioud2lsZGNhcmQucGctc3NsdGVzdC50ZXN0 |
||||||
|
MA0GCSqGSIb3DQEBBQUAA4GBAG4lVLFuJsXsaeFpZBiudnklH17bAx11X51UsL7r |
||||||
|
oDp1AL2bHZnACqedHyed4n4+4UYezPbLOO5ITFSkIdkXYa5ohTjrwymhVGN9Sxlb |
||||||
|
1fitKKXWenvixOwPVk8g4e1Ev8JDofTPQNIFA7C8IbGunm8J0Pe7jF6KxlknP9A0 |
||||||
|
x0Li |
||||||
|
-----END CERTIFICATE----- |
||||||
@ -0,0 +1,15 @@ |
|||||||
|
-----BEGIN RSA PRIVATE KEY----- |
||||||
|
MIICXAIBAAKBgQDMaR3uJ4+1P76DaUDWklA4L3Uic0ogorawfGuBO9pFB0w/kV6A |
||||||
|
AJGwhEy1DTi2neaAraa383F+e0Kpmbp1hXZ8k5DwKe6pHCv+R1RwRMqGrC6nQPM/ |
||||||
|
tRsU97z7ROM8+5QDE64zYtWkJGjQrpXmLC2sHSFIFyrHoi6MIzopKNSCpwIDAQAB |
||||||
|
AoGBAI+m+/LHeLYO0yt1B60D7D5gE7ifPyQKVctX1RFgZ7eFNm+iEMByJfDgOSwv |
||||||
|
24BzHW+nGfhCrKsPorygHarDnY0TfInIX5OHaOgiJ2z6mQnCmH9nwX+ZAezeVlZR |
||||||
|
3QqdmRJzFRcqVD2cU2nk/DG2MJDpyqyfaBQ+FXHZGX03LWbRAkEA5SpdsgQkOW/S |
||||||
|
/5ENpACEixD9WU2EJjNOymddy64ODy6ug9Xc46nw6Xkn4EI+wmcmrmi65oH+hx+G |
||||||
|
g0k+aQmi2QJBAORYri1cNxupOSdQ7tY6DoPuMKMrV4FmuiF3XJWb2qZoNZLG4Lai |
||||||
|
kLn9A8yWJmKyu6V+tvz/DYRHlA870FDM4X8CQENoE8lB+JnAb7Lmqrl7wYDaTXsQ |
||||||
|
FvfZjapxfyBjIRWMKJ70sBVzLj6ueXE4axdpmfIhMiCNSh3awwko6SeiQvkCQHwx |
||||||
|
LypEiURmGUuk3QFuug5PMezM2d7rPDiPbq+AAL+Y1epqeDVc3VIKplJTJ7VueFhe |
||||||
|
PrADGBrlw0U1xurrQ4kCQCui0QT42Ppey48lvxu5S5+dOvkjF8p7Ml59aRqlcjPm |
||||||
|
2q38zM/AJlrekSclGszy/PjaXeZzFM+aCYKAsk8h7YE= |
||||||
|
-----END RSA PRIVATE KEY----- |
||||||
@ -0,0 +1,12 @@ |
|||||||
|
-----BEGIN CERTIFICATE----- |
||||||
|
MIIB1jCCAT+gAwIBAgIBBTANBgkqhkiG9w0BAQUFADBCMUAwPgYDVQQDDDdUZXN0 |
||||||
|
IENBIGZvciBQb3N0Z3JlU1FMIFNTTCByZWdyZXNzaW9uIHRlc3Qgc2VydmVyIGNl |
||||||
|
cnRzMB4XDTE0MTIwNDExNTIwMVoXDTQyMDQyMTExNTIwMVowIDEeMBwGA1UECwwV |
||||||
|
UG9zdGdyZVNRTCB0ZXN0IHN1aXRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB |
||||||
|
gQDXRZ+AOvlbHnupGqPsW4zYOE36wyMgwYnsafRMRkZd9R5GLtqnchIBdA9Lg2VP |
||||||
|
gK0355KTYtsdfdnC1kjflkeY+ZAvpRAMarV9fuE3z5kE3qDh4IsSJ3EyxoH7QwEL |
||||||
|
x01INf7QVEb/7y6s1Cw0GBonXnMel/8kfPBFpJ3+p4rw1wIDAQABMA0GCSqGSIb3 |
||||||
|
DQEBBQUAA4GBAIvauevxaS0gnHu3RivMZp9UZe0r9Ja38CqdFnNUT+Z4MS0fOyWq |
||||||
|
9uz3JO7rdLmBtLEUNX2VNR8jIet9/gfxAO5MTYw+nSQ7Ci39kgSQYkCs4gZVS2TJ |
||||||
|
GeOpfcBipOFkI9O0nElAmNVFDB5j5bY5NfCNAMoD1q/FzovxlcskCOdh |
||||||
|
-----END CERTIFICATE----- |
||||||
@ -0,0 +1,15 @@ |
|||||||
|
-----BEGIN RSA PRIVATE KEY----- |
||||||
|
MIICXwIBAAKBgQDXRZ+AOvlbHnupGqPsW4zYOE36wyMgwYnsafRMRkZd9R5GLtqn |
||||||
|
chIBdA9Lg2VPgK0355KTYtsdfdnC1kjflkeY+ZAvpRAMarV9fuE3z5kE3qDh4IsS |
||||||
|
J3EyxoH7QwELx01INf7QVEb/7y6s1Cw0GBonXnMel/8kfPBFpJ3+p4rw1wIDAQAB |
||||||
|
AoGBAKMdFCBbjzmlvVmC4BZlwDDNaPjLB0D4pQNHvV5WGVd0Nb5EHlWmL1J+mGBF |
||||||
|
bWxyOc4UX5Hh49lS1L+3EnyoKBKzsuPafLLXpVM2ujkkJt8iYenWUDqw1+g6zM97 |
||||||
|
bHaQAa/U6+Mqn+dfcAn4FpYknZ0V4cvKqKw6CzjypkmHeLwxAkEA7F0tiV2nhkzN |
||||||
|
huOifLaxQHkOOBIgaFLGAMLwYHLlwVjPxk6O34+XPMehFQbetL431ZweUdGSY1fX |
||||||
|
jURXR72APQJBAOkn4AuhVWoS3lMWQc58kMCzY4+Xwd6ILKXMhFTZA2iNn7IUVEUe |
||||||
|
F2wjq292lu+tIfH+CdRjgCAC7B4OVaI2EqMCQQCZzHeY7ovXY5pIr05HgEkN/rc1 |
||||||
|
3PWhbFrSnAX1fE3r5XItQ2jMJ47tSaiTGglH6o5CPHeuHYP3iG0FyvZQBAqxAkEA |
||||||
|
izskr81IFG/wE+3WnlgEmQ6HBdi6DQmEn/3hiEmPn3/zPYSmTiAKHKmwVn+a4sWg |
||||||
|
38G0XQCOIo+cMNaejJ99wQJBAINI+vfNR8A3wDsvz9hVpa+yZ4aDOeFETJprGsin |
||||||
|
D0v/xzviq1LPrOCuarioyEpYS47bzIKGSeAtC38VB4tQyEo= |
||||||
|
-----END RSA PRIVATE KEY----- |
||||||
@ -0,0 +1,13 @@ |
|||||||
|
-----BEGIN CERTIFICATE----- |
||||||
|
MIIB/DCCAWWgAwIBAgIBBjANBgkqhkiG9w0BAQUFADBCMUAwPgYDVQQDDDdUZXN0 |
||||||
|
IENBIGZvciBQb3N0Z3JlU1FMIFNTTCByZWdyZXNzaW9uIHRlc3Qgc2VydmVyIGNl |
||||||
|
cnRzMB4XDTE0MTIwNDExNTIwMVoXDTQyMDQyMTExNTIwMVowRjEeMBwGA1UECwwV |
||||||
|
UG9zdGdyZVNRTCB0ZXN0IHN1aXRlMSQwIgYDVQQDDBtjb21tb24tbmFtZS5wZy1z |
||||||
|
c2x0ZXN0LnRlc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK09F4gQyZP/ |
||||||
|
Z5fbOrLbQySBonwt9Wbb5iAEm5618oDk/YLkl1AQo2eoTabevY7+DwHPMMwR9MSA |
||||||
|
yUlvJ8Gc3MNAOIag0o63NNOZxYIzpqqAElOMPNE/FRlpVJyauGZ7lV/Y34vjtHxu |
||||||
|
4Pmi0jOLNMzUNjlN0rQrz0xaTGQ1rX1bAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEA |
||||||
|
ghgb9HNsSfyX1JMLYlCudOTQ/LuoXeXFsqFxRDAOXCCaSrH9T4lUZayBGNOd8kgZ |
||||||
|
FFHJo4WhZx7sE/foXuax/QGLi/mGrVw2xfJdD9SIQndzdnExoQndb+gvGSH/23s4 |
||||||
|
Oif6jcSMPCLpoTaqVQdyPcw7DI9h26YzZ71IybBxPNE= |
||||||
|
-----END CERTIFICATE----- |
||||||
@ -0,0 +1,15 @@ |
|||||||
|
-----BEGIN RSA PRIVATE KEY----- |
||||||
|
MIICXQIBAAKBgQCtPReIEMmT/2eX2zqy20MkgaJ8LfVm2+YgBJuetfKA5P2C5JdQ |
||||||
|
EKNnqE2m3r2O/g8BzzDMEfTEgMlJbyfBnNzDQDiGoNKOtzTTmcWCM6aqgBJTjDzR |
||||||
|
PxUZaVScmrhme5Vf2N+L47R8buD5otIzizTM1DY5TdK0K89MWkxkNa19WwIDAQAB |
||||||
|
AoGBAJNJ5b/hxgD2nXUXB4kZsrRPI37A9GxHehiu0kDWISBFkOTAxYVlIAj5p0vB |
||||||
|
BRmWF9xJ9AsNGTYY6QpuXzbVzzsqxpzqfrmcbpnEwJPIN74cWSBU3As6SVtkD414 |
||||||
|
TjV3TxJlER87D4Jtk2vWvwjWt2tj7fAe/9B44l211jStT0/BAkEA5oRVIBUrLGhb |
||||||
|
ZCHMFEHfF5BtGYNUa54QDK1cJCmstv3CEfR/g1cHLKgnbXRzbIZ4u54sjY4PhviB |
||||||
|
nCVdr6umbwJBAMBjxj8BOFceswCgse3LdaO5O2YPh/h014iiwrll+XB5ufxq5mOa |
||||||
|
9gaKmE8eUBmuWwcE05xbzSUaBhCTjVNNrdUCQQCvylcIYlxMP0ECuWtiP2GcHL22 |
||||||
|
aRql/yIKKOJNiaJ24klvW98qD+IewhVfOSEUr+++VD9xq9ZXfYeJxk0NvH7tAkAR |
||||||
|
hQR4mFPZGyKR3BBX5z8/OY7/LErlhT5bYvb4iyC77VnScqmoSGQ/FD/qdIg2znnb |
||||||
|
mcTraDC2QDhtKgKko15BAkAxtNExYOsPlW3kuhMRnDV3mB3h1TLghl9rYuHfSM5F |
||||||
|
9D7tpJ8FZa4P7BE5bfI1CPoRJsVVw0rUf1ihaMkUyxfI |
||||||
|
-----END RSA PRIVATE KEY----- |
||||||
@ -0,0 +1,13 @@ |
|||||||
|
-----BEGIN CERTIFICATE----- |
||||||
|
MIICBjCCAW+gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBCMUAwPgYDVQQDDDdUZXN0 |
||||||
|
IENBIGZvciBQb3N0Z3JlU1FMIFNTTCByZWdyZXNzaW9uIHRlc3Qgc2VydmVyIGNl |
||||||
|
cnRzMB4XDTE0MTIwNDExNTIwMVoXDTQyMDQyMTExNTIwMVowIDEeMBwGA1UECwwV |
||||||
|
UG9zdGdyZVNRTCB0ZXN0IHN1aXRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB |
||||||
|
gQCqGqSv5i36Nk7FDQhRmBXi9M81Ox6YNAm1ha6Wj/MCfOlsCwWFfTFoTf5k1Why |
||||||
|
dB8yDlqGvZ2daf6mfgaui4R9uwVgbrPhhDUArtT1u5PBIqDdS10Z8E8iGStga/HQ |
||||||
|
J4CPlrXltX0ll4EC0EMj6SaF1dsYTMld4O7ipCZ62U7EowIDAQABoy4wLDAqBgNV |
||||||
|
HREEIzAhgh9zaW5nbGUuYWx0LW5hbWUucGctc3NsdGVzdC50ZXN0MA0GCSqGSIb3 |
||||||
|
DQEBBQUAA4GBAC/otQQ0Ie+YqgH53nDvMpZ3Ol8xodOUWneRPI8Wf601Qi8Q4yY5 |
||||||
|
9Gv+iU6ZEidn92y0hYXiHzItl/1K6LvIQM/yuro0j+48M/rdzl1qImSnxy0eGHbA |
||||||
|
3fOvUNt8ymYKsgsAfeqHZmWUidEZ/jF9Y72oER/6ImnmsbjEFtHVFDRL |
||||||
|
-----END CERTIFICATE----- |
||||||
@ -0,0 +1,15 @@ |
|||||||
|
-----BEGIN RSA PRIVATE KEY----- |
||||||
|
MIICXQIBAAKBgQCqGqSv5i36Nk7FDQhRmBXi9M81Ox6YNAm1ha6Wj/MCfOlsCwWF |
||||||
|
fTFoTf5k1WhydB8yDlqGvZ2daf6mfgaui4R9uwVgbrPhhDUArtT1u5PBIqDdS10Z |
||||||
|
8E8iGStga/HQJ4CPlrXltX0ll4EC0EMj6SaF1dsYTMld4O7ipCZ62U7EowIDAQAB |
||||||
|
AoGANPD34psEIkS2vVNyDFsGLM2+k7WjrwE7KFjD3q5MlrCjwXGotUQilXD4xQ86 |
||||||
|
Y6zKbLzU5eyr2ms7yzub/sUDZdBdJkU39NzEAf8dKN/UvhSGSZH1zxRCm1SmDrxZ |
||||||
|
BM3TEEGZUVrcamJF2EldPdbmBo8EiFyuPT7UMObvYt0li6kCQQDUol5X57+6ZGvF |
||||||
|
QrmE/3dz+zxa5fZikiG82mrpS9RiXlSssHbE4z04UARgLCGloqlFIQTsKCHnsK7i |
||||||
|
hTX41FL/AkEAzMvGWthn3QG1cVT8tLhinhAL2C/v9Mjq1SnlWi/9qs28mAtYa926 |
||||||
|
wNv+DwcEOEvamCStj+n3q8LRZ/zxbpliXQJAVq7eoR1z9uuLV75s3QA8VUbdgvzu |
||||||
|
pZ6HLHMqVHM6YOOtxzylHny472UHc6FqEhkuwmTEmfV+ZPKNSQEfUJJWRwJBAK1Z |
||||||
|
p7LqDzCh66Xc3HNUyBUnW/9IxIKdNznsVrk6eiwELik9IUFc1GG/VZP+ynGks4mp |
||||||
|
MkjpML3xEDRHhU2rA/kCQQCzhjCPuiZtPpe7fM/gl78q+TSXu/Rr8e/LYYmHeRbq |
||||||
|
G9ojPe6Kx+toOPrOaaDLbRd6tkmwoLl9eSW/EW/aHwWY |
||||||
|
-----END RSA PRIVATE KEY----- |
||||||
@ -0,0 +1,13 @@ |
|||||||
|
-----BEGIN CERTIFICATE----- |
||||||
|
MIICCDCCAXGgAwIBAgIJAJKfiuFnjnPZMA0GCSqGSIb3DQEBCwUAMEYxJDAiBgNV |
||||||
|
BAMMG2NvbW1vbi1uYW1lLnBnLXNzbHRlc3QudGVzdDEeMBwGA1UECwwVUG9zdGdy |
||||||
|
ZVNRTCB0ZXN0IHN1aXRlMB4XDTE0MTIwNDExNTIwMVoXDTQyMDQyMTExNTIwMVow |
||||||
|
RjEkMCIGA1UEAwwbY29tbW9uLW5hbWUucGctc3NsdGVzdC50ZXN0MR4wHAYDVQQL |
||||||
|
DBVQb3N0Z3JlU1FMIHRlc3Qgc3VpdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ |
||||||
|
AoGBAON0emWfWbLb4cSdixPiKiSwwiRbVw371L2t90jVY1ucJc/8YRUrRMhdsKds |
||||||
|
P2NuwtFx1Mghspztc/v6Dj/V9raYsHDGKK7OSPDF97GT9xM6yqm3FAY3l0QdP78X |
||||||
|
hiIZOhTO4fOJkAfQLVhXca2X0krl0jF57/o5in6GHuyhulLPAgMBAAEwDQYJKoZI |
||||||
|
hvcNAQELBQADgYEAoMiPEDM4EmgyOc6kVRSVa+Q+6Wc+O7WX7LmEZprXyJErQ51H |
||||||
|
X0KWcznjass1YzVeT+hCOyEQWSbEs8W1+b0FZleD6Cng9ZfD10Oz/4nCBy8al7sn |
||||||
|
GlQk0KHYlMOcQDfmFr5CNuoIo77rtapDlVxIhMAxBJKTlYvimbNh3XM9g4U= |
||||||
|
-----END CERTIFICATE----- |
||||||
@ -0,0 +1,15 @@ |
|||||||
|
-----BEGIN RSA PRIVATE KEY----- |
||||||
|
MIICXAIBAAKBgQDHz31rLL10XaTbD+K4UQcrtV+2Jq9C9U65lDk6LtsGVkW3os0P |
||||||
|
b0MtXZEijnPvVDa7Kwq4mvKzTJ/SZwtA6zxSC8gs9gpql3ZSINsrzHC9XNxNbUgZ |
||||||
|
gPGiAq9j8C2kRnTKae3tDsEa54XWZXTFniu0Lbk1lXEeompCZZv4wqaSfwIDAQAB |
||||||
|
AoGADrqV1TOsF4rbnyZRoSKf87HgB05ctwPcNMPfYBGaJaJwazP+B7g87HgsPa7g |
||||||
|
jvDXQ/7NQIRzhZINafYcl0F/5a7tbO6DyCXJzoYYZ4NOb8ng1HBpaBMhcigOeeeZ |
||||||
|
i+KBYDjPzEeVfUOxIADWuh8HuVQWgB2WOdWg2GSuC4MZrXkCQQD3AuKxW7W4PJzP |
||||||
|
ZMY4RpnvFlfUyNWKM/0vMeDv88QUK+LH1MWMSIsYPSBS5sTB8b7lR0kb3IhDkuNP |
||||||
|
MeoiZNIlAkEAzxTj5ITO92RL7JI85Z1WBMPgOjvw5ffQF95GiLUN7My1SB5KJUWX |
||||||
|
pI108sY6oigHNDYjlL8rfsJHoz3MpPaG0wJBAMNOwcXwuMebDXYivWSD1nUoGnyB |
||||||
|
6+5h2yA09SFlgjVc2eydfTHFrk2VD3jdRNgA+Kq7acAg6JFdlGPrGLDnPQ0CQGrs |
||||||
|
X2tMA82LVQSW0ajBn3ugY/PNpWoolaLtW0AVNFZzsJrHQQOTtmP5wkvkfLvjrSyR |
||||||
|
U7fnKZ8u02x/aV44CI8CQCQSiBF1mTqiNUZswX0z8m8KRiYplS9+UdtHqbwo91dw |
||||||
|
BD/KWzZKJjGEbc3RN1MIQUq02cp1ZU3pNU7afALBF4s= |
||||||
|
-----END RSA PRIVATE KEY----- |
||||||
@ -0,0 +1,9 @@ |
|||||||
|
-----BEGIN X509 CRL----- |
||||||
|
MIIBHTCBhzANBgkqhkiG9w0BAQUFADBCMUAwPgYDVQQDDDdUZXN0IENBIGZvciBQ |
||||||
|
b3N0Z3JlU1FMIFNTTCByZWdyZXNzaW9uIHRlc3Qgc2VydmVyIGNlcnRzFw0xNDEy |
||||||
|
MDQxMTUyMDFaFw00MjA0MjExMTUyMDFaMBQwEgIBBhcNMTQxMjA0MTE1MjAxWjAN |
||||||
|
BgkqhkiG9w0BAQUFAAOBgQCmFnFkEt0+Ialw4E+4nIAJWJO9XDE71FdRfX3QChs8 |
||||||
|
ZJtBseaMNeUC1FY1zHOYQhtMy+Uatda6hx/QiyidF2oP5KpWp+R11M554Ifxem3X |
||||||
|
KDQDBQNee+1IIJ7a1kxAUxeSNP+0a3/bmUxI5sbomINnKeIDqDO8d2vmO2VLxJm6 |
||||||
|
MA== |
||||||
|
-----END X509 CRL----- |
||||||
@ -0,0 +1,13 @@ |
|||||||
|
-----BEGIN CERTIFICATE----- |
||||||
|
MIIB8TCCAVoCAQEwDQYJKoZIhvcNAQEFBQAwQDE+MDwGA1UEAww1VGVzdCByb290 |
||||||
|
IENBIGZvciBQb3N0Z3JlU1FMIFNTTCByZWdyZXNzaW9uIHRlc3Qgc3VpdGUwHhcN |
||||||
|
MTQxMjA0MTE1MjAxWhcNNDIwNDIxMTE1MjAxWjBCMUAwPgYDVQQDDDdUZXN0IENB |
||||||
|
IGZvciBQb3N0Z3JlU1FMIFNTTCByZWdyZXNzaW9uIHRlc3Qgc2VydmVyIGNlcnRz |
||||||
|
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC15tOzDBVKaCRDz9L5LMpPk8DR |
||||||
|
RGHHOe4OuO6WTkUzjbjuKyiQbmtcp00R4dULbSM57ESvI/Ny0gPt+J/QKAOG8S5t |
||||||
|
09wDpKxKcgZSZ6Nd6FaK+D+ZhUVAkP3hB0ba0wo1JZff/0e4B+VJhXTjl7RRHfbr |
||||||
|
AEuDYFxv9T3K/Jq04wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAJys1pnYvO+u8Wca |
||||||
|
6xUToGMpqTnImKa+dX8tMKsp6mXAN/dWrOVMDWnjBhQxShhAZBsaJ4iUeXPJlctw |
||||||
|
KzkUCQo6BsUbPMTSQlPuyHHdZBOTHDIW4SylKaBQvkundkhhBO7aHwFV3QjxZKcH |
||||||
|
XqpGyY2ryrgdj2D4+H55NDXYjj/m |
||||||
|
-----END CERTIFICATE----- |
||||||
@ -0,0 +1,15 @@ |
|||||||
|
-----BEGIN RSA PRIVATE KEY----- |
||||||
|
MIICXQIBAAKBgQC15tOzDBVKaCRDz9L5LMpPk8DRRGHHOe4OuO6WTkUzjbjuKyiQ |
||||||
|
bmtcp00R4dULbSM57ESvI/Ny0gPt+J/QKAOG8S5t09wDpKxKcgZSZ6Nd6FaK+D+Z |
||||||
|
hUVAkP3hB0ba0wo1JZff/0e4B+VJhXTjl7RRHfbrAEuDYFxv9T3K/Jq04wIDAQAB |
||||||
|
AoGBAKxkghg7iGYHQu9dpCXw9B/s+R2bgEuPNHWRgNTEg0MzuqNGFeCkNW4PRLSA |
||||||
|
4ic9HNiFeia+nLgiIAVFzzg44/VCvzD8P0EdJo9bRqV+mmm15YBcpV+F3I5RLOuq |
||||||
|
IWuRHyDbt+wsZyzdzPN0ElV3AUmj/0vkfX0xoRwXeGqimBFpAkEA5/PpK0qjvK3z |
||||||
|
hv4lC0nX3bmaKfFFEDRiufK+/WUGMHx8YS55CqjpcbR+xMPAFswWEcBEQnj6zbDm |
||||||
|
a4hEjlwXBwJBAMjCi9UcDe3Sp/mmxFklxmMusIHqldA5YsOyCjtSLxpgHJLdwcMx |
||||||
|
KWH3Q9nUrn4WxhlHhY8W6smNgQDzVk1TgEUCQCd2ef8hjcX2Gm6nIopPH+jbQP1N |
||||||
|
zSA6qWlVgWT/IRRyuX6XN4S2xDDSMpcrbqzyP/b5LSPaDWGdbTZyUqedx1UCQDjA |
||||||
|
/sTVNH7aAZCK+5D0I9xgE5f2mDmQL4KBL3FLr3M2Xn2KYT9sA3Xlb/IBtP6CM6hr |
||||||
|
1q733JH0Bdcd83TSuT0CQQCb4dzfNLuYscHBnQYsMCZvMSKmQZ2LKUANGra/mX+i |
||||||
|
7JZ7wngI548ypMK2lJWnb2Ce+0cR8GAPVHWOTx2srtH4 |
||||||
|
-----END RSA PRIVATE KEY----- |
||||||
@ -0,0 +1,223 @@ |
|||||||
|
use strict; |
||||||
|
use warnings; |
||||||
|
use TestLib; |
||||||
|
use Test::More tests => 38; |
||||||
|
use ServerSetup; |
||||||
|
use File::Copy; |
||||||
|
|
||||||
|
# Like TestLib.pm, we use IPC::Run |
||||||
|
BEGIN |
||||||
|
{ |
||||||
|
eval { |
||||||
|
require IPC::Run; |
||||||
|
import IPC::Run qw(run start); |
||||||
|
1; |
||||||
|
} or do |
||||||
|
{ |
||||||
|
plan skip_all => "IPC::Run not available"; |
||||||
|
} |
||||||
|
} |
||||||
|
|
||||||
|
#### Some configuration |
||||||
|
|
||||||
|
# This is the hostname used to connect to the server. This cannot be a |
||||||
|
# hostname, because the server certificate is always for the domain |
||||||
|
# postgresql-ssl-regression.test. |
||||||
|
my $SERVERHOSTADDR='127.0.0.1'; |
||||||
|
|
||||||
|
my $tempdir = TestLib::tempdir; |
||||||
|
#my $tempdir = "tmp_check"; |
||||||
|
|
||||||
|
|
||||||
|
# Define a couple of helper functions to test connecting to the server. |
||||||
|
|
||||||
|
my $common_connstr; |
||||||
|
|
||||||
|
sub run_test_psql { |
||||||
|
my $connstr = $_[0]; |
||||||
|
my $logstring = $_[1]; |
||||||
|
|
||||||
|
my $cmd = [ 'psql', |
||||||
|
'-A', '-t', |
||||||
|
'-c', "SELECT 'connected with $connstr'", |
||||||
|
'-d', "$connstr" |
||||||
|
]; |
||||||
|
|
||||||
|
open CLIENTLOG, ">>$tempdir/client-log" or die "Could not open client-log file"; |
||||||
|
print CLIENTLOG "\n# Running test: $connstr $logstring\n"; |
||||||
|
close CLIENTLOG; |
||||||
|
|
||||||
|
my $result = run $cmd, '>>', "$tempdir/client-log", '2>&1'; |
||||||
|
return $result; |
||||||
|
} |
||||||
|
|
||||||
|
# |
||||||
|
# The first argument is a (part of a) connection string, and it's also printed |
||||||
|
# out as the test case name. It is appended to $common_connstr global variable, |
||||||
|
# which also contains a libpq connection string. |
||||||
|
# |
||||||
|
# The second argument is a hostname to connect to. |
||||||
|
sub test_connect_ok { |
||||||
|
my $connstr = $_[0]; |
||||||
|
|
||||||
|
my $result = run_test_psql("$common_connstr $connstr", "(should succeed)"); |
||||||
|
ok($result, $connstr); |
||||||
|
} |
||||||
|
|
||||||
|
sub test_connect_fails { |
||||||
|
my $connstr = $_[0]; |
||||||
|
|
||||||
|
my $result = run_test_psql("$common_connstr $connstr", "(should fail)"); |
||||||
|
ok(!$result, "$connstr (should fail)"); |
||||||
|
} |
||||||
|
|
||||||
|
# The client's private key must not be world-readable. Git doesn't track |
||||||
|
# permissions (except for the executable bit), so they might be wrong after |
||||||
|
# a checkout. |
||||||
|
system_or_bail "chmod 0600 ssl/client.key"; |
||||||
|
|
||||||
|
#### Part 0. Set up the server. |
||||||
|
|
||||||
|
diag "setting up data directory in \"$tempdir\"..."; |
||||||
|
start_test_server($tempdir); |
||||||
|
configure_test_server_for_ssl($tempdir); |
||||||
|
switch_server_cert($tempdir, 'server-cn-only'); |
||||||
|
|
||||||
|
### Part 1. Run client-side tests. |
||||||
|
### |
||||||
|
### Test that libpq accepts/rejects the connection correctly, depending |
||||||
|
### on sslmode and whether the server's certificate looks correct. No |
||||||
|
### client certificate is used in these tests. |
||||||
|
|
||||||
|
diag "running client tests..."; |
||||||
|
|
||||||
|
$common_connstr="user=ssltestuser dbname=trustdb sslcert=invalid hostaddr=$SERVERHOSTADDR host=common-name.pg-ssltest.test"; |
||||||
|
|
||||||
|
# The server should not accept non-SSL connections |
||||||
|
diag "test that the server doesn't accept non-SSL connections"; |
||||||
|
test_connect_fails("sslmode=disable"); |
||||||
|
|
||||||
|
# Try without a root cert. In sslmode=require, this should work. In verify-ca |
||||||
|
# or verify-full mode it should fail |
||||||
|
diag "connect without server root cert"; |
||||||
|
test_connect_ok ("sslrootcert=invalid sslmode=require"); |
||||||
|
test_connect_fails("sslrootcert=invalid sslmode=verify-ca"); |
||||||
|
test_connect_fails("sslrootcert=invalid sslmode=verify-full"); |
||||||
|
|
||||||
|
# Try with wrong root cert, should fail. (we're using the client CA as the |
||||||
|
# root, but the server's key is signed by the server CA) |
||||||
|
diag "connect without wrong server root cert"; |
||||||
|
test_connect_fails("sslrootcert=ssl/client_ca.crt sslmode=require"); |
||||||
|
test_connect_fails("sslrootcert=ssl/client_ca.crt sslmode=verify-ca"); |
||||||
|
test_connect_fails("sslrootcert=ssl/client_ca.crt sslmode=verify-full"); |
||||||
|
|
||||||
|
# Try with just the server CA's cert. This fails because the root file |
||||||
|
# must contain the whole chain up to the root CA. |
||||||
|
diag "connect with server CA cert, without root CA"; |
||||||
|
test_connect_fails("sslrootcert=ssl/server_ca.crt sslmode=verify-ca"); |
||||||
|
|
||||||
|
# And finally, with the correct root cert. |
||||||
|
diag "connect with correct server CA cert file"; |
||||||
|
test_connect_ok ("sslrootcert=ssl/root+server_ca.crt sslmode=require"); |
||||||
|
test_connect_ok ("sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca"); |
||||||
|
test_connect_ok ("sslrootcert=ssl/root+server_ca.crt sslmode=verify-full"); |
||||||
|
|
||||||
|
# Test with cert root file that contains two certificates. The client should |
||||||
|
# be able to pick the right one, regardless of the order in the file. |
||||||
|
test_connect_ok ("sslrootcert=ssl/both-cas-1.crt sslmode=verify-ca"); |
||||||
|
test_connect_ok ("sslrootcert=ssl/both-cas-2.crt sslmode=verify-ca"); |
||||||
|
|
||||||
|
diag "testing sslcrl option with a non-revoked cert"; |
||||||
|
|
||||||
|
# Invalid CRL filename is the same as no CRL, succeeds |
||||||
|
test_connect_ok ("sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca sslcrl=invalid"); |
||||||
|
# A CRL belonging to a different CA is not accepted, fails |
||||||
|
test_connect_fails("sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca sslcrl=ssl/client.crl"); |
||||||
|
# With the correct CRL, succeeds (this cert is not revoked) |
||||||
|
test_connect_ok ("sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca sslcrl=ssl/root+server.crl"); |
||||||
|
|
||||||
|
# Check that connecting with verify-full fails, when the hostname doesn't |
||||||
|
# match the hostname in the server's certificate. |
||||||
|
diag "test mismatch between hostname and server certificate"; |
||||||
|
$common_connstr="user=ssltestuser dbname=trustdb sslcert=invalid sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR sslmode=verify-full"; |
||||||
|
|
||||||
|
test_connect_ok ("sslmode=require host=wronghost.test"); |
||||||
|
test_connect_ok ("sslmode=verify-ca host=wronghost.test"); |
||||||
|
test_connect_fails("sslmode=verify-full host=wronghost.test"); |
||||||
|
|
||||||
|
# Test Subject Alternative Names. |
||||||
|
switch_server_cert($tempdir, 'server-multiple-alt-names'); |
||||||
|
|
||||||
|
diag "test hostname matching with X509 Subject Alternative Names"; |
||||||
|
$common_connstr="user=ssltestuser dbname=trustdb sslcert=invalid sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR sslmode=verify-full"; |
||||||
|
|
||||||
|
test_connect_ok ("host=dns1.alt-name.pg-ssltest.test"); |
||||||
|
test_connect_ok ("host=dns2.alt-name.pg-ssltest.test"); |
||||||
|
test_connect_ok ("host=foo.wildcard.pg-ssltest.test"); |
||||||
|
|
||||||
|
test_connect_fails("host=wronghost.alt-name.pg-ssltest.test"); |
||||||
|
test_connect_fails("host=deep.subdomain.wildcard.pg-ssltest.test"); |
||||||
|
|
||||||
|
# Test certificate with a single Subject Alternative Name. (this gives a |
||||||
|
# slightly different error message, that's all) |
||||||
|
switch_server_cert($tempdir, 'server-single-alt-name'); |
||||||
|
|
||||||
|
diag "test hostname matching with a single X509 Subject Alternative Name"; |
||||||
|
$common_connstr="user=ssltestuser dbname=trustdb sslcert=invalid sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR sslmode=verify-full"; |
||||||
|
|
||||||
|
test_connect_ok ("host=single.alt-name.pg-ssltest.test"); |
||||||
|
|
||||||
|
test_connect_fails("host=wronghost.alt-name.pg-ssltest.test"); |
||||||
|
test_connect_fails("host=deep.subdomain.wildcard.pg-ssltest.test"); |
||||||
|
|
||||||
|
# Test server certificate with a CN and SANs. Per RFCs 2818 and 6125, the CN |
||||||
|
# should be ignored when the certificate has both. |
||||||
|
switch_server_cert($tempdir, 'server-cn-and-alt-names'); |
||||||
|
|
||||||
|
diag "test certificate with both a CN and SANs"; |
||||||
|
$common_connstr="user=ssltestuser dbname=trustdb sslcert=invalid sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR sslmode=verify-full"; |
||||||
|
|
||||||
|
test_connect_ok ("host=dns1.alt-name.pg-ssltest.test"); |
||||||
|
test_connect_ok ("host=dns2.alt-name.pg-ssltest.test"); |
||||||
|
test_connect_fails("host=common-name.pg-ssltest.test"); |
||||||
|
|
||||||
|
# Finally, test a server certificate that has no CN or SANs. Of course, that's |
||||||
|
# not a very sensible certificate, but libpq should handle it gracefully. |
||||||
|
switch_server_cert($tempdir, 'server-no-names'); |
||||||
|
$common_connstr="user=ssltestuser dbname=trustdb sslcert=invalid sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR"; |
||||||
|
|
||||||
|
test_connect_ok ("sslmode=verify-ca host=common-name.pg-ssltest.test"); |
||||||
|
test_connect_fails("sslmode=verify-full host=common-name.pg-ssltest.test"); |
||||||
|
|
||||||
|
# Test that the CRL works |
||||||
|
diag "Testing client-side CRL"; |
||||||
|
switch_server_cert($tempdir, 'server-revoked'); |
||||||
|
|
||||||
|
$common_connstr="user=ssltestuser dbname=trustdb sslcert=invalid hostaddr=$SERVERHOSTADDR host=common-name.pg-ssltest.test"; |
||||||
|
|
||||||
|
# Without the CRL, succeeds. With it, fails. |
||||||
|
test_connect_ok ("sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca"); |
||||||
|
test_connect_fails("sslrootcert=ssl/root+server_ca.crt sslmode=verify-ca sslcrl=ssl/root+server.crl"); |
||||||
|
|
||||||
|
### Part 2. Server-side tests. |
||||||
|
### |
||||||
|
### Test certificate authorization. |
||||||
|
|
||||||
|
diag "Testing certificate authorization..."; |
||||||
|
$common_connstr="sslrootcert=ssl/root+server_ca.crt sslmode=require dbname=certdb hostaddr=$SERVERHOSTADDR"; |
||||||
|
|
||||||
|
# no client cert |
||||||
|
test_connect_fails("user=ssltestuser sslcert=invalid"); |
||||||
|
|
||||||
|
# correct client cert |
||||||
|
test_connect_ok ("user=ssltestuser sslcert=ssl/client.crt sslkey=ssl/client.key"); |
||||||
|
|
||||||
|
# client cert belonging to another user |
||||||
|
test_connect_fails("user=anotheruser sslcert=ssl/client.crt sslkey=ssl/client.key"); |
||||||
|
|
||||||
|
# revoked client cert |
||||||
|
test_connect_fails("user=ssltestuser sslcert=ssl/client-revoked.crt sslkey=ssl/client-revoked.key"); |
||||||
|
|
||||||
|
|
||||||
|
# All done! Save the log, before the temporary installation is deleted |
||||||
|
copy("$tempdir/client-log", "./client-log"); |
||||||
Loading…
Reference in new issue