diff --git a/packages/cli-repl/test/e2e-tls.spec.ts b/packages/cli-repl/test/e2e-tls.spec.ts index d0477281ed..e30d30409a 100644 --- a/packages/cli-repl/test/e2e-tls.spec.ts +++ b/packages/cli-repl/test/e2e-tls.spec.ts @@ -14,6 +14,7 @@ const CLIENT_CERT = getCertPath('client.bundle.pem'); const CLIENT_CERT_PFX = getCertPath('client.bundle.pfx'); const INVALID_CLIENT_CERT = getCertPath('invalid-client.bundle.pem'); const SERVER_KEY = getCertPath('server.bundle.pem'); +const SERVER_INVALIDHOST_KEY = getCertPath('server-invalidhost.bundle.pem'); const CRL_INCLUDING_SERVER = getCertPath('ca-server.crl'); describe('e2e TLS', () => { @@ -49,7 +50,7 @@ describe('e2e TLS', () => { }); function registerTlsTests({ tlsMode: serverTlsModeOption, tlsModeValue: serverTlsModeValue, tlsCertificateFile: serverTlsCertificateKeyFileOption, tlsCaFile: serverTlsCAFileOption }) { - context('connecting without client cert', () => { + context('connecting without client cert to server with valid cert', () => { after(async() => { // mlaunch has some trouble interpreting all the server options correctly, // and subsequently can't connect to the server to find out if it's up, @@ -153,7 +154,7 @@ describe('e2e TLS', () => { }); }); - context('connecting with client cert', () => { + context('connecting with client cert to server with valid cert', () => { const tmpdir = useTmpdir(); after(async() => { @@ -302,5 +303,62 @@ describe('e2e TLS', () => { } }); }); + + context('connecting to server with invalid cert', () => { + after(async() => { + // mlaunch has some trouble interpreting all the server options correctly, + // and subsequently can't connect to the server to find out if it's up, + // then thinks it isn't and doesn't shut it down cleanly. We shut it down + // here to work around that. + const shell = TestShell.start({ args: + [ + await server.connectionString(), + '--tls', '--tlsCAFile', CA_CERT, '--tlsAllowInvalidCertificates' + ] + }); + await shell.waitForPrompt(); + await shell.executeLine('db.shutdownServer({ force: true })'); + await TestShell.killall(); + }); + + const server = startTestServer( + 'not-shared', '--hostname', 'localhost', + serverTlsModeOption, serverTlsModeValue, + serverTlsCertificateKeyFileOption, SERVER_INVALIDHOST_KEY + ); + + it('works with allowInvalidCertificates', async() => { + const shell = TestShell.start({ + args: [ + await server.connectionString(), + '--tls', '--tlsCAFile', CA_CERT, '--tlsAllowInvalidCertificates' + ] + }); + const result = await shell.waitForPromptOrExit(); + expect(result.state).to.equal('prompt'); + }); + + it('works with allowInvalidHostnames', async() => { + const shell = TestShell.start({ + args: [ + await server.connectionString(), + '--tls', '--tlsCAFile', CA_CERT, '--tlsAllowInvalidHostnames' + ] + }); + const result = await shell.waitForPromptOrExit(); + expect(result.state).to.equal('prompt'); + }); + + it('fails when no additional args are provided', async() => { + const shell = TestShell.start({ + args: [ + await server.connectionString(), + '--tls', '--tlsCAFile', CA_CERT + ] + }); + const result = await shell.waitForPromptOrExit(); + expect(result.state).to.equal('exit'); + }); + }); } }); diff --git a/packages/cli-repl/test/fixtures/certificates/README.md b/packages/cli-repl/test/fixtures/certificates/README.md index dd1f691ddf..abc1733543 100644 --- a/packages/cli-repl/test/fixtures/certificates/README.md +++ b/packages/cli-repl/test/fixtures/certificates/README.md @@ -70,6 +70,28 @@ To recreate the certificates follow the steps outlined below. cat server.pem server.key > server.bundle.pem ``` +## Setup Server Certificate with invalid hostname +1. Create a new key to use for the server: + ``` + openssl genrsa -out server-invalidhost.key 4096 + ``` +2. Generate a Certificate Signing Request (CSR) with validity 99.999 days: + ``` + openssl req -new -key server-invalidhost.key -out server-invalidhost.csr -days 99999 + ``` + * Organization Name: `MongoDB` + * Organizational Unit Name: `DevTools` + * Common Name: `invalidhost` +3. Sign the CSR to generate server certificate: + ``` + openssl ca -create_serial -config ca.cnf -in server-invalidhost.csr -out server-invalidhost.pem -days 99999 + ``` + This will also generate a `.pem` file which can be removed. +4. Create a bundle with server key and certificate to use for `mongod`: + ``` + cat server-invalidhost.pem server-invalidhost.key > server-invalidhost.bundle.pem + ``` + ## Setup "Non-CA" for testing invalid CA cert 1. Create a new key to use for the Non CA: ``` diff --git a/packages/cli-repl/test/fixtures/certificates/ca.db b/packages/cli-repl/test/fixtures/certificates/ca.db index 28867ad9e7..010c74ae19 100644 --- a/packages/cli-repl/test/fixtures/certificates/ca.db +++ b/packages/cli-repl/test/fixtures/certificates/ca.db @@ -6,3 +6,4 @@ V 22941006122725Z F349920F8B55BB11 unknown /O=MongoDB/OU=DevTools/CN=127.0.0.1 R 22941006125419Z 201222130941Z F349920F8B55BB12 unknown /O=MongoDB/OU=DevTools/CN=localhost V 22941006125605Z F349920F8B55BB13 unknown /O=MongoDB/OU=DevTools/CN=Wonderwoman/emailAddress=tester@example.com V 22941006152405Z F349920F8B55BB14 unknown /O=MongoDB/OU=DevTools Testers/CN=Wonderwoman/emailAddress=tester@example.com +V 22941218081417Z F349920F8B55BB15 unknown /O=MongoDB/OU=DevTools/CN=invalidhost diff --git a/packages/cli-repl/test/fixtures/certificates/ca.serial b/packages/cli-repl/test/fixtures/certificates/ca.serial index f4d1629553..b2d2ed8ba6 100644 --- a/packages/cli-repl/test/fixtures/certificates/ca.serial +++ b/packages/cli-repl/test/fixtures/certificates/ca.serial @@ -1 +1 @@ -F349920F8B55BB15 +F349920F8B55BB16 diff --git a/packages/cli-repl/test/fixtures/certificates/server-invalidhost.bundle.pem b/packages/cli-repl/test/fixtures/certificates/server-invalidhost.bundle.pem new file mode 100644 index 0000000000..74ceab5850 --- /dev/null +++ b/packages/cli-repl/test/fixtures/certificates/server-invalidhost.bundle.pem @@ -0,0 +1,160 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 17530703619976182549 (0xf349920f8b55bb15) + Signature Algorithm: sha256WithRSAEncryption + Issuer: O=MongoDB, OU=DevTools, CN=DevTools CA + Validity + Not Before: Mar 5 08:14:17 2021 GMT + Not After : Dec 18 08:14:17 2294 GMT + Subject: O=MongoDB, OU=DevTools, CN=invalidhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:c0:cd:cf:d8:99:66:12:ca:6b:14:6a:97:81:33: + 71:d6:37:13:70:a9:78:02:69:b0:d0:6c:48:75:8d: + a4:53:7c:d1:f7:82:19:c6:4a:a6:36:cb:e9:ca:d8: + c5:81:61:08:57:e0:0c:72:cd:00:c5:d5:77:8d:8a: + ea:c1:b2:e1:89:09:5e:29:92:38:91:1a:30:b5:9b: + 13:4c:96:d1:c9:a9:ae:71:98:c9:3e:32:f5:e9:d4: + f9:e9:c1:41:32:58:21:6b:32:55:c4:6d:5e:64:0d: + 81:23:0c:b7:9e:a0:8a:73:51:7d:e4:d5:45:9c:f4: + 4a:78:a7:97:0b:ed:12:53:b1:ca:11:ff:85:ff:58: + 11:9e:7e:33:13:c3:33:22:47:06:eb:8f:fa:3c:3a: + 5f:91:8e:6f:97:eb:c5:aa:62:51:66:ca:90:b9:88: + 00:30:ba:86:33:59:e0:ce:5e:35:a4:78:ed:87:75: + 46:db:fb:2d:0a:77:79:eb:5f:57:22:68:82:fa:90: + f0:68:01:b9:b1:26:8b:a6:2c:a1:06:5a:26:c4:3a: + e8:12:cb:dd:8c:a4:07:65:9a:6c:60:9e:e7:02:ec: + 86:4e:a8:74:c8:de:bb:a0:79:b2:68:56:c9:b7:67: + 77:4f:16:ab:b6:8b:4a:35:03:d1:01:66:78:ff:0d: + 98:e4:6d:4a:78:71:b9:ee:c3:b8:67:95:fb:50:f0: + fa:30:13:64:d5:1a:02:fb:be:28:53:08:45:d5:3b: + 9f:28:c0:67:d2:36:2c:25:9a:58:5d:f2:e4:fc:99: + 1a:88:28:0c:8f:9a:66:20:8d:45:d8:31:1c:02:20: + 13:b9:3a:1e:2b:02:57:2d:44:d2:7e:d4:4a:d1:7e: + 10:91:75:eb:63:63:f2:c9:23:dc:f9:12:3a:8a:44: + b5:ec:f9:ab:6b:8b:fe:3f:98:42:cb:23:fa:7f:e0: + 47:52:65:41:4c:b9:67:37:4e:69:a5:99:e7:a9:d8: + 32:b1:4c:15:4b:63:58:1c:1b:ed:d4:95:0b:f4:23: + 6d:d2:d0:23:a7:e0:b3:bd:79:75:9a:93:ec:3c:91: + 15:ed:d8:5b:64:53:22:d9:70:45:a5:e7:d4:b0:3d: + 55:8e:0b:9f:31:29:95:2a:94:e7:7e:7c:5f:77:51: + e5:db:30:d1:e1:07:b6:0e:56:8d:9b:43:bc:43:47: + 27:60:33:e3:c8:0a:79:7f:5b:da:30:42:17:9b:6a: + 64:7a:30:fb:89:ed:91:4b:60:a9:58:3e:6f:af:b1: + d2:44:c0:71:cb:1e:b1:3e:71:c0:8d:4b:55:72:33: + 13:77:64:86:b8:80:e5:7e:a0:f3:d6:c7:25:ba:10: + 03:63:8f + Exponent: 65537 (0x10001) + Signature Algorithm: sha256WithRSAEncryption + 1e:d8:8a:82:4d:05:2a:20:a8:cf:4b:d2:b0:28:5b:7b:de:47: + d8:c8:1c:f5:cb:60:45:ab:81:b8:69:9d:71:75:81:4b:81:5b: + ce:1e:3a:d8:39:6c:70:25:31:0f:11:32:a2:fb:a3:d3:de:22: + 6b:ed:0f:e9:2a:c4:c6:34:c3:44:f6:0c:b7:09:50:29:bb:b2: + 16:ed:9e:69:e6:0f:34:cd:f2:ed:5d:ad:92:30:22:de:d9:23: + 8c:f6:22:1b:d9:d1:cc:f7:e4:75:f3:cc:f0:7a:78:e7:d1:8b: + b1:ef:be:16:d4:77:eb:49:10:ac:96:1e:51:7f:04:19:fb:11: + 3d:2c:62:92:db:9e:87:13:a3:24:d1:82:ac:9e:13:52:b5:31: + a8:91:98:2b:d1:84:12:3c:89:71:6d:a0:93:ea:c2:20:51:89: + c8:56:75:bd:75:6f:ba:0c:67:76:60:54:23:5f:99:f8:9e:15: + d4:cb:b0:25:da:e3:b5:2f:fc:f5:f2:e7:e9:08:f6:28:e6:42: + 0b:0e:40:6b:15:61:fe:ed:dc:4f:c6:cc:67:82:b2:8f:d0:b4: + b4:23:13:0a:d4:8d:d3:54:fa:01:d0:b8:91:08:2c:52:c0:9f: + cb:95:4d:ab:20:e2:7c:d6:09:98:b0:d5:84:20:f1:34:4b:01: + db:8c:63:c5:d4:1d:22:ea:b6:02:a1:68:2a:4d:d1:7c:e1:25: + 5e:10:43:f3:33:7a:d9:08:f5:84:d3:e0:4d:5a:c3:99:62:a7: + 84:50:a3:a1:3f:88:ed:96:5b:34:e9:e2:a1:a5:9f:e3:c2:1e: + 04:19:26:85:63:77:0e:c1:9d:f6:03:e9:05:35:65:5b:1f:86: + 21:b5:ac:bf:a6:6f:d0:28:15:ae:53:a5:b2:ad:c9:52:52:89: + 49:11:fa:ca:d3:24:a4:d8:a0:0f:ff:7e:a8:a6:3f:7d:79:7f: + 95:2d:24:75:ce:67:9b:75:46:b6:de:62:a3:a6:d9:e5:18:c8: + 44:20:a8:00:25:f1:2d:8a:d2:41:25:39:5f:b1:0d:72:ab:f0: + 61:fa:ac:85:f3:c0:c3:78:e5:d3:ed:d2:d7:78:01:f0:54:20: + 54:63:7b:72:ce:93:43:2f:e2:39:ee:d2:84:f7:af:6b:0b:6a: + 7c:97:53:58:b5:0f:51:d4:83:30:c6:b2:9c:ab:85:53:cb:69: + 9e:7c:17:a1:14:b2:4f:8b:ca:62:d9:5d:51:ab:ee:11:02:5d: + db:26:7b:16:52:58:db:22:15:10:00:e7:61:ea:7e:19:f9:29: + 5d:05:0a:16:62:26:c1:9e:6d:1e:c5:be:d3:9d:de:08:76:da: + b1:a8:a0:63:34:50:82:5e +-----BEGIN CERTIFICATE----- +MIIE9DCCAtwCCQDzSZIPi1W7FTANBgkqhkiG9w0BAQsFADA7MRAwDgYDVQQKDAdN +b25nb0RCMREwDwYDVQQLDAhEZXZUb29sczEUMBIGA1UEAwwLRGV2VG9vbHMgQ0Ew +IBcNMjEwMzA1MDgxNDE3WhgPMjI5NDEyMTgwODE0MTdaMDsxEDAOBgNVBAoMB01v +bmdvREIxETAPBgNVBAsMCERldlRvb2xzMRQwEgYDVQQDDAtpbnZhbGlkaG9zdDCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMDNz9iZZhLKaxRql4EzcdY3 +E3CpeAJpsNBsSHWNpFN80feCGcZKpjbL6crYxYFhCFfgDHLNAMXVd42K6sGy4YkJ +XimSOJEaMLWbE0yW0cmprnGYyT4y9enU+enBQTJYIWsyVcRtXmQNgSMMt56ginNR +feTVRZz0SninlwvtElOxyhH/hf9YEZ5+MxPDMyJHBuuP+jw6X5GOb5frxapiUWbK +kLmIADC6hjNZ4M5eNaR47Yd1Rtv7LQp3eetfVyJogvqQ8GgBubEmi6YsoQZaJsQ6 +6BLL3YykB2WabGCe5wLshk6odMjeu6B5smhWybdnd08Wq7aLSjUD0QFmeP8NmORt +Snhxue7DuGeV+1Dw+jATZNUaAvu+KFMIRdU7nyjAZ9I2LCWaWF3y5PyZGogoDI+a +ZiCNRdgxHAIgE7k6HisCVy1E0n7UStF+EJF162Nj8skj3PkSOopEtez5q2uL/j+Y +Qssj+n/gR1JlQUy5ZzdOaaWZ56nYMrFMFUtjWBwb7dSVC/QjbdLQI6fgs715dZqT +7DyRFe3YW2RTItlwRaXn1LA9VY4LnzEplSqU5358X3dR5dsw0eEHtg5WjZtDvENH +J2Az48gKeX9b2jBCF5tqZHow+4ntkUtgqVg+b6+x0kTAccsesT5xwI1LVXIzE3dk +hriA5X6g89bHJboQA2OPAgMBAAEwDQYJKoZIhvcNAQELBQADggIBAB7YioJNBSog +qM9L0rAoW3veR9jIHPXLYEWrgbhpnXF1gUuBW84eOtg5bHAlMQ8RMqL7o9PeImvt +D+kqxMY0w0T2DLcJUCm7shbtnmnmDzTN8u1drZIwIt7ZI4z2IhvZ0cz35HXzzPB6 +eOfRi7HvvhbUd+tJEKyWHlF/BBn7ET0sYpLbnocToyTRgqyeE1K1MaiRmCvRhBI8 +iXFtoJPqwiBRichWdb11b7oMZ3ZgVCNfmfieFdTLsCXa47Uv/PXy5+kI9ijmQgsO +QGsVYf7t3E/GzGeCso/QtLQjEwrUjdNU+gHQuJEILFLAn8uVTasg4nzWCZiw1YQg +8TRLAduMY8XUHSLqtgKhaCpN0XzhJV4QQ/MzetkI9YTT4E1aw5lip4RQo6E/iO2W +WzTp4qGln+PCHgQZJoVjdw7BnfYD6QU1ZVsfhiG1rL+mb9AoFa5TpbKtyVJSiUkR ++srTJKTYoA//fqimP315f5UtJHXOZ5t1RrbeYqOm2eUYyEQgqAAl8S2K0kElOV+x +DXKr8GH6rIXzwMN45dPt0td4AfBUIFRje3LOk0Mv4jnu0oT3r2sLanyXU1i1D1HU +gzDGspyrhVPLaZ58F6EUsk+LymLZXVGr7hECXdsmexZSWNsiFRAA52Hqfhn5KV0F +ChZiJsGebR7FvtOd3gh22rGooGM0UIJe +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAwM3P2JlmEsprFGqXgTNx1jcTcKl4Ammw0GxIdY2kU3zR94IZ +xkqmNsvpytjFgWEIV+AMcs0AxdV3jYrqwbLhiQleKZI4kRowtZsTTJbRyamucZjJ +PjL16dT56cFBMlghazJVxG1eZA2BIwy3nqCKc1F95NVFnPRKeKeXC+0SU7HKEf+F +/1gRnn4zE8MzIkcG64/6PDpfkY5vl+vFqmJRZsqQuYgAMLqGM1ngzl41pHjth3VG +2/stCnd5619XImiC+pDwaAG5sSaLpiyhBlomxDroEsvdjKQHZZpsYJ7nAuyGTqh0 +yN67oHmyaFbJt2d3TxartotKNQPRAWZ4/w2Y5G1KeHG57sO4Z5X7UPD6MBNk1RoC ++74oUwhF1TufKMBn0jYsJZpYXfLk/JkaiCgMj5pmII1F2DEcAiATuToeKwJXLUTS +ftRK0X4QkXXrY2PyySPc+RI6ikS17Pmra4v+P5hCyyP6f+BHUmVBTLlnN05ppZnn +qdgysUwVS2NYHBvt1JUL9CNt0tAjp+CzvXl1mpPsPJEV7dhbZFMi2XBFpefUsD1V +jgufMSmVKpTnfnxfd1Hl2zDR4Qe2DlaNm0O8Q0cnYDPjyAp5f1vaMEIXm2pkejD7 +ie2RS2CpWD5vr7HSRMBxyx6xPnHAjUtVcjMTd2SGuIDlfqDz1scluhADY48CAwEA +AQKCAgBIMombRU4IyU2xtnyHQBlnqvYXoQ40cRlp4rJ7eo/HR51kfo5iR3/YUyF3 ++RZ0bT5vkZF3x7Z7XoVHNnbUE8UKyLw++uc9xr3os2pVqsBiMK0HEryBExos9rii +xOBCFuhkuNOPG5lWBAyQcGmt99YAesqWzxojPQNKDQ+twpezSYcumC24QWVPoVhF +FTpnoos/2IlO1lkFK340OHCrbeeng0EQiJHxrVclkYlyHaserL3dlJf1NihWnAjG +j8wUMWiipXWwrLy5ToLKtjmSJF4R6zEOINMUoDO440ukHrzIxoNAnyokMeu2mvuo +wJ8Gk7MEpaulTqF6GrTAPnwenhva/3GO3XKfLrbM4SSeN/SXfMRgwI1PVDZuWT+e +Kn15+0c0oP39rWVLo2p60OClNF5Mi1g/NgsWWJJwvCaUinBOwOEBR0N0JTQR/0Vi +anF7i9nq9OGnHQCa8Tt81T851uY2MhF9easnuxxFsJ9eqqhBf3/5GlkVZjgMfNLL +m/tM9o0NFZCDQHppFJ4+BJpEeWqZsBsdKMAHSswXz2zoYZiyQxwWSHUiigTj5VOG +z266UC1M7S09EzijFC9+F8dTbk4HQmHdMyBvNp3PfbfljON0L0MCV20wcb2N9dDJ +HACVvc37rtHDy5fydVkCtmUSNkewRoJYzAKtLWL3yxbCjJSIYQKCAQEA5JVYop+f +SksyM7HrFI5SGVchQpruou71/dJE+HNyqSdo51kUUrxr/9S4sEl8pF/Tk3nj4q4k +OynBLnMYQ1Oc52mMHjM+q3M7ryuJ2cb24JI7H0FUzRmUUDkmai2HhVzonHJfE4i/ +RCk+D/xFvfjLs1AM7dWmTHlKHC9nlwU/qLpdz/hrcaNooeyme5JwNaRlE7RXI1o+ +I/oeD8lODVk7F4HLkgoGLAposmmqbPd2E4hU8cHqwPKm6d3AGTPugH2V2jCg3pCR +HlrVYGP3Qc4NKJ+TMiDeuRpJhlQYH+DUSgOZZma2Cb1J4SwSbJE5Ub7JqbU2jgzQ +bl7VmUNk1BfrEQKCAQEA1+3bq5QPg+EQtRDq+MFeoquJVW3U3VNvt3K5hJcurom8 +SeJHtRaZPiiphOi5QvvOa+mc5ObVGvBPaqk/mJNGxcHjc2lLZdqWXjBBNEQoHDcK +D7Nk8aCZ+LfWlgrJ1L8EN48KxzgKgQQwwpS4mXLnfkB9PoxAyT6jNh9nnPnWzt+D +zYUFOeJEDZI+S79JUzlLK5GQFE/q98jSZQ6V6BTB5eyA9X13a9bGFbmDkUpXWIo4 +ua7Purid6Ah/ERhsahpJUgnvcY57n7K9A6gtKeC1K2GOgBhfYQHqoOD7Q1pro1py +WHP5r1eYwPzgxYDsDw2dAYb19C/oKjbmY/c90noknwKCAQEA4ReQKNQ279oMnYte +iud7QSjjv8sBo8DczA37jQ1io+ADFY5KzQ5u64Z2OGKlMtiKaHdnSRli5D/B1BPS +mLoFkHwHVtXvqLXY2C5vmNysz4gwYB7devrtafJdOcGL6nALP8QAjCPk9SIH04YA +x4nwTatOkAYLtNLbf9XOlJC+l1CugNWIOGdJ6eo4JweVJ72zKywzgsSi3Jq4b6M0 +EUEFR6iw5iao3UWCw+35vUQSKjneLBNhMI/Cfhm3yRmyiyUgI7QvNfv2a4XXCQxn +t41It/Ar6vkjWfPg4z58Yyfq5NeWf5g1OnIEBpB3tCFt6GmP/GZOSqOjvIv2mu4a +pCDJgQKCAQA5B3RWK6OxZBcCi3ZTvtacxgteicSHtAq0e9NtpnRI2s3lAaOIu3A7 +z4d+N+z+OP062Rd8CU9Nbxy6gfru9C7j+iJ1j+C/BO1j8QC3qiyhzxOUNAA8JPul +igBd3nmR++VEOz5QgYecrZunOJpMxOFJIgUyKN7PiACZQdAe0ImgV7464KARuqXY +o8BaRyo5lc85sZdJFhZr3RlcYW7MPfc8H6urqriIvc/RWw7Zp7XMB62VtQreOPZT +mzLcNAQmPc0RotgfuM8DzbRIK/nJrrSKwZheUpGWUGhEl0clcdMt8Kx0miTe35bT +mbZP044FJ8ZI6fk5xhFeXOOakWk9ls7nAoIBAQDe4EpU7o87AQ5QKhAjx7YTzkRy +pOT0wZOHwOJefeTg280QJ5ks+p+ehxFjslphKqNFoa5RIclcfwN5nyBDddHp2Cmr +HScxMHECVSfuZ/0OOnQ4DVdDS+aMHGJUp0dZl1OYXmNwjq6sMNV8s87TIwUB4cbp +eubm4RQcg+sQRxCwyH5FavJZaxD7rYjkIhLD9IwtBzotSr9PThVQwSlWC2ydjCHv +mKiCiGDZM1a9xZtTghN6dEzJ/ZsjSbpLV2mx0XW1+cGbbQhh2G7n4xhhrAxk3Juu +wfjhXoNX5S2Rz4ISZGQZQiAnrwS0e7vgap8bQRL6GbTfQo/hpxMXXpuQIUlT +-----END RSA PRIVATE KEY----- diff --git a/packages/cli-repl/test/fixtures/certificates/server-invalidhost.key b/packages/cli-repl/test/fixtures/certificates/server-invalidhost.key new file mode 100644 index 0000000000..92ba101d9d --- /dev/null +++ b/packages/cli-repl/test/fixtures/certificates/server-invalidhost.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAwM3P2JlmEsprFGqXgTNx1jcTcKl4Ammw0GxIdY2kU3zR94IZ +xkqmNsvpytjFgWEIV+AMcs0AxdV3jYrqwbLhiQleKZI4kRowtZsTTJbRyamucZjJ +PjL16dT56cFBMlghazJVxG1eZA2BIwy3nqCKc1F95NVFnPRKeKeXC+0SU7HKEf+F +/1gRnn4zE8MzIkcG64/6PDpfkY5vl+vFqmJRZsqQuYgAMLqGM1ngzl41pHjth3VG +2/stCnd5619XImiC+pDwaAG5sSaLpiyhBlomxDroEsvdjKQHZZpsYJ7nAuyGTqh0 +yN67oHmyaFbJt2d3TxartotKNQPRAWZ4/w2Y5G1KeHG57sO4Z5X7UPD6MBNk1RoC ++74oUwhF1TufKMBn0jYsJZpYXfLk/JkaiCgMj5pmII1F2DEcAiATuToeKwJXLUTS +ftRK0X4QkXXrY2PyySPc+RI6ikS17Pmra4v+P5hCyyP6f+BHUmVBTLlnN05ppZnn +qdgysUwVS2NYHBvt1JUL9CNt0tAjp+CzvXl1mpPsPJEV7dhbZFMi2XBFpefUsD1V +jgufMSmVKpTnfnxfd1Hl2zDR4Qe2DlaNm0O8Q0cnYDPjyAp5f1vaMEIXm2pkejD7 +ie2RS2CpWD5vr7HSRMBxyx6xPnHAjUtVcjMTd2SGuIDlfqDz1scluhADY48CAwEA +AQKCAgBIMombRU4IyU2xtnyHQBlnqvYXoQ40cRlp4rJ7eo/HR51kfo5iR3/YUyF3 ++RZ0bT5vkZF3x7Z7XoVHNnbUE8UKyLw++uc9xr3os2pVqsBiMK0HEryBExos9rii +xOBCFuhkuNOPG5lWBAyQcGmt99YAesqWzxojPQNKDQ+twpezSYcumC24QWVPoVhF +FTpnoos/2IlO1lkFK340OHCrbeeng0EQiJHxrVclkYlyHaserL3dlJf1NihWnAjG +j8wUMWiipXWwrLy5ToLKtjmSJF4R6zEOINMUoDO440ukHrzIxoNAnyokMeu2mvuo +wJ8Gk7MEpaulTqF6GrTAPnwenhva/3GO3XKfLrbM4SSeN/SXfMRgwI1PVDZuWT+e +Kn15+0c0oP39rWVLo2p60OClNF5Mi1g/NgsWWJJwvCaUinBOwOEBR0N0JTQR/0Vi +anF7i9nq9OGnHQCa8Tt81T851uY2MhF9easnuxxFsJ9eqqhBf3/5GlkVZjgMfNLL +m/tM9o0NFZCDQHppFJ4+BJpEeWqZsBsdKMAHSswXz2zoYZiyQxwWSHUiigTj5VOG +z266UC1M7S09EzijFC9+F8dTbk4HQmHdMyBvNp3PfbfljON0L0MCV20wcb2N9dDJ +HACVvc37rtHDy5fydVkCtmUSNkewRoJYzAKtLWL3yxbCjJSIYQKCAQEA5JVYop+f +SksyM7HrFI5SGVchQpruou71/dJE+HNyqSdo51kUUrxr/9S4sEl8pF/Tk3nj4q4k +OynBLnMYQ1Oc52mMHjM+q3M7ryuJ2cb24JI7H0FUzRmUUDkmai2HhVzonHJfE4i/ +RCk+D/xFvfjLs1AM7dWmTHlKHC9nlwU/qLpdz/hrcaNooeyme5JwNaRlE7RXI1o+ +I/oeD8lODVk7F4HLkgoGLAposmmqbPd2E4hU8cHqwPKm6d3AGTPugH2V2jCg3pCR +HlrVYGP3Qc4NKJ+TMiDeuRpJhlQYH+DUSgOZZma2Cb1J4SwSbJE5Ub7JqbU2jgzQ +bl7VmUNk1BfrEQKCAQEA1+3bq5QPg+EQtRDq+MFeoquJVW3U3VNvt3K5hJcurom8 +SeJHtRaZPiiphOi5QvvOa+mc5ObVGvBPaqk/mJNGxcHjc2lLZdqWXjBBNEQoHDcK +D7Nk8aCZ+LfWlgrJ1L8EN48KxzgKgQQwwpS4mXLnfkB9PoxAyT6jNh9nnPnWzt+D +zYUFOeJEDZI+S79JUzlLK5GQFE/q98jSZQ6V6BTB5eyA9X13a9bGFbmDkUpXWIo4 +ua7Purid6Ah/ERhsahpJUgnvcY57n7K9A6gtKeC1K2GOgBhfYQHqoOD7Q1pro1py +WHP5r1eYwPzgxYDsDw2dAYb19C/oKjbmY/c90noknwKCAQEA4ReQKNQ279oMnYte +iud7QSjjv8sBo8DczA37jQ1io+ADFY5KzQ5u64Z2OGKlMtiKaHdnSRli5D/B1BPS +mLoFkHwHVtXvqLXY2C5vmNysz4gwYB7devrtafJdOcGL6nALP8QAjCPk9SIH04YA +x4nwTatOkAYLtNLbf9XOlJC+l1CugNWIOGdJ6eo4JweVJ72zKywzgsSi3Jq4b6M0 +EUEFR6iw5iao3UWCw+35vUQSKjneLBNhMI/Cfhm3yRmyiyUgI7QvNfv2a4XXCQxn +t41It/Ar6vkjWfPg4z58Yyfq5NeWf5g1OnIEBpB3tCFt6GmP/GZOSqOjvIv2mu4a +pCDJgQKCAQA5B3RWK6OxZBcCi3ZTvtacxgteicSHtAq0e9NtpnRI2s3lAaOIu3A7 +z4d+N+z+OP062Rd8CU9Nbxy6gfru9C7j+iJ1j+C/BO1j8QC3qiyhzxOUNAA8JPul +igBd3nmR++VEOz5QgYecrZunOJpMxOFJIgUyKN7PiACZQdAe0ImgV7464KARuqXY +o8BaRyo5lc85sZdJFhZr3RlcYW7MPfc8H6urqriIvc/RWw7Zp7XMB62VtQreOPZT +mzLcNAQmPc0RotgfuM8DzbRIK/nJrrSKwZheUpGWUGhEl0clcdMt8Kx0miTe35bT +mbZP044FJ8ZI6fk5xhFeXOOakWk9ls7nAoIBAQDe4EpU7o87AQ5QKhAjx7YTzkRy +pOT0wZOHwOJefeTg280QJ5ks+p+ehxFjslphKqNFoa5RIclcfwN5nyBDddHp2Cmr +HScxMHECVSfuZ/0OOnQ4DVdDS+aMHGJUp0dZl1OYXmNwjq6sMNV8s87TIwUB4cbp +eubm4RQcg+sQRxCwyH5FavJZaxD7rYjkIhLD9IwtBzotSr9PThVQwSlWC2ydjCHv +mKiCiGDZM1a9xZtTghN6dEzJ/ZsjSbpLV2mx0XW1+cGbbQhh2G7n4xhhrAxk3Juu +wfjhXoNX5S2Rz4ISZGQZQiAnrwS0e7vgap8bQRL6GbTfQo/hpxMXXpuQIUlT +-----END RSA PRIVATE KEY-----