Browse files

Enabling client authentication with SSL

  • Loading branch information...
1 parent 9e9443a commit 9c018440e917fa1659a6833c6d7eede14f3e14ac @imaxxs imaxxs committed Sep 13, 2011
View
50 features/ssl.feature
@@ -3,28 +3,40 @@ Feature: RightHTTPConnection can connect to a secure web server
RightHTTPConnection users should be able to connect to a web server that uses HTTPS
And download data
- Scenario: normal operation
+ Scenario: normal ssl operation
+ Given a test certificate authority file
+ Given a test server certificate file
+ Given a test server key file
+ Given a test client certificate file
+ Given a test client key file
Given an HTTPS URL
When I request that URL using RightHTTPConnection
Then I should get the contents of the URL
- Scenario: normal operation with a CA certification file
- Given an HTTPS URL
- And a CA certification file containing that server
- When I request that URL using RightHTTPConnection
- Then I should get the contents of the URL
- And there should not be a warning about certificate verification failing
+# Scenario: normal operation
+# Given a CA certification file containing that server
+# Given an HTTPS URL
+# When I request that URL using RightHTTPConnection
+# Then I should get the contents of the URL
- Scenario: man in the middle
- Given an HTTPS URL
- And a CA certification file not containing that server
- When I request that URL using RightHTTPConnection
- Then I should get the contents of the URL
- And there should be a warning about certificate verification failing
+#
+# Scenario: normal operation with a CA certification file
+# Given an HTTPS URL
+# And a CA certification file containing that server
+# When I request that URL using RightHTTPConnection
+# Then I should get the contents of the URL
+# And there should not be a warning about certificate verification failing
- Scenario: strict man in the middle
- Given an HTTPS URL
- And a CA certification file not containing that server
- And the strict failure option turned on
- When I request that URL using RightHTTPConnection
- Then I should get an exception
+# Scenario: man in the middle
+# Given an HTTPS URL
+# And a CA certification file not containing that server
+# When I request that URL using RightHTTPConnection
+# Then I should get the contents of the URL
+# And there should be a warning about certificate verification failing
+#
+# Scenario: strict man in the middle
+# Given an HTTPS URL
+# And a CA certification file not containing that server
+# And the strict failure option turned on
+# When I request that URL using RightHTTPConnection
+# Then I should get an exception
View
7 features/step_definitions/right_http_connection.rb
@@ -38,6 +38,8 @@ class RightHttpConnectionFailure < Exception
hash = {:logger => @logger, :exception => RightHttpConnectionFailure}
hash[:user_agent] = @user_agent if @user_agent
hash[:ca_file] = @ca_file if @ca_file
+ hash[:cert_file] = @client_cert_file if @client_cert_file
+ hash[:key_file] = @client_key_file if @client_key_file
hash[:proxy_host] = @proxy_host if @proxy_host
hash[:proxy_port] = @proxy_port if @proxy_port
hash[:proxy_username] = @proxy_username if @proxy_username
@@ -47,9 +49,14 @@ class RightHttpConnectionFailure < Exception
@request = Net::HTTP::Get.new(@uri.request_uri)
@request["Host"] = "#{@uri.host}:#{@uri.port}"
begin
+ puts @uri.host
+ puts @uri.port
+ puts @uri.scheme
@result = @connection.request(:server => @uri.host, :port => @uri.port,
:protocol => @uri.scheme, :request => @request)
+ puts @result.inspect
rescue RightHttpConnectionFailure => e
+ puts e.message
@result = nil
@exception = e
end
View
24 features/step_definitions/ssl.rb
@@ -35,14 +35,34 @@
@ca_file = File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "spec", "bad.ca"))
end
+Given /^a test certificate authority file$/ do
+ @ca_file = File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "spec/testca/", "cacert.pem"))
+end
+
+Given /^a test server certificate file$/ do
+ @server_cert_file = File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "spec/server/", "cert.pem"))
+end
+
+Given /^a test server key file$/ do
+ @server_key_file = File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "spec/server/", "key.pem"))
+end
+
+Given /^a test client certificate file$/ do
+ @client_cert_file = File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "spec/client/", "cert.pem"))
+end
+
+Given /^a test client key file$/ do
+ @client_key_file = File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "spec/client/", "key.pem"))
+end
+
Given /^the strict failure option turned on$/ do
@fail_if_ca_mismatch = true
end
Then /^there should be a warning about certificate verification failing$/ do
- @output.string.should =~ /.*WARN -- : ##### 127\.0\.0\.1 certificate verify failed:.*/
+ @output.string.should =~ /.*ERROR -- : ##### 127\.0\.0\.1 certificate verify failed:.*/
end
Then /^there should not be a warning about certificate verification failing$/ do
- @output.string.should_not =~ /.*WARN -- : ##### 127\.0\.0\.1 certificate verify failed:.*/
+ @output.string.should_not =~ /.*ERROR -- : ##### 127\.0\.0\.1 certificate verify failed:.*/
end
View
6 features/step_definitions/web_server.rb
@@ -45,9 +45,11 @@
File.expand_path(File.join(File.dirname(__FILE__), "..", "..",
"spec/really_dumb_webserver.rb")),
File.expand_path(File.join(File.dirname(__FILE__), "..", "..",
- "spec/server.crt")),
+ "spec/server/cert.pem")),
File.expand_path(File.join(File.dirname(__FILE__), "..", "..",
- "spec/server.key")))
+ "spec/server/key.pem")),
+ File.expand_path(File.join(File.dirname(__FILE__), "..", "..",
+ "spec/testca/cacert.cer")))
end
Given "a server listening on port 7890"
end
View
7 lib/right_http_connection.rb
@@ -317,15 +317,20 @@ def start(request_params)
}
@http.use_ssl = true
ca_file = get_param(:ca_file)
+ cert_file = get_param(:cert_file)
+ key_file = get_param(:key_file)
if ca_file
@http.verify_mode = OpenSSL::SSL::VERIFY_PEER
@http.verify_callback = verifyCallbackProc
- @http.ca_file = ca_file
+ @http.ca_file = ca_file #OpenSSL::X509::Certificate.new(File.read(ca_file))
+ @http.cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
+ @http.key = OpenSSL::PKey::RSA.new(File.read(key_file))
else
@http.verify_mode = OpenSSL::SSL::VERIFY_NONE
end
end
# open connection
+ puts @http.cert
@http.start
end
View
18 spec/client/cert.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC9TCCAd2gAwIBAgIBAjANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhNeVRl
+c3RDQTAeFw0xMTA5MTMyMzAxMDVaFw0xMjA5MTIyMzAxMDVaMDgxJTAjBgNVBAMM
+HE1haGVuZHJhLUt1dGFyZXMtTWFjQm9vay1Qcm8xDzANBgNVBAoMBmNsaWVudDCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcEhrVTKKgWVqTUBCGBWJlD
+u7RIk7kPcGAARy7Ctx+4VReEYlgVRqECzt4itglNdrQkUVCHXE0rwJMOozE8Hsgh
+rAOQvxzPJhG3hPUJf/VkfB+Dn0xRsPvrE90HpRlSqdT8X6iuryPEmp5RyMaY122P
+r/+Xs+lHhRlKQPdRpYXHlOwWX/U56Wy7jjGU9lONBEIEV8tD5ExzkCG23nbCvrFr
+/2c4VjrAwXR2RyYfSDRyc/obky49ydKZ8/HKbS3VdJYAWBI4Wnj2hayCcZggEFB0
+zg/IDXpOjnr6zV5UEfdaMIH4/K44ISX7xmZWGmQ3464NTmykj5xUMmfy3rVNREsC
+AwEAAaMvMC0wCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYB
+BQUHAwIwDQYJKoZIhvcNAQEFBQADggEBACmNyOoCvNsz8N3LN47VZK7aev54tjtd
+zJilLgAxEGBeaIvHX9LDkgi3sQAvHMHc3VIq4BoEd9TNtyxIrUdc2EG1TCJvHINP
+7YoHtbajvT3bhVLlnWjB7jHp9jNfZtHL7aEDp+5eqPT6wzaVeiu1nABs7gudCQq1
+CJw0Mfz1U3mG0sTb5JlRt7toce9dW0R6jfYTmTj6Yzu3kcgYjQKy2k2BCInLOIhz
+6tyOH51mCGAy1zgcWMvuyKYCeJQxRd46GrR2peyE2wYY6SfSlrK16pjaz48S3uhI
+01jd+HA1LARcImMhkMa/QFTo4uI7lx9Q+Y06Ny+rMuTNSnBSIgCUPQk=
+-----END CERTIFICATE-----
View
27 spec/client/key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAxwSGtVMoqBZWpNQEIYFYmUO7tEiTuQ9wYABHLsK3H7hVF4Ri
+WBVGoQLO3iK2CU12tCRRUIdcTSvAkw6jMTweyCGsA5C/HM8mEbeE9Ql/9WR8H4Of
+TFGw++sT3QelGVKp1PxfqK6vI8SanlHIxpjXbY+v/5ez6UeFGUpA91GlhceU7BZf
+9TnpbLuOMZT2U40EQgRXy0PkTHOQIbbedsK+sWv/ZzhWOsDBdHZHJh9INHJz+huT
+Lj3J0pnz8cptLdV0lgBYEjhaePaFrIJxmCAQUHTOD8gNek6OevrNXlQR91owgfj8
+rjghJfvGZlYaZDfjrg1ObKSPnFQyZ/LetU1ESwIDAQABAoIBAB23pU3KHxYKT+HI
+7tz57XrlTE/9TmGh1ovfPsHSvXl1Eu+yCuVQN/2u56jv0fLNqF351lKKA9RaJiVP
+WDrv2UDVFlRp9r+chvi6SJY2Vu8TlB04kD7bK+xSC+NDUvnXCBkPnlEX1HsozlW5
+rJtLE0/+1q75vhmlXlCKb+z+OhMhmFnaWTf/xLNbkItO5tOf+mv/CoqBUSEk+i9t
+O6Zjzh02jbpW7xH3jJ/UexKMYOuqxoOMfC/MI6q3Qcu2OeZgl8cEIi94sjafq9ob
+WcFTrZY+YG5b1SE8ILg69Fkqve5d2Mn1sN8mYZxLeM0C/ATNghM5uSWhdze06bNu
+fpcgvOECgYEA/L+J/xVgUySUByELEBosY8q0HYG5Msq+GT7L5GMIoEmEp4j6MPRu
+kF/DihxefcvDyVRLhJh7o/kwR7Vwe4wP9145e3MOe9b7IH6pEwV0nAsBO6ldVToX
+gvrHOIoySNt/XtRurrbtZ08OtUDCLIRQATTnY9ieh8sxTyl1G9GehoMCgYEAyZQE
+r4ByBzXjTiuaODH6tPndbKFxRo2iis9CyxqYXAMDkjvF4NEpQyW5ucRxpRqTt51P
+kR13jdadnOF4t82M0qqEH3G6H4biKisY1jXRNH7mPSbyPbC4vxrQhnAEF3RiqbXz
+f2LUC4uOtLzW7HeyjEiZy2mg7UKdOfsmmJ//oJkCgYEAxZF/8GqoQjW8lJoKyMp8
+2oDQLKSDvSVoVdmVjfCwBIOTc1aKpAveBXMmKealIlZOtCj1Yy/CrlmSmOtGgvzo
+WihIbKxyrPFOmocH6PuBvJyJmTZ5464mRNd9NUApsHQL63fJET+i8feFer+lSSEg
+XOEa4xyoR2PZJpU0mstPzLsCgYBvcS3F+TURV3F7Xg+80aTROPJ5hCej4dni9ALx
+Vpq1A9WNmw4i5H/zZ3/ue/R4WuEfuhCrIade+y/X869RrooUTcENwUos891Fgt4Q
+T2CBrUaMuGNkR7dbr+9o47TfYrDJMpaT7odceqNCuMP5p5NGizy7gII/qXxS+c60
+woAIwQKBgQCiIfXZtAgYTPL23CQrxIMFwnlO0TiOe0ha0et7hjCh/CStG7NET7KK
+U1L1kfyl1YDgoJbLXTsG2WwGZRnK1oyEEFj2iY5EvwoMPr0Sv8/CiOIyEfC62s3V
+MoHemunnFhAj+JAy2HTKV0VYiNNNAxz3CBG8yMLK7YAMgPw1/HQQLQ==
+-----END RSA PRIVATE KEY-----
View
BIN spec/client/keycert.p12
Binary file not shown.
View
16 spec/client/req.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICfTCCAWUCAQAwODElMCMGA1UEAwwcTWFoZW5kcmEtS3V0YXJlcy1NYWNCb29r
+LVBybzEPMA0GA1UECgwGY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAxwSGtVMoqBZWpNQEIYFYmUO7tEiTuQ9wYABHLsK3H7hVF4RiWBVGoQLO
+3iK2CU12tCRRUIdcTSvAkw6jMTweyCGsA5C/HM8mEbeE9Ql/9WR8H4OfTFGw++sT
+3QelGVKp1PxfqK6vI8SanlHIxpjXbY+v/5ez6UeFGUpA91GlhceU7BZf9TnpbLuO
+MZT2U40EQgRXy0PkTHOQIbbedsK+sWv/ZzhWOsDBdHZHJh9INHJz+huTLj3J0pnz
+8cptLdV0lgBYEjhaePaFrIJxmCAQUHTOD8gNek6OevrNXlQR91owgfj8rjghJfvG
+ZlYaZDfjrg1ObKSPnFQyZ/LetU1ESwIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEB
+AAKPPsVuR/QhWKiJmMKKSgLakUbC0DKh9jbJ/FKxCrL040ZbBUwIBOAMKnv81CIF
+sRm2RhvyfgQE8/g0Ypi4X6Crp0tEb+TDpeMzc311beZcFQ5433iPLGQR+s0ecjG5
+VuhyKtGAXGDwAlfPFJp1/OHSMtJNocR66Tt6bXBIcGjomk5icgNf2ck950O+jvtP
+XHwvOtsZXDfAtJ7SlP5co5msVbKYqahYAPcRDmOlnIN59LvM6LS90EvtsDT7ek0q
+MaLX5zOkIw73UT0b9wn0CeNR4ADTyZFT+cQvRYLFfHG3hlZJW9Jwe0rVlmYZq7QC
+EDAH+FxwS71Yyaye8SNHibI=
+-----END CERTIFICATE REQUEST-----
View
27 spec/key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA62T4o9r3/BbUP4HCxybwr3QRfuGlp8T/mMst5RjSzDpEhwBi
+7FLrQJYlw56rbpz2VfnAeIsCOZs1S90EuuTmNByUHSQrn3bcwKCEt659Q6pL8oF1
+PNs8cTtiWc6JoGOD7+ey+ZHBgX/kL/TqNyZ9VxgwmjHMJBAw9JRjOu+EdY9lma9T
+QwLaMcE2TudTdnDNVDjFmZc6A8kAd3XjgKooByVlxOH67ftwFtvYRMI1dX/wpleF
+UScsTsWS0C2bUVS0UAVkQFVJRE+Lu0sVv2bXF2/SZ42lIHaUr2/c9hYrmmfKuOYA
+duGgPntnt51dZfB5XpL1EYLWifbjAOYPuKgOZQIDAQABAoIBADXDAeaqhCjXLfKz
+OEEz65Sm9bf84VDH9Xh4Lys72Ck8xZnvxKgk6AYARO/AtXa18q0ANa1SUlfF0w5Y
+lFP7I3iTbmCZej0ZcKGuB6HMAGAL7PyeBKC5kbxqy7OnMFepYuDQElhdqcxh4UPy
+s+uUptvVcoRFC1LRP90cZu129tHCVlgBIXNL+eemLXaO/UsdjLJYlyIe/ARPm5VC
+q2DReYWxz/lgM+oVPCS/037fdQlppDD+8lB1NheifdiDDHrVqcw2lKkEBQnOpzQO
+RDvJDQnnMdPLs2oVWkWcXzPjtPQcY2WeizX3P6phlFTFA7IVQ88ecjrAajFFSRD9
+4NBZIqECgYEA9krtg9wq/XvRqcReMbF9HSu+3G9qZAlofNns+pO1jAG9NpbPwnd5
+XNnsscTlwjSPTrz8fdKfEqOyFIQCDfPaDMsaLfS677dMT93jtOm+hgidu4DJ+RKr
+HoICqH5lOuQY2Du5k+frR1WJVwSWPW6qgx7ZbUBcez+qQItBjX6/uJcCgYEA9KwU
+s4zstRsvW+MfTNVSgt7pH9k08L1KfLDbZ5DtC0Y0gRVwihvF+IXuU0N4gDy4kznk
+WF4/vpi7SL9clkuEs0EMCQNY+wqxHxXRr79mw2SsrCBo+HC0z5xHONdrSCWGO6f3
+dV/9OqTJCijyut4UvapF4+E//sR+Qx8v5xjDNGMCgYEAm6P3+pb8l9lSQm00dUTL
+Ys7NOzIxUmxbmmKBDkyfso06zC97tVGY4SNaH3DlHNfoJALrsHuUSMwnci2Futl5
+1xHWRmpcY7Y6xFHdXutDmiIBw4b8m6i/eHUCRwYw5IlWZfdALAaoORkFxHbClqnD
+mT66ef7tMnmmFkmqMEeD0psCgYACB+ukEedlGXSrLpdz69FjhLYqrYLi/K9BmbY4
+hdtx3INTDvqAKvrZtULlLgoyBk8B6dkbYqzkyB/F2tDJ7paLZl7TNFPowY321BeJ
+fe08cfl89EfqyAS4NHPi5ObfEnCqzhofv0w60GNa0jwxkOZbLK6n1ZbSZo8lv3yG
+To5QQQKBgQDJbdy89itLWkZvJVxB/rTG4gGkQL/4R65jiN2+UovHOaPHdSAJwX8+
+cETz3RZakHfII5YqmC8grIirudaG90DO2OJylPeV+qixwIMUbZZ7R+s7+/FHwGdo
+3YwOeD10+lrOQsOIDkuto+UsdhajugKHVXLBaPQ8afxqcu0QRD2q9w==
+-----END RSA PRIVATE KEY-----
View
8 spec/really_dumb_webserver.rb
@@ -23,7 +23,7 @@
require 'webrick'
-ssl_cert, ssl_key = ARGV[0], ARGV[1]
+ssl_cert, ssl_key, ca_cert = ARGV[0], ARGV[1], ARGV[2]
# Monkey patch bad User-Agent parsing
module WEBrick::AccessLog
@@ -60,10 +60,12 @@ def format(format_string, params)
unless ssl_cert.nil? || ssl_key.nil?
require 'webrick/https'
config[:SSLEnable] = true
- config[:SSLVerifyClient] = OpenSSL::SSL::VERIFY_NONE
+ config[:SSLVerifyClient] = OpenSSL::SSL::VERIFY_PEER | OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
config[:SSLPrivateKey] = OpenSSL::PKey::RSA.new(File.open(ssl_key).read)
config[:SSLCertificate] = OpenSSL::X509::Certificate.new(File.open(ssl_cert).read)
- config[:SSLCertName] = [["CN", "Graham Hughes"]]
+ config[:SSLCACertificateFile] = ca_cert
+ #config[:SSLCertName] = [["CN", "Graham Hughes"]]
+ config[:SSLCertName] = [["CN", "MyTestCA"]]
end
$stdout.sync = true
server = WEBrick::HTTPServer.new(config)
View
16 spec/req.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICfTCCAWUCAQAwODElMCMGA1UEAwwcTWFoZW5kcmEtS3V0YXJlcy1NYWNCb29r
+LVBybzEPMA0GA1UECgwGc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA62T4o9r3/BbUP4HCxybwr3QRfuGlp8T/mMst5RjSzDpEhwBi7FLrQJYl
+w56rbpz2VfnAeIsCOZs1S90EuuTmNByUHSQrn3bcwKCEt659Q6pL8oF1PNs8cTti
+Wc6JoGOD7+ey+ZHBgX/kL/TqNyZ9VxgwmjHMJBAw9JRjOu+EdY9lma9TQwLaMcE2
+TudTdnDNVDjFmZc6A8kAd3XjgKooByVlxOH67ftwFtvYRMI1dX/wpleFUScsTsWS
+0C2bUVS0UAVkQFVJRE+Lu0sVv2bXF2/SZ42lIHaUr2/c9hYrmmfKuOYAduGgPntn
+t51dZfB5XpL1EYLWifbjAOYPuKgOZQIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEB
+ABqxinpqT/jPQCF7FZsBWotzedoR9wlFJL+yd1QWGihapGUN8a0bSXEfJwTIssPY
+uIDsL+ZOuReAWbBQgpA5hbwhu8JWIavF6abFw0LcHD1hydnrzF+aAdOmK1qTv5un
+mwjWFUOQXdfl5IgDQdsSJ15a8nt+4SxQQDkRQj5L0hdBtCbDkRtPNjCIEvZNS9Ae
+pyAEfWQovTeENRqEbr4HupbVPJWQQdoe/jYTTLaPQ/vv91AZqphzxFHOwnO7NakE
+VsNklhclc03i91fVz2pxmXMaSi3bW1lpysbine4ABBl99cPB+4EB4K/ueGpqse7A
+r264Z6FEuQp4qmrgmyBFXAM=
+-----END CERTIFICATE REQUEST-----
View
18 spec/server/cert.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC9TCCAd2gAwIBAgIBATANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhNeVRl
+c3RDQTAeFw0xMTA5MTMyMjU4MDhaFw0xMjA5MTIyMjU4MDhaMDgxJTAjBgNVBAMM
+HE1haGVuZHJhLUt1dGFyZXMtTWFjQm9vay1Qcm8xDzANBgNVBAoMBnNlcnZlcjCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMGqjVCbzBX0UHXcj8LdEqe1
+d2FyWDbgFI+RPSkDlcNfHTY/aumzI4kTiiUyDgKDFOjdVxJiQr6z/0uHXnaSgjxk
+eapL913O7M0JBiAkNkD+XDYywgdMZaVW1HSeApwZRFXf8zggUMpNpr1Ybes955zj
+CG4H2qSRRsUjJc6FOVBiqTw7s/fF2Je1oRx9GX3zHKpHzwKySclDlbj/mW7aZvKh
+YCp9w7pVnUTs0gUVF1dVxjbWOwjCSvzm/Ux257Odp6pSJslUFz5Krjk/abOoFWCw
+9PDbDfLAop2gP9E4q/aIzIL3TQhHuBMQIAg1xL/pUcPF8ZcHfvOaXZTcsdKH6FkC
+AwEAAaMvMC0wCQYDVR0TBAIwADALBgNVHQ8EBAMCBSAwEwYDVR0lBAwwCgYIKwYB
+BQUHAwEwDQYJKoZIhvcNAQEFBQADggEBAEtW41H5WJgBUY4DCVsaeoW6klcaQLpg
+wfzn8YyoOkGsNVNGlud+i/z2Bt6bFl+ZAEuXEXGG5uvkTlJyv5F4LPfmoxn7M1gd
+G9mU2iFOQZKJ+12BznsAepAiSoycT7VKFP3eWm39rZR7gNCc7Al5QRzmb1ETJg5h
+9GWWK3rkeySUbe7fU8wDFJucoeRFRnMjDclSewt5jOHEGIQTAu5woiI/ipz6eQV4
+5Q7UnBtot4NySs6tC2kBMJjDMb8GTfBnm+a0zdGcg05zcTT1cIf+QI8HVPdu5Kl4
+rBwzg/cr+ZV1CsBhfnUboqPJ2Z160PtETgHmlLlo0BeNncV3OC9IgEk=
+-----END CERTIFICATE-----
View
27 spec/server/key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAwaqNUJvMFfRQddyPwt0Sp7V3YXJYNuAUj5E9KQOVw18dNj9q
+6bMjiROKJTIOAoMU6N1XEmJCvrP/S4dedpKCPGR5qkv3Xc7szQkGICQ2QP5cNjLC
+B0xlpVbUdJ4CnBlEVd/zOCBQyk2mvVht6z3nnOMIbgfapJFGxSMlzoU5UGKpPDuz
+98XYl7WhHH0ZffMcqkfPArJJyUOVuP+Zbtpm8qFgKn3DulWdROzSBRUXV1XGNtY7
+CMJK/Ob9THbns52nqlImyVQXPkquOT9ps6gVYLD08NsN8sCinaA/0Tir9ojMgvdN
+CEe4ExAgCDXEv+lRw8Xxlwd+85pdlNyx0ofoWQIDAQABAoIBAAFvqFierybChw44
+soA5b3f66oW4eVr+0mg2JYP2WNf4DplmYv6Uq4DKuk2IT35JRpBrg8fJHsGXSB9h
+Q5wRfhHAlP5kTdNOQ4dJt9fpLNXSjRCB09qGAIL3X9/1hANwVIdmf8E8zByT8taY
+n0gNT3hkXp2iRUbPJP01Q4SCjGhCL7ojAKvLDe9trk71pwJ/wx1GhTbDKgl9cf62
+RkJ55E5qEpkB7UQmQV9ybEBFAO1qbLG7afJRb/yNN7nbTlpuNzqCfVIPnjL0JvtZ
+NCE0SA5mFkYNbpUarKC4bebPoGwbbcPU9x71YRKSuqxriFM8urYE4PJl1SWXYqdP
+Wnl8D1kCgYEA8/yGTyM+5q/mAS0QXmErISKB8cwDLvjegTTOIFEycQ6NnC1rHuAg
+Ojfu9e/D0FknuUO2DC3agssvG2T+ny/RAMl4rXCAveDKimCNiLF32uZklwXSJj46
+7UUf8kVC7AIzDZz4GeIO6AahszCPKej1iBQGcwaymhQ48Ze3GYtlygsCgYEAyzO8
+V8Tehz90G+kf13oiyXgpsEqAVGlsudUrsZv+/Rqo1EaKmTlGfpk26FxLYRwE5/6o
+QOffMYy9APF2ENF1ZCA1N713jsrhGIVe7W+JHJ8YZCpmVPyNOVoNJNxGODGEKr6h
+/XYGOnoZfRfOPsel2zOmwVC2DkMuuZTYzZCYuasCgYBGFU5bIwupZfNSeShPg+fI
+n8nls61ia7g2Mv3WiJxNn1mL9/viJYz8TB7G5DVB/qoLbGi5fN5cXZLNcqg0/54w
+dK7GWx+P6ycisnNVRWzhIvbX7qMbuxpgF1AC3mRHuKYDjggyHx4bBfSirRsidbk5
+ek8T8WOSIKbutp6wprr5WwKBgQCwhMHRMNjqfmm7sTkS8yty/qqgVSfDrE1h5Vdu
+k4ffkSAmPx05W7LsWOaE1WA5/KAadHLu5z5RCeRKBHe+xmYG05/HSxSn+3+s0HcV
+JXXjYiVLJjX9D+MSdjLC2YM6X3FjvHR1/OgONnEb5OkqSj6++9CZUCbGnv/hAPeR
+I1I4vwKBgBvsJDzGrVeu8EygMfKTYxWCvD5elIoqxFiVKX0pQ7arQC6jpJQ0Zxm/
+IuHbhe8N2sSBMZF9YmHAjIRCsgYOAyFWtOb0uRcxM5dKuRcsTsl9ovdCpJA9a2fV
+Mb7eMlEaZb0UqqyGAwcRFw2wc5QJqlo9Aj/Y3U2tbNlqXasuvPv6
+-----END RSA PRIVATE KEY-----
View
BIN spec/server/keycert.p12
Binary file not shown.
View
16 spec/server/req.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICfTCCAWUCAQAwODElMCMGA1UEAwwcTWFoZW5kcmEtS3V0YXJlcy1NYWNCb29r
+LVBybzEPMA0GA1UECgwGc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAwaqNUJvMFfRQddyPwt0Sp7V3YXJYNuAUj5E9KQOVw18dNj9q6bMjiROK
+JTIOAoMU6N1XEmJCvrP/S4dedpKCPGR5qkv3Xc7szQkGICQ2QP5cNjLCB0xlpVbU
+dJ4CnBlEVd/zOCBQyk2mvVht6z3nnOMIbgfapJFGxSMlzoU5UGKpPDuz98XYl7Wh
+HH0ZffMcqkfPArJJyUOVuP+Zbtpm8qFgKn3DulWdROzSBRUXV1XGNtY7CMJK/Ob9
+THbns52nqlImyVQXPkquOT9ps6gVYLD08NsN8sCinaA/0Tir9ojMgvdNCEe4ExAg
+CDXEv+lRw8Xxlwd+85pdlNyx0ofoWQIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEB
+AC3RMMErtWiatmbqzlYhRpJqKo7LCODlSJPMvNPeJHDPxuKd4n+TMjRuBgLWnuDc
+amg/CyV3vIMQQ/FGlER2j7XsRwUeFru8QcL6pD90nO58HTlhur0eEJtkcVxcX/66
+6i1rCsd6NqRQMEPqqfdkqZgsMlDuPOOWXDCXeIQMPaj3rHdZXwaM7/St4XkEpq79
+AK4r+0v85I8WLkCPpDaggg2gbeH5J5HhzkkPbKJ8Gt4r4MT5C0fPWkPSgiaO875u
+29XCyO+6myIZH4ra/IaUwR8dC67cJqxwmN+Ff4TkiJcep3xGBmYjX8r/gkreeKmb
+VKQd5333orhI6FUYjNOGIJ8=
+-----END CERTIFICATE REQUEST-----
View
BIN spec/testca/cacert.cer
Binary file not shown.
View
17 spec/testca/cacert.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxjCCAa6gAwIBAgIJAJYV+DprCQ1CMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
+BAMTCE15VGVzdENBMB4XDTExMDkxMzIyNTMxMVoXDTEyMDkxMjIyNTMxMVowEzER
+MA8GA1UEAxMITXlUZXN0Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCwmvBNrd7t/Z7ZVo1YfimpGgerOn1vXZY+OGJtqo+pN11Ei7dhVQfWBd2dAkYH
+B8NlPr5QyxmIT88JIRKEzk7ZZ+nRdfyoocg63FeLn+b6OeR5hwyK38aMRbhqY1Gq
+aIKMYyEpv0YNbuwoomv5Atl8mwvuUFr2XKndyzsrP1TrTCHH4lA5P0UUzIjVyyz9
+F4YAjGLjjoVO5R02LmZ/h/LqT6bJQ+cu/2JeIWGVnjKoFvyWHd0TOaOGDHlQc5h8
+RxgdOFrjsZGpQ5sKlhcI+9p0LOXqVfoC2J2ZWtAjFo0d54E/OarnBPFB6VNtoSmj
+l0z+OLGMKuDGaLflXNE0STVdAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0P
+BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAAbVkvPzS59uhX6Ox1ZT92cJXW8yjP
+IyXrZjcWlaKQSKcn8v5RpebtVA+pL6mCActBE8fMac5ixlwTTnF5LHb9v80XuXMe
+MXooQZBliyim5lVCp9gjKZYXEeVDphsuwDr5M4qO7tdZTB1ezCULObVF1N7qMwpO
+yWI6zifRtLsgWmnRyaeVyv2uNRYoAEsAd2Dj4oJjvuyc9U5QUhtsXwD3jvSPsdi6
+Mbr5tVIcZSpT4W9PSiZw2ZUZXIEbxX+w+FsuehhvoFJCi05R1ashCPxQA13bOJK0
+BmbHqeLDzJCK0+kQs8CRIGWGTGng84AyJ5MygGzd0WN9jtZslWTPDtbz
+-----END CERTIFICATE-----
View
18 spec/testca/certs/01.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC9TCCAd2gAwIBAgIBATANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhNeVRl
+c3RDQTAeFw0xMTA5MTMyMjU4MDhaFw0xMjA5MTIyMjU4MDhaMDgxJTAjBgNVBAMM
+HE1haGVuZHJhLUt1dGFyZXMtTWFjQm9vay1Qcm8xDzANBgNVBAoMBnNlcnZlcjCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMGqjVCbzBX0UHXcj8LdEqe1
+d2FyWDbgFI+RPSkDlcNfHTY/aumzI4kTiiUyDgKDFOjdVxJiQr6z/0uHXnaSgjxk
+eapL913O7M0JBiAkNkD+XDYywgdMZaVW1HSeApwZRFXf8zggUMpNpr1Ybes955zj
+CG4H2qSRRsUjJc6FOVBiqTw7s/fF2Je1oRx9GX3zHKpHzwKySclDlbj/mW7aZvKh
+YCp9w7pVnUTs0gUVF1dVxjbWOwjCSvzm/Ux257Odp6pSJslUFz5Krjk/abOoFWCw
+9PDbDfLAop2gP9E4q/aIzIL3TQhHuBMQIAg1xL/pUcPF8ZcHfvOaXZTcsdKH6FkC
+AwEAAaMvMC0wCQYDVR0TBAIwADALBgNVHQ8EBAMCBSAwEwYDVR0lBAwwCgYIKwYB
+BQUHAwEwDQYJKoZIhvcNAQEFBQADggEBAEtW41H5WJgBUY4DCVsaeoW6klcaQLpg
+wfzn8YyoOkGsNVNGlud+i/z2Bt6bFl+ZAEuXEXGG5uvkTlJyv5F4LPfmoxn7M1gd
+G9mU2iFOQZKJ+12BznsAepAiSoycT7VKFP3eWm39rZR7gNCc7Al5QRzmb1ETJg5h
+9GWWK3rkeySUbe7fU8wDFJucoeRFRnMjDclSewt5jOHEGIQTAu5woiI/ipz6eQV4
+5Q7UnBtot4NySs6tC2kBMJjDMb8GTfBnm+a0zdGcg05zcTT1cIf+QI8HVPdu5Kl4
+rBwzg/cr+ZV1CsBhfnUboqPJ2Z160PtETgHmlLlo0BeNncV3OC9IgEk=
+-----END CERTIFICATE-----
View
18 spec/testca/certs/02.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC9TCCAd2gAwIBAgIBAjANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhNeVRl
+c3RDQTAeFw0xMTA5MTMyMzAxMDVaFw0xMjA5MTIyMzAxMDVaMDgxJTAjBgNVBAMM
+HE1haGVuZHJhLUt1dGFyZXMtTWFjQm9vay1Qcm8xDzANBgNVBAoMBmNsaWVudDCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcEhrVTKKgWVqTUBCGBWJlD
+u7RIk7kPcGAARy7Ctx+4VReEYlgVRqECzt4itglNdrQkUVCHXE0rwJMOozE8Hsgh
+rAOQvxzPJhG3hPUJf/VkfB+Dn0xRsPvrE90HpRlSqdT8X6iuryPEmp5RyMaY122P
+r/+Xs+lHhRlKQPdRpYXHlOwWX/U56Wy7jjGU9lONBEIEV8tD5ExzkCG23nbCvrFr
+/2c4VjrAwXR2RyYfSDRyc/obky49ydKZ8/HKbS3VdJYAWBI4Wnj2hayCcZggEFB0
+zg/IDXpOjnr6zV5UEfdaMIH4/K44ISX7xmZWGmQ3464NTmykj5xUMmfy3rVNREsC
+AwEAAaMvMC0wCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYB
+BQUHAwIwDQYJKoZIhvcNAQEFBQADggEBACmNyOoCvNsz8N3LN47VZK7aev54tjtd
+zJilLgAxEGBeaIvHX9LDkgi3sQAvHMHc3VIq4BoEd9TNtyxIrUdc2EG1TCJvHINP
+7YoHtbajvT3bhVLlnWjB7jHp9jNfZtHL7aEDp+5eqPT6wzaVeiu1nABs7gudCQq1
+CJw0Mfz1U3mG0sTb5JlRt7toce9dW0R6jfYTmTj6Yzu3kcgYjQKy2k2BCInLOIhz
+6tyOH51mCGAy1zgcWMvuyKYCeJQxRd46GrR2peyE2wYY6SfSlrK16pjaz48S3uhI
+01jd+HA1LARcImMhkMa/QFTo4uI7lx9Q+Y06Ny+rMuTNSnBSIgCUPQk=
+-----END CERTIFICATE-----
View
2 spec/testca/index.txt
@@ -0,0 +1,2 @@
+V 120912225808Z 01 unknown /CN=Mahendra-Kutares-MacBook-Pro/O=server
+V 120912230105Z 02 unknown /CN=Mahendra-Kutares-MacBook-Pro/O=client
View
1 spec/testca/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
View
1 spec/testca/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
View
1 spec/testca/index.txt.old
@@ -0,0 +1 @@
+V 120912225808Z 01 unknown /CN=Mahendra-Kutares-MacBook-Pro/O=server
View
53 spec/testca/openssl.cnf
@@ -0,0 +1,53 @@
+[ ca ]
+default_ca = testca
+
+[ testca ]
+dir = .
+certificate = $dir/cacert.pem
+database = $dir/index.txt
+new_certs_dir = $dir/certs
+private_key = $dir/private/cakey.pem
+serial = $dir/serial
+
+default_crl_days = 7
+default_days = 365
+default_md = sha1
+
+policy = testca_policy
+x509_extensions = certificate_extensions
+
+[ testca_policy ]
+commonName = supplied
+stateOrProvinceName = optional
+countryName = optional
+emailAddress = optional
+organizationName = optional
+organizationalUnitName = optional
+
+[ certificate_extensions ]
+basicConstraints = CA:false
+
+[ req ]
+default_bits = 2048
+default_keyfile = ./private/cakey.pem
+default_md = sha1
+prompt = yes
+distinguished_name = root_ca_distinguished_name
+x509_extensions = root_ca_extensions
+
+[ root_ca_distinguished_name ]
+commonName = hostname
+
+[ root_ca_extensions ]
+basicConstraints = CA:true
+keyUsage = keyCertSign, cRLSign
+
+[ client_ca_extensions ]
+basicConstraints = CA:false
+keyUsage = digitalSignature
+extendedKeyUsage = 1.3.6.1.5.5.7.3.2
+
+[ server_ca_extensions ]
+basicConstraints = CA:false
+keyUsage = keyEncipherment
+extendedKeyUsage = 1.3.6.1.5.5.7.3.1
View
28 spec/testca/private/cakey.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCwmvBNrd7t/Z7Z
+Vo1YfimpGgerOn1vXZY+OGJtqo+pN11Ei7dhVQfWBd2dAkYHB8NlPr5QyxmIT88J
+IRKEzk7ZZ+nRdfyoocg63FeLn+b6OeR5hwyK38aMRbhqY1GqaIKMYyEpv0YNbuwo
+omv5Atl8mwvuUFr2XKndyzsrP1TrTCHH4lA5P0UUzIjVyyz9F4YAjGLjjoVO5R02
+LmZ/h/LqT6bJQ+cu/2JeIWGVnjKoFvyWHd0TOaOGDHlQc5h8RxgdOFrjsZGpQ5sK
+lhcI+9p0LOXqVfoC2J2ZWtAjFo0d54E/OarnBPFB6VNtoSmjl0z+OLGMKuDGaLfl
+XNE0STVdAgMBAAECggEABHs6A86YrJNV94/hsFArQHY/oZGvYycNy/BkVwIP+SxF
+eprNAXRF6aFmeTh4jG8e/y+zZptwv2u/Bi1HqgUOLSgc38rNqX3Jdeznb8yT8N+N
+M6RApjl9cUvHnTN9/AQA5A0T51pKLccVyQYuFTiESkwo5lg1prC9QrqIetV1ky7l
+khf33TLruKshtQJsxe7BZULrulNrlJFxw+HUmYxLxtlYmJ/CqDEVkbIXStaQ511F
+ep0OCZcl3GAvS5Cybk9OnO7HwLXv7k10PQWdHFG/BEqeUodJlWJTVYfzKfipI44A
+GyzYtjXKijsORxXuHYh2FrMIiATDRjoItlG05n+rgQKBgQDgS3C0xrA0AvEVQANW
+XQ23Gdy6hY1wNjKDJRSbPK/Uuptqp258Z5EQ8GNJtMw9h0YsRNGFNY85wLRsiPMX
+Y8rSifrRnkbdXN6Z1hTIW8RV76oW1UIeyyHcvHMZwkzK+50CVw4ITaKHrSVF85Jg
+Is6WOBVZt5tDlkkByj7KGSj1/QKBgQDJkcIfp7NokfTykBCH6E7gSyjPHyypV1jN
+5NQjt7MfZUF7Z9IkIOi8cy7HOaogjLMgsPdE1QQ+bvoyr8vvUI831nN2kaoHPASO
+SygoDF99bj77PXg1A7JVIL+U1OKGhsqf+gjcx30VEL+qArkqkSqtW+bPR1qdMInI
+1QK/L1uq4QKBgQDFqVYSygJgY7NH8di/FFRQ50bBTY7es7SCJHxrbejahPUP4auZ
+kL+j+OTXALD5DCyIOMGYLiIhWDTobSwlkbkdH6HddymmTQCS+7nm9BArV4FCi/+w
+GX2nBKA+tB9uxpyQgl2Ibbps7OarJcL6W9JJSfVu0kLPJjMCk9QP0GprlQKBgQCu
+tauwjEawyHGrHLt3UR+swPhqLfckABV0wHYvTzXubHFJaT93GR8g2CUfgRe4hrts
+BncMLiYzhzVNYZo9n3HDUBlcF/1rr9WzD+mKbM8HhNsKIMlkCgQ0TOJBOhPtzj8q
+UioEUtRTweSekyWzg4eeIx33Yz1jKYMDk72BwKaPgQKBgFtyq1KrmTM8fwmoWlyt
+VU7TeQcEdK8JWw27Xlpz9x2i8YVzxHfiGIXSPRjoo+rdepquUCJnjNkSFBZz0tOu
+NyXdglCmcZRZvVSI6nFG7naQco2ELT/mIWCNZe76fu2ffI16UOcOMPQimifW9ceD
+ZxhaUngDW5uS27/nEKuxFjlX
+-----END PRIVATE KEY-----
View
1 spec/testca/serial
@@ -0,0 +1 @@
+03
View
1 spec/testca/serial.old
@@ -0,0 +1 @@
+02

0 comments on commit 9c01844

Please sign in to comment.