From 2ff3ccdead8d72cd45652d490da639fa59464ec9 Mon Sep 17 00:00:00 2001 From: jackctj117 Date: Fri, 19 Dec 2025 15:28:39 -0700 Subject: [PATCH 1/8] Allow serial number 0 for root CA certificates --- wolfcrypt/src/asn.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 4ea0743ce6..6aec4c6d48 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -23897,18 +23897,7 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, cert->version = version; cert->serialSz = (int)serialSz; - #if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_PYTHON) && \ - !defined(WOLFSSL_ASN_ALLOW_0_SERIAL) - /* RFC 5280 section 4.1.2.2 states that non-conforming CAs may issue - * a negative or zero serial number and should be handled gracefully. - * Since it is a non-conforming CA that issues a serial of 0 then we - * treat it as an error here. */ - if (cert->serialSz == 1 && cert->serial[0] == 0) { - WOLFSSL_MSG("Error serial number of 0, use WOLFSSL_NO_ASN_STRICT " - "if wanted"); - ret = ASN_PARSE_E; - } - #endif + /* Check for serial size of zero */ if (cert->serialSz == 0) { WOLFSSL_MSG("Error serial size is zero. Should be at least one " "even with no serial number."); @@ -24124,6 +24113,20 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, } } +#if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_PYTHON) && \ + !defined(WOLFSSL_ASN_ALLOW_0_SERIAL) + /* Check for serial number of 0. RFC 5280 section 4.1.2.2 requires + * positive serial numbers. However, allow zero for self-signed CA + * certificates (root CAs) since they are explicitly trusted and some + * legacy root CAs in real-world trust stores have serial number 0. */ + if ((ret == 0) && (cert->serialSz == 1) && (cert->serial[0] == 0)) { + if (!(cert->isCA && cert->selfSigned)) { + WOLFSSL_MSG("Error serial number of 0 for non-root certificate"); + ret = ASN_PARSE_E; + } + } +#endif + if ((ret == 0) && (!done) && (badDate != 0)) { /* Parsed whole certificate fine but return any date errors. */ ret = badDate; From 56b7a058ad8edf74887346805524264efd83e5cd Mon Sep 17 00:00:00 2001 From: jackctj117 Date: Fri, 19 Dec 2025 17:01:31 -0700 Subject: [PATCH 2/8] Added serial 0 tests to unit tests --- certs/include.am | 1 + certs/test-serial0/README.md | 66 +++++++++++++ certs/test-serial0/ee_normal.csr | 16 ++++ certs/test-serial0/ee_normal.pem | 21 +++++ certs/test-serial0/ee_normal_key.pem | 28 ++++++ certs/test-serial0/ee_serial0.csr | 16 ++++ certs/test-serial0/ee_serial0.pem | 21 +++++ certs/test-serial0/ee_serial0_key.pem | 28 ++++++ certs/test-serial0/generate_certs.sh | 94 +++++++++++++++++++ certs/test-serial0/include.am | 13 +++ certs/test-serial0/root.pem | 21 +++++ certs/test-serial0/root_key.pem | 28 ++++++ certs/test-serial0/root_serial0.pem | 21 +++++ certs/test-serial0/root_serial0_key.pem | 28 ++++++ .../test-serial0/selfsigned_nonca_serial0.pem | 21 +++++ .../selfsigned_nonca_serial0_key.pem | 28 ++++++ tests/api/test_asn.c | 72 ++++++++++++++ tests/api/test_asn.h | 4 +- 18 files changed, 526 insertions(+), 1 deletion(-) create mode 100644 certs/test-serial0/README.md create mode 100644 certs/test-serial0/ee_normal.csr create mode 100644 certs/test-serial0/ee_normal.pem create mode 100644 certs/test-serial0/ee_normal_key.pem create mode 100644 certs/test-serial0/ee_serial0.csr create mode 100644 certs/test-serial0/ee_serial0.pem create mode 100644 certs/test-serial0/ee_serial0_key.pem create mode 100755 certs/test-serial0/generate_certs.sh create mode 100644 certs/test-serial0/include.am create mode 100644 certs/test-serial0/root.pem create mode 100644 certs/test-serial0/root_key.pem create mode 100644 certs/test-serial0/root_serial0.pem create mode 100644 certs/test-serial0/root_serial0_key.pem create mode 100644 certs/test-serial0/selfsigned_nonca_serial0.pem create mode 100644 certs/test-serial0/selfsigned_nonca_serial0_key.pem diff --git a/certs/include.am b/certs/include.am index 68fcd1e2ea..3351bfabcd 100644 --- a/certs/include.am +++ b/certs/include.am @@ -146,6 +146,7 @@ include certs/ocsp/include.am include certs/statickeys/include.am include certs/test/include.am include certs/test-pathlen/include.am +include certs/test-serial0/include.am include certs/intermediate/include.am include certs/falcon/include.am include certs/rsapss/include.am diff --git a/certs/test-serial0/README.md b/certs/test-serial0/README.md new file mode 100644 index 0000000000..2a5af47642 --- /dev/null +++ b/certs/test-serial0/README.md @@ -0,0 +1,66 @@ +# Serial Number 0 Test Certificates + +This directory contains test certificates for testing wolfSSL's handling of serial number 0 in certificates, specifically for issue #8615. + +## Background + +RFC 5280 section 4.1.2.2 requires certificate serial numbers to be positive non-zero integers. However, some legacy root CA certificates in real-world trust stores have serial number 0. Since root CAs are explicitly trusted by configuration (not by chain validation), wolfSSL allows serial 0 specifically for self-signed CA certificates (root CAs) while still enforcing RFC 5280 compliance for other certificate types. + +## Test Certificates + +This directory contains the following test certificates: + +### 1. root_serial0.pem +- **Type**: Root CA (self-signed, CA:TRUE) +- **Serial Number**: 0 +- **Expected Behavior**: Should be accepted by wolfSSL +- **Purpose**: Tests that legacy root CAs with serial 0 can be loaded + +### 2. root.pem +- **Type**: Root CA (self-signed, CA:TRUE) +- **Serial Number**: 1 +- **Expected Behavior**: Should be accepted by wolfSSL +- **Purpose**: Normal root CA for signing test certificates + +### 3. ee_serial0.pem +- **Type**: End-entity certificate (CA:FALSE) +- **Serial Number**: 0 +- **Signed By**: root.pem (serial 1) +- **Expected Behavior**: Should be rejected by wolfSSL +- **Purpose**: Tests that end-entity certs with serial 0 are still rejected + +### 4. ee_normal.pem +- **Type**: End-entity certificate (CA:FALSE) +- **Serial Number**: 100 +- **Signed By**: root_serial0.pem (serial 0) +- **Expected Behavior**: Should be accepted by wolfSSL +- **Purpose**: Tests that normal certificates signed by a serial 0 root CA work correctly + +### 5. selfsigned_nonca_serial0.pem +- **Type**: Self-signed certificate (CA:FALSE) +- **Serial Number**: 0 +- **Expected Behavior**: Should be rejected by wolfSSL +- **Purpose**: Tests that self-signed non-CA certs with serial 0 are rejected (only root CAs get the exception) + +## Regenerating Certificates + +To regenerate all test certificates: + +```bash +cd certs/test-serial0 +./generate_certs.sh +``` + +Requirements: +- OpenSSL command-line tool + +## Unit Tests + +These certificates are used by the `test_SerialNumber0_RootCA()` function in `tests/api/test_asn.c`. + +## Related Issues + +- GitHub Issue: https://github.com/wolfSSL/wolfssl/issues/8615 +- RFC 5280 Section 4.1.2.2: Certificate Serial Number Requirements +- RFC Errata 3200: Clarification that serial numbers must be non-zero + diff --git a/certs/test-serial0/ee_normal.csr b/certs/test-serial0/ee_normal.csr new file mode 100644 index 0000000000..9f2965b7c6 --- /dev/null +++ b/certs/test-serial0/ee_normal.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIChTCCAW0CAQAwQDEaMBgGA1UEAwwRRW5kIEVudGl0eSBOb3JtYWwxFTATBgNV +BAoMDHdvbGZTU0wgVGVzdDELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQDGmfUlMQyqetJsIs9jEX5KljUwq1T9Tg743KhWAFDTpR5T +rx0wsUBTnalsY+FdEzQXf0WJ4jLxBZjhiFlUJsVRF24hqME7WjaeJr3+x+8+B550 +81GiBL1B50dVszgyHPTQlhEy/RF3ZUkc+e7ntbmHj7z9es84wBgRhWufV78RcF0L +PwqY5rMOZCxIc9+J7pXZj3eebhXnEar/NwgMfBziKwZ23OFnr0WpYsg/zZxmr1Qr +AExT718RrZ6M5I2T6okgv9vY85oPrut8Gc6C8bFpAg/Z7FpnUaFNfnXzsuG0Lrg8 +k/STG6jR1rK/dFy1H9egpnFyhpdZZN3IkIIbA7XZAgMBAAGgADANBgkqhkiG9w0B +AQsFAAOCAQEAmx7S7a3tM4oJMgf9pI6VE+n1pTMhJ1izGs9+7aDU7Vw0/cSIn62X +NpMN59cYU8PEKmEDMhG11AzaajnoHYNV+a3V84is5gmUW3Gnj5a39nD4l7VRcWXk +1SsGxa4XCrss7SA+wydnbx/bH/t3FTkA7eX2v9Ad+z7gdcyxnSK+c1x0hDj5omHA +g0YpoHgNoS+kUG3oxc0ajzghyiiQCJKPTF2rNyzqFaWL48O49ZRpZHxacZhDAscN +ks/UU8T9s8f39/PthXDUvSqwYaqgOU+isgc4BVnLaDfeycpDG9P6LCM/LB8htecJ +9T4+O5ZhbfYWZA+MRawStYwtapWT37vL2Q== +-----END CERTIFICATE REQUEST----- diff --git a/certs/test-serial0/ee_normal.pem b/certs/test-serial0/ee_normal.pem new file mode 100644 index 0000000000..8a306da15c --- /dev/null +++ b/certs/test-serial0/ee_normal.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIBZDANBgkqhkiG9w0BAQsFADBEMR4wHAYDVQQDDBVUZXN0 +IFJvb3QgQ0EgU2VyaWFsIDAxFTATBgNVBAoMDHdvbGZTU0wgVGVzdDELMAkGA1UE +BhMCVVMwHhcNMjUxMjE5MjM0MDE4WhcNMjYxMjE5MjM0MDE4WjBAMRowGAYDVQQD +DBFFbmQgRW50aXR5IE5vcm1hbDEVMBMGA1UECgwMd29sZlNTTCBUZXN0MQswCQYD +VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMaZ9SUxDKp6 +0mwiz2MRfkqWNTCrVP1ODvjcqFYAUNOlHlOvHTCxQFOdqWxj4V0TNBd/RYniMvEF +mOGIWVQmxVEXbiGowTtaNp4mvf7H7z4HnnTzUaIEvUHnR1WzODIc9NCWETL9EXdl +SRz57ue1uYePvP16zzjAGBGFa59XvxFwXQs/Cpjmsw5kLEhz34nuldmPd55uFecR +qv83CAx8HOIrBnbc4WevRaliyD/NnGavVCsATFPvXxGtnozkjZPqiSC/29jzmg+u +63wZzoLxsWkCD9nsWmdRoU1+dfOy4bQuuDyT9JMbqNHWsr90XLUf16CmcXKGl1lk +3ciQghsDtdkCAwEAAaN5MHcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwHQYDVR0l +BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQOtYl8IbuhwNvuxtw/ +E0EiPBLdITAfBgNVHSMEGDAWgBTKbzmfzfMDi8bSxDKvXPrVlJO7QTANBgkqhkiG +9w0BAQsFAAOCAQEAp2KWiroy9OFUFghTBWquc5oQUVS5f1IYfVt4Gas0Vz9Sokwm +xl+TiXJAA9mV8RSxxkIokGcOsyycwzwyq9IeGhq1ovEgNNJM5OVjkdX5CjjnWs+i +Kum+TEWAawWnTDSRyhxjcbdAu+5TtF+Wk9UwO6hEOEaTUzpgEaGLgiqyJSV3XEpp +y9BQTQ4wwmLv3qzZR8P6O+pRxMIHKu/kkD/2gxlKyonH+PikbR+d1DNP/Hwn92q7 +qs8o7udsluxfHsO8JCiqtRDuHyHPpTTSQIBX1MqIn57dEY67HSIfyXXOsq+ygW/I +coAv4SxQ5arEXmaZXOkcR8Z36FhIw1XO+qBGfg== +-----END CERTIFICATE----- diff --git a/certs/test-serial0/ee_normal_key.pem b/certs/test-serial0/ee_normal_key.pem new file mode 100644 index 0000000000..33e55116d6 --- /dev/null +++ b/certs/test-serial0/ee_normal_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDGmfUlMQyqetJs +Is9jEX5KljUwq1T9Tg743KhWAFDTpR5Trx0wsUBTnalsY+FdEzQXf0WJ4jLxBZjh +iFlUJsVRF24hqME7WjaeJr3+x+8+B55081GiBL1B50dVszgyHPTQlhEy/RF3ZUkc ++e7ntbmHj7z9es84wBgRhWufV78RcF0LPwqY5rMOZCxIc9+J7pXZj3eebhXnEar/ +NwgMfBziKwZ23OFnr0WpYsg/zZxmr1QrAExT718RrZ6M5I2T6okgv9vY85oPrut8 +Gc6C8bFpAg/Z7FpnUaFNfnXzsuG0Lrg8k/STG6jR1rK/dFy1H9egpnFyhpdZZN3I +kIIbA7XZAgMBAAECggEAEVCl92lN2zqHHbIb67LAPzIruVkOuWD0sYzSHmFmVUrY +QzU0HHqFCw/mur0AjolYlCiJVbVYz1EMxwkIuhYBQ7SBFRfYn7CaAh2K7hYyDRyZ +RkVahiosnVIpPYG5HLa6lMmoqTiNgnUxs9WJ7JNtoAc6U81BGN0NRtB06s5kfwQU +f4cJ0eW9FoAgLorxCQTdfWDecV26wEy7AylEPZwavs7oDjxeIMSmE0X7kaAzXXab +LYrjLY8d2ySQLPOO+0fwCnKqxPAIS11iZOXkyEb1sEurSH/k4F6SPI44qpr3sUP+ +W9FSXdFe0d9FXNLAEsUcx1ZlQhTcXatwmTfrsuvgiwKBgQD8VCLCpjmRAYLAWNWd +k8lXXc4XZHKVdW3mSFBoiVTaTTdMncm55VrCaPTizZcjQSP1lsvTaIskjzh/aJ5A +ZoKN7b0d9uI4voSdT72qdjV//CSTwHcxqngxidYhVncTVHGW2SxWCQpCdnkB9Ljt +ONRSSo1eSC7iejKDB1gCyB6hhwKBgQDJfbNX0ZnnzW3dd9Z9dl7HZk0BtdlbLlSn +XZKPpHjDpHKA8tNLAJqfUS7m70rOlk8K6Ls9Lw/BWWQmNH95Syyd99xXw32q2gwJ +U9OQZkOg1TBriXdOy0GMPR1Hva4pTL+p6cUdtTuoiSqDsWQFXCXJX2yZbX9vSHqS +wnOxquxFnwKBgQCQroWH6twTQzR/qfBCfFz0VXs4eoYhIMY1Rr2kUypuSdwteEQU +7WfPFXNlINFKi61cwmx4+fberaiNlaU39A9j5i+MIOWx97v+n5x3Q3SFwEQQ3Ej8 +F2z3qrs3PmbklITVJA2B/4j8dwYHkxT+IJnN3aWVq/oGLl8MNofGgIzfvQKBgQCJ +qxMgi5umn9vTGBA7ROdZQnKXGpLaE/vPJsX+0xeYRQHfTQpFErKS7DspmpH4OQbk +o0NbeI5BQzyERhZa35wqirHIXU+9rqHOtbG11cmbWE5vC0uzUHkGwrMA037txPyn +sYv20l9iteWQeWGnr+A5iLOA2Sna9SCaqbW2zNwGbQKBgQCJ9FzkJZTNn5xmFmhH +JaCwl+BUKFIITN9xgoB7G2Fd5s8dMRhATnSxWHxoYh+VMIDZmJVItatSMN84ATN+ +xis5DbQdKvCDcBhuDc9U46UhmQvvg5PpHBAdDVg2VGY6n7ZTydOSTEJJIjINxzDD +ditcotkx/ZONY00aSgx/FtmmkA== +-----END PRIVATE KEY----- diff --git a/certs/test-serial0/ee_serial0.csr b/certs/test-serial0/ee_serial0.csr new file mode 100644 index 0000000000..e2d0226c13 --- /dev/null +++ b/certs/test-serial0/ee_serial0.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIChzCCAW8CAQAwQjEcMBoGA1UEAwwTRW5kIEVudGl0eSBTZXJpYWwgMDEVMBMG +A1UECgwMd29sZlNTTCBUZXN0MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBANUOzExpAy8FaTQVU4yj2FxAY93lRLhNe9R9CW9LBKZD +6R3tg+EltRK5i4798RnZfXwanU2LeCFi21a7q7FL29gaeTxxP1CrB59lubdvlqIK +82TAubWHBhoPt0dPR5bTsBPtwoqn8ZPAJPTBqFkzpkX8ASNIakvPH546RX+6WHbJ +a175fxyKMRo6V9UKWjA/sqQkhIOA3Drl6x4d7haa35NquZm/OeIQnEqu2XWTdWcx +iMqKquTNyJ2izZ4WRa65QzVMPLQrlh47xtPUC5Hu17sgW2FYY1GiOmTO3iKAXZsn +yt+9UWJru8NuvWkxIZdwOABLJm8K25XW8GvZUvoan7cCAwEAAaAAMA0GCSqGSIb3 +DQEBCwUAA4IBAQC/GAHuVZz2p/Tkk7QXrIbovWvw2g1gusPDJrL27471ZwFUnTyA +y5NZDGRSMazZCylclRBIATEEEiTobR32+3NaT/r01wMBW/9R5uh7MpDAJjA9jS/8 +zE92TwwT9H8RHnkbJXzxKPbnRZF/Nl5FE0DzH7YlHY9PKAbkeN3l3M5zy8yxoon+ +1g2QiEVHiGWPshtpbqpKuxbgwSJ8bP6BdZ51fwmgSCqzaei+OCXrGKKHJqdHpwRd +iX7tp4PtcCWiifwvb1d/az5X/CGBfK6qar8jYNa5dGLXQn2pilAxoddRSDIrrNnN +pT3R8Djb1CQGFtS7RUdtmA5FRqlY3cAFI4o6 +-----END CERTIFICATE REQUEST----- diff --git a/certs/test-serial0/ee_serial0.pem b/certs/test-serial0/ee_serial0.pem new file mode 100644 index 0000000000..7cd5afec47 --- /dev/null +++ b/certs/test-serial0/ee_serial0.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBCMRwwGgYDVQQDDBNUZXN0 +IFJvb3QgQ0EgTm9ybWFsMRUwEwYDVQQKDAx3b2xmU1NMIFRlc3QxCzAJBgNVBAYT +AlVTMB4XDTI1MTIxOTIzNDAxOFoXDTI2MTIxOTIzNDAxOFowQjEcMBoGA1UEAwwT +RW5kIEVudGl0eSBTZXJpYWwgMDEVMBMGA1UECgwMd29sZlNTTCBUZXN0MQswCQYD +VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANUOzExpAy8F +aTQVU4yj2FxAY93lRLhNe9R9CW9LBKZD6R3tg+EltRK5i4798RnZfXwanU2LeCFi +21a7q7FL29gaeTxxP1CrB59lubdvlqIK82TAubWHBhoPt0dPR5bTsBPtwoqn8ZPA +JPTBqFkzpkX8ASNIakvPH546RX+6WHbJa175fxyKMRo6V9UKWjA/sqQkhIOA3Drl +6x4d7haa35NquZm/OeIQnEqu2XWTdWcxiMqKquTNyJ2izZ4WRa65QzVMPLQrlh47 +xtPUC5Hu17sgW2FYY1GiOmTO3iKAXZsnyt+9UWJru8NuvWkxIZdwOABLJm8K25XW +8GvZUvoan7cCAwEAAaN5MHcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwHQYDVR0l +BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQx+Na6kBfWYPpaWckA +enIUHRBTpjAfBgNVHSMEGDAWgBSHt8mJk7i7mgilD+S1x772GmpVEzANBgkqhkiG +9w0BAQsFAAOCAQEAToFw7Pq59wHF05exYFlSC8R5TRQy9C4fZH55J5urGZ76pOFw +7jyxke2QacP0/3bE3/cJOFPjGm4pu060+lI9sVu0S4ztiRjaNhbHm2vbpZ7ZLXrL +2ytMG4S17rbkCw/nPbNEi4aleB/QPI8g2oVDmxO9ZR8dGhh9CBsNsfy5iHo+clV3 +NAim9bhd3otyJRJcEfTUBe2n+DIu87B4s+/8d7NWZm/0s3p+tDZ8b9cvJcakN4Ty +uN42s7goJ+fBQhPyPvxn/DT6wQY0rfEtsPGF4DFliKdnOlrHkctA9mC3ysGWbNa4 +m/t6/U2WeTZPSgJad/OHsXHP+/Ke7dEiXHZsCw== +-----END CERTIFICATE----- diff --git a/certs/test-serial0/ee_serial0_key.pem b/certs/test-serial0/ee_serial0_key.pem new file mode 100644 index 0000000000..34d641b0f4 --- /dev/null +++ b/certs/test-serial0/ee_serial0_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDVDsxMaQMvBWk0 +FVOMo9hcQGPd5US4TXvUfQlvSwSmQ+kd7YPhJbUSuYuO/fEZ2X18Gp1Ni3ghYttW +u6uxS9vYGnk8cT9QqwefZbm3b5aiCvNkwLm1hwYaD7dHT0eW07AT7cKKp/GTwCT0 +wahZM6ZF/AEjSGpLzx+eOkV/ulh2yWte+X8cijEaOlfVClowP7KkJISDgNw65ese +He4Wmt+TarmZvzniEJxKrtl1k3VnMYjKiqrkzcidos2eFkWuuUM1TDy0K5YeO8bT +1AuR7te7IFthWGNRojpkzt4igF2bJ8rfvVFia7vDbr1pMSGXcDgASyZvCtuV1vBr +2VL6Gp+3AgMBAAECggEAFfkjutGtwWC2e+ejKUMQolsFsbHeh39+QOjwWykKfrdM +SIjhbAv+g8LdEM9B2V+j4HPCO2gh6JeQdX5/c5aWQtBgJoqrc/9fluHf6Ho6t9WX +SpHR1VXqnC94wIL9qCGG7Fc+FBzD/m/3n8KFQUXhZSBbYa8rP0xKP4BVAJpQW1e0 +WkMxy57kMdZYAgFsGK3vdnaZyBFtIePj1WDplRwR4wCFWq920MWWv5WyG2OyIXiP +BG7o8qhEyU+bPKbIWfaLtIrZHwNk38HoDoluoKx3/W9rEY0jS/Qgwk+Z5Dd4/ufS +C+sf82bh5mlOvCsBt5LTfuIhjXH0QVSWYqiQW5Zk8QKBgQD3G/iQo+yK+7hGiELm +YasBftSJ3kW2J19BWzWsH31P6QzpwldHXDgJo3pITpoBnNvWgfa5y+/D7aN9WrMs +JY3DZO9eyUHw4j2tC0c9HCORObgWYdwQ274UCV6y2o815ty+B/4Vla1ENt2TPWHa +8TCgaBjGH8Px187zJRoKmFdOeQKBgQDcuTEuwLRhky6O4bBh41XZ7CfvfBco1EXx +yk12WJ63bpVmRlmciWQWEwUVOHr3cGRzCCeQ1Y3uz7jYMDit3ZkfkbIjHwwxLaVn +TC+9hptp4oEidO30Qsf7PQKzkE7jg6FVCw/MsPMj6LXI45dM6i0k6zIrmmcUpPaw +6QHnriETrwKBgAJ7I2nAW5WhpV3/7DwH6wGe1l9z/dswVgJ/+e/6ePWeb2TBcMLk +qCNgos+rClzNyF9E+scuxv9+mU+e44Gj9uJpVwXqm2DhxKDCJjr0116T58dBwEXj +DuuAlJTTIPD3mmvGBMUOtaijrGHYEe1y0nwpz2Xd18fL1OYYD0Tf9rBxAoGAT3dR +UL7KcpLV4VU59pQtdY8DdcJcaDO8lue56dDQG8Rxf2f2nVgNs7DXVKOICgvp7kxS +Sl/IgOFCcHsz/MzaczY2R1THQ/FmKoGQcpDC5WVKDsjAXv+oFjkJ/vIGpPzgGcko +wA45C4Wd5RyjfWqWJEOVRYOKdzFJK7pIGExl1jsCgYAzQksueSZmOaekeuSDcOxz +VVAalQcH7Z6mtoPu8NGRtdnQt4fdKWzEEZ1B4jPk2TqgYqsu7DPo/N46Go/96fAY +w4w/OaamuD+Pv3bPkpgArBlcz954/JCzkNwVO1dgbg4KYSxuYWfYGV41c1R5lvYT +wK6SetMgDcNc9rp6OG81xg== +-----END PRIVATE KEY----- diff --git a/certs/test-serial0/generate_certs.sh b/certs/test-serial0/generate_certs.sh new file mode 100755 index 0000000000..605096bddf --- /dev/null +++ b/certs/test-serial0/generate_certs.sh @@ -0,0 +1,94 @@ +#!/bin/bash +# +# Generate test certificates for serial number 0 testing (issue #8615) +# This script creates certificates in the certs/test-serial0/ directory + +set -e + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +cd "$SCRIPT_DIR" + +echo "===================================================" +echo "Generating serial 0 test certificates in: $SCRIPT_DIR" +echo "===================================================" + +# 1. Create Root CA with serial number 0 +echo "" +echo "[1/5] Creating Root CA with serial number 0..." +openssl req -x509 -newkey rsa:2048 -keyout root_serial0_key.pem -out root_serial0.pem \ + -days 3650 -nodes -subj "/CN=Test Root CA Serial 0/O=wolfSSL Test/C=US" \ + -set_serial 0 \ + -addext "basicConstraints=critical,CA:TRUE" \ + -addext "keyUsage=critical,keyCertSign,cRLSign" + +echo " Root CA serial number:" +openssl x509 -in root_serial0.pem -noout -serial + +# 2. Create normal Root CA (serial != 0) +echo "" +echo "[2/5] Creating normal Root CA with serial number 1..." +openssl req -x509 -newkey rsa:2048 -keyout root_key.pem -out root.pem \ + -days 3650 -nodes -subj "/CN=Test Root CA Normal/O=wolfSSL Test/C=US" \ + -set_serial 1 \ + -addext "basicConstraints=critical,CA:TRUE" \ + -addext "keyUsage=critical,keyCertSign,cRLSign" + +echo " Root CA serial number:" +openssl x509 -in root.pem -noout -serial + +# 3. Create end-entity cert with serial 0 signed by normal root +echo "" +echo "[3/5] Creating end-entity certificate with serial number 0..." +openssl req -newkey rsa:2048 -keyout ee_serial0_key.pem -out ee_serial0.csr -nodes \ + -subj "/CN=End Entity Serial 0/O=wolfSSL Test/C=US" + +openssl x509 -req -in ee_serial0.csr -CA root.pem -CAkey root_key.pem \ + -out ee_serial0.pem -days 365 -set_serial 0 \ + -extfile <(echo "basicConstraints=CA:FALSE +keyUsage=digitalSignature,keyEncipherment +extendedKeyUsage=serverAuth,clientAuth") + +echo " End-entity cert serial number:" +openssl x509 -in ee_serial0.pem -noout -serial + +# 4. Create normal end-entity cert signed by root CA with serial 0 +echo "" +echo "[4/5] Creating normal end-entity certificate (signed by serial 0 root)..." +openssl req -newkey rsa:2048 -keyout ee_normal_key.pem -out ee_normal.csr -nodes \ + -subj "/CN=End Entity Normal/O=wolfSSL Test/C=US" + +openssl x509 -req -in ee_normal.csr -CA root_serial0.pem -CAkey root_serial0_key.pem \ + -out ee_normal.pem -days 365 -set_serial 100 \ + -extfile <(echo "basicConstraints=CA:FALSE +keyUsage=digitalSignature,keyEncipherment +extendedKeyUsage=serverAuth,clientAuth") + +echo " Normal end-entity cert serial number:" +openssl x509 -in ee_normal.pem -noout -serial + +# 5. Create self-signed non-CA certificate with serial 0 +echo "" +echo "[5/5] Creating self-signed non-CA certificate with serial number 0..." +openssl req -x509 -newkey rsa:2048 -keyout selfsigned_nonca_serial0_key.pem \ + -out selfsigned_nonca_serial0.pem -days 365 -nodes \ + -subj "/CN=Self-Signed Non-CA Serial 0/O=wolfSSL Test/C=US" \ + -set_serial 0 \ + -addext "basicConstraints=CA:FALSE" \ + -addext "keyUsage=digitalSignature,keyEncipherment" + +echo " Self-signed non-CA cert serial number:" +openssl x509 -in selfsigned_nonca_serial0.pem -noout -serial + +echo "" +echo "===================================================" +echo "Certificate generation complete!" +echo "===================================================" +echo "" +echo "Generated certificates in: $SCRIPT_DIR" +echo " - root_serial0.pem (Root CA with serial 0)" +echo " - root.pem (Normal root CA)" +echo " - ee_serial0.pem (End-entity with serial 0)" +echo " - ee_normal.pem (Normal end-entity)" +echo " - selfsigned_nonca_serial0.pem (Self-signed non-CA with serial 0)" +echo "" + diff --git a/certs/test-serial0/include.am b/certs/test-serial0/include.am new file mode 100644 index 0000000000..efbf993070 --- /dev/null +++ b/certs/test-serial0/include.am @@ -0,0 +1,13 @@ +# vim:ft=automake +# included from Top Level Makefile.am +# All paths should be given relative to the root + +dist_doc_DATA+= certs/test-serial0/README.md + +EXTRA_DIST+= certs/test-serial0/generate_certs.sh \ + certs/test-serial0/root_serial0.pem \ + certs/test-serial0/root.pem \ + certs/test-serial0/ee_serial0.pem \ + certs/test-serial0/ee_normal.pem \ + certs/test-serial0/selfsigned_nonca_serial0.pem + diff --git a/certs/test-serial0/root.pem b/certs/test-serial0/root.pem new file mode 100644 index 0000000000..581a6422e2 --- /dev/null +++ b/certs/test-serial0/root.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDYjCCAkqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBCMRwwGgYDVQQDDBNUZXN0 +IFJvb3QgQ0EgTm9ybWFsMRUwEwYDVQQKDAx3b2xmU1NMIFRlc3QxCzAJBgNVBAYT +AlVTMB4XDTI1MTIxOTIzNDAxN1oXDTM1MTIxNzIzNDAxN1owQjEcMBoGA1UEAwwT +VGVzdCBSb290IENBIE5vcm1hbDEVMBMGA1UECgwMd29sZlNTTCBUZXN0MQswCQYD +VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMKVS5W8y81i +YOYfBB60Zf/RxDy3Y7Sck1TyD6YbR4LOhvR+Wirbg09C0Yg+yrERzF2GlkugwT+j +SSlSljgzoieWIVxTdAfHCje7JwZA17/6YAthUFpqpzSzGLcAFpWvtFSCwTd+1CTw +suME5AL7qXF3jrhDJ9+VgfQJIlvbMnY1kLBG62ceG659q5WfHxWOOXXU/6dUOC6+ +DAW6njh9AKvQJM/J3yV2U8XJD31DnQyk3GnA1vSp3fiFF1F20kcHALwP6i7mm7Nl +sjs3mBmNH+gPRdfsKuuDH99bKi1utophWtkhgmHHTsR9woTZOSUlJwAVE4Eh0hLG +vVjvdEkR9rsCAwEAAaNjMGEwHQYDVR0OBBYEFIe3yYmTuLuaCKUP5LXHvvYaalUT +MB8GA1UdIwQYMBaAFIe3yYmTuLuaCKUP5LXHvvYaalUTMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBEIi3qHMBYUhwf +qsADCG8cseg+ay81gypC5UGsvoSCY6vFXKFHJrN40IDOw0j4aOHrLnVIps8JqJ1g +w6IbM+sOU90fN45O32a/hvBIvC2YjkOen1ubzSRmJShGJPCTMN/ukHUr52G2Uvdl +N9STaYzE2kQE/tcK6FiD/uHosN+WqfPE7YfqbV4PtVR8UCzGTHYUtAe8T0xGdvz1 +NR1cZy9lhaRAcOx1G28rGo6pIGqMg/OKdY49RwshC7WnBAwJT4kvp7fAO57DRx+z +UTk+Mzgw/51jQo6/6glSs7Ry8yjwaEI51JkF/afz63ugMBh+HDa9YT7/k1mHdgNf +BM6gjMgs +-----END CERTIFICATE----- diff --git a/certs/test-serial0/root_key.pem b/certs/test-serial0/root_key.pem new file mode 100644 index 0000000000..e44af57221 --- /dev/null +++ b/certs/test-serial0/root_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDClUuVvMvNYmDm +HwQetGX/0cQ8t2O0nJNU8g+mG0eCzob0floq24NPQtGIPsqxEcxdhpZLoME/o0kp +UpY4M6InliFcU3QHxwo3uycGQNe/+mALYVBaaqc0sxi3ABaVr7RUgsE3ftQk8LLj +BOQC+6lxd464QyfflYH0CSJb2zJ2NZCwRutnHhuufauVnx8Vjjl11P+nVDguvgwF +up44fQCr0CTPyd8ldlPFyQ99Q50MpNxpwNb0qd34hRdRdtJHBwC8D+ou5puzZbI7 +N5gZjR/oD0XX7Crrgx/fWyotbraKYVrZIYJhx07EfcKE2TklJScAFROBIdISxr1Y +73RJEfa7AgMBAAECggEAOUA5AYEPi8n2za5xhWE5o5fB/8VLikAJX1RrQ0nCdBu0 +/GnSuMpma6MyyD4FYCzm7tujC/Rr93/hDk300etrOe+DuEj7mjA3cudXV5EriZou +uRp0TG4V7T0GuA1IF9mfGsBv/haMb6P8VixBtBj8pVxyeweTS0cPedBYMiOfyMR9 +geRGv/In9pyud/JnesUGKLh9HwxRaR2iSUuLMuvPSnDzQIrELZMDn5UkMJOtYWFB +ER/8sMK9Ns47dmRM2tK1F6Di0OP0rNcg7J/ThCoJ1HWAKC46txsk8VsxQYLGM1IY +Um3G4aK+tpiistd2gzPOe4QYN+Tc+eaoi6JR2UrMOQKBgQDkwSNtzjSZulAF0hQv +NlQqkRIdnM/VM+Kcykb6uNjlWuSyFKKFL59Nei3Qj0K31IhU1icBCGvPhgx0fUMG +QrbtXFpnO7ZFJtNhMyA5Yvdzw/KxW4+izy/ZxCBTLJKzCo+riCz4lN2Yfz3MVn8g +MtIczyThPGkNyO1Pa+TPQTJmcwKBgQDZwkEfFJoXEBiu5W6gVNkW0PiTCkCeTk3/ +M4PGrLGqZd+GA9WiCGJlfCrl9K01eTyKGBIsojOU73LB+uYzTgI2HQrdkfnq7yny +uFty63u5WCgs4cK2yR426xTjWq+266AQFIN8kK0/RUdF4QCNAyeLU0hyhpxiPwi0 ++78yHBdUmQKBgQCoqaL2tkBgTFfuQrvxJ4ydKgOCY/l1SGFAm4AEIsCBMyhGCSLf +MoKxfHFFQiu+IO04KAHwKAZdp4eNaEI/3nbDwgFB9mvoxry6ARk0Vrz+1S4fCNR6 +BWtRk+MFkGrFqfbOUYRe8FwGsWKeQ/RNiEsVRMH7dDA9IrWehn3ZNkfz8wKBgQDC +3LgVrgPt23ObHqiORR828a1fN293ui7Fzj1/zg32o88QR+Ima0ZR9nkU6o0NKv5n +vP6WfleWUWfp+jGBe68y6W5NtFFmULrC/wKmpd9DjoX1E9mAZBzrnBZHFWHkWJoV +iaXYFEdUNRSAjcZGaao7XT2ZbqgGqs2J1zXTC5w9EQKBgHA0sgxTh+M+jV8kBDZo +c1J3pF/bWMUp8DePNbwsaz6Qu9vGe7e25xJZO8PtSzHVzgahz980Y4HJzOu7pRCM +BvERqMndDggUVLCw5irtdEqlPNUt+Bdf//xX9JiEEXuojDm0bJlxYeXWV4CVc1nI +6BUG5sJfCeICcyKJAS6kn3KC +-----END PRIVATE KEY----- diff --git a/certs/test-serial0/root_serial0.pem b/certs/test-serial0/root_serial0.pem new file mode 100644 index 0000000000..89bdc498fc --- /dev/null +++ b/certs/test-serial0/root_serial0.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDZjCCAk6gAwIBAgIBADANBgkqhkiG9w0BAQsFADBEMR4wHAYDVQQDDBVUZXN0 +IFJvb3QgQ0EgU2VyaWFsIDAxFTATBgNVBAoMDHdvbGZTU0wgVGVzdDELMAkGA1UE +BhMCVVMwHhcNMjUxMjE5MjM0MDE3WhcNMzUxMjE3MjM0MDE3WjBEMR4wHAYDVQQD +DBVUZXN0IFJvb3QgQ0EgU2VyaWFsIDAxFTATBgNVBAoMDHdvbGZTU0wgVGVzdDEL +MAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrIH40 +erYfetOLROpuIy/CWwiPVyiG+FC6QiMmKOjEy0SXH5ZlxTSX/TWnhqv2KszUv1wg +v0RtWSE+zL69VhcbIGJBXDs3CoLYIaLwUl0UnP0QKcnpiAPkTeyPh9oQq1sRCACK +J/COuAMY04Xs8wNatTYugUZfCqi5VKigVxLngNVEruHg306sWTRVjv5BjjwvfbL4 +5XnUPs3sAQ+rD2uGLQ1TDZ07Td8nKwrUEyrdLoIxXUmMGYZnFMFN2GI1PmuJmYt+ +M+Lsi23YrobIV4OfFVoZ1Ln6kYgu/ocH/trQ32hD4P0L8tL9fZgMb5/G9LgYWTY4 +DjYdsOtBx0PAe+0DAgMBAAGjYzBhMB0GA1UdDgQWBBTKbzmfzfMDi8bSxDKvXPrV +lJO7QTAfBgNVHSMEGDAWgBTKbzmfzfMDi8bSxDKvXPrVlJO7QTAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAdNqm7c3j +08UY1493GDDEvGmn+Qncl1thCTeFkzeI9TCmQNmjdaDR4UYxEWq81X/clpm2VzXy +Gq0ya1NqnfcNSKS4q9VSZFx6MC2YpnK2e87flTz2386ghEHrxkp5E7ZYL6uuvk2D +omBYoML5tESpBt3C6/564lHzebywUIUR5W2t9zQUK7Y7swGrzMnMsb+/j954S0x2 +7nB6xTsBdw2UL/h4VyIp5igC8+Zp8BoxdmGSFPQvJoTSvMS5rjmWgIhbhVIH+zvm +ICiUA76VAZaCjq2BGKSvoGtzvADebTwEGgsF+bzB+96L/8BH2NCAsLQ8h9X507iq +dqms0IqlEiXKfA== +-----END CERTIFICATE----- diff --git a/certs/test-serial0/root_serial0_key.pem b/certs/test-serial0/root_serial0_key.pem new file mode 100644 index 0000000000..634be8014a --- /dev/null +++ b/certs/test-serial0/root_serial0_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCrIH40erYfetOL +ROpuIy/CWwiPVyiG+FC6QiMmKOjEy0SXH5ZlxTSX/TWnhqv2KszUv1wgv0RtWSE+ +zL69VhcbIGJBXDs3CoLYIaLwUl0UnP0QKcnpiAPkTeyPh9oQq1sRCACKJ/COuAMY +04Xs8wNatTYugUZfCqi5VKigVxLngNVEruHg306sWTRVjv5BjjwvfbL45XnUPs3s +AQ+rD2uGLQ1TDZ07Td8nKwrUEyrdLoIxXUmMGYZnFMFN2GI1PmuJmYt+M+Lsi23Y +robIV4OfFVoZ1Ln6kYgu/ocH/trQ32hD4P0L8tL9fZgMb5/G9LgYWTY4DjYdsOtB +x0PAe+0DAgMBAAECggEAG/4qNup13UtpzGffE1olJ11d1pjS09VN21ITTtw1S2/W +zgPIReiO9GfivX89pPyWWhzddKvlBSAl3JCAiRdKm1DeUcPFGflZswI5ladbe5I8 +oUa8tTtfK5sFnesCpGRrdqtA71ieNLJsK0T6rOqJu25WKSBTgxuKwxpSpTvpJz46 +e6GOFng3zGMQPONnaCgVTIhBSn86dhT2kxg+ah+wYUJcY5tdhhub84nyUQptx8qn +kV6eKOM6j4ds5tkgRnXalFD49j66tDQyERpRJSLnbUE6JxbFckxbpl86lLj6p1BR +ezBOhtpYtZdOQg7HiGCwHW+098br3vL2bfri/q5ybQKBgQDqOuE1kDlB/TW1zc3o +4APxwbsh6Xx/pFLGFjuOOiQIaGDxoGvJtNfFAXfnCljSSoJXw6kQVXxZ5RE62H9b +ugnUCFRiVYFbkxHplWQwUq5QJ3SmIgYFJEndcGFv33v9+glG3NKFo8iGE4muJPFw ++JSjpjB3DMDFroKuQtSb3rFJBwKBgQC7CC2/Ohxs+cPs8z6NHH4vVbAvBFdqOOoX +tqkvMP3bnQ6oIkAuEJ/2IisErF/Jja7qTLK35+LOw0bX2FbotqNtb+ukUvu+kol/ +XEVmlFIuxWxlrvoSGMDPD04ob6us9z3YDnsKkoS+FIqe5u5Le04lhEzFcBoYQyy5 +jXoZzzPpJQKBgAOtev3BTvTXSfGZ0qLWaZlxJkQJC3hhlx8fGD5KcWhkYylIEIkx +OrYQKNbK1cwveU5xdwUXooUy0Itw/Mbu69qVauXEW+yZKY3WV6VelvgRNoapQBjy +kepVKmJ8StEZDO48511Lzgk041OFpvjUHllXcalc3OX9sHWV/QqZe4UfAoGAfAWm +YEHmi5TsCPobpnMYccb+d48HcFahVGw5sCNqkvCIwZFEwccga5Sotgaf1gVv0cpe +UHkh+z2ego7gwpwpru4icerdKLf/GUdUdfswq/caNCtdhBaJ9EQP7dxvGNkyV0zy +5kXWZD021rwHlGIFpfce+WWmyCPzSm+4Ydj2cUkCgYAyaxA7DKXNnp5kWl8t9MK9 +ReioSMoXs2cqrmR51UDZNCv5TeqrJ6hVeYHKVsfDicsPLDUGaVSkYAWzSVh3x6Aw +WW4WpXvQVZy/gETVQoqUHQG+HjV1wWcqZ923nnlk0h4gn4yG7QUy5eE1AjTBzUxj +g9kd4izacQwN71PCjY1nzA== +-----END PRIVATE KEY----- diff --git a/certs/test-serial0/selfsigned_nonca_serial0.pem b/certs/test-serial0/selfsigned_nonca_serial0.pem new file mode 100644 index 0000000000..02e4253428 --- /dev/null +++ b/certs/test-serial0/selfsigned_nonca_serial0.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDaTCCAlGgAwIBAgIBADANBgkqhkiG9w0BAQsFADBKMSQwIgYDVQQDDBtTZWxm +LVNpZ25lZCBOb24tQ0EgU2VyaWFsIDAxFTATBgNVBAoMDHdvbGZTU0wgVGVzdDEL +MAkGA1UEBhMCVVMwHhcNMjUxMjE5MjM0MDE4WhcNMjYxMjE5MjM0MDE4WjBKMSQw +IgYDVQQDDBtTZWxmLVNpZ25lZCBOb24tQ0EgU2VyaWFsIDAxFTATBgNVBAoMDHdv +bGZTU0wgVGVzdDELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCfd5OZn5tx6hQWpwRuxHW+JEvMoIYpRDrfDYhvojPVnKlvLjwR/Wqh +Xf14BSkK7i1rfMkGa27r8+1nASBxwg0qSdL9yhKVEZKw64Ho8KIuEX5Nspu/Cpqt +kY3Iq4DOaVb5zlwqlmdDWPLwuw31FKvqoKeemAMHPW/tumMXNqjhfw8TVaerkvd0 +BsHf137z3p2w0nzdv00je6bXFuqNFgUTbIDGosxHTG8MFwnlOmU+qqykwDGT/IMe +Ba8YPfslaTgi0mVIWuNO7Ye1+uA3GpnCLsJxBV+NChiZUPnOsYlW0tZo7LbE2q6D +1AI5jwu25ccQlskTo/XJosx3vzlt5KPrAgMBAAGjWjBYMB0GA1UdDgQWBBQk/2Bc +jpaxm/OmYDhmC3b1E5xA9zAfBgNVHSMEGDAWgBQk/2Bcjpaxm/OmYDhmC3b1E5xA +9zAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQsFAAOCAQEAAnT+ +BA1g63JcAXtpe/vD3x91n8iErppTTR0gQruCzuNBSZikmBngXQAiMJwGhJdUNbHu +v6dL0CduCvVXAT93cvwqf9KjcZDBsQhpiRGsGlSO+uV0wG/gqX2UsN+LKZdUbv6J +HtOMbpMIqQqnbBfJzIEmaoiIYrRQXmv2OcTN0AExBVNERSPDP4sNOozgqNpdoj/g +fB199fO/UCFQ7SeRsb60PrGAj9VBk722odRi6aNmWWyXpybwVeuqf7/R7mpkM17w +tcsY8eplQ4BmGygcGaWz6ppr98Kp4P/juy5ui2B657UOZrdRKmW8QkkJeCHR98kz +q02SitVOp/z7qpxV1Q== +-----END CERTIFICATE----- diff --git a/certs/test-serial0/selfsigned_nonca_serial0_key.pem b/certs/test-serial0/selfsigned_nonca_serial0_key.pem new file mode 100644 index 0000000000..29daa7fc52 --- /dev/null +++ b/certs/test-serial0/selfsigned_nonca_serial0_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCfd5OZn5tx6hQW +pwRuxHW+JEvMoIYpRDrfDYhvojPVnKlvLjwR/WqhXf14BSkK7i1rfMkGa27r8+1n +ASBxwg0qSdL9yhKVEZKw64Ho8KIuEX5Nspu/CpqtkY3Iq4DOaVb5zlwqlmdDWPLw +uw31FKvqoKeemAMHPW/tumMXNqjhfw8TVaerkvd0BsHf137z3p2w0nzdv00je6bX +FuqNFgUTbIDGosxHTG8MFwnlOmU+qqykwDGT/IMeBa8YPfslaTgi0mVIWuNO7Ye1 ++uA3GpnCLsJxBV+NChiZUPnOsYlW0tZo7LbE2q6D1AI5jwu25ccQlskTo/XJosx3 +vzlt5KPrAgMBAAECggEABn1MQWUwYzteY+maEZPnIrzBZOtnakh/iNI5KinUqC2+ +62pbQXQpobV8eiTjnbFBoe0rFRrMIcgEcjumgVqfRIhKkM9nYC+d45tB5yPbxboq +hKjvE6Av2T5iIbdw/3Vj97iBIa6LNz9oa4mBMOcNc/fjul1/Sg0i/+6k163+w2Zi +yglYlbt7bwnuc7G1QEb560fdXLTWb0qCAdN+mBBn3DN9g1r9csRDwFfdkLjPJ6iO +aSzBFQ3wgLx2H4pCHv2iljdgTtR95l7GuAUFVOKpkuSNR/2jSkXWVfN7XOHBhQ2X +et8sDwoP2/m61Hl557xW1bHgUbICUEmtnr8F3lrkKQKBgQDcTqNdrfZ+6Ud5Dnkj +gDYskwHk3+5vaPZAQO9LU7EiMxqMOrzb7rkduNqbY1ydI0pHBqiqiELdZ1wIjtxF +s8R1rJ39DNMtLGdKDlEK9QHMXIIw7JqlFv8NcpBGkpLH9nDtqZlHqvuvW9wRC+f0 +Njcfe47pIMM5Sc3TO9gaqRtAjwKBgQC5TY/2L4S+8nmlYt78hWTY82isST5HZic1 +N3ZjRikXzaoyFu+/m4GzwB+MTZzn1YZmy5MKFnlIKAcoBjm23B4hBjC1lD4EwyS1 +Xx8Yvyt51ZWDvSdRXOHOaUo4hvq4qPBN382iJXla6sSC3lZUVrZHZh7QiSng2a1v +c1J4xOfc5QKBgFp3cF5nsXEsGk17xALwA08KjxyNWDwnvfdkst8b3wFMOvqapDMs +NJgf8KUeiEl+1GGWOmzMx6hjaUeaYpm82E/6MmZXfeBu+3tNpbn6ImLpGg09G8Pv +TY0YHmbcianTaUwu+OKVNAUuk4/sc7O1D62971GMQp6j0AGN8ZABIU/BAoGAF25e +WNPzZi3FAgu5hJbdhK1qu/ZbAK5DIPCNcMorYg4oikLqOAFS6kbN9nDN+Wa/ovn0 +8t6aoWwmU4JOA/hbevOMbzl6iiGe36xSg0+REMvYJxthAGHNT8tyjilLRNRf5oj5 +OJqieMOc66tvoSSB0g9wsA/YEs2Tp7ceY5UKeJ0CgYAWCiWd3xrz8x1VPLJM1J27 +1JgqjxgYp9or0q1v21dxJOn6FEwmXc9z15lQ0TSBUhKrluBqK3t7254BSWhqu/Ul +uqeb7OUhJ+mHxDIJlj/AIzfF0nuyUoTZrDowVKTxg1KMHS9KsOI7o+pCfv8aGjvw +WAE0EsFxzAniEe2/l9Aq0g== +-----END PRIVATE KEY----- diff --git a/tests/api/test_asn.c b/tests/api/test_asn.c index c3907b394e..ca3731e22d 100644 --- a/tests/api/test_asn.c +++ b/tests/api/test_asn.c @@ -787,3 +787,75 @@ int test_wolfssl_local_MatchBaseName(void) return EXPECT_RESULT(); } + +int test_SerialNumber0_RootCA(void) +{ + EXPECT_DECLS; + +#if !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) + /* Test that root CA certificates with serial number 0 are accepted, + * while non-root certificates with serial 0 are rejected (issue #8615) */ + +#if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_PYTHON) && \ + !defined(WOLFSSL_ASN_ALLOW_0_SERIAL) + WOLFSSL_CERT_MANAGER* cm = NULL; + const char* rootSerial0File = "./certs/test-serial0/root_serial0.pem"; + const char* rootNormalFile = "./certs/test-serial0/root.pem"; + const char* eeSerial0File = "./certs/test-serial0/ee_serial0.pem"; + const char* eeNormalFile = "./certs/test-serial0/ee_normal.pem"; + const char* selfSignedNonCASerial0File = + "./certs/test-serial0/selfsigned_nonca_serial0.pem"; + + /* Test 1: Root CA with serial 0 should load successfully */ + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, rootSerial0File, NULL), + WOLFSSL_SUCCESS); + if (cm != NULL) { + wolfSSL_CertManagerFree(cm); + cm = NULL; + } + + /* Test 2: Normal root CA (serial != 0) should load successfully */ + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, rootNormalFile, NULL), + WOLFSSL_SUCCESS); + + /* Test 3: End-entity cert with serial 0 should be rejected during verify */ + ExpectIntNE(wolfSSL_CertManagerVerify(cm, eeSerial0File, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + + if (cm != NULL) { + wolfSSL_CertManagerFree(cm); + cm = NULL; + } + + /* Test 4: Normal end-entity cert signed by root CA with serial 0 + * should verify successfully */ + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, rootSerial0File, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerVerify(cm, eeNormalFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + + if (cm != NULL) { + wolfSSL_CertManagerFree(cm); + cm = NULL; + } + + /* Test 5: Self-signed non-CA certificate with serial 0 should be rejected */ + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectIntNE(wolfSSL_CertManagerLoadCA(cm, selfSignedNonCASerial0File, NULL), + WOLFSSL_SUCCESS); + + if (cm != NULL) { + wolfSSL_CertManagerFree(cm); + cm = NULL; + } +#endif /* !WOLFSSL_NO_ASN_STRICT && !WOLFSSL_PYTHON && + !WOLFSSL_ASN_ALLOW_0_SERIAL */ +#endif /* !NO_CERTS && !NO_FILESYSTEM && !NO_RSA && WOLFSSL_CERT_GEN && + WOLFSSL_CERT_EXT */ + + return EXPECT_RESULT(); +} diff --git a/tests/api/test_asn.h b/tests/api/test_asn.h index e78bb145bb..23e683f38b 100644 --- a/tests/api/test_asn.h +++ b/tests/api/test_asn.h @@ -28,11 +28,13 @@ int test_SetAsymKeyDer(void); int test_GetSetShortInt(void); int test_wc_IndexSequenceOf(void); int test_wolfssl_local_MatchBaseName(void); +int test_SerialNumber0_RootCA(void); #define TEST_ASN_DECLS \ TEST_DECL_GROUP("asn", test_SetAsymKeyDer), \ TEST_DECL_GROUP("asn", test_GetSetShortInt), \ TEST_DECL_GROUP("asn", test_wc_IndexSequenceOf), \ - TEST_DECL_GROUP("asn", test_wolfssl_local_MatchBaseName) + TEST_DECL_GROUP("asn", test_wolfssl_local_MatchBaseName), \ + TEST_DECL_GROUP("asn", test_SerialNumber0_RootCA) #endif /* WOLFCRYPT_TEST_ASN_H */ From 18178a3f78996ca68bd4d995cd4b260745d795d1 Mon Sep 17 00:00:00 2001 From: jackctj117 Date: Tue, 23 Dec 2025 13:37:36 -0600 Subject: [PATCH 3/8] Fix for old tests --- tests/api.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/api.c b/tests/api.c index 95b5f37713..91deb99a05 100644 --- a/tests/api.c +++ b/tests/api.c @@ -19897,7 +19897,10 @@ static int test_MakeCertWith0Ser(void) CTC_NAME_SIZE); cert.selfSigned = 1; - cert.isCA = 1; + /* Changed from isCA=1 to isCA=0 to test non-root certificate. + * Serial 0 is now allowed for root CAs (selfSigned && isCA), + * but should still be rejected for non-CA certificates. */ + cert.isCA = 0; cert.sigType = CTC_SHA256wECDSA; #ifdef WOLFSSL_CERT_EXT From 38a1ffcc53eec4f53995188729822f8aaa2c1108 Mon Sep 17 00:00:00 2001 From: jackctj117 Date: Wed, 7 Jan 2026 09:34:30 -0700 Subject: [PATCH 4/8] Add serial 0 validation to non-template code path --- wolfcrypt/src/asn.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 6aec4c6d48..574d86a0ca 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -25758,7 +25758,21 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm, cert->srcIdx = cert->sigIndex; } - if ((ret = GetSigAlg(cert, +#if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_PYTHON) && \ + !defined(WOLFSSL_ASN_ALLOW_0_SERIAL) + /* Check for serial number of 0. RFC 5280 section 4.1.2.2 requires + * positive serial numbers. However, allow zero for self-signed CA + * certificates (root CAs) since they are explicitly trusted and some + * legacy root CAs in real-world trust stores have serial number 0. */ + if ((ret == 0) && (cert->serialSz == 1) && (cert->serial[0] == 0)) { + if (!(cert->isCA && cert->selfSigned)) { + WOLFSSL_MSG("Error serial number of 0 for non-root certificate"); + ret = ASN_PARSE_E; + } + } +#endif + + if ((ret != 0) || (ret = GetSigAlg(cert, #ifdef WOLFSSL_CERT_REQ !cert->isCSR ? &confirmOID : &cert->signatureOID, #else From 7bafa04b495879a479acac5af89555195386cd6c Mon Sep 17 00:00:00 2001 From: jackctj117 Date: Wed, 7 Jan 2026 14:26:55 -0700 Subject: [PATCH 5/8] Add serial 0 validation to original parser, fix CSR handling --- wolfcrypt/src/asn.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 574d86a0ca..837b988028 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -24120,7 +24120,11 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, * certificates (root CAs) since they are explicitly trusted and some * legacy root CAs in real-world trust stores have serial number 0. */ if ((ret == 0) && (cert->serialSz == 1) && (cert->serial[0] == 0)) { - if (!(cert->isCA && cert->selfSigned)) { + if (!(cert->isCA && cert->selfSigned) +#ifdef WOLFSSL_CERT_REQ + && !cert->isCSR +#endif + ) { WOLFSSL_MSG("Error serial number of 0 for non-root certificate"); ret = ASN_PARSE_E; } @@ -25765,14 +25769,21 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm, * certificates (root CAs) since they are explicitly trusted and some * legacy root CAs in real-world trust stores have serial number 0. */ if ((ret == 0) && (cert->serialSz == 1) && (cert->serial[0] == 0)) { - if (!(cert->isCA && cert->selfSigned)) { + if (!(cert->isCA && cert->selfSigned) +#ifdef WOLFSSL_CERT_REQ + && !cert->isCSR +#endif + ) { WOLFSSL_MSG("Error serial number of 0 for non-root certificate"); ret = ASN_PARSE_E; } } + if (ret < 0) { + return ret; + } #endif - if ((ret != 0) || (ret = GetSigAlg(cert, + if ((ret = GetSigAlg(cert, #ifdef WOLFSSL_CERT_REQ !cert->isCSR ? &confirmOID : &cert->signatureOID, #else From 384471c2f3004b3de8643eed0332ba6bd2f2cf87 Mon Sep 17 00:00:00 2001 From: jackctj117 Date: Fri, 16 Jan 2026 16:14:40 -0700 Subject: [PATCH 6/8] Fix test_MakeCertWith0Ser: remove keyCertSign from non-CA certificate test --- tests/api.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/api.c b/tests/api.c index 91deb99a05..a9d486fd0c 100644 --- a/tests/api.c +++ b/tests/api.c @@ -19903,9 +19903,8 @@ static int test_MakeCertWith0Ser(void) cert.isCA = 0; cert.sigType = CTC_SHA256wECDSA; -#ifdef WOLFSSL_CERT_EXT - cert.keyUsage |= KEYUSE_KEY_CERT_SIGN; -#endif + /* Note: KEYUSE_KEY_CERT_SIGN is not set here because it's only valid for + * CA certificates. This test creates a non-CA certificate (isCA=0). */ /* set serial number to 0 */ cert.serialSz = 1; From c529e8d0718ee3ec86e0ed2083f256e40d28dc5e Mon Sep 17 00:00:00 2001 From: jackctj117 Date: Tue, 20 Jan 2026 15:21:37 -0700 Subject: [PATCH 7/8] Add generated test certificates for serial 0 testing --- certs/test-serial0/ee_normal.csr | 24 ++++----- certs/test-serial0/ee_normal.pem | 32 ++++++------ certs/test-serial0/ee_normal_key.pem | 52 +++++++++---------- certs/test-serial0/ee_serial0.csr | 24 ++++----- certs/test-serial0/ee_serial0.pem | 32 ++++++------ certs/test-serial0/ee_serial0_key.pem | 52 +++++++++---------- certs/test-serial0/root.pem | 32 ++++++------ certs/test-serial0/root_key.pem | 52 +++++++++---------- certs/test-serial0/root_serial0.pem | 32 ++++++------ certs/test-serial0/root_serial0_key.pem | 52 +++++++++---------- .../test-serial0/selfsigned_nonca_serial0.pem | 30 +++++------ .../selfsigned_nonca_serial0_key.pem | 52 +++++++++---------- 12 files changed, 233 insertions(+), 233 deletions(-) diff --git a/certs/test-serial0/ee_normal.csr b/certs/test-serial0/ee_normal.csr index 9f2965b7c6..d299574a1c 100644 --- a/certs/test-serial0/ee_normal.csr +++ b/certs/test-serial0/ee_normal.csr @@ -1,16 +1,16 @@ -----BEGIN CERTIFICATE REQUEST----- MIIChTCCAW0CAQAwQDEaMBgGA1UEAwwRRW5kIEVudGl0eSBOb3JtYWwxFTATBgNV BAoMDHdvbGZTU0wgVGVzdDELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQDGmfUlMQyqetJsIs9jEX5KljUwq1T9Tg743KhWAFDTpR5T -rx0wsUBTnalsY+FdEzQXf0WJ4jLxBZjhiFlUJsVRF24hqME7WjaeJr3+x+8+B550 -81GiBL1B50dVszgyHPTQlhEy/RF3ZUkc+e7ntbmHj7z9es84wBgRhWufV78RcF0L -PwqY5rMOZCxIc9+J7pXZj3eebhXnEar/NwgMfBziKwZ23OFnr0WpYsg/zZxmr1Qr -AExT718RrZ6M5I2T6okgv9vY85oPrut8Gc6C8bFpAg/Z7FpnUaFNfnXzsuG0Lrg8 -k/STG6jR1rK/dFy1H9egpnFyhpdZZN3IkIIbA7XZAgMBAAGgADANBgkqhkiG9w0B -AQsFAAOCAQEAmx7S7a3tM4oJMgf9pI6VE+n1pTMhJ1izGs9+7aDU7Vw0/cSIn62X -NpMN59cYU8PEKmEDMhG11AzaajnoHYNV+a3V84is5gmUW3Gnj5a39nD4l7VRcWXk -1SsGxa4XCrss7SA+wydnbx/bH/t3FTkA7eX2v9Ad+z7gdcyxnSK+c1x0hDj5omHA -g0YpoHgNoS+kUG3oxc0ajzghyiiQCJKPTF2rNyzqFaWL48O49ZRpZHxacZhDAscN -ks/UU8T9s8f39/PthXDUvSqwYaqgOU+isgc4BVnLaDfeycpDG9P6LCM/LB8htecJ -9T4+O5ZhbfYWZA+MRawStYwtapWT37vL2Q== +A4IBDwAwggEKAoIBAQDQSvsliJPsY3ISeW7hj9iry1sP1uLy6RXBdsxfitjzgXjW +NT4wq04sC+WCB0ce2eQqtY5WEKWrY2Xcm565IgHGTa/lGMQVoyBALx7JFUfdgopI +p+3cmNdsh3brxyBid6vkWZ2Kqg66xrepP81DBjYJjZVZkPAcVPVaRy9OUcrYba3C +39Ag8dkazgEArTjWLzpn0E+R8TmNnBaHfNtC1sCQlBvXgcflmcgJX5YiezySyrxe +yZ2NLnI//T8gLfDET0wxaDl3ghaxsYmsm/S3k2O+/1LBIRVBo5m/StqKE0dd74Jy +l6IjLhA2AAIPKDead3agECwT92z8IBuEP+c+ReFbAgMBAAGgADANBgkqhkiG9w0B +AQsFAAOCAQEAq+cFptvWqf7wJyNHKx/ba8Vs5L7eQ0FxptaL+vL/GJpK/EB/eUXf +EbpznObJhe1koHzfdTg6AxORR/EdOnMwNd4OwsFf0EneC8As+fQp0VGJsI5pJROq +FHdwh4bvAnA/hb9xrmev1BemjNGiRfuyDxkFB737x0HqWE4hLT7r+/+K56nXjaOh +RW/J8Q6yestFmhOaYkikO/JRuDZycsjnig+tCpsqCMbPH8NDZnQ9iqsM7GsJnbJ0 +xN5564H6pybxWRAbzUwuqD9GjZEUMnQEl09Bj3RrvdO6k0Is/3DLz/j18Lq9SMVE +Pn65JyYOtOx4nYq/l0qwGmyxVH6B2iFK5A== -----END CERTIFICATE REQUEST----- diff --git a/certs/test-serial0/ee_normal.pem b/certs/test-serial0/ee_normal.pem index 8a306da15c..1250886e78 100644 --- a/certs/test-serial0/ee_normal.pem +++ b/certs/test-serial0/ee_normal.pem @@ -1,21 +1,21 @@ -----BEGIN CERTIFICATE----- MIIDeDCCAmCgAwIBAgIBZDANBgkqhkiG9w0BAQsFADBEMR4wHAYDVQQDDBVUZXN0 IFJvb3QgQ0EgU2VyaWFsIDAxFTATBgNVBAoMDHdvbGZTU0wgVGVzdDELMAkGA1UE -BhMCVVMwHhcNMjUxMjE5MjM0MDE4WhcNMjYxMjE5MjM0MDE4WjBAMRowGAYDVQQD +BhMCVVMwHhcNMjYwMTIwMjIyMDU0WhcNMjcwMTIwMjIyMDU0WjBAMRowGAYDVQQD DBFFbmQgRW50aXR5IE5vcm1hbDEVMBMGA1UECgwMd29sZlNTTCBUZXN0MQswCQYD -VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMaZ9SUxDKp6 -0mwiz2MRfkqWNTCrVP1ODvjcqFYAUNOlHlOvHTCxQFOdqWxj4V0TNBd/RYniMvEF -mOGIWVQmxVEXbiGowTtaNp4mvf7H7z4HnnTzUaIEvUHnR1WzODIc9NCWETL9EXdl -SRz57ue1uYePvP16zzjAGBGFa59XvxFwXQs/Cpjmsw5kLEhz34nuldmPd55uFecR -qv83CAx8HOIrBnbc4WevRaliyD/NnGavVCsATFPvXxGtnozkjZPqiSC/29jzmg+u -63wZzoLxsWkCD9nsWmdRoU1+dfOy4bQuuDyT9JMbqNHWsr90XLUf16CmcXKGl1lk -3ciQghsDtdkCAwEAAaN5MHcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwHQYDVR0l -BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQOtYl8IbuhwNvuxtw/ -E0EiPBLdITAfBgNVHSMEGDAWgBTKbzmfzfMDi8bSxDKvXPrVlJO7QTANBgkqhkiG -9w0BAQsFAAOCAQEAp2KWiroy9OFUFghTBWquc5oQUVS5f1IYfVt4Gas0Vz9Sokwm -xl+TiXJAA9mV8RSxxkIokGcOsyycwzwyq9IeGhq1ovEgNNJM5OVjkdX5CjjnWs+i -Kum+TEWAawWnTDSRyhxjcbdAu+5TtF+Wk9UwO6hEOEaTUzpgEaGLgiqyJSV3XEpp -y9BQTQ4wwmLv3qzZR8P6O+pRxMIHKu/kkD/2gxlKyonH+PikbR+d1DNP/Hwn92q7 -qs8o7udsluxfHsO8JCiqtRDuHyHPpTTSQIBX1MqIn57dEY67HSIfyXXOsq+ygW/I -coAv4SxQ5arEXmaZXOkcR8Z36FhIw1XO+qBGfg== +VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANBK+yWIk+xj +chJ5buGP2KvLWw/W4vLpFcF2zF+K2POBeNY1PjCrTiwL5YIHRx7Z5Cq1jlYQpatj +ZdybnrkiAcZNr+UYxBWjIEAvHskVR92Cikin7dyY12yHduvHIGJ3q+RZnYqqDrrG +t6k/zUMGNgmNlVmQ8BxU9VpHL05RythtrcLf0CDx2RrOAQCtONYvOmfQT5HxOY2c +Fod820LWwJCUG9eBx+WZyAlfliJ7PJLKvF7JnY0ucj/9PyAt8MRPTDFoOXeCFrGx +iayb9LeTY77/UsEhFUGjmb9K2ooTR13vgnKXoiMuEDYAAg8oN5p3dqAQLBP3bPwg +G4Q/5z5F4VsCAwEAAaN5MHcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwHQYDVR0l +BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRnG/d+aW8BFCmq6uwx +C6dWjzttgjAfBgNVHSMEGDAWgBRt0+yEMO1FSR8j934e0GuPtvjJETANBgkqhkiG +9w0BAQsFAAOCAQEAcL96MOQD8SbVbhqBc7pJWrzUCfdHUX5TVfvwmSgU2+36cSkl +3X5ScMQT9FJbdMe/O3a3jpVVjNM1Tr4n1vL/32o5/3YVlzUZBKtOs+wQU4p+juin +ye9ot4IZTbv12Fqwp4UC1Z7QU9SwtwEVE6drWYEmc7dRN1DchEaI6fmGMCqIaD4+ +6rw4yUEeRn6tVVnzhRHK+F0iCSKUK4cpvDgJqbtzJDMHx777L1dZV/7Q3SLhdJoV +Iz+KB/HTUaaV47cUbJyxpGw4RmtsFW0Lt/B6Tgfp6X6laUCTLKIXxQVKEzxI2GMc +vBT21qGYbcWCAPdF0BBTo5zsI/zWtgyuTEWmMQ== -----END CERTIFICATE----- diff --git a/certs/test-serial0/ee_normal_key.pem b/certs/test-serial0/ee_normal_key.pem index 33e55116d6..d5b9f76733 100644 --- a/certs/test-serial0/ee_normal_key.pem +++ b/certs/test-serial0/ee_normal_key.pem @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDGmfUlMQyqetJs -Is9jEX5KljUwq1T9Tg743KhWAFDTpR5Trx0wsUBTnalsY+FdEzQXf0WJ4jLxBZjh -iFlUJsVRF24hqME7WjaeJr3+x+8+B55081GiBL1B50dVszgyHPTQlhEy/RF3ZUkc -+e7ntbmHj7z9es84wBgRhWufV78RcF0LPwqY5rMOZCxIc9+J7pXZj3eebhXnEar/ -NwgMfBziKwZ23OFnr0WpYsg/zZxmr1QrAExT718RrZ6M5I2T6okgv9vY85oPrut8 -Gc6C8bFpAg/Z7FpnUaFNfnXzsuG0Lrg8k/STG6jR1rK/dFy1H9egpnFyhpdZZN3I -kIIbA7XZAgMBAAECggEAEVCl92lN2zqHHbIb67LAPzIruVkOuWD0sYzSHmFmVUrY -QzU0HHqFCw/mur0AjolYlCiJVbVYz1EMxwkIuhYBQ7SBFRfYn7CaAh2K7hYyDRyZ -RkVahiosnVIpPYG5HLa6lMmoqTiNgnUxs9WJ7JNtoAc6U81BGN0NRtB06s5kfwQU -f4cJ0eW9FoAgLorxCQTdfWDecV26wEy7AylEPZwavs7oDjxeIMSmE0X7kaAzXXab -LYrjLY8d2ySQLPOO+0fwCnKqxPAIS11iZOXkyEb1sEurSH/k4F6SPI44qpr3sUP+ -W9FSXdFe0d9FXNLAEsUcx1ZlQhTcXatwmTfrsuvgiwKBgQD8VCLCpjmRAYLAWNWd -k8lXXc4XZHKVdW3mSFBoiVTaTTdMncm55VrCaPTizZcjQSP1lsvTaIskjzh/aJ5A -ZoKN7b0d9uI4voSdT72qdjV//CSTwHcxqngxidYhVncTVHGW2SxWCQpCdnkB9Ljt -ONRSSo1eSC7iejKDB1gCyB6hhwKBgQDJfbNX0ZnnzW3dd9Z9dl7HZk0BtdlbLlSn -XZKPpHjDpHKA8tNLAJqfUS7m70rOlk8K6Ls9Lw/BWWQmNH95Syyd99xXw32q2gwJ -U9OQZkOg1TBriXdOy0GMPR1Hva4pTL+p6cUdtTuoiSqDsWQFXCXJX2yZbX9vSHqS -wnOxquxFnwKBgQCQroWH6twTQzR/qfBCfFz0VXs4eoYhIMY1Rr2kUypuSdwteEQU -7WfPFXNlINFKi61cwmx4+fberaiNlaU39A9j5i+MIOWx97v+n5x3Q3SFwEQQ3Ej8 -F2z3qrs3PmbklITVJA2B/4j8dwYHkxT+IJnN3aWVq/oGLl8MNofGgIzfvQKBgQCJ -qxMgi5umn9vTGBA7ROdZQnKXGpLaE/vPJsX+0xeYRQHfTQpFErKS7DspmpH4OQbk -o0NbeI5BQzyERhZa35wqirHIXU+9rqHOtbG11cmbWE5vC0uzUHkGwrMA037txPyn -sYv20l9iteWQeWGnr+A5iLOA2Sna9SCaqbW2zNwGbQKBgQCJ9FzkJZTNn5xmFmhH -JaCwl+BUKFIITN9xgoB7G2Fd5s8dMRhATnSxWHxoYh+VMIDZmJVItatSMN84ATN+ -xis5DbQdKvCDcBhuDc9U46UhmQvvg5PpHBAdDVg2VGY6n7ZTydOSTEJJIjINxzDD -ditcotkx/ZONY00aSgx/FtmmkA== +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDQSvsliJPsY3IS +eW7hj9iry1sP1uLy6RXBdsxfitjzgXjWNT4wq04sC+WCB0ce2eQqtY5WEKWrY2Xc +m565IgHGTa/lGMQVoyBALx7JFUfdgopIp+3cmNdsh3brxyBid6vkWZ2Kqg66xrep +P81DBjYJjZVZkPAcVPVaRy9OUcrYba3C39Ag8dkazgEArTjWLzpn0E+R8TmNnBaH +fNtC1sCQlBvXgcflmcgJX5YiezySyrxeyZ2NLnI//T8gLfDET0wxaDl3ghaxsYms +m/S3k2O+/1LBIRVBo5m/StqKE0dd74Jyl6IjLhA2AAIPKDead3agECwT92z8IBuE +P+c+ReFbAgMBAAECggEAMTQ9PsEUPIfDZzTTaipaYz7PHJ9FDl/cWU7QeZNpq6A+ +pM+ACOw2s7X9uekxNkr/mM05ugAFusZoxiPm61HqvGcWsZZXn8rgr/jRm2vRBbU0 +KHSu/mkGnqcjgxAPiOM/MlqvGhYRE7MkqLEfMoGRm1EcYkOYTQEO0ow1UxmEQvq8 +NLiuPiX783SLGfcvaSXZ0Sjt7040J6YZmwPRQexf7FvR5wUqI/5xx6OqyXs4D/Ua +/UsJZNbaXmnUL4KR7D7mQXQnj3GZF1SC4xYwZxe+3XQI+YADjvyN2huv7JgWFszE +oBkaAGhlXFnilxPJ7MUOCAZgJuj0Q23MN2vCaB8CAQKBgQD+AHcCqbRUEP48cwVd +SA7nHf9u8b0Zf0KArh94SlFJPI9FvfqEIWguJqY0TgoOg8RSdnJTPxaKgix1MX8k +zrRYhmlX5vK0ZQrKoSIRoD0jeDXWbqywICamqurPeJW9DznhmAWlh4+99YcP0OAs +nzALph1fGzvHZG7UkSdBwGPnWwKBgQDR7nZ6dWSPKMZskNvhqv5aXZJ8bly6zRZB +X6uc/9pSjG9sFSlrx9JspoBcA9mvlMoGjbL+vPqTUC31X+7GbEUD0VGoz91zAHgL +nuzYNtO3uFUMrfsafwV2yxiIia5gO9xn+xvtYu9ooyeIbDH76Hx+NurvWE78n2wH +4u7QRaEOAQKBgQDEKC/AiraMxaLRpDJcW63GptABKgdTjYgaQF5lU197I52xyomR +SQtfuNFaS3pQw0n2NSsNRwdtaCJVTyhVkJyOUR9Bl0WQMwgmfFIHMqyEm+1X8JjE +W8/9nrlACGv7WarlobWapBpKJTds6250h2tfU6YTMMD1t4Yv+vlKOf3tSQKBgAax +DDPBFDCAAzsorumVkr/8pZOzzN7jdKcmzoiVmzbwZQjT79sQpoNyFztXoBO5sWre +D2uRSIdzkdN1eF34y4ZgoLK51Xw58pmkOjZ2IO+FP6jEzvE8RUdRF/oaMWW94rup +xG0frzPtp2/wyvMVqQo44+o3LWVeC4qA0E3xOj4BAoGAXg5lRpHvQ7pnBc3091bt +fDmZwFcqFnIH/9GATHzj2E0nBaTEkCFHNhPoW8gdpZBGUbe7Tgy1HGZUY9Few6Wt +n0CvP8dcaN2WTrUh7oWe5cL27ySOoGO46pUqgUSAwTKTReK7LsUq0s5wpsYcCrLp +bqDVpmojm7S1Ie/5Eep12r8= -----END PRIVATE KEY----- diff --git a/certs/test-serial0/ee_serial0.csr b/certs/test-serial0/ee_serial0.csr index e2d0226c13..859dc466c4 100644 --- a/certs/test-serial0/ee_serial0.csr +++ b/certs/test-serial0/ee_serial0.csr @@ -1,16 +1,16 @@ -----BEGIN CERTIFICATE REQUEST----- MIIChzCCAW8CAQAwQjEcMBoGA1UEAwwTRW5kIEVudGl0eSBTZXJpYWwgMDEVMBMG A1UECgwMd29sZlNTTCBUZXN0MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBANUOzExpAy8FaTQVU4yj2FxAY93lRLhNe9R9CW9LBKZD -6R3tg+EltRK5i4798RnZfXwanU2LeCFi21a7q7FL29gaeTxxP1CrB59lubdvlqIK -82TAubWHBhoPt0dPR5bTsBPtwoqn8ZPAJPTBqFkzpkX8ASNIakvPH546RX+6WHbJ -a175fxyKMRo6V9UKWjA/sqQkhIOA3Drl6x4d7haa35NquZm/OeIQnEqu2XWTdWcx -iMqKquTNyJ2izZ4WRa65QzVMPLQrlh47xtPUC5Hu17sgW2FYY1GiOmTO3iKAXZsn -yt+9UWJru8NuvWkxIZdwOABLJm8K25XW8GvZUvoan7cCAwEAAaAAMA0GCSqGSIb3 -DQEBCwUAA4IBAQC/GAHuVZz2p/Tkk7QXrIbovWvw2g1gusPDJrL27471ZwFUnTyA -y5NZDGRSMazZCylclRBIATEEEiTobR32+3NaT/r01wMBW/9R5uh7MpDAJjA9jS/8 -zE92TwwT9H8RHnkbJXzxKPbnRZF/Nl5FE0DzH7YlHY9PKAbkeN3l3M5zy8yxoon+ -1g2QiEVHiGWPshtpbqpKuxbgwSJ8bP6BdZ51fwmgSCqzaei+OCXrGKKHJqdHpwRd -iX7tp4PtcCWiifwvb1d/az5X/CGBfK6qar8jYNa5dGLXQn2pilAxoddRSDIrrNnN -pT3R8Djb1CQGFtS7RUdtmA5FRqlY3cAFI4o6 +BQADggEPADCCAQoCggEBALEtqgqXbOUdAsBBRE3FvtL9gUQOBn+JMBvrXTgHMhV5 +Bx6AEQF7x4av90MUllAnPKthbJrJlFEHenlKfmQ/mGygdlwenf4WZtKx0tbRwkGX +o6ZQwsFlDuHAIykn99B+tnm+8C3LcTirTDEBNcyauqhgJigIH5W5X+4LqqK5GAlB +Pj/YgUpNxCdLIZUm7m+Zms3U2kKCmZEDCQDGItA8Zfc8a4Fut4W6ZqtzGhJ8+8KK +I/+QpGhdYzAptMJ4oKYShTE3WgQxMAdwnSYTqu5V4h1fCq2fdAMZL3Sa8yE7vimZ +t4eGNWM/WdrEuX/3GBd/A6B9L0m0fSOC6YzLpPKiBfkCAwEAAaAAMA0GCSqGSIb3 +DQEBCwUAA4IBAQBG+FbMGBe6uz/kTHNvxlQUxH5HoLUnrbeP/fRM8zrh6EsCPrcX +o6hBt03rAvw0EbNOB4QYNt5qEZpz7N3164yfnN6rQjAdwcvg3Anoy3tImIMaNl0k +BE4ju5TlUSIc+qqHaqTKxZzM2XoomgztyZX1c4DeSspRBLK7/neaK02ZQKcHRQ7P +dyrVp2/LpZXrD3oa0kPExJKcb88MerBDQLUE7hM4dgHq73C69zoHT+PxGF9DvbC6 +OfP41FBFEEG2/q9BC9/PQWaBLzBVmQCyBNiGskPppHYql0Kb6urc9bNS2hsFVaOW +v2Mw+6Yfh/Csm78QurQAe5J4llMu/Jc0lPYQ -----END CERTIFICATE REQUEST----- diff --git a/certs/test-serial0/ee_serial0.pem b/certs/test-serial0/ee_serial0.pem index 7cd5afec47..9a3924251a 100644 --- a/certs/test-serial0/ee_serial0.pem +++ b/certs/test-serial0/ee_serial0.pem @@ -1,21 +1,21 @@ -----BEGIN CERTIFICATE----- MIIDeDCCAmCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBCMRwwGgYDVQQDDBNUZXN0 IFJvb3QgQ0EgTm9ybWFsMRUwEwYDVQQKDAx3b2xmU1NMIFRlc3QxCzAJBgNVBAYT -AlVTMB4XDTI1MTIxOTIzNDAxOFoXDTI2MTIxOTIzNDAxOFowQjEcMBoGA1UEAwwT +AlVTMB4XDTI2MDEyMDIyMjA1NFoXDTI3MDEyMDIyMjA1NFowQjEcMBoGA1UEAwwT RW5kIEVudGl0eSBTZXJpYWwgMDEVMBMGA1UECgwMd29sZlNTTCBUZXN0MQswCQYD -VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANUOzExpAy8F -aTQVU4yj2FxAY93lRLhNe9R9CW9LBKZD6R3tg+EltRK5i4798RnZfXwanU2LeCFi -21a7q7FL29gaeTxxP1CrB59lubdvlqIK82TAubWHBhoPt0dPR5bTsBPtwoqn8ZPA -JPTBqFkzpkX8ASNIakvPH546RX+6WHbJa175fxyKMRo6V9UKWjA/sqQkhIOA3Drl -6x4d7haa35NquZm/OeIQnEqu2XWTdWcxiMqKquTNyJ2izZ4WRa65QzVMPLQrlh47 -xtPUC5Hu17sgW2FYY1GiOmTO3iKAXZsnyt+9UWJru8NuvWkxIZdwOABLJm8K25XW -8GvZUvoan7cCAwEAAaN5MHcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwHQYDVR0l -BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQx+Na6kBfWYPpaWckA -enIUHRBTpjAfBgNVHSMEGDAWgBSHt8mJk7i7mgilD+S1x772GmpVEzANBgkqhkiG -9w0BAQsFAAOCAQEAToFw7Pq59wHF05exYFlSC8R5TRQy9C4fZH55J5urGZ76pOFw -7jyxke2QacP0/3bE3/cJOFPjGm4pu060+lI9sVu0S4ztiRjaNhbHm2vbpZ7ZLXrL -2ytMG4S17rbkCw/nPbNEi4aleB/QPI8g2oVDmxO9ZR8dGhh9CBsNsfy5iHo+clV3 -NAim9bhd3otyJRJcEfTUBe2n+DIu87B4s+/8d7NWZm/0s3p+tDZ8b9cvJcakN4Ty -uN42s7goJ+fBQhPyPvxn/DT6wQY0rfEtsPGF4DFliKdnOlrHkctA9mC3ysGWbNa4 -m/t6/U2WeTZPSgJad/OHsXHP+/Ke7dEiXHZsCw== +VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALEtqgqXbOUd +AsBBRE3FvtL9gUQOBn+JMBvrXTgHMhV5Bx6AEQF7x4av90MUllAnPKthbJrJlFEH +enlKfmQ/mGygdlwenf4WZtKx0tbRwkGXo6ZQwsFlDuHAIykn99B+tnm+8C3LcTir +TDEBNcyauqhgJigIH5W5X+4LqqK5GAlBPj/YgUpNxCdLIZUm7m+Zms3U2kKCmZED +CQDGItA8Zfc8a4Fut4W6ZqtzGhJ8+8KKI/+QpGhdYzAptMJ4oKYShTE3WgQxMAdw +nSYTqu5V4h1fCq2fdAMZL3Sa8yE7vimZt4eGNWM/WdrEuX/3GBd/A6B9L0m0fSOC +6YzLpPKiBfkCAwEAAaN5MHcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwHQYDVR0l +BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBTyadZTmltoi4cKgwkj +nBnlwHOAEjAfBgNVHSMEGDAWgBSJPs7EkDRfdCKEKo9bs+7f7fbDVjANBgkqhkiG +9w0BAQsFAAOCAQEApkyEGnc9kvcZ6j9WcCqd83dwfKglWItlQxoEOwG0ion0nML2 +YZ1YOaKY96jZCAmWnlHPyZX9jURvPqizq/0M158pAAkoNo0IGLyLn2Pgl0JZsMwc +oVVKrYhIttLHC1nwlmBeNA7XcfWeS7Dhdicwbao6Vfib1wid4KARbj8XC4bfsfil +zEGTMyDYW14cA7bywv3QQk48ZJtVosKrzddyiAEwSlt/sduwO1BfIEjy6lmZv71M +RDVAve4fO3rAu3S5o42bHIEZAzMyABq1oMHIEYvTXIDVT5c2MKCx5vqMNxuYLJUF +w0cYT3ASVYvLUQA6gMW6Fo1F46yReSN5SgdMtg== -----END CERTIFICATE----- diff --git a/certs/test-serial0/ee_serial0_key.pem b/certs/test-serial0/ee_serial0_key.pem index 34d641b0f4..20bd9d2880 100644 --- a/certs/test-serial0/ee_serial0_key.pem +++ b/certs/test-serial0/ee_serial0_key.pem @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDVDsxMaQMvBWk0 -FVOMo9hcQGPd5US4TXvUfQlvSwSmQ+kd7YPhJbUSuYuO/fEZ2X18Gp1Ni3ghYttW -u6uxS9vYGnk8cT9QqwefZbm3b5aiCvNkwLm1hwYaD7dHT0eW07AT7cKKp/GTwCT0 -wahZM6ZF/AEjSGpLzx+eOkV/ulh2yWte+X8cijEaOlfVClowP7KkJISDgNw65ese -He4Wmt+TarmZvzniEJxKrtl1k3VnMYjKiqrkzcidos2eFkWuuUM1TDy0K5YeO8bT -1AuR7te7IFthWGNRojpkzt4igF2bJ8rfvVFia7vDbr1pMSGXcDgASyZvCtuV1vBr -2VL6Gp+3AgMBAAECggEAFfkjutGtwWC2e+ejKUMQolsFsbHeh39+QOjwWykKfrdM -SIjhbAv+g8LdEM9B2V+j4HPCO2gh6JeQdX5/c5aWQtBgJoqrc/9fluHf6Ho6t9WX -SpHR1VXqnC94wIL9qCGG7Fc+FBzD/m/3n8KFQUXhZSBbYa8rP0xKP4BVAJpQW1e0 -WkMxy57kMdZYAgFsGK3vdnaZyBFtIePj1WDplRwR4wCFWq920MWWv5WyG2OyIXiP -BG7o8qhEyU+bPKbIWfaLtIrZHwNk38HoDoluoKx3/W9rEY0jS/Qgwk+Z5Dd4/ufS -C+sf82bh5mlOvCsBt5LTfuIhjXH0QVSWYqiQW5Zk8QKBgQD3G/iQo+yK+7hGiELm -YasBftSJ3kW2J19BWzWsH31P6QzpwldHXDgJo3pITpoBnNvWgfa5y+/D7aN9WrMs -JY3DZO9eyUHw4j2tC0c9HCORObgWYdwQ274UCV6y2o815ty+B/4Vla1ENt2TPWHa -8TCgaBjGH8Px187zJRoKmFdOeQKBgQDcuTEuwLRhky6O4bBh41XZ7CfvfBco1EXx -yk12WJ63bpVmRlmciWQWEwUVOHr3cGRzCCeQ1Y3uz7jYMDit3ZkfkbIjHwwxLaVn -TC+9hptp4oEidO30Qsf7PQKzkE7jg6FVCw/MsPMj6LXI45dM6i0k6zIrmmcUpPaw -6QHnriETrwKBgAJ7I2nAW5WhpV3/7DwH6wGe1l9z/dswVgJ/+e/6ePWeb2TBcMLk -qCNgos+rClzNyF9E+scuxv9+mU+e44Gj9uJpVwXqm2DhxKDCJjr0116T58dBwEXj -DuuAlJTTIPD3mmvGBMUOtaijrGHYEe1y0nwpz2Xd18fL1OYYD0Tf9rBxAoGAT3dR -UL7KcpLV4VU59pQtdY8DdcJcaDO8lue56dDQG8Rxf2f2nVgNs7DXVKOICgvp7kxS -Sl/IgOFCcHsz/MzaczY2R1THQ/FmKoGQcpDC5WVKDsjAXv+oFjkJ/vIGpPzgGcko -wA45C4Wd5RyjfWqWJEOVRYOKdzFJK7pIGExl1jsCgYAzQksueSZmOaekeuSDcOxz -VVAalQcH7Z6mtoPu8NGRtdnQt4fdKWzEEZ1B4jPk2TqgYqsu7DPo/N46Go/96fAY -w4w/OaamuD+Pv3bPkpgArBlcz954/JCzkNwVO1dgbg4KYSxuYWfYGV41c1R5lvYT -wK6SetMgDcNc9rp6OG81xg== +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCxLaoKl2zlHQLA +QURNxb7S/YFEDgZ/iTAb6104BzIVeQcegBEBe8eGr/dDFJZQJzyrYWyayZRRB3p5 +Sn5kP5hsoHZcHp3+FmbSsdLW0cJBl6OmUMLBZQ7hwCMpJ/fQfrZ5vvAty3E4q0wx +ATXMmrqoYCYoCB+VuV/uC6qiuRgJQT4/2IFKTcQnSyGVJu5vmZrN1NpCgpmRAwkA +xiLQPGX3PGuBbreFumarcxoSfPvCiiP/kKRoXWMwKbTCeKCmEoUxN1oEMTAHcJ0m +E6ruVeIdXwqtn3QDGS90mvMhO74pmbeHhjVjP1naxLl/9xgXfwOgfS9JtH0jgumM +y6TyogX5AgMBAAECggEAAnzpE4zRwfCAQkyJdvvBEUYBtCjr5sJ0/gnxkK1Tnk3S +ZC5EzJPxy2aKMlWtDAax4UZFCPsuDGYFUvrMpjswBjF3kJV6sV1TM1arAhhUsfZ9 +IaxmQJBa/MRKMhsgjZcaxglXnYQmcTuKHnFB49YadG3JEIWXZPMjD0PTkRd/Gr9t +V2NCnFcDVB/LhPrK03ZFm0iZdkKyjvNRF6HqL65m+S52vpOYLeGEGWckR0g/hfCF +MkpoSOtrj2CBzdKHHC35F5Rpplz0lxH0nNedsExOk6TEnrxNZJVtU22W6nxe4s7o +H9kTmVl/qwjkWMPNgKDy/SFhW9AM3FJ1WL0AgC3KIQKBgQDmsSTooLWK44PDh16e +kYvT0kYOaVke1eJIkDdx6+CYFP6QsOdB4/Fs7mWpWzGTWzOoHj6hZQZ3ZNLwoSrK +zUfnFu/epu8x9LRJ/3mGJDwvUbFYqUShjaCqGz7cikRTe3DdCXDNyIefLfDouVLS +Nu7GDq63ZivIAIgJ7pWl2RXImQKBgQDEnZ7Y9/ywbTpcGszNUL2ycQbJlRKo0CKs +E74gWdH+HV9Pw1hzUaokkOOVWP05Tys1f6Pxzdjd1Rsx+qdu2kiP/X8HdyOTGJHX +cmHdANLVB8xwvPVqJfYf2AE4sMR0v9T9tfTumMcsVklsmPVv4vOMP1uNozDGPY/N +RJwNRDekYQKBgQCXvcWtTqibZvPw1UYjv1DeT93M9PauFbn2SQZvZNwirQyVWAeF +i83t/RHZyCZf6wmbd+lyd+U8+5DUvu5K36SAGNJG/j8v+OnuEqF43rTH21BwJUcD +jQk1Wx6KKlivIO8oNWGBunma9rkUG3Ki24dLt7Ss5gO+Vrsk7U55/MUbYQKBgQC+ +RUL5+VLicXHuvEjB0IcjbloBLnB2SaWkHR77M7ESV95q1EJ+puMeq9ByMUIs+b54 +8WL4mBps4tSEk2sAzeE25zzNPrCAo2BPvPOT6j4dxoRD/bkJ1l7PBjx4XihgS1yV +gkbbt6HX+FDp9URf2KOUb6Pr96c10VGede0GsaOfQQKBgFY34rstr7y6TV+7z3GI +OZOiZPwK0CV79Nz5YnzbyfLF4/OUVq4nmtQyJWyxGSKv8WRVwXsfxJS1aHg2X/ji +DxbgXYcspSAqzVB8B0VuOhQniU/vcV7jz8eV0i/UArIEil5IJhgbCV54rrmP1S0a +MXoHymWsugQICuHqmyCDyzhn -----END PRIVATE KEY----- diff --git a/certs/test-serial0/root.pem b/certs/test-serial0/root.pem index 581a6422e2..b0301039c0 100644 --- a/certs/test-serial0/root.pem +++ b/certs/test-serial0/root.pem @@ -1,21 +1,21 @@ -----BEGIN CERTIFICATE----- MIIDYjCCAkqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBCMRwwGgYDVQQDDBNUZXN0 IFJvb3QgQ0EgTm9ybWFsMRUwEwYDVQQKDAx3b2xmU1NMIFRlc3QxCzAJBgNVBAYT -AlVTMB4XDTI1MTIxOTIzNDAxN1oXDTM1MTIxNzIzNDAxN1owQjEcMBoGA1UEAwwT +AlVTMB4XDTI2MDEyMDIyMjA1NFoXDTM2MDExODIyMjA1NFowQjEcMBoGA1UEAwwT VGVzdCBSb290IENBIE5vcm1hbDEVMBMGA1UECgwMd29sZlNTTCBUZXN0MQswCQYD -VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMKVS5W8y81i -YOYfBB60Zf/RxDy3Y7Sck1TyD6YbR4LOhvR+Wirbg09C0Yg+yrERzF2GlkugwT+j -SSlSljgzoieWIVxTdAfHCje7JwZA17/6YAthUFpqpzSzGLcAFpWvtFSCwTd+1CTw -suME5AL7qXF3jrhDJ9+VgfQJIlvbMnY1kLBG62ceG659q5WfHxWOOXXU/6dUOC6+ -DAW6njh9AKvQJM/J3yV2U8XJD31DnQyk3GnA1vSp3fiFF1F20kcHALwP6i7mm7Nl -sjs3mBmNH+gPRdfsKuuDH99bKi1utophWtkhgmHHTsR9woTZOSUlJwAVE4Eh0hLG -vVjvdEkR9rsCAwEAAaNjMGEwHQYDVR0OBBYEFIe3yYmTuLuaCKUP5LXHvvYaalUT -MB8GA1UdIwQYMBaAFIe3yYmTuLuaCKUP5LXHvvYaalUTMA8GA1UdEwEB/wQFMAMB -Af8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBEIi3qHMBYUhwf -qsADCG8cseg+ay81gypC5UGsvoSCY6vFXKFHJrN40IDOw0j4aOHrLnVIps8JqJ1g -w6IbM+sOU90fN45O32a/hvBIvC2YjkOen1ubzSRmJShGJPCTMN/ukHUr52G2Uvdl -N9STaYzE2kQE/tcK6FiD/uHosN+WqfPE7YfqbV4PtVR8UCzGTHYUtAe8T0xGdvz1 -NR1cZy9lhaRAcOx1G28rGo6pIGqMg/OKdY49RwshC7WnBAwJT4kvp7fAO57DRx+z -UTk+Mzgw/51jQo6/6glSs7Ry8yjwaEI51JkF/afz63ugMBh+HDa9YT7/k1mHdgNf -BM6gjMgs +VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKsKPjfQf+g/ +/3mo5V0NFhHpIuSN3FKHzA/U22iZ/2w2YE5i/B5Yu161M9hrhObGuhqfo1KiP6+O ++vyR/aVZ5Opigjs1/oajQF98HvoTUBFZaG+jCiicGpIV5+RSok4UB25F4y+wygRP +RCKB9tqojUnKWbzwAS91iOT4or6iogScUEI2m/AiYl+OwXq0xAp9remgZgk43Wb0 +2X6N1aOFSpuqGSp0aG8XjUqj2mGZGfxQXuEUGk6Vtcohng9Ocof7KQwr3oyLWcOl +XDXFsAVcHfinQ9ik01zXtqZy5jikdynWF+tPXu98SIb169x0HV42wt0dJkATxTf9 +81m/Aw1nbH8CAwEAAaNjMGEwHQYDVR0OBBYEFIk+zsSQNF90IoQqj1uz7t/t9sNW +MB8GA1UdIwQYMBaAFIk+zsSQNF90IoQqj1uz7t/t9sNWMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAqCSPxGXj7Bgs/ +qxjRk1ouwOd3m6F+bop8bgsc2smlGw9ZBNff13ElkWX8TtkvynSa1bVYcWIiinYj +QWpQFeyd271MQYTNq8OzvKw4o2i/0vaom1csDCJeY72/Vk7RGAUPfVfuZhXgA4xq +6VLRgCGdI8LW7x2/lCx1WzDTo87PvnUbxJ2DaMfAINzxSz2rvew0qGYM4zXndMLt +8YQUhqJ5CgZznX3Oq0YCI5fWrHWky+IZSoxa4WBf/0wQ2HLXv1go60TQBkiyQFC5 +FEoXl6Ffh7RrfHbzMLs+hjqEzVqR3btc6yN7gsCALfvaCe+aqmCdv0511W0yJuXX +aLSFNxev -----END CERTIFICATE----- diff --git a/certs/test-serial0/root_key.pem b/certs/test-serial0/root_key.pem index e44af57221..beef996168 100644 --- a/certs/test-serial0/root_key.pem +++ b/certs/test-serial0/root_key.pem @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDClUuVvMvNYmDm -HwQetGX/0cQ8t2O0nJNU8g+mG0eCzob0floq24NPQtGIPsqxEcxdhpZLoME/o0kp -UpY4M6InliFcU3QHxwo3uycGQNe/+mALYVBaaqc0sxi3ABaVr7RUgsE3ftQk8LLj -BOQC+6lxd464QyfflYH0CSJb2zJ2NZCwRutnHhuufauVnx8Vjjl11P+nVDguvgwF -up44fQCr0CTPyd8ldlPFyQ99Q50MpNxpwNb0qd34hRdRdtJHBwC8D+ou5puzZbI7 -N5gZjR/oD0XX7Crrgx/fWyotbraKYVrZIYJhx07EfcKE2TklJScAFROBIdISxr1Y -73RJEfa7AgMBAAECggEAOUA5AYEPi8n2za5xhWE5o5fB/8VLikAJX1RrQ0nCdBu0 -/GnSuMpma6MyyD4FYCzm7tujC/Rr93/hDk300etrOe+DuEj7mjA3cudXV5EriZou -uRp0TG4V7T0GuA1IF9mfGsBv/haMb6P8VixBtBj8pVxyeweTS0cPedBYMiOfyMR9 -geRGv/In9pyud/JnesUGKLh9HwxRaR2iSUuLMuvPSnDzQIrELZMDn5UkMJOtYWFB -ER/8sMK9Ns47dmRM2tK1F6Di0OP0rNcg7J/ThCoJ1HWAKC46txsk8VsxQYLGM1IY -Um3G4aK+tpiistd2gzPOe4QYN+Tc+eaoi6JR2UrMOQKBgQDkwSNtzjSZulAF0hQv -NlQqkRIdnM/VM+Kcykb6uNjlWuSyFKKFL59Nei3Qj0K31IhU1icBCGvPhgx0fUMG -QrbtXFpnO7ZFJtNhMyA5Yvdzw/KxW4+izy/ZxCBTLJKzCo+riCz4lN2Yfz3MVn8g -MtIczyThPGkNyO1Pa+TPQTJmcwKBgQDZwkEfFJoXEBiu5W6gVNkW0PiTCkCeTk3/ -M4PGrLGqZd+GA9WiCGJlfCrl9K01eTyKGBIsojOU73LB+uYzTgI2HQrdkfnq7yny -uFty63u5WCgs4cK2yR426xTjWq+266AQFIN8kK0/RUdF4QCNAyeLU0hyhpxiPwi0 -+78yHBdUmQKBgQCoqaL2tkBgTFfuQrvxJ4ydKgOCY/l1SGFAm4AEIsCBMyhGCSLf -MoKxfHFFQiu+IO04KAHwKAZdp4eNaEI/3nbDwgFB9mvoxry6ARk0Vrz+1S4fCNR6 -BWtRk+MFkGrFqfbOUYRe8FwGsWKeQ/RNiEsVRMH7dDA9IrWehn3ZNkfz8wKBgQDC -3LgVrgPt23ObHqiORR828a1fN293ui7Fzj1/zg32o88QR+Ima0ZR9nkU6o0NKv5n -vP6WfleWUWfp+jGBe68y6W5NtFFmULrC/wKmpd9DjoX1E9mAZBzrnBZHFWHkWJoV -iaXYFEdUNRSAjcZGaao7XT2ZbqgGqs2J1zXTC5w9EQKBgHA0sgxTh+M+jV8kBDZo -c1J3pF/bWMUp8DePNbwsaz6Qu9vGe7e25xJZO8PtSzHVzgahz980Y4HJzOu7pRCM -BvERqMndDggUVLCw5irtdEqlPNUt+Bdf//xX9JiEEXuojDm0bJlxYeXWV4CVc1nI -6BUG5sJfCeICcyKJAS6kn3KC +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCrCj430H/oP/95 +qOVdDRYR6SLkjdxSh8wP1Ntomf9sNmBOYvweWLtetTPYa4Tmxroan6NSoj+vjvr8 +kf2lWeTqYoI7Nf6Go0BffB76E1ARWWhvowoonBqSFefkUqJOFAduReMvsMoET0Qi +gfbaqI1Jylm88AEvdYjk+KK+oqIEnFBCNpvwImJfjsF6tMQKfa3poGYJON1m9Nl+ +jdWjhUqbqhkqdGhvF41Ko9phmRn8UF7hFBpOlbXKIZ4PTnKH+ykMK96Mi1nDpVw1 +xbAFXB34p0PYpNNc17amcuY4pHcp1hfrT17vfEiG9evcdB1eNsLdHSZAE8U3/fNZ +vwMNZ2x/AgMBAAECggEAN/1m56N/s3n7ugoxZxgJEPzl+LZ9mKCuisItvtymkfhs +50wc5xw53eNoYOC1hUwpkNyQPNUzDte5zqNFynKWbqmnoxVmSBG52WgKxec7jypa +9yyCf0+2nPrByerJCdEhq5YCLFLtlqKSFc/AjMyfT7gHT0Orx6rskLPZppkbe3Fc +QHOaCS8ptRWidbLapoVf37gAcdhzG7IyDY8lPlkew0A0oKo2Gw8cfBWeFxI3sILN +TBNkfF2B+VA6O74Kxo+br+/Z/mUesNSPyvNBho9GDXV+eKrnCHwroTN8eMQnR0zz +gG7kgmtiBuM4jGio5O4YAea5frpS/RpFsPoKtXZI1QKBgQDpN1QV9KYm73p9Fsx+ +o3lR2QR55e50GZhBNKxhNEFAfK/Heu9W2HCENENvk5YPbKhaEo88oggTaQ2S9Etx +h4ldGZVcZh1i0Itxudri1smeHDk200Dls6xYXOa58QVA3jvHLWX7TUuXVJEpb3hP +n9kJJaKbfz0JHfZyQXFRQmOxLQKBgQC7v+gt/hif4pH16pItiEkLxiZk+6UvQOBa +jSGpWcO4ERajFKh1RxgRetNaCXONaEpId5GJrRQQo+lSzdPDBYkFWAETMK82S58g +SfEuCuPBIW/GpshjWWiCshz4Iu7ebcaKaI1AOaqP9fgO/COEsi1KgNLhs7uY11b/ +OjtJNUUn2wKBgQCt3s4VwFvPU2NitwimsYHVf5JSvxXUAPD+TCLoJWkwhsUWV5Tw +jlT0e3J7UPDjdwLchFG9xp92uS+hi/hjH8VNX7F3PbpS3V/Y3dNOowuVkT0mnsEX +f6jSCBEMN6DPB+BRUothm/LrU+UVm0F7O5U3uJNOksISdgAylo/BIVnp0QKBgGHa +Qnt+HH1wS9yctjUu+8s8KhSlp1E6gfQP7IRkOYK8vUyf3rDJLf0mQ/OAS45e1aBx +WRQldfi6RUgX6I+TWffEB0NmM1ucDEJ650209UFaWPRzRqupFLRRepHFOzQIiNro +ZP4dUA0aCIBe33AwoTRccgyabWLakQgS5IViUznTAoGBAKp+mVnVe3Bjcake7BxY +PZ84h+mPH/yluBrw8cZ9btwvLPOh4dY1OmzYp5AOyD5Ny5OgwbhEFd94ICc1l4aM +jISMlENBFUQNGdCTIw6at7dDoDfNLBdj5ILk84sp7SsNzsJj2wjMUf1IWNGdk31U +/vS6RGDW8wnle1OiFKlJgFEf -----END PRIVATE KEY----- diff --git a/certs/test-serial0/root_serial0.pem b/certs/test-serial0/root_serial0.pem index 89bdc498fc..8d628e0194 100644 --- a/certs/test-serial0/root_serial0.pem +++ b/certs/test-serial0/root_serial0.pem @@ -1,21 +1,21 @@ -----BEGIN CERTIFICATE----- MIIDZjCCAk6gAwIBAgIBADANBgkqhkiG9w0BAQsFADBEMR4wHAYDVQQDDBVUZXN0 IFJvb3QgQ0EgU2VyaWFsIDAxFTATBgNVBAoMDHdvbGZTU0wgVGVzdDELMAkGA1UE -BhMCVVMwHhcNMjUxMjE5MjM0MDE3WhcNMzUxMjE3MjM0MDE3WjBEMR4wHAYDVQQD +BhMCVVMwHhcNMjYwMTIwMjIyMDU0WhcNMzYwMTE4MjIyMDU0WjBEMR4wHAYDVQQD DBVUZXN0IFJvb3QgQ0EgU2VyaWFsIDAxFTATBgNVBAoMDHdvbGZTU0wgVGVzdDEL -MAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrIH40 -erYfetOLROpuIy/CWwiPVyiG+FC6QiMmKOjEy0SXH5ZlxTSX/TWnhqv2KszUv1wg -v0RtWSE+zL69VhcbIGJBXDs3CoLYIaLwUl0UnP0QKcnpiAPkTeyPh9oQq1sRCACK -J/COuAMY04Xs8wNatTYugUZfCqi5VKigVxLngNVEruHg306sWTRVjv5BjjwvfbL4 -5XnUPs3sAQ+rD2uGLQ1TDZ07Td8nKwrUEyrdLoIxXUmMGYZnFMFN2GI1PmuJmYt+ -M+Lsi23YrobIV4OfFVoZ1Ln6kYgu/ocH/trQ32hD4P0L8tL9fZgMb5/G9LgYWTY4 -DjYdsOtBx0PAe+0DAgMBAAGjYzBhMB0GA1UdDgQWBBTKbzmfzfMDi8bSxDKvXPrV -lJO7QTAfBgNVHSMEGDAWgBTKbzmfzfMDi8bSxDKvXPrVlJO7QTAPBgNVHRMBAf8E -BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAdNqm7c3j -08UY1493GDDEvGmn+Qncl1thCTeFkzeI9TCmQNmjdaDR4UYxEWq81X/clpm2VzXy -Gq0ya1NqnfcNSKS4q9VSZFx6MC2YpnK2e87flTz2386ghEHrxkp5E7ZYL6uuvk2D -omBYoML5tESpBt3C6/564lHzebywUIUR5W2t9zQUK7Y7swGrzMnMsb+/j954S0x2 -7nB6xTsBdw2UL/h4VyIp5igC8+Zp8BoxdmGSFPQvJoTSvMS5rjmWgIhbhVIH+zvm -ICiUA76VAZaCjq2BGKSvoGtzvADebTwEGgsF+bzB+96L/8BH2NCAsLQ8h9X507iq -dqms0IqlEiXKfA== +MAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5Nc+B +5JeYF9oGKWArnr6uxFavqB5ByRZn4Bs6RXAldeekhlNMMLwUjLMoXV8bMshqMYwg +Wv2YufEhBs0jbUVYtl6pVd9QpFSSBuRDa9hHDgNkHLteuqVGeAfTPOUSvjrhqOqa +st605Bi+IhM3uGxxI4SxqpS8AiywMWXsWD2a4yp68gpKNq7h7eByCcDgImPeyC6i +fmdoiTNSFOChGNaFI7eWuY+n7xjOQUsUbwqP/Ogv2a0lmHK4jzjEHi4yvh2neat1 +9Q9+FnL36Qq0SRiFIBflrWX5liYOdlmhuByuSc5kxSEAVIT3lSbjgolU+kFbH8n+ +k5BsYE8qGX2Gmq3FAgMBAAGjYzBhMB0GA1UdDgQWBBRt0+yEMO1FSR8j934e0GuP +tvjJETAfBgNVHSMEGDAWgBRt0+yEMO1FSR8j934e0GuPtvjJETAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEALgjZlkoY +ZkzpusX9iKJCqiBPTAeDtUFyw2ZqSV8jwWH2Miz7OHg52SFHii5Hkgb9iv3nJ3UD +J7qAb7sHCKhs5fiebz+9e/xQsS1U+wvmuxD3CBlSoGFwP8VmrY3G2BHU/laTZeuq +p4Nv0tNrG8mE/MYjkSFyw/8ZHXaWQV6fO0RMWMUDM1fDJhOewxmt+KaDfx9EHKR0 +hLkT9HjoJv+3DupORmleUU05TRhprWiL5azFxN/iUQ2Me+FQdJZTxv7Uy1MO8C4c ++X6fhA+SB8k0kNbIeaezw9+V5xKrV128yBymG1GUVhN2E95TqBfWGdtvjEtZHner +Uc3vhbTbplj7tg== -----END CERTIFICATE----- diff --git a/certs/test-serial0/root_serial0_key.pem b/certs/test-serial0/root_serial0_key.pem index 634be8014a..7ada7dc156 100644 --- a/certs/test-serial0/root_serial0_key.pem +++ b/certs/test-serial0/root_serial0_key.pem @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCrIH40erYfetOL -ROpuIy/CWwiPVyiG+FC6QiMmKOjEy0SXH5ZlxTSX/TWnhqv2KszUv1wgv0RtWSE+ -zL69VhcbIGJBXDs3CoLYIaLwUl0UnP0QKcnpiAPkTeyPh9oQq1sRCACKJ/COuAMY -04Xs8wNatTYugUZfCqi5VKigVxLngNVEruHg306sWTRVjv5BjjwvfbL45XnUPs3s -AQ+rD2uGLQ1TDZ07Td8nKwrUEyrdLoIxXUmMGYZnFMFN2GI1PmuJmYt+M+Lsi23Y -robIV4OfFVoZ1Ln6kYgu/ocH/trQ32hD4P0L8tL9fZgMb5/G9LgYWTY4DjYdsOtB -x0PAe+0DAgMBAAECggEAG/4qNup13UtpzGffE1olJ11d1pjS09VN21ITTtw1S2/W -zgPIReiO9GfivX89pPyWWhzddKvlBSAl3JCAiRdKm1DeUcPFGflZswI5ladbe5I8 -oUa8tTtfK5sFnesCpGRrdqtA71ieNLJsK0T6rOqJu25WKSBTgxuKwxpSpTvpJz46 -e6GOFng3zGMQPONnaCgVTIhBSn86dhT2kxg+ah+wYUJcY5tdhhub84nyUQptx8qn -kV6eKOM6j4ds5tkgRnXalFD49j66tDQyERpRJSLnbUE6JxbFckxbpl86lLj6p1BR -ezBOhtpYtZdOQg7HiGCwHW+098br3vL2bfri/q5ybQKBgQDqOuE1kDlB/TW1zc3o -4APxwbsh6Xx/pFLGFjuOOiQIaGDxoGvJtNfFAXfnCljSSoJXw6kQVXxZ5RE62H9b -ugnUCFRiVYFbkxHplWQwUq5QJ3SmIgYFJEndcGFv33v9+glG3NKFo8iGE4muJPFw -+JSjpjB3DMDFroKuQtSb3rFJBwKBgQC7CC2/Ohxs+cPs8z6NHH4vVbAvBFdqOOoX -tqkvMP3bnQ6oIkAuEJ/2IisErF/Jja7qTLK35+LOw0bX2FbotqNtb+ukUvu+kol/ -XEVmlFIuxWxlrvoSGMDPD04ob6us9z3YDnsKkoS+FIqe5u5Le04lhEzFcBoYQyy5 -jXoZzzPpJQKBgAOtev3BTvTXSfGZ0qLWaZlxJkQJC3hhlx8fGD5KcWhkYylIEIkx -OrYQKNbK1cwveU5xdwUXooUy0Itw/Mbu69qVauXEW+yZKY3WV6VelvgRNoapQBjy -kepVKmJ8StEZDO48511Lzgk041OFpvjUHllXcalc3OX9sHWV/QqZe4UfAoGAfAWm -YEHmi5TsCPobpnMYccb+d48HcFahVGw5sCNqkvCIwZFEwccga5Sotgaf1gVv0cpe -UHkh+z2ego7gwpwpru4icerdKLf/GUdUdfswq/caNCtdhBaJ9EQP7dxvGNkyV0zy -5kXWZD021rwHlGIFpfce+WWmyCPzSm+4Ydj2cUkCgYAyaxA7DKXNnp5kWl8t9MK9 -ReioSMoXs2cqrmR51UDZNCv5TeqrJ6hVeYHKVsfDicsPLDUGaVSkYAWzSVh3x6Aw -WW4WpXvQVZy/gETVQoqUHQG+HjV1wWcqZ923nnlk0h4gn4yG7QUy5eE1AjTBzUxj -g9kd4izacQwN71PCjY1nzA== +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC5Nc+B5JeYF9oG +KWArnr6uxFavqB5ByRZn4Bs6RXAldeekhlNMMLwUjLMoXV8bMshqMYwgWv2YufEh +Bs0jbUVYtl6pVd9QpFSSBuRDa9hHDgNkHLteuqVGeAfTPOUSvjrhqOqast605Bi+ +IhM3uGxxI4SxqpS8AiywMWXsWD2a4yp68gpKNq7h7eByCcDgImPeyC6ifmdoiTNS +FOChGNaFI7eWuY+n7xjOQUsUbwqP/Ogv2a0lmHK4jzjEHi4yvh2neat19Q9+FnL3 +6Qq0SRiFIBflrWX5liYOdlmhuByuSc5kxSEAVIT3lSbjgolU+kFbH8n+k5BsYE8q +GX2Gmq3FAgMBAAECggEASOaJWxNjKBabVrmKhSDi5V+az2FZJ4PDMffgP7t9PQF/ +wB6vQtob7erDyiuWd9oxULtX8JRgJXFrHBjVPhCQry55bCXE1LUaJLBZwL/+TVmS +tCErD0pgK7CrQ9ZARHRkMNaQIXwudP0jUBORhOkupgnY/SWrjaU9ecy31aOV/BSo ++AHOZZQnDZX5QmQpxS0i1pP2wxw6n36y/d6g39xpim3toYBq0tQ/MAlndvrCRzDE +6uNhCQAIvCmk/m4vDvsCvVbXQcNytOb2bcIAfcLwDQ0X7XQfS7VnPKmisXaiHeDg +8ZQ0GRO2vBxb7csZra/OBDm7k6zSPvMrYqNoChlAsQKBgQD+ItfvDwDqL0BmGlLi +jCRmXBIuIxoYJ1PjuMWnj7+JdrohJtwRhm4NG5zLfa/2TmPUQ++kx1wbv/wbIlYD +x/tFlQ+MVNDUtjSXD6MXVtPE4N8jV8D/3xWYH6HRiIV0mh6LIKriEnSRQx2/Jj38 +K2qFZOoasc2Bj27THBh4haq4EwKBgQC6kY3qaUWZzxcAZIWky5FNYcZsPfFpdPV0 +eItLqRgbK3mp+R0pd3SPpQ+GIoiu2mXKFxm/haSu+amcqJ4nCAQ01pOtbxPo7It8 +q1Xi2pYEr6zCl2kJfoeC/vpUJSxFCDDU90d7knTkvcOpN2wYDRWr9sSXtNpS3V2s +RHqfKxTtxwKBgQCa3Z7a5ji3fP3weoAh4CbaXacSiH+BUo3zioigWJ/u4/P++dBH +ubTctgPxmXEeVpzNIG0r6/T8UB0QZ/ckrLw5peFosdLknPglSfkn4th/9EzmG7bX +9hkRr80Lg/dXnAea3thjlb2FO/InpuVFAywRh/KFO+6w0jhF26wp3cKwEwKBgFgg +myWoNm1SCi5wTUSrt+YSknTcyaUjzzIGIt5JcI6c+apVdvX4bEHSGUQmGeRmW4Cb +atkyGrlgS0MpzxLm0X3YAggBmSkEW1s3X6l50TVDelqsxLvsXbx+DucibAfrt41R +hR2U78yA6uSKvm+Z9qu1M+XpUtujnzTZYAbBhfBPAoGATd4yRw18IazAtpeyx+CH +RQHC4U92WP/TcgZhT4w2QMriWjvV6XYfzsyj7Dc6S51oUK9U1h8MVF+x898TrXVL +RNGOOmlVyoDe2+VRkaDpG89cQMes9Ud8ve95jveZXPRjigYa60QAmAHSK9b2MvEL +ejljSLrOS4e7NeZGP4cWsGk= -----END PRIVATE KEY----- diff --git a/certs/test-serial0/selfsigned_nonca_serial0.pem b/certs/test-serial0/selfsigned_nonca_serial0.pem index 02e4253428..37a1105409 100644 --- a/certs/test-serial0/selfsigned_nonca_serial0.pem +++ b/certs/test-serial0/selfsigned_nonca_serial0.pem @@ -1,21 +1,21 @@ -----BEGIN CERTIFICATE----- MIIDaTCCAlGgAwIBAgIBADANBgkqhkiG9w0BAQsFADBKMSQwIgYDVQQDDBtTZWxm LVNpZ25lZCBOb24tQ0EgU2VyaWFsIDAxFTATBgNVBAoMDHdvbGZTU0wgVGVzdDEL -MAkGA1UEBhMCVVMwHhcNMjUxMjE5MjM0MDE4WhcNMjYxMjE5MjM0MDE4WjBKMSQw +MAkGA1UEBhMCVVMwHhcNMjYwMTIwMjIyMDU0WhcNMjcwMTIwMjIyMDU0WjBKMSQw IgYDVQQDDBtTZWxmLVNpZ25lZCBOb24tQ0EgU2VyaWFsIDAxFTATBgNVBAoMDHdv bGZTU0wgVGVzdDELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQCfd5OZn5tx6hQWpwRuxHW+JEvMoIYpRDrfDYhvojPVnKlvLjwR/Wqh -Xf14BSkK7i1rfMkGa27r8+1nASBxwg0qSdL9yhKVEZKw64Ho8KIuEX5Nspu/Cpqt -kY3Iq4DOaVb5zlwqlmdDWPLwuw31FKvqoKeemAMHPW/tumMXNqjhfw8TVaerkvd0 -BsHf137z3p2w0nzdv00je6bXFuqNFgUTbIDGosxHTG8MFwnlOmU+qqykwDGT/IMe -Ba8YPfslaTgi0mVIWuNO7Ye1+uA3GpnCLsJxBV+NChiZUPnOsYlW0tZo7LbE2q6D -1AI5jwu25ccQlskTo/XJosx3vzlt5KPrAgMBAAGjWjBYMB0GA1UdDgQWBBQk/2Bc -jpaxm/OmYDhmC3b1E5xA9zAfBgNVHSMEGDAWgBQk/2Bcjpaxm/OmYDhmC3b1E5xA -9zAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQsFAAOCAQEAAnT+ -BA1g63JcAXtpe/vD3x91n8iErppTTR0gQruCzuNBSZikmBngXQAiMJwGhJdUNbHu -v6dL0CduCvVXAT93cvwqf9KjcZDBsQhpiRGsGlSO+uV0wG/gqX2UsN+LKZdUbv6J -HtOMbpMIqQqnbBfJzIEmaoiIYrRQXmv2OcTN0AExBVNERSPDP4sNOozgqNpdoj/g -fB199fO/UCFQ7SeRsb60PrGAj9VBk722odRi6aNmWWyXpybwVeuqf7/R7mpkM17w -tcsY8eplQ4BmGygcGaWz6ppr98Kp4P/juy5ui2B657UOZrdRKmW8QkkJeCHR98kz -q02SitVOp/z7qpxV1Q== +ggEKAoIBAQCv5HESEppap1/bx7gRlY4hYsVAOxoZIY1PuOnZ1zj75e3+mEA++7qH +Bs3Q0R+T6UYAnFGF6LjdXDTZLfW4iUmFO7Cqev/y8lqN6t63uV1Vp7iwVK1AwVTQ +UK8MyBLb/1RMFmPRfd4T7k/5bK0oi+VZKEzP/+8L3LqX+Pod5BdO8BBqnOGC8L6c +GUUH63EaP05sxeKoMLWocYEiB/2NrD6WpUcrExEP29xhG4JsiaiUsLM99roObjnl +02yIW3+tjSIMKUmhS5QW6rw5PsqVugSOoTID5NEeblTycoM9+Zg1ihpqx/afHJif +bSiDeB/CGPG9cvakvKp/ySgJav1k6H5DAgMBAAGjWjBYMB0GA1UdDgQWBBQZ4KVT +Vu3NgAtBD6v4uExNfuea4TAfBgNVHSMEGDAWgBQZ4KVTVu3NgAtBD6v4uExNfuea +4TAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQsFAAOCAQEATXA4 +9doVSY1rMti8dHdLhzcfCS6fXTF9mVrHtSE9jhpwBzassylkF4ueUtMDYJ2Qp4/A +xDf6fsclIDdmNP42o2UjJh/XCQ6VGNkIuGvRmz2sM4kX/ckRGPcdEfC3vHyEMLSr +70BVC4UrE4QrMbjwNewVLkaApRvZxjM57jaq6r8VmUXO176NH3CF6ICnWGfWUeJk +DCZ42tF4oNPgCePRRWtMVi1uQZi9ntxhbYg55sRaPdFe/E2aMNUS8I/XSXtEbHfK +yPY4knqZQe66LaK4+/TX/LseVJX3TIt2wJCHkR2A4ddOSR9iKQGIZJaJmmlFS5NO +Ax8Qipttc1Rrqj2pVA== -----END CERTIFICATE----- diff --git a/certs/test-serial0/selfsigned_nonca_serial0_key.pem b/certs/test-serial0/selfsigned_nonca_serial0_key.pem index 29daa7fc52..ccbda2b073 100644 --- a/certs/test-serial0/selfsigned_nonca_serial0_key.pem +++ b/certs/test-serial0/selfsigned_nonca_serial0_key.pem @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCfd5OZn5tx6hQW -pwRuxHW+JEvMoIYpRDrfDYhvojPVnKlvLjwR/WqhXf14BSkK7i1rfMkGa27r8+1n -ASBxwg0qSdL9yhKVEZKw64Ho8KIuEX5Nspu/CpqtkY3Iq4DOaVb5zlwqlmdDWPLw -uw31FKvqoKeemAMHPW/tumMXNqjhfw8TVaerkvd0BsHf137z3p2w0nzdv00je6bX -FuqNFgUTbIDGosxHTG8MFwnlOmU+qqykwDGT/IMeBa8YPfslaTgi0mVIWuNO7Ye1 -+uA3GpnCLsJxBV+NChiZUPnOsYlW0tZo7LbE2q6D1AI5jwu25ccQlskTo/XJosx3 -vzlt5KPrAgMBAAECggEABn1MQWUwYzteY+maEZPnIrzBZOtnakh/iNI5KinUqC2+ -62pbQXQpobV8eiTjnbFBoe0rFRrMIcgEcjumgVqfRIhKkM9nYC+d45tB5yPbxboq -hKjvE6Av2T5iIbdw/3Vj97iBIa6LNz9oa4mBMOcNc/fjul1/Sg0i/+6k163+w2Zi -yglYlbt7bwnuc7G1QEb560fdXLTWb0qCAdN+mBBn3DN9g1r9csRDwFfdkLjPJ6iO -aSzBFQ3wgLx2H4pCHv2iljdgTtR95l7GuAUFVOKpkuSNR/2jSkXWVfN7XOHBhQ2X -et8sDwoP2/m61Hl557xW1bHgUbICUEmtnr8F3lrkKQKBgQDcTqNdrfZ+6Ud5Dnkj -gDYskwHk3+5vaPZAQO9LU7EiMxqMOrzb7rkduNqbY1ydI0pHBqiqiELdZ1wIjtxF -s8R1rJ39DNMtLGdKDlEK9QHMXIIw7JqlFv8NcpBGkpLH9nDtqZlHqvuvW9wRC+f0 -Njcfe47pIMM5Sc3TO9gaqRtAjwKBgQC5TY/2L4S+8nmlYt78hWTY82isST5HZic1 -N3ZjRikXzaoyFu+/m4GzwB+MTZzn1YZmy5MKFnlIKAcoBjm23B4hBjC1lD4EwyS1 -Xx8Yvyt51ZWDvSdRXOHOaUo4hvq4qPBN382iJXla6sSC3lZUVrZHZh7QiSng2a1v -c1J4xOfc5QKBgFp3cF5nsXEsGk17xALwA08KjxyNWDwnvfdkst8b3wFMOvqapDMs -NJgf8KUeiEl+1GGWOmzMx6hjaUeaYpm82E/6MmZXfeBu+3tNpbn6ImLpGg09G8Pv -TY0YHmbcianTaUwu+OKVNAUuk4/sc7O1D62971GMQp6j0AGN8ZABIU/BAoGAF25e -WNPzZi3FAgu5hJbdhK1qu/ZbAK5DIPCNcMorYg4oikLqOAFS6kbN9nDN+Wa/ovn0 -8t6aoWwmU4JOA/hbevOMbzl6iiGe36xSg0+REMvYJxthAGHNT8tyjilLRNRf5oj5 -OJqieMOc66tvoSSB0g9wsA/YEs2Tp7ceY5UKeJ0CgYAWCiWd3xrz8x1VPLJM1J27 -1JgqjxgYp9or0q1v21dxJOn6FEwmXc9z15lQ0TSBUhKrluBqK3t7254BSWhqu/Ul -uqeb7OUhJ+mHxDIJlj/AIzfF0nuyUoTZrDowVKTxg1KMHS9KsOI7o+pCfv8aGjvw -WAE0EsFxzAniEe2/l9Aq0g== +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCv5HESEppap1/b +x7gRlY4hYsVAOxoZIY1PuOnZ1zj75e3+mEA++7qHBs3Q0R+T6UYAnFGF6LjdXDTZ +LfW4iUmFO7Cqev/y8lqN6t63uV1Vp7iwVK1AwVTQUK8MyBLb/1RMFmPRfd4T7k/5 +bK0oi+VZKEzP/+8L3LqX+Pod5BdO8BBqnOGC8L6cGUUH63EaP05sxeKoMLWocYEi +B/2NrD6WpUcrExEP29xhG4JsiaiUsLM99roObjnl02yIW3+tjSIMKUmhS5QW6rw5 +PsqVugSOoTID5NEeblTycoM9+Zg1ihpqx/afHJifbSiDeB/CGPG9cvakvKp/ySgJ +av1k6H5DAgMBAAECggEABinanngBaajQzppGhHM5qkjUQaZwiS3oTkFcDHKiwAz0 +FIZQRgS7Kg0efDE/yoaTmeTgZHFdvQAEqBGYuTEyXtVTIP4zZteAPdXbnROFRkGc +0qz87zZ3Gt+g6rE+G/BsC0iDke03sXoZ2lMpFDEmxcOIQYel4EQJU9b5KL/74xuu +b7JZoNpd/0LboSTHkZKslW4MbpG/V+LCaJZ6VJ22D8KBZ+rRoRJ9SAbkrcSYnbrM +lBD9+FwFhrnokXR7Z7k/T2ZAybW8K0jaNcP/c0z0JcaSZwnizGuCJxPAbbBblKSG +OSS4Lh2hLmCWAzJZcnGYhDSnGtuf4Ob6SntxNDaVXQKBgQDx6ZVynosKQmefhPlf +Je72OqBIs4CyzHg2JRNq4pe9b/dHoSwHKYSgnqjPN1ByGG9RnrRle3VRxAJvEn7+ +uwsMLkHqEKBIKK6+Kd+PQ8fhNMc2zawohq66ItYipn+gSRaFsa6+KlRuiDfwV57O +qQGiy9+lg1m07ZYymHSyU4H4dwKBgQC6IqJmyaTfB9Ubgax8mHzqqT35TwRoHlhY +8Huh/EjEGC47BMcKW5khgXBylzv09UUU1N7HsAMejzxAP5+njNOuPEJtOYy14mps +BBcHOn3D2RMXg41XWZFHeYIDWbAdYPxf3ZzV0fCKZ0WskwiQ1BV5NuS2yyLHlchB +saWQuM1nlQKBgAIfWYdS6sdhQ8V7hjCWhZ01cHiS0ps+/gMDmkMCz/ACjnnbaSZ6 +78X0/mgrBRKrMjbWHKETTzkzbg4JbIHRpEwsD7n9AVsAuF/EwEhigNtx+hl5/nuw +itHpQlW1fkMqwP7VS0Ix3uHFYjBCpIsNoo0KGuE54MyclQfGnKd/4hELAoGADmTX +QjOduFGWvUXN3OS95DeqPzlJEfQmyNnv9ZrY1bE5Af9glQB4WwrzcykWzd6ZtP6x +K6gE1bwl4KIK6p4NUJAAYwnsQ7R6nlfCoCB50UdcHplhuLuIbIqM701kPSFe4tr0 +YeSWQV2zGaFVLD36WyFPloMm8WA32DywnPxthfECgYBUSCnDUrhqdg6ouOOMq5uN +XYRKQyAUTDYfsPwIlw6FcQ8BqDkiYCjnz//w399yY4BcvRc+ahVehkKu+abGMgHe +ec9jDxP0BYqDvi/i0VugjkSJDm8VE3r39Un0HKgNPN3konOgbeyaosGejcvoXiUT +eLDQp3iFLtwr7UKw3/QEBQ== -----END PRIVATE KEY----- From af2579c4dd4d34fce8f9977b80947d477b0a9f9b Mon Sep 17 00:00:00 2001 From: jackctj117 Date: Tue, 20 Jan 2026 15:48:19 -0700 Subject: [PATCH 8/8] Added new certs to include.am --- certs/test-serial0/include.am | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/certs/test-serial0/include.am b/certs/test-serial0/include.am index efbf993070..dd8056cc52 100644 --- a/certs/test-serial0/include.am +++ b/certs/test-serial0/include.am @@ -6,8 +6,15 @@ dist_doc_DATA+= certs/test-serial0/README.md EXTRA_DIST+= certs/test-serial0/generate_certs.sh \ certs/test-serial0/root_serial0.pem \ + certs/test-serial0/root_serial0_key.pem \ certs/test-serial0/root.pem \ + certs/test-serial0/root_key.pem \ certs/test-serial0/ee_serial0.pem \ + certs/test-serial0/ee_serial0.csr \ + certs/test-serial0/ee_serial0_key.pem \ certs/test-serial0/ee_normal.pem \ - certs/test-serial0/selfsigned_nonca_serial0.pem + certs/test-serial0/ee_normal.csr \ + certs/test-serial0/ee_normal_key.pem \ + certs/test-serial0/selfsigned_nonca_serial0.pem \ + certs/test-serial0/selfsigned_nonca_serial0_key.pem