-
Notifications
You must be signed in to change notification settings - Fork 43
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(x509.store): add store:check_revocation and add flag to skip che…
…ck CRL for store:add (#1)
- Loading branch information
Showing
16 changed files
with
789 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
-----BEGIN X509 CRL----- | ||
MIIC2jCBwwIBATANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQIDAJDQTENMAsGA1UE | ||
CgwES29uZzENMAsGA1UECwwES29uZzEbMBkGA1UEAwwSd3d3LnN1YmNhLmtvbmcu | ||
Y29tFw0yMzA2MDYwNzI3MDBaFw0zMzA2MDMwNzI3MDBaMBUwEwICIAEXDTIzMDYw | ||
NjA3MjcwMFqgMDAuMB8GA1UdIwQYMBaAFC8MH19JRurEt8xm/9IGkZIvDBurMAsG | ||
A1UdFAQEAgIgADANBgkqhkiG9w0BAQsFAAOCAgEAGX+Tvt+BDU6YUSVc7/bi7OBA | ||
KPEQvl/SXu06n3JmjyCRIWUPkB/QruqNHPpxImpvDzoqp/ScfKjB7jNaVqppdkcr | ||
yrCN11U26WPgtW6auHsWPOqVm94625+vecL9U+8R5WvjN2Hn8Kkn7EXefwskYleo | ||
tGDHeQMRuR3EHzaHu6Bbqn/UfYuTEEC2ZMg/LwGYaG8MBCg79ayAzsBeR4VPSszK | ||
CnKHa1CVgfggWQnNcIvkbBFpUAd6OWm6w+YUSA9hxAaEFqYlrOA4UHf/APE7Rnw3 | ||
xokDissm9yqfVVi0fiVe/HXt6RE5FOayOgjKOfAAj10TogTC9bK0Q05t8Ud1OpEY | ||
7YtFHtlBYuHWrmqm0FZBYwhxaFzDRcCRe45HuS6wCmMwb1Btr354kEOj/nSuq2Wq | ||
e248ZrTPNf/IXOGthB7FsL+bTOtrHl4l+tniZb+0i3FeeYUHoX+IRhPzWGHXYK9D | ||
PDn1QsggNvkXIMpdut8ifDwPXYFoXf5ZW8IAuC7G3zYrwsPFoQALheK4yyqHVaYb | ||
WMzuHmeVpxLxVv7zoJtpGPr8X2c2Yn25QtcGpqxcXxesL5g2+pJ2Uu3D7niVp3tM | ||
bqP3Nj88eJk1mFVOdRWwSICmp6ReJwTtAYacU5vTUjPdQNOOtht29YmbwyoemMvJ | ||
w9wdUeL9yrb5a98bNtI= | ||
-----END X509 CRL----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
#!/bin/bash | ||
# | ||
# run this script in t/fixtures/crl | ||
# | ||
# root ca | ||
mkdir -p rootca/newcerts | ||
touch rootca/index.txt | ||
echo 1000 > rootca/serial | ||
|
||
# root ca key | ||
openssl genrsa -out rootca.key.pem 4096 | ||
chmod 400 rootca.key.pem | ||
|
||
# root ca cert | ||
openssl req -config rootca.cnf -key rootca.key.pem \ | ||
-new -x509 -days 3650 -sha256 -extensions v3_ca \ | ||
-out rootca.cert.pem \ | ||
-subj "/C=US/ST=CA/L=SF/O=Kong/OU=Kong/CN=www.rootca.kong.com" | ||
|
||
|
||
# sub ca | ||
mkdir -p subca/newcerts | ||
touch subca/index.txt | ||
echo 2000 > subca/serial | ||
echo 2000 > subca/crlnumber | ||
|
||
# sub ca key | ||
openssl genrsa -out subca.key.pem 4096 | ||
chmod 400 subca.key.pem | ||
|
||
# sub ca csr | ||
openssl req -config subca.cnf -new -sha256 \ | ||
-key subca.key.pem -out subca.csr.pem \ | ||
-subj "/C=US/ST=CA/L=SF/O=Kong/OU=Kong/CN=www.subca.kong.com" | ||
|
||
# sub ca cert | ||
echo -e "y\ny\n" | openssl ca -config rootca.cnf -extensions v3_sub_ca \ | ||
-days 3650 -notext -md sha256 \ | ||
-in subca.csr.pem -out subca.cert.pem | ||
|
||
# ca chain | ||
#cat ca/sub/subca.cert.pem ca/root/root.cert.pem > chain.pem | ||
|
||
# leaf certs | ||
for name in valid revoked | ||
do | ||
openssl genrsa -out $name.key.pem 2048 | ||
chmod 400 $name.key.pem | ||
|
||
openssl req -config subca.cnf -key subca.key.pem \ | ||
-new -sha256 -out $name.csr.pem \ | ||
-subj "/C=US/ST=CA/L=SF/O=Kong/OU=Kong/CN=www.$name.kong.com" | ||
|
||
echo -e "y\ny\n" | openssl ca -config subca.cnf -extensions usr_cert \ | ||
-days 3650 -notext -md sha256 \ | ||
-in $name.csr.pem -out $name.cert.pem | ||
done | ||
|
||
# revoke cert | ||
openssl ca -config subca.cnf -revoke revoked.cert.pem | ||
|
||
# generate crl file | ||
openssl ca -config subca.cnf -gencrl -out crl.pem -crldays 3650 | ||
|
||
# remove unused files | ||
rm -rf rootca subca *.csr.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIGUzCCBDugAwIBAgICIAEwDQYJKoZIhvcNAQELBQAwSDELMAkGA1UECAwCQ0Ex | ||
DTALBgNVBAoMBEtvbmcxDTALBgNVBAsMBEtvbmcxGzAZBgNVBAMMEnd3dy5zdWJj | ||
YS5rb25nLmNvbTAeFw0yMzA2MDYwNzI3MDBaFw0zMzA2MDMwNzI3MDBaMGQxCzAJ | ||
BgNVBAYTAlVTMQswCQYDVQQIDAJDQTELMAkGA1UEBwwCU0YxDTALBgNVBAoMBEtv | ||
bmcxDTALBgNVBAsMBEtvbmcxHTAbBgNVBAMMFHd3dy5yZXZva2VkLmtvbmcuY29t | ||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzE3ishAB+ODlQRlnbYTu | ||
vYkKBMJ+UqCCNIrAUxu6IMJWuK8hxt+KSP0RgB7LNpE/FshUuZP16dZq8A5Hah2u | ||
/r7yXEv6kmNUfAQAm3NSFT8WBgjcs3m4TTqstLhPL3sRnVECkUGEq5PHfQxR3Du/ | ||
FqwYiGH6oOZXusFZzuHx0R/+GKkfkq9qomwIpZzMSIGblfS00CpWAvBYclTeJmfy | ||
nDKiDcirvG5su55lwqsqkn2Agm8y7OqQsCcaUFvnMHqxeVzk3bqXjWldfo7dviZH | ||
NW17XO5ruUJLseRZE3bCMBePQjQpY6il7K8Cq9gJ0dt3TbR9WSVNS+EUuCB3c9rt | ||
UT+qlBrNWCmMz3ZLfXDYjqiHy6jokT8K4Bo2pjoiZ7IlUZQ637xb7TOH5uIcOYsG | ||
R6Av843lt0Tv1grgaWbR/kNSOIGREO0SQakw6khpVasTNGqSoBLyFb6+Szw7EAcZ | ||
PCBh9ZOz+xXdBcGlCsmEnAwG9BSFBG4ygUdO3OyvZeSGD9BwNZFzqAi/dKJJW5Xn | ||
1GHJQUejrrn1GiDl+NaIkprm2SXTOZ622riDb4zYmNXwkC+9pJzV14IN9XZS8MWd | ||
ydUeMraa2K5AD5hKHwyPjCLoLvvPk/V50iMOWLIVk+RCk/mBj++gthSgqQexyknE | ||
cCTBWS2hiyBimMm8wtJOH/ECAwEAAaOCASkwggElMAkGA1UdEwQCMAAwEQYJYIZI | ||
AYb4QgEBBAQDAgWgMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBD | ||
bGllbnQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFC8MH19JRurEt8xm/9IGkZIvDBur | ||
MB8GA1UdIwQYMBaAFC8MH19JRurEt8xm/9IGkZIvDBurMA4GA1UdDwEB/wQEAwIF | ||
4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwMgYIKwYBBQUHAQEEJjAk | ||
MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcHNlcnZlcjoyNTYwMC0GA1UdHwQmMCQw | ||
IqAgoB6GHGh0dHA6Ly9vY3Nwc2VydmVyOjgwL2NybC5wZW0wDQYJKoZIhvcNAQEL | ||
BQADggIBALCjaiw5E2MSjCOWHbaJpIeTmspFLceWcFn+Vsee6IDsGfLc4X4bo2lc | ||
rTxJKjcaKHCaKBhlGYTGcAOn9aQksFxqPOnCarWhWBu7d/rtwpmS8Az6LLl6kPiq | ||
hwNR9ZXEUZubZrigbAEKOvulpCdGzS2K5r+jsyduVfUYNLgK0QQibv5gP77WLEAM | ||
UeJFXzvhYOdyd2gCegllfLdkIlt+D/4ZnMmyVYpkAPbYPTh7E1+iM0nzXrpJ68Tg | ||
nwQftjsHOGnNWg1EUt6dAGzrXlPaS5LCX5BDFGIZSIWEi0/qtySbroIwSeFiowca | ||
TwebLnONPe4cQUmga3OJg9tI6y3NRpChUPkpftmXxwQE1UT2GjecQFnSbkFsFhwv | ||
ezJjZ5iOSdpglptxPO7J8HOt32aEX0Y+qR0/QmMYYR3NdVE2aSKjaMl+8R6aIA5a | ||
akpIibDNFdOD2FU8eMCQgd+gIdne8YOpUGWIy8X+grw44DSpU7lIPmHHLQEvFiG+ | ||
MrI34iCg9k9pX5D+/PnMMLMuy92VBwHVNlWe+JSVThGEPQOh7N/Bn1S4Mzv1HLUM | ||
kZrM6tTNieaoEUoArmWpwVcyNUgMO9TunNfDTOsDb144j9cK+AFdUFCKwmZyxPsR | ||
gSlWtXlcHLLMFjf5q+4jkkvZ4AVzq8NpovDKMIygjYx+BGOdqIuw | ||
-----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
-----BEGIN RSA PRIVATE KEY----- | ||
MIIEpQIBAAKCAQEA9Ieaw7RFz9+I8WTKFS8QYzIkduMdh0bYWkDn0M51t74U1YtC | ||
NDXaaFRRe7F/SvvP4vsJXTEJWdz6+RjwAtkZwXLUjjIGsHU+sLdlHGAwpnWz12gU | ||
p+Y+LBNWbkbvmcUV7BfVTzOzbaZi5fNA3AzUUXBvLPOYj8qFpGeU8ZSGEZiS9wAh | ||
yulFPnl8AxYKFqiuTWTIYLa2v/KT395QIcTqcQNpllRmvzQcBX14wTAqrukC3bfA | ||
lS/pGu1XE/utx/PkJAgHaxo3oHbirTp9aPGRce/dgUH4/NopuyEQvcaykLC+V75P | ||
JyUuPP7DD8UgXs8amBVibL4hbjlIQOLAqonBFQIDAQABAoIBAQDxioF1jzzmeQfs | ||
aoKzKiol0gHy7aTdWz2a6UITH91oAnrR9R0QNaHoLGHQrSPwDYzryM0XILj76yx9 | ||
ogRyy8CFNciALSouY6HpLT7TKLDlvJ5IyKaesu/22aMmiyth2Swuadxqv8cdKJ3I | ||
RuBqfMG9MDKhVH3+iy43l5moh+1mskEddAIYEMMcb3HW4CQqb7FDi1EIqJcZNxlY | ||
V7o6t0VLUTgiauWTvXisv33Ozga/3vh4PzBvVpSCgn8AE3n+j06pp/wYsuYqeWU4 | ||
eHreCN9Qh4NL2A9nN197mK98/JrujB0yuBJ/VCJfUKO5uydkgHzLnGsAYachppMe | ||
heGQkU6BAoGBAP5u6WXDgnhtA4ZyuvRxF+r8FzFDOKNw6E/QH55g8d/z2zQwrcQb | ||
o5BDFLxXeXKlIshy3aphxX8Y1LkFjm9d8+JRJG6ffRbXuKsC+K6CMmaW1vOQ180p | ||
Y/OPp0GLgpxA9fimo+EYhpWbdQlDTZUzfzBp1hu8UkP0VZu4XFSml0fPAoGBAPYJ | ||
FLYo/Oa1Kv0BSgVH2AZPax7Rl0I/7NWG4e1IaT/hawKzlypM3pMvZSana7gcGccr | ||
fGjG8GjliFm2R03H/GldfhXRoO3MCPF9FvWpW5ZRhCU2SSlsrj6SxG1KpCqkG2ft | ||
QSHI3f0H1mZdXXiRh3Z4jkb0c87IrCpMcasSjT3bAoGAY/75MeqV83h8wzGCMqHk | ||
EZGEF/NgZjPwybV1R8y4Ixl3FFrxYDqwnPkQRDlo3Nr0Aa3LWrRUZ3A94n3Bjhlx | ||
yYe0dtmt0vVzeZqQXB2Fa3ZrAozxk4tp4gaaaJNJANozEceEbuoxssjHRZ2y9ymn | ||
GkLuSDZKarSzlKDvgMF8gVcCgYEA3n1NxoEAWp1gd5Uv2+ChQOuWwjLk5xspz9p+ | ||
+nXt/7+YZsQDIlSLPmywuyjRZ5e50/vGMHYet61CBWapynPcFWhfedms/v3w5Hir | ||
R5JUaXXj20bhGF3YoGtWyEKkfI8U3YGW0bd0z7nDr6Qkv8BS0NaqSw4Kn+emkUW5 | ||
0Osg4NsCgYEAxOhcGIseH8e0K7YSsB8sRSOK01p0wTRpMhQ8GVsf4S4Za292B2Wl | ||
f2ZIFEj9IrTEwp14s2lOeeSpSMHYndWfHOTua0DSaKP6j0Dl2G3VlbZJsprDqRWX | ||
qA0vZ1ZucVFBe3GWtCaO7uQprQbk0NcerqmEdexY2vzGvUNuoQszuRo= | ||
-----END RSA PRIVATE KEY----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIFtzCCA5+gAwIBAgIUJWxAqd4rg8B4IoNzVf3VFL0LoKYwDQYJKoZIhvcNAQEL | ||
BQAwYzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjENMAsG | ||
A1UECgwES29uZzENMAsGA1UECwwES29uZzEcMBoGA1UEAwwTd3d3LnJvb3RjYS5r | ||
b25nLmNvbTAeFw0yMzA2MDYwNzI2NTlaFw0zMzA2MDMwNzI2NTlaMGMxCzAJBgNV | ||
BAYTAlVTMQswCQYDVQQIDAJDQTELMAkGA1UEBwwCU0YxDTALBgNVBAoMBEtvbmcx | ||
DTALBgNVBAsMBEtvbmcxHDAaBgNVBAMME3d3dy5yb290Y2Eua29uZy5jb20wggIi | ||
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDiCaoWZZdKx0TuKjPCxl91Z5dL | ||
S2/5YQpB/96SUc+mXClJvDeE9VOlEdIhLM1+yjsWaSbG5GiiY6+jiVql2GNIJ1U1 | ||
hr6fR6dWM1J13/Cb1WO/9IGsULn4vwBYnxNOK54wxvKSMfp2lmhf6iNPNy9lxiAd | ||
7L7M2nwF0MSl8aYoIg+ULrGJ/kXy/EF6g+1JDrzlgbBsrJso2VQc7h59sFrijpDv | ||
3iFaJA5UvYd/s2Y4CAzESN06JgOXDaN+eEk53DBcskcK8+9DdNXcKLuKFXfUL25u | ||
als8z0oBfP8aDVBHTZQ2Eh3iSuU3iigpJH6zK8uxQLEqMf43j5XpiG7J485PXPQo | ||
jUAgg/YJJDLnBpkSem/f9mWDZ1WsA+cbPUAogwiUOsmdG2joIobXNdY2LgGkA6Xz | ||
J9ALdz1I5gvl7waw+cHEKPcX1nGnC1loCLyNri4bTxaAKwSJY8jc9fJcowpBiJy4 | ||
xOA+0b/2bBY4vdjiRxyq1qADEvsL2/Z4MN+0ecquEYm5LLsmXenCvU7Ecgy3HcZM | ||
AHV8m5oI6WJshxmsZ5SJ8EnFrsjWiYqTPtmn3W3c1Hi6la5R0oDieguXcSUNtDCg | ||
APmnPXlJYcx0osDL3pyioK+4AMUu1yLrX6r7+Gdg9ghXtwpHrUDeVY3/qv1HOJWi | ||
yiT5bztF2gYy2RksjwIDAQABo2MwYTAdBgNVHQ4EFgQUxVbJgvLbara0rOyfJEDc | ||
LupTakYwHwYDVR0jBBgwFoAUxVbJgvLbara0rOyfJEDcLupTakYwDwYDVR0TAQH/ | ||
BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAAUNP6BV | ||
tpHi38vQ7g/eombH4Q0pk6dAAQ3yf1Ve7bfPXNhHqwg2Dpeefv7+gBi86Ut4WgqU | ||
elnblSR/QjB8gkh+fT5dUfRq8kqwaZcXlrsB8FdAr0c/GOxeqARzVWiK6pxjrNRU | ||
w+nAUU99Kke54rqrdX0kEQ+CIR69jVGYzqPN00icAj48DrC/Stsih2im7OQtpcmY | ||
GiuTsK9XmRbJMqf+hcHyjQxWMkQ+3v3bz9rB2DPpoBVncF94ZIdTGQnzArc64gat | ||
2AYHpPRn500d5QAoGxjWLHYQdcXJ/Q8mYa7o+YliwyfCX5dA34jTyttLzRiggljF | ||
aqna3MJ1fE4ukj6RInihbxPBxNCH9reKougTYSsTGiqoff4j87K46y7xe/RfmKUw | ||
+/7P/5d3COUda56Csy+gDHPK4WR//rhNpqde5Tz9TSrXYHU0HUHwfDVRc3NNrROr | ||
trVC6sC1VqXvk6zBz6RNDuSC+4Io7Hp51vU/Bg0fcdAFNYLpKrZm+pWrCLR1lGxr | ||
OPQUuvmBX1+XsmRgpMZtYHLTxYf8QuxwqRX6iPgD4Bt90EASo53auDzxh3lL09lB | ||
eEpQRvwLpq+VoF8uj2xAHHQM25D50nWDxTbE/gGXs/hMaKBQend/vfU1Abj86kij | ||
NehSHV5LPjYikoZm1oig/DEFjAPWQpgPVowG | ||
-----END CERTIFICATE----- |
Oops, something went wrong.