--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 15624081837803162817 (0xd8d3e3a6cbe3ccc1)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=FI, O=w1.fi, CN=Root CA
+ Validity
+ Not Before: Jun 29 16:41:22 2013 GMT
+ Not After : Jun 27 16:41:22 2023 GMT
+ Subject: C=FI, O=w1.fi, CN=Root CA
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:be:1e:86:e4:79:03:c1:d1:94:d5:d4:b3:b1:28:
+ 90:76:fb:b8:a6:cd:6d:1c:d1:48:f4:08:9a:67:ff:
+ f9:a6:54:b1:19:29:df:29:1b:cd:f1:6f:66:01:e7:
+ db:79:ce:c0:39:2a:25:13:26:94:0c:2c:7b:5a:2c:
+ 81:0f:94:ee:51:d0:75:e6:46:db:17:46:a7:15:8b:
+ 0e:57:0f:b0:54:76:63:12:ca:86:18:bc:1a:c3:16:
+ c0:70:09:d6:6b:43:39:b8:98:29:46:ac:cb:6a:ad:
+ 38:88:3b:07:dc:81:cd:3a:f6:1d:f6:2f:ef:1d:d7:
+ ae:8a:b6:d1:e7:b3:15:02:b9
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
+ X509v3 Authority Key Identifier:
+ keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 1a:cf:77:60:44:43:c4:55:0e:99:e0:89:aa:b9:d3:7b:32:b7:
+ 5c:9c:7c:ca:fe:8c:d4:94:c6:5e:f3:83:19:5f:29:59:68:a4:
+ 4f:dc:04:2e:b8:71:c0:6d:3b:ae:01:e4:b9:88:99:cc:ce:82:
+ be:6a:28:c2:ac:6a:94:c6:87:90:ed:85:3c:10:71:c5:ff:3c:
+ 70:64:e2:41:62:31:ea:86:7b:11:8c:93:ea:c6:f3:f3:4e:f9:
+ d4:f2:81:90:d7:f4:fa:a1:91:6e:d4:dd:15:3e:26:3b:ac:1e:
+ c3:c2:1f:ed:bb:34:bf:cb:b2:67:c6:c6:51:e8:51:22:b4:f3:
+ 92:e8
+-----BEGIN CERTIFICATE-----
+MIICLDCCAZWgAwIBAgIJANjT46bL48zBMA0GCSqGSIb3DQEBBQUAMC8xCzAJBgNV
+BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xMzA2
+MjkxNjQxMjJaFw0yMzA2MjcxNjQxMjJaMC8xCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
+DAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEAvh6G5HkDwdGU1dSzsSiQdvu4ps1tHNFI9AiaZ//5plSxGSnfKRvN8W9m
+Aefbec7AOSolEyaUDCx7WiyBD5TuUdB15kbbF0anFYsOVw+wVHZjEsqGGLwawxbA
+cAnWa0M5uJgpRqzLaq04iDsH3IHNOvYd9i/vHdeuirbR57MVArkCAwEAAaNQME4w
+HQYDVR0OBBYEFLiS3v2KGLMww59V8zNdtMgpikEUMB8GA1UdIwQYMBaAFLiS3v2K
+GLMww59V8zNdtMgpikEUMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
+Gs93YERDxFUOmeCJqrnTezK3XJx8yv6M1JTGXvODGV8pWWikT9wELrhxwG07rgHk
+uYiZzM6CvmoowqxqlMaHkO2FPBBxxf88cGTiQWIx6oZ7EYyT6sbz80751PKBkNf0
++qGRbtTdFT4mO6wew8If7bs0v8uyZ8bGUehRIrTzkug=
+-----END CERTIFICATE-----
+-----BEGIN X509 CRL-----
+MIIBBjBxAgEBMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
+DAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQRcNMTkwODExMDc1ODM0WhcNMTkwODEx
+MDg1ODM0WqAOMAwwCgYDVR0UBAMCARIwDQYJKoZIhvcNAQELBQADgYEAOTijPynY
+c8ACRpu0+uIRjI6xIXDZqRubRvp/qrQVWtWHJWP2d6CbtaQVhZIfYFJLrLVfKyJv
+WyzkLNdLw/l6rbVN5ctb+fByjjV6H99IExeYiGIuoXN++m8CTUqt77cim0TA1WkQ
+bEwEY9aIN8zsXqioLvg5OBlWUfxnKmi2sQI=
+-----END X509 CRL-----
private_key="auth_serv/user.key")
dev[0].request("REMOVE_NETWORK all")
+def test_ap_wpa2_eap_tls_check_crl_not_strict(dev, apdev):
+ """EAP-TLS and server checking CRL with check_crl_strict=0"""
+ params = int_eap_server_params()
+ params['check_crl'] = '1'
+ params['ca_cert'] = "auth_serv/ca-and-crl-expired.pem"
+ hapd = hostapd.add_ap(apdev[0], params)
+
+ # check_crl_strict=1 and expired CRL --> reject connection
+ eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
+ client_cert="auth_serv/user.pem",
+ private_key="auth_serv/user.key", expect_failure=True)
+ dev[0].request("REMOVE_NETWORK all")
+
+ hapd.disable()
+ hapd.set("check_crl_strict", "0")
+ hapd.enable()
+
+ # check_crl_strict=0 --> accept
+ eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
+ client_cert="auth_serv/user.pem",
+ private_key="auth_serv/user.key")
+ dev[0].request("REMOVE_NETWORK all")
+
def test_ap_wpa2_eap_tls_crl_reload(dev, apdev, params):
"""EAP-TLS and server reloading CRL from ca_cert"""
ca_cert = os.path.join(params['logdir'],
projects / thirdparty / hostap.git / commitdiff
