This avoids the need to use SECLEVEL=1 in 12-ct.cnf.in.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18450)
-----BEGIN CERTIFICATE-----
-MIIDeDCCAuGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
+MIID+TCCAuGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMDAxMjUxMTUwMTNaGA8yMTIwMDEy
NjExNTAxM1owGTEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3
CDAdBgNVHQ4EFgQUtMa8XD5ylrF9AqCdnPEhXa63H2owHwYDVR0jBBgwFoAUX52I
Dchz5lTU+A3Y5rDBJLRHw1UwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcD
ATCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN8cLsEVAJRSR6lhaDJd3Fx5Wej3xtOI
-/AAuC70/dNdkAAABb15m6AAAAAQDAEcwRQIgfDPo8RArm/vcSEZ608Q1u+XQ55QB
-u67SZEuZxLpbUM0CIQDRsgcTud4PDy8Cgg+lHeAS7UxgSKBbWAznYOuorwNewzAZ
-BgNVHREEEjAQgg5zZXJ2ZXIuZXhhbXBsZTANBgkqhkiG9w0BAQsFAAOBgQCWFKKR
-RNkDRzB25NK07OLkbzebhnpKtbP4i3blRx1HAvTSamf/3uuHI7kfiPJorJymJpT1
-IuJvSVKyMu1qONWBimiBfiyGL7+le1izHEJIP5lVTbddfzSIBIvrlHHcWIOL3H+W
-YT6yTEIzJuO07Xp61qnB1CE2TrinUWlyC46Zkw==
+/AAuC70/dNdkAAABb15m6AAAAAQDAEcwRQIgVVLvhQAex2omlFnb+MczYTjvUETM
+SW6EeAIxPuicWWcCIQCYJYPr1uLeBMcq2RJCtoWgs/F0BsfUFnhJk/lav8NoNDAZ
+BgNVHREEEjAQgg5zZXJ2ZXIuZXhhbXBsZTANBgkqhkiG9w0BAQsFAAOCAQEATRog
+ZfvqRl9hMgYODL8VVRJNgqQqKVLCGME4ksBudWKPO0ulfD+de81WCFEHINBu2sPa
+NSs3YHv/5eaw0tJAd4lPGGhGCl/qEIqQxN6wKcenIWu2M4QzsH6V4D7IuR+OUZCC
+vNN//NpdIH1KbNGViQCw7o5ClL1+ow0MT+PuzGCI7LkdHTJzyoftzGSHqF/DzDDd
+uO4ez6fQR4aj/CvQ6UZAy8ihYc2B+dz6NR/nGdCkIs7eEWISOxCgmH8NAJLgPOaU
+Odw3qk4hXEyTiPkMsSjl9QSfQi5s6d9rbEuQ22ow6H092n7Du15AZS4kKlHxDa5s
+G8vj2f3xch0fyx+c+w==
-----END CERTIFICATE-----
Timestamp : Jan 1 00:00:00.000 2020 GMT
Extensions: none
Signature : ecdsa-with-SHA256
- 30:45:02:20:7C:33:E8:F1:10:2B:9B:FB:DC:48:46:7A:
- D3:C4:35:BB:E5:D0:E7:94:01:BB:AE:D2:64:4B:99:C4:
- BA:5B:50:CD:02:21:00:D1:B2:07:13:B9:DE:0F:0F:2F:
- 02:82:0F:A5:1D:E0:12:ED:4C:60:48:A0:5B:58:0C:E7:
- 60:EB:A8:AF:03:5E:C3
+ 30:45:02:20:55:52:EF:85:00:1E:C7:6A:26:94:59:DB:
+ F8:C7:33:61:38:EF:50:44:CC:49:6E:84:78:02:31:3E:
+ E8:9C:59:67:02:21:00:98:25:83:EB:D6:E2:DE:04:C7:
+ 2A:D9:12:42:B6:85:A0:B3:F1:74:06:C7:D4:16:78:49:
+ 93:F9:5A:BF:C3:68:34
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7jHbrkVfT0PtLO1FuzsvR
-yY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjPKDHM5nugSlojgZ88ujfm
-JNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnLsvfP34b7arnRsQIDAQAB
-AoGAJLR6xEJp+5IXRFlLn7WTkFvO0ddtxJ7bXhiIkTctyruyfqp7LF9Jv1G2m3PK
-QPUtBc73w/GYkfnwIwdfJbOmPHL7XyEGHZYmEXgIgEtw6LXvAv0G5JpUnNwsSBfL
-GfSQqI5Z5ytyzlJXkMcTGA2kTgNAYc73h4EnU+pwUnDPdAECQQD2aj+4LtYk1XPq
-r3gjgI6MoGvgYJfPmAtZhxxVbhXQKciFUCAcBiwlQdHIdLWE9j65ctmZRWidKifr
-4O4nz+TBAkEA3djNW/rTQq5fKZy+mCF1WYnIU/3yhJaptzRqLm7AHqe7+hdrGXJw
-+mCtU8T3L/Ms8bH1yFBZhmkp1PbR8gl48QJAQo70YyWThiN5yfxXcQ96cZWrTdIJ
-b3NcLXSHPLQdhDqlBQ1dfvRT3ERpC8IqfZ2d162kBPhwh3MpkVcSPQK0gQJAC/dY
-xGBYKt2a9nSk9zG+0bCT5Kvq++ngh6hFHfINXNnxUsEWns3EeEzkrIMQTj7QqszN
-lBt5aL2dawZRNrv6EQJBAOo4STF9KEwQG0HLC/ryh1FeB0OBA5yIepXze+eJVKei
-T0cCECOQJKfWHEzYJYDJhyEFF/sYp9TXwKSDjOifrsU=
+MIIEogIBAAKCAQEAwckj9DNhinn9gUivB5TNOW8vsn8Kn5UXms8V3TlYQx9I37mW
+kabOB5meZ6221is1oANJkQk9MZv3Jlap/8P3Vt4yAmslclbuT7oOoZdpX8x5yoED
+L3PoSNARLj25PvWR7Djtd9O9pTuZcUEbd5guJddw5Pj3HA0Q7a+5tHOSWG63p3pF
+ZONyticwBVWfvBkMHbWkA8g6EDvAbKmz26r5FQlfsOw/0U6CP0oJKkhJHSchFYG8
+IsjfkV3LXNbCwV4n9vOCx4cZNUznjaF0uUsOj0kmvP0bprVSEXMIGxitl4Z/vUru
+WaR3mN2/Od/TnicxyMohAKqeeG16QK2Z4uXe8wIDAQABAoIBADYYp1/JZCZbDaik
+mK/eGzg4ULFcg6Ou5CsEOk9Kbdg3CInj7iN01DkM6kp5FPxOjabApC3HzXxm1KSw
+Nr6+fvKSDpXcQVTc7aP2BZWYhgMHOsyMHU6G5cZFxzYIZwkrVnQCJFB6HIveymPy
+T++f3OoVbV+OHLWI9DvV/VphlO34ZaWHtDjor4+ycNSkdpH2t1ecmob/zs/5lt+T
+5xfQ38qpuWWJiXstd6O4THgTU9u8/E6CIAdS5CiYORoW/EqRMlV8lt10dfG75feF
+WvZD+w/DHgFi1izLaSRsHqHHT1hc3h1tFl1c1XDvkTFPgTqbk01VK9IvsPn9QKcc
++Sw7o0ECgYEA8ghy34lSSbGrvk+djU+vwQ7VEPE5+gicp4Dl2E0tEeZyRt3q4Vt5
+QF60D7Q6E6NjzIEVsm7Ic/qo12klOSMJ4NB5r+oMTJ6R+09/9gzyWx9sYb1rzgYh
+FtOex6fzYQnqPydb06u/crdL7lbxmYlK09rr/wcqzMx7gmkqMBmtS9MCgYEAzPfv
+Uc+wN8ZPzpRbGabenoyTf+v4+f+VfIGMUw9TKQZozsGVypZeAy++l9sAymaty3FH
+oob5P8i9dwFHhaaXmWCBZyWxRJbQ+tTYAulQd/FZoaGX8SdENPmcLnTTXnDPXJTT
+YyDQwpYFl2Qv6n0DPY0HvtR3iG/0VoM9Rt7wzGECgYApYYJqb6sPCH6JokkYsQgm
+pOeO5v93nWNTTDl/+un6xoDBVw3ii+Y2ODrm+HR5iRT2ERfpkwFYuwGFGugPVctJ
+kbtMdWK28uGYqyYApoQFSmEYcO9uoSOlKHdcQX3eGHjhZVRQ42tvLKGh1WGnU47k
+m+h/iPUrYMa5LEvXP3yemwKBgDhWCSxGVlvuIO9ZrXRufg+7+aqWVDd6fT7caJJH
+ywaioVn6sU4eaDad/9fDNQNsl2Yse5D7YjSa2yCDdIISmOZqNQcBwChm/4eByuF5
++UkOSCF5xcZdkYyx8rB+Ib56aTQ8H6HGWjqxe1XyDo130NUxFyjnQvd4NgM1TTlW
+e37hAoGAGj8eUtfqyChkIYFqnDZM/cH9a/hISTXItFwMVltY46s+IoxrQK9xG8Ke
+K1pGSiKs3m0L/qKLmKGThBdR1DjFw6Y7qajg0JZtzdcnyWRQpOrTC7mxtjSkcQ3e
+56h1nvYF3IgtobIOyxoO05oiQHv1fn8hK5PjdBMdeDxkWJT/a2s=
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-MIIC0jCCAjugAwIBAgIBADANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
+MIID1zCCAr+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMjA2MDExMDM4MDJaGA8yMTIyMDUw
ODEwMzgwMlowVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRy
YW5zcGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4w
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANWKaFNiEKJxGZNud4MhGBwqQBPG
-0HuMduuRV9PQ+0s7UW7Oy9HJjZHFL3Q/q2NdVQmc0Tq68xrlQUQkUadMeBbyJDz4
-SM8oMczme6BKWiOBnzy6N+Yk2cO9spm4Od3+JjHSyzqE/HuytcUvz8FP/0BvXNRG
-acuy98/fhvtqudGxAgMBAAGjga8wgawwHQYDVR0OBBYEFF+diA3Ic+ZU1PgN2Oaw
-wSS0R8NVMH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQsw
-CQYDVQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENB
-MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAMBgNVHRMEBTAD
-AQH/MA0GCSqGSIb3DQEBCwUAA4GBAD0aYh9OkFYfXV7kBfhrtD0PJG2U47OV/1qq
-+uFpqB0S1WO06eJT0pzYf1ebUcxjBkajbJZm/FHT85VthZ1lFHsky87aFD8XlJCo
-2IOhKOkvvWKPUdFLoO/ZVXqEVKkcsS1eXK1glFvb07eJZya3JVG0KdMhV2YoDg6c
-Doud4XrO
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBySP0M2GKef2BSK8HlM05
+by+yfwqflReazxXdOVhDH0jfuZaRps4HmZ5nrbbWKzWgA0mRCT0xm/cmVqn/w/dW
+3jICayVyVu5Pug6hl2lfzHnKgQMvc+hI0BEuPbk+9ZHsOO13072lO5lxQRt3mC4l
+13Dk+PccDRDtr7m0c5JYbrenekVk43K2JzAFVZ+8GQwdtaQDyDoQO8BsqbPbqvkV
+CV+w7D/RToI/SgkqSEkdJyEVgbwiyN+RXctc1sLBXif284LHhxk1TOeNoXS5Sw6P
+SSa8/RumtVIRcwgbGK2Xhn+9Su5ZpHeY3b8539OeJzHIyiEAqp54bXpArZni5d7z
+AgMBAAGjga8wgawwHQYDVR0OBBYEFF+diA3Ic+ZU1PgN2OawwSS0R8NVMH0GA1Ud
+IwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQswCQYDVQQGEwJHQjEk
+MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
+YWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4IBAQAx4nGkweUG9fE1IpAsRSNoW+OzxWmzhLXHWFslPHe8P7OODW+y
+t5nUWdAwPej7vGo/y2nF9Y2WbRKwJrAcNFn6rLnrA5nuzH+mOJt5EckajWWU2MqF
+9nLfQiNsds85//r3ENQ3wfh6hZojvh98o+5mC5AV8JzORyj5NxzDXp5zdf8dt00s
+D612d/RTFMPPzVK5vYBOoCusafV5qI/c4DYi02B00xtkUj3lFZc5afGpWIbJIarc
+ESlqR3J66UetqbK4bP/nwQlW3PgZCpJXSHVPuwK3V+4ZTSVd5+FbYVp1DXp/qbq8
+P6RD7n+MnBgdEH0AFtgQ28effUXaSWDTXxze
-----END CERTIFICATE-----
[0-ct-permissive-without-scts-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT@SECLEVEL=1
+CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[0-ct-permissive-without-scts-client]
-CipherString = DEFAULT@SECLEVEL=1
+CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[1-ct-permissive-with-scts-server]
Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem
-CipherString = DEFAULT@SECLEVEL=1
+CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem
[1-ct-permissive-with-scts-client]
-CipherString = DEFAULT@SECLEVEL=1
+CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem
VerifyMode = Peer
[2-ct-strict-without-scts-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT@SECLEVEL=1
+CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[2-ct-strict-without-scts-client]
-CipherString = DEFAULT@SECLEVEL=1
+CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[3-ct-strict-with-scts-server]
Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem
-CipherString = DEFAULT@SECLEVEL=1
+CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem
[3-ct-strict-with-scts-client]
-CipherString = DEFAULT@SECLEVEL=1
+CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem
VerifyMode = Peer
[4-ct-permissive-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem
-CipherString = DEFAULT@SECLEVEL=1
+CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem
[4-ct-permissive-resumption-client]
-CipherString = DEFAULT@SECLEVEL=1
+CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem
VerifyMode = Peer
[5-ct-strict-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem
-CipherString = DEFAULT@SECLEVEL=1
+CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem
[5-ct-strict-resumption-client]
-CipherString = DEFAULT@SECLEVEL=1
+CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem
VerifyMode = Peer
# -*- mode: perl; -*-
-# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
{
name => "ct-permissive-without-scts",
server => {
- "CipherString" => 'DEFAULT@SECLEVEL=1',
},
client => {
- "CipherString" => 'DEFAULT@SECLEVEL=1',
extra => {
"CTValidation" => "Permissive",
},
{
name => "ct-permissive-with-scts",
server => {
- "CipherString" => 'DEFAULT@SECLEVEL=1',
"Certificate" => test_pem("embeddedSCTs1.pem"),
"PrivateKey" => test_pem("embeddedSCTs1-key.pem"),
},
client => {
- "CipherString" => 'DEFAULT@SECLEVEL=1',
"VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
extra => {
"CTValidation" => "Permissive",
{
name => "ct-strict-without-scts",
server => {
- "CipherString" => 'DEFAULT@SECLEVEL=1',
},
client => {
- "CipherString" => 'DEFAULT@SECLEVEL=1',
extra => {
"CTValidation" => "Strict",
},
{
name => "ct-strict-with-scts",
server => {
- "CipherString" => 'DEFAULT@SECLEVEL=1',
"Certificate" => test_pem("embeddedSCTs1.pem"),
"PrivateKey" => test_pem("embeddedSCTs1-key.pem"),
},
client => {
- "CipherString" => 'DEFAULT@SECLEVEL=1',
"VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
extra => {
"CTValidation" => "Strict",
{
name => "ct-permissive-resumption",
server => {
- "CipherString" => 'DEFAULT@SECLEVEL=1',
"Certificate" => test_pem("embeddedSCTs1.pem"),
"PrivateKey" => test_pem("embeddedSCTs1-key.pem"),
},
client => {
- "CipherString" => 'DEFAULT@SECLEVEL=1',
"VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
extra => {
"CTValidation" => "Permissive",
{
name => "ct-strict-resumption",
server => {
- "CipherString" => 'DEFAULT@SECLEVEL=1',
"Certificate" => test_pem("embeddedSCTs1.pem"),
"PrivateKey" => test_pem("embeddedSCTs1-key.pem"),
},
client => {
- "CipherString" => 'DEFAULT@SECLEVEL=1',
"VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
extra => {
"CTValidation" => "Strict",
projects / thirdparty / openssl.git / commitdiff
