This tests the add_extension and add_critical_extension options of certtool.
data/name-constraints-ip2.pem data/chain-md5.pem data/gost-cert.pem \
templates/template-tlsfeature.tmpl \
data/template-tlsfeature.pem data/template-tlsfeature.csr \
- templates/template-tlsfeature-crq.tmpl
+ templates/template-tlsfeature-crq.tmpl templates/arb-extensions.tmpl data/arb-extensions.pem \
+ data/arb-extensions.csr
dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \
pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \
if !WINDOWS
dist_check_SCRIPTS += template-test pem-decoding othername-test krb5-test sha3-test md5-test \
- tlsfeature-test
+ tlsfeature-test template-exts-test
endif
if ENABLE_DANE
--- /dev/null
+PKCS #10 Certificate Request Information:
+ Version: 1
+ Subject: CN=Cindy Lauper,OU=sleeping dept.,O=Koko inc.,ST=Attiki,C=GR,UID=clauper
+ Subject Public Key Algorithm: RSA
+ Modulus (bits 1024):
+ 00:a5:c6:ce:75:43:84:bf:64:9e:02:27:13:f1:03:59
+ f7:79:2d:92:ed:7c:2f:50:a4:03:f1:2d:79:b9:86:8b
+ 05:7e:3a:bb:44:aa:af:84:cf:13:98:1e:1c:4a:38:f7
+ 33:2d:7a:9f:72:d4:6b:6d:26:b0:31:37:70:10:fb:42
+ e9:d8:9d:18:65:7e:19:49:fc:05:96:04:68:83:1e:77
+ 86:bf:ed:f5:e5:12:3b:13:fe:33:18:9c:1a:7a:1d:69
+ af:47:02:60:7a:1f:b9:e8:cf:db:c8:34:30:51:96:3d
+ 8c:96:5c:00:bc:61:de:08:0f:b1:36:21:7f:a9:00:e3
+ 05
+ Exponent (bits 24):
+ 01:00:01
+ Signature Algorithm: RSA-SHA256
+ Attributes:
+ Extensions:
+ Unknown extension 1.2.3.4 (not critical):
+ ASCII: ...........
+ Hexdump: 0001020304050607aaabcd
+ Unknown extension 5.6.7.8 (not critical):
+ ASCII: ...........
+ Hexdump: 0001020304050607aaabcd
+ Unknown extension 1.2.3.4.5.6.7 (not critical):
+ ASCII: .4.Z.e.'.~.G....
+ Hexdump: 1d34cd5ad065dc27c17e9447b0aaaca7
+ Unknown extension 1.2.3.4294967295.7 (not critical):
+ ASCII: ...A?....J.K..l|...4..~.L..&.ap.E........}!'...s.....b=...K..6Sb.4.Z.e.'.~.G....
+ Hexdump: 178f0e413f041cc9d64af64bf3b66c7ceac6fa34a4d77ed64c968b26c761709445f40d9ca0a00091af7d212789c00b7387b1d0d7ab623dd4029d4b86db3653621d34cd5ad065dc27c17e9447b0aaaca7
+ Unknown extension 1.2.6710656.7 (not critical):
+ ASCII: .J.K..l|...4..~.L..&.ap.E........}!'...s.....b=...K..6Sb.4.Z.e.'.~.G....
+ Hexdump: d64af64bf3b66c7ceac6fa34a4d77ed64c968b26c761709445f40d9ca0a00091af7d212789c00b7387b1d0d7ab623dd4029d4b86db3653621d34cd5ad065dc27c17e9447b0aaaca7
+ Unknown extension 2.34.11.12.13.14.15.16.17.1.5 (critical):
+ ASCII: ..
+ Hexdump: cafe
+ Basic Constraints (critical):
+ Certificate Authority (CA): FALSE
+ Key Usage (critical):
+ Digital signature.
+Other Information:
+ Public Key ID:
+ 5d40adf0ce9440958b7e99941d925422ca72365f
+
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIIC/jCCAmcCAQAwezEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYDVQQLEw5z
+bGVlcGluZyBkZXB0LjESMBAGA1UEChMJS29rbyBpbmMuMQ8wDQYDVQQIEwZBdHRp
+a2kxCzAJBgNVBAYTAkdSMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEApcbOdUOEv2SeAicT8QNZ93ktku18L1CkA/Et
+ebmGiwV+OrtEqq+EzxOYHhxKOPczLXqfctRrbSawMTdwEPtC6didGGV+GUn8BZYE
+aIMed4a/7fXlEjsT/jMYnBp6HWmvRwJgeh+56M/byDQwUZY9jJZcALxh3ggPsTYh
+f6kA4wUCAwEAAaCCAUEwggE9BgkqhkiG9w0BCQ4xggEuMIIBKjASBgMqAwQECwAB
+AgMEBQYHqqvNMBIGA84HCAQLAAECAwQFBgeqq80wGgYGKgMEBQYHBBAdNM1a0GXc
+J8F+lEewqqynMFwGCCoDj////38HBFAXjw5BPwQcydZK9kvztmx86sb6NKTXftZM
+losmx2FwlEX0DZygoACRr30hJ4nAC3OHsdDXq2I91AKdS4bbNlNiHTTNWtBl3CfB
+fpRHsKqspzBSBgYqg5nLAAcESNZK9kvztmx86sb6NKTXftZMlosmx2FwlEX0DZyg
+oACRr30hJ4nAC3OHsdDXq2I91AKdS4bbNlNiHTTNWtBl3CfBfpRHsKqspzATBgpy
+CwwNDg8QEQEFAQH/BALK/jAMBgNVHRMBAf8EAjAAMA8GA1UdDwEB/wQFAwMHgAAw
+DQYJKoZIhvcNAQELBQADgYEAlL46Xhzomx9EkuBf2djeBEK8P3xx+5HSTcu2F/38
+D1F+VLNfvifFVcT9CgGz+xMGtXYzqyfeZ/FVGgZlIc4bZFML1A5DvdqpQUcqGFZZ
+sJdulRiQ9fhMUz1qwgovX7/Zpm+Xgfup++wPwyEFI3yu1mt6Krd3CY5o7woxUC28
+u5U=
+-----END NEW CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDqjCCAxOgAwIBAgIBCTANBgkqhkiG9w0BAQsFADB7MRUwEwYDVQQDEwxDaW5k
+eSBMYXVwZXIxFzAVBgoJkiaJk/IsZAEBEwdjbGF1cGVyMRcwFQYDVQQLEw5zbGVl
+cGluZyBkZXB0LjESMBAGA1UEChMJS29rbyBpbmMuMQ8wDQYDVQQIEwZBdHRpa2kx
+CzAJBgNVBAYTAkdSMB4XDTA3MDQyMjAwMDAwMFoXDTE0MDUyNTAwMDAwMFowezEV
+MBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEX
+MBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xEjAQBgNVBAoTCUtva28gaW5jLjEPMA0G
+A1UECBMGQXR0aWtpMQswCQYDVQQGEwJHUjCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEApcbOdUOEv2SeAicT8QNZ93ktku18L1CkA/EtebmGiwV+OrtEqq+EzxOY
+HhxKOPczLXqfctRrbSawMTdwEPtC6didGGV+GUn8BZYEaIMed4a/7fXlEjsT/jMY
+nBp6HWmvRwJgeh+56M/byDQwUZY9jJZcALxh3ggPsTYhf6kA4wUCAwEAAaOCATww
+ggE4MBIGAyoDBAQLAAECAwQFBgeqq80wEgYDzgcIBAsAAQIDBAUGB6qrzTAaBgYq
+AwQFBgcEEB00zVrQZdwnwX6UR7CqrKcwXAYIKgOP////fwcEUBePDkE/BBzJ1kr2
+S/O2bHzqxvo0pNd+1kyWiybHYXCURfQNnKCgAJGvfSEnicALc4ex0NerYj3UAp1L
+hts2U2IdNM1a0GXcJ8F+lEewqqynMFIGBiqDmcsABwRI1kr2S/O2bHzqxvo0pNd+
+1kyWiybHYXCURfQNnKCgAJGvfSEnicALc4ex0NerYj3UAp1Lhts2U2IdNM1a0GXc
+J8F+lEewqqynMBMGCnILDA0ODxARAQUBAf8EAsr+MAwGA1UdEwEB/wQCMAAwHQYD
+VR0OBBYEFF1ArfDOlECVi36ZlB2SVCLKcjZfMA0GCSqGSIb3DQEBCwUAA4GBAInQ
+3geT53qgMB3Iix5rlpEAceXBkhmWND5eQhkAo9rEq/6rIubfvxrVM02XpFGFA7qU
+Es+19M0Hwf7LXdQRtJtGW2LXaqSQoXp/PL7FXbZUC9J11oOno1wuJhw6/Z4nKm2U
+5GgZbAlpJ7y0hwBunlZqF1viU9awFclhFbnVVRcG
+-----END CERTIFICATE-----
--- /dev/null
+#!/bin/sh
+
+# Copyright (C) 2006-2012 Free Software Foundation, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+srcdir="${srcdir:-.}"
+CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
+DIFF="${DIFF:-diff}"
+OUTFILE="exts.$$.tmp"
+
+export TZ="UTC"
+
+. ${srcdir}/../scripts/common.sh
+
+check_for_datefudge
+
+datefudge -s "2007-04-22" \
+ "${CERTTOOL}" --generate-self-signed \
+ --load-privkey "${srcdir}/data/template-test.key" \
+ --template "${srcdir}/templates/arb-extensions.tmpl" \
+ --outfile $OUTFILE #2>/dev/null
+
+${DIFF} "${srcdir}/data/arb-extensions.pem" $OUTFILE #>/dev/null 2>&1
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+ echo "Test with crt failed"
+ exit ${rc}
+fi
+
+rm -f "$OUTFILE"
+
+datefudge -s "2007-04-22" \
+ "${CERTTOOL}" --generate-request \
+ --load-privkey "${srcdir}/data/template-test.key" \
+ --template "${srcdir}/templates/arb-extensions.tmpl" \
+ 2>/dev/null | grep -v "Algorithm Security Level" >$OUTFILE
+
+${DIFF} "${srcdir}/data/arb-extensions.csr" $OUTFILE #>/dev/null 2>&1
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+ echo "Test with crq failed"
+ exit ${rc}
+fi
+
+rm -f "$OUTFILE"
+
+exit 0
--- /dev/null
+# X.509 Certificate options
+#
+# DN options
+
+# The organization of the subject.
+organization = "Koko inc."
+
+# The organizational unit of the subject.
+unit = "sleeping dept."
+
+# The locality of the subject.
+# locality =
+
+# The state of the certificate owner.
+state = "Attiki"
+
+# The country of the subject. Two letter code.
+country = GR
+
+# The common name of the certificate owner.
+cn = "Cindy Lauper"
+
+# A user id of the certificate owner.
+uid = "clauper"
+
+serial = 9
+expiration_days = 2590
+
+add_extension = "1.2.3.4 0001020304050607AAABCD"
+add_extension = "5.6.7.8 0x0001020304050607AAABCD"
+add_extension = "1.2.3.4.5.6.7 1d34cd5ad065dc27c17e9447b0aaaca7"
+add_extension = "1.2.3.4294967295.7 178f0e413f041cc9d64af64bf3b66c7ceac6fa34a4d77ed64c968b26c761709445f40d9ca0a00091af7d212789c00b7387b1d0d7ab623dd4029d4b86db3653621d34cd5ad065dc27c17e9447b0aaaca7"
+add_critical_extension = "9.10.11.12.13.14.15.16.17.1.5 CAFE"
+add_extension = "1.2.6710656.7 d64af64bf3b66c7ceac6fa34a4d77ed64c968b26c761709445f40d9ca0a00091af7d212789c00b7387b1d0d7ab623dd4029d4b86db3653621d34cd5ad065dc27c17e9447b0aaaca7"
projects / thirdparty / gnutls.git / commitdiff
