diff --git a/certs/crl/cliCrl.pem b/certs/crl/cliCrl.pem index 55d2d4fef..67a5713bc 100644 --- a/certs/crl/cliCrl.pem +++ b/certs/crl/cliCrl.pem @@ -2,38 +2,38 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: /C=US/ST=Oregon/L=Portland/O=yaSSL/OU=Programming/CN=www.yassl.com/emailAddress=info@yassl.com - Last Update: May 18 17:37:23 2012 GMT - Next Update: Jun 17 17:37:23 2012 GMT + Last Update: Aug 10 18:01:01 2012 GMT + Next Update: Dec 8 18:01:01 2012 GMT CRL extensions: X509v3 CRL Number: - 1 + 62 No Revoked Certificates. Signature Algorithm: sha1WithRSAEncryption - 6b:d7:b2:9e:21:8a:04:e7:43:68:46:a7:36:eb:4e:6e:23:91: - f9:e9:1f:f1:7f:48:79:64:cd:ea:86:1c:36:63:f8:aa:8c:b3: - 62:34:bb:18:28:5a:42:f7:8a:64:3e:7f:36:05:49:a2:29:38: - 71:e8:54:da:87:05:53:55:c3:0b:ae:10:0a:f0:5d:f0:6e:5c: - 26:8b:55:4f:8f:d2:08:41:42:21:8d:b7:f1:6d:22:d1:a0:04: - 9e:67:cb:43:51:55:e6:00:41:d0:cd:82:e8:03:42:29:88:49: - e1:f4:8d:1e:e5:ad:18:8b:3a:60:aa:dc:47:33:9d:ce:79:41: - 0c:81:a9:cc:a7:a4:d9:07:3a:eb:df:41:34:ca:a6:b9:93:47: - 72:1d:c4:71:71:69:4b:4b:74:e4:2c:ff:91:f3:47:77:de:da: - 05:ab:de:05:57:6a:89:d6:f8:b2:f7:69:9b:a6:c6:e9:cd:c3: - 60:4a:79:66:62:3b:a1:f2:e2:44:9b:f2:31:44:94:46:f0:96: - ab:b5:04:97:6b:09:82:64:8b:68:b0:73:46:ae:25:fa:33:ca: - f4:ce:cb:35:7e:e2:23:a1:df:5f:70:40:b5:1d:cd:dd:b0:ff: - 20:6a:23:a1:ed:95:11:16:69:a0:ca:7e:90:c3:ed:be:5e:56: - 0a:da:04:e3 + 1e:69:b2:c4:72:a7:b2:c9:e1:b9:ac:06:40:2c:c5:66:9a:07: + 6c:91:2e:17:09:c7:86:b4:62:2d:0f:1f:a3:a3:1c:93:ce:45: + 53:d5:57:94:a6:77:af:51:da:86:e4:1e:6f:57:c8:cc:5f:07: + 8d:a5:db:bd:b3:f7:cf:e2:11:3c:e2:51:79:7e:b3:a9:47:f7: + c1:17:12:5b:7c:e5:c3:71:17:d2:ce:59:d4:0d:dc:45:ff:bc: + fe:a7:76:7b:92:88:52:0c:a5:e0:79:75:86:50:27:15:2a:01: + 66:a6:ba:96:d4:9a:14:1d:92:7d:63:72:5f:25:9b:05:72:cb: + ed:6d:7c:92:1f:4f:3e:64:cb:5d:80:9e:ad:c8:47:83:88:5b: + 3d:07:3f:d3:6a:2c:dd:c9:f7:09:bb:05:2f:9a:f4:73:15:f4: + 61:b1:47:87:9c:bf:c9:61:42:19:14:b8:67:9c:c5:c1:86:f1: + e8:63:71:40:6c:2f:b1:c1:0c:1f:f4:c4:80:e2:d0:cb:88:6b: + 51:1e:e9:b0:06:19:7c:6d:85:cf:05:7f:fe:3d:35:79:9e:f0: + 5b:f4:06:63:d4:eb:d2:e2:70:29:a9:02:b4:c1:b4:bd:53:f4: + 8f:b3:df:37:91:44:d5:e8:c4:10:86:76:0e:49:2b:ba:9a:a4: + dd:33:0e:7e -----BEGIN X509 CRL----- MIIB6DCB0QIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxDzANBgNV BAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxDjAMBgNVBAoTBXlhU1NMMRQw EgYDVQQLEwtQcm9ncmFtbWluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsG -CSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20XDTEyMDUxODE3MzcyM1oXDTEyMDYx -NzE3MzcyM1qgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQBr17Ke -IYoE50NoRqc2605uI5H56R/xf0h5ZM3qhhw2Y/iqjLNiNLsYKFpC94pkPn82BUmi -KThx6FTahwVTVcMLrhAK8F3wblwmi1VPj9IIQUIhjbfxbSLRoASeZ8tDUVXmAEHQ -zYLoA0IpiEnh9I0e5a0YizpgqtxHM53OeUEMganMp6TZBzrr30E0yqa5k0dyHcRx -cWlLS3TkLP+R80d33toFq94FV2qJ1viy92mbpsbpzcNgSnlmYjuh8uJEm/IxRJRG -8JartQSXawmCZItosHNGriX6M8r0zss1fuIjod9fcEC1Hc3dsP8gaiOh7ZURFmmg -yn6Qw+2+XlYK2gTj +CSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20XDTEyMDgxMDE4MDEwMVoXDTEyMTIw +ODE4MDEwMVqgDjAMMAoGA1UdFAQDAgE+MA0GCSqGSIb3DQEBBQUAA4IBAQAeabLE +cqeyyeG5rAZALMVmmgdskS4XCceGtGItDx+joxyTzkVT1VeUpnevUdqG5B5vV8jM +XweNpdu9s/fP4hE84lF5frOpR/fBFxJbfOXDcRfSzlnUDdxF/7z+p3Z7kohSDKXg +eXWGUCcVKgFmprqW1JoUHZJ9Y3JfJZsFcsvtbXySH08+ZMtdgJ6tyEeDiFs9Bz/T +aizdyfcJuwUvmvRzFfRhsUeHnL/JYUIZFLhnnMXBhvHoY3FAbC+xwQwf9MSA4tDL +iGtRHumwBhl8bYXPBX/+PTV5nvBb9AZj1OvS4nApqQK0wbS9U/SPs983kUTV6MQQ +hnYOSSu6mqTdMw5+ -----END X509 CRL----- diff --git a/certs/crl/crl.pem b/certs/crl/crl.pem index d9dacb304..b68ff3f4b 100644 --- a/certs/crl/crl.pem +++ b/certs/crl/crl.pem @@ -2,38 +2,38 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com - Last Update: May 18 23:22:13 2012 GMT - Next Update: Jun 17 23:22:13 2012 GMT + Last Update: Aug 10 18:01:01 2012 GMT + Next Update: Dec 8 18:01:01 2012 GMT CRL extensions: X509v3 CRL Number: - 5 + 60 No Revoked Certificates. Signature Algorithm: sha1WithRSAEncryption - aa:c2:16:c6:7c:cf:4e:ee:f4:44:af:cf:66:ce:b9:af:89:1b: - 83:e4:0b:cf:67:68:95:32:9f:ee:80:60:1e:93:82:4c:c6:d3: - 93:90:c7:cd:7c:31:90:d0:f3:4f:4a:db:d2:ad:99:d5:38:fb: - ba:a6:3d:52:79:ce:6c:15:e5:dc:c0:57:43:f8:56:13:39:b9: - c1:af:e3:a3:fb:79:18:82:e7:b6:99:5a:4f:5f:88:b8:9e:5c: - 54:ef:87:06:a7:bb:c7:64:08:b0:9a:32:f7:12:88:b7:f2:af: - 35:5c:10:89:43:52:36:4e:90:55:25:c7:0e:5d:13:45:73:b5: - 22:79:9f:62:b7:15:a6:2f:9a:02:a6:95:fc:a5:1d:bb:e3:c1: - fc:6a:49:db:21:fb:d5:19:68:9c:bc:08:af:bf:4f:58:87:bc: - 34:fb:46:7a:60:e4:5c:8f:cf:da:a9:23:ab:f5:e1:e8:18:41: - fb:d0:5d:2d:b1:8c:80:1b:67:0f:eb:77:7d:53:39:9b:f4:e7: - a9:49:ff:94:39:8f:e4:5e:4b:a9:46:62:b6:17:28:1d:8f:30: - 1c:19:5e:99:d3:4f:56:0d:5a:73:03:52:45:f4:5f:0d:af:e1: - dd:e1:f3:6f:6b:d9:94:48:4d:7e:6e:9d:f2:98:57:2c:03:56: - cb:5a:b5:3a + 26:1c:06:6a:42:ff:8b:18:71:4e:ef:7c:02:74:43:6f:7b:83: + 99:2f:e1:4e:74:0f:f9:99:62:a1:90:88:11:1b:d8:59:3b:1e: + 34:dd:f4:92:81:6f:49:2c:9a:5f:ba:21:6f:11:95:19:6e:da: + 38:a4:4e:a0:7e:4a:fb:7c:c6:9f:c8:26:2d:9b:cd:e8:30:14: + 10:38:56:63:89:bf:a7:eb:11:0f:7c:81:60:d7:c3:ab:07:ef: + 6c:af:81:4d:b9:cd:6e:91:c6:42:13:01:d8:1a:62:cb:52:fd: + 44:0b:fa:9f:34:de:75:ba:5a:3d:df:d4:b1:7e:a0:b9:3f:f5: + ed:a3:e6:ef:ef:20:95:45:3c:75:8c:a8:5c:ae:8c:e9:3c:f1: + e6:34:fd:65:bb:9a:f9:5f:8c:96:7c:32:12:50:43:2b:30:94: + 4e:8a:f0:c3:5e:c9:e2:49:08:83:64:7a:3b:f3:d5:30:f3:78: + 4b:20:3c:51:d0:da:37:14:f4:c8:f2:ab:41:d2:c3:b9:7a:7f: + 42:17:42:79:a4:10:67:4e:84:d4:e9:a9:e8:dd:46:5d:b2:f4: + e8:3d:1c:24:3c:81:e7:56:bb:43:11:e2:d9:a2:9d:ce:b5:78: + ad:19:14:7c:d7:37:e8:bf:f7:30:fc:4d:05:a9:33:6b:12:9f: + 24:19:39:35 -----BEGIN X509 CRL----- MIIB6jCB0wIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w -GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwNTE4MjMyMjEzWhcNMTIw -NjE3MjMyMjEzWqAOMAwwCgYDVR0UBAMCAQUwDQYJKoZIhvcNAQEFBQADggEBAKrC -FsZ8z07u9ESvz2bOua+JG4PkC89naJUyn+6AYB6TgkzG05OQx818MZDQ809K29Kt -mdU4+7qmPVJ5zmwV5dzAV0P4VhM5ucGv46P7eRiC57aZWk9fiLieXFTvhwanu8dk -CLCaMvcSiLfyrzVcEIlDUjZOkFUlxw5dE0VztSJ5n2K3FaYvmgKmlfylHbvjwfxq -Sdsh+9UZaJy8CK+/T1iHvDT7Rnpg5FyPz9qpI6v14egYQfvQXS2xjIAbZw/rd31T -OZv056lJ/5Q5j+ReS6lGYrYXKB2PMBwZXpnTT1YNWnMDUkX0Xw2v4d3h829r2ZRI -TX5unfKYVywDVstatTo= +GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwODEwMTgwMTAxWhcNMTIx +MjA4MTgwMTAxWqAOMAwwCgYDVR0UBAMCATwwDQYJKoZIhvcNAQEFBQADggEBACYc +BmpC/4sYcU7vfAJ0Q297g5kv4U50D/mZYqGQiBEb2Fk7HjTd9JKBb0ksml+6IW8R +lRlu2jikTqB+Svt8xp/IJi2bzegwFBA4VmOJv6frEQ98gWDXw6sH72yvgU25zW6R +xkITAdgaYstS/UQL+p803nW6Wj3f1LF+oLk/9e2j5u/vIJVFPHWMqFyujOk88eY0 +/WW7mvlfjJZ8MhJQQyswlE6K8MNeyeJJCINkejvz1TDzeEsgPFHQ2jcU9Mjyq0HS +w7l6f0IXQnmkEGdOhNTpqejdRl2y9Og9HCQ8gedWu0MR4tminc61eK0ZFHzXN+i/ +9zD8TQWpM2sSnyQZOTU= -----END X509 CRL----- diff --git a/certs/crl/crl.revoked b/certs/crl/crl.revoked index 90af3b8ec..cf6ec5597 100644 --- a/certs/crl/crl.revoked +++ b/certs/crl/crl.revoked @@ -2,40 +2,40 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com - Last Update: May 15 23:51:25 2012 GMT - Next Update: Jun 14 23:51:25 2012 GMT + Last Update: Aug 10 18:01:01 2012 GMT + Next Update: Dec 8 18:01:01 2012 GMT CRL extensions: X509v3 CRL Number: - 4 + 61 Revoked Certificates: Serial Number: 02 - Revocation Date: May 4 17:06:05 2012 GMT + Revocation Date: Aug 10 18:01:01 2012 GMT Signature Algorithm: sha1WithRSAEncryption - aa:e4:44:9b:6b:c9:0b:d3:6f:ba:09:3d:90:93:ae:96:86:73: - f6:90:28:ba:93:3b:95:0c:91:c9:10:53:f1:15:fd:43:9a:ba: - 4e:dc:8e:e8:10:4d:d8:8b:be:a8:a2:12:4c:19:c1:13:9f:3c: - fe:54:60:32:b7:45:77:17:2a:40:f2:16:52:9e:68:fe:be:03: - 99:9c:b1:d3:4b:be:87:5b:f4:12:3c:9e:3d:59:c8:b9:a2:2c: - 78:94:9c:cd:b0:17:d0:b3:bd:86:99:2b:1d:38:b5:03:d8:d1: - 0d:8f:1a:8c:97:ff:87:01:4f:91:22:30:c2:a5:10:bb:e3:fb: - 31:b7:44:8a:5a:82:e1:e5:30:69:84:d1:4b:c2:d3:07:bf:21: - d5:33:2d:ad:4b:e4:6f:83:c1:66:16:74:31:7d:f9:d6:1e:10: - 66:fd:7d:ad:66:3c:32:cc:a3:98:75:63:16:5c:df:e1:37:3d: - e9:08:d2:7b:05:dd:4c:31:92:53:0c:f1:ea:8e:be:31:d1:eb: - ac:37:a8:cd:c4:30:c5:91:cc:38:a3:55:4a:51:01:39:cf:7d: - 50:57:d2:f2:47:4a:1d:7f:3a:32:16:89:e8:5a:1b:f8:64:33: - 48:e5:b8:ef:ba:2e:f3:52:7e:ba:28:0e:9b:f7:07:b8:b6:38: - f9:d0:dd:78 + 5c:eb:53:33:02:74:bb:c1:37:37:81:1a:36:9c:eb:d0:28:87: + 12:56:1a:d8:ec:ae:8e:ef:42:d0:61:07:f0:f0:b5:e8:2a:16: + 5e:78:ab:e9:ad:62:f3:6c:c5:fe:7a:b5:c7:0e:8a:e3:0a:2d: + 63:b5:ec:c4:c1:1f:1e:c3:77:b7:24:10:4b:09:b1:d8:ea:40: + 4f:74:6a:9a:d7:57:bd:b9:d3:e2:42:81:81:b2:5c:42:d8:d3: + 21:3f:f2:05:e2:11:8f:ce:60:cc:3b:76:55:e6:5f:6d:71:13: + b1:7e:2c:50:d2:29:fe:f2:ad:96:f9:ee:8f:5c:c3:0a:73:e7: + 78:c5:8f:6e:0d:35:66:64:4a:76:05:93:9f:eb:05:b2:c3:a1: + f5:d5:4c:4b:6e:79:f2:8d:51:90:7c:9d:a9:f5:94:7f:93:fe: + 39:da:c1:fb:8c:94:66:1d:d4:40:a9:48:ee:3b:91:14:83:4e: + b4:ea:93:07:f6:be:48:4a:ec:4c:26:61:2d:a2:66:01:c5:d8: + d3:18:f6:d0:1b:d2:94:13:c9:94:84:54:e4:44:10:01:66:25: + 47:ee:b2:19:4a:65:e3:79:42:9e:12:af:a7:4a:a4:66:35:e3: + 1a:db:2c:80:ff:a4:9c:2e:6e:32:8e:50:5d:ec:7e:de:1a:01: + a9:08:fc:a2 -----BEGIN X509 CRL----- MIICADCB6QIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w -GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwNTE1MjM1MTI1WhcNMTIw -NjE0MjM1MTI1WjAUMBICAQIXDTEyMDUwNDE3MDYwNVqgDjAMMAoGA1UdFAQDAgEE -MA0GCSqGSIb3DQEBBQUAA4IBAQCq5ESba8kL02+6CT2Qk66WhnP2kCi6kzuVDJHJ -EFPxFf1DmrpO3I7oEE3Yi76oohJMGcETnzz+VGAyt0V3FypA8hZSnmj+vgOZnLHT -S76HW/QSPJ49Wci5oix4lJzNsBfQs72GmSsdOLUD2NENjxqMl/+HAU+RIjDCpRC7 -4/sxt0SKWoLh5TBphNFLwtMHvyHVMy2tS+Rvg8FmFnQxffnWHhBm/X2tZjwyzKOY -dWMWXN/hNz3pCNJ7Bd1MMZJTDPHqjr4x0eusN6jNxDDFkcw4o1VKUQE5z31QV9Ly -R0odfzoyFonoWhv4ZDNI5bjvui7zUn66KA6b9we4tjj50N14 +GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwODEwMTgwMTAxWhcNMTIx +MjA4MTgwMTAxWjAUMBICAQIXDTEyMDgxMDE4MDEwMVqgDjAMMAoGA1UdFAQDAgE9 +MA0GCSqGSIb3DQEBBQUAA4IBAQBc61MzAnS7wTc3gRo2nOvQKIcSVhrY7K6O70LQ +YQfw8LXoKhZeeKvprWLzbMX+erXHDorjCi1jtezEwR8ew3e3JBBLCbHY6kBPdGqa +11e9udPiQoGBslxC2NMhP/IF4hGPzmDMO3ZV5l9tcROxfixQ0in+8q2W+e6PXMMK +c+d4xY9uDTVmZEp2BZOf6wWyw6H11UxLbnnyjVGQfJ2p9ZR/k/452sH7jJRmHdRA +qUjuO5EUg0606pMH9r5ISuxMJmEtomYBxdjTGPbQG9KUE8mUhFTkRBABZiVH7rIZ +SmXjeUKeEq+nSqRmNeMa2yyA/6ScLm4yjlBd7H7eGgGpCPyi -----END X509 CRL----- diff --git a/certs/crl/eccCliCRL.pem b/certs/crl/eccCliCRL.pem index 82c61b40c..a40794850 100644 --- a/certs/crl/eccCliCRL.pem +++ b/certs/crl/eccCliCRL.pem @@ -2,23 +2,23 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: ecdsa-with-SHA1 Issuer: /C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.yassl.com/emailAddress=info@yassl.com - Last Update: May 25 20:21:43 2012 GMT - Next Update: Jun 24 20:21:43 2012 GMT + Last Update: Aug 10 18:01:01 2012 GMT + Next Update: Dec 8 18:01:01 2012 GMT CRL extensions: X509v3 CRL Number: - 1 + 63 No Revoked Certificates. Signature Algorithm: ecdsa-with-SHA1 - 30:45:02:21:00:c8:82:17:00:62:02:ae:73:f8:80:57:3d:19: - df:f3:36:5a:4c:12:89:d5:d6:b4:aa:29:b6:c8:7d:f2:1d:2f: - 55:02:20:18:f4:ad:18:1a:c5:df:39:81:ad:0d:3e:45:14:3d: - 07:44:31:21:bd:ed:13:32:7b:32:03:41:a1:0f:fd:1a:67 + 30:44:02:20:7f:8d:d7:28:61:96:4c:b7:a8:17:0a:7f:9d:cf: + fa:29:e1:1d:cb:30:61:1b:b3:6b:f0:61:68:15:25:76:62:32: + 02:20:55:ca:fc:37:b4:4c:f9:78:99:b3:c9:d4:1a:e1:fa:f7: + 8a:4a:94:ce:31:ed:b0:1f:dc:64:d7:2a:59:47:b9:2d -----BEGIN X509 CRL----- -MIIBIDCByAIBATAJBgcqhkjOPQQBMIGJMQswCQYDVQQGEwJVUzEPMA0GA1UECBMG +MIIBHzCByAIBATAJBgcqhkjOPQQBMIGJMQswCQYDVQQGEwJVUzEPMA0GA1UECBMG T3JlZ29uMQ4wDAYDVQQHEwVTYWxlbTETMBEGA1UEChMKQ2xpZW50IEVDQzENMAsG A1UECxMERmFzdDEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJ -ARYOaW5mb0B5YXNzbC5jb20XDTEyMDUyNTIwMjE0M1oXDTEyMDYyNDIwMjE0M1qg -DjAMMAoGA1UdFAQDAgEBMAkGByqGSM49BAEDSAAwRQIhAMiCFwBiAq5z+IBXPRnf -8zZaTBKJ1da0qim2yH3yHS9VAiAY9K0YGsXfOYGtDT5FFD0HRDEhve0TMnsyA0Gh -D/0aZw== +ARYOaW5mb0B5YXNzbC5jb20XDTEyMDgxMDE4MDEwMVoXDTEyMTIwODE4MDEwMVqg +DjAMMAoGA1UdFAQDAgE/MAkGByqGSM49BAEDRwAwRAIgf43XKGGWTLeoFwp/nc/6 +KeEdyzBhG7Nr8GFoFSV2YjICIFXK/De0TPl4mbPJ1Brh+veKSpTOMe2wH9xk1ypZ +R7kt -----END X509 CRL----- diff --git a/certs/crl/eccSrvCRL.pem b/certs/crl/eccSrvCRL.pem index 4351892c8..16d8b564c 100644 --- a/certs/crl/eccSrvCRL.pem +++ b/certs/crl/eccSrvCRL.pem @@ -2,23 +2,23 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: ecdsa-with-SHA1 Issuer: /C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.yassl.com/emailAddress=info@yassl.com - Last Update: May 25 20:15:31 2012 GMT - Next Update: Jun 24 20:15:31 2012 GMT + Last Update: Aug 10 18:01:01 2012 GMT + Next Update: Dec 8 18:01:01 2012 GMT CRL extensions: X509v3 CRL Number: - 1 + 64 No Revoked Certificates. Signature Algorithm: ecdsa-with-SHA1 - 30:46:02:21:00:d3:e3:d6:58:f7:92:c6:93:e3:c2:b9:81:dd: - b2:3f:e8:c9:4d:61:b1:ed:25:d2:1d:49:da:bd:15:ab:c7:21: - 9f:02:21:00:e6:8f:20:2a:10:e7:85:26:6b:31:6e:c4:c2:08: - b5:c3:fa:d0:fa:ca:34:8c:2a:85:6c:18:94:84:18:46:96:a7 + 30:44:02:20:59:42:06:a7:73:69:03:08:05:e8:4b:95:ca:cf: + f1:30:9e:84:4b:3c:52:c8:10:b9:c8:36:c8:07:64:65:fd:bf: + 02:20:71:60:a7:35:d6:8c:52:c2:df:06:dc:40:52:c5:ef:4c: + 8b:ec:96:4b:72:b0:c4:36:3e:c8:9d:62:5e:49:f2:5f -----BEGIN X509 CRL----- -MIIBIzCBygIBATAJBgcqhkjOPQQBMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMK +MIIBITCBygIBATAJBgcqhkjOPQQBMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMK V2FzaGluZ3RvbjEQMA4GA1UEBxMHU2VhdHRsZTEQMA4GA1UEChMHRWxpcHRpYzEM MAoGA1UECxMDRUNDMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcN -AQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwNTI1MjAxNTMxWhcNMTIwNjI0MjAxNTMx -WqAOMAwwCgYDVR0UBAMCAQEwCQYHKoZIzj0EAQNJADBGAiEA0+PWWPeSxpPjwrmB -3bI/6MlNYbHtJdIdSdq9FavHIZ8CIQDmjyAqEOeFJmsxbsTCCLXD+tD6yjSMKoVs -GJSEGEaWpw== +AQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwODEwMTgwMTAxWhcNMTIxMjA4MTgwMTAx +WqAOMAwwCgYDVR0UBAMCAUAwCQYHKoZIzj0EAQNHADBEAiBZQganc2kDCAXoS5XK +z/EwnoRLPFLIELnINsgHZGX9vwIgcWCnNdaMUsLfBtxAUsXvTIvslktysMQ2Psid +Yl5J8l8= -----END X509 CRL----- diff --git a/certs/crl/gencrls.sh b/certs/crl/gencrls.sh new file mode 100755 index 000000000..d2ce199d6 --- /dev/null +++ b/certs/crl/gencrls.sh @@ -0,0 +1,57 @@ +#!/bin/bash + +# gencrls, crl config already done, see taoCerts.txt for setup + + + +# caCrl +openssl ca -gencrl -crldays 120 -out crl.pem -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem + +# metadata +openssl crl -in crl.pem -text > tmp +mv tmp crl.pem +# install +cp crl.pem ~/cyassl/certs/crl/crl.pem + +# caCrl server revoked +openssl ca -revoke ~/cyassl/certs/server-cert.pem -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem + +# caCrl server revoked generation +openssl ca -gencrl -crldays 120 -out crl.revoked -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem + +# metadata +openssl crl -in crl.revoked -text > tmp +mv tmp crl.revoked +# install +cp crl.revoked ~/cyassl/certs/crl/crl.revoked + +# remove revoked so next time through the normal CA won't have server revoked +cp blank.index.txt demoCA/index.txt + +# cliCrl +openssl ca -gencrl -crldays 120 -out cliCrl.pem -keyfile ~/cyassl/certs/client-key.pem -cert ~/cyassl/certs/client-cert.pem + +# metadata +openssl crl -in cliCrl.pem -text > tmp +mv tmp cliCrl.pem +# install +cp cliCrl.pem ~/cyassl/certs/crl/cliCrl.pem + +# eccCliCRL +openssl ca -gencrl -crldays 120 -out eccCliCRL.pem -keyfile ~/cyassl/certs/ecc-client-key.pem -cert ~/cyassl/certs/client-ecc-cert.pem + +# metadata +openssl crl -in eccCliCRL.pem -text > tmp +mv tmp eccCliCRL.pem +# install +cp eccCliCRL.pem ~/cyassl/certs/crl/eccCliCRL.pem + +# eccSrvCRL +openssl ca -gencrl -crldays 120 -out eccSrvCRL.pem -keyfile ~/cyassl/certs/ecc-key.pem -cert ~/cyassl/certs/server-ecc.pem + +# metadata +openssl crl -in eccSrvCRL.pem -text > tmp +mv tmp eccSrvCRL.pem +# install +cp eccSrvCRL.pem ~/cyassl/certs/crl/eccSrvCRL.pem + diff --git a/certs/taoCert.txt b/certs/taoCert.txt index 7dddffa6a..f0bb92101 100644 --- a/certs/taoCert.txt +++ b/certs/taoCert.txt @@ -112,7 +112,7 @@ openssl dhparam -in dh2048.param -text > dh2048.pem 1) create a crl -a) openssl ca -gencrl -out crl.pem -keyfile ./ca-key.pem -cert ./ca-cert.pem +a) openssl ca -gencrl -crldays 120 -out crl.pem -keyfile ./ca-key.pem -cert ./ca-cert.pem Error No ./CA root/index.txt so: diff --git a/examples/client/client.c b/examples/client/client.c index ff03d340b..955981040 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -327,9 +327,12 @@ void client_test(void* args) err_sys("unable to get SSL object"); CyaSSL_set_fd(ssl, sockfd); #ifdef HAVE_CRL - CyaSSL_EnableCRL(ssl, CYASSL_CRL_CHECKALL); - CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0); - CyaSSL_SetCRL_Cb(ssl, CRL_CallBack); + if (CyaSSL_EnableCRL(ssl, CYASSL_CRL_CHECKALL) != SSL_SUCCESS) + err_sys("can't enable crl check"); + if (CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS) + err_sys("can't load crl, check crlfile and date validity"); + if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS) + err_sys("can't set crl callback"); #endif if (matchName && doPeerCheck) CyaSSL_check_domain_name(ssl, domain);