Merge branch 'master' into ti
This commit is contained in:
toddouska
commit
6817e3cd2e
56
certs/test/expired-ca.pem
Normal file
56
certs/test/expired-ca.pem
Normal file
@ -0,0 +1,56 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number:
|
||||
8a:37:22:65:73:f5:aa:e8
|
||||
Signature Algorithm: md5WithRSAEncryption
|
||||
Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
|
||||
Validity
|
||||
Not Before: Jun 30 18:47:10 2010 GMT
|
||||
Not After : Mar 26 18:47:10 2013 GMT
|
||||
Subject: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
RSA Public Key: (512 bit)
|
||||
Modulus (512 bit):
|
||||
00:97:30:b9:1a:92:ef:25:4f:ca:4c:11:31:95:1a:
|
||||
e1:c0:10:19:0a:20:b9:37:80:1a:57:38:02:4e:1b:
|
||||
c5:0f:28:4f:da:e3:c9:16:aa:50:bd:4a:fb:b7:71:
|
||||
c7:35:cc:63:81:c1:dd:9d:33:f9:38:16:88:32:a0:
|
||||
aa:56:23:03:a3
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Subject Key Identifier:
|
||||
3B:66:FD:A0:40:C6:F4:E2:70:CF:21:1A:0C:4F:67:FE:B7:4B:42:09
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:3B:66:FD:A0:40:C6:F4:E2:70:CF:21:1A:0C:4F:67:FE:B7:4B:42:09
|
||||
DirName:/C=US/ST=Montana/L=Bozeman/O=sawtooth/OU=consulting/CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
|
||||
serial:8A:37:22:65:73:F5:AA:E8
|
||||
|
||||
X509v3 Basic Constraints:
|
||||
CA:TRUE
|
||||
Signature Algorithm: md5WithRSAEncryption
|
||||
32:65:a2:b1:dc:6d:e0:8d:8b:c8:58:29:8e:b8:18:4b:62:88:
|
||||
13:67:f8:6c:75:46:75:8f:8a:19:a6:a3:d5:3c:fc:57:4e:7a:
|
||||
68:a9:fc:93:dc:ae:29:7d:bb:4e:ec:ea:55:fa:a4:e3:00:61:
|
||||
f4:b0:34:6d:d1:d5:a4:64:24:f8
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDQDCCAuqgAwIBAgIJAIo3ImVz9aroMA0GCSqGSIb3DQEBBAUAMIGeMQswCQYD
|
||||
VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G
|
||||
A1UEChMIc2F3dG9vdGgxEzARBgNVBAsTCmNvbnN1bHRpbmcxJDAiBgNVBAMTG3d3
|
||||
dy5zYXd0b290aC1jb25zdWx0aW5nLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5
|
||||
YXNzbC5jb20wHhcNMTAwNjMwMTg0NzEwWhcNMTMwMzI2MTg0NzEwWjCBnjELMAkG
|
||||
A1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAP
|
||||
BgNVBAoTCHNhd3Rvb3RoMRMwEQYDVQQLEwpjb25zdWx0aW5nMSQwIgYDVQQDExt3
|
||||
d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
|
||||
eWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJcwuRqS7yVPykwRMZUa
|
||||
4cAQGQoguTeAGlc4Ak4bxQ8oT9rjyRaqUL1K+7dxxzXMY4HB3Z0z+TgWiDKgqlYj
|
||||
A6MCAwEAAaOCAQcwggEDMB0GA1UdDgQWBBQ7Zv2gQMb04nDPIRoMT2f+t0tCCTCB
|
||||
0wYDVR0jBIHLMIHIgBQ7Zv2gQMb04nDPIRoMT2f+t0tCCaGBpKSBoTCBnjELMAkG
|
||||
A1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAP
|
||||
BgNVBAoTCHNhd3Rvb3RoMRMwEQYDVQQLEwpjb25zdWx0aW5nMSQwIgYDVQQDExt3
|
||||
d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
|
||||
eWFzc2wuY29tggkAijciZXP1qugwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQF
|
||||
AANBADJlorHcbeCNi8hYKY64GEtiiBNn+Gx1RnWPihmmo9U8/FdOemip/JPcril9
|
||||
u07s6lX6pOMAYfSwNG3R1aRkJPg=
|
||||
-----END CERTIFICATE-----
|
||||
39
certs/test/expired-cert.pem
Normal file
39
certs/test/expired-cert.pem
Normal file
@ -0,0 +1,39 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 1 (0x0)
|
||||
Serial Number: 1 (0x1)
|
||||
Signature Algorithm: md5WithRSAEncryption
|
||||
Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
|
||||
Validity
|
||||
Not Before: Jun 30 18:52:17 2010 GMT
|
||||
Not After : Mar 26 18:52:17 2013 GMT
|
||||
Subject: C=US, ST=Montana, L=Bozeman, O=yaSSL, OU=support, CN=www.yassl.com/emailAddress=info@yassl.com
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
RSA Public Key: (512 bit)
|
||||
Modulus (512 bit):
|
||||
00:c6:7b:c0:68:81:2f:de:82:3f:f9:ac:c3:86:4a:
|
||||
66:b7:ec:d4:f1:f6:64:21:ff:f5:a2:34:42:d0:38:
|
||||
9f:c6:dd:3b:6e:26:65:6a:54:96:dd:d2:7b:eb:36:
|
||||
a2:ae:7e:2a:9e:7e:56:a5:b6:87:9f:15:c7:18:66:
|
||||
7e:16:77:e2:a7
|
||||
Exponent: 65537 (0x10001)
|
||||
Signature Algorithm: md5WithRSAEncryption
|
||||
58:a9:98:e7:16:52:4c:40:e7:e1:47:92:19:1b:3a:8f:97:6c:
|
||||
7b:b7:b0:cb:20:6d:ad:b5:d3:47:58:d8:e4:f2:3e:32:e9:ef:
|
||||
87:77:e5:54:36:f4:8d:50:8d:07:b4:77:45:ea:9d:a4:33:36:
|
||||
9b:0b:e0:74:58:11:c5:01:7b:4d
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICFDCCAb4CAQEwDQYJKoZIhvcNAQEEBQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYD
|
||||
VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhzYXd0b290
|
||||
aDETMBEGA1UECxMKY29uc3VsdGluZzEkMCIGA1UEAxMbd3d3LnNhd3Rvb3RoLWNv
|
||||
bnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0x
|
||||
MDA2MzAxODUyMTdaFw0xMzAzMjYxODUyMTdaMIGKMQswCQYDVQQGEwJVUzEQMA4G
|
||||
A1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjEOMAwGA1UEChMFeWFTU0wx
|
||||
EDAOBgNVBAsTB3N1cHBvcnQxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkq
|
||||
hkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB
|
||||
AMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpUlt3Se+s2oq5+
|
||||
Kp5+VqW2h58VxxhmfhZ34qcCAwEAATANBgkqhkiG9w0BAQQFAANBAFipmOcWUkxA
|
||||
5+FHkhkbOo+XbHu3sMsgba2100dY2OTyPjLp74d35VQ29I1QjQe0d0XqnaQzNpsL
|
||||
4HRYEcUBe00=
|
||||
-----END CERTIFICATE-----
|
||||
9
certs/test/expired-key.pem
Normal file
9
certs/test/expired-key.pem
Normal file
@ -0,0 +1,9 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIBOwIBAAJBAMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpU
|
||||
lt3Se+s2oq5+Kp5+VqW2h58VxxhmfhZ34qcCAwEAAQJBAJSbGxgjgV+rTZL2Ev58
|
||||
viN/IoB25cm/Bn4Heu7DNn2A2kpdGX2cCaf7rEQoIKCiHxvopvxOcd/7nLS/gNli
|
||||
dCECIQD/cX/9fvB1Uajw0fmvwNON9+3P9uJSqpig90zL32pwjQIhAMbqee9TBMN4
|
||||
TxXbgWqA92PrCXe8WDZ3PwoJqdR6MRUDAiEAny+TDF1z6hiWiGTCDgXDkKBlwgjf
|
||||
p5aKgR077XzwLu0CICVpWEGg1ZaF/CnaPP7w/pZ2UDOK4vRrfRnAM4bY7H5NAiBS
|
||||
1eXJ/MCZ2uPfpl7XK2BU9P69KdKUk5WHxdRchVvcDg==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
@ -787,9 +787,9 @@ int Des3_SetIV(Des3* des, const byte* iv);
|
||||
bd_p->BD_CTRL.LAST_BD = 1;
|
||||
bd_p->BD_CTRL.DESC_EN = 1;
|
||||
|
||||
bd_p->SA_ADDR = (unsigned int)KVA_TO_PA(&sa) ; // (unsigned int)sa_p ;
|
||||
bd_p->SRCADDR = (unsigned int)KVA_TO_PA(in) ; // (unsigned int)in_p ;
|
||||
bd_p->DSTADDR = (unsigned int)KVA_TO_PA(out); // (unsigned int)out_p ;
|
||||
bd_p->SA_ADDR = (unsigned int)KVA_TO_PA(&sa) ; /* (unsigned int)sa_p; */
|
||||
bd_p->SRCADDR = (unsigned int)KVA_TO_PA(in) ; /* (unsigned int)in_p; */
|
||||
bd_p->DSTADDR = (unsigned int)KVA_TO_PA(out); /* (unsigned int)out_p; */
|
||||
bd_p->NXTPTR = (unsigned int)KVA_TO_PA(&bd);
|
||||
bd_p->MSGLEN = sz ;
|
||||
|
||||
@ -798,7 +798,7 @@ int Des3_SetIV(Des3* des, const byte* iv);
|
||||
while (CECON);
|
||||
|
||||
/* Run the engine */
|
||||
CEBDPADDR = (unsigned int)KVA_TO_PA(&bd) ; // (unsigned int)bd_p ;
|
||||
CEBDPADDR = (unsigned int)KVA_TO_PA(&bd) ; /* (unsigned int)bd_p ; */
|
||||
CEINTEN = 0x07;
|
||||
CECON = 0x27;
|
||||
|
||||
|
||||
@ -9,6 +9,7 @@
|
||||
#include <ctype.h>
|
||||
#include <cyassl/ssl.h>
|
||||
#include <cyassl/ctaocrypt/types.h>
|
||||
#include <cyassl/ctaocrypt/error-crypt.h>
|
||||
|
||||
#ifdef ATOMIC_USER
|
||||
#include <cyassl/ctaocrypt/aes.h>
|
||||
@ -926,6 +927,25 @@ static INLINE int myVerify(int preverify, CYASSL_X509_STORE_CTX* store)
|
||||
#endif /* VERIFY_CALLBACK */
|
||||
|
||||
|
||||
static INLINE int myDateCb(int preverify, CYASSL_X509_STORE_CTX* store)
|
||||
{
|
||||
(void)preverify;
|
||||
char buffer[CYASSL_MAX_ERROR_SZ];
|
||||
|
||||
printf("In verification callback, error = %d, %s\n", store->error,
|
||||
CyaSSL_ERR_error_string(store->error, buffer));
|
||||
printf("Subject's domain name is %s\n", store->domain);
|
||||
|
||||
if (store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E) {
|
||||
printf("Overriding cert date error as example for bad clock testing\n");
|
||||
return 1;
|
||||
}
|
||||
printf("Cert error is not date error, not overriding\n");
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
#ifdef HAVE_CRL
|
||||
|
||||
static INLINE void CRL_CallBack(const char* url)
|
||||
|
||||
@ -128,6 +128,7 @@ static void Usage(void)
|
||||
printf("-s Use pre Shared keys\n");
|
||||
printf("-t Track CyaSSL memory use\n");
|
||||
printf("-d Disable peer checks\n");
|
||||
printf("-D Override Date Errors example\n");
|
||||
printf("-g Send server HTTP GET\n");
|
||||
printf("-u Use UDP DTLS,"
|
||||
" add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n");
|
||||
@ -197,6 +198,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
|
||||
int fewerPackets = 0;
|
||||
int atomicUser = 0;
|
||||
int pkCallbacks = 0;
|
||||
int overrideDateErrors = 0;
|
||||
char* cipherList = NULL;
|
||||
const char* verifyCert = caCert;
|
||||
const char* ourCert = cliCert;
|
||||
@ -238,7 +240,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
|
||||
StackTrap();
|
||||
|
||||
while ((ch = mygetopt(argc, argv,
|
||||
"?gdusmNrtfxUPh:p:v:l:A:c:k:b:zS:L:ToO:")) != -1) {
|
||||
"?gdDusmNrtfxUPh:p:v:l:A:c:k:b:zS:L:ToO:")) != -1) {
|
||||
switch (ch) {
|
||||
case '?' :
|
||||
Usage();
|
||||
@ -252,6 +254,10 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
|
||||
doPeerCheck = 0;
|
||||
break;
|
||||
|
||||
case 'D' :
|
||||
overrideDateErrors = 1;
|
||||
break;
|
||||
|
||||
case 'u' :
|
||||
doDTLS = 1;
|
||||
break;
|
||||
@ -545,6 +551,8 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
|
||||
#if !defined(NO_CERTS)
|
||||
if (!usePsk && doPeerCheck == 0)
|
||||
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
|
||||
if (!usePsk && overrideDateErrors == 1)
|
||||
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myDateCb);
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
|
||||
@ -8962,7 +8962,7 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
|
||||
NULL, DYNAMIC_TYPE_CERT);
|
||||
if (derCert.buffer != NULL) {
|
||||
derCert.length = x509->derCert.length;
|
||||
// AddCA() frees the buffer.
|
||||
/* AddCA() frees the buffer. */
|
||||
XMEMCPY(derCert.buffer,
|
||||
x509->derCert.buffer, x509->derCert.length);
|
||||
result = AddCA(store->cm, derCert, CYASSL_USER_CA, 1);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user