mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added test for common name with invalid domain fails as expected when set with wolfSSL_check_domain_name.

Browse Source
This commit is contained in:
David Garske 2018-05-24 14:39:35 -07:00
parent 453daee965
commit a5c2e8b912
8 changed files with 181 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
certs/test/gen-badaltnamenull.sh → certs/test/gen-testcerts.sh
View File

@ -1,5 +1,6 @@
#!/bin/sh #!/bin/sh
# Generate CN=localhost, AltName=localhost\0h
echo "step 1 create key" echo "step 1 create key"
openssl genrsa -out server-badaltnamenull.key 2048 openssl genrsa -out server-badaltnamenull.key 2048
@ -18,3 +19,25 @@ openssl x509 -inform pem -in server-badaltnamenull.pem -text > tmp.pem
mv tmp.pem server-badaltnamenull.pem mv tmp.pem server-badaltnamenull.pem
openssl x509 -inform pem -in server-badaltnamenull.pem -outform der -out server-badaltnamenull.der openssl x509 -inform pem -in server-badaltnamenull.pem -outform der -out server-badaltnamenull.der
# Generate CN=www.nomatch.com, no AltName
echo "step 1 create key"
openssl genrsa -out server-nomatch.key 2048
echo "step 2 create csr"
echo "US\nMontana\nBozeman\nEngineering\nwww.nomatch.com\n.\n" | openssl req -new -sha256 -out server-nomatch.csr -key server-nomatch.key -config server-nomatch.conf
echo "step 3 check csr"
openssl req -text -noout -in server-nomatch.csr
echo "step 4 create cert"
openssl x509 -req -days 1000 -in server-nomatch.csr -signkey server-nomatch.key \
-out server-nomatch.pem -extensions req_ext -extfile server-nomatch.conf
echo "step 5 make human reviewable"
openssl x509 -inform pem -in server-nomatch.pem -text > tmp.pem
mv tmp.pem server-nomatch.pem
openssl x509 -inform pem -in server-nomatch.pem -outform der -out server-nomatch.der

24
certs/test/include.am
View File

@ -3,26 +3,30 @@
# #
EXTRA_DIST += \ EXTRA_DIST += \
certs/test/cert-ext-ia.cfg \ certs/test/cert-ext-ia.cfg \
certs/test/cert-ext-ia.der \ certs/test/cert-ext-ia.der \
certs/test/cert-ext-nc.cfg \ certs/test/cert-ext-nc.cfg \
certs/test/cert-ext-nc.der \ certs/test/cert-ext-nc.der \
certs/test/cert-ext-ns.der \ certs/test/cert-ext-ns.der \
certs/test/gen-ext-certs.sh \ certs/test/gen-ext-certs.sh \
certs/test/server-duplicate-policy.pem certs/test/server-duplicate-policy.pem
# The certs/server-cert with the last byte (signature byte) changed # The certs/server-cert with the last byte (signature byte) changed
EXTRA_DIST += \ EXTRA_DIST += \
certs/test/server-cert-rsa-badsig.der \ certs/test/server-cert-rsa-badsig.der \
certs/test/server-cert-rsa-badsig.pem \ certs/test/server-cert-rsa-badsig.pem \
certs/test/server-cert-ecc-badsig.der \ certs/test/server-cert-ecc-badsig.der \
certs/test/server-cert-ecc-badsig.pem certs/test/server-cert-ecc-badsig.pem
EXTRA_DIST += \ EXTRA_DIST += \
certs/test/gen-badaltnamenull.sh \ certs/test/gen-testcerts.sh \
certs/test/server-badaltnamenull.conf \ certs/test/server-badaltnamenull.conf \
certs/test/server-badaltnamenull.csr \ certs/test/server-badaltnamenull.csr \
certs/test/server-badaltnamenull.key \ certs/test/server-badaltnamenull.key \
certs/test/server-badaltnamenull.pem \ certs/test/server-badaltnamenull.pem \
certs/test/server-badaltnamenull.der certs/test/server-badaltnamenull.der \
certs/test/server-nomatch.conf \
certs/test/server-nomatch.csr \
certs/test/server-nomatch.key \
certs/test/server-nomatch.pem \
certs/test/server-nomatch.der

16
certs/test/server-nomatch.conf Normal file
View File

@ -0,0 +1,16 @@
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
countryName = US
stateOrProvinceName = Montana
localityName = Bozeman
organizationName = Engineering
commonName = www.nomatch.com
commonName_max = 64
[ req_ext ]
#subjectAltName = localhost\0h
#subjectAltName = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68

17
certs/test/server-nomatch.csr Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICtDCCAZwCAQAwYDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO
BgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC0VuZ2luZWVyaW5nMRcwFQYDVQQDDA53
d3cubm9uYW1lLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ1B
JYwNWaXJdfnKJAz61T0m1w6xMGxELhZWjDks49zn98lW8E8wMZtCoguE1feuu9pF
6yGnfRmK2J+4QjeWVejmMqt8SQyJpW8nWCvRpFVha0RFbmT60nuvKMRX68Lku6iU
Vav2KHU+cz4yBj1m9QO6AqzJWQWiLY5t25OBq+EkhWUd9I39rGmF8ba1Bnpus27U
tqRVJ8cmEwnNPc8ihvcN8RsrYdnQNyYIiIUdJIA2iduDE7PeOSY3jT9mtmeWQOHp
l91xh/RGbJWNpLBd66TkreLTnz4zmQMMTzZGj1pdv9B3UFc6mIMNWmLsERRhiOMO
hiaFfEJwFJZBN9PaXYsCAwEAAaAPMA0GCSqGSIb3DQEJDjEAMA0GCSqGSIb3DQEB
CwUAA4IBAQCA0S++HN0qb94u8setTM5akJjpM1b2o4rcrQluFKMel8mMip9hinvG
sPkJL1KB28/O9TcdmMX57zfXBsumxLSpjzmjIqri7fVabcu/kybE2wdNNvM+9ZzT
pNbYhWEhsCS8XAegiApx/JVszmH77GLExuVAY2XqxA7Cy2Ia/qyiR6v0agMd6I4z
T7nlJHBckOOEdJ6cjqy67vqWy+BKwCK/kRnOJuirIeJ+SechS4tXuRrVni0pkDuK
xQ2uHQjpzFR40U6pFGgwZcdR1bvLCWOlC7efS4ayIETZzhOuXTZa4qQ5/IcCyM+N
scJS5z+YQpQMgOs5jj5DWYLUtMs63UmQ
-----END CERTIFICATE REQUEST-----

BIN
certs/test/server-nomatch.der Normal file
View File

Binary file not shown.

27
certs/test/server-nomatch.key Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAnUEljA1Zpcl1+cokDPrVPSbXDrEwbEQuFlaMOSzj3Of3yVbw
TzAxm0KiC4TV96672kXrIad9GYrYn7hCN5ZV6OYyq3xJDImlbydYK9GkVWFrREVu
ZPrSe68oxFfrwuS7qJRVq/YodT5zPjIGPWb1A7oCrMlZBaItjm3bk4Gr4SSFZR30
jf2saYXxtrUGem6zbtS2pFUnxyYTCc09zyKG9w3xGyth2dA3JgiIhR0kgDaJ24MT
s945JjeNP2a2Z5ZA4emX3XGH9EZslY2ksF3rpOSt4tOfPjOZAwxPNkaPWl2/0HdQ
VzqYgw1aYuwRFGGI4w6GJoV8QnAUlkE309pdiwIDAQABAoIBAQCKxhIHfUSOvLHj
JRMZbUY/OAZzTcTo1mZBilEmp8nSidculA1wJJyyYmQ0fB6C/G2E20z8Hx2UK+at
VOMCwSXBaVxv3zdr3BDlfbgeu1wliNornoYkkQCs68+zLc+95zMAOx87qPjdNqZm
zaiaCUDR8BYqO2nXQd6oIaSzkKyI+tqTO9zW4NG8Y5zv0waKCjPK9Ep/kze9uC4S
WIp2eYhUb+x60dECDBGI9xvlgeZyP5PMCfCyaZk3CxnLsR4tI9R5WwDgMcjCShJk
3+kHyrtNU8ak2TrfUoh96arHu0HMLFJaJSdxYT9FUSKhKu+fWMn1J36AkxdqntAw
6HATVD4ZAoGBAM0DCqI5BKvmPWdO587+fpPAa76iqQDqqkaAQ94xcGtTYA0yEfbA
V4JFfsCEFm7evteMmJgmDyNNVvnSi/LQhL+ih40Q0LKREYzBiMy3aothQZAYb+Ex
fVllfZhIaWI8q/DoeZ7qohRHFGBA/znav6vls3kE3jRWx0O30eq9cX1tAoGBAMRd
bQNcp2mCm+fe//s5GKXm4ak4zeo077fUCxJly4DE5e2+IGrP+JYwVrJsMuFu/3C1
/6+qCgLS+/08BMQ+e6xmTDJrRXtk9KmDI38tEoqzH8tkAgSTxby771/5uNr7hbgX
LtCCIsxhwSAML0b7M2I8xmEfL3Dmu1q7/GEDAMPXAoGABd/ucBOeNKbWX519OwtD
6Uv8Smwy15nh4z9NspJMHGc5O2eR6DY+y7beGPowAmFTqq2WudVtXZ+bvHDyHbUn
+K3ZoIs4z8UkcZoiJ2uiG/hffpeUrSlT5DnqTXDVxEDk1HR0977Vgis/RDrYlXnV
QEHG0NL44xsRfrlHxKhFFkkCgYB1HsgzliLgQp+c2BxUCkUSRrhXx2LCC5rjSRzl
d0O+5THC8IDDVJIPentrZi+e2CaRYmxDqSbZcmAMNa0eI6p+NHHELMk/hQKMzIPy
ib6ibZ5MILU3Z7AsFuf6labVLeoe1+z7PnNk9fVLmRjlvFR0ho1IRmJ0c5pRzwgE
ENd29wKBgA5WnuCBKF9Kv8H9E1hAuAGXwBxmw9PVeWB63/TAernlOQhF47ra9ExH
GtkZv9D/2tNJaoft1YQ1yhBn7l7rW+vfQYXAOW4yRg0FSOOgefBwN/eTOXVRU9Zg
9LBwnQlvimQUm0GrxLLAseDqFMn/a3x/KxftvF95JGx/1Lscukdz
-----END RSA PRIVATE KEY-----

69
certs/test/server-nomatch.pem Normal file
View File

@ -0,0 +1,69 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13225619248861184800 (0xb78ad6a26ef08320)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=www.noname.com
Validity
Not Before: May 24 21:25:38 2018 GMT
Not After : Feb 17 21:25:38 2021 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=www.noname.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:9d:41:25:8c:0d:59:a5:c9:75:f9:ca:24:0c:fa:
d5:3d:26:d7:0e:b1:30:6c:44:2e:16:56:8c:39:2c:
e3:dc:e7:f7:c9:56:f0:4f:30:31:9b:42:a2:0b:84:
d5:f7:ae:bb:da:45:eb:21:a7:7d:19:8a:d8:9f:b8:
42:37:96:55:e8:e6:32:ab:7c:49:0c:89:a5:6f:27:
58:2b:d1:a4:55:61:6b:44:45:6e:64:fa:d2:7b:af:
28:c4:57:eb:c2:e4:bb:a8:94:55:ab:f6:28:75:3e:
73:3e:32:06:3d:66:f5:03:ba:02:ac:c9:59:05:a2:
2d:8e:6d:db:93:81:ab:e1:24:85:65:1d:f4:8d:fd:
ac:69:85:f1:b6:b5:06:7a:6e:b3:6e:d4:b6:a4:55:
27:c7:26:13:09:cd:3d:cf:22:86:f7:0d:f1:1b:2b:
61:d9:d0:37:26:08:88:85:1d:24:80:36:89:db:83:
13:b3:de:39:26:37:8d:3f:66:b6:67:96:40:e1:e9:
97:dd:71:87:f4:46:6c:95:8d:a4:b0:5d:eb:a4:e4:
ad:e2:d3:9f:3e:33:99:03:0c:4f:36:46:8f:5a:5d:
bf:d0:77:50:57:3a:98:83:0d:5a:62:ec:11:14:61:
88:e3:0e:86:26:85:7c:42:70:14:96:41:37:d3:da:
5d:8b
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
6d:df:c3:7a:74:32:b6:ba:f5:2c:87:93:6c:64:7c:b9:5f:6e:
79:f3:e7:b2:6a:58:c6:8d:20:9a:f6:46:b1:60:f9:59:59:6f:
22:32:e3:f8:5c:a2:2d:53:84:48:b9:68:6d:2e:59:03:c1:e4:
ad:5b:ce:91:6e:13:bd:5c:71:2a:69:d8:7d:a8:07:cf:6f:83:
0c:05:cf:d4:39:7f:10:3d:35:98:1c:f9:77:26:53:d5:81:f1:
6a:0b:ca:fb:86:f9:6d:bb:92:b9:e0:57:a2:3b:43:14:cc:e0:
75:27:10:c2:50:1d:91:ca:af:f8:36:88:cc:5d:1d:37:77:fe:
1d:ea:b3:d9:94:b6:e4:b1:a7:29:2b:e4:1e:c7:f6:65:1d:59:
d7:e2:2d:01:d2:08:a1:72:a0:b2:f1:3f:9c:fd:27:f9:46:85:
e3:05:a5:34:b0:a6:6c:44:f0:42:16:32:71:2f:cd:82:c2:33:
05:0a:3c:3c:e7:87:17:d7:1f:a9:4e:83:c2:1e:46:a5:0f:7a:
c2:98:f7:98:a1:75:b8:72:26:d9:1b:65:24:f0:f3:d7:2c:9c:
cf:a6:88:c4:8c:56:00:87:16:be:49:28:91:a0:bc:c7:9f:e3:
02:35:fb:0b:39:e3:c0:f9:f3:ed:bb:7d:2e:4c:09:7a:88:53:
b1:16:5c:b4
-----BEGIN CERTIFICATE-----
MIIDQTCCAimgAwIBAgIJALeK1qJu8IMgMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV
BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD
VQQKDAtFbmdpbmVlcmluZzEXMBUGA1UEAwwOd3d3Lm5vbmFtZS5jb20wHhcNMTgw
NTI0MjEyNTM4WhcNMjEwMjE3MjEyNTM4WjBgMQswCQYDVQQGEwJVUzEQMA4GA1UE
CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECgwLRW5naW5lZXJp
bmcxFzAVBgNVBAMMDnd3dy5ub25hbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnUEljA1Zpcl1+cokDPrVPSbXDrEwbEQuFlaMOSzj3Of3yVbw
TzAxm0KiC4TV96672kXrIad9GYrYn7hCN5ZV6OYyq3xJDImlbydYK9GkVWFrREVu
ZPrSe68oxFfrwuS7qJRVq/YodT5zPjIGPWb1A7oCrMlZBaItjm3bk4Gr4SSFZR30
jf2saYXxtrUGem6zbtS2pFUnxyYTCc09zyKG9w3xGyth2dA3JgiIhR0kgDaJ24MT
s945JjeNP2a2Z5ZA4emX3XGH9EZslY2ksF3rpOSt4tOfPjOZAwxPNkaPWl2/0HdQ
VzqYgw1aYuwRFGGI4w6GJoV8QnAUlkE309pdiwIDAQABMA0GCSqGSIb3DQEBBQUA
A4IBAQBt38N6dDK2uvUsh5NsZHy5X2558+eyaljGjSCa9kaxYPlZWW8iMuP4XKIt
U4RIuWhtLlkDweStW86RbhO9XHEqadh9qAfPb4MMBc/UOX8QPTWYHPl3JlPVgfFq
C8r7hvltu5K54FeiO0MUzOB1JxDCUB2Ryq/4NojMXR03d/4d6rPZlLbksacpK+Qe
x/ZlHVnX4i0B0gihcqCy8T+c/Sf5RoXjBaU0sKZsRPBCFjJxL82CwjMFCjw854cX
1x+pToPCHkalD3rCmPeYoXW4cibZG2Uk8PPXLJzPpojEjFYAhxa+SSiRoLzHn+MC
NfsLOePA+fPtu30uTAl6iFOxFly0
-----END CERTIFICATE-----

15
tests/test-fails.conf
View File

@ -13,6 +13,21 @@
-m -m
-x -x
# server nomatch common name
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/test/server-nomatch.key
-c ./certs/test/server-nomatch.pem
-d
# client nomatch common name
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-h localhost
-A ./certs/test/server-nomatch.pem
-m
-x
# server RSA no signer error # server RSA no signer error
-v 3 -v 3
-l ECDHE-RSA-AES128-GCM-SHA256 -l ECDHE-RSA-AES128-GCM-SHA256