1. Added certificates for localhost where the CN and SAN match and differ.
2. Change subject name matching so the CN is checked if the SAN list doesn't exit, and only check the SAN list if present.
3. Added a test case for the CN/SAN mismatch.
4. Old matching behavior restored with build option WOLFSSL_ALLOW_NO_CN_IN_SAN.
5. Add test case for a correct certificate.
Note: The test for the garbage certificate should fail. If you enable the old behavior, that test case will start succeeding, causing the test to fail.
* Fix `MatchDomainName` to also check for remaining len on success check.
* Enhanced `DNS_entry` to include actual ASN.1 length and use it thoughout (was using XSTRLEN).
Added additional tests for matching on domain name:
* Check for bad common name with embedded null (CN=localhost\0h, Alt=None) - Note: Trouble creating cert with this criteria
* Check for bad alternate name with embedded null (CN=www.nomatch.com, Alt=localhost\0h)
* Check for bad common name (CN=www.nomatch.com, Alt=None)
* Check for bad alternate name (CN=www.nomatch.com, Alt=www.nomatch.com)
* Check for good wildcard common name (CN=*localhost, Alt=None)
* Check for good wildcard alternate name (CN=www.nomatch.com, Alt=*localhost)
1. Added files that were missing from the certs directory include.am files.
2. Fixed the duplicate items in the certs directory's include.am files.
3. Reorganized the certs directory include.am files to be a tree.
* Added test for certificate with bad alt name containing a null character mid byte stream.
* Fix for issue with suites unit test where last arg in file doesn't conain data for a param, causing it to skip test.
* Fix for last test in tests/test.conf not being run for `TLSv1.2 RSA 3072-bit DH 3072-bit`.
* Moved the `tls-cert-fail.test` tests into the new expected failure suite test (`./tests/test-fails.conf`). Now it explicilty checks RSA and ECC for the no signer and no sig tests.
* Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled.
* Added new ECC CA for 384-bit tests.
* Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem)
* Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL.
* Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`.
* Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function.
* Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack).
* Cleanup to combine all certificate subject information into global `certDefaultName`.
* Updated cert request info to use wolfSSL instead of Yassl.
* Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`.
* Re-number error codes in rsa_test.
* Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
Change function wolfSSL_X509_LOOKUP_load_file to load multiple CRLs and
certificates from a file.
Change CRL loading to have a flag to not verify CRL signature - only do
this when using wolfSSL_X509_LOOKUP_load_file() as the certificate is
not always available.
Add test case for loading multiple CRLs in one file without certificate.
