diff --git a/SOURCES/0051-curl-7.61.1-CVE-2023-27536.patch b/SOURCES/0051-curl-7.61.1-CVE-2023-27536.patch new file mode 100644 index 0000000..50b8005 --- /dev/null +++ b/SOURCES/0051-curl-7.61.1-CVE-2023-27536.patch @@ -0,0 +1,51 @@ +From cb49e67303dbafbab1cebf4086e3ec15b7d56ee5 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Fri, 10 Mar 2023 09:22:43 +0100 +Subject: [PATCH] url: only reuse connections with same GSS delegation + +Reported-by: Harry Sintonen +Closes #10731 +--- + lib/url.c | 6 ++++++ + lib/urldata.h | 1 + + 2 files changed, 7 insertions(+) + +diff --git a/lib/url.c b/lib/url.c +index df6ef1213..cc2f427dc 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -1305,6 +1305,11 @@ ConnectionExists(struct Curl_easy *data, + } + } + ++ /* GSS delegation differences do not actually affect every connection ++ and auth method, but this check takes precaution before efficiency */ ++ if(needle->gssapi_delegation != check->gssapi_delegation) ++ continue; ++ + if(needle->handler->protocol & (CURLPROTO_SCP|CURLPROTO_SFTP)) { + if(!ssh_config_matches(needle, check)) + continue; +@@ -1950,5 +1950,6 @@ static struct connectdata *allocate_conn(struct Curl_easy *data) + conn->fclosesocket = data->set.fclosesocket; + conn->closesocket_client = data->set.closesocket_client; ++ conn->gssapi_delegation = data->set.gssapi_delegation; + + return conn; + error: +diff --git a/lib/urldata.h b/lib/urldata.h +index bf5daaf50..da5de5ba9 100644 +--- a/lib/urldata.h ++++ b/lib/urldata.h +@@ -1061,6 +1061,8 @@ struct connectdata { + char *unix_domain_socket; + bool abstract_unix_socket; + #endif ++ ++ unsigned char gssapi_delegation; /* inherited from set.gssapi_delegation */ + }; + + /* The end of connectdata. */ +-- +2.40.1 + diff --git a/SOURCES/0052-curl-7.61.1-rebuilt-certs.patch b/SOURCES/0052-curl-7.61.1-rebuilt-certs.patch new file mode 100644 index 0000000..5371f61 --- /dev/null +++ b/SOURCES/0052-curl-7.61.1-rebuilt-certs.patch @@ -0,0 +1,2768 @@ +From 92f9db17466c4e28998a5cf849c7a861093eff23 Mon Sep 17 00:00:00 2001 +From: Yiming Jing +Date: Mon, 10 Sep 2018 11:32:23 -0700 +Subject: [PATCH] tests/certs: rebuild certs with 2048-bit RSA keys + +The previous test certificates contained RSA keys of only 1024 bits. +However, RSA claims that 1024-bit RSA keys are likely to become +crackable some time before 2010. The NIST recommends at least 2048-bit +keys for RSA for now. + +Better use full 2048 also for testing. + +Closes #2973 +--- + tests/certs/Server-localhost-firstSAN-sv.crl | 19 +- + tests/certs/Server-localhost-firstSAN-sv.crt | 100 +++++----- + tests/certs/Server-localhost-firstSAN-sv.csr | 21 ++- + tests/certs/Server-localhost-firstSAN-sv.der | Bin 862 -> 994 bytes + tests/certs/Server-localhost-firstSAN-sv.key | 38 ++-- + tests/certs/Server-localhost-firstSAN-sv.pem | 138 ++++++++------ + .../Server-localhost-firstSAN-sv.pub.der | Bin 162 -> 294 bytes + .../Server-localhost-firstSAN-sv.pub.pem | 11 +- + tests/certs/Server-localhost-lastSAN-sv.crl | 20 +- + tests/certs/Server-localhost-lastSAN-sv.crt | 100 +++++----- + tests/certs/Server-localhost-lastSAN-sv.csr | 21 ++- + tests/certs/Server-localhost-lastSAN-sv.der | Bin 862 -> 994 bytes + tests/certs/Server-localhost-lastSAN-sv.key | 38 ++-- + tests/certs/Server-localhost-lastSAN-sv.pem | 138 ++++++++------ + .../certs/Server-localhost-lastSAN-sv.pub.der | Bin 162 -> 294 bytes + .../certs/Server-localhost-lastSAN-sv.pub.pem | 11 +- + tests/certs/Server-localhost-sv.crl | 29 +-- + tests/certs/Server-localhost-sv.crt | 100 +++++----- + tests/certs/Server-localhost-sv.csr | 23 ++- + tests/certs/Server-localhost-sv.der | Bin 835 -> 967 bytes + tests/certs/Server-localhost-sv.key | 38 ++-- + tests/certs/Server-localhost-sv.pem | 138 ++++++++------ + tests/certs/Server-localhost-sv.pub.der | Bin 162 -> 294 bytes + tests/certs/Server-localhost-sv.pub.pem | 11 +- + tests/certs/Server-localhost.nn-sv.crl | 29 +-- + tests/certs/Server-localhost.nn-sv.crt | 100 +++++----- + tests/certs/Server-localhost.nn-sv.csr | 21 ++- + tests/certs/Server-localhost.nn-sv.der | Bin 841 -> 973 bytes + tests/certs/Server-localhost.nn-sv.key | 38 ++-- + tests/certs/Server-localhost.nn-sv.pem | 138 ++++++++------ + tests/certs/Server-localhost.nn-sv.pub.der | Bin 162 -> 294 bytes + tests/certs/Server-localhost.nn-sv.pub.pem | 11 +- + tests/certs/Server-localhost0h-sv.crl | 30 +-- + tests/certs/Server-localhost0h-sv.crt | 100 +++++----- + tests/certs/Server-localhost0h-sv.csr | 23 ++- + tests/certs/Server-localhost0h-sv.der | Bin 837 -> 969 bytes + tests/certs/Server-localhost0h-sv.key | 38 ++-- + tests/certs/Server-localhost0h-sv.pem | 138 ++++++++------ + tests/certs/Server-localhost0h-sv.pub.der | Bin 162 -> 294 bytes + tests/certs/Server-localhost0h-sv.pub.pem | 11 +- + tests/certs/scripts/genserv.sh | 2 +- + tests/data/test2041 | 2 +- + tests/stunnel.pem | 177 ++++++++++-------- + 43 files changed, 1065 insertions(+), 787 deletions(-) + +diff --git a/tests/certs/Server-localhost-firstSAN-sv.crl b/tests/certs/Server-localhost-firstSAN-sv.crl +index af0be0d396c41..fe99522e7ba3f 100644 +--- a/tests/certs/Server-localhost-firstSAN-sv.crl ++++ b/tests/certs/Server-localhost-firstSAN-sv.crl +@@ -1,13 +1,12 @@ + -----BEGIN X509 CRL----- +-MIIB9TCB3gIBATANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJOTjExMC8GA1UE ++MIIB3DCBxQIBATANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJOTjExMC8GA1UE + CgwoRWRlbCBDdXJsIEFyY3RpYyBJbGx1ZGl1bSBSZXNlYXJjaCBDbG91ZDEmMCQG +-A1UEAwwdTm9ydGhlcm4gTm93aGVyZSBUcnVzdCBBbmNob3IXDTE2MDgzMDE4MzIx +-NVoXDTE2MDkyOTE4MzIxNVowMjAXAgYNZJ8o86IXDTE2MDgzMDE4MzAxNVowFwIG +-DWSfO0UqFw0xNjA4MzAxODMyMTVaoA4wDDAKBgNVHRQEAwIBATANBgkqhkiG9w0B +-AQUFAAOCAQEAOUlXQDrOURgODds6feyO+87oPHkgTveOiTm8CtSVHObxwkPkHTIg +-pivd7iXccgEc8CstcGF9Pk5KLVJrXXxEKgGr69NZNGtHa8xXlYSIh+Vre0Pni3Px +-sUAMcsnvGt+cYw/5s/2Wy9u5UVzfJwdxjkxMMp9X648AqeSop229541zGV47M4ox +-h0wh2Mj/w/CFUKw0ijVgVWff5DhKXVaLPCXdh7hhgXcsYUZ4W3G/iOL/jd+Ji88o +-OmZvoP+MOco6or13rz178bGB1mS626z7EU/HNgP8sn25TyQwwopr9uW6H7VvRMaI +-6uwWvihKgoGCRVSVwYEfX+oOLadfJqdHdg== ++A1UEAwwdTm9ydGhlcm4gTm93aGVyZSBUcnVzdCBBbmNob3IXDTE4MDkwNTIzMjgx ++N1oXDTE4MTAwNTIzMjgxN1owGTAXAgYN+LimlEwXDTE4MDkwNTIzMjgxN1qgDjAM ++MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQCGcTcoJQ89XanqbMscrguc ++6G18TfVPIi/DpQhsnS/AYHTreONVnsEEHL9EZwU0uL7X82HVoPgE2zUsYcbdOM7J ++lFb/DhMZ2/gT82Q8TZ2ENqnZc7h8cxEc1q3GVkZx8rSxgNwPPjWVEvs5x+YuJxRv ++O9KFeRKqxWRlBVw9EQdR+GAv7tqRYYBkYPB0FJiExH+O7e2RNSnHLLrcL6UjnN2S ++hK6bJcbtJsYIMy3ChmlvBQMtnu+9q1phF2sMFKkn2Oi3eb6G1f2goG6io8QwBMzh ++Ay3HSwciKE8/KYzoo/X5hM3mv34ihyxamGnAuo2kBrPiie6AsyD6CV/vrd0PFhIt + -----END X509 CRL----- +diff --git a/tests/certs/Server-localhost-firstSAN-sv.crt b/tests/certs/Server-localhost-firstSAN-sv.crt +index 5e37ef0e2db51..b25d65347a313 100644 +--- a/tests/certs/Server-localhost-firstSAN-sv.crt ++++ b/tests/certs/Server-localhost-firstSAN-sv.crt +@@ -1,32 +1,41 @@ + Certificate: + Data: + Version: 3 (0x2) +- Serial Number: 14725819352362 (0xd649f3b452a) ++ Serial Number: 15361900975180 (0xdf8b8a6944c) + Signature Algorithm: sha1WithRSAEncryption + Issuer: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = Northern Nowhere Trust Anchor + Validity +- Not Before: Aug 30 18:32:15 2016 GMT +- Not After : Nov 16 18:32:15 2024 GMT ++ Not Before: Sep 5 23:28:17 2018 GMT ++ Not After : Nov 22 23:28:17 2026 GMT + Subject: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = localhost.nn + Subject Public Key Info: + Public Key Algorithm: rsaEncryption +- Public-Key: (1024 bit) ++ Public-Key: (2048 bit) + Modulus: +- 00:c5:87:2e:fb:f5:88:8a:39:4c:62:88:9f:fb:4a: +- 02:1c:27:92:9d:0b:65:a2:70:1f:d1:b7:de:c8:1d: +- 87:28:4b:9c:4b:cc:f6:f6:7c:83:1f:2d:76:be:41: +- 29:5e:31:fa:23:0c:2d:7d:cb:38:c2:8b:54:8f:fc: +- 6a:50:6d:c7:d7:af:72:fb:3b:a1:a7:4d:c4:1b:d2: +- 0d:75:7c:92:62:97:48:c4:e8:12:c0:00:33:66:0e: +- 28:17:0f:5c:36:d6:50:70:ec:c8:9f:a2:ae:b9:eb: +- eb:19:05:f0:53:83:42:2a:ae:40:1f:fa:fb:7a:b7: +- 86:4c:ab:6b:28:0b:2f:7f:81 ++ 00:ca:c4:5b:1e:b4:ef:f5:81:16:e6:b9:aa:e5:37: ++ 12:62:ab:a0:f1:1d:4d:76:c1:46:5e:84:99:1e:1b: ++ 8b:30:44:a4:99:8c:1f:3d:d2:e9:04:49:1e:e1:63: ++ 44:bb:b6:b3:58:23:ab:5d:82:8a:e7:65:53:35:89: ++ cd:4a:24:88:4d:70:d9:5b:f8:f5:4d:7b:8b:0e:bf: ++ 8a:ab:1b:a9:75:dc:32:8d:5a:b2:67:f2:32:c0:5d: ++ e5:15:4c:ce:f6:3e:79:79:0c:f0:f6:d6:bd:fb:a3: ++ bc:14:98:b3:4d:9f:28:f4:a4:5b:59:bd:c4:11:ca: ++ 03:6b:a4:9e:c3:98:5b:f3:d1:fb:8b:62:ee:d7:56: ++ 32:4a:b6:1a:3e:b9:3e:ad:87:ac:4c:aa:22:49:57: ++ f4:3c:03:05:41:64:8b:0d:8b:ab:bb:f3:42:1e:3d: ++ d3:dc:eb:57:73:9d:20:fe:a0:81:1f:8a:c9:63:48: ++ 6d:7c:f9:74:32:32:3d:df:50:27:16:3c:81:0c:70: ++ 5b:6c:44:e7:fb:19:7a:aa:30:bc:dc:4d:65:62:69: ++ 01:c0:4f:41:c9:6c:bc:5e:47:d9:71:61:b4:96:72: ++ 14:d1:13:04:c3:11:f1:98:a5:80:5f:7a:e7:a5:e3: ++ c9:3d:cd:21:98:8c:b5:6f:94:40:c2:c2:a7:95:ae: ++ ef:05 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: +@@ -36,45 +45,48 @@ Certificate: + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Subject Key Identifier: +- 2C:4D:DD:54:88:59:3F:A4:34:9C:E3:56:FF:95:0F:E2:CE:51:20:95 ++ 3B:B0:44:94:FB:03:62:D4:90:31:0A:89:AC:43:2C:16:F1:F0:0A:B1 + X509v3 Authority Key Identifier: + keyid:12:CA:BA:4B:46:04:A7:75:8A:2C:E8:0E:54:94:BC:12:65:A6:7B:CE + + X509v3 Basic Constraints: + CA:FALSE + Signature Algorithm: sha1WithRSAEncryption +- 77:cd:d2:17:91:a6:4b:70:de:79:6a:20:82:a3:56:a3:d0:6a: +- ba:f7:7d:6f:00:69:d2:06:06:0b:da:cd:49:9d:36:fd:d0:cc: +- bd:8a:dc:e1:d6:89:c9:23:02:8a:19:2d:14:ca:c6:06:87:66: +- c7:f4:32:37:95:0d:f1:a7:1c:a1:fe:43:4f:3b:03:03:e2:1a: +- c6:fc:91:d5:0d:a0:7e:82:60:14:31:2f:6d:b8:f4:57:98:8d: +- 04:74:a3:82:28:6d:1c:b4:de:1a:70:bd:fe:73:ac:b7:96:ec: +- 7c:9b:6d:64:c6:f8:67:39:c7:ea:f4:aa:48:26:b8:14:85:f0: +- 00:ab:8f:bd:1a:95:e2:a7:63:92:35:1e:37:04:c2:70:2c:1c: +- 56:95:b1:83:70:8c:99:88:1c:8a:6f:7a:a2:0d:84:dd:4f:0e: +- 3e:8b:fb:31:cf:ae:ee:b0:e4:f6:c1:8d:d1:98:a9:8d:17:1f: +- 5d:5a:79:e8:7c:97:ab:40:bc:aa:7e:c4:0b:19:30:ad:18:aa: +- 9c:9b:eb:3f:35:d3:86:9c:3a:cc:e6:9a:2c:47:d1:bb:36:6e: +- f2:c5:d4:e3:0c:5b:c6:eb:30:e6:0d:3a:4b:3a:a3:6b:62:93: +- 8b:6a:59:1f:48:66:2e:d9:70:14:b6:aa:4f:d1:3b:38:5e:e6: +- 79:7f:b7:00 ++ a3:2d:58:29:5b:6f:eb:7f:93:58:ed:6e:68:4c:65:7c:2d:ae: ++ ad:7b:bf:8a:7f:20:47:97:02:3a:8d:bd:8e:8b:7f:f3:d7:11: ++ 39:67:45:18:9e:7e:75:f0:6d:78:ca:27:df:6b:88:42:aa:93: ++ 94:30:eb:6f:ae:2d:94:fa:af:03:9f:e1:3c:a6:f7:47:b8:2f: ++ f1:36:6f:e1:d1:31:4f:01:45:b7:77:b0:7b:38:21:7b:92:c3: ++ 6b:c2:2e:ce:8f:81:9e:00:84:18:17:91:0d:95:30:6a:3e:d8: ++ 2a:4b:1a:d9:81:35:18:49:cb:18:34:b4:66:9a:7e:78:f5:29: ++ 36:86:70:02:7e:51:05:7d:be:21:b0:23:05:54:a9:28:23:2e: ++ fa:3f:84:37:ea:47:69:0e:6b:be:28:04:58:ab:fb:d5:54:1d: ++ 3c:03:28:18:39:80:78:cb:6c:a8:56:ef:47:7b:ff:c0:c3:36: ++ e7:ef:42:f3:8b:b7:e4:37:55:6c:90:2d:db:01:50:72:4a:2b: ++ ba:e5:a2:73:c8:5e:25:fa:d6:8d:4f:b2:6e:cf:31:29:83:33: ++ e3:0d:d9:77:23:21:a8:a6:63:90:13:c6:e3:c9:0f:cc:46:39: ++ 5d:a3:67:fa:1e:fd:ee:e9:4d:20:8e:a6:5e:d4:b2:e2:ab:e0: ++ 56:4a:35:51 + -----BEGIN CERTIFICATE----- +-MIIDWjCCAkKgAwIBAgIGDWSfO0UqMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYT ++MIID3jCCAsagAwIBAgIGDfi4ppRMMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYT + Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo + IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe +-Fw0xNjA4MzAxODMyMTVaFw0yNDExMTYxODMyMTVaMFcxCzAJBgNVBAYTAk5OMTEw ++Fw0xODA5MDUyMzI4MTdaFw0yNjExMjIyMzI4MTdaMFcxCzAJBgNVBAYTAk5OMTEw + LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk +-MRUwEwYDVQQDDAxsb2NhbGhvc3Qubm4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ +-AoGBAMWHLvv1iIo5TGKIn/tKAhwnkp0LZaJwH9G33sgdhyhLnEvM9vZ8gx8tdr5B +-KV4x+iMMLX3LOMKLVI/8alBtx9evcvs7oadNxBvSDXV8kmKXSMToEsAAM2YOKBcP +-XDbWUHDsyJ+irrnr6xkF8FODQiquQB/6+3q3hkyraygLL3+BAgMBAAGjgZ4wgZsw +-LAYDVR0RBCUwI4IJbG9jYWxob3N0ggpsb2NhbGhvc3Qxggpsb2NhbGhvc3QyMAsG +-A1UdDwQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQULE3dVIhZ +-P6Q0nONW/5UP4s5RIJUwHwYDVR0jBBgwFoAUEsq6S0YEp3WKLOgOVJS8EmWme84w +-CQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEAd83SF5GmS3DeeWoggqNWo9Bq +-uvd9bwBp0gYGC9rNSZ02/dDMvYrc4daJySMCihktFMrGBodmx/QyN5UN8accof5D +-TzsDA+IaxvyR1Q2gfoJgFDEvbbj0V5iNBHSjgihtHLTeGnC9/nOst5bsfJttZMb4 +-ZznH6vSqSCa4FIXwAKuPvRqV4qdjkjUeNwTCcCwcVpWxg3CMmYgcim96og2E3U8O +-Pov7Mc+u7rDk9sGN0ZipjRcfXVp56HyXq0C8qn7ECxkwrRiqnJvrPzXThpw6zOaa +-LEfRuzZu8sXU4wxbxusw5g06Szqja2KTi2pZH0hmLtlwFLaqT9E7OF7meX+3AA== ++MRUwEwYDVQQDDAxsb2NhbGhvc3Qubm4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ++ggEKAoIBAQDKxFsetO/1gRbmuarlNxJiq6DxHU12wUZehJkeG4swRKSZjB890ukE ++SR7hY0S7trNYI6tdgornZVM1ic1KJIhNcNlb+PVNe4sOv4qrG6l13DKNWrJn8jLA ++XeUVTM72Pnl5DPD21r37o7wUmLNNnyj0pFtZvcQRygNrpJ7DmFvz0fuLYu7XVjJK ++tho+uT6th6xMqiJJV/Q8AwVBZIsNi6u780IePdPc61dznSD+oIEfisljSG18+XQy ++Mj3fUCcWPIEMcFtsROf7GXqqMLzcTWViaQHAT0HJbLxeR9lxYbSWchTREwTDEfGY ++pYBfeuel48k9zSGYjLVvlEDCwqeVru8FAgMBAAGjgZ4wgZswLAYDVR0RBCUwI4IJ ++bG9jYWxob3N0ggpsb2NhbGhvc3Qxggpsb2NhbGhvc3QyMAsGA1UdDwQEAwIDqDAT ++BgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQUO7BElPsDYtSQMQqJrEMsFvHw ++CrEwHwYDVR0jBBgwFoAUEsq6S0YEp3WKLOgOVJS8EmWme84wCQYDVR0TBAIwADAN ++BgkqhkiG9w0BAQUFAAOCAQEAoy1YKVtv63+TWO1uaExlfC2urXu/in8gR5cCOo29 ++jot/89cROWdFGJ5+dfBteMon32uIQqqTlDDrb64tlPqvA5/hPKb3R7gv8TZv4dEx ++TwFFt3ewezghe5LDa8Iuzo+BngCEGBeRDZUwaj7YKksa2YE1GEnLGDS0Zpp+ePUp ++NoZwAn5RBX2+IbAjBVSpKCMu+j+EN+pHaQ5rvigEWKv71VQdPAMoGDmAeMtsqFbv ++R3v/wMM25+9C84u35DdVbJAt2wFQckoruuWic8heJfrWjU+ybs8xKYMz4w3ZdyMh ++qKZjkBPG48kPzEY5XaNn+h797ulNII6mXtSy4qvgVko1UQ== + -----END CERTIFICATE----- +diff --git a/tests/certs/Server-localhost-firstSAN-sv.csr b/tests/certs/Server-localhost-firstSAN-sv.csr +index 729034e473c5f..9e54244ec7694 100644 +--- a/tests/certs/Server-localhost-firstSAN-sv.csr ++++ b/tests/certs/Server-localhost-firstSAN-sv.csr +@@ -1,11 +1,16 @@ + -----BEGIN CERTIFICATE REQUEST----- +-MIIBlzCCAQACAQAwVzELMAkGA1UEBhMCTk4xMTAvBgNVBAoMKEVkZWwgQ3VybCBB ++MIICnDCCAYQCAQAwVzELMAkGA1UEBhMCTk4xMTAvBgNVBAoMKEVkZWwgQ3VybCBB + cmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxFTATBgNVBAMMDGxvY2FsaG9z +-dC5ubjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxYcu+/WIijlMYoif+0oC +-HCeSnQtlonAf0bfeyB2HKEucS8z29nyDHy12vkEpXjH6Iwwtfcs4wotUj/xqUG3H +-169y+zuhp03EG9INdXySYpdIxOgSwAAzZg4oFw9cNtZQcOzIn6KuuevrGQXwU4NC +-Kq5AH/r7ereGTKtrKAsvf4ECAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4GBADlhAYRy +-2heMP/fGllGXW/uAEm2q6ubWhqgd3/5d+06LjTIs57qT/nwbr79e1PxholGWM+Zb +-/NGKZ4geZK0mJT/gnaJCyUsrjdp2KIEw9zmBoZyypJd/5Fhe1tzX0xwG40+3np9K +-orpp7wcILLeMho8+I4mNEzOJHidxy/9uia5U ++dC5ubjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMrEWx607/WBFua5 ++quU3EmKroPEdTXbBRl6EmR4bizBEpJmMHz3S6QRJHuFjRLu2s1gjq12CiudlUzWJ ++zUokiE1w2Vv49U17iw6/iqsbqXXcMo1asmfyMsBd5RVMzvY+eXkM8PbWvfujvBSY ++s02fKPSkW1m9xBHKA2uknsOYW/PR+4ti7tdWMkq2Gj65Pq2HrEyqIklX9DwDBUFk ++iw2Lq7vzQh4909zrV3OdIP6ggR+KyWNIbXz5dDIyPd9QJxY8gQxwW2xE5/sZeqow ++vNxNZWJpAcBPQclsvF5H2XFhtJZyFNETBMMR8ZilgF9656XjyT3NIZiMtW+UQMLC ++p5Wu7wUCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAo40AaKQV38i6GR+uFxnB6 ++RWYLwVrGQm1rDY6Bi/yTfNwCh9V+E4cEGXwBIsQrz1ITQGMPqUa3iEyVjylYIDpv ++tGalJvGcArJg9jeP2da7m7vQvu6yzlBUi95GjYtFrsSZVRM0VVPccp59e7jXikuW ++NLJbDg6p+afyXmc3rErM8pLvfRA6oCtJCeflaOnBfpUQvHeK2QErX7xV1vTn+Lz5 ++eaZ63020RVXgCk7KiE6MZkFrwni7gxmNemaSi+z/tX7Vam2szC3OlQ28F7NjLl4L ++C1kQDMmQkEvQ0/u4v4wvj75IDBP4iw82oFVJd6ZSTHMRCSFaLl4cU6UjIxwXKJp4 + -----END CERTIFICATE REQUEST----- +diff --git a/tests/certs/Server-localhost-firstSAN-sv.der b/tests/certs/Server-localhost-firstSAN-sv.der +index c878bfb1d423803622e3ff6c55a9adb3c4012933..fe8e532d9679a85d52388ec89a427f740b8d9ea3 100644 +GIT binary patch +delta 638 +zcmV-^0)hSB2I2=5FoFZ#FoFWcpaTK{0s;mN__(H&Opz6S8aOaHFf}qWGB`0eS{Ds6 +zHZd_WGBPtVI59Voty_PB0U|IB1_>&LNQU2i!el_nT#Jj(&+?A9^qp|ySB4fBdcA4isxlh +zHHpniB#2FL*<1MaO?!(Dzly6Hsdd~kjass2@-o0(>n2fb=lt9A5r}wr`mY0@;XJ1IN4PKXHgDn4F;4+S +zw|B66I3atI!)wAW&X0kf0E8G9kqwnFYChO1OB&gMH5f_D7&NqIntpioDK>wGZ~}f& +z1%19Dup>PKk~YrZH1SgZThR2@76C>S|_c*|_4R_{l9|G>jG=kG%E +zi?`%ARcw$g+W}B=N-MhMqI1YzCHmHlPqJ>$F)4#H;|AH( +zVu+vnN&*}wlAQ}>qHrJ4x8BGdhbT*&OU(B6e1jh?cD_L=UNQP33@v@jIKqomkNj#- +zZO7NIa{D`>r%l8g(hYTdl46%g#OM;h05fI|C>IZ0Hr7yZ?8qITqOQ5?>lp>`Q-eY( +zu0S99`+B#AOsi`s3on0xlPCga6f8~MRESwWq%@r4R{xa`;?7YZm6M_ZK!115(if4Y +zOK{$KY9NB6R-@2ry7zr=0BO<&1`FEFNu4(R(9FGx+~L-V$s+=a87&mb#s-IG$MiBc +zl@0Ny9HIV0Pdftx;u^;Mk<|^Leu7{WF)wYn^jDaT1azZe9ybKSa4Z~Fm9c|xjG2fWif?+N4TRlK +z4nB+fG0(2DuLs!!27I9}#?e*(7vu|VLA + +diff --git a/tests/certs/Server-localhost-firstSAN-sv.key b/tests/certs/Server-localhost-firstSAN-sv.key +index 49032663478e7..3e9435f965c32 100644 +--- a/tests/certs/Server-localhost-firstSAN-sv.key ++++ b/tests/certs/Server-localhost-firstSAN-sv.key +@@ -1,15 +1,27 @@ + -----BEGIN RSA PRIVATE KEY----- +-MIICWwIBAAKBgQDFhy779YiKOUxiiJ/7SgIcJ5KdC2WicB/Rt97IHYcoS5xLzPb2 +-fIMfLXa+QSleMfojDC19yzjCi1SP/GpQbcfXr3L7O6GnTcQb0g11fJJil0jE6BLA +-ADNmDigXD1w21lBw7Mifoq656+sZBfBTg0IqrkAf+vt6t4ZMq2soCy9/gQIDAQAB +-AoGAUjKXErJyR1LgvoAsUt3RUvYExOVhPd963kKtqojfHZ2ZRNHeU2QtDGRW7YUg +-OdqCRONkatyOmiZw4hogA6graJKiqKLvM/F4qRoLsxH9T/cSOIl9QjZVkUd1HV/Z +-iJluibPTewVyfoYzkq48GN+QIi//msYKBjI5Q2Yybn4WrgECQQDk/mDp4sAvuLXL +-NxaQKuDZA5TxU2u8GTItFqOoHneVFSJLE4O3kr7wh47O817mnljZfskZwVXBYx6R +-VbXsy8ZJAkEA3NLRFh8cR03CN+eYPi33JrUVRSrn8eAB5MNOaOdO4mT0pTAzfVfe +-g6rMDnK2n7WZzwf6YmvRVyppW2/kQjyPeQJAXoa3ILTuWoSn3owN71MT3+E/oWKr +-LUlFUiFvSx3QhSTlNBKJI8UatpVumPUTbqVczeMtRkltidfNrXaxE1+GqQJAW9WU +-vMVtZj3xUnyPNPS6vy85zE0ertmBEBklJ71icgaYM4aLM0pysIE8YZnVVzAX6iCg +-QYQjSEPMEwnCfMVgyQJAcWnk6HPLbJmUt+ZGGAcqzfycR6jMKFnm4st2Ld6JuDT2 +-h2lb40Uma9gO+aXLIf+K9prCxb+7nR1M3qLwV4krkQ== ++MIIEogIBAAKCAQEAysRbHrTv9YEW5rmq5TcSYqug8R1NdsFGXoSZHhuLMESkmYwf ++PdLpBEke4WNEu7azWCOrXYKK52VTNYnNSiSITXDZW/j1TXuLDr+KqxupddwyjVqy ++Z/IywF3lFUzO9j55eQzw9ta9+6O8FJizTZ8o9KRbWb3EEcoDa6Sew5hb89H7i2Lu ++11YySrYaPrk+rYesTKoiSVf0PAMFQWSLDYuru/NCHj3T3OtXc50g/qCBH4rJY0ht ++fPl0MjI931AnFjyBDHBbbETn+xl6qjC83E1lYmkBwE9ByWy8XkfZcWG0lnIU0RME ++wxHxmKWAX3rnpePJPc0hmIy1b5RAwsKnla7vBQIDAQABAoIBABuyZp/zJzPpxi8N ++/YIB28kOmJVW41XtYKdYhXHPYVvehH1U3o+bV6j2M/mljaX2dtj7RlUnl8Gz3YHa ++qOgPxW6Ok6I0h41l6sDA+TgWNzeaNG2KjgQU2UndiYU3UK3iKsWWNvQAsULGQtKt ++aRCZRQblzHSdr0KezYjOm8Er9qN/NRbL2Sc38szOq1/l8/Zm0EXvMNt/ffJPkzV9 ++/GNtpX5HCMk/mK61MrgCxDASYZTMR4cVFIrHgeWWhi06wEuaFIbW8+9cnBZ/6wTc ++AsiVqehWzgdP2UYA0pIUberhlpsX1RLoz7XHxynA4k5A0F9H/UKfyCFSNy8gPqwg ++FmW8QqECgYEA5GUnKx1EfV84GPNqxMD1joKrrptMJfqweANGblRVhU3+bg/pWx8H ++FBgRieQJB+qzqbxkIf9rFq6CH5FqfHZBD5srztTXsEa/iLeEfLucNVzyAoqS+mf8 ++7O4kKIx+iJuqBBKegQXPSbnEOljkDoXSRLZnhTqhrXxYBhgGrJcp1bcCgYEA40Y8 ++OTrWn/ceJJELkDg3VI82w+c65GUVFP2RlxP6Lz1TkXli1Ezv488mH19+fVkMTf9L ++052ym13tjSc1H1j+ad3WMzA7tBHOWTfKdYeg34ymoQIXxbnpuzkId325Q2jeBenB ++FF2lkwIcLnyMXSBJcBfWxqipIRO83TOT31/nASMCgYBv7jrR4FgOcTnW0ISExGQT ++YWqt+aHKAx+00TYVH/OBjwWf/uBILd6UNG9z+nOKk7VU++S+3KQoy4Et42AievnL ++oipIBPtngmSfpgCh+HfHlzNrl2oMmiXUH6lMzf29CTy7Hjzb0nMSGJ5YUfQCQgcY ++caQuINvXX9brtZ6fur1f5QKBgGR+4xRfSxYS3HZI2Lcd1IGEji/T6Duj4s2UTjNi ++twb6dCBob2X220B9kZrfy/u7S3CVyb66BYcj4m2+/4NsA5tmZ1fdJRk7omXbAKA1 ++p9IRzIB3f3GEArExx+emZSxEi6BLu3+45QT7MuDvW9W1+CMjt2nCnH6uzp11OBbW ++vjvHAoGAco3FdBxqRKzBvyyRFzDAMhc/4VcSSCgNj7ya76eyYtlr4zF+4+fg3OaZ ++X/BZydglf89WvMbJkF6Y0hFx92AwFF7Ns3YpAjWhTudi9jDUX1sT1s7ZXHtL+Qei ++6+Pek6d57gk0ogSs64DwSosFxnfkZLKzPJt15lwfliurnYeaBsg= + -----END RSA PRIVATE KEY----- +diff --git a/tests/certs/Server-localhost-firstSAN-sv.pem b/tests/certs/Server-localhost-firstSAN-sv.pem +index 2b5ada5183b4d..1d8ab2c8c6b91 100644 +--- a/tests/certs/Server-localhost-firstSAN-sv.pem ++++ b/tests/certs/Server-localhost-firstSAN-sv.pem +@@ -24,49 +24,70 @@ commonName_value = localhost.nn + # the certificate + # some dhparam + -----BEGIN RSA PRIVATE KEY----- +-MIICWwIBAAKBgQDFhy779YiKOUxiiJ/7SgIcJ5KdC2WicB/Rt97IHYcoS5xLzPb2 +-fIMfLXa+QSleMfojDC19yzjCi1SP/GpQbcfXr3L7O6GnTcQb0g11fJJil0jE6BLA +-ADNmDigXD1w21lBw7Mifoq656+sZBfBTg0IqrkAf+vt6t4ZMq2soCy9/gQIDAQAB +-AoGAUjKXErJyR1LgvoAsUt3RUvYExOVhPd963kKtqojfHZ2ZRNHeU2QtDGRW7YUg +-OdqCRONkatyOmiZw4hogA6graJKiqKLvM/F4qRoLsxH9T/cSOIl9QjZVkUd1HV/Z +-iJluibPTewVyfoYzkq48GN+QIi//msYKBjI5Q2Yybn4WrgECQQDk/mDp4sAvuLXL +-NxaQKuDZA5TxU2u8GTItFqOoHneVFSJLE4O3kr7wh47O817mnljZfskZwVXBYx6R +-VbXsy8ZJAkEA3NLRFh8cR03CN+eYPi33JrUVRSrn8eAB5MNOaOdO4mT0pTAzfVfe +-g6rMDnK2n7WZzwf6YmvRVyppW2/kQjyPeQJAXoa3ILTuWoSn3owN71MT3+E/oWKr +-LUlFUiFvSx3QhSTlNBKJI8UatpVumPUTbqVczeMtRkltidfNrXaxE1+GqQJAW9WU +-vMVtZj3xUnyPNPS6vy85zE0ertmBEBklJ71icgaYM4aLM0pysIE8YZnVVzAX6iCg +-QYQjSEPMEwnCfMVgyQJAcWnk6HPLbJmUt+ZGGAcqzfycR6jMKFnm4st2Ld6JuDT2 +-h2lb40Uma9gO+aXLIf+K9prCxb+7nR1M3qLwV4krkQ== ++MIIEogIBAAKCAQEAysRbHrTv9YEW5rmq5TcSYqug8R1NdsFGXoSZHhuLMESkmYwf ++PdLpBEke4WNEu7azWCOrXYKK52VTNYnNSiSITXDZW/j1TXuLDr+KqxupddwyjVqy ++Z/IywF3lFUzO9j55eQzw9ta9+6O8FJizTZ8o9KRbWb3EEcoDa6Sew5hb89H7i2Lu ++11YySrYaPrk+rYesTKoiSVf0PAMFQWSLDYuru/NCHj3T3OtXc50g/qCBH4rJY0ht ++fPl0MjI931AnFjyBDHBbbETn+xl6qjC83E1lYmkBwE9ByWy8XkfZcWG0lnIU0RME ++wxHxmKWAX3rnpePJPc0hmIy1b5RAwsKnla7vBQIDAQABAoIBABuyZp/zJzPpxi8N ++/YIB28kOmJVW41XtYKdYhXHPYVvehH1U3o+bV6j2M/mljaX2dtj7RlUnl8Gz3YHa ++qOgPxW6Ok6I0h41l6sDA+TgWNzeaNG2KjgQU2UndiYU3UK3iKsWWNvQAsULGQtKt ++aRCZRQblzHSdr0KezYjOm8Er9qN/NRbL2Sc38szOq1/l8/Zm0EXvMNt/ffJPkzV9 ++/GNtpX5HCMk/mK61MrgCxDASYZTMR4cVFIrHgeWWhi06wEuaFIbW8+9cnBZ/6wTc ++AsiVqehWzgdP2UYA0pIUberhlpsX1RLoz7XHxynA4k5A0F9H/UKfyCFSNy8gPqwg ++FmW8QqECgYEA5GUnKx1EfV84GPNqxMD1joKrrptMJfqweANGblRVhU3+bg/pWx8H ++FBgRieQJB+qzqbxkIf9rFq6CH5FqfHZBD5srztTXsEa/iLeEfLucNVzyAoqS+mf8 ++7O4kKIx+iJuqBBKegQXPSbnEOljkDoXSRLZnhTqhrXxYBhgGrJcp1bcCgYEA40Y8 ++OTrWn/ceJJELkDg3VI82w+c65GUVFP2RlxP6Lz1TkXli1Ezv488mH19+fVkMTf9L ++052ym13tjSc1H1j+ad3WMzA7tBHOWTfKdYeg34ymoQIXxbnpuzkId325Q2jeBenB ++FF2lkwIcLnyMXSBJcBfWxqipIRO83TOT31/nASMCgYBv7jrR4FgOcTnW0ISExGQT ++YWqt+aHKAx+00TYVH/OBjwWf/uBILd6UNG9z+nOKk7VU++S+3KQoy4Et42AievnL ++oipIBPtngmSfpgCh+HfHlzNrl2oMmiXUH6lMzf29CTy7Hjzb0nMSGJ5YUfQCQgcY ++caQuINvXX9brtZ6fur1f5QKBgGR+4xRfSxYS3HZI2Lcd1IGEji/T6Duj4s2UTjNi ++twb6dCBob2X220B9kZrfy/u7S3CVyb66BYcj4m2+/4NsA5tmZ1fdJRk7omXbAKA1 ++p9IRzIB3f3GEArExx+emZSxEi6BLu3+45QT7MuDvW9W1+CMjt2nCnH6uzp11OBbW ++vjvHAoGAco3FdBxqRKzBvyyRFzDAMhc/4VcSSCgNj7ya76eyYtlr4zF+4+fg3OaZ ++X/BZydglf89WvMbJkF6Y0hFx92AwFF7Ns3YpAjWhTudi9jDUX1sT1s7ZXHtL+Qei ++6+Pek6d57gk0ogSs64DwSosFxnfkZLKzPJt15lwfliurnYeaBsg= + -----END RSA PRIVATE KEY----- + Certificate: + Data: + Version: 3 (0x2) +- Serial Number: 14725819352362 (0xd649f3b452a) ++ Serial Number: 15361900975180 (0xdf8b8a6944c) + Signature Algorithm: sha1WithRSAEncryption + Issuer: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = Northern Nowhere Trust Anchor + Validity +- Not Before: Aug 30 18:32:15 2016 GMT +- Not After : Nov 16 18:32:15 2024 GMT ++ Not Before: Sep 5 23:28:17 2018 GMT ++ Not After : Nov 22 23:28:17 2026 GMT + Subject: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = localhost.nn + Subject Public Key Info: + Public Key Algorithm: rsaEncryption +- Public-Key: (1024 bit) ++ Public-Key: (2048 bit) + Modulus: +- 00:c5:87:2e:fb:f5:88:8a:39:4c:62:88:9f:fb:4a: +- 02:1c:27:92:9d:0b:65:a2:70:1f:d1:b7:de:c8:1d: +- 87:28:4b:9c:4b:cc:f6:f6:7c:83:1f:2d:76:be:41: +- 29:5e:31:fa:23:0c:2d:7d:cb:38:c2:8b:54:8f:fc: +- 6a:50:6d:c7:d7:af:72:fb:3b:a1:a7:4d:c4:1b:d2: +- 0d:75:7c:92:62:97:48:c4:e8:12:c0:00:33:66:0e: +- 28:17:0f:5c:36:d6:50:70:ec:c8:9f:a2:ae:b9:eb: +- eb:19:05:f0:53:83:42:2a:ae:40:1f:fa:fb:7a:b7: +- 86:4c:ab:6b:28:0b:2f:7f:81 ++ 00:ca:c4:5b:1e:b4:ef:f5:81:16:e6:b9:aa:e5:37: ++ 12:62:ab:a0:f1:1d:4d:76:c1:46:5e:84:99:1e:1b: ++ 8b:30:44:a4:99:8c:1f:3d:d2:e9:04:49:1e:e1:63: ++ 44:bb:b6:b3:58:23:ab:5d:82:8a:e7:65:53:35:89: ++ cd:4a:24:88:4d:70:d9:5b:f8:f5:4d:7b:8b:0e:bf: ++ 8a:ab:1b:a9:75:dc:32:8d:5a:b2:67:f2:32:c0:5d: ++ e5:15:4c:ce:f6:3e:79:79:0c:f0:f6:d6:bd:fb:a3: ++ bc:14:98:b3:4d:9f:28:f4:a4:5b:59:bd:c4:11:ca: ++ 03:6b:a4:9e:c3:98:5b:f3:d1:fb:8b:62:ee:d7:56: ++ 32:4a:b6:1a:3e:b9:3e:ad:87:ac:4c:aa:22:49:57: ++ f4:3c:03:05:41:64:8b:0d:8b:ab:bb:f3:42:1e:3d: ++ d3:dc:eb:57:73:9d:20:fe:a0:81:1f:8a:c9:63:48: ++ 6d:7c:f9:74:32:32:3d:df:50:27:16:3c:81:0c:70: ++ 5b:6c:44:e7:fb:19:7a:aa:30:bc:dc:4d:65:62:69: ++ 01:c0:4f:41:c9:6c:bc:5e:47:d9:71:61:b4:96:72: ++ 14:d1:13:04:c3:11:f1:98:a5:80:5f:7a:e7:a5:e3: ++ c9:3d:cd:21:98:8c:b5:6f:94:40:c2:c2:a7:95:ae: ++ ef:05 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: +@@ -76,45 +97,48 @@ Certificate: + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Subject Key Identifier: +- 2C:4D:DD:54:88:59:3F:A4:34:9C:E3:56:FF:95:0F:E2:CE:51:20:95 ++ 3B:B0:44:94:FB:03:62:D4:90:31:0A:89:AC:43:2C:16:F1:F0:0A:B1 + X509v3 Authority Key Identifier: + keyid:12:CA:BA:4B:46:04:A7:75:8A:2C:E8:0E:54:94:BC:12:65:A6:7B:CE + + X509v3 Basic Constraints: + CA:FALSE + Signature Algorithm: sha1WithRSAEncryption +- 77:cd:d2:17:91:a6:4b:70:de:79:6a:20:82:a3:56:a3:d0:6a: +- ba:f7:7d:6f:00:69:d2:06:06:0b:da:cd:49:9d:36:fd:d0:cc: +- bd:8a:dc:e1:d6:89:c9:23:02:8a:19:2d:14:ca:c6:06:87:66: +- c7:f4:32:37:95:0d:f1:a7:1c:a1:fe:43:4f:3b:03:03:e2:1a: +- c6:fc:91:d5:0d:a0:7e:82:60:14:31:2f:6d:b8:f4:57:98:8d: +- 04:74:a3:82:28:6d:1c:b4:de:1a:70:bd:fe:73:ac:b7:96:ec: +- 7c:9b:6d:64:c6:f8:67:39:c7:ea:f4:aa:48:26:b8:14:85:f0: +- 00:ab:8f:bd:1a:95:e2:a7:63:92:35:1e:37:04:c2:70:2c:1c: +- 56:95:b1:83:70:8c:99:88:1c:8a:6f:7a:a2:0d:84:dd:4f:0e: +- 3e:8b:fb:31:cf:ae:ee:b0:e4:f6:c1:8d:d1:98:a9:8d:17:1f: +- 5d:5a:79:e8:7c:97:ab:40:bc:aa:7e:c4:0b:19:30:ad:18:aa: +- 9c:9b:eb:3f:35:d3:86:9c:3a:cc:e6:9a:2c:47:d1:bb:36:6e: +- f2:c5:d4:e3:0c:5b:c6:eb:30:e6:0d:3a:4b:3a:a3:6b:62:93: +- 8b:6a:59:1f:48:66:2e:d9:70:14:b6:aa:4f:d1:3b:38:5e:e6: +- 79:7f:b7:00 ++ a3:2d:58:29:5b:6f:eb:7f:93:58:ed:6e:68:4c:65:7c:2d:ae: ++ ad:7b:bf:8a:7f:20:47:97:02:3a:8d:bd:8e:8b:7f:f3:d7:11: ++ 39:67:45:18:9e:7e:75:f0:6d:78:ca:27:df:6b:88:42:aa:93: ++ 94:30:eb:6f:ae:2d:94:fa:af:03:9f:e1:3c:a6:f7:47:b8:2f: ++ f1:36:6f:e1:d1:31:4f:01:45:b7:77:b0:7b:38:21:7b:92:c3: ++ 6b:c2:2e:ce:8f:81:9e:00:84:18:17:91:0d:95:30:6a:3e:d8: ++ 2a:4b:1a:d9:81:35:18:49:cb:18:34:b4:66:9a:7e:78:f5:29: ++ 36:86:70:02:7e:51:05:7d:be:21:b0:23:05:54:a9:28:23:2e: ++ fa:3f:84:37:ea:47:69:0e:6b:be:28:04:58:ab:fb:d5:54:1d: ++ 3c:03:28:18:39:80:78:cb:6c:a8:56:ef:47:7b:ff:c0:c3:36: ++ e7:ef:42:f3:8b:b7:e4:37:55:6c:90:2d:db:01:50:72:4a:2b: ++ ba:e5:a2:73:c8:5e:25:fa:d6:8d:4f:b2:6e:cf:31:29:83:33: ++ e3:0d:d9:77:23:21:a8:a6:63:90:13:c6:e3:c9:0f:cc:46:39: ++ 5d:a3:67:fa:1e:fd:ee:e9:4d:20:8e:a6:5e:d4:b2:e2:ab:e0: ++ 56:4a:35:51 + -----BEGIN CERTIFICATE----- +-MIIDWjCCAkKgAwIBAgIGDWSfO0UqMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYT ++MIID3jCCAsagAwIBAgIGDfi4ppRMMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYT + Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo + IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe +-Fw0xNjA4MzAxODMyMTVaFw0yNDExMTYxODMyMTVaMFcxCzAJBgNVBAYTAk5OMTEw ++Fw0xODA5MDUyMzI4MTdaFw0yNjExMjIyMzI4MTdaMFcxCzAJBgNVBAYTAk5OMTEw + LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk +-MRUwEwYDVQQDDAxsb2NhbGhvc3Qubm4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ +-AoGBAMWHLvv1iIo5TGKIn/tKAhwnkp0LZaJwH9G33sgdhyhLnEvM9vZ8gx8tdr5B +-KV4x+iMMLX3LOMKLVI/8alBtx9evcvs7oadNxBvSDXV8kmKXSMToEsAAM2YOKBcP +-XDbWUHDsyJ+irrnr6xkF8FODQiquQB/6+3q3hkyraygLL3+BAgMBAAGjgZ4wgZsw +-LAYDVR0RBCUwI4IJbG9jYWxob3N0ggpsb2NhbGhvc3Qxggpsb2NhbGhvc3QyMAsG +-A1UdDwQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQULE3dVIhZ +-P6Q0nONW/5UP4s5RIJUwHwYDVR0jBBgwFoAUEsq6S0YEp3WKLOgOVJS8EmWme84w +-CQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEAd83SF5GmS3DeeWoggqNWo9Bq +-uvd9bwBp0gYGC9rNSZ02/dDMvYrc4daJySMCihktFMrGBodmx/QyN5UN8accof5D +-TzsDA+IaxvyR1Q2gfoJgFDEvbbj0V5iNBHSjgihtHLTeGnC9/nOst5bsfJttZMb4 +-ZznH6vSqSCa4FIXwAKuPvRqV4qdjkjUeNwTCcCwcVpWxg3CMmYgcim96og2E3U8O +-Pov7Mc+u7rDk9sGN0ZipjRcfXVp56HyXq0C8qn7ECxkwrRiqnJvrPzXThpw6zOaa +-LEfRuzZu8sXU4wxbxusw5g06Szqja2KTi2pZH0hmLtlwFLaqT9E7OF7meX+3AA== ++MRUwEwYDVQQDDAxsb2NhbGhvc3Qubm4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ++ggEKAoIBAQDKxFsetO/1gRbmuarlNxJiq6DxHU12wUZehJkeG4swRKSZjB890ukE ++SR7hY0S7trNYI6tdgornZVM1ic1KJIhNcNlb+PVNe4sOv4qrG6l13DKNWrJn8jLA ++XeUVTM72Pnl5DPD21r37o7wUmLNNnyj0pFtZvcQRygNrpJ7DmFvz0fuLYu7XVjJK ++tho+uT6th6xMqiJJV/Q8AwVBZIsNi6u780IePdPc61dznSD+oIEfisljSG18+XQy ++Mj3fUCcWPIEMcFtsROf7GXqqMLzcTWViaQHAT0HJbLxeR9lxYbSWchTREwTDEfGY ++pYBfeuel48k9zSGYjLVvlEDCwqeVru8FAgMBAAGjgZ4wgZswLAYDVR0RBCUwI4IJ ++bG9jYWxob3N0ggpsb2NhbGhvc3Qxggpsb2NhbGhvc3QyMAsGA1UdDwQEAwIDqDAT ++BgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQUO7BElPsDYtSQMQqJrEMsFvHw ++CrEwHwYDVR0jBBgwFoAUEsq6S0YEp3WKLOgOVJS8EmWme84wCQYDVR0TBAIwADAN ++BgkqhkiG9w0BAQUFAAOCAQEAoy1YKVtv63+TWO1uaExlfC2urXu/in8gR5cCOo29 ++jot/89cROWdFGJ5+dfBteMon32uIQqqTlDDrb64tlPqvA5/hPKb3R7gv8TZv4dEx ++TwFFt3ewezghe5LDa8Iuzo+BngCEGBeRDZUwaj7YKksa2YE1GEnLGDS0Zpp+ePUp ++NoZwAn5RBX2+IbAjBVSpKCMu+j+EN+pHaQ5rvigEWKv71VQdPAMoGDmAeMtsqFbv ++R3v/wMM25+9C84u35DdVbJAt2wFQckoruuWic8heJfrWjU+ybs8xKYMz4w3ZdyMh ++qKZjkBPG48kPzEY5XaNn+h797ulNII6mXtSy4qvgVko1UQ== + -----END CERTIFICATE----- +diff --git a/tests/certs/Server-localhost-firstSAN-sv.pub.der b/tests/certs/Server-localhost-firstSAN-sv.pub.der +index fb1b486a630a238d5fd4a0bb4b109ccc92a7711e..b73286786a983df9861f0348a56a96169a475d4d 100644 +GIT binary patch +literal 294 +zcmV+>0ondAf&n5h4F(A+hDe6@4FLfG1potr0S^E$f&mHwf&l>l%EVh9wD0wS7UsFC +zw~NGL2fYXYw+@UF8)_&h|cec?|IO*1h|qycC$TO`j&LNQUP;JN8uX6i4 +zp{Gs68`2GRe3D|9NW|z8zyLF54k#B7TsGEFaO}vRqOQ5?>lp>`Q-eY(u0S99`+B#A +QOsi`s3on0x0s{d60TPfzi~s-t + +diff --git a/tests/certs/Server-localhost-firstSAN-sv.pub.pem b/tests/certs/Server-localhost-firstSAN-sv.pub.pem +index ef1459476cb93..4e6649083f72a 100644 +--- a/tests/certs/Server-localhost-firstSAN-sv.pub.pem ++++ b/tests/certs/Server-localhost-firstSAN-sv.pub.pem +@@ -1,6 +1,9 @@ + -----BEGIN PUBLIC KEY----- +-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFhy779YiKOUxiiJ/7SgIcJ5Kd +-C2WicB/Rt97IHYcoS5xLzPb2fIMfLXa+QSleMfojDC19yzjCi1SP/GpQbcfXr3L7 +-O6GnTcQb0g11fJJil0jE6BLAADNmDigXD1w21lBw7Mifoq656+sZBfBTg0IqrkAf +-+vt6t4ZMq2soCy9/gQIDAQAB ++MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAysRbHrTv9YEW5rmq5TcS ++Yqug8R1NdsFGXoSZHhuLMESkmYwfPdLpBEke4WNEu7azWCOrXYKK52VTNYnNSiSI ++TXDZW/j1TXuLDr+KqxupddwyjVqyZ/IywF3lFUzO9j55eQzw9ta9+6O8FJizTZ8o ++9KRbWb3EEcoDa6Sew5hb89H7i2Lu11YySrYaPrk+rYesTKoiSVf0PAMFQWSLDYur ++u/NCHj3T3OtXc50g/qCBH4rJY0htfPl0MjI931AnFjyBDHBbbETn+xl6qjC83E1l ++YmkBwE9ByWy8XkfZcWG0lnIU0RMEwxHxmKWAX3rnpePJPc0hmIy1b5RAwsKnla7v ++BQIDAQAB + -----END PUBLIC KEY----- +diff --git a/tests/certs/Server-localhost-lastSAN-sv.crl b/tests/certs/Server-localhost-lastSAN-sv.crl +index 486bf926ad8f6..0b431412423d5 100644 +--- a/tests/certs/Server-localhost-lastSAN-sv.crl ++++ b/tests/certs/Server-localhost-lastSAN-sv.crl +@@ -1,14 +1,12 @@ + -----BEGIN X509 CRL----- +-MIICDjCB9wIBATANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJOTjExMC8GA1UE ++MIIB3DCBxQIBATANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJOTjExMC8GA1UE + CgwoRWRlbCBDdXJsIEFyY3RpYyBJbGx1ZGl1bSBSZXNlYXJjaCBDbG91ZDEmMCQG +-A1UEAwwdTm9ydGhlcm4gTm93aGVyZSBUcnVzdCBBbmNob3IXDTE2MDgzMDE4MzI1 +-N1oXDTE2MDkyOTE4MzI1N1owSzAXAgYNZJ8o86IXDTE2MDgzMDE4MzAxNVowFwIG +-DWSfO0UqFw0xNjA4MzAxODMyMTVaMBcCBg1kn0GuixcNMTYwODMwMTgzMjU3WqAO +-MAwwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADggEBAE0v3zGBeKKuODAUugh7 +-l6bJi7Cs0CDhuBJ8wCpwL5XRGwWhYChJtEXWFUKLBhMarIPYKEv3f3rd8gtFII/8 +-wmnxoTL6eXZNL+FpHkZJ+blsHi73G7xzpB6kdFHIxI4tixwiUCe85u6WIRWkIEBs +-kyPPAgbnosF37umQfEaBrweVy+EztrYw8jgd0oDBybQp25p7Noa0N4uDoDInuOgP +-A7Q1Zf0ndWjrlEQtjMAUdA6blGKlb8BjMPtX50mbXuXctLeICns8TVUSQSiKU+oR +-1QTgbkl+AfdaFlfNAum4a42bCLyeBQ/O31NydZbCE8o2q9PqPepAkL9dXhMLiK/a +-tjA= ++A1UEAwwdTm9ydGhlcm4gTm93aGVyZSBUcnVzdCBBbmNob3IXDTE4MDkwNTIzMjkw ++MVoXDTE4MTAwNTIzMjkwMVowGTAXAgYN+LitKqAXDTE4MDkwNTIzMjkwMVqgDjAM ++MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQBc8MVCmUUhPb/yJ05wh1EA ++rBbLCjTYTDL9DW5YJIoBUKYWi5DGETS5BmgPU3ci6Pfa6eJ51oRurOCJHnL691Gp ++Y1d6R5CiM8mtHOPGCAgvvo0x+xJ/GzikxaggTDPA2CZWAFjBApMNdMvGTwurcnW9 ++0jOl7zsfFoxSDlRqdFw7QW7Axju8vxRpMj6/pVBKmqgM+NUavcVPmRAYlsxCaeNH ++cdBviuw4qt3T6eLcb/RNIuCuXcp8a7ysqkGdSS/Pp/drOGZAmugbj1kmjS8b0n1M ++9L8wxG0k/TsgKSlWy+wbCJcUiYHgwzTd9i/XEdwxGvOnKFeiCvqShhkEG7QjfHs2 + -----END X509 CRL----- +diff --git a/tests/certs/Server-localhost-lastSAN-sv.crt b/tests/certs/Server-localhost-lastSAN-sv.crt +index a6d8ae9c2afe4..b3116b6953a88 100644 +--- a/tests/certs/Server-localhost-lastSAN-sv.crt ++++ b/tests/certs/Server-localhost-lastSAN-sv.crt +@@ -1,32 +1,41 @@ + Certificate: + Data: + Version: 3 (0x2) +- Serial Number: 14725819772555 (0xd649f41ae8b) ++ Serial Number: 15361901406880 (0xdf8b8ad2aa0) + Signature Algorithm: sha1WithRSAEncryption + Issuer: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = Northern Nowhere Trust Anchor + Validity +- Not Before: Aug 30 18:32:57 2016 GMT +- Not After : Nov 16 18:32:57 2024 GMT ++ Not Before: Sep 5 23:29:01 2018 GMT ++ Not After : Nov 22 23:29:01 2026 GMT + Subject: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = localhost.nn + Subject Public Key Info: + Public Key Algorithm: rsaEncryption +- Public-Key: (1024 bit) ++ Public-Key: (2048 bit) + Modulus: +- 00:a3:2a:75:d7:bf:75:41:40:be:42:b8:b9:00:28: +- f1:45:29:55:bc:36:ca:a6:b7:86:93:97:25:84:aa: +- c9:80:ac:41:d9:28:fb:b0:68:4b:5b:ee:bd:94:83: +- da:2b:f6:cc:cc:11:df:fb:48:e6:e9:d5:97:41:7f: +- 9a:0d:b7:87:96:12:22:41:2a:7f:95:8a:14:d6:6c: +- 4b:34:df:18:29:01:0d:b2:3c:4d:c8:c4:5e:87:fa: +- 9f:aa:ee:a4:73:e9:bb:74:57:85:24:2a:51:e4:43: +- 5c:4b:97:51:52:b9:82:6e:9c:ce:ae:0f:91:45:25: +- f9:b4:24:66:8e:47:1f:d7:d5 ++ 00:df:16:15:5f:2a:a4:50:cf:3a:a8:79:6e:22:8d: ++ 95:16:b7:4d:7d:d2:1f:4f:6d:2d:7a:7d:dc:8a:4f: ++ 53:7b:5f:c9:de:5c:88:6c:a2:74:26:35:1c:78:68: ++ c1:60:25:a7:7b:b6:1a:9a:aa:33:d0:9f:5e:f2:2e: ++ 21:04:8c:0d:9a:28:f5:61:40:3c:34:1a:9b:8a:70: ++ 81:6d:83:9e:7c:d0:4c:d9:79:dc:37:d9:24:6e:73: ++ c7:61:31:71:e9:f5:97:b7:65:ad:3d:f6:af:20:6f: ++ 56:b9:b5:42:b5:3d:96:61:31:eb:0d:4c:e9:f5:31: ++ d3:25:af:40:b3:bb:81:04:7f:1a:ce:21:18:83:52: ++ 2d:51:31:ae:82:f9:cb:10:d3:d5:06:af:f8:71:e8: ++ a3:c6:9f:7b:48:da:e2:28:af:1c:ff:41:6d:32:81: ++ 45:59:d7:64:e4:b1:d7:c9:86:6a:0b:65:71:66:d6: ++ 42:a8:67:fd:83:49:20:75:16:1e:bb:1b:85:5c:7e: ++ e2:8f:5f:1c:81:d3:8a:95:d6:92:5c:9e:7f:a2:10: ++ 08:e1:df:ae:69:68:3f:8d:dd:79:4f:da:3f:79:b5: ++ 02:97:57:30:67:4d:3d:76:35:b5:4f:d1:5d:35:dd: ++ d4:b5:6b:57:b2:e0:23:35:ad:1a:bf:6f:77:e6:bc: ++ 58:ed + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: +@@ -36,45 +45,48 @@ Certificate: + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Subject Key Identifier: +- 2C:CF:E3:6E:08:F9:CE:9B:98:3B:B3:17:7F:0C:9D:E4:5B:1B:76:8A ++ 7C:9A:EA:9B:92:98:FB:77:25:89:8B:EF:D3:F4:88:34:AF:EA:24:CC + X509v3 Authority Key Identifier: + keyid:12:CA:BA:4B:46:04:A7:75:8A:2C:E8:0E:54:94:BC:12:65:A6:7B:CE + + X509v3 Basic Constraints: + CA:FALSE + Signature Algorithm: sha1WithRSAEncryption +- 2e:3d:c1:a2:a7:e4:70:f8:a8:13:86:c3:af:22:1f:e9:e1:62: +- f4:cf:16:66:a8:3b:70:f6:12:30:be:fe:8e:44:1b:71:b5:c1: +- e0:4b:66:c4:5d:d4:d7:7d:49:43:4a:6d:22:1b:ce:3d:e3:14: +- 14:b3:6d:3a:93:39:0c:9b:2c:83:35:1d:7e:7c:29:29:3c:51: +- 6b:27:c3:5b:2d:f2:61:18:f8:c7:90:be:3b:68:3f:08:9b:ac: +- 68:01:d2:0c:ec:aa:5d:9e:78:b7:8b:84:04:01:b2:08:ef:df: +- 0c:f2:29:99:fe:61:d1:65:80:aa:ef:df:8e:28:55:a6:f9:88: +- 0c:01:bb:fc:1c:9e:9c:08:8d:c5:34:24:91:c1:ac:71:22:e1: +- 12:78:e0:45:d5:e2:39:c4:3c:16:09:80:d0:5b:bc:49:0a:4c: +- a3:5b:e1:36:40:ed:26:6d:8d:a0:d3:4a:3c:86:93:2f:d4:0a: +- 3c:72:08:62:d7:66:d0:b3:05:c2:0f:1d:af:3c:65:67:f2:6c: +- 76:a5:9c:37:ac:c4:ac:96:b7:e4:c0:ef:a4:5b:28:1e:16:09: +- 15:f6:7b:bb:5d:a2:94:9a:df:52:7b:ae:c9:39:f4:18:9e:84: +- 57:6c:d3:6d:ae:35:38:8f:8f:9b:0d:df:77:69:ae:25:ec:ce: +- d0:2b:bd:8d ++ 0f:97:60:47:2f:22:9f:d4:16:99:5a:ed:f4:b5:54:31:bf:9f: ++ a1:bd:2d:8b:eb:c1:24:db:73:30:c7:46:d6:4c:c8:c6:38:0c: ++ 9a:e6:d6:5e:e8:a7:fb:9f:b6:44:66:73:43:86:46:10:c0:4c: ++ 40:4e:c1:d7:e4:41:0b:f0:61:f0:6f:45:8c:5a:14:40:42:97: ++ c3:03:d0:ff:6d:4a:06:80:65:49:d4:2f:07:9d:86:59:6b:5b: ++ 9e:bc:0c:46:8a:62:da:c0:22:af:13:6c:0d:9d:54:5e:46:53: ++ a5:aa:f2:80:44:c7:07:6e:f7:b0:4c:37:5c:31:08:a0:37:df: ++ 8a:35:92:3c:8c:91:2f:64:4f:d3:a0:eb:95:b3:4a:9e:f7:ac: ++ 25:ad:06:13:5c:dd:bd:d5:6b:74:8d:c7:c5:a6:b4:89:27:fd: ++ b7:c2:24:a7:6a:b3:64:e6:e6:31:91:35:fc:0e:15:14:38:d6: ++ 39:b0:c4:b2:c1:c8:c7:ed:25:d7:b0:a9:b9:a0:70:33:42:90: ++ 86:33:2a:d8:d5:8a:02:e6:ab:8d:92:d6:ae:b4:1d:e9:6c:22: ++ a5:2f:1a:48:48:2b:5c:b8:30:01:4b:27:1a:d3:cf:21:77:ab: ++ 9f:bc:55:34:2e:9f:03:2b:17:0b:c3:44:8e:a8:94:ae:92:a2: ++ 9a:33:c0:8e + -----BEGIN CERTIFICATE----- +-MIIDWjCCAkKgAwIBAgIGDWSfQa6LMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYT ++MIID3jCCAsagAwIBAgIGDfi4rSqgMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYT + Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo + IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe +-Fw0xNjA4MzAxODMyNTdaFw0yNDExMTYxODMyNTdaMFcxCzAJBgNVBAYTAk5OMTEw ++Fw0xODA5MDUyMzI5MDFaFw0yNjExMjIyMzI5MDFaMFcxCzAJBgNVBAYTAk5OMTEw + LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk +-MRUwEwYDVQQDDAxsb2NhbGhvc3Qubm4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ +-AoGBAKMqdde/dUFAvkK4uQAo8UUpVbw2yqa3hpOXJYSqyYCsQdko+7BoS1vuvZSD +-2iv2zMwR3/tI5unVl0F/mg23h5YSIkEqf5WKFNZsSzTfGCkBDbI8TcjEXof6n6ru +-pHPpu3RXhSQqUeRDXEuXUVK5gm6czq4PkUUl+bQkZo5HH9fVAgMBAAGjgZ4wgZsw +-LAYDVR0RBCUwI4IKbG9jYWxob3N0MYIKbG9jYWxob3N0MoIJbG9jYWxob3N0MAsG +-A1UdDwQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQULM/jbgj5 +-zpuYO7MXfwyd5FsbdoowHwYDVR0jBBgwFoAUEsq6S0YEp3WKLOgOVJS8EmWme84w +-CQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEALj3BoqfkcPioE4bDryIf6eFi +-9M8WZqg7cPYSML7+jkQbcbXB4EtmxF3U131JQ0ptIhvOPeMUFLNtOpM5DJssgzUd +-fnwpKTxRayfDWy3yYRj4x5C+O2g/CJusaAHSDOyqXZ54t4uEBAGyCO/fDPIpmf5h +-0WWAqu/fjihVpvmIDAG7/ByenAiNxTQkkcGscSLhEnjgRdXiOcQ8FgmA0Fu8SQpM +-o1vhNkDtJm2NoNNKPIaTL9QKPHIIYtdm0LMFwg8drzxlZ/JsdqWcN6zErJa35MDv +-pFsoHhYJFfZ7u12ilJrfUnuuyTn0GJ6EV2zTba41OI+Pmw3fd2muJezO0Cu9jQ== ++MRUwEwYDVQQDDAxsb2NhbGhvc3Qubm4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ++ggEKAoIBAQDfFhVfKqRQzzqoeW4ijZUWt0190h9PbS16fdyKT1N7X8neXIhsonQm ++NRx4aMFgJad7thqaqjPQn17yLiEEjA2aKPVhQDw0GpuKcIFtg5580EzZedw32SRu ++c8dhMXHp9Ze3Za099q8gb1a5tUK1PZZhMesNTOn1MdMlr0Czu4EEfxrOIRiDUi1R ++Ma6C+csQ09UGr/hx6KPGn3tI2uIorxz/QW0ygUVZ12TksdfJhmoLZXFm1kKoZ/2D ++SSB1Fh67G4VcfuKPXxyB04qV1pJcnn+iEAjh365paD+N3XlP2j95tQKXVzBnTT12 ++NbVP0V013dS1a1ey4CM1rRq/b3fmvFjtAgMBAAGjgZ4wgZswLAYDVR0RBCUwI4IK ++bG9jYWxob3N0MYIKbG9jYWxob3N0MoIJbG9jYWxob3N0MAsGA1UdDwQEAwIDqDAT ++BgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQUfJrqm5KY+3cliYvv0/SINK/q ++JMwwHwYDVR0jBBgwFoAUEsq6S0YEp3WKLOgOVJS8EmWme84wCQYDVR0TBAIwADAN ++BgkqhkiG9w0BAQUFAAOCAQEAD5dgRy8in9QWmVrt9LVUMb+fob0ti+vBJNtzMMdG ++1kzIxjgMmubWXuin+5+2RGZzQ4ZGEMBMQE7B1+RBC/Bh8G9FjFoUQEKXwwPQ/21K ++BoBlSdQvB52GWWtbnrwMRopi2sAirxNsDZ1UXkZTparygETHB273sEw3XDEIoDff ++ijWSPIyRL2RP06DrlbNKnvesJa0GE1zdvdVrdI3Hxaa0iSf9t8Ikp2qzZObmMZE1 ++/A4VFDjWObDEssHIx+0l17CpuaBwM0KQhjMq2NWKAuarjZLWrrQd6WwipS8aSEgr ++XLgwAUsnGtPPIXern7xVNC6fAysXC8NEjqiUrpKimjPAjg== + -----END CERTIFICATE----- +diff --git a/tests/certs/Server-localhost-lastSAN-sv.csr b/tests/certs/Server-localhost-lastSAN-sv.csr +index bf635554037f5..78077bcd489e3 100644 +--- a/tests/certs/Server-localhost-lastSAN-sv.csr ++++ b/tests/certs/Server-localhost-lastSAN-sv.csr +@@ -1,11 +1,16 @@ + -----BEGIN CERTIFICATE REQUEST----- +-MIIBlzCCAQACAQAwVzELMAkGA1UEBhMCTk4xMTAvBgNVBAoMKEVkZWwgQ3VybCBB ++MIICnDCCAYQCAQAwVzELMAkGA1UEBhMCTk4xMTAvBgNVBAoMKEVkZWwgQ3VybCBB + cmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxFTATBgNVBAMMDGxvY2FsaG9z +-dC5ubjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoyp11791QUC+Qri5ACjx +-RSlVvDbKpreGk5clhKrJgKxB2Sj7sGhLW+69lIPaK/bMzBHf+0jm6dWXQX+aDbeH +-lhIiQSp/lYoU1mxLNN8YKQENsjxNyMReh/qfqu6kc+m7dFeFJCpR5ENcS5dRUrmC +-bpzOrg+RRSX5tCRmjkcf19UCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4GBACoIAlf0 +-hSnZJOBBt7FS7iXlNRyKZAD881jhHFux+Gxq3gtbJsP57c+ALZ3MswjjUXW0Iq11 +-IZLeZQGCAHYp4/GuTHbaq0qo1LjgpTqgQfwEB3BqNGs6yJiST+3risgawFbfqEDY +-LCm7rs/yyaOdMjwdwrUMciSv5KtlXZ1VThyt ++dC5ubjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN8WFV8qpFDPOqh5 ++biKNlRa3TX3SH09tLXp93IpPU3tfyd5ciGyidCY1HHhowWAlp3u2GpqqM9CfXvIu ++IQSMDZoo9WFAPDQam4pwgW2DnnzQTNl53DfZJG5zx2Excen1l7dlrT32ryBvVrm1 ++QrU9lmEx6w1M6fUx0yWvQLO7gQR/Gs4hGINSLVExroL5yxDT1Qav+HHoo8afe0ja ++4iivHP9BbTKBRVnXZOSx18mGagtlcWbWQqhn/YNJIHUWHrsbhVx+4o9fHIHTipXW ++klyef6IQCOHfrmloP43deU/aP3m1ApdXMGdNPXY1tU/RXTXd1LVrV7LgIzWtGr9v ++d+a8WO0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCNGbWvnceLjA+R8+p1skgq ++0JxCZIUP/E8iOpg0eX2CjtU+9raYMNa7URtWa1kTSfxbuowPn21CSQmQ+1MDZv0Z ++UTAADKwXO6dDvXkYY4LwpRIozsz1zx1ulUaYmg4D2FPBIxg9QNLB0ic9+gUYdUEX ++Uw7vzxY8ExO99Z6rhJcNZPPYmj97MS/ZmBTZ8jxqjuOQ1R9mIhBvdsYdoDQR8SMK ++1b/0qH0F5Ly2iWt+pi+muoz+tYUyiXrIzYGF4+gImYBJEy35Pni/H8mMY62TxbWi ++QfhD9S8hxfT733X+UQQlQPToNDYdrmm/WcABOXrm8ESXfKvzs8aCodfCpDYIyxbu + -----END CERTIFICATE REQUEST----- +diff --git a/tests/certs/Server-localhost-lastSAN-sv.der b/tests/certs/Server-localhost-lastSAN-sv.der +index 5ffa9ce389c0077b35a17f0e7db97cfabf526f3a..220e7927b0f5d7a3bd0d8f4512d0f3eba6773a3b 100644 +GIT binary patch +delta 638 +zcmV-^0)hSB2I2=5FoFZ#FoFWcpaTK{0s;mN__(bqppg}R8aOaHFf}qWGC43YS{Ds6 +zHZd_WGBPtVIWRGity_PB0U|IB1_>&LNQU@-du=mqI4!T9C&EKU?rz}wi=qMGti%2 +z@-86+j18J7^Ggk?w`Hw8_OBpsR=Kr8 +zwLO+$G3yOX>Gd(wC9goUyMY9M8qOgYgHkO~F|LC7%MjDm2Cw*W=%dD;dq~>iD6bs< +zL2WXDMOoKmYI|7`*$UYi|^C)h%~S2B+Qc@0ziKcmtaRPBA?V2nOg1iwNx>`pP{`ii|fH8+jB6- +zM%GNo#yAX`=GI>5r~99_L}qhChDH#;Oh8V-*W^J9@L}+8MT}Y$Kth+p1JM6%N(O*s +zNz^X~orYO!Tb{fOMv7wEz#^{`Yz>`MUPe=;s`7wD#|LiruuL~xF$kbH-->@Vl01x& +zFJw>CpzD>hN}l(uC9MV%T;09ZYjlmr#iq20C;hj=B&TY#Waj2Ekv04d6%;tuIk3dC +z!N|w$CD*X2xu9?}LXd_tD%jPE0_LlYlGd)Y9qDW$r7s#tNGn{pFab*^8q?1qcdMVg +YRWvT211lE`!$gj#l&+GZnll2xj(~U|DF6Tf + +delta 505 +zcmVEv?OMZM<3VKlPCga6fDo<$5-`60jzk-AwZY&^X2f08*L_JtN^K$=&OPH46titQ +zlQ|5VEQ2*2etan@JW*>W!&@!#VHo(wkiI);KM0$wXaUj;?5bU!c(;p$1Oc)L@81ma +zDVhFZ(PeFVqS=atLDAX3(<*!Vev||0mbc`<@1$EO +v9u^4|_ItZsqLiB7QhTn+IrJEwgja0SZLT#qkB^%T-*;)QCG5`7D+0ZZOWfft + +diff --git a/tests/certs/Server-localhost-lastSAN-sv.key b/tests/certs/Server-localhost-lastSAN-sv.key +index 824ee6fec7cce..618e83902b081 100644 +--- a/tests/certs/Server-localhost-lastSAN-sv.key ++++ b/tests/certs/Server-localhost-lastSAN-sv.key +@@ -1,15 +1,27 @@ + -----BEGIN RSA PRIVATE KEY----- +-MIICWwIBAAKBgQCjKnXXv3VBQL5CuLkAKPFFKVW8Nsqmt4aTlyWEqsmArEHZKPuw +-aEtb7r2Ug9or9szMEd/7SObp1ZdBf5oNt4eWEiJBKn+VihTWbEs03xgpAQ2yPE3I +-xF6H+p+q7qRz6bt0V4UkKlHkQ1xLl1FSuYJunM6uD5FFJfm0JGaORx/X1QIDAQAB +-AoGAaC2QGDSSNRuVXxx6YnPBuJrvtsB1G4VKU6nJtq8lARb65CCassOkegow2UZm +-YnOtxw4SqGqfpOVPMe66+c8Yrd+6zimC7VorxmfhNxqOO34bxzztKKk8Q7c+odl3 +-+c4aVnFBk2hzuOW4PuJoFfFNQZWmh/XJdKK85X+bkryS/oECQQDTdzwYyDxvrPaw +-ZeR5oDleopk5W5QwmBAq4ehtie1oZfhzlNZzPOjnI9I71MRYdCwkesKHL2k6q7cT +-jA4sSmx5AkEAxYc6+o8l0/HE8HzypWe/ZfozaY3ccIFzmvcwQorbCvAxDtZ1DbFy +-VWLOgM/6gwDIUDF6ckaInaVmiVJl60Y3PQJAZFBOuO7cBJoHWDytuqiwLl1x1EzG +-KpsoKD+MU9I3RewBhUrYxEfjsCpFA8716YQKoK9/ckOiZouoyGQLISWY+QJAG5id +-AMxm+Ilafk62h61K7DBcZm7PUViEki3erC1CFPEhqXUEvXkBBDTdrNlholPFqI6B +-EN4R0BR/ksfUPV598QJAF8jl/8gz8pmAWmqw8tKbWdQeDgisyTHeYlPMxq4fUbLH +-mJk05csSX9CTg4eO7NRRwPxODKmPCd88sZZSOuTQmQ== ++MIIEogIBAAKCAQEA3xYVXyqkUM86qHluIo2VFrdNfdIfT20ten3cik9Te1/J3lyI ++bKJ0JjUceGjBYCWne7Yamqoz0J9e8i4hBIwNmij1YUA8NBqbinCBbYOefNBM2Xnc ++N9kkbnPHYTFx6fWXt2WtPfavIG9WubVCtT2WYTHrDUzp9THTJa9As7uBBH8aziEY ++g1ItUTGugvnLENPVBq/4ceijxp97SNriKK8c/0FtMoFFWddk5LHXyYZqC2VxZtZC ++qGf9g0kgdRYeuxuFXH7ij18cgdOKldaSXJ5/ohAI4d+uaWg/jd15T9o/ebUCl1cw ++Z009djW1T9FdNd3UtWtXsuAjNa0av2935rxY7QIDAQABAoIBAFz/H7mkVQs62AET ++Xc4Zp2To1Oz2gwbhRGwju6QMnYh4zfZcLKLctf6XdV7cjIBAMiloKH8BJMh7J2Fd ++yXXTzHfPSztXQ8GUtfJoJAw7Kf5t9xtRqXO+mWlR6nOh4RLexng1cpq6Exc6UrTn ++0v8qxV2PKaVJwt3r/1FeVWKXb5kne/Ob4LS7c0xnVqc7TGPtxLdS5mU5jrt0ZdZl ++tcHulLX24rmxKcNvge6r2EiYuet3vUi1uuLBQbWUJIFRwetDufG/2e2ihOuvCj5s ++aYNlRAo0JUwWl7geicRUdxkCpV/Qld7aYldKIcsSzgl6GLpgNpHjUFBbJBGSng0S ++vA4CMQECgYEA9tseJG2IuudqDHnpuUxtnlfDJTfYjtBQnYG1ojbd9FUiuihv/B2K ++pJ5uuowpKSnXOwaHtzyQ6XJA7JChRcDmJ4rf6R/1B61+1XVasyi2WffTJHbKzUk+ ++hBAUoGtJIvrChMOnAlQzifP8+b7ec/ghKy87dNlQzQlSunyEW6lAW/UCgYEA51mQ ++JOFsasSvioKilsJuFCcFInZCRTEMz7vK9HW2Qnv71b3xeB6aNoJA8zf1Gw9q5clN ++Yu+8pkGNsWeone8izTzzpgZGJmM/vLjSdIgaJytStha2FwlQxUjggOjSy1zIdW+v ++ROw6OaT2J5+Qw2ruWqSaw2fiDgOpBCJgfg95JhkCgYAy5SppyEuQfXXX7KrLkX5o ++Tx/k5Ia5qylzz/Jq53ULkyH9z6iHCnAzUJbzz0INQpsliEsi9FHMT8oi/A7EGulY ++7cEMh5I1awfjarawiYxPMFFQC0301U0WXVpjWLtTgu/n/47HZCTcJHnb5AZpUpdE ++GBDiHowSOgHcgR+o5lRmoQKBgFaPi0BRW+hi6S9RC5aO7vL5WpF3X/pVjO6Y3Co1 ++dNlRXHuv0w5XnOmyOK0IDdxvG1cYx6yx+IrYUjTDjTJyjDnwiVVgWZT5Y5qwKIZT ++ej2Xlx3sR3s9EAyQ5Pc2pdBTSemuvQxzuqFg2H0g1eBYPRCLMCDW2JzXv8B9QE9K ++aNDZAoGAKbVakgVlwrGffJb5c6ZFF9W/WoJYXJRA2/tMqvOcaZwSNq0ySHI/uUyM ++3aexymibv5cGsFhtcr8vqxlX0PZ+PF2SRe/L58PmByEXGmyv6UZ/fhOCh8ttmPzt ++GIh5PiKOd7RR7ydFY22M2+uW99wMf5jSH6uX1DRATFLxJygbnHA= + -----END RSA PRIVATE KEY----- +diff --git a/tests/certs/Server-localhost-lastSAN-sv.pem b/tests/certs/Server-localhost-lastSAN-sv.pem +index b563e0a76e490..c1684fdbb26fe 100644 +--- a/tests/certs/Server-localhost-lastSAN-sv.pem ++++ b/tests/certs/Server-localhost-lastSAN-sv.pem +@@ -24,49 +24,70 @@ commonName_value = localhost.nn + # the certificate + # some dhparam + -----BEGIN RSA PRIVATE KEY----- +-MIICWwIBAAKBgQCjKnXXv3VBQL5CuLkAKPFFKVW8Nsqmt4aTlyWEqsmArEHZKPuw +-aEtb7r2Ug9or9szMEd/7SObp1ZdBf5oNt4eWEiJBKn+VihTWbEs03xgpAQ2yPE3I +-xF6H+p+q7qRz6bt0V4UkKlHkQ1xLl1FSuYJunM6uD5FFJfm0JGaORx/X1QIDAQAB +-AoGAaC2QGDSSNRuVXxx6YnPBuJrvtsB1G4VKU6nJtq8lARb65CCassOkegow2UZm +-YnOtxw4SqGqfpOVPMe66+c8Yrd+6zimC7VorxmfhNxqOO34bxzztKKk8Q7c+odl3 +-+c4aVnFBk2hzuOW4PuJoFfFNQZWmh/XJdKK85X+bkryS/oECQQDTdzwYyDxvrPaw +-ZeR5oDleopk5W5QwmBAq4ehtie1oZfhzlNZzPOjnI9I71MRYdCwkesKHL2k6q7cT +-jA4sSmx5AkEAxYc6+o8l0/HE8HzypWe/ZfozaY3ccIFzmvcwQorbCvAxDtZ1DbFy +-VWLOgM/6gwDIUDF6ckaInaVmiVJl60Y3PQJAZFBOuO7cBJoHWDytuqiwLl1x1EzG +-KpsoKD+MU9I3RewBhUrYxEfjsCpFA8716YQKoK9/ckOiZouoyGQLISWY+QJAG5id +-AMxm+Ilafk62h61K7DBcZm7PUViEki3erC1CFPEhqXUEvXkBBDTdrNlholPFqI6B +-EN4R0BR/ksfUPV598QJAF8jl/8gz8pmAWmqw8tKbWdQeDgisyTHeYlPMxq4fUbLH +-mJk05csSX9CTg4eO7NRRwPxODKmPCd88sZZSOuTQmQ== ++MIIEogIBAAKCAQEA3xYVXyqkUM86qHluIo2VFrdNfdIfT20ten3cik9Te1/J3lyI ++bKJ0JjUceGjBYCWne7Yamqoz0J9e8i4hBIwNmij1YUA8NBqbinCBbYOefNBM2Xnc ++N9kkbnPHYTFx6fWXt2WtPfavIG9WubVCtT2WYTHrDUzp9THTJa9As7uBBH8aziEY ++g1ItUTGugvnLENPVBq/4ceijxp97SNriKK8c/0FtMoFFWddk5LHXyYZqC2VxZtZC ++qGf9g0kgdRYeuxuFXH7ij18cgdOKldaSXJ5/ohAI4d+uaWg/jd15T9o/ebUCl1cw ++Z009djW1T9FdNd3UtWtXsuAjNa0av2935rxY7QIDAQABAoIBAFz/H7mkVQs62AET ++Xc4Zp2To1Oz2gwbhRGwju6QMnYh4zfZcLKLctf6XdV7cjIBAMiloKH8BJMh7J2Fd ++yXXTzHfPSztXQ8GUtfJoJAw7Kf5t9xtRqXO+mWlR6nOh4RLexng1cpq6Exc6UrTn ++0v8qxV2PKaVJwt3r/1FeVWKXb5kne/Ob4LS7c0xnVqc7TGPtxLdS5mU5jrt0ZdZl ++tcHulLX24rmxKcNvge6r2EiYuet3vUi1uuLBQbWUJIFRwetDufG/2e2ihOuvCj5s ++aYNlRAo0JUwWl7geicRUdxkCpV/Qld7aYldKIcsSzgl6GLpgNpHjUFBbJBGSng0S ++vA4CMQECgYEA9tseJG2IuudqDHnpuUxtnlfDJTfYjtBQnYG1ojbd9FUiuihv/B2K ++pJ5uuowpKSnXOwaHtzyQ6XJA7JChRcDmJ4rf6R/1B61+1XVasyi2WffTJHbKzUk+ ++hBAUoGtJIvrChMOnAlQzifP8+b7ec/ghKy87dNlQzQlSunyEW6lAW/UCgYEA51mQ ++JOFsasSvioKilsJuFCcFInZCRTEMz7vK9HW2Qnv71b3xeB6aNoJA8zf1Gw9q5clN ++Yu+8pkGNsWeone8izTzzpgZGJmM/vLjSdIgaJytStha2FwlQxUjggOjSy1zIdW+v ++ROw6OaT2J5+Qw2ruWqSaw2fiDgOpBCJgfg95JhkCgYAy5SppyEuQfXXX7KrLkX5o ++Tx/k5Ia5qylzz/Jq53ULkyH9z6iHCnAzUJbzz0INQpsliEsi9FHMT8oi/A7EGulY ++7cEMh5I1awfjarawiYxPMFFQC0301U0WXVpjWLtTgu/n/47HZCTcJHnb5AZpUpdE ++GBDiHowSOgHcgR+o5lRmoQKBgFaPi0BRW+hi6S9RC5aO7vL5WpF3X/pVjO6Y3Co1 ++dNlRXHuv0w5XnOmyOK0IDdxvG1cYx6yx+IrYUjTDjTJyjDnwiVVgWZT5Y5qwKIZT ++ej2Xlx3sR3s9EAyQ5Pc2pdBTSemuvQxzuqFg2H0g1eBYPRCLMCDW2JzXv8B9QE9K ++aNDZAoGAKbVakgVlwrGffJb5c6ZFF9W/WoJYXJRA2/tMqvOcaZwSNq0ySHI/uUyM ++3aexymibv5cGsFhtcr8vqxlX0PZ+PF2SRe/L58PmByEXGmyv6UZ/fhOCh8ttmPzt ++GIh5PiKOd7RR7ydFY22M2+uW99wMf5jSH6uX1DRATFLxJygbnHA= + -----END RSA PRIVATE KEY----- + Certificate: + Data: + Version: 3 (0x2) +- Serial Number: 14725819772555 (0xd649f41ae8b) ++ Serial Number: 15361901406880 (0xdf8b8ad2aa0) + Signature Algorithm: sha1WithRSAEncryption + Issuer: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = Northern Nowhere Trust Anchor + Validity +- Not Before: Aug 30 18:32:57 2016 GMT +- Not After : Nov 16 18:32:57 2024 GMT ++ Not Before: Sep 5 23:29:01 2018 GMT ++ Not After : Nov 22 23:29:01 2026 GMT + Subject: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = localhost.nn + Subject Public Key Info: + Public Key Algorithm: rsaEncryption +- Public-Key: (1024 bit) ++ Public-Key: (2048 bit) + Modulus: +- 00:a3:2a:75:d7:bf:75:41:40:be:42:b8:b9:00:28: +- f1:45:29:55:bc:36:ca:a6:b7:86:93:97:25:84:aa: +- c9:80:ac:41:d9:28:fb:b0:68:4b:5b:ee:bd:94:83: +- da:2b:f6:cc:cc:11:df:fb:48:e6:e9:d5:97:41:7f: +- 9a:0d:b7:87:96:12:22:41:2a:7f:95:8a:14:d6:6c: +- 4b:34:df:18:29:01:0d:b2:3c:4d:c8:c4:5e:87:fa: +- 9f:aa:ee:a4:73:e9:bb:74:57:85:24:2a:51:e4:43: +- 5c:4b:97:51:52:b9:82:6e:9c:ce:ae:0f:91:45:25: +- f9:b4:24:66:8e:47:1f:d7:d5 ++ 00:df:16:15:5f:2a:a4:50:cf:3a:a8:79:6e:22:8d: ++ 95:16:b7:4d:7d:d2:1f:4f:6d:2d:7a:7d:dc:8a:4f: ++ 53:7b:5f:c9:de:5c:88:6c:a2:74:26:35:1c:78:68: ++ c1:60:25:a7:7b:b6:1a:9a:aa:33:d0:9f:5e:f2:2e: ++ 21:04:8c:0d:9a:28:f5:61:40:3c:34:1a:9b:8a:70: ++ 81:6d:83:9e:7c:d0:4c:d9:79:dc:37:d9:24:6e:73: ++ c7:61:31:71:e9:f5:97:b7:65:ad:3d:f6:af:20:6f: ++ 56:b9:b5:42:b5:3d:96:61:31:eb:0d:4c:e9:f5:31: ++ d3:25:af:40:b3:bb:81:04:7f:1a:ce:21:18:83:52: ++ 2d:51:31:ae:82:f9:cb:10:d3:d5:06:af:f8:71:e8: ++ a3:c6:9f:7b:48:da:e2:28:af:1c:ff:41:6d:32:81: ++ 45:59:d7:64:e4:b1:d7:c9:86:6a:0b:65:71:66:d6: ++ 42:a8:67:fd:83:49:20:75:16:1e:bb:1b:85:5c:7e: ++ e2:8f:5f:1c:81:d3:8a:95:d6:92:5c:9e:7f:a2:10: ++ 08:e1:df:ae:69:68:3f:8d:dd:79:4f:da:3f:79:b5: ++ 02:97:57:30:67:4d:3d:76:35:b5:4f:d1:5d:35:dd: ++ d4:b5:6b:57:b2:e0:23:35:ad:1a:bf:6f:77:e6:bc: ++ 58:ed + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: +@@ -76,45 +97,48 @@ Certificate: + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Subject Key Identifier: +- 2C:CF:E3:6E:08:F9:CE:9B:98:3B:B3:17:7F:0C:9D:E4:5B:1B:76:8A ++ 7C:9A:EA:9B:92:98:FB:77:25:89:8B:EF:D3:F4:88:34:AF:EA:24:CC + X509v3 Authority Key Identifier: + keyid:12:CA:BA:4B:46:04:A7:75:8A:2C:E8:0E:54:94:BC:12:65:A6:7B:CE + + X509v3 Basic Constraints: + CA:FALSE + Signature Algorithm: sha1WithRSAEncryption +- 2e:3d:c1:a2:a7:e4:70:f8:a8:13:86:c3:af:22:1f:e9:e1:62: +- f4:cf:16:66:a8:3b:70:f6:12:30:be:fe:8e:44:1b:71:b5:c1: +- e0:4b:66:c4:5d:d4:d7:7d:49:43:4a:6d:22:1b:ce:3d:e3:14: +- 14:b3:6d:3a:93:39:0c:9b:2c:83:35:1d:7e:7c:29:29:3c:51: +- 6b:27:c3:5b:2d:f2:61:18:f8:c7:90:be:3b:68:3f:08:9b:ac: +- 68:01:d2:0c:ec:aa:5d:9e:78:b7:8b:84:04:01:b2:08:ef:df: +- 0c:f2:29:99:fe:61:d1:65:80:aa:ef:df:8e:28:55:a6:f9:88: +- 0c:01:bb:fc:1c:9e:9c:08:8d:c5:34:24:91:c1:ac:71:22:e1: +- 12:78:e0:45:d5:e2:39:c4:3c:16:09:80:d0:5b:bc:49:0a:4c: +- a3:5b:e1:36:40:ed:26:6d:8d:a0:d3:4a:3c:86:93:2f:d4:0a: +- 3c:72:08:62:d7:66:d0:b3:05:c2:0f:1d:af:3c:65:67:f2:6c: +- 76:a5:9c:37:ac:c4:ac:96:b7:e4:c0:ef:a4:5b:28:1e:16:09: +- 15:f6:7b:bb:5d:a2:94:9a:df:52:7b:ae:c9:39:f4:18:9e:84: +- 57:6c:d3:6d:ae:35:38:8f:8f:9b:0d:df:77:69:ae:25:ec:ce: +- d0:2b:bd:8d ++ 0f:97:60:47:2f:22:9f:d4:16:99:5a:ed:f4:b5:54:31:bf:9f: ++ a1:bd:2d:8b:eb:c1:24:db:73:30:c7:46:d6:4c:c8:c6:38:0c: ++ 9a:e6:d6:5e:e8:a7:fb:9f:b6:44:66:73:43:86:46:10:c0:4c: ++ 40:4e:c1:d7:e4:41:0b:f0:61:f0:6f:45:8c:5a:14:40:42:97: ++ c3:03:d0:ff:6d:4a:06:80:65:49:d4:2f:07:9d:86:59:6b:5b: ++ 9e:bc:0c:46:8a:62:da:c0:22:af:13:6c:0d:9d:54:5e:46:53: ++ a5:aa:f2:80:44:c7:07:6e:f7:b0:4c:37:5c:31:08:a0:37:df: ++ 8a:35:92:3c:8c:91:2f:64:4f:d3:a0:eb:95:b3:4a:9e:f7:ac: ++ 25:ad:06:13:5c:dd:bd:d5:6b:74:8d:c7:c5:a6:b4:89:27:fd: ++ b7:c2:24:a7:6a:b3:64:e6:e6:31:91:35:fc:0e:15:14:38:d6: ++ 39:b0:c4:b2:c1:c8:c7:ed:25:d7:b0:a9:b9:a0:70:33:42:90: ++ 86:33:2a:d8:d5:8a:02:e6:ab:8d:92:d6:ae:b4:1d:e9:6c:22: ++ a5:2f:1a:48:48:2b:5c:b8:30:01:4b:27:1a:d3:cf:21:77:ab: ++ 9f:bc:55:34:2e:9f:03:2b:17:0b:c3:44:8e:a8:94:ae:92:a2: ++ 9a:33:c0:8e + -----BEGIN CERTIFICATE----- +-MIIDWjCCAkKgAwIBAgIGDWSfQa6LMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYT ++MIID3jCCAsagAwIBAgIGDfi4rSqgMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYT + Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo + IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe +-Fw0xNjA4MzAxODMyNTdaFw0yNDExMTYxODMyNTdaMFcxCzAJBgNVBAYTAk5OMTEw ++Fw0xODA5MDUyMzI5MDFaFw0yNjExMjIyMzI5MDFaMFcxCzAJBgNVBAYTAk5OMTEw + LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk +-MRUwEwYDVQQDDAxsb2NhbGhvc3Qubm4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ +-AoGBAKMqdde/dUFAvkK4uQAo8UUpVbw2yqa3hpOXJYSqyYCsQdko+7BoS1vuvZSD +-2iv2zMwR3/tI5unVl0F/mg23h5YSIkEqf5WKFNZsSzTfGCkBDbI8TcjEXof6n6ru +-pHPpu3RXhSQqUeRDXEuXUVK5gm6czq4PkUUl+bQkZo5HH9fVAgMBAAGjgZ4wgZsw +-LAYDVR0RBCUwI4IKbG9jYWxob3N0MYIKbG9jYWxob3N0MoIJbG9jYWxob3N0MAsG +-A1UdDwQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQULM/jbgj5 +-zpuYO7MXfwyd5FsbdoowHwYDVR0jBBgwFoAUEsq6S0YEp3WKLOgOVJS8EmWme84w +-CQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEALj3BoqfkcPioE4bDryIf6eFi +-9M8WZqg7cPYSML7+jkQbcbXB4EtmxF3U131JQ0ptIhvOPeMUFLNtOpM5DJssgzUd +-fnwpKTxRayfDWy3yYRj4x5C+O2g/CJusaAHSDOyqXZ54t4uEBAGyCO/fDPIpmf5h +-0WWAqu/fjihVpvmIDAG7/ByenAiNxTQkkcGscSLhEnjgRdXiOcQ8FgmA0Fu8SQpM +-o1vhNkDtJm2NoNNKPIaTL9QKPHIIYtdm0LMFwg8drzxlZ/JsdqWcN6zErJa35MDv +-pFsoHhYJFfZ7u12ilJrfUnuuyTn0GJ6EV2zTba41OI+Pmw3fd2muJezO0Cu9jQ== ++MRUwEwYDVQQDDAxsb2NhbGhvc3Qubm4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ++ggEKAoIBAQDfFhVfKqRQzzqoeW4ijZUWt0190h9PbS16fdyKT1N7X8neXIhsonQm ++NRx4aMFgJad7thqaqjPQn17yLiEEjA2aKPVhQDw0GpuKcIFtg5580EzZedw32SRu ++c8dhMXHp9Ze3Za099q8gb1a5tUK1PZZhMesNTOn1MdMlr0Czu4EEfxrOIRiDUi1R ++Ma6C+csQ09UGr/hx6KPGn3tI2uIorxz/QW0ygUVZ12TksdfJhmoLZXFm1kKoZ/2D ++SSB1Fh67G4VcfuKPXxyB04qV1pJcnn+iEAjh365paD+N3XlP2j95tQKXVzBnTT12 ++NbVP0V013dS1a1ey4CM1rRq/b3fmvFjtAgMBAAGjgZ4wgZswLAYDVR0RBCUwI4IK ++bG9jYWxob3N0MYIKbG9jYWxob3N0MoIJbG9jYWxob3N0MAsGA1UdDwQEAwIDqDAT ++BgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQUfJrqm5KY+3cliYvv0/SINK/q ++JMwwHwYDVR0jBBgwFoAUEsq6S0YEp3WKLOgOVJS8EmWme84wCQYDVR0TBAIwADAN ++BgkqhkiG9w0BAQUFAAOCAQEAD5dgRy8in9QWmVrt9LVUMb+fob0ti+vBJNtzMMdG ++1kzIxjgMmubWXuin+5+2RGZzQ4ZGEMBMQE7B1+RBC/Bh8G9FjFoUQEKXwwPQ/21K ++BoBlSdQvB52GWWtbnrwMRopi2sAirxNsDZ1UXkZTparygETHB273sEw3XDEIoDff ++ijWSPIyRL2RP06DrlbNKnvesJa0GE1zdvdVrdI3Hxaa0iSf9t8Ikp2qzZObmMZE1 ++/A4VFDjWObDEssHIx+0l17CpuaBwM0KQhjMq2NWKAuarjZLWrrQd6WwipS8aSEgr ++XLgwAUsnGtPPIXern7xVNC6fAysXC8NEjqiUrpKimjPAjg== + -----END CERTIFICATE----- +diff --git a/tests/certs/Server-localhost-lastSAN-sv.pub.der b/tests/certs/Server-localhost-lastSAN-sv.pub.der +index 06fe6d066c012964e561f9103e6f93f236943a06..5cd11dc131fee572222d89bcf318562faad7941d 100644 +GIT binary patch +literal 294 +zcmV+>0ondAf&n5h4F(A+hDe6@4FLfG1potr0S^E$f&mHwf&l>l-xd{LDx^@)I;eSW +zB8`<6w@rQ0A5U#9dVSoAPg8qe$=+OuY@&1~H5_1dI)u +zDD`1LJTw}cig1B#gPwfQOxbzdH`yd^bH`yZaq0D!w`Hw8_OBpsR=Kr8wLO+$G3yOX +z>Gd(wC9goUyMY9M8qOgYgHkO~F|LC7%MjDm2Cw*W=%dD;dq~>iD6bsn+a + +literal 162 +zcmV;T0A2qufuAr91_>&LNQUy(?LD?w#uxLwL?!A +Qv?OMZM<3VK0s{d60U~8c6951J + +diff --git a/tests/certs/Server-localhost-lastSAN-sv.pub.pem b/tests/certs/Server-localhost-lastSAN-sv.pub.pem +index a8e2dd4c7fdba..aaca8570804a8 100644 +--- a/tests/certs/Server-localhost-lastSAN-sv.pub.pem ++++ b/tests/certs/Server-localhost-lastSAN-sv.pub.pem +@@ -1,6 +1,9 @@ + -----BEGIN PUBLIC KEY----- +-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjKnXXv3VBQL5CuLkAKPFFKVW8 +-Nsqmt4aTlyWEqsmArEHZKPuwaEtb7r2Ug9or9szMEd/7SObp1ZdBf5oNt4eWEiJB +-Kn+VihTWbEs03xgpAQ2yPE3IxF6H+p+q7qRz6bt0V4UkKlHkQ1xLl1FSuYJunM6u +-D5FFJfm0JGaORx/X1QIDAQAB ++MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3xYVXyqkUM86qHluIo2V ++FrdNfdIfT20ten3cik9Te1/J3lyIbKJ0JjUceGjBYCWne7Yamqoz0J9e8i4hBIwN ++mij1YUA8NBqbinCBbYOefNBM2XncN9kkbnPHYTFx6fWXt2WtPfavIG9WubVCtT2W ++YTHrDUzp9THTJa9As7uBBH8aziEYg1ItUTGugvnLENPVBq/4ceijxp97SNriKK8c ++/0FtMoFFWddk5LHXyYZqC2VxZtZCqGf9g0kgdRYeuxuFXH7ij18cgdOKldaSXJ5/ ++ohAI4d+uaWg/jd15T9o/ebUCl1cwZ009djW1T9FdNd3UtWtXsuAjNa0av2935rxY ++7QIDAQAB + -----END PUBLIC KEY----- +diff --git a/tests/certs/Server-localhost-sv.crl b/tests/certs/Server-localhost-sv.crl +index 3e75229badd37..1fa20f59f74ce 100644 +--- a/tests/certs/Server-localhost-sv.crl ++++ b/tests/certs/Server-localhost-sv.crl +@@ -1,21 +1,12 @@ + -----BEGIN X509 CRL----- +-MIIDbzCCAlcCAQEwDQYJKoZIhvcNAQEFBQAwaDELMAkGA1UEBhMCTk4xMTAvBgNV +-BAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxJjAk +-BgNVBAMMHU5vcnRoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yFw0xNTAzMjExNTA3 +-MTFaFw0xNTA0MjAxNTA3MTFaMIIBqTAXAgYM+ly45CIXDTE1MDMyMTEzMTQ1N1ow +-FwIGDPpcwXH8Fw0xNTAzMjExMzE1NTNaMBcCBgz6XO7ujBcNMTUwMzIxMTMyMDUx +-WjAXAgYM+lzu7p0XDTE1MDMyMTEzMjA1MVowFwIGDPpc7u6uFw0xNTAzMjExMzIw +-NTFaMBcCBgz6XZyD1RcNMTUwMzIxMTMzOTQ5WjAXAgYM+l4OXa8XDTE1MDMyMTEz +-NTIxNVowFwIGDPpeJlPZFw0xNTAzMjExMzU0NTJaMBcCBgz6XiZT6hcNMTUwMzIx +-MTM1NDUyWjAXAgYM+l4mU/sXDTE1MDMyMTEzNTQ1MlowFwIGDPpemKKEFw0xNTAz +-MjExNDA3MjFaMBcCBgz6XpiilRcNMTUwMzIxMTQwNzIxWjAXAgYM+l6YoqYXDTE1 +-MDMyMTE0MDcyMVowFwIGDPpffssxFw0xNTAzMjExNDMyMzBaMBcCBgz6X37yUxcN +-MTUwMzIxMTQzMjMxWjAXAgYM+l9+8mYXDTE1MDMyMTE0MzIzMVowFwIGDPpgvFFL +-Fw0xNTAzMjExNTA3MTFaoA4wDDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOC +-AQEAllslrhWUoq49PC+KQghVDAeFREP3pKPUlSebVVR8PCtCKrFtc53dUaTl8qhK +-1wOLodr80lfr2kEgzTEDt2CfXryl3orLPeMWe0OWTBsPbuwj+d7m3uq4B43laqJn +-JM5ebRvzHWMJkVNkwiXiadPTW5ZMUqu2Bs97rdcjklUrEcamf9aMLqb6sPGtU4EO +-o/GxGW2eypYwncFmzAc5W3NDRePGPhN5rUDfqm5Id4T9FKmGcNmI7qlLQi+jp23F +-V6RvrqANIemopQQ4kYGy7pzilDYm6+R+fPCIh2H/0eqCDY8NdjygXtWW+pJ58axV +-MPZ2mFPcH5UHiqmi8kRstnA8KQ== ++MIIB3DCBxQIBATANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJOTjExMC8GA1UE ++CgwoRWRlbCBDdXJsIEFyY3RpYyBJbGx1ZGl1bSBSZXNlYXJjaCBDbG91ZDEmMCQG ++A1UEAwwdTm9ydGhlcm4gTm93aGVyZSBUcnVzdCBBbmNob3IXDTE4MDkwNTIyNTgy ++NFoXDTE4MTAwNTIyNTgyNFowGTAXAgYN+LeU/PYXDTE4MDkwNTIyNTgyNFqgDjAM ++MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQATzHQ7MYAcJbwn1Z1vDx41 ++ntxaASSuw8rzNMbuZjTy2iWoGyE79cmdFxT3YXZmbV3Ypv2LrmxBUYfw3qz1UDGS ++o7LmZ05I+6XwC/D3f88wWkz2Y27o4vE0BRqWjVx8XZfR0GtdZVn8zmTydvzw8plQ ++2uMQYafo0G2FaLN/3qT7XcndeMfEAxcfIysopsUcEitT0AlRafOk/ok3QmBNuDOI ++WWm4H5wxxFln7KRQX8WYxC+myWXpRzu1c3zf/+G1tu300O0LKuF17hqRJtJXBSQL ++ZxRzrqLijF3J3KQSnN4vxqViI6TKXAKAScrVEim9qT0+PTDvUrcxO64Xx08KoTEe + -----END X509 CRL----- +diff --git a/tests/certs/Server-localhost-sv.crt b/tests/certs/Server-localhost-sv.crt +index abf69245e006a..e9233c0b16a7b 100644 +--- a/tests/certs/Server-localhost-sv.crt ++++ b/tests/certs/Server-localhost-sv.crt +@@ -1,32 +1,41 @@ + Certificate: + Data: + Version: 3 (0x2) +- Serial Number: 14269504311627 (0xcfa60bc514b) ++ Serial Number: 15361883045110 (0xdf8b794fcf6) + Signature Algorithm: sha1WithRSAEncryption + Issuer: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = Northern Nowhere Trust Anchor + Validity +- Not Before: Mar 21 15:07:11 2015 GMT +- Not After : Jun 7 15:07:11 2023 GMT ++ Not Before: Sep 5 22:58:24 2018 GMT ++ Not After : Nov 22 22:58:24 2026 GMT + Subject: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = localhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption +- Public-Key: (1024 bit) ++ Public-Key: (2048 bit) + Modulus: +- 00:ba:5f:4b:69:74:31:99:4d:f4:b4:b7:2a:65:b8: +- b7:31:c1:38:cf:36:37:bb:5e:18:e3:52:1f:52:aa: +- 5a:25:2f:0c:66:88:32:b0:ef:b2:2c:90:38:5e:6e: +- 6f:0e:e4:3b:3f:f0:2e:f1:7a:3d:5e:c3:64:86:3f: +- 68:b7:cf:0b:b3:ea:0a:ca:94:16:d4:2b:6a:02:e3: +- a1:b3:c7:d1:d0:06:b8:ff:df:dc:e0:32:2a:e7:dd: +- 62:cc:71:c4:e8:cf:9d:de:5c:75:69:9d:b6:ce:e2: +- 42:d8:a7:bd:50:54:78:2d:55:67:7f:00:7b:8f:9c: +- 11:d1:9e:ce:be:1e:fe:cf:37 ++ 00:dd:a1:c5:57:76:bf:5f:54:6b:88:60:32:cc:03: ++ 6e:32:c7:ab:e5:6e:fc:f2:f0:ce:38:64:b6:54:ab: ++ 82:91:03:cb:b6:66:ad:c8:3d:43:3c:47:2d:63:a8: ++ 1a:42:18:f4:de:f6:63:2b:37:83:a8:6a:35:6a:b5: ++ a6:d5:c4:d2:f8:d2:dc:f8:a2:a0:b9:a3:1c:72:b6: ++ 00:c0:76:32:69:33:88:f3:53:62:20:eb:4a:14:a1: ++ c0:30:a3:b1:6a:4f:a1:e4:d6:db:bb:00:1b:75:0a: ++ d3:cf:0d:fa:eb:49:bd:8f:02:b9:bb:ed:61:c8:f2: ++ c0:d5:9f:74:5f:8e:45:f7:90:8d:39:4e:5a:67:4e: ++ 15:13:f7:79:1d:30:5c:a3:47:ed:e4:a3:94:fd:69: ++ cf:66:e5:51:db:8d:a0:a0:e3:ea:62:d3:5b:d5:70: ++ 52:ba:7a:f6:11:18:e4:17:d3:9b:7b:c9:68:08:4a: ++ f3:cd:56:1f:d6:39:43:48:35:3f:03:66:d5:8b:9a: ++ ca:a5:8d:e5:bd:8c:3d:50:73:9e:00:0e:65:a4:76: ++ 44:62:0a:51:fe:aa:2f:7b:22:a7:88:62:32:cc:99: ++ e4:2c:81:98:1b:c9:3a:7d:8f:73:41:c6:a5:0a:1a: ++ 16:32:20:77:6d:32:b2:02:0d:9b:fd:11:ac:c5:f4: ++ 17:e7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: +@@ -36,45 +45,48 @@ Certificate: + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Subject Key Identifier: +- 7E:42:8D:AC:2E:93:AD:4C:E0:09:AC:C6:08:F1:82:E0:B7:B7:C6:7F ++ D5:C8:A5:DF:AB:B4:EE:19:CB:CF:D1:D5:74:C4:28:66:B5:1C:CC:39 + X509v3 Authority Key Identifier: + keyid:12:CA:BA:4B:46:04:A7:75:8A:2C:E8:0E:54:94:BC:12:65:A6:7B:CE + + X509v3 Basic Constraints: + CA:FALSE + Signature Algorithm: sha1WithRSAEncryption +- 00:fe:c4:fc:4b:28:b8:bc:39:8c:6f:f1:72:d3:76:da:28:27: +- e2:97:94:bb:ad:2f:91:c4:db:df:33:4b:48:4e:97:5b:4c:4c: +- be:fc:e4:b7:19:5c:b8:83:6e:ef:2c:b0:d5:7c:fc:0d:cb:7e: +- 29:ed:fd:4d:ef:05:1c:89:15:31:78:9b:18:29:d3:37:83:c7: +- 39:f4:78:27:b7:00:75:d1:fb:f0:29:88:79:e4:e9:a7:d4:65: +- 04:bf:d5:a1:dc:05:b2:17:c4:a9:da:61:10:22:5f:8f:50:fc: +- 1f:ab:f6:39:dd:ab:35:a6:94:54:63:5c:6d:25:f0:dc:3a:0a: +- 70:4e:49:ef:be:fa:2c:0a:cd:ce:a6:2d:26:cd:f8:24:89:77: +- 2c:ea:6e:19:b6:5c:8c:1a:08:ea:a8:9f:2c:1b:c7:fc:13:6c: +- fe:a7:90:08:e5:98:83:30:52:86:ac:83:0b:cb:25:92:21:94: +- 80:13:d7:e8:d0:42:56:83:55:d3:09:9b:e8:c5:96:82:15:64: +- 6b:83:77:eb:99:e5:52:dc:1b:36:29:a0:c9:da:8b:d3:0d:77: +- 24:f2:c3:df:2e:c4:93:e0:34:47:a9:9b:54:d3:75:d5:c7:de: +- 88:a1:ef:7b:40:2f:dc:e9:28:8c:69:be:eb:71:4a:c2:30:50: +- 99:36:52:69 ++ 96:24:85:57:fe:fd:0d:e8:58:ce:c0:af:6e:7c:ac:cf:e0:00: ++ 31:78:22:6a:82:fe:db:1f:8f:92:0c:39:d1:74:bf:27:22:f4: ++ f2:19:8f:96:5a:8e:ce:a1:58:6b:4a:6f:07:30:b6:fb:91:9f: ++ fd:8a:1c:a3:fb:13:6d:b0:0c:6c:3f:1e:99:fd:c9:10:fa:47: ++ 21:20:dd:c3:06:dc:b6:f7:a2:bc:6d:2d:7b:3e:a6:c9:1a:4d: ++ 69:5b:13:77:2d:c4:54:3c:35:75:69:1a:d8:d8:6c:2b:92:5a: ++ 8b:bc:2e:37:48:80:40:78:60:3f:b4:79:21:b4:5f:70:d6:0a: ++ 14:00:1d:e0:88:7a:7e:f5:c5:13:c2:aa:4c:59:d0:05:3a:83: ++ 1e:3f:16:68:c2:3e:04:fc:1b:7f:11:26:2e:1c:c7:58:c7:5a: ++ fd:00:73:a2:09:a1:06:98:3e:23:f0:83:65:45:8a:e1:2f:2f: ++ 1f:e5:c8:ed:8a:6e:1b:c8:79:50:ad:c7:bf:92:9d:4d:e5:f9: ++ d8:24:a7:7d:8b:34:40:79:9a:59:a3:53:0f:22:91:2a:fb:a7: ++ 38:f8:e7:58:f8:e8:a2:3a:1f:74:42:81:65:5d:7d:4f:cb:04: ++ 1b:d6:ce:1d:59:2d:3f:f8:8b:05:97:24:df:3c:1f:b4:43:59: ++ 8b:8c:4d:7f + -----BEGIN CERTIFICATE----- +-MIIDPzCCAiegAwIBAgIGDPpgvFFLMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYT ++MIIDwzCCAqugAwIBAgIGDfi3lPz2MA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYT + Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo + IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe +-Fw0xNTAzMjExNTA3MTFaFw0yMzA2MDcxNTA3MTFaMFQxCzAJBgNVBAYTAk5OMTEw ++Fw0xODA5MDUyMjU4MjRaFw0yNjExMjIyMjU4MjRaMFQxCzAJBgNVBAYTAk5OMTEw + LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk +-MRIwEAYDVQQDDAlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +-ALpfS2l0MZlN9LS3KmW4tzHBOM82N7teGONSH1KqWiUvDGaIMrDvsiyQOF5ubw7k +-Oz/wLvF6PV7DZIY/aLfPC7PqCsqUFtQragLjobPH0dAGuP/f3OAyKufdYsxxxOjP +-nd5cdWmdts7iQtinvVBUeC1VZ38Ae4+cEdGezr4e/s83AgMBAAGjgYYwgYMwFAYD +-VR0RBA0wC4IJbG9jYWxob3N0MAsGA1UdDwQEAwIDqDATBgNVHSUEDDAKBggrBgEF +-BQcDATAdBgNVHQ4EFgQUfkKNrC6TrUzgCazGCPGC4Le3xn8wHwYDVR0jBBgwFoAU +-Esq6S0YEp3WKLOgOVJS8EmWme84wCQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOC +-AQEAAP7E/EsouLw5jG/xctN22ign4peUu60vkcTb3zNLSE6XW0xMvvzktxlcuINu +-7yyw1Xz8Dct+Ke39Te8FHIkVMXibGCnTN4PHOfR4J7cAddH78CmIeeTpp9RlBL/V +-odwFshfEqdphECJfj1D8H6v2Od2rNaaUVGNcbSXw3DoKcE5J7776LArNzqYtJs34 +-JIl3LOpuGbZcjBoI6qifLBvH/BNs/qeQCOWYgzBShqyDC8slkiGUgBPX6NBCVoNV +-0wmb6MWWghVka4N365nlUtwbNimgydqL0w13JPLD3y7Ek+A0R6mbVNN11cfeiKHv +-e0Av3OkojGm+63FKwjBQmTZSaQ== ++MRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK ++AoIBAQDdocVXdr9fVGuIYDLMA24yx6vlbvzy8M44ZLZUq4KRA8u2Zq3IPUM8Ry1j ++qBpCGPTe9mMrN4OoajVqtabVxNL40tz4oqC5oxxytgDAdjJpM4jzU2Ig60oUocAw ++o7FqT6Hk1tu7ABt1CtPPDfrrSb2PArm77WHI8sDVn3RfjkX3kI05TlpnThUT93kd ++MFyjR+3ko5T9ac9m5VHbjaCg4+pi01vVcFK6evYRGOQX05t7yWgISvPNVh/WOUNI ++NT8DZtWLmsqljeW9jD1Qc54ADmWkdkRiClH+qi97IqeIYjLMmeQsgZgbyTp9j3NB ++xqUKGhYyIHdtMrICDZv9EazF9BfnAgMBAAGjgYYwgYMwFAYDVR0RBA0wC4IJbG9j ++YWxob3N0MAsGA1UdDwQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4E ++FgQU1cil36u07hnLz9HVdMQoZrUczDkwHwYDVR0jBBgwFoAUEsq6S0YEp3WKLOgO ++VJS8EmWme84wCQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEAliSFV/79DehY ++zsCvbnysz+AAMXgiaoL+2x+Pkgw50XS/JyL08hmPllqOzqFYa0pvBzC2+5Gf/Yoc ++o/sTbbAMbD8emf3JEPpHISDdwwbctveivG0tez6myRpNaVsTdy3EVDw1dWka2Nhs ++K5Jai7wuN0iAQHhgP7R5IbRfcNYKFAAd4Ih6fvXFE8KqTFnQBTqDHj8WaMI+BPwb ++fxEmLhzHWMda/QBzogmhBpg+I/CDZUWK4S8vH+XI7YpuG8h5UK3Hv5KdTeX52CSn ++fYs0QHmaWaNTDyKRKvunOPjnWPjoojofdEKBZV19T8sEG9bOHVktP/iLBZck3zwf ++tENZi4xNfw== + -----END CERTIFICATE----- +diff --git a/tests/certs/Server-localhost-sv.csr b/tests/certs/Server-localhost-sv.csr +index f919409b1bc8c..9d397e76a225a 100644 +--- a/tests/certs/Server-localhost-sv.csr ++++ b/tests/certs/Server-localhost-sv.csr +@@ -1,11 +1,16 @@ + -----BEGIN CERTIFICATE REQUEST----- +-MIIBkzCB/QIBADBUMQswCQYDVQQGEwJOTjExMC8GA1UECgwoRWRlbCBDdXJsIEFy +-Y3RpYyBJbGx1ZGl1bSBSZXNlYXJjaCBDbG91ZDESMBAGA1UEAwwJbG9jYWxob3N0 +-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6X0tpdDGZTfS0typluLcxwTjP +-Nje7XhjjUh9SqlolLwxmiDKw77IskDhebm8O5Ds/8C7xej1ew2SGP2i3zwuz6grK +-lBbUK2oC46Gzx9HQBrj/39zgMirn3WLMccToz53eXHVpnbbO4kLYp71QVHgtVWd/ +-AHuPnBHRns6+Hv7PNwIDAQABoAAwDQYJKoZIhvcNAQELBQADgYEAsJ+ypJAE5YiR +-A1niVNXKoqXmIQsXGJv9BA39AjT+cdqvdd+WTKCaZ9QXucDArhG9B9Dp66bfSgvT +-WVz6F85ju5HQekZrS2ZxdR1+muWAFE/vDgi22QwTysXvTWUfsqBQ0ZGEmdzyPJJq +-7AGzbAWx8JDhgGg2jStvQJBLhtYxhoY= ++MIICmTCCAYECAQAwVDELMAkGA1UEBhMCTk4xMTAvBgNVBAoMKEVkZWwgQ3VybCBB ++cmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxEjAQBgNVBAMMCWxvY2FsaG9z ++dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN2hxVd2v19Ua4hgMswD ++bjLHq+Vu/PLwzjhktlSrgpEDy7Zmrcg9QzxHLWOoGkIY9N72Yys3g6hqNWq1ptXE ++0vjS3PiioLmjHHK2AMB2MmkziPNTYiDrShShwDCjsWpPoeTW27sAG3UK088N+utJ ++vY8CubvtYcjywNWfdF+ORfeQjTlOWmdOFRP3eR0wXKNH7eSjlP1pz2blUduNoKDj ++6mLTW9VwUrp69hEY5BfTm3vJaAhK881WH9Y5Q0g1PwNm1YuayqWN5b2MPVBzngAO ++ZaR2RGIKUf6qL3sip4hiMsyZ5CyBmBvJOn2Pc0HGpQoaFjIgd20ysgINm/0RrMX0 ++F+cCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQDRTyb5oCiHhpNvOi9i7feRSab8 ++PBoaUIHw8CaYKnToYn8hwZ64qm0d0qdet+YSsKzxC/5x17RfU2PDiSM8YVjavV76 ++dNa+aRn0mqZB5A1IVrn2OTWCM3rNmxF7SvNdQNYdLlXKhl+jtAe8ZFvOa0oXTO6l ++wsme9/31nvs0xSCqbdFVVEmXfEbnOsSBd9Uf1xKxhdX0GIOO0CqY0az+yj9tXSTV ++4cq5mIV4vv82wIwn0ruU6b6iQpY68oACsHQxhGoQBbYsKrII24AjZH4EiuqFABmu ++LkX+qL50JKkKA5B9LKFpSVKu0IjO2c381UitBYrnlpHsidC3NwlEQWJwJ4gt + -----END CERTIFICATE REQUEST----- +diff --git a/tests/certs/Server-localhost-sv.der b/tests/certs/Server-localhost-sv.der +index b76db9ddc4652e6ca3b83d89668d8e86a4e0e911..7e1b7440ff200f88dcd4d30a03085aa81c419080 100644 +GIT binary patch +delta 638 +zcmV-^0)hR*2FC{#FoFZaFoFWBpaTK{0s;mN__vh&_K_8S8aOaHFf}qVH8?UfS{Ds6 +zHZd_WGBPqXI5ISmtyq780U|IB1_>&LNQUq-=%z%Zk+YEOTmq)(j0=c{GVaW2p)t_`bDDeUEcN#-$1x7BV1rZ8EX~4V(QDti|*f=aZoUP88M1 +zrQfTx?itI^(baUsC}y=B%sG<-0ziM3B!yT0{SD|?&cLs3e5}vl05NzXYJ&dTACHm@ +zIni{#CnEIn8IP7)j?ST2Yf5hiFt+=VpZ$s)qx%zWuncTJ9+~~g5c)?UAl<_T+_v|k +zylpLeKBmbUO=(*bcP+$JJT-M`8raxuE0S7^ye>CLfIxU)KeTxvv|n)63KV|;9pH$1 +ze)Yu@!m3PJ&;>e!9zPan!afB28-EcdE*!^L$6EaWbD{~M2ADo0@PlPVis3IWALYpH +zif$Xoc~Gs#zmlCz<@wkor+tewKzW*3qf-wekt+MAIQZvS_~@cKA9O;2WnFzw%LE(N +Y&K+4TKlqCUmn7djAGAYRi;MzIf5}H7O8@`> + +delta 505 +zcmV;+K@WtuK+p+ut)wNKThqOiaG~8I3X1i#gx+y$~1#Hre05F%fXQ2ZaO +z_Bq|FHKvqQV_a<|@Z35IaDPro@4osh3eC=@Ehf$QB#Cz{>TVgfT#OnB>ZqSA8^`<; +zZ2qT^2<4cAFj9uBgA28zU^dq6MT=_rh8zUy&H!Z1*oHUd&0ondAf&n5h4F(A+hDe6@4FLfG1potr0S^E$f&mHwf&l>l-J!)-cE4X#YlvVn +z%mZ#R$E)RT{POV5IApd|tAddO%eH2%$UQ?mM=fKh8bTQK-u7cFH-o5ZHEOk{)x^^H +z(%kr>pt++Qa<%}#b~0%*i1SloAnQsLp};Vsv1(7Dq)(j0=c{G +zVaW2p)t_`&LNQUI%w~ +z7St2F(W*FoFZgFoFWHpaTK{0s;mN__)4LkdYOB8aOaHFf}qWGcYwXS{Ds6 +zHZd_WGBPtWFf}ugty_PB0U|IB1_>&LNQUg?jm~gQ+0fQU-f%Xw}3Gh+0Q8Q{~u`3$M4&seF`D` +zEOJw-r~@6lLxc7;d&;%F5P?F0eJxt*LhZ~{V#`3DG4A3a +zdCY|F&R%Qh^@L=acGfblmct78I*=0BE``!}CNmzZ%!GFSVU7*>TGh=SvYmP8sK-ySe&2$m2c0Rith*JT7OMn6ZGUo%RJ_=hd&zDZK#jN+spU +z8ESIfC)_ewdXDWSoydv`kLJ&1d%bOHqjY|SRw~Z$ZxYkF(;`!dp5j8}9mGBe>F=pP +YmUKQLU<3Kn7J +z^d6-59tsPDM0e)}7CEZky&lKB$>C0nh8#cE&ExWD0$UeTNl_gssEPB?;a+hEpA|<4 +zK%s8RUsGM^*`L?J+huMH3MS(+|b3A9y +z&Beo!-(YKPY5BgPlFVJ|yl3;ryy`*G5qsnDxTlSp&?9W$4k|U6P{F2)(g&)hFUy#z +zqm7`9hpX)2#S10k>8S`4Fn@*{<+iK?g*6PCU0Z_01Zo9L^Y^p0tdcuMaj1V($CfwT +zI4q(VBM<=I_#r@2nUt-vw&jP8DGNKZic)7(+zRP+U^D*{nqj0B4A5`h4F)5qM6K{> +vV3TWg1|(ZYnz=gf*-zgw)nz*3lmotqlu3MQ(AvPzVuAHxP?lQI?gAn?3ESfL + +diff --git a/tests/certs/Server-localhost.nn-sv.key b/tests/certs/Server-localhost.nn-sv.key +index 6a75071b6c48f..8896125d235ba 100644 +--- a/tests/certs/Server-localhost.nn-sv.key ++++ b/tests/certs/Server-localhost.nn-sv.key +@@ -1,15 +1,27 @@ + -----BEGIN RSA PRIVATE KEY----- +-MIICXQIBAAKBgQCszBFwdCntewBEisBHA1Cdb1G3yXvdfu4pZ1uRm8fF5p1ZPmsz +-Jbd8OXyEed0VmOcnY5MQOjpAoN3QHm5g9B6k9x4KC4REd+cFFjmq3r0ex7zJ4U6M +-hhw/1s3j8mgCWxdTSVEpqInz0OFecQefFUcIQOmsSeQhrGUpCcqi3J6riQIDAQAB +-AoGAK7nYD+TVV0rw3mdeEJo+JBivTRqnRX2BNuj4uvf4rZOV7adl6SN6Mu05HSzZ +-TUXL+KOx60FQzFnox2lr9QzRU/LelLQ3H9fgVTVmGUCEAoDVRoWas8XlYGZsiHZ/ +-yJn+9Z3yQYpufSb0LQiSt73sgrTNPu50gMxe/ZSAbSscyyECQQDV8juKzWmizlTh +-+wVs/pihE0+BX1BRCsezs7FCdDEWle3XidBtYlYyUIm5wx6v8xM/F7Q/nwgymOnV +-A62PtfyjAkEAzsM3DsuJ9dG5n+EPTH3kDdfr0eYy76XPYz4HK8/FgiKPWy55BRCH +-biLcbDAe06olJiCzEvwggFigthrIqj0t4wJBALDTUi74c3SiADn+FI/vJQsMQMv2 +-kRVKSZ/WxozcJ645IKjiOKgPfJp9QjeMcxKNXrzoxItIz6eyBqGONqbujO0CQQCh +-b6azdJR5TJEklfL+BGVlsas8rgIjP1FX6Xxr5sQNwbIwvW5cV/WGNs3n4wKOvZBX +-3rwzHIy76XdB+FOpKC+FAkBDVbicC19LE6+tBzOyx4uTEm3N7N8vh566VaOpok02 +-Io7F/WYL7WSCXAtvmueWV+FJyVUMN1f2nWfWqaEXP2ag ++MIIEpAIBAAKCAQEAtahRFI3LnfU49AXDBrMUzK1SdpQR/FsOHt2thbqdUxDtO3LD ++Lg8jNbcux5G7n9XpHmzO/GNs2vWMKsMQWzU+PcTRmFYw6FoNZy+S6Wzu2SrVM0wV ++Z26YGdgmKtRbvZicmVRBWnhPnjGMu7eBVvXmzbkFjT5m3ihKl+uorWzMVPHuInrz ++U3V8f1/1e1C3gDEX2c8o8v8faNDH79uifQoh/CxyU6qoAx27Q4P2NXvKtb0QgUKB ++fS1a6kLtzFRiy0CeMe7iRjNU2Dmh98JCYu0f3neGglmmGpfmDictC5+JLRMviDBg ++XDD1buzI9+hS7r9jmRwLMTKrYnMOIMo1ux/YXwIDAQABAoIBAQCndzjwCtw4jXXo ++uFsXlQZKvkn0WQLPsx2sZM5wJx6cElGxaVX34yqhfXNZtcbTTf9v9f1HfV0/6fhC ++/7rXapkrloNmvaauvT3370qveKYkfDE57h0ZUkJUKQjemRDOE5/iVmM9RQaZHrLP ++5xcMlPsmkjhFAs8QZPKHZVAGOPOSJjy3WMfRPl9FhF6JxSxQzPu8IDeDnwgTuVFo ++eXl9lcroOqP6Q1a3u0/CuHNVBEwLBtfV/ExbfKNfn9LpG2OpkmrZlU0dzOg/MbTR ++pzUTDHqjKPW4RQ6Yq0vuc5FPM2AjJfxrTs0DwsbLFj2OcaB8QiuQC8D7zmlroIFC ++AoFqqY65AoGBANguqiWg2V8StMxKysXR0RewwbiPBJ9M75ThXpn0BXtGNoIE+WQ2 ++pvrWZ+Ebsh5GSHJtA5qUuwlGrOWFzo1LbPOcabUptGjejdnPokgNKGeB1DZTCMXy ++yPkfWhk3jzTGLFIUwMWwIpBhuXRCBrtFzlCMCdFm1MXlUNc4/IA2Tl1bAoGBANcd ++wOaJQgz54BrNuJMAKRetLGOiCeqtDKFfmhrj/ojqIZkeWljMTGpgbC2nR06Myk/D ++aFHAF2BHCTGDKzfCtOxtGuDe4MjMJpoQEN1oDc4Wbc91CTqjYgsdly9vURkvQyuh ++bhX9XXaOW/ejF7XhWEKJYaB5DYp2+AQ55pEngIxNAoGAMm7IgNjCfTyG8zXrkjS9 ++m9I/j0fGI0e2iLv+7tmPwc+CfdidObTKRbBpMYndhtSMqC0obxKNg796LF2H70yO ++UVLHEl11WhW5b/vRdw+iwmr2T+oVHODj48JdqY5dmUk2I7v1sOjDV32E30tb+Kpz ++VDUnQTPFJZm2v07rERoaNAsCgYEAnEbOS+ztYjXpvC815v1X3Q5+0Ab5A1cidN3a ++O6zkzpyhOfbWFeqdnS5diLEc2ZDorRe94p4VnWkd4a10KTc3bwc4XqMsVFQTuxru ++1ZpxZQXgUrWotcPaR08A9YH+PbibKMhHDIybaLS1VWtTn1uNXhEmLomi77PMLG3P ++9iXneoUCgYBcZu7VLQjOG/111muBcY0pQ5eICEzCTroMfXmQK+axaj2v+aD/tLZS ++Lpfg7JSoH7wC3WhbHtBFMnsbdy3WIkFmbHxBbNXPzTRtRBL0/4qz1Ud3Fc5THAeJ ++aIaZtsV/objfdhlxE723Y/oiLt8KpQeInNAQvuUYPS9ej1L7+yeHuw== + -----END RSA PRIVATE KEY----- +diff --git a/tests/certs/Server-localhost.nn-sv.pem b/tests/certs/Server-localhost.nn-sv.pem +index 7dfd4e6e27155..a44602e673d84 100644 +--- a/tests/certs/Server-localhost.nn-sv.pem ++++ b/tests/certs/Server-localhost.nn-sv.pem +@@ -24,49 +24,70 @@ commonName_value = localhost.nn + # the certificate + # some dhparam + -----BEGIN RSA PRIVATE KEY----- +-MIICXQIBAAKBgQCszBFwdCntewBEisBHA1Cdb1G3yXvdfu4pZ1uRm8fF5p1ZPmsz +-Jbd8OXyEed0VmOcnY5MQOjpAoN3QHm5g9B6k9x4KC4REd+cFFjmq3r0ex7zJ4U6M +-hhw/1s3j8mgCWxdTSVEpqInz0OFecQefFUcIQOmsSeQhrGUpCcqi3J6riQIDAQAB +-AoGAK7nYD+TVV0rw3mdeEJo+JBivTRqnRX2BNuj4uvf4rZOV7adl6SN6Mu05HSzZ +-TUXL+KOx60FQzFnox2lr9QzRU/LelLQ3H9fgVTVmGUCEAoDVRoWas8XlYGZsiHZ/ +-yJn+9Z3yQYpufSb0LQiSt73sgrTNPu50gMxe/ZSAbSscyyECQQDV8juKzWmizlTh +-+wVs/pihE0+BX1BRCsezs7FCdDEWle3XidBtYlYyUIm5wx6v8xM/F7Q/nwgymOnV +-A62PtfyjAkEAzsM3DsuJ9dG5n+EPTH3kDdfr0eYy76XPYz4HK8/FgiKPWy55BRCH +-biLcbDAe06olJiCzEvwggFigthrIqj0t4wJBALDTUi74c3SiADn+FI/vJQsMQMv2 +-kRVKSZ/WxozcJ645IKjiOKgPfJp9QjeMcxKNXrzoxItIz6eyBqGONqbujO0CQQCh +-b6azdJR5TJEklfL+BGVlsas8rgIjP1FX6Xxr5sQNwbIwvW5cV/WGNs3n4wKOvZBX +-3rwzHIy76XdB+FOpKC+FAkBDVbicC19LE6+tBzOyx4uTEm3N7N8vh566VaOpok02 +-Io7F/WYL7WSCXAtvmueWV+FJyVUMN1f2nWfWqaEXP2ag ++MIIEpAIBAAKCAQEAtahRFI3LnfU49AXDBrMUzK1SdpQR/FsOHt2thbqdUxDtO3LD ++Lg8jNbcux5G7n9XpHmzO/GNs2vWMKsMQWzU+PcTRmFYw6FoNZy+S6Wzu2SrVM0wV ++Z26YGdgmKtRbvZicmVRBWnhPnjGMu7eBVvXmzbkFjT5m3ihKl+uorWzMVPHuInrz ++U3V8f1/1e1C3gDEX2c8o8v8faNDH79uifQoh/CxyU6qoAx27Q4P2NXvKtb0QgUKB ++fS1a6kLtzFRiy0CeMe7iRjNU2Dmh98JCYu0f3neGglmmGpfmDictC5+JLRMviDBg ++XDD1buzI9+hS7r9jmRwLMTKrYnMOIMo1ux/YXwIDAQABAoIBAQCndzjwCtw4jXXo ++uFsXlQZKvkn0WQLPsx2sZM5wJx6cElGxaVX34yqhfXNZtcbTTf9v9f1HfV0/6fhC ++/7rXapkrloNmvaauvT3370qveKYkfDE57h0ZUkJUKQjemRDOE5/iVmM9RQaZHrLP ++5xcMlPsmkjhFAs8QZPKHZVAGOPOSJjy3WMfRPl9FhF6JxSxQzPu8IDeDnwgTuVFo ++eXl9lcroOqP6Q1a3u0/CuHNVBEwLBtfV/ExbfKNfn9LpG2OpkmrZlU0dzOg/MbTR ++pzUTDHqjKPW4RQ6Yq0vuc5FPM2AjJfxrTs0DwsbLFj2OcaB8QiuQC8D7zmlroIFC ++AoFqqY65AoGBANguqiWg2V8StMxKysXR0RewwbiPBJ9M75ThXpn0BXtGNoIE+WQ2 ++pvrWZ+Ebsh5GSHJtA5qUuwlGrOWFzo1LbPOcabUptGjejdnPokgNKGeB1DZTCMXy ++yPkfWhk3jzTGLFIUwMWwIpBhuXRCBrtFzlCMCdFm1MXlUNc4/IA2Tl1bAoGBANcd ++wOaJQgz54BrNuJMAKRetLGOiCeqtDKFfmhrj/ojqIZkeWljMTGpgbC2nR06Myk/D ++aFHAF2BHCTGDKzfCtOxtGuDe4MjMJpoQEN1oDc4Wbc91CTqjYgsdly9vURkvQyuh ++bhX9XXaOW/ejF7XhWEKJYaB5DYp2+AQ55pEngIxNAoGAMm7IgNjCfTyG8zXrkjS9 ++m9I/j0fGI0e2iLv+7tmPwc+CfdidObTKRbBpMYndhtSMqC0obxKNg796LF2H70yO ++UVLHEl11WhW5b/vRdw+iwmr2T+oVHODj48JdqY5dmUk2I7v1sOjDV32E30tb+Kpz ++VDUnQTPFJZm2v07rERoaNAsCgYEAnEbOS+ztYjXpvC815v1X3Q5+0Ab5A1cidN3a ++O6zkzpyhOfbWFeqdnS5diLEc2ZDorRe94p4VnWkd4a10KTc3bwc4XqMsVFQTuxru ++1ZpxZQXgUrWotcPaR08A9YH+PbibKMhHDIybaLS1VWtTn1uNXhEmLomi77PMLG3P ++9iXneoUCgYBcZu7VLQjOG/111muBcY0pQ5eICEzCTroMfXmQK+axaj2v+aD/tLZS ++Lpfg7JSoH7wC3WhbHtBFMnsbdy3WIkFmbHxBbNXPzTRtRBL0/4qz1Ud3Fc5THAeJ ++aIaZtsV/objfdhlxE723Y/oiLt8KpQeInNAQvuUYPS9ej1L7+yeHuw== + -----END RSA PRIVATE KEY----- + Certificate: + Data: + Version: 3 (0x2) +- Serial Number: 14269504311644 (0xcfa60bc515c) ++ Serial Number: 15361902530448 (0xdf8b8be4f90) + Signature Algorithm: sha1WithRSAEncryption + Issuer: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = Northern Nowhere Trust Anchor + Validity +- Not Before: Mar 21 15:07:11 2015 GMT +- Not After : Jun 7 15:07:11 2023 GMT ++ Not Before: Sep 5 23:30:53 2018 GMT ++ Not After : Nov 22 23:30:53 2026 GMT + Subject: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = localhost.nn + Subject Public Key Info: + Public Key Algorithm: rsaEncryption +- Public-Key: (1024 bit) ++ Public-Key: (2048 bit) + Modulus: +- 00:ac:cc:11:70:74:29:ed:7b:00:44:8a:c0:47:03: +- 50:9d:6f:51:b7:c9:7b:dd:7e:ee:29:67:5b:91:9b: +- c7:c5:e6:9d:59:3e:6b:33:25:b7:7c:39:7c:84:79: +- dd:15:98:e7:27:63:93:10:3a:3a:40:a0:dd:d0:1e: +- 6e:60:f4:1e:a4:f7:1e:0a:0b:84:44:77:e7:05:16: +- 39:aa:de:bd:1e:c7:bc:c9:e1:4e:8c:86:1c:3f:d6: +- cd:e3:f2:68:02:5b:17:53:49:51:29:a8:89:f3:d0: +- e1:5e:71:07:9f:15:47:08:40:e9:ac:49:e4:21:ac: +- 65:29:09:ca:a2:dc:9e:ab:89 ++ 00:b5:a8:51:14:8d:cb:9d:f5:38:f4:05:c3:06:b3: ++ 14:cc:ad:52:76:94:11:fc:5b:0e:1e:dd:ad:85:ba: ++ 9d:53:10:ed:3b:72:c3:2e:0f:23:35:b7:2e:c7:91: ++ bb:9f:d5:e9:1e:6c:ce:fc:63:6c:da:f5:8c:2a:c3: ++ 10:5b:35:3e:3d:c4:d1:98:56:30:e8:5a:0d:67:2f: ++ 92:e9:6c:ee:d9:2a:d5:33:4c:15:67:6e:98:19:d8: ++ 26:2a:d4:5b:bd:98:9c:99:54:41:5a:78:4f:9e:31: ++ 8c:bb:b7:81:56:f5:e6:cd:b9:05:8d:3e:66:de:28: ++ 4a:97:eb:a8:ad:6c:cc:54:f1:ee:22:7a:f3:53:75: ++ 7c:7f:5f:f5:7b:50:b7:80:31:17:d9:cf:28:f2:ff: ++ 1f:68:d0:c7:ef:db:a2:7d:0a:21:fc:2c:72:53:aa: ++ a8:03:1d:bb:43:83:f6:35:7b:ca:b5:bd:10:81:42: ++ 81:7d:2d:5a:ea:42:ed:cc:54:62:cb:40:9e:31:ee: ++ e2:46:33:54:d8:39:a1:f7:c2:42:62:ed:1f:de:77: ++ 86:82:59:a6:1a:97:e6:0e:27:2d:0b:9f:89:2d:13: ++ 2f:88:30:60:5c:30:f5:6e:ec:c8:f7:e8:52:ee:bf: ++ 63:99:1c:0b:31:32:ab:62:73:0e:20:ca:35:bb:1f: ++ d8:5f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: +@@ -76,45 +97,48 @@ Certificate: + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Subject Key Identifier: +- 12:AF:44:46:B1:04:69:61:64:83:39:A2:BD:5D:97:2B:F4:1D:D4:6C ++ A7:1B:AD:F1:16:0F:FA:5B:61:F9:28:8C:85:28:16:EB:73:A1:ED:2D + X509v3 Authority Key Identifier: + keyid:12:CA:BA:4B:46:04:A7:75:8A:2C:E8:0E:54:94:BC:12:65:A6:7B:CE + + X509v3 Basic Constraints: + CA:FALSE + Signature Algorithm: sha1WithRSAEncryption +- 44:54:d7:d7:75:14:60:a5:1a:1d:1e:a9:dc:6f:b1:b1:d8:13: +- e2:10:22:9a:f5:ca:b6:38:3c:d9:ac:2e:dc:ce:38:bc:cc:38: +- a1:cc:a8:9c:73:37:f9:b6:a8:42:87:d9:80:21:45:81:43:9d: +- 73:3c:67:cf:cd:c5:c3:91:df:60:6b:6d:69:f9:be:a1:92:cc: +- 5d:ea:bc:67:f3:c7:bc:ea:41:d1:11:7b:e3:f1:b8:a7:8d:9a: +- d0:23:6c:df:0e:2a:35:98:50:c1:a6:8b:d2:07:aa:a6:2f:cb: +- 98:a9:a3:8d:a0:8c:87:ab:ec:e1:c5:0b:25:e2:e9:a9:08:13: +- 30:86:1b:e5:b6:ac:03:85:35:0c:9a:5d:5b:82:c4:04:6a:05: +- 4c:f3:f7:b3:b5:ac:92:3b:46:71:a8:7f:54:c7:96:37:dc:38: +- 2c:a2:18:23:10:00:de:f8:21:40:52:99:94:ad:b2:b6:e5:87: +- 8e:29:0b:3b:b3:8a:52:67:54:dc:0a:e9:75:60:33:ff:13:9a: +- 61:a4:15:0c:d0:6f:de:0d:06:23:a8:44:ad:f0:68:60:93:6b: +- 75:06:24:5b:47:9a:b9:3a:ef:d9:4f:df:31:d5:65:3a:e2:94: +- 03:be:88:94:49:7c:6a:d0:da:c0:d0:62:81:f5:61:50:96:5a: +- d0:ee:22:39 ++ c5:68:b2:17:e0:24:ec:1a:1e:2a:b6:10:c9:9b:0d:87:17:29: ++ d2:0a:00:de:33:56:1b:60:63:4c:69:79:cc:84:ee:ce:5e:6b: ++ e7:f5:84:64:9a:76:d6:32:af:96:c3:0a:f8:3a:90:12:d8:2e: ++ 85:d2:77:26:33:1e:ab:cc:84:76:fe:61:8e:0d:f8:5a:d5:cd: ++ 1e:b2:9d:79:e8:e4:bf:a3:5b:81:05:15:44:77:7e:d9:1f:a4: ++ 41:13:7d:6a:0f:3e:63:06:cc:b8:fc:59:9a:8e:44:48:ff:e6: ++ f9:00:45:e7:aa:b5:c8:95:ec:56:07:2b:93:06:80:92:56:cd: ++ 1d:8f:ce:85:26:fc:18:78:c0:88:30:b2:a0:ca:10:bf:e9:9a: ++ 18:8c:6b:37:bb:b9:fa:3c:c8:e3:3d:c0:55:a4:6e:32:3c:2e: ++ 67:99:98:b1:80:a8:9d:f6:05:60:e7:d5:af:cf:29:bd:00:f0: ++ 4a:25:e5:c8:19:6a:72:dd:27:dc:32:59:7a:8e:ed:25:9d:c8: ++ 8a:0a:8f:e6:cf:65:7b:bd:6d:6a:a3:74:7e:85:56:2a:ce:f0: ++ 6f:12:d3:b9:d3:22:53:88:9e:e2:42:e4:1d:c4:3e:08:e9:ef: ++ a9:40:96:74:3e:21:60:03:f9:eb:39:db:6e:89:a0:25:f6:c9: ++ 2c:cd:d5:c0 + -----BEGIN CERTIFICATE----- +-MIIDRTCCAi2gAwIBAgIGDPpgvFFcMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYT ++MIIDyTCCArGgAwIBAgIGDfi4vk+QMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYT + Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo + IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe +-Fw0xNTAzMjExNTA3MTFaFw0yMzA2MDcxNTA3MTFaMFcxCzAJBgNVBAYTAk5OMTEw ++Fw0xODA5MDUyMzMwNTNaFw0yNjExMjIyMzMwNTNaMFcxCzAJBgNVBAYTAk5OMTEw + LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk +-MRUwEwYDVQQDDAxsb2NhbGhvc3Qubm4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ +-AoGBAKzMEXB0Ke17AESKwEcDUJ1vUbfJe91+7ilnW5Gbx8XmnVk+azMlt3w5fIR5 +-3RWY5ydjkxA6OkCg3dAebmD0HqT3HgoLhER35wUWOarevR7HvMnhToyGHD/WzePy +-aAJbF1NJUSmoifPQ4V5xB58VRwhA6axJ5CGsZSkJyqLcnquJAgMBAAGjgYkwgYYw +-FwYDVR0RBBAwDoIMbG9jYWxob3N0Lm5uMAsGA1UdDwQEAwIDqDATBgNVHSUEDDAK +-BggrBgEFBQcDATAdBgNVHQ4EFgQUEq9ERrEEaWFkgzmivV2XK/Qd1GwwHwYDVR0j +-BBgwFoAUEsq6S0YEp3WKLOgOVJS8EmWme84wCQYDVR0TBAIwADANBgkqhkiG9w0B +-AQUFAAOCAQEARFTX13UUYKUaHR6p3G+xsdgT4hAimvXKtjg82awu3M44vMw4ocyo +-nHM3+baoQofZgCFFgUOdczxnz83Fw5HfYGttafm+oZLMXeq8Z/PHvOpB0RF74/G4 +-p42a0CNs3w4qNZhQwaaL0geqpi/LmKmjjaCMh6vs4cULJeLpqQgTMIYb5basA4U1 +-DJpdW4LEBGoFTPP3s7WskjtGcah/VMeWN9w4LKIYIxAA3vghQFKZlK2ytuWHjikL +-O7OKUmdU3ArpdWAz/xOaYaQVDNBv3g0GI6hErfBoYJNrdQYkW0eauTrv2U/fMdVl +-OuKUA76IlEl8atDawNBigfVhUJZa0O4iOQ== ++MRUwEwYDVQQDDAxsb2NhbGhvc3Qubm4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ++ggEKAoIBAQC1qFEUjcud9Tj0BcMGsxTMrVJ2lBH8Ww4e3a2Fup1TEO07csMuDyM1 ++ty7Hkbuf1ekebM78Y2za9YwqwxBbNT49xNGYVjDoWg1nL5LpbO7ZKtUzTBVnbpgZ ++2CYq1Fu9mJyZVEFaeE+eMYy7t4FW9ebNuQWNPmbeKEqX66itbMxU8e4ievNTdXx/ ++X/V7ULeAMRfZzyjy/x9o0Mfv26J9CiH8LHJTqqgDHbtDg/Y1e8q1vRCBQoF9LVrq ++Qu3MVGLLQJ4x7uJGM1TYOaH3wkJi7R/ed4aCWaYal+YOJy0Ln4ktEy+IMGBcMPVu ++7Mj36FLuv2OZHAsxMqticw4gyjW7H9hfAgMBAAGjgYkwgYYwFwYDVR0RBBAwDoIM ++bG9jYWxob3N0Lm5uMAsGA1UdDwQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATAd ++BgNVHQ4EFgQUpxut8RYP+lth+SiMhSgW63Oh7S0wHwYDVR0jBBgwFoAUEsq6S0YE ++p3WKLOgOVJS8EmWme84wCQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEAxWiy ++F+Ak7BoeKrYQyZsNhxcp0goA3jNWG2BjTGl5zITuzl5r5/WEZJp21jKvlsMK+DqQ ++EtguhdJ3JjMeq8yEdv5hjg34WtXNHrKdeejkv6NbgQUVRHd+2R+kQRN9ag8+YwbM ++uPxZmo5ESP/m+QBF56q1yJXsVgcrkwaAklbNHY/OhSb8GHjAiDCyoMoQv+maGIxr ++N7u5+jzI4z3AVaRuMjwuZ5mYsYConfYFYOfVr88pvQDwSiXlyBlqct0n3DJZeo7t ++JZ3IigqP5s9le71taqN0foVWKs7wbxLTudMiU4ie4kLkHcQ+COnvqUCWdD4hYAP5 ++6znbbomgJfbJLM3VwA== + -----END CERTIFICATE----- +diff --git a/tests/certs/Server-localhost.nn-sv.pub.der b/tests/certs/Server-localhost.nn-sv.pub.der +index 68b64eb4fcc0b7f5bba6f0d5023160af75a4118a..7c2bbdcee0b977086666f36684bfae59bf59a1d0 100644 +GIT binary patch +literal 294 +zcmV+>0ondAf&n5h4F(A+hDe6@4FLfG1potr0S^E$f&mHwf&l>lwWv`Pjmw?&IP?X> +z2D22*tx|TB5&T;Y9^I{lx}8%H?K^VAE)OF$w=Tz#yPwtR9&FD1V{F>>j4HzrTQxpC +z#L<{mFz8whXD^cJZ0^}A)iX>LXKt7o*d{8}TfLZ^nN&eqcu$@&jJvmiR`ur1xdn|r +zX5J`Dm+PplY|K>g?jm~gQ+0fQU-f%Xw}3Gh+0Q8Q{~u`3$M4&seF`D`EOJw-r~@6l +zLxc7;d&;%F5P?F0eJxt*LhZ~{V#`3DG4A394j{@kyC2wJ0s{d60TPykxBvhE + +literal 162 +zcmV;T0A2qufuAr91_>&LNQUGbOitIedh9-4&SUCu5TkIyyk0-OwIxVDuiO_Z|uh +zghY4e1r|A~-n|~jyvgBCjD{RP*3IMcXaZXoQ%O-NsEPB?;a+hEpA|<4K&LNQU}{#K!01VicgY%+w1mrl!N5rWrOSsLf8vaItHg_kt06V +zfHc +Xg+6^}T&17p1ohlqR3XSga{@?p@cJrJ + +delta 504 +zcmVzFoFX?FoFUppaTK{0s;mM`e3|KZjlv!8Z|I8GBGhVFgGzVS{Ds6 +zGcYzVH!(FZH!(4htyq77pD+yu2`Yw2hW8Bt0RaU71A&bIFoB5zfq?+y$5Q)!0+ZDW%Bmz+sBiGK@ve5XBJc1@{@%1W-NRU`&lZgUAe<-Pn5) +zrTcPQ*3Do*GgiOdBmckXE)dNyt0bgD*qCwSS!O;sy}0`s8WWG9$T^d>gNh$#b_F*_ +z_0v_HED}M16v{}Vw`~PUe=EiHdt+^H%|G;wbWsQY;Xu`vVA#kwS{3=l{o!7t0+o0ondAf&n5h4F(A+hDe6@4FLfG1potr0S^E$f&mHwf&l>l`vyaWjiKv;fSE$J +zR&0B&LNQUUY8UMISSM?1x1((=Zk +z+pNB^FHFLih8c3z`4UA5yd&ZO>rJ|uakWbONsLYN3r^2Sd&mYik~ROkPwJSj6RfDs +QpQqq>+ZDV!0s{d60rRs-JOBUy + +diff --git a/tests/certs/Server-localhost0h-sv.pub.pem b/tests/certs/Server-localhost0h-sv.pub.pem +index c34cc776f9600..f113e2d778883 100644 +--- a/tests/certs/Server-localhost0h-sv.pub.pem ++++ b/tests/certs/Server-localhost0h-sv.pub.pem +@@ -1,6 +1,9 @@ + -----BEGIN PUBLIC KEY----- +-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjx1L7fQKxpwtMLaYqsFdrXgv5 +-nkvn0KxVQ0f6seD8sGMwhDH1lUSQmrciAW/HFxa+WhnuRzWQpV4nuoZHO8Vj0vLG +-odusvrEvTMKYhhly1fkSRQm8I+IA6026mXG1SvtJjE3zC07PSHvIBjeSNf+7T+qY +-rxOsqM2fp+B42xW8OwIDAQAB ++MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+wZDhY2h64KAmUK2Vmx7 ++tUK4gSvHyBAT8YKX/OcTnOsh7g7jcZjE+rUbrwnwSvUsX/AGhLY5/FT6E9AK8+W2 ++mDAfftn9X9jEDTBYRv822V8OOyorUedIps8yZO1mAwWeuJUiU6XKRzOl+RB811Pa ++25v8t/nd7MtXBdVJToDolDQ32XT1x05yizuA6yLu5lsHIz2qY1vAychfzF8DekZH ++UDRmInMlfDOa8DxG/E5OpNi49iIQu59N3AcO9SwFcPKX9EHnw8fRwrRnYNGTvltC ++5nP0C2SAPG5PK1x+g9NSnVVx825YMNmHUPJMHEDkK+LEGzGMLFRuTEN2JHNTur3T ++OwIDAQAB + -----END PUBLIC KEY----- +diff --git a/tests/certs/scripts/genserv.sh b/tests/certs/scripts/genserv.sh +index 50bac01169b28..488d770f63637 100755 +--- a/tests/certs/scripts/genserv.sh ++++ b/tests/certs/scripts/genserv.sh +@@ -15,7 +15,7 @@ USAGE="echo Usage is genserv.sh " + HOME=`pwd` + cd $HOME + +-KEYSIZE=1024 ++KEYSIZE=2048 + DURATION=3000 + + REQ=YES +diff --git a/tests/data/test2041 b/tests/data/test2041 +index dcad2fdc39669..ecb9a2b4fb96d 100644 +--- a/tests/data/test2041 ++++ b/tests/data/test2041 +@@ -34,7 +34,7 @@ https Server-localhost-sv.pem + simple HTTPS GET with base64-sha256 public key pinning + + +---cacert %SRCDIR/certs/EdelCurlRoot-ca.crt --pinnedpubkey sha256//pyh+fICi9M8MFEZvherIT0cs3MN+cXNGoU9Giwyx1so= https://localhost:%HTTPSPORT/2041 ++--cacert %SRCDIR/certs/EdelCurlRoot-ca.crt --pinnedpubkey sha256//lqLYmi/ikGHWO7sci2/vj0FfS4sm1VF3F1xTGTY2lAQ= https://localhost:%HTTPSPORT/2041 + + # Ensure that we're running on localhost because we're checking the host name + +diff --git a/tests/stunnel.pem b/tests/stunnel.pem +index d9b9679ebb6d1..2a059417cb0db 100644 +--- a/tests/stunnel.pem ++++ b/tests/stunnel.pem +@@ -4,7 +4,7 @@ + # used in the 509 test. The certificate has been generated using + # openssl with the parameters listed below up to the line + # contain [something], after that you find the result. +-# ++# + # + extensions = x509v3 + [ x509v3 ] +@@ -39,105 +39,134 @@ commonName_value = "storbror" + 1.commonName_value = "localhost" + [something] + -----BEGIN RSA PRIVATE KEY----- +-MIIC1AIBAAKBmwNZN+oG6vJ8DAze+FvOKSS49X4xGMxALhKRLhQQb7qvM+7BcMgR +-v+RKxkX7SNgcxKPLcIHf7QQ6DBIlLXuAuVHQtWW9b06q64kBElkEwh6gP5Ia9JrR +-ysGbu2U6NRP+xBU33dVwZjF07ocN9Pp392W4VxEc+g3+FkRzUEaahDGOabmjgKuq +-DdlKdZLzgJj7+9sEKpb7+FdG56rZAgMBAAECgZsCkK1Z1XTUz5x3m7PMuHEiVaKS +-yk/B4ISq6pbO/gxpieARzhR038wNug6L+8VA8UDebXHBvGYYr9Mhb2OZUfIlr+nW +-h7kmHZ+T88M3eH/hQc3jtnvnu1dGmMlIXjTLQOrKgrAn6fYaw2HAGPdGKjpatAy/ +-3vRjguv/22pNJLRQmMHdozJdc8mEYY+AhqrQxXCWQT/1peZzlq/IAQJOAfhE2YWf +-qB9iYNmuhxJ1PolPW4I63atXuoavqadbaRoaLm/pqLVB1QjMeyak8O/0TmO6CXk6 +-878ps85fLFgARRjSYX+rYwoYNzqxK3cBAk4Bsy4oofReVT8xB+7rFZFMV4McyL7e +-sOABFqecLuNIGT6CdeEU1z7TUfq8sKM1MQ25e0J1PMmoWTqDwzhnxK+ckeFsZ8Te +-dgqVW+Oyy9kCTgHqyc/P/uEZkp1ioDu0WkpAR+1vZa2jeyH+vm9nhE9Z6Uty/r6F +-k4otIx9lMDmTwXqeE03vINJlJshqvjShfbnCe9gK8xrUk1cFl7QPAQJOATD3LQRq +-At2MniioFtiTbUN6n2ZS1C5xnHGq3fnBzxnZw4UmSfuZjG/L3gWPKkyJCK3HYe9K +-ho6ZQhNB6P5d7sQQjG6f+SIRwp+VjwvpAk4AnM4do54FETeLHhY4zy47dM/zdy3u +-iDjiFwoMTR+PfF03evsWe5pW3EaXolGi3FRAZ/idFA+L3Gi2y4xR44z71HkbF32L +-WKaLdOuBQvI= ++MIIEpAIBAAKCAQEA4m+wAdU3ml4EGud+/rx3ZY9VnNIfRZo6yDGogOk/Pg1NM7zo +++cXsRhQZuFNskxOgiYv9vTLJCocPXGJBRhosnCkUXypbaismZLGXBxyvUNvI4cNi ++/icPnq9RHwWCbX9UpSn6nsjcVyHacQeHEza8pC5MnFDC8tTTy3rCpWe2LKSp3X6g ++E4vKRiLFbXAZshrtk8wKiRuDuiNhxUyYcVs3s5+Il8Y9yu/kGkY6U15SizO+o224 ++kfOHL6W9Ut4l2xY7aRZLWhqjyihlaHSLFEiLkR9fPMVDTOF6j/g2fFAjNePw6+9Y ++VbVq0PQF1cY0ew6wMNvu7cVLZo+xz5toebOH4wIDAQABAoIBAGLf1CIowVvVm8NH ++vIttLlGZkg+lLOSOoQZTsLmBoAzvb/ucjLqsMyyykDyNqQZb9qi5CTY5W9IOAaYc ++fVYoDbyur2eSrlIgv2YOqd0AKImNPx1d3PcPhWGMOkbqd/ZqOELansYA/T3K2YCr ++gc7hAuRKF0fWeBni1wyt8Rqau9Cn0AK/aAf/Fn28bCaS5DrkqvsM2wOIRWelGgCM ++3zfn+RbhcLbBPIyP6iC+8Gm39pK8JZznJXC0rhN05edvh0+ILlB7lMJ4t5lnLSxF ++vsfkxLGl5pMXWthJ0VYl+H5JIsD+7+dc45HjX21GLs6eTW0hMxPcrqaNlWgQPMxG ++DQNriPECgYEA8tfVQiyzT7rM2HI562BlV5b0PEafq2F7WAzNWMGiBxxRUpMnAtmn ++VVsWiRrHch4Y4nlbmjvQDhrvDOzpGuEPAi+FtePk23y87q8lB8VjOSDR86TPvSXK ++QqMDZ8ffYvRIh7MKYO8gvIYrjMEDeSQNzGxiyw3e0EIGuuQt+42t8JkCgYEA7rRL ++4sl3fl/npxacrtFNnqZP+R/KKBbdbeOgJPDPknMfzd6/B5Pyznz6dG3N3QwivPPF ++uAjPgqI8Pt+7SFW8Rw7XRVWZP9fZGPWrDdqdP/0lzDLYmmHXICqCVQXQapKofZbI ++HfV0HZSGuJtEiLG3bzjQiQx5jJlXtegMHHpMfdsCgYAzVrvIDKkv3t71l1h1UWC7 ++XrdtksSot6ga2kIDVJRLiooKuf9SU+9TVTlzbMzjbEd4gY2DEsgOY1VMVz2EqDXD ++EYbkCDTWzg0nLLHYbbtnVW/tYVdltnqHEe1jYFbylZBL1+cGzScPlBHa5Oc2EhA0 ++umk8YkdLodnIYvrxpmcyaQKBgQCd6UJGblcRkCp0e939PFNn/8fqG6ClsrKbjrkT ++lwcKcAR7Mb8YKUS4Wy9otHc6o1ubunxzScjVN7Q5N9LygF1EeMnqgT0XYhipjWOy ++j4v1l+dYVc67Gryw984upuEAj7LNGmGaiBVfuDEDkRvefgrGlkRGVa1XWN4QZckV ++UcamfwKBgQDO9xGun8Q97KonBRih4aNBM+89/8/deZNPAc8MAImzFHyTMNTD06C/ ++3wnJwMiyNbZEUfKavapNz3+oe0fXMbgjfEypbaP7jKHSxr2tKwJV+MK1RVF4Sd3l ++ou6XtlnToLp/LO1X3E/IcYameT5VLi/4OyFOMKe9K0Woxvhz42PDww== + -----END RSA PRIVATE KEY----- + Certificate: + Data: + Version: 3 (0x2) +- Serial Number: +- a4:17:70:09:88:8c:48:cd +- Signature Algorithm: sha1WithRSAEncryption ++ Serial Number: 17862059579548371559 (0xf7e2c88ce3d80a67) ++ Signature Algorithm: sha256WithRSAEncryption + Issuer: C=SE, ST=Solna, L=Mooo, O=Haxx, OU=Coolx, CN=storbror, CN=localhost + Validity +- Not Before: Feb 22 15:38:48 2014 GMT +- Not After : Feb 20 15:38:48 2024 GMT ++ Not Before: Aug 31 23:39:18 2018 GMT ++ Not After : Aug 28 23:39:18 2028 GMT + Subject: C=SE, ST=Solna, L=Mooo, O=Haxx, OU=Coolx, CN=storbror, CN=localhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption +- Public-Key: (1234 bit) ++ Public-Key: (2048 bit) + Modulus: +- 03:59:37:ea:06:ea:f2:7c:0c:0c:de:f8:5b:ce:29: +- 24:b8:f5:7e:31:18:cc:40:2e:12:91:2e:14:10:6f: +- ba:af:33:ee:c1:70:c8:11:bf:e4:4a:c6:45:fb:48: +- d8:1c:c4:a3:cb:70:81:df:ed:04:3a:0c:12:25:2d: +- 7b:80:b9:51:d0:b5:65:bd:6f:4e:aa:eb:89:01:12: +- 59:04:c2:1e:a0:3f:92:1a:f4:9a:d1:ca:c1:9b:bb: +- 65:3a:35:13:fe:c4:15:37:dd:d5:70:66:31:74:ee: +- 87:0d:f4:fa:77:f7:65:b8:57:11:1c:fa:0d:fe:16: +- 44:73:50:46:9a:84:31:8e:69:b9:a3:80:ab:aa:0d: +- d9:4a:75:92:f3:80:98:fb:fb:db:04:2a:96:fb:f8: +- 57:46:e7:aa:d9 ++ 00:e2:6f:b0:01:d5:37:9a:5e:04:1a:e7:7e:fe:bc: ++ 77:65:8f:55:9c:d2:1f:45:9a:3a:c8:31:a8:80:e9: ++ 3f:3e:0d:4d:33:bc:e8:f9:c5:ec:46:14:19:b8:53: ++ 6c:93:13:a0:89:8b:fd:bd:32:c9:0a:87:0f:5c:62: ++ 41:46:1a:2c:9c:29:14:5f:2a:5b:6a:2b:26:64:b1: ++ 97:07:1c:af:50:db:c8:e1:c3:62:fe:27:0f:9e:af: ++ 51:1f:05:82:6d:7f:54:a5:29:fa:9e:c8:dc:57:21: ++ da:71:07:87:13:36:bc:a4:2e:4c:9c:50:c2:f2:d4: ++ d3:cb:7a:c2:a5:67:b6:2c:a4:a9:dd:7e:a0:13:8b: ++ ca:46:22:c5:6d:70:19:b2:1a:ed:93:cc:0a:89:1b: ++ 83:ba:23:61:c5:4c:98:71:5b:37:b3:9f:88:97:c6: ++ 3d:ca:ef:e4:1a:46:3a:53:5e:52:8b:33:be:a3:6d: ++ b8:91:f3:87:2f:a5:bd:52:de:25:db:16:3b:69:16: ++ 4b:5a:1a:a3:ca:28:65:68:74:8b:14:48:8b:91:1f: ++ 5f:3c:c5:43:4c:e1:7a:8f:f8:36:7c:50:23:35:e3: ++ f0:eb:ef:58:55:b5:6a:d0:f4:05:d5:c6:34:7b:0e: ++ b0:30:db:ee:ed:c5:4b:66:8f:b1:cf:9b:68:79:b3: ++ 87:e3 + Exponent: 65537 (0x10001) + X509v3 extensions: +- X509v3 Subject Alternative Name: ++ X509v3 Subject Alternative Name: + DNS:localhost +- Netscape Cert Type: ++ Netscape Cert Type: + SSL Server +- Netscape Comment: ++ Netscape Comment: + CURL stunnel server test certificate +- X509v3 Key Usage: ++ X509v3 Key Usage: + Digital Signature, Key Encipherment +- X509v3 Extended Key Usage: ++ X509v3 Extended Key Usage: + TLS Web Server Authentication +- X509v3 Basic Constraints: ++ X509v3 Basic Constraints: + CA:FALSE +- X509v3 Subject Key Identifier: +- 35:77:35:3B:9B:98:3C:B6:C7:9A:E7:A8:04:B9:7C:70:AD:FA:37:A9 +- Subject Information Access: ++ X509v3 Subject Key Identifier: ++ 5D:A5:DB:5A:C8:6D:31:A6:B0:E3:4D:47:50:AA:87:A9:B2:DE:9F:37 ++ Subject Information Access: + ad dvcs - URI:https://localhost:8433/509 + +- Authority Information Access: ++ Authority Information Access: + ad dvcs - URI:https://localhost:8433/509 + +- Signature Algorithm: sha1WithRSAEncryption +- 00:45:db:09:5b:08:5b:1a:ff:71:50:6c:12:ad:8e:78:32:1d: +- 7d:e7:e4:d3:3e:5f:ca:20:84:aa:ff:9a:c2:b6:a9:48:93:1f: +- 73:27:d1:68:05:76:36:f9:c1:53:90:ad:8a:c0:b3:12:c8:11: +- 5c:2c:65:01:ac:31:d1:8e:60:6e:c6:f5:ba:9d:69:e8:f1:ac: +- 4a:de:52:94:cd:06:24:45:72:64:89:0f:57:8b:26:2b:16:cf: +- 0b:27:c4:e8:73:c7:d3:e5:42:38:95:57:b5:bb:83:b4:92:d4: +- e0:cd:fb:c8:f5:d2:da:1d:11:fe:3c:18:20:8b:bd:22:31:1c: +- 5a:82:d4:f5:71:8d:8a:e3:13:82:c5:2d:f3:9f:d0:b7:b8:4b: +- d2:46:9d:8e:1a:d7:99:6e:c1:b9:a0 ++ Signature Algorithm: sha256WithRSAEncryption ++ 63:26:72:df:c4:68:af:f1:30:60:4e:ac:94:bd:37:3e:c4:1f: ++ 6b:43:6e:0f:1c:67:49:f4:fb:19:83:23:b6:75:46:a0:84:bd: ++ 8b:61:21:00:05:6b:d6:09:16:94:8f:5b:9d:98:98:d6:1e:86: ++ 23:26:1e:e8:39:ac:0a:89:ea:17:b5:4f:60:20:9a:2b:4a:d4: ++ 9f:4e:3d:d4:ac:05:db:25:94:56:e3:87:13:ea:ab:83:57:18: ++ ff:26:e3:46:0c:e6:49:7e:74:2e:77:98:54:52:30:ea:6f:58: ++ 35:dc:63:fb:e4:a2:c3:12:87:dd:e9:2a:18:5c:9c:cf:a4:d3: ++ 58:7f:d0:50:50:0f:b9:b7:cb:a8:d9:bd:b8:7c:e4:29:d5:f3: ++ fd:6f:3f:ea:fc:0f:21:3f:ad:2f:ac:3c:28:e3:74:87:43:a9: ++ f0:46:81:4b:c8:a5:75:50:5b:e2:d5:75:0a:98:af:2c:6d:6b: ++ 6a:cc:c6:37:5f:04:52:c4:d8:6a:a0:f6:99:76:c3:3b:3b:50: ++ c8:bc:ea:50:04:a1:c0:54:82:b4:2f:09:b8:6e:ac:cc:64:12: ++ ce:b8:24:7a:5a:e5:f5:e5:79:9f:28:da:a2:11:45:f5:2a:cb: ++ e3:b0:96:6a:ac:2b:d3:02:01:21:6d:38:ef:52:60:5e:50:b1: ++ 25:e5:4f:69 + -----BEGIN CERTIFICATE----- +-MIIDtzCCAwWgAwIBAgIJAKQXcAmIjEjNMA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV ++MIIEhzCCA2+gAwIBAgIJAPfiyIzj2ApnMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNV + BAYTAlNFMQ4wDAYDVQQIEwVTb2xuYTENMAsGA1UEBxMETW9vbzENMAsGA1UEChME + SGF4eDEOMAwGA1UECxMFQ29vbHgxETAPBgNVBAMTCHN0b3Jicm9yMRIwEAYDVQQD +-Ewlsb2NhbGhvc3QwHhcNMTQwMjIyMTUzODQ4WhcNMjQwMjIwMTUzODQ4WjByMQsw ++Ewlsb2NhbGhvc3QwHhcNMTgwODMxMjMzOTE4WhcNMjgwODI4MjMzOTE4WjByMQsw + CQYDVQQGEwJTRTEOMAwGA1UECBMFU29sbmExDTALBgNVBAcTBE1vb28xDTALBgNV + BAoTBEhheHgxDjAMBgNVBAsTBUNvb2x4MREwDwYDVQQDEwhzdG9yYnJvcjESMBAG +-A1UEAxMJbG9jYWxob3N0MIG5MA0GCSqGSIb3DQEBAQUAA4GnADCBowKBmwNZN+oG +-6vJ8DAze+FvOKSS49X4xGMxALhKRLhQQb7qvM+7BcMgRv+RKxkX7SNgcxKPLcIHf +-7QQ6DBIlLXuAuVHQtWW9b06q64kBElkEwh6gP5Ia9JrRysGbu2U6NRP+xBU33dVw +-ZjF07ocN9Pp392W4VxEc+g3+FkRzUEaahDGOabmjgKuqDdlKdZLzgJj7+9sEKpb7 +-+FdG56rZAgMBAAGjggEeMIIBGjAUBgNVHREEDTALgglsb2NhbGhvc3QwEQYJYIZI +-AYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRDVVJMIHN0dW5uZWwgc2VydmVy +-IHRlc3QgY2VydGlmaWNhdGUwCwYDVR0PBAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUF +-BwMBMAkGA1UdEwQCMAAwHQYDVR0OBBYEFDV3NTubmDy2x5rnqAS5fHCt+jepMDYG +-CCsGAQUFBwELBCowKDAmBggrBgEFBQcwBIYaaHR0cHM6Ly9sb2NhbGhvc3Q6ODQz +-My81MDkwNgYIKwYBBQUHAQEEKjAoMCYGCCsGAQUFBzAEhhpodHRwczovL2xvY2Fs +-aG9zdDo4NDMzLzUwOTANBgkqhkiG9w0BAQUFAAOBnAAARdsJWwhbGv9xUGwSrY54 +-Mh195+TTPl/KIISq/5rCtqlIkx9zJ9FoBXY2+cFTkK2KwLMSyBFcLGUBrDHRjmBu +-xvW6nWno8axK3lKUzQYkRXJkiQ9XiyYrFs8LJ8Toc8fT5UI4lVe1u4O0ktTgzfvI +-9dLaHRH+PBggi70iMRxagtT1cY2K4xOCxS3zn9C3uEvSRp2OGteZbsG5oA== ++A1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA ++4m+wAdU3ml4EGud+/rx3ZY9VnNIfRZo6yDGogOk/Pg1NM7zo+cXsRhQZuFNskxOg ++iYv9vTLJCocPXGJBRhosnCkUXypbaismZLGXBxyvUNvI4cNi/icPnq9RHwWCbX9U ++pSn6nsjcVyHacQeHEza8pC5MnFDC8tTTy3rCpWe2LKSp3X6gE4vKRiLFbXAZshrt ++k8wKiRuDuiNhxUyYcVs3s5+Il8Y9yu/kGkY6U15SizO+o224kfOHL6W9Ut4l2xY7 ++aRZLWhqjyihlaHSLFEiLkR9fPMVDTOF6j/g2fFAjNePw6+9YVbVq0PQF1cY0ew6w ++MNvu7cVLZo+xz5toebOH4wIDAQABo4IBHjCCARowFAYDVR0RBA0wC4IJbG9jYWxo ++b3N0MBEGCWCGSAGG+EIBAQQEAwIGQDAzBglghkgBhvhCAQ0EJhYkQ1VSTCBzdHVu ++bmVsIHNlcnZlciB0ZXN0IGNlcnRpZmljYXRlMAsGA1UdDwQEAwIFoDATBgNVHSUE ++DDAKBggrBgEFBQcDATAJBgNVHRMEAjAAMB0GA1UdDgQWBBRdpdtayG0xprDjTUdQ ++qoepst6fNzA2BggrBgEFBQcBCwQqMCgwJgYIKwYBBQUHMASGGmh0dHBzOi8vbG9j ++YWxob3N0Ojg0MzMvNTA5MDYGCCsGAQUFBwEBBCowKDAmBggrBgEFBQcwBIYaaHR0 ++cHM6Ly9sb2NhbGhvc3Q6ODQzMy81MDkwDQYJKoZIhvcNAQELBQADggEBAGMmct/E ++aK/xMGBOrJS9Nz7EH2tDbg8cZ0n0+xmDI7Z1RqCEvYthIQAFa9YJFpSPW52YmNYe ++hiMmHug5rAqJ6he1T2AgmitK1J9OPdSsBdsllFbjhxPqq4NXGP8m40YM5kl+dC53 ++mFRSMOpvWDXcY/vkosMSh93pKhhcnM+k01h/0FBQD7m3y6jZvbh85CnV8/1vP+r8 ++DyE/rS+sPCjjdIdDqfBGgUvIpXVQW+LVdQqYryxta2rMxjdfBFLE2Gqg9pl2wzs7 ++UMi86lAEocBUgrQvCbhurMxkEs64JHpa5fXleZ8o2qIRRfUqy+OwlmqsK9MCASFt ++OO9SYF5QsSXlT2k= + -----END CERTIFICATE----- + -----BEGIN DH PARAMETERS----- +-MIGHAoGBAMq/KFGh2oy16WzkFs1U71Uz7dIEKvSYfc+zo439pYyVzcD8MkcC15Zb +-ayK3jPBYf07eKzc2TvI3/ZSducmECNP8gk2gAndP1P1rmpheN+owZJS7kQVfQmHl +-UmT87U99NPaMHXMNOsFj/3mbAaANndKEnd8PM2r5fg16C4+2e5KzAgEC +------END DH PARAMETERS----- ++MIIBCAKCAQEA5H4005OFRDtVlHgJ5AGLRMAqvc+f4g7fApALq/1qJCwF7xq3POya ++hFr/O+9WtdlaiXLi0tqJzj5Cfv0ChIUcSOD7qBfUpIYcDFqQhYaRexMP6h0Ugk9x ++sIs2tcUfix7xemGLdawkGD041MJW8SK0+iY/s2wIXH/Pp5w7/e/RmTcjTa3QnL8O ++zbyXnZVvCEpDhRefgYrY5lR4SeZHl8+A6qe+M37g9Lai+ASCDuGfiynRW8JqAA3n ++5ozPhlQF3HaHglvEONUM0Qxd5a4jVjTXQYfV+hqvkz/Ykv8rZa8rVjx/bi1sKM66 +++WwPhqnjh31d+nFezqDJC4j0wLmxorDkMwIBAg== ++-----END DH PARAMETERS----- +\ No newline at end of file diff --git a/SOURCES/0053-curl-7.61.1-CVE-2023-28321.patch b/SOURCES/0053-curl-7.61.1-CVE-2023-28321.patch new file mode 100644 index 0000000..bd66821 --- /dev/null +++ b/SOURCES/0053-curl-7.61.1-CVE-2023-28321.patch @@ -0,0 +1,305 @@ +From 199f2d440d8659b42670c1b796220792b01a97bf Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Mon, 24 Apr 2023 21:07:02 +0200 +Subject: [PATCH] hostcheck: fix host name wildcard checking + +The leftmost "label" of the host name can now only match against single +'*'. Like the browsers have worked for a long time. + +- extended unit test 1397 for this +- move some SOURCE variables from unit/Makefile.am to unit/Makefile.inc + +Reported-by: Hiroki Kurosawa +Closes #11018 +--- + lib/hostcheck.c | 50 +++++++-------- + tests/data/test1397 | 10 ++- + tests/unit/Makefile.am | 94 ---------------------------- + tests/unit/Makefile.inc | 94 ++++++++++++++++++++++++++++ + tests/unit/unit1397.c | 134 ++++++++++++++++++++++++---------------- + 5 files changed, 202 insertions(+), 180 deletions(-) + +diff --git a/lib/hostcheck.c b/lib/hostcheck.c +index e827dc58f378c..d061c6356f97f 100644 +--- a/lib/hostcheck.c ++++ b/lib/hostcheck.c +@@ -43,6 +43,17 @@ + /* The last #include file should be: */ + #include "memdebug.h" + ++/* check the two input strings with given length, but do not ++ assume they end in nul-bytes */ ++static int pmatch(const char *hostname, size_t hostlen, ++ const char *pattern, size_t patternlen) ++{ ++ if(hostlen != patternlen) ++ return CURL_HOST_NOMATCH; ++ return strncasecompare(hostname, pattern, hostlen) ? ++ CURL_HOST_MATCH : CURL_HOST_NOMATCH; ++} ++ + /* + * Match a hostname against a wildcard pattern. + * E.g. +@@ -65,26 +76,27 @@ + + static int hostmatch(char *hostname, char *pattern) + { +- const char *pattern_label_end, *pattern_wildcard, *hostname_label_end; +- int wildcard_enabled; +- size_t prefixlen, suffixlen; ++ size_t hostlen, patternlen; ++ const char *pattern_label_end; + struct in_addr ignored; + #ifdef ENABLE_IPV6 + struct sockaddr_in6 si6; + #endif + ++ DEBUGASSERT(pattern); ++ DEBUGASSERT(hostname); ++ ++ hostlen = strlen(hostname); ++ patternlen = strlen(pattern); ++ + /* normalize pattern and hostname by stripping off trailing dots */ +- size_t len = strlen(hostname); +- if(hostname[len-1]=='.') +- hostname[len-1] = 0; +- len = strlen(pattern); +- if(pattern[len-1]=='.') +- pattern[len-1] = 0; +- +- pattern_wildcard = strchr(pattern, '*'); +- if(pattern_wildcard == NULL) +- return strcasecompare(pattern, hostname) ? +- CURL_HOST_MATCH : CURL_HOST_NOMATCH; ++ if(hostname[hostlen-1]=='.') ++ hostname[hostlen-1] = 0; ++ if(pattern[patternlen-1]=='.') ++ pattern[patternlen-1] = 0; ++ ++ if(strncmp(pattern, "*.", 2)) ++ return pmatch(hostname, hostlen, pattern, patternlen); + + /* detect IP address as hostname and fail the match if so */ + if(Curl_inet_pton(AF_INET, hostname, &ignored) > 0) +@@ -96,34 +108,20 @@ static int hostmatch(char *hostname, char *pattern) + + /* We require at least 2 dots in pattern to avoid too wide wildcard + match. */ +- wildcard_enabled = 1; + pattern_label_end = strchr(pattern, '.'); +- if(pattern_label_end == NULL || strchr(pattern_label_end + 1, '.') == NULL || +- pattern_wildcard > pattern_label_end || +- strncasecompare(pattern, "xn--", 4)) { +- wildcard_enabled = 0; ++ if(pattern_label_end == NULL || ++ (strrchr(pattern, '.') == pattern_label_end)) ++ return pmatch(pattern, patternlen, hostname, hostlen); ++ ++ const char *hostname_label_end = strchr(hostname, '.'); ++ if(hostname_label_end != NULL) { ++ size_t skiphost = hostname_label_end - hostname; ++ size_t skiplen = pattern_label_end - pattern; ++ return pmatch(hostname_label_end, hostlen - skiphost, ++ pattern_label_end, patternlen - skiplen); + } +- if(!wildcard_enabled) +- return strcasecompare(pattern, hostname) ? +- CURL_HOST_MATCH : CURL_HOST_NOMATCH; +- +- hostname_label_end = strchr(hostname, '.'); +- if(hostname_label_end == NULL || +- !strcasecompare(pattern_label_end, hostname_label_end)) +- return CURL_HOST_NOMATCH; + +- /* The wildcard must match at least one character, so the left-most +- label of the hostname is at least as large as the left-most label +- of the pattern. */ +- if(hostname_label_end - hostname < pattern_label_end - pattern) +- return CURL_HOST_NOMATCH; +- +- prefixlen = pattern_wildcard - pattern; +- suffixlen = pattern_label_end - (pattern_wildcard + 1); +- return strncasecompare(pattern, hostname, prefixlen) && +- strncasecompare(pattern_wildcard + 1, hostname_label_end - suffixlen, +- suffixlen) ? +- CURL_HOST_MATCH : CURL_HOST_NOMATCH; ++ return CURL_HOST_NOMATCH; + } + + int Curl_cert_hostcheck(const char *match_pattern, const char *hostname) +diff --git a/tests/data/test1397 b/tests/data/test1397 +index 84f962abebee3..f31b2c2a3f330 100644 +--- a/tests/data/test1397 ++++ b/tests/data/test1397 +@@ -2,8 +2,7 @@ + + + unittest +-ssl +-wildcard ++Curl_cert_hostcheck + + + +@@ -15,10 +14,10 @@ none + + unittest + +- +-Check wildcard certificate matching function Curl_cert_hostcheck +- ++ ++Curl_cert_hostcheck unit tests ++ + + unit1397 + + +diff --git a/tests/unit/unit1397.c b/tests/unit/unit1397.c +index 2f3d3aa4d09e1..3ae75618d5d10 100644 +--- a/tests/unit/unit1397.c ++++ b/tests/unit/unit1397.c +@@ -21,8 +21,6 @@ + ***************************************************************************/ + #include "curlcheck.h" + +-#include "hostcheck.h" /* from the lib dir */ +- + static CURLcode unit_setup(void) + { + return CURLE_OK; +@@ -30,50 +28,93 @@ static CURLcode unit_setup(void) + + static void unit_stop(void) + { +- /* done before shutting down and exiting */ + } + +-UNITTEST_START +- + /* only these backends define the tested functions */ +-#if defined(USE_OPENSSL) || defined(USE_AXTLS) || defined(USE_GSKIT) +- +- /* here you start doing things and checking that the results are good */ ++#if defined(USE_OPENSSL) || defined(USE_GSKIT) || defined(USE_SCHANNEL) ++#include "hostcheck.h" ++struct testcase { ++ const char *host; ++ const char *pattern; ++ bool match; ++}; + +-fail_unless(Curl_cert_hostcheck("www.example.com", "www.example.com"), +- "good 1"); +-fail_unless(Curl_cert_hostcheck("*.example.com", "www.example.com"), +- "good 2"); +-fail_unless(Curl_cert_hostcheck("xxx*.example.com", "xxxwww.example.com"), +- "good 3"); +-fail_unless(Curl_cert_hostcheck("f*.example.com", "foo.example.com"), +- "good 4"); +-fail_unless(Curl_cert_hostcheck("192.168.0.0", "192.168.0.0"), +- "good 5"); +- +-fail_if(Curl_cert_hostcheck("xxx.example.com", "www.example.com"), "bad 1"); +-fail_if(Curl_cert_hostcheck("*", "www.example.com"), "bad 2"); +-fail_if(Curl_cert_hostcheck("*.*.com", "www.example.com"), "bad 3"); +-fail_if(Curl_cert_hostcheck("*.example.com", "baa.foo.example.com"), "bad 4"); +-fail_if(Curl_cert_hostcheck("f*.example.com", "baa.example.com"), "bad 5"); +-fail_if(Curl_cert_hostcheck("*.com", "example.com"), "bad 6"); +-fail_if(Curl_cert_hostcheck("*fail.com", "example.com"), "bad 7"); +-fail_if(Curl_cert_hostcheck("*.example.", "www.example."), "bad 8"); +-fail_if(Curl_cert_hostcheck("*.example.", "www.example"), "bad 9"); +-fail_if(Curl_cert_hostcheck("", "www"), "bad 10"); +-fail_if(Curl_cert_hostcheck("*", "www"), "bad 11"); +-fail_if(Curl_cert_hostcheck("*.168.0.0", "192.168.0.0"), "bad 12"); +-fail_if(Curl_cert_hostcheck("www.example.com", "192.168.0.0"), "bad 13"); +- +-#ifdef ENABLE_IPV6 +-fail_if(Curl_cert_hostcheck("*::3285:a9ff:fe46:b619", +- "fe80::3285:a9ff:fe46:b619"), "bad 14"); +-fail_unless(Curl_cert_hostcheck("fe80::3285:a9ff:fe46:b619", +- "fe80::3285:a9ff:fe46:b619"), "good 6"); +-#endif ++static struct testcase tests[] = { ++ {"", "", FALSE}, ++ {"a", "", FALSE}, ++ {"", "b", FALSE}, ++ {"a", "b", FALSE}, ++ {"aa", "bb", FALSE}, ++ {"\xff", "\xff", TRUE}, ++ {"aa.aa.aa", "aa.aa.bb", FALSE}, ++ {"aa.aa.aa", "aa.aa.aa", TRUE}, ++ {"aa.aa.aa", "*.aa.bb", FALSE}, ++ {"aa.aa.aa", "*.aa.aa", TRUE}, ++ {"192.168.0.1", "192.168.0.1", TRUE}, ++ {"192.168.0.1", "*.168.0.1", FALSE}, ++ {"192.168.0.1", "*.0.1", FALSE}, ++ {"h.ello", "*.ello", FALSE}, ++ {"h.ello.", "*.ello", FALSE}, ++ {"h.ello", "*.ello.", FALSE}, ++ {"h.e.llo", "*.e.llo", TRUE}, ++ {"h.e.llo", " *.e.llo", FALSE}, ++ {" h.e.llo", "*.e.llo", TRUE}, ++ {"h.e.llo.", "*.e.llo", TRUE}, ++ {"*.e.llo.", "*.e.llo", TRUE}, ++ {"************.e.llo.", "*.e.llo", TRUE}, ++ {"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" ++ "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB" ++ "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC" ++ "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD" ++ "EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE" ++ ".e.llo.", "*.e.llo", TRUE}, ++ {"\xfe\xfe.e.llo.", "*.e.llo", TRUE}, ++ {"h.e.llo.", "*.e.llo.", TRUE}, ++ {"h.e.llo", "*.e.llo.", TRUE}, ++ {".h.e.llo", "*.e.llo.", FALSE}, ++ {"h.e.llo", "*.*.llo.", FALSE}, ++ {"h.e.llo", "h.*.llo", FALSE}, ++ {"h.e.llo", "h.e.*", FALSE}, ++ {"hello", "*.ello", FALSE}, ++ {"hello", "**llo", FALSE}, ++ {"bar.foo.example.com", "*.example.com", FALSE}, ++ {"foo.example.com", "*.example.com", TRUE}, ++ {"baz.example.net", "b*z.example.net", FALSE}, ++ {"foobaz.example.net", "*baz.example.net", FALSE}, ++ {"xn--l8j.example.local", "x*.example.local", FALSE}, ++ {"xn--l8j.example.net", "*.example.net", TRUE}, ++ {"xn--l8j.example.net", "*j.example.net", FALSE}, ++ {"xn--l8j.example.net", "xn--l8j.example.net", TRUE}, ++ {"xn--l8j.example.net", "xn--l8j.*.net", FALSE}, ++ {"xl8j.example.net", "*.example.net", TRUE}, ++ {"fe80::3285:a9ff:fe46:b619", "*::3285:a9ff:fe46:b619", FALSE}, ++ {"fe80::3285:a9ff:fe46:b619", "fe80::3285:a9ff:fe46:b619", TRUE}, ++ {NULL, NULL, FALSE} ++}; + +-#endif ++UNITTEST_START ++{ ++ int i; ++ for(i = 0; tests[i].host; i++) { ++ if(tests[i].match != Curl_cert_hostcheck(tests[i].pattern, ++ strlen(tests[i].pattern), ++ tests[i].host, ++ strlen(tests[i].host))) { ++ fprintf(stderr, ++ "HOST: %s\n" ++ "PTRN: %s\n" ++ "did %sMATCH\n", ++ tests[i].host, ++ tests[i].pattern, ++ tests[i].match ? "NOT ": ""); ++ unitfail++; ++ } ++ } ++} ++UNITTEST_STOP ++#else + +- /* you end the test code like this: */ ++UNITTEST_START + + UNITTEST_STOP ++#endif diff --git a/SPECS/curl.spec b/SPECS/curl.spec index 22c6d96..74a23c0 100644 --- a/SPECS/curl.spec +++ b/SPECS/curl.spec @@ -1,7 +1,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 7.61.1 -Release: 30%{?dist}.2 +Release: 30%{?dist}.3 License: MIT Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz @@ -142,6 +142,15 @@ Patch48: 0048-curl-7.61.1-CVE-2023-27535.patch # sftp: do not specify O_APPEND when not in append mode (#2187717) Patch50: 0050-curl-7.61.1-sftp-upload-flags.patch +# fix GSS delegation too eager connection re-use +Patch51: 0051-curl-7.61.1-CVE-2023-27536.patch + +# rebuild certs with 2048-bit RSA keys +Patch52: 0052-curl-7.61.1-rebuilt-certs.patch + +# fix host name wildcard checking +Patch53: 0053-curl-7.61.1-CVE-2023-28321.patch + # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -364,6 +373,9 @@ sed -e 's|:8992/|:%{?__isa_bits}92/|g' -i tests/data/test97{3..6} %patch47 -p1 %patch48 -p1 %patch50 -p1 +%patch51 -p1 +git apply %{PATCH52} +%patch53 -p1 # make tests/*.py use Python 3 sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py @@ -526,6 +538,11 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Tue Jun 13 2023 Jacek Migacz - 7.61.1-30.el8_8.3 +- fix GSS delegation too eager connection re-use (CVE-2023-27536) +- rebuild certs with 2048-bit RSA keys +- fix host name wildcard checking (CVE-2023-28321) + * Thu Apr 20 2023 Kamil Dudka - 7.61.1-30.el8_8.2 - sftp: do not specify O_APPEND when not in append mode (#2187717)