gogrlx/nats-server
1
0
Fork 0
mirror of https://github.com/gogrlx/nats-server.git synced 2026-04-02 03:38:42 -07:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into dev

Browse Source 
Signed-off-by: Derek Collison <derek@nats.io>
This commit is contained in:
Derek Collison
2023-08-04 10:15:35 -07:00
parent 42752ec551 b2e7725aed
commit 8079495903
15 changed files with 1255 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

186
test/configs/certs/ocsp_peer/mini-ca/server2/TestServer3_bundle.pem Normal file
View File

@@ -0,0 +1,186 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3e:1f:9b:cd:c8:7b:95:f1:64:e6:41:9c:df:6e:03:da:92:9a:90:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=WA, L=Tacoma, O=Testnats, CN=Intermediate CA 2
Validity
Not Before: Aug 2 22:15:27 2023 GMT
Not After : Jul 30 22:15:27 2033 GMT
Subject: C=US, ST=WA, L=Tacoma, O=Testnats, CN=TestServer3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:9a:3c:db:76:c9:19:0f:7b:e6:d3:ed:d1:0b:76:
ae:15:d4:11:1c:66:b8:5d:2a:7d:e3:1f:65:d8:1b:
c4:63:62:f6:5c:8b:18:66:a8:1c:c2:a6:5e:72:f2:
dd:57:42:8a:ab:5d:bd:37:b6:f1:4b:51:f0:b3:6a:
37:e9:55:78:01:23:ea:53:09:83:2f:7d:59:36:ab:
33:4f:4c:bc:ef:a9:1c:db:94:79:4c:0d:4a:7c:3f:
9d:3c:ba:6c:76:82:47:25:eb:79:22:f4:09:6c:78:
3c:a6:ef:4b:30:90:29:b3:5f:ba:69:b1:1a:95:ed:
53:e0:c6:24:78:6e:52:af:8e:bc:db:4a:f0:19:d2:
00:5a:a8:b6:73:4c:17:92:d1:8d:81:9b:4c:b8:35:
4d:91:dd:df:d3:85:a6:9f:c4:91:19:ec:47:d1:ca:
4e:0b:c3:06:8c:27:42:95:83:e3:28:6a:3b:74:9c:
68:b0:55:a5:91:91:cb:37:ad:fa:d8:69:8b:de:2e:
4a:51:59:32:4b:3d:06:21:04:65:d2:f5:8b:e8:4d:
45:96:de:63:97:47:81:85:ea:48:f0:9d:23:2d:71:
87:6f:d2:75:3d:45:bf:de:ad:43:82:db:a5:29:9b:
f9:5e:38:0a:39:a9:38:71:ec:40:40:b5:dc:69:c7:
0b:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:47:8C:9E:F1:73:7E:34:B9:5B:1E:ED:AD:3A:87:42:80:D4:E3:FD
X509v3 Authority Key Identifier:
75:55:E2:8E:E7:AD:A5:DD:80:3D:C9:33:0B:2C:A2:57:77:ED:15:AC
X509v3 Basic Constraints: critical
CA:FALSE
Netscape Cert Type:
SSL Client, SSL Server
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://127.0.0.1:28888/intermediate2_crl.der
Authority Information Access:
OCSP - URI:http://127.0.0.1:28888/
X509v3 Subject Alternative Name:
DNS:localhost, IP Address:127.0.0.1
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
b9:b4:05:48:a6:ba:6c:99:8b:23:c4:9b:b3:8a:32:3f:ca:62:
89:81:1e:5d:04:ba:2d:22:a3:0f:5a:5d:a0:ab:40:a4:87:43:
26:36:0a:09:64:ef:f5:b0:a7:6f:7a:1f:cc:06:6c:f7:8d:9c:
64:5e:c2:ae:e7:45:39:dc:bc:87:06:e6:d5:aa:6b:32:76:51:
64:e1:ac:d9:9a:dd:17:47:9b:4e:31:1c:93:f5:c5:ca:d6:b7:
90:ff:64:97:59:df:2b:7f:ee:2d:7d:73:ef:95:ad:b5:1e:a9:
0c:48:38:29:0b:39:4f:05:fb:07:cf:ec:94:a3:b3:d5:eb:00:
ed:b2:b9:71:a0:59:b5:3f:7c:f5:20:90:54:a8:ea:36:4c:ae:
62:5b:2b:6d:05:8d:76:78:87:c9:90:f3:b2:d1:72:fc:87:f5:
28:4c:ec:19:50:0f:02:32:d4:57:75:d9:c1:b2:dc:0e:d4:9a:
3a:cd:48:70:1e:c4:2e:fd:4f:b0:89:6a:de:f0:90:91:23:16:
cd:04:fc:61:87:9c:c3:5c:7e:0f:19:ff:26:3e:fb:1b:65:2a:
49:ae:47:9f:d5:e6:c8:30:bb:13:b9:48:d0:67:57:0f:fb:c6:
df:1c:fc:82:3b:ae:1f:f7:25:c8:df:c0:c5:d1:8d:51:94:74:
30:be:fb:f7
-----BEGIN CERTIFICATE-----
MIIEYjCCA0qgAwIBAgIUPh+bzch7lfFk5kGc324D2pKakLcwDQYJKoZIhvcNAQEL
BQAwWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMQ8wDQYDVQQHDAZUYWNvbWEx
ETAPBgNVBAoMCFRlc3RuYXRzMRowGAYDVQQDDBFJbnRlcm1lZGlhdGUgQ0EgMjAe
Fw0yMzA4MDIyMjE1MjdaFw0zMzA3MzAyMjE1MjdaMFQxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIDAJXQTEPMA0GA1UEBwwGVGFjb21hMREwDwYDVQQKDAhUZXN0bmF0czEU
MBIGA1UEAwwLVGVzdFNlcnZlcjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCaPNt2yRkPe+bT7dELdq4V1BEcZrhdKn3jH2XYG8RjYvZcixhmqBzCpl5y
8t1XQoqrXb03tvFLUfCzajfpVXgBI+pTCYMvfVk2qzNPTLzvqRzblHlMDUp8P508
umx2gkcl63ki9AlseDym70swkCmzX7ppsRqV7VPgxiR4blKvjrzbSvAZ0gBaqLZz
TBeS0Y2Bm0y4NU2R3d/ThaafxJEZ7EfRyk4LwwaMJ0KVg+Moajt0nGiwVaWRkcs3
rfrYaYveLkpRWTJLPQYhBGXS9YvoTUWW3mOXR4GF6kjwnSMtcYdv0nU9Rb/erUOC
26Upm/leOAo5qThx7EBAtdxpxwtzAgMBAAGjggEkMIIBIDAdBgNVHQ4EFgQUf0eM
nvFzfjS5Wx7trTqHQoDU4/0wHwYDVR0jBBgwFoAUdVXijuetpd2APckzCyyiV3ft
FawwDAYDVR0TAQH/BAIwADARBglghkgBhvhCAQEEBAMCBsAwDgYDVR0PAQH/BAQD
AgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA9BgNVHR8ENjA0MDKg
MKAuhixodHRwOi8vMTI3LjAuMC4xOjI4ODg4L2ludGVybWVkaWF0ZTJfY3JsLmRl
cjAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly8xMjcuMC4wLjE6
Mjg4ODgvMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsF
AAOCAQEAubQFSKa6bJmLI8Sbs4oyP8piiYEeXQS6LSKjD1pdoKtApIdDJjYKCWTv
9bCnb3ofzAZs942cZF7CrudFOdy8hwbm1aprMnZRZOGs2ZrdF0ebTjEck/XFyta3
kP9kl1nfK3/uLX1z75WttR6pDEg4KQs5TwX7B8/slKOz1esA7bK5caBZtT989SCQ
VKjqNkyuYlsrbQWNdniHyZDzstFy/If1KEzsGVAPAjLUV3XZwbLcDtSaOs1IcB7E
Lv1PsIlq3vCQkSMWzQT8YYecw1x+Dxn/Jj77G2UqSa5Hn9XmyDC7E7lI0GdXD/vG
3xz8gjuuH/clyN/AxdGNUZR0ML779w==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3c:d7:16:fb:15:99:81:4e:53:f8:80:7c:b6:7c:77:a6:06:a4:3e:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=WA, L=Tacoma, O=Testnats, CN=Root CA
Validity
Not Before: May 1 19:01:43 2023 GMT
Not After : Apr 28 19:01:43 2033 GMT
Subject: C=US, ST=WA, L=Tacoma, O=Testnats, CN=Intermediate CA 2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:da:5f:ff:1d:f7:8d:1a:9e:9a:f3:2b:68:8f:c1:
0c:33:06:41:00:c9:3e:e4:1a:e1:e0:70:6a:f5:2f:
ad:df:f3:e9:99:ed:c5:d7:aa:93:13:37:ff:47:aa:
f3:c5:89:f7:b7:ad:3a:47:e5:9c:4e:9f:8c:e2:41:
ed:a4:7c:9d:88:32:ae:f5:8a:84:9f:0c:18:a0:b3:
fe:8e:dc:2a:88:6a:f5:2f:9c:86:92:fa:7b:6e:b3:
5a:78:67:53:0b:21:6c:0d:6c:80:1a:0e:1e:ee:06:
c4:d2:e7:24:c6:e5:74:be:1e:2e:17:55:2b:e5:9f:
0b:a0:58:cc:fe:bf:53:37:f7:dc:95:88:f4:77:a6:
59:b4:b8:7c:a2:4b:b7:6a:67:aa:84:dc:29:f1:f9:
d7:89:05:4d:0b:f3:8b:2d:52:99:57:ed:6f:11:9e:
af:28:a3:61:44:c2:ec:6e:7f:9f:3d:0b:dc:f7:19:
6d:14:8a:a5:b8:b6:29:02:34:90:b4:96:c1:cb:a7:
42:46:97:cf:8d:59:fd:17:b1:a6:27:a7:7b:8a:47:
6f:fa:03:24:1c:12:25:ee:34:d6:5c:da:45:98:23:
30:e1:48:c9:9a:df:37:aa:1b:70:6c:b2:0f:95:39:
d6:6d:3e:25:20:a8:07:2c:48:57:0c:99:52:cb:89:
08:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:55:E2:8E:E7:AD:A5:DD:80:3D:C9:33:0B:2C:A2:57:77:ED:15:AC
X509v3 Authority Key Identifier:
C3:12:42:BA:A9:D8:4D:E0:C3:3E:BA:D7:47:41:A6:09:2F:6D:B4:E1
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
X509v3 CRL Distribution Points:
Full Name:
URI:http://127.0.0.1:8888/root_crl.der
Authority Information Access:
OCSP - URI:http://127.0.0.1:8888/
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
1f:c6:fc:1c:a1:a5:6d:76:f0:7d:28:1f:e1:15:ab:86:e0:c3:
dd:a0:17:96:0a:c0:16:32:52:37:a4:b6:ad:24:d7:fd:3c:01:
34:3b:a9:a2:ea:81:05:e7:06:5f:a3:af:7b:fa:b2:a9:c3:63:
89:bb:0c:70:48:e9:73:cc:33:64:cd:b3:71:88:d1:d1:a1:5a:
22:a6:ed:03:46:8e:9a:c0:92:37:46:9b:e5:37:78:a5:43:d5:
46:99:1b:34:40:27:8f:95:dd:c6:9a:55:d9:60:25:8d:b8:e9:
6e:c9:b3:ee:e8:f0:d9:11:ef:4e:ae:1e:03:70:03:60:66:fd:
ab:b0:f4:74:b6:27:7c:7a:96:9d:86:58:5f:5c:d3:04:ab:16:
57:12:53:51:c7:93:ca:0b:4e:67:27:2d:b7:20:79:b6:b7:8c:
e7:c3:d9:25:5e:25:63:cf:93:f0:6e:31:c0:d5:4f:05:1c:8d:
14:1b:6a:d5:01:b6:7a:09:6f:38:f3:e5:e2:5a:e4:e2:42:d5:
8a:8d:de:ef:73:25:85:3c:e3:a9:ef:f7:f7:23:4f:d3:27:c2:
3a:c6:c0:6f:2a:9b:1e:fe:fc:31:73:10:e1:08:62:98:2b:6d:
2f:cc:ab:dd:3a:65:c2:00:7f:29:18:32:cd:8f:56:a9:1d:86:
f1:5e:60:55
-----BEGIN CERTIFICATE-----
MIIECTCCAvGgAwIBAgIUPNcW+xWZgU5T+IB8tnx3pgakPuowDQYJKoZIhvcNAQEL
BQAwUDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMQ8wDQYDVQQHDAZUYWNvbWEx
ETAPBgNVBAoMCFRlc3RuYXRzMRAwDgYDVQQDDAdSb290IENBMB4XDTIzMDUwMTE5
MDE0M1oXDTMzMDQyODE5MDE0M1owWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldB
MQ8wDQYDVQQHDAZUYWNvbWExETAPBgNVBAoMCFRlc3RuYXRzMRowGAYDVQQDDBFJ
bnRlcm1lZGlhdGUgQ0EgMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
ANpf/x33jRqemvMraI/BDDMGQQDJPuQa4eBwavUvrd/z6ZntxdeqkxM3/0eq88WJ
97etOkflnE6fjOJB7aR8nYgyrvWKhJ8MGKCz/o7cKohq9S+chpL6e26zWnhnUwsh
bA1sgBoOHu4GxNLnJMbldL4eLhdVK+WfC6BYzP6/Uzf33JWI9HemWbS4fKJLt2pn
qoTcKfH514kFTQvziy1SmVftbxGeryijYUTC7G5/nz0L3PcZbRSKpbi2KQI0kLSW
wcunQkaXz41Z/Rexpiene4pHb/oDJBwSJe401lzaRZgjMOFIyZrfN6obcGyyD5U5
1m0+JSCoByxIVwyZUsuJCEECAwEAAaOB0DCBzTAdBgNVHQ4EFgQUdVXijuetpd2A
PckzCyyiV3ftFawwHwYDVR0jBBgwFoAUwxJCuqnYTeDDPrrXR0GmCS9ttOEwEgYD
VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwMwYDVR0fBCwwKjAooCag
JIYiaHR0cDovLzEyNy4wLjAuMTo4ODg4L3Jvb3RfY3JsLmRlcjAyBggrBgEFBQcB
AQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6ODg4OC8wDQYJKoZI
hvcNAQELBQADggEBAB/G/ByhpW128H0oH+EVq4bgw92gF5YKwBYyUjektq0k1/08
ATQ7qaLqgQXnBl+jr3v6sqnDY4m7DHBI6XPMM2TNs3GI0dGhWiKm7QNGjprAkjdG
m+U3eKVD1UaZGzRAJ4+V3caaVdlgJY246W7Js+7o8NkR706uHgNwA2Bm/auw9HS2
J3x6lp2GWF9c0wSrFlcSU1HHk8oLTmcnLbcgeba3jOfD2SVeJWPPk/BuMcDVTwUc
jRQbatUBtnoJbzjz5eJa5OJC1YqN3u9zJYU846nv9/cjT9MnwjrGwG8qmx7+/DFz
EOEIYpgrbS/Mq906ZcIAfykYMs2PVqkdhvFeYFU=
-----END CERTIFICATE-----

97
test/configs/certs/ocsp_peer/mini-ca/server2/TestServer3_cert.pem Normal file
View File

@@ -0,0 +1,97 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3e:1f:9b:cd:c8:7b:95:f1:64:e6:41:9c:df:6e:03:da:92:9a:90:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=WA, L=Tacoma, O=Testnats, CN=Intermediate CA 2
Validity
Not Before: Aug 2 22:15:27 2023 GMT
Not After : Jul 30 22:15:27 2033 GMT
Subject: C=US, ST=WA, L=Tacoma, O=Testnats, CN=TestServer3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:9a:3c:db:76:c9:19:0f:7b:e6:d3:ed:d1:0b:76:
ae:15:d4:11:1c:66:b8:5d:2a:7d:e3:1f:65:d8:1b:
c4:63:62:f6:5c:8b:18:66:a8:1c:c2:a6:5e:72:f2:
dd:57:42:8a:ab:5d:bd:37:b6:f1:4b:51:f0:b3:6a:
37:e9:55:78:01:23:ea:53:09:83:2f:7d:59:36:ab:
33:4f:4c:bc:ef:a9:1c:db:94:79:4c:0d:4a:7c:3f:
9d:3c:ba:6c:76:82:47:25:eb:79:22:f4:09:6c:78:
3c:a6:ef:4b:30:90:29:b3:5f:ba:69:b1:1a:95:ed:
53:e0:c6:24:78:6e:52:af:8e:bc:db:4a:f0:19:d2:
00:5a:a8:b6:73:4c:17:92:d1:8d:81:9b:4c:b8:35:
4d:91:dd:df:d3:85:a6:9f:c4:91:19:ec:47:d1:ca:
4e:0b:c3:06:8c:27:42:95:83:e3:28:6a:3b:74:9c:
68:b0:55:a5:91:91:cb:37:ad:fa:d8:69:8b:de:2e:
4a:51:59:32:4b:3d:06:21:04:65:d2:f5:8b:e8:4d:
45:96:de:63:97:47:81:85:ea:48:f0:9d:23:2d:71:
87:6f:d2:75:3d:45:bf:de:ad:43:82:db:a5:29:9b:
f9:5e:38:0a:39:a9:38:71:ec:40:40:b5:dc:69:c7:
0b:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:47:8C:9E:F1:73:7E:34:B9:5B:1E:ED:AD:3A:87:42:80:D4:E3:FD
X509v3 Authority Key Identifier:
75:55:E2:8E:E7:AD:A5:DD:80:3D:C9:33:0B:2C:A2:57:77:ED:15:AC
X509v3 Basic Constraints: critical
CA:FALSE
Netscape Cert Type:
SSL Client, SSL Server
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://127.0.0.1:28888/intermediate2_crl.der
Authority Information Access:
OCSP - URI:http://127.0.0.1:28888/
X509v3 Subject Alternative Name:
DNS:localhost, IP Address:127.0.0.1
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
b9:b4:05:48:a6:ba:6c:99:8b:23:c4:9b:b3:8a:32:3f:ca:62:
89:81:1e:5d:04:ba:2d:22:a3:0f:5a:5d:a0:ab:40:a4:87:43:
26:36:0a:09:64:ef:f5:b0:a7:6f:7a:1f:cc:06:6c:f7:8d:9c:
64:5e:c2:ae:e7:45:39:dc:bc:87:06:e6:d5:aa:6b:32:76:51:
64:e1:ac:d9:9a:dd:17:47:9b:4e:31:1c:93:f5:c5:ca:d6:b7:
90:ff:64:97:59:df:2b:7f:ee:2d:7d:73:ef:95:ad:b5:1e:a9:
0c:48:38:29:0b:39:4f:05:fb:07:cf:ec:94:a3:b3:d5:eb:00:
ed:b2:b9:71:a0:59:b5:3f:7c:f5:20:90:54:a8:ea:36:4c:ae:
62:5b:2b:6d:05:8d:76:78:87:c9:90:f3:b2:d1:72:fc:87:f5:
28:4c:ec:19:50:0f:02:32:d4:57:75:d9:c1:b2:dc:0e:d4:9a:
3a:cd:48:70:1e:c4:2e:fd:4f:b0:89:6a:de:f0:90:91:23:16:
cd:04:fc:61:87:9c:c3:5c:7e:0f:19:ff:26:3e:fb:1b:65:2a:
49:ae:47:9f:d5:e6:c8:30:bb:13:b9:48:d0:67:57:0f:fb:c6:
df:1c:fc:82:3b:ae:1f:f7:25:c8:df:c0:c5:d1:8d:51:94:74:
30:be:fb:f7
-----BEGIN CERTIFICATE-----
MIIEYjCCA0qgAwIBAgIUPh+bzch7lfFk5kGc324D2pKakLcwDQYJKoZIhvcNAQEL
BQAwWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMQ8wDQYDVQQHDAZUYWNvbWEx
ETAPBgNVBAoMCFRlc3RuYXRzMRowGAYDVQQDDBFJbnRlcm1lZGlhdGUgQ0EgMjAe
Fw0yMzA4MDIyMjE1MjdaFw0zMzA3MzAyMjE1MjdaMFQxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIDAJXQTEPMA0GA1UEBwwGVGFjb21hMREwDwYDVQQKDAhUZXN0bmF0czEU
MBIGA1UEAwwLVGVzdFNlcnZlcjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCaPNt2yRkPe+bT7dELdq4V1BEcZrhdKn3jH2XYG8RjYvZcixhmqBzCpl5y
8t1XQoqrXb03tvFLUfCzajfpVXgBI+pTCYMvfVk2qzNPTLzvqRzblHlMDUp8P508
umx2gkcl63ki9AlseDym70swkCmzX7ppsRqV7VPgxiR4blKvjrzbSvAZ0gBaqLZz
TBeS0Y2Bm0y4NU2R3d/ThaafxJEZ7EfRyk4LwwaMJ0KVg+Moajt0nGiwVaWRkcs3
rfrYaYveLkpRWTJLPQYhBGXS9YvoTUWW3mOXR4GF6kjwnSMtcYdv0nU9Rb/erUOC
26Upm/leOAo5qThx7EBAtdxpxwtzAgMBAAGjggEkMIIBIDAdBgNVHQ4EFgQUf0eM
nvFzfjS5Wx7trTqHQoDU4/0wHwYDVR0jBBgwFoAUdVXijuetpd2APckzCyyiV3ft
FawwDAYDVR0TAQH/BAIwADARBglghkgBhvhCAQEEBAMCBsAwDgYDVR0PAQH/BAQD
AgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA9BgNVHR8ENjA0MDKg
MKAuhixodHRwOi8vMTI3LjAuMC4xOjI4ODg4L2ludGVybWVkaWF0ZTJfY3JsLmRl
cjAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly8xMjcuMC4wLjE6
Mjg4ODgvMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsF
AAOCAQEAubQFSKa6bJmLI8Sbs4oyP8piiYEeXQS6LSKjD1pdoKtApIdDJjYKCWTv
9bCnb3ofzAZs942cZF7CrudFOdy8hwbm1aprMnZRZOGs2ZrdF0ebTjEck/XFyta3
kP9kl1nfK3/uLX1z75WttR6pDEg4KQs5TwX7B8/slKOz1esA7bK5caBZtT989SCQ
VKjqNkyuYlsrbQWNdniHyZDzstFy/If1KEzsGVAPAjLUV3XZwbLcDtSaOs1IcB7E
Lv1PsIlq3vCQkSMWzQT8YYecw1x+Dxn/Jj77G2UqSa5Hn9XmyDC7E7lI0GdXD/vG
3xz8gjuuH/clyN/AxdGNUZR0ML779w==
-----END CERTIFICATE-----

186
test/configs/certs/ocsp_peer/mini-ca/server2/TestServer4_bundle.pem Normal file
View File

@@ -0,0 +1,186 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
16:5e:ab:1c:8b:dc:fc:97:d9:34:9d:fd:cd:7d:b3:3c:51:83:ce:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=WA, L=Tacoma, O=Testnats, CN=Intermediate CA 2
Validity
Not Before: Aug 2 22:15:38 2023 GMT
Not After : Jul 30 22:15:38 2033 GMT
Subject: C=US, ST=WA, L=Tacoma, O=Testnats, CN=TestServer4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d5:fd:fb:3f:42:c7:ca:02:37:72:6e:78:d5:af:
8d:b4:4d:f4:4c:0c:8f:8f:67:da:62:c0:2a:0f:f3:
73:3b:83:c1:3a:df:9e:df:1d:26:12:95:41:ca:52:
88:4d:8b:38:7f:78:ce:ed:aa:48:b0:dc:57:62:80:
7a:fc:1f:43:c8:d8:2d:4f:38:c3:22:fc:bb:16:53:
84:9e:44:0c:f9:51:00:a0:57:97:3f:df:57:08:48:
3b:2b:55:b3:90:98:98:e6:a6:eb:ca:8f:ec:f8:4f:
dc:4d:7e:71:2e:03:ff:cd:fa:ef:65:7e:6d:8c:35:
be:df:fb:c1:0b:e9:f0:3b:89:24:4d:b4:02:7f:82:
8e:0a:34:ea:a8:68:9e:f8:4b:39:9a:8f:d5:eb:bc:
59:68:c9:f0:a5:eb:e9:be:7c:03:49:bd:b5:d9:54:
cf:88:29:b0:2c:a3:e9:08:b6:66:37:57:ef:66:5f:
6b:0f:34:6d:02:bf:92:2b:cc:e9:9d:c0:a8:92:0d:
76:8f:ae:f6:3f:24:38:e9:5b:fc:12:a2:ab:fa:42:
3f:5a:05:e3:5e:bb:08:43:5d:55:18:17:13:0a:27:
84:5f:05:69:18:a9:45:68:37:a7:35:f9:8c:ef:c5:
9f:b1:8d:aa:3c:b7:cc:47:b6:e5:85:e2:73:f5:8a:
5a:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:BB:A1:42:EA:15:3E:0E:D1:48:5F:B5:E2:01:42:D0:72:BE:B0:CE
X509v3 Authority Key Identifier:
75:55:E2:8E:E7:AD:A5:DD:80:3D:C9:33:0B:2C:A2:57:77:ED:15:AC
X509v3 Basic Constraints: critical
CA:FALSE
Netscape Cert Type:
SSL Client, SSL Server
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://127.0.0.1:28888/intermediate2_crl.der
Authority Information Access:
OCSP - URI:http://127.0.0.1:28888/
X509v3 Subject Alternative Name:
DNS:localhost, IP Address:127.0.0.1
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
85:c2:1a:b0:94:8b:a0:f8:2c:85:1e:17:88:4e:ca:2c:d1:f6:
69:26:e3:a6:94:9f:62:eb:68:54:da:2b:f2:67:23:be:4b:95:
56:28:08:7a:52:8e:b3:b2:70:2f:c9:db:06:74:b4:8b:8e:84:
23:0a:74:f7:c1:67:81:69:11:36:2b:0e:4c:0f:2c:76:e6:2d:
50:f3:e8:59:0d:3a:6c:30:eb:31:16:74:c8:34:d1:62:97:6b:
1e:2f:5c:56:b0:6e:bc:5e:08:8f:d4:ce:4a:d3:8e:91:70:7d:
18:d4:3f:40:39:39:67:95:68:f7:16:c6:19:69:41:c2:20:2e:
45:e3:9d:31:c2:da:67:8d:2c:1f:a2:3f:1e:46:23:19:fd:25:
16:69:5c:80:09:1b:f7:7f:50:47:1d:d9:6b:aa:7b:0f:20:8d:
5a:f4:37:f0:c3:a7:31:5f:4d:41:70:c8:c4:aa:2a:69:d0:a8:
7b:3c:cc:b4:a4:12:54:a3:bf:ce:ea:22:20:58:ae:eb:29:f3:
15:da:22:05:46:cd:26:ef:63:84:4a:5b:86:47:fe:cb:fa:4a:
0c:fe:82:e0:db:81:dc:3e:87:8f:93:23:32:de:37:3d:d7:0f:
6c:f1:74:63:8b:11:b7:f3:69:b7:d6:e0:72:b2:1d:e1:15:10:
7d:2e:97:de
-----BEGIN CERTIFICATE-----
MIIEYjCCA0qgAwIBAgIUFl6rHIvc/JfZNJ39zX2zPFGDztIwDQYJKoZIhvcNAQEL
BQAwWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMQ8wDQYDVQQHDAZUYWNvbWEx
ETAPBgNVBAoMCFRlc3RuYXRzMRowGAYDVQQDDBFJbnRlcm1lZGlhdGUgQ0EgMjAe
Fw0yMzA4MDIyMjE1MzhaFw0zMzA3MzAyMjE1MzhaMFQxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIDAJXQTEPMA0GA1UEBwwGVGFjb21hMREwDwYDVQQKDAhUZXN0bmF0czEU
MBIGA1UEAwwLVGVzdFNlcnZlcjQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDV/fs/QsfKAjdybnjVr420TfRMDI+PZ9piwCoP83M7g8E6357fHSYSlUHK
UohNizh/eM7tqkiw3FdigHr8H0PI2C1POMMi/LsWU4SeRAz5UQCgV5c/31cISDsr
VbOQmJjmpuvKj+z4T9xNfnEuA//N+u9lfm2MNb7f+8EL6fA7iSRNtAJ/go4KNOqo
aJ74Szmaj9XrvFloyfCl6+m+fANJvbXZVM+IKbAso+kItmY3V+9mX2sPNG0Cv5Ir
zOmdwKiSDXaPrvY/JDjpW/wSoqv6Qj9aBeNeuwhDXVUYFxMKJ4RfBWkYqUVoN6c1
+YzvxZ+xjao8t8xHtuWF4nP1ilpxAgMBAAGjggEkMIIBIDAdBgNVHQ4EFgQUxLuh
QuoVPg7RSF+14gFC0HK+sM4wHwYDVR0jBBgwFoAUdVXijuetpd2APckzCyyiV3ft
FawwDAYDVR0TAQH/BAIwADARBglghkgBhvhCAQEEBAMCBsAwDgYDVR0PAQH/BAQD
AgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA9BgNVHR8ENjA0MDKg
MKAuhixodHRwOi8vMTI3LjAuMC4xOjI4ODg4L2ludGVybWVkaWF0ZTJfY3JsLmRl
cjAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly8xMjcuMC4wLjE6
Mjg4ODgvMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsF
AAOCAQEAhcIasJSLoPgshR4XiE7KLNH2aSbjppSfYutoVNor8mcjvkuVVigIelKO
s7JwL8nbBnS0i46EIwp098FngWkRNisOTA8sduYtUPPoWQ06bDDrMRZ0yDTRYpdr
Hi9cVrBuvF4Ij9TOStOOkXB9GNQ/QDk5Z5Vo9xbGGWlBwiAuReOdMcLaZ40sH6I/
HkYjGf0lFmlcgAkb939QRx3Za6p7DyCNWvQ38MOnMV9NQXDIxKoqadCoezzMtKQS
VKO/zuoiIFiu6ynzFdoiBUbNJu9jhEpbhkf+y/pKDP6C4NuB3D6Hj5MjMt43PdcP
bPF0Y4sRt/Npt9bgcrId4RUQfS6X3g==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3c:d7:16:fb:15:99:81:4e:53:f8:80:7c:b6:7c:77:a6:06:a4:3e:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=WA, L=Tacoma, O=Testnats, CN=Root CA
Validity
Not Before: May 1 19:01:43 2023 GMT
Not After : Apr 28 19:01:43 2033 GMT
Subject: C=US, ST=WA, L=Tacoma, O=Testnats, CN=Intermediate CA 2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:da:5f:ff:1d:f7:8d:1a:9e:9a:f3:2b:68:8f:c1:
0c:33:06:41:00:c9:3e:e4:1a:e1:e0:70:6a:f5:2f:
ad:df:f3:e9:99:ed:c5:d7:aa:93:13:37:ff:47:aa:
f3:c5:89:f7:b7:ad:3a:47:e5:9c:4e:9f:8c:e2:41:
ed:a4:7c:9d:88:32:ae:f5:8a:84:9f:0c:18:a0:b3:
fe:8e:dc:2a:88:6a:f5:2f:9c:86:92:fa:7b:6e:b3:
5a:78:67:53:0b:21:6c:0d:6c:80:1a:0e:1e:ee:06:
c4:d2:e7:24:c6:e5:74:be:1e:2e:17:55:2b:e5:9f:
0b:a0:58:cc:fe:bf:53:37:f7:dc:95:88:f4:77:a6:
59:b4:b8:7c:a2:4b:b7:6a:67:aa:84:dc:29:f1:f9:
d7:89:05:4d:0b:f3:8b:2d:52:99:57:ed:6f:11:9e:
af:28:a3:61:44:c2:ec:6e:7f:9f:3d:0b:dc:f7:19:
6d:14:8a:a5:b8:b6:29:02:34:90:b4:96:c1:cb:a7:
42:46:97:cf:8d:59:fd:17:b1:a6:27:a7:7b:8a:47:
6f:fa:03:24:1c:12:25:ee:34:d6:5c:da:45:98:23:
30:e1:48:c9:9a:df:37:aa:1b:70:6c:b2:0f:95:39:
d6:6d:3e:25:20:a8:07:2c:48:57:0c:99:52:cb:89:
08:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:55:E2:8E:E7:AD:A5:DD:80:3D:C9:33:0B:2C:A2:57:77:ED:15:AC
X509v3 Authority Key Identifier:
C3:12:42:BA:A9:D8:4D:E0:C3:3E:BA:D7:47:41:A6:09:2F:6D:B4:E1
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
X509v3 CRL Distribution Points:
Full Name:
URI:http://127.0.0.1:8888/root_crl.der
Authority Information Access:
OCSP - URI:http://127.0.0.1:8888/
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
1f:c6:fc:1c:a1:a5:6d:76:f0:7d:28:1f:e1:15:ab:86:e0:c3:
dd:a0:17:96:0a:c0:16:32:52:37:a4:b6:ad:24:d7:fd:3c:01:
34:3b:a9:a2:ea:81:05:e7:06:5f:a3:af:7b:fa:b2:a9:c3:63:
89:bb:0c:70:48:e9:73:cc:33:64:cd:b3:71:88:d1:d1:a1:5a:
22:a6:ed:03:46:8e:9a:c0:92:37:46:9b:e5:37:78:a5:43:d5:
46:99:1b:34:40:27:8f:95:dd:c6:9a:55:d9:60:25:8d:b8:e9:
6e:c9:b3:ee:e8:f0:d9:11:ef:4e:ae:1e:03:70:03:60:66:fd:
ab:b0:f4:74:b6:27:7c:7a:96:9d:86:58:5f:5c:d3:04:ab:16:
57:12:53:51:c7:93:ca:0b:4e:67:27:2d:b7:20:79:b6:b7:8c:
e7:c3:d9:25:5e:25:63:cf:93:f0:6e:31:c0:d5:4f:05:1c:8d:
14:1b:6a:d5:01:b6:7a:09:6f:38:f3:e5:e2:5a:e4:e2:42:d5:
8a:8d:de:ef:73:25:85:3c:e3:a9:ef:f7:f7:23:4f:d3:27:c2:
3a:c6:c0:6f:2a:9b:1e:fe:fc:31:73:10:e1:08:62:98:2b:6d:
2f:cc:ab:dd:3a:65:c2:00:7f:29:18:32:cd:8f:56:a9:1d:86:
f1:5e:60:55
-----BEGIN CERTIFICATE-----
MIIECTCCAvGgAwIBAgIUPNcW+xWZgU5T+IB8tnx3pgakPuowDQYJKoZIhvcNAQEL
BQAwUDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMQ8wDQYDVQQHDAZUYWNvbWEx
ETAPBgNVBAoMCFRlc3RuYXRzMRAwDgYDVQQDDAdSb290IENBMB4XDTIzMDUwMTE5
MDE0M1oXDTMzMDQyODE5MDE0M1owWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldB
MQ8wDQYDVQQHDAZUYWNvbWExETAPBgNVBAoMCFRlc3RuYXRzMRowGAYDVQQDDBFJ
bnRlcm1lZGlhdGUgQ0EgMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
ANpf/x33jRqemvMraI/BDDMGQQDJPuQa4eBwavUvrd/z6ZntxdeqkxM3/0eq88WJ
97etOkflnE6fjOJB7aR8nYgyrvWKhJ8MGKCz/o7cKohq9S+chpL6e26zWnhnUwsh
bA1sgBoOHu4GxNLnJMbldL4eLhdVK+WfC6BYzP6/Uzf33JWI9HemWbS4fKJLt2pn
qoTcKfH514kFTQvziy1SmVftbxGeryijYUTC7G5/nz0L3PcZbRSKpbi2KQI0kLSW
wcunQkaXz41Z/Rexpiene4pHb/oDJBwSJe401lzaRZgjMOFIyZrfN6obcGyyD5U5
1m0+JSCoByxIVwyZUsuJCEECAwEAAaOB0DCBzTAdBgNVHQ4EFgQUdVXijuetpd2A
PckzCyyiV3ftFawwHwYDVR0jBBgwFoAUwxJCuqnYTeDDPrrXR0GmCS9ttOEwEgYD
VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwMwYDVR0fBCwwKjAooCag
JIYiaHR0cDovLzEyNy4wLjAuMTo4ODg4L3Jvb3RfY3JsLmRlcjAyBggrBgEFBQcB
AQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6ODg4OC8wDQYJKoZI
hvcNAQELBQADggEBAB/G/ByhpW128H0oH+EVq4bgw92gF5YKwBYyUjektq0k1/08
ATQ7qaLqgQXnBl+jr3v6sqnDY4m7DHBI6XPMM2TNs3GI0dGhWiKm7QNGjprAkjdG
m+U3eKVD1UaZGzRAJ4+V3caaVdlgJY246W7Js+7o8NkR706uHgNwA2Bm/auw9HS2
J3x6lp2GWF9c0wSrFlcSU1HHk8oLTmcnLbcgeba3jOfD2SVeJWPPk/BuMcDVTwUc
jRQbatUBtnoJbzjz5eJa5OJC1YqN3u9zJYU846nv9/cjT9MnwjrGwG8qmx7+/DFz
EOEIYpgrbS/Mq906ZcIAfykYMs2PVqkdhvFeYFU=
-----END CERTIFICATE-----

97
test/configs/certs/ocsp_peer/mini-ca/server2/TestServer4_cert.pem Normal file
View File

@@ -0,0 +1,97 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
16:5e:ab:1c:8b:dc:fc:97:d9:34:9d:fd:cd:7d:b3:3c:51:83:ce:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=WA, L=Tacoma, O=Testnats, CN=Intermediate CA 2
Validity
Not Before: Aug 2 22:15:38 2023 GMT
Not After : Jul 30 22:15:38 2033 GMT
Subject: C=US, ST=WA, L=Tacoma, O=Testnats, CN=TestServer4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d5:fd:fb:3f:42:c7:ca:02:37:72:6e:78:d5:af:
8d:b4:4d:f4:4c:0c:8f:8f:67:da:62:c0:2a:0f:f3:
73:3b:83:c1:3a:df:9e:df:1d:26:12:95:41:ca:52:
88:4d:8b:38:7f:78:ce:ed:aa:48:b0:dc:57:62:80:
7a:fc:1f:43:c8:d8:2d:4f:38:c3:22:fc:bb:16:53:
84:9e:44:0c:f9:51:00:a0:57:97:3f:df:57:08:48:
3b:2b:55:b3:90:98:98:e6:a6:eb:ca:8f:ec:f8:4f:
dc:4d:7e:71:2e:03:ff:cd:fa:ef:65:7e:6d:8c:35:
be:df:fb:c1:0b:e9:f0:3b:89:24:4d:b4:02:7f:82:
8e:0a:34:ea:a8:68:9e:f8:4b:39:9a:8f:d5:eb:bc:
59:68:c9:f0:a5:eb:e9:be:7c:03:49:bd:b5:d9:54:
cf:88:29:b0:2c:a3:e9:08:b6:66:37:57:ef:66:5f:
6b:0f:34:6d:02:bf:92:2b:cc:e9:9d:c0:a8:92:0d:
76:8f:ae:f6:3f:24:38:e9:5b:fc:12:a2:ab:fa:42:
3f:5a:05:e3:5e:bb:08:43:5d:55:18:17:13:0a:27:
84:5f:05:69:18:a9:45:68:37:a7:35:f9:8c:ef:c5:
9f:b1:8d:aa:3c:b7:cc:47:b6:e5:85:e2:73:f5:8a:
5a:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:BB:A1:42:EA:15:3E:0E:D1:48:5F:B5:E2:01:42:D0:72:BE:B0:CE
X509v3 Authority Key Identifier:
75:55:E2:8E:E7:AD:A5:DD:80:3D:C9:33:0B:2C:A2:57:77:ED:15:AC
X509v3 Basic Constraints: critical
CA:FALSE
Netscape Cert Type:
SSL Client, SSL Server
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://127.0.0.1:28888/intermediate2_crl.der
Authority Information Access:
OCSP - URI:http://127.0.0.1:28888/
X509v3 Subject Alternative Name:
DNS:localhost, IP Address:127.0.0.1
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
85:c2:1a:b0:94:8b:a0:f8:2c:85:1e:17:88:4e:ca:2c:d1:f6:
69:26:e3:a6:94:9f:62:eb:68:54:da:2b:f2:67:23:be:4b:95:
56:28:08:7a:52:8e:b3:b2:70:2f:c9:db:06:74:b4:8b:8e:84:
23:0a:74:f7:c1:67:81:69:11:36:2b:0e:4c:0f:2c:76:e6:2d:
50:f3:e8:59:0d:3a:6c:30:eb:31:16:74:c8:34:d1:62:97:6b:
1e:2f:5c:56:b0:6e:bc:5e:08:8f:d4:ce:4a:d3:8e:91:70:7d:
18:d4:3f:40:39:39:67:95:68:f7:16:c6:19:69:41:c2:20:2e:
45:e3:9d:31:c2:da:67:8d:2c:1f:a2:3f:1e:46:23:19:fd:25:
16:69:5c:80:09:1b:f7:7f:50:47:1d:d9:6b:aa:7b:0f:20:8d:
5a:f4:37:f0:c3:a7:31:5f:4d:41:70:c8:c4:aa:2a:69:d0:a8:
7b:3c:cc:b4:a4:12:54:a3:bf:ce:ea:22:20:58:ae:eb:29:f3:
15:da:22:05:46:cd:26:ef:63:84:4a:5b:86:47:fe:cb:fa:4a:
0c:fe:82:e0:db:81:dc:3e:87:8f:93:23:32:de:37:3d:d7:0f:
6c:f1:74:63:8b:11:b7:f3:69:b7:d6:e0:72:b2:1d:e1:15:10:
7d:2e:97:de
-----BEGIN CERTIFICATE-----
MIIEYjCCA0qgAwIBAgIUFl6rHIvc/JfZNJ39zX2zPFGDztIwDQYJKoZIhvcNAQEL
BQAwWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMQ8wDQYDVQQHDAZUYWNvbWEx
ETAPBgNVBAoMCFRlc3RuYXRzMRowGAYDVQQDDBFJbnRlcm1lZGlhdGUgQ0EgMjAe
Fw0yMzA4MDIyMjE1MzhaFw0zMzA3MzAyMjE1MzhaMFQxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIDAJXQTEPMA0GA1UEBwwGVGFjb21hMREwDwYDVQQKDAhUZXN0bmF0czEU
MBIGA1UEAwwLVGVzdFNlcnZlcjQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDV/fs/QsfKAjdybnjVr420TfRMDI+PZ9piwCoP83M7g8E6357fHSYSlUHK
UohNizh/eM7tqkiw3FdigHr8H0PI2C1POMMi/LsWU4SeRAz5UQCgV5c/31cISDsr
VbOQmJjmpuvKj+z4T9xNfnEuA//N+u9lfm2MNb7f+8EL6fA7iSRNtAJ/go4KNOqo
aJ74Szmaj9XrvFloyfCl6+m+fANJvbXZVM+IKbAso+kItmY3V+9mX2sPNG0Cv5Ir
zOmdwKiSDXaPrvY/JDjpW/wSoqv6Qj9aBeNeuwhDXVUYFxMKJ4RfBWkYqUVoN6c1
+YzvxZ+xjao8t8xHtuWF4nP1ilpxAgMBAAGjggEkMIIBIDAdBgNVHQ4EFgQUxLuh
QuoVPg7RSF+14gFC0HK+sM4wHwYDVR0jBBgwFoAUdVXijuetpd2APckzCyyiV3ft
FawwDAYDVR0TAQH/BAIwADARBglghkgBhvhCAQEEBAMCBsAwDgYDVR0PAQH/BAQD
AgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA9BgNVHR8ENjA0MDKg
MKAuhixodHRwOi8vMTI3LjAuMC4xOjI4ODg4L2ludGVybWVkaWF0ZTJfY3JsLmRl
cjAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly8xMjcuMC4wLjE6
Mjg4ODgvMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsF
AAOCAQEAhcIasJSLoPgshR4XiE7KLNH2aSbjppSfYutoVNor8mcjvkuVVigIelKO
s7JwL8nbBnS0i46EIwp098FngWkRNisOTA8sduYtUPPoWQ06bDDrMRZ0yDTRYpdr
Hi9cVrBuvF4Ij9TOStOOkXB9GNQ/QDk5Z5Vo9xbGGWlBwiAuReOdMcLaZ40sH6I/
HkYjGf0lFmlcgAkb939QRx3Za6p7DyCNWvQ38MOnMV9NQXDIxKoqadCoezzMtKQS
VKO/zuoiIFiu6ynzFdoiBUbNJu9jhEpbhkf+y/pKDP6C4NuB3D6Hj5MjMt43PdcP
bPF0Y4sRt/Npt9bgcrId4RUQfS6X3g==
-----END CERTIFICATE-----

28
test/configs/certs/ocsp_peer/mini-ca/server2/private/TestServer3_keypair.pem Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCaPNt2yRkPe+bT
7dELdq4V1BEcZrhdKn3jH2XYG8RjYvZcixhmqBzCpl5y8t1XQoqrXb03tvFLUfCz
ajfpVXgBI+pTCYMvfVk2qzNPTLzvqRzblHlMDUp8P508umx2gkcl63ki9AlseDym
70swkCmzX7ppsRqV7VPgxiR4blKvjrzbSvAZ0gBaqLZzTBeS0Y2Bm0y4NU2R3d/T
haafxJEZ7EfRyk4LwwaMJ0KVg+Moajt0nGiwVaWRkcs3rfrYaYveLkpRWTJLPQYh
BGXS9YvoTUWW3mOXR4GF6kjwnSMtcYdv0nU9Rb/erUOC26Upm/leOAo5qThx7EBA
tdxpxwtzAgMBAAECggEALjBPYLE0SgjGxWyQj6hI1cyeGy0/xNa2wE9kxmT6WPEH
6grVkdiCVGBSJIZKdpk8wbjes1Kby/yL4o7Kk5u+xkilIZzVpmEZWF/Ii9TlN7gj
Jja+ZGIOjkrWoZsKZCr7d4WezzLZp5wSPcOndrGVa1wdjQ02cvORjNyJi28uX9gd
8uBK5AIXS1lbkt/v+8mrBPgZUttz6gxhlHwxKs6JWWlIpGemNddE39UxuGDGHmVA
aw/gH/G4LNXtbAIPq5zDtFbfCKnQVgU1ppWILehoFqIs8JLtz4LPuvIxeztzKff4
DU31rs14Zati5ykq9CVqY/d+4nKdstwhRPcPfsvgYQKBgQDBNVPn73A7fRoURpzV
sdJPA4RDbrbiZj0x/cAskuzzx/mmJUuNyuJxGizJU0ebT3VxtdCR2LqpgGEQEaKS
wYmMlSJ4NccugWgRl7/of5d5oY2m6f4W4YaNp4RebdVhNPJ4wSbeW7pH+2OKr2xd
my+m1WJUvRBbPq5kV2BdHNw62QKBgQDMXTqaOjsC9jpOOIjsUHmV55MbMmwK8For
H6e3Dn1ZO0Tpcg33GMLO5wHwzH6dlT2JVJAOdr5HqZgdIqjt30ACZsdf2VkutH94
OvZmEAbwI9A+TAoxE8QlLYyz/qjJSGopJRU0x+KqEORxBmjO6LVV1GL9VVdoYrlH
Z7mrJ+7RKwKBgQC87LyDS2rfgNEDipjJjPwtLy8iERzb/UVRoONNss3pA15mzIk4
uW77UbEBnGGkyOn6quKr+tVr8ZD3+YaTIpSx1xLBoTSHkRqGOXD6k+k2knbFBIHl
NdowoeGZxKSmTPPciGLNg7x/rp4Des3oKltKM9XXLpjT4FL+40HjStk+4QKBgQC8
71AXd9BIy7VZzaCgwUG3GhIBadtDPbRO/AQFFAtE7KuoGz7X+/dWa3F62sQQEgKD
LT/Fb3g5LoyoGvwMdoJp9fVLItj1egAC+pgEAbs4VhPXFFuzxa9oI7VaTwxikmU7
RsJVOprOWbGo4KES8Ud8Y09lIHof0m2ymy2nE9MRYwKBgDn86ZcbBr6sBXgc6PEM
rq4JXBCX8O17id9rJO37PkhPsOKpNf7YbQwHlHjwkUq5+g7Ec/LbeZ/tssEBY0ab
zUXwgWFMUKJVTEZUFwl2aTBqW8+LSu1TgzGMx2H/sxrvS4ElxC04jpPWUQstcuRH
y3yIz1HsmlMEg7qCiQ4maZE3
-----END PRIVATE KEY-----

28
test/configs/certs/ocsp_peer/mini-ca/server2/private/TestServer4_keypair.pem Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDV/fs/QsfKAjdy
bnjVr420TfRMDI+PZ9piwCoP83M7g8E6357fHSYSlUHKUohNizh/eM7tqkiw3Fdi
gHr8H0PI2C1POMMi/LsWU4SeRAz5UQCgV5c/31cISDsrVbOQmJjmpuvKj+z4T9xN
fnEuA//N+u9lfm2MNb7f+8EL6fA7iSRNtAJ/go4KNOqoaJ74Szmaj9XrvFloyfCl
6+m+fANJvbXZVM+IKbAso+kItmY3V+9mX2sPNG0Cv5IrzOmdwKiSDXaPrvY/JDjp
W/wSoqv6Qj9aBeNeuwhDXVUYFxMKJ4RfBWkYqUVoN6c1+YzvxZ+xjao8t8xHtuWF
4nP1ilpxAgMBAAECggEABmE7dr39Ep3ZDRdz0QwaNY5O6p8Dvy7llQTdZCsaDAPQ
NJsC46w87LgoNVnbUDOGwE8n3TBS2ToCfXBu6joc5V2jkS10LOR7x+0+wpCtEdhL
RFyEKP51u+yaXf8Aut5/zX2bwUbj9d28p89NnMV4AIo7Dau0pKXcDlW1Qk+LztyI
hKFN6hrSFqAurmSt/pu3oo9kI9WJkrCxoj+VjQdVi420uAYOFR22aFaHrzpuHouW
4IzFbLhVF+c33xSbs1OEIpZSFzNucWYEKSwEREcyFgIXfWpDaXjoqWcrvXkeqyo9
vGytQ3YaEsZPzfzgcViwa30g7WAA7kO9RuwcCPK4wQKBgQDpVmbVnmTlRwFbtdkD
4rjd5vtAB3nfsl0Ex11nU8+Oo0kZWeg8mm+Gba4vjEKfVyojbjFmm0ytQG0OGEK7
UQ13mE1wueMn5qEVX9nTXIxVwcS7+rQAUrC5a6SSg81WIWzeclkqNc1J1EVC7jtl
zqy3PtC94g4tV68urpD86RRxUQKBgQDqxpWscN1u7GeuYf8rSPhPcoZTupqyrV3L
h+w7jUt5O/vfNPOYIXVfo2u05jiK0mTvLf5tVjYoQDF+x6odA2oBH2yz1ED0DZsf
2AhdtCSrMbxazcl/5fPrIIa1GRBp6y5i0ddX8T19twr/PVoYGRqkU4xoN+KoOKz+
HLFUUgQPIQKBgG5N9v0DDMVKRL0bAQUSN7xGxf1ly1pRUiHBMUl4WEUgsZy3YM7N
Xu1YiiBWGOSEaxomrFnKDnxUWXlxRJKSZWBk8i7Y4SZqozmcfzeop3qeyCbpBBCn
Bn4RAdJ1VitiT7n0qmwG1Q4St89FGXUuN33Exx8MbxFGQz05LrcwZAaRAoGAVFez
PZfudQMI3GToPqygSCpkh3/qQ3Z008Go5FwGWS9rdOyY9nZOrGURNJPgjD65dBOZ
672lByDIpzsjqfioBG89pf0CuKqKqA38M22cHsRnXle/o+sAjd/JhRXUB7ktmOK5
8iYAaUFw+fEYhL/ACnjZYDdzfeueekvkiN5OBwECgYB90hQJ2lw5s6GFJd+9T5xS
OMngfLAWDvW8+0hvtWCTLAVpMDWRGhGmvj532jWfkgqnvUemyF541RkV0Hy5K1Xl
0icXtpuZ+REh7NCXFJlEiOd+69OEdu78s5Zy8V1zCkEsgxzl2q6PkBDWfxepgdRC
LbwiAF8h2mxCwvvHbaBiKA==
-----END PRIVATE KEY-----

281
test/ocsp_test.go
View File

@@ -3694,3 +3694,284 @@ func TestOCSPLocalIssuerDetermination(t *testing.T) {
})
}
}
func TestMixedCAOCSPSuperCluster(t *testing.T) {
const (
caCert = "configs/certs/ocsp_peer/mini-ca/root/root_cert.pem"
caKey = "configs/certs/ocsp/ca-key.pem"
)
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
intermediateCA1Responder := newOCSPResponderIntermediateCA1(t)
intermediateCA1ResponderURL := fmt.Sprintf("http://%s", intermediateCA1Responder.Addr)
defer intermediateCA1Responder.Shutdown(ctx)
setOCSPStatus(t, intermediateCA1ResponderURL, "configs/certs/ocsp_peer/mini-ca/server1/TestServer1_cert.pem", ocsp.Good)
intermediateCA2Responder := newOCSPResponderIntermediateCA2(t)
intermediateCA2ResponderURL := fmt.Sprintf("http://%s", intermediateCA2Responder.Addr)
defer intermediateCA2Responder.Shutdown(ctx)
setOCSPStatus(t, intermediateCA2ResponderURL, "configs/certs/ocsp_peer/mini-ca/server2/TestServer3_cert.pem", ocsp.Good)
// Store Dirs
storeDirA := t.TempDir()
storeDirB := t.TempDir()
storeDirC := t.TempDir()
// Gateway server configuration
srvConfA := `
host: "127.0.0.1"
port: -1
server_name: "A"
ocsp { mode: "always" }
tls {
cert_file: "configs/certs/ocsp_peer/mini-ca/server1/TestServer1_bundle.pem"
key_file: "configs/certs/ocsp_peer/mini-ca/server1/private/TestServer1_keypair.pem"
ca_file: "configs/certs/ocsp_peer/mini-ca/root/root_cert.pem"
timeout: 5
}
store_dir: '%s'
cluster {
name: A
host: "127.0.0.1"
advertise: 127.0.0.1
port: -1
tls {
cert_file: "configs/certs/ocsp_peer/mini-ca/server1/TestServer1_bundle.pem"
key_file: "configs/certs/ocsp_peer/mini-ca/server1/private/TestServer1_keypair.pem"
ca_file: "configs/certs/ocsp_peer/mini-ca/root/root_cert.pem"
timeout: 5
}
}
gateway {
name: A
host: "127.0.0.1"
port: -1
advertise: "127.0.0.1"
tls {
cert_file: "configs/certs/ocsp_peer/mini-ca/server1/TestServer1_bundle.pem"
key_file: "configs/certs/ocsp_peer/mini-ca/server1/private/TestServer1_keypair.pem"
ca_file: "configs/certs/ocsp_peer/mini-ca/root/root_cert.pem"
timeout: 5
verify: true
}
}
`
srvConfA = fmt.Sprintf(srvConfA, storeDirA)
sconfA := createConfFile(t, []byte(srvConfA))
srvA, optsA := RunServerWithConfig(sconfA)
defer srvA.Shutdown()
// Server that has the original as a cluster.
srvConfB := `
host: "127.0.0.1"
port: -1
server_name: "B"
ocsp { mode: "always" }
tls {
cert_file: "configs/certs/ocsp_peer/mini-ca/server1/TestServer1_bundle.pem"
key_file: "configs/certs/ocsp_peer/mini-ca/server1/private/TestServer1_keypair.pem"
ca_file: "configs/certs/ocsp_peer/mini-ca/root/root_cert.pem"
timeout: 5
}
store_dir: '%s'
cluster {
name: A
host: "127.0.0.1"
advertise: 127.0.0.1
port: -1
routes: [ nats://127.0.0.1:%d ]
tls {
cert_file: "configs/certs/ocsp_peer/mini-ca/server1/TestServer1_bundle.pem"
key_file: "configs/certs/ocsp_peer/mini-ca/server1/private/TestServer1_keypair.pem"
ca_file: "configs/certs/ocsp_peer/mini-ca/root/root_cert.pem"
timeout: 5
}
}
gateway {
name: A
host: "127.0.0.1"
advertise: "127.0.0.1"
port: -1
tls {
cert_file: "configs/certs/ocsp_peer/mini-ca/server1/TestServer1_bundle.pem"
key_file: "configs/certs/ocsp_peer/mini-ca/server1/private/TestServer1_keypair.pem"
ca_file: "configs/certs/ocsp_peer/mini-ca/root/root_cert.pem"
timeout: 5
verify: true
}
}
`
srvConfB = fmt.Sprintf(srvConfB, storeDirB, optsA.Cluster.Port)
conf := createConfFile(t, []byte(srvConfB))
srvB, optsB := RunServerWithConfig(conf)
defer srvB.Shutdown()
// Client connects to server A.
cA, err := nats.Connect(fmt.Sprintf("tls://127.0.0.1:%d", optsA.Port),
nats.Secure(&tls.Config{
VerifyConnection: func(s tls.ConnectionState) error {
if s.OCSPResponse == nil {
return fmt.Errorf("missing OCSP Staple from server")
}
return nil
},
}),
nats.RootCAs(caCert),
nats.ErrorHandler(noOpErrHandler),
)
if err != nil {
t.Fatal(err)
}
defer cA.Close()
// Start another server that will make connect as a gateway to cluster A but with different CA issuer.
srvConfC := `
host: "127.0.0.1"
port: -1
server_name: "C"
ocsp { mode: "always" }
tls {
cert_file: "configs/certs/ocsp_peer/mini-ca/server2/TestServer3_bundle.pem"
key_file: "configs/certs/ocsp_peer/mini-ca/server2/private/TestServer3_keypair.pem"
ca_file: "configs/certs/ocsp_peer/mini-ca/root/root_cert.pem"
timeout: 5
}
store_dir: '%s'
gateway {
name: C
host: "127.0.0.1"
advertise: "127.0.0.1"
port: -1
gateways: [{
name: "A",
urls: ["nats://127.0.0.1:%d"]
tls {
cert_file: "configs/certs/ocsp_peer/mini-ca/server2/TestServer3_bundle.pem"
key_file: "configs/certs/ocsp_peer/mini-ca/server2/private/TestServer3_keypair.pem"
ca_file: "configs/certs/ocsp_peer/mini-ca/root/root_cert.pem"
timeout: 5
}
}]
tls {
cert_file: "configs/certs/ocsp_peer/mini-ca/server2/TestServer3_bundle.pem"
key_file: "configs/certs/ocsp_peer/mini-ca/server2/private/TestServer3_keypair.pem"
ca_file: "configs/certs/ocsp_peer/mini-ca/root/root_cert.pem"
timeout: 5
verify: true
}
}
`
srvConfC = fmt.Sprintf(srvConfC, storeDirC, optsA.Gateway.Port)
conf = createConfFile(t, []byte(srvConfC))
srvC, optsC := RunServerWithConfig(conf)
defer srvC.Shutdown()
// Check that server is connected to any server from the other cluster.
checkClusterFormed(t, srvA, srvB)
waitForOutboundGateways(t, srvC, 1, 5*time.Second)
// Connect to cluster A using server B.
cB, err := nats.Connect(fmt.Sprintf("tls://127.0.0.1:%d", optsB.Port),
nats.Secure(&tls.Config{
VerifyConnection: func(s tls.ConnectionState) error {
if s.OCSPResponse == nil {
return fmt.Errorf("missing OCSP Staple from server")
}
return nil
},
}),
nats.RootCAs(caCert),
nats.ErrorHandler(noOpErrHandler),
)
if err != nil {
t.Fatal(err)
}
defer cB.Close()
// Connects to cluster C using server C.
cC, err := nats.Connect(fmt.Sprintf("tls://127.0.0.1:%d", optsC.Port),
nats.Secure(&tls.Config{
VerifyConnection: func(s tls.ConnectionState) error {
if s.OCSPResponse == nil {
return fmt.Errorf("missing OCSP Staple from server")
}
return nil
},
}),
nats.RootCAs(caCert),
nats.ErrorHandler(noOpErrHandler),
)
if err != nil {
t.Fatal(err)
}
defer cC.Close()
_, err = cA.Subscribe("foo", func(m *nats.Msg) {
m.Respond([]byte("From Server A"))
})
if err != nil {
t.Errorf("%v", err)
}
cA.Flush()
_, err = cB.Subscribe("bar", func(m *nats.Msg) {
m.Respond([]byte("From Server B"))
})
if err != nil {
t.Fatal(err)
}
cB.Flush()
// Confirm that a message from server C can flow back to server A via gateway..
var (
resp *nats.Msg
lerr error
)
for i := 0; i < 10; i++ {
resp, lerr = cC.Request("foo", nil, 500*time.Millisecond)
if lerr != nil {
continue
}
got := string(resp.Data)
expected := "From Server A"
if got != expected {
t.Fatalf("Expected %v, got: %v", expected, got)
}
// Make request to B
resp, lerr = cC.Request("bar", nil, 500*time.Millisecond)
if lerr != nil {
continue
}
got = string(resp.Data)
expected = "From Server B"
if got != expected {
t.Errorf("Expected %v, got: %v", expected, got)
}
lerr = nil
break
}
if lerr != nil {
t.Errorf("Unexpected error: %v", lerr)
}
}