diff options
author | Matt Mueller <mattm@chromium.org> | 2015-12-28 15:08:00 -0800 |
---|---|---|
committer | Matt Mueller <mattm@chromium.org> | 2015-12-28 23:09:53 +0000 |
commit | 0753afbf203c487e26d83628a6cf988d168967c8 (patch) | |
tree | 2fc69ebd1310e21ea581947bc48ad5f59b312746 | |
parent | 8069d0c0dcc528acc1c4fdb3c1a0064c2c9f977b (diff) | |
download | chromium_src-0753afbf203c487e26d83628a6cf988d168967c8.zip chromium_src-0753afbf203c487e26d83628a6cf988d168967c8.tar.gz chromium_src-0753afbf203c487e26d83628a6cf988d168967c8.tar.bz2 |
Fix handling of wildcards in administrative/unilateral name constraints.
BUG=517258
Review URL: https://codereview.chromium.org/1541953002
Cr-Commit-Position: refs/heads/master@{#366506}
(cherry picked from commit 47b2227948bbc711d043f9884f7de8c0ea547e06)
Review URL: https://codereview.chromium.org/1545393002 .
Cr-Commit-Position: refs/branch-heads/2564@{#438}
Cr-Branched-From: 1283eca15bd9f772387f75241576cde7bdec7f54-refs/heads/master@{#359700}
-rw-r--r-- | net/cert/cert_verify_proc.cc | 74 | ||||
-rw-r--r-- | net/cert/cert_verify_proc_unittest.cc | 5 | ||||
-rw-r--r-- | net/data/ssl/certificates/name_constraint_bad.pem | 152 | ||||
-rw-r--r-- | net/data/ssl/certificates/name_constraint_good.pem | 161 | ||||
-rw-r--r-- | net/data/ssl/scripts/ca.cnf | 2 |
5 files changed, 202 insertions, 192 deletions
diff --git a/net/cert/cert_verify_proc.cc b/net/cert/cert_verify_proc.cc index 0df2033..bdb4b87 100644 --- a/net/cert/cert_verify_proc.cc +++ b/net/cert/cert_verify_proc.cc @@ -9,6 +9,7 @@ #include "base/metrics/histogram.h" #include "base/metrics/histogram_macros.h" #include "base/sha1.h" +#include "base/strings/string_util.h" #include "base/strings/stringprintf.h" #include "base/time/time.h" #include "build/build_config.h" @@ -557,7 +558,8 @@ static bool CheckNameConstraints(const std::vector<std::string>& dns_names, if (i->size() <= (1 /* period before domain */ + domain_length)) continue; - const char* suffix = &dns_name[i->size() - domain_length - 1]; + std::string suffix = + base::ToLowerASCII(&(*i)[i->size() - domain_length - 1]); if (suffix[0] != '.') continue; if (memcmp(&suffix[1], domains[j], domain_length) != 0) @@ -621,41 +623,41 @@ bool CertVerifyProc::HasNameConstraintsViolation( }; static const PublicKeyDomainLimitation kLimits[] = { - // C=FR, ST=France, L=Paris, O=PM/SGDN, OU=DCSSI, - // CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr - { - {0x79, 0x23, 0xd5, 0x8d, 0x0f, 0xe0, 0x3c, 0xe6, 0xab, 0xad, - 0xae, 0x27, 0x1a, 0x6d, 0x94, 0xf4, 0x14, 0xd1, 0xa8, 0x73}, - kDomainsANSSI, - }, - // C=IN, O=India PKI, CN=CCA India 2007 - // Expires: July 4th 2015. - { - {0xfe, 0xe3, 0x95, 0x21, 0x2d, 0x5f, 0xea, 0xfc, 0x7e, 0xdc, - 0xcf, 0x88, 0x3f, 0x1e, 0xc0, 0x58, 0x27, 0xd8, 0xb8, 0xe4}, - kDomainsIndiaCCA, - }, - // C=IN, O=India PKI, CN=CCA India 2011 - // Expires: March 11 2016. - { - {0xf1, 0x42, 0xf6, 0xa2, 0x7d, 0x29, 0x3e, 0xa8, 0xf9, 0x64, - 0x52, 0x56, 0xed, 0x07, 0xa8, 0x63, 0xf2, 0xdb, 0x1c, 0xdf}, - kDomainsIndiaCCA, - }, - // C=IN, O=India PKI, CN=CCA India 2014 - // Expires: March 5 2024. - { - {0x36, 0x8c, 0x4a, 0x1e, 0x2d, 0xb7, 0x81, 0xe8, 0x6b, 0xed, - 0x5a, 0x0a, 0x42, 0xb8, 0xc5, 0xcf, 0x6d, 0xb3, 0x57, 0xe1}, - kDomainsIndiaCCA, - }, - // Not a real certificate - just for testing. This is the SPKI hash of - // the keys used in net/data/ssl/certificates/name_constraint_*.crt. - { - {0x61, 0xec, 0x82, 0x8b, 0xdb, 0x5c, 0x78, 0x2a, 0x8f, 0xcc, - 0x4f, 0x0f, 0x14, 0xbb, 0x85, 0x31, 0x93, 0x9f, 0xf7, 0x3d}, - kDomainsTest, - }, + // C=FR, ST=France, L=Paris, O=PM/SGDN, OU=DCSSI, + // CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr + { + {0x79, 0x23, 0xd5, 0x8d, 0x0f, 0xe0, 0x3c, 0xe6, 0xab, 0xad, 0xae, + 0x27, 0x1a, 0x6d, 0x94, 0xf4, 0x14, 0xd1, 0xa8, 0x73}, + kDomainsANSSI, + }, + // C=IN, O=India PKI, CN=CCA India 2007 + // Expires: July 4th 2015. + { + {0xfe, 0xe3, 0x95, 0x21, 0x2d, 0x5f, 0xea, 0xfc, 0x7e, 0xdc, 0xcf, + 0x88, 0x3f, 0x1e, 0xc0, 0x58, 0x27, 0xd8, 0xb8, 0xe4}, + kDomainsIndiaCCA, + }, + // C=IN, O=India PKI, CN=CCA India 2011 + // Expires: March 11 2016. + { + {0xf1, 0x42, 0xf6, 0xa2, 0x7d, 0x29, 0x3e, 0xa8, 0xf9, 0x64, 0x52, + 0x56, 0xed, 0x07, 0xa8, 0x63, 0xf2, 0xdb, 0x1c, 0xdf}, + kDomainsIndiaCCA, + }, + // C=IN, O=India PKI, CN=CCA India 2014 + // Expires: March 5 2024. + { + {0x36, 0x8c, 0x4a, 0x1e, 0x2d, 0xb7, 0x81, 0xe8, 0x6b, 0xed, 0x5a, + 0x0a, 0x42, 0xb8, 0xc5, 0xcf, 0x6d, 0xb3, 0x57, 0xe1}, + kDomainsIndiaCCA, + }, + // Not a real certificate - just for testing. This is the SPKI hash of + // the keys used in net/data/ssl/certificates/name_constraint_*.crt. + { + {0x48, 0x49, 0x4a, 0xc5, 0x5a, 0x3e, 0xcd, 0xc5, 0x62, 0x9f, 0xef, + 0x23, 0x14, 0xad, 0x05, 0xa9, 0x2a, 0x5c, 0x39, 0xc0}, + kDomainsTest, + }, }; for (unsigned i = 0; i < arraysize(kLimits); ++i) { diff --git a/net/cert/cert_verify_proc_unittest.cc b/net/cert/cert_verify_proc_unittest.cc index a3c1fd8..0ae8d35 100644 --- a/net/cert/cert_verify_proc_unittest.cc +++ b/net/cert/cert_verify_proc_unittest.cc @@ -578,6 +578,11 @@ TEST_F(CertVerifyProcTest, NameConstraintsOk) { &verify_result); EXPECT_EQ(OK, error); EXPECT_EQ(0U, verify_result.cert_status); + + error = Verify(leaf.get(), "foo.test2.example.com", flags, NULL, + empty_cert_list_, &verify_result); + EXPECT_EQ(OK, error); + EXPECT_EQ(0U, verify_result.cert_status); } TEST_F(CertVerifyProcTest, NameConstraintsFailure) { diff --git a/net/data/ssl/certificates/name_constraint_bad.pem b/net/data/ssl/certificates/name_constraint_bad.pem index e0ec506..9ee785d 100644 --- a/net/data/ssl/certificates/name_constraint_bad.pem +++ b/net/data/ssl/certificates/name_constraint_bad.pem @@ -1,30 +1,30 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC1+PQy2PX0Zcrp -0Mvd6ZehbpDi9LKyFtCb4plX7XvGW29JwZQAqQ1dtTX0Ons8GAajeFpo/6YFH30Q -CK4JbNzv3biXnmzOy6DcMysele8d+9Pa+D5X7YuOnoZNEqYMMCPvCEVPIRJCiIcB -2KUyn7c472Ctt0drO0umXCtWclzRtTiHmew7/8YC74Y47uIFxvBm4hiRUOVXIyeZ -u9tJJIhmqBSWfhptKuH/GPVqN9KIqHnJuVD1mmgLBJ5oAh2hceCJFboqSAZ6eNPR -DHeDmIP4ueJgIJIHm9TIwPpaWp0mQMI1ZQDzoOLTIU2lxJGIkBSnXvcTt+oror3X -hBgat3tdAgMBAAECggEABykz2uhkzWhQEuFvlF0D5YtnUjcU7SMutGO3axliXIzu -lTVz8I62gvCFngXLIbNEV5x92lHtI5h4oG/nAWHyU9Ii2HyYhY7H1sKAuORnk4N8 -c8p/EZC8hDFC0behJyuhzl9B8vo3ML0UqwLuhU55tFjfMhbbTaH4uSQ5ZF59vpbV -BLe+j3+0BWINSi65KrE/V9PAlH0IuSir4YYuFcJApZIMdiXGqb1mnnUn4CkMmmeH -JvRaYvrxD14T/lzMVzBkR0bez5jYe7syspCe+mmyqIS0mTOw8rQER1vL/DHcyJsG -inG5IazyDaCvgqNAEKzeh0AC3aoel86lURIlt/TrFQKBgQDrSKIvDDXFpYxtpJYt -Q+gyUqN/QPwGVL39n7kSpBoFWKsP9eSGKjVfD4PJboYjE0pcoci4ohsOHmyHpaqi -lAzy4oGd5VqEfu4qz65W7xFwZnMnxLv7OZeHzZG7nw2PIT6k57hNd0/IEndFLHZU -zBm56Ow/Czkb4HA/IR5RQG4SywKBgQDF/qst7PVtWOm6wJ3boJNl7QasWTRKsNxg -DkEo76dOwq2BSFTO+WYKWFPsOYrlnHbf3Ni869WB/vGwE8IecOH0Ir39plbRb2nc -WRW13mljwTET9AGb0/nhPkduYPyN7Gjvy1DTTz5e47rk5881siU8dPCSvgygo9DO -vy+ZlAtddwKBgQCIGa3ndTKtsAO5cNmGOZ/ZbEAzXk3rA54bVgdipxZ+PTpGs0CL -82KIKJtdK9ff9kqvps5LL0pjMmopVUWNYgLThP7hbUidGCeBED2TABugX0MBoCX1 -Pu1OmzVPyMO5Jcvs7DWKahf2begcVYnlp2LCTeBK350baQrFGc1FxvVlXQKBgHrS -y7/2oh1OLdgTCxoml6mAC0a5I6493sebsCJD4McED3wGsc2fewRp3M3KuHZNxJSE -vNMdfVpiG+39o8scfZ7kOnXyTSMo+UOe48/pg/lE7DwTfzf6nKV06/z2H1WvVT2E -I8SiAO/+V38OqkUGGQFTDbYKPW0dkjfe9BlSdGZrAoGAfbDe3biBtcMw57AKTf78 -i+dku+lnVkAmPOr1I6nnN2qGUdbXjbV2EE88BSo4OF6TF7C6dwicQuv5PxpozCRM -NkdqZ7UT2h7JX0KybnrIvHefboG/pK/Jjg9cEBhN1P6y6+pyzWKa7Nc1c0pXRqz6 -FzMv6eiJALyDSTm0ChEm6ug= +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDD5m1zsjUwajot +NE67oL3Ln1Gj5dOIy85u4iS4bA29+3VCpDpFSb8q+atKgK4VM4H41gZ4ilk6T4Nw +bh0z9PDQBIH8s5Yd0Xkqf3Ji0SDRsqBn+kQ2BXKHjup34lQrCgJ2BPoqle9Aj+Jd +Z2mjnCB2C5E8it8BYziraCdsXLC8wRBDoWFi6laPMuEd910uTaav4/MZ3y6SBJLm ++Q0URXm5d5msqK7KuAVlgYDdnzS1iRNiGH2fPU/NHw1NMsJyM5b3MEwu72YDzmxS +9QTpAp5vVPxKbMIhGqkVZpcfEVkB4FMZYueAJtr761dUhzZSSGoB3/D54cghc6ly +9HySHvFDAgMBAAECggEAfp4WClyZwlQ2i/cuGFm5sr2j7/JhOh64q7ShFU5Jx4ya +6trpCtWyqN08mGf5nJxxGluDTS/moii4hNe3KljbuSfguGt+0IEO9qfvT+1pcAAr +a2k34068CuAVrizsR/EtTAjFhPbp7+nP3p0zi1sjJAkv81iy8NunyioEqSZz2Vsw +ngPFuJeytOgeczoE69yzP1L0BaM46jOKXezXahC31lwtG+U5tLvElU0b/To/7GTg ++u5qnsJ87wHYkOctXvqH+L1JeMkc7RWCo0h4Kbk3ur1kDokjqUV4FGQSaMyIy0PC +ndk9WZhUV03v+Lsy3gzBM8261HOiTSMRz/+KrYqAOQKBgQD6ET0Hm11FIUFSeM/I +Dbxb41oN4ODl4YUgGk/9jPX8/ztvrGddh3VGWD4KUVNlWLioBX/t7FH5paGtd6tg +ZG8X3n48DaJ5h4u95ulAzcVjrkF4aNahy4aMmofdpe4S3+7HwlBcfIocO9WpAtL0 +pzFjlXivLQgUQow67tbG2dYrPQKBgQDIjDWWSqn6kB1zFyI6Hh9HhfFAKCRvCIzQ +OvqIOCtExP4U4mE0rUY7RWkFrRTDoMmYCwRuCohL1C4p6i/2AwK1mhS8OgPji7YV +zgYZuw2lSmp1lqzRmiLaOZxLcEKWlHQ1C9Sq606T7YAhgXi3tDfQ53gb1uFDvt1h +rE3AkU1WfwKBgHZ2EBk4aljDRjSRcqzshNxquVB1xVRhHzV0AYy1aBpvtnJSk6zk +7JNkXg95My6BdwhxgobtOnAvHIYWeKLzMQV3qwk71EoKAhL1/m1qjSWJeQ5Xa8W9 +qoGU+uPvJPbgCjerP3JwtORnG/Iymki3o1fviPpDNN6UH+YTGr+cli5pAoGBAKnT +4gU1kR/4LpgpvPhOTdq5mITl+YR1Txl++G2mcy23TBrPYdXD7jd/HeKKoYzQeibh +HY06KhVcxwMDqD3CaubyZiDHWEe3Jijs4MmlV3bjv6d4Qzz0NBNsuehAVoNBj+7j +5+IdhdtLQjgddebLHIExosqgev5tgPeXe/hYk49tAoGBALENmfF8ORreFf+aOd4+ +w/CZB2VaN4p0N6I+w2HPRRJO6Rhk0Pe6NtPkxbUS0x/cm+WOpvSbntH1DOjigL8e +mo+n2Ym+lrtYmEtB/M2C1k29pwaGYMfEIP3URUuYNEpWvTs6AOY7Sp5QN/X/v9ES +76pTvCiginWRyEeR+6vrDGM8 -----END PRIVATE KEY----- Certificate: Data: @@ -33,37 +33,37 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Test Root CA Validity - Not Before: Aug 14 03:05:29 2014 GMT - Not After : Aug 11 03:05:29 2024 GMT + Not Before: Dec 21 20:35:47 2015 GMT + Not After : Dec 18 20:35:47 2025 GMT Subject: CN=Leaf certificate Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:b5:f8:f4:32:d8:f5:f4:65:ca:e9:d0:cb:dd:e9: - 97:a1:6e:90:e2:f4:b2:b2:16:d0:9b:e2:99:57:ed: - 7b:c6:5b:6f:49:c1:94:00:a9:0d:5d:b5:35:f4:3a: - 7b:3c:18:06:a3:78:5a:68:ff:a6:05:1f:7d:10:08: - ae:09:6c:dc:ef:dd:b8:97:9e:6c:ce:cb:a0:dc:33: - 2b:1e:95:ef:1d:fb:d3:da:f8:3e:57:ed:8b:8e:9e: - 86:4d:12:a6:0c:30:23:ef:08:45:4f:21:12:42:88: - 87:01:d8:a5:32:9f:b7:38:ef:60:ad:b7:47:6b:3b: - 4b:a6:5c:2b:56:72:5c:d1:b5:38:87:99:ec:3b:ff: - c6:02:ef:86:38:ee:e2:05:c6:f0:66:e2:18:91:50: - e5:57:23:27:99:bb:db:49:24:88:66:a8:14:96:7e: - 1a:6d:2a:e1:ff:18:f5:6a:37:d2:88:a8:79:c9:b9: - 50:f5:9a:68:0b:04:9e:68:02:1d:a1:71:e0:89:15: - ba:2a:48:06:7a:78:d3:d1:0c:77:83:98:83:f8:b9: - e2:60:20:92:07:9b:d4:c8:c0:fa:5a:5a:9d:26:40: - c2:35:65:00:f3:a0:e2:d3:21:4d:a5:c4:91:88:90: - 14:a7:5e:f7:13:b7:ea:2b:a2:bd:d7:84:18:1a:b7: - 7b:5d + 00:c3:e6:6d:73:b2:35:30:6a:3a:2d:34:4e:bb:a0: + bd:cb:9f:51:a3:e5:d3:88:cb:ce:6e:e2:24:b8:6c: + 0d:bd:fb:75:42:a4:3a:45:49:bf:2a:f9:ab:4a:80: + ae:15:33:81:f8:d6:06:78:8a:59:3a:4f:83:70:6e: + 1d:33:f4:f0:d0:04:81:fc:b3:96:1d:d1:79:2a:7f: + 72:62:d1:20:d1:b2:a0:67:fa:44:36:05:72:87:8e: + ea:77:e2:54:2b:0a:02:76:04:fa:2a:95:ef:40:8f: + e2:5d:67:69:a3:9c:20:76:0b:91:3c:8a:df:01:63: + 38:ab:68:27:6c:5c:b0:bc:c1:10:43:a1:61:62:ea: + 56:8f:32:e1:1d:f7:5d:2e:4d:a6:af:e3:f3:19:df: + 2e:92:04:92:e6:f9:0d:14:45:79:b9:77:99:ac:a8: + ae:ca:b8:05:65:81:80:dd:9f:34:b5:89:13:62:18: + 7d:9f:3d:4f:cd:1f:0d:4d:32:c2:72:33:96:f7:30: + 4c:2e:ef:66:03:ce:6c:52:f5:04:e9:02:9e:6f:54: + fc:4a:6c:c2:21:1a:a9:15:66:97:1f:11:59:01:e0: + 53:19:62:e7:80:26:da:fb:eb:57:54:87:36:52:48: + 6a:01:df:f0:f9:e1:c8:21:73:a9:72:f4:7c:92:1e: + f1:43 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: - 82:04:1D:BD:05:71:83:6F:F6:98:19:4D:4F:11:46:88:4D:9B:BF:A8 + 64:AD:F5:F3:4B:2D:70:3A:13:B7:0D:D6:8F:9F:82:37:C3:58:73:A8 X509v3 Authority Key Identifier: keyid:BC:F7:30:D1:3C:C0:F2:79:FA:EF:9F:C9:6C:5C:93:F3:8A:68:AB:83 @@ -72,38 +72,38 @@ Certificate: X509v3 Subject Alternative Name: DNS:test.ExAmPlE.CoM, DNS:test.ExAmPlE.OrG Signature Algorithm: sha256WithRSAEncryption - a6:90:20:7b:27:40:64:b3:df:ec:56:9e:71:67:02:e7:88:7e: - c2:f0:ed:24:19:53:27:c9:97:95:18:76:16:52:4c:78:57:63: - 4b:3d:17:3d:7f:f3:d6:e2:1e:5a:cd:84:ea:be:0c:82:5d:4e: - 69:b9:d8:66:a3:a0:2f:e5:50:c8:84:bd:50:15:5f:25:fe:30: - a0:41:b6:e6:b6:cf:fc:87:db:23:4e:3e:f4:0e:75:74:3c:9e: - f1:d6:af:11:ad:11:80:b0:60:42:06:f5:bf:e4:5f:0c:73:7a: - 62:49:f2:e5:62:15:f1:8f:bd:ed:34:75:cf:50:11:cc:ee:a3: - 59:21:22:b7:ec:44:22:f7:98:77:1f:64:50:0f:f3:ab:5a:ff: - d2:62:cc:1b:46:81:56:2a:76:00:e0:ff:0e:9e:e0:d4:d0:03: - 2d:1d:23:c9:d3:a4:f0:2f:a5:b3:30:12:82:46:f0:71:7e:91: - b9:1a:ae:3e:25:74:cf:79:35:d2:82:33:55:ac:54:94:43:7f: - de:cc:3e:ef:0d:a6:03:2a:c8:f5:8d:3b:ba:d2:97:ed:6d:d5: - a9:90:5f:8b:df:3e:d3:be:4b:43:7f:28:ce:9e:3e:90:f7:fb: - db:34:21:69:5c:94:f5:32:f0:ba:30:f5:60:4c:1f:3b:9b:43: - 94:6c:8d:cc + af:4e:e7:07:29:47:e4:18:64:96:83:22:3c:21:4c:dc:41:90: + c9:28:5b:a7:ce:e9:ad:da:28:04:90:f6:62:c9:6c:0e:a1:98: + 3a:19:ec:28:f5:b7:cf:07:cd:b3:0c:d0:97:a4:3d:e2:fe:0c: + d8:68:f4:cf:57:18:3e:58:f9:ed:1b:2f:f5:11:e4:4d:61:93: + b3:f3:1c:bc:53:cf:8b:81:2e:1b:a3:28:f6:df:ae:82:74:99: + 75:62:51:3d:78:1d:65:3d:eb:0a:7b:60:0e:3a:c7:ff:57:1c: + a4:9e:19:66:ef:18:78:b1:d6:1f:27:31:e0:a6:a2:27:42:15: + 2f:2a:38:e7:4a:0c:3b:8e:4d:c2:a1:27:45:32:0d:c4:b8:51: + 70:41:a6:1a:2f:13:d0:f8:3d:fa:76:0c:57:ad:3e:86:ec:1c: + 05:ea:81:d2:33:35:0b:1e:ab:86:2a:94:ee:44:9f:a4:1a:fe: + 94:0c:7f:f7:e7:17:1f:cc:1c:b8:cc:5a:55:ce:b1:d8:2e:0b: + 3d:8c:19:fc:c2:6b:da:c8:1d:b7:27:fa:bb:90:04:a6:53:bb: + 94:7b:cb:a3:ec:80:7e:18:2e:86:aa:41:97:43:c7:25:1f:33: + a3:ee:93:00:c5:ec:31:da:0e:40:f2:a2:a9:39:42:a8:e1:65: + ed:c7:65:f0 -----BEGIN CERTIFICATE----- MIIDTTCCAjWgAwIBAgIBAzANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 -IFJvb3QgQ0EwHhcNMTQwODE0MDMwNTI5WhcNMjQwODExMDMwNTI5WjAbMRkwFwYD +IFJvb3QgQ0EwHhcNMTUxMjIxMjAzNTQ3WhcNMjUxMjE4MjAzNTQ3WjAbMRkwFwYD VQQDExBMZWFmIGNlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAtfj0Mtj19GXK6dDL3emXoW6Q4vSyshbQm+KZV+17xltvScGUAKkNXbU1 -9Dp7PBgGo3haaP+mBR99EAiuCWzc7924l55szsug3DMrHpXvHfvT2vg+V+2Ljp6G -TRKmDDAj7whFTyESQoiHAdilMp+3OO9grbdHaztLplwrVnJc0bU4h5nsO//GAu+G -OO7iBcbwZuIYkVDlVyMnmbvbSSSIZqgUln4abSrh/xj1ajfSiKh5yblQ9ZpoCwSe -aAIdoXHgiRW6KkgGenjT0Qx3g5iD+LniYCCSB5vUyMD6WlqdJkDCNWUA86Di0yFN -pcSRiJAUp173E7fqK6K914QYGrd7XQIDAQABo4GfMIGcMAwGA1UdEwEB/wQCMAAw -HQYDVR0OBBYEFIIEHb0FcYNv9pgZTU8RRohNm7+oMB8GA1UdIwQYMBaAFLz3MNE8 +CgKCAQEAw+Ztc7I1MGo6LTROu6C9y59Ro+XTiMvObuIkuGwNvft1QqQ6RUm/Kvmr +SoCuFTOB+NYGeIpZOk+DcG4dM/Tw0ASB/LOWHdF5Kn9yYtEg0bKgZ/pENgVyh47q +d+JUKwoCdgT6KpXvQI/iXWdpo5wgdguRPIrfAWM4q2gnbFywvMEQQ6FhYupWjzLh +HfddLk2mr+PzGd8ukgSS5vkNFEV5uXeZrKiuyrgFZYGA3Z80tYkTYhh9nz1PzR8N +TTLCcjOW9zBMLu9mA85sUvUE6QKeb1T8SmzCIRqpFWaXHxFZAeBTGWLngCba++tX +VIc2UkhqAd/w+eHIIXOpcvR8kh7xQwIDAQABo4GfMIGcMAwGA1UdEwEB/wQCMAAw +HQYDVR0OBBYEFGSt9fNLLXA6E7cN1o+fgjfDWHOoMB8GA1UdIwQYMBaAFLz3MNE8 wPJ5+u+fyWxck/OKaKuDMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAt BgNVHREEJjAkghB0ZXN0LkV4QW1QbEUuQ29NghB0ZXN0LkV4QW1QbEUuT3JHMA0G -CSqGSIb3DQEBCwUAA4IBAQCmkCB7J0Bks9/sVp5xZwLniH7C8O0kGVMnyZeVGHYW -Ukx4V2NLPRc9f/PW4h5azYTqvgyCXU5pudhmo6Av5VDIhL1QFV8l/jCgQbbmts/8 -h9sjTj70DnV0PJ7x1q8RrRGAsGBCBvW/5F8Mc3piSfLlYhXxj73tNHXPUBHM7qNZ -ISK37EQi95h3H2RQD/OrWv/SYswbRoFWKnYA4P8OnuDU0AMtHSPJ06TwL6WzMBKC -RvBxfpG5Gq4+JXTPeTXSgjNVrFSUQ3/ezD7vDaYDKsj1jTu60pftbdWpkF+L3z7T -vktDfyjOnj6Q9/vbNCFpXJT1MvC6MPVgTB87m0OUbI3M +CSqGSIb3DQEBCwUAA4IBAQCvTucHKUfkGGSWgyI8IUzcQZDJKFunzumt2igEkPZi +yWwOoZg6Gewo9bfPB82zDNCXpD3i/gzYaPTPVxg+WPntGy/1EeRNYZOz8xy8U8+L +gS4boyj2366CdJl1YlE9eB1lPesKe2AOOsf/Vxyknhlm7xh4sdYfJzHgpqInQhUv +KjjnSgw7jk3CoSdFMg3EuFFwQaYaLxPQ+D36dgxXrT6G7BwF6oHSMzULHquGKpTu +RJ+kGv6UDH/35xcfzBy4zFpVzrHYLgs9jBn8wmvayB23J/q7kASmU7uUe8uj7IB+ +GC6GqkGXQ8clHzOj7pMAxewx2g5A8qKpOUKo4WXtx2Xw -----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/name_constraint_good.pem b/net/data/ssl/certificates/name_constraint_good.pem index 7dba657..683deeb 100644 --- a/net/data/ssl/certificates/name_constraint_good.pem +++ b/net/data/ssl/certificates/name_constraint_good.pem @@ -1,30 +1,30 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC1+PQy2PX0Zcrp -0Mvd6ZehbpDi9LKyFtCb4plX7XvGW29JwZQAqQ1dtTX0Ons8GAajeFpo/6YFH30Q -CK4JbNzv3biXnmzOy6DcMysele8d+9Pa+D5X7YuOnoZNEqYMMCPvCEVPIRJCiIcB -2KUyn7c472Ctt0drO0umXCtWclzRtTiHmew7/8YC74Y47uIFxvBm4hiRUOVXIyeZ -u9tJJIhmqBSWfhptKuH/GPVqN9KIqHnJuVD1mmgLBJ5oAh2hceCJFboqSAZ6eNPR -DHeDmIP4ueJgIJIHm9TIwPpaWp0mQMI1ZQDzoOLTIU2lxJGIkBSnXvcTt+oror3X -hBgat3tdAgMBAAECggEABykz2uhkzWhQEuFvlF0D5YtnUjcU7SMutGO3axliXIzu -lTVz8I62gvCFngXLIbNEV5x92lHtI5h4oG/nAWHyU9Ii2HyYhY7H1sKAuORnk4N8 -c8p/EZC8hDFC0behJyuhzl9B8vo3ML0UqwLuhU55tFjfMhbbTaH4uSQ5ZF59vpbV -BLe+j3+0BWINSi65KrE/V9PAlH0IuSir4YYuFcJApZIMdiXGqb1mnnUn4CkMmmeH -JvRaYvrxD14T/lzMVzBkR0bez5jYe7syspCe+mmyqIS0mTOw8rQER1vL/DHcyJsG -inG5IazyDaCvgqNAEKzeh0AC3aoel86lURIlt/TrFQKBgQDrSKIvDDXFpYxtpJYt -Q+gyUqN/QPwGVL39n7kSpBoFWKsP9eSGKjVfD4PJboYjE0pcoci4ohsOHmyHpaqi -lAzy4oGd5VqEfu4qz65W7xFwZnMnxLv7OZeHzZG7nw2PIT6k57hNd0/IEndFLHZU -zBm56Ow/Czkb4HA/IR5RQG4SywKBgQDF/qst7PVtWOm6wJ3boJNl7QasWTRKsNxg -DkEo76dOwq2BSFTO+WYKWFPsOYrlnHbf3Ni869WB/vGwE8IecOH0Ir39plbRb2nc -WRW13mljwTET9AGb0/nhPkduYPyN7Gjvy1DTTz5e47rk5881siU8dPCSvgygo9DO -vy+ZlAtddwKBgQCIGa3ndTKtsAO5cNmGOZ/ZbEAzXk3rA54bVgdipxZ+PTpGs0CL -82KIKJtdK9ff9kqvps5LL0pjMmopVUWNYgLThP7hbUidGCeBED2TABugX0MBoCX1 -Pu1OmzVPyMO5Jcvs7DWKahf2begcVYnlp2LCTeBK350baQrFGc1FxvVlXQKBgHrS -y7/2oh1OLdgTCxoml6mAC0a5I6493sebsCJD4McED3wGsc2fewRp3M3KuHZNxJSE -vNMdfVpiG+39o8scfZ7kOnXyTSMo+UOe48/pg/lE7DwTfzf6nKV06/z2H1WvVT2E -I8SiAO/+V38OqkUGGQFTDbYKPW0dkjfe9BlSdGZrAoGAfbDe3biBtcMw57AKTf78 -i+dku+lnVkAmPOr1I6nnN2qGUdbXjbV2EE88BSo4OF6TF7C6dwicQuv5PxpozCRM -NkdqZ7UT2h7JX0KybnrIvHefboG/pK/Jjg9cEBhN1P6y6+pyzWKa7Nc1c0pXRqz6 -FzMv6eiJALyDSTm0ChEm6ug= +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDD5m1zsjUwajot +NE67oL3Ln1Gj5dOIy85u4iS4bA29+3VCpDpFSb8q+atKgK4VM4H41gZ4ilk6T4Nw +bh0z9PDQBIH8s5Yd0Xkqf3Ji0SDRsqBn+kQ2BXKHjup34lQrCgJ2BPoqle9Aj+Jd +Z2mjnCB2C5E8it8BYziraCdsXLC8wRBDoWFi6laPMuEd910uTaav4/MZ3y6SBJLm ++Q0URXm5d5msqK7KuAVlgYDdnzS1iRNiGH2fPU/NHw1NMsJyM5b3MEwu72YDzmxS +9QTpAp5vVPxKbMIhGqkVZpcfEVkB4FMZYueAJtr761dUhzZSSGoB3/D54cghc6ly +9HySHvFDAgMBAAECggEAfp4WClyZwlQ2i/cuGFm5sr2j7/JhOh64q7ShFU5Jx4ya +6trpCtWyqN08mGf5nJxxGluDTS/moii4hNe3KljbuSfguGt+0IEO9qfvT+1pcAAr +a2k34068CuAVrizsR/EtTAjFhPbp7+nP3p0zi1sjJAkv81iy8NunyioEqSZz2Vsw +ngPFuJeytOgeczoE69yzP1L0BaM46jOKXezXahC31lwtG+U5tLvElU0b/To/7GTg ++u5qnsJ87wHYkOctXvqH+L1JeMkc7RWCo0h4Kbk3ur1kDokjqUV4FGQSaMyIy0PC +ndk9WZhUV03v+Lsy3gzBM8261HOiTSMRz/+KrYqAOQKBgQD6ET0Hm11FIUFSeM/I +Dbxb41oN4ODl4YUgGk/9jPX8/ztvrGddh3VGWD4KUVNlWLioBX/t7FH5paGtd6tg +ZG8X3n48DaJ5h4u95ulAzcVjrkF4aNahy4aMmofdpe4S3+7HwlBcfIocO9WpAtL0 +pzFjlXivLQgUQow67tbG2dYrPQKBgQDIjDWWSqn6kB1zFyI6Hh9HhfFAKCRvCIzQ +OvqIOCtExP4U4mE0rUY7RWkFrRTDoMmYCwRuCohL1C4p6i/2AwK1mhS8OgPji7YV +zgYZuw2lSmp1lqzRmiLaOZxLcEKWlHQ1C9Sq606T7YAhgXi3tDfQ53gb1uFDvt1h +rE3AkU1WfwKBgHZ2EBk4aljDRjSRcqzshNxquVB1xVRhHzV0AYy1aBpvtnJSk6zk +7JNkXg95My6BdwhxgobtOnAvHIYWeKLzMQV3qwk71EoKAhL1/m1qjSWJeQ5Xa8W9 +qoGU+uPvJPbgCjerP3JwtORnG/Iymki3o1fviPpDNN6UH+YTGr+cli5pAoGBAKnT +4gU1kR/4LpgpvPhOTdq5mITl+YR1Txl++G2mcy23TBrPYdXD7jd/HeKKoYzQeibh +HY06KhVcxwMDqD3CaubyZiDHWEe3Jijs4MmlV3bjv6d4Qzz0NBNsuehAVoNBj+7j +5+IdhdtLQjgddebLHIExosqgev5tgPeXe/hYk49tAoGBALENmfF8ORreFf+aOd4+ +w/CZB2VaN4p0N6I+w2HPRRJO6Rhk0Pe6NtPkxbUS0x/cm+WOpvSbntH1DOjigL8e +mo+n2Ym+lrtYmEtB/M2C1k29pwaGYMfEIP3URUuYNEpWvTs6AOY7Sp5QN/X/v9ES +76pTvCiginWRyEeR+6vrDGM8 -----END PRIVATE KEY----- Certificate: Data: @@ -33,77 +33,78 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Test Root CA Validity - Not Before: Aug 14 03:05:29 2014 GMT - Not After : Aug 11 03:05:29 2024 GMT + Not Before: Dec 21 20:35:47 2015 GMT + Not After : Dec 18 20:35:47 2025 GMT Subject: CN=Leaf Certificate Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:b5:f8:f4:32:d8:f5:f4:65:ca:e9:d0:cb:dd:e9: - 97:a1:6e:90:e2:f4:b2:b2:16:d0:9b:e2:99:57:ed: - 7b:c6:5b:6f:49:c1:94:00:a9:0d:5d:b5:35:f4:3a: - 7b:3c:18:06:a3:78:5a:68:ff:a6:05:1f:7d:10:08: - ae:09:6c:dc:ef:dd:b8:97:9e:6c:ce:cb:a0:dc:33: - 2b:1e:95:ef:1d:fb:d3:da:f8:3e:57:ed:8b:8e:9e: - 86:4d:12:a6:0c:30:23:ef:08:45:4f:21:12:42:88: - 87:01:d8:a5:32:9f:b7:38:ef:60:ad:b7:47:6b:3b: - 4b:a6:5c:2b:56:72:5c:d1:b5:38:87:99:ec:3b:ff: - c6:02:ef:86:38:ee:e2:05:c6:f0:66:e2:18:91:50: - e5:57:23:27:99:bb:db:49:24:88:66:a8:14:96:7e: - 1a:6d:2a:e1:ff:18:f5:6a:37:d2:88:a8:79:c9:b9: - 50:f5:9a:68:0b:04:9e:68:02:1d:a1:71:e0:89:15: - ba:2a:48:06:7a:78:d3:d1:0c:77:83:98:83:f8:b9: - e2:60:20:92:07:9b:d4:c8:c0:fa:5a:5a:9d:26:40: - c2:35:65:00:f3:a0:e2:d3:21:4d:a5:c4:91:88:90: - 14:a7:5e:f7:13:b7:ea:2b:a2:bd:d7:84:18:1a:b7: - 7b:5d + 00:c3:e6:6d:73:b2:35:30:6a:3a:2d:34:4e:bb:a0: + bd:cb:9f:51:a3:e5:d3:88:cb:ce:6e:e2:24:b8:6c: + 0d:bd:fb:75:42:a4:3a:45:49:bf:2a:f9:ab:4a:80: + ae:15:33:81:f8:d6:06:78:8a:59:3a:4f:83:70:6e: + 1d:33:f4:f0:d0:04:81:fc:b3:96:1d:d1:79:2a:7f: + 72:62:d1:20:d1:b2:a0:67:fa:44:36:05:72:87:8e: + ea:77:e2:54:2b:0a:02:76:04:fa:2a:95:ef:40:8f: + e2:5d:67:69:a3:9c:20:76:0b:91:3c:8a:df:01:63: + 38:ab:68:27:6c:5c:b0:bc:c1:10:43:a1:61:62:ea: + 56:8f:32:e1:1d:f7:5d:2e:4d:a6:af:e3:f3:19:df: + 2e:92:04:92:e6:f9:0d:14:45:79:b9:77:99:ac:a8: + ae:ca:b8:05:65:81:80:dd:9f:34:b5:89:13:62:18: + 7d:9f:3d:4f:cd:1f:0d:4d:32:c2:72:33:96:f7:30: + 4c:2e:ef:66:03:ce:6c:52:f5:04:e9:02:9e:6f:54: + fc:4a:6c:c2:21:1a:a9:15:66:97:1f:11:59:01:e0: + 53:19:62:e7:80:26:da:fb:eb:57:54:87:36:52:48: + 6a:01:df:f0:f9:e1:c8:21:73:a9:72:f4:7c:92:1e: + f1:43 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: - 82:04:1D:BD:05:71:83:6F:F6:98:19:4D:4F:11:46:88:4D:9B:BF:A8 + 64:AD:F5:F3:4B:2D:70:3A:13:B7:0D:D6:8F:9F:82:37:C3:58:73:A8 X509v3 Authority Key Identifier: keyid:BC:F7:30:D1:3C:C0:F2:79:FA:EF:9F:C9:6C:5C:93:F3:8A:68:AB:83 X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Subject Alternative Name: - DNS:test.ExAmPlE.CoM, DNS:example.notarealtld + DNS:test.ExAmPlE.CoM, DNS:example.notarealtld, DNS:*.test2.ExAmPlE.CoM, DNS:*.example2.notarealtld Signature Algorithm: sha256WithRSAEncryption - 36:cf:f0:0a:f6:e9:6b:30:2b:d2:46:1b:c8:e4:4d:d2:2b:4d: - 0e:45:c8:e0:93:83:bb:f3:37:c2:81:65:fd:ea:cc:72:18:f6: - 0b:60:a3:a0:7d:80:ca:28:ac:61:ec:bd:3b:e2:80:22:2f:40: - 6f:a0:0f:33:3c:73:31:58:3e:16:ad:82:69:fe:02:51:e9:0f: - 64:4f:e7:c9:f7:b6:63:fb:b3:d9:90:b3:18:a0:01:59:73:44: - c3:bf:ea:96:a9:9b:71:ef:78:c5:ba:82:30:15:5f:b6:20:3e: - ed:57:c4:8b:50:5f:44:8f:41:1e:63:9d:5c:a1:b1:87:d1:96: - da:21:21:ac:91:16:66:3a:c8:ca:84:c1:47:52:9f:55:e3:09: - 82:38:c7:ca:e3:8b:c0:10:e2:d0:aa:c6:b8:de:b8:39:80:8d: - 49:37:1a:17:7a:90:8e:66:b7:b5:61:c0:85:13:86:ef:37:03: - 2e:77:ba:8a:eb:3c:82:be:0a:27:51:5e:33:ec:92:33:5d:f5: - cf:ed:43:79:41:f5:6e:0f:54:80:a7:a4:a2:bc:84:c5:36:1c: - 5e:f5:19:b4:89:31:7b:c4:38:54:09:b1:a5:7c:b7:18:95:fc: - e1:bf:86:42:fc:0b:41:4c:4a:fd:0b:4c:5d:db:c6:11:a7:0d: - 99:07:e9:22 + 22:eb:19:0b:53:ae:ac:05:af:4f:70:28:c5:ae:8b:c4:6e:d7: + 2a:7a:58:a4:44:7b:46:be:6e:01:6c:b6:d0:15:48:51:10:c7: + 27:ae:8a:de:52:82:91:70:36:dd:d7:55:ac:52:b2:c8:33:53: + fc:a1:e3:c1:80:6b:e6:46:fb:9c:0d:09:bf:91:c2:ee:25:77: + 39:69:7c:d2:f1:95:f0:2d:1e:fd:52:eb:1a:38:60:34:db:f4: + 43:a2:18:a9:b7:25:14:53:1a:1f:42:97:ab:25:7c:bb:25:88: + 56:fe:ac:d3:6f:5c:fe:90:e4:99:83:91:74:c0:dc:bb:a2:54: + 91:16:dd:d9:12:a5:22:6f:7a:1e:18:ab:54:63:18:4d:79:7c: + cb:16:78:04:2c:4d:32:13:2c:21:30:c9:22:b3:c7:41:7d:85: + 0f:9f:91:13:88:dd:b6:35:2e:de:a4:b7:72:d3:a0:f1:64:1c: + 30:b9:65:9e:4f:f3:5b:2b:7d:42:7b:7c:21:54:bf:c2:b0:02: + 2f:4e:10:2d:40:11:08:70:36:5c:66:e9:b6:3b:6a:9f:dd:7f: + f9:42:04:d0:8c:3c:93:54:5d:9f:d2:34:c4:67:d7:7c:ee:3f: + 22:4f:71:86:af:b1:79:6f:00:b4:65:60:58:ed:ef:16:cd:e5: + 97:e0:b8:49 -----BEGIN CERTIFICATE----- -MIIDUDCCAjigAwIBAgIBBDANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 -IFJvb3QgQ0EwHhcNMTQwODE0MDMwNTI5WhcNMjQwODExMDMwNTI5WjAbMRkwFwYD +MIIDfTCCAmWgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 +IFJvb3QgQ0EwHhcNMTUxMjIxMjAzNTQ3WhcNMjUxMjE4MjAzNTQ3WjAbMRkwFwYD VQQDExBMZWFmIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAtfj0Mtj19GXK6dDL3emXoW6Q4vSyshbQm+KZV+17xltvScGUAKkNXbU1 -9Dp7PBgGo3haaP+mBR99EAiuCWzc7924l55szsug3DMrHpXvHfvT2vg+V+2Ljp6G -TRKmDDAj7whFTyESQoiHAdilMp+3OO9grbdHaztLplwrVnJc0bU4h5nsO//GAu+G -OO7iBcbwZuIYkVDlVyMnmbvbSSSIZqgUln4abSrh/xj1ajfSiKh5yblQ9ZpoCwSe -aAIdoXHgiRW6KkgGenjT0Qx3g5iD+LniYCCSB5vUyMD6WlqdJkDCNWUA86Di0yFN -pcSRiJAUp173E7fqK6K914QYGrd7XQIDAQABo4GiMIGfMAwGA1UdEwEB/wQCMAAw -HQYDVR0OBBYEFIIEHb0FcYNv9pgZTU8RRohNm7+oMB8GA1UdIwQYMBaAFLz3MNE8 -wPJ5+u+fyWxck/OKaKuDMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAw -BgNVHREEKTAnghB0ZXN0LkV4QW1QbEUuQ29NghNleGFtcGxlLm5vdGFyZWFsdGxk -MA0GCSqGSIb3DQEBCwUAA4IBAQA2z/AK9ulrMCvSRhvI5E3SK00ORcjgk4O78zfC -gWX96sxyGPYLYKOgfYDKKKxh7L074oAiL0BvoA8zPHMxWD4WrYJp/gJR6Q9kT+fJ -97Zj+7PZkLMYoAFZc0TDv+qWqZtx73jFuoIwFV+2ID7tV8SLUF9Ej0EeY51cobGH -0ZbaISGskRZmOsjKhMFHUp9V4wmCOMfK44vAEOLQqsa43rg5gI1JNxoXepCOZre1 -YcCFE4bvNwMud7qK6zyCvgonUV4z7JIzXfXP7UN5QfVuD1SAp6SivITFNhxe9Rm0 -iTF7xDhUCbGlfLcYlfzhv4ZC/AtBTEr9C0xd28YRpw2ZB+ki +CgKCAQEAw+Ztc7I1MGo6LTROu6C9y59Ro+XTiMvObuIkuGwNvft1QqQ6RUm/Kvmr +SoCuFTOB+NYGeIpZOk+DcG4dM/Tw0ASB/LOWHdF5Kn9yYtEg0bKgZ/pENgVyh47q +d+JUKwoCdgT6KpXvQI/iXWdpo5wgdguRPIrfAWM4q2gnbFywvMEQQ6FhYupWjzLh +HfddLk2mr+PzGd8ukgSS5vkNFEV5uXeZrKiuyrgFZYGA3Z80tYkTYhh9nz1PzR8N +TTLCcjOW9zBMLu9mA85sUvUE6QKeb1T8SmzCIRqpFWaXHxFZAeBTGWLngCba++tX +VIc2UkhqAd/w+eHIIXOpcvR8kh7xQwIDAQABo4HPMIHMMAwGA1UdEwEB/wQCMAAw +HQYDVR0OBBYEFGSt9fNLLXA6E7cN1o+fgjfDWHOoMB8GA1UdIwQYMBaAFLz3MNE8 +wPJ5+u+fyWxck/OKaKuDMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBd +BgNVHREEVjBUghB0ZXN0LkV4QW1QbEUuQ29NghNleGFtcGxlLm5vdGFyZWFsdGxk +ghMqLnRlc3QyLkV4QW1QbEUuQ29NghYqLmV4YW1wbGUyLm5vdGFyZWFsdGxkMA0G +CSqGSIb3DQEBCwUAA4IBAQAi6xkLU66sBa9PcCjFrovEbtcqelikRHtGvm4BbLbQ +FUhREMcnroreUoKRcDbd11WsUrLIM1P8oePBgGvmRvucDQm/kcLuJXc5aXzS8ZXw +LR79UusaOGA02/RDohiptyUUUxofQperJXy7JYhW/qzTb1z+kOSZg5F0wNy7olSR +Ft3ZEqUib3oeGKtUYxhNeXzLFngELE0yEywhMMkis8dBfYUPn5ETiN22NS7epLdy +06DxZBwwuWWeT/NbK31Ce3whVL/CsAIvThAtQBEIcDZcZum2O2qf3X/5QgTQjDyT +VF2f0jTEZ9d87j8iT3GGr7F5bwC0ZWBY7e8WzeWX4LhJ -----END CERTIFICATE----- diff --git a/net/data/ssl/scripts/ca.cnf b/net/data/ssl/scripts/ca.cnf index 1b78e01..28778a3 100644 --- a/net/data/ssl/scripts/ca.cnf +++ b/net/data/ssl/scripts/ca.cnf @@ -59,6 +59,8 @@ DNS.2 = test.ExAmPlE.OrG [san_name_constraint_good] DNS.1 = test.ExAmPlE.CoM DNS.2 = example.notarealtld +DNS.3 = *.test2.ExAmPlE.CoM +DNS.4 = *.example2.notarealtld [ca_cert] # Extensions to add when signing a request for an intermediate/CA cert |