diff --git a/crypto/err/x509v3.errordata b/crypto/err/x509v3.errordata index 492259cec..80264fb21 100644 --- a/crypto/err/x509v3.errordata +++ b/crypto/err/x509v3.errordata @@ -53,6 +53,7 @@ X509V3,150,POLICY_PATH_LENGTH X509V3,151,POLICY_PATH_LENGTH_ALREADY_DEFINED X509V3,152,POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY X509V3,153,SECTION_NOT_FOUND +X509V3,164,TRAILING_DATA_IN_EXTENSION X509V3,154,UNABLE_TO_GET_ISSUER_DETAILS X509V3,155,UNABLE_TO_GET_ISSUER_KEYID X509V3,156,UNKNOWN_BIT_STRING_ARGUMENT diff --git a/crypto/x509/test/invalid_extension_intermediate.pem b/crypto/x509/test/invalid_extension_intermediate.pem index b86865fa9..b59a4d0eb 100644 --- a/crypto/x509/test/invalid_extension_intermediate.pem +++ b/crypto/x509/test/invalid_extension_intermediate.pem @@ -1,10 +1,11 @@ -----BEGIN CERTIFICATE----- -MIIBdTCCARugAwIBAgIBAjAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +MIIBnjCCAUOgAwIBAgIBAjAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw MFowKjEoMCYGA1UEAxMfSW52YWxpZCBFeHRlbnNpb25zIEludGVybWVkaWF0ZTBZ MBMGByqGSM49AgEGCCqGSM49AwEHA0IABOI6fKiM3jFLkLyAn88cvlw4SwxuygRj -opP3FFBKHyUQvh3VVvfqSpSCSmp50QiajQ6Dg7CTpVZVVH+bguT7JTCjODA2MA4G +opP3FFBKHyUQvh3VVvfqSpSCSmp50QiajQ6Dg7CTpVZVVH+bguT7JTCjYDBeMA4G A1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTAD -AQH/MAoGCCqGSM49BAMCA0gAMEUCIDkCS9RrLeO556C9apswg90ZdI2kn3ru31bp -a4Rqp82BAiEAqJn5GbUzqjVaI5UthWdcu1zmpdTJntbheeNstXa7k+E= +AQH/MBUGA1UdDgQOBAxpbnRlcm1lZGlhdGUwDwYDVR0jBAgwBoAEcm9vdDAKBggq +hkjOPQQDAgNJADBGAiEA0XamFS9fNIkvjN4muFP3EYEuO3/y+WiNhewBtusrhD0C +IQCmTHE7J6c+Pvtv4Ro2S/I3Pypr8sJNWdezoE5Okhf4Gw== -----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_intermediate_authority_key_identifier.pem b/crypto/x509/test/invalid_extension_intermediate_authority_key_identifier.pem index 595703c11..aa1a805e7 100644 --- a/crypto/x509/test/invalid_extension_intermediate_authority_key_identifier.pem +++ b/crypto/x509/test/invalid_extension_intermediate_authority_key_identifier.pem @@ -1,11 +1,11 @@ -----BEGIN CERTIFICATE----- -MIIBhTCCASugAwIBAgIBAjAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +MIIBnTCCAUKgAwIBAgIBAjAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw MFowKjEoMCYGA1UEAxMfSW52YWxpZCBFeHRlbnNpb25zIEludGVybWVkaWF0ZTBZ MBMGByqGSM49AgEGCCqGSM49AwEHA0IABOI6fKiM3jFLkLyAn88cvlw4SwxuygRj -opP3FFBKHyUQvh3VVvfqSpSCSmp50QiajQ6Dg7CTpVZVVH+bguT7JTCjSDBGMA4G +opP3FFBKHyUQvh3VVvfqSpSCSmp50QiajQ6Dg7CTpVZVVH+bguT7JTCjXzBdMA4G A1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTAD -AQH/MA4GA1UdIwQHSU5WQUxJRDAKBggqhkjOPQQDAgNIADBFAiEAl5TMKihFw6jD -ajc1I7R177t3d4HyW7qCB/M3PHu9HDsCIDI0oBBsuXAHX43N1Jx8LO0sMAzujYom -/NZn/qBanQnZ +AQH/MBUGA1UdDgQOBAxpbnRlcm1lZGlhdGUwDgYDVR0jBAdJTlZBTElEMAoGCCqG +SM49BAMCA0kAMEYCIQDKVSKO0wAESfYL/ZRzKj3rBxolJ9+GHKxNTXnmf7w6sAIh +AM0mSwKy1M+w7th5s0XhfImVfpi+V4Xxbtz8AWN6Grfm -----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_intermediate_basic_constraints.pem b/crypto/x509/test/invalid_extension_intermediate_basic_constraints.pem index 32f09f519..bb7414487 100644 --- a/crypto/x509/test/invalid_extension_intermediate_basic_constraints.pem +++ b/crypto/x509/test/invalid_extension_intermediate_basic_constraints.pem @@ -1,10 +1,11 @@ -----BEGIN CERTIFICATE----- -MIIBdTCCARqgAwIBAgIBAjAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +MIIBnDCCAUKgAwIBAgIBAjAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw MFowKjEoMCYGA1UEAxMfSW52YWxpZCBFeHRlbnNpb25zIEludGVybWVkaWF0ZTBZ MBMGByqGSM49AgEGCCqGSM49AwEHA0IABOI6fKiM3jFLkLyAn88cvlw4SwxuygRj -opP3FFBKHyUQvh3VVvfqSpSCSmp50QiajQ6Dg7CTpVZVVH+bguT7JTCjNzA1MA4G -A1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNVHRMEB0lOVkFM -SUQwCgYIKoZIzj0EAwIDSQAwRgIhAK/zCwmg3s63Ndeg9piiBbMsUF6ZPcNFltEa -3cKSMPthAiEAkMq/CmljQigMgXVWOhacYeRLyzZyi2i9hOjrCeKFuno= +opP3FFBKHyUQvh3VVvfqSpSCSmp50QiajQ6Dg7CTpVZVVH+bguT7JTCjXzBdMA4G +A1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDATAVBgNVHQ4EDgQMaW50 +ZXJtZWRpYXRlMA8GA1UdIwQIMAaABHJvb3QwDgYDVR0TBAdJTlZBTElEMAoGCCqG +SM49BAMCA0gAMEUCIARJW0WA3S/H8amVP7H8BLJj6AnNocXOC4FkQY1YNNdSAiEA +/Y4tQ2nvQhDuBGxdkDfR5wyYLOuS+t/CWIiV3A63VsM= -----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_intermediate_ext_key_usage.pem b/crypto/x509/test/invalid_extension_intermediate_ext_key_usage.pem index 20ff382f1..2423e26b2 100644 --- a/crypto/x509/test/invalid_extension_intermediate_ext_key_usage.pem +++ b/crypto/x509/test/invalid_extension_intermediate_ext_key_usage.pem @@ -1,10 +1,11 @@ -----BEGIN CERTIFICATE----- -MIIBbzCCARagAwIBAgIBAjAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +MIIBmTCCAT6gAwIBAgIBAjAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw MFowKjEoMCYGA1UEAxMfSW52YWxpZCBFeHRlbnNpb25zIEludGVybWVkaWF0ZTBZ MBMGByqGSM49AgEGCCqGSM49AwEHA0IABOI6fKiM3jFLkLyAn88cvlw4SwxuygRj -opP3FFBKHyUQvh3VVvfqSpSCSmp50QiajQ6Dg7CTpVZVVH+bguT7JTCjMzAxMA4G -A1UdDwEB/wQEAwICBDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdJQQHSU5WQUxJRDAK -BggqhkjOPQQDAgNHADBEAiAGr6/3ad6TX4h/HgD5oFiifT7SsRzYVD1yvfyHEYRI -qgIgYDbO0XKLN9kSUF8ZBaLPyC1AIbw+m9cQy4/GaJuzxH4= +opP3FFBKHyUQvh3VVvfqSpSCSmp50QiajQ6Dg7CTpVZVVH+bguT7JTCjWzBZMA4G +A1UdDwEB/wQEAwICBDAPBgNVHRMBAf8EBTADAQH/MBUGA1UdDgQOBAxpbnRlcm1l +ZGlhdGUwDwYDVR0jBAgwBoAEcm9vdDAOBgNVHSUEB0lOVkFMSUQwCgYIKoZIzj0E +AwIDSQAwRgIhALzNOt3jZR7ZP0DWt0hw3SRu5l8dcKYy49xVNIY3D8OuAiEA4KHg +Sfy+XLtLvVG9Tnbbh3XS+iLHiDUsYCGivpTAb44= -----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_intermediate_key_usage.pem b/crypto/x509/test/invalid_extension_intermediate_key_usage.pem index c31596c13..10c35cb88 100644 --- a/crypto/x509/test/invalid_extension_intermediate_key_usage.pem +++ b/crypto/x509/test/invalid_extension_intermediate_key_usage.pem @@ -1,10 +1,11 @@ -----BEGIN CERTIFICATE----- -MIIBdDCCARugAwIBAgIBAjAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +MIIBnTCCAUOgAwIBAgIBAjAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw MFowKjEoMCYGA1UEAxMfSW52YWxpZCBFeHRlbnNpb25zIEludGVybWVkaWF0ZTBZ MBMGByqGSM49AgEGCCqGSM49AwEHA0IABOI6fKiM3jFLkLyAn88cvlw4SwxuygRj -opP3FFBKHyUQvh3VVvfqSpSCSmp50QiajQ6Dg7CTpVZVVH+bguT7JTCjODA2MBMG -A1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PBAdJTlZB -TElEMAoGCCqGSM49BAMCA0cAMEQCIE1gJ4wr8D0UPRfhQ5sx1WJWEOc+IEtktigk -giSupcouAiBFa441h0NvODAwsb39sQ/uaUhucb11vwKSZItwViMp/w== +opP3FFBKHyUQvh3VVvfqSpSCSmp50QiajQ6Dg7CTpVZVVH+bguT7JTCjYDBeMBMG +A1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wFQYDVR0OBA4EDGlu +dGVybWVkaWF0ZTAPBgNVHSMECDAGgARyb290MA4GA1UdDwQHSU5WQUxJRDAKBggq +hkjOPQQDAgNIADBFAiEAtoKHHh57yauGrcGren78p+jqfq41XmuwaF6vQ7BfmxQC +IHCPCJcys8DqJOXId0F6fyk/Dk7jixFnmwW8S5E8N+Ee -----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_intermediate_name_constraints.pem b/crypto/x509/test/invalid_extension_intermediate_name_constraints.pem index 82c83a9dc..a28c751f0 100644 --- a/crypto/x509/test/invalid_extension_intermediate_name_constraints.pem +++ b/crypto/x509/test/invalid_extension_intermediate_name_constraints.pem @@ -1,11 +1,11 @@ -----BEGIN CERTIFICATE----- -MIIBhTCCASugAwIBAgIBAjAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +MIIBrDCCAVOgAwIBAgIBAjAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw MFowKjEoMCYGA1UEAxMfSW52YWxpZCBFeHRlbnNpb25zIEludGVybWVkaWF0ZTBZ MBMGByqGSM49AgEGCCqGSM49AwEHA0IABOI6fKiM3jFLkLyAn88cvlw4SwxuygRj -opP3FFBKHyUQvh3VVvfqSpSCSmp50QiajQ6Dg7CTpVZVVH+bguT7JTCjSDBGMA4G +opP3FFBKHyUQvh3VVvfqSpSCSmp50QiajQ6Dg7CTpVZVVH+bguT7JTCjcDBuMA4G A1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTAD -AQH/MA4GA1UdHgQHSU5WQUxJRDAKBggqhkjOPQQDAgNIADBFAiB7QedoT6bEccGY -/Pofovdtfdzl/AXCtbJjiu59Yt3UTAIhANdfkR5PShTke3o9diKz6G/cVvL9jkF2 -SKzPRxnRVxNo +AQH/MBUGA1UdDgQOBAxpbnRlcm1lZGlhdGUwDwYDVR0jBAgwBoAEcm9vdDAOBgNV +HR4EB0lOVkFMSUQwCgYIKoZIzj0EAwIDRwAwRAIgFTYJwndHsZh13cYj4EfDZFNe +ckt9rkRJjEP7nDGyD44CIAE6M7HDjbJRjJbYsAfc45ax00i9htFjb88t6AJyDU9M -----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_intermediate_subject_alt_name.pem b/crypto/x509/test/invalid_extension_intermediate_subject_alt_name.pem index 6fd9bf61e..b0cc06411 100644 --- a/crypto/x509/test/invalid_extension_intermediate_subject_alt_name.pem +++ b/crypto/x509/test/invalid_extension_intermediate_subject_alt_name.pem @@ -1,11 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIBhDCCASugAwIBAgIBAjAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +MIIBrjCCAVOgAwIBAgIBAjAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw MFowKjEoMCYGA1UEAxMfSW52YWxpZCBFeHRlbnNpb25zIEludGVybWVkaWF0ZTBZ MBMGByqGSM49AgEGCCqGSM49AwEHA0IABOI6fKiM3jFLkLyAn88cvlw4SwxuygRj -opP3FFBKHyUQvh3VVvfqSpSCSmp50QiajQ6Dg7CTpVZVVH+bguT7JTCjSDBGMA4G +opP3FFBKHyUQvh3VVvfqSpSCSmp50QiajQ6Dg7CTpVZVVH+bguT7JTCjcDBuMA4G A1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTAD -AQH/MA4GA1UdEQQHSU5WQUxJRDAKBggqhkjOPQQDAgNHADBEAiA4J8X4tb775IOP -gBZ8BjlQZXPaRAgO/0d8a5Bgb5j0awIgN1i84TX34Dm8SjArcZLN38mm0zbrvEY0 -wILouqC75wI= +AQH/MBUGA1UdDgQOBAxpbnRlcm1lZGlhdGUwDwYDVR0jBAgwBoAEcm9vdDAOBgNV +HREEB0lOVkFMSUQwCgYIKoZIzj0EAwIDSQAwRgIhAI49whD5azejKejI1xowdbu7 +LHeT2wNanCCU+KCOoBFPAiEAoog5xR90Z2lWsLJEPWiw7WLJMNuZBDINLNVDCA5d +D0k= -----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_intermediate_subject_key_identifier.pem b/crypto/x509/test/invalid_extension_intermediate_subject_key_identifier.pem index a44075700..e586b70f4 100644 --- a/crypto/x509/test/invalid_extension_intermediate_subject_key_identifier.pem +++ b/crypto/x509/test/invalid_extension_intermediate_subject_key_identifier.pem @@ -1,11 +1,11 @@ -----BEGIN CERTIFICATE----- -MIIBhTCCASugAwIBAgIBAjAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +MIIBljCCATygAwIBAgIBAjAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw MFowKjEoMCYGA1UEAxMfSW52YWxpZCBFeHRlbnNpb25zIEludGVybWVkaWF0ZTBZ MBMGByqGSM49AgEGCCqGSM49AwEHA0IABOI6fKiM3jFLkLyAn88cvlw4SwxuygRj -opP3FFBKHyUQvh3VVvfqSpSCSmp50QiajQ6Dg7CTpVZVVH+bguT7JTCjSDBGMA4G +opP3FFBKHyUQvh3VVvfqSpSCSmp50QiajQ6Dg7CTpVZVVH+bguT7JTCjWTBXMA4G A1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTAD -AQH/MA4GA1UdDgQHSU5WQUxJRDAKBggqhkjOPQQDAgNIADBFAiBXToga6ILFNSXj -FiwI/ZaZvJubBHzMcrEXtIv85ybV3wIhAL3DMOezrq+dSjf+RdshlTDKwvTY8QYX -ehvRzctnYHTd +AQH/MA8GA1UdIwQIMAaABHJvb3QwDgYDVR0OBAdJTlZBTElEMAoGCCqGSM49BAMC +A0gAMEUCIDsbBMbAWuJq9VnfrSjLBTK6TSfskt3i0ns2y/9FEW04AiEAkjyacdGb +sk1wvjrVc5ny6O96NvUGkdO1/GNdPNKPYWQ= -----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_leaf.pem b/crypto/x509/test/invalid_extension_leaf.pem index 14bcb5a16..d7491dc65 100644 --- a/crypto/x509/test/invalid_extension_leaf.pem +++ b/crypto/x509/test/invalid_extension_leaf.pem @@ -1,11 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIBhzCCASygAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk +MIIBzzCCAXagAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk IEV4dGVuc2lvbnMgSW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAw MTAxMDAwMDAwWjAaMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjO PQIBBggqhkjOPQMBBwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZR -EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo1EwTzAOBgNVHQ8BAf8E -BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAaBgNVHREE -EzARgg93d3cuZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAJ1DkyH6QYsM -bxN/aXhKYGFc1upPpxfHrzmVrVrYq34GAiEAgzAn1bws7mwi4fTBJ4XY44OisCi6 -gPDLe2H4Esop38o= +EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo4GaMIGXMA4GA1UdDwEB +/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMA0GA1Ud +DgQGBARsZWFmMBcGA1UdIwQQMA6ADGludGVybWVkaWF0ZTAaBgNVHREEEzARgg93 +d3cuZXhhbXBsZS5jb20wHgYDVR0eBBcwFaATMBGCD3d3dy5leGFtcGxlLmNvbTAK +BggqhkjOPQQDAgNHADBEAiAJtROn4TOAvfttoQJ6RsqnsaR1WaP+CKzWXjARJxtQ +LwIgGmbRenVTFx8ho17JY8ncV5qaJqc0EXN56twt9SccKqE= -----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_leaf_authority_key_identifier.pem b/crypto/x509/test/invalid_extension_leaf_authority_key_identifier.pem index 166b89c18..a4d013ec0 100644 --- a/crypto/x509/test/invalid_extension_leaf_authority_key_identifier.pem +++ b/crypto/x509/test/invalid_extension_leaf_authority_key_identifier.pem @@ -1,11 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIBljCCATygAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk +MIIByDCCAW2gAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk IEV4dGVuc2lvbnMgSW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAw MTAxMDAwMDAwWjAaMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjO PQIBBggqhkjOPQMBBwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZR -EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo2EwXzAOBgNVHQ8BAf8E -BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAaBgNVHREE -EzARgg93d3cuZXhhbXBsZS5jb20wDgYDVR0jBAdJTlZBTElEMAoGCCqGSM49BAMC -A0gAMEUCIDCqsRJC3IrUHxm5txOfnjrpGmoeSvr1EhVFDhHCuV6GAiEAwJ15sf7y -+CGw0rzYTLUHw4nc5aJC9oKOhypg3SrQeGw= +EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo4GRMIGOMA4GA1UdDwEB +/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMA0GA1Ud +DgQGBARsZWFmMBoGA1UdEQQTMBGCD3d3dy5leGFtcGxlLmNvbTAeBgNVHR4EFzAV +oBMwEYIPd3d3LmV4YW1wbGUuY29tMA4GA1UdIwQHSU5WQUxJRDAKBggqhkjOPQQD +AgNJADBGAiEAj6hhgnfiI0zt38N98eQsfJCJ8ZGkLfH+69OOUISls2QCIQDtyWhN +L/7L787+zkUazG4HvZ/YHO7hbWQAfMQVbk/iRA== -----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_leaf_basic_constraints.pem b/crypto/x509/test/invalid_extension_leaf_basic_constraints.pem index 611f7cb1e..f987971ee 100644 --- a/crypto/x509/test/invalid_extension_leaf_basic_constraints.pem +++ b/crypto/x509/test/invalid_extension_leaf_basic_constraints.pem @@ -1,11 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIBiDCCAS6gAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk +MIIB0zCCAXigAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk IEV4dGVuc2lvbnMgSW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAw MTAxMDAwMDAwWjAaMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjO PQIBBggqhkjOPQMBBwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZR -EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo1MwUTAOBgNVHQ8BAf8E -BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGgYDVR0RBBMwEYIPd3d3LmV4YW1w -bGUuY29tMA4GA1UdEwQHSU5WQUxJRDAKBggqhkjOPQQDAgNIADBFAiEA6btgd6HI -SCvxfnaHqhAiBjLl665JJC/wpSejPlxFmI0CIGZ7pLkRuQKv132ffDBmobAsBBnT -YXmJWAHc4rsJCYEx +EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo4GcMIGZMA4GA1UdDwEB +/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDATANBgNVHQ4EBgQEbGVhZjAXBgNV +HSMEEDAOgAxpbnRlcm1lZGlhdGUwGgYDVR0RBBMwEYIPd3d3LmV4YW1wbGUuY29t +MB4GA1UdHgQXMBWgEzARgg93d3cuZXhhbXBsZS5jb20wDgYDVR0TBAdJTlZBTElE +MAoGCCqGSM49BAMCA0kAMEYCIQDo/XMevx8IdL+LOl55riE3otGDWKDDPgaZKA43 +snAJAwIhAJtgm2YNclXG1i8PzrSqZ5Y5mvBMgtjTfW/7ld7ED3pK -----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_leaf_ext_key_usage.pem b/crypto/x509/test/invalid_extension_leaf_ext_key_usage.pem index 2fa34ee00..a8dd8c5f0 100644 --- a/crypto/x509/test/invalid_extension_leaf_ext_key_usage.pem +++ b/crypto/x509/test/invalid_extension_leaf_ext_key_usage.pem @@ -1,11 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIBgTCCASegAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk +MIIByzCCAXGgAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk IEV4dGVuc2lvbnMgSW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAw MTAxMDAwMDAwWjAaMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjO PQIBBggqhkjOPQMBBwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZR -EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo0wwSjAOBgNVHQ8BAf8E -BAMCAgQwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhhbXBsZS5jb20w -DgYDVR0lBAdJTlZBTElEMAoGCCqGSM49BAMCA0gAMEUCIH3jx0mZhPAY2QZHYVPQ -ld6RNFGris9CFCD8AMOaZTR+AiEAgr4hSxoIm3g/CVeQkDORqgSrXU0AuVvQL2KO -NM5UG1Q= +EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo4GVMIGSMA4GA1UdDwEB +/wQEAwICBDAMBgNVHRMBAf8EAjAAMA0GA1UdDgQGBARsZWFmMBcGA1UdIwQQMA6A +DGludGVybWVkaWF0ZTAaBgNVHREEEzARgg93d3cuZXhhbXBsZS5jb20wHgYDVR0e +BBcwFaATMBGCD3d3dy5leGFtcGxlLmNvbTAOBgNVHSUEB0lOVkFMSUQwCgYIKoZI +zj0EAwIDSAAwRQIhAJwe+EZy9v2fW6bYAE8T2NEJjc0SDLoHshJOae3yOYMoAiB1 +kTrY4iuQKBwbbAokFgnHr+Ev1aXcmjRn0sJFDesUAw== -----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_leaf_key_usage.pem b/crypto/x509/test/invalid_extension_leaf_key_usage.pem index 82c7cf0c7..e1ed36c97 100644 --- a/crypto/x509/test/invalid_extension_leaf_key_usage.pem +++ b/crypto/x509/test/invalid_extension_leaf_key_usage.pem @@ -1,11 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIBhjCCASygAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk +MIIBzzCCAXagAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk IEV4dGVuc2lvbnMgSW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAw MTAxMDAwMDAwWjAaMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjO PQIBBggqhkjOPQMBBwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZR -EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo1EwTzATBgNVHSUEDDAK -BggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBoGA1UdEQQTMBGCD3d3dy5leGFtcGxl -LmNvbTAOBgNVHQ8EB0lOVkFMSUQwCgYIKoZIzj0EAwIDSAAwRQIgPoSLUcWwjnDx -3N+DJPzpgHRRSZtJz6w5njQ+zcyQvrQCIQDThWHI9F5s6xQN42stFw0sasdWFc/9 -No9QQf1zbGfGDw== +EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo4GaMIGXMBMGA1UdJQQM +MAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwDQYDVR0OBAYEBGxlYWYwFwYDVR0j +BBAwDoAMaW50ZXJtZWRpYXRlMBoGA1UdEQQTMBGCD3d3dy5leGFtcGxlLmNvbTAe +BgNVHR4EFzAVoBMwEYIPd3d3LmV4YW1wbGUuY29tMA4GA1UdDwQHSU5WQUxJRDAK +BggqhkjOPQQDAgNHADBEAiAoWszkhUlrT+vn0BqkA8yuuyCQ7HvK8KQOJsvzFYkS +qwIgbzwpATgcK7hhRG+GIO8v/MWqomOLExlQYcGIPPODHH0= -----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_leaf_name_constraints.pem b/crypto/x509/test/invalid_extension_leaf_name_constraints.pem index f4e610597..0e90447d5 100644 --- a/crypto/x509/test/invalid_extension_leaf_name_constraints.pem +++ b/crypto/x509/test/invalid_extension_leaf_name_constraints.pem @@ -1,11 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIBljCCATygAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk +MIIBvzCCAWagAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk IEV4dGVuc2lvbnMgSW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAw MTAxMDAwMDAwWjAaMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjO PQIBBggqhkjOPQMBBwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZR -EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo2EwXzAOBgNVHQ8BAf8E -BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAaBgNVHREE -EzARgg93d3cuZXhhbXBsZS5jb20wDgYDVR0eBAdJTlZBTElEMAoGCCqGSM49BAMC -A0gAMEUCIQCYofdTDXH2HIpc/ZSI6IQVCM0L0/QbKbEOGeAwDtikGAIgV48ECoAt -8maDdh8y9qj/TZe6XA39BzkjtsLKhecCuV8= +EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo4GKMIGHMA4GA1UdDwEB +/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMA0GA1Ud +DgQGBARsZWFmMBcGA1UdIwQQMA6ADGludGVybWVkaWF0ZTAaBgNVHREEEzARgg93 +d3cuZXhhbXBsZS5jb20wDgYDVR0eBAdJTlZBTElEMAoGCCqGSM49BAMCA0cAMEQC +IDBcHYVfj62g5y2gP/TTvH3VQr4XG/QNZLL6N8H/A8arAiB95102dlC8zVt4beDe +ejD7/YA0FNMSgEnAZ1VgzPejxA== -----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_leaf_subject_alt_name.pem b/crypto/x509/test/invalid_extension_leaf_subject_alt_name.pem index eae65f487..a6aa9a9c3 100644 --- a/crypto/x509/test/invalid_extension_leaf_subject_alt_name.pem +++ b/crypto/x509/test/invalid_extension_leaf_subject_alt_name.pem @@ -1,10 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIBeTCCASCgAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk +MIIBxTCCAWqgAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk IEV4dGVuc2lvbnMgSW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAw MTAxMDAwMDAwWjAaMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjO PQIBBggqhkjOPQMBBwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZR -EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo0UwQzAOBgNVHQ8BAf8E -BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAOBgNVHREE -B0lOVkFMSUQwCgYIKoZIzj0EAwIDRwAwRAIgDatlhmjkW4lgYc/eyrqJp1kxKrL8 -0WkPsmdUZmXiI1QCIC1bl+3ponxSaCvn81xKrQzuIq2OzWxy2PTHyNbPnGcz +EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo4GOMIGLMA4GA1UdDwEB +/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMA0GA1Ud +DgQGBARsZWFmMBcGA1UdIwQQMA6ADGludGVybWVkaWF0ZTAeBgNVHR4EFzAVoBMw +EYIPd3d3LmV4YW1wbGUuY29tMA4GA1UdEQQHSU5WQUxJRDAKBggqhkjOPQQDAgNJ +ADBGAiEAurYkjuxVgkxbmI1D+qM5RGXPPs7V74okqeQdURcL7HACIQDGNT6gcPDw +Ax2Hm5GK3H5UrNEmD1K4IOxfKl9zguiffQ== -----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_leaf_subject_key_identifier.pem b/crypto/x509/test/invalid_extension_leaf_subject_key_identifier.pem index d082bf8ad..1640d14f2 100644 --- a/crypto/x509/test/invalid_extension_leaf_subject_key_identifier.pem +++ b/crypto/x509/test/invalid_extension_leaf_subject_key_identifier.pem @@ -1,11 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIBlzCCATygAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk +MIIB0jCCAXegAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk IEV4dGVuc2lvbnMgSW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAw MTAxMDAwMDAwWjAaMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjO PQIBBggqhkjOPQMBBwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZR -EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo2EwXzAOBgNVHQ8BAf8E -BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAaBgNVHREE -EzARgg93d3cuZXhhbXBsZS5jb20wDgYDVR0OBAdJTlZBTElEMAoGCCqGSM49BAMC -A0kAMEYCIQDNfoYMjJUzrw2qxHKwopCt9lTQIfOCJDzndJwHLSI97gIhAIDRRWkU -OpOxpzO5zJtvsPSuFJTPtFi6dKwyZA0VVX5m +EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo4GbMIGYMA4GA1UdDwEB +/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBcGA1Ud +IwQQMA6ADGludGVybWVkaWF0ZTAaBgNVHREEEzARgg93d3cuZXhhbXBsZS5jb20w +HgYDVR0eBBcwFaATMBGCD3d3dy5leGFtcGxlLmNvbTAOBgNVHQ4EB0lOVkFMSUQw +CgYIKoZIzj0EAwIDSQAwRgIhAOgBejpWnjlxO/K8FMTGO7J+sHS6PAQohwvEgLmT +KWhMAiEAuc5uRycxN44gGka2Of9zw09o50sKgS1Ckv+VhkDqgbg= -----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_root.pem b/crypto/x509/test/invalid_extension_root.pem index 9236111de..2e211e28b 100644 --- a/crypto/x509/test/invalid_extension_root.pem +++ b/crypto/x509/test/invalid_extension_root.pem @@ -1,10 +1,10 @@ -----BEGIN CERTIFICATE----- -MIIBbjCCAROgAwIBAgIBATAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +MIIBfDCCASKgAwIBAgIBATAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw MFowIjEgMB4GA1UEAxMXSW52YWxpZCBFeHRlbnNpb25zIFJvb3QwWTATBgcqhkjO PQIBBggqhkjOPQMBBwNCAAQmdqXYl1GvY7y3jcTTK6MVXIQr44TqChRYI6IeV9tI -B6jIsOY+Qol1bk8x/7A5FGOnUWFVLEAPEPSJwPndjoltozgwNjAOBgNVHQ8BAf8E -BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAKBggq -hkjOPQQDAgNJADBGAiEAkLonK/c0Wai8LSe6Nhf3ln+dpPxIQD9z0e2bXzgp3ZgC -IQDUjv8fhl6szNN6cV4NElVrsuFRigAvt6Z5M132Ybgavw== +B6jIsOY+Qol1bk8x/7A5FGOnUWFVLEAPEPSJwPndjolto0cwRTAOBgNVHQ8BAf8E +BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zANBgNV +HQ4EBgQEcm9vdDAKBggqhkjOPQQDAgNIADBFAiBd9AxKvRMSY7ll42h5jjYh5QtK +Yu3fxeME1IeivVNzQAIhAPov0l/2FYwZmMGI9ihR3iD/8petRfp4E9JLQQd3TgL5 -----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_root_authority_key_identifier.pem b/crypto/x509/test/invalid_extension_root_authority_key_identifier.pem index c2321b7f0..5c365b4a0 100644 --- a/crypto/x509/test/invalid_extension_root_authority_key_identifier.pem +++ b/crypto/x509/test/invalid_extension_root_authority_key_identifier.pem @@ -1,11 +1,11 @@ -----BEGIN CERTIFICATE----- -MIIBfTCCASOgAwIBAgIBATAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +MIIBjDCCATKgAwIBAgIBATAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw MFowIjEgMB4GA1UEAxMXSW52YWxpZCBFeHRlbnNpb25zIFJvb3QwWTATBgcqhkjO PQIBBggqhkjOPQMBBwNCAAQmdqXYl1GvY7y3jcTTK6MVXIQr44TqChRYI6IeV9tI -B6jIsOY+Qol1bk8x/7A5FGOnUWFVLEAPEPSJwPndjolto0gwRjAOBgNVHQ8BAf8E -BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAOBgNV -HSMEB0lOVkFMSUQwCgYIKoZIzj0EAwIDSAAwRQIgO/L4Oi8esLDZ5HQgVYd/GUey -8yPPRUkfr8+ZH5YJ724CIQCToZDd4kEPRmwjS6R20n5qrDElE4SDBq8cmJEToh57 -3Q== +B6jIsOY+Qol1bk8x/7A5FGOnUWFVLEAPEPSJwPndjolto1cwVTAOBgNVHQ8BAf8E +BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zANBgNV +HQ4EBgQEcm9vdDAOBgNVHSMEB0lOVkFMSUQwCgYIKoZIzj0EAwIDSAAwRQIhAMVD +OFcNzmPEdD2dJ3KWRGR15vQbXEXvimZgJdKtXdbLAiBfJOocLiQfPU7Nk3Qo0Ti1 +En0QfUATxx8DNR15cfcupQ== -----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_root_basic_constraints.pem b/crypto/x509/test/invalid_extension_root_basic_constraints.pem index 4e507b3e2..54a54b661 100644 --- a/crypto/x509/test/invalid_extension_root_basic_constraints.pem +++ b/crypto/x509/test/invalid_extension_root_basic_constraints.pem @@ -1,10 +1,10 @@ -----BEGIN CERTIFICATE----- -MIIBazCCARKgAwIBAgIBATAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +MIIBejCCASGgAwIBAgIBATAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw MFowIjEgMB4GA1UEAxMXSW52YWxpZCBFeHRlbnNpb25zIFJvb3QwWTATBgcqhkjO PQIBBggqhkjOPQMBBwNCAAQmdqXYl1GvY7y3jcTTK6MVXIQr44TqChRYI6IeV9tI -B6jIsOY+Qol1bk8x/7A5FGOnUWFVLEAPEPSJwPndjoltozcwNTAOBgNVHQ8BAf8E -BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDgYDVR0TBAdJTlZBTElEMAoGCCqG -SM49BAMCA0cAMEQCICRNoNJx8TOSe4FKoB7EdfvG56/zvzVK8F4SDV35nbfTAiAF -QjSD7CDdbaRQymgX3ojBbAP3hj1fFbCzopKR7UUvxQ== +B6jIsOY+Qol1bk8x/7A5FGOnUWFVLEAPEPSJwPndjolto0YwRDAOBgNVHQ8BAf8E +BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYDVR0OBAYEBHJvb3QwDgYDVR0T +BAdJTlZBTElEMAoGCCqGSM49BAMCA0cAMEQCIB2OGsfTIUGaJ3iTXv2oung5pLKH +VExVqc+KbnIyDbnaAiBwgxjlX+01/ERfGguz+W+00m4IZlzbyAp4dEs4rW9AXw== -----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_root_ext_key_usage.pem b/crypto/x509/test/invalid_extension_root_ext_key_usage.pem index 17ac3a2b1..eaa629287 100644 --- a/crypto/x509/test/invalid_extension_root_ext_key_usage.pem +++ b/crypto/x509/test/invalid_extension_root_ext_key_usage.pem @@ -1,10 +1,10 @@ -----BEGIN CERTIFICATE----- -MIIBaDCCAQ6gAwIBAgIBATAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +MIIBeDCCAR2gAwIBAgIBATAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw MFowIjEgMB4GA1UEAxMXSW52YWxpZCBFeHRlbnNpb25zIFJvb3QwWTATBgcqhkjO PQIBBggqhkjOPQMBBwNCAAQmdqXYl1GvY7y3jcTTK6MVXIQr44TqChRYI6IeV9tI -B6jIsOY+Qol1bk8x/7A5FGOnUWFVLEAPEPSJwPndjoltozMwMTAOBgNVHQ8BAf8E -BAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHSUEB0lOVkFMSUQwCgYIKoZIzj0E -AwIDSAAwRQIgVjuDRpd+kVlqUDJcX899ZsAoIvkSPxo/lCVJ+ae28BkCIQD/9Aig -0CaivgJ8Z6mUW9ozp6ClMPfSpCEUtrhm/dg2og== +B6jIsOY+Qol1bk8x/7A5FGOnUWFVLEAPEPSJwPndjolto0IwQDAOBgNVHQ8BAf8E +BAMCAgQwDwYDVR0TAQH/BAUwAwEB/zANBgNVHQ4EBgQEcm9vdDAOBgNVHSUEB0lO +VkFMSUQwCgYIKoZIzj0EAwIDSQAwRgIhAIY8RxbluUZ2M2PPy5IHnvdXRaQdIq3Z +DFg9LwkxXl8NAiEAzdE/F19Upl4E7LmdnmGXz8BxhNB6e5CxiJJEdeexCn8= -----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_root_key_usage.pem b/crypto/x509/test/invalid_extension_root_key_usage.pem index 92ac0c608..4447d9405 100644 --- a/crypto/x509/test/invalid_extension_root_key_usage.pem +++ b/crypto/x509/test/invalid_extension_root_key_usage.pem @@ -1,10 +1,10 @@ -----BEGIN CERTIFICATE----- -MIIBbjCCAROgAwIBAgIBATAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +MIIBfDCCASKgAwIBAgIBATAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw MFowIjEgMB4GA1UEAxMXSW52YWxpZCBFeHRlbnNpb25zIFJvb3QwWTATBgcqhkjO PQIBBggqhkjOPQMBBwNCAAQmdqXYl1GvY7y3jcTTK6MVXIQr44TqChRYI6IeV9tI -B6jIsOY+Qol1bk8x/7A5FGOnUWFVLEAPEPSJwPndjoltozgwNjATBgNVHSUEDDAK -BggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwQHSU5WQUxJRDAKBggq -hkjOPQQDAgNJADBGAiEAmX21h0WJPZ8VjGRaGwYWAh2q7iS0Wzm+besT06qgnPwC -IQCEF2G9d/DaDL7H9aw51xA0B+WwHBN5r1kx6b9A5pJVtg== +B6jIsOY+Qol1bk8x/7A5FGOnUWFVLEAPEPSJwPndjolto0cwRTATBgNVHSUEDDAK +BggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MA0GA1UdDgQGBARyb290MA4GA1Ud +DwQHSU5WQUxJRDAKBggqhkjOPQQDAgNIADBFAiEAt0anuhA0pecFMnlB4+M9lcy6 +VZsopjCniyHxfaaf1jQCICPaxHg+ztBFtOjCsr8nbgSy/JWYejF1uTjLYZKj5z6I -----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_root_name_constraints.pem b/crypto/x509/test/invalid_extension_root_name_constraints.pem index 351123666..73ca98358 100644 --- a/crypto/x509/test/invalid_extension_root_name_constraints.pem +++ b/crypto/x509/test/invalid_extension_root_name_constraints.pem @@ -1,11 +1,11 @@ -----BEGIN CERTIFICATE----- -MIIBfTCCASOgAwIBAgIBATAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +MIIBizCCATKgAwIBAgIBATAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw MFowIjEgMB4GA1UEAxMXSW52YWxpZCBFeHRlbnNpb25zIFJvb3QwWTATBgcqhkjO PQIBBggqhkjOPQMBBwNCAAQmdqXYl1GvY7y3jcTTK6MVXIQr44TqChRYI6IeV9tI -B6jIsOY+Qol1bk8x/7A5FGOnUWFVLEAPEPSJwPndjolto0gwRjAOBgNVHQ8BAf8E -BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAOBgNV -HR4EB0lOVkFMSUQwCgYIKoZIzj0EAwIDSAAwRQIhALYRk6SPzWoKF3wLI6N+bWh/ -iap7zpRrAZqmL3EDTlitAiB0CFMk9r5h/RDkvrP4Z+JZKum9ZVbGew73cdjDVBA3 -dA== +B6jIsOY+Qol1bk8x/7A5FGOnUWFVLEAPEPSJwPndjolto1cwVTAOBgNVHQ8BAf8E +BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zANBgNV +HQ4EBgQEcm9vdDAOBgNVHR4EB0lOVkFMSUQwCgYIKoZIzj0EAwIDRwAwRAIgHa/R +i3/yXzHD61xU8mVWSnH39FP5V0mzcHqxKvGSlk4CICsg1HCVLPvYIVUd0Kc8bv6h +uu6UUup8MlUdFrRJaOus -----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_root_subject_alt_name.pem b/crypto/x509/test/invalid_extension_root_subject_alt_name.pem index 0604bf60a..bdf9ab4ca 100644 --- a/crypto/x509/test/invalid_extension_root_subject_alt_name.pem +++ b/crypto/x509/test/invalid_extension_root_subject_alt_name.pem @@ -1,10 +1,11 @@ -----BEGIN CERTIFICATE----- -MIIBfDCCASOgAwIBAgIBATAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +MIIBjDCCATKgAwIBAgIBATAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw MFowIjEgMB4GA1UEAxMXSW52YWxpZCBFeHRlbnNpb25zIFJvb3QwWTATBgcqhkjO PQIBBggqhkjOPQMBBwNCAAQmdqXYl1GvY7y3jcTTK6MVXIQr44TqChRYI6IeV9tI -B6jIsOY+Qol1bk8x/7A5FGOnUWFVLEAPEPSJwPndjolto0gwRjAOBgNVHQ8BAf8E -BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAOBgNV -HREEB0lOVkFMSUQwCgYIKoZIzj0EAwIDRwAwRAIgZKRMQGAIoUuzwYQS8UNkuTI5 -H9kJYpOGZhZ3esyfvC4CIAsJGY8kgzzFpLwd3e9Zp6WAPK/snDzF9Tb4KL+GB85n +B6jIsOY+Qol1bk8x/7A5FGOnUWFVLEAPEPSJwPndjolto1cwVTAOBgNVHQ8BAf8E +BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zANBgNV +HQ4EBgQEcm9vdDAOBgNVHREEB0lOVkFMSUQwCgYIKoZIzj0EAwIDSAAwRQIgZ12y +9EulwmfqICXtykhGr9Pjfcdg6SacCreLx7454cYCIQCQkP5Ji2SW1Huzp6hE1oHw +XwNwxFXV6XMJ+NylMYoJ3w== -----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_root_subject_key_identifier.pem b/crypto/x509/test/invalid_extension_root_subject_key_identifier.pem index eb17a7ea4..18c4ccefa 100644 --- a/crypto/x509/test/invalid_extension_root_subject_key_identifier.pem +++ b/crypto/x509/test/invalid_extension_root_subject_key_identifier.pem @@ -1,11 +1,11 @@ -----BEGIN CERTIFICATE----- -MIIBfjCCASOgAwIBAgIBATAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +MIIBfTCCASOgAwIBAgIBATAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw MFowIjEgMB4GA1UEAxMXSW52YWxpZCBFeHRlbnNpb25zIFJvb3QwWTATBgcqhkjO PQIBBggqhkjOPQMBBwNCAAQmdqXYl1GvY7y3jcTTK6MVXIQr44TqChRYI6IeV9tI B6jIsOY+Qol1bk8x/7A5FGOnUWFVLEAPEPSJwPndjolto0gwRjAOBgNVHQ8BAf8E BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAOBgNV -HQ4EB0lOVkFMSUQwCgYIKoZIzj0EAwIDSQAwRgIhAJbUNO8zfK439VpI2rrG9gTl -fjunP2fKsz3EK8NUtS12AiEA1m9Uzb+sUTCGhAlGEsDkjFbp3SCbvbWn7YhzqJkR -xvQ= +HQ4EB0lOVkFMSUQwCgYIKoZIzj0EAwIDSAAwRQIhAOOhlyJ15KAUZlokr35Y51mJ +Ic8V3490rloGXldPJajUAiADevilj44K19daaJCFDSIRByO23doY7AmoeLt6YgNJ +DQ== -----END CERTIFICATE----- diff --git a/crypto/x509/test/make_invalid_extensions.go b/crypto/x509/test/make_invalid_extensions.go index 3d20942ba..d0c2ceeba 100644 --- a/crypto/x509/test/make_invalid_extensions.go +++ b/crypto/x509/test/make_invalid_extensions.go @@ -59,7 +59,7 @@ type templateAndKey struct { key *ecdsa.PrivateKey } -func generateCertificateOrPanic(path string, subject, issuer *templateAndKey) { +func generateCertificateOrPanic(path string, subject, issuer *templateAndKey) []byte { cert, err := x509.CreateCertificate(rand.Reader, &subject.template, &issuer.template, &subject.key.PublicKey, issuer.key) if err != nil { panic(err) @@ -73,6 +73,7 @@ func generateCertificateOrPanic(path string, subject, issuer *templateAndKey) { if err != nil { panic(err) } + return cert } func main() { @@ -96,6 +97,7 @@ func main() { ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, KeyUsage: x509.KeyUsageCertSign, SignatureAlgorithm: x509.ECDSAWithSHA256, + SubjectKeyId: []byte("root"), }, key: rootKey, } @@ -110,6 +112,7 @@ func main() { ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, KeyUsage: x509.KeyUsageCertSign, SignatureAlgorithm: x509.ECDSAWithSHA256, + SubjectKeyId: []byte("intermediate"), }, key: intermediateKey, } @@ -125,6 +128,8 @@ func main() { KeyUsage: x509.KeyUsageCertSign, SignatureAlgorithm: x509.ECDSAWithSHA256, DNSNames: []string{"www.example.com"}, + SubjectKeyId: []byte("leaf"), + PermittedDNSDomains: []string{"www.example.com"}, }, key: leafKey, } @@ -132,10 +137,15 @@ func main() { // Generate a valid certificate chain from the templates. generateCertificateOrPanic("invalid_extension_root.pem", &root, &root) generateCertificateOrPanic("invalid_extension_intermediate.pem", &intermediate, &root) - generateCertificateOrPanic("invalid_extension_leaf.pem", &leaf, &intermediate) + leafDER := generateCertificateOrPanic("invalid_extension_leaf.pem", &leaf, &intermediate) - // Make copies of each of the three certificates with invalid extensions. - // These copies may be substituted into the valid chain. + leafCert, err := x509.ParseCertificate(leafDER) + if err != nil { + panic(err) + } + + // Make copies of the certificates with invalid extensions. These copies may + // be substituted into the valid chain. for _, ext := range extensions { invalidExtension := []pkix.Extension{{Id: ext.oid, Value: []byte("INVALID")}} @@ -150,6 +160,24 @@ func main() { leafInvalid := leaf leafInvalid.template.ExtraExtensions = invalidExtension generateCertificateOrPanic(fmt.Sprintf("invalid_extension_leaf_%s.pem", ext.name), &leafInvalid, &intermediate) + + // Additionally generate a copy of the leaf certificate with extra data in + // the extension. + var trailingDataExtension []pkix.Extension + for _, leafExt := range leafCert.Extensions { + if leafExt.Id.Equal(ext.oid) { + newValue := make([]byte, len(leafExt.Value)+1) + copy(newValue, leafExt.Value) + trailingDataExtension = append(trailingDataExtension, pkix.Extension{Id: ext.oid, Critical: leafExt.Critical, Value: newValue}) + } + } + if len(trailingDataExtension) != 1 { + panic(fmt.Sprintf("could not find sample extension %s", ext.name)) + } + + leafTrailingData := leaf + leafTrailingData.template.ExtraExtensions = trailingDataExtension + generateCertificateOrPanic(fmt.Sprintf("trailing_data_leaf_%s.pem", ext.name), &leafTrailingData, &intermediate) } } diff --git a/crypto/x509/test/trailing_data_leaf_authority_key_identifier.pem b/crypto/x509/test/trailing_data_leaf_authority_key_identifier.pem new file mode 100644 index 000000000..39ecde494 --- /dev/null +++ b/crypto/x509/test/trailing_data_leaf_authority_key_identifier.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB0jCCAXegAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk +IEV4dGVuc2lvbnMgSW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAw +MTAxMDAwMDAwWjAaMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZR +EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo4GbMIGYMA4GA1UdDwEB +/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMA0GA1Ud +DgQGBARsZWFmMBoGA1UdEQQTMBGCD3d3dy5leGFtcGxlLmNvbTAeBgNVHR4EFzAV +oBMwEYIPd3d3LmV4YW1wbGUuY29tMBgGA1UdIwQRMA6ADGludGVybWVkaWF0ZQAw +CgYIKoZIzj0EAwIDSQAwRgIhAJepDBm/DoCSSUe2wqmNTjSJxbdQ2I9abl66G7Fs +6mguAiEAnlJysXppr3jMa5yOFEXRNGRVoBKr6GS/MvCwbeuIXvg= +-----END CERTIFICATE----- diff --git a/crypto/x509/test/trailing_data_leaf_basic_constraints.pem b/crypto/x509/test/trailing_data_leaf_basic_constraints.pem new file mode 100644 index 000000000..14419d622 --- /dev/null +++ b/crypto/x509/test/trailing_data_leaf_basic_constraints.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB0TCCAXegAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk +IEV4dGVuc2lvbnMgSW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAw +MTAxMDAwMDAwWjAaMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZR +EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo4GbMIGYMA4GA1UdDwEB +/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDATANBgNVHQ4EBgQEbGVhZjAXBgNV +HSMEEDAOgAxpbnRlcm1lZGlhdGUwGgYDVR0RBBMwEYIPd3d3LmV4YW1wbGUuY29t +MB4GA1UdHgQXMBWgEzARgg93d3cuZXhhbXBsZS5jb20wDQYDVR0TAQH/BAMwAAAw +CgYIKoZIzj0EAwIDSAAwRQIgB1c3+kIZdUX0w3ULyHU4ybkbnlpvhNZDEpqWueYU +8C4CIQCdJv6LWwvdGNQ9FJxQhHpmZUaB7k/rqih3BYxR50m54A== +-----END CERTIFICATE----- diff --git a/crypto/x509/test/trailing_data_leaf_ext_key_usage.pem b/crypto/x509/test/trailing_data_leaf_ext_key_usage.pem new file mode 100644 index 000000000..e0f11a09a --- /dev/null +++ b/crypto/x509/test/trailing_data_leaf_ext_key_usage.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB0TCCAXegAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk +IEV4dGVuc2lvbnMgSW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAw +MTAxMDAwMDAwWjAaMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZR +EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo4GbMIGYMA4GA1UdDwEB +/wQEAwICBDAMBgNVHRMBAf8EAjAAMA0GA1UdDgQGBARsZWFmMBcGA1UdIwQQMA6A +DGludGVybWVkaWF0ZTAaBgNVHREEEzARgg93d3cuZXhhbXBsZS5jb20wHgYDVR0e +BBcwFaATMBGCD3d3dy5leGFtcGxlLmNvbTAUBgNVHSUEDTAKBggrBgEFBQcDAQAw +CgYIKoZIzj0EAwIDSAAwRQIgORtSwqcycbej93AjlQp5UNCkHVIfvRcekoqAyX8d +G9sCIQCQHEk/0/BK/KCigzr8UyCyjniemH99Ka0O9nGF8xoBmQ== +-----END CERTIFICATE----- diff --git a/crypto/x509/test/trailing_data_leaf_key_usage.pem b/crypto/x509/test/trailing_data_leaf_key_usage.pem new file mode 100644 index 000000000..759636fed --- /dev/null +++ b/crypto/x509/test/trailing_data_leaf_key_usage.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB0jCCAXegAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk +IEV4dGVuc2lvbnMgSW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAw +MTAxMDAwMDAwWjAaMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZR +EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo4GbMIGYMBMGA1UdJQQM +MAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwDQYDVR0OBAYEBGxlYWYwFwYDVR0j +BBAwDoAMaW50ZXJtZWRpYXRlMBoGA1UdEQQTMBGCD3d3dy5leGFtcGxlLmNvbTAe +BgNVHR4EFzAVoBMwEYIPd3d3LmV4YW1wbGUuY29tMA8GA1UdDwEB/wQFAwICBAAw +CgYIKoZIzj0EAwIDSQAwRgIhAPlqfHIXlF4u9YZclOy8GQAAyE/lVQTSvZT9psfe +KA7wAiEAt4/kRnYsDJLmJC2g4YwQlVVzIdmaII4GvsDqtPFtcBw= +-----END CERTIFICATE----- diff --git a/crypto/x509/test/trailing_data_leaf_name_constraints.pem b/crypto/x509/test/trailing_data_leaf_name_constraints.pem new file mode 100644 index 000000000..bfb7d2b0e --- /dev/null +++ b/crypto/x509/test/trailing_data_leaf_name_constraints.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB0TCCAXegAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk +IEV4dGVuc2lvbnMgSW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAw +MTAxMDAwMDAwWjAaMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZR +EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo4GbMIGYMA4GA1UdDwEB +/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMA0GA1Ud +DgQGBARsZWFmMBcGA1UdIwQQMA6ADGludGVybWVkaWF0ZTAaBgNVHREEEzARgg93 +d3cuZXhhbXBsZS5jb20wHwYDVR0eBBgwFaATMBGCD3d3dy5leGFtcGxlLmNvbQAw +CgYIKoZIzj0EAwIDSAAwRQIgTevxULZ+ge4Vb3FHa0xFQD1pdiXxHrwkCU81GHgd +khMCIQCTahPY69HhJNemXhCKX6cNU9ciRqo5ZIijleHXafLOnQ== +-----END CERTIFICATE----- diff --git a/crypto/x509/test/trailing_data_leaf_subject_alt_name.pem b/crypto/x509/test/trailing_data_leaf_subject_alt_name.pem new file mode 100644 index 000000000..82cc49391 --- /dev/null +++ b/crypto/x509/test/trailing_data_leaf_subject_alt_name.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB0DCCAXegAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk +IEV4dGVuc2lvbnMgSW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAw +MTAxMDAwMDAwWjAaMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZR +EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo4GbMIGYMA4GA1UdDwEB +/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMA0GA1Ud +DgQGBARsZWFmMBcGA1UdIwQQMA6ADGludGVybWVkaWF0ZTAeBgNVHR4EFzAVoBMw +EYIPd3d3LmV4YW1wbGUuY29tMBsGA1UdEQQUMBGCD3d3dy5leGFtcGxlLmNvbQAw +CgYIKoZIzj0EAwIDRwAwRAIgB5sQf45OpqWJqqKgPHMwB0tOcOv9K6FLdEQM3rLl +tkcCIAFMvtwlvfIzbw1V6leaXucRfKrI6I2gqq9jyC+RdiMZ +-----END CERTIFICATE----- diff --git a/crypto/x509/test/trailing_data_leaf_subject_key_identifier.pem b/crypto/x509/test/trailing_data_leaf_subject_key_identifier.pem new file mode 100644 index 000000000..e610bdf65 --- /dev/null +++ b/crypto/x509/test/trailing_data_leaf_subject_key_identifier.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB0DCCAXegAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk +IEV4dGVuc2lvbnMgSW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAw +MTAxMDAwMDAwWjAaMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZR +EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo4GbMIGYMA4GA1UdDwEB +/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBcGA1Ud +IwQQMA6ADGludGVybWVkaWF0ZTAaBgNVHREEEzARgg93d3cuZXhhbXBsZS5jb20w +HgYDVR0eBBcwFaATMBGCD3d3dy5leGFtcGxlLmNvbTAOBgNVHQ4EBwQEbGVhZgAw +CgYIKoZIzj0EAwIDRwAwRAIgZX4OegSkMvAY822XIS91eOzMhwt8jMS5aAp+jPwh +S/sCICiNfc8gZkH72TTz8NYdKPJ20R9l4k42tDSz5DLabc78 +-----END CERTIFICATE----- diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc index 32b9af656..36d2a2737 100644 --- a/crypto/x509/x509_test.cc +++ b/crypto/x509/x509_test.cc @@ -2719,10 +2719,21 @@ TEST(X509Test, InvalidExtensions) { .c_str()); ASSERT_TRUE(invalid_leaf); + bssl::UniquePtr trailing_leaf = CertFromPEM( + GetTestData((std::string("crypto/x509/test/trailing_data_leaf_") + + ext + ".pem") + .c_str()) + .c_str()); + ASSERT_TRUE(trailing_leaf); + EXPECT_EQ( X509_V_ERR_INVALID_EXTENSION, Verify(invalid_leaf.get(), {root.get()}, {intermediate.get()}, {})); + EXPECT_EQ( + X509_V_ERR_INVALID_EXTENSION, + Verify(trailing_leaf.get(), {root.get()}, {intermediate.get()}, {})); + // If the invalid extension is on an intermediate or root, // |X509_verify_cert| notices by way of being unable to build a path to // a valid issuer. diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c index 3fb0285b8..1b57f672c 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509v3/v3_lib.c @@ -213,10 +213,27 @@ void *X509V3_EXT_d2i(const X509_EXTENSION *ext) if (!(method = X509V3_EXT_get(ext))) return NULL; p = ext->value->data; - if (method->it) - return ASN1_item_d2i(NULL, &p, ext->value->length, - ASN1_ITEM_ptr(method->it)); - return method->d2i(NULL, &p, ext->value->length); + void *ret; + if (method->it) { + ret = ASN1_item_d2i(NULL, &p, ext->value->length, + ASN1_ITEM_ptr(method->it)); + } else { + ret = method->d2i(NULL, &p, ext->value->length); + } + if (ret == NULL) { + return NULL; + } + /* Check for trailing data. */ + if (p != ext->value->data + ext->value->length) { + if (method->it) { + ASN1_item_free(ret, ASN1_ITEM_ptr(method->it)); + } else { + method->ext_free(ret); + } + OPENSSL_PUT_ERROR(X509V3, X509V3_R_TRAILING_DATA_IN_EXTENSION); + return NULL; + } + return ret; } void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *extensions, int nid, diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index 9c86b90fd..acff637f7 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -1016,5 +1016,6 @@ BSSL_NAMESPACE_END #define X509V3_R_UNSUPPORTED_TYPE 161 #define X509V3_R_USER_TOO_LONG 162 #define X509V3_R_INVALID_VALUE 163 +#define X509V3_R_TRAILING_DATA_IN_EXTENSION 164 #endif diff --git a/sources.cmake b/sources.cmake index ef9cac175..3d3465f17 100644 --- a/sources.cmake +++ b/sources.cmake @@ -104,6 +104,13 @@ set( crypto/x509/test/some_names1.pem crypto/x509/test/some_names2.pem crypto/x509/test/some_names3.pem + crypto/x509/test/trailing_data_leaf_authority_key_identifier.pem + crypto/x509/test/trailing_data_leaf_basic_constraints.pem + crypto/x509/test/trailing_data_leaf_ext_key_usage.pem + crypto/x509/test/trailing_data_leaf_key_usage.pem + crypto/x509/test/trailing_data_leaf_name_constraints.pem + crypto/x509/test/trailing_data_leaf_subject_alt_name.pem + crypto/x509/test/trailing_data_leaf_subject_key_identifier.pem third_party/wycheproof_testvectors/aes_cbc_pkcs5_test.txt third_party/wycheproof_testvectors/aes_cmac_test.txt third_party/wycheproof_testvectors/aes_gcm_siv_test.txt