diff --git a/README.md b/README.md index b6e3b970261231f421a5efa9a33d1b8a761eabda..6836ba806c428889c894dacf32c20c6d2b78a870 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![Build Status](https://travis-ci.org/sfackler/rust-openssl.svg?branch=master)](https://travis-ci.org/sfackler/rust-openssl) -[Documentation](https://sfackler.github.io/rust-openssl/doc/v0.7.5/openssl). +[Documentation](https://sfackler.github.io/rust-openssl/doc/v0.7.6/openssl). ## Building @@ -19,6 +19,8 @@ something like `openssl-devel` or `libssl-dev`. sudo apt-get install libssl-dev # On Arch Linux sudo pacman -S openssl +# On Fedora +sudo dnf install openssl-devel ``` ### OSX diff --git a/appveyor.yml b/appveyor.yml index 9cb9ae95cb8ba62044f6f45f2695a5724cfbb1d1..d0c304d93b98b7216002b4a0e08b643bd14bffda 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -8,8 +8,8 @@ environment: - TARGET: x86_64-pc-windows-msvc BITS: 64 install: - - ps: Start-FileDownload "http://slproweb.com/download/Win${env:BITS}OpenSSL-1_0_2e.exe" - - Win%BITS%OpenSSL-1_0_2e.exe /SILENT /VERYSILENT /SP- /DIR="C:\OpenSSL" + - ps: Start-FileDownload "http://slproweb.com/download/Win${env:BITS}OpenSSL-1_0_2f.exe" + - Win%BITS%OpenSSL-1_0_2f.exe /SILENT /VERYSILENT /SP- /DIR="C:\OpenSSL" - ps: Start-FileDownload "https://static.rust-lang.org/dist/rust-1.5.0-${env:TARGET}.exe" - rust-1.5.0-%TARGET%.exe /VERYSILENT /NORESTART /DIR="C:\Program Files (x86)\Rust" - SET PATH=%PATH%;C:\Program Files (x86)\Rust\bin diff --git a/openssl-sys-extras/Cargo.toml b/openssl-sys-extras/Cargo.toml index 99bb3b71d0c38975c4eddcdf63d72ec066703e1a..0607d3bb3cc71466537abcea2dbb62b0f7cad1bc 100644 --- a/openssl-sys-extras/Cargo.toml +++ b/openssl-sys-extras/Cargo.toml @@ -1,11 +1,11 @@ [package] name = "openssl-sys-extras" -version = "0.7.5" +version = "0.7.6" authors = ["Steven Fackler "] license = "MIT" description = "Extra FFI bindings to OpenSSL that require a C shim" repository = "https://github.com/sfackler/rust-openssl" -documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.5/openssl_sys_extras" +documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.6/openssl_sys_extras" build = "build.rs" [features] @@ -13,7 +13,7 @@ ecdh_auto = [] [dependencies] libc = "0.2" -openssl-sys = { version = "0.7.5", path = "../openssl-sys" } +openssl-sys = { version = "0.7.6", path = "../openssl-sys" } [build-dependencies] gcc = "0.3" diff --git a/openssl-sys-extras/src/lib.rs b/openssl-sys-extras/src/lib.rs index a6b372a74c5ad9c027acbb34625983182f96cead..9647929aa6b8f52d80009383d519723715f06fb1 100644 --- a/openssl-sys-extras/src/lib.rs +++ b/openssl-sys-extras/src/lib.rs @@ -1,5 +1,5 @@ #![allow(non_upper_case_globals, non_snake_case)] -#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.5")] +#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.6")] extern crate openssl_sys; extern crate libc; diff --git a/openssl-sys-extras/src/openssl_shim.c b/openssl-sys-extras/src/openssl_shim.c index c3deeebcc49cfea4ff33b6c065c3b47eaa25a140..a4b40280ddf1d97894ccb6474973d277fe4f8ac3 100644 --- a/openssl-sys-extras/src/openssl_shim.c +++ b/openssl-sys-extras/src/openssl_shim.c @@ -5,8 +5,8 @@ #if defined(__APPLE__) || defined(__linux) -#include -#include +#include +#include unsigned long thread_id() { diff --git a/openssl-sys/Cargo.toml b/openssl-sys/Cargo.toml index 2595732014a705bd603acb8c703cb3f2598f1a3a..c841010424b6a66e01e806075eb5b765ce22d1a0 100644 --- a/openssl-sys/Cargo.toml +++ b/openssl-sys/Cargo.toml @@ -1,12 +1,12 @@ [package] name = "openssl-sys" -version = "0.7.5" +version = "0.7.6" authors = ["Alex Crichton ", "Steven Fackler "] license = "MIT" description = "FFI bindings to OpenSSL" repository = "https://github.com/sfackler/rust-openssl" -documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.5/openssl_sys" +documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.6/openssl_sys" links = "openssl" build = "build.rs" diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index b4e97c1bcc04f59dca611a7c99ce96441b360704..eb2717f396c1b562f5c702a6750dd37895de7e66 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -1,6 +1,6 @@ #![allow(non_camel_case_types, non_upper_case_globals, non_snake_case)] #![allow(dead_code)] -#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.5")] +#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.6")] extern crate libc; @@ -22,9 +22,7 @@ pub type ENGINE = c_void; pub type EVP_CIPHER = c_void; pub type EVP_CIPHER_CTX = c_void; pub type EVP_MD = c_void; -pub type EVP_PKEY = c_void; pub type EVP_PKEY_CTX = c_void; -pub type RSA = c_void; pub type SSL = c_void; pub type SSL_CTX = c_void; pub type SSL_METHOD = c_void; @@ -64,6 +62,47 @@ pub struct BIO_METHOD { // so we can create static BIO_METHODs unsafe impl Sync for BIO_METHOD {} +#[repr(C)] +pub struct RSA { + pub pad: c_int, + pub version: c_long, + pub meth: *const c_void, + + pub engine: *mut c_void, + pub n: *mut BIGNUM, + pub e: *mut BIGNUM, + pub d: *mut BIGNUM, + pub p: *mut BIGNUM, + pub q: *mut BIGNUM, + pub dmp1: *mut BIGNUM, + pub dmq1: *mut BIGNUM, + pub iqmp: *mut BIGNUM, + + pub ex_data: *mut c_void, + pub references: c_int, + pub flags: c_int, + + pub _method_mod_n: *mut c_void, + pub _method_mod_p: *mut c_void, + pub _method_mod_q: *mut c_void, + + pub bignum_data: *mut c_char, + pub blinding: *mut c_void, + pub mt_blinding: *mut c_void, +} + +#[repr(C)] +pub struct EVP_PKEY { + pub type_: c_int, + pub save_type: c_int, + pub references: c_int, + pub ameth: *const c_void, + pub engine: *mut ENGINE, + pub pkey: *mut c_void, + pub save_parameters: c_int, + pub attributes: *mut c_void, +} + #[repr(C)] pub struct BIO { pub method: *mut BIO_METHOD, diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml index 55ae0d7640dda6955a2646642d02ec551f3848aa..cd85d06229a9cdc165cf319e010f941a9c12c334 100644 --- a/openssl/Cargo.toml +++ b/openssl/Cargo.toml @@ -1,14 +1,15 @@ [package] name = "openssl" -version = "0.7.5" +version = "0.7.6" authors = ["Steven Fackler "] license = "Apache-2.0" description = "OpenSSL bindings" repository = "https://github.com/sfackler/rust-openssl" -documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.5/openssl" +documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.6/openssl" readme = "../README.md" keywords = ["crypto", "tls", "ssl", "dtls"] build = "build.rs" +exclude = ["test/*"] [features] tlsv1_2 = ["openssl-sys/tlsv1_2"] @@ -31,8 +32,8 @@ nightly = [] bitflags = ">= 0.2, < 0.4" lazy_static = "0.1" libc = "0.2" -openssl-sys = { version = "0.7.5", path = "../openssl-sys" } -openssl-sys-extras = { version = "0.7.5", path = "../openssl-sys-extras" } +openssl-sys = { version = "0.7.6", path = "../openssl-sys" } +openssl-sys-extras = { version = "0.7.6", path = "../openssl-sys-extras" } [build-dependencies] gcc = "0.3" diff --git a/openssl/src/bn/mod.rs b/openssl/src/bn/mod.rs index 51a492411d6a705dfb3b57d51c5edb3bd48b2e68..00a0a0ca45b1d3c9ab7bb141d71c4aff5befb158 100644 --- a/openssl/src/bn/mod.rs +++ b/openssl/src/bn/mod.rs @@ -102,6 +102,18 @@ impl BigNum { }) } + pub unsafe fn new_from_ffi(orig: *mut ffi::BIGNUM) -> Result { + if orig.is_null() { + panic!("Null Pointer was supplied to BigNum::new_from_ffi"); + } + let r = ffi::BN_dup(orig); + if r.is_null() { + Err(SslError::get()) + } else { + Ok(BigNum(r)) + } + } + pub fn new_from_slice(n: &[u8]) -> Result { BigNum::new().and_then(|v| unsafe { try_ssl_null!(ffi::BN_bin2bn(n.as_ptr(), n.len() as c_int, v.raw())); diff --git a/openssl/src/crypto/mod.rs b/openssl/src/crypto/mod.rs index 0868ee95ad77423bef9f9cc5e34646548938535a..bb77453f626a1af2da10b11adadf1da9deab0255 100644 --- a/openssl/src/crypto/mod.rs +++ b/openssl/src/crypto/mod.rs @@ -21,5 +21,6 @@ pub mod pkey; pub mod rand; pub mod symm; pub mod memcmp; +pub mod rsa; mod symm_internal; diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs index 934a93ed8c7a8e384dab8ce60cd177564f6311ab..e556730d4c9d3361c16bb29445f6edb5391ec6e3 100644 --- a/openssl/src/crypto/pkey.rs +++ b/openssl/src/crypto/pkey.rs @@ -9,6 +9,7 @@ use crypto::hash; use crypto::hash::Type as HashType; use ffi; use ssl::error::{SslError, StreamError}; +use crypto::rsa::RSA; #[derive(Copy, Clone)] pub enum Parts { @@ -100,7 +101,7 @@ impl PKey { None, ptr::null_mut())); Ok(PKey { - evp: evp, + evp: evp as *mut ffi::EVP_PKEY, parts: Parts::Both, }) } @@ -119,7 +120,7 @@ impl PKey { None, ptr::null_mut())); Ok(PKey { - evp: evp, + evp: evp as *mut ffi::EVP_PKEY, parts: Parts::Public, }) } @@ -129,18 +130,10 @@ impl PKey { pub fn private_rsa_key_from_pem(reader: &mut R) -> Result where R: Read { - let mut mem_bio = try!(MemBio::new()); - try!(io::copy(reader, &mut mem_bio).map_err(StreamError)); - + let rsa = try!(RSA::private_key_from_pem(reader)); unsafe { - let rsa = try_ssl_null!(ffi::PEM_read_bio_RSAPrivateKey(mem_bio.get_handle(), - ptr::null_mut(), - None, - ptr::null_mut())); - let evp = ffi::EVP_PKEY_new(); - if ffi::EVP_PKEY_set1_RSA(evp, rsa) == 0 { - return Err(SslError::get()); - } + let evp = try_ssl_null!(ffi::EVP_PKEY_new()); + try_ssl!(ffi::EVP_PKEY_set1_RSA(evp, rsa.as_ptr())); Ok(PKey { evp: evp, @@ -153,18 +146,10 @@ impl PKey { pub fn public_rsa_key_from_pem(reader: &mut R) -> Result where R: Read { - let mut mem_bio = try!(MemBio::new()); - try!(io::copy(reader, &mut mem_bio).map_err(StreamError)); - + let rsa = try!(RSA::public_key_from_pem(reader)); unsafe { - let rsa = try_ssl_null!(ffi::PEM_read_bio_RSA_PUBKEY(mem_bio.get_handle(), - ptr::null_mut(), - None, - ptr::null_mut())); - let evp = ffi::EVP_PKEY_new(); - if ffi::EVP_PKEY_set1_RSA(evp, rsa) == 0 { - return Err(SslError::get()); - } + let evp = try_ssl_null!(ffi::EVP_PKEY_new()); + try_ssl!(ffi::EVP_PKEY_set1_RSA(evp, rsa.as_ptr())); Ok(PKey { evp: evp, diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs new file mode 100644 index 0000000000000000000000000000000000000000..ee0d9ec43e8c71b471fd314760ce15ddc35dc4ef --- /dev/null +++ b/openssl/src/crypto/rsa.rs @@ -0,0 +1,93 @@ +use ffi; +use std::fmt; +use ssl::error::{SslError, StreamError}; +use std::ptr; +use std::io::{self, Read}; + +use bn::BigNum; +use bio::MemBio; + +pub struct RSA(*mut ffi::RSA); + +impl Drop for RSA { + fn drop(&mut self) { + unsafe { + ffi::RSA_free(self.0); + } + } +} + +impl RSA { + /// Reads an RSA private key from PEM formatted data. + pub fn private_key_from_pem(reader: &mut R) -> Result + where R: Read + { + let mut mem_bio = try!(MemBio::new()); + try!(io::copy(reader, &mut mem_bio).map_err(StreamError)); + + unsafe { + let rsa = try_ssl_null!(ffi::PEM_read_bio_RSAPrivateKey(mem_bio.get_handle(), + ptr::null_mut(), + None, + ptr::null_mut())); + Ok(RSA(rsa)) + } + } + + /// Reads an RSA public key from PEM formatted data. + pub fn public_key_from_pem(reader: &mut R) -> Result + where R: Read + { + let mut mem_bio = try!(MemBio::new()); + try!(io::copy(reader, &mut mem_bio).map_err(StreamError)); + + unsafe { + let rsa = try_ssl_null!(ffi::PEM_read_bio_RSA_PUBKEY(mem_bio.get_handle(), + ptr::null_mut(), + None, + ptr::null_mut())); + Ok(RSA(rsa)) + } + } + + pub fn as_ptr(&self) -> *mut ffi::RSA { + self.0 + } + + // The following getters are unsafe, since BigNum::new_from_ffi fails upon null pointers + pub fn n(&self) -> Result { + unsafe { + BigNum::new_from_ffi((*self.0).n) + } + } + + pub fn d(&self) -> Result { + unsafe { + BigNum::new_from_ffi((*self.0).d) + } + } + + pub fn e(&self) -> Result { + unsafe { + BigNum::new_from_ffi((*self.0).e) + } + } + + pub fn p(&self) -> Result { + unsafe { + BigNum::new_from_ffi((*self.0).p) + } + } + + pub fn q(&self) -> Result { + unsafe { + BigNum::new_from_ffi((*self.0).q) + } + } +} + +impl fmt::Debug for RSA { + fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + write!(f, "RSA") + } +} diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs index ac68fecbc986bf16abedcc2ed41719dd156b4c19..f1b6d13a98c498927b444e0dd1c543b099a95c59 100644 --- a/openssl/src/lib.rs +++ b/openssl/src/lib.rs @@ -1,4 +1,4 @@ -#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.5")] +#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.6")] #![cfg_attr(feature = "nightly", feature(const_fn, recover, panic_propagate))] #[macro_use] diff --git a/openssl/src/nid.rs b/openssl/src/nid.rs index e04b004a160a3e1e84497441d195f98678ef3545..bfcae15aa097a844affbc860c866f89bae8f5b1a 100644 --- a/openssl/src/nid.rs +++ b/openssl/src/nid.rs @@ -104,6 +104,7 @@ pub enum Nid { G, S, I, + /// uniqueIdentifier UID, CrlDistributionPoints, RSA_NP_MD5, @@ -170,4 +171,6 @@ pub enum Nid { ID_QT_UNOTICE, RC2_64_CBC, SMIMECaps, + /// Shown as UID in cert subject + UserId = 458 } diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index f5a42536f024fefd0342266c672d162f39fd63db..be35d7ef411c81b36435a5fed958cbb61f54a827 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -9,6 +9,7 @@ use std::net::{TcpStream, TcpListener, SocketAddr}; use std::path::Path; use std::process::{Command, Child, Stdio, ChildStdin}; use std::thread; +use std::time::Duration; use net2::TcpStreamExt; @@ -79,7 +80,7 @@ impl Server { match TcpStream::connect(&addr) { Ok(s) => return (server, s), Err(ref e) if e.kind() == io::ErrorKind::ConnectionRefused => { - thread::sleep_ms(100); + thread::sleep(Duration::from_millis(100)); } Err(e) => panic!("wut: {}", e), } @@ -117,7 +118,7 @@ impl Server { // Need to wait for the UDP socket to get bound in our child process, // but don't currently have a great way to do that so just wait for a // bit. - thread::sleep_ms(100); + thread::sleep(Duration::from_millis(100)); let socket = UdpSocket::bind(next_addr()).unwrap(); socket.connect(&addr).unwrap(); (s, UdpConnected(socket)) diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index f31de89b35ed008f1d9ac94bc9d41958810ff9e3..a69f61d55ad8de1d230ef5667c139698ce06a844 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -146,8 +146,7 @@ pub struct X509Generator { bits: u32, days: u32, names: Vec<(String, String)>, - // RFC 3280 §4.2: A certificate MUST NOT include more than one instance of a particular extension. - extensions: HashMap, + extensions: Extensions, hash_type: HashType, } @@ -166,7 +165,7 @@ impl X509Generator { bits: 1024, days: 365, names: vec![], - extensions: HashMap::new(), + extensions: Extensions::new(), hash_type: HashType::SHA1, } } @@ -219,7 +218,7 @@ impl X509Generator { /// generator.add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment])); /// ``` pub fn add_extension(mut self, ext: extension::Extension) -> X509Generator { - self.extensions.insert(ext.get_type(), ext); + self.extensions.add(ext); self } @@ -237,7 +236,10 @@ impl X509Generator { pub fn add_extensions(mut self, exts: I) -> X509Generator where I: IntoIterator { - self.extensions.extend(exts.into_iter().map(|ext| (ext.get_type(), ext))); + for ext in exts { + self.extensions.add(ext); + } + self } @@ -372,7 +374,7 @@ impl X509Generator { ffi::X509_set_issuer_name(x509.handle, name); for (exttype, ext) in self.extensions.iter() { - try!(X509Generator::add_extension_internal(x509.handle, exttype, &ext.to_string())); + try!(X509Generator::add_extension_internal(x509.handle, &exttype, &ext.to_string())); } let hash_fn = self.hash_type.evp_md(); @@ -618,6 +620,75 @@ impl Drop for X509Req { } } +/// A collection of X.509 extensions. +/// +/// Upholds the invariant that a certificate MUST NOT include more than one +/// instance of a particular extension, according to RFC 3280 §4.2. Also +/// ensures that extensions are added to the certificate during signing +/// in the order they were inserted, which is required for certain +/// extensions like SubjectKeyIdentifier and AuthorityKeyIdentifier. +struct Extensions { + /// The extensions contained in the collection. + extensions: Vec, + /// A map of used to keep track of added extensions and their indexes in `self.extensions`. + indexes: HashMap, +} + +impl Extensions { + /// Creates a new `Extensions`. + pub fn new() -> Extensions { + Extensions { + extensions: vec![], + indexes: HashMap::new(), + } + } + + /// Adds a new `Extension`, replacing any existing one of the same + /// `ExtensionType`. + pub fn add(&mut self, ext: Extension) { + let ext_type = ext.get_type(); + + if let Some(index) = self.indexes.get(&ext_type) { + self.extensions[*index] = ext; + return; + } + + self.extensions.push(ext); + self.indexes.insert(ext_type, self.extensions.len() - 1); + } + + /// Returns an `ExtensionsIter` for the collection. + pub fn iter(&self) -> ExtensionsIter { + ExtensionsIter { + current: 0, + extensions: &self.extensions, + } + } +} + +/// An iterator that iterates over `(ExtensionType, Extension)` for each +/// extension in the collection. +struct ExtensionsIter<'a> { + current: usize, + extensions: &'a Vec +} + +impl<'a> Iterator for ExtensionsIter<'a> { + type Item = (ExtensionType, &'a Extension); + + fn next(&mut self) -> Option { + if self.current < self.extensions.len() { + let ext = &self.extensions[self.current]; + + self.current += 1; + + Some((ext.get_type(), ext)) + } else { + None + } + } +} + macro_rules! make_validation_error( ($ok_val:ident, $($name:ident = $val:ident,)+) => ( #[derive(Copy, Clone)] diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 43ad0dec0f1c245515560d5314453318605df6d9..69ad37f8f93a65ac502b9d18c140ccbaadf16fd2 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -39,6 +39,30 @@ fn test_cert_gen() { assert_eq!(pkey.save_pub(), cert.public_key().save_pub()); } +/// SubjectKeyIdentifier must be added before AuthorityKeyIdentifier or OpenSSL +/// is "unable to get issuer keyid." This test ensures the order of insertion +/// for extensions is preserved when the cert is signed. +#[test] +fn test_cert_gen_extension_ordering() { + get_generator() + .add_extension(OtherNid(Nid::SubjectKeyIdentifier, "hash".to_owned())) + .add_extension(OtherNid(Nid::AuthorityKeyIdentifier, "keyid:always".to_owned())) + .generate() + .expect("Failed to generate cert with order-dependent extensions"); +} + +/// Proves that a passing result from `test_cert_gen_extension_ordering` is +/// deterministic by reversing the order of extensions and asserting failure. +#[test] +fn test_cert_gen_extension_bad_ordering() { + let result = get_generator() + .add_extension(OtherNid(Nid::AuthorityKeyIdentifier, "keyid:always".to_owned())) + .add_extension(OtherNid(Nid::SubjectKeyIdentifier, "hash".to_owned())) + .generate(); + + assert!(result.is_err()); +} + #[test] fn test_req_gen() { let mut pkey = PKey::new(); @@ -116,3 +140,20 @@ fn test_nid_values() { }; assert_eq!(&friendly as &str, "Example"); } + +#[test] +fn test_nid_uid_value() { + let cert_path = Path::new("test/nid_uid_test_cert.pem"); + let mut file = File::open(&cert_path) + .ok() + .expect("Failed to open `test/nid_uid_test_cert.pem`"); + + let cert = X509::from_pem(&mut file).ok().expect("Failed to load PEM"); + let subject = cert.subject_name(); + + let cn = match subject.text_by_nid(Nid::UserId) { + Some(x) => x, + None => panic!("Failed to read UID from cert"), + }; + assert_eq!(&cn as &str, "this is the userId"); +} diff --git a/openssl/test/build.sh b/openssl/test/build.sh index f52ded607dbe2d2eeaca61ffec11110c10d1423a..794738d5edc766844be51a09de694f1108fc9ff3 100755 --- a/openssl/test/build.sh +++ b/openssl/test/build.sh @@ -15,7 +15,7 @@ fi mkdir /tmp/openssl cd /tmp/openssl -curl https://openssl.org/source/openssl-1.0.2e.tar.gz | tar --strip-components=1 -xzf - +curl https://openssl.org/source/openssl-1.0.2f.tar.gz | tar --strip-components=1 -xzf - ./Configure --prefix=$HOME/openssl shared --cross-compile-prefix=$CROSS $OS_COMPILER make make install diff --git a/openssl/test/nid_uid_test_cert.pem b/openssl/test/nid_uid_test_cert.pem new file mode 100644 index 0000000000000000000000000000000000000000..de6722abe0485ea3d678b498b5c8bcaf03d77780 --- /dev/null +++ b/openssl/test/nid_uid_test_cert.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEGTCCAwGgAwIBAgIJAItKTzcGfL1lMA0GCSqGSIb3DQEBCwUAMIGiMSIwIAYK +CZImiZPyLGQBAQwSdGhpcyBpcyB0aGUgdXNlcklkMQswCQYDVQQGEwJVUzETMBEG +A1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMRUwEwYDVQQKDAxS +dXN0IE9wZW5TU0wxDDAKBgNVBAsMA09TUzEhMB8GA1UEAwwYcnVzdC1vcGVuc3Ns +LmV4YW1wbGUuY29tMB4XDTE2MDIwMjE3MjIwMVoXDTE2MDMwMzE3MjIwMVowgaIx +IjAgBgoJkiaJk/IsZAEBDBJ0aGlzIGlzIHRoZSB1c2VySWQxCzAJBgNVBAYTAlVT +MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxFTATBgNV +BAoMDFJ1c3QgT3BlblNTTDEMMAoGA1UECwwDT1NTMSEwHwYDVQQDDBhydXN0LW9w +ZW5zc2wuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQDa3Gc+IE5DOhTv1m5DZW8qKiyNLd7v4DaAYLXSsDuLs+9wJ+Bs+wlBfrg+PT0t +EJlPaLL9IfD5eR3WpFu62TUexYhnJh+3vhCGsFHOXcTjtM+wy/dzZtOVh2wTzvqE +/FHBGw1eG3Ww+RkSFbwYmtm8JhIN8ffYxGn2O0yQpxypf5hNPYrC81zX+52X2w1h +jDYLpYt55w+e6q+iRRFk0tKiWHEqqh/r6UQQRpj2EeS+xTloZlO6h0nl2NPkVF3r +CXBoT8Ittxr7sqcYqf8TAA0I4qZRYXKYehFmv/VkSt85CcURJ/zXeoJ1TpxSvQie +2R9cRDkYROrIOAFbB/0mmHLBAgMBAAGjUDBOMB0GA1UdDgQWBBRKfPqtgrbdbTmH +XR6RC/p8t/65GjAfBgNVHSMEGDAWgBRKfPqtgrbdbTmHXR6RC/p8t/65GjAMBgNV +HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCKfeGRduGsIwKNiGcDUNkNrc7Z +f8SWAmb/R6xiDfgjbhrtfBDowIZ5natEkTgf6kQPMJKyjg2NEM2uJWBc55rLOHIv +es1wQOlYjfEUmFD3lTIt2TM/IUgXn2j+zV1CRkJthQLVFChXsidd0Bqq2fBjd3ad +Yjzrxf3uOTBAs27koh2INNHfcUZCRsx8hP739zz2kw/r5NB/9iyENEyJKQvxo0jb +oN0JK2joGZrWetDukQrqf032TsdkboW5JresYybbAD3326Ljp+hlT/3WINc+3nZJ +Dn+pPMdpuZ5BUZ+u+XyNEPum3k3P3K19AF+zWYGooX0J1cmuCBrrqce20Lwy +-----END CERTIFICATE-----