From a050aa39b9be5967abadd03a8e8a4cd7d1bacd5d Mon Sep 17 00:00:00 2001 From: DanStough Date: Thu, 14 Apr 2022 16:55:10 -0400 Subject: [PATCH] Update go version to 1.18.1 --- .changelog/12808.txt | 3 + .circleci/config.yml | 22 +++---- .github/workflows/build.yml | 20 +++---- GNUmakefile | 4 +- agent/agent_test.go | 73 ++++++++++++++++++++---- agent/connect_ca_endpoint_test.go | 12 +++- agent/consul/leader_connect_ca.go | 17 +++++- api/api_test.go | 41 ++++++++++++- api/go.mod | 1 + api/go.sum | 8 ++- build-support/docker/Build-Go.dockerfile | 2 +- connect/proxy/proxy.go | 7 +-- connect/service_test.go | 20 ++++++- connect/tls.go | 29 ---------- connect/tls_test.go | 9 ++- go.mod | 4 +- go.sum | 7 ++- sdk/go.mod | 2 +- sdk/go.sum | 4 +- test/ca/certindex | 1 + test/ca/myca.conf | 2 +- test/ca/serialfile | 2 +- test/hostname/Alice.cfg | 2 +- test/hostname/Alice.crt | 38 ++++++------ test/hostname/Alice.key | 52 ++++++++--------- test/hostname/Betty.crt | 30 +++++----- test/hostname/Betty.key | 52 ++++++++--------- test/hostname/Bob.crt | 30 +++++----- test/hostname/Bob.key | 52 ++++++++--------- test/hostname/Bonnie.crt | 32 +++++------ test/hostname/Bonnie.key | 52 ++++++++--------- test/hostname/certindex | 10 ++-- test/hostname/myca.conf | 2 +- test/hostname/serialfile | 2 +- test/key/ourdomain.cer | 43 +++++++------- test/key/ourdomain.cfg | 2 +- test/key/ourdomain.key | 52 ++++++++--------- tlsutil/config.go | 6 +- tlsutil/config_test.go | 69 +++++++++++++++++++--- 39 files changed, 486 insertions(+), 330 deletions(-) create mode 100644 .changelog/12808.txt diff --git a/.changelog/12808.txt b/.changelog/12808.txt new file mode 100644 index 000000000..d2f6257bc --- /dev/null +++ b/.changelog/12808.txt @@ -0,0 +1,3 @@ +```release-note:note +dependency: Upgrade to use Go 1.18.1 +``` diff --git a/.circleci/config.yml b/.circleci/config.yml index 005deefb1..905a32801 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -15,7 +15,7 @@ references: images: # When updating the Go version, remember to also update the versions in the # workflows section for go-test-lib jobs. - go: &GOLANG_IMAGE docker.mirror.hashicorp.services/cimg/go:1.17.5 + go: &GOLANG_IMAGE docker.mirror.hashicorp.services/cimg/go:1.18.1 ember: &EMBER_IMAGE docker.mirror.hashicorp.services/circleci/node:14-browsers paths: @@ -188,7 +188,7 @@ jobs: name: Install golangci-lint command: | download=https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh - wget -O- -q $download | sh -x -s -- -d -b /home/circleci/go/bin v1.40.1 + wget -O- -q $download | sh -x -s -- -d -b /home/circleci/go/bin v1.45.2 - run: go mod download - run: name: lint @@ -1060,26 +1060,26 @@ workflows: - dev-build: *filter-ignore-non-go-branches - go-test: requires: [ dev-build ] - - go-test-lib: - name: "go-test-api go1.16" - path: api - go-version: "1.16" - requires: [ dev-build ] - go-test-lib: name: "go-test-api go1.17" path: api go-version: "1.17" requires: [ dev-build ] - go-test-lib: - name: "go-test-sdk go1.16" - path: sdk - go-version: "1.16" - <<: *filter-ignore-non-go-branches + name: "go-test-api go1.18" + path: api + go-version: "1.18" + requires: [ dev-build ] - go-test-lib: name: "go-test-sdk go1.17" path: sdk go-version: "1.17" <<: *filter-ignore-non-go-branches + - go-test-lib: + name: "go-test-sdk go1.18" + path: sdk + go-version: "1.18" + <<: *filter-ignore-non-go-branches - go-test-race: *filter-ignore-non-go-branches - go-test-32bit: *filter-ignore-non-go-branches build-distros: diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a6069e105..a14ce01bc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -65,15 +65,15 @@ jobs: strategy: matrix: include: - - {go: "1.17.5", goos: "linux", goarch: "386"} - - {go: "1.17.5", goos: "linux", goarch: "amd64"} - - {go: "1.17.5", goos: "linux", goarch: "arm"} - - {go: "1.17.5", goos: "linux", goarch: "arm64"} - - {go: "1.17.5", goos: "freebsd", goarch: "386"} - - {go: "1.17.5", goos: "freebsd", goarch: "amd64"} - - {go: "1.17.5", goos: "windows", goarch: "386"} - - {go: "1.17.5", goos: "windows", goarch: "amd64"} - - {go: "1.17.5", goos: "solaris", goarch: "amd64"} + - {go: "1.18.1", goos: "linux", goarch: "386"} + - {go: "1.18.1", goos: "linux", goarch: "amd64"} + - {go: "1.18.1", goos: "linux", goarch: "arm"} + - {go: "1.18.1", goos: "linux", goarch: "arm64"} + - {go: "1.18.1", goos: "freebsd", goarch: "386"} + - {go: "1.18.1", goos: "freebsd", goarch: "amd64"} + - {go: "1.18.1", goos: "windows", goarch: "386"} + - {go: "1.18.1", goos: "windows", goarch: "amd64"} + - {go: "1.18.1", goos: "solaris", goarch: "amd64"} fail-fast: true name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build @@ -173,7 +173,7 @@ jobs: matrix: goos: [ darwin ] goarch: [ "amd64", "arm64" ] - go: [ "1.17.5" ] + go: [ "1.18.1" ] fail-fast: true name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build diff --git a/GNUmakefile b/GNUmakefile index 665f1d0a1..3e5fca77a 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -6,7 +6,7 @@ GOTOOLS = \ github.com/elazarl/go-bindata-assetfs/go-bindata-assetfs@master \ github.com/hashicorp/go-bindata/go-bindata@master \ github.com/vektra/mockery/cmd/mockery@master \ - github.com/golangci/golangci-lint/cmd/golangci-lint@v1.40.1 \ + github.com/golangci/golangci-lint/cmd/golangci-lint@v1.45.2 \ github.com/hashicorp/lint-consul-retry@master PROTOC_VERSION=3.15.8 @@ -15,7 +15,7 @@ PROTOC_VERSION=3.15.8 # MOG_VERSION can be either a valid string for "go install @" # or the string @DEV to imply use whatever is currently installed locally. ### -MOG_VERSION='v0.2.0' +MOG_VERSION='v0.3.0' ### # PROTOC_GO_INJECT_TAG_VERSION can be either a valid string for "go install @" # or the string @DEV to imply use whatever is currently installed locally. diff --git a/agent/agent_test.go b/agent/agent_test.go index ba82f127f..d7b118fcb 100644 --- a/agent/agent_test.go +++ b/agent/agent_test.go @@ -16,6 +16,7 @@ import ( "net/http/httptest" "net/url" "os" + "path" "path/filepath" "strconv" "strings" @@ -24,6 +25,8 @@ import ( "time" "github.com/golang/protobuf/jsonpb" + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" "github.com/google/tcpproxy" "github.com/hashicorp/go-hclog" "github.com/hashicorp/serf/coordinate" @@ -3931,9 +3934,11 @@ func TestAgent_ReloadConfigOutgoingRPCConfig(t *testing.T) { a := NewTestAgent(t, hcl) defer a.Shutdown() tlsConf := a.tlsConfigurator.OutgoingRPCConfig() + require.True(t, tlsConf.InsecureSkipVerify) - require.Len(t, tlsConf.ClientCAs.Subjects(), 1) - require.Len(t, tlsConf.RootCAs.Subjects(), 1) + expectedCaPoolByFile := getExpectedCaPoolByFile(t) + assertDeepEqual(t, expectedCaPoolByFile, tlsConf.RootCAs, cmpCertPool) + assertDeepEqual(t, expectedCaPoolByFile, tlsConf.ClientCAs, cmpCertPool) hcl = ` data_dir = "` + dataDir + `" @@ -3946,9 +3951,11 @@ func TestAgent_ReloadConfigOutgoingRPCConfig(t *testing.T) { c := TestConfig(testutil.Logger(t), config.FileSource{Name: t.Name(), Format: "hcl", Data: hcl}) require.NoError(t, a.reloadConfigInternal(c)) tlsConf = a.tlsConfigurator.OutgoingRPCConfig() + require.False(t, tlsConf.InsecureSkipVerify) - require.Len(t, tlsConf.RootCAs.Subjects(), 2) - require.Len(t, tlsConf.ClientCAs.Subjects(), 2) + expectedCaPoolByDir := getExpectedCaPoolByDir(t) + assertDeepEqual(t, expectedCaPoolByDir, tlsConf.RootCAs, cmpCertPool) + assertDeepEqual(t, expectedCaPoolByDir, tlsConf.ClientCAs, cmpCertPool) } func TestAgent_ReloadConfigAndKeepChecksStatus(t *testing.T) { @@ -4018,8 +4025,9 @@ func TestAgent_ReloadConfigIncomingRPCConfig(t *testing.T) { require.NoError(t, err) require.NotNil(t, tlsConf) require.True(t, tlsConf.InsecureSkipVerify) - require.Len(t, tlsConf.ClientCAs.Subjects(), 1) - require.Len(t, tlsConf.RootCAs.Subjects(), 1) + expectedCaPoolByFile := getExpectedCaPoolByFile(t) + assertDeepEqual(t, expectedCaPoolByFile, tlsConf.RootCAs, cmpCertPool) + assertDeepEqual(t, expectedCaPoolByFile, tlsConf.ClientCAs, cmpCertPool) hcl = ` data_dir = "` + dataDir + `" @@ -4034,8 +4042,9 @@ func TestAgent_ReloadConfigIncomingRPCConfig(t *testing.T) { tlsConf, err = tlsConf.GetConfigForClient(nil) require.NoError(t, err) require.False(t, tlsConf.InsecureSkipVerify) - require.Len(t, tlsConf.ClientCAs.Subjects(), 2) - require.Len(t, tlsConf.RootCAs.Subjects(), 2) + expectedCaPoolByDir := getExpectedCaPoolByDir(t) + assertDeepEqual(t, expectedCaPoolByDir, tlsConf.RootCAs, cmpCertPool) + assertDeepEqual(t, expectedCaPoolByDir, tlsConf.ClientCAs, cmpCertPool) } func TestAgent_ReloadConfigTLSConfigFailure(t *testing.T) { @@ -4066,8 +4075,10 @@ func TestAgent_ReloadConfigTLSConfigFailure(t *testing.T) { tlsConf, err := tlsConf.GetConfigForClient(nil) require.NoError(t, err) require.Equal(t, tls.NoClientCert, tlsConf.ClientAuth) - require.Len(t, tlsConf.ClientCAs.Subjects(), 1) - require.Len(t, tlsConf.RootCAs.Subjects(), 1) + + expectedCaPoolByFile := getExpectedCaPoolByFile(t) + assertDeepEqual(t, expectedCaPoolByFile, tlsConf.RootCAs, cmpCertPool) + assertDeepEqual(t, expectedCaPoolByFile, tlsConf.ClientCAs, cmpCertPool) } func TestAgent_consulConfig_AutoEncryptAllowTLS(t *testing.T) { @@ -5845,3 +5856,45 @@ func Test_coalesceTimerTwoPeriods(t *testing.T) { }) } + +func getExpectedCaPoolByFile(t *testing.T) *x509.CertPool { + pool := x509.NewCertPool() + data, err := ioutil.ReadFile("../test/ca/root.cer") + require.NoError(t, err) + if !pool.AppendCertsFromPEM(data) { + t.Fatal("could not add test ca ../test/ca/root.cer to pool") + } + return pool +} + +func getExpectedCaPoolByDir(t *testing.T) *x509.CertPool { + pool := x509.NewCertPool() + entries, err := os.ReadDir("../test/ca_path") + require.NoError(t, err) + + for _, entry := range entries { + filename := path.Join("../test/ca_path", entry.Name()) + + data, err := ioutil.ReadFile(filename) + require.NoError(t, err) + + if !pool.AppendCertsFromPEM(data) { + t.Fatalf("could not add test ca %s to pool", filename) + } + } + + return pool +} + +// lazyCerts has a func field which can't be compared. +var cmpCertPool = cmp.Options{ + cmpopts.IgnoreFields(x509.CertPool{}, "lazyCerts"), + cmp.AllowUnexported(x509.CertPool{}), +} + +func assertDeepEqual(t *testing.T, x, y interface{}, opts ...cmp.Option) { + t.Helper() + if diff := cmp.Diff(x, y, opts...); diff != "" { + t.Fatalf("assertion failed: values are not equal\n--- expected\n+++ actual\n%v", diff) + } +} diff --git a/agent/connect_ca_endpoint_test.go b/agent/connect_ca_endpoint_test.go index 27e916155..2a299bc76 100644 --- a/agent/connect_ca_endpoint_test.go +++ b/agent/connect_ca_endpoint_test.go @@ -3,6 +3,7 @@ package agent import ( "bytes" "crypto/x509" + "encoding/pem" "io/ioutil" "net/http" "net/http/httptest" @@ -288,8 +289,13 @@ func TestConnectCARoots_PEMEncoding(t *testing.T) { data, err := ioutil.ReadAll(resp.Body) require.NoError(t, err) - pool := x509.NewCertPool() - require.True(t, pool.AppendCertsFromPEM(data)) + // expecting the root cert from dc1 and an intermediate in dc2 - require.Len(t, pool.Subjects(), 2) + block, rest := pem.Decode(data) + _, err = x509.ParseCertificate(block.Bytes) + require.NoError(t, err) + + block, _ = pem.Decode(rest) + _, err = x509.ParseCertificate(block.Bytes) + require.NoError(t, err) } diff --git a/agent/consul/leader_connect_ca.go b/agent/consul/leader_connect_ca.go index 91da428ac..2239bc6fd 100644 --- a/agent/consul/leader_connect_ca.go +++ b/agent/consul/leader_connect_ca.go @@ -266,7 +266,7 @@ func newCARoot(pemValue, provider, clusterID string) (*structs.CARoot, error) { } return &structs.CARoot{ ID: connect.CalculateCertFingerprint(primaryCert.Raw), - Name: fmt.Sprintf("%s CA Primary Cert", strings.Title(provider)), + Name: fmt.Sprintf("%s CA Primary Cert", providerPrettyName(provider)), SerialNumber: primaryCert.SerialNumber.Uint64(), SigningKeyID: connect.EncodeSigningKeyID(primaryCert.SubjectKeyId), ExternalTrustDomain: clusterID, @@ -1581,3 +1581,18 @@ func (c *CAManager) isIntermediateUsedToSignLeaf() bool { provider, _ := c.getCAProvider() return primaryUsesIntermediate(provider) } + +func providerPrettyName(provider string) string { + switch provider { + case "consul": + return "Consul" + case "vault": + return "Vault" + case "aws-pca": + return "Aws-Pca" + case "provider-name": + return "Provider-Name" + default: + return provider + } +} diff --git a/api/api_test.go b/api/api_test.go index 8af27f026..3f4e4e325 100644 --- a/api/api_test.go +++ b/api/api_test.go @@ -3,12 +3,14 @@ package api import ( crand "crypto/rand" "crypto/tls" + "crypto/x509" "fmt" "io/ioutil" "net" "net/http" "net/url" "os" + "path" "path/filepath" "reflect" "runtime" @@ -16,6 +18,8 @@ import ( "testing" "time" + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -589,9 +593,8 @@ func TestAPI_SetupTLSConfig(t *testing.T) { if err != nil { t.Fatalf("err: %v", err) } - if len(cc.RootCAs.Subjects()) != 2 { - t.Fatalf("didn't load root CAs") - } + expectedCaPoolByDir := getExpectedCaPoolByDir(t) + assertDeepEqual(t, expectedCaPoolByDir, cc.RootCAs, cmpCertPool) // Load certs in-memory certPEM, err := ioutil.ReadFile("../test/hostname/Alice.crt") @@ -1098,3 +1101,35 @@ func TestAPI_GenerateEnvHTTPS(t *testing.T) { require.Equal(t, expected, c.GenerateEnv()) } + +func getExpectedCaPoolByDir(t *testing.T) *x509.CertPool { + pool := x509.NewCertPool() + entries, err := os.ReadDir("../test/ca_path") + require.NoError(t, err) + + for _, entry := range entries { + filename := path.Join("../test/ca_path", entry.Name()) + + data, err := ioutil.ReadFile(filename) + require.NoError(t, err) + + if !pool.AppendCertsFromPEM(data) { + t.Fatalf("could not add test ca %s to pool", filename) + } + } + + return pool +} + +// lazyCerts has a func field which can't be compared. +var cmpCertPool = cmp.Options{ + cmpopts.IgnoreFields(x509.CertPool{}, "lazyCerts"), + cmp.AllowUnexported(x509.CertPool{}), +} + +func assertDeepEqual(t *testing.T, x, y interface{}, opts ...cmp.Option) { + t.Helper() + if diff := cmp.Diff(x, y, opts...); diff != "" { + t.Fatalf("assertion failed: values are not equal\n--- expected\n+++ actual\n%v", diff) + } +} diff --git a/api/go.mod b/api/go.mod index 6a37c10dd..33d9c558c 100644 --- a/api/go.mod +++ b/api/go.mod @@ -5,6 +5,7 @@ go 1.12 replace github.com/hashicorp/consul/sdk => ../sdk require ( + github.com/google/go-cmp v0.5.7 github.com/hashicorp/consul/sdk v0.8.0 github.com/hashicorp/go-cleanhttp v0.5.1 github.com/hashicorp/go-hclog v0.12.0 diff --git a/api/go.sum b/api/go.sum index 45eae683f..ebf25c8c8 100644 --- a/api/go.sum +++ b/api/go.sum @@ -12,6 +12,8 @@ github.com/fatih/color v1.9.0 h1:8xPHl4/q1VyqGIPif1F+1V3Y3lSmrq01EabUW3CoW5s= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c h1:964Od4U6p2jUkFxvCydnIczKteheJEzHRToSGK3Bnlw= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= +github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM= @@ -100,12 +102,12 @@ golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44 h1:Bli41pIlzTzf3KEY06n+xnzK/BESIg2ze4Pgfh/aI8c= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad h1:ntjMns5wyP/fN65tdBD4g8J5w8n015+iIIs9rtjXkY0= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= @@ -114,6 +116,8 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/build-support/docker/Build-Go.dockerfile b/build-support/docker/Build-Go.dockerfile index 39fc6df5c..21f508502 100644 --- a/build-support/docker/Build-Go.dockerfile +++ b/build-support/docker/Build-Go.dockerfile @@ -1,4 +1,4 @@ -ARG GOLANG_VERSION=1.17.5 +ARG GOLANG_VERSION=1.18.1 FROM golang:${GOLANG_VERSION} RUN go install github.com/elazarl/go-bindata-assetfs/go-bindata-assetfs@master diff --git a/connect/proxy/proxy.go b/connect/proxy/proxy.go index 8eb34c499..86cc24d46 100644 --- a/connect/proxy/proxy.go +++ b/connect/proxy/proxy.go @@ -75,12 +75,7 @@ func (p *Proxy) Serve() error { tcfg := service.ServerTLSConfig() cert, _ := tcfg.GetCertificate(nil) leaf, _ := x509.ParseCertificate(cert.Certificate[0]) - roots, err := connect.CommonNamesFromCertPool(tcfg.RootCAs) - if err != nil { - p.logger.Error("Failed to parse root subjects", "error", err) - } else { - p.logger.Info("Parsed TLS identity", "uri", leaf.URIs[0], "roots", roots) - } + p.logger.Info("Parsed TLS identity", "uri", leaf.URIs[0]) // Only start a listener if we have a port set. This allows // the configuration to disable our public listener. diff --git a/connect/service_test.go b/connect/service_test.go index 1897a9097..e72b501ed 100644 --- a/connect/service_test.go +++ b/connect/service_test.go @@ -9,6 +9,8 @@ import ( "io" "io/ioutil" "net/http" + "reflect" + "sort" "strings" "testing" "time" @@ -189,15 +191,15 @@ func TestService_ServerTLSConfig(t *testing.T) { // After some time, both root and leaves should be different but both should // still be correct. - oldRootSubjects := bytes.Join(tlsCfg.RootCAs.Subjects(), []byte(", ")) + oldRootSubjects := getSubjects(tlsCfg.RootCAs) oldLeafSerial := cert.SerialNumber oldLeafKeyID := cert.SubjectKeyId retry.Run(t, func(r *retry.R) { updatedCfg := service.ServerTLSConfig() // Wait until roots are different - rootSubjects := bytes.Join(updatedCfg.RootCAs.Subjects(), []byte(", ")) - if bytes.Equal(oldRootSubjects, rootSubjects) { + rootSubjects := getSubjects(updatedCfg.RootCAs) + if oldRootSubjects == rootSubjects { r.Fatalf("root certificates should have changed, got %s", rootSubjects) } @@ -288,3 +290,15 @@ func TestService_HasDefaultHTTPResolverFromAddr(t *testing.T) { require.NoError(t, err) require.Equal(t, expected, got) } + +func getSubjects(cp *x509.CertPool) string { + subjectsIter := reflect.ValueOf(cp).Elem().FieldByName("byName").MapRange() + subjects := []string{} + for subjectsIter.Next() { + k := subjectsIter.Key() + subjects = append(subjects, k.String()) + } + sort.Strings(subjects) + subjectList := strings.Join(subjects, ",") + return subjectList +} diff --git a/connect/tls.go b/connect/tls.go index a79fe7c8a..dd7fc1869 100644 --- a/connect/tls.go +++ b/connect/tls.go @@ -3,8 +3,6 @@ package connect import ( "crypto/tls" "crypto/x509" - "crypto/x509/pkix" - "encoding/asn1" "errors" "fmt" "io/ioutil" @@ -111,33 +109,6 @@ func devTLSConfigFromFiles(caFile, certFile, return cfg, nil } -// PKIXNameFromRawSubject attempts to parse a DER encoded "Subject" as a PKIX -// Name. It's useful for inspecting root certificates in an x509.CertPool which -// only expose RawSubject via the Subjects method. -func PKIXNameFromRawSubject(raw []byte) (*pkix.Name, error) { - var subject pkix.RDNSequence - if _, err := asn1.Unmarshal(raw, &subject); err != nil { - return nil, err - } - var name pkix.Name - name.FillFromRDNSequence(&subject) - return &name, nil -} - -// CommonNamesFromCertPool returns the common names of the certificates in the -// cert pool. -func CommonNamesFromCertPool(p *x509.CertPool) ([]string, error) { - var names []string - for _, rawSubj := range p.Subjects() { - n, err := PKIXNameFromRawSubject(rawSubj) - if err != nil { - return nil, err - } - names = append(names, n.CommonName) - } - return names, nil -} - // CertURIFromConn is a helper to extract the service identifier URI from a // net.Conn. If the net.Conn is not a *tls.Conn then an error is always // returned. If the *tls.Conn didn't present a valid connect certificate, or is diff --git a/connect/tls_test.go b/connect/tls_test.go index 9659cf5be..1f8307224 100644 --- a/connect/tls_test.go +++ b/connect/tls_test.go @@ -7,6 +7,7 @@ import ( "testing" "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" "github.com/stretchr/testify/require" "github.com/hashicorp/consul/agent" @@ -295,9 +296,11 @@ func requireEqualTLSConfig(t *testing.T, expect, got *tls.Config) { // cmpCertPool is a custom comparison for x509.CertPool, because CertPool.lazyCerts // has a func field which can't be compared. -var cmpCertPool = cmp.Comparer(func(x, y *x509.CertPool) bool { - return cmp.Equal(x.Subjects(), y.Subjects()) -}) +// lazyCerts has a func field which can't be compared. +var cmpCertPool = cmp.Options{ + cmpopts.IgnoreFields(x509.CertPool{}, "lazyCerts"), + cmp.AllowUnexported(x509.CertPool{}), +} // requireCorrectVerifier invokes got.VerifyPeerCertificate and expects the // tls.Config arg to be returned on the provided channel. This ensures the diff --git a/go.mod b/go.mod index 8d7134af3..eb848e555 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/fsnotify/fsnotify v1.5.1 github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.4.3 - github.com/google/go-cmp v0.5.6 + github.com/google/go-cmp v0.5.7 github.com/google/go-querystring v1.0.0 // indirect github.com/google/gofuzz v1.2.0 github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22 @@ -89,7 +89,7 @@ require ( golang.org/x/net v0.0.0-20211216030914-fe4d6282115f golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d golang.org/x/sync v0.0.0-20210220032951-036812b2e83c - golang.org/x/sys v0.0.0-20211013075003-97ac67df715c + golang.org/x/sys v0.0.0-20220412211240-33da011f77ad golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e google.golang.org/genproto v0.0.0-20200623002339-fbb79eadd5eb google.golang.org/grpc v1.36.0 diff --git a/go.sum b/go.sum index 9311ff481..bbb6a03a1 100644 --- a/go.sum +++ b/go.sum @@ -253,8 +253,9 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= +github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/google/go-querystring v0.0.0-20170111101155-53e6ce116135/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= @@ -772,7 +773,6 @@ golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -790,8 +790,9 @@ golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210816074244-15123e1e1f71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211013075003-97ac67df715c h1:taxlMj0D/1sOAuv/CbSD+MMDof2vbyPTqz5FNYKpXt8= golang.org/x/sys v0.0.0-20211013075003-97ac67df715c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad h1:ntjMns5wyP/fN65tdBD4g8J5w8n015+iIIs9rtjXkY0= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/sdk/go.mod b/sdk/go.mod index 6d543bcec..18b289a0e 100644 --- a/sdk/go.mod +++ b/sdk/go.mod @@ -11,7 +11,7 @@ require ( github.com/mattn/go-isatty v0.0.12 // indirect github.com/pkg/errors v0.8.1 github.com/stretchr/testify v1.4.0 - golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9 + golang.org/x/sys v0.0.0-20220412211240-33da011f77ad gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect gopkg.in/yaml.v2 v2.2.8 // indirect ) diff --git a/sdk/go.sum b/sdk/go.sum index b9840a641..94ec34ba4 100644 --- a/sdk/go.sum +++ b/sdk/go.sum @@ -34,8 +34,8 @@ golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9 h1:1/DFK4b7JH8DmkqhUk48onnSfrPzImPoVxuomtbT2nk= -golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad h1:ntjMns5wyP/fN65tdBD4g8J5w8n015+iIIs9rtjXkY0= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/test/ca/certindex b/test/ca/certindex index 8c478a407..4610614a1 100644 --- a/test/ca/certindex +++ b/test/ca/certindex @@ -5,3 +5,4 @@ V 160526220537Z 0D unknown /CN=test.internal/ST=CA/C=US/emailAddress=test@inter V 170604185910Z 0E unknown /CN=testco.internal/ST=California/C=US/emailAddress=test@testco.com/O=Hashicorp Test Cert/OU=Beta V 180606021919Z 0F unknown /CN=testco.internal/ST=California/C=US/emailAddress=james@hashicorp.com/O=End Point/OU=Testing V 21180418091009Z 10 unknown /CN=testco.internal/ST=California/C=US/emailAddress=james@hashicorp.com/O=End Point/OU=Testing +V 21220322142538Z 11 unknown /CN=testco.internal/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing diff --git a/test/ca/myca.conf b/test/ca/myca.conf index 067beb240..810e06ba3 100644 --- a/test/ca/myca.conf +++ b/test/ca/myca.conf @@ -13,7 +13,7 @@ database = certindex private_key = privkey.pem serial = serialfile default_days = 36500 -default_md = sha1 +default_md = sha512 policy = myca_policy x509_extensions = myca_extensions diff --git a/test/ca/serialfile b/test/ca/serialfile index b4de39476..48082f72f 100644 --- a/test/ca/serialfile +++ b/test/ca/serialfile @@ -1 +1 @@ -11 +12 diff --git a/test/hostname/Alice.cfg b/test/hostname/Alice.cfg index 6bba3002d..dcee8e5f2 100644 --- a/test/hostname/Alice.cfg +++ b/test/hostname/Alice.cfg @@ -9,7 +9,7 @@ ST = California L = Los Angeles O = End Point OU = Testing -emailAddress = james@hashicorp.com +emailAddress = do-not-reply@hashicorp.com CN = Alice [v3_req] diff --git a/test/hostname/Alice.crt b/test/hostname/Alice.crt index 074e8b5b4..42d54de0f 100644 --- a/test/hostname/Alice.crt +++ b/test/hostname/Alice.crt @@ -1,23 +1,23 @@ -----BEGIN CERTIFICATE----- -MIIDyzCCArOgAwIBAgIBGjANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCVVMx +MIID0zCCArugAwIBAgIBLjANBgkqhkiG9w0BAQ0FADCBmTELMAkGA1UEBhMCVVMx EzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC0xvcyBBbmdlbGVzMRkwFwYD VQQKExBIYWhpQ29ycCBUZXN0IENBMQ0wCwYDVQQLEwRUZXN0MREwDwYDVQQDEwhD -ZXJ0QXV0aDEiMCAGCSqGSIb3DQEJARYTamFtZXNAaGFzaGljb3JwLmNvbTAgFw0x -ODA1MTIwOTA0MzJaGA8yMTE4MDQxODA5MDQzMlowfDEOMAwGA1UEAwwFQWxpY2Ux -EzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMSIwIAYJKoZIhvcNAQkB -FhNqYW1lc0BoYXNoaWNvcnAuY29tMRIwEAYDVQQKDAlFbmQgUG9pbnQxEDAOBgNV -BAsMB1Rlc3RpbmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjzkhi -7DQSMX6CBeIJtX3K508fTlvNxs9gYKMGIybyTrWSc5gT76QA7ntnETpcParyoF7K -N7LJnmTZr9uYOxJ9ZkYHzeAoBVbYjvm2jgMt8lTHwqept0ASIYhhe1RBhkIJH9eN -hoY6LgYefelj/leTYu55TUGfPD0kRNs4bG5XCl8TFbACOxKKdcY3uZQTaOXYl/Uv -Nl2Pp9h3v72/WL680Y9kGnmU9wcvBU5RewOTZKtdGe6y3hRmYz16nKxo733KH5Px -RDy2GyJ9mKC7QiyL8TYc7BRSp9FePeAXx5RQOYTL6Z5pgirwOnZkiWyaKBud9T5t -FxeT9QJdd1NsAURdAgMBAAGjODA2MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMBwG -A1UdEQQVMBOCEXNlcnZlci5kYzEuY29uc3VsMA0GCSqGSIb3DQEBBQUAA4IBAQBN -xFFMhWl2UtZYrQ5f3GrqTRncoe/oDqXxuAiiBRDo3Gz/XDkz9aFwwK2z7rjaYVrQ -8ZksrA4T/Zr5nGCXCpFjVMzw3eFRWqWbGRFi/nfcifvk5EW7uobT84SOYQ5jrv6y -3kmsd6f2pnYKgWEX7J94XVIE/BeVSHZMHephrK6KC3Gdy66xNk6othKymY6veNxn -70qQbw0yRrud6svdPNmD6GCauz2i3blb7xW1FZMrJqtN0Mw5W2QHMyS1MQFeSeaC -TDv/Os3tocLFtdsoLAECLAqYAL9wAvvm8eNNOWPnFpy644lE2uLupWB8z5m0GbGp -utZXHATEkmGoFKC+dNml +ZXJ0QXV0aDEiMCAGCSqGSIb3DQEJARYTamFtZXNAaGFzaGljb3JwLmNvbTAgFw0y +MjA0MTQyMjQxNTBaGA8yMTIyMDMyMTIyNDE1MFowgYMxDjAMBgNVBAMMBUFsaWNl +MRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzEpMCcGCSqGSIb3DQEJ +ARYaZG8tbm90LXJlcGx5QGhhc2hpY29ycC5jb20xEjAQBgNVBAoMCUVuZCBQb2lu +dDEQMA4GA1UECwwHVGVzdGluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAMadRkCC0SC4FcOGn+Y7L4lTyZpjywbgim081BdWXEQCG/gPlcxZGQEPn2ZA +cglvuNbRlsDYqDs88cn9Nm9xWRJOh3x79erN/1k8AChNSj69nvTzg3cBUYx3Tz8I +5MvuG1XBp6cOK7cyUizllQVF1YX3vM5wZSP3hEe8jxGpMxS6+cKh2MHbhDNtUV78 +t7VFiDqvkT4H85VIiHyBTzK/1lMmHed820Aam8b8b0WSsdVFUZZcxUKuaKAqg6Np +YQE49IPMGJ8zidVZhEm/vZP1K9+uNJSq4mnClFBua+06Z6F7gj2MjGyNn6MlMOKs +EMAmntg4jgm/DznSng0t95XtVKUCAwEAAaM4MDYwCQYDVR0TBAIwADALBgNVHQ8E +BAMCBeAwHAYDVR0RBBUwE4IRc2VydmVyLmRjMS5jb25zdWwwDQYJKoZIhvcNAQEN +BQADggEBAED+jxV3/dWdqUF4O6J0MbJ0i60XRpFHvP9W7ukt8L+cMgVsWTqWPt+d +819gp0L+OAgwAVW0jFXpywi3LkdqurTFMMeG/yc9H4ryuLBAmg6TQSAexaYGznhE +jXZYJR04Wi8ct2e62GRZdAUGCzg9ZxAEr3wPRg+XW1jkYvJvPPFerG5kQPdx1bq/ +C3AQh3ONSK+ZTv1hxWumixkJbHh0aQpnPvy1Mq4AV+mHXlPlJocXfhCFh9gZag3q +DpDQ3Q56fZmDmssRQO9TLd0/+lfZ22aM94DmJyU78Dq+rpLfC4Guh8DfhLGtCK9M +60ixhLIOonbE5/Q0T8fKxW2di6DR+kc= -----END CERTIFICATE----- diff --git a/test/hostname/Alice.key b/test/hostname/Alice.key index 64f286c92..482cb3382 100644 --- a/test/hostname/Alice.key +++ b/test/hostname/Alice.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDjzkhi7DQSMX6C -BeIJtX3K508fTlvNxs9gYKMGIybyTrWSc5gT76QA7ntnETpcParyoF7KN7LJnmTZ -r9uYOxJ9ZkYHzeAoBVbYjvm2jgMt8lTHwqept0ASIYhhe1RBhkIJH9eNhoY6LgYe -felj/leTYu55TUGfPD0kRNs4bG5XCl8TFbACOxKKdcY3uZQTaOXYl/UvNl2Pp9h3 -v72/WL680Y9kGnmU9wcvBU5RewOTZKtdGe6y3hRmYz16nKxo733KH5PxRDy2GyJ9 -mKC7QiyL8TYc7BRSp9FePeAXx5RQOYTL6Z5pgirwOnZkiWyaKBud9T5tFxeT9QJd -d1NsAURdAgMBAAECggEALevYZbCNspktklJTRXfDetJz/bCTCwEnrprsYgFWCYRa -T8JjhqlJGzL3x0gOxqdbvXscgJEHxmLam5M6pg5KZOLn/QzAQfEJl7ACoI0yEOIH -uxj/KVQaY01FK7lru6WvzB0SG6JhjnrWmvDwykpsJvbLccJkFxBSluwWcOJSv9Kj -CQMExsy9s2aVyUcA19aob8tQunBpAZfqIAO/wQxGUbxo7Bk6/o+/jYSoedzm0viY -M7xskskE0CMglC4AkbpWBLAR/aKlgtFiniYm3wp4k7Nbf0WMkESfCfvQtqsBgp0W -vuL2QbVouzxiGtj9XyGA3WqsJDVFL4CD5Aoap+kmgQKBgQDyQYmyOlifQvB95ZWO -GVQ0W4bOqzxOHuQYswIPj2yRjeoD7dYcCQD8i3nKzxrSljIezal49dio3+yBJwY6 -jomzrq7HPtmKMt4eZN1l9Tljiz9+5cxyKc2/qGJoEBkBccBlZXAFVJ99wSfcKQQw -zT4NbVHuXK5lZol6Wjvk/fVXIQKBgQDwut+wKCmsYgsVIJ17I1iHlcJUspPkWB4c -+iES1uGM49Iem2lMNSdRKzlkB5c6+JjIbmhLvh0+PH/7/vkVIrelbLCi4qe3E6m8 -gTOVq8pHohzLJJQAEWG6JlkjxBj+Orgc5qos4eO71yJProGk+xMZARz5n0EKmkpP -Zju/T/7RvQKBgQDyOBMsT+hCPRTmXEIflTW7L/Rm+ZFPbtWT2I/r7PSZyDI+gXQ+ -Dcadu/sni9H+0swEPo//cJiTqWj4bYNt0wzdyn/Ymf+6jUfHTgSMKBecbyMqhyvW -zfN5eSwDbm0CI7FB8J2Dxuu9Of7Xw278OIqdtDtiP+rjWhWFb2lJeZ7v4QKBgQCt -XRdMyI/CelUa4QMos/rEoiByWKzTLHZ7TdNVuvRyP3uJ2UhKvpjTBrrtA95wdKmq -5oAr0/1BXdaZxzTgeMEi3BSVKX+5A+sgOzfIGRCy59euoGgJaHsl0QovDMEnDWic -P63cZs1X8IXgNn9dLgfB4SBZ0MvJc/YCGlD65QRRTQKBgFxqEn90iOZr4AZKYoIR -0qQM0MA8W8Vi1EoKU7O/onuZrBA1rMfOGMjdtGmnTozVDbi/VKR6sjd4IpsIDH9L -WMn7Jm8Y5KYIEs9/DVv+/jPoPa/fQ680h8+QmRrz8P95Ap3xd17s+10qbUtrQdzI -w4xzB0gF0vOT/dCAmN66h/rv +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDGnUZAgtEguBXD +hp/mOy+JU8maY8sG4IptPNQXVlxEAhv4D5XMWRkBD59mQHIJb7jW0ZbA2Kg7PPHJ +/TZvcVkSTod8e/Xqzf9ZPAAoTUo+vZ7084N3AVGMd08/COTL7htVwaenDiu3MlIs +5ZUFRdWF97zOcGUj94RHvI8RqTMUuvnCodjB24QzbVFe/Le1RYg6r5E+B/OVSIh8 +gU8yv9ZTJh3nfNtAGpvG/G9FkrHVRVGWXMVCrmigKoOjaWEBOPSDzBifM4nVWYRJ +v72T9SvfrjSUquJpwpRQbmvtOmehe4I9jIxsjZ+jJTDirBDAJp7YOI4Jvw850p4N +LfeV7VSlAgMBAAECggEAVGkRK2etk5dJAKFdoc6zpEys2OXiqpiRnF2G0ihM7EZt +Np8BDikrvEy0dROco7AMwZev12P9E7gSFsN7+B8XOPWRFXHlkRZdmMIsWvSGQmX6 +gaZg0BoKW4V1c5fHDXizu12jcBdQsvo6/IPSMrx8RASHBMG16nROjuJvd5UOdZdF +wKTlCjLvJNnZsaW9HVsO3YsR1w2m1NbUdx+UYeRzy7sYzKc4Wnm2qA6r1UkzjC1S +6ho3NAy9mX4HlSyYq4qWwLT9ByIqgzjWdWJUbyJ2+ZvCRmbagONoBjGc323Og8LB +6PRswo2nlQSjxHA4G2llQaKp5TAbiwr9tPG+DaupnQKBgQDoQUkwa144jT6Bjn35 +36xl/s00vhT5dfFyEK4RPThTPP7FBKHPp8PO2kPz7z6CoL7xoV/yR2OENZ3ZxIgX +xBIw7cu25B0yp9+yH9wZGd3hNDGiXlnaJKy4oXYrs8pkh9bUXXAUsa+3Jcc29Y5I +MiboquzFMf0JRwHapx0SE9/G7wKBgQDa64Z4DlubX/QhdrQBlyJA/bT7NfTHkRoH +Oo0b9POqrh7ZiVMp8mlNDQY9VZo44UOJRrttNLzNCCl7Sce6H3GA38fp/OcszZTw +Crlfzk0Fm3D9zUUog8BO3sH1WBC1ws2cONIa5AeuNj6GuWE0UueULcGeb7bp5VYe +kN/Cx7u9qwKBgFIMPj7Mr0xrGVnLbNWJHu4pRXUMcXxvHgydt+B/MBa3xYj0SfWB +3rqEgNz796lOACZ8S9jbP1zFVC5KL4m1yndeikjh7S6n/259stNrP+b++UnS6wsV +Sa8v2v81VJqPImWDXMTywJCC2A2iUdFPZk9rkplXP3y3iQAlaS+ptbQhAoGARM49 +x0IL/LudyV67mLxdobubxFDjDE5ItfjrHNxSMVTkkU6d+tMb0YHEckaTYEk8psq6 +YcpvhKmKEBvSUGdNj0nGVX6NUgGTTBayyK/YeWivjLWVhPRT3vYYU/pH1jjR0sXx +E06UM2cNI97j9EQSUPpInnlSLhVMifLSwS9xjF0CgYEAsUd2Cy/sw1D+bv/6ktlz +5FYjAwJA2dcYCQMJ6Cds7yTgkmS0sFcb3bFOMtkTwzS6YShc07kiPlGs5d6P2uIA +cYBQLl/NNxVthCLmz8roY+g9wQH+0Bmwiigbn+vTriN+xA9F11Nie4vn6ZzQqncq +71BwLZBtCekeJsRU+ml+dSI= -----END PRIVATE KEY----- diff --git a/test/hostname/Betty.crt b/test/hostname/Betty.crt index 62dae6fb4..bba0776ce 100644 --- a/test/hostname/Betty.crt +++ b/test/hostname/Betty.crt @@ -1,23 +1,23 @@ -----BEGIN CERTIFICATE----- -MIID7DCCAtSgAwIBAgIBHDANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCVVMx +MIID7DCCAtSgAwIBAgIBMDANBgkqhkiG9w0BAQ0FADCBmTELMAkGA1UEBhMCVVMx EzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC0xvcyBBbmdlbGVzMRkwFwYD VQQKExBIYWhpQ29ycCBUZXN0IENBMQ0wCwYDVQQLEwRUZXN0MREwDwYDVQQDEwhD -ZXJ0QXV0aDEiMCAGCSqGSIb3DQEJARYTamFtZXNAaGFzaGljb3JwLmNvbTAgFw0x -OTEyMTEyMTQzMzlaGA8yMTE5MTExNzIxNDMzOVowgYMxDjAMBgNVBAMMBUJldHR5 +ZXJ0QXV0aDEiMCAGCSqGSIb3DQEJARYTamFtZXNAaGFzaGljb3JwLmNvbTAgFw0y +MjA0MTQyMjQxNTBaGA8yMTIyMDMyMTIyNDE1MFowgYMxDjAMBgNVBAMMBUJldHR5 MRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzEpMCcGCSqGSIb3DQEJ ARYaZG8tbm90LXJlcGx5QGhhc2hpY29ycC5jb20xEjAQBgNVBAoMCUVuZCBQb2lu dDEQMA4GA1UECwwHVGVzdGluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAPU04u9/94fgQZMwCHR9gX6yBfJV6m7hTxR7rQv8GXaaCYVVisH2NmW6KcrZ -hjUqsvPpm63vEZasYC2blqlLnQCmJyOemnx9v0WEX9SLM3w8ihjbGhSq6VqaCeGH -s3jaxe9Bx8anR1tWiz2AoEEP1SzHgBQv08swDdWZsFKqnXntwqKqZcegIQMelxW+ -iofAtSRZcwhbQUrpgaarxStuvpxqt1y/rbS27H1cf9U4CLysKClOIIJE3l7rqKCb -R5uYyQd07nZC+R7/83TX1AGFvk55QujB9Pm9p6RbjHJWZ5CLPtpiQhpMwYw1JluN -1KSwnpDDreCWMw+yEchlAnpw3/cCAwEAAaNRME8wCQYDVR0TBAIwADALBgNVHQ8E +ggEBALcRmiQ3lifgSuD1f6Spc6iHSvX1ilRXlo9FJ9MuROyg1ByuxQliU4Wz4XUw +CbpzUncb3B7Sg0Dg2dfMZJoafkVcVi4k6Rv689uasp4LIciK53sL33QfZEXLw5Nt +LizfDM4IV5tb2m7s057ObVwdjjg0ICRkpgXWQgGb2OhkU3ZliPeuo4RnODCThRLR +9SvHenpn8TJldNGunQGERPRFEeF6ekNgSbfM3vjimBUGzHdlqd9L327u+fRrVC/E +k0YXTM7Ummc1NUButUaFFiA9uBFhqU5tI1NnrD+dAmsboXrzI62HsipOmWskoSAX +66gkeyi/yoDsXENd09WiqTxOaqECAwEAAaNRME8wCQYDVR0TBAIwADALBgNVHQ8E BAMCBeAwNQYDVR0RBC4wLIIRc2VydmVyLmRjMi5jb25zdWyCF2JldHR5LnNlcnZl -ci5kYzIuY29uc3VsMA0GCSqGSIb3DQEBBQUAA4IBAQBvGhMpUHmw3j7+sj0D+mCz -+bBhZH6HEpy6TLjS1GfO0/fyO2DIcPMHNTdNqmoDTt33scS53155jEhCI8Wtb6LY -Mvoo0wwnQtGvuqyscnJldAQ++08N2bjJq9iQoG1gB9oPWOxRe4tjbSoJNl1X3a0u -jwjKwOl0HX23WMy3S5mIKuOBuT79/nY/rVlFP1fsna4TKO1ocXjK5JnQ9TKdGTRH -9STT/RPIIQvWg+zeDS+ZlMocZEq7NT63d2BzH2ZiV6VRZM0PSyEixE0fqfxPxA2D -+fqeDl8iRR4tPIifkDFZLoMiHDa7Ciqh1hgdMUk1tkPZpxy+XP+AzI/K/3Tnceer +ci5kYzIuY29uc3VsMA0GCSqGSIb3DQEBDQUAA4IBAQB+hMHxwzY7KpFe/mKhiUCE +bOrVBvXAp/98F5UPoMGbF8Qe4/nNPAhhFGvkG28lAyeai1j7HX+gqx0qxcOMHGMw +uIL/XcpetQijOazNzvCaXo8MqPMjkiFDWkdaJVR7D1BU2kwwDpHJnNpnjynBW3vl +OPkANoo9WX825vErdZ4bEHQRRZziU7v2auqxZuxB8uBf9NJiDQvyUvkDUkQkHu+a +8QAdifeavxCkcIE6aKzPAEfDgVIHylzOjAGQUpZgmaA5344jH5CltTlZ54zh33jO +MmmzFj5e0MCdFJY3JBqKcEfXswTnDdXZIvdF3Iu/kWXTmd8Fnkx2ektNd70MFK0F -----END CERTIFICATE----- diff --git a/test/hostname/Betty.key b/test/hostname/Betty.key index 6b12937c4..2d1fb541b 100644 --- a/test/hostname/Betty.key +++ b/test/hostname/Betty.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQD1NOLvf/eH4EGT -MAh0fYF+sgXyVepu4U8Ue60L/Bl2mgmFVYrB9jZluinK2YY1KrLz6Zut7xGWrGAt -m5apS50Apicjnpp8fb9FhF/UizN8PIoY2xoUqulamgnhh7N42sXvQcfGp0dbVos9 -gKBBD9Usx4AUL9PLMA3VmbBSqp157cKiqmXHoCEDHpcVvoqHwLUkWXMIW0FK6YGm -q8Urbr6cardcv620tux9XH/VOAi8rCgpTiCCRN5e66igm0ebmMkHdO52Qvke//N0 -19QBhb5OeULowfT5vaekW4xyVmeQiz7aYkIaTMGMNSZbjdSksJ6Qw63gljMPshHI -ZQJ6cN/3AgMBAAECggEARpwMHVuENCRnvbK/PIxHlew9uiLzdyp6UzOqCSF3U6fX -xgV0B5aW44RQNJGfDABXt9U1d0i4j+Ljbz62i9myRFWUP7WUVvT+902/Kr1K/iOQ -wMeXIwx0Vhq1bbReAhc9mEAg/xt8eNjbD8LSYunkQRjR0P5UxtX3peKz25o17r3w -U5lpvbYzm/k376Dhr2RBr30jrrf2rh06+FQCc2dF2mK1j7+YKbIHK+BKQYtQeVyg -XYpJfJTsuHFojwZNGXEuidkGApuokTS0HiAuAjrCQsn4cUftXnUtE2HJgsCum/Bp -Kb74ahBbZCITXCRSKZCi6p9oFcHQ30JDCCz4Qy9HgQKBgQD/dzWYKzI29ihQmeLN -ntHRl4RTjO4LfCs6lr8ul5nFOcgGwSwaFaTbqq0oJefCqEH+wmH1Jbd5nfRi7PWr -uGibeZnLdiseHHMsvN8l6PY3tVCm3kJL5Ze2TY+n8/7eUPcmH60CFikqO53ahjV3 -9PtUBr5BUe1xUJ6T4zegqZKWbwKBgQD1uC8PfrIMGLmq9l3x3T2pAbmfz0N3DfUs -ncY+JCQRkBkWJk3oW8ITBZagCwvg4AnhbGvNgbAaPGEQ9HL7f19ieJeHxEaVtTY2 -kKDwelPHT06oCu2AZ8h1Zqfn55O/HtGO/MuTdFa9IKjGYJTUvSBy3VVd8gnK9MBV -fhUtEqNS+QKBgQC33NR18KDzbbcWS6sw0l2wu5xBhezN11BFmrl+jx3dFPkh42Ya -X/mHIBAAFUf4kaDt+nkGN18V6Nk7WdB3BwJC5AIMrb/arB8407bHUiPjdFvXvZ95 -gITwcGI0PyfwWdWHWsTp+4klHENAQ9e3vlok37WOzahXJe78AUzIFUOrgQKBgQCb -qC3Htw67Mv6LGr6wdOKWqY0Ze4bVaHYj6V6oBuUCazI5IdLAmz/6JNQiVl0T+1jH -AJPZ/4m7VPx4bSJZx3p5OsNjMic0tzK8pioNrLBd1hORyDpj2VrXZEyBT+X8cF14 -IxQjONOpw4KnCI+/pH9lxGhLtwQVGa6tec2YW/IyoQKBgQCMr00Z1/+edBh/s+Ho -p87Wwf3vRtRZLniVdc1jVk9raK6azrFS+vBzpkWZatLu5Grtwl/9HYNTu+AnfKGP -jyRkCx0i5qgEQobYkiAJeFocyDVbzaDdZBhTAINN9uaSDH1JpGNlIBxIflzT0adf -OCBbgQ6SaTH+MWvYJ1KJPsQVkw== +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC3EZokN5Yn4Erg +9X+kqXOoh0r19YpUV5aPRSfTLkTsoNQcrsUJYlOFs+F1MAm6c1J3G9we0oNA4NnX +zGSaGn5FXFYuJOkb+vPbmrKeCyHIiud7C990H2RFy8OTbS4s3wzOCFebW9pu7NOe +zm1cHY44NCAkZKYF1kIBm9joZFN2ZYj3rqOEZzgwk4US0fUrx3p6Z/EyZXTRrp0B +hET0RRHhenpDYEm3zN744pgVBsx3ZanfS99u7vn0a1QvxJNGF0zO1JpnNTVAbrVG +hRYgPbgRYalObSNTZ6w/nQJrG6F68yOth7IqTplrJKEgF+uoJHsov8qA7FxDXdPV +oqk8TmqhAgMBAAECggEAcaGcYtSaAIBpGf9oTmXb44Su08KoLTf8vUs4sA1tPM+L +OY6FwRBmNXx0+k9qCnBghIwncn5KeC/ZJ+i3nSvKqvTojVXd179KNEpuikjwnFET +47134tVFYUlcSRsg6Ts98HkfH9DA4c9gf5c0LFQwHdTFCrHql37pk6QP3BfB8p9/ +BHojrxF6dFV04XR5bMTHO0w1b4OstnROiKynZYxP9nxpeMDAWG8A1/7RSCFuaXHO +2m1V7ChAsfGsF26cAcVTBQaQBonlPAaswCOVQUSqVr+PtmjhaT96EJ2mS9Wbz8Wt +Wn/opHuRbmOp7wxJKXgvroD8t0738PyHo9H+EPthQQKBgQDywIXyClZFjDjLIH0c +YhS/ceRcUuhMxI1ZPwAQG72Fxv/HMUa3neSSKKLBKRQqPFxvvfjS0IT0737WtLjK +Mst2ojEKWkveRN54VVwINwXkLTrmM0vpQrBuye7c2le+Pj6QriV4OgIlB6P6huBM +AjiksbGj217H+n67cxwLgWdVOQKBgQDBDz8lc9DpV4WH+rfOx7vBSCqqvleQ3pxV +hO/BndW6/sFo7Go6zRc7mGmEeaJUVATAMTHRsvKZ7VQQH57l8JS88V27uxAepyjz +GV8kRYbfV5mtyoq+3owcaeUbBxVv0wCNB9I5m+SuRgfwe2/FHoV8EMl44LLB+sue +x5i1sDhoqQKBgGKa+43GzyZu//7a0pc97Amb/NPXxY6xZG01HxRsAD8gB3PlO0GI +vHj2Uq49vngtjqrBMxqHIwrPYela/Zj8qxMkbOE0ro650Nh2a+zWVOlLyhoKCjLV +KQ/HrOQ/ONcJN6bTZlsAzTA3e09fjCqz2Ehl+a+Cg2yd/u6rol+2D8BZAoGALc6u +Tvah9Ru9JTyJ7Fhb5kp3RTgQkuEe+vOl56zJj6ruvTSLKBSNlKhfMP2jVJry3Z9O +kNEC2x8CuSinjSt+Py6N7QM/meZTwwqcFoEgtVGVtzS9ovgvCnbd04Hkxjmsgcn/ +SYgBxI/9RkQjiwPo7D0XcMTv5TLaqXv2cfW0DLECgYEAkf+V/kSb667hAr4MNOKn +h030GAnmuvcm/ErbqWFXC7b9VyPDr+SU8tXr+ZZIzoH53ua9gxqTxYjFkUGMIZqM +yhRv3jYpG1ar1xs7Lo7qDCggPsBlZaIUkjZSlT0YX5SZ7U8DFowh7gRID0HUiELe +aqwXam2T6fIjLBVLhkuTWjw= -----END PRIVATE KEY----- diff --git a/test/hostname/Bob.crt b/test/hostname/Bob.crt index d5950f971..7f22c7171 100644 --- a/test/hostname/Bob.crt +++ b/test/hostname/Bob.crt @@ -1,23 +1,23 @@ -----BEGIN CERTIFICATE----- -MIID6DCCAtCgAwIBAgIBGzANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCVVMx +MIID6DCCAtCgAwIBAgIBLzANBgkqhkiG9w0BAQ0FADCBmTELMAkGA1UEBhMCVVMx EzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC0xvcyBBbmdlbGVzMRkwFwYD VQQKExBIYWhpQ29ycCBUZXN0IENBMQ0wCwYDVQQLEwRUZXN0MREwDwYDVQQDEwhD -ZXJ0QXV0aDEiMCAGCSqGSIb3DQEJARYTamFtZXNAaGFzaGljb3JwLmNvbTAgFw0x -OTEyMDQyMDMzMjhaGA8yMTE5MTExMDIwMzMyOFowgYExDDAKBgNVBAMMA0JvYjET +ZXJ0QXV0aDEiMCAGCSqGSIb3DQEJARYTamFtZXNAaGFzaGljb3JwLmNvbTAgFw0y +MjA0MTQyMjQxNTBaGA8yMTIyMDMyMTIyNDE1MFowgYExDDAKBgNVBAMMA0JvYjET MBEGA1UECAwKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMxKTAnBgkqhkiG9w0BCQEW GmRvLW5vdC1yZXBseUBoYXNoaWNvcnAuY29tMRIwEAYDVQQKDAlFbmQgUG9pbnQx EDAOBgNVBAsMB1Rlc3RpbmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB -AQC+TMR+iyWgqvEmaqDTS7AaK5M18oPF47dDPm/o6/RbPRDO1KfcXXaJCk14tTd2 -BbgUPHyuOf5CfEQIBc3JgI8Aj4nTY56Fo7Zz0igEOd2tXBe0scx0dXZPrRnnUfg1 -tG8kBJGYL4wR7Bd8N0xCpZK4+6NWyEkGmiTCI+NoVevhadGDrTlLbs+1GvzuufUB -OnVsam28beDfFI7JoGFpV/wbu93C3BUs2yg7wvHrAw2uvA0K5A05Vk+w61gW9bKW -HNGvOzTIr5ZWYFLYO2xNq/9vbmnX/teYiMWd7OkZbwTssbV2L9NJ0hML7fd48Rb9 -3jjXAXCqHQgliqUZ45aTQEqlAgMBAAGjTzBNMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AQDD0RkklDCznxVHo2/jXbeBkCDJBs8CqDeJuGwscPFIZuozR5LoL0ElScYudVwC +nvECbjcwwV0fMUIfRKao+6Akyvpd1zZpUYpifHkULzSnjm0x2ea/1fscIEuoQp+2 +eNDeQ7UAgqUpE2sgtSKuXa1l0zC8xX9eeZ3tKXl+6gXe9gfuFpRCijKt8o21EVnq +Gf8fMYZpLxKcTmf7KdZGKVzqY9JO84xfukBbWvhxpFFgka6NasSxmuqIps1AFs3V +pi2cDGixgJUGsVY4HJzEp/dU5bbr6Uke01VEmNpMn35rkxJtAWkEeWdYuq5ZaVEU +0Wd2i8mOiYtSi4i43wAlh2QjAgMBAAGjTzBNMAkGA1UdEwQCMAAwCwYDVR0PBAQD AgXgMDMGA1UdEQQsMCqCEXNlcnZlci5kYzEuY29uc3VsghVib2Iuc2VydmVyLmRj -MS5jb25zdWwwDQYJKoZIhvcNAQEFBQADggEBAGx4NH6cUIfLf4e/lvBDZFmd2qI9 -+uYC0kjdbf8mZuyVvpbtaWHqVUdfGRXjYJUi6+T7MSzhx5hhtXEwkKRDQWO3DPkE -kOOh+NEfeWm0Qsz41TlEJmZnpZP4sF37qO8uquFL4gVO4fHlybjL43XoaUiGsJ6o -jDQWqPZTArUDKz3SfvRc00VLc2TQ0neLVcAl24m5t3MNaN1UZ4PI2cXfC6HtAiVz -9V7IgRtM38YTYe8MzkiXCwFUVubTSyOOexxtoY8TuYEvyGcUocsz+G+SzK3gieB7 -D4MxZbgQzSOGtlDx9G7K5AWw+rqzReehDuzkI9itFXBAHKjudycE25a3xUQ= +MS5jb25zdWwwDQYJKoZIhvcNAQENBQADggEBAKvTAJffhOQVrm/R0p+YJpSZxis+ +Gg5nH//a6TSuj2qPp56q1V+cbiU/eDGIPkNUMLw1yl/0lhvKrHGR1QysdDcMEtph +bXga4ZwNgwQ4BLJi28J0WJDMCDq/GRhK/6KFd0uLLiOppTe470O59qSHSa2JMjKr +uzs9153jbY461IES147/MY3GDVC5pWGgnsCxmTuFf7vqV+CpRq62QlK+ZlekHaDL +cpwG/bMSUHdHcjCUusASSDyRcbCebGvMYO91zEMGkn7+DOd8ZkQyIX709/ue1uhJ +bqSWozgd383bL8ChNqnZqItOS63PCzbLhquLZJ4oQ8pq4YddGT8PD+Bmqks= -----END CERTIFICATE----- diff --git a/test/hostname/Bob.key b/test/hostname/Bob.key index ee2ebee18..5efa481dd 100644 --- a/test/hostname/Bob.key +++ b/test/hostname/Bob.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+TMR+iyWgqvEm -aqDTS7AaK5M18oPF47dDPm/o6/RbPRDO1KfcXXaJCk14tTd2BbgUPHyuOf5CfEQI -Bc3JgI8Aj4nTY56Fo7Zz0igEOd2tXBe0scx0dXZPrRnnUfg1tG8kBJGYL4wR7Bd8 -N0xCpZK4+6NWyEkGmiTCI+NoVevhadGDrTlLbs+1GvzuufUBOnVsam28beDfFI7J -oGFpV/wbu93C3BUs2yg7wvHrAw2uvA0K5A05Vk+w61gW9bKWHNGvOzTIr5ZWYFLY -O2xNq/9vbmnX/teYiMWd7OkZbwTssbV2L9NJ0hML7fd48Rb93jjXAXCqHQgliqUZ -45aTQEqlAgMBAAECggEAWrzeAHy2r1py699x2e5ABOp8IgAF5wjCbHTMBaLke9Ct -QAHUHFYQXB2mfQTjcgoeEMAarzSF0QvRoIWr7wW2qgzHKh1ZC93Y9Hbjj8hLtAqy -Xv1cQLd1d15ReKP0Fx920xS+m3Moda8+L4NqgGjUghGye4G6mERNfKiCGVDGzU7F -5ayIHR60BRiwsODJ7jr5ajcXoTHQ34gRLz/hB6S72sLAwEjGedpqpd79LNXkSdiP -axEW9nJVodc286WToR2YSSDezvIKgpZDy9onvBFmIyZIKuALmk10YNTrL1SfgR2C -wIjeHmfukgnlWzNFLB8bx0PBnaINSgxfdDa6ZYaaIQKBgQDmFWvmXUcW+SOidjUV -QTS5gjejYdDmB49y9x4eUffyHwA0wJWpiXE9TCy+PjLi1WIineHiaAmNngEU/IHF -NBi127opbU6CftvW7dGdv2IJxaN2IePSmlsLD8XItD+ZbhcZnHy4bLF8gIdttxXS -GZPHzesY0EqKCyb5ygjQ1wjZmQKBgQDTvCj6cLmVbV89wJMB2rSTglD9B2iwJnHX -wiX7bedc579odjUpTOmbPTxn9aI1MJeE9aKFuQP6NspOSXKQqlXjheXCs4d4jWmD -EQpL8dtHzXVdZf/2+RtuCYafpMRXFvraQjg5TdHT7ezQco74tW3CW2YUVdKyslNn -R1EWlzyY7QKBgQCotlyAdzWBqv5uSq9x/nZi8RFLRJahljmh24LCSOi/KexEwlL8 -FkRq5kiI16MIod9r8smH8zHOHmY8tUuTBzh3Yb+IURaYqd0aJRjny0ZgVAQgw4kD -DRxlaBNnsIRSRV+67/ykX09mM/kagn4Fqaurf1s8vr9pqfPShksgmA1tQQKBgE98 -lLmn9dOl8ppBIC8TBrVVt8e1r1RpqlVAOngQQ0n6aj3yGnT9vbkcnP++E/351vgA -KtoeoeKeDQakxhCPEZ1Pl/im4xWbqN+eVwo5qoNjG0tLznLOA8EkbFikR10WcGfd -cjP5BeuUp1F9oDS4D5NmMoUxzt5s2ais+kEL16DlAoGBAKoyjZDTv8mG0YCv4W92 -Quv8+KxE5+7qGjckDZh1tZGQjU6br1QccPAXZmlRbAJD1c90uUO+Kkx27FFJrB4t -A9jCUpXUv78PyvqX3IUW8H555n/a0M37A0xnkqm91LddkKmAbkQvt6oel5rNbt2+ -QeYzS1O8PX+zTLGf64h8Ajwt +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDD0RkklDCznxVH +o2/jXbeBkCDJBs8CqDeJuGwscPFIZuozR5LoL0ElScYudVwCnvECbjcwwV0fMUIf +RKao+6Akyvpd1zZpUYpifHkULzSnjm0x2ea/1fscIEuoQp+2eNDeQ7UAgqUpE2sg +tSKuXa1l0zC8xX9eeZ3tKXl+6gXe9gfuFpRCijKt8o21EVnqGf8fMYZpLxKcTmf7 +KdZGKVzqY9JO84xfukBbWvhxpFFgka6NasSxmuqIps1AFs3Vpi2cDGixgJUGsVY4 +HJzEp/dU5bbr6Uke01VEmNpMn35rkxJtAWkEeWdYuq5ZaVEU0Wd2i8mOiYtSi4i4 +3wAlh2QjAgMBAAECggEBAJjqspLRMxMieXC/XkIVTpfcYO375i8yBGUFY1x1OseK +rvwqubueI2amLSDcv2TAkH+QaIMnjbwtMHDQoMG39sCkzk34IeKvLb1pbPhpQNpU +rEtQ2hUXWokFY2/bz3Ok95+LCk+Cts3T/0XEjnfSafXprdbM+IFjwgOR7vJAeSM6 +auXQ24FHxSFBMt0m3Zhgp1P1qLBMJCxrEM0PTDKSnfI/HURLmUwJShu9x7+RzEb8 +pMGYGqFrXgkPOMT9gmBTjjgljMNiAYU2NZWsmP1dx3tB8lUHCd8iIp8bwNjqc8Q/ +rSNtniZ9NI+DNTu5xrAHz9KnM2AQgn92bHaerBZ+TikCgYEA53wGSaf4qW9cNBPP +p7DVAcz0FxaFEdzT4RI89KhZvKySj2bmsmywhW41dRpHhqKtBCvPgewTaI6YWGxf +YtUN8AmzrymfXZxPl+A1T6zbfV0AdP9LI/MDj0BcgkAyhdPmo4/jzAFwsRqe6HHi +dcqXBdqimuKottqWixpsJHOyITcCgYEA2I4ObI6Y4xdZfVPqj8xiMq9g1MUNRXLG +palvDGUHV1jl8oBdBCsjWZdd7cIWqLGiMxdWM42AWPZ71QKqEhd4K2z7fzeaXOZb +6Dsruxu3bG6/RNxRuCfTL6YOIpz/m5iIHcFD9g7OnODtKkvAum/8bTYiTjunHQxp +zInhKjYGenUCgYB0ywS5IQC7LC6PL/ezmeq+79Ov2nLlYk+c3YDXyCEOqtt/cuGu +4Fvn1oUuQkYYTfeRhTE7Ugsw09FVu8gcq3ZOx/ZayFtZ9cXK0RrUylgr1kKmxS/6 +QWBoZIbISO+0ygcyOyUqBwf+s3m9ucgSulacY4VrNDT/nSYbpQcvFRio3QKBgH5z +7U5MslAhKVt6rgSMJ2dLa7Ky4j4EeKTx3GuTbwb9XUEO3cH6YqkFL48Pf+W/3GQT +I331CdZpEARhiugHll9dQzqVQGkxBsgEDVQ0KhaCUOQn9vwfHT28rJJftQ6psgoV ++dZr7RBEc5j4JTF5BSDMtJmUUdAvmHQcq0PXyk6lAoGBANPIxjhoJ2tEEQq6aXxF +VeHK/zQAPTbTXE8cS7tf4AU9u5WJ8noKm8KG9NwLJcN8kNKfKj3f8VXaFh4Pg0Be +rDopAQJtk5JJlAv8RKA8Igf8ilLLw5/6AYspZZLrPNSrYYvKVGN6rszbTk83sgOi +qhTPPWMwC0CmLJQ7LDdhM4T3 -----END PRIVATE KEY----- diff --git a/test/hostname/Bonnie.crt b/test/hostname/Bonnie.crt index c13d6def2..bc30780fb 100644 --- a/test/hostname/Bonnie.crt +++ b/test/hostname/Bonnie.crt @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIID7jCCAtagAwIBAgIBHTANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCVVMx +MIID7jCCAtagAwIBAgIBMTANBgkqhkiG9w0BAQ0FADCBmTELMAkGA1UEBhMCVVMx EzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC0xvcyBBbmdlbGVzMRkwFwYD VQQKExBIYWhpQ29ycCBUZXN0IENBMQ0wCwYDVQQLEwRUZXN0MREwDwYDVQQDEwhD -ZXJ0QXV0aDEiMCAGCSqGSIb3DQEJARYTamFtZXNAaGFzaGljb3JwLmNvbTAgFw0x -OTEyMTIyMTA0MzZaGA8yMTE5MTExODIxMDQzNlowgYQxDzANBgNVBAMMBkJvbm5p +ZXJ0QXV0aDEiMCAGCSqGSIb3DQEJARYTamFtZXNAaGFzaGljb3JwLmNvbTAgFw0y +MjA0MTQyMjQxNTBaGA8yMTIyMDMyMTIyNDE1MFowgYQxDzANBgNVBAMMBkJvbm5p ZTETMBEGA1UECAwKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMxKTAnBgkqhkiG9w0B CQEWGmRvLW5vdC1yZXBseUBoYXNoaWNvcnAuY29tMRIwEAYDVQQKDAlFbmQgUG9p bnQxEDAOBgNVBAsMB1Rlc3RpbmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQDpxsOS28WlhI9l3rXf1m8hRJEM/OW3o1Nt/s/G7yCGu+VORmIWZrwgX+TY -B7p7/uWSA20pOPfJjgSxQOY5V3w3Tj6JfjEiknPY0iVVBXT6/EMw8DkXUe4N8Txc -YHV59VeMBg0IwPDQg5RqvAmzCGIqn5wky0DQXu1f62qzotpwTtEvy61MAovoZOCQ -myX4M6eg/eWTG50A9X56ZTuUUo/5teVFZy/7xDt5qASZl00h9vOZ4VAmMpaxOGYh -abPX6pfhROtyjwb28w+f5hoEP0p+FChF5NJL10iFQBXxAnL+Sty1fL8+2Wt2bG3L -iA2PyRCSpTXnS/Z6yBw6b8OUNCzpAgMBAAGjUjBQMAkGA1UdEwQCMAAwCwYDVR0P +AoIBAQDEG4RQDIbyPVcEyX8+uUcc6y5OeS95QlxkDbP5kXDaroV0VLmW3P/bkEtO +10omfCx9PFeedNI+cK6g1q6ByBkcwPmBIcfjWMmlfK5wIqb/smQJwUS2mLtSbkj/ +Eiilh6PR9mNQzosUoYFLKhQbkwYLJl+uHzMZyPVFyg/xbLBpTBkKB+2K4DAw4nAg +pojylOZo/QoC5CCUkprdLWIcvADP0rgqK/sZDrfrNltKM0I4oH2xBKPxICOMWuZD +euIKBB4y13BSMT4rWt1NfnIaVwXOhYcF9D6JXs5oXUymTR3FONm7P4QkMLdNUllW +9WZoSr7WzJ4UoZo2dqCv211t0zvNAgMBAAGjUjBQMAkGA1UdEwQCMAAwCwYDVR0P BAQDAgXgMDYGA1UdEQQvMC2CEXNlcnZlci5kYzMuY29uc3Vsghhib25uaWUuc2Vy -dmVyLmRjMy5jb25zdWwwDQYJKoZIhvcNAQEFBQADggEBABQhVUQmuqwqPLcSOumf -wl0Zr271DM8s/L1+DuOpqhlxRk1EwoEE/ADpy6bQ5RrASx/SEK8ufMu+0Dwil+xR -Oq+JyIreOuRNRrs2vwj9bB/flOm14URjqOo04tOnyfp0EhUlFLGTjBP8tIzZlXqq -CTePLBJi/Lwjo13Q7zGdB8jJ9FC5PS7A3SbeW8dzZyiL/vW5UpNY20tNSnCr8zj4 -/7e9lA5PTW1CLOUEndIhmWb0CKaxikDZiQX/9GK2O6M9+Pi6URVQ3NHP3CEoVrKs -0icCXKyetRx98ipGEEPFQENDx0obZ0Sp93LkFwy9sjSFcV9i/rK4PnNJtNmEFRY9 -SqA= +dmVyLmRjMy5jb25zdWwwDQYJKoZIhvcNAQENBQADggEBADhkLBmIaeSLDOWvRq13 +7Ja3ufHgTIKR8dmyLU/Lmn5KIWOlz7dAk8eP4wbnxUrp3Rn4Mw7esrHtMihSBTVq +XjwpwH6BzGkT50iraaoWdv+3FojySlG10BBTDiyqoKSTfj9g5RQn65tebcxueRMO +KFlKHr3LJui/5PrkFFUDrXNqior2Qbx3ZZOhbpH0J//Rt00tJ5GDPiPV59nWcIgq +4huF7hS4F4hFf8F+Pfs535//zF0EmJYE1J7twU6RC8+XRfLBQaXHNuvLxJbZOD7X +ViqK23b1t4Xn3wYVohAkKo2OoDXj8hoKXxg9ZYPqK2BGEOWCbTPIZjz5EWX0k5vh +yrA= -----END CERTIFICATE----- diff --git a/test/hostname/Bonnie.key b/test/hostname/Bonnie.key index 00ba5d620..82799dffe 100644 --- a/test/hostname/Bonnie.key +++ b/test/hostname/Bonnie.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDpxsOS28WlhI9l -3rXf1m8hRJEM/OW3o1Nt/s/G7yCGu+VORmIWZrwgX+TYB7p7/uWSA20pOPfJjgSx -QOY5V3w3Tj6JfjEiknPY0iVVBXT6/EMw8DkXUe4N8TxcYHV59VeMBg0IwPDQg5Rq -vAmzCGIqn5wky0DQXu1f62qzotpwTtEvy61MAovoZOCQmyX4M6eg/eWTG50A9X56 -ZTuUUo/5teVFZy/7xDt5qASZl00h9vOZ4VAmMpaxOGYhabPX6pfhROtyjwb28w+f -5hoEP0p+FChF5NJL10iFQBXxAnL+Sty1fL8+2Wt2bG3LiA2PyRCSpTXnS/Z6yBw6 -b8OUNCzpAgMBAAECggEBAJg3A0CsOJT9KyF5UZLdXJ6ctpVuVWSsw7XrI/6z1Mnl -rfi5e0R6wCOUTL0cyx/RaEkaUgl1PmHORt/jEgRkIk0gdTexIu0Pzr5ulkA1vWVu -u5Ex2PqGLiqF2HeNlvBB/y79AZ+hgStDgW+939LisohuRIzwitMh/A1oi6FLeE+G -w3JpkomArYWpGDWY9UF5WU/LquriLYDlgqsLFwLiVg73qFHCroN80ZYmQ1DF6x9W -JD6t4INk7brAoDzb2XiJtr246xcz9Fy7bPR59706vQvGS4vUB0W/+x8glVDlSYqi -2gnqHpTRl/0r/MwMwN28tqDd6TNB+qpYOUoCpVnEYcECgYEA/yRhV1wUZh46Bi89 -nq2RRTFsPnNfR/abMwNw3Jz6L3RftqlC6oqUjR9twV3mEYP+X9fHYa/MVASi9YTD -0hIeGcMX6nker0YfYxacc/cfh+8jrh/rMFbfng1fKWESMgyT8v2ZhCAFiqow4JWe -JgKpc9TlnlBSUg+QtaO15gREL4cCgYEA6o/+IKU7eMgEFjBO+BxgYETroBPZwAxy -RTjdISl9qafn8bJw3jfQPRGdEtAhXxniSVatkN3XhQD3kda+g0tMi4L3GgbJci3m -hoaO+YSErX93Grk5KHkyBXhiYp5eezWZgzj3bvXW+AjG9l1/2zOtXEB08vabrrYq -a6mo+bVQfA8CgYAVnU9hxzszK3xe6cGen7We1wEEiWGZBxs+xxvYlLPdMU6qesxg -cj0Dd5Yku3+yHCyAkhch/3Kf64SiqAyuzzodlJmCE6C12IrwKgo3CMhzC59KMQoL -nlBzY06cgsy30Lj37OQEfXH6vVBGtmYfcjpIxdBuCP/wU8E+og/W3KWqIQKBgBDf -Lp5WhEKZ0IFwFB4QnHYQPwqSovUHcCi+gFlkTJ+pbiuadDfnt9jMrYmu4teeWwJ/ -c5iZ/GiauzQISEfVYLogP3nlxxOpbY17nEkiWRDJvF11uUDKBukR0bHaRl2Ca3pe -3J1knYPVzcnmy82OmAesszzOtEAK5l48I+ViP1nNAoGAJMB2QRhrYQqjQtC4oHdp -6tGRBIS2ElgdILlXdHhvUyxvUONWEoymODeBXABMUUgiwLU/kGyt6pcjMMOStJnR -gTfGhjYIT+L5C7Ivz0OQU+CYV2i0W+c4xgjBKbuscisgg2CurS3cF1tera1Qve/Y -UtVBRnZ8/v/NisLFbtum/+Y= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDEG4RQDIbyPVcE +yX8+uUcc6y5OeS95QlxkDbP5kXDaroV0VLmW3P/bkEtO10omfCx9PFeedNI+cK6g +1q6ByBkcwPmBIcfjWMmlfK5wIqb/smQJwUS2mLtSbkj/Eiilh6PR9mNQzosUoYFL +KhQbkwYLJl+uHzMZyPVFyg/xbLBpTBkKB+2K4DAw4nAgpojylOZo/QoC5CCUkprd +LWIcvADP0rgqK/sZDrfrNltKM0I4oH2xBKPxICOMWuZDeuIKBB4y13BSMT4rWt1N +fnIaVwXOhYcF9D6JXs5oXUymTR3FONm7P4QkMLdNUllW9WZoSr7WzJ4UoZo2dqCv +211t0zvNAgMBAAECggEASeIgGFSP5uXrSfdsREJjo2aLnK8VjrbMvjlXbBg6j3ke ++HQPM+JxVtRnOv3rhtJTpJ8+V4mlyDaF5DzdpDGyHF4r4lXKzEGgPwPZaI/1oPIh +tHcnHzAtquG4CLlbrPmMY8dTJZebWJt8bcgdqUHcDglYFO7WPsmydqepGAkd8Z07 +6Ze6tGhKbxoXYSDLEJ+twjLmWO52gWMUIAlDBawTikJ+ig9uzIO1EmxO7C2dUAHS +eImqoWgo4/uMKWgaFIjwFCvgLPItPmd8ej/tpAx/ASHBzAJbyOpbZM26h3+3RPte +RXwISe8Q9WSk5UnjFvy2+UKZ1KH4B1RutKGK2NM6tQKBgQDrqbzgAnCRbsW+Xy/D +jYh3JLJNpy6t+igMrV3Zzsaxf6rugJrcokvLcySeTjSD41pzkDX2JobJjP90/bAs +CFORm7e8a+M1z71JA/Hk6+nJwSlFpFynfIjPZsjTi7LgupBp+g0EGgv8kpm76l9T +lQRN96VBuePgvx62TtV4EagGGwKBgQDVB+s045fEa/KDAOJWsI1Wf589q+sztifE +02KNXWfgLGUzTDZbkGA5I+A/WTL+btRmUWlr+T9dALX8bI49Jho3CqVwGqkK1HA6 +7UykslGKaySMTcw4jU5jS64MPxCSklbeIAq9myYUESTQX7tidDjT8zMl/egiO7Ye +xMMWx/yENwKBgGPrLOzhu+69w9Pqseq8+K5jfcIU72LOnOp7Gz69QFuD4OqM1pxT +p8VURaNlTzjYTcKP04FRZnbQdIObCHYy9ZPYLTgTmlt3gC8UIBzKte5YGvKvNKXC +1JLzZpTjN223TIHShnBFxu1JDyuwvMhId3HDXWsXsPnart/nXvUwr0gfAoGBAMZm +dZvwSyxYDKgNbr6l9zwT586cCpVClI8u/54A2/lf33CDDi0ArV0KGJNnE6L6vT39 +nF0+6NBJFTReNaqljcytUZ6ydbTsXQnEb5kDqgVr+8Hfws74a4T2usYVBe479EMz +PE2R7UjLHqoiPnZXH4Xl/kDn1AXt7pOBVOAmqPrJAoGAMILgsmVBydvWvoQCYZRH +utnrswIYzDw9DeaLgktI/Sc9QJr1rswbW13Q/xMSb+czsmOV8jhUS7Vk+Xz6gzii +qtoOS9b5ojJP1Y+7gVY8sKVMsEJXm1sTA01HPd6WiN7gzbMpPzO64YzCFHYYZX1E +C+CDwDatWgLJeomG/2UNr68= -----END PRIVATE KEY----- diff --git a/test/hostname/certindex b/test/hostname/certindex index d6a932c66..56c177d36 100644 --- a/test/hostname/certindex +++ b/test/hostname/certindex @@ -1,6 +1,4 @@ -V 180512061548Z 18 unknown /CN=Alice/ST=California/C=US/emailAddress=james@hashicorp.com/O=End Point/OU=Testing -V 190512090339Z 19 unknown /CN=Alice/ST=California/C=US/emailAddress=james@hashicorp.com/O=End Point/OU=Testing -V 21180418090432Z 1A unknown /CN=Alice/ST=California/C=US/emailAddress=james@hashicorp.com/O=End Point/OU=Testing -V 21191110203328Z 1B unknown /CN=Bob/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing -V 21191117214339Z 1C unknown /CN=Betty/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing -V 21191118210436Z 1D unknown /CN=Bonnie/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21220321224150Z 2E unknown /CN=Alice/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21220321224150Z 2F unknown /CN=Bob/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21220321224150Z 30 unknown /CN=Betty/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21220321224150Z 31 unknown /CN=Bonnie/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing diff --git a/test/hostname/myca.conf b/test/hostname/myca.conf index 5d7538043..593f092b7 100644 --- a/test/hostname/myca.conf +++ b/test/hostname/myca.conf @@ -13,7 +13,7 @@ database = certindex private_key = privkey.pem serial = serialfile default_days = 36500 -default_md = sha1 +default_md = sha512 policy = myca_policy x509_extensions = myca_extensions diff --git a/test/hostname/serialfile b/test/hostname/serialfile index e28e17eb7..f5c89552b 100644 --- a/test/hostname/serialfile +++ b/test/hostname/serialfile @@ -1 +1 @@ -1E +32 diff --git a/test/key/ourdomain.cer b/test/key/ourdomain.cer index 52d13b59e..bae609085 100644 --- a/test/key/ourdomain.cer +++ b/test/key/ourdomain.cer @@ -1,25 +1,26 @@ -----BEGIN CERTIFICATE----- -MIIERjCCAy6gAwIBAgIBEDANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx +MIIETTCCAzWgAwIBAgIBETANBgkqhkiG9w0BAQ0FADCBmDELMAkGA1UEBhMCVVMx CzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNI YXNoaUNvcnAgVGVzdCBDZXJ0MQwwCgYDVQQLEwNEZXYxFjAUBgNVBAMTDXRlc3Qu -aW50ZXJuYWwxIDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tMCAXDTE4 -MDUxMjA5MTAwOVoYDzIxMTgwNDE4MDkxMDA5WjCBhjEYMBYGA1UEAwwPdGVzdGNv -LmludGVybmFsMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzEiMCAG -CSqGSIb3DQEJARYTamFtZXNAaGFzaGljb3JwLmNvbTESMBAGA1UECgwJRW5kIFBv -aW50MRAwDgYDVQQLDAdUZXN0aW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEA0X9Ft3q7EbTgyt4W0BwGtZ/kdDw+k2VEXs9GXRh7BG0sjWIu4szAbkau -igKwAdCcAHfZe4fRNTtzlUb7RnYSLB9SJZEbvwM07mfesR1ZpxtIKsCFZ8DjJ6Wo -eAvc+2JTIcWZLXuDIIIMZ6plvPbHN8RRnC5H4fw9Z8L+qmyyn0o7+4SClkhf2AZa -6WmoZCMbrSLMQdhx1MZTO86GeUJpIG0l3XJLb7wnfn5WDG/GZB8TGAycRD1EP5mx -wzgNqJLvL3TgL0d9NIwC0rpQC4qeP6pzngdr0KV0vgFyYoSBLHiU77+HL1C8QFN4 -fWGoBjEfkVPjHKOk323OgJKWizB34wIDAQABo4GoMIGlMAkGA1UdEwQCMAAwHQYD -VR0OBBYEFHJwH4f2QlFTTll+bnNiZZBo1oheMB8GA1UdIwQYMBaAFKP56zn6r23n -tlZJVSiBZckBG7iVMAsGA1UdDwQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI -KwYBBQUHAwIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3BhdGgudG8uY3JsL215 -Y2EuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQA0ICTh1Dli9siCA5heDl51YCjoCVGa -B7OfoJStOW3BjesingD6kpQUPdbjr0qFzvSsn7IVd8v9IGr/hknBy9gjroPmwoct -gTgTuZpRm727AQiA6KSANnOz+dwb4r0ckdDqIrUTmk4lV7Pdk0lPONtGxfa8c3gY -QjaML7GK9QRU56RmYar+5VV2wI24lqz6cwpwTCa0gpZTRRKorpBONjSpZY4myGT4 -rWRkGTu59XX0POvQxg4i2CL5Lu6WE43APoFRJBCYIQoTqOi7KwlaYqJZG7pa8LU0 -mjDUjW3cNxthYLk2q3cZ4+Or5hbUZGBFhD716+FnChZ/531lgrGWLLMN +aW50ZXJuYWwxIDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tMCAXDTIy +MDQxNTE0MjUzOFoYDzIxMjIwMzIyMTQyNTM4WjCBjTEYMBYGA1UEAwwPdGVzdGNv +LmludGVybmFsMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzEpMCcG +CSqGSIb3DQEJARYaZG8tbm90LXJlcGx5QGhhc2hpY29ycC5jb20xEjAQBgNVBAoM +CUVuZCBQb2ludDEQMA4GA1UECwwHVGVzdGluZzCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAK6g0P0eGgLw2B63xyXjRhy5WnbYegJoQJtpnJ0NvgJyZfCz +G6vIw/xjtriyW2rcw9qoEQ7aerN93UdUQaECe3J4QalobFbw9VCGIPJEblBBBKAk +Y8Ek3Ldv6WWO0hWhho11JgjhpGfpFJtDKKs9vZ/tDwiU549ra5tTppMvyZIce+nW +SVkQAlq7zFUshgBu0k1tliU9bOUwZlRnT5xnDTHhKAqyBNGX5pVxhLXv+FM9UMHw +UbCbbucWb3oF1wbARTtLnDsmI0V9PPsUVAbc+sZ4ZQKcNmq92zKq3MjB93Kitfx+ +IdSGCJ+bP8mTQCTDrqDVVCsCaeOZ4Ufa+9kRvcsCAwEAAaOBqDCBpTAJBgNVHRME +AjAAMB0GA1UdDgQWBBTCmo+KBFV1kXzUsiC7xtwK8I9udjAfBgNVHSMEGDAWgBSj ++es5+q9t57ZWSVUogWXJARu4lTALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB +BQUHAwEGCCsGAQUFBwMCMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly9wYXRoLnRv +LmNybC9teWNhLmNybDANBgkqhkiG9w0BAQ0FAAOCAQEAr/evKySRc48PNzFovBbx +vWtHgIunJ9JOE8vJyomiuup99AaLvUkRvDIdQjLRac/0rgCD3NXjqQIb5QZPmuVy +w4obNwQaqfJdLys+pQUo1Ly0nPTs5ValIyICDAUf066lcMKNIh6oSn9y9kp/DqBP +feucrJLpwVKHsuUddDCbDPUNwgSbOC6mGvDfA2Q5bd9DMDuBWeRrU7qnfyNCVbem +V2mljJl5TOEc/Yn2vES7rFv987QXOhZGw1Eerhxazi+gwJvxiC1oE5urNk9k1UL/ +byayC5BQiDSee9oyE0YDvKRD9lcvQuk7hVLBv2rY1rqNsPaJKncrnXTtJBqMQHVA +cg== -----END CERTIFICATE----- diff --git a/test/key/ourdomain.cfg b/test/key/ourdomain.cfg index 1b1bbbc92..f20f98b78 100644 --- a/test/key/ourdomain.cfg +++ b/test/key/ourdomain.cfg @@ -8,5 +8,5 @@ ST = California L = Los Angeles O = End Point OU = Testing -emailAddress = james@hashicorp.com +emailAddress = do-not-reply@hashicorp.com CN = testco.internal diff --git a/test/key/ourdomain.key b/test/key/ourdomain.key index d997337c1..7a02cadd0 100644 --- a/test/key/ourdomain.key +++ b/test/key/ourdomain.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDRf0W3ersRtODK -3hbQHAa1n+R0PD6TZURez0ZdGHsEbSyNYi7izMBuRq6KArAB0JwAd9l7h9E1O3OV -RvtGdhIsH1IlkRu/AzTuZ96xHVmnG0gqwIVnwOMnpah4C9z7YlMhxZkte4Mgggxn -qmW89sc3xFGcLkfh/D1nwv6qbLKfSjv7hIKWSF/YBlrpaahkIxutIsxB2HHUxlM7 -zoZ5QmkgbSXdcktvvCd+flYMb8ZkHxMYDJxEPUQ/mbHDOA2oku8vdOAvR300jALS -ulALip4/qnOeB2vQpXS+AXJihIEseJTvv4cvULxAU3h9YagGMR+RU+Mco6Tfbc6A -kpaLMHfjAgMBAAECggEAJeSNaaiLWaKL3mXZXn8TP5rSKawT7XktqrB3G7On3J8a -peASdvdt/wRN4aymxU1ESlljPxLL5oMAXwndvVrx4oUvyJe8mworcsva3dJfOviW -TxVPi/q5m5w9IqmSqO2Z98vT7wQeLa0YLVAG4u0ID7A0yrkcS2XifXgptA3BKUpi -QwukeaVLFJQDIUnokyvNLKryQh6wRd3+qKlKLJCxKVHRBIXafYo+gYarKI9Npjex -3jbf2cTpIEBTOc8vKsUGfJIJg0E6y6LGgCL2I7YUOh3WCJEKag64ufpSvwGcpmi8 -/u2H1YWJn0HzCeWfy+8q9iamLlkc+DcbxV/T5pPqgQKBgQDxCZUmQC3/NBiT11Hr -PT8k8TAW2BbvwIsBa/PhnkRUGHyUZAw/dqoQZzy42g4xa2Rl8ZOCVOEFB726RzOo -KzOIqVUxZFrt6upyU6UB1ypETz0l3dmRwh0pA/7Ko5kxSE0Jy4CJl7d706uVGCTf -5/6KRL2aMxVgCZH9tomCfWJ+wwKBgQDegHiiwUSPgbJwGMPc1OdTSOy6Zn7702T9 -GRDgEzXDRJqFrOh3GkUDRUYXXGWuP9ZydD8Bpah2OE2SzPNQf9SYzu84KLivUUkP -jE/IHx8Avjx+Sj3EvUNuONfWD/Ch043nqpsEQ6WJZuumf3DVu6fJk49o+4n241U6 -pI2mmKDQYQKBgBhYCmtJkhuzTEQqPAjRL75waZX1DyP5w1BKceA4ltgTfQmTrTT/ -rB9p/dUBmOte2E3/fxFrtypF5OCablouus6zo3oQk6pxzmnrjr/H1mn9wsQ/SskQ -3NcWozYeHcu/bKBvoDTFUO+9qhetz5OZn7ihRrD7Nc50SP1h4TN/rGH3AoGBAIvE -iAM1BKxg/IYOCHsgAm/+zzYITJxEHpwesssPRiZzYd220BCBH/j9+xmRoQ3kbAFZ -pHqUZU5d79zXgcB/jDyxQPQ2IE2A8jQiH7vGUONWnQl3+XUsrr7+VhbRzIbbLbjp -Ipd7JvE5Ba6BP5ADYVLurpdz6yZ7h35e/9w25E4BAoGAN6OGNF3wKP9gGMKgxpOu -SemLp6v8WGOTuqbqkhfsbLCd4IR6apYh5AWn2aiIq0cJvkUfgb8/yGAbP/fqsMXd -IvVqiOGKoMHfB4bb6grJk3CdpgHcaOtNowFRDKzXNuXH7f7xNNxSABIdXk6aSmkI -NEBFopxmFg7bQdfXMaciFBE= +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCuoND9HhoC8Nge +t8cl40YcuVp22HoCaECbaZydDb4CcmXwsxuryMP8Y7a4sltq3MPaqBEO2nqzfd1H +VEGhAntyeEGpaGxW8PVQhiDyRG5QQQSgJGPBJNy3b+lljtIVoYaNdSYI4aRn6RSb +QyirPb2f7Q8IlOePa2ubU6aTL8mSHHvp1klZEAJau8xVLIYAbtJNbZYlPWzlMGZU +Z0+cZw0x4SgKsgTRl+aVcYS17/hTPVDB8FGwm27nFm96BdcGwEU7S5w7JiNFfTz7 +FFQG3PrGeGUCnDZqvdsyqtzIwfdyorX8fiHUhgifmz/Jk0Akw66g1VQrAmnjmeFH +2vvZEb3LAgMBAAECggEBAIVRvXwhKRaprTX2dJIWa4auc8RcDPodgYWlIa49uZzA +ndcfxrZltkrQDcYAVQ7GsLgUq8E9R4QVSYSVbO1xqbGA4hBl6qCNoZvyauDLIbUf +jlp8rbPdYqyhQf0JBpcBFGqWz4zkR9IU/mhy42+o2UZpg5q3o/m4txSEzp18VFW5 +KiuArjFmnfrIMvIcL/CEYUCbr1hhPoySOikQZbAObNXgOKurGXR52TgUztMwt32A +oJUAmtLu+ti4Q/ffKhaV0pfRhB0Byqsbm/ONDVTdKUwKDiMrBV8CqRquXunHWJ7D +sqBi8EnM6Ke08ZLqobqQWKmjVMT41rQYAk/1FqEGWJECgYEA3UfggUMX6nysXzVs +MZ7RNbjoSwISa/4I2QGSf3moW7N7G2NTcHPjOM2qhZ2IqR5QTQ8Q9zpPpeOtWquj +3+G45fGCT8aB1A6Pt1d/oTU1g5s7cHn0DzDNB4+5iWwPE+x5XdaZU1kzm6hTS6H6 +Roby7/Hm1PUw+0SXyKSQ9vw4HTcCgYEAygcO5SB0LqjTumRjhAM0OQSRU+rADaJA +X6g5IkjFMm20AH9cA/rg7ZVw3D3ZPZg0yd+qqhE5rIFvVyLUhkaFobZ17i+pUKcf +GH9m5BIuYyg7n78uy/0F9RTZbv2U0nHObUdg5jK4/9PQvhLihEIBEbl7X4RWlgtU +3oZKsP36zg0CgYABUDzn54ML1EOdqQ6EWOH7BKb0UwXS+EYLK7Q353v1V2Jirjs/ +jqCJpMbfVikKf/CQFIfQP9tbK7fKsvwdBxT24HEakh4RKSj3OKC8TzmLF2/J4h9t +u6dr5RF/3FFWl++8e9qbIQtqYBxmdYarxn9Ip1Hsb6wjwat4+GkX3jVjDwKBgQDH +CMkd5ylPRrjBa2G3j0iF3AApQp9PT0hIdX1ET5kno3iw/Mh0i1fJ+W6lLLG3wxpO +wHJs9mdxkltU51WlrBi/RvlMXdxbPyqdgfamP1tACUUkjr/V7ENQPugwNtfFtKWA +d8/5OoOUVuPSPty3HCfdhHUNl12OmT9Vs8wmLzJGiQKBgQDDC8MU/Llbg/Lhl76j +VuOrOci4p6fc5ICagFYBUyms0wsyP7RWseCgFQtthDPuBCArewY4j7AqmRgkDrqa +gOCrJeptdKT2oCkn6AlxBc9kP2Y0N5vLEkwkkrQAbP/3iG/d4raOSTKMOT8voXpv +f4HT3Zolz4FPrtFKVOi0VA3Z5A== -----END PRIVATE KEY----- diff --git a/tlsutil/config.go b/tlsutil/config.go index bf4e9f6c6..da85c2e72 100644 --- a/tlsutil/config.go +++ b/tlsutil/config.go @@ -447,15 +447,19 @@ func (c *Configurator) Base() Config { // find bugs. By accepting a varargs of slices we remove the need for the // caller to append the groups, which should prevent any such bugs. func newX509CertPool(groups ...[]string) (*x509.CertPool, error) { + var haveCerts bool pool := x509.NewCertPool() for _, group := range groups { for _, pem := range group { if !pool.AppendCertsFromPEM([]byte(pem)) { return nil, fmt.Errorf("failed to parse PEM %s", pem) } + if len(pem) > 0 { + haveCerts = true + } } } - if len(pool.Subjects()) == 0 { + if !haveCerts { return nil, nil } return pool, nil diff --git a/tlsutil/config_test.go b/tlsutil/config_test.go index b49bd66bc..75fa83945 100644 --- a/tlsutil/config_test.go +++ b/tlsutil/config_test.go @@ -7,6 +7,8 @@ import ( "io" "io/ioutil" "net" + "os" + "path" "path/filepath" "testing" @@ -1018,15 +1020,16 @@ func TestConfigurator_LoadCAs(t *testing.T) { shouldErr bool isNil bool count int + expectedCaPool *x509.CertPool } variants := []variant{ - {"", "", false, true, 0}, - {"bogus", "", true, true, 0}, - {"", "bogus", true, true, 0}, - {"", "../test/bin", true, true, 0}, - {"../test/ca/root.cer", "", false, false, 1}, - {"", "../test/ca_path", false, false, 2}, - {"../test/ca/root.cer", "../test/ca_path", false, false, 1}, + {"", "", false, true, 0, nil}, + {"bogus", "", true, true, 0, nil}, + {"", "bogus", true, true, 0, nil}, + {"", "../test/bin", true, true, 0, nil}, + {"../test/ca/root.cer", "", false, false, 1, getExpectedCaPoolByFile(t)}, + {"", "../test/ca_path", false, false, 2, getExpectedCaPoolByDir(t)}, + {"../test/ca/root.cer", "../test/ca_path", false, false, 1, getExpectedCaPoolByFile(t)}, } for i, v := range variants { pems, err1 := LoadCAs(v.cafile, v.capath) @@ -1045,7 +1048,7 @@ func TestConfigurator_LoadCAs(t *testing.T) { } else { require.NotEmpty(t, pems, info) require.NotNil(t, pool, info) - require.Len(t, pool.Subjects(), v.count, info) + assertDeepEqual(t, v.expectedCaPool, pool, cmpCertPool) require.Len(t, pems, v.count, info) } } @@ -1325,7 +1328,7 @@ func TestConfigurator_AutoEncryptCert(t *testing.T) { cert, err = loadKeyPair("../test/key/ourdomain.cer", "../test/key/ourdomain.key") require.NoError(t, err) c.autoTLS.cert = cert - require.Equal(t, int64(4679716209), c.AutoEncryptCert().NotAfter.Unix()) + require.Equal(t, int64(4803632738), c.AutoEncryptCert().NotAfter.Unix()) } func TestConfigurator_AuthorizeInternalRPCServerConn(t *testing.T) { @@ -1570,3 +1573,51 @@ func loadFile(t *testing.T, path string) string { require.NoError(t, err) return string(data) } + +func getExpectedCaPoolByFile(t *testing.T) *x509.CertPool { + pool := x509.NewCertPool() + data, err := ioutil.ReadFile("../test/ca/root.cer") + if err != nil { + t.Fatal("could not open test file ../test/ca/root.cer for reading") + } + if !pool.AppendCertsFromPEM(data) { + t.Fatal("could not add test ca ../test/ca/root.cer to pool") + } + return pool +} + +func getExpectedCaPoolByDir(t *testing.T) *x509.CertPool { + pool := x509.NewCertPool() + entries, err := os.ReadDir("../test/ca_path") + if err != nil { + t.Fatal("could not open test dir ../test/ca_path for reading") + } + + for _, entry := range entries { + filename := path.Join("../test/ca_path", entry.Name()) + + data, err := ioutil.ReadFile(filename) + if err != nil { + t.Fatalf("could not open test file %s for reading", filename) + } + + if !pool.AppendCertsFromPEM(data) { + t.Fatalf("could not add test ca %s to pool", filename) + } + } + + return pool +} + +// lazyCerts has a func field which can't be compared. +var cmpCertPool = cmp.Options{ + cmpopts.IgnoreFields(x509.CertPool{}, "lazyCerts"), + cmp.AllowUnexported(x509.CertPool{}), +} + +func assertDeepEqual(t *testing.T, x, y interface{}, opts ...cmp.Option) { + t.Helper() + if diff := cmp.Diff(x, y, opts...); diff != "" { + t.Fatalf("assertion failed: values are not equal\n--- expected\n+++ actual\n%v", diff) + } +}