diff --git a/test/danetest.in b/test/danetest.in index 4df32e4258..e7aa8c6aba 100644 --- a/test/danetest.in +++ b/test/danetest.in @@ -1027,7 +1027,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== # 30 1 2 0 0 1 -0 1 1 65A457617072DA3E7F1152471EB3D406526530097D0A9AA34EB47C990A1FCDA3 +0 1 0 3059301306072a8648ce3d020106082a8648ce3d030107034200047d4bae18b49f5dc69d0a3c85c66a3e2119de92cfad081fad55c12d510ec97b6c00e13695a8d9713548fe60df15573390433e2a1bd92db4b7aa016ec6185dc5af subject= /CN=example.com issuer= /CN=Issuer CA notBefore=Dec 13 23:23:52 2015 GMT @@ -1059,6 +1059,39 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== -----END CERTIFICATE----- # 31 +1 2 0 0 1 +0 1 1 65A457617072DA3E7F1152471EB3D406526530097D0A9AA34EB47C990A1FCDA3 +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- + +# 32 1 3 0 0 1 0 0 2 6BC0C0F2500320A49392910965263A3EBDD594173D3E36CCE38A003D2EC3FAFBC315EDB776CD3139637DF494FB60359601542A4F821BF0542F926E6270C9762C subject= /CN=example.com @@ -1105,7 +1138,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 32 +# 33 1 3 0 0 1 0 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05 subject= /CN=example.com @@ -1152,7 +1185,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 33 +# 34 1 2 0 0 2 0 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C subject= /CN=example.com @@ -1185,7 +1218,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== -----END CERTIFICATE----- -# 34 +# 35 1 2 0 0 2 0 1 1 91D942E4A2D4226DDAF28CADAA7F13018E4ED0D9A43A529247E51C965188576C subject= /CN=example.com @@ -1218,7 +1251,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== -----END CERTIFICATE----- -# 35 +# 36 1 3 0 0 2 0 0 2 361029F20A3B59DAFAAF05D41811EFC1A9439B972BC6B9D7F13BC5469570E49ACAE0CB0C877C75D58346590EA950AC7A39AED6E8AA8004EA7F5DE3AB9462047E subject= /CN=example.com @@ -1265,7 +1298,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 36 +# 37 1 3 0 0 2 0 1 2 5F414D4D7BFDF22E39952D9F46C51370FDD050F10C55B4CDB42E40FA98611FDE23EEE9B23315EE1ECDB198C7419E9A2D6742860E4806AF45164507799C3B452E subject= /CN=example.com @@ -1314,7 +1347,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF ## -- PKIX-?? chain failures -- -# 37 +# 38 # Missing intermediate CA 1 1 0 20 0 1 0 1 BEDC04764CECAE80AEE454D332758F50847DCA424216466E4012E0DEAE1F2E5F @@ -1334,7 +1367,7 @@ RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X GoTXBNutM50ph9QYUtxZNvISlHBjkRGB -----END CERTIFICATE----- -# 38 +# 39 # Missing PKIX intermediate, provided via DNS 2 1 0 0 0 1 1 1 3111668338043DE264D0256A702248696C9484B6221A42740F920187B4C61838 @@ -1355,7 +1388,7 @@ RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X GoTXBNutM50ph9QYUtxZNvISlHBjkRGB -----END CERTIFICATE----- -# 39 +# 40 # Wrong leaf digest 1 3 0 65 -1 1 0 2 F756CCD61F3CA50D017653911701CA0052AF0B29E273DD263DD23643D86D4369D03686BD1369EF54BB2DC2DAE3CE4F05AF39D54648F94D54AA86B259AEAD9924 @@ -1403,7 +1436,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 40 +# 41 # Wrong intermediate digest 1 2 0 65 -1 0 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBE @@ -1437,7 +1470,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== -----END CERTIFICATE----- -# 41 +# 42 # Wrong root digest 1 2 0 65 -1 0 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3D @@ -1473,7 +1506,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== ## -- Mixed usage cases -# 42 +# 43 # DANE-EE(3) beats DANE-TA(2) 1 3 0 0 0 3 1 2 CB861AF6DDED185EE04472A9092052CCC735120C34785E72C996C94B122EBA6F329BE630B1B4C6E2756E7A75392C21E253C6AEACC31FD45FF4595DED375FAF62 @@ -1522,7 +1555,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 43 +# 44 # DANE-TA(2) depth 1 beats DANE-TA(2) depth 2 1 3 0 0 1 2 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05 @@ -1571,7 +1604,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 44 +# 45 # DANE-TA(2) depth 2 beats PKIX-TA(0) depth 1 1 3 0 0 2 2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C @@ -1620,7 +1653,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 45 +# 46 # DANE-TA(2) depth 2 beats PKIX-EE depth 0 1 3 0 0 2 2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C @@ -1669,7 +1702,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 46 +# 47 # DANE-TA(2) Full(0) root "from DNS": 1 2 0 0 2 2 0 0 308201643082010BA003020102020101300A06082A8648CE3D04030230123110300E06035504030C07526F6F742043413020170D3135313231333233313330385A180F33303135303431353233313330385A30123110300E06035504030C07526F6F742043413059301306072A8648CE3D020106082A8648CE3D03010703420004D1DA578FD18FB86456B0D91B5656BDD68D4DDBD250E337571127C75E0560F41D0AF91BFAF8805F80C28C026A14D4FE8C30A9673B9EC0C05A84AA810D1341B76CA350304E301D0603551D0E04160414E4BD405F052A820DDF9883F93D7D3F90AAEC723F301F0603551D23041830168014E4BD405F052A820DDF9883F93D7D3F90AAEC723F300C0603551D13040530030101FF300A06082A8648CE3D040302034700304402206869E6AA9F9B4D4BF308091A5A7AB2C30E3619B0D75E528819468E4BB926F4C9022017F1B8458611966FBC109CAED3582966BF25FC0598EABA6C793C58DCC3537CC5 @@ -1703,7 +1736,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== -----END CERTIFICATE----- -# 47 +# 48 # DANE-TA(2) Full(0) intermediate "from DNS": 1 1 0 0 1 2 0 0 308201683082010DA003020102020102300A06082A8648CE3D04030230123110300E06035504030C07526F6F742043413020170D3135313231333233323030395A180F33303135303431353233323030395A30143112301006035504030C094973737565722043413059301306072A8648CE3D020106082A8648CE3D030107034200047D4BAE18B49F5DC69D0A3C85C66A3E2119DE92CFAD081FAD55C12D510EC97B6C00E13695A8D9713548FE60DF15573390433E2A1BD92DB4B7AA016EC6185DC5AFA350304E301D0603551D0E041604147AB75A3CD295CA5DF7C5150916E18FF5CC376A15301F0603551D23041830168014E4BD405F052A820DDF9883F93D7D3F90AAEC723F300C0603551D13040530030101FF300A06082A8648CE3D0403020349003046022100831DCD882DA8785D50E41020898C0248879DDDF72D701D1DC1DE6BE08155B43E022100B84B2FB519C4CD3CBC791603D4488F7707597DB7980D9C173E7FDD0ECD7CA308 @@ -1723,7 +1756,7 @@ RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X GoTXBNutM50ph9QYUtxZNvISlHBjkRGB -----END CERTIFICATE----- -# 48 +# 49 # DANE-TA(2) SPKI(1) Full(0) intermediate "from DNS": 1 1 0 0 0 2 1 0 3059301306072A8648CE3D020106082A8648CE3D030107034200047D4BAE18B49F5DC69D0A3C85C66A3E2119DE92CFAD081FAD55C12D510EC97B6C00E13695A8D9713548FE60DF15573390433E2A1BD92DB4B7AA016EC6185DC5AF @@ -1743,7 +1776,7 @@ RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X GoTXBNutM50ph9QYUtxZNvISlHBjkRGB -----END CERTIFICATE----- -# 49 +# 50 # DANE-TA(2) SPKI(1) Full(0) root "from DNS": 1 2 0 0 1 2 1 0 3059301306072A8648CE3D020106082A8648CE3D03010703420004D1DA578FD18FB86456B0D91B5656BDD68D4DDBD250E337571127C75E0560F41D0AF91BFAF8805F80C28C026A14D4FE8C30A9673B9EC0C05A84AA810D1341B76C @@ -1777,7 +1810,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== -----END CERTIFICATE----- -# 50 +# 51 # Mismatched name "example.org", should still succeed given a # DANE-EE(3) match. 1 3 1 0 0 @@ -1826,7 +1859,7 @@ AgNJADBGAiEAumhPWZ37swl10awM/amX+jv0UlUyJBf8RGA6QMG5bwICIQDbinER fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ== -----END CERTIFICATE----- -# 51 +# 52 # Mismatched name "example.org", should fail despite a DANE-TA(2) # match for the intermediate CA. 1 3 0 62 1 @@ -1875,7 +1908,7 @@ AgNJADBGAiEAumhPWZ37swl10awM/amX+jv0UlUyJBf8RGA6QMG5bwICIQDbinER fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ== -----END CERTIFICATE----- -# 52 +# 53 # Mismatched name "example.org", should fail despite a DANE-TA(2) # match for the root CA. 1 3 0 62 2 @@ -1924,7 +1957,7 @@ AgNJADBGAiEAumhPWZ37swl10awM/amX+jv0UlUyJBf8RGA6QMG5bwICIQDbinER fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ== -----END CERTIFICATE----- -# 53 +# 54 # Mismatched name "example.org", should fail when name checks # are not disabled for DANE-EE(3). 1 3 0 62 0