github-repos/wget
1
0
Fork 0
mirror of https://github.com/mirror/wget.git synced 2025-04-24 12:10:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Added new tests for SSL

Browse Source 
* tests/Test-https-badcerts.px : New file
* tests/Test-https-clientcert.px : New file
* tests/Test-https-crl.px : New file
* tests/Test-https-weboftrust.px : New file
* tests/certs/interca.conf : New file
* tests/certs/rootca.conf : New file
* tests/certs/test-ca-key.pem : New file

Added all new SSL / HTTPS tests to make check
Added Test for SSL Web of Trust, accept only if CA chain of trust is intact.
Added a test script for client certificate
Added Test for crlfile option of wget
Added test to make sure that wget doesn't accept expired or invalid certs

Some clean up : Removed cause of warnings from perl & other cosmetic changes
This commit is contained in:
Vijo Cherian 2017-04-21 12:34:16 -07:00 committed by Tim Rühsen
parent ac519c041e
commit f6376ac0dc
13 changed files with 799 additions and 14 deletions

10
tests/Makefile.am
View File

@ -128,7 +128,15 @@ PX_TESTS = \
Test--start-pos--continue.px \
Test--httpsonly-r.px \
Test-204.px \
Test-ftp-pasv-not-supported.px
Test-ftp-pasv-not-supported.px \
Test-https-pfs.px \
Test-https-tlsv1.px \
Test-https-tlsv1x.px \
Test-https-selfsigned.px \
Test-https-weboftrust.px \
Test-https-clientcert.px \
Test-https-crl.px \
Test-https-badcerts.px
EXTRA_DIST = FTPServer.pm FTPTest.pm HTTPServer.pm HTTPTest.pm \
WgetTests.pm WgetFeature.pm WgetFeature.cfg $(PX_TESTS) \

15
tests/SSLServer.pm
View File

@ -30,12 +30,12 @@ my $sslsock;
my $plaincon;
my %args;
$HTTP::Daemon::DEBUG=5;
#$HTTP::Daemon::DEBUG=5;
#*DEBUG = \$HTTP::Daemon::DEBUG;
$args{SSL_error_trap} ||= \&ssl_error;
my $class = shift;
my $class = 'SSLServer';
my $self = {};
$self = bless $self, $class;
@ -86,7 +86,7 @@ sub accept
if ($sock) {
${*$sock}{'httpd_daemon'} = $self;
${*$self}{'httpd_daemon'} = $sock;
my $fileno = ${*$self}{'_SSL_fileno'} = fileno($self);
my $fileno = ${*$self}{'_SSL_fileno'} = &fileno($self);
my $f = $sock->fileno;
return wantarray ? ($sock, $peer) : $sock;
}
@ -157,19 +157,21 @@ sub run
{
my ($self, $urls, $synch_callback) = @_;
my $initialized = 0;
my $sslsock;
while (1)
{
if (!$initialized)
{
$sslsock = $self->ssl_setup_conn();
$sslsock || warn "Failed to get ssl sock";
$initialized = 1;
open (LOGFILE, '>', "/tmp/wgetserver.log");
LOGFILE->autoflush(1);
print LOGFILE "Starting logging";
$synch_callback->() if $synch_callback;
}
my $sslsock = $self->ssl_setup_conn();
$sslsock || warn "Failed to get ssl sock";
$synch_callback->() if $synch_callback;
my $con = $self->accept();
${*$self}{'sslcon'} = $con;
@ -216,7 +218,6 @@ sub run
print LOGFILE "Closing connection\n" if $log;
close(LOGFILE);
$con->close();
last;
}
}

147
tests/Test-https-badcerts.px Executable file
View File

@ -0,0 +1,147 @@
#!/usr/bin/env perl
use strict;
use warnings;
use POSIX;
use SSLTest;
###############################################################################
# code, msg, headers, content
my %urls = (
'/somefile.txt' => {
code => "200",
msg => "Dontcare",
headers => {
"Content-type" => "text/plain",
},
content => "blabla",
},
);
my $cdir = $ENV{'PWD'};
# HOSTALIASES env variable allows us to create hosts file alias.
my $testhostname = "wgettesterr";
my $testhostfile = "$cdir/wgethosts";
open(my $fh, '>', $testhostfile);
print $fh "$testhostname 127.0.0.1\n";
close $fh;
$ENV{'HOSTALIASES'} = "$cdir/wgethosts";
# Create certindex
open CERTID, ">", "$cdir/certs/certindex" or
warn "Cannot overwrite file $cdir/certs/certindex";
close CERTID;
# Create certserial
open CERTSN, ">", "$cdir/certs/certserial" or
warn "Cannot overwrite file $cdir/certs/certserial";
print CERTSN "1122";
close CERTSN;
# Create crlnumber
open CRLN, ">", "$cdir/certs/crlnumber" or
warn "Cannot overwrite file $cdir/certs/crlnumber";
print CRLN "1122";
close CRLN;
my $caconf = "$cdir/certs/rootca.conf";
my $cacrt = "$cdir/certs/test-ca-cert.pem";
my $cakey = "$cdir/certs/test-ca-key.pem";
# Prepare expired server certificate
my $servercrt = "certs/tmpserver.crt";
my $serverkey = "certs/tmpserver.key";
my $servercsr = "$cdir/certs/tmpserver.csr";
my $enddate = strftime "%y%m%d%H%M%S%z", localtime(time-86400);
my $startdate = strftime "%y%m%d%H%M%S%z", localtime(time+86400);
my $serversubj = "/C=US/ST=CA/L=Server Mystery Spot/O=Serv/CN=".
"$testhostname/emailAddress=servertester";
my $servercmd = "openssl genrsa -out $serverkey 4096 && openssl req -new".
" -sha256 -key $serverkey -out $servercsr -days 365 ".
" -subj \"$serversubj\" &&".
"openssl ca -batch -config $caconf -notext ".
"-enddate $enddate -in $servercsr".
" -out $servercrt";
system($servercmd);
my $servercheck =`(openssl x509 -noout -modulus -in $servercrt | openssl md5 ;
openssl rsa -noout -modulus -in $serverkey | openssl md5) |
uniq | wc -l`;
# Check if certificate and key are made correctly.
unless(-e $servercrt && -e $serverkey && $servercheck == 1)
{
exit 77; # skip
}
# Try Wget using SSL with expired cert. Expect Failure.
my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cacrt".
" https://$testhostname:55443/somefile.txt";
my $expected_error_code = 5;
my %existing_files = (
);
my %expected_downloaded_files = (
'somefile.txt' => {
content => "blabla",
},
);
my $sslsock = SSLTest->new(cmdline => $cmdline,
input => \%urls,
errcode => $expected_error_code,
existing => \%existing_files,
output => \%expected_downloaded_files,
certfile => $servercrt,
keyfile => $serverkey,
lhostname => $testhostname);
if ($sslsock->run() == 0)
{
exit -1;
}
print "Test successful.\n";
system("/bin/rm $servercrt $serverkey $servercsr");
$servercmd = "openssl genrsa -out $serverkey 4096 && openssl req -new".
" -sha256 -key $serverkey -out $servercsr -days 365 ".
" -subj \"$serversubj\" &&".
"openssl ca -batch -config $caconf -notext ".
" -startdate $startdate -in $servercsr".
" -out $servercrt";
system($servercmd);
$servercheck =`(openssl x509 -noout -modulus -in $servercrt | openssl md5 ;
openssl rsa -noout -modulus -in $serverkey | openssl md5) |
uniq | wc -l`;
# Check if certificate and key are made correctly.
unless(-e $servercrt && -e $serverkey && $servercheck == 1)
{
exit 77; # skip
}
# Retry the test with --no-check-certificate. expect success
$cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cacrt".
" https://$testhostname:55443/somefile.txt";
$expected_error_code = 5;
my $retryssl = SSLTest->new(cmdline => $cmdline,
input => \%urls,
errcode => $expected_error_code,
existing => \%existing_files,
output => \%expected_downloaded_files,
certfile => $servercrt,
keyfile => $serverkey,
lhostname => $testhostname);
if ($retryssl->run() == 0)
{
exit 0;
}
else
{
exit -1;
}
# vim: et ts=4 sw=4

142
tests/Test-https-clientcert.px Executable file
View File

@ -0,0 +1,142 @@
#!/usr/bin/env perl
use strict;
use warnings;
use SSLTest;
###############################################################################
# code, msg, headers, content
my %urls = (
'/somefile.txt' => {
code => "200",
msg => "Dontcare",
headers => {
"Content-type" => "text/plain",
},
content => "blabla",
},
);
my $cdir = $ENV{'PWD'};
# HOSTALIASES env variable allows us to create hosts file alias.
my $testhostname = "wgettesterr";
my $testhostfile = "$cdir/wgethosts";
open(my $fh, '>', $testhostfile);
print $fh "$testhostname 127.0.0.1\n";
close $fh;
$ENV{'HOSTALIASES'} = "$cdir/wgethosts";
# Create certindex
open CERTID, ">", "$cdir/certs/certindex" or
warn "Cannot overwrite file $cdir/certs/certindex";
close CERTID;
# Create certserial
open CERTSN, ">", "$cdir/certs/certserial" or
warn "Cannot overwrite file $cdir/certs/certserial";
print CERTSN "1122";
close CERTSN;
# Create crlnumber
open CRLN, ">", "$cdir/certs/crlnumber" or
warn "Cannot overwrite file $cdir/certs/crlnumber";
close CRLN;
my $caconf = "$cdir/certs/rootca.conf";
my $cacrt = "$cdir/certs/test-ca-cert.pem";
my $cakey = "$cdir/certs/test-ca-key.pem";
# Prepare server certificate
my $servercrt = "certs/tmpserver.crt";
my $serverkey = "certs/tmpserver.key";
my $servercsr = "$cdir/certs/tmpserver.csr";
my $serversubj = "/C=US/ST=CA/L=Server Mystery Spot/O=Serv/CN=".
"$testhostname/emailAddress=servertester";
my $servercmd = "openssl genrsa -out $serverkey 4096 && openssl req -new".
" -sha256 -key $serverkey -out $servercsr -days 365 ".
" -subj \"$serversubj\" &&".
"openssl ca -batch -config $caconf -notext -in $servercsr".
" -out $servercrt";
system($servercmd);
my $servercheck =`(openssl x509 -noout -modulus -in $servercrt | openssl md5 ;
openssl rsa -noout -modulus -in $serverkey | openssl md5) |
uniq | wc -l`;
# Check if certificate and key are made correctly.
unless(-e $servercrt && -e $serverkey && $servercheck == 1)
{
exit 77; # skip
}
# Prepare client certifcate
my $clientcert = "$cdir/certs/client.crt";
my $clientkey = "$cdir/certs/client.key";
my $clientcsr = "$cdir/certs/client.csr";
my $clientsubj = "/C=US/ST=CA/L=Client Mystery Spot/O=Client/CN=".
"Client Tester/emailAddress=clienttester";
my $clientcertcmd = "openssl genrsa -out $clientkey 4096 &&".
" openssl req -new -key $clientkey -out $clientcsr".
" -subj \"$clientsubj\" &&".
" openssl ca -config $caconf -in $clientcsr ".
" -out $clientcert -batch";
system($clientcertcmd);
my $clientcheck=`(openssl x509 -noout -modulus -in $clientcert | openssl md5 ;
openssl rsa -noout -modulus -in $clientkey | openssl md5) |
uniq | wc -l`;
# Check if signed certificate and key are made correctly.
unless(-e $clientcert && -e $clientkey && $clientcheck == 1)
{
exit 77; # skip
}
# Try Wget using SSL with mismatched client cert & key . Expect error
my $cmdline = $WgetTest::WGETPATH . " --certificate=$clientcert ".
" --private-key=$serverkey ".
" --ca-certificate=$cacrt".
" https://$testhostname:55443/somefile.txt";
my $expected_error_code = 5;
my %existing_files = (
);
my %expected_downloaded_files = (
'somefile.txt' => {
content => "blabla",
},
);
my $sslsock = SSLTest->new(cmdline => $cmdline,
input => \%urls,
errcode => $expected_error_code,
existing => \%existing_files,
output => \%expected_downloaded_files,
certfile => $servercrt,
keyfile => $serverkey,
lhostname => $testhostname);
if ($sslsock->run() == 0)
{
exit 0;
}
# Retry wget using SSL with client certificate. Expect success
$cmdline = $WgetTest::WGETPATH . " --certificate=$clientcert".
" --private-key=$clientkey ".
" --ca-certificate=$cacrt".
" https://$testhostname:55443/somefile.txt";
$expected_error_code = 0;
my $retryssl = SSLTest->new(cmdline => $cmdline,
input => \%urls,
errcode => $expected_error_code,
existing => \%existing_files,
output => \%expected_downloaded_files,
certfile => $servercrt,
keyfile => $serverkey,
lhostname => $testhostname);
exit $retryssl->run();
# vim: et ts=4 sw=4

142
tests/Test-https-crl.px Executable file
View File

@ -0,0 +1,142 @@
#!/usr/bin/env perl
use strict;
use warnings;
use SSLTest;
###############################################################################
# code, msg, headers, content
my %urls = (
'/somefile.txt' => {
code => "200",
msg => "Dontcare",
headers => {
"Content-type" => "text/plain",
},
content => "blabla",
},
);
my $cdir = $ENV{'PWD'};
# HOSTALIASES env variable allows us to create hosts file alias.
my $testhostname = "wgettesterr";
my $testhostfile = "$cdir/wgethosts";
open(my $fh, '>', $testhostfile);
print $fh "$testhostname 127.0.0.1\n";
close $fh;
$ENV{'HOSTALIASES'} = "$cdir/wgethosts";
# Create certindex
open CERTID, ">", "$cdir/certs/certindex" or
warn "Cannot overwrite file $cdir/certs/certindex";
close CERTID;
# Create certserial
open CERTSN, ">", "$cdir/certs/certserial" or
warn "Cannot overwrite file $cdir/certs/certserial";
print CERTSN "1122";
close CERTSN;
# Create crlnumber
open CRLN, ">", "$cdir/certs/crlnumber" or
warn "Cannot overwrite file $cdir/certs/crlnumber";
print CRLN "1122";
close CRLN;
my $caconf = "$cdir/certs/rootca.conf";
my $cacrt = "$cdir/certs/test-ca-cert.pem";
my $cakey = "$cdir/certs/test-ca-key.pem";
# Prepare server certificate
my $servercrt = "certs/tmpserver.crt";
my $serverkey = "certs/tmpserver.key";
my $servercsr = "$cdir/certs/tmpserver.csr";
my $serversubj = "/C=US/ST=CA/L=Server Mystery Spot/O=Serv/CN=".
"$testhostname/emailAddress=servertester";
my $servercmd = "openssl genrsa -out $serverkey 4096 && openssl req -new".
" -sha256 -key $serverkey -out $servercsr -days 365 ".
" -subj \"$serversubj\" &&".
"openssl ca -batch -config $caconf -notext -in $servercsr".
" -out $servercrt";
system($servercmd);
my $servercheck =`(openssl x509 -noout -modulus -in $servercrt | openssl md5 ;
openssl rsa -noout -modulus -in $serverkey | openssl md5) |
uniq | wc -l`;
# Check if certificate and key are made correctly.
unless(-e $servercrt && -e $serverkey && $servercheck == 1)
{
exit 77; # skip
}
# Try Wget using SSL first without --no-check-certificate. Expect Success.
my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cacrt".
" https://$testhostname:55443/somefile.txt";
my $expected_error_code = 0;
my %existing_files = (
);
my %expected_downloaded_files = (
'somefile.txt' => {
content => "blabla",
},
);
my $sslsock = SSLTest->new(cmdline => $cmdline,
input => \%urls,
errcode => $expected_error_code,
existing => \%existing_files,
output => \%expected_downloaded_files,
certfile => $servercrt,
keyfile => $serverkey,
lhostname => $testhostname);
if ($sslsock->run() != 0)
{
exit -1;
}
# Revoke the certificate
my $crlfile = "$cdir/certs/servercrl.pem";
my $revokecmd = "openssl ca -config $caconf -revoke $servercrt &&
openssl ca -config $caconf -gencrl -keyfile $cakey ".
"-cert $cacrt -out $crlfile";
system($revokecmd);
# Check if CRL file is generated.
unless(-e $crlfile)
{
exit 77; # skip
}
# To read a CRL file use the following command:
# openssl crl -text -in certs/root.crl.pem
# Retry the test with CRL. Expect Failure.
$cmdline = $WgetTest::WGETPATH . " --crl-file=$crlfile ".
" --ca-certificate=$cacrt".
" https://$testhostname:55443/somefile.txt";
$expected_error_code = 5;
my $retryssl = SSLTest->new(cmdline => $cmdline,
input => \%urls,
errcode => $expected_error_code,
existing => \%existing_files,
output => \%expected_downloaded_files,
certfile => $servercrt,
keyfile => $serverkey,
lhostname => $testhostname);
if ($retryssl->run() == 0)
{
exit -1;
}
else
{
print "Test successful.\n";
exit 0;
}
# vim: et ts=4 sw=4

2
tests/Test-https-pfs.px
View File

@ -45,6 +45,6 @@ my $sslsock = SSLTest->new(cmdline => $cmdline,
errcode => $expected_error_code,
existing => \%existing_files,
output => \%expected_downloaded_files);
$sslsock->run();
exit $sslsock->run();
# vim: et ts=4 sw=4

10
tests/Test-https-selfsigned.px
View File

@ -39,7 +39,8 @@ system($sscertcmd);
my $sscheck=`(openssl x509 -noout -modulus -in $certfile | openssl md5 ; openssl rsa -noout -modulus -in $keyfile | openssl md5) | uniq|wc -l`;
# Check if Self signed certificate and key are made correctly.
unless(-e $certfile && -e $keyfile && $sscheck == 1) {
unless(-e $certfile && -e $keyfile && $sscheck == 1)
{
exit 77; # skip
}
@ -63,7 +64,10 @@ my $sslsock = SSLTest->new(cmdline => $cmdline,
certfile => $certfile,
keyfile => $keyfile,
lhostname => $testhostname);
$sslsock->run();
if ($sslsock->run() == 0)
{
exit 0;
}
# Retry the test with --no-check-certificate. expect success
$cmdline = $WgetTest::WGETPATH . " --no-check-certificate --ca-certificate=$cdir/certs/test-ca-cert.pem https://$testhostname:55443/somefile.txt";
@ -78,5 +82,5 @@ my $retryssl = SSLTest->new(cmdline => $cmdline,
certfile => $certfile,
keyfile => $keyfile,
lhostname => $testhostname);
$retryssl->run();
exit $retryssl->run();
# vim: et ts=4 sw=4

2
tests/Test-https-tlsv1.px
View File

@ -45,6 +45,6 @@ my $sslsock = SSLTest->new(cmdline => $cmdline,
errcode => $expected_error_code,
existing => \%existing_files,
output => \%expected_downloaded_files);
$sslsock->run();
exit $sslsock->run();
# vim: et ts=4 sw=4

2
tests/Test-https-tlsv1x.px
View File

@ -45,6 +45,6 @@ my $sslsock = SSLTest->new(cmdline => $cmdline,
errcode => $expected_error_code,
existing => \%existing_files,
output => \%expected_downloaded_files);
$sslsock->run();
exit $sslsock->run();
# vim: et ts=4 sw=4

155
tests/Test-https-weboftrust.px Executable file
View File

@ -0,0 +1,155 @@
#!/usr/bin/env perl
use strict;
use warnings;
use SSLTest;
###############################################################################
# code, msg, headers, content
my %urls = (
'/somefile.txt' => {
code => "200",
msg => "Dontcare",
headers => {
"Content-type" => "text/plain",
},
content => "blabla",
},
);
my $cdir = $ENV{'PWD'};
# HOSTALIASES env variable allows us to create hosts file alias.
my $testhostname = "wgettesterr";
my $testhostfile = "$cdir/wgethosts";
open(my $fh, '>', $testhostfile);
print $fh "$testhostname 127.0.0.1\n";
close $fh;
$ENV{'HOSTALIASES'} = "$cdir/wgethosts";
# Create certindex
open CERTID, ">", "$cdir/certs/certindex" or
warn "Cannot overwrite file $cdir/certs/certindex";
close CERTID;
# Create certserial
open CERTSN, ">", "$cdir/certs/certserial" or
warn "Cannot overwrite file $cdir/certs/certserial";
print CERTSN "1122";
close CERTSN;
# Create crlnumber
open CRLN, ">", "$cdir/certs/crlnumber" or
warn "Cannot overwrite file $cdir/certs/crlnumber";
close CRLN;
# Create Intermediate CA
my $caconf = "certs/rootca.conf";
my $icrtfile = "certs/interca.crt";
my $ikeyfile = "certs/interca.key";
my $icsrfile = "certs/interca.csr";
my $icasubj = "/C=US/ST=CA/L=Intermediate Mystery Spot/O=Int/CN=".
"ica-$testhostname/emailAddress=icatester";
my $icacmd = "openssl genrsa -out $ikeyfile 4096 && openssl req -new".
" -sha256 -key $ikeyfile -out $icsrfile -days 365 ".
" -subj \"$icasubj\" &&".
"openssl ca -batch -config $caconf -notext -in $icsrfile".
" -out $icrtfile";
system($icacmd);
my $icacheck=`(openssl x509 -noout -modulus -in $icrtfile | openssl md5 ;
openssl rsa -noout -modulus -in $ikeyfile | openssl md5) |
uniq | wc -l`;
# Check if certificate and key are made correctly.
unless(-e $icrtfile && -e $ikeyfile && $icacheck == 1)
{
exit 77; # skip
}
# Now create web of trust - Root CA + Intermediate CA
open WOT, ">", "$cdir/certs/wotca.pem" or
die "Cannot overwrite file $cdir/certs/wotca";
open ICA, "<", $icrtfile or die "Cannot read file $icrtfile";
while (<ICA>)
{
print WOT $_;
}
print WOT "\n";
close ICA;
open RCA, "<", "$cdir/certs/test-ca-cert.pem" or
die "Cannot read file $cdir/certs/test-ca-cert.pem";
while (<RCA>)
{
print WOT $_;
}
print WOT "\n";
close RCA;
close WOT;
# Create Test certificate using intermediate CA
my $icaconf = "certs/interca.conf";
my $usrcrt = "certs/user.crt";
my $usrkey = "certs/user.key";
my $usrcsr = "certs/user.csr";
my $usrsubj = "/C=US/ST=CA/L=User Mystery Spot/O=Int/CN=$testhostname/".
"emailAddress=usertester";
my $usrcmd = "openssl genrsa -out $usrkey 4096 && ".
"openssl req -new -sha256 -key $usrkey -out $usrcsr -days".
" 365 -subj \"$usrsubj\" && ".
"openssl ca -batch -config $icaconf -notext -in $usrcsr ".
"-out $usrcrt";
system($usrcmd);
my $usrcheck=`(openssl x509 -noout -modulus -in $usrcrt | openssl md5 ;
openssl rsa -noout -modulus -in $usrkey | openssl md5) |
uniq | wc -l`;
# Check if certificate and key are made correctly.
unless(-e $usrcrt && -e $ikeyfile && $usrcheck == 1)
{
exit 77; # skip
}
# Try Wget using SSL using certificate signed by intermediate CA. Expect error.
my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cdir/certs/".
"test-ca-cert.pem https://$testhostname:55443/somefile.txt";
my $expected_error_code = 5;
my %existing_files = (
);
my %expected_downloaded_files = (
'somefile.txt' => {
content => "blabla",
},
);
my $sslsock = SSLTest->new(cmdline => $cmdline,
input => \%urls,
errcode => $expected_error_code,
existing => \%existing_files,
output => \%expected_downloaded_files,
certfile => $usrcrt,
keyfile => $usrkey,
lhostname => $testhostname);
if ($sslsock->run() == 0)
{
exit 0;
}
# Retry the test with --no-check-certificate. expect success
$cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cdir/certs/wotca.pem".
" https://$testhostname:55443/somefile.txt";
$expected_error_code = 0;
my $retryssl = SSLTest->new(cmdline => $cmdline,
input => \%urls,
errcode => $expected_error_code,
existing => \%existing_files,
output => \%expected_downloaded_files,
certfile => $usrcrt,
keyfile => $usrkey,
lhostname => $testhostname);
exit $retryssl->run();
# vim: et ts=4 sw=4

64
tests/certs/interca.conf Normal file
View File

@ -0,0 +1,64 @@
[ ca ]
default_ca = myca
[ crl_ext ]
issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always
[ myca ]
dir = ./certs/
new_certs_dir = $dir
unique_subject = no
certificate = $dir/interca.crt
database = $dir/certindex
private_key = $dir/interca.key
serial = $dir/certserial
default_days = 730
default_md = sha1
policy = myca_policy
x509_extensions = myca_extensions
crlnumber = $dir/crlnumber
default_crl_days = 730
[ myca_policy ]
commonName = supplied
stateOrProvinceName = supplied
countryName = optional
emailAddress = optional
organizationName = supplied
organizationalUnitName = optional
[ myca_extensions ]
basicConstraints = critical,CA:TRUE
keyUsage = critical,any
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
keyUsage = digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth
crlDistributionPoints = @crl_section
subjectAltName = @alt_names
authorityInfoAccess = @ocsp_section
[ v3_ca ]
basicConstraints = critical,CA:TRUE,pathlen:0
keyUsage = critical,any
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
keyUsage = digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth
crlDistributionPoints = @crl_section
subjectAltName = @alt_names
authorityInfoAccess = @ocsp_section
[alt_names]
DNS.0 = wgettesterr
[crl_section]
URI.0 = http://intertest.wgettest.org/Bogus.crl
URI.1 = http://intertest.wgettest.org/Bogus.crl
[ocsp_section]
caIssuers;URI.0 = http://intertest.wgettest.com/Bogus.crt
caIssuers;URI.1 = http://intertest.wgettest.com/Bogus.crt
OCSP;URI.0 = http://intertest.wgettest.com/ocsp/
OCSP;URI.1 = http://intertest.wgettest.com/ocsp/

64
tests/certs/rootca.conf Normal file
View File

@ -0,0 +1,64 @@
[ ca ]
default_ca = myca
[ crl_ext ]
issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always
[ myca ]
dir = ./certs/
new_certs_dir = $dir
unique_subject = no
certificate = $dir/test-ca-cert.pem
database = $dir/certindex
private_key = $dir/test-ca-key.pem
serial = $dir/certserial
default_days = 730
default_md = sha1
policy = myca_policy
x509_extensions = myca_extensions
crlnumber = $dir/crlnumber
default_crl_days = 730
[ myca_policy ]
commonName = supplied
stateOrProvinceName = supplied
countryName = optional
emailAddress = optional
organizationName = supplied
organizationalUnitName = optional
[ myca_extensions ]
basicConstraints = critical,CA:TRUE
keyUsage = critical,any
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
keyUsage = digitalSignature,keyEncipherment,cRLSign,keyCertSign
extendedKeyUsage = serverAuth
crlDistributionPoints = @crl_section
subjectAltName = @alt_names
authorityInfoAccess = @ocsp_section
[ v3_ca ]
basicConstraints = critical,CA:TRUE,pathlen:0
keyUsage = critical,any
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
keyUsage = digitalSignature,keyEncipherment,cRLSign,keyCertSign
extendedKeyUsage = serverAuth
crlDistributionPoints = @crl_section
subjectAltName = @alt_names
authorityInfoAccess = @ocsp_section
[alt_names]
DNS.0 = wgettesterr
[crl_section]
URI.0 = http://test.wgettest.org/Bogus.crl
URI.1 = http://test.wgettest.org/Bogus.crl
[ocsp_section]
caIssuers;URI.0 = http://test.wgettest.com/Bogus.crt
caIssuers;URI.1 = http://test.wgettest.com/Bogus.crt
OCSP;URI.0 = http://test.wgettest.com/ocsp/
OCSP;URI.1 = http://test.wgettest.com/ocsp/

58
tests/certs/test-ca-key.pem Normal file
View File

@ -0,0 +1,58 @@
!!!!!DO NOT USE THIS KEY FOR ANYTHING !!!!!!!
!!!!THIS FILE IS FOR TESTING WGET ONLY!!!!!!
-----BEGIN RSA PRIVATE KEY-----
MIIJKgIBAAKCAgEArx5p0JWOfE/z3GXkd57QaemGBC8ZmE463Yhy6WtR7ww5MGMl
QmlsYYvEeZj/3FLe2mdAazTAlU8uf3BM5f8PUVahESgwevGVNJLtgOGJgxXp5csl
LlWYZ+a3qL1FJYVqPKfiK/tb8BsgzzPyECmlCerXw1lQ+34Fc36bw5vFw6igegb8
yz5N59yvZp3b9iooU1J5yRTGTpEmGhUrUNdUc2MEe2bwLiEgffVmX9oc2mIqLwfR
tFjJMvNb6Zr42yllWC5aVeSJ86tkIhuLRQRD/nmy3NR/Txne764BhNnJ+/INV16U
fJz1A2BeFBhbPdH7T6jQx3BxRDQew66Qe8ESGuWa6SsjWwhiCl/lJ1UeUWt9pjDN
qT4kfeWQzZKnbMoC7hwLMmmo9fsL65jPNR9iclf5FXBap39/gtWl9vobuTi+6yLJ
BGBvB4FsFsRNDVu0PM06wUew/d9oTP+3/GKI8UnqiT+76RlC3lcyRdAk5LKFofg9
bPkNm/dw6aDFtfFTE4oNjRXrUK9w3SZsknne2oOveKoGOYg79T/wlgUo++Uwwa8N
yYujycVhEvqMdvX68awlrQIxMFSOcyeaiGVuZ/gWIq/7VZaDJGEpnm8vXkpkyxhD
Wa3qQcLqHKbydckEaLHc2BuNjI3yNiYZUxVr8MHRgrBarEXLHz0yarvNNUECAwEA
AQKCAgEApUnNkoU3QfqtMCA0bvvFt9IlHpneTLW6NhNucwdLBJjC+fr61h5vn/qu
bh+NkMXfdsHyOb5G8CcWuk6jJouCR8G+sVT/vWt862yrI/S9OK9cX/tIkt1Txu4r
9+b99xZgWfQUNHNCKfVRGIHtPngwQJYbJVWObHJcbtDX8N984Nqu7b7eqG+cVPcl
z3O8hDLycQLt1G/5ZXr3PbMxeVJlcavKNTfKB6BY7MrN4Dcc+LujGVUGCHWtIpw0
6t/Nd/8wmvTVazEVTJs/HjplT7VhADaaLnmb2GuQ0yWoZV6zmUy0bvzkpmH3mUJC
SjFbHZSu4ldzCGwHXNrdFtITqdtoW81Tj+b3EsqNlB2u1I8DpOMR8vMGy5f0rYhs
Lf4Vmpvggw4bzLeu9A6XStxiB/wExn1QlQd54X1zfhssoF/pbu2RtCujn+y3zYCd
2c9gqdN5MaGsr1NSYUPilj39E4S4FwtGnZGIYhClglToy0sMB/8lQvGIz0WRRfSG
g+LUuiWuqn95ZrnSJvTSYCvsH0OB64IWpd9sHtu/P8Cjms3B/nIYjbG5gj68m319
AsK1uFAqVmlGYVJVzgND9B9Egd4cODlTSsncEUQlS8PUZaym50FoBuO4vN+IYrZO
H/yL6+hq3l/va/xlr4ZMEiBdEAiSj7g6XqQGzTgOz47RJn1FAGECggEBAOi8Moix
SGHhxpJZgeHuL2FgBuNT9GVDoTNbUtEoZ7NsJd4BG3MjbZFluFoSfFiawAqJ3e6c
ptUSiZ1KXN1gvMwVkget3MyenEzohYczwYOQeREAeRVr25Wq8cegvLaDFejMclCs
ILC80BaGbVcAmJMdOBzLVqtY/7lps0LWpGd/6KYXTm41erhWJkvx+Vt0uPKVzGqx
Ijjh/DSc5eX5BIdn2bYHLRu/xqfnX2kSH37PSto55ROSu8D8YwjaOdyQ1Hha6+O1
Q6E4d2HliYqv1WaDHjyAXjmlP/3ob5f3QdXbqpB1smGPimK3hiZB0sYgdUI3yW9c
NkynqGBeoTSPjG0CggEBAMCfyVJnG1fCnFZFCtPawYKK/IoMNyYzgIKomlcBdF/8
J8Gwr6jcFBbdefT+VypVO0DywPrIFppDzjGEmZarFRgXsspGBenQQrZTPG1eUldY
U89ODTsYNk0AXdctkMvAFSfVbA/4pnXAiXzKeEDk2YOhDYP1Y/T9eZQ3AI+LNeGO
1Oqd9hGgsW0rqVgW+rCbUTezFE5J+2zbzMu2XnJieueG33iaVMpHzqnLLe27SYcI
7VmgttZL4eL6/klPHSKC8x3y1c2T88d+HAuW+mB+bQ2iQWYfM82SyxjTER/7jpTy
Zpj/mibgt2cQxVowWFmMMOLXczhpu/GOgRxxCXVQn6UCggEBAOa30vzxiskGMn1Y
4EpifnPw50MrMkfFEKRB70rL3GnhV3TK8jRlNbSC+4vHcZ/A4YpQ/EMU5sqp0uSs
GH2Z7e//nkGgmRf8UQRpKh5LL5bGfU5egqq6vveTfJajARGJyAl9zAGvccTjmQIL
h49NVvPYbo0VAzlgRDrBz2T+NgMoqTEmP6k/uQXO2a5GFiYVA1fxKrHGIh/z37sk
o0Aladj2Gby7RnuQ1VYUJ+CYh8KFqzXFWRPbTefWDDN1axD+PrOFpv2Y749+09Kn
438qKsqyRyJBO6e360VBzIcBJjHkzyTgmNLgopaUSxfX/yRMfxIDDd0os+ev+Vp3
1SWu/M0CggEAWSvfZCFNPCRggWN27rpPaOJ0pGehRDMFY/cvc+W9fQ3bTcRAnXg8
aJVg9vSjX3qTcq6ufaoRJJsNIklTXLeYjU2zPAaMiEAcEhGYYL0Qe1Ttf4OPhnLf
+GeaCZoTdO9YG9emLgKa9NoMC9QjNU98Dn6JJjR8cJbDKMUJomn8qI2ZrX8wwdpV
KMfUnm4M4aMVRybE2LVRCoT6WrfzIxrJ8NK0Mz2m0PnLBzmC6pIQKM4OKrbGzY/V
Y2F0RHW2dBqQ96VKKuA6M3kC/K6I/BCq5WvewKrjLWCuWrCjNd4blIJe0qdJMoRH
AxR1eBn3XIUUwH6i3VO9aMbiqEr/6OpI7QKCAQEAslqWEcRSL8bxXTVs1Jqip4wW
lbJoym+zXhMLiqxCbMukClkkCdaI+lxNVdxs4MpACHYRAhHwVvAujz5JcgiMjSRC
IK/JGu9uVkSriA/YJxmmMPvTYI1bmT1lT99HUqhzM5COuSFJh9D8cfpHJSUC+6rF
1U/YcdcrZAMl3UH30XdsJLc6l3L/0gyseohwWT76dSqqOOathvNM5PsE8jNzPEo7
VUdfrrDpEw0dPjk4IF8cpC389H1j8lnwxkWQtHHhXZTXHJlC9xYPa3PRsRn18pJy
vxz9r76vJ3YJiQTxv8MKw/AaQrNDZng0Ff5kqQAqc/q/CvHdb2pur8NTsS/09w==
-----END RSA PRIVATE KEY-----
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!DO NOT USE THIS KEY FOR ANYTHING !!!!!!!
!!!!THIS FILE IS FOR TESTING WGET ONLY!!!!!!