mirror of
https://github.com/curl/curl.git
synced 2024-12-21 06:50:10 +08:00
ef07452a5c
The SHA-1 algorithm is deprecated (particularly for security-sensitive applications) in a variety of OS environments. This already affects RHEL-9 and derivatives, which are not willing to use certificates using that algorithm. The fix is to use sha256 instead, which is already used for most of the other certificates in the test suite. Fixes #10135 This gets rid of issues related to sha1 signatures. Manual steps after "make clean-certs" and "make build-certs": - Copy tests/certs/stunnel-sv.pem to tests/stunnel.pem (make clean-certs does not remove the original tests/stunnel.pem) - Copy tests/certs/Server-localhost-sv.pubkey-pinned into --pinnedpubkey options of tests/data/test2041 and tests/data/test2087 Closes #10153
168 lines
8.1 KiB
Plaintext
168 lines
8.1 KiB
Plaintext
extensions = x509v3
|
|
[ x509v3 ]
|
|
subjectAltName = DNS:localhost,DNS:localhost1,DNS:localhost2
|
|
keyUsage = keyEncipherment,digitalSignature,keyAgreement
|
|
extendedKeyUsage = serverAuth
|
|
subjectKeyIdentifier = hash
|
|
authorityKeyIdentifier = keyid
|
|
basicConstraints = CA:false
|
|
authorityInfoAccess = @issuer_info
|
|
crlDistributionPoints = @crl_info
|
|
|
|
[ crl_ext ]
|
|
authorityKeyIdentifier = keyid:always
|
|
authorityInfoAccess = @issuer_info
|
|
|
|
[ issuer_info ]
|
|
caIssuers;URI.0 = http://test.curl.se/ca/EdelCurlRoot.cer
|
|
|
|
[ crl_info ]
|
|
URI.0 = http://test.curl.se/ca/EdelCurlRoot.crl
|
|
|
|
[ req ]
|
|
default_bits = 1024
|
|
distinguished_name = req_DN
|
|
default_md = sha256
|
|
string_mask = utf8only
|
|
|
|
[ req_DN ]
|
|
countryName = "Country Name is Northern Nowhere"
|
|
countryName_value = NN
|
|
organizationName = "Organization Name"
|
|
organizationName_value = Edel Curl Arctic Illudium Research Cloud
|
|
commonName = "Common Name"
|
|
commonName_value = localhost.nn
|
|
|
|
[something]
|
|
# The key
|
|
# the certificate
|
|
# some dhparam
|
|
-----BEGIN PRIVATE KEY-----
|
|
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCqFG49ghwozY+A
|
|
r1DtF5dt5qhhPqyorBPOmespLElz+RJANcR5hA2esCjEn2TjwW0tcRFdSxRhIEsY
|
|
ocshbZ54GxHSgxyJddV3PcrIgxd0XESyH6zzi8VqNHqGqwj1PXlyqzZII94rukzg
|
|
7xiRZJfGCZLtJtKnDaIhHzQGx5kXslCWtg+b7UX/voFHKeXzSdshZUTejSsSBxIN
|
|
Wcy7TRozwHp+5VsGUGKyf49cbZHLalzj5K65qw027wrVbQdbJVggDdJLJQ/oEfXO
|
|
GbEpxtNJ1/JKeFLSxfxPEWPxTneuCodlRUm2rCEbyJTBDOcT5r7z/6K9aEzGNAQr
|
|
/P/D6CNXAgMBAAECggEABTfYrgT/xHXbOkOmuvieLp5ODH7joPLldvX3+FpqxxSL
|
|
EhdB7qNaaVYftYLrkaVNvKS/3BDBfk+nwr+Qmy4X8wH5m0sdpSqWfDDLAPAss53y
|
|
zi8ZLcBJ6v3TMa5AQolfBPPFzrfzAA8GNao3IuSLoK5BqMFMmhjr+8kGS8CrGn0c
|
|
PaMd+zNUaCo0ml7dsO+14qjeLSSzKaYl7mOHeEq02B3UDa5twvkyVQiCHV7CThF0
|
|
0oxJ+DOFzBefPB8pIurh6X0WwaDumEQVnEaaaOWEa1IayscTSrkLcNwkZC55/23M
|
|
k9qaR/qGnfUSpu34NTlyy7ifbJOeHp+rZDEFKgBoWQKBgQDalQKzRAjpXn9sSBQS
|
|
aTvP293zxP5ueJnv0TmViUfadDDPZ/VX6W0n7mGuOmNKaWnjM1rvMGpqo6e65eir
|
|
obuUe7GfJAqexUK6VDFOIzFSBqWpquyjjHWa6C4zgL+BVDGItIhQI/6wYsQ0HgLV
|
|
R/n3nqCcYAc/a131GDGdfshbwwKBgQDHMePvhNBZo3p1vUG5l3HiTQRmeDmhlOmT
|
|
qU5XRBPDnh5Hdkq3G34QVwaLEDapyQOnbrylVlE0a+uaB+llzw4GrFOVcRi0K8M5
|
|
wcwI8sSgfoOyv6WKH5780I9T1EiNBDmS5XFr+dkI16+GO1LJdI5JuMoio+0WBKHk
|
|
m3He1rik3QKBgQC1ds/vE6RyWclfk9dWEZdeUSJKpli0Tds+hWxRAM9uRNfg2GWO
|
|
vnOomvbtNfwIYstNm+z6di9iqMsvFn+7PWIFO0uS2tEWTp2/IvZr8DuZ5XrTCNu8
|
|
S3e3StpQV6qlK8iTvY0NO1TOCrDos6GWf1K+iCq+p9pchD5Uo+lM31xnEQKBgHSL
|
|
+0pkEiewX/FNp4v4UTjQSTfPNiEVaMjtsZmbiljVRfAYBUU3f739vSVWejVDGLE5
|
|
OIUgiOi8ECCSanwX9qPu5gS1JHgedt5vRnsh1+vzugi22xuCvto7CPFKbpybkTgi
|
|
qQc9K0BiOh+2zAx09t+pkBNOiGRul26TiL+SMHy9AoGABbo9jk6Je4fcLmB9YtHT
|
|
O8L+e2S88r/KuXGrqECD5c/FZL33oTrP9pzvL4Be2W8489DM2UMMD4w0uiUIq/Iu
|
|
5Hp/Lsj8ha2OHoU2TbFaNFoS3fvaOz9zQ0GySjpMngZOKIoYtR9R4ZNI/hlmhAqq
|
|
usJ3GDPcvFSsedJr8gP52QU=
|
|
-----END PRIVATE KEY-----
|
|
Certificate:
|
|
Data:
|
|
Version: 3 (0x2)
|
|
Serial Number: 16717980979593 (0xf3475515189)
|
|
Signature Algorithm: sha256WithRSAEncryption
|
|
Issuer:
|
|
countryName = NN
|
|
organizationName = Edel Curl Arctic Illudium Research Cloud
|
|
commonName = Northern Nowhere Trust Anchor
|
|
Validity
|
|
Not Before: Dec 23 12:21:38 2022 GMT
|
|
Not After : Mar 11 12:21:38 2031 GMT
|
|
Subject:
|
|
countryName = NN
|
|
organizationName = Edel Curl Arctic Illudium Research Cloud
|
|
commonName = localhost.nn
|
|
Subject Public Key Info:
|
|
Public Key Algorithm: rsaEncryption
|
|
Public-Key: (2048 bit)
|
|
Modulus:
|
|
00:aa:14:6e:3d:82:1c:28:cd:8f:80:af:50:ed:17:
|
|
97:6d:e6:a8:61:3e:ac:a8:ac:13:ce:99:eb:29:2c:
|
|
49:73:f9:12:40:35:c4:79:84:0d:9e:b0:28:c4:9f:
|
|
64:e3:c1:6d:2d:71:11:5d:4b:14:61:20:4b:18:a1:
|
|
cb:21:6d:9e:78:1b:11:d2:83:1c:89:75:d5:77:3d:
|
|
ca:c8:83:17:74:5c:44:b2:1f:ac:f3:8b:c5:6a:34:
|
|
7a:86:ab:08:f5:3d:79:72:ab:36:48:23:de:2b:ba:
|
|
4c:e0:ef:18:91:64:97:c6:09:92:ed:26:d2:a7:0d:
|
|
a2:21:1f:34:06:c7:99:17:b2:50:96:b6:0f:9b:ed:
|
|
45:ff:be:81:47:29:e5:f3:49:db:21:65:44:de:8d:
|
|
2b:12:07:12:0d:59:cc:bb:4d:1a:33:c0:7a:7e:e5:
|
|
5b:06:50:62:b2:7f:8f:5c:6d:91:cb:6a:5c:e3:e4:
|
|
ae:b9:ab:0d:36:ef:0a:d5:6d:07:5b:25:58:20:0d:
|
|
d2:4b:25:0f:e8:11:f5:ce:19:b1:29:c6:d3:49:d7:
|
|
f2:4a:78:52:d2:c5:fc:4f:11:63:f1:4e:77:ae:0a:
|
|
87:65:45:49:b6:ac:21:1b:c8:94:c1:0c:e7:13:e6:
|
|
be:f3:ff:a2:bd:68:4c:c6:34:04:2b:fc:ff:c3:e8:
|
|
23:57
|
|
Exponent: 65537 (0x10001)
|
|
X509v3 extensions:
|
|
X509v3 Subject Alternative Name:
|
|
DNS:localhost, DNS:localhost1, DNS:localhost2
|
|
X509v3 Key Usage:
|
|
Digital Signature, Key Encipherment, Key Agreement
|
|
X509v3 Extended Key Usage:
|
|
TLS Web Server Authentication
|
|
X509v3 Subject Key Identifier:
|
|
DB:7A:18:5E:83:AC:D3:48:C9:00:99:3C:EB:BF:A6:21:F0:39:80:CC
|
|
X509v3 Authority Key Identifier:
|
|
87:CB:B1:33:2E:C1:67:7E:71:E3:E5:2B:4C:4D:A4:B3:6E:D2:5B:A9
|
|
X509v3 Basic Constraints:
|
|
CA:FALSE
|
|
Authority Information Access:
|
|
CA Issuers - URI:http://test.curl.se/ca/EdelCurlRoot.cer
|
|
X509v3 CRL Distribution Points:
|
|
Full Name:
|
|
URI:http://test.curl.se/ca/EdelCurlRoot.crl
|
|
Signature Algorithm: sha256WithRSAEncryption
|
|
Signature Value:
|
|
75:0d:9b:eb:8a:df:ca:a7:7c:9d:9e:6a:eb:30:10:24:12:1b:
|
|
81:f6:cd:b0:a0:f8:de:10:f1:6e:b8:57:3a:3a:b0:a4:8c:1d:
|
|
c1:8f:95:22:e3:1f:8b:3a:21:89:e5:96:08:3d:83:33:37:66:
|
|
48:03:f7:98:dd:2f:6d:09:7a:82:26:c1:eb:16:b9:5e:5b:f5:
|
|
67:4c:a0:e7:93:e7:2e:d4:53:b8:77:5f:5e:6a:3a:d9:06:19:
|
|
ca:85:ca:7c:09:61:0d:08:8b:6a:b3:e2:03:8c:ea:b1:55:b2:
|
|
30:9b:aa:66:0e:6e:d7:0a:0a:22:ca:6d:8d:d8:53:a8:bc:df:
|
|
13:29:d3:b6:1e:9f:3e:a1:8d:f3:8c:48:bf:71:e9:4e:f4:76:
|
|
ed:77:97:3f:59:27:ca:bb:5b:7c:58:23:82:e7:b5:2d:39:02:
|
|
9f:52:07:2f:7b:17:6d:c8:af:90:f5:ed:81:99:a9:cf:80:fb:
|
|
eb:ba:9c:bc:9a:df:c5:04:78:2c:73:73:bf:95:23:cf:fb:c9:
|
|
3e:fa:5b:ee:02:39:8e:09:78:ca:89:08:fd:83:77:37:72:01:
|
|
6c:dd:fb:eb:70:20:df:87:28:b3:0f:a0:c5:b3:70:fb:5d:38:
|
|
72:23:46:7f:f5:d8:fc:b6:67:72:82:e5:ce:29:f5:b5:34:db:
|
|
a3:d5:fe:20
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIEXzCCA0egAwIBAgIGDzR1UVGJMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
|
|
Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
|
|
IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
|
|
Fw0yMjEyMjMxMjIxMzhaFw0zMTAzMTExMjIxMzhaMFcxCzAJBgNVBAYTAk5OMTEw
|
|
LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
|
|
MRUwEwYDVQQDDAxsb2NhbGhvc3Qubm4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
|
|
ggEKAoIBAQCqFG49ghwozY+Ar1DtF5dt5qhhPqyorBPOmespLElz+RJANcR5hA2e
|
|
sCjEn2TjwW0tcRFdSxRhIEsYocshbZ54GxHSgxyJddV3PcrIgxd0XESyH6zzi8Vq
|
|
NHqGqwj1PXlyqzZII94rukzg7xiRZJfGCZLtJtKnDaIhHzQGx5kXslCWtg+b7UX/
|
|
voFHKeXzSdshZUTejSsSBxINWcy7TRozwHp+5VsGUGKyf49cbZHLalzj5K65qw02
|
|
7wrVbQdbJVggDdJLJQ/oEfXOGbEpxtNJ1/JKeFLSxfxPEWPxTneuCodlRUm2rCEb
|
|
yJTBDOcT5r7z/6K9aEzGNAQr/P/D6CNXAgMBAAGjggEeMIIBGjAsBgNVHREEJTAj
|
|
gglsb2NhbGhvc3SCCmxvY2FsaG9zdDGCCmxvY2FsaG9zdDIwCwYDVR0PBAQDAgOo
|
|
MBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBTbehheg6zTSMkAmTzrv6Yh
|
|
8DmAzDAfBgNVHSMEGDAWgBSHy7EzLsFnfnHj5StMTaSzbtJbqTAJBgNVHRMEAjAA
|
|
MEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcwAoYnaHR0cDovL3Rlc3QuY3VybC5z
|
|
ZS9jYS9FZGVsQ3VybFJvb3QuY2VyMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly90
|
|
ZXN0LmN1cmwuc2UvY2EvRWRlbEN1cmxSb290LmNybDANBgkqhkiG9w0BAQsFAAOC
|
|
AQEAdQ2b64rfyqd8nZ5q6zAQJBIbgfbNsKD43hDxbrhXOjqwpIwdwY+VIuMfizoh
|
|
ieWWCD2DMzdmSAP3mN0vbQl6gibB6xa5Xlv1Z0yg55PnLtRTuHdfXmo62QYZyoXK
|
|
fAlhDQiLarPiA4zqsVWyMJuqZg5u1woKIsptjdhTqLzfEynTth6fPqGN84xIv3Hp
|
|
TvR27XeXP1knyrtbfFgjgue1LTkCn1IHL3sXbcivkPXtgZmpz4D767qcvJrfxQR4
|
|
LHNzv5Ujz/vJPvpb7gI5jgl4yokI/YN3N3IBbN3763Ag34cosw+gxbNw+104ciNG
|
|
f/XY/LZncoLlzin1tTTbo9X+IA==
|
|
-----END CERTIFICATE-----
|