curl/tests/stunnel.pem
Marc Hoersken b5486adc9b stunnel: regenerated self-signed test certificate with SHA1 hash
The previous test certificate contained a MD5 hash which is not
supported using TLSv1.2 with Schannel on Windows 7 or newer.

See the update to this blog post on IEInternals / MSDN:
http://blogs.msdn.com/b/ieinternals/archive/2011/03/25/
misbehaving-https-servers-impair-tls-1.1-and-tls-1.2.aspx

"Update: If the server negotiates a TLS1.2 connection with a
Windows 7 or 8 schannel.dll-using client application, and it
provides a certificate chain which uses the (weak) MD5 hash
algorithm, the client will abort the connection (TCP/IP FIN)
upon receipt of the certificate."
2014-02-22 16:49:09 +01:00

144 lines
6.9 KiB
Plaintext

#
# This file contains a private key and a certificate used for stunnel.
# The certificate contains a number of extensions essentially being
# used in the 509 test. The certificate has been generated using
# openssl with the parameters listed below up to the line
# contain [something], after that you find the result.
#
#
extensions = x509v3
[ x509v3 ]
subjectAltName = DNS:localhost
nsCertType = server
nsComment = "CURL stunnel server test certificate"
keyUsage = digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth
basicConstraints = CA:false
subjectKeyIdentifier = hash
subjectInfoAccess = AD_DVCS;URI:"https://localhost:8433/509"
authorityInfoAccess = AD_DVCS;URI:"https://localhost:8433/509"
[ req ]
default_bits = 1234
distinguished_name = req_DN
default_md = sha1
string_mask = pkix
[ req_DN ]
countryName = "1. Country Name (2 letter code)"
countryName_value = SE
stateOrProvinceName = "2. State or Province Name (full name) "
stateOrProvinceName_value = Solna
localityName = "3. Locality Name (eg, city) "
localityName_value = Mooo
0.organizationName = "4. Organization Name (eg, company) "
0.organizationName_value = Haxx
organizationalUnitName = "5. Organizational Unit Name (eg, section) "
organizationalUnitName_value = Coolx
commonName = "6. Common Name (eg, FQDN) "
commonName_value = "storbror"
1.commonName = "6. Common Name (eg, FQDN) "
1.commonName_value = "localhost"
[something]
-----BEGIN RSA PRIVATE KEY-----
MIIC1AIBAAKBmwNZN+oG6vJ8DAze+FvOKSS49X4xGMxALhKRLhQQb7qvM+7BcMgR
v+RKxkX7SNgcxKPLcIHf7QQ6DBIlLXuAuVHQtWW9b06q64kBElkEwh6gP5Ia9JrR
ysGbu2U6NRP+xBU33dVwZjF07ocN9Pp392W4VxEc+g3+FkRzUEaahDGOabmjgKuq
DdlKdZLzgJj7+9sEKpb7+FdG56rZAgMBAAECgZsCkK1Z1XTUz5x3m7PMuHEiVaKS
yk/B4ISq6pbO/gxpieARzhR038wNug6L+8VA8UDebXHBvGYYr9Mhb2OZUfIlr+nW
h7kmHZ+T88M3eH/hQc3jtnvnu1dGmMlIXjTLQOrKgrAn6fYaw2HAGPdGKjpatAy/
3vRjguv/22pNJLRQmMHdozJdc8mEYY+AhqrQxXCWQT/1peZzlq/IAQJOAfhE2YWf
qB9iYNmuhxJ1PolPW4I63atXuoavqadbaRoaLm/pqLVB1QjMeyak8O/0TmO6CXk6
878ps85fLFgARRjSYX+rYwoYNzqxK3cBAk4Bsy4oofReVT8xB+7rFZFMV4McyL7e
sOABFqecLuNIGT6CdeEU1z7TUfq8sKM1MQ25e0J1PMmoWTqDwzhnxK+ckeFsZ8Te
dgqVW+Oyy9kCTgHqyc/P/uEZkp1ioDu0WkpAR+1vZa2jeyH+vm9nhE9Z6Uty/r6F
k4otIx9lMDmTwXqeE03vINJlJshqvjShfbnCe9gK8xrUk1cFl7QPAQJOATD3LQRq
At2MniioFtiTbUN6n2ZS1C5xnHGq3fnBzxnZw4UmSfuZjG/L3gWPKkyJCK3HYe9K
ho6ZQhNB6P5d7sQQjG6f+SIRwp+VjwvpAk4AnM4do54FETeLHhY4zy47dM/zdy3u
iDjiFwoMTR+PfF03evsWe5pW3EaXolGi3FRAZ/idFA+L3Gi2y4xR44z71HkbF32L
WKaLdOuBQvI=
-----END RSA PRIVATE KEY-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
a4:17:70:09:88:8c:48:cd
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=SE, ST=Solna, L=Mooo, O=Haxx, OU=Coolx, CN=storbror, CN=localhost
Validity
Not Before: Feb 22 15:38:48 2014 GMT
Not After : Feb 20 15:38:48 2024 GMT
Subject: C=SE, ST=Solna, L=Mooo, O=Haxx, OU=Coolx, CN=storbror, CN=localhost
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1234 bit)
Modulus:
03:59:37:ea:06:ea:f2:7c:0c:0c:de:f8:5b:ce:29:
24:b8:f5:7e:31:18:cc:40:2e:12:91:2e:14:10:6f:
ba:af:33:ee:c1:70:c8:11:bf:e4:4a:c6:45:fb:48:
d8:1c:c4:a3:cb:70:81:df:ed:04:3a:0c:12:25:2d:
7b:80:b9:51:d0:b5:65:bd:6f:4e:aa:eb:89:01:12:
59:04:c2:1e:a0:3f:92:1a:f4:9a:d1:ca:c1:9b:bb:
65:3a:35:13:fe:c4:15:37:dd:d5:70:66:31:74:ee:
87:0d:f4:fa:77:f7:65:b8:57:11:1c:fa:0d:fe:16:
44:73:50:46:9a:84:31:8e:69:b9:a3:80:ab:aa:0d:
d9:4a:75:92:f3:80:98:fb:fb:db:04:2a:96:fb:f8:
57:46:e7:aa:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:localhost
Netscape Cert Type:
SSL Server
Netscape Comment:
CURL stunnel server test certificate
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
35:77:35:3B:9B:98:3C:B6:C7:9A:E7:A8:04:B9:7C:70:AD:FA:37:A9
Subject Information Access:
ad dvcs - URI:https://localhost:8433/509
Authority Information Access:
ad dvcs - URI:https://localhost:8433/509
Signature Algorithm: sha1WithRSAEncryption
00:45:db:09:5b:08:5b:1a:ff:71:50:6c:12:ad:8e:78:32:1d:
7d:e7:e4:d3:3e:5f:ca:20:84:aa:ff:9a:c2:b6:a9:48:93:1f:
73:27:d1:68:05:76:36:f9:c1:53:90:ad:8a:c0:b3:12:c8:11:
5c:2c:65:01:ac:31:d1:8e:60:6e:c6:f5:ba:9d:69:e8:f1:ac:
4a:de:52:94:cd:06:24:45:72:64:89:0f:57:8b:26:2b:16:cf:
0b:27:c4:e8:73:c7:d3:e5:42:38:95:57:b5:bb:83:b4:92:d4:
e0:cd:fb:c8:f5:d2:da:1d:11:fe:3c:18:20:8b:bd:22:31:1c:
5a:82:d4:f5:71:8d:8a:e3:13:82:c5:2d:f3:9f:d0:b7:b8:4b:
d2:46:9d:8e:1a:d7:99:6e:c1:b9:a0
-----BEGIN CERTIFICATE-----
MIIDtzCCAwWgAwIBAgIJAKQXcAmIjEjNMA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV
BAYTAlNFMQ4wDAYDVQQIEwVTb2xuYTENMAsGA1UEBxMETW9vbzENMAsGA1UEChME
SGF4eDEOMAwGA1UECxMFQ29vbHgxETAPBgNVBAMTCHN0b3Jicm9yMRIwEAYDVQQD
Ewlsb2NhbGhvc3QwHhcNMTQwMjIyMTUzODQ4WhcNMjQwMjIwMTUzODQ4WjByMQsw
CQYDVQQGEwJTRTEOMAwGA1UECBMFU29sbmExDTALBgNVBAcTBE1vb28xDTALBgNV
BAoTBEhheHgxDjAMBgNVBAsTBUNvb2x4MREwDwYDVQQDEwhzdG9yYnJvcjESMBAG
A1UEAxMJbG9jYWxob3N0MIG5MA0GCSqGSIb3DQEBAQUAA4GnADCBowKBmwNZN+oG
6vJ8DAze+FvOKSS49X4xGMxALhKRLhQQb7qvM+7BcMgRv+RKxkX7SNgcxKPLcIHf
7QQ6DBIlLXuAuVHQtWW9b06q64kBElkEwh6gP5Ia9JrRysGbu2U6NRP+xBU33dVw
ZjF07ocN9Pp392W4VxEc+g3+FkRzUEaahDGOabmjgKuqDdlKdZLzgJj7+9sEKpb7
+FdG56rZAgMBAAGjggEeMIIBGjAUBgNVHREEDTALgglsb2NhbGhvc3QwEQYJYIZI
AYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRDVVJMIHN0dW5uZWwgc2VydmVy
IHRlc3QgY2VydGlmaWNhdGUwCwYDVR0PBAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUF
BwMBMAkGA1UdEwQCMAAwHQYDVR0OBBYEFDV3NTubmDy2x5rnqAS5fHCt+jepMDYG
CCsGAQUFBwELBCowKDAmBggrBgEFBQcwBIYaaHR0cHM6Ly9sb2NhbGhvc3Q6ODQz
My81MDkwNgYIKwYBBQUHAQEEKjAoMCYGCCsGAQUFBzAEhhpodHRwczovL2xvY2Fs
aG9zdDo4NDMzLzUwOTANBgkqhkiG9w0BAQUFAAOBnAAARdsJWwhbGv9xUGwSrY54
Mh195+TTPl/KIISq/5rCtqlIkx9zJ9FoBXY2+cFTkK2KwLMSyBFcLGUBrDHRjmBu
xvW6nWno8axK3lKUzQYkRXJkiQ9XiyYrFs8LJ8Toc8fT5UI4lVe1u4O0ktTgzfvI
9dLaHRH+PBggi70iMRxagtT1cY2K4xOCxS3zn9C3uEvSRp2OGteZbsG5oA==
-----END CERTIFICATE-----
-----BEGIN DH PARAMETERS-----
MIGHAoGBAMq/KFGh2oy16WzkFs1U71Uz7dIEKvSYfc+zo439pYyVzcD8MkcC15Zb
ayK3jPBYf07eKzc2TvI3/ZSducmECNP8gk2gAndP1P1rmpheN+owZJS7kQVfQmHl
UmT87U99NPaMHXMNOsFj/3mbAaANndKEnd8PM2r5fg16C4+2e5KzAgEC
-----END DH PARAMETERS-----