Skip to content

PYTHON-5040 Regenerate test TLS certificates with Authority Key Identifier #2846

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
blink1073 wants to merge 13 commits into
base: master
Choose a base branch
from
Draft

PYTHON-5040 Regenerate test TLS certificates with Authority Key Identifier #2846

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
44fe71b
PYTHON-5040 Regenerate test TLS certificates with Authority Key Ident…
blink1073 Jun 4, 2026
7ea7b94
PYTHON-5040 Use test/certificates/ certs for SSL test client
blink1073 Jun 4, 2026
b5d4405
PYTHON-5040 Export TLS cert paths from integration_tests/run.sh
blink1073 Jun 4, 2026
840e463
PYTHON-5040 Use test/certificates/ certs for SSL integration test server
blink1073 Jun 4, 2026
2530bab
PYTHON-5040 Use test/certificates/ certs for Evergreen SSL test client
blink1073 Jun 4, 2026
ea3f9c4
PYTHON-5040 Fix KMS mock server TLS for Python 3.13
blink1073 Jun 4, 2026
5180217
PYTHON-5040 Fix x509 auth username and CRL revocation in test certs
blink1073 Jun 4, 2026
2af05ec
PYTHON-5040 Fix CSFLE TLS certs and configure-env for Python 3.13
blink1073 Jun 5, 2026
3e6063c
PYTHON-5040 Fix CA keyUsage and remove issuer from leaf cert AKI
blink1073 Jun 5, 2026
f3ea73d
PYTHON-5040 Remove cRLSign from CA keyUsage to fix macOS CERT_SUSPENDED
blink1073 Jun 5, 2026
5397e50
PYTHON-5040 Use cryptography library to generate certs with AKI but n…
blink1073 Jun 8, 2026
6709f4a
PYTHON-5040 Add OCSPNoCheck to leaf certs and fix CA basicConstraints…
blink1073 Jun 8, 2026
c3fe1b6
PYTHON-5040 Switch AKI to issuer form and add CA keyUsage
blink1073 Jun 8, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .evergreen/scripts/configure-env.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,8 +74,8 @@ EOT

# Write the .env file for drivers-tools.
rm -rf $DRIVERS_TOOLS
BRANCH=master
ORG=mongodb-labs
BRANCH=allow-cert-folder-override
ORG=blink1073
git clone --branch $BRANCH https://github.com/$ORG/drivers-evergreen-tools.git $DRIVERS_TOOLS

cat <<EOT > ${DRIVERS_TOOLS}/.env
Expand Down
20 changes: 16 additions & 4 deletions .evergreen/scripts/setup_tests.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -341,10 +341,8 @@ def handle_test_env() -> None:
run_command(cmd, cwd=DRIVERS_TOOLS)

if SSL != "nossl":
if not DRIVERS_TOOLS:
raise RuntimeError("Missing DRIVERS_TOOLS")
write_env("CLIENT_PEM", f"{DRIVERS_TOOLS}/.evergreen/x509gen/client.pem")
write_env("CA_PEM", f"{DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem")
write_env("CLIENT_PEM", ROOT / "test/certificates/client.pem")
write_env("CA_PEM", ROOT / "test/certificates/ca.pem")

compressors = os.environ.get("COMPRESSORS") or opts.compressor
if compressors == "snappy":
Expand Down Expand Up @@ -382,6 +380,20 @@ def handle_test_env() -> None:
if not DRIVERS_TOOLS:
raise RuntimeError("Missing DRIVERS_TOOLS")
csfle_dir = Path(f"{DRIVERS_TOOLS}/.evergreen/csfle")

# Set CSFLE TLS cert paths to our AKI-enabled test/certificates/ before
# setup-secrets.sh runs. setup-secrets.sh uses ${VAR:-default} so
# pre-setting these vars causes them to flow into secrets-export.sh via
# csfle/setup_secrets.py (which reads os.environ for these keys).
# load_config_from_file then persists all vars from that file for the
# test runner, so no separate write_env calls are needed.
certs = ROOT / "test/certificates"
os.environ["CSFLE_TLS_CA_FILE"] = str(certs / "ca.pem")
os.environ["CSFLE_TLS_CERT_FILE"] = str(certs / "server.pem")
os.environ["CSFLE_TLS_CLIENT_CERT_FILE"] = str(certs / "client.pem")
os.environ["CSFLE_TLS_WRONG_HOST_FILE"] = str(certs / "wrong-host.pem")
os.environ["CSFLE_TLS_EXPIRED_FILE"] = str(certs / "expired.pem")

run_command(f"bash {csfle_dir.as_posix()}/setup-secrets.sh", cwd=csfle_dir)
load_config_from_file(csfle_dir / "secrets-export.sh")
run_command(f"bash {csfle_dir.as_posix()}/start-servers.sh")
Expand Down
6 changes: 5 additions & 1 deletion .github/workflows/test-python.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -219,12 +219,16 @@ jobs:
- id: setup-mongodb
uses: mongodb-labs/drivers-evergreen-tools@master
- name: Run tests
run: |
run: |
just integration-tests
- id: setup-mongodb-ssl
uses: mongodb-labs/drivers-evergreen-tools@master
with:
ssl: true
env:
TLS_PEM_KEY_FILE: ${{ github.workspace }}/test/certificates/server.pem
TLS_CA_FILE: ${{ github.workspace }}/test/certificates/ca.pem
TLS_CERT_KEY_FILE: ${{ github.workspace }}/test/certificates/client.pem
- name: Run tests
run: |
just integration-tests
Expand Down
10 changes: 10 additions & 0 deletions CONTRIBUTING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -250,6 +250,16 @@ client = MongoClient(
If you want to use the actual certificate file then set `tlsCertificateKeyFile` to the local path
to `<repo_roo>/test/certificates/client.pem` and `tlsCAFile` to the local path to `<repo_roo>/test/certificates/ca.pem`.

#### Regenerating test certificates

If the test certificates in `test/certificates/` need to be regenerated (e.g. after expiry or to add missing extensions), run:

```bash
cd test/certificates && bash gen-certs.sh
```

See `test/certificates/README.md` for full details and constraints on certificate subjects/SANs that must be preserved.

### Encryption tests

- Run `just run-server` to start the server.
Expand Down
2 changes: 0 additions & 2 deletions test/asynchronous/test_encryption.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3047,8 +3047,6 @@ async def http_post(self, path, data=None):
# each request because the server is single threaded.
ctx = ssl.create_default_context(cafile=CA_PEM)
ctx.load_cert_chain(CLIENT_PEM)
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
conn = http.client.HTTPSConnection("127.0.0.1:9003", context=ctx)
try:
if data is not None:
Expand Down
40 changes: 40 additions & 0 deletions test/certificates/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
# Test TLS Certificates

These certificates are used by the PyMongo test suite for TLS/SSL integration tests.

## Regenerating certificates

Run the generation script from this directory:

```bash
bash gen-certs.sh
```

**Prerequisites:** OpenSSL 1.1+ or LibreSSL 3+

## Certificate details

| File | Subject | Signed by | Purpose |
|---|---|---|---|
| `ca.pem` | `CN=Drivers Testing CA, ...` | Self (CA) | Root CA for test certs |
| `server.pem` | `CN=localhost, ...` + SAN | Drivers Testing CA | MongoDB server cert (key + cert) |
| `client.pem` | `CN=client, O=MDB, ...` | Drivers Testing CA | Client auth cert (key + cert) |
| `password_protected.pem` | Same as client | Drivers Testing CA | Client cert with AES-256 encrypted key |
| `crl.pem` | — | Drivers Testing CA | Empty Certificate Revocation List |
| `trusted-ca.pem` | `CN=Trusted Kernel Test CA, OU=Kernel, ...` | Self (CA) | Separate CA for bundle tests |

**Password** for `password_protected.pem`: `qwerty`

## Important constraints

The following values are hardcoded in tests and **must not change**:

- Client cert subject: `C=US,ST=New York,L=New York City,O=MDB,OU=Drivers,CN=client`
(used as the MongoDB X.509 username in `test/test_ssl.py`)
- Server cert SAN: `DNS:localhost, IP:127.0.0.1, IP:::1`
- The `server` hostname alias for `127.0.0.1` must be present in `/etc/hosts` for SSL tests to pass
(added automatically by `.evergreen/scripts/setup-system.sh`)

## Background

Certificates were regenerated to add the **Authority Key Identifier (AKI)** extension, which Python 3.13 requires for TLS certificate chain validation (PYTHON-5040). Prior to regeneration, certs were missing AKI, causing `ssl.SSLCertVerificationError: Missing Authority Key Identifier` on macOS and Windows with Python 3.13.
39 changes: 20 additions & 19 deletions test/certificates/ca.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDfzCCAmegAwIBAgIDB1MGMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy
aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u
Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx
CzAJBgNVBAYTAlVTMB4XDTE5MDUyMjIwMjMxMVoXDTM5MDUyMjIwMjMxMVoweTEb
MBkGA1UEAxMSRHJpdmVycyBUZXN0aW5nIENBMRAwDgYDVQQLEwdEcml2ZXJzMRAw
DgYDVQQKEwdNb25nb0RCMRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQI
EwhOZXcgWW9yazELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCl7VN+WsQfHlwapcOpTLZVoeMAl1LTbWTFuXSAavIyy0W1Ytky1UP/
bxCSW0mSWwCgqoJ5aXbAvrNRp6ArWu3LsTQIEcD3pEdrFIVQhYzWUs9fXqPyI9k+
QNNQ+MRFKeGteTPYwF2eVEtPzUHU5ws3+OKp1m6MCLkwAG3RBFUAfddUnLvGoZiT
pd8/eNabhgHvdrCw+tYFCWvSjz7SluEVievpQehrSEPKe8DxJq/IM3tSl3tdylzT
zeiKNO7c7LuQrgjAfrZl7n2SriHIlNmqiDR/kdd8+TxBuxjFlcf2WyHCO3lIcIgH
KXTlhUCg50KfHaxHu05Qw0x8869yIzqbAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8w
DQYJKoZIhvcNAQELBQADggEBAEHuhTL8KQZcKCTSJbYA9MgZj7U32arMGBbc1hiq
VBREwvdVz4+9tIyWMzN9R/YCKmUTnCq8z3wTlC8kBtxYn/l4Tj8nJYcgLJjQ0Fwe
gT564CmvkUat8uXPz6olOCdwkMpJ9Sj62i0mpgXJdBfxKQ6TZ9yGz6m3jannjZpN
LchB7xSAEWtqUgvNusq0dApJsf4n7jZ+oBZVaQw2+tzaMfaLqHgMwcu1FzA8UKCD
sxCgIsZUs8DdxaD418Ot6nPfheOTqe24n+TTa+Z6O0W0QtnofJBx7tmAo1aEc57i
77s89pfwIJetpIlhzNSMKurCAocFCJMJLAASJFuu6dyDvPo=
MIIDkDCCAnigAwIBAgIBZDANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER
MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV
BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg
VGVzdGluZyBDQTAeFw0yNjA2MDcxODUzMjBaFw00NjA2MDMxODUzMjBaMHkxCzAJ
BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsg
Q2l0eTEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJpdmVyczEbMBkGA1UE
AwwSRHJpdmVycyBUZXN0aW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAstE5hAPpY4cVlDdQEx6L4Hg4ZTFFrovlB1f5I7lyZxplyOCU+jLRvdyj
pta346xDEBZRKHenFEWtkUZwEklXv3ZxHGANxnz5POiyPQvkJXXfE431Umtnl/T3
/zDjTqspTQTbvdvW1+Qiy6rIjZUGUqYuzwe9P+YVH4tBL7yIOWbm8vTnu5xLXp0o
Ww707dIxIEIp7hD5P+At86oFk6dy6GhEkNiall6rNXg9gsCrF2kF0eH24/URm0F/
mS2c7S2TIlZD0llD6MYtmo/KWLpLZLBSzLO6/F+t5r9nfXSJhXWcIWVs2o0T2sLh
XIJFKJsXwykZ3WaAj+WdoBYCueiyuwIDAQABoyMwITAPBgNVHRMBAf8EBTADAQH/
MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAdEL/OI5F5ddSoywA
P6Rt/fNPj+skMI7IfUia7Mf26KXR6WnLXCBidhGRdoVyzsXC6KvGAMQ0zY8fOQVe
T3/a7JqvwqcmSURGgNKFVZg8rgdcbhAnORmMePLpmXK4E8NifBZcNbhLiEVR2/XK
AGt/yTAg0RS+H/1Hg+7Mj8jLm1/7aQFki/s7ip4XyFDj4nMBKnTXB8XLp6BAYGBs
8sCuosOecDKUjdrKVRl/p/vurwwyQHX8mLi3rNSSVYwE432MKs4aFhe5TxxNhWPv
PxlJ9T6pioqDPmTbAvFTBgg5WgqTrlkm/wxJ51YO9OzrEZ+aACb3454Jv8Tw+x5q
fAvsug==
-----END CERTIFICATE-----
91 changes: 47 additions & 44 deletions test/certificates/client.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,48 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAsNS8UEuin7/K29jXfIOLpIoh1jEyWVqxiie2Onx7uJJKcoKo
khA3XeUnVN0k6X5MwYWcN52xcns7LYtyt06nRpTG2/emoV44w9uKTuHsvUbiOwSV
m/ToKQQ4FUFZoqorXH+ZmJuIpJNfoW+3CkE1vEDCIecIq6BNg5ySsPtvSuSJHGjp
mc7/5ZUDvFE2aJ8QbJU3Ws0HXiEb6ymi048LlzEL2VKX3w6mqqh+7dcZGAy7qYk2
5FZ9ktKvCeQau7mTyU1hsPrKFiKtMN8Q2ZAItX13asw5/IeSTq2LgLFHlbj5Kpq4
GmLdNCshzH5X7Ew3IYM8EHmsX8dmD6mhv7vpVwIDAQABAoIBABOdpb4qhcG+3twA
c/cGCKmaASLnljQ/UU6IFTjrsjXJVKTbRaPeVKX/05sgZQXZ0t3s2mV5AsQ2U1w8
Cd+3w+qaemzQThW8hAOGCROzEDX29QWi/o2sX0ydgTMqaq0Wv3SlWv6I0mGfT45y
/BURIsrdTCvCmz2erLqa1dL4MWJXRFjT9UTs5twlecIOM2IHKoGGagFhymRK4kDe
wTRC9fpfoAgyfus3pCO/wi/F8yKGPDEwY+zgkhrJQ+kSeki7oKdGD1H540vB8gRt
EIqssE0Y6rEYf97WssQlxJgvoJBDSftOijS6mwvoasDUwfFqyyPiirawXWWhHXkc
DjIi/XECgYEA5xfjilw9YyM2UGQNESbNNunPcj7gDZbN347xJwmYmi9AUdPLt9xN
3XaMqqR22k1DUOxC/5hH0uiXir7mDfqmC+XS/ic/VOsa3CDWejkEnyGLiwSHY502
wD/xWgHwUiGVAG9HY64vnDGm6L3KGXA2oqxanL4V0+0+Ht49pZ16i8sCgYEAw+Ox
CHGtpkzjCP/z8xr+1VTSdpc/4CP2HONnYopcn48KfQnf7Nale69/1kZpypJlvQSG
eeA3jMGigNJEkb8/kaVoRLCisXcwLc0XIfCTeiK6FS0Ka30D/84Qm8UsHxRdpGkM
kYITAa2r64tgRL8as4/ukeXBKE+oOhX43LeEfyUCgYBkf7IX2Ndlhsm3GlvIarxy
NipeP9PGdR/hKlPbq0OvQf9R1q7QrcE7H7Q6/b0mYNV2mtjkOQB7S2WkFDMOP0P5
BqDEoKLdNkV/F9TOYH+PCNKbyYNrodJOt0Ap6Y/u1+Xpw3sjcXwJDFrO+sKqX2+T
PStG4S+y84jBedsLbDoAEwKBgQCTz7/KC11o2yOFqv09N+WKvBKDgeWlD/2qFr3w
UU9K5viXGVhqshz0k5z25vL09Drowf1nAZVpFMO2SPOMtq8VC6b+Dfr1xmYIaXVH
Gu1tf77CM9Zk/VSDNc66e7GrUgbHBK2DLo+A+Ld9aRIfTcSsMbNnS+LQtCrQibvb
cG7+MQKBgQCY11oMT2dUekoZEyW4no7W5D74lR8ztMjp/fWWTDo/AZGPBY6cZoZF
IICrzYtDT/5BzB0Jh1f4O9ZQkm5+OvlFbmoZoSbMzHL3oJCBOY5K0/kdGXL46WWh
IRJSYakNU6VIS7SjDpKgm9D8befQqZeoSggSjIIULIiAtYgS80vmGA==
MIIEowIBAAKCAQEAhox4m8i+hLbia83C39Bvsw6MRIK/D8u0+rPRm9Cmh9Aonf2K
z223wYHs6OhipcowMgkGlTSztuVvVSpSISNyy4RVPKukUV5M3II7aH2+p4H6HFWG
yHvLHIWCDc0vawADtCwCcBoQjJ8gGaYdpBcDQBrIJPtWz/9QYcc2e1Kr+ka/2Lh/
Dd6JjFqVmSWzHTRUJPN9J9DEsUgpZuRldEGBZmmSzvj2HwoOK2tgMMv2zmykuLIK
mPEO+wgcxQMC/uNIBdQGLsiHrmMkXIE7Ay/X1qR8P3HOhyePyM2MbZnkfbLpIwcc
93EIgK1z4JQn7EO8h7LTMRUqs7I8kv08u1zMawIDAQABAoIBAAOVAOBjo/ARzv7n
bwBFe47h4adYDP01SDwHgYbGboOigWEXGO2Ufqnk9P9lJ9AZ0hFsyyqv5oDxuABM
560ApCKDjRgmtpkKvOR+6KPVhS4KAiCfSpd6RDyn2AnFGlz/W5AKF5mZqUY1IgEv
RFznr1KfRl726M7C8/KVOrEDqaqa+lIg8Zvn+fsy6AIvfa3KGQliwpJ898f5Z7Fj
RpjL73biGu2JpHEBVl7OUYNIFehhzERbbmrb+R9Xc6KBwVb2Eukq35M7qtju6MY3
uNStq8kmfLEI8vrcNg5EgHM2NW/AT341ux9zP9phk4hPP9wXrn3NOUF67c2tjZxF
NZRm8NECgYEAuZlZorjrDAVDKGrwpXs1sa3OK5XCCXQ9Plb8gadxl+PQFid/qIOE
7Ddgz2HUVorMgZ5A8oZ4uGviTdyZbS5VsxF00OjjM8ayTIDK9C3OhkmhqTj6Rf42
XCDaoemueH/m4ynr47FPzqEXM24AbQBnQFiqLjzVAtK1IHeOSF9wj8cCgYEAuZXd
fQRWD3hVgW0fslFfzYrtTHdr0/P7Agm20YckQGiona+J/NYycv3lF8koQRh8lGtd
bqRY1DXmde5qgrnFzqwOpiraB4r5Y/YYP17vE47MplsT9jjtRm8p7xgx71lvZ4wg
BE1vF5gXfqFYrVDrhfdGc7Wg8N6q9VSDVlw1Jj0CgYB7JrQBcy4TldJQGVWAmFay
hR9OcFqGJ2kT2mhGJ7MKFBHZAXCFgm9Kxhwov0NEAWldgIKb6npj9MH+5Cex+JLI
9QZMMJvBmVBpzvPcPiDRnj30qWf31YyAaRRpZ0NrlYLArOpm9Rp9gwqAB7eknCXm
3m5dq+OzsdiZqHryrtFjtQKBgCZDR88mvbeiz75HiWlybZYrNpG1bX3dp7rb1d2N
R2QgL+OS9ZgzcWNUBY/J4YrKSaUwHataJxZZppJZ/YvGUYoy3zJTU3CKrrB1ZLps
EE6v+nGyBYOWaRVEhhjNnD4E6nsm4NMCRA1RRkbNbUMOlACi4tuobu46enTqX8nG
aQ7hAoGBAI2EkcAymqZg2+sfVMIYfdPmM3p6D7jWKRn6dnSU2H//eLRjRZX2I7Sh
V6hOYjdZm2HhtodePXu9IceZqgXyMdEB9TgaBAvJnEvUE1xHRCJK8RL22vDoeW77
Ig/BNEmsh2SgWFEo7Q0ZImObOcqbP9YLNZRjLeI0+aeoti8olTjt
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDgzCCAmugAwIBAgIDAxOUMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy
aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u
Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx
CzAJBgNVBAYTAlVTMB4XDTE5MDUyMjIzNTU1NFoXDTM5MDUyMjIzNTU1NFowaTEP
MA0GA1UEAxMGY2xpZW50MRAwDgYDVQQLEwdEcml2ZXJzMQwwCgYDVQQKEwNNREIx
FjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYD
VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALDUvFBLop+/
ytvY13yDi6SKIdYxMllasYontjp8e7iSSnKCqJIQN13lJ1TdJOl+TMGFnDedsXJ7
Oy2LcrdOp0aUxtv3pqFeOMPbik7h7L1G4jsElZv06CkEOBVBWaKqK1x/mZibiKST
X6FvtwpBNbxAwiHnCKugTYOckrD7b0rkiRxo6ZnO/+WVA7xRNmifEGyVN1rNB14h
G+spotOPC5cxC9lSl98Opqqofu3XGRgMu6mJNuRWfZLSrwnkGru5k8lNYbD6yhYi
rTDfENmQCLV9d2rMOfyHkk6ti4CxR5W4+SqauBpi3TQrIcx+V+xMNyGDPBB5rF/H
Zg+pob+76VcCAwEAAaMkMCIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF
BwMCMA0GCSqGSIb3DQEBCwUAA4IBAQAqRcLAGvYMaGYOV4HJTzNotT2qE0I9THNQ
wOV1fBg69x6SrUQTQLjJEptpOA288Wue6Jt3H+p5qAGV5GbXjzN/yjCoItggSKxG
Xg7279nz6/C5faoIKRjpS9R+MsJGlttP9nUzdSxrHvvqm62OuSVFjjETxD39DupE
YPFQoHOxdFTtBQlc/zIKxVdd20rs1xJeeU2/L7jtRBSPuR/Sk8zot7G2/dQHX49y
kHrq8qz12kj1T6XDXf8KZawFywXaz0/Ur+fUYKmkVk1T0JZaNtF4sKqDeNE4zcns
p3xLVDSl1Q5Gwj7bgph9o4Hxs9izPwiqjmNaSjPimGYZ399zcurY
MIIEEzCCAvugAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER
MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV
BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg
VGVzdGluZyBDQTAeFw0yNjA2MDcxODUzMjBaFw00NjA2MDMxODUzMjBaMGkxDzAN
BgNVBAMMBmNsaWVudDEQMA4GA1UECwwHRHJpdmVyczEMMAoGA1UECgwDTURCMRYw
FAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9yazELMAkGA1UE
BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCGjHibyL6EtuJr
zcLf0G+zDoxEgr8Py7T6s9Gb0KaH0Cid/YrPbbfBgezo6GKlyjAyCQaVNLO25W9V
KlIhI3LLhFU8q6RRXkzcgjtofb6ngfocVYbIe8schYINzS9rAAO0LAJwGhCMnyAZ
ph2kFwNAGsgk+1bP/1BhxzZ7Uqv6Rr/YuH8N3omMWpWZJbMdNFQk830n0MSxSClm
5GV0QYFmaZLO+PYfCg4ra2Awy/bObKS4sgqY8Q77CBzFAwL+40gF1AYuyIeuYyRc
gTsDL9fWpHw/cc6HJ4/IzYxtmeR9sukjBxz3cQiArXPglCfsQ7yHstMxFSqzsjyS
/Ty7XMxrAgMBAAGjgbUwgbIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF
BwMCMIGNBgNVHSMEgYUwgYKhfaR7MHkxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhO
ZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTEQMA4GA1UECgwHTW9uZ29E
QjEQMA4GA1UECwwHRHJpdmVyczEbMBkGA1UEAwwSRHJpdmVycyBUZXN0aW5nIENB
ggFkMA0GCSqGSIb3DQEBCwUAA4IBAQCi1zSezWD8IpIjzj+I6hlXIRbV5twftNkd
nA86NaYfx+k1khoOV99gjALYff4IzCZoDZ027VeqL1mQblh4OM2o7Iirns4G21ka
bpSbjgKs3PbijcWHgWpjnWHL1osQsP/WApaZQbNIyh29F0qDmKm5fgn7eHqX4oTV
DTHzOd+tTVTkM1UHzJnYf1+1IdFwzyTVz2RT5uakuHwpJRTQhQBAdahOZPxFUURN
x7N9s/T7UnAmKHCzl7QFxfN/BsjPb8RxgRP5Rl+lU/WF+MIeK2QiJ7d2jRa9Eewn
v+8kv+HCaER3D5KpjFzM5IFofUF58J7RCZQYf71gK9kqgcIq4jpX
-----END CERTIFICATE-----
21 changes: 10 additions & 11 deletions test/certificates/crl.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,12 @@
-----BEGIN X509 CRL-----
MIIB6jCB0wIBATANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDExJEcml2ZXJzIFRl
c3RpbmcgQ0ExEDAOBgNVBAsTB0RyaXZlcnMxEDAOBgNVBAoTB01vbmdvREIxFjAU
BgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYDVQQG
EwJVUxcNMTkwNTIyMjI0NTUzWhcNMTkwNjIxMjI0NTUzWjAVMBMCAncVFw0xOTA1
MjIyMjQ1MzJaoA8wDTALBgNVHRQEBAICEAAwDQYJKoZIhvcNAQELBQADggEBACwQ
W9OF6ExJSzzYbpCRroznkfdLG7ghNSxIpBQUGtcnYbkP4em6TdtAj5K3yBjcKn4a
hnUoa5EJGr2Xgg0QascV/1GuWEJC9rsYYB9boVi95l1CrkS0pseaunM086iItZ4a
hRVza8qEMBc3rdsracA7hElYMKdFTRLpIGciJehXzv40yT5XFBHGy/HIT0CD50O7
BDOHzA+rCFCvxX8UY9myDfb1r1zUW7Gzjn241VT7bcIJmhFE9oV0popzDyqr6GvP
qB2t5VmFpbnSwkuc4ie8Jizip1P8Hg73lut3oVAHACFGPpfaNIAp4GcSH61zJmff
9UBe3CJ1INwqyiuqGeA=
MIIB2DCBwQIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE
CAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01v
bmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGlu
ZyBDQRcNMjYwNjA4MTg1MzIwWhcNNDYwNjAzMTg1MzIwWjAUMBICAQEXDTI2MDYw
ODE4NTMyMFowDQYJKoZIhvcNAQELBQADggEBAB6LRmtO+u2zn4IFE/CRdOBsCTsz
tZ8EaZSBP6P+Ag/GeLT4M6CIjHhJV1SUMt2aEAU3JBBye+sKX6Rk1JK6UzEjDnUf
+TRoGFvqh057ujD01LVh9FQpobr0Nsa/Xx4551/Nc91z/khlG5aBrTBoB4I7Q2VB
OeYjdhrAKZ0jc2xEKy6z+vJWAgj0UmSwxjhJ8Qf3xiaPnf9Nqu2UhAv+IwhWMxBC
GrXaJBOhkv9GqtNmnLJrOJoHgoO/MAKvaKi+/YqCH7pCHKt62t2f6ZD0oNuqFZYx
QofmyawIOr6FY2tHQNL2ZN4cVHgQ2X6b4vhJnpNw6tKG4s4niK3MVr7qo2A=
-----END X509 CRL-----
52 changes: 52 additions & 0 deletions test/certificates/expired.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEA4nSKxBpsnS1QX4PCO3VEEdBcCqHxKU2j4dmY8soANTyva3xs
Q1Mvu7tr+0kDWVMCI/clnMsbCIoLikiNaLXhz84/Ne7WTHkEMr31GPH4XDu6FMxz
g4zydQQ9fuCC0FyxR0KlqBLzVcrC3HIP56MzXLlbCAfCitubti8dHdZdtgC/vbTX
f2LiOG/R0M++6M4Wj+KAEagnV4bn5MiCt4KnZyf2w57ylSorhFHhszEI7YmzHjkW
4czGmHuE50NVPftU09750bFRrnxvlO/wsknER9ZrBqjkbw0E9ezMtoAGwK9Sp8hR
bVGXKBdw4aXG43MLDleaenGGJBeAJPjY76Es6wIDAQABAoIBAC2hSRLRtkAHkPHm
FT2w19n1D47O6c6mR9bq5yBI5rjTdQ9l/1SjjvM3hT8Zi7S0frJriucon9ZdJo0j
KGdIeutKBj+iVAkNu3RUBW6U1zQSjuDA/6eqv3InvBJ0P7enbctLmSCgTOrlE9Wi
oCTPJDrTWI3qLl+Xd61Cmg3Yk4JoDCkPzdWaaTBIwLCfIlgcn6Y9hmM9vxGHKR5P
NGw2pdziXBKwTvE/eM+ducNnWhHbgmG97yaLLzxDl96BQ2768ZdD/eEOpM74sr+a
mo+HyCHAQvcrEyoBGHlk+qdyBBBA2AVUiiuBXx2zlYlsHmgYJBaVnENrQSccWTzg
vkVv0hkCgYEA933L13nL4BQHFKyhRsbHaE/0GOGY/Pe6T8a31jXHqQN4jka44gGP
JD/S6Cfc+jSbiPu2EN0Yu4P8vYiTGIeKeCcD5zsh0Dk/Ht9Lts7hu1UBmVxoOokG
ndR35L7R4FE7LNqXjFO+SNKxhpSXqabUmCLGBswFdAApgU83Q8m5w1MCgYEA6j2a
mw1oRelSeYQlG0eRQ99Y9vUzf5Hb1p44A1F3zQNSzX86L+mpPLF7i7sD7TM+b9J2
Ik2ClaQ5r1vMH/pkBHrjGHYKU9JIJc/9YOZWMmKcvb9X9/4xs5us/Q0UN255/Lgx
xynjR67NRC70oAdxTi37E+OgVXDkOlheaU2ulQkCgYA5/GxVGQFOiAK8slG7Hnm8
E/eSGNFae8RYSqvp8YHNNLX7R9Cri0f5a0bEBAr/SHIkny0iOFtCHAOMeMJWHfOw
gRumArHCcpc6aYD43PIAjUMppn/5Lv+w3QYWPys3TnD56mFVjI1pzIuxh4EdS6xF
1Ofm0ch5TExtMp01Mb9nZwKBgEPAhdOLUTnHfv9+5Wy6ip3jIExuJ/MiMUAmi3UK
P2ihKXYe8qmhID5Z565G7Z/STqDxcxIA8WBvG/BI0QX+2qchFEai/eG41P1654L7
nLr+IvAPRFaKw717rdGT0uElp0sdy+gbiY3WVbD/E+qlvHQsgI8ELAAKozjtDoHO
4kxhAoGAT2zXUOdWDHqqC/Kezjjuz22JvLD1IZ5B7k/Y15KX0OIZ0W2pXY4isFhC
hsbCzYRN5PFqx+Mr+OawjzO+CaW2wnLK33a4QrooY0NJ/tHsXYWFAA00asAtNlp2
i0SwTRuvmb/M08m1338+HAFdpQrhlz4uhtbeA4ZEGRjUKCg0OqU=
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIEJjCCAw6gAwIBAgIBBDANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER
MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV
BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg
VGVzdGluZyBDQTAeFw0wMDAxMDEwMDAwMDBaFw0wMTAxMDEwMDAwMDBaMHAxCzAJ
BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsg
Q2l0eTEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJpdmVyczESMBAGA1UE
AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4nSK
xBpsnS1QX4PCO3VEEdBcCqHxKU2j4dmY8soANTyva3xsQ1Mvu7tr+0kDWVMCI/cl
nMsbCIoLikiNaLXhz84/Ne7WTHkEMr31GPH4XDu6FMxzg4zydQQ9fuCC0FyxR0Kl
qBLzVcrC3HIP56MzXLlbCAfCitubti8dHdZdtgC/vbTXf2LiOG/R0M++6M4Wj+KA
EagnV4bn5MiCt4KnZyf2w57ylSorhFHhszEI7YmzHjkW4czGmHuE50NVPftU0975
0bFRrnxvlO/wsknER9ZrBqjkbw0E9ezMtoAGwK9Sp8hRbVGXKBdw4aXG43MLDlea
enGGJBeAJPjY76Es6wIDAQABo4HBMIG+MCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcE
fwAAAYcQAAAAAAAAAAAAAAAAAAAAATCBjQYDVR0jBIGFMIGCoX2kezB5MQswCQYD
VQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENp
dHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMM
EkRyaXZlcnMgVGVzdGluZyBDQYIBZDANBgkqhkiG9w0BAQsFAAOCAQEADH7WYlZY
Mbkn+87kgMhNFk9RDXtGYHxQ29+8PL1lDyqOli1nMVBnh57pq7oBOeUXuqdosFVG
KnQIvUa1EZrT4/y+RaQXzD2xcWbdCzXQj3DT/mFYuwwtI5T6hUCHAw45LcZQxc+t
4xhnssnl7Nm7fnOl1KVkLiQWaEZqZohm7vATvNjRcZaeGS4MxAAERKWbC7wbkfBt
Eqp6h+/GnpBAW4PV/lH6hSemlr7/9UkGrbZbyqkHsOeXwOdmgxkMGUL7M3uuonwa
+XBGXvH8cxzpnmgQvqzvxC5oixJjq3wvNxa/T4T2o1Ez22jNuI8TVri1F1yfjnBs
XstbsY3QF7jg8A==
-----END CERTIFICATE-----
Loading
Loading