diff --git a/.gitleaks.toml b/.gitleaks.toml index 98255f825..4e82b1ebf 100644 --- a/.gitleaks.toml +++ b/.gitleaks.toml @@ -192,6 +192,7 @@ files = [ "test/connector/ssh/id_(.*)", # test ssh handler certs "test/connector/ssh_agent/id_(.*)", # test ssh-agent handler certs "test/connector/tcp/mssql/certs/(.*)", # test mssql connector certs + "internal/plugin/connectors/tcp/ssl/testdata/(.*)", # test mssql connector certs "test/ssh/id_(.*)", # since-removed ssh test certs "test/util/ssl/(.*)", # test ssl certs "internal/plugin/connectors/tcp/mssql/connection_details_test.go", # fake cert string diff --git a/internal/plugin/connectors/tcp/ssl/ssl.go b/internal/plugin/connectors/tcp/ssl/ssl.go index 7f4d257cf..601e521ac 100644 --- a/internal/plugin/connectors/tcp/ssl/ssl.go +++ b/internal/plugin/connectors/tcp/ssl/ssl.go @@ -111,6 +111,10 @@ func HandleSSLUpgrade(connection net.Conn, tlsConf DbSSLMode) (net.Conn, error) return nil, err } } + err = client.Handshake() + if err != nil { + return nil, err + } return client, nil } diff --git a/internal/plugin/connectors/tcp/ssl/ssl_test.go b/internal/plugin/connectors/tcp/ssl/ssl_test.go index 05f4ff039..2ebc8133a 100644 --- a/internal/plugin/connectors/tcp/ssl/ssl_test.go +++ b/internal/plugin/connectors/tcp/ssl/ssl_test.go @@ -1,11 +1,131 @@ package ssl import ( + "crypto/tls" + "fmt" + "io/ioutil" + "net" + "net/http" + "net/http/httptest" "testing" "github.com/stretchr/testify/assert" ) +// testCertificates is used to store all the test certificates +type testCertificates struct { + serverCert []byte + serverKey []byte + rootCert []byte + clientCert []byte + clientKey []byte +} + +// loadTestCerts loads test certificates from the `./testdata` directory +func loadTestCerts() (*testCertificates, error) { + serverCert, err := ioutil.ReadFile("./testdata/server.pem") + if err != nil { + return nil, err + } + serverKey, err := ioutil.ReadFile("./testdata/server-key.pem") + if err != nil { + return nil, err + } + rootCert, err := ioutil.ReadFile("./testdata/ca.pem") + if err != nil { + return nil, err + } + clientCert, err := ioutil.ReadFile("./testdata/client.pem") + if err != nil { + return nil, err + } + clientKey, err := ioutil.ReadFile("./testdata/client-key.pem") + if err != nil { + return nil, err + } + + return &testCertificates{ + serverCert: serverCert, + serverKey: serverKey, + rootCert: rootCert, + clientCert: clientCert, + clientKey: clientKey, + }, nil +} + +// httpsTestServer is a HTTP test server with TLS. It's a light wrapper around the +// server you get from the httptest package. It's very convenient to use. +func httpsTestServer( + serverCert []byte, + serverKey []byte, +) (*httptest.Server, error) { + cert, err := tls.X509KeyPair(serverCert, serverKey) + if err != nil { + return nil, err + } + + ts := httptest.NewUnstartedServer(http.HandlerFunc( + func(w http.ResponseWriter, r *http.Request) { + _, _ = fmt.Fprintln(w, "Hello, client") + })) + + ts.TLS = &tls.Config{ + Certificates: []tls.Certificate{cert}, + } + ts.StartTLS() + + return ts, nil +} + +func TestHandleSSLUpgrade(t *testing.T) { + // Load test certificates + testCerts, err := loadTestCerts() + if !assert.NoError(t, err) { + return + } + + // Run the HTTP test server with TLS + ts, err := httpsTestServer( + testCerts.serverCert, + testCerts.serverKey, + ) + if !assert.NoError(t, err) { + return + } + defer ts.Close() + + // Create sslmode with verify-ca for the test because it exercise most of the ssl + // package. + sslmode, err := NewDbSSLMode( + options{ + "host": "localhost", + "sslmode": "verify-ca", + "sslrootcert": string(testCerts.rootCert), + "sslcert": string(testCerts.clientCert), + "sslkey": string(testCerts.clientKey), + }, false) + if !assert.NoError(t, err) { + return + } + + // Dial to the test server + conn, err := net.Dial( + ts.Listener.Addr().Network(), + ts.Listener.Addr().String(), + ) + if !assert.NoError(t, err) { + return + } + + // Upgrade connection using sslmode + upgradedConn, err := HandleSSLUpgrade(conn, sslmode) + if !assert.NoError(t, err) { + return + } + // Ensure that the upgraded connection is a TLS connection + assert.IsType(t, upgradedConn, &tls.Conn{}) +} + func TestNewDbSSLMode(t *testing.T) { t.Run("Options are passed as is", func(t *testing.T) { opts := options{ @@ -91,7 +211,7 @@ func TestNewDbSSLMode(t *testing.T) { t.Run("sslmode=verify-full", func(t *testing.T) { opts := options{ "sslmode": "verify-full", - "host": "some-host", + "host": "some-host", } sslmode, err := NewDbSSLMode( @@ -109,7 +229,7 @@ func TestNewDbSSLMode(t *testing.T) { t.Run("sslmode=verify-full sslhost takes precedence", func(t *testing.T) { opts := options{ "sslmode": "verify-full", - "host": "some-host", + "host": "some-host", "sslhost": "overridden-host", } diff --git a/internal/plugin/connectors/tcp/ssl/testdata/ca-key.pem b/internal/plugin/connectors/tcp/ssl/testdata/ca-key.pem new file mode 100644 index 000000000..54cefce87 --- /dev/null +++ b/internal/plugin/connectors/tcp/ssl/testdata/ca-key.pem @@ -0,0 +1,30 @@ +// File generated by ROOT/test/util/cfssl/generate_certificates.sh +// DO NOT EDIT + +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEApduBO/l/SkqM1sOTRqVcuX0VnFiLtFXgxzKwcGh+XHDNPpl5 +osF2HLs/FWMnqxbLdSI7xNDnm6BPW7n++cGtCpzEMCX32IIHDfFs1RtqA4CQDpoL +1vlF+dt8oCs+RmiU0Np/hmKYJpZrdnFwwfuw0p/F0Ygr51rq1rVMwLl5fcsWf90K +DICNEmg0ZaTsu0l2kZNjsFa6e58SdGwgxyUewMlf07sTEWAN9NfxHMmMV1igyv3H +xdTJyTAYzMbXV9GYyKceEcHft/fbctAa1W8qBTI42CChE4jACyTz8ekPFuXVGk99 +qifOiRQ1yimjq3MV/qA6uuULDTb+WO0bJ01EXwIDAQABAoIBAGYHjozSgxe0nMdR +MLx45X3GERFI90hMvCZObHP6FCHR0rD7wPP6hypNlhUWFkUNlMPN926wBIqcJ7WJ +yezi1Ax/O8FS2hD6jFRrfEPsxV66K+SPp1Drr7xw5U2yzHCLzWBdya1l4at7RUhr +qK3so24uk4a+eiOsrmK+zSSR9McItj4/11sKesr4UJG5o5IFuxR8kojeAmVbTy5o +4X6JKuztV2DBMo6bop0k3FJ176vbdhGgsd3B3EBoCaGEDJfxNsVBQ3nE344xgT+x +CjoAitIwQvMXl3gmPjUFYZwFSVkvHCU0hZAYSECDfqM7ejX/E9WaNUKXWHWDMYBW +/XjeRSECgYEA2YA4WdMZQO5jBnEKNqMJpT7U9svWIUggOFasidtSU0grX6ZBzEo4 +Z23ySbcchaNj0NRRJbA+kOekQoyJE9EKvlc91chxzb9ygYefUzoq3SzKo7qFZOaO +9BE13MxgLiCGqkRCrw/igzTwJH7wvlABz/6jeh5dJTUxoxaHWOYdPNsCgYEAwzcg +rYN7U2vN8Flf+tPXMNYJB4pBSFVrEACw70oJv+0y0ELbOIE3cO3rkAi5r9nojsGs +e+S+37CGDu6y3eQbnnwhK0LVbwo3rv+5XX5/RbDWmIX0xuIWbqntukCXjQb64dyf +zQYhRplukbiUEgZ5Njj+8acK1mVE1fDwTPyca80CgYAUxaUcFwgbZmj4rYUPMMT0 +DisiotcBeLTzDHwP8m1LXOIfkW5JR3FZl2uDVMSZksAuqohRdCKVjjnmzSsuRFGl +WgmiyDDuOHGEI2K4/R4o32U++8pPl6Fhd99QBgjNfve9fSVtOLQmWcDxi1oMovF5 +XtVYDVxR+GGUNMuaVufF7wKBgQCFwLTEDe0muBtvDV2EtzaewFeJcgHOtK/ZVA/m +s/zAIp4JMXWQXoCFAI7ArinDwfLkNPCgJpddHk6L1qJ5A7yktvnm8TDZls+WOKJh +27UKI+K0uDuBNREXm5hFX9I2j0zACfD3gba075VhhGz3eLX+H8kV+1Silto2F5Id +vYrTFQKBgB8rW2+Xpt7AMxBY3idqM15DnMgabIV5AOcq7JIkTjHsO0TWODL6XsJV +fr/H/Ha3tTdxvmM9V+bDl6yo3jjXZZMQJh2QBHbU+nl9syZHfCRVahVRNS5a7yPm +LVJ/dJHTcT8Ml9PBTgixYY0+tWydWXbpvJx3Gh+7dAwLNC/lfNlX +-----END RSA PRIVATE KEY----- diff --git a/internal/plugin/connectors/tcp/ssl/testdata/ca.pem b/internal/plugin/connectors/tcp/ssl/testdata/ca.pem new file mode 100644 index 000000000..eaf69be34 --- /dev/null +++ b/internal/plugin/connectors/tcp/ssl/testdata/ca.pem @@ -0,0 +1,24 @@ +// File generated by ROOT/test/util/cfssl/generate_certificates.sh +// DO NOT EDIT + +-----BEGIN CERTIFICATE----- +MIIDYDCCAkigAwIBAgIUUBXIDdcvXxK1FxQestxD2XryFbMwDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJh +bmNpc2NvMRQwEgYDVQQDEwt0ZXN0LXNlcnZlcjAeFw0yMDA2MTYwOTUzMDBaFw0y +NTA2MTUwOTUzMDBaMEgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UE +BxMNU2FuIEZyYW5jaXNjbzEUMBIGA1UEAxMLdGVzdC1zZXJ2ZXIwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCl24E7+X9KSozWw5NGpVy5fRWcWIu0VeDH +MrBwaH5ccM0+mXmiwXYcuz8VYyerFst1IjvE0OeboE9buf75wa0KnMQwJffYggcN +8WzVG2oDgJAOmgvW+UX523ygKz5GaJTQ2n+GYpgmlmt2cXDB+7DSn8XRiCvnWurW +tUzAuXl9yxZ/3QoMgI0SaDRlpOy7SXaRk2OwVrp7nxJ0bCDHJR7AyV/TuxMRYA30 +1/EcyYxXWKDK/cfF1MnJMBjMxtdX0ZjIpx4Rwd+399ty0BrVbyoFMjjYIKETiMAL +JPPx6Q8W5dUaT32qJ86JFDXKKaOrcxX+oDq65QsNNv5Y7RsnTURfAgMBAAGjQjBA +MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBScOKFW +T9Q/SkB4geeYAKxajbuBRDANBgkqhkiG9w0BAQsFAAOCAQEAODG1GteYoETLBt/7 +a3GhZgdMKSm37CaGII0BMMWFC1zq5R/X5uGFmFcg7Gi2M4XhY3DTwSOD1w81HMNv +YrrR+nBI6MG+4s2ldCfIsHRH850FfLCVACRkkQJyUMijfvLlz57eVTQyJD6noyB3 +1j02+NVzi/xa92Lj5RnwwUTqZAk/JuIXVQf5tt4cEQxk4e6t4U+BMK4rUTvYC3J1 +2c5R/WuOIokzmjnsjwKTS3ajIeJwfcMPyToU9SpOKf54Pjo6jmKo141czHbk0JS5 +Q4yD+SPdeDES2iO9KcUKc9wkVX5Rzt3DKbdX6qZWqgPZHZ1ApzJ5ChA97qJUihkc +XYsEUw== +-----END CERTIFICATE----- diff --git a/internal/plugin/connectors/tcp/ssl/testdata/client-key.pem b/internal/plugin/connectors/tcp/ssl/testdata/client-key.pem new file mode 100644 index 000000000..28c068f15 --- /dev/null +++ b/internal/plugin/connectors/tcp/ssl/testdata/client-key.pem @@ -0,0 +1,30 @@ +// File generated by ROOT/test/util/cfssl/generate_certificates.sh +// DO NOT EDIT + +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAumhEYWrBtwRED7tYM3w8V8GSzbtW8WPqUjVZxAGy0ThOVIBv +1s/pc+UYBG8x1aaBgXb3gRvoGe1Kf1pCa5nq+5HFWYwRWB08Loilyy5pTgmLt5FS +pegq/W8y+MXjMlwvoaC3+NZFxVBVgDMtgBvKoowqq03vYTFDnj0cLkhNup0MwJqu +VlFGkyM7KolR0kNtbrEVymZJdv2cWjf8/m3rLjb87ZaC5oQ7d1ouV7ZwV57oW42g +m5YK5j13vPzW/le/yMUzhcLiNvEcQJARh4e2GbRnmkXqsHNXyc+YyZLla5R3gGRN +aj7yp05SqbVwHYzL3UWqXyyOQVObYrjImYvxeQIDAQABAoIBAD5Lxj6APQj65fwT +8iASrt/tEzCqIR4+8/pRVhSJNMdy98qJudaiWTSgJWyl9JOgN7ualJCTUPgJM1Jo +SbZIFB3K05dflhRKgOhURoQmmI655fWNHX/QnT1hQjmdeJZF9K0hVxpUEbElbc2Q +TO55WzkDeucQ/qUOn7hsV9Sn2UI50+Cj1Ysz03VEII9VPng7iMlQ3KXOjaVDYZNm +wlKhv1v/9ZZZ70PpEQY9aaBNgvhgFnM0jgC7UdkSrLbpcPLIh8V1A9H13dusx5q2 +hk7JLcprCANFPkIaGJyGyeZy/6H14QGGmO1iGqCPrdqXE1sGL4PfMRlxLRiDCnlc +tmJCgVkCgYEAznDUGkHD0lm80nBkiY3NIo1IzmrUg6/km865aHlkt/YRFDEA9dw0 +3xnFYkWxK2m4+63LM12fgogG9216B9+TVvh45klMKgbGBlsLf+N5YUKBEU8seeou +5UryDqOIzNSCERGZDWcn/SjGy7M8bP1z3/V9fmVMH3al3Nxfl4uWoR8CgYEA5yg/ +sRornTbnT6ZqeJTy1R8OZSvGkF0eTIKzakLs5At7nQ/np6sXmJeq6ckkQIknpo5y +NOOGnvIKw/3OmTXkncMsqGr8w7fjC+WuEwQ2BMGXOKvdagyynTKj9RtMiDoPoV9w +otOHcsNY6KzHKWRi8yDQLb7M1jDza0xoG+kVImcCgYEAqeg8+ZtVAySufvjYFkpq +IlzsJk/Qts2mtwHOoYj/91SDu/2VD8V8kn6QcRBxAA0UnbftfUo6BWHVcgFdpWtC +xhrczpRXJmPKyeJXNZvQA9eLiOaD8Zdnn3oufRPlfMgOgOPd9yUGyZqs+2x6eC2m +GBbhgYz3uRGa84tA9eaCQ/sCgYEAqjcuJ3iw8xTR4goWTvLHmf5DeGZy0i1vuUFp +Ym8jx41ZGj/zArlvJ7NPbNXrtwYIR5KPMLj2kaaEHOyRrKpNzYpCIUafGHQZYdJg +i6pHKNtxQo7z/TqacD0xFLVkds/iYJ9J7uy6ydxlZPiNs8IzRvs7sOPWLEdhh/p8 +k0jggjMCgYAJlLxmBjRfBLvampyp7POGSB+5Auz26WUFF/uuCX3b6YVzkSY536Ep +7QBPCog253segiN8nPGeFnZoOs0mPohFb0+QeIk0AGk2kwNuraOcARaU/UHJkDZS +ghLw+yxKkxk5S3CiWzXsaxAQDb4aug5C2LVxj4g3Ei/vdpPpahxKlg== +-----END RSA PRIVATE KEY----- diff --git a/internal/plugin/connectors/tcp/ssl/testdata/client.pem b/internal/plugin/connectors/tcp/ssl/testdata/client.pem new file mode 100644 index 000000000..832e8d0cb --- /dev/null +++ b/internal/plugin/connectors/tcp/ssl/testdata/client.pem @@ -0,0 +1,24 @@ +// File generated by ROOT/test/util/cfssl/generate_certificates.sh +// DO NOT EDIT + +-----BEGIN CERTIFICATE----- +MIIDgTCCAmmgAwIBAgIURbHFby1/X1JUxWSXFSBbTWj7SI4wDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJh +bmNpc2NvMRQwEgYDVQQDEwt0ZXN0LXNlcnZlcjAgFw0yMDA2MTYwOTUzMDBaGA8y +MTM0MDcxNjAwNTMwMFowETEPMA0GA1UEAxMGY2xpZW50MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAumhEYWrBtwRED7tYM3w8V8GSzbtW8WPqUjVZxAGy +0ThOVIBv1s/pc+UYBG8x1aaBgXb3gRvoGe1Kf1pCa5nq+5HFWYwRWB08Loilyy5p +TgmLt5FSpegq/W8y+MXjMlwvoaC3+NZFxVBVgDMtgBvKoowqq03vYTFDnj0cLkhN +up0MwJquVlFGkyM7KolR0kNtbrEVymZJdv2cWjf8/m3rLjb87ZaC5oQ7d1ouV7Zw +V57oW42gm5YK5j13vPzW/le/yMUzhcLiNvEcQJARh4e2GbRnmkXqsHNXyc+YyZLl +a5R3gGRNaj7yp05SqbVwHYzL3UWqXyyOQVObYrjImYvxeQIDAQABo4GXMIGUMA4G +A1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA +MB0GA1UdDgQWBBRX0s/sl5ak85RMbBhPomeqnT9HUjAfBgNVHSMEGDAWgBScOKFW +T9Q/SkB4geeYAKxajbuBRDAfBgNVHREEGDAWgglsb2NhbGhvc3SCBW15c3FsggJw +ZzANBgkqhkiG9w0BAQsFAAOCAQEAh+cv2RILfi4VD0c1A6lt5uBSt1eSzSu7e5+0 +dN4T2/t58w8lsfS12GWL1i47O3gd9cZN7wavqzrnPZiFmbO9DG2u+9DqllidA4uY +P6xB6468iZgEUxlL+d8eUT00vNqgofiAmu24fGEk0iuNdjbUTtKBDB2On/AR4sNo +40gji0rlKgyZ47AIZH5phtWty746/m2TVJ6OxyZD7VOVn5VR6/AHU7hXZ8coP6Gi +qxap9ypk1TkSPwXXAaKepIIwv8vcZAnQt7/HqpVOcLmG/NAKp1vc63tVmWsE30sQ +y5ukQN6t/aErBCrq3uPQQ0ZB5YZ/USOTcUe1bottM8UrkQj9sg== +-----END CERTIFICATE----- diff --git a/internal/plugin/connectors/tcp/ssl/testdata/server-key.pem b/internal/plugin/connectors/tcp/ssl/testdata/server-key.pem new file mode 100644 index 000000000..3d10f6f84 --- /dev/null +++ b/internal/plugin/connectors/tcp/ssl/testdata/server-key.pem @@ -0,0 +1,30 @@ +// File generated by ROOT/test/util/cfssl/generate_certificates.sh +// DO NOT EDIT + +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAx2QlaVnpgjFsBFY/NtzWoeVPz5hJz+5MGkPoFdVsGncroYvZ +sTAMl56/GA48TYdtCe+vA9GRXR5ns89cCmSjbuV2/sdyOpBDRei+ghHutQFoAoVb +gva7Ic7Y8/jBwN0fX9O1XkN0pp2FsAj4GTSztydfHMdjY/jbJIbgTrx05RWaU192 +8GVANO3xInsaYYPMWjiYM4Mry++FSOAbx5+jPs2bfkKFtmipS415r/oFzw+UdZ9E +9oJDDEEsxYcoAxgNcLzrl9n57J0N5GB3FGyMg8lulcqzHFN6ueHd6lXiBmmlIr2b +qkOjkP/yv8jjf2POyOx/K4IwqqgSPyGxNpOlZQIDAQABAoIBAEurBsOXWpWM+egf +bvf8EPv5kTNAIOrnDTx+fsoiZ1cX2JgDAcdLa8vyc6TGaj4l4cx+iFWTp23GRyam +z9Al5xwDuwfvWrs82jrim8Gy2nsYoIcsYtEtn1CyNgVIZwcxI2HzbwXp5ZABgaWP +kc/G/1jHeUHrrR1YaJnREbjvrhDtWUVItpVZ7o6XTc+Xp4pecpOS4DVG3sOvKWVi +jxuD2Xf5cbPmtxgiFfmzMRqNfihK/F2TaPNJczqAmpva97VKDudp/9ktkv0TGXxm +kYseQ9eRBJNavhSKckX6fEtQSKTFrmhIAeHz1On3MpgnZHvjfwbQusYQ4Wg5m/fT +rWU2/tUCgYEA6T9LcXu7jRS2Lm7FNLJjKTLtl/+KdadA7ld9WuYIodNsua+lXzhB +Yk6ADGOnr0XW9CUxmOt61HB7BE/ZfKQkNEOU8YinUKKcdbtkvqtL7IXES2DBl5L+ +HVrCO1C6a1JT92lJuM6emoMD5oNUb4XTwV2Gcmy8zkeMhgoSXIzCjgsCgYEA2tdj +4w4zL43MuofDsusQfOy10I375uVj8XHS3Gd7rXCTzi9S2s8goxqPowfjCqWo2wUy +x5x0z8lIGN8FwIfpRnwAnPy6SrrYRT5xoOeHYatQ/Gs8X4JesTRg9nXIA0FdVmCh +D5pBZkAkScEkvzROQnzTzzmx56amna40A1lPcE8CgYEA0Ppyv8Sab3blG4kHi4Vg +ruMAWTUNewhVdrZQjAaaKVNikKO8ySl/+3JV68PF05YBV1GTtG0W6gu1TFG2jKQM +A/+hDR7gubBX+mvhgau8JLhc/SQ9j26V2vscF0TnIYzryjo9YSVOmSVVc0yrdBg1 +d4QyF4cxSqh0UQvpE57SGa0CgYEArYnUWf+us20dBmYW2FDzmD0VyLZvJaCOaq66 +abFeMCFv9Dcu2vkZhn3PnZbpgk3v4w7yP7xgHU4ecCqbIxwj7pLy4YrAJ/aW/gIQ +lWpEvzzdUe2vyIVXlepVYdvwqjQxUgf6cKcAaZc/r4UMINvXm33lcRTtcSeERNIZ +yPYPup0CgYEApWF612ybHiUVxAMXtQvO/kxhsM8rxbZL+9BHF7GLvm+ctUd1HBNu +UusxmqDwQChWx1Y3lUPMH1dlW6uiko/hLar3SIfzDwlKFaVGJM3pDC8Le7Xuw4vU +WNZuiyYYhZTYSxUCrnfBN/kea5wSz9Ul7InJNtD1RVGXvRSbfwrQjTY= +-----END RSA PRIVATE KEY----- diff --git a/internal/plugin/connectors/tcp/ssl/testdata/server.pem b/internal/plugin/connectors/tcp/ssl/testdata/server.pem new file mode 100644 index 000000000..62c6f20e7 --- /dev/null +++ b/internal/plugin/connectors/tcp/ssl/testdata/server.pem @@ -0,0 +1,24 @@ +// File generated by ROOT/test/util/cfssl/generate_certificates.sh +// DO NOT EDIT + +-----BEGIN CERTIFICATE----- +MIIDizCCAnOgAwIBAgIUeU9wyM/LD/MEm3nJc9/S0PDpPmUwDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJh +bmNpc2NvMRQwEgYDVQQDEwt0ZXN0LXNlcnZlcjAgFw0yMDA2MTYwOTUzMDBaGA8y +MTM0MDcxNjAwNTMwMFowETEPMA0GA1UEAxMGc2VydmVyMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAx2QlaVnpgjFsBFY/NtzWoeVPz5hJz+5MGkPoFdVs +GncroYvZsTAMl56/GA48TYdtCe+vA9GRXR5ns89cCmSjbuV2/sdyOpBDRei+ghHu +tQFoAoVbgva7Ic7Y8/jBwN0fX9O1XkN0pp2FsAj4GTSztydfHMdjY/jbJIbgTrx0 +5RWaU1928GVANO3xInsaYYPMWjiYM4Mry++FSOAbx5+jPs2bfkKFtmipS415r/oF +zw+UdZ9E9oJDDEEsxYcoAxgNcLzrl9n57J0N5GB3FGyMg8lulcqzHFN6ueHd6lXi +BmmlIr2bqkOjkP/yv8jjf2POyOx/K4IwqqgSPyGxNpOlZQIDAQABo4GhMIGeMA4G +A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD +VR0TAQH/BAIwADAdBgNVHQ4EFgQUshD/QApOyMGDCG+S5Wpvvkhs2BgwHwYDVR0j +BBgwFoAUnDihVk/UP0pAeIHnmACsWo27gUQwHwYDVR0RBBgwFoIJbG9jYWxob3N0 +ggVteXNxbIICcGcwDQYJKoZIhvcNAQELBQADggEBAH9F+kw/DTnFl7Dylu5osJER +NxNuSWTB8Q0zhHIef3HesD+YIpPcihKqeUvlS1zU/YSTKp0a+oMLzuTWeXrK7kaD +iYNUywuW0XZ0lXFinilSsMUI6y08jNJGThpGEUdVOdSYhz9XtKf1CKWe/Bq2KIq+ +nOqXQEge5R8zgmB9sNHecQ9L6d5V/p4g4A+Jz4etK2uYiSYvEKSwlqzADWZCjYIh +DwKcZmkBsZ4qQhe72zIMyWuYOCHB4JE8CvnPrwVnqBQfjSGO+rWUtveI0den/LRW +FI2qTPWpwVnXnhx70KfqTIElo+cc+Lit6wKpUgiMxIy/P3SvpNbXiK9dopylgdM= +-----END CERTIFICATE-----