Skip to content

Commit

Permalink
Merge pull request #8616 from mitake/peer-cn-auth
Browse files Browse the repository at this point in the history
RFC: etcdmain, pkg: CN based auth for inter peer connection
  • Loading branch information
gyuho authored Oct 4, 2017
2 parents 78c5741 + 5f7ce4f commit 863dfd1
Show file tree
Hide file tree
Showing 17 changed files with 325 additions and 138 deletions.
5 changes: 5 additions & 0 deletions Documentation/op-guide/configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -295,6 +295,11 @@ The security flags help to [build a secure etcd cluster][security].
+ default: false
+ env variable: ETCD_PEER_AUTO_TLS

### --peer-cert-allowed-cn
+ Allowed CommonName for inter peer authentication.
+ default: none
+ env variable: ETCD_PEER_CERT_ALLOWED_CN

## Logging flags

### --debug
Expand Down
77 changes: 77 additions & 0 deletions e2e/etcd_config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -113,3 +113,80 @@ func TestEtcdUnixPeers(t *testing.T) {
t.Fatal(err)
}
}

// TestEtcdPeerCNAuth checks that the inter peer auth based on CN of cert is working correctly.
func TestEtcdPeerCNAuth(t *testing.T) {
peers, tmpdirs := make([]string, 3), make([]string, 3)
for i := range peers {
peers[i] = fmt.Sprintf("e%d=https://127.0.0.1:%d", i, etcdProcessBasePort+i)
d, err := ioutil.TempDir("", fmt.Sprintf("e%d.etcd", i))
if err != nil {
t.Fatal(err)
}
tmpdirs[i] = d
}
ic := strings.Join(peers, ",")

procs := make([]*expect.ExpectProcess, len(peers))
defer func() {
for i := range procs {
if procs[i] != nil {
procs[i].Stop()
}
os.RemoveAll(tmpdirs[i])
}
}()

// node 0 and 1 have a cert with the correct CN, node 2 doesn't
for i := range procs {
commonArgs := []string{
binDir + "/etcd",
"--name", fmt.Sprintf("e%d", i),
"--listen-client-urls", "http://0.0.0.0:0",
"--data-dir", tmpdirs[i],
"--advertise-client-urls", "http://0.0.0.0:0",
"--listen-peer-urls", fmt.Sprintf("https://127.0.0.1:%d,https://127.0.0.1:%d", etcdProcessBasePort+i, etcdProcessBasePort+len(peers)+i),
"--initial-advertise-peer-urls", fmt.Sprintf("https://127.0.0.1:%d", etcdProcessBasePort+i),
"--initial-cluster", ic,
}

var args []string
if i <= 1 {
args = []string{
"--peer-cert-file", certPath,
"--peer-key-file", privateKeyPath,
"--peer-trusted-ca-file", caPath,
"--peer-client-cert-auth",
"--peer-cert-allowed-cn", "example.com",
}
} else {
args = []string{
"--peer-cert-file", certPath2,
"--peer-key-file", privateKeyPath2,
"--peer-trusted-ca-file", caPath,
"--peer-client-cert-auth",
"--peer-cert-allowed-cn", "example2.com",
}
}

commonArgs = append(commonArgs, args...)

p, err := spawnCmd(commonArgs)
if err != nil {
t.Fatal(err)
}
procs[i] = p
}

for i, p := range procs {
var expect []string
if i <= 1 {
expect = etcdServerReadyLines
} else {
expect = []string{"(remote error: tls: bad certificate)"}
}
if err := waitReadyExpectProc(p, expect); err != nil {
t.Fatal(err)
}
}
}
6 changes: 6 additions & 0 deletions e2e/main_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,9 @@ var (
privateKeyPath string
caPath string

certPath2 string
privateKeyPath2 string

crlPath string
revokedCertPath string
revokedPrivateKeyPath string
Expand All @@ -43,6 +46,9 @@ func TestMain(m *testing.M) {
revokedPrivateKeyPath = certDir + "/server-revoked.key.insecure"
crlPath = certDir + "/revoke.crl"

certPath2 = certDir + "/server2.crt"
privateKeyPath2 = certDir + "/server2.key.insecure"

v := m.Run()
if v == 0 && testutil.CheckLeakedGoroutine() {
os.Exit(1)
Expand Down
1 change: 1 addition & 0 deletions etcdmain/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,7 @@ func newConfig() *config {
fs.StringVar(&cfg.PeerTLSInfo.TrustedCAFile, "peer-trusted-ca-file", "", "Path to the peer server TLS trusted CA file.")
fs.BoolVar(&cfg.PeerAutoTLS, "peer-auto-tls", false, "Peer TLS using generated certificates")
fs.StringVar(&cfg.PeerTLSInfo.CRLFile, "peer-crl-file", "", "Path to the peer certificate revocation list file.")
fs.StringVar(&cfg.PeerTLSInfo.AllowedCN, "peer-cert-allowed-cn", "", "Allowed CN for inter peer authentication.")

// logging
fs.BoolVar(&cfg.Debug, "debug", false, "Enable debug-level logging for etcd.")
Expand Down
30 changes: 15 additions & 15 deletions integration/fixtures/ca.crt
Original file line number Diff line number Diff line change
@@ -1,22 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDrjCCApagAwIBAgIUaE5uhZZO0NApCR9JZ8WFTYzCRHEwDQYJKoZIhvcNAQEL
MIIDrjCCApagAwIBAgIUD/nWsq3FfCKbMoY0HPFWnT0vEsMwDQYJKoZIhvcNAQEL
BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzA4MjExMDE4MDBaFw0yNzA4MTkxMDE4
Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzA5MjkwNjUzMDBaFw0yNzA5MjcwNjUz
MDBaMG8xDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
ZWN1cml0eTELMAkGA1UEAxMCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDINenyY3RrYI6PYibH+j95HXhTJdIssBiox1IX89SkqmpFQAbmt2+49tka
el8MeyZC76KqAmbon6m8zCeCM/XxdxaEEUHeHAy28tD+Sahn6jrodCovZl0xe6hp
RVcMd10ic0awxRvogOU/wXvzExI01zcVAo3wVgH2ZVb2dnPe5cLXAdAHaJ/LtsBY
WCY/Z66afwwOfPSp/KOXcA2umxTYJusF1EJWb/2zNAW4kYCNnrL+ha1n0ll7WVv4
TqmgoyJl6Zp8aGnxcFVQ0pkh0VCFQOxRFZWSAnfFSGAl8ERWyUgiI6cmY2FNPr6r
oGW3RZ/rrJBTdbQBUP+if8VKu9wBAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP
BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRoJE96ipgtnKmI+iE2QhTKTCkYHDAN
BgkqhkiG9w0BAQsFAAOCAQEAMFqUbkReRhcXYb3X5SHswlLS0XmB4MjcpibHUa8J
haIU0VZuG+85wMwAdUAHgHVANxzyFf/fWEmHvVJzOzWQmBuzjENbzN9jscTXX0ZM
eAEVuq3LooAWI0Zu3VTwpwOpeckdJdbpcxCpnNoytQ+3fF9935R/rzMFd1q+7aLK
J5fwkGCUWV9AcLYvl2Njh23nFohhtHLn/xmzhTXzFlxQhI3t3FmmSuhL0hed1TZB
j375gCo8olmeEV1i/wpMfrbxnQjuVlsjv4TvuYZ20xtobV6xHq0hJdej8HXW+VsC
F79uOFqyAbuDYwVhxI+s8C+kRaTZKvbL+i2xW1sNHapGWQ==
AoIBAQC8JbBTGtxAi7QPiix8bQJ+UmusPaaAtwOlcdz24FzLpIIp1tGqDZSVIG/N
Ewt3Uujau4G5GO32mIJ52f1dhZHu5RU4Rhu707lKHM7sgQZTtMQUJuJ7YGcfmi77
SexBJvfNBAZScpZVbBDBzhLCDfjA89HwcGqjcxweSY6pXeHvwOVzwoZAoYJfw8vN
3hNnIHzMoraRlYdAetxGmA3/r3f3l3NfiIE1vZI3g0CAlTkY8ZaqT8Oo6ZIbFBYO
FIm1eCcNVdf6ZSzQOueKdIB+SFRNcnzdJYQpyWo1wuVTEZkNwp8jdpRK0xy2FBG3
cTUac0mtvhfc8k1llp+Gk7uesr3fAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP
BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQX1uJJuwcyp2vAJIzR8oyOhdnDCTAN
BgkqhkiG9w0BAQsFAAOCAQEAb98aC0nym9vd6udUiECJKdgeed/PY3lczppk4MUV
tmH+5kDk84ES+lRb4n+OcxswE8E2xi9/vuGujC9vrUOFF3mlDG/ekwH3SoA0yuYC
+aBPd1MAZNhNie4B5rSBWNhwUo4OjhW9ohfiZA6C/TRk3pQBT9bB0DiFkv3uatbs
odoUOT7jK7vh/Jz7fYI1bHbRr3iym8aH00wo8774ZVQJkMO3HPqm/92CBZo3/vuK
WngWzUucGmZcalA/bPUofmSe0LaX1qhLUl6FG5hFByyufob8qRd5aiCgwrp2IILR
gNpiE4OF0AaP9cWysSOld+vT9BzFIlKX1fS0Zn38a+00yg==
-----END CERTIFICATE-----
9 changes: 9 additions & 0 deletions integration/fixtures/gencerts.sh
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,15 @@ cfssl gencert \
mv server.pem server.crt
mv server-key.pem server.key.insecure

# generate DNS: localhost, IP: 127.0.0.1, CN: example2.com certificates
cfssl gencert \
--ca ./ca.crt \
--ca-key ./ca-key.pem \
--config ./gencert.json \
./server-ca-csr2.json | cfssljson --bare ./server2
mv server2.pem server2.crt
mv server2-key.pem server2.key.insecure

# generate revoked certificates and crl
cfssl gencert --ca ./ca.crt \
--ca-key ./ca-key.pem \
Expand Down
Binary file modified integration/fixtures/revoke.crl
Binary file not shown.
20 changes: 20 additions & 0 deletions integration/fixtures/server-ca-csr2.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"O": "etcd",
"OU": "etcd Security",
"L": "San Francisco",
"ST": "California",
"C": "USA"
}
],
"CN": "example2.com",
"hosts": [
"127.0.0.1",
"localhost"
]
}
32 changes: 16 additions & 16 deletions integration/fixtures/server-revoked.crt
Original file line number Diff line number Diff line change
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
MIIEEjCCAvqgAwIBAgIURDPBrQ3XYJ55Ks+mx1JQF+/vfHIwDQYJKoZIhvcNAQEL
MIIEEjCCAvqgAwIBAgIUOW5etKg/ZnxbCpjtVvMoLmYMXecwDQYJKoZIhvcNAQEL
BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzA4MjExMDE4MDBaFw0yNzA4MTkxMDE4
Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzA5MjkwNjU0MDBaFw0yNzA5MjcwNjU0
MDBaMHgxDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
ZWN1cml0eTEUMBIGA1UEAxMLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUqP4yxvMdKlQfnP51EYW7XEWKKWqdDmP4LnQN9L24NgS3
Z66TqhcwH6VSDfL0e3B1puJAEqCpGfJ3CSvRkwbFHIthyYuZ2n2OF2tA3VCN57PM
RoCgkGWum6q1gMlRiKLZP2C18oa3Z2ySVY3Mv4mJGqqK+I+c0yVpcnGy/zkGlVDJ
/yw7YcxrBpz/54XP2sVAua6t/uEnsVq/dAKczuwl7rJiH2fhlgj6xNoLuhwORxTE
Ka0SAVA/6MHWdP0PKCEdksv+PugoM6yhTxoY+r2bRmayQA6MfgS6w5A2x04+K+q5
APqSn8PrDYs2cUbEOWqvfEit9sQuZiFmK9HsbC/XAgMBAAGjgZwwgZkwDgYDVR0P
A4IBDwAwggEKAoIBAQDJb+66dOfF2/Q1Ppz825+uGxVpDIGHaP+H/EKgDELZZ+ev
0bUbsH9E28p+Ih87eV+hfu68kOgOZ7fLplN3uaSpG716sd/5ny32T/m/JS0hnZdR
bD1nvRPqxFPy1G1xM+JWeFRDbJQJ18t1Bt/KB3p+TRdo2aEaQgC2wrsTjv84MEbp
WJyI3uxmUaEStoPDskQyjI4Z5SKHHQqIuRzpo5KHMf9OqFRAm+pbe4aMsUBHOAH4
YsHr/gGrZUSIdGScBnosncUl6Ec9rEBe4cRf7ruyid+pwJOhCeXekSCcQjyqG2cV
xPWShUuCGhFstu6dkMprRplzwy7WXqCdqMk9ZVkBAgMBAAGjgZwwgZkwDgYDVR0P
AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
Af8EAjAAMB0GA1UdDgQWBBRBAOxGvg1O7ZArmCeW0VZwBGJz+DAfBgNVHSMEGDAW
gBRoJE96ipgtnKmI+iE2QhTKTCkYHDAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8A
AAEwDQYJKoZIhvcNAQELBQADggEBAAiEMC18ECecYQIxMZN4ZiKhghgtBOVawvf+
1hIU7jYfMnR8gII+nP6c1UxgWuV+4TEKdf6d37Jy83dhSkUputBqNVSpR1+sf9FE
f0QZWYEzgwgSsldNq0F+A7lWFcU/IyL9AK77sm6xmHx0RSSTKB4Omyp9Pyn6z+QT
avC+1OgjCaTMDKv6bajg8U+TbykEnfO8R0B9vDD4eIfNDNG0zrXNkiN0L00Hd8Uj
4HPB2Q9efIxjjEI58Cy61TTgzwuPbXW15xE17+UqHgKoKnKrgVTJLy5O+1RmfrOP
kLcLRvyHg/q8Vvq41DlD+TpiFD4CdB1nhcblA/NXMEovKysnJQ4=
Af8EAjAAMB0GA1UdDgQWBBSpFTakSu4EauEYmUFasPJu6CWbITAfBgNVHSMEGDAW
gBQX1uJJuwcyp2vAJIzR8oyOhdnDCTAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8A
AAEwDQYJKoZIhvcNAQELBQADggEBAENi+GFd6an867Jrgsgd5kbGkKOl0Mcr00H8
OQGuy5Zuy4lpLwHQ5YHaowsmxt+KOkpEG6raFmOMJh5Q3fY//nAFhtmikOuggw45
jQWT0uguB2NzdQfyo3BTLlwRbKVkfmoSDVtNPMYUR3AD6jhLVEoY/gDwCJHsm5/9
mPK0bgzTjnNRXfr0+cBmeOSpOvTtgvRhQMEvpbh0DAv71MSYY/XSWVng75QMRSf0
DuvuBAKmjfFw8rMcz0WkkN/QcMG3olxRyZt6gl7o6hlttO261+gfLY77s+YLYKr5
Sf9WAHWcnrgmfyUXHoVx1YA5HoDBKUuX0bI6ufCnqn9JMIPDSGs=
-----END CERTIFICATE-----
50 changes: 25 additions & 25 deletions integration/fixtures/server-revoked.key.insecure
Original file line number Diff line number Diff line change
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA1Kj+MsbzHSpUH5z+dRGFu1xFiilqnQ5j+C50DfS9uDYEt2eu
k6oXMB+lUg3y9HtwdabiQBKgqRnydwkr0ZMGxRyLYcmLmdp9jhdrQN1QjeezzEaA
oJBlrpuqtYDJUYii2T9gtfKGt2dsklWNzL+JiRqqiviPnNMlaXJxsv85BpVQyf8s
O2HMawac/+eFz9rFQLmurf7hJ7Fav3QCnM7sJe6yYh9n4ZYI+sTaC7ocDkcUxCmt
EgFQP+jB1nT9DyghHZLL/j7oKDOsoU8aGPq9m0ZmskAOjH4EusOQNsdOPivquQD6
kp/D6w2LNnFGxDlqr3xIrfbELmYhZivR7Gwv1wIDAQABAoIBAFVxwRDt1ui1BS/e
iG7JJ45sOJSWp3uLOKeTIpYo68GEEskOI5q5ELAJRwd9C00n+7uJ3gYYdez7u+wQ
B0chZ+ry2R3lOO4MV74rsrBRO/iITDmbajsZSYGqkiBzKnBUEfpv+I+ibnZqW7lA
HsVRgBVSXYuQ60L7o2CG1yAwY908ja1gyRi6QxFuaQv+SWMP2VpH24bLox9rmQZ2
xwTLViBHCdc9+IIHMAsJ84ViGu/oZ/wGlXTZMxgwsiCVS8tJ0ZjQT8QXZUnxj5yz
lJX6owzT1VfC/ZrbAms1lCQ4msVo6qX4QfA88JmW7y4YJrOEBINeJddO7TNyNMXC
o4xb28ECgYEA4f7A4NtYfNcl+FNRP3oOJBxc+V2fW5gSTYVMRlmE3UN6vvqpxLYe
BQATYjy66nPEFSvr72rbWaE3rmbdUyZJ0hXxgRvJsU9AYvg6Taw2/dLVf5xar6Di
VkVO+FqkX6eNuKnQfuqU55fHvSVnKiwpWZvoja86DpqdMW01srie9s8CgYEA8OUA
jheiEKjmzWfM8Bt0i0QpKf2+ga5u3XPd80spIWYnyZPLMYn4P4i7XAyKcuCEPm7+
sFvV0M6kiAx48ECffvQDDSpUxKi9h4JlPtF+A0w+U74fVu4rNHIIh5ZTPaDPRY2W
DztShe4rFNUygjYxqmsCqpH1ttZn6Ns3wI7/+HkCgYEAzrY/ZC0d1irQ/z/uXBpf
XuZWoHzjK1uAukmHx/1PyzdSyebrbBOMh9RW5o9YBOVY4GipSPe7pVMSZEKQhOLL
uQ77NLXfGYC9Cwm0AqHYNvkm8a9pP6XwASsqHX6DRT80IUmqfLxC8Ubimv7gSzHT
rLQv1ZEGkJ8Z00DqUgwO0v8CgYB6MA4aBM7FmIaJha8j0ylIQqiGjhiFes7tMQpR
j7wrHr/rtTWJySvMPjSauhm3rz4k1PQGzG4l3csC3yCw7HZ6VJb/pIsevWB1TaTB
Ok2qqo+qtnL7Cw+LKJQ/Afby+ZBo/SoyS6rOGEJt7L4T4h1LDcBqeGKj/Rjzuc4L
s/0OMQKBgQCkN2P07cPey72s5Lxsjg729OkwfyMRWUI72388tlI1FmmTefslQjXW
/DCGPDZkgVnB3MyBglTagZ0e8IwHzAyXtqS7uSz6sSwyZ05Y7kXf6uJLBNxG0nBE
j3qRHjGzcF175gemyoiO8LxjTC/pAcazQrgCmM3oEZukG9Q42MviIA==
MIIEpAIBAAKCAQEAyW/uunTnxdv0NT6c/NufrhsVaQyBh2j/h/xCoAxC2Wfnr9G1
G7B/RNvKfiIfO3lfoX7uvJDoDme3y6ZTd7mkqRu9erHf+Z8t9k/5vyUtIZ2XUWw9
Z70T6sRT8tRtcTPiVnhUQ2yUCdfLdQbfygd6fk0XaNmhGkIAtsK7E47/ODBG6Vic
iN7sZlGhEraDw7JEMoyOGeUihx0KiLkc6aOShzH/TqhUQJvqW3uGjLFARzgB+GLB
6/4Bq2VEiHRknAZ6LJ3FJehHPaxAXuHEX+67sonfqcCToQnl3pEgnEI8qhtnFcT1
koVLghoRbLbunZDKa0aZc8Mu1l6gnajJPWVZAQIDAQABAoIBABamUFiE1p7HyaDH
Bo3kAANqpjCmqFXad4kJ00/9sPKTHVkGom+Xm+fZMt6V5Z8hWaBmDmADhyQ/g0oR
zKbUp/Af32FRaNa/kEJ24aUdgAKcnqwYGJt2hivKoYnXWur0o4mHhCoEpmyo6Aaj
nDwyNRLIhk5S0iuKqlvib3iWhpoBmEnDE+0ydoBn1QHiiziFsGaAEi48CcXMpCHt
WDXXtCHndd8qb1PJ4ertDg+9lCyx1QGLM2ckfK1NoAx3VyAHFfz8dbDL8L3fTBP1
QTPTD4NcjShUHadKPc8K20jp21BWPLCMKUPoR2jPZmAyrN8Ka+IuWmlM2qsozO87
65/+GvUCgYEAy9H10i1v7GZ043T546Dt8beB+Gb/fiUOxZ1lpY1tvsFURqryHTAV
M7jhkgCe/YAQvm9pPz9ku88IxQIGNn9/URXFYyJgdTptaP0F5YOb+INYi+0TogCs
k28JGjnqEou7YyYwt2ehvcJuKq8Ue2dmsGq3lzdMEd/qWFn1U6f2cGsCgYEA/QHM
sG51KNLcufGLrErlFbasfB6Vdi8ui4+YdJMRYr3+hhIj1nqvTNLJcgkdEWcYwLm1
NpTXHdjyQCfseYT79M2HK/MBzxncJXgdoMb71LakZzIWc0Mx9oDg2BVj3TKBVIpZ
/XqiIIXNElqE6yT1Os+INr2Vyi0wOR3W3Uk5B0MCgYEAva3RtR1v8XKQCTXNcFdN
2QtMOx2vW3elPaby95Scs0873OAtnZgnwxCla7iEPao26uLH8YJPfrB3ms/9dC5H
D/DQ1ycg2Tfcpj4ChMtsFWQ2vVGOWc+Cy1okAHIxMb00UFs0LxqUXQJagAKbbxSV
bkyCOonNkzzs2/gr5QSExa0CgYEAwhZ2UsZ5pBaWcyJkNojB0nVvPkwr9hzdxPwk
RRFpHemIbotN6MP25KUzGgL5xJblOzt7U2K8303FEQhPdS1aJ4LfdgyWT6yT4D6T
4/mhyJ1P40ZeSI+8rVBSrBFEqbSL2DHGNRi1dOOP3MuJ+eVBJpt78Bph5VXjD33f
jaQVVocCgYA5L4p7EBuJ7/3IGk6lwIsxmB2SIsnQ+wQuZfirMHBm9zDiBHxPd5is
P5uPUVlponNDbtawPOmgP/IpfEQSQc+RC24R8GjAKzwkdoLcw2DubOKg842AI2+z
tWSWXcXQzLJo9L+tJ/70C/8yeBfYry6LmLBnCptY3r0FiaTndbOoGA==
-----END RSA PRIVATE KEY-----
32 changes: 16 additions & 16 deletions integration/fixtures/server-wildcard.crt
Original file line number Diff line number Diff line change
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
MIIEDzCCAvegAwIBAgIURS07kZUkWQknBcWAsV6hTZlsQ6YwDQYJKoZIhvcNAQEL
MIIEDzCCAvegAwIBAgIUNDzcFXOAhXxTYih49LOUFsErYIgwDQYJKoZIhvcNAQEL
BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzA4MjExMDE4MDBaFw0yNzA4MTkxMDE4
Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzA5MjkwNjU0MDBaFw0yNzA5MjcwNjU0
MDBaMHgxDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
ZWN1cml0eTEUMBIGA1UEAxMLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDffZw2JmSt4IWN4Ez0eOTPniGEJx6u7mDpBl2kwzfbpva4
ijz1I7tQNh2DGZjuttAkWtCORlQ+oO0gQNaLHvToPZoLKeshnbpI1RYYzwSnvvkH
zLZrj4zALMuEaiX9Z8I2PP03TYZytwikJ5ZCa1YT5aIQR/IZG4WCkhfDNqaItTlp
nFQDMx1RnEaK7z/fNKkf8p3n8DF/+P0TO8qeI3YrmUZ6u4ca8J0ZCnoSRXTOYroL
o0HqGFjV0ECrHEIbPtOYoJssCk2SWuaJd4HDGqJFlJdeDAaG2UumGlPAkuAHf2va
FJd7eHbuaDLWtDi1YYQ4103MEYwwRG8NARvQQnedAgMBAAGjgZkwgZYwDgYDVR0P
A4IBDwAwggEKAoIBAQDCE0C//qA88O5ivLTvjUO4RDJHfHAB8nanCxxz4Bu8Cucg
PnRpFetzI7YqO3jQadTDXOjYDp/frfB6ifQRS22Ggc98IWQ4V06B893wgac48tkF
m8tocD+wZ+eYoHN+1LU7JERTsKGwNtSm6G/KQp1d2r4ISg8GoB5KmHrOIHmKFbQH
7cLiB+pARKk52+JRrKHfezGr5PjNzdgUml7fcKQWoBfl4pdgIcfWIRhggscGytk2
BTO5qLJU/6jQNnLlyypMabv7vh22pbUWNdoK2KJRKqMzIYbPkLjDTVF+BgB6Nr5M
znPPTDaXuRsoRVPDghnVfur2ckLo26+4fzTwdYHLAgMBAAGjgZkwgZYwDgYDVR0P
AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
Af8EAjAAMB0GA1UdDgQWBBTThlDqYBWEcolK4U5GP3ZjZJAeujAfBgNVHSMEGDAW
gBRoJE96ipgtnKmI+iE2QhTKTCkYHDAXBgNVHREEEDAOggwqLmV0Y2QubG9jYWww
DQYJKoZIhvcNAQELBQADggEBAARV6YV+ksoqHZQifrmjyBk1HXsuJArC++h5xvGl
kBnY1J3lNYybRcEMQRMWuqyb5v47bjEiqErgLH+X/CPWcoAUjgWHIrcUIplJPjFf
aEM27L4MhfuIsi5HaKsBeJVaogHblCe3QleECE8WaJpuDjmOTth0EGviLy6xzk6W
Q9oNV4cXW2OwSMymdMbn41vjQaJdNFkBZkBa+ObaGou9xJEkjBZ/+CEpgQsmtNqq
hIQLli1WpITx+E2C2U1wQB+8vhA2xiwWq2aHuj/Umv+QpFL3CSqPh/NQY1I6NXpW
WGDhEeeB5/Nwq8VvtLWrqxO7fPRkzecwVZJ2CAXKqMXLBUA=
Af8EAjAAMB0GA1UdDgQWBBTRXWxQWNLQVwbMn5/MDsMJw17jWDAfBgNVHSMEGDAW
gBQX1uJJuwcyp2vAJIzR8oyOhdnDCTAXBgNVHREEEDAOggwqLmV0Y2QubG9jYWww
DQYJKoZIhvcNAQELBQADggEBAA5Z/HhcTnERJn08LXKjSzvhC1YL3yBlCF1vccXz
XshuMNF5VmpfMAwNIRhlH8x1aQyLoB56UGpF+Y91N/aqkTsjxmsrW8eJzGSIbC2n
ZE9IXqv4DdB3jWHMOr9v+5eXXdp/i2HcWBxqoUVT82NsObl/a7yQiVeKLdGdS2MJ
UQ5amLVgIgB2ADI3myESaBA5yPEFuFPDCEznKCFr/+iN23oYvjhFEuDpI4kNGuGu
No1ukQr5s+mmbkoKhHymc8ri/93H+lRCDOfN3IZJrejpI5Z3JtQplCVph+naF1oM
zSc2sGUYYStqciJJhw/270nTwhQ9LgNDmTSCvU8bX4rx/z4=
-----END CERTIFICATE-----
50 changes: 25 additions & 25 deletions integration/fixtures/server-wildcard.key.insecure
Original file line number Diff line number Diff line change
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA332cNiZkreCFjeBM9Hjkz54hhCceru5g6QZdpMM326b2uIo8
9SO7UDYdgxmY7rbQJFrQjkZUPqDtIEDWix706D2aCynrIZ26SNUWGM8Ep775B8y2
a4+MwCzLhGol/WfCNjz9N02GcrcIpCeWQmtWE+WiEEfyGRuFgpIXwzamiLU5aZxU
AzMdUZxGiu8/3zSpH/Kd5/Axf/j9EzvKniN2K5lGeruHGvCdGQp6EkV0zmK6C6NB
6hhY1dBAqxxCGz7TmKCbLApNklrmiXeBwxqiRZSXXgwGhtlLphpTwJLgB39r2hSX
e3h27mgy1rQ4tWGEONdNzBGMMERvDQEb0EJ3nQIDAQABAoIBAC1+p3cKd8JBi05n
U6MMnR96hD4frIpVslqdViC9MLjBE0Zbta79WBsq+PUAF/a4NkTAS+Y6gNnC7qJ7
MHFfmuFP8PTG0rukHRDId9gTBFKVeKJS1OuubCuOsttAtH0SSyG5Zp6EZJMjmVm5
SUg6C2q/ey8vRiRASvxaewXdMSdww1lYKrcBvz1zhDbDdnx8lBzkL9d8v6xQu6YV
R62qpn0j0T6FKsGQQcFc/CLKTYE00BBfMoAoVSxcpD6yO26uWzFrTj1JAnQPPZpX
awylWuOYOHhto54m95zbw7JLxZYgtLtZz7BUrJuSucKhMtUpWaUfK7QavXnRw57f
TyWtZMECgYEA6q9ByCK06zVaTCg54Fy5mIHmEdhSVx7F13ysW24XP0UCqwuO3xV5
j3ekQ/OZkmaxtH8qUSByUbblmpoeekOaUSggC8KiHLfNHQ2aAFEueWsryj/0yH7o
HYYijUhtKZ2MXEciOIrTBYXjtEIW1OXKHnoqCWVnsE/upn6pHjfh0FECgYEA88oU
KP4rXxXkQ/00fsT9ChpyARnLbHu2Df09560ddlzYEpJ0fpj4a0yR4Dv71tMHSkLI
IsmOSOMgmK9oAh7z72EpH2T4NYPr6lfnnFjCDHlA5/g6lmZ0quAtL8vhBLAFnofd
QyHqo7x2f9IsfgkKJrM0kmsHs3QfuDuyvB9rS40CgYEA1ZQX3sbPNbvBaMu3GFvq
wEN/mT/wd77WuGyLA05ms7rfWcDUDmwhzBJLGVhJq/Xvxd9xKJHJ2FoGDTQzhnud
pjxJJcrE9DPF5KnrPFylWfTRzmd0Iz9ziOL48PE3/4aVJanLGAAnWcBm4TbARpK1
5hSxywlRWyDzhOyChrC+vnECgYEA0K5jMW/Yam1P1w8Qd49h1tsqSVzuL695+GGV
MxKRzLbO0p8BDzkcNKT3nc1a1toPPHcL4BNOM4AQcAJ98orSXk96JwCEIzMIp7GV
ddTYTlsgvzBR3lpXdcmthGNt+1g9hyVftk57DquNd/7NzRkp0lTGJKtvjSJS4J5h
cf0nGCUCgYEApa0Va1GsR80Enf6U6HY9nwj2YtUYax7KtiZcD2ih+51cscphrOG7
pHUn6BxwndQsOdkT0YWB0uUYCIA1Yi9DKH9IB1H9HWr8ySU3Q4ngDwEWB5RK3lTE
4EAdnPWYymFIC0O2RLGxLe0q2S4zuzptdknKZkeWVJj/SdlC8ZzrJTA=
MIIEogIBAAKCAQEAwhNAv/6gPPDuYry0741DuEQyR3xwAfJ2pwscc+AbvArnID50
aRXrcyO2Kjt40GnUw1zo2A6f363weon0EUtthoHPfCFkOFdOgfPd8IGnOPLZBZvL
aHA/sGfnmKBzftS1OyREU7ChsDbUpuhvykKdXdq+CEoPBqAeSph6ziB5ihW0B+3C
4gfqQESpOdviUayh33sxq+T4zc3YFJpe33CkFqAX5eKXYCHH1iEYYILHBsrZNgUz
uaiyVP+o0DZy5csqTGm7+74dtqW1FjXaCtiiUSqjMyGGz5C4w01RfgYAeja+TM5z
z0w2l7kbKEVTw4IZ1X7q9nJC6NuvuH808HWBywIDAQABAoIBAEar7iM8HKu0bIqF
/zlQbr2WD90aQktjOLPhhu3nSRIzwjBqrcdqlP+rnHVKjNcQAstVdPDgenVgiLaG
r9rwZaTadmzUWANwP4VxAXvIKtXBEShKsEqKvZaGb76ThxtDZ+9uaHc1VduuS8ev
0q2LjnST6ClqlogqHH27gtS23KtcUzjFpZS2060+yOPof7xvTe0/qY6vHHqhdTTr
SnkUNfMs0sdhobUv2nAqIKdLV3DnUn3z5FbJqluUXIaxPnGghjUmWXl+NQNg6iwV
DX9tINTt4DsWnPWpC38x+4razj5NxOmdVouFyHHBW2NiZFkszds3hO2YBM1DTqUS
2b9RI5ECgYEA0W7s5YcqtzILR3SrlCGzqfeDrUv8YkVAq7Yuneb8O/jvCh85GbPU
RTeUTbQlh2D8znVtb5wwwA10NCUjBowUwy0LSGqz0uOwi/kQ9skIxNp9VEDlihw+
WUbt3seLA6mGd+u/ZVH0jb6rXgc5du7lxmTCPQ6WO9XNkYES6IAjpEkCgYEA7Toi
mOmrFuK7Xs1bxmqYXikmCA4/VeftCtUI6TQcaarRi+FpK7s9TkV3guI2wJKroCI3
F1aycy7rJnUDpHF+n8k8YDH92rA5cVw6KfQhianhT6pSeGw+nLaHjybfz0Rj0jvV
WrTcpIIlRbVGQ2gjNPx2hezIo8LDKKDafQJDDXMCgYApTcQgvFibSp5Y2FSiYUcq
pSrt+Ydr5haMBuEIuS5TsZOLHn9HZ2TcxcpUzMt9+I3DNfuAQICIz950DkLrHqNV
nsOT459VXxxJbrR+x0UYdbKz9ByQ8WMGfmuZPSdYcI2Zhv/3PoOJlOn9IFWf9BuS
1fpMylysrkzdfmQ5QFRHKQKBgD+uoIT+DVCqcvQjGqTsDpUQZMY61OPBy89hmu/H
bm0rTu9HBo2XyQBPA6MeCOavOOVW6gUY3/StvrBnLyAg24YXZl7IbMYdEn6M7IxA
nhQvh210YokzPaeiFEfofqJMUKOqLj8YWDbNPSY2YHNN7E2YDFUtWDsl2G/6pkxy
o/9jAoGAYEPMOLHdj5KnZvk7Dk0g0rfe6b35FBnWsHlkXegbMvRWWxbzO/drpJen
GQKEFBb7bVkUDNzDudyZLZ6UJfrZe8Gl80YKND2qC14fct2nqF4LaY5W06RqZeMf
VaPxzmsk0iElzD+fTYTaEEpUgBebV1Hr+lX6MFK8euSUYQKxkfg=
-----END RSA PRIVATE KEY-----
Loading

0 comments on commit 863dfd1

Please sign in to comment.