Skip to content

Commit

Permalink
[9.20] fix: usr: Use TLS for notifies if configured to do so
Browse files Browse the repository at this point in the history 
Notifies configured to use TLS will now be sent over TLS, instead of plaintext UDP or TCP.
Also, failing to load the TLS configuration for notify now also results in an error.

Closes #4821

Backport of MR !9407

Merge branch 'backport-4821-notify-over-tls-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9684
  • Loading branch information
@marka63
marka63 committed Oct 24, 2024
2 parents 09fb8e3 + a9faeb8 commit c1b82c1
Show file tree
Hide file tree
Showing 29 changed files with 899 additions and 10 deletions.
5 changes: 5 additions & 0 deletions .reuse/dep5
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,11 @@ Files: **/*.after*
bin/tests/system/masterfile/knowngood.include
bin/tests/system/masterfile/knowngood.ttl1
bin/tests/system/masterfile/knowngood.ttl2
bin/tests/system/notify/CA/CA.cfg
bin/tests/system/notify/CA/README
bin/tests/system/notify/CA/index.txt
bin/tests/system/notify/CA/index.txt.attr
bin/tests/system/notify/CA/serial
bin/tests/system/notify/ns4/named.port.in
bin/tests/system/nsupdate/CA/CA.cfg
bin/tests/system/nsupdate/CA/README
Expand Down
5 changes: 5 additions & 0 deletions bin/tests/system/notify/.gitignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# temporary files generated by "openssl ca"
/CA/*.old
# there is little point in keeping the certificate requests
# for the issued certificates
/CA/certs/*.csr
77 changes: 77 additions & 0 deletions bin/tests/system/notify/CA/CA.cfg
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
# See ../../doth/CA/ca.cfg for more information

# certificate authority configuration
[ca]
default_ca = CA_default # The default ca section

[CA_default]
dir = .
new_certs_dir = $dir/newcerts # new certs dir (must be created)
certificate = $dir/CA.pem # The CA cert
private_key = $dir/private/CA.key # CA private key

serial = $dir/serial # serial number file for the next certificate
# Update before issuing it:
# xxd -l 8 -u -ps /dev/urandom > ./serial
database = $dir/index.txt # (must be created manually: touch ./index.txt)

default_days = 1 # how long to certify for

#default_crl_days = 30 # the number of days before the
default_crl_days = 10950 # next CRL is due. That is the
# days from now to place in the
# CRL nextUpdate field. If CRL
# is expired, certificate
# verifications will fail even
# for otherwise valid
# certificates. Clients might
# cache the CRL, so the expiry
# period should normally be
# relatively short (default:
# 30) for production CAs.

default_md = sha256 # digest to use

policy = policy_default # default policy
email_in_dn = no # Don't add the email into cert DN

name_opt = ca_default # Subject name display option
cert_opt = ca_default # Certificate display option

# We need the following in order to copy Subject Alt Name(s) from a
# request to the certificate.
copy_extensions = copy # copy extensions from request

[policy_default]
countryName = optional
stateOrProvinceName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional

# default certificate requests settings
[req]
# Options for the `req` tool (`man req`).
default_bits = 3072 # for RSA only
distinguished_name = req_default
string_mask = utf8only
# SHA-1 is deprecated, so use SHA-256 instead.
default_md = sha256
# do not encrypt the private key file
encrypt_key = no

[req_default]
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
countryName = Country Name (2 letter code)
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (e.g., city)
0.organizationName = Organization Name (e.g., company)
organizationalUnitName = Organizational Unit Name (e.g. department)
commonName = Common Name (e.g. server FQDN or YOUR name)
emailAddress = Email Address
# defaults
countryName_default = UA
stateOrProvinceName_default = Kharkiv Oblast
localityName_default = Kharkiv
0.organizationName_default = ISC
organizationalUnitName_default = Software Engeneering (BIND 9)
29 changes: 29 additions & 0 deletions bin/tests/system/notify/CA/CA.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIE3TCCA0WgAwIBAgIUeZPKrvbGEBZaRc2jNczlIsJXyPYwDQYJKoZIhvcNAQEL
BQAwfTELMAkGA1UEBhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4G
A1UEBwwHS2hhcmtpdjEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0
aXVtMRwwGgYDVQQDDBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDEyNDEyNDA1
NFoYDzIwNTIwMTE3MTI0MDU0WjB9MQswCQYDVQQGEwJVQTEYMBYGA1UECAwPS2hh
cmtpdiBPYmxhc3QnMRAwDgYDVQQHDAdLaGFya2l2MSQwIgYDVQQKDBtJbnRlcm5l
dCBTeXN0ZW1zIENvbnNvcnRpdW0xHDAaBgNVBAMME2NhLnRlc3QuZXhhbXBsZS5j
b20wggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCi6hEegBzpUKbE1NTo
Z7uz7EMUY7TBckkiw/7ydTLKNa8YI4JpBguFvWQsDY0dGFJIoVwyHyNx3seW/LoI
B5zWPZ2xbOvLLceA+t2NZpbc98E7jUOVS123yED+nqlfZjCq9Zt0r/ezwnQtjnFF
ko1mcU4H9Jvg8aIgnU2AxE78zciU9CY8799pFFNThIjbooI8oVbfjbzbpmLzxjA5
3rDmZBTh+ySTlMa2U2oT4WPjRltZWnJVegRRLpG95GnTbQ1fkJAbj1Iu10XTkCee
wBOqaA1UJem0a6pby5odE414Y7c0ETKcmaJtYENQyO0IJwZWDKtVe5OTIAklakia
eyFTCAw1h5tHCYLaJW/Yu2wlLl5RNQcRZ9+cWXnldTY+TI1iBjfmADjLdKJYUlhX
z7kWJtTi63Sdv6WYcEXxaWpxT+R3e2kaR/R7GOo4gdkWpX1siGlRteHHH2/36CSQ
ZD2etcTUpGW+KDHFR4grnEfL1rt9UgvCjpa4KcssmZtWSSUCAwEAAaNTMFEwHQYD
VR0OBBYEFHyJ6Fzr5R9ySATFj/uSCJz1YCY5MB8GA1UdIwQYMBaAFHyJ6Fzr5R9y
SATFj/uSCJz1YCY5MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGB
AF3y0hvzyZWtmuG1JwIcOcc1aPl1KdRy8bao/5iHYGYYrsdDgcO5/e+y9S/izalc
TdW7SKB5iBOCiE8fBNtToCvGP+fxNxHijpAmTr37G5sWuSo1T1VYFizHWL+df/Ig
TcSvDrEjSnAwaEdNJUWtjoIC4VzNKTLtZf16QIATTzTZa3bfgSetpWS7LhLQbHod
CSGI2QB1LRbqGC+a1Y85QxHv81jWzPWPzXYvnOLrDdQyBMOBcxDzrN4b6zg+5Itz
qGYt+IS71jAH0IhxAyD/U5n1jGJv02BnSq0ynLEOD6gsnZjqAwPbt/PM9pGbtbXO
70Q9rxr+vQc1IISKAEiH3txaEPi10wU98d6LbInJvQrmgHo/ntet8skWNYuxlEzS
wvynuE9KvvQtOTodWt5AePtKrhHdxu527a4CHVp59nYUjKSdMKjvmhMRXM1cNjFE
rA/pyyhozR47w3RzHMJVHw2GJ2B/HeqmxpXr1CmJjoRP38QCR7N+mqiZy85Fq2j2
8Q==
-----END CERTIFICATE-----
2 changes: 2 additions & 0 deletions bin/tests/system/notify/CA/README
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
Please take a look at the contents of the CA.cfg file for further
instructions and configurations options.
6 changes: 6 additions & 0 deletions bin/tests/system/notify/CA/certs/srv02.crt01-expired.example.com.key
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBbu3hxycrhJ+msVeQ0
mNB/WkW7rxNr8Zi8iXLETgBJ40cJu0d/IA4jrJ4gvfwT82uhZANiAAT+AGZM20R/
AnlbmJOoZ4qHWgcPhEDIZ3+5rzIYpyL67adW2henRZ2s/ULMi/v/OpLYfuT8f1Ro
RHxhJUK0kpu1yx1R0mEI94kimw2Ocpnf2VHIksml+D8tEek0h0lczC0=
-----END PRIVATE KEY-----
76 changes: 76 additions & 0 deletions bin/tests/system/notify/CA/certs/srv02.crt01-expired.example.com.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c5:86:68:39:7b:1c:c4:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Sep 17 16:18:18 2024 GMT
Not After : Sep 18 16:18:18 2024 GMT
Subject: CN=srv02.crt01-expired.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:fe:00:66:4c:db:44:7f:02:79:5b:98:93:a8:67:
8a:87:5a:07:0f:84:40:c8:67:7f:b9:af:32:18:a7:
22:fa:ed:a7:56:da:17:a7:45:9d:ac:fd:42:cc:8b:
fb:ff:3a:92:d8:7e:e4:fc:7f:54:68:44:7c:61:25:
42:b4:92:9b:b5:cb:1d:51:d2:61:08:f7:89:22:9b:
0d:8e:72:99:df:d9:51:c8:92:c9:a5:f8:3f:2d:11:
e9:34:87:49:5c:cc:2d
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv02.crt01-expired.example.com, IP Address:10.53.0.2
X509v3 Subject Key Identifier:
03:4C:AC:DE:C0:A3:EB:04:56:1C:10:47:EB:C9:4D:1A:5F:FD:8E:A1
X509v3 Authority Key Identifier:
7C:89:E8:5C:EB:E5:1F:72:48:04:C5:8F:FB:92:08:9C:F5:60:26:39
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
25:33:d0:30:6e:60:5e:f3:29:e7:1d:36:83:4d:cd:06:d2:35:
df:80:76:25:e5:56:c6:e7:5f:cb:70:c8:30:da:a1:15:50:1b:
5d:e0:7b:01:60:47:32:ee:ea:98:cd:27:c2:2e:b8:d5:4a:2f:
76:7b:f1:0d:ff:c3:b3:74:f9:98:37:c1:07:85:04:55:8f:42:
25:b7:21:03:50:83:50:01:6a:88:84:bc:83:2c:48:3f:e5:96:
04:d7:b5:56:68:7c:fe:d9:06:e2:bc:f0:fd:47:fd:4b:4c:9b:
15:ca:ab:10:e4:8d:8f:b5:f7:dd:69:8c:9d:06:00:8f:80:5b:
30:a6:6c:31:d2:b8:4b:cf:10:2a:bf:64:fb:be:da:3f:e2:ee:
f1:6c:74:02:a7:c5:0c:e2:13:f1:54:63:a9:45:43:7b:b7:85:
a3:48:00:62:34:db:ac:a1:b6:b8:76:b9:d9:aa:17:a2:f9:0b:
96:87:ad:da:5e:95:50:2b:73:17:d7:2c:d0:43:40:e3:e9:80:
e2:87:be:1d:65:68:17:0d:90:98:0a:9b:6d:4f:2d:91:3e:f0:
16:4e:c0:c3:e7:a9:a6:e8:bf:8e:b6:d0:3b:72:e6:d9:9a:b3:
70:82:23:c1:02:c2:cc:91:d7:75:19:3c:79:33:ea:86:8d:80:
9a:6b:f2:93:b4:dc:22:19:11:82:3d:62:1d:e5:58:58:7f:50:
84:b0:d4:5a:67:be:d0:28:b0:be:a1:7f:9d:1b:a2:98:9b:70:
5a:c0:a8:c5:03:ec:de:8a:e2:ea:03:2d:4e:9f:6c:7d:d8:0e:
41:3c:58:df:3f:1e:4f:69:04:68:54:59:58:ef:dd:e3:32:b3:
2c:b4:cc:40:28:eb:3e:3b:37:fd:42:f7:d9:60:bf:fa:6d:87:
ca:ed:43:24:93:47:a8:bc:54:cc:c9:4d:ac:d0:b8:09:cb:85:
c3:02:55:73:bf:f0:ff:a3:fc:d2:d1:ae:ea:5a:96:6a:76:51:
fb:da:d9:ad:e4:cd
-----BEGIN CERTIFICATE-----
MIIDcDCCAdigAwIBAgIJAMWGaDl7HMSiMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV
BAYTAlVBMRgwFgYDVQQIDA9LaGFya2l2IE9ibGFzdCcxEDAOBgNVBAcMB0toYXJr
aXYxJDAiBgNVBAoMG0ludGVybmV0IFN5c3RlbXMgQ29uc29ydGl1bTEcMBoGA1UE
AwwTY2EudGVzdC5leGFtcGxlLmNvbTAeFw0yNDA5MTcxNjE4MThaFw0yNDA5MTgx
NjE4MThaMCoxKDAmBgNVBAMMH3NydjAyLmNydDAxLWV4cGlyZWQuZXhhbXBsZS5j
b20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT+AGZM20R/AnlbmJOoZ4qHWgcPhEDI
Z3+5rzIYpyL67adW2henRZ2s/ULMi/v/OpLYfuT8f1RoRHxhJUK0kpu1yx1R0mEI
94kimw2Ocpnf2VHIksml+D8tEek0h0lczC2jdDByMDAGA1UdEQQpMCeCH3NydjAy
LmNydDAxLWV4cGlyZWQuZXhhbXBsZS5jb22HBAo1AAIwHQYDVR0OBBYEFANMrN7A
o+sEVhwQR+vJTRpf/Y6hMB8GA1UdIwQYMBaAFHyJ6Fzr5R9ySATFj/uSCJz1YCY5
MA0GCSqGSIb3DQEBCwUAA4IBgQAlM9AwbmBe8ynnHTaDTc0G0jXfgHYl5VbG51/L
cMgw2qEVUBtd4HsBYEcy7uqYzSfCLrjVSi92e/EN/8OzdPmYN8EHhQRVj0IltyED
UINQAWqIhLyDLEg/5ZYE17VWaHz+2QbivPD9R/1LTJsVyqsQ5I2PtffdaYydBgCP
gFswpmwx0rhLzxAqv2T7vto/4u7xbHQCp8UM4hPxVGOpRUN7t4WjSABiNNusoba4
drnZqhei+QuWh63aXpVQK3MX1yzQQ0Dj6YDih74dZWgXDZCYCpttTy2RPvAWTsDD
56mm6L+OttA7cubZmrNwgiPBAsLMkdd1GTx5M+qGjYCaa/KTtNwiGRGCPWId5VhY
f1CEsNRaZ77QKLC+oX+dG6KYm3BawKjFA+zeiuLqAy1On2x92A5BPFjfPx5PaQRo
VFlY793jMrMstMxAKOs+Ozf9QvfZYL/6bYfK7UMkk0eovFTMyU2s0LgJy4XDAlVz
v/D/o/zS0a7qWpZqdlH72tmt5M0=
-----END CERTIFICATE-----
6 changes: 6 additions & 0 deletions bin/tests/system/notify/CA/certs/srv02.crt01.example.com.key
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAxARyCz9Aq5XQpE4SV
IKYvvz2K9IjosWKkcbxjh0rW62RGyi4c3pSo6so8tpvHXzmhZANiAAQ2bCdh34Lt
hA8MzF7BeZhYfvUODFH3fSSAJuRDMSaO02f294+E2Icy91W9AhFetSceZa0Dhldc
aVVaPVm3bhhjvLUGFImFmccFtNtQj/llRCbY9VFtbfXaY/Vq5243EAg=
-----END PRIVATE KEY-----
76 changes: 76 additions & 0 deletions bin/tests/system/notify/CA/certs/srv02.crt01.example.com.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c5:86:68:39:7b:1c:c4:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Sep 3 15:33:14 2024 GMT
Not After : Aug 27 15:33:14 2054 GMT
Subject: CN=srv02.crt01.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:36:6c:27:61:df:82:ed:84:0f:0c:cc:5e:c1:79:
98:58:7e:f5:0e:0c:51:f7:7d:24:80:26:e4:43:31:
26:8e:d3:67:f6:f7:8f:84:d8:87:32:f7:55:bd:02:
11:5e:b5:27:1e:65:ad:03:86:57:5c:69:55:5a:3d:
59:b7:6e:18:63:bc:b5:06:14:89:85:99:c7:05:b4:
db:50:8f:f9:65:44:26:d8:f5:51:6d:6d:f5:da:63:
f5:6a:e7:6e:37:10:08
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv02.crt01.example.com, IP Address:10.53.0.2
X509v3 Subject Key Identifier:
4C:A6:2B:5F:55:DF:2E:1E:FA:E8:C6:3F:05:25:20:69:BA:60:3B:E2
X509v3 Authority Key Identifier:
7C:89:E8:5C:EB:E5:1F:72:48:04:C5:8F:FB:92:08:9C:F5:60:26:39
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
1d:22:c4:60:42:9a:d8:ac:54:cf:77:be:17:d0:eb:b4:7d:44:
b1:ad:bf:53:0e:be:61:37:bf:7b:a6:78:7e:a0:3f:aa:21:cd:
09:3a:d4:41:b5:9f:31:a2:c9:db:df:94:a4:05:02:dd:98:04:
38:55:af:20:3a:4d:82:cd:37:0f:a5:b8:9c:dc:0d:f8:07:c9:
9d:8e:0a:4f:df:f1:8d:0c:53:9b:56:a2:35:7e:0a:3d:47:89:
ad:76:8f:6c:f5:15:0e:3f:05:af:fb:f8:97:97:a3:91:a6:cf:
22:04:c0:35:24:84:b4:e5:4d:c0:bf:e0:8d:8b:59:bf:71:2e:
c3:d8:8e:c9:9d:ba:0a:32:cb:0f:b8:b8:e3:91:f9:77:78:55:
17:9f:6e:09:d6:29:86:25:b6:0d:9b:52:b7:0a:75:f7:cd:09:
5d:04:83:9f:08:8f:eb:8c:23:73:e0:14:2b:be:ba:22:96:8f:
68:f8:c7:39:a7:44:9b:1d:ce:cb:eb:04:33:c0:da:b8:03:c0:
5b:7a:3c:a1:f5:28:92:93:06:f2:32:c3:38:fe:68:5d:64:21:
6e:3f:8b:80:f8:01:8f:19:5c:fa:13:6c:5e:27:55:19:70:87:
70:02:80:79:d2:37:d3:d9:05:b1:8e:50:37:24:f0:32:33:bb:
e9:f2:26:f8:19:92:d5:ad:2a:09:c1:b0:48:52:f4:e3:62:cd:
e1:b4:51:d9:0a:88:e3:fb:1e:c9:5c:a5:83:fe:30:9d:cf:83:
22:ba:1a:cd:c9:a9:e0:3d:cc:8d:f7:68:9e:17:a2:36:78:ab:
6f:01:de:20:a1:0d:a2:30:12:ee:45:14:b6:f7:c4:e4:d3:4e:
c7:0b:d7:14:b2:49:5c:f8:3a:fc:29:43:fa:97:d1:70:46:54:
c0:a9:c6:eb:f0:91:59:0e:24:8f:e5:38:79:38:fb:86:ab:3c:
b1:ea:d2:a3:4c:2c:e4:29:1a:03:da:54:a0:a6:73:ac:b4:c8:
02:5a:4c:38:e0:23
-----BEGIN CERTIFICATE-----
MIIDYjCCAcqgAwIBAgIJAMWGaDl7HMSfMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV
BAYTAlVBMRgwFgYDVQQIDA9LaGFya2l2IE9ibGFzdCcxEDAOBgNVBAcMB0toYXJr
aXYxJDAiBgNVBAoMG0ludGVybmV0IFN5c3RlbXMgQ29uc29ydGl1bTEcMBoGA1UE
AwwTY2EudGVzdC5leGFtcGxlLmNvbTAgFw0yNDA5MDMxNTMzMTRaGA8yMDU0MDgy
NzE1MzMxNFowIjEgMB4GA1UEAwwXc3J2MDIuY3J0MDEuZXhhbXBsZS5jb20wdjAQ
BgcqhkjOPQIBBgUrgQQAIgNiAAQ2bCdh34LthA8MzF7BeZhYfvUODFH3fSSAJuRD
MSaO02f294+E2Icy91W9AhFetSceZa0DhldcaVVaPVm3bhhjvLUGFImFmccFtNtQ
j/llRCbY9VFtbfXaY/Vq5243EAijbDBqMCgGA1UdEQQhMB+CF3NydjAyLmNydDAx
LmV4YW1wbGUuY29thwQKNQACMB0GA1UdDgQWBBRMpitfVd8uHvroxj8FJSBpumA7
4jAfBgNVHSMEGDAWgBR8iehc6+UfckgExY/7kgic9WAmOTANBgkqhkiG9w0BAQsF
AAOCAYEAHSLEYEKa2KxUz3e+F9DrtH1Esa2/Uw6+YTe/e6Z4fqA/qiHNCTrUQbWf
MaLJ29+UpAUC3ZgEOFWvIDpNgs03D6W4nNwN+AfJnY4KT9/xjQxTm1aiNX4KPUeJ
rXaPbPUVDj8Fr/v4l5ejkabPIgTANSSEtOVNwL/gjYtZv3Euw9iOyZ26CjLLD7i4
45H5d3hVF59uCdYphiW2DZtStwp1980JXQSDnwiP64wjc+AUK766IpaPaPjHOadE
mx3Oy+sEM8DauAPAW3o8ofUokpMG8jLDOP5oXWQhbj+LgPgBjxlc+hNsXidVGXCH
cAKAedI309kFsY5QNyTwMjO76fIm+BmS1a0qCcGwSFL042LN4bRR2QqI4/seyVyl
g/4wnc+DIroazcmp4D3MjfdonheiNnirbwHeIKENojAS7kUUtvfE5NNOxwvXFLJJ
XPg6/ClD+pfRcEZUwKnG6/CRWQ4kj+U4eTj7hqs8serSo0ws5CkaA9pUoKZzrLTI
AlpMOOAj
-----END CERTIFICATE-----
6 changes: 6 additions & 0 deletions bin/tests/system/notify/CA/certs/srv03.crt01.example.com.key
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAEmVA9V00diOvZfEJV
N7piEbfN7fULRHWg2k4g7V2Ivpn9LfBsaYh5+Acf271G0mKhZANiAAQSbFty27Ro
RO7BPZFI9yM5V64xIUGMe4o4LYBA6cKhFFCVO0fX6h6bO0wgh2fCgYbWOq2X6Q1X
/x36gVJCzgXSBXPNktdMIxki9cttREvXo1cmELKl/n+PXDgxcbg/RbM=
-----END PRIVATE KEY-----
76 changes: 76 additions & 0 deletions bin/tests/system/notify/CA/certs/srv03.crt01.example.com.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c5:86:68:39:7b:1c:c4:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Sep 3 15:33:18 2024 GMT
Not After : Aug 27 15:33:18 2054 GMT
Subject: CN=srv03.crt01.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:12:6c:5b:72:db:b4:68:44:ee:c1:3d:91:48:f7:
23:39:57:ae:31:21:41:8c:7b:8a:38:2d:80:40:e9:
c2:a1:14:50:95:3b:47:d7:ea:1e:9b:3b:4c:20:87:
67:c2:81:86:d6:3a:ad:97:e9:0d:57:ff:1d:fa:81:
52:42:ce:05:d2:05:73:cd:92:d7:4c:23:19:22:f5:
cb:6d:44:4b:d7:a3:57:26:10:b2:a5:fe:7f:8f:5c:
38:31:71:b8:3f:45:b3
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv03.crt01.example.com, IP Address:10.53.0.3
X509v3 Subject Key Identifier:
6A:4F:85:19:52:0E:08:29:28:1B:96:53:84:97:0E:AA:35:C3:96:27
X509v3 Authority Key Identifier:
7C:89:E8:5C:EB:E5:1F:72:48:04:C5:8F:FB:92:08:9C:F5:60:26:39
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
62:05:bb:62:4e:2a:6a:46:00:49:3e:83:b3:a7:ff:40:68:02:
36:06:1f:e7:c9:47:db:72:09:be:78:bc:e6:c5:b4:8c:51:7c:
d5:93:06:ec:24:ad:11:a7:32:16:3a:55:79:a3:ab:4c:68:10:
78:f2:e8:24:b3:c0:9c:3a:cd:11:45:7a:22:37:3e:a3:9d:5d:
3e:ed:91:bd:58:04:2d:f6:6d:2e:0f:61:1d:4f:ab:d7:47:11:
1b:c7:06:9d:1d:2d:df:85:93:fa:08:dc:27:32:3a:70:37:61:
7a:58:95:0a:ca:62:ea:28:64:a1:2d:37:0e:7d:f9:0a:6c:71:
23:20:6a:5d:2d:6b:f2:fe:23:f8:7b:89:51:21:e3:dd:2d:52:
e7:a3:bc:b9:62:86:65:21:de:90:6a:66:f8:ef:25:aa:da:e5:
b7:5f:f1:8e:ab:2d:5a:50:5f:b8:98:8a:00:d0:7b:e3:51:ec:
d8:a5:67:ee:2a:93:b5:62:84:9b:f5:c7:cd:72:de:53:99:a8:
45:b3:f6:4c:31:58:f2:5c:cd:a3:ec:f1:1c:3a:29:cf:8e:b8:
60:ba:c3:cd:d9:7d:bd:9a:b0:41:b3:dd:fb:37:0f:56:54:5b:
5e:99:d1:a7:58:57:ac:9e:52:c5:74:3e:c2:df:72:82:07:bf:
b2:48:87:9e:16:d8:03:3b:3b:a2:0a:03:55:83:69:44:f2:14:
c8:6b:50:20:89:85:16:b4:be:c6:6c:42:91:00:09:d7:55:9f:
c3:0c:9b:5f:58:bf:43:9d:42:ca:f3:25:1f:d8:f4:b2:87:86:
a8:59:60:e9:53:23:2e:27:e8:97:02:d6:a6:91:9a:81:fb:28:
e4:47:86:c3:3a:55:ca:f0:24:1f:be:dd:00:d3:db:6a:20:5c:
a3:b0:7a:5f:d9:a7:9b:35:f7:23:c7:2b:9d:98:f9:5c:89:5a:
6d:d4:ed:1c:d7:ec:40:0c:b0:c2:92:24:4b:78:a1:ab:7e:27:
cf:19:2c:ec:3a:77
-----BEGIN CERTIFICATE-----
MIIDYjCCAcqgAwIBAgIJAMWGaDl7HMSgMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV
BAYTAlVBMRgwFgYDVQQIDA9LaGFya2l2IE9ibGFzdCcxEDAOBgNVBAcMB0toYXJr
aXYxJDAiBgNVBAoMG0ludGVybmV0IFN5c3RlbXMgQ29uc29ydGl1bTEcMBoGA1UE
AwwTY2EudGVzdC5leGFtcGxlLmNvbTAgFw0yNDA5MDMxNTMzMThaGA8yMDU0MDgy
NzE1MzMxOFowIjEgMB4GA1UEAwwXc3J2MDMuY3J0MDEuZXhhbXBsZS5jb20wdjAQ
BgcqhkjOPQIBBgUrgQQAIgNiAAQSbFty27RoRO7BPZFI9yM5V64xIUGMe4o4LYBA
6cKhFFCVO0fX6h6bO0wgh2fCgYbWOq2X6Q1X/x36gVJCzgXSBXPNktdMIxki9ctt
REvXo1cmELKl/n+PXDgxcbg/RbOjbDBqMCgGA1UdEQQhMB+CF3NydjAzLmNydDAx
LmV4YW1wbGUuY29thwQKNQADMB0GA1UdDgQWBBRqT4UZUg4IKSgbllOElw6qNcOW
JzAfBgNVHSMEGDAWgBR8iehc6+UfckgExY/7kgic9WAmOTANBgkqhkiG9w0BAQsF
AAOCAYEAYgW7Yk4qakYAST6Ds6f/QGgCNgYf58lH23IJvni85sW0jFF81ZMG7CSt
EacyFjpVeaOrTGgQePLoJLPAnDrNEUV6Ijc+o51dPu2RvVgELfZtLg9hHU+r10cR
G8cGnR0t34WT+gjcJzI6cDdheliVCspi6ihkoS03Dn35CmxxIyBqXS1r8v4j+HuJ
USHj3S1S56O8uWKGZSHekGpm+O8lqtrlt1/xjqstWlBfuJiKANB741Hs2KVn7iqT
tWKEm/XHzXLeU5moRbP2TDFY8lzNo+zxHDopz464YLrDzdl9vZqwQbPd+zcPVlRb
XpnRp1hXrJ5SxXQ+wt9ygge/skiHnhbYAzs7ogoDVYNpRPIUyGtQIImFFrS+xmxC
kQAJ11WfwwybX1i/Q51CyvMlH9j0soeGqFlg6VMjLifolwLWppGagfso5EeGwzpV
yvAkH77dANPbaiBco7B6X9mnmzX3I8crnZj5XIlabdTtHNfsQAywwpIkS3ihq34n
zxks7Dp3
-----END CERTIFICATE-----
3 changes: 3 additions & 0 deletions bin/tests/system/notify/CA/index.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
V 20540827153314Z C58668397B1CC49F unknown /CN=srv02.crt01.example.com
V 20540827153318Z C58668397B1CC4A0 unknown /CN=srv03.crt01.example.com
V 240918161818Z C58668397B1CC4A2 unknown /CN=srv02.crt01-expired.example.com
1 change: 1 addition & 0 deletions bin/tests/system/notify/CA/index.txt.attr
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
unique_subject = yes
Loading

0 comments on commit c1b82c1

Please sign in to comment.