From b00ae2ac695569966ce0de06c0bf4149d727afcf Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Wed, 29 May 2024 15:55:17 -0700 Subject: [PATCH 1/9] Initial implementation of max limits on number of alternative names and name constraints --- certs/test/cert-too-many-name-constraints.pem | 59 ++++ tests/api.c | 293 ++++++++++++++++++ wolfcrypt/src/asn.c | 30 +- wolfssl/wolfcrypt/asn.h | 8 + 4 files changed, 386 insertions(+), 4 deletions(-) create mode 100644 certs/test/cert-too-many-name-constraints.pem diff --git a/certs/test/cert-too-many-name-constraints.pem b/certs/test/cert-too-many-name-constraints.pem new file mode 100644 index 0000000000..30ee2b8881 --- /dev/null +++ b/certs/test/cert-too-many-name-constraints.pem @@ -0,0 +1,59 @@ +-----BEGIN CERTIFICATE----- +MIIKqTCCCZGgAwIBAgIUFFokI9Yd3KH+eqBsRLhoud4uIc8wDQYJKoZIhvcNAQEL +BQAwgY8xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOWTERMA8GA1UEBwwITmV3IFlv +cmsxGDAWBgNVBAoMD0ZvbyBDb21wYW55IExMQzEcMBoGA1UEAwwTZm9vLWNvbXBh +bnktbGxjLmNvbTEoMCYGCSqGSIb3DQEJARYZYWRtaW5AZm9vLWNvbXBhbnktbGxj +LmNvbTAeFw0yNDA1MjkyMjI2NDhaFw0yNDA2MjgyMjI2NDhaMIGPMQswCQYDVQQG +EwJVUzELMAkGA1UECAwCTlkxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9G +b28gQ29tcGFueSBMTEMxHDAaBgNVBAMME2Zvby1jb21wYW55LWxsYy5jb20xKDAm +BgkqhkiG9w0BCQEWGWFkbWluQGZvby1jb21wYW55LWxsYy5jb20wggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSzHEKxR2tQ8ykY1j0zW3oOmwBgFAPNgyJ +oODAdBKqVCXb2P8UQ1zAaQzZeJj6GS96e6eyBUDGOLtb9V4EcSxtY/KBUEWoYp+7 +UKu4BYOIkzLMxjmea9BLXHM8j4GpD7gSruqlksELXh8xtVUfuABW7gzARJ34dugt +oQjmdT5DkImtt4jr+RwNZ8/XKtATZLcidhfOJJLjSXFz7ZUDzsA3P7eGiUgtlSQl +3Xrxi95FIpuk+YsKKFpNZPo+wmjYBLZG6752sNrizELVcU1WII8lc6ydduZpgJ8C +9oWGMFVYoWe8mAAmBYPc/kZZYenSAcpAwyO/qKjK34/jQfc538JNAgMBAAGjggb5 +MIIG9TAPBgNVHRMBAf8EBTADAQH/MIIGwQYDVR0eBIIGuDCCBrSgggawMAqCCC5l +eDEuY29tMAqCCC5leDIuY29tMAqCCC5leDMuY29tMAqCCC5leDQuY29tMAqCCC5l +eDUuY29tMAqCCC5leDYuY29tMAqCCC5leDcuY29tMAqCCC5leDguY29tMAqCCC5l +eDkuY29tMAuCCS5leDEwLmNvbTALggkuZXgxMS5jb20wC4IJLmV4MTIuY29tMAuC +CS5leDEzLmNvbTALggkuZXgxNC5jb20wC4IJLmV4MTUuY29tMAuCCS5leDE2LmNv +bTALggkuZXgxNy5jb20wC4IJLmV4MTguY29tMAuCCS5leDE5LmNvbTALggkuZXgy +MC5jb20wC4IJLmV4MjEuY29tMAuCCS5leDIyLmNvbTALggkuZXgyMy5jb20wC4IJ +LmV4MjQuY29tMAuCCS5leDI1LmNvbTALggkuZXgyNi5jb20wC4IJLmV4MjcuY29t +MAuCCS5leDI4LmNvbTALggkuZXgyOS5jb20wC4IJLmV4MzAuY29tMAuCCS5leDMx +LmNvbTALggkuZXgzMi5jb20wC4IJLmV4MzMuY29tMAuCCS5leDM0LmNvbTALggku +ZXgzNS5jb20wC4IJLmV4MzYuY29tMAuCCS5leDM3LmNvbTALggkuZXgzOC5jb20w +C4IJLmV4MzkuY29tMAuCCS5leDQwLmNvbTALggkuZXg0MS5jb20wC4IJLmV4NDIu +Y29tMAuCCS5leDQzLmNvbTALggkuZXg0NC5jb20wC4IJLmV4NDUuY29tMAuCCS5l +eDQ2LmNvbTALggkuZXg0Ny5jb20wC4IJLmV4NDguY29tMAuCCS5leDQ5LmNvbTAL +ggkuZXg1MC5jb20wC4IJLmV4NTEuY29tMAuCCS5leDUyLmNvbTALggkuZXg1My5j +b20wC4IJLmV4NTQuY29tMAuCCS5leDU1LmNvbTALggkuZXg1Ni5jb20wC4IJLmV4 +NTcuY29tMAuCCS5leDU4LmNvbTALggkuZXg1OS5jb20wC4IJLmV4NjAuY29tMAuC +CS5leDYxLmNvbTALggkuZXg2Mi5jb20wC4IJLmV4NjMuY29tMAuCCS5leDY0LmNv +bTALggkuZXg2NS5jb20wC4IJLmV4NjYuY29tMAuCCS5leDY3LmNvbTALggkuZXg2 +OC5jb20wC4IJLmV4NjkuY29tMAuCCS5leDcwLmNvbTALggkuZXg3MS5jb20wC4IJ +LmV4NzIuY29tMAuCCS5leDczLmNvbTALggkuZXg3NC5jb20wC4IJLmV4NzUuY29t +MAuCCS5leDc2LmNvbTALggkuZXg3Ny5jb20wC4IJLmV4NzguY29tMAuCCS5leDc5 +LmNvbTALggkuZXg4MC5jb20wC4IJLmV4ODEuY29tMAuCCS5leDgyLmNvbTALggku +ZXg4My5jb20wC4IJLmV4ODQuY29tMAuCCS5leDg1LmNvbTALggkuZXg4Ni5jb20w +C4IJLmV4ODcuY29tMAuCCS5leDg4LmNvbTALggkuZXg4OS5jb20wC4IJLmV4OTAu +Y29tMAuCCS5leDkxLmNvbTALggkuZXg5Mi5jb20wC4IJLmV4OTMuY29tMAuCCS5l +eDk0LmNvbTALggkuZXg5NS5jb20wC4IJLmV4OTYuY29tMAuCCS5leDk3LmNvbTAL +ggkuZXg5OC5jb20wC4IJLmV4OTkuY29tMAyCCi5leDEwMC5jb20wDIIKLmV4MTAx +LmNvbTAMggouZXgxMDIuY29tMAyCCi5leDEwMy5jb20wDIIKLmV4MTA0LmNvbTAM +ggouZXgxMDUuY29tMAyCCi5leDEwNi5jb20wDIIKLmV4MTA3LmNvbTAMggouZXgx +MDguY29tMAyCCi5leDEwOS5jb20wDIIKLmV4MTEwLmNvbTAMggouZXgxMTEuY29t +MAyCCi5leDExMi5jb20wDIIKLmV4MTEzLmNvbTAMggouZXgxMTQuY29tMAyCCi5l +eDExNS5jb20wDIIKLmV4MTE2LmNvbTAMggouZXgxMTcuY29tMAyCCi5leDExOC5j +b20wDIIKLmV4MTE5LmNvbTAMggouZXgxMjAuY29tMAyCCi5leDEyMS5jb20wDIIK +LmV4MTIyLmNvbTAMggouZXgxMjMuY29tMAyCCi5leDEyNC5jb20wDIIKLmV4MTI1 +LmNvbTAMggouZXgxMjYuY29tMAyCCi5leDEyNy5jb20wDIIKLmV4MTI4LmNvbTAM +ggouZXgxMjkuY29tMAyCCi5leDEzMC5jb20wHQYDVR0OBBYEFJvjzAGexe5bKTQ1 +CMkebDRYUHXAMA0GCSqGSIb3DQEBCwUAA4IBAQB/5AdXGRIgVuwQBvU/CGMuMFwv +lx62SLuzAKSVMmX08Odpuh0CnGeWBonmu5rZWOqYAwTRypZxksf1Ke0eVp8bRAiR +lMo0iFNm90deH8pPC/jSuH5OGV77F+kQAqHcnCP4unZVzq+XRDLiHEAsyAOjGx8o +9mO9DwzFa1KK8jvCYkNUkgHa9Xow6ExlJ/UJCuG0nvFDXcG4VUcFSSR3zTTOg970 +kcoMOLfPNvFQ/+UPT/XwgySuauHdt38xoBdL3BjdOIU6WWVplg14fiwKg8ut9ZQH +HYDIkDks1kiG9W9tg+9YeG/taUtcCtSfs2NdCmOHJOFHulvqI+A2ADQWgDH9 +-----END CERTIFICATE----- diff --git a/tests/api.c b/tests/api.c index 785924a16a..60706f35f0 100644 --- a/tests/api.c +++ b/tests/api.c @@ -41261,6 +41261,297 @@ static int test_wolfSSL_X509_bad_altname(void) return EXPECT_RESULT(); } +static int test_wolfSSL_X509_max_altnames(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) + + /* Only test if max alt names has not been modified */ +#if WOLFSSL_MAX_ALT_NAMES == 128 + /* A certificate encoded with 130 subject alternative names */ + const unsigned char too_many_altnames_cert[] = { + 0x30, 0x82, 0x0b, 0x98, 0x30, 0x82, 0x0a, 0x80, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x14, 0x62, 0x32, 0xa6, 0x54, 0x73, 0x2f, 0xdb, 0x7d, 0x49, + 0x40, 0x69, 0xc0, 0x5a, 0x9b, 0x60, 0xfe, 0x04, 0x4f, 0x02, 0xd5, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + 0x05, 0x00, 0x30, 0x81, 0x8f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x02, 0x4e, 0x59, 0x31, 0x11, 0x30, 0x0f, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0c, 0x08, 0x4e, 0x65, 0x77, 0x20, 0x59, 0x6f, + 0x72, 0x6b, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x0f, 0x46, 0x6f, 0x6f, 0x20, 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, + 0x20, 0x4c, 0x4c, 0x43, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0c, 0x13, 0x66, 0x6f, 0x6f, 0x2d, 0x63, 0x6f, 0x6d, 0x70, 0x61, + 0x6e, 0x79, 0x2d, 0x6c, 0x6c, 0x63, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x28, + 0x30, 0x26, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, + 0x01, 0x16, 0x19, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x40, 0x66, 0x6f, 0x6f, + 0x2d, 0x63, 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x2d, 0x6c, 0x6c, 0x63, + 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, + 0x32, 0x39, 0x32, 0x30, 0x32, 0x31, 0x34, 0x31, 0x5a, 0x17, 0x0d, 0x32, + 0x34, 0x30, 0x36, 0x32, 0x38, 0x32, 0x30, 0x32, 0x31, 0x34, 0x31, 0x5a, + 0x30, 0x81, 0x8f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0c, 0x02, 0x4e, 0x59, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, + 0x04, 0x07, 0x0c, 0x08, 0x4e, 0x65, 0x77, 0x20, 0x59, 0x6f, 0x72, 0x6b, + 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0f, 0x46, + 0x6f, 0x6f, 0x20, 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x20, 0x4c, + 0x4c, 0x43, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, + 0x13, 0x66, 0x6f, 0x6f, 0x2d, 0x63, 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, + 0x2d, 0x6c, 0x6c, 0x63, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x28, 0x30, 0x26, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, + 0x19, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x40, 0x66, 0x6f, 0x6f, 0x2d, 0x63, + 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x2d, 0x6c, 0x6c, 0x63, 0x2e, 0x63, + 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, + 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc2, + 0xe2, 0xb9, 0x35, 0x6e, 0x70, 0x84, 0xd3, 0xf7, 0x1e, 0xac, 0x18, 0x86, + 0x51, 0xaf, 0xbd, 0xa2, 0x77, 0xfb, 0x1c, 0x18, 0x54, 0x64, 0xbf, 0x69, + 0xc7, 0x35, 0x3d, 0xa1, 0xf6, 0x1a, 0xa5, 0xc7, 0x4c, 0xac, 0xd6, 0x48, + 0xb3, 0xdc, 0xac, 0xe6, 0xbb, 0x10, 0x54, 0x42, 0xd2, 0xfe, 0xea, 0x14, + 0x94, 0x6a, 0xad, 0x7c, 0xa3, 0x2c, 0x46, 0x44, 0x50, 0x78, 0x01, 0x9c, + 0xb3, 0xaa, 0x05, 0x4e, 0xdb, 0xc1, 0x12, 0xd1, 0x6a, 0x03, 0x10, 0x4d, + 0x8d, 0x0a, 0xaf, 0x79, 0x7d, 0x19, 0xce, 0xde, 0xf2, 0x7a, 0xa7, 0xcd, + 0x11, 0x92, 0x89, 0xa7, 0x80, 0xf2, 0x16, 0xc7, 0xac, 0x6e, 0xa3, 0xec, + 0x47, 0x9e, 0xfb, 0x42, 0xe7, 0x23, 0x28, 0x24, 0x7f, 0x5b, 0xe8, 0xd4, + 0x15, 0x5d, 0xfc, 0xa5, 0xb8, 0x0f, 0x04, 0x14, 0xd7, 0xfd, 0x89, 0x80, + 0xcf, 0x77, 0x3b, 0xd5, 0xa0, 0x1e, 0x76, 0xcf, 0x94, 0x9c, 0xb6, 0xc2, + 0x6a, 0x56, 0x5a, 0x04, 0xe1, 0x74, 0x3f, 0x6b, 0x93, 0xe5, 0x7a, 0xf0, + 0x1e, 0x63, 0x02, 0xb4, 0x8a, 0x19, 0x56, 0x55, 0x19, 0xeb, 0x20, 0x5b, + 0x71, 0xef, 0x44, 0x83, 0x6d, 0xbb, 0x78, 0x13, 0x58, 0xb3, 0x2b, 0xe5, + 0xa7, 0x3d, 0xf3, 0x73, 0xa2, 0x53, 0xe8, 0xa4, 0xb2, 0xf2, 0xd6, 0x2d, + 0xab, 0x71, 0x94, 0x2e, 0x0d, 0x77, 0x80, 0x41, 0xab, 0xe8, 0x87, 0xc3, + 0x29, 0xb1, 0x08, 0x35, 0x38, 0xcd, 0x50, 0x1d, 0x52, 0x04, 0xed, 0xe5, + 0x99, 0xf9, 0x2f, 0xe2, 0x70, 0xae, 0x73, 0x27, 0x2d, 0xa6, 0x73, 0xf8, + 0x7f, 0x28, 0x7a, 0x8a, 0x8e, 0x67, 0x39, 0xd9, 0xa2, 0xfc, 0x27, 0x55, + 0x77, 0xc3, 0x00, 0x77, 0x0a, 0x9e, 0x12, 0xca, 0x99, 0x0a, 0xa5, 0x62, + 0x5e, 0xdc, 0x5f, 0x4d, 0x01, 0x67, 0xd2, 0xa4, 0xbd, 0x74, 0xb1, 0x83, + 0x11, 0x21, 0x27, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x07, 0xe8, + 0x30, 0x82, 0x07, 0xe4, 0x30, 0x82, 0x07, 0xc1, 0x06, 0x03, 0x55, 0x1d, + 0x11, 0x04, 0x82, 0x07, 0xb8, 0x30, 0x82, 0x07, 0xb4, 0x82, 0x0c, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x2e, 0x63, 0x6f, 0x6d, 0x82, + 0x0c, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x32, 0x2e, 0x63, 0x6f, + 0x6d, 0x82, 0x0c, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x33, 0x2e, + 0x63, 0x6f, 0x6d, 0x82, 0x0c, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x34, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0c, 0x65, 0x78, 0x61, 0x6d, 0x70, + 0x6c, 0x65, 0x35, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0c, 0x65, 0x78, 0x61, + 0x6d, 0x70, 0x6c, 0x65, 0x36, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0c, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x37, 0x2e, 0x63, 0x6f, 0x6d, 0x82, + 0x0c, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x38, 0x2e, 0x63, 0x6f, + 0x6d, 0x82, 0x0c, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x39, 0x2e, + 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x31, 0x30, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x31, 0x31, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x32, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x33, 0x2e, + 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x31, 0x34, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x31, 0x35, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x36, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x37, 0x2e, + 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x31, 0x38, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x31, 0x39, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x32, 0x30, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x32, 0x31, 0x2e, + 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x32, 0x32, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x32, 0x33, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x32, 0x34, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x32, 0x35, 0x2e, + 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x32, 0x36, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x32, 0x37, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x32, 0x38, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x32, 0x39, 0x2e, + 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x33, 0x30, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x33, 0x31, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x33, 0x32, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x33, 0x33, 0x2e, + 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x33, 0x34, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x33, 0x35, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x33, 0x36, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x33, 0x37, 0x2e, + 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x33, 0x38, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x33, 0x39, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x34, 0x30, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x34, 0x31, 0x2e, + 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x34, 0x32, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x34, 0x33, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x34, 0x34, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x34, 0x35, 0x2e, + 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x34, 0x36, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x34, 0x37, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x34, 0x38, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x34, 0x39, 0x2e, + 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x35, 0x30, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x35, 0x31, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x35, 0x32, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x35, 0x33, 0x2e, + 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x35, 0x34, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x35, 0x35, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x35, 0x36, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x35, 0x37, 0x2e, + 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x35, 0x38, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x35, 0x39, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x36, 0x30, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x36, 0x31, 0x2e, + 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x36, 0x32, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x36, 0x33, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x36, 0x34, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x36, 0x35, 0x2e, + 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x36, 0x36, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x36, 0x37, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x36, 0x38, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x36, 0x39, 0x2e, + 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x37, 0x30, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x37, 0x31, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x37, 0x32, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x37, 0x33, 0x2e, + 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x37, 0x34, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x37, 0x35, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x37, 0x36, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x37, 0x37, 0x2e, + 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x37, 0x38, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x37, 0x39, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x38, 0x30, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x38, 0x31, 0x2e, + 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x38, 0x32, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x38, 0x33, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x38, 0x34, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x38, 0x35, 0x2e, + 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x38, 0x36, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x38, 0x37, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x38, 0x38, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x38, 0x39, 0x2e, + 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x39, 0x30, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x39, 0x31, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x39, 0x32, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x39, 0x33, 0x2e, + 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x39, 0x34, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x39, 0x35, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x39, 0x36, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x39, 0x37, 0x2e, + 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x39, 0x38, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x39, 0x39, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x30, 0x30, 0x2e, 0x63, 0x6f, + 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x30, + 0x31, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, + 0x6c, 0x65, 0x31, 0x30, 0x32, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x30, 0x33, 0x2e, 0x63, 0x6f, + 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x30, + 0x34, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, + 0x6c, 0x65, 0x31, 0x30, 0x35, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x30, 0x36, 0x2e, 0x63, 0x6f, + 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x30, + 0x37, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, + 0x6c, 0x65, 0x31, 0x30, 0x38, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x30, 0x39, 0x2e, 0x63, 0x6f, + 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x31, + 0x30, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, + 0x6c, 0x65, 0x31, 0x31, 0x31, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x31, 0x32, 0x2e, 0x63, 0x6f, + 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x31, + 0x33, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, + 0x6c, 0x65, 0x31, 0x31, 0x34, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x31, 0x35, 0x2e, 0x63, 0x6f, + 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x31, + 0x36, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, + 0x6c, 0x65, 0x31, 0x31, 0x37, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x31, 0x38, 0x2e, 0x63, 0x6f, + 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x31, + 0x39, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, + 0x6c, 0x65, 0x31, 0x32, 0x30, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x32, 0x31, 0x2e, 0x63, 0x6f, + 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x32, + 0x32, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, + 0x6c, 0x65, 0x31, 0x32, 0x33, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x32, 0x34, 0x2e, 0x63, 0x6f, + 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x32, + 0x35, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, + 0x6c, 0x65, 0x31, 0x32, 0x36, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x32, 0x37, 0x2e, 0x63, 0x6f, + 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x32, + 0x38, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, + 0x6c, 0x65, 0x31, 0x32, 0x39, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x33, 0x30, 0x2e, 0x63, 0x6f, + 0x6d, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, + 0xae, 0xe3, 0xd3, 0x4e, 0x2c, 0x04, 0x01, 0xa7, 0xb1, 0xdc, 0x6d, 0xe4, + 0x93, 0xb0, 0x79, 0xf5, 0xdc, 0x73, 0xd8, 0x94, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x01, 0x00, 0x8f, 0xd3, 0x2b, 0x5d, 0x4b, 0x74, 0x7c, 0x4f, + 0x37, 0x73, 0x55, 0x92, 0x12, 0xf0, 0x7f, 0xb7, 0x33, 0x50, 0xae, 0x95, + 0xaa, 0x23, 0x10, 0xb4, 0xe7, 0xa3, 0xde, 0xd4, 0x51, 0x19, 0xc1, 0xcb, + 0x98, 0x72, 0xad, 0x7e, 0x3b, 0x65, 0x26, 0xe2, 0x82, 0x44, 0xf4, 0xde, + 0x1d, 0x7f, 0x24, 0xa5, 0xbb, 0x83, 0xe5, 0xc1, 0xcf, 0xce, 0x3f, 0x0a, + 0x56, 0xf5, 0x01, 0xb6, 0x04, 0x59, 0x8e, 0xd0, 0x36, 0x79, 0xdc, 0xde, + 0x4e, 0x9d, 0x63, 0x1e, 0xc0, 0xe7, 0xa5, 0xe8, 0x89, 0x80, 0x6f, 0x7a, + 0xac, 0x94, 0x92, 0x96, 0x7e, 0x14, 0xe1, 0x81, 0xaa, 0x7d, 0x61, 0xc4, + 0xe5, 0xee, 0x93, 0x09, 0x02, 0xe5, 0xf0, 0xc1, 0x57, 0x20, 0xd8, 0x81, + 0x96, 0xb8, 0xe4, 0x16, 0x21, 0x69, 0xd8, 0x9a, 0x08, 0x5b, 0xf5, 0x33, + 0xd1, 0x88, 0x69, 0x2a, 0xf1, 0xac, 0xd9, 0x86, 0xcc, 0xab, 0xc9, 0xc4, + 0xbb, 0xb8, 0x61, 0x5e, 0x72, 0xee, 0x49, 0xb5, 0x23, 0xa0, 0xc9, 0xf1, + 0x03, 0x44, 0x72, 0xc0, 0xac, 0x4c, 0xea, 0xaf, 0xea, 0x2a, 0x20, 0x1f, + 0x44, 0xff, 0x9e, 0x9d, 0x4f, 0x18, 0xff, 0x83, 0x48, 0x53, 0xc3, 0x91, + 0xff, 0xee, 0xd6, 0x56, 0xa7, 0x49, 0x65, 0xf3, 0x07, 0x26, 0x9f, 0x9c, + 0x42, 0x23, 0x12, 0xd9, 0xc0, 0x91, 0x16, 0x82, 0x60, 0x14, 0x2e, 0xbc, + 0xf0, 0xad, 0x65, 0xdf, 0xa0, 0xf2, 0x20, 0xbe, 0xe4, 0xc4, 0x00, 0xf2, + 0x31, 0xbd, 0x81, 0x80, 0xc7, 0xc3, 0xd5, 0x54, 0x75, 0x39, 0x34, 0xad, + 0x55, 0xb4, 0x0c, 0xd2, 0xb7, 0x8b, 0xe3, 0x7e, 0x5b, 0x1d, 0xb3, 0x0c, + 0x3c, 0xdb, 0x36, 0x8b, 0x2d, 0xe1, 0xd3, 0x0a, 0x55, 0xc0, 0x60, 0x50, + 0xc8, 0xd4, 0x1f, 0x46, 0x6a, 0x90, 0xee, 0x0f, 0x57, 0x83, 0x96, 0x2d, + 0xff, 0x9f, 0xea, 0x78, 0x6f, 0x11, 0x9d, 0xe6 + }; + + X509* x509 = NULL; + int certSize = (int)sizeof(too_many_altnames_cert) / sizeof(unsigned char); + + ExpectNull(x509 = wolfSSL_X509_load_certificate_buffer( + too_many_altnames_cert, certSize, SSL_FILETYPE_ASN1)); +#endif +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_max_name_constraints(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + !defined(NO_WOLFSSL_CLIENT) + + /* Only test if max name constraints has not been modified */ +#if WOLFSSL_MAX_NAME_CONSTRAINTS == 128 + WOLFSSL_CTX* ctx = NULL; + /* File contains a certificate with 130 name constraints */ + const char* malformed_ca_cert = "./certs/test/cert-too-many-name-constraints.pem"; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + + ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, malformed_ca_cert, NULL, + WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); +#endif + +#endif + return EXPECT_RESULT(); +} + static int test_wolfSSL_X509(void) { EXPECT_DECLS; @@ -72838,6 +73129,8 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_X509_check_ca), TEST_DECL(test_wolfSSL_X509_check_ip_asc), TEST_DECL(test_wolfSSL_X509_bad_altname), + TEST_DECL(test_wolfSSL_X509_max_altnames), + TEST_DECL(test_wolfSSL_X509_max_name_constraints), TEST_DECL(test_wolfSSL_make_cert), #ifndef NO_BIO diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index f5ed8804ff..ee019dc505 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -18944,6 +18944,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) word32 idx = 0; int length = 0; int ret = 0; + word32 numNames = 0; WOLFSSL_ENTER("DecodeAltNames"); @@ -18974,6 +18975,13 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) } while ((ret == 0) && (idx < sz)) { + numNames++; + if (numNames > WOLFSSL_MAX_ALT_NAMES) { + WOLFSSL_MSG("\tToo many subject alternative names"); + ret = ASN_ALT_NAME_E; + break; + } + ASNGetData dataASN[altNameASN_Length]; /* Clear dynamic data items. */ @@ -20086,13 +20094,16 @@ static int DecodeSubtreeGeneralName(const byte* input, word32 sz, byte tag, * @param [in] input Buffer holding data. * @param [in] sz Size of data in buffer. * @param [in, out] head Linked list of subtree names. + * @param [in] limit If > 0, limit on number of tree + * entries to process, exceeding + * is an error. * @param [in] heap Dynamic memory hint. * @return 0 on success. * @return MEMORY_E when dynamic memory allocation fails. * @return ASN_PARSE_E when SEQUENCE is not found as expected. */ static int DecodeSubtree(const byte* input, word32 sz, Base_entry** head, - void* heap) + word32 limit, void* heap) { #ifndef WOLFSSL_ASN_TEMPLATE word32 idx = 0; @@ -20170,6 +20181,7 @@ static int DecodeSubtree(const byte* input, word32 sz, Base_entry** head, DECL_ASNGETDATA(dataASN, subTreeASN_Length); word32 idx = 0; int ret = 0; + word32 cnt = 0; (void)heap; @@ -20179,6 +20191,14 @@ static int DecodeSubtree(const byte* input, word32 sz, Base_entry** head, while ((ret == 0) && (idx < (word32)sz)) { byte minVal = 0; byte maxVal = 0; + if (limit > 0) { + cnt++; + if (cnt > limit) { + WOLFSSL_MSG("too many name constraints"); + ret = ASN_NAME_INVALID_E; + break; + } + } /* Clear dynamic data and set choice for GeneralName and location to * store minimum and maximum. @@ -20277,7 +20297,7 @@ static int DecodeNameConstraints(const byte* input, word32 sz, } if (DecodeSubtree(input + idx, (word32)length, subtree, - cert->heap) < 0) { + WOLFSSL_MAX_NAME_CONSTRAINTS, cert->heap) < 0) { WOLFSSL_MSG("\terror parsing subtree"); return ASN_PARSE_E; } @@ -20304,7 +20324,8 @@ static int DecodeNameConstraints(const byte* input, word32 sz, ret = DecodeSubtree( dataASN[NAMECONSTRAINTSASN_IDX_PERMIT].data.ref.data, dataASN[NAMECONSTRAINTSASN_IDX_PERMIT].data.ref.length, - &cert->permittedNames, cert->heap); + &cert->permittedNames, WOLFSSL_MAX_NAME_CONSTRAINTS, + cert->heap); } } if (ret == 0) { @@ -20313,7 +20334,8 @@ static int DecodeNameConstraints(const byte* input, word32 sz, ret = DecodeSubtree( dataASN[NAMECONSTRAINTSASN_IDX_EXCLUDE].data.ref.data, dataASN[NAMECONSTRAINTSASN_IDX_EXCLUDE].data.ref.length, - &cert->excludedNames, cert->heap); + &cert->excludedNames, WOLFSSL_MAX_NAME_CONSTRAINTS, + cert->heap); } } diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index d848dbc4dc..aa1bae10dc 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -780,6 +780,14 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[]; #define WOLFSSL_TLS_FEATURE_SUM 92 #endif +#ifndef WOLFSSL_MAX_ALT_NAMES +#define WOLFSSL_MAX_ALT_NAMES 128 +#endif + +#ifndef WOLFSSL_MAX_NAME_CONSTRAINTS +#define WOLFSSL_MAX_NAME_CONSTRAINTS 128 +#endif + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* NIDs */ #define NID_undef 0 From af537a6ae3872e9d14b19aba7fc17be8c750f666 Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Wed, 29 May 2024 17:02:29 -0700 Subject: [PATCH 2/9] Move definition to beginning of block --- wolfcrypt/src/asn.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index ee019dc505..174f62e04f 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -18975,6 +18975,8 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) } while ((ret == 0) && (idx < sz)) { + ASNGetData dataASN[altNameASN_Length]; + numNames++; if (numNames > WOLFSSL_MAX_ALT_NAMES) { WOLFSSL_MSG("\tToo many subject alternative names"); @@ -18982,8 +18984,6 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) break; } - ASNGetData dataASN[altNameASN_Length]; - /* Clear dynamic data items. */ XMEMSET(dataASN, 0, sizeof(dataASN)); /* Parse GeneralName with the choices supported. */ From a4544ce2ebe2e1286e986bb4cb7b8992f4ef49ab Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Wed, 29 May 2024 17:54:52 -0700 Subject: [PATCH 3/9] Updates to address review comments --- tests/api.c | 14 +++++++++----- wolfssl/wolfcrypt/asn.h | 6 ++++++ 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/tests/api.c b/tests/api.c index 60706f35f0..a1ddc1fdac 100644 --- a/tests/api.c +++ b/tests/api.c @@ -41520,11 +41520,11 @@ static int test_wolfSSL_X509_max_altnames(void) 0xff, 0x9f, 0xea, 0x78, 0x6f, 0x11, 0x9d, 0xe6 }; - X509* x509 = NULL; - int certSize = (int)sizeof(too_many_altnames_cert) / sizeof(unsigned char); + WOLFSSL_X509* x509 = NULL; + int certSize = (int)(sizeof(too_many_altnames_cert) / sizeof(unsigned char)); ExpectNull(x509 = wolfSSL_X509_load_certificate_buffer( - too_many_altnames_cert, certSize, SSL_FILETYPE_ASN1)); + too_many_altnames_cert, certSize, WOLFSSL_FILETYPE_ASN1)); #endif #endif return EXPECT_RESULT(); @@ -41534,15 +41534,19 @@ static int test_wolfSSL_X509_max_name_constraints(void) { EXPECT_DECLS; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ - !defined(NO_WOLFSSL_CLIENT) + !(defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)) /* Only test if max name constraints has not been modified */ #if WOLFSSL_MAX_NAME_CONSTRAINTS == 128 WOLFSSL_CTX* ctx = NULL; /* File contains a certificate with 130 name constraints */ const char* malformed_ca_cert = "./certs/test/cert-too-many-name-constraints.pem"; - + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, malformed_ca_cert, NULL, WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index aa1bae10dc..192d403d37 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -780,10 +780,16 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[]; #define WOLFSSL_TLS_FEATURE_SUM 92 #endif +/* Maximum number of allowed subject alternative names in a certificate. + * Any certificate containing more than this number of subject + * alternative names will cause an error when attempting to parse. */ #ifndef WOLFSSL_MAX_ALT_NAMES #define WOLFSSL_MAX_ALT_NAMES 128 #endif +/* Maximum number of allowed name constraints in a certificate. + * Any certificate containing more than this number of name constraints + * will cause an error when attempting to parse. */ #ifndef WOLFSSL_MAX_NAME_CONSTRAINTS #define WOLFSSL_MAX_NAME_CONSTRAINTS 128 #endif From e620b47e1acf96d94c0eb542e0a10850799f3c56 Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Wed, 29 May 2024 18:23:13 -0700 Subject: [PATCH 4/9] Add configuration file for generating cert with too many name constraints --- certs/test/cert-too-many-name-constraints.cfg | 61 +++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 certs/test/cert-too-many-name-constraints.cfg diff --git a/certs/test/cert-too-many-name-constraints.cfg b/certs/test/cert-too-many-name-constraints.cfg new file mode 100644 index 0000000000..21bdebeabf --- /dev/null +++ b/certs/test/cert-too-many-name-constraints.cfg @@ -0,0 +1,61 @@ +[ req ] +default_bits = 2048 +prompt = no +distinguished_name = dn +x509_extensions = extensions + +[ dn ] +C = US +ST = Montana +L = Bozeman +O = wolfSSL Inc +OU = Engineering +CN = www.wolfssl.com + +[ extensions ] +basicConstraints=critical,CA:true +nameConstraints = permitted;DNS:.ex1.com,permitted;DNS:.ex2.com,permitted;\ +DNS:.ex3.com,permitted;DNS:.ex4.com,permitted;DNS:.ex5.com,permitted;\ +DNS:.ex6.com,permitted;DNS:.ex7.com,permitted;DNS:.ex8.com,permitted;\ +DNS:.ex9.com,permitted;DNS:.ex10.com,permitted;DNS:.ex11.com,permitted;\ +DNS:.ex12.com,permitted;DNS:.ex13.com,permitted;DNS:.ex14.com,permitted;\ +DNS:.ex15.com,permitted;DNS:.ex16.com,permitted;DNS:.ex17.com,permitted;\ +DNS:.ex18.com,permitted;DNS:.ex19.com,permitted;DNS:.ex20.com,permitted;\ +DNS:.ex21.com,permitted;DNS:.ex22.com,permitted;DNS:.ex23.com,permitted;\ +DNS:.ex24.com,permitted;DNS:.ex25.com,permitted;DNS:.ex26.com,permitted;\ +DNS:.ex27.com,permitted;DNS:.ex28.com,permitted;DNS:.ex29.com,permitted;\ +DNS:.ex30.com,permitted;DNS:.ex31.com,permitted;DNS:.ex32.com,permitted;\ +DNS:.ex33.com,permitted;DNS:.ex34.com,permitted;DNS:.ex35.com,permitted;\ +DNS:.ex36.com,permitted;DNS:.ex37.com,permitted;DNS:.ex38.com,permitted;\ +DNS:.ex39.com,permitted;DNS:.ex40.com,permitted;DNS:.ex41.com,permitted;\ +DNS:.ex42.com,permitted;DNS:.ex43.com,permitted;DNS:.ex44.com,permitted;\ +DNS:.ex45.com,permitted;DNS:.ex46.com,permitted;DNS:.ex47.com,permitted;\ +DNS:.ex48.com,permitted;DNS:.ex49.com,permitted;DNS:.ex50.com,permitted;\ +DNS:.ex51.com,permitted;DNS:.ex52.com,permitted;DNS:.ex53.com,permitted;\ +DNS:.ex54.com,permitted;DNS:.ex55.com,permitted;DNS:.ex56.com,permitted;\ +DNS:.ex57.com,permitted;DNS:.ex58.com,permitted;DNS:.ex59.com,permitted;\ +DNS:.ex60.com,permitted;DNS:.ex61.com,permitted;DNS:.ex62.com,permitted;\ +DNS:.ex63.com,permitted;DNS:.ex64.com,permitted;DNS:.ex65.com,permitted;\ +DNS:.ex66.com,permitted;DNS:.ex67.com,permitted;DNS:.ex68.com,permitted;\ +DNS:.ex69.com,permitted;DNS:.ex70.com,permitted;DNS:.ex71.com,permitted;\ +DNS:.ex72.com,permitted;DNS:.ex73.com,permitted;DNS:.ex74.com,permitted;\ +DNS:.ex75.com,permitted;DNS:.ex76.com,permitted;DNS:.ex77.com,permitted;\ +DNS:.ex78.com,permitted;DNS:.ex79.com,permitted;DNS:.ex80.com,permitted;\ +DNS:.ex81.com,permitted;DNS:.ex82.com,permitted;DNS:.ex83.com,permitted;\ +DNS:.ex84.com,permitted;DNS:.ex85.com,permitted;DNS:.ex86.com,permitted;\ +DNS:.ex87.com,permitted;DNS:.ex88.com,permitted;DNS:.ex89.com,permitted;\ +DNS:.ex90.com,permitted;DNS:.ex91.com,permitted;DNS:.ex92.com,permitted;\ +DNS:.ex93.com,permitted;DNS:.ex94.com,permitted;DNS:.ex95.com,permitted;\ +DNS:.ex96.com,permitted;DNS:.ex97.com,permitted;DNS:.ex98.com,permitted;\ +DNS:.ex99.com,permitted;DNS:.ex100.com,permitted;DNS:.ex101.com,permitted;\ +DNS:.ex102.com,permitted;DNS:.ex103.com,permitted;DNS:.ex104.com,permitted;\ +DNS:.ex105.com,permitted;DNS:.ex106.com,permitted;DNS:.ex107.com,permitted;\ +DNS:.ex108.com,permitted;DNS:.ex109.com,permitted;DNS:.ex110.com,permitted;\ +DNS:.ex111.com,permitted;DNS:.ex112.com,permitted;DNS:.ex113.com,permitted;\ +DNS:.ex114.com,permitted;DNS:.ex115.com,permitted;DNS:.ex116.com,permitted;\ +DNS:.ex117.com,permitted;DNS:.ex118.com,permitted;DNS:.ex119.com,permitted;\ +DNS:.ex120.com,permitted;DNS:.ex121.com,permitted;DNS:.ex122.com,permitted;\ +DNS:.ex123.com,permitted;DNS:.ex124.com,permitted;DNS:.ex125.com,permitted;\ +DNS:.ex126.com,permitted;DNS:.ex127.com,permitted;DNS:.ex128.com,permitted;\ +DNS:.ex129.com,permitted;DNS:.ex130.com + From 284dea43fe7fbd052edc8ffffc2a1b7068a901f5 Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Wed, 29 May 2024 19:00:15 -0700 Subject: [PATCH 5/9] Unify max name testing to use cert files for both cases. --- certs/test/cert-over-max-altnames.cfg | 150 ++++++++++ certs/test/cert-over-max-altnames.pem | 63 ++++ ...e-constraints.cfg => cert-over-max-nc.cfg} | 0 certs/test/cert-over-max-nc.pem | 58 ++++ certs/test/cert-too-many-name-constraints.pem | 59 ---- tests/api.c | 280 ++---------------- 6 files changed, 290 insertions(+), 320 deletions(-) create mode 100644 certs/test/cert-over-max-altnames.cfg create mode 100644 certs/test/cert-over-max-altnames.pem rename certs/test/{cert-too-many-name-constraints.cfg => cert-over-max-nc.cfg} (100%) create mode 100644 certs/test/cert-over-max-nc.pem delete mode 100644 certs/test/cert-too-many-name-constraints.pem diff --git a/certs/test/cert-over-max-altnames.cfg b/certs/test/cert-over-max-altnames.cfg new file mode 100644 index 0000000000..472fa20f32 --- /dev/null +++ b/certs/test/cert-over-max-altnames.cfg @@ -0,0 +1,150 @@ +[ req ] +default_bits = 2048 +prompt = no +distinguished_name = dn +x509_extensions = extensions + +[ dn ] +C = US +ST = Montana +L = Bozeman +O = wolfSSL Inc +OU = Engineering +CN = www.wolfssl.com + +[ extensions ] +subjectAltName = @alt_names + +[ alt_names ] +DNS.1 = example1.com +DNS.2 = example2.com +DNS.3 = example3.com +DNS.4 = example4.com +DNS.5 = example5.com +DNS.6 = example6.com +DNS.7 = example7.com +DNS.8 = example8.com +DNS.9 = example9.com +DNS.10 = example10.com +DNS.11 = example11.com +DNS.12 = example12.com +DNS.13 = example13.com +DNS.14 = example14.com +DNS.15 = example15.com +DNS.16 = example16.com +DNS.17 = example17.com +DNS.18 = example18.com +DNS.19 = example19.com +DNS.20 = example20.com +DNS.21 = example21.com +DNS.22 = example22.com +DNS.23 = example23.com +DNS.24 = example24.com +DNS.25 = example25.com +DNS.26 = example26.com +DNS.27 = example27.com +DNS.28 = example28.com +DNS.29 = example29.com +DNS.30 = example30.com +DNS.31 = example31.com +DNS.32 = example32.com +DNS.33 = example33.com +DNS.34 = example34.com +DNS.35 = example35.com +DNS.36 = example36.com +DNS.37 = example37.com +DNS.38 = example38.com +DNS.39 = example39.com +DNS.40 = example40.com +DNS.41 = example41.com +DNS.42 = example42.com +DNS.43 = example43.com +DNS.44 = example44.com +DNS.45 = example45.com +DNS.46 = example46.com +DNS.47 = example47.com +DNS.48 = example48.com +DNS.49 = example49.com +DNS.50 = example50.com +DNS.51 = example51.com +DNS.52 = example52.com +DNS.53 = example53.com +DNS.54 = example54.com +DNS.55 = example55.com +DNS.56 = example56.com +DNS.57 = example57.com +DNS.58 = example58.com +DNS.59 = example59.com +DNS.60 = example60.com +DNS.61 = example61.com +DNS.62 = example62.com +DNS.63 = example63.com +DNS.64 = example64.com +DNS.65 = example65.com +DNS.66 = example66.com +DNS.67 = example67.com +DNS.68 = example68.com +DNS.69 = example69.com +DNS.70 = example70.com +DNS.71 = example71.com +DNS.72 = example72.com +DNS.73 = example73.com +DNS.74 = example74.com +DNS.75 = example75.com +DNS.76 = example76.com +DNS.77 = example77.com +DNS.78 = example78.com +DNS.79 = example79.com +DNS.80 = example80.com +DNS.81 = example81.com +DNS.82 = example82.com +DNS.83 = example83.com +DNS.84 = example84.com +DNS.85 = example85.com +DNS.86 = example86.com +DNS.87 = example87.com +DNS.88 = example88.com +DNS.89 = example89.com +DNS.90 = example90.com +DNS.91 = example91.com +DNS.92 = example92.com +DNS.93 = example93.com +DNS.94 = example94.com +DNS.95 = example95.com +DNS.96 = example96.com +DNS.97 = example97.com +DNS.98 = example98.com +DNS.99 = example99.com +DNS.100 = example100.com +DNS.101 = example101.com +DNS.102 = example102.com +DNS.103 = example103.com +DNS.104 = example104.com +DNS.105 = example105.com +DNS.106 = example106.com +DNS.107 = example107.com +DNS.108 = example108.com +DNS.109 = example109.com +DNS.110 = example110.com +DNS.111 = example111.com +DNS.112 = example112.com +DNS.113 = example113.com +DNS.114 = example114.com +DNS.115 = example115.com +DNS.116 = example116.com +DNS.117 = example117.com +DNS.118 = example118.com +DNS.119 = example119.com +DNS.120 = example120.com +DNS.121 = example121.com +DNS.122 = example122.com +DNS.123 = example123.com +DNS.124 = example124.com +DNS.125 = example125.com +DNS.126 = example126.com +DNS.127 = example127.com +DNS.128 = example128.com +DNS.129 = example129.com +DNS.130 = example130.com + + diff --git a/certs/test/cert-over-max-altnames.pem b/certs/test/cert-over-max-altnames.pem new file mode 100644 index 0000000000..309b31ef81 --- /dev/null +++ b/certs/test/cert-over-max-altnames.pem @@ -0,0 +1,63 @@ +-----BEGIN CERTIFICATE----- +MIILZjCCCk6gAwIBAgIURc0vEAYKqmZm+uhVYVYcdTDD5jIwDQYJKoZIhvcNAQEL +BQAwdzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv +emVtYW4xFDASBgNVBAoMC3dvbGZTU0wgSW5jMRQwEgYDVQQLDAtFbmdpbmVlcmlu +ZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMB4XDTI0MDUzMDAxMzQ1NloXDTI0 +MDYyOTAxMzQ1NlowdzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO +BgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC3dvbGZTU0wgSW5jMRQwEgYDVQQLDAtF +bmdpbmVlcmluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4MxlWlPvDK577o82h5LrZDs/1eFX/xEI2ICZ +xvQ3rMm5cdUxsnYeExXMP8Fzlx4RsyYeNCJo8wdKFtTbrkyTGE1tlrQ6jZ20aYA0 +V38GkQhVNzG5EIOBm9x7Zl7L4kgJEAG0a36jOrCuP9JOxo6EtyezF+KyN9TEzxxZ +udlaV3JoxghmvaBzRO07vmomtxwtm/5K4gM3XCcYyDhxf7J357s6Ra8nhefOT/PV +rB/mSHUcH0nvt2mNZdJyDOUBNx0IAVL1CaJh3pT14Ql03igSbeRr7pVtiioixZTD +xB1npmn0kgTa4zNR11EWHX0nBwEJST3QofkJA+odSFQBG1tCTQIDAQABo4IH6DCC +B+QwggfBBgNVHREEgge4MIIHtIIMZXhhbXBsZTEuY29tggxleGFtcGxlMi5jb22C +DGV4YW1wbGUzLmNvbYIMZXhhbXBsZTQuY29tggxleGFtcGxlNS5jb22CDGV4YW1w +bGU2LmNvbYIMZXhhbXBsZTcuY29tggxleGFtcGxlOC5jb22CDGV4YW1wbGU5LmNv +bYINZXhhbXBsZTEwLmNvbYINZXhhbXBsZTExLmNvbYINZXhhbXBsZTEyLmNvbYIN +ZXhhbXBsZTEzLmNvbYINZXhhbXBsZTE0LmNvbYINZXhhbXBsZTE1LmNvbYINZXhh +bXBsZTE2LmNvbYINZXhhbXBsZTE3LmNvbYINZXhhbXBsZTE4LmNvbYINZXhhbXBs +ZTE5LmNvbYINZXhhbXBsZTIwLmNvbYINZXhhbXBsZTIxLmNvbYINZXhhbXBsZTIy +LmNvbYINZXhhbXBsZTIzLmNvbYINZXhhbXBsZTI0LmNvbYINZXhhbXBsZTI1LmNv +bYINZXhhbXBsZTI2LmNvbYINZXhhbXBsZTI3LmNvbYINZXhhbXBsZTI4LmNvbYIN +ZXhhbXBsZTI5LmNvbYINZXhhbXBsZTMwLmNvbYINZXhhbXBsZTMxLmNvbYINZXhh +bXBsZTMyLmNvbYINZXhhbXBsZTMzLmNvbYINZXhhbXBsZTM0LmNvbYINZXhhbXBs +ZTM1LmNvbYINZXhhbXBsZTM2LmNvbYINZXhhbXBsZTM3LmNvbYINZXhhbXBsZTM4 +LmNvbYINZXhhbXBsZTM5LmNvbYINZXhhbXBsZTQwLmNvbYINZXhhbXBsZTQxLmNv +bYINZXhhbXBsZTQyLmNvbYINZXhhbXBsZTQzLmNvbYINZXhhbXBsZTQ0LmNvbYIN +ZXhhbXBsZTQ1LmNvbYINZXhhbXBsZTQ2LmNvbYINZXhhbXBsZTQ3LmNvbYINZXhh +bXBsZTQ4LmNvbYINZXhhbXBsZTQ5LmNvbYINZXhhbXBsZTUwLmNvbYINZXhhbXBs +ZTUxLmNvbYINZXhhbXBsZTUyLmNvbYINZXhhbXBsZTUzLmNvbYINZXhhbXBsZTU0 +LmNvbYINZXhhbXBsZTU1LmNvbYINZXhhbXBsZTU2LmNvbYINZXhhbXBsZTU3LmNv +bYINZXhhbXBsZTU4LmNvbYINZXhhbXBsZTU5LmNvbYINZXhhbXBsZTYwLmNvbYIN +ZXhhbXBsZTYxLmNvbYINZXhhbXBsZTYyLmNvbYINZXhhbXBsZTYzLmNvbYINZXhh +bXBsZTY0LmNvbYINZXhhbXBsZTY1LmNvbYINZXhhbXBsZTY2LmNvbYINZXhhbXBs +ZTY3LmNvbYINZXhhbXBsZTY4LmNvbYINZXhhbXBsZTY5LmNvbYINZXhhbXBsZTcw +LmNvbYINZXhhbXBsZTcxLmNvbYINZXhhbXBsZTcyLmNvbYINZXhhbXBsZTczLmNv +bYINZXhhbXBsZTc0LmNvbYINZXhhbXBsZTc1LmNvbYINZXhhbXBsZTc2LmNvbYIN +ZXhhbXBsZTc3LmNvbYINZXhhbXBsZTc4LmNvbYINZXhhbXBsZTc5LmNvbYINZXhh +bXBsZTgwLmNvbYINZXhhbXBsZTgxLmNvbYINZXhhbXBsZTgyLmNvbYINZXhhbXBs +ZTgzLmNvbYINZXhhbXBsZTg0LmNvbYINZXhhbXBsZTg1LmNvbYINZXhhbXBsZTg2 +LmNvbYINZXhhbXBsZTg3LmNvbYINZXhhbXBsZTg4LmNvbYINZXhhbXBsZTg5LmNv +bYINZXhhbXBsZTkwLmNvbYINZXhhbXBsZTkxLmNvbYINZXhhbXBsZTkyLmNvbYIN +ZXhhbXBsZTkzLmNvbYINZXhhbXBsZTk0LmNvbYINZXhhbXBsZTk1LmNvbYINZXhh +bXBsZTk2LmNvbYINZXhhbXBsZTk3LmNvbYINZXhhbXBsZTk4LmNvbYINZXhhbXBs +ZTk5LmNvbYIOZXhhbXBsZTEwMC5jb22CDmV4YW1wbGUxMDEuY29tgg5leGFtcGxl +MTAyLmNvbYIOZXhhbXBsZTEwMy5jb22CDmV4YW1wbGUxMDQuY29tgg5leGFtcGxl +MTA1LmNvbYIOZXhhbXBsZTEwNi5jb22CDmV4YW1wbGUxMDcuY29tgg5leGFtcGxl +MTA4LmNvbYIOZXhhbXBsZTEwOS5jb22CDmV4YW1wbGUxMTAuY29tgg5leGFtcGxl +MTExLmNvbYIOZXhhbXBsZTExMi5jb22CDmV4YW1wbGUxMTMuY29tgg5leGFtcGxl +MTE0LmNvbYIOZXhhbXBsZTExNS5jb22CDmV4YW1wbGUxMTYuY29tgg5leGFtcGxl +MTE3LmNvbYIOZXhhbXBsZTExOC5jb22CDmV4YW1wbGUxMTkuY29tgg5leGFtcGxl +MTIwLmNvbYIOZXhhbXBsZTEyMS5jb22CDmV4YW1wbGUxMjIuY29tgg5leGFtcGxl +MTIzLmNvbYIOZXhhbXBsZTEyNC5jb22CDmV4YW1wbGUxMjUuY29tgg5leGFtcGxl +MTI2LmNvbYIOZXhhbXBsZTEyNy5jb22CDmV4YW1wbGUxMjguY29tgg5leGFtcGxl +MTI5LmNvbYIOZXhhbXBsZTEzMC5jb20wHQYDVR0OBBYEFLbtWbf+CESA0Xfsii18 +98iIet9AMA0GCSqGSIb3DQEBCwUAA4IBAQBCY+SvA+JFFZ1NwwEBcl5BDbTjTAgt +w+xlEK71C+KUdvFuMMftDjaESOTJXEsimz5TuYhCMmQwQJMTlaEuZnzyCetuyBwJ +eRAFopo4xRhJKQ6okJlOANPlmXehuPS+niiMMGxqBOjVyvPFZpdnj0oa6Mz/ewuP +gNlsLUUrA6YQZNGYq9rDb4r2CCtD+10xkUg1Pu+2eRHBkYP9VSJOvWTVLMj/mPwN +mh/pAxg50fl/t+m181AOu8KpIen3++54ljgo0v/O3SyO0d5zq8+vSTpjkfX3LPjH +DFyofMjOQ7lFnr7uwY9jmj//GUUg3nULmItMhcEJ3XE9ySoEwfP35OWC +-----END CERTIFICATE----- diff --git a/certs/test/cert-too-many-name-constraints.cfg b/certs/test/cert-over-max-nc.cfg similarity index 100% rename from certs/test/cert-too-many-name-constraints.cfg rename to certs/test/cert-over-max-nc.cfg diff --git a/certs/test/cert-over-max-nc.pem b/certs/test/cert-over-max-nc.pem new file mode 100644 index 0000000000..5fb42bf525 --- /dev/null +++ b/certs/test/cert-over-max-nc.pem @@ -0,0 +1,58 @@ +-----BEGIN CERTIFICATE----- +MIIKdzCCCV+gAwIBAgIUP2BNrIrxeGGYtoPzcrEMcF8RDbEwDQYJKoZIhvcNAQEL +BQAwdzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv +emVtYW4xFDASBgNVBAoMC3dvbGZTU0wgSW5jMRQwEgYDVQQLDAtFbmdpbmVlcmlu +ZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMB4XDTI0MDUzMDAxNTE0M1oXDTI0 +MDYyOTAxNTE0M1owdzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO +BgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC3dvbGZTU0wgSW5jMRQwEgYDVQQLDAtF +bmdpbmVlcmluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7XMOFVWne2YJvHK9odaZiLSFJ5l9FJqKLnc +VDPPjM++SdO/dU8/hO/e1B5r88NtXFJHztMbekIIQd7f0T3Lwru/FRkmqI3Q2Z5V +SYLJbrI3EiVg4eG07MI2DhHWg9cMnfENzYk4Q/Zhd2cGCsJUW4S37ye+M+VXDtlb +ZkQVN19uqrxmZESqVpa05AjsJcbVMwb4++ZkhXLrs0eUcLQpZxWehTvKO/FgcFbD +6kNkTBBNf3c/5AQCLugSLUGn1RgbNt9sBZ6zZPM3UOgeREfEcb5+B61RGQD/SMCR +o+VEMCkGmWw8b3B7tyRXweuHBZ5I+AOw9QHb7F5tkT8ih5FUrwIDAQABo4IG+TCC +BvUwDwYDVR0TAQH/BAUwAwEB/zCCBsEGA1UdHgSCBrgwgga0oIIGsDAKggguZXgx +LmNvbTAKggguZXgyLmNvbTAKggguZXgzLmNvbTAKggguZXg0LmNvbTAKggguZXg1 +LmNvbTAKggguZXg2LmNvbTAKggguZXg3LmNvbTAKggguZXg4LmNvbTAKggguZXg5 +LmNvbTALggkuZXgxMC5jb20wC4IJLmV4MTEuY29tMAuCCS5leDEyLmNvbTALggku +ZXgxMy5jb20wC4IJLmV4MTQuY29tMAuCCS5leDE1LmNvbTALggkuZXgxNi5jb20w +C4IJLmV4MTcuY29tMAuCCS5leDE4LmNvbTALggkuZXgxOS5jb20wC4IJLmV4MjAu +Y29tMAuCCS5leDIxLmNvbTALggkuZXgyMi5jb20wC4IJLmV4MjMuY29tMAuCCS5l +eDI0LmNvbTALggkuZXgyNS5jb20wC4IJLmV4MjYuY29tMAuCCS5leDI3LmNvbTAL +ggkuZXgyOC5jb20wC4IJLmV4MjkuY29tMAuCCS5leDMwLmNvbTALggkuZXgzMS5j +b20wC4IJLmV4MzIuY29tMAuCCS5leDMzLmNvbTALggkuZXgzNC5jb20wC4IJLmV4 +MzUuY29tMAuCCS5leDM2LmNvbTALggkuZXgzNy5jb20wC4IJLmV4MzguY29tMAuC +CS5leDM5LmNvbTALggkuZXg0MC5jb20wC4IJLmV4NDEuY29tMAuCCS5leDQyLmNv +bTALggkuZXg0My5jb20wC4IJLmV4NDQuY29tMAuCCS5leDQ1LmNvbTALggkuZXg0 +Ni5jb20wC4IJLmV4NDcuY29tMAuCCS5leDQ4LmNvbTALggkuZXg0OS5jb20wC4IJ +LmV4NTAuY29tMAuCCS5leDUxLmNvbTALggkuZXg1Mi5jb20wC4IJLmV4NTMuY29t +MAuCCS5leDU0LmNvbTALggkuZXg1NS5jb20wC4IJLmV4NTYuY29tMAuCCS5leDU3 +LmNvbTALggkuZXg1OC5jb20wC4IJLmV4NTkuY29tMAuCCS5leDYwLmNvbTALggku +ZXg2MS5jb20wC4IJLmV4NjIuY29tMAuCCS5leDYzLmNvbTALggkuZXg2NC5jb20w +C4IJLmV4NjUuY29tMAuCCS5leDY2LmNvbTALggkuZXg2Ny5jb20wC4IJLmV4Njgu +Y29tMAuCCS5leDY5LmNvbTALggkuZXg3MC5jb20wC4IJLmV4NzEuY29tMAuCCS5l +eDcyLmNvbTALggkuZXg3My5jb20wC4IJLmV4NzQuY29tMAuCCS5leDc1LmNvbTAL +ggkuZXg3Ni5jb20wC4IJLmV4NzcuY29tMAuCCS5leDc4LmNvbTALggkuZXg3OS5j +b20wC4IJLmV4ODAuY29tMAuCCS5leDgxLmNvbTALggkuZXg4Mi5jb20wC4IJLmV4 +ODMuY29tMAuCCS5leDg0LmNvbTALggkuZXg4NS5jb20wC4IJLmV4ODYuY29tMAuC +CS5leDg3LmNvbTALggkuZXg4OC5jb20wC4IJLmV4ODkuY29tMAuCCS5leDkwLmNv +bTALggkuZXg5MS5jb20wC4IJLmV4OTIuY29tMAuCCS5leDkzLmNvbTALggkuZXg5 +NC5jb20wC4IJLmV4OTUuY29tMAuCCS5leDk2LmNvbTALggkuZXg5Ny5jb20wC4IJ +LmV4OTguY29tMAuCCS5leDk5LmNvbTAMggouZXgxMDAuY29tMAyCCi5leDEwMS5j +b20wDIIKLmV4MTAyLmNvbTAMggouZXgxMDMuY29tMAyCCi5leDEwNC5jb20wDIIK +LmV4MTA1LmNvbTAMggouZXgxMDYuY29tMAyCCi5leDEwNy5jb20wDIIKLmV4MTA4 +LmNvbTAMggouZXgxMDkuY29tMAyCCi5leDExMC5jb20wDIIKLmV4MTExLmNvbTAM +ggouZXgxMTIuY29tMAyCCi5leDExMy5jb20wDIIKLmV4MTE0LmNvbTAMggouZXgx +MTUuY29tMAyCCi5leDExNi5jb20wDIIKLmV4MTE3LmNvbTAMggouZXgxMTguY29t +MAyCCi5leDExOS5jb20wDIIKLmV4MTIwLmNvbTAMggouZXgxMjEuY29tMAyCCi5l +eDEyMi5jb20wDIIKLmV4MTIzLmNvbTAMggouZXgxMjQuY29tMAyCCi5leDEyNS5j +b20wDIIKLmV4MTI2LmNvbTAMggouZXgxMjcuY29tMAyCCi5leDEyOC5jb20wDIIK +LmV4MTI5LmNvbTAMggouZXgxMzAuY29tMB0GA1UdDgQWBBRZqhZL7IEF/o83ZyxK +Djw6be/2ozANBgkqhkiG9w0BAQsFAAOCAQEAPObXW1f+7VAT0SUE6fLpqmP1y1PY +z5oePRsiRPrM8tbgu2DESGwcHeapCtIPXLPbf1pW3yYqTGtgIrO2IqBZmVWIk3YT +OSp4RrZDH55soOr2g6KP5RpjE6kWU5XkVxbQNLHlwRgnpQcDgVoOgIDtxpVgpXs1 +OCdNe1sdQbPbI8ciIayJJl7bEv52BjrmjYhCWCPXDBspwLhafwFzorHDj8QiYbWo +6QH1TQakxjo3Nbceax7D2LT2Aev/cMw8GqR/wykLj1EEYzdB644OYwEfdRf5RwJg +CkaQE7FWVpdVcoJnXIa8/iATpTLYuYeolpDLXJe2Eqb3SegTp6wL4x1Bzg== +-----END CERTIFICATE----- diff --git a/certs/test/cert-too-many-name-constraints.pem b/certs/test/cert-too-many-name-constraints.pem deleted file mode 100644 index 30ee2b8881..0000000000 --- a/certs/test/cert-too-many-name-constraints.pem +++ /dev/null @@ -1,59 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIKqTCCCZGgAwIBAgIUFFokI9Yd3KH+eqBsRLhoud4uIc8wDQYJKoZIhvcNAQEL -BQAwgY8xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOWTERMA8GA1UEBwwITmV3IFlv -cmsxGDAWBgNVBAoMD0ZvbyBDb21wYW55IExMQzEcMBoGA1UEAwwTZm9vLWNvbXBh -bnktbGxjLmNvbTEoMCYGCSqGSIb3DQEJARYZYWRtaW5AZm9vLWNvbXBhbnktbGxj -LmNvbTAeFw0yNDA1MjkyMjI2NDhaFw0yNDA2MjgyMjI2NDhaMIGPMQswCQYDVQQG -EwJVUzELMAkGA1UECAwCTlkxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9G -b28gQ29tcGFueSBMTEMxHDAaBgNVBAMME2Zvby1jb21wYW55LWxsYy5jb20xKDAm -BgkqhkiG9w0BCQEWGWFkbWluQGZvby1jb21wYW55LWxsYy5jb20wggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSzHEKxR2tQ8ykY1j0zW3oOmwBgFAPNgyJ -oODAdBKqVCXb2P8UQ1zAaQzZeJj6GS96e6eyBUDGOLtb9V4EcSxtY/KBUEWoYp+7 -UKu4BYOIkzLMxjmea9BLXHM8j4GpD7gSruqlksELXh8xtVUfuABW7gzARJ34dugt -oQjmdT5DkImtt4jr+RwNZ8/XKtATZLcidhfOJJLjSXFz7ZUDzsA3P7eGiUgtlSQl -3Xrxi95FIpuk+YsKKFpNZPo+wmjYBLZG6752sNrizELVcU1WII8lc6ydduZpgJ8C -9oWGMFVYoWe8mAAmBYPc/kZZYenSAcpAwyO/qKjK34/jQfc538JNAgMBAAGjggb5 -MIIG9TAPBgNVHRMBAf8EBTADAQH/MIIGwQYDVR0eBIIGuDCCBrSgggawMAqCCC5l -eDEuY29tMAqCCC5leDIuY29tMAqCCC5leDMuY29tMAqCCC5leDQuY29tMAqCCC5l -eDUuY29tMAqCCC5leDYuY29tMAqCCC5leDcuY29tMAqCCC5leDguY29tMAqCCC5l -eDkuY29tMAuCCS5leDEwLmNvbTALggkuZXgxMS5jb20wC4IJLmV4MTIuY29tMAuC -CS5leDEzLmNvbTALggkuZXgxNC5jb20wC4IJLmV4MTUuY29tMAuCCS5leDE2LmNv -bTALggkuZXgxNy5jb20wC4IJLmV4MTguY29tMAuCCS5leDE5LmNvbTALggkuZXgy -MC5jb20wC4IJLmV4MjEuY29tMAuCCS5leDIyLmNvbTALggkuZXgyMy5jb20wC4IJ -LmV4MjQuY29tMAuCCS5leDI1LmNvbTALggkuZXgyNi5jb20wC4IJLmV4MjcuY29t -MAuCCS5leDI4LmNvbTALggkuZXgyOS5jb20wC4IJLmV4MzAuY29tMAuCCS5leDMx -LmNvbTALggkuZXgzMi5jb20wC4IJLmV4MzMuY29tMAuCCS5leDM0LmNvbTALggku -ZXgzNS5jb20wC4IJLmV4MzYuY29tMAuCCS5leDM3LmNvbTALggkuZXgzOC5jb20w -C4IJLmV4MzkuY29tMAuCCS5leDQwLmNvbTALggkuZXg0MS5jb20wC4IJLmV4NDIu -Y29tMAuCCS5leDQzLmNvbTALggkuZXg0NC5jb20wC4IJLmV4NDUuY29tMAuCCS5l -eDQ2LmNvbTALggkuZXg0Ny5jb20wC4IJLmV4NDguY29tMAuCCS5leDQ5LmNvbTAL -ggkuZXg1MC5jb20wC4IJLmV4NTEuY29tMAuCCS5leDUyLmNvbTALggkuZXg1My5j -b20wC4IJLmV4NTQuY29tMAuCCS5leDU1LmNvbTALggkuZXg1Ni5jb20wC4IJLmV4 -NTcuY29tMAuCCS5leDU4LmNvbTALggkuZXg1OS5jb20wC4IJLmV4NjAuY29tMAuC -CS5leDYxLmNvbTALggkuZXg2Mi5jb20wC4IJLmV4NjMuY29tMAuCCS5leDY0LmNv -bTALggkuZXg2NS5jb20wC4IJLmV4NjYuY29tMAuCCS5leDY3LmNvbTALggkuZXg2 -OC5jb20wC4IJLmV4NjkuY29tMAuCCS5leDcwLmNvbTALggkuZXg3MS5jb20wC4IJ -LmV4NzIuY29tMAuCCS5leDczLmNvbTALggkuZXg3NC5jb20wC4IJLmV4NzUuY29t -MAuCCS5leDc2LmNvbTALggkuZXg3Ny5jb20wC4IJLmV4NzguY29tMAuCCS5leDc5 -LmNvbTALggkuZXg4MC5jb20wC4IJLmV4ODEuY29tMAuCCS5leDgyLmNvbTALggku -ZXg4My5jb20wC4IJLmV4ODQuY29tMAuCCS5leDg1LmNvbTALggkuZXg4Ni5jb20w -C4IJLmV4ODcuY29tMAuCCS5leDg4LmNvbTALggkuZXg4OS5jb20wC4IJLmV4OTAu -Y29tMAuCCS5leDkxLmNvbTALggkuZXg5Mi5jb20wC4IJLmV4OTMuY29tMAuCCS5l -eDk0LmNvbTALggkuZXg5NS5jb20wC4IJLmV4OTYuY29tMAuCCS5leDk3LmNvbTAL -ggkuZXg5OC5jb20wC4IJLmV4OTkuY29tMAyCCi5leDEwMC5jb20wDIIKLmV4MTAx -LmNvbTAMggouZXgxMDIuY29tMAyCCi5leDEwMy5jb20wDIIKLmV4MTA0LmNvbTAM -ggouZXgxMDUuY29tMAyCCi5leDEwNi5jb20wDIIKLmV4MTA3LmNvbTAMggouZXgx -MDguY29tMAyCCi5leDEwOS5jb20wDIIKLmV4MTEwLmNvbTAMggouZXgxMTEuY29t -MAyCCi5leDExMi5jb20wDIIKLmV4MTEzLmNvbTAMggouZXgxMTQuY29tMAyCCi5l -eDExNS5jb20wDIIKLmV4MTE2LmNvbTAMggouZXgxMTcuY29tMAyCCi5leDExOC5j -b20wDIIKLmV4MTE5LmNvbTAMggouZXgxMjAuY29tMAyCCi5leDEyMS5jb20wDIIK -LmV4MTIyLmNvbTAMggouZXgxMjMuY29tMAyCCi5leDEyNC5jb20wDIIKLmV4MTI1 -LmNvbTAMggouZXgxMjYuY29tMAyCCi5leDEyNy5jb20wDIIKLmV4MTI4LmNvbTAM -ggouZXgxMjkuY29tMAyCCi5leDEzMC5jb20wHQYDVR0OBBYEFJvjzAGexe5bKTQ1 -CMkebDRYUHXAMA0GCSqGSIb3DQEBCwUAA4IBAQB/5AdXGRIgVuwQBvU/CGMuMFwv -lx62SLuzAKSVMmX08Odpuh0CnGeWBonmu5rZWOqYAwTRypZxksf1Ke0eVp8bRAiR -lMo0iFNm90deH8pPC/jSuH5OGV77F+kQAqHcnCP4unZVzq+XRDLiHEAsyAOjGx8o -9mO9DwzFa1KK8jvCYkNUkgHa9Xow6ExlJ/UJCuG0nvFDXcG4VUcFSSR3zTTOg970 -kcoMOLfPNvFQ/+UPT/XwgySuauHdt38xoBdL3BjdOIU6WWVplg14fiwKg8ut9ZQH -HYDIkDks1kiG9W9tg+9YeG/taUtcCtSfs2NdCmOHJOFHulvqI+A2ADQWgDH9 ------END CERTIFICATE----- diff --git a/tests/api.c b/tests/api.c index a1ddc1fdac..8ad0ad8440 100644 --- a/tests/api.c +++ b/tests/api.c @@ -41264,267 +41264,25 @@ static int test_wolfSSL_X509_bad_altname(void) static int test_wolfSSL_X509_max_altnames(void) { EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) /* Only test if max alt names has not been modified */ #if WOLFSSL_MAX_ALT_NAMES == 128 - /* A certificate encoded with 130 subject alternative names */ - const unsigned char too_many_altnames_cert[] = { - 0x30, 0x82, 0x0b, 0x98, 0x30, 0x82, 0x0a, 0x80, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x14, 0x62, 0x32, 0xa6, 0x54, 0x73, 0x2f, 0xdb, 0x7d, 0x49, - 0x40, 0x69, 0xc0, 0x5a, 0x9b, 0x60, 0xfe, 0x04, 0x4f, 0x02, 0xd5, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, - 0x05, 0x00, 0x30, 0x81, 0x8f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, - 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x08, 0x0c, 0x02, 0x4e, 0x59, 0x31, 0x11, 0x30, 0x0f, 0x06, - 0x03, 0x55, 0x04, 0x07, 0x0c, 0x08, 0x4e, 0x65, 0x77, 0x20, 0x59, 0x6f, - 0x72, 0x6b, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, - 0x0f, 0x46, 0x6f, 0x6f, 0x20, 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, - 0x20, 0x4c, 0x4c, 0x43, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x0c, 0x13, 0x66, 0x6f, 0x6f, 0x2d, 0x63, 0x6f, 0x6d, 0x70, 0x61, - 0x6e, 0x79, 0x2d, 0x6c, 0x6c, 0x63, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x28, - 0x30, 0x26, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, - 0x01, 0x16, 0x19, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x40, 0x66, 0x6f, 0x6f, - 0x2d, 0x63, 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x2d, 0x6c, 0x6c, 0x63, - 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, - 0x32, 0x39, 0x32, 0x30, 0x32, 0x31, 0x34, 0x31, 0x5a, 0x17, 0x0d, 0x32, - 0x34, 0x30, 0x36, 0x32, 0x38, 0x32, 0x30, 0x32, 0x31, 0x34, 0x31, 0x5a, - 0x30, 0x81, 0x8f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x0c, 0x02, 0x4e, 0x59, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, - 0x04, 0x07, 0x0c, 0x08, 0x4e, 0x65, 0x77, 0x20, 0x59, 0x6f, 0x72, 0x6b, - 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0f, 0x46, - 0x6f, 0x6f, 0x20, 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x20, 0x4c, - 0x4c, 0x43, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, - 0x13, 0x66, 0x6f, 0x6f, 0x2d, 0x63, 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, - 0x2d, 0x6c, 0x6c, 0x63, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x28, 0x30, 0x26, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, - 0x19, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x40, 0x66, 0x6f, 0x6f, 0x2d, 0x63, - 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x2d, 0x6c, 0x6c, 0x63, 0x2e, 0x63, - 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc2, - 0xe2, 0xb9, 0x35, 0x6e, 0x70, 0x84, 0xd3, 0xf7, 0x1e, 0xac, 0x18, 0x86, - 0x51, 0xaf, 0xbd, 0xa2, 0x77, 0xfb, 0x1c, 0x18, 0x54, 0x64, 0xbf, 0x69, - 0xc7, 0x35, 0x3d, 0xa1, 0xf6, 0x1a, 0xa5, 0xc7, 0x4c, 0xac, 0xd6, 0x48, - 0xb3, 0xdc, 0xac, 0xe6, 0xbb, 0x10, 0x54, 0x42, 0xd2, 0xfe, 0xea, 0x14, - 0x94, 0x6a, 0xad, 0x7c, 0xa3, 0x2c, 0x46, 0x44, 0x50, 0x78, 0x01, 0x9c, - 0xb3, 0xaa, 0x05, 0x4e, 0xdb, 0xc1, 0x12, 0xd1, 0x6a, 0x03, 0x10, 0x4d, - 0x8d, 0x0a, 0xaf, 0x79, 0x7d, 0x19, 0xce, 0xde, 0xf2, 0x7a, 0xa7, 0xcd, - 0x11, 0x92, 0x89, 0xa7, 0x80, 0xf2, 0x16, 0xc7, 0xac, 0x6e, 0xa3, 0xec, - 0x47, 0x9e, 0xfb, 0x42, 0xe7, 0x23, 0x28, 0x24, 0x7f, 0x5b, 0xe8, 0xd4, - 0x15, 0x5d, 0xfc, 0xa5, 0xb8, 0x0f, 0x04, 0x14, 0xd7, 0xfd, 0x89, 0x80, - 0xcf, 0x77, 0x3b, 0xd5, 0xa0, 0x1e, 0x76, 0xcf, 0x94, 0x9c, 0xb6, 0xc2, - 0x6a, 0x56, 0x5a, 0x04, 0xe1, 0x74, 0x3f, 0x6b, 0x93, 0xe5, 0x7a, 0xf0, - 0x1e, 0x63, 0x02, 0xb4, 0x8a, 0x19, 0x56, 0x55, 0x19, 0xeb, 0x20, 0x5b, - 0x71, 0xef, 0x44, 0x83, 0x6d, 0xbb, 0x78, 0x13, 0x58, 0xb3, 0x2b, 0xe5, - 0xa7, 0x3d, 0xf3, 0x73, 0xa2, 0x53, 0xe8, 0xa4, 0xb2, 0xf2, 0xd6, 0x2d, - 0xab, 0x71, 0x94, 0x2e, 0x0d, 0x77, 0x80, 0x41, 0xab, 0xe8, 0x87, 0xc3, - 0x29, 0xb1, 0x08, 0x35, 0x38, 0xcd, 0x50, 0x1d, 0x52, 0x04, 0xed, 0xe5, - 0x99, 0xf9, 0x2f, 0xe2, 0x70, 0xae, 0x73, 0x27, 0x2d, 0xa6, 0x73, 0xf8, - 0x7f, 0x28, 0x7a, 0x8a, 0x8e, 0x67, 0x39, 0xd9, 0xa2, 0xfc, 0x27, 0x55, - 0x77, 0xc3, 0x00, 0x77, 0x0a, 0x9e, 0x12, 0xca, 0x99, 0x0a, 0xa5, 0x62, - 0x5e, 0xdc, 0x5f, 0x4d, 0x01, 0x67, 0xd2, 0xa4, 0xbd, 0x74, 0xb1, 0x83, - 0x11, 0x21, 0x27, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x07, 0xe8, - 0x30, 0x82, 0x07, 0xe4, 0x30, 0x82, 0x07, 0xc1, 0x06, 0x03, 0x55, 0x1d, - 0x11, 0x04, 0x82, 0x07, 0xb8, 0x30, 0x82, 0x07, 0xb4, 0x82, 0x0c, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x2e, 0x63, 0x6f, 0x6d, 0x82, - 0x0c, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x32, 0x2e, 0x63, 0x6f, - 0x6d, 0x82, 0x0c, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x33, 0x2e, - 0x63, 0x6f, 0x6d, 0x82, 0x0c, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, - 0x34, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0c, 0x65, 0x78, 0x61, 0x6d, 0x70, - 0x6c, 0x65, 0x35, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0c, 0x65, 0x78, 0x61, - 0x6d, 0x70, 0x6c, 0x65, 0x36, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0c, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x37, 0x2e, 0x63, 0x6f, 0x6d, 0x82, - 0x0c, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x38, 0x2e, 0x63, 0x6f, - 0x6d, 0x82, 0x0c, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x39, 0x2e, - 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, - 0x31, 0x30, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, - 0x70, 0x6c, 0x65, 0x31, 0x31, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x32, 0x2e, 0x63, 0x6f, 0x6d, - 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x33, 0x2e, - 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, - 0x31, 0x34, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, - 0x70, 0x6c, 0x65, 0x31, 0x35, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x36, 0x2e, 0x63, 0x6f, 0x6d, - 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x37, 0x2e, - 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, - 0x31, 0x38, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, - 0x70, 0x6c, 0x65, 0x31, 0x39, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x32, 0x30, 0x2e, 0x63, 0x6f, 0x6d, - 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x32, 0x31, 0x2e, - 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, - 0x32, 0x32, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, - 0x70, 0x6c, 0x65, 0x32, 0x33, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x32, 0x34, 0x2e, 0x63, 0x6f, 0x6d, - 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x32, 0x35, 0x2e, - 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, - 0x32, 0x36, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, - 0x70, 0x6c, 0x65, 0x32, 0x37, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x32, 0x38, 0x2e, 0x63, 0x6f, 0x6d, - 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x32, 0x39, 0x2e, - 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, - 0x33, 0x30, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, - 0x70, 0x6c, 0x65, 0x33, 0x31, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x33, 0x32, 0x2e, 0x63, 0x6f, 0x6d, - 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x33, 0x33, 0x2e, - 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, - 0x33, 0x34, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, - 0x70, 0x6c, 0x65, 0x33, 0x35, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x33, 0x36, 0x2e, 0x63, 0x6f, 0x6d, - 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x33, 0x37, 0x2e, - 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, - 0x33, 0x38, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, - 0x70, 0x6c, 0x65, 0x33, 0x39, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x34, 0x30, 0x2e, 0x63, 0x6f, 0x6d, - 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x34, 0x31, 0x2e, - 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, - 0x34, 0x32, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, - 0x70, 0x6c, 0x65, 0x34, 0x33, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x34, 0x34, 0x2e, 0x63, 0x6f, 0x6d, - 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x34, 0x35, 0x2e, - 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, - 0x34, 0x36, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, - 0x70, 0x6c, 0x65, 0x34, 0x37, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x34, 0x38, 0x2e, 0x63, 0x6f, 0x6d, - 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x34, 0x39, 0x2e, - 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, - 0x35, 0x30, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, - 0x70, 0x6c, 0x65, 0x35, 0x31, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x35, 0x32, 0x2e, 0x63, 0x6f, 0x6d, - 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x35, 0x33, 0x2e, - 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, - 0x35, 0x34, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, - 0x70, 0x6c, 0x65, 0x35, 0x35, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x35, 0x36, 0x2e, 0x63, 0x6f, 0x6d, - 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x35, 0x37, 0x2e, - 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, - 0x35, 0x38, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, - 0x70, 0x6c, 0x65, 0x35, 0x39, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x36, 0x30, 0x2e, 0x63, 0x6f, 0x6d, - 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x36, 0x31, 0x2e, - 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, - 0x36, 0x32, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, - 0x70, 0x6c, 0x65, 0x36, 0x33, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x36, 0x34, 0x2e, 0x63, 0x6f, 0x6d, - 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x36, 0x35, 0x2e, - 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, - 0x36, 0x36, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, - 0x70, 0x6c, 0x65, 0x36, 0x37, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x36, 0x38, 0x2e, 0x63, 0x6f, 0x6d, - 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x36, 0x39, 0x2e, - 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, - 0x37, 0x30, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, - 0x70, 0x6c, 0x65, 0x37, 0x31, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x37, 0x32, 0x2e, 0x63, 0x6f, 0x6d, - 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x37, 0x33, 0x2e, - 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, - 0x37, 0x34, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, - 0x70, 0x6c, 0x65, 0x37, 0x35, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x37, 0x36, 0x2e, 0x63, 0x6f, 0x6d, - 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x37, 0x37, 0x2e, - 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, - 0x37, 0x38, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, - 0x70, 0x6c, 0x65, 0x37, 0x39, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x38, 0x30, 0x2e, 0x63, 0x6f, 0x6d, - 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x38, 0x31, 0x2e, - 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, - 0x38, 0x32, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, - 0x70, 0x6c, 0x65, 0x38, 0x33, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x38, 0x34, 0x2e, 0x63, 0x6f, 0x6d, - 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x38, 0x35, 0x2e, - 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, - 0x38, 0x36, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, - 0x70, 0x6c, 0x65, 0x38, 0x37, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x38, 0x38, 0x2e, 0x63, 0x6f, 0x6d, - 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x38, 0x39, 0x2e, - 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, - 0x39, 0x30, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, - 0x70, 0x6c, 0x65, 0x39, 0x31, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x39, 0x32, 0x2e, 0x63, 0x6f, 0x6d, - 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x39, 0x33, 0x2e, - 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, - 0x39, 0x34, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, - 0x70, 0x6c, 0x65, 0x39, 0x35, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x39, 0x36, 0x2e, 0x63, 0x6f, 0x6d, - 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x39, 0x37, 0x2e, - 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, - 0x39, 0x38, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d, 0x65, 0x78, 0x61, 0x6d, - 0x70, 0x6c, 0x65, 0x39, 0x39, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x30, 0x30, 0x2e, 0x63, 0x6f, - 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x30, - 0x31, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, - 0x6c, 0x65, 0x31, 0x30, 0x32, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x30, 0x33, 0x2e, 0x63, 0x6f, - 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x30, - 0x34, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, - 0x6c, 0x65, 0x31, 0x30, 0x35, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x30, 0x36, 0x2e, 0x63, 0x6f, - 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x30, - 0x37, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, - 0x6c, 0x65, 0x31, 0x30, 0x38, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x30, 0x39, 0x2e, 0x63, 0x6f, - 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x31, - 0x30, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, - 0x6c, 0x65, 0x31, 0x31, 0x31, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x31, 0x32, 0x2e, 0x63, 0x6f, - 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x31, - 0x33, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, - 0x6c, 0x65, 0x31, 0x31, 0x34, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x31, 0x35, 0x2e, 0x63, 0x6f, - 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x31, - 0x36, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, - 0x6c, 0x65, 0x31, 0x31, 0x37, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x31, 0x38, 0x2e, 0x63, 0x6f, - 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x31, - 0x39, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, - 0x6c, 0x65, 0x31, 0x32, 0x30, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x32, 0x31, 0x2e, 0x63, 0x6f, - 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x32, - 0x32, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, - 0x6c, 0x65, 0x31, 0x32, 0x33, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x32, 0x34, 0x2e, 0x63, 0x6f, - 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x32, - 0x35, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, - 0x6c, 0x65, 0x31, 0x32, 0x36, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x32, 0x37, 0x2e, 0x63, 0x6f, - 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x32, - 0x38, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, 0x78, 0x61, 0x6d, 0x70, - 0x6c, 0x65, 0x31, 0x32, 0x39, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0e, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x31, 0x33, 0x30, 0x2e, 0x63, 0x6f, - 0x6d, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, - 0xae, 0xe3, 0xd3, 0x4e, 0x2c, 0x04, 0x01, 0xa7, 0xb1, 0xdc, 0x6d, 0xe4, - 0x93, 0xb0, 0x79, 0xf5, 0xdc, 0x73, 0xd8, 0x94, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x01, 0x00, 0x8f, 0xd3, 0x2b, 0x5d, 0x4b, 0x74, 0x7c, 0x4f, - 0x37, 0x73, 0x55, 0x92, 0x12, 0xf0, 0x7f, 0xb7, 0x33, 0x50, 0xae, 0x95, - 0xaa, 0x23, 0x10, 0xb4, 0xe7, 0xa3, 0xde, 0xd4, 0x51, 0x19, 0xc1, 0xcb, - 0x98, 0x72, 0xad, 0x7e, 0x3b, 0x65, 0x26, 0xe2, 0x82, 0x44, 0xf4, 0xde, - 0x1d, 0x7f, 0x24, 0xa5, 0xbb, 0x83, 0xe5, 0xc1, 0xcf, 0xce, 0x3f, 0x0a, - 0x56, 0xf5, 0x01, 0xb6, 0x04, 0x59, 0x8e, 0xd0, 0x36, 0x79, 0xdc, 0xde, - 0x4e, 0x9d, 0x63, 0x1e, 0xc0, 0xe7, 0xa5, 0xe8, 0x89, 0x80, 0x6f, 0x7a, - 0xac, 0x94, 0x92, 0x96, 0x7e, 0x14, 0xe1, 0x81, 0xaa, 0x7d, 0x61, 0xc4, - 0xe5, 0xee, 0x93, 0x09, 0x02, 0xe5, 0xf0, 0xc1, 0x57, 0x20, 0xd8, 0x81, - 0x96, 0xb8, 0xe4, 0x16, 0x21, 0x69, 0xd8, 0x9a, 0x08, 0x5b, 0xf5, 0x33, - 0xd1, 0x88, 0x69, 0x2a, 0xf1, 0xac, 0xd9, 0x86, 0xcc, 0xab, 0xc9, 0xc4, - 0xbb, 0xb8, 0x61, 0x5e, 0x72, 0xee, 0x49, 0xb5, 0x23, 0xa0, 0xc9, 0xf1, - 0x03, 0x44, 0x72, 0xc0, 0xac, 0x4c, 0xea, 0xaf, 0xea, 0x2a, 0x20, 0x1f, - 0x44, 0xff, 0x9e, 0x9d, 0x4f, 0x18, 0xff, 0x83, 0x48, 0x53, 0xc3, 0x91, - 0xff, 0xee, 0xd6, 0x56, 0xa7, 0x49, 0x65, 0xf3, 0x07, 0x26, 0x9f, 0x9c, - 0x42, 0x23, 0x12, 0xd9, 0xc0, 0x91, 0x16, 0x82, 0x60, 0x14, 0x2e, 0xbc, - 0xf0, 0xad, 0x65, 0xdf, 0xa0, 0xf2, 0x20, 0xbe, 0xe4, 0xc4, 0x00, 0xf2, - 0x31, 0xbd, 0x81, 0x80, 0xc7, 0xc3, 0xd5, 0x54, 0x75, 0x39, 0x34, 0xad, - 0x55, 0xb4, 0x0c, 0xd2, 0xb7, 0x8b, 0xe3, 0x7e, 0x5b, 0x1d, 0xb3, 0x0c, - 0x3c, 0xdb, 0x36, 0x8b, 0x2d, 0xe1, 0xd3, 0x0a, 0x55, 0xc0, 0x60, 0x50, - 0xc8, 0xd4, 0x1f, 0x46, 0x6a, 0x90, 0xee, 0x0f, 0x57, 0x83, 0x96, 0x2d, - 0xff, 0x9f, 0xea, 0x78, 0x6f, 0x11, 0x9d, 0xe6 - }; - WOLFSSL_X509* x509 = NULL; - int certSize = (int)(sizeof(too_many_altnames_cert) / sizeof(unsigned char)); + WOLFSSL_CTX* ctx = NULL; + /* File contains a certificate encoded with 130 subject alternative names */ + const char* over_max_altnames_cert = \ + "./certs/test/cert-over-max-altnames.pem"; - ExpectNull(x509 = wolfSSL_X509_load_certificate_buffer( - too_many_altnames_cert, certSize, WOLFSSL_FILETYPE_ASN1)); +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif + + ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, + over_max_altnames_cert, NULL, WOLFSSL_LOAD_FLAG_NONE), + WOLFSSL_SUCCESS); #endif #endif return EXPECT_RESULT(); @@ -41533,14 +41291,14 @@ static int test_wolfSSL_X509_max_altnames(void) static int test_wolfSSL_X509_max_name_constraints(void) { EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ - !(defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)) +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) /* Only test if max name constraints has not been modified */ #if WOLFSSL_MAX_NAME_CONSTRAINTS == 128 + WOLFSSL_CTX* ctx = NULL; /* File contains a certificate with 130 name constraints */ - const char* malformed_ca_cert = "./certs/test/cert-too-many-name-constraints.pem"; + const char* over_max_nc = "./certs/test/cert-over-max-nc.pem"; #ifndef NO_WOLFSSL_SERVER ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); @@ -41548,8 +41306,8 @@ static int test_wolfSSL_X509_max_name_constraints(void) ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #endif - ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, malformed_ca_cert, NULL, - WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, over_max_nc, + NULL, WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); #endif #endif From 473de5796cb76275bb72910f954300c87178b03d Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Wed, 29 May 2024 20:52:09 -0700 Subject: [PATCH 6/9] Free ctx before return --- tests/api.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/api.c b/tests/api.c index 8ad0ad8440..c2384796de 100644 --- a/tests/api.c +++ b/tests/api.c @@ -41283,6 +41283,7 @@ static int test_wolfSSL_X509_max_altnames(void) ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, over_max_altnames_cert, NULL, WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); + wolfSSL_CTX_free(ctx); #endif #endif return EXPECT_RESULT(); @@ -41308,6 +41309,7 @@ static int test_wolfSSL_X509_max_name_constraints(void) ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, over_max_nc, NULL, WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); + wolfSSL_CTX_free(ctx); #endif #endif From a17677c9466c38941dffdeb39e1527ff32dda523 Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Wed, 29 May 2024 21:29:55 -0700 Subject: [PATCH 7/9] Remove trailing whitespace --- wolfcrypt/src/asn.c | 8 ++++---- wolfssl/wolfcrypt/asn.h | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 174f62e04f..743b4d4bac 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -20094,8 +20094,8 @@ static int DecodeSubtreeGeneralName(const byte* input, word32 sz, byte tag, * @param [in] input Buffer holding data. * @param [in] sz Size of data in buffer. * @param [in, out] head Linked list of subtree names. - * @param [in] limit If > 0, limit on number of tree - * entries to process, exceeding + * @param [in] limit If > 0, limit on number of tree + * entries to process, exceeding * is an error. * @param [in] heap Dynamic memory hint. * @return 0 on success. @@ -20324,7 +20324,7 @@ static int DecodeNameConstraints(const byte* input, word32 sz, ret = DecodeSubtree( dataASN[NAMECONSTRAINTSASN_IDX_PERMIT].data.ref.data, dataASN[NAMECONSTRAINTSASN_IDX_PERMIT].data.ref.length, - &cert->permittedNames, WOLFSSL_MAX_NAME_CONSTRAINTS, + &cert->permittedNames, WOLFSSL_MAX_NAME_CONSTRAINTS, cert->heap); } } @@ -20334,7 +20334,7 @@ static int DecodeNameConstraints(const byte* input, word32 sz, ret = DecodeSubtree( dataASN[NAMECONSTRAINTSASN_IDX_EXCLUDE].data.ref.data, dataASN[NAMECONSTRAINTSASN_IDX_EXCLUDE].data.ref.length, - &cert->excludedNames, WOLFSSL_MAX_NAME_CONSTRAINTS, + &cert->excludedNames, WOLFSSL_MAX_NAME_CONSTRAINTS, cert->heap); } } diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 192d403d37..6a32bf8cd9 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -781,7 +781,7 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[]; #endif /* Maximum number of allowed subject alternative names in a certificate. - * Any certificate containing more than this number of subject + * Any certificate containing more than this number of subject * alternative names will cause an error when attempting to parse. */ #ifndef WOLFSSL_MAX_ALT_NAMES #define WOLFSSL_MAX_ALT_NAMES 128 From f13a82610ceceb21bad78a9d3498f55f1e9d7f87 Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Wed, 29 May 2024 22:41:36 -0700 Subject: [PATCH 8/9] Add flag guard for IGNORE_NAME_CONSTRAINTS --- tests/api.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/api.c b/tests/api.c index c2384796de..e228f5fe08 100644 --- a/tests/api.c +++ b/tests/api.c @@ -41292,7 +41292,8 @@ static int test_wolfSSL_X509_max_altnames(void) static int test_wolfSSL_X509_max_name_constraints(void) { EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + !defined(IGNORE_NAME_CONSTRAINTS) /* Only test if max name constraints has not been modified */ #if WOLFSSL_MAX_NAME_CONSTRAINTS == 128 From 1310c97a22adce0a689a0fc51bbaee6a169c1a23 Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Thu, 30 May 2024 12:45:46 -0700 Subject: [PATCH 9/9] Add new certs to include.am --- certs/test/include.am | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/certs/test/include.am b/certs/test/include.am index ed03557abe..59569c92c0 100644 --- a/certs/test/include.am +++ b/certs/test/include.am @@ -32,7 +32,11 @@ EXTRA_DIST += \ certs/test/cert-ext-multiple.pem \ certs/test/cert-bad-neg-int.der \ certs/test/cert-bad-oid.der \ - certs/test/cert-bad-utf8.der + certs/test/cert-bad-utf8.der \ + certs/test/cert-over-max-altnames.cfg \ + certs/test/cert-over-max-altnames.pem \ + certs/test/cert-over-max-nc.cfg \ + certs/test/cert-over-max-nc.pem # The certs/server-cert with the last byte (signature byte) changed EXTRA_DIST += \