1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-14 13:35:03 -05:00
curl/tests/certs/Server-localhost-lastSAN-sv.key

28 lines
1.6 KiB
Plaintext
Raw Normal View History

schannel: add support for CURLOPT_CAINFO - Move verify_certificate functionality in schannel.c into a new file called schannel_verify.c. Additionally, some structure defintions from schannel.c have been moved to schannel.h to allow them to be used in schannel_verify.c. - Make verify_certificate functionality for Schannel available on all versions of Windows instead of just Windows CE. verify_certificate will be invoked on Windows CE or when the user specifies CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER. - In verify_certificate, create a custom certificate chain engine that exclusively trusts the certificate store backed by the CURLOPT_CAINFO file. - doc updates of --cacert/CAINFO support for schannel - Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString when available. This implements a TODO in schannel.c to improve handling of multiple SANs in a certificate. In particular, all SANs will now be searched instead of just the first name. - Update tool_operate.c to not search for the curl-ca-bundle.crt file when using Schannel to maintain backward compatibility. Previously, any curl-ca-bundle.crt file found in that search would have been ignored by Schannel. But, with CAINFO support, the file found by that search would have been used as the certificate store and could cause issues for any users that have curl-ca-bundle.crt in the search path. - Update url.c to not set the build time CURL_CA_BUNDLE if the selected SSL backend is Schannel. We allow setting CA location for schannel only when explicitly specified by the user via CURLOPT_CAINFO / --cacert. - Add new test cases 3000 and 3001. These test cases check that the first and last SAN, respectively, matches the connection hostname. New test certificates have been added for these cases. For 3000, the certificate prefix is Server-localhost-firstSAN and for 3001, the certificate prefix is Server-localhost-secondSAN. - Remove TODO 15.2 (Add support for custom server certificate validation), this commit addresses it. Closes https://github.com/curl/curl/pull/1325
2017-03-10 15:27:30 -05:00
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEA3xYVXyqkUM86qHluIo2VFrdNfdIfT20ten3cik9Te1/J3lyI
bKJ0JjUceGjBYCWne7Yamqoz0J9e8i4hBIwNmij1YUA8NBqbinCBbYOefNBM2Xnc
N9kkbnPHYTFx6fWXt2WtPfavIG9WubVCtT2WYTHrDUzp9THTJa9As7uBBH8aziEY
g1ItUTGugvnLENPVBq/4ceijxp97SNriKK8c/0FtMoFFWddk5LHXyYZqC2VxZtZC
qGf9g0kgdRYeuxuFXH7ij18cgdOKldaSXJ5/ohAI4d+uaWg/jd15T9o/ebUCl1cw
Z009djW1T9FdNd3UtWtXsuAjNa0av2935rxY7QIDAQABAoIBAFz/H7mkVQs62AET
Xc4Zp2To1Oz2gwbhRGwju6QMnYh4zfZcLKLctf6XdV7cjIBAMiloKH8BJMh7J2Fd
yXXTzHfPSztXQ8GUtfJoJAw7Kf5t9xtRqXO+mWlR6nOh4RLexng1cpq6Exc6UrTn
0v8qxV2PKaVJwt3r/1FeVWKXb5kne/Ob4LS7c0xnVqc7TGPtxLdS5mU5jrt0ZdZl
tcHulLX24rmxKcNvge6r2EiYuet3vUi1uuLBQbWUJIFRwetDufG/2e2ihOuvCj5s
aYNlRAo0JUwWl7geicRUdxkCpV/Qld7aYldKIcsSzgl6GLpgNpHjUFBbJBGSng0S
vA4CMQECgYEA9tseJG2IuudqDHnpuUxtnlfDJTfYjtBQnYG1ojbd9FUiuihv/B2K
pJ5uuowpKSnXOwaHtzyQ6XJA7JChRcDmJ4rf6R/1B61+1XVasyi2WffTJHbKzUk+
hBAUoGtJIvrChMOnAlQzifP8+b7ec/ghKy87dNlQzQlSunyEW6lAW/UCgYEA51mQ
JOFsasSvioKilsJuFCcFInZCRTEMz7vK9HW2Qnv71b3xeB6aNoJA8zf1Gw9q5clN
Yu+8pkGNsWeone8izTzzpgZGJmM/vLjSdIgaJytStha2FwlQxUjggOjSy1zIdW+v
ROw6OaT2J5+Qw2ruWqSaw2fiDgOpBCJgfg95JhkCgYAy5SppyEuQfXXX7KrLkX5o
Tx/k5Ia5qylzz/Jq53ULkyH9z6iHCnAzUJbzz0INQpsliEsi9FHMT8oi/A7EGulY
7cEMh5I1awfjarawiYxPMFFQC0301U0WXVpjWLtTgu/n/47HZCTcJHnb5AZpUpdE
GBDiHowSOgHcgR+o5lRmoQKBgFaPi0BRW+hi6S9RC5aO7vL5WpF3X/pVjO6Y3Co1
dNlRXHuv0w5XnOmyOK0IDdxvG1cYx6yx+IrYUjTDjTJyjDnwiVVgWZT5Y5qwKIZT
ej2Xlx3sR3s9EAyQ5Pc2pdBTSemuvQxzuqFg2H0g1eBYPRCLMCDW2JzXv8B9QE9K
aNDZAoGAKbVakgVlwrGffJb5c6ZFF9W/WoJYXJRA2/tMqvOcaZwSNq0ySHI/uUyM
3aexymibv5cGsFhtcr8vqxlX0PZ+PF2SRe/L58PmByEXGmyv6UZ/fhOCh8ttmPzt
GIh5PiKOd7RR7ydFY22M2+uW99wMf5jSH6uX1DRATFLxJygbnHA=
schannel: add support for CURLOPT_CAINFO - Move verify_certificate functionality in schannel.c into a new file called schannel_verify.c. Additionally, some structure defintions from schannel.c have been moved to schannel.h to allow them to be used in schannel_verify.c. - Make verify_certificate functionality for Schannel available on all versions of Windows instead of just Windows CE. verify_certificate will be invoked on Windows CE or when the user specifies CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER. - In verify_certificate, create a custom certificate chain engine that exclusively trusts the certificate store backed by the CURLOPT_CAINFO file. - doc updates of --cacert/CAINFO support for schannel - Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString when available. This implements a TODO in schannel.c to improve handling of multiple SANs in a certificate. In particular, all SANs will now be searched instead of just the first name. - Update tool_operate.c to not search for the curl-ca-bundle.crt file when using Schannel to maintain backward compatibility. Previously, any curl-ca-bundle.crt file found in that search would have been ignored by Schannel. But, with CAINFO support, the file found by that search would have been used as the certificate store and could cause issues for any users that have curl-ca-bundle.crt in the search path. - Update url.c to not set the build time CURL_CA_BUNDLE if the selected SSL backend is Schannel. We allow setting CA location for schannel only when explicitly specified by the user via CURLOPT_CAINFO / --cacert. - Add new test cases 3000 and 3001. These test cases check that the first and last SAN, respectively, matches the connection hostname. New test certificates have been added for these cases. For 3000, the certificate prefix is Server-localhost-firstSAN and for 3001, the certificate prefix is Server-localhost-secondSAN. - Remove TODO 15.2 (Add support for custom server certificate validation), this commit addresses it. Closes https://github.com/curl/curl/pull/1325
2017-03-10 15:27:30 -05:00
-----END RSA PRIVATE KEY-----