!239 版本升级
From: @hzero1996 Reviewed-by: @zcfsite Signed-off-by: @zcfsite
This commit is contained in:
openeuler-ci-bot
Gitee
commit
f876017322
@ -1,221 +0,0 @@
|
|||||||
From 959c59c7a0164117e7f8366466a32bb1f8d77ff1 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Pauli <pauli@openssl.org>
|
|
||||||
Date: Wed, 8 Mar 2023 15:28:20 +1100
|
|
||||||
Subject: [PATCH] x509: excessive resource use verifying policy constraints
|
|
||||||
|
|
||||||
A security vulnerability has been identified in all supported versions
|
|
||||||
of OpenSSL related to the verification of X.509 certificate chains
|
|
||||||
that include policy constraints. Attackers may be able to exploit this
|
|
||||||
vulnerability by creating a malicious certificate chain that triggers
|
|
||||||
exponential use of computational resources, leading to a denial-of-service
|
|
||||||
(DoS) attack on affected systems.
|
|
||||||
|
|
||||||
Fixes CVE-2023-0464
|
|
||||||
|
|
||||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
|
||||||
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
|
||||||
(Merged from https://github.com/openssl/openssl/pull/20568)
|
|
||||||
---
|
|
||||||
crypto/x509/pcy_local.h | 8 +++++++-
|
|
||||||
crypto/x509/pcy_node.c | 12 +++++++++---
|
|
||||||
crypto/x509/pcy_tree.c | 36 ++++++++++++++++++++++++++----------
|
|
||||||
3 files changed, 42 insertions(+), 14 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/crypto/x509/pcy_local.h b/crypto/x509/pcy_local.h
|
|
||||||
index 18b53cc09e..cba107ca03 100644
|
|
||||||
--- a/crypto/x509/pcy_local.h
|
|
||||||
+++ b/crypto/x509/pcy_local.h
|
|
||||||
@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st {
|
|
||||||
};
|
|
||||||
|
|
||||||
struct X509_POLICY_TREE_st {
|
|
||||||
+ /* The number of nodes in the tree */
|
|
||||||
+ size_t node_count;
|
|
||||||
+ /* The maximum number of nodes in the tree */
|
|
||||||
+ size_t node_maximum;
|
|
||||||
+
|
|
||||||
/* This is the tree 'level' data */
|
|
||||||
X509_POLICY_LEVEL *levels;
|
|
||||||
int nlevel;
|
|
||||||
@@ -157,7 +162,8 @@ X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
|
|
||||||
X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
|
|
||||||
X509_POLICY_DATA *data,
|
|
||||||
X509_POLICY_NODE *parent,
|
|
||||||
- X509_POLICY_TREE *tree);
|
|
||||||
+ X509_POLICY_TREE *tree,
|
|
||||||
+ int extra_data);
|
|
||||||
void ossl_policy_node_free(X509_POLICY_NODE *node);
|
|
||||||
int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl,
|
|
||||||
const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
|
|
||||||
diff --git a/crypto/x509/pcy_node.c b/crypto/x509/pcy_node.c
|
|
||||||
index 9d9a7ea179..450f95a655 100644
|
|
||||||
--- a/crypto/x509/pcy_node.c
|
|
||||||
+++ b/crypto/x509/pcy_node.c
|
|
||||||
@@ -59,10 +59,15 @@ X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level,
|
|
||||||
X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
|
|
||||||
X509_POLICY_DATA *data,
|
|
||||||
X509_POLICY_NODE *parent,
|
|
||||||
- X509_POLICY_TREE *tree)
|
|
||||||
+ X509_POLICY_TREE *tree,
|
|
||||||
+ int extra_data)
|
|
||||||
{
|
|
||||||
X509_POLICY_NODE *node;
|
|
||||||
|
|
||||||
+ /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */
|
|
||||||
+ if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum)
|
|
||||||
+ return NULL;
|
|
||||||
+
|
|
||||||
node = OPENSSL_zalloc(sizeof(*node));
|
|
||||||
if (node == NULL) {
|
|
||||||
ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
|
|
||||||
@@ -70,7 +75,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
|
|
||||||
}
|
|
||||||
node->data = data;
|
|
||||||
node->parent = parent;
|
|
||||||
- if (level) {
|
|
||||||
+ if (level != NULL) {
|
|
||||||
if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
|
|
||||||
if (level->anyPolicy)
|
|
||||||
goto node_error;
|
|
||||||
@@ -90,7 +95,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (tree) {
|
|
||||||
+ if (extra_data) {
|
|
||||||
if (tree->extra_data == NULL)
|
|
||||||
tree->extra_data = sk_X509_POLICY_DATA_new_null();
|
|
||||||
if (tree->extra_data == NULL){
|
|
||||||
@@ -103,6 +108,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+ tree->node_count++;
|
|
||||||
if (parent)
|
|
||||||
parent->nchild++;
|
|
||||||
|
|
||||||
diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c
|
|
||||||
index fa45da5117..f953a05a41 100644
|
|
||||||
--- a/crypto/x509/pcy_tree.c
|
|
||||||
+++ b/crypto/x509/pcy_tree.c
|
|
||||||
@@ -14,6 +14,17 @@
|
|
||||||
|
|
||||||
#include "pcy_local.h"
|
|
||||||
|
|
||||||
+/*
|
|
||||||
+ * If the maximum number of nodes in the policy tree isn't defined, set it to
|
|
||||||
+ * a generous default of 1000 nodes.
|
|
||||||
+ *
|
|
||||||
+ * Defining this to be zero means unlimited policy tree growth which opens the
|
|
||||||
+ * door on CVE-2023-0464.
|
|
||||||
+ */
|
|
||||||
+#ifndef OPENSSL_POLICY_TREE_NODES_MAX
|
|
||||||
+# define OPENSSL_POLICY_TREE_NODES_MAX 1000
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
static void expected_print(BIO *channel,
|
|
||||||
X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node,
|
|
||||||
int indent)
|
|
||||||
@@ -163,6 +174,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
|
|
||||||
return X509_PCY_TREE_INTERNAL;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ /* Limit the growth of the tree to mitigate CVE-2023-0464 */
|
|
||||||
+ tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX;
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
|
|
||||||
*
|
|
||||||
@@ -180,7 +194,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
|
|
||||||
if ((data = ossl_policy_data_new(NULL,
|
|
||||||
OBJ_nid2obj(NID_any_policy), 0)) == NULL)
|
|
||||||
goto bad_tree;
|
|
||||||
- if (ossl_policy_level_add_node(level, data, NULL, tree) == NULL) {
|
|
||||||
+ if (ossl_policy_level_add_node(level, data, NULL, tree, 1) == NULL) {
|
|
||||||
ossl_policy_data_free(data);
|
|
||||||
goto bad_tree;
|
|
||||||
}
|
|
||||||
@@ -239,7 +253,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
|
|
||||||
* Return value: 1 on success, 0 otherwise
|
|
||||||
*/
|
|
||||||
static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
|
|
||||||
- X509_POLICY_DATA *data)
|
|
||||||
+ X509_POLICY_DATA *data,
|
|
||||||
+ X509_POLICY_TREE *tree)
|
|
||||||
{
|
|
||||||
X509_POLICY_LEVEL *last = curr - 1;
|
|
||||||
int i, matched = 0;
|
|
||||||
@@ -249,13 +264,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
|
|
||||||
X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);
|
|
||||||
|
|
||||||
if (ossl_policy_node_match(last, node, data->valid_policy)) {
|
|
||||||
- if (ossl_policy_level_add_node(curr, data, node, NULL) == NULL)
|
|
||||||
+ if (ossl_policy_level_add_node(curr, data, node, tree, 0) == NULL)
|
|
||||||
return 0;
|
|
||||||
matched = 1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (!matched && last->anyPolicy) {
|
|
||||||
- if (ossl_policy_level_add_node(curr, data, last->anyPolicy, NULL) == NULL)
|
|
||||||
+ if (ossl_policy_level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL)
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
return 1;
|
|
||||||
@@ -268,7 +283,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
|
|
||||||
* Return value: 1 on success, 0 otherwise.
|
|
||||||
*/
|
|
||||||
static int tree_link_nodes(X509_POLICY_LEVEL *curr,
|
|
||||||
- const X509_POLICY_CACHE *cache)
|
|
||||||
+ const X509_POLICY_CACHE *cache,
|
|
||||||
+ X509_POLICY_TREE *tree)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
|
|
||||||
@@ -276,7 +292,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
|
|
||||||
X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i);
|
|
||||||
|
|
||||||
/* Look for matching nodes in previous level */
|
|
||||||
- if (!tree_link_matching_nodes(curr, data))
|
|
||||||
+ if (!tree_link_matching_nodes(curr, data, tree))
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
return 1;
|
|
||||||
@@ -307,7 +323,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr,
|
|
||||||
/* Curr may not have anyPolicy */
|
|
||||||
data->qualifier_set = cache->anyPolicy->qualifier_set;
|
|
||||||
data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
|
|
||||||
- if (ossl_policy_level_add_node(curr, data, node, tree) == NULL) {
|
|
||||||
+ if (ossl_policy_level_add_node(curr, data, node, tree, 1) == NULL) {
|
|
||||||
ossl_policy_data_free(data);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
@@ -370,7 +386,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
|
|
||||||
/* Finally add link to anyPolicy */
|
|
||||||
if (last->anyPolicy &&
|
|
||||||
ossl_policy_level_add_node(curr, cache->anyPolicy,
|
|
||||||
- last->anyPolicy, NULL) == NULL)
|
|
||||||
+ last->anyPolicy, tree, 0) == NULL)
|
|
||||||
return 0;
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
@@ -553,7 +569,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree,
|
|
||||||
extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
|
|
||||||
| POLICY_DATA_FLAG_EXTRA_NODE;
|
|
||||||
node = ossl_policy_level_add_node(NULL, extra, anyPolicy->parent,
|
|
||||||
- tree);
|
|
||||||
+ tree, 1);
|
|
||||||
}
|
|
||||||
if (!tree->user_policies) {
|
|
||||||
tree->user_policies = sk_X509_POLICY_NODE_new_null();
|
|
||||||
@@ -580,7 +596,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree)
|
|
||||||
|
|
||||||
for (i = 1; i < tree->nlevel; i++, curr++) {
|
|
||||||
cache = ossl_policy_cache_set(curr->cert);
|
|
||||||
- if (!tree_link_nodes(curr, cache))
|
|
||||||
+ if (!tree_link_nodes(curr, cache, tree))
|
|
||||||
return X509_PCY_TREE_INTERNAL;
|
|
||||||
|
|
||||||
if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
|
|
||||||
--
|
|
||||||
2.27.0
|
|
||||||
|
|
||||||
@ -1,626 +0,0 @@
|
|||||||
From 2a35fdcd965d8afcf4c139447aef8d5985eb9048 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Pauli <pauli@openssl.org>
|
|
||||||
Date: Wed, 8 Mar 2023 14:39:25 +1100
|
|
||||||
Subject: [PATCH] test: add test cases for the policy resource overuse
|
|
||||||
|
|
||||||
These trees have pathological properties with respect to building. The small
|
|
||||||
tree stays within the imposed limit, the large tree doesn't.
|
|
||||||
|
|
||||||
The large tree would consume over 150Gb of RAM to process.
|
|
||||||
|
|
||||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
|
||||||
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
|
||||||
(Merged from https://github.com/openssl/openssl/pull/20568)
|
|
||||||
---
|
|
||||||
test/recipes/80-test_policy_tree.t | 41 ++
|
|
||||||
.../80-test_policy_tree_data/large_leaf.pem | 11 +
|
|
||||||
.../large_policy_tree.pem | 434 ++++++++++++++++++
|
|
||||||
.../80-test_policy_tree_data/small_leaf.pem | 11 +
|
|
||||||
.../small_policy_tree.pem | 70 +++
|
|
||||||
5 files changed, 567 insertions(+)
|
|
||||||
create mode 100644 test/recipes/80-test_policy_tree.t
|
|
||||||
create mode 100644 test/recipes/80-test_policy_tree_data/large_leaf.pem
|
|
||||||
create mode 100644 test/recipes/80-test_policy_tree_data/large_policy_tree.pem
|
|
||||||
create mode 100644 test/recipes/80-test_policy_tree_data/small_leaf.pem
|
|
||||||
create mode 100644 test/recipes/80-test_policy_tree_data/small_policy_tree.pem
|
|
||||||
|
|
||||||
diff --git a/test/recipes/80-test_policy_tree.t b/test/recipes/80-test_policy_tree.t
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000000..606ad05e9c
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/test/recipes/80-test_policy_tree.t
|
|
||||||
@@ -0,0 +1,41 @@
|
|
||||||
+#! /usr/bin/env perl
|
|
||||||
+# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
|
|
||||||
+#
|
|
||||||
+# Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
||||||
+# this file except in compliance with the License. You can obtain a copy
|
|
||||||
+# in the file LICENSE in the source distribution or at
|
|
||||||
+# https://www.openssl.org/source/license.html
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+use strict;
|
|
||||||
+use warnings;
|
|
||||||
+
|
|
||||||
+use POSIX;
|
|
||||||
+use OpenSSL::Test qw/:DEFAULT srctop_file with data_file/;
|
|
||||||
+
|
|
||||||
+use OpenSSL::Test::Utils;
|
|
||||||
+use OpenSSL::Glob;
|
|
||||||
+
|
|
||||||
+setup("test_policy_tree");
|
|
||||||
+
|
|
||||||
+plan tests => 2;
|
|
||||||
+
|
|
||||||
+# The small pathological tree is expected to work
|
|
||||||
+my $small_chain = srctop_file("test", "recipes", "80-test_policy_tree_data",
|
|
||||||
+ "small_policy_tree.pem");
|
|
||||||
+my $small_leaf = srctop_file("test", "recipes", "80-test_policy_tree_data",
|
|
||||||
+ "small_leaf.pem");
|
|
||||||
+
|
|
||||||
+ok(run(app(["openssl", "verify", "-CAfile", $small_chain,
|
|
||||||
+ "-policy_check", $small_leaf])),
|
|
||||||
+ "test small policy tree");
|
|
||||||
+
|
|
||||||
+# The large pathological tree is expected to fail
|
|
||||||
+my $large_chain = srctop_file("test", "recipes", "80-test_policy_tree_data",
|
|
||||||
+ "large_policy_tree.pem");
|
|
||||||
+my $large_leaf = srctop_file("test", "recipes", "80-test_policy_tree_data",
|
|
||||||
+ "large_leaf.pem");
|
|
||||||
+
|
|
||||||
+ok(!run(app(["openssl", "verify", "-CAfile", $large_chain,
|
|
||||||
+ "-policy_check", $large_leaf])),
|
|
||||||
+ "test large policy tree");
|
|
||||||
diff --git a/test/recipes/80-test_policy_tree_data/large_leaf.pem b/test/recipes/80-test_policy_tree_data/large_leaf.pem
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000000..39ed6a7fa6
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/test/recipes/80-test_policy_tree_data/large_leaf.pem
|
|
||||||
@@ -0,0 +1,11 @@
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIIBmTCCAT+gAwIBAgIBADAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
|
|
||||||
+Q0EgMTAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowGjEYMBYGA1UE
|
|
||||||
+AxMPd3d3LmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEp6Qe
|
|
||||||
+jrN6A0ZjqaFbX/zO01aVYXH5kthBDTEO/fU4H0CdwqrfyMsFrObwssrTJcsmSFKP
|
|
||||||
+x1FYr8wT2wCACs19lqN4MHYwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
|
|
||||||
+AQUFBwMBMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPd3d3LmV4YW1wbGUuY29t
|
|
||||||
+MCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMAoGCCqGSM49
|
|
||||||
+BAMCA0gAMEUCIDGT8SVBkWJEZ2EzXm8M895NrNRmfc8uoheP0KKv+ndHAiEA2Onr
|
|
||||||
+20J+zTaR7vONY/1DleMm7fGY3UxTobSHSvOKbfY=
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
diff --git a/test/recipes/80-test_policy_tree_data/large_policy_tree.pem b/test/recipes/80-test_policy_tree_data/large_policy_tree.pem
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000000..5cd31c355b
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/test/recipes/80-test_policy_tree_data/large_policy_tree.pem
|
|
||||||
@@ -0,0 +1,434 @@
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEDCCAbagAwIBAgIBATAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
|
|
||||||
+Q0EgMjAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
|
|
||||||
+AxMLUG9saWN5IENBIDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATgyLz1C0dD
|
|
||||||
+ib5J/QmoE4d+Nf5yvvlzjVZHWIu7iCMEqK67cnA1RtMp1d0xdiNQS6si3ExNPBF+
|
|
||||||
+ELdkP0E6x26Jo4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
|
|
||||||
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSs+ml5upH1h25oUB0Ep4vd
|
|
||||||
+SUdZ/DAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
|
|
||||||
+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
|
|
||||||
+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
|
|
||||||
+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIhAOME8j1/cMogNnuNCb0O
|
|
||||||
+RIOE9pLP4je78KJiP8CZm0iOAiALr8NI67orD/VpfRptkjCmOd7rTWMVOOJfBr6N
|
|
||||||
+VJFLjw==
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICDzCCAbagAwIBAgIBAjAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
|
|
||||||
+Q0EgMzAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
|
|
||||||
+AxMLUG9saWN5IENBIDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASIdzU/FF3Y
|
|
||||||
+rTsTX04fRIN2yrZwxvOAfZ6DuEgKRxEimJx1nCyETuMmfDowm52mx/Cyk08xorp8
|
|
||||||
+PhGEbacMd9kio4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
|
|
||||||
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSwok/8RfJbVGTzyF5jhWLc
|
|
||||||
+hO7pcDAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
|
|
||||||
+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
|
|
||||||
+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
|
|
||||||
+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDRwAwRAIgYVF7bXxUuOzAZF6SmeIJ
|
|
||||||
+s+iL15bLSQ2rW7QDc6QYp9MCIAup6YokIcr8JaGttHmLaKbASQLxYDGHhfFIVZuI
|
|
||||||
+BDvT
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEDCCAbagAwIBAgIBAzAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
|
|
||||||
+Q0EgNDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
|
|
||||||
+AxMLUG9saWN5IENBIDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ38Llxxj32
|
|
||||||
+H3NN4Z1V8IuRKXLNhdU4z+NbT1rahusEyAHF+z9VTjim+HHfqFKV1QyNOJZ4rMA9
|
|
||||||
+J/gODWsNCT4po4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
|
|
||||||
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS11YgFNKTx3a6kssIijnA9
|
|
||||||
+DiOhoTAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
|
|
||||||
+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
|
|
||||||
+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
|
|
||||||
+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIhAJXNZHMpvlnMfxhcG6EF
|
|
||||||
+Vw1pEXJ+iZnWT+Yu02a2zhamAiAiOKNhALBw/iKhQrwLo0cdx6UEfUKbaqTSGiax
|
|
||||||
+tHUylA==
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEDCCAbagAwIBAgIBBDAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
|
|
||||||
+Q0EgNTAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
|
|
||||||
+AxMLUG9saWN5IENBIDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATo81HWQ/we
|
|
||||||
+egmoO/LMntQK1VQ9YzU627nblv/XWoOjEd/tBeE8+Un4jUnhZqNrP2TAzy48jEaT
|
|
||||||
+1DShCQNQGek7o4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
|
|
||||||
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS6/F38QgbZSHib0W1XtMfs
|
|
||||||
+4O5DTDAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
|
|
||||||
+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
|
|
||||||
+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
|
|
||||||
+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIgXMYCQWi5/6iQw+zqyEav
|
|
||||||
+CE7kOfTpm9GN4bZX5Eau5AACIQD0rDZwsjWf6hI2Hn8IlpwYVVC9bpxrAM/JmYuu
|
|
||||||
+79V/uw==
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEDCCAbagAwIBAgIBBTAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
|
|
||||||
+Q0EgNjAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
|
|
||||||
+AxMLUG9saWN5IENBIDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARsPMjOkmzJ
|
|
||||||
+2jwT30mKUvAFYVgOlgcoXxYr61p54mbQMmmH49ABmJQMu5rjwjwYlYA3UzbEN9ki
|
|
||||||
+hMsJz/4JIrJGo4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
|
|
||||||
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQeflZRWUze+7jne9MkYYy5
|
|
||||||
+iWFgJDAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
|
|
||||||
+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
|
|
||||||
+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
|
|
||||||
+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIhAIN6BjMnPlixl3i6Z1Xa
|
|
||||||
+pZQt52MOCHPm0XzXDn2XlC9+AiAn146u8rbppdEGMFr21vfFZaktwEb0cZkC9fBp
|
|
||||||
+S1uKwQ==
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEDCCAbagAwIBAgIBBjAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
|
|
||||||
+Q0EgNzAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
|
|
||||||
+AxMLUG9saWN5IENBIDYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASVmpozZzxX
|
|
||||||
+f6rFinkqS0y8sfbOwcM0gNuR0x83mmZH5+a8W4ug5W80QiBaS3rHtwTsFHpCeQKq
|
|
||||||
+eJvfb/esgJu8o4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
|
|
||||||
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQPuF2sXR0vOHJynh57qefK
|
|
||||||
++h7RGDAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
|
|
||||||
+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
|
|
||||||
+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
|
|
||||||
+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIgDX0jHPq1alZoMbPDmbZp
|
|
||||||
+QYuM9UQagQ5KJgVU1B0Mh2ECIQCtdyfT2h5jZvz3lLKkQ9a6LddIuqsyNKDAxbpb
|
|
||||||
+PlBOOA==
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEDCCAbagAwIBAgIBBzAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
|
|
||||||
+Q0EgODAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
|
|
||||||
+AxMLUG9saWN5IENBIDcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASb+9fN9RLe
|
|
||||||
+SHGynsKXhLWGhIS/kZ6Yl97+h23xpjLaZUOzhn5VafXdmLrQ4BmqSMHqIKzcc8IB
|
|
||||||
+STV3NwO4NxPBo4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
|
|
||||||
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTBF9x+MrsyqoCaTQ2kB7Bn
|
|
||||||
+tpK2qDAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
|
|
||||||
+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
|
|
||||||
+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
|
|
||||||
+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIhAI37Di/5MrSj2clr+2pX
|
|
||||||
+iXzeDIvlaxzVetyH3ibUZZBSAiA41aPIssHi9evv2mZonEvXY8g+DKbh/3L2mSub
|
|
||||||
+/AyLoA==
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICETCCAbagAwIBAgIBCDAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
|
|
||||||
+Q0EgOTAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
|
|
||||||
+AxMLUG9saWN5IENBIDgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASrRS12/zEP
|
|
||||||
+RUNye9SLadN4xK+xfTwyXfxeC+jam+J98lOMcHz6abnLpk5tJ7wab4Pkygsbj1V2
|
|
||||||
+STxeW+YH23dto4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
|
|
||||||
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQYpYFLhosbir7KoyYdehsQ
|
|
||||||
+6DdLfzAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
|
|
||||||
+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
|
|
||||||
+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
|
|
||||||
+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSQAwRgIhAPTCN+zWFG2cFzJ+nlfg
|
|
||||||
+JMY4U2e3vqTQmFeBXYlBASb9AiEA0KvsyNwloF1YeeaYcP5iHoRGRo8UMD3QWKEE
|
|
||||||
+vWI14Uk=
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEDCCAbegAwIBAgIBCTAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
|
|
||||||
+Q0EgMTAwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBYxFDASBgNV
|
|
||||||
+BAMTC1BvbGljeSBDQSA5MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoR4udEgt
|
|
||||||
+usb9f946+Xznm7Q3OaW4DTZjO7wqX1I+27zDp0JrUbCZwtm0Cw+pYkG5kPpNcFTK
|
|
||||||
+7yG3YgqM1sT+6aOB8jCB7zAOBgNVHQ8BAf8EBAMCAgQwEwYDVR0lBAwwCgYIKwYB
|
|
||||||
+BQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUjgtOHvFBcUQ03AKUbvuJ
|
|
||||||
+IWO5lzUwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIBMAIwcQYD
|
|
||||||
+VR0hBGowaDAYBgpghkgBZQMCATABBgpghkgBZQMCATABMBgGCmCGSAFlAwIBMAEG
|
|
||||||
+CmCGSAFlAwIBMAIwGAYKYIZIAWUDAgEwAgYKYIZIAWUDAgEwATAYBgpghkgBZQMC
|
|
||||||
+ATACBgpghkgBZQMCATACMAoGCCqGSM49BAMCA0cAMEQCICIboTAzG1DvCY/0tA/o
|
|
||||||
+l18zrW9qKVnt4mxih5JQe4fOAiBOF2ZeUT2/ZtdFhZmg+zl/fGrQ1xEx09/S956k
|
|
||||||
+Ig4S9Q==
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEjCCAbigAwIBAgIBCjAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
|
|
||||||
+Q0EgMTEwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
|
|
||||||
+BAMTDFBvbGljeSBDQSAxMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLxetqJp
|
|
||||||
+VR6apJytboxFCCooQ7jVcc7yoHhjlH8HsaJS3GrWpyMgiqOfyWt4KFMynKkgCU1K
|
|
||||||
+1QcU9aC5BfRQpyWjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
|
|
||||||
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFD6etMtD6Qpa7TjVQBgV
|
|
||||||
+/4PhZP4DMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
|
|
||||||
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
|
|
||||||
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
|
|
||||||
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiEA+5uiOjJoq5nU7lKN
|
|
||||||
+rZtBdYNqUKvHuYB+jiNEfWvxx2cCIFZEJCGw8fzqkAyGWkLe10w8PUzPM64nh757
|
|
||||||
+pEtxCzZh
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEjCCAbigAwIBAgIBCzAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
|
|
||||||
+Q0EgMTIwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
|
|
||||||
+BAMTDFBvbGljeSBDQSAxMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPQuXEeo
|
|
||||||
+BrbyENdz9HqAoWMSQx1BErsUcQaneq3L0/VHHJBPKihb8s4nB/2yZaEarr8LFAvi
|
|
||||||
+ofx+4egydkP0mJ+jgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
|
|
||||||
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIoC4qL79Uy3+m26Y+ch
|
|
||||||
++sE6gCOMMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
|
|
||||||
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
|
|
||||||
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
|
|
||||||
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiEAx/vMDhaH4EYTM2v9
|
|
||||||
+GeM1xTP9pNRgak69JQLKLu1VM1YCIF1RYC8Fma5Bc0cZAYY+Gj7dEf9qHj1TODA5
|
|
||||||
+C9es2CPY
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICETCCAbigAwIBAgIBDDAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
|
|
||||||
+Q0EgMTMwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
|
|
||||||
+BAMTDFBvbGljeSBDQSAxMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDlEv73o
|
|
||||||
+ej8Xvc3UodhSHkech80DbuBKdeldOTrRp6ZaVUP3vMgjNUJkh4WkvP3UVTe5SV4D
|
|
||||||
+zQXDIiwAEJu+zdmjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
|
|
||||||
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFCAn0wYXyRdliJOBFvvJ
|
|
||||||
+eZoGTiyOMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
|
|
||||||
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
|
|
||||||
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
|
|
||||||
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNHADBEAiAo2PPmLBZpcT0bst/C
|
|
||||||
+SXvnl3gztIZu89O1MKsNwFcM9QIgIzqZx/o9MF/fP7zbLWErVcUQViOGiCRBLVh7
|
|
||||||
+ppb7CoA=
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEzCCAbigAwIBAgIBDTAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
|
|
||||||
+Q0EgMTQwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
|
|
||||||
+BAMTDFBvbGljeSBDQSAxMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABB8mgAoN
|
|
||||||
+rmFo937IBKXKuxHedUjOL7y3cpDYD1H3C4HRDBQDVOL31lC5kJUhS4HBLvJQwebR
|
|
||||||
+2kW35E3AnhbY/oKjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
|
|
||||||
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBGbO20Xp/q0fPChjLHL
|
|
||||||
+WuJwSNc1MCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
|
|
||||||
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
|
|
||||||
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
|
|
||||||
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEA3qGzdevdYfmiSBj9
|
|
||||||
+t9oE8hfEP+APqGiStlOLKD6xVK0CIQDq9cVa2KXMEz7YwmMO3lxoQFDPEXftbRaC
|
|
||||||
+edFB7q/YXg==
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEzCCAbigAwIBAgIBDjAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
|
|
||||||
+Q0EgMTUwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
|
|
||||||
+BAMTDFBvbGljeSBDQSAxNDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHDiOMtx
|
|
||||||
+5sfJs/WDnw0xS5NYlkbgy2eOZHAmC/jhRp6cjShZrr2/S4IJsH8B2VMcYAHgum6a
|
|
||||||
+eMjqWFIMxIjN5xyjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
|
|
||||||
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOWtYUeAPk66m0o6Z7ax
|
|
||||||
+1RN42wmkMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
|
|
||||||
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
|
|
||||||
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
|
|
||||||
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEA+AcazVKKPfqkpcJw
|
|
||||||
+rkXWIyZrTe+1PNETQzaJCooGNGkCIQDdfHf1I78e+ogaDcjkDe0s3R9VhkvjCty6
|
|
||||||
+uKKFtNGHMQ==
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEjCCAbigAwIBAgIBDzAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
|
|
||||||
+Q0EgMTYwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
|
|
||||||
+BAMTDFBvbGljeSBDQSAxNTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKCkdSYz
|
|
||||||
++zyHItG2rQSyCh018b4bu9Zrw8nzkCBgkT2IyycNtpabYkWhxcEL29ZFqBnB+l7N
|
|
||||||
+5fYmHl5CmflJPh+jgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
|
|
||||||
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNanrmjMEN3PndPGeucm
|
|
||||||
+mST9ucNWMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
|
|
||||||
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
|
|
||||||
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
|
|
||||||
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiAFt48yhTTv0rP29N8H
|
|
||||||
+yRhAQGfnV4t1b8JucixLSfe32QIhAOef6iiwLxbBOMUn5ZN/WAK5TERem6DLSzWN
|
|
||||||
+/PTXHAAt
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICETCCAbigAwIBAgIBEDAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
|
|
||||||
+Q0EgMTcwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
|
|
||||||
+BAMTDFBvbGljeSBDQSAxNjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH5txyDp
|
|
||||||
+DfRsIyYPTAQ+fuxk08E3/tpChVWoog4XQvod61wcUO1/nhoTGNKZZOhN5uhKWJWb
|
|
||||||
+1futz+XxV2QxTCyjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
|
|
||||||
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHSlcxgh3gxgVag1JvAk
|
|
||||||
+zbHlgMbEMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
|
|
||||||
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
|
|
||||||
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
|
|
||||||
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNHADBEAiA9Ee47PnxqW0QmELB+
|
|
||||||
+dd90Fz8wcQFZlNmkPW4Oq2xr/wIgGlxfutQq7l3TU5hyyO0Lh01AHn2DC5KPFPwE
|
|
||||||
+l8S9VeY=
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEzCCAbigAwIBAgIBETAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
|
|
||||||
+Q0EgMTgwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
|
|
||||||
+BAMTDFBvbGljeSBDQSAxNzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAJvlQKB
|
|
||||||
+gJZ+Tysa6iwhllPXCeJrkan6WUm+oqOIY02/SpI5Mba1Kwg73Fsswx3Eywt8sxA2
|
|
||||||
+4fiaqwg+xZoil06jgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
|
|
||||||
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFM/udZ1ib8qDfShdfdfX
|
|
||||||
+8gL6w7VMMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
|
|
||||||
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
|
|
||||||
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
|
|
||||||
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEA6kK7vAYF2TPXzywn
|
|
||||||
++SDLsiGbU6Sj8aTtsJZf9DmhKr4CIQCt4FfI7IWinqNlURXe4HSBPsekcQkOpwjK
|
|
||||||
+PuJRx3fuFw==
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEzCCAbigAwIBAgIBEjAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
|
|
||||||
+Q0EgMTkwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
|
|
||||||
+BAMTDFBvbGljeSBDQSAxODBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEerejCw
|
|
||||||
+gAy7GecLVbQw6eL8k1cGWwLt+wl3sn8he8fA0I+KoFfcOCgtvOF59RMXnjZ1+7OC
|
|
||||||
+kz3mNDVSbKY6KO2jgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
|
|
||||||
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFM0OUOtOKTcTMRXGQwbw
|
|
||||||
+GOoLCOEYMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
|
|
||||||
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
|
|
||||||
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
|
|
||||||
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEAziPsm2dArB/3ILqm
|
|
||||||
+04mZl8/DX6dB4EmU+FPF2UpAeLwCIQCofc27tisg3L1mPNeiwZ26+rDe5SdixiUc
|
|
||||||
+S3KWOJ1cTg==
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEjCCAbigAwIBAgIBEzAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
|
|
||||||
+Q0EgMjAwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
|
|
||||||
+BAMTDFBvbGljeSBDQSAxOTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPmB5spr
|
|
||||||
+C64/21ssufcbshGnQtAWbk2o2l+ej6pMMPIZhmNyvM450L3dFX12UBNcaERCABmr
|
|
||||||
+BEJL7IubGWE9CVOjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
|
|
||||||
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJCh/1mh0Hl2+LE0osUv
|
|
||||||
+OJCmV3IYMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
|
|
||||||
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
|
|
||||||
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
|
|
||||||
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiEAtxMIkO4xCRSQCU6d
|
|
||||||
+0jt+Go4xj/R4bQFWbZrlS9+fYUECICuWAgT3evhoo34o04pU84UaYOvO5V0GJsTt
|
|
||||||
+hrS1v3hT
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEzCCAbigAwIBAgIBFDAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
|
|
||||||
+Q0EgMjEwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
|
|
||||||
+BAMTDFBvbGljeSBDQSAyMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHdvTDYo
|
|
||||||
+M/padIV3LdTnrzwMy1HSTeJ2aTUalkVV17uL2i3C51rWM2pl+qlRordq6W2GboMz
|
|
||||||
+/+78HhKMcCrMWKCjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
|
|
||||||
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAbZN0eSPw3MyvWIEix6
|
|
||||||
+GnYRIiFkMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
|
|
||||||
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
|
|
||||||
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
|
|
||||||
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEAlaapLXHwGNkeEwc0
|
|
||||||
+jsY2XhuR3RlVhD4T2k/QyJRQ0s0CIQD5E+e+5QTe5s+534Lwcxe2iFb3oFm+8g81
|
|
||||||
+OBVtfmSMGg==
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEjCCAbigAwIBAgIBFTAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
|
|
||||||
+Q0EgMjIwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
|
|
||||||
+BAMTDFBvbGljeSBDQSAyMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLTu8R5Y
|
|
||||||
+7Po4W05hWperfod6mXezwWgAVk2RW2EG2vy4NeZeML2EFhg2geNc6N5Goep9t7pn
|
|
||||||
+d+BtORRvR75oCDijgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
|
|
||||||
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNs0d2vXsRj3YYsBrWDo
|
|
||||||
+jrvcEA+eMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
|
|
||||||
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
|
|
||||||
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
|
|
||||||
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiBB603Ui+L60FcUWPrB
|
|
||||||
+Ch06hmgle2u0P07Go/XjTk00ZQIhALGhNArJFEY0gu+XUtyKEZt7BZ0/sh5dtLDP
|
|
||||||
+xkRgR6Wh
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEzCCAbigAwIBAgIBFjAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
|
|
||||||
+Q0EgMjMwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
|
|
||||||
+BAMTDFBvbGljeSBDQSAyMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPXpzC9/
|
|
||||||
+KGblQyjhdcS0a8KBPAiS7c0n+V0i9JItbyze38Ncrctp0wIGHZLjRoB4DZYX1I8e
|
|
||||||
+K5C7KVeUPEE9eOGjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
|
|
||||||
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFISsw9orkX/cBVWcK5KA
|
|
||||||
+//kldz8HMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
|
|
||||||
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
|
|
||||||
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
|
|
||||||
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEA1gazdApLS91ql8Am
|
|
||||||
+4gb4Ku7Lgll4jV+BrLkbABE2cI0CIQCEH1GUJ6ARJB1GdcHrPyaLgeZ5jV2p63UW
|
|
||||||
+UV2QL6aETA==
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEjCCAbigAwIBAgIBFzAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
|
|
||||||
+Q0EgMjQwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
|
|
||||||
+BAMTDFBvbGljeSBDQSAyMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKdweprb
|
|
||||||
+RZmuUk4og1Xa9Skb1vu7jsLozlm9CtDhKLbJ+cDX/VeKj/b8FuvakBO3L1QV5XU0
|
|
||||||
+iFswsIVBVZ3m+TyjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
|
|
||||||
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFPgcEbHfKHt0o/PCS0kD
|
|
||||||
+XWW9XkqMMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
|
|
||||||
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
|
|
||||||
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
|
|
||||||
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiEA9XDj0w5qMS/tLlr9
|
|
||||||
+Z2j8JtVR4M7pF/Wx2U43vmPFJEACIBAlAiUnCm1Nfj16t2cojrW+m2t1cU80ihmj
|
|
||||||
+Ld1U+dRD
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICETCCAbigAwIBAgIBGDAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
|
|
||||||
+Q0EgMjUwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
|
|
||||||
+BAMTDFBvbGljeSBDQSAyNDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAq2PphK
|
|
||||||
+4oVsc+ml3zskBLiMa+dz64k+PrrfKIGSG2Ri5Du/orj0dO9639LeCkkMwWpXAfSx
|
|
||||||
+wxHHQX0I1KwsudGjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
|
|
||||||
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEqcfkso+ynKq2eFaJy8
|
|
||||||
+mzNBdN2PMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
|
|
||||||
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
|
|
||||||
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
|
|
||||||
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNHADBEAiBZ71jDD33HFFqMkLAW
|
|
||||||
+gTAGMmzh9b/vZ8jAclPDKHRghQIgf2GBOF1eEF8Ino9F1n1ia5c3EryvXnvVoklw
|
|
||||||
+cjMIQ5g=
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEjCCAbigAwIBAgIBGTAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
|
|
||||||
+Q0EgMjYwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
|
|
||||||
+BAMTDFBvbGljeSBDQSAyNTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJRoDkj7
|
|
||||||
+iDlIygt4YmMgw4pizu2sx4436MGtw5fFHhjy7T+pPMGjYFg3dixxUOu1NHORpdJq
|
|
||||||
+8Y7SN8p8Y0XsDpijgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
|
|
||||||
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOutMoKSOv5lEGZaqYZM
|
|
||||||
+zNFwpX3KMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
|
|
||||||
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
|
|
||||||
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
|
|
||||||
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiEAks62lsAHmN6xkZsF
|
|
||||||
+6ocGONpH/XmHLpoO6RfMoRCnWkICIFNFD+W6pSSvdDB96sn8jnZ7W/Y0hyLzscBO
|
|
||||||
+WtkzqqJJ
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEzCCAbigAwIBAgIBGjAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
|
|
||||||
+Q0EgMjcwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
|
|
||||||
+BAMTDFBvbGljeSBDQSAyNjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE3seRj5
|
|
||||||
+LVNKi9sZk7qv5cBVUG8BLXXfDRUhCUzT10YAU1J0yd2wmLTbwPyYm65GaecvAHSR
|
|
||||||
+SExOzX6bC35nNt6jgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
|
|
||||||
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNx5XhDdoflDgPrW/HyU
|
|
||||||
+tCokuJ0AMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
|
|
||||||
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
|
|
||||||
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
|
|
||||||
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEApAQVb0KQedyAw1SJ
|
|
||||||
+J8At4uxxm2b8W13s6ENapxw+lwwCIQC7326NFPsDjbfBKhFDQhCIMkAkYq2wzRJ7
|
|
||||||
+ubTwkdT19g==
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEzCCAbigAwIBAgIBGzAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
|
|
||||||
+Q0EgMjgwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
|
|
||||||
+BAMTDFBvbGljeSBDQSAyNzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABC+FQF2E
|
|
||||||
+TrZ4YGNyxFxzpTQBjlu9QUrwgHzabAn47toqRkWUGAS68jBfSdR+j2c7/oehQHhO
|
|
||||||
+relHcbQilhZnh4ijgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
|
|
||||||
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIOlwsa4FjZWhzQYTAY3
|
|
||||||
+c2TSYhsEMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
|
|
||||||
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
|
|
||||||
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
|
|
||||||
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEAwxNBi+8baAU76yng
|
|
||||||
++XvMpY62aqPO4bAe/uedaxBb2jMCIQDJHXqibgIAm1T4/YHimllVlLQudQL5OkbF
|
|
||||||
+Krj3uVHtBg==
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEjCCAbigAwIBAgIBHDAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
|
|
||||||
+Q0EgMjkwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
|
|
||||||
+BAMTDFBvbGljeSBDQSAyODBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBmhjGvk
|
|
||||||
+C3QfSVdY5zuHEY4Rf3eKVro6vcKymgdBPFjjDggZNktR3OMnayCabJB51g2VL7Fg
|
|
||||||
+MegdwzJWzPvQreyjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
|
|
||||||
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEvevGIfitXek0IStYIR
|
|
||||||
+5ne2SkJwMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
|
|
||||||
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
|
|
||||||
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
|
|
||||||
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiBzlv0TggDJWUWx0UHl
|
|
||||||
+cqxuMpoNdy+ifizQIlcjWcrzvgIhAJdQfkPaZdc4/j/HfGaVNN9InJuBWGrPYU6A
|
|
||||||
+iwsSB0jY
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEzCCAbigAwIBAgIBHTAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
|
|
||||||
+Q0EgMzAwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
|
|
||||||
+BAMTDFBvbGljeSBDQSAyOTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCrC5p+Z
|
|
||||||
+ywMukm1LRuXeJ5V1M6V+8A8PjqB3tgHVeEn973HOfia8lt2/7EoKaLKzP8A7D3eC
|
|
||||||
+aBJUmTgHauaolYOjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
|
|
||||||
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGG5D5h1FRA+aZMbSXfZ
|
|
||||||
+Mp8pjYUEMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
|
|
||||||
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
|
|
||||||
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
|
|
||||||
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEAnI2IhyXtBCRiv+Xs
|
|
||||||
+EzsO497oVf1U8SJiVR8SaEx0gzgCIQC0+un/Hcb0OWvpvoeHKcRi7e8SZkX+vn2i
|
|
||||||
+u+KsPqlfzA==
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEjCCAbigAwIBAgIBHjAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
|
|
||||||
+Q0EgMzEwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
|
|
||||||
+BAMTDFBvbGljeSBDQSAzMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHg1qbhT
|
|
||||||
+bpV0agLQkk6di7EdwrrqIn7yCiBCfPwoDI7czY1bHwkR2E8EdrG4ZLBHHFXYNHau
|
|
||||||
+kEo9nueljxbA6MGjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
|
|
||||||
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGXSqDk/Zov8a62kkXDr
|
|
||||||
+8YhtqdkTMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
|
|
||||||
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
|
|
||||||
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
|
|
||||||
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiEA1D2Fm3D8REQtj8o4
|
|
||||||
+ZrnDyWam0Rx6cEMsvmeoafOBUeUCIBW0IoUYmF46faRQWKN7R8wnvbjUw0bxztzy
|
|
||||||
+okUR5Pma
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEjCCAbigAwIBAgIBHzAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
|
|
||||||
+Q0EgMzEwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
|
|
||||||
+BAMTDFBvbGljeSBDQSAzMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIwGMmHl
|
|
||||||
+/QJSpu6KHakSe4gkf3L+NpsrtQpxu6sNfmSjO++dGv6sj2v3+DZNeyagVUJRVHaD
|
|
||||||
+IZzpoyVVrBBO6vijgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
|
|
||||||
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFA+f9g1sP2kM5sOT/8Ge
|
|
||||||
+IDKq5FcUMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
|
|
||||||
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
|
|
||||||
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
|
|
||||||
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiEAvQlbAmF3pS041Zo2
|
|
||||||
+eHrxMO3j8thB+XqHU8RatCZ60WACIG1vUFPH7UwzTTann7Sgp4s+Gd/jLOkrJnEk
|
|
||||||
+W3De9dSX
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
diff --git a/test/recipes/80-test_policy_tree_data/small_leaf.pem b/test/recipes/80-test_policy_tree_data/small_leaf.pem
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000000..c40ddff9e0
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/test/recipes/80-test_policy_tree_data/small_leaf.pem
|
|
||||||
@@ -0,0 +1,11 @@
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIIBmjCCAT+gAwIBAgIBADAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
|
|
||||||
+Q0EgMTAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowGjEYMBYGA1UE
|
|
||||||
+AxMPd3d3LmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAER7oh
|
|
||||||
+z+MnwilNhyEB2bZTuYBpeiwW4QlpYZU6b/8uWOldyMXCaPmaXwY60nrMznfFJX6F
|
|
||||||
+h8dC6XIzvQmjUMdSoqN4MHYwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
|
|
||||||
+AQUFBwMBMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPd3d3LmV4YW1wbGUuY29t
|
|
||||||
+MCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMAoGCCqGSM49
|
|
||||||
+BAMCA0kAMEYCIQC2km5juUULIRYsRgHuLFEiABBR0pDAyTbl9LRjlkSeEQIhAO9b
|
|
||||||
+ye60dMNbhY1OOzrr4mDRv0tuNmbGBErcFs61YZkC
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
diff --git a/test/recipes/80-test_policy_tree_data/small_policy_tree.pem b/test/recipes/80-test_policy_tree_data/small_policy_tree.pem
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000000..040542d16a
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/test/recipes/80-test_policy_tree_data/small_policy_tree.pem
|
|
||||||
@@ -0,0 +1,70 @@
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICETCCAbagAwIBAgIBATAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
|
|
||||||
+Q0EgMjAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
|
|
||||||
+AxMLUG9saWN5IENBIDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQu7GyNFjN6
|
|
||||||
+Sqwk1CZAt+lzTC/Us6ZkO5nsmb8yAuPb6RJ0A2LvUbsmZea+UyBFq3VuEbbuCoeE
|
|
||||||
+KRbKkS6wefAzo4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
|
|
||||||
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSQkJvfn8gFHIXVTBJ4hrtP
|
|
||||||
+ypA9QTAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
|
|
||||||
+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
|
|
||||||
+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
|
|
||||||
+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSQAwRgIhALn6/b3H+jLusJE5QiaS
|
|
||||||
+PiwrLcl+NDguWCnxo0c6AfduAiEApkXUN+7vRfXeFFd9CfA1BnTW3eUzBOsukZoN
|
|
||||||
+zaj+utk=
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICDzCCAbagAwIBAgIBAjAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
|
|
||||||
+Q0EgMzAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
|
|
||||||
+AxMLUG9saWN5IENBIDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT+p+A+K6MI
|
|
||||||
+R3eVP/+2O7lam32HU10frEKpyQslZAabYJwkc9iq5WatMbTMPQibuOIWHFl02uJ8
|
|
||||||
+cxGKy/Hke8P5o4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
|
|
||||||
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSSOt6HCXw+L/4uzJsInqqA
|
|
||||||
+XrWt8DAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
|
|
||||||
+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
|
|
||||||
+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
|
|
||||||
+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDRwAwRAIgS/vh3osFy+q1MLuVnAdg
|
|
||||||
+gMINfiIJw1+3zbYsJYlNhWgCICu6Qgzee4NwIrJagcdVA0RAfnCOo6wfvikpl0ts
|
|
||||||
+EepA
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEDCCAbagAwIBAgIBAzAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
|
|
||||||
+Q0EgNDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
|
|
||||||
+AxMLUG9saWN5IENBIDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQONHKgpAJ6
|
|
||||||
+vE41FYBekpLzybpBQp/gUmgRPKrcL0z4lLTDjCG3j6yIbZma8u2bPM1MBXw5otZ7
|
|
||||||
+xVFhQ1AkZIOco4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
|
|
||||||
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQ69465BL89BXORf4sSnneU
|
|
||||||
+exkm0jAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
|
|
||||||
+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
|
|
||||||
+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
|
|
||||||
+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIhAPK9PqPxgme9x6TPFh2z
|
|
||||||
+vv+qVEM2WxOTdRKOPgUYzCp9AiBl8qO3szv5jNDzb0fRIqVp37v9yBjWcgO9Wl02
|
|
||||||
+QDCpGw==
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICETCCAbagAwIBAgIBBDAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
|
|
||||||
+Q0EgNTAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
|
|
||||||
+AxMLUG9saWN5IENBIDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASLrUP7BFi7
|
|
||||||
++LE2uDVCZ2Z2HK6BpL/kjBbwKkLxlJe+LqNolzu53b8+WtHwrvPPVkD9t3KMdWXU
|
|
||||||
+K7NtHYgXUz07o4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
|
|
||||||
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS0kaY2oJVEBLtjkqI8pXsv
|
|
||||||
+eqm3VDAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
|
|
||||||
+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
|
|
||||||
+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
|
|
||||||
+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSQAwRgIhAJuTMvMUda4Y29V1Tm5O
|
|
||||||
+jCqBThR2NwdQfnET1sjch3Q7AiEA7nEudfXKMljjz608aWtafTkw5V5I2/SbuUKr
|
|
||||||
+vjprfIo=
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIICEDCCAbagAwIBAgIBBTAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
|
|
||||||
+Q0EgNTAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
|
|
||||||
+AxMLUG9saWN5IENBIDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ9RuYVzUGB
|
|
||||||
+FkAEM9kHe9xynDo/NcsiaAO3+E2u7jJQQN50d6hVEDHf9961omldhKhP4HTNfhqj
|
|
||||||
+VMIHKGMhXCgKo4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
|
|
||||||
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTVrjWaVjkfMpilq5tGZ4zZ
|
|
||||||
+iJtaSDAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
|
|
||||||
+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
|
|
||||||
+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
|
|
||||||
+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIhAPVgPpACX2ylQMEMSntw
|
|
||||||
+izxKHTSPhXuF6IHhNHRz7KFnAiB8y/QcF7N2iXNZEqffWSkVted/XOw3Xrck0sJ6
|
|
||||||
+4eXNcw==
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
--
|
|
||||||
2.27.0
|
|
||||||
|
|
||||||
@ -1,49 +0,0 @@
|
|||||||
From dda529ecc2d085488eef60235ef553dc5fd6e6dc Mon Sep 17 00:00:00 2001
|
|
||||||
From: Matt Caswell <matt@openssl.org>
|
|
||||||
Date: Tue, 7 Mar 2023 17:07:57 +0000
|
|
||||||
Subject: [PATCH] Add a Certificate Policies Test
|
|
||||||
|
|
||||||
Test that a valid certificate policy is accepted and that an invalid
|
|
||||||
certificate policy is rejected. Specifically we are checking that a
|
|
||||||
leaf certificate with an invalid policy is detected.
|
|
||||||
|
|
||||||
Related-to: CVE-2023-0465
|
|
||||||
|
|
||||||
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
|
||||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
|
||||||
(Merged from https://github.com/openssl/openssl/pull/20587)
|
|
||||||
---
|
|
||||||
test/recipes/25-test_verify.t | 13 ++++++++++++-
|
|
||||||
1 file changed, 12 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
|
|
||||||
index 2a4c36e86d..818c9ac50d 100644
|
|
||||||
--- a/test/recipes/25-test_verify.t
|
|
||||||
+++ b/test/recipes/25-test_verify.t
|
|
||||||
@@ -29,7 +29,7 @@ sub verify {
|
|
||||||
run(app([@args]));
|
|
||||||
}
|
|
||||||
|
|
||||||
-plan tests => 164;
|
|
||||||
+plan tests => 166;
|
|
||||||
|
|
||||||
# Canonical success
|
|
||||||
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
|
|
||||||
@@ -516,3 +516,14 @@ SKIP: {
|
|
||||||
ok(run(app([ qw(openssl verify -trusted), $rsapluscert_file, $cert_file ])),
|
|
||||||
'Mixed key + cert file test');
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+# Certificate Policies
|
|
||||||
+ok(verify("ee-cert-policies", "", ["root-cert"], ["ca-pol-cert"],
|
|
||||||
+ "-policy_check", "-policy", "1.3.6.1.4.1.16604.998855.1",
|
|
||||||
+ "-explicit_policy"),
|
|
||||||
+ "Certificate policy");
|
|
||||||
+
|
|
||||||
+ok(!verify("ee-cert-policies-bad", "", ["root-cert"], ["ca-pol-cert"],
|
|
||||||
+ "-policy_check", "-policy", "1.3.6.1.4.1.16604.998855.1",
|
|
||||||
+ "-explicit_policy"),
|
|
||||||
+ "Bad certificate policy");
|
|
||||||
--
|
|
||||||
2.36.1
|
|
||||||
|
|
||||||
@ -1,89 +0,0 @@
|
|||||||
From e1e1125b5ce110ef53770b4e6e18a34f772ab6eb Mon Sep 17 00:00:00 2001
|
|
||||||
From: wzc <u201911736@hust.edu.cn>
|
|
||||||
Date: Wed, 26 Apr 2023 17:08:15 +0800
|
|
||||||
Subject: [PATCH 60/60] backport-CVE-2023-1255,The buffer overread happens on decrypts of 4 mod 5 sizes.Unless the memory just after the buffer is unmapped this is harmless.
|
|
||||||
|
|
||||||
Reviewed-by: Paul Dale <pauli@openssl.org>
|
|
||||||
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
|
|
||||||
(Merged from https://github.com/openssl/openssl/pull/20759)
|
|
||||||
|
|
||||||
(cherry picked from commit 72dfe46550ee1f1bbfacd49f071419365bc23304)
|
|
||||||
---
|
|
||||||
CHANGES.md | 10 ++++++++++
|
|
||||||
NEWS.md | 2 ++
|
|
||||||
...//crypto/aes/asm/aesv8-armx.pl | 4 +++-
|
|
||||||
3 files changed, 15 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/CHANGES.md b/CHANGES.md
|
|
||||||
index 7cdd9d9..6c33bf9 100644
|
|
||||||
--- a/CHANGES.md
|
|
||||||
+++ b/CHANGES.md
|
|
||||||
@@ -30,6 +30,15 @@ breaking changes, and mappings for the large list of deprecated functions.
|
|
||||||
|
|
||||||
### Changes between 3.0.7 and 3.0.8 [7 Feb 2023]
|
|
||||||
|
|
||||||
+ * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which
|
|
||||||
+ happens if the buffer size is 4 mod 5. This can trigger a crash of an
|
|
||||||
+ application using AES-XTS decryption if the memory just after the buffer
|
|
||||||
+ being decrypted is not mapped.
|
|
||||||
+ Thanks to Anton Romanov (Amazon) for discovering the issue.
|
|
||||||
+ ([CVE-2023-1255])
|
|
||||||
+
|
|
||||||
+ *Nevine Ebeid*
|
|
||||||
+
|
|
||||||
* Fixed NULL dereference during PKCS7 data verification.
|
|
||||||
|
|
||||||
A NULL pointer can be dereferenced when signatures are being
|
|
||||||
@@ -19578,6 +19587,7 @@ ndif
|
|
||||||
|
|
||||||
<!-- Links -->
|
|
||||||
|
|
||||||
+[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
|
|
||||||
[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
|
|
||||||
[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
|
|
||||||
[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
|
|
||||||
diff --git a/NEWS.md b/NEWS.md
|
|
||||||
index 36dbfa7..86b1410 100644
|
|
||||||
--- a/NEWS.md
|
|
||||||
+++ b/NEWS.md
|
|
||||||
@@ -20,6 +20,7 @@ OpenSSL 3.0
|
|
||||||
|
|
||||||
### Major changes between OpenSSL 3.0.7 and OpenSSL 3.0.8 [7 Feb 2023]
|
|
||||||
|
|
||||||
+ * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms ([CVE-2023-1255])
|
|
||||||
* Fixed NULL dereference during PKCS7 data verification ([CVE-2023-0401])
|
|
||||||
* Fixed X.400 address type confusion in X.509 GeneralName ([CVE-2023-0286])
|
|
||||||
* Fixed NULL dereference validating DSA public key ([CVE-2023-0217])
|
|
||||||
@@ -1430,6 +1431,7 @@ OpenSSL 0.9.x
|
|
||||||
* Support for various new platforms
|
|
||||||
|
|
||||||
<!-- Links -->
|
|
||||||
+[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
|
|
||||||
[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
|
|
||||||
[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
|
|
||||||
[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
|
|
||||||
diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl
|
|
||||||
index 6a7bf05..5701373 100644
|
|
||||||
--- a/crypto/aes/asm/aesv8-armx.pl
|
|
||||||
+++ b/crypto/aes/asm/aesv8-armx.pl
|
|
||||||
@@ -3353,7 +3353,7 @@ $code.=<<___ if ($flavour =~ /64/);
|
|
||||||
.align 4
|
|
||||||
.Lxts_dec_tail4x:
|
|
||||||
add $inp,$inp,#16
|
|
||||||
- vld1.32 {$dat0},[$inp],#16
|
|
||||||
+ tst $tailcnt,#0xf
|
|
||||||
veor $tmp1,$dat1,$tmp0
|
|
||||||
vst1.8 {$tmp1},[$out],#16
|
|
||||||
veor $tmp2,$dat2,$tmp2
|
|
||||||
@@ -3362,6 +3362,8 @@ $code.=<<___ if ($flavour =~ /64/);
|
|
||||||
veor $tmp4,$dat4,$tmp4
|
|
||||||
vst1.8 {$tmp3-$tmp4},[$out],#32
|
|
||||||
|
|
||||||
+ b.eq .Lxts_dec_abort
|
|
||||||
+ vld1.32 {$dat0},[$inp],#16
|
|
||||||
b .Lxts_done
|
|
||||||
.align 4
|
|
||||||
.Lxts_outer_dec_tail:
|
|
||||||
--
|
|
||||||
2.37.0.windows.1
|
|
||||||
|
|
||||||
@ -1,65 +0,0 @@
|
|||||||
From 423a2bc737a908ad0c77bda470b2b59dc879936b Mon Sep 17 00:00:00 2001
|
|
||||||
From: Richard Levitte <levitte@openssl.org>
|
|
||||||
Date: Fri, 12 May 2023 10:00:13 +0200
|
|
||||||
Subject: [PATCH] Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will
|
|
||||||
translate
|
|
||||||
|
|
||||||
OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
|
|
||||||
numeric text form. For gigantic sub-identifiers, this would take a very
|
|
||||||
long time, the time complexity being O(n^2) where n is the size of that
|
|
||||||
sub-identifier.
|
|
||||||
|
|
||||||
To mitigate this, a restriction on the size that OBJ_obj2txt() will
|
|
||||||
translate to canonical numeric text form is added, based on RFC 2578
|
|
||||||
(STD 58), which says this:
|
|
||||||
|
|
||||||
> 3.5. OBJECT IDENTIFIER values
|
|
||||||
>
|
|
||||||
> An OBJECT IDENTIFIER value is an ordered list of non-negative numbers.
|
|
||||||
> For the SMIv2, each number in the list is referred to as a sub-identifier,
|
|
||||||
> there are at most 128 sub-identifiers in a value, and each sub-identifier
|
|
||||||
> has a maximum value of 2^32-1 (4294967295 decimal).
|
|
||||||
|
|
||||||
Fixes otc/security#96
|
|
||||||
Fixes CVE-2023-2650
|
|
||||||
|
|
||||||
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
||||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
|
||||||
---
|
|
||||||
NEWS.md | 4 ++++
|
|
||||||
crypto/objects/obj_dat.c | 19 +++++++++++++++++++
|
|
||||||
3 files changed, 50 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
|
|
||||||
index 01cde00e98..c0e55197a0 100644
|
|
||||||
--- a/crypto/objects/obj_dat.c
|
|
||||||
+++ b/crypto/objects/obj_dat.c
|
|
||||||
@@ -443,6 +443,25 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
|
|
||||||
first = 1;
|
|
||||||
bl = NULL;
|
|
||||||
|
|
||||||
+ /*
|
|
||||||
+ * RFC 2578 (STD 58) says this about OBJECT IDENTIFIERs:
|
|
||||||
+ *
|
|
||||||
+ * > 3.5. OBJECT IDENTIFIER values
|
|
||||||
+ * >
|
|
||||||
+ * > An OBJECT IDENTIFIER value is an ordered list of non-negative
|
|
||||||
+ * > numbers. For the SMIv2, each number in the list is referred to as a
|
|
||||||
+ * > sub-identifier, there are at most 128 sub-identifiers in a value,
|
|
||||||
+ * > and each sub-identifier has a maximum value of 2^32-1 (4294967295
|
|
||||||
+ * > decimal).
|
|
||||||
+ *
|
|
||||||
+ * So a legitimate OID according to this RFC is at most (32 * 128 / 7),
|
|
||||||
+ * i.e. 586 bytes long.
|
|
||||||
+ *
|
|
||||||
+ * Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
|
|
||||||
+ */
|
|
||||||
+ if (len > 586)
|
|
||||||
+ goto err;
|
|
||||||
+
|
|
||||||
while (len > 0) {
|
|
||||||
l = 0;
|
|
||||||
use_bn = 0;
|
|
||||||
--
|
|
||||||
2.27.0
|
|
||||||
|
|
||||||
@ -1,52 +0,0 @@
|
|||||||
From 1dd43e0709fece299b15208f36cc7c76209ba0bb Mon Sep 17 00:00:00 2001
|
|
||||||
From: Matt Caswell <matt@openssl.org>
|
|
||||||
Date: Tue, 7 Mar 2023 16:52:55 +0000
|
|
||||||
Subject: [PATCH] Ensure that EXFLAG_INVALID_POLICY is checked even in leaf
|
|
||||||
certs
|
|
||||||
|
|
||||||
Even though we check the leaf cert to confirm it is valid, we
|
|
||||||
later ignored the invalid flag and did not notice that the leaf
|
|
||||||
cert was bad.
|
|
||||||
|
|
||||||
Fixes: CVE-2023-0465
|
|
||||||
|
|
||||||
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
|
||||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
|
||||||
(Merged from https://github.com/openssl/openssl/pull/20587)
|
|
||||||
---
|
|
||||||
crypto/x509/x509_vfy.c | 12 ++++++++++--
|
|
||||||
1 file changed, 10 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
|
|
||||||
index 9384f1da9b..a0282c3ef1 100644
|
|
||||||
--- a/crypto/x509/x509_vfy.c
|
|
||||||
+++ b/crypto/x509/x509_vfy.c
|
|
||||||
@@ -1654,15 +1654,23 @@ static int check_policy(X509_STORE_CTX *ctx)
|
|
||||||
goto memerr;
|
|
||||||
/* Invalid or inconsistent extensions */
|
|
||||||
if (ret == X509_PCY_TREE_INVALID) {
|
|
||||||
- int i;
|
|
||||||
+ int i, cbcalled = 0;
|
|
||||||
|
|
||||||
/* Locate certificates with bad extensions and notify callback. */
|
|
||||||
- for (i = 1; i < sk_X509_num(ctx->chain); i++) {
|
|
||||||
+ for (i = 0; i < sk_X509_num(ctx->chain); i++) {
|
|
||||||
X509 *x = sk_X509_value(ctx->chain, i);
|
|
||||||
|
|
||||||
+ if ((x->ex_flags & EXFLAG_INVALID_POLICY) != 0)
|
|
||||||
+ cbcalled = 1;
|
|
||||||
CB_FAIL_IF((x->ex_flags & EXFLAG_INVALID_POLICY) != 0,
|
|
||||||
ctx, x, i, X509_V_ERR_INVALID_POLICY_EXTENSION);
|
|
||||||
}
|
|
||||||
+ if (!cbcalled) {
|
|
||||||
+ /* Should not be able to get here */
|
|
||||||
+ ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR);
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+ /* The callback ignored the error so we return success */
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
if (ret == X509_PCY_TREE_FAILURE) {
|
|
||||||
--
|
|
||||||
2.36.1
|
|
||||||
|
|
||||||
@ -1,46 +0,0 @@
|
|||||||
From 51e8a84ce742db0f6c70510d0159dad8f7825908 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Tomas Mraz <tomas@openssl.org>
|
|
||||||
Date: Tue, 21 Mar 2023 16:15:47 +0100
|
|
||||||
Subject: [PATCH] Fix documentation of X509_VERIFY_PARAM_add0_policy()
|
|
||||||
|
|
||||||
The function was incorrectly documented as enabling policy checking.
|
|
||||||
|
|
||||||
Fixes: CVE-2023-0466
|
|
||||||
|
|
||||||
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
||||||
Reviewed-by: Paul Dale <pauli@openssl.org>
|
|
||||||
(Merged from https://github.com/openssl/openssl/pull/20563)
|
|
||||||
---
|
|
||||||
doc/man3/X509_VERIFY_PARAM_set_flags.pod | 9 +++++++--
|
|
||||||
3 files changed, 17 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
|
|
||||||
index 75a1677022..43c1900bca 100644
|
|
||||||
--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod
|
|
||||||
+++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
|
|
||||||
@@ -98,8 +98,9 @@ B<trust>.
|
|
||||||
X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
|
|
||||||
B<t>. Normally the current time is used.
|
|
||||||
|
|
||||||
-X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled
|
|
||||||
-by default) and adds B<policy> to the acceptable policy set.
|
|
||||||
+X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set.
|
|
||||||
+Contrary to preexisting documentation of this function it does not enable
|
|
||||||
+policy checking.
|
|
||||||
|
|
||||||
X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled
|
|
||||||
by default) and sets the acceptable policy set to B<policies>. Any existing
|
|
||||||
@@ -400,6 +401,10 @@ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i.
|
|
||||||
The X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(),
|
|
||||||
and X509_VERIFY_PARAM_get1_ip_asc() functions were added in OpenSSL 3.0.
|
|
||||||
|
|
||||||
+The function X509_VERIFY_PARAM_add0_policy() was historically documented as
|
|
||||||
+enabling policy checking however the implementation has never done this.
|
|
||||||
+The documentation was changed to align with the implementation.
|
|
||||||
+
|
|
||||||
=head1 COPYRIGHT
|
|
||||||
|
|
||||||
Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved.
|
|
||||||
--
|
|
||||||
2.36.1
|
|
||||||
|
|
||||||
@ -1,146 +0,0 @@
|
|||||||
From a4e726428608e352283d745cb0716248d29ecf26 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Matt Caswell <matt@openssl.org>
|
|
||||||
Date: Tue, 7 Mar 2023 15:22:40 +0000
|
|
||||||
Subject: [PATCH] Generate some certificates with the certificatePolicies
|
|
||||||
extension
|
|
||||||
|
|
||||||
Related-to: CVE-2023-0465
|
|
||||||
|
|
||||||
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
|
||||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
|
||||||
(Merged from https://github.com/openssl/openssl/pull/20585)
|
|
||||||
---
|
|
||||||
test/certs/ca-pol-cert.pem | 19 +++++++++++++++++++
|
|
||||||
test/certs/ee-cert-policies-bad.pem | 20 ++++++++++++++++++++
|
|
||||||
test/certs/ee-cert-policies.pem | 20 ++++++++++++++++++++
|
|
||||||
test/certs/mkcert.sh | 9 +++++++--
|
|
||||||
test/certs/setup.sh | 6 ++++++
|
|
||||||
5 files changed, 72 insertions(+), 2 deletions(-)
|
|
||||||
create mode 100644 test/certs/ca-pol-cert.pem
|
|
||||||
create mode 100644 test/certs/ee-cert-policies-bad.pem
|
|
||||||
create mode 100644 test/certs/ee-cert-policies.pem
|
|
||||||
|
|
||||||
diff --git a/test/certs/ca-pol-cert.pem b/test/certs/ca-pol-cert.pem
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000000..244af3292b
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/test/certs/ca-pol-cert.pem
|
|
||||||
@@ -0,0 +1,19 @@
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIIDFzCCAf+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
|
|
||||||
+IENBMCAXDTIzMDMwODEyMjMxNloYDzIxMjMwMzA5MTIyMzE2WjANMQswCQYDVQQD
|
|
||||||
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
|
|
||||||
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
|
|
||||||
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
|
|
||||||
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
|
|
||||||
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
|
|
||||||
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
|
|
||||||
+CLNNsUcCAwEAAaN7MHkwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYD
|
|
||||||
+VR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8GA1UdIwQYMBaAFI71Ja8em2uE
|
|
||||||
+PXyAmslTnE1y96NSMBkGA1UdIAQSMBAwDgYMKwYBBAGBgVy8+0cBMA0GCSqGSIb3
|
|
||||||
+DQEBCwUAA4IBAQBbE+MO9mewWIUY2kt85yhl0oZtvVxbn9K2Hty59ItwJGRNfzx7
|
|
||||||
+Ge7KgawkvNzMOXmj6qf8TpbJnf41ZLWdRyVZBVyIwrAKIVw1VxfGh8aEifHKN97H
|
|
||||||
+unZkBPcUkAhUJSiC1BOD/euaMYqOi8QwiI702Q6q1NBY1/UKnV/ZIBLecnqfj9vZ
|
|
||||||
+7T0wKxrwGYBztP4pNcxCmBoD9Dg+Dx3ZElo0WXyO4SOh/BgrsKJHKyhbuTpjrI/g
|
|
||||||
+DhcINRp6+lIzuFBtJ67+YXnAEspb3lKMk0YL/LXrCNF2scdmNfOPwHi+OKBqt69C
|
|
||||||
+9FJyWFEMxx2qm/ENE9sbOswgJRnKkaAqHBHx
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
diff --git a/test/certs/ee-cert-policies-bad.pem b/test/certs/ee-cert-policies-bad.pem
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000000..0fcd6372b3
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/test/certs/ee-cert-policies-bad.pem
|
|
||||||
@@ -0,0 +1,20 @@
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIIDTTCCAjWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
|
|
||||||
+Fw0yMzAzMDgxMjIzMzJaGA8yMTIzMDMwOTEyMjMzMlowGTEXMBUGA1UEAwwOc2Vy
|
|
||||||
+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
|
|
||||||
+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
|
|
||||||
+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
|
|
||||||
+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
|
|
||||||
+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
|
|
||||||
+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
|
|
||||||
+iIQPYf55NB9KiR+3AgMBAAGjgakwgaYwHQYDVR0OBBYEFOeb4iqtimw6y3ZR5Y4H
|
|
||||||
+mCKX4XOiMB8GA1UdIwQYMBaAFLQRM/HX4l73U54gIhBPhga/H8leMAkGA1UdEwQC
|
|
||||||
+MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4YW1w
|
|
||||||
+bGUwKQYDVR0gBCIwIDAOBgwrBgEEAYGBXLz7RwEwDgYMKwYBBAGBgVy8+0cBMA0G
|
|
||||||
+CSqGSIb3DQEBCwUAA4IBAQArwtwNO++7kStcJeMg3ekz2D/m/8UEjTA1rknBjQiQ
|
|
||||||
+P0FK7tNeRqus9i8PxthNWk+biRayvDzaGIBV7igpDBPfXemDgmW9Adc4MKyiQDfs
|
|
||||||
+YfkHi3xJKvsK2fQmyCs2InVDaKpVAkNFcgAW8nSOhGliqIxLb0EOLoLNwaktou0N
|
|
||||||
+XQHmRzY8S7aIr8K9Qo9y/+MLar+PS4h8l6FkLLkTICiFzE4/wje5S3NckAnadRJa
|
|
||||||
+QpjwM2S6NuA+tYWuOcN//r7BSpW/AZKanYWPzHMrKlqCh+9o7sthPd72+hObG9kx
|
|
||||||
+wSGdzfStNK1I1zM5LiI08WtXCvR6AfLANTo2x1AYhSxF
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
diff --git a/test/certs/ee-cert-policies.pem b/test/certs/ee-cert-policies.pem
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000000..2f06d7433f
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/test/certs/ee-cert-policies.pem
|
|
||||||
@@ -0,0 +1,20 @@
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIIDPTCCAiWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
|
|
||||||
+Fw0yMzAzMDgxMjIzMjNaGA8yMTIzMDMwOTEyMjMyM1owGTEXMBUGA1UEAwwOc2Vy
|
|
||||||
+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
|
|
||||||
+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
|
|
||||||
+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
|
|
||||||
+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
|
|
||||||
+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
|
|
||||||
+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
|
|
||||||
+iIQPYf55NB9KiR+3AgMBAAGjgZkwgZYwHQYDVR0OBBYEFOeb4iqtimw6y3ZR5Y4H
|
|
||||||
+mCKX4XOiMB8GA1UdIwQYMBaAFLQRM/HX4l73U54gIhBPhga/H8leMAkGA1UdEwQC
|
|
||||||
+MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4YW1w
|
|
||||||
+bGUwGQYDVR0gBBIwEDAOBgwrBgEEAYGBXLz7RwEwDQYJKoZIhvcNAQELBQADggEB
|
|
||||||
+AGbWslmAAdMX3+5ChcnFrX+NqDGoyhb3PTgWdtlQB5qtWdIt4rSxN50OcQxFTX0D
|
|
||||||
+QOBabSzR0DDKrgfBe4waL19WsdEvR9GyO4M7ASze/A3IEZue9C9k0n7Vq8zDaAZl
|
|
||||||
+CiR/Zqo9nAOuhKHMgmC/NjUlX7STv5pJVgc4SH8VEKmSRZDmNihaOalUtK5X8/Oa
|
|
||||||
+dawKxsZcaP5IKnOEPPKjtVNJxBu5CXywJHsO0GcoDEnEx1/NLdFoJ6WFw8NuTyDK
|
|
||||||
+NGLq2MHEdyKaigHQlptEs9bXyu9McJjzbx0uXj3BenRULASreccFej0L1RU6jDlk
|
|
||||||
+D3brBn24UISaFRZoB7jsjok=
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
diff --git a/test/certs/mkcert.sh b/test/certs/mkcert.sh
|
|
||||||
index 88e8740037..5bba589358 100755
|
|
||||||
--- a/test/certs/mkcert.sh
|
|
||||||
+++ b/test/certs/mkcert.sh
|
|
||||||
@@ -119,11 +119,12 @@ genca() {
|
|
||||||
local OPTIND=1
|
|
||||||
local purpose=
|
|
||||||
|
|
||||||
- while getopts p: o
|
|
||||||
+ while getopts p:c: o
|
|
||||||
do
|
|
||||||
case $o in
|
|
||||||
p) purpose="$OPTARG";;
|
|
||||||
- *) echo "Usage: $0 genca [-p EKU] cn keyname certname cakeyname cacertname" >&2
|
|
||||||
+ c) certpol="$OPTARG";;
|
|
||||||
+ *) echo "Usage: $0 genca [-p EKU][-c policyoid] cn keyname certname cakeyname cacertname" >&2
|
|
||||||
return 1;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
@@ -146,6 +147,10 @@ genca() {
|
|
||||||
if [ -n "$NC" ]; then
|
|
||||||
exts=$(printf "%s\nnameConstraints = %s\n" "$exts" "$NC")
|
|
||||||
fi
|
|
||||||
+ if [ -n "$certpol" ]; then
|
|
||||||
+ exts=$(printf "%s\ncertificatePolicies = %s\n" "$exts" "$certpol")
|
|
||||||
+ fi
|
|
||||||
+
|
|
||||||
csr=$(req "$key" "CN = $cn") || return 1
|
|
||||||
echo "$csr" |
|
|
||||||
cert "$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \
|
|
||||||
diff --git a/test/certs/setup.sh b/test/certs/setup.sh
|
|
||||||
index 7cd7e78b5e..bd8d49337d 100755
|
|
||||||
--- a/test/certs/setup.sh
|
|
||||||
+++ b/test/certs/setup.sh
|
|
||||||
@@ -465,3 +465,9 @@ OPENSSL_SIGALG=ED448 OPENSSL_KEYALG=ed448 ./mkcert.sh genee ed448 \
|
|
||||||
|
|
||||||
# critical id-pkix-ocsp-no-check extension
|
|
||||||
./mkcert.sh geneeextra server.example ee-key ee-cert-ocsp-nocheck ca-key ca-cert "1.3.6.1.5.5.7.48.1.5=critical,DER:05:00"
|
|
||||||
+
|
|
||||||
+# certificatePolicies extension
|
|
||||||
+./mkcert.sh genca -c "1.3.6.1.4.1.16604.998855.1" "CA" ca-key ca-pol-cert root-key root-cert
|
|
||||||
+./mkcert.sh geneeextra server.example ee-key ee-cert-policies ca-key ca-cert "certificatePolicies=1.3.6.1.4.1.16604.998855.1"
|
|
||||||
+# We can create a cert with a duplicate policy oid - but its actually invalid!
|
|
||||||
+./mkcert.sh geneeextra server.example ee-key ee-cert-policies-bad ca-key ca-cert "certificatePolicies=1.3.6.1.4.1.16604.998855.1,1.3.6.1.4.1.16604.998855.1"
|
|
||||||
--
|
|
||||||
2.36.1
|
|
||||||
|
|
||||||
Binary file not shown.
15
openssl.spec
15
openssl.spec
@ -1,8 +1,8 @@
|
|||||||
%define soversion 3
|
%define soversion 3
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: 3.0.8
|
Version: 3.0.9
|
||||||
Release: 7
|
Release: 1
|
||||||
Summary: Cryptography and SSL/TLS Toolkit
|
Summary: Cryptography and SSL/TLS Toolkit
|
||||||
License: OpenSSL and SSLeay
|
License: OpenSSL and SSLeay
|
||||||
URL: https://www.openssl.org/
|
URL: https://www.openssl.org/
|
||||||
@ -23,14 +23,6 @@ Patch11: Backport-Fix-SM4-test-failures-on-big-endian-ARM-processors.patch
|
|||||||
Patch12: Backport-Apply-SM4-optimization-patch-to-Kunpeng-920.patch
|
Patch12: Backport-Apply-SM4-optimization-patch-to-Kunpeng-920.patch
|
||||||
Patch13: Backport-SM4-AESE-optimization-for-ARMv8.patch
|
Patch13: Backport-SM4-AESE-optimization-for-ARMv8.patch
|
||||||
Patch14: Backport-Fix-SM4-XTS-build-failure-on-Mac-mini-M1.patch
|
Patch14: Backport-Fix-SM4-XTS-build-failure-on-Mac-mini-M1.patch
|
||||||
Patch15: Backport-CVE-2023-0464-x509-excessive-resource-use-verifying-policy-constra.patch
|
|
||||||
Patch16: Backport-test-add-test-cases-for-the-policy-resource-overuse.patch
|
|
||||||
Patch17: backport-Add-a-Certificate-Policies-Test.patch
|
|
||||||
Patch18: backport-Ensure-that-EXFLAG_INVALID_POLICY-is-checked-even-in.patch
|
|
||||||
Patch19: backport-Generate-some-certificates-with-the-certificatePolic.patch
|
|
||||||
Patch20: backport-Fix-documentation-of-X509_VERIFY_PARAM_add0_policy.patch
|
|
||||||
Patch21: backport-CVE-2023-1255.patch
|
|
||||||
Patch22: backport-CVE-2023-2650-Restrict-the-size-of-OBJECT-IDENTIFIERs-that-OBJ_obj.patch
|
|
||||||
|
|
||||||
BuildRequires: gcc gcc-c++ perl make lksctp-tools-devel coreutils util-linux zlib-devel
|
BuildRequires: gcc gcc-c++ perl make lksctp-tools-devel coreutils util-linux zlib-devel
|
||||||
Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||||
@ -231,6 +223,9 @@ make test || :
|
|||||||
%ldconfig_scriptlets libs
|
%ldconfig_scriptlets libs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat Jul 22 2023 wangcheng <wangcheng156@huawei.com> - 1:3.0.9-1
|
||||||
|
- upgrade to 3.0.9
|
||||||
|
|
||||||
* Mon Jun 12 2023 steven <steven_ygui@163.com> - 1:3.0.8-7
|
* Mon Jun 12 2023 steven <steven_ygui@163.com> - 1:3.0.8-7
|
||||||
- fix CVE-2023-2650
|
- fix CVE-2023-2650
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user