Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFC: etcdmain, pkg: CN based auth for inter peer connection #8616

Merged
merged 3 commits into from
Oct 4, 2017
Merged

RFC: etcdmain, pkg: CN based auth for inter peer connection #8616

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
70018e9
etcdmain, pkg: CN based auth for inter peer connection
mitake Sep 22, 2017
1d28a7a
integration/fixtures: add cert and key of different CN for testing pu…
mitake Sep 29, 2017
5f7ce4f
e2e: add a test case for --peer-cert-allowed-cn
mitake Sep 29, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions Documentation/op-guide/configuration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -251,6 +251,11 @@ The security flags help to [build a secure etcd cluster][security].
+ default: false
+ env variable: ETCD_PEER_AUTO_TLS

### --peer-cert-allowed-cn
+ Allowed CommonName for inter peer authentication.
+ default: none
+ env variable: ETCD_PEER_CERT_ALLOWED_CN

## Logging flags

### --debug
Expand Down
77 changes: 77 additions & 0 deletions e2e/etcd_config_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,3 +113,80 @@ func TestEtcdUnixPeers(t *testing.T) {
t.Fatal(err)
}
}

// TestEtcdPeerCNAuth checks that the inter peer auth based on CN of cert is working correctly.
func TestEtcdPeerCNAuth(t *testing.T) {
peers, tmpdirs := make([]string, 3), make([]string, 3)
for i := range peers {
peers[i] = fmt.Sprintf("e%d=https://127.0.0.1:%d", i, etcdProcessBasePort+i)
d, err := ioutil.TempDir("", fmt.Sprintf("e%d.etcd", i))
if err != nil {
t.Fatal(err)
}
tmpdirs[i] = d
}
ic := strings.Join(peers, ",")

procs := make([]*expect.ExpectProcess, len(peers))
defer func() {
for i := range procs {
if procs[i] != nil {
procs[i].Stop()
}
os.RemoveAll(tmpdirs[i])
}
}()

// node 0 and 1 have a cert with the correct CN, node 2 doesn't
for i := range procs {
commonArgs := []string{
binDir + "/etcd",
"--name", fmt.Sprintf("e%d", i),
"--listen-client-urls", "http://0.0.0.0:0",
"--data-dir", tmpdirs[i],
"--advertise-client-urls", "http://0.0.0.0:0",
"--listen-peer-urls", fmt.Sprintf("https://127.0.0.1:%d,https://127.0.0.1:%d", etcdProcessBasePort+i, etcdProcessBasePort+len(peers)+i),
"--initial-advertise-peer-urls", fmt.Sprintf("https://127.0.0.1:%d", etcdProcessBasePort+i),
"--initial-cluster", ic,
}

var args []string
if i <= 1 {
args = []string{
"--peer-cert-file", certPath,
"--peer-key-file", privateKeyPath,
"--peer-trusted-ca-file", caPath,
"--peer-client-cert-auth",
"--peer-cert-allowed-cn", "example.com",
}
} else {
args = []string{
"--peer-cert-file", certPath2,
"--peer-key-file", privateKeyPath2,
"--peer-trusted-ca-file", caPath,
"--peer-client-cert-auth",
"--peer-cert-allowed-cn", "example2.com",
}
}

commonArgs = append(commonArgs, args...)

p, err := spawnCmd(commonArgs)
if err != nil {
t.Fatal(err)
}
procs[i] = p
}

for i, p := range procs {
var expect []string
if i <= 1 {
expect = etcdServerReadyLines
} else {
expect = []string{"(remote error: tls: bad certificate)"}
}
if err := waitReadyExpectProc(p, expect); err != nil {
t.Fatal(err)
}
}
}
6 changes: 6 additions & 0 deletions e2e/main_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,9 @@ var (
privateKeyPath string
caPath string

certPath2 string
privateKeyPath2 string

crlPath string
revokedCertPath string
revokedPrivateKeyPath string
Expand All @@ -43,6 +46,9 @@ func TestMain(m *testing.M) {
revokedPrivateKeyPath = certDir + "/server-revoked.key.insecure"
crlPath = certDir + "/revoke.crl"

certPath2 = certDir + "/server2.crt"
privateKeyPath2 = certDir + "/server2.key.insecure"

v := m.Run()
if v == 0 && testutil.CheckLeakedGoroutine() {
os.Exit(1)
Expand Down
1 change: 1 addition & 0 deletions etcdmain/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,7 @@ func newConfig() *config {
fs.StringVar(&cfg.PeerTLSInfo.TrustedCAFile, "peer-trusted-ca-file", "", "Path to the peer server TLS trusted CA file.")
fs.BoolVar(&cfg.PeerAutoTLS, "peer-auto-tls", false, "Peer TLS using generated certificates")
fs.StringVar(&cfg.PeerTLSInfo.CRLFile, "peer-crl-file", "", "Path to the peer certificate revocation list file.")
fs.StringVar(&cfg.PeerTLSInfo.AllowedCN, "peer-cert-allowed-cn", "", "Allowed CN for inter peer authentication.")

// logging
fs.BoolVar(&cfg.Debug, "debug", false, "Enable debug-level logging for etcd.")
Expand Down
30 changes: 15 additions & 15 deletions integration/fixtures/ca.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,22 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDrjCCApagAwIBAgIUaE5uhZZO0NApCR9JZ8WFTYzCRHEwDQYJKoZIhvcNAQEL
MIIDrjCCApagAwIBAgIUD/nWsq3FfCKbMoY0HPFWnT0vEsMwDQYJKoZIhvcNAQEL
BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzA4MjExMDE4MDBaFw0yNzA4MTkxMDE4
Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzA5MjkwNjUzMDBaFw0yNzA5MjcwNjUz
MDBaMG8xDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
ZWN1cml0eTELMAkGA1UEAxMCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDINenyY3RrYI6PYibH+j95HXhTJdIssBiox1IX89SkqmpFQAbmt2+49tka
el8MeyZC76KqAmbon6m8zCeCM/XxdxaEEUHeHAy28tD+Sahn6jrodCovZl0xe6hp
RVcMd10ic0awxRvogOU/wXvzExI01zcVAo3wVgH2ZVb2dnPe5cLXAdAHaJ/LtsBY
WCY/Z66afwwOfPSp/KOXcA2umxTYJusF1EJWb/2zNAW4kYCNnrL+ha1n0ll7WVv4
TqmgoyJl6Zp8aGnxcFVQ0pkh0VCFQOxRFZWSAnfFSGAl8ERWyUgiI6cmY2FNPr6r
oGW3RZ/rrJBTdbQBUP+if8VKu9wBAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP
BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRoJE96ipgtnKmI+iE2QhTKTCkYHDAN
BgkqhkiG9w0BAQsFAAOCAQEAMFqUbkReRhcXYb3X5SHswlLS0XmB4MjcpibHUa8J
haIU0VZuG+85wMwAdUAHgHVANxzyFf/fWEmHvVJzOzWQmBuzjENbzN9jscTXX0ZM
eAEVuq3LooAWI0Zu3VTwpwOpeckdJdbpcxCpnNoytQ+3fF9935R/rzMFd1q+7aLK
J5fwkGCUWV9AcLYvl2Njh23nFohhtHLn/xmzhTXzFlxQhI3t3FmmSuhL0hed1TZB
j375gCo8olmeEV1i/wpMfrbxnQjuVlsjv4TvuYZ20xtobV6xHq0hJdej8HXW+VsC
F79uOFqyAbuDYwVhxI+s8C+kRaTZKvbL+i2xW1sNHapGWQ==
AoIBAQC8JbBTGtxAi7QPiix8bQJ+UmusPaaAtwOlcdz24FzLpIIp1tGqDZSVIG/N
Ewt3Uujau4G5GO32mIJ52f1dhZHu5RU4Rhu707lKHM7sgQZTtMQUJuJ7YGcfmi77
SexBJvfNBAZScpZVbBDBzhLCDfjA89HwcGqjcxweSY6pXeHvwOVzwoZAoYJfw8vN
3hNnIHzMoraRlYdAetxGmA3/r3f3l3NfiIE1vZI3g0CAlTkY8ZaqT8Oo6ZIbFBYO
FIm1eCcNVdf6ZSzQOueKdIB+SFRNcnzdJYQpyWo1wuVTEZkNwp8jdpRK0xy2FBG3
cTUac0mtvhfc8k1llp+Gk7uesr3fAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP
BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQX1uJJuwcyp2vAJIzR8oyOhdnDCTAN
BgkqhkiG9w0BAQsFAAOCAQEAb98aC0nym9vd6udUiECJKdgeed/PY3lczppk4MUV
tmH+5kDk84ES+lRb4n+OcxswE8E2xi9/vuGujC9vrUOFF3mlDG/ekwH3SoA0yuYC
+aBPd1MAZNhNie4B5rSBWNhwUo4OjhW9ohfiZA6C/TRk3pQBT9bB0DiFkv3uatbs
odoUOT7jK7vh/Jz7fYI1bHbRr3iym8aH00wo8774ZVQJkMO3HPqm/92CBZo3/vuK
WngWzUucGmZcalA/bPUofmSe0LaX1qhLUl6FG5hFByyufob8qRd5aiCgwrp2IILR
gNpiE4OF0AaP9cWysSOld+vT9BzFIlKX1fS0Zn38a+00yg==
-----END CERTIFICATE-----
9 changes: 9 additions & 0 deletions integration/fixtures/gencerts.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,15 @@ cfssl gencert \
mv server.pem server.crt
mv server-key.pem server.key.insecure

# generate DNS: localhost, IP: 127.0.0.1, CN: example2.com certificates
cfssl gencert \
--ca ./ca.crt \
--ca-key ./ca-key.pem \
--config ./gencert.json \
./server-ca-csr2.json | cfssljson --bare ./server2
mv server2.pem server2.crt
mv server2-key.pem server2.key.insecure

# generate revoked certificates and crl
cfssl gencert --ca ./ca.crt \
--ca-key ./ca-key.pem \
Expand Down
Binary file modified integration/fixtures/revoke.crl
View file
Open in desktop
Binary file not shown.
20 changes: 20 additions & 0 deletions integration/fixtures/server-ca-csr2.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"O": "etcd",
"OU": "etcd Security",
"L": "San Francisco",
"ST": "California",
"C": "USA"
}
],
"CN": "example2.com",
"hosts": [
"127.0.0.1",
"localhost"
]
}
32 changes: 16 additions & 16 deletions integration/fixtures/server-revoked.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
MIIEEjCCAvqgAwIBAgIURDPBrQ3XYJ55Ks+mx1JQF+/vfHIwDQYJKoZIhvcNAQEL
MIIEEjCCAvqgAwIBAgIUOW5etKg/ZnxbCpjtVvMoLmYMXecwDQYJKoZIhvcNAQEL
BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzA4MjExMDE4MDBaFw0yNzA4MTkxMDE4
Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzA5MjkwNjU0MDBaFw0yNzA5MjcwNjU0
MDBaMHgxDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
ZWN1cml0eTEUMBIGA1UEAxMLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUqP4yxvMdKlQfnP51EYW7XEWKKWqdDmP4LnQN9L24NgS3
Z66TqhcwH6VSDfL0e3B1puJAEqCpGfJ3CSvRkwbFHIthyYuZ2n2OF2tA3VCN57PM
RoCgkGWum6q1gMlRiKLZP2C18oa3Z2ySVY3Mv4mJGqqK+I+c0yVpcnGy/zkGlVDJ
/yw7YcxrBpz/54XP2sVAua6t/uEnsVq/dAKczuwl7rJiH2fhlgj6xNoLuhwORxTE
Ka0SAVA/6MHWdP0PKCEdksv+PugoM6yhTxoY+r2bRmayQA6MfgS6w5A2x04+K+q5
APqSn8PrDYs2cUbEOWqvfEit9sQuZiFmK9HsbC/XAgMBAAGjgZwwgZkwDgYDVR0P
A4IBDwAwggEKAoIBAQDJb+66dOfF2/Q1Ppz825+uGxVpDIGHaP+H/EKgDELZZ+ev
0bUbsH9E28p+Ih87eV+hfu68kOgOZ7fLplN3uaSpG716sd/5ny32T/m/JS0hnZdR
bD1nvRPqxFPy1G1xM+JWeFRDbJQJ18t1Bt/KB3p+TRdo2aEaQgC2wrsTjv84MEbp
WJyI3uxmUaEStoPDskQyjI4Z5SKHHQqIuRzpo5KHMf9OqFRAm+pbe4aMsUBHOAH4
YsHr/gGrZUSIdGScBnosncUl6Ec9rEBe4cRf7ruyid+pwJOhCeXekSCcQjyqG2cV
xPWShUuCGhFstu6dkMprRplzwy7WXqCdqMk9ZVkBAgMBAAGjgZwwgZkwDgYDVR0P
AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
Af8EAjAAMB0GA1UdDgQWBBRBAOxGvg1O7ZArmCeW0VZwBGJz+DAfBgNVHSMEGDAW
gBRoJE96ipgtnKmI+iE2QhTKTCkYHDAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8A
AAEwDQYJKoZIhvcNAQELBQADggEBAAiEMC18ECecYQIxMZN4ZiKhghgtBOVawvf+
1hIU7jYfMnR8gII+nP6c1UxgWuV+4TEKdf6d37Jy83dhSkUputBqNVSpR1+sf9FE
f0QZWYEzgwgSsldNq0F+A7lWFcU/IyL9AK77sm6xmHx0RSSTKB4Omyp9Pyn6z+QT
avC+1OgjCaTMDKv6bajg8U+TbykEnfO8R0B9vDD4eIfNDNG0zrXNkiN0L00Hd8Uj
4HPB2Q9efIxjjEI58Cy61TTgzwuPbXW15xE17+UqHgKoKnKrgVTJLy5O+1RmfrOP
kLcLRvyHg/q8Vvq41DlD+TpiFD4CdB1nhcblA/NXMEovKysnJQ4=
Af8EAjAAMB0GA1UdDgQWBBSpFTakSu4EauEYmUFasPJu6CWbITAfBgNVHSMEGDAW
gBQX1uJJuwcyp2vAJIzR8oyOhdnDCTAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8A
AAEwDQYJKoZIhvcNAQELBQADggEBAENi+GFd6an867Jrgsgd5kbGkKOl0Mcr00H8
OQGuy5Zuy4lpLwHQ5YHaowsmxt+KOkpEG6raFmOMJh5Q3fY//nAFhtmikOuggw45
jQWT0uguB2NzdQfyo3BTLlwRbKVkfmoSDVtNPMYUR3AD6jhLVEoY/gDwCJHsm5/9
mPK0bgzTjnNRXfr0+cBmeOSpOvTtgvRhQMEvpbh0DAv71MSYY/XSWVng75QMRSf0
DuvuBAKmjfFw8rMcz0WkkN/QcMG3olxRyZt6gl7o6hlttO261+gfLY77s+YLYKr5
Sf9WAHWcnrgmfyUXHoVx1YA5HoDBKUuX0bI6ufCnqn9JMIPDSGs=
-----END CERTIFICATE-----
50 changes: 25 additions & 25 deletions integration/fixtures/server-revoked.key.insecure
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA1Kj+MsbzHSpUH5z+dRGFu1xFiilqnQ5j+C50DfS9uDYEt2eu
k6oXMB+lUg3y9HtwdabiQBKgqRnydwkr0ZMGxRyLYcmLmdp9jhdrQN1QjeezzEaA
oJBlrpuqtYDJUYii2T9gtfKGt2dsklWNzL+JiRqqiviPnNMlaXJxsv85BpVQyf8s
O2HMawac/+eFz9rFQLmurf7hJ7Fav3QCnM7sJe6yYh9n4ZYI+sTaC7ocDkcUxCmt
EgFQP+jB1nT9DyghHZLL/j7oKDOsoU8aGPq9m0ZmskAOjH4EusOQNsdOPivquQD6
kp/D6w2LNnFGxDlqr3xIrfbELmYhZivR7Gwv1wIDAQABAoIBAFVxwRDt1ui1BS/e
iG7JJ45sOJSWp3uLOKeTIpYo68GEEskOI5q5ELAJRwd9C00n+7uJ3gYYdez7u+wQ
B0chZ+ry2R3lOO4MV74rsrBRO/iITDmbajsZSYGqkiBzKnBUEfpv+I+ibnZqW7lA
HsVRgBVSXYuQ60L7o2CG1yAwY908ja1gyRi6QxFuaQv+SWMP2VpH24bLox9rmQZ2
xwTLViBHCdc9+IIHMAsJ84ViGu/oZ/wGlXTZMxgwsiCVS8tJ0ZjQT8QXZUnxj5yz
lJX6owzT1VfC/ZrbAms1lCQ4msVo6qX4QfA88JmW7y4YJrOEBINeJddO7TNyNMXC
o4xb28ECgYEA4f7A4NtYfNcl+FNRP3oOJBxc+V2fW5gSTYVMRlmE3UN6vvqpxLYe
BQATYjy66nPEFSvr72rbWaE3rmbdUyZJ0hXxgRvJsU9AYvg6Taw2/dLVf5xar6Di
VkVO+FqkX6eNuKnQfuqU55fHvSVnKiwpWZvoja86DpqdMW01srie9s8CgYEA8OUA
jheiEKjmzWfM8Bt0i0QpKf2+ga5u3XPd80spIWYnyZPLMYn4P4i7XAyKcuCEPm7+
sFvV0M6kiAx48ECffvQDDSpUxKi9h4JlPtF+A0w+U74fVu4rNHIIh5ZTPaDPRY2W
DztShe4rFNUygjYxqmsCqpH1ttZn6Ns3wI7/+HkCgYEAzrY/ZC0d1irQ/z/uXBpf
XuZWoHzjK1uAukmHx/1PyzdSyebrbBOMh9RW5o9YBOVY4GipSPe7pVMSZEKQhOLL
uQ77NLXfGYC9Cwm0AqHYNvkm8a9pP6XwASsqHX6DRT80IUmqfLxC8Ubimv7gSzHT
rLQv1ZEGkJ8Z00DqUgwO0v8CgYB6MA4aBM7FmIaJha8j0ylIQqiGjhiFes7tMQpR
j7wrHr/rtTWJySvMPjSauhm3rz4k1PQGzG4l3csC3yCw7HZ6VJb/pIsevWB1TaTB
Ok2qqo+qtnL7Cw+LKJQ/Afby+ZBo/SoyS6rOGEJt7L4T4h1LDcBqeGKj/Rjzuc4L
s/0OMQKBgQCkN2P07cPey72s5Lxsjg729OkwfyMRWUI72388tlI1FmmTefslQjXW
/DCGPDZkgVnB3MyBglTagZ0e8IwHzAyXtqS7uSz6sSwyZ05Y7kXf6uJLBNxG0nBE
j3qRHjGzcF175gemyoiO8LxjTC/pAcazQrgCmM3oEZukG9Q42MviIA==
MIIEpAIBAAKCAQEAyW/uunTnxdv0NT6c/NufrhsVaQyBh2j/h/xCoAxC2Wfnr9G1
G7B/RNvKfiIfO3lfoX7uvJDoDme3y6ZTd7mkqRu9erHf+Z8t9k/5vyUtIZ2XUWw9
Z70T6sRT8tRtcTPiVnhUQ2yUCdfLdQbfygd6fk0XaNmhGkIAtsK7E47/ODBG6Vic
iN7sZlGhEraDw7JEMoyOGeUihx0KiLkc6aOShzH/TqhUQJvqW3uGjLFARzgB+GLB
6/4Bq2VEiHRknAZ6LJ3FJehHPaxAXuHEX+67sonfqcCToQnl3pEgnEI8qhtnFcT1
koVLghoRbLbunZDKa0aZc8Mu1l6gnajJPWVZAQIDAQABAoIBABamUFiE1p7HyaDH
Bo3kAANqpjCmqFXad4kJ00/9sPKTHVkGom+Xm+fZMt6V5Z8hWaBmDmADhyQ/g0oR
zKbUp/Af32FRaNa/kEJ24aUdgAKcnqwYGJt2hivKoYnXWur0o4mHhCoEpmyo6Aaj
nDwyNRLIhk5S0iuKqlvib3iWhpoBmEnDE+0ydoBn1QHiiziFsGaAEi48CcXMpCHt
WDXXtCHndd8qb1PJ4ertDg+9lCyx1QGLM2ckfK1NoAx3VyAHFfz8dbDL8L3fTBP1
QTPTD4NcjShUHadKPc8K20jp21BWPLCMKUPoR2jPZmAyrN8Ka+IuWmlM2qsozO87
65/+GvUCgYEAy9H10i1v7GZ043T546Dt8beB+Gb/fiUOxZ1lpY1tvsFURqryHTAV
M7jhkgCe/YAQvm9pPz9ku88IxQIGNn9/URXFYyJgdTptaP0F5YOb+INYi+0TogCs
k28JGjnqEou7YyYwt2ehvcJuKq8Ue2dmsGq3lzdMEd/qWFn1U6f2cGsCgYEA/QHM
sG51KNLcufGLrErlFbasfB6Vdi8ui4+YdJMRYr3+hhIj1nqvTNLJcgkdEWcYwLm1
NpTXHdjyQCfseYT79M2HK/MBzxncJXgdoMb71LakZzIWc0Mx9oDg2BVj3TKBVIpZ
/XqiIIXNElqE6yT1Os+INr2Vyi0wOR3W3Uk5B0MCgYEAva3RtR1v8XKQCTXNcFdN
2QtMOx2vW3elPaby95Scs0873OAtnZgnwxCla7iEPao26uLH8YJPfrB3ms/9dC5H
D/DQ1ycg2Tfcpj4ChMtsFWQ2vVGOWc+Cy1okAHIxMb00UFs0LxqUXQJagAKbbxSV
bkyCOonNkzzs2/gr5QSExa0CgYEAwhZ2UsZ5pBaWcyJkNojB0nVvPkwr9hzdxPwk
RRFpHemIbotN6MP25KUzGgL5xJblOzt7U2K8303FEQhPdS1aJ4LfdgyWT6yT4D6T
4/mhyJ1P40ZeSI+8rVBSrBFEqbSL2DHGNRi1dOOP3MuJ+eVBJpt78Bph5VXjD33f
jaQVVocCgYA5L4p7EBuJ7/3IGk6lwIsxmB2SIsnQ+wQuZfirMHBm9zDiBHxPd5is
P5uPUVlponNDbtawPOmgP/IpfEQSQc+RC24R8GjAKzwkdoLcw2DubOKg842AI2+z
tWSWXcXQzLJo9L+tJ/70C/8yeBfYry6LmLBnCptY3r0FiaTndbOoGA==
-----END RSA PRIVATE KEY-----
32 changes: 16 additions & 16 deletions integration/fixtures/server-wildcard.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
MIIEDzCCAvegAwIBAgIURS07kZUkWQknBcWAsV6hTZlsQ6YwDQYJKoZIhvcNAQEL
MIIEDzCCAvegAwIBAgIUNDzcFXOAhXxTYih49LOUFsErYIgwDQYJKoZIhvcNAQEL
BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzA4MjExMDE4MDBaFw0yNzA4MTkxMDE4
Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzA5MjkwNjU0MDBaFw0yNzA5MjcwNjU0
MDBaMHgxDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
ZWN1cml0eTEUMBIGA1UEAxMLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDffZw2JmSt4IWN4Ez0eOTPniGEJx6u7mDpBl2kwzfbpva4
ijz1I7tQNh2DGZjuttAkWtCORlQ+oO0gQNaLHvToPZoLKeshnbpI1RYYzwSnvvkH
zLZrj4zALMuEaiX9Z8I2PP03TYZytwikJ5ZCa1YT5aIQR/IZG4WCkhfDNqaItTlp
nFQDMx1RnEaK7z/fNKkf8p3n8DF/+P0TO8qeI3YrmUZ6u4ca8J0ZCnoSRXTOYroL
o0HqGFjV0ECrHEIbPtOYoJssCk2SWuaJd4HDGqJFlJdeDAaG2UumGlPAkuAHf2va
FJd7eHbuaDLWtDi1YYQ4103MEYwwRG8NARvQQnedAgMBAAGjgZkwgZYwDgYDVR0P
A4IBDwAwggEKAoIBAQDCE0C//qA88O5ivLTvjUO4RDJHfHAB8nanCxxz4Bu8Cucg
PnRpFetzI7YqO3jQadTDXOjYDp/frfB6ifQRS22Ggc98IWQ4V06B893wgac48tkF
m8tocD+wZ+eYoHN+1LU7JERTsKGwNtSm6G/KQp1d2r4ISg8GoB5KmHrOIHmKFbQH
7cLiB+pARKk52+JRrKHfezGr5PjNzdgUml7fcKQWoBfl4pdgIcfWIRhggscGytk2
BTO5qLJU/6jQNnLlyypMabv7vh22pbUWNdoK2KJRKqMzIYbPkLjDTVF+BgB6Nr5M
znPPTDaXuRsoRVPDghnVfur2ckLo26+4fzTwdYHLAgMBAAGjgZkwgZYwDgYDVR0P
AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
Af8EAjAAMB0GA1UdDgQWBBTThlDqYBWEcolK4U5GP3ZjZJAeujAfBgNVHSMEGDAW
gBRoJE96ipgtnKmI+iE2QhTKTCkYHDAXBgNVHREEEDAOggwqLmV0Y2QubG9jYWww
DQYJKoZIhvcNAQELBQADggEBAARV6YV+ksoqHZQifrmjyBk1HXsuJArC++h5xvGl
kBnY1J3lNYybRcEMQRMWuqyb5v47bjEiqErgLH+X/CPWcoAUjgWHIrcUIplJPjFf
aEM27L4MhfuIsi5HaKsBeJVaogHblCe3QleECE8WaJpuDjmOTth0EGviLy6xzk6W
Q9oNV4cXW2OwSMymdMbn41vjQaJdNFkBZkBa+ObaGou9xJEkjBZ/+CEpgQsmtNqq
hIQLli1WpITx+E2C2U1wQB+8vhA2xiwWq2aHuj/Umv+QpFL3CSqPh/NQY1I6NXpW
WGDhEeeB5/Nwq8VvtLWrqxO7fPRkzecwVZJ2CAXKqMXLBUA=
Af8EAjAAMB0GA1UdDgQWBBTRXWxQWNLQVwbMn5/MDsMJw17jWDAfBgNVHSMEGDAW
gBQX1uJJuwcyp2vAJIzR8oyOhdnDCTAXBgNVHREEEDAOggwqLmV0Y2QubG9jYWww
DQYJKoZIhvcNAQELBQADggEBAA5Z/HhcTnERJn08LXKjSzvhC1YL3yBlCF1vccXz
XshuMNF5VmpfMAwNIRhlH8x1aQyLoB56UGpF+Y91N/aqkTsjxmsrW8eJzGSIbC2n
ZE9IXqv4DdB3jWHMOr9v+5eXXdp/i2HcWBxqoUVT82NsObl/a7yQiVeKLdGdS2MJ
UQ5amLVgIgB2ADI3myESaBA5yPEFuFPDCEznKCFr/+iN23oYvjhFEuDpI4kNGuGu
No1ukQr5s+mmbkoKhHymc8ri/93H+lRCDOfN3IZJrejpI5Z3JtQplCVph+naF1oM
zSc2sGUYYStqciJJhw/270nTwhQ9LgNDmTSCvU8bX4rx/z4=
-----END CERTIFICATE-----
50 changes: 25 additions & 25 deletions integration/fixtures/server-wildcard.key.insecure
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA332cNiZkreCFjeBM9Hjkz54hhCceru5g6QZdpMM326b2uIo8
9SO7UDYdgxmY7rbQJFrQjkZUPqDtIEDWix706D2aCynrIZ26SNUWGM8Ep775B8y2
a4+MwCzLhGol/WfCNjz9N02GcrcIpCeWQmtWE+WiEEfyGRuFgpIXwzamiLU5aZxU
AzMdUZxGiu8/3zSpH/Kd5/Axf/j9EzvKniN2K5lGeruHGvCdGQp6EkV0zmK6C6NB
6hhY1dBAqxxCGz7TmKCbLApNklrmiXeBwxqiRZSXXgwGhtlLphpTwJLgB39r2hSX
e3h27mgy1rQ4tWGEONdNzBGMMERvDQEb0EJ3nQIDAQABAoIBAC1+p3cKd8JBi05n
U6MMnR96hD4frIpVslqdViC9MLjBE0Zbta79WBsq+PUAF/a4NkTAS+Y6gNnC7qJ7
MHFfmuFP8PTG0rukHRDId9gTBFKVeKJS1OuubCuOsttAtH0SSyG5Zp6EZJMjmVm5
SUg6C2q/ey8vRiRASvxaewXdMSdww1lYKrcBvz1zhDbDdnx8lBzkL9d8v6xQu6YV
R62qpn0j0T6FKsGQQcFc/CLKTYE00BBfMoAoVSxcpD6yO26uWzFrTj1JAnQPPZpX
awylWuOYOHhto54m95zbw7JLxZYgtLtZz7BUrJuSucKhMtUpWaUfK7QavXnRw57f
TyWtZMECgYEA6q9ByCK06zVaTCg54Fy5mIHmEdhSVx7F13ysW24XP0UCqwuO3xV5
j3ekQ/OZkmaxtH8qUSByUbblmpoeekOaUSggC8KiHLfNHQ2aAFEueWsryj/0yH7o
HYYijUhtKZ2MXEciOIrTBYXjtEIW1OXKHnoqCWVnsE/upn6pHjfh0FECgYEA88oU
KP4rXxXkQ/00fsT9ChpyARnLbHu2Df09560ddlzYEpJ0fpj4a0yR4Dv71tMHSkLI
IsmOSOMgmK9oAh7z72EpH2T4NYPr6lfnnFjCDHlA5/g6lmZ0quAtL8vhBLAFnofd
QyHqo7x2f9IsfgkKJrM0kmsHs3QfuDuyvB9rS40CgYEA1ZQX3sbPNbvBaMu3GFvq
wEN/mT/wd77WuGyLA05ms7rfWcDUDmwhzBJLGVhJq/Xvxd9xKJHJ2FoGDTQzhnud
pjxJJcrE9DPF5KnrPFylWfTRzmd0Iz9ziOL48PE3/4aVJanLGAAnWcBm4TbARpK1
5hSxywlRWyDzhOyChrC+vnECgYEA0K5jMW/Yam1P1w8Qd49h1tsqSVzuL695+GGV
MxKRzLbO0p8BDzkcNKT3nc1a1toPPHcL4BNOM4AQcAJ98orSXk96JwCEIzMIp7GV
ddTYTlsgvzBR3lpXdcmthGNt+1g9hyVftk57DquNd/7NzRkp0lTGJKtvjSJS4J5h
cf0nGCUCgYEApa0Va1GsR80Enf6U6HY9nwj2YtUYax7KtiZcD2ih+51cscphrOG7
pHUn6BxwndQsOdkT0YWB0uUYCIA1Yi9DKH9IB1H9HWr8ySU3Q4ngDwEWB5RK3lTE
4EAdnPWYymFIC0O2RLGxLe0q2S4zuzptdknKZkeWVJj/SdlC8ZzrJTA=
MIIEogIBAAKCAQEAwhNAv/6gPPDuYry0741DuEQyR3xwAfJ2pwscc+AbvArnID50
aRXrcyO2Kjt40GnUw1zo2A6f363weon0EUtthoHPfCFkOFdOgfPd8IGnOPLZBZvL
aHA/sGfnmKBzftS1OyREU7ChsDbUpuhvykKdXdq+CEoPBqAeSph6ziB5ihW0B+3C
4gfqQESpOdviUayh33sxq+T4zc3YFJpe33CkFqAX5eKXYCHH1iEYYILHBsrZNgUz
uaiyVP+o0DZy5csqTGm7+74dtqW1FjXaCtiiUSqjMyGGz5C4w01RfgYAeja+TM5z
z0w2l7kbKEVTw4IZ1X7q9nJC6NuvuH808HWBywIDAQABAoIBAEar7iM8HKu0bIqF
/zlQbr2WD90aQktjOLPhhu3nSRIzwjBqrcdqlP+rnHVKjNcQAstVdPDgenVgiLaG
r9rwZaTadmzUWANwP4VxAXvIKtXBEShKsEqKvZaGb76ThxtDZ+9uaHc1VduuS8ev
0q2LjnST6ClqlogqHH27gtS23KtcUzjFpZS2060+yOPof7xvTe0/qY6vHHqhdTTr
SnkUNfMs0sdhobUv2nAqIKdLV3DnUn3z5FbJqluUXIaxPnGghjUmWXl+NQNg6iwV
DX9tINTt4DsWnPWpC38x+4razj5NxOmdVouFyHHBW2NiZFkszds3hO2YBM1DTqUS
2b9RI5ECgYEA0W7s5YcqtzILR3SrlCGzqfeDrUv8YkVAq7Yuneb8O/jvCh85GbPU
RTeUTbQlh2D8znVtb5wwwA10NCUjBowUwy0LSGqz0uOwi/kQ9skIxNp9VEDlihw+
WUbt3seLA6mGd+u/ZVH0jb6rXgc5du7lxmTCPQ6WO9XNkYES6IAjpEkCgYEA7Toi
mOmrFuK7Xs1bxmqYXikmCA4/VeftCtUI6TQcaarRi+FpK7s9TkV3guI2wJKroCI3
F1aycy7rJnUDpHF+n8k8YDH92rA5cVw6KfQhianhT6pSeGw+nLaHjybfz0Rj0jvV
WrTcpIIlRbVGQ2gjNPx2hezIo8LDKKDafQJDDXMCgYApTcQgvFibSp5Y2FSiYUcq
pSrt+Ydr5haMBuEIuS5TsZOLHn9HZ2TcxcpUzMt9+I3DNfuAQICIz950DkLrHqNV
nsOT459VXxxJbrR+x0UYdbKz9ByQ8WMGfmuZPSdYcI2Zhv/3PoOJlOn9IFWf9BuS
1fpMylysrkzdfmQ5QFRHKQKBgD+uoIT+DVCqcvQjGqTsDpUQZMY61OPBy89hmu/H
bm0rTu9HBo2XyQBPA6MeCOavOOVW6gUY3/StvrBnLyAg24YXZl7IbMYdEn6M7IxA
nhQvh210YokzPaeiFEfofqJMUKOqLj8YWDbNPSY2YHNN7E2YDFUtWDsl2G/6pkxy
o/9jAoGAYEPMOLHdj5KnZvk7Dk0g0rfe6b35FBnWsHlkXegbMvRWWxbzO/drpJen
GQKEFBb7bVkUDNzDudyZLZ6UJfrZe8Gl80YKND2qC14fct2nqF4LaY5W06RqZeMf
VaPxzmsk0iElzD+fTYTaEEpUgBebV1Hr+lX6MFK8euSUYQKxkfg=
-----END RSA PRIVATE KEY-----
Loading