diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown index e5b16635784b..7cb4b982d2c5 100644 --- a/doc/api/tls.markdown +++ b/doc/api/tls.markdown @@ -117,9 +117,9 @@ automatically set as a listener for the [secureConnection][] event. The conjunction with the `honorCipherOrder` option described below to prioritize the non-CBC cipher. - Defaults to `AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH`. + Defaults to `ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH`. Consult the [OpenSSL cipher list format documentation] for details on the - format. ECDH (Elliptic Curve Diffie-Hellman) ciphers are not yet supported. + format. `AES128-GCM-SHA256` is used when node.js is linked against OpenSSL 1.0.1 @@ -129,6 +129,17 @@ automatically set as a listener for the [secureConnection][] event. The acceptable cipher. Unfortunately, `AES256-SHA` is a CBC cipher and therefore susceptible to BEAST attacks. Do *not* use it. + - `ecdhCurve`: A string describing a named curve to use for ECDH ciphers or + false to disable all ECDH ciphers. + + This is required to support ECDH (Elliptic Curve Diffie-Hellman) ciphers. + ECDH ciphers are a newer alternative to RSA. The advantages of ECDH over + RSA is that it offers [Forward secrecy]. Forward secrecy means that for an + attacker it won't be possible to decrypt your previous data exchanges if + they get access to your private key. + + Defaults to `prime256v1`. Consult [RFC 4492] for more details. + - `handshakeTimeout`: Abort the connection if the SSL/TLS handshake does not finish in this many milliseconds. The default is 120 seconds. @@ -629,3 +640,5 @@ The numeric representation of the local port. [SSL_METHODS]: http://www.openssl.org/docs/ssl/ssl.html#DEALING_WITH_PROTOCOL_METHODS [tls.Server]: #tls_class_tls_server [SSL_CTX_set_timeout]: http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html +[RFC 4492]: http://www.rfc-editor.org/rfc/rfc4492.txt +[Forward secrecy]: http://en.wikipedia.org/wiki/Perfect_forward_secrecy diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index 23216cebfa17..6dd50309f21e 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -478,6 +478,8 @@ function Server(/* [options], listener */) { cert: self.cert, ca: self.ca, ciphers: self.ciphers || tls.DEFAULT_CIPHERS, + ecdhCurve: util.isUndefined(self.ecdhCurve) ? + tls.DEFAULT_ECDH_CURVE : self.ecdhCurve, secureProtocol: self.secureProtocol, secureOptions: self.secureOptions, crl: self.crl, @@ -580,6 +582,8 @@ Server.prototype.setOptions = function(options) { if (options.secureProtocol) this.secureProtocol = options.secureProtocol; if (options.crl) this.crl = options.crl; if (options.ciphers) this.ciphers = options.ciphers; + if (!util.isUndefined(options.ecdhCurve)) + this.ecdhCurve = options.ecdhCurve; if (options.sessionTimeout) this.sessionTimeout = options.sessionTimeout; var secureOptions = options.secureOptions || 0; if (options.honorCipherOrder) { diff --git a/lib/crypto.js b/lib/crypto.js index 9cfc09e3c0eb..9ca102edbbfc 100644 --- a/lib/crypto.js +++ b/lib/crypto.js @@ -99,6 +99,8 @@ exports.createCredentials = function(options, context) { if (options.ciphers) c.context.setCiphers(options.ciphers); + if (options.ecdhCurve) c.context.setECDHCurve(options.ecdhCurve); + if (options.ca) { if (util.isArray(options.ca)) { for (var i = 0, len = options.ca.length; i < len; i++) { diff --git a/lib/tls.js b/lib/tls.js index ab8d665a2611..3004c32d2b46 100644 --- a/lib/tls.js +++ b/lib/tls.js @@ -27,6 +27,8 @@ exports.DEFAULT_CIPHERS = 'ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:' + // TLS 1.2 'RC4:HIGH:!MD5:!aNULL:!EDH'; // TLS 1.0 +exports.DEFAULT_ECDH_CURVE = 'prime256v1'; + // Allow {CLIENT_RENEG_LIMIT} client-initiated session renegotiations // every {CLIENT_RENEG_WINDOW} seconds. An error event is emitted if more // renegotations are seen. The settings are applied to all remote client diff --git a/src/node_crypto.cc b/src/node_crypto.cc index aa08fd8bf1e1..ecd4e4902ecc 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -205,6 +205,7 @@ void SecureContext::Initialize(Environment* env, Handle target) { NODE_SET_PROTOTYPE_METHOD(t, "addCRL", SecureContext::AddCRL); NODE_SET_PROTOTYPE_METHOD(t, "addRootCerts", SecureContext::AddRootCerts); NODE_SET_PROTOTYPE_METHOD(t, "setCiphers", SecureContext::SetCiphers); + NODE_SET_PROTOTYPE_METHOD(t, "setECDHCurve", SecureContext::SetECDHCurve); NODE_SET_PROTOTYPE_METHOD(t, "setOptions", SecureContext::SetOptions); NODE_SET_PROTOTYPE_METHOD(t, "setSessionIdContext", SecureContext::SetSessionIdContext); @@ -590,6 +591,33 @@ void SecureContext::SetCiphers(const FunctionCallbackInfo& args) { } +void SecureContext::SetECDHCurve(const FunctionCallbackInfo& args) { + HandleScope scope(node_isolate); + + SecureContext* sc = WeakObject::Unwrap(args.This()); + + if (args.Length() != 1 || !args[0]->IsString()) + return ThrowTypeError("First argument should be a string"); + + String::Utf8Value curve(args[0]); + + int nid = OBJ_sn2nid(*curve); + + if (nid == NID_undef) + return ThrowTypeError("First argument should be a valid curve name"); + + EC_KEY* ecdh = EC_KEY_new_by_curve_name(nid); + + if (!ecdh) + return ThrowTypeError("First argument should be a valid curve name"); + + SSL_CTX_set_options(sc->ctx_, SSL_OP_SINGLE_ECDH_USE); + SSL_CTX_set_tmp_ecdh(sc->ctx_, ecdh); + + EC_KEY_free(ecdh); +} + + void SecureContext::SetOptions(const FunctionCallbackInfo& args) { HandleScope scope(node_isolate); diff --git a/src/node_crypto.h b/src/node_crypto.h index 9d8ade3a16d0..1eddb7b3cdb2 100644 --- a/src/node_crypto.h +++ b/src/node_crypto.h @@ -83,6 +83,7 @@ class SecureContext : public WeakObject { static void AddCRL(const v8::FunctionCallbackInfo& args); static void AddRootCerts(const v8::FunctionCallbackInfo& args); static void SetCiphers(const v8::FunctionCallbackInfo& args); + static void SetECDHCurve(const v8::FunctionCallbackInfo& args); static void SetOptions(const v8::FunctionCallbackInfo& args); static void SetSessionIdContext( const v8::FunctionCallbackInfo& args); diff --git a/test/fixtures/keys/agent1-cert.pem b/test/fixtures/keys/agent1-cert.pem index 816f6fbf17c6..9616eb0b03c8 100644 --- a/test/fixtures/keys/agent1-cert.pem +++ b/test/fixtures/keys/agent1-cert.pem @@ -1,14 +1,16 @@ -----BEGIN CERTIFICATE----- -MIICKjCCAZMCCQDQ8o4kHKdCPDANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJV +MIICbjCCAdcCCQCahKvPuKcqtTANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJV UzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNGMQ8wDQYDVQQKEwZKb3llbnQxEDAO BgNVBAsTB05vZGUuanMxDDAKBgNVBAMTA2NhMTEgMB4GCSqGSIb3DQEJARYRcnlA -dGlueWNsb3Vkcy5vcmcwHhcNMTEwMzE0MTgyOTEyWhcNMzgwNzI5MTgyOTEyWjB9 +dGlueWNsb3Vkcy5vcmcwHhcNMTMwODAxMTExODU5WhcNNDAxMjE2MTExODU5WjB9 MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNGMQ8wDQYDVQQK EwZKb3llbnQxEDAOBgNVBAsTB05vZGUuanMxDzANBgNVBAMTBmFnZW50MTEgMB4G -CSqGSIb3DQEJARYRcnlAdGlueWNsb3Vkcy5vcmcwXDANBgkqhkiG9w0BAQEFAANL -ADBIAkEAnzpAqcoXZxWJz/WFK7BXwD23jlREyG11x7gkydteHvn6PrVBbB5yfu6c -bk8w3/Ar608AcyMQ9vHjkLQKH7cjEQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAKha -HqjCfTIut+m/idKy3AoFh48tBHo3p9Nl5uBjQJmahKdZAaiksL24Pl+NzPQ8LIU+ -FyDHFp6OeJKN6HzZ72Bh9wpBVu6Uj1hwhZhincyTXT80wtSI/BoUAW8Ls2kwPdus -64LsJhhxqj2m4vPKNRbHB2QxnNrGi30CUf3kt3Ia +CSqGSIb3DQEJARYRcnlAdGlueWNsb3Vkcy5vcmcwgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBAMNQTWAcktNJlmpEbu0xKJzjpI0MJfWZauUg5GXD6/CXRGOEQ/Im +uqG7Ar23LrFK/y2goHCF+/ffJKaFzJ4iuv2nAlly/HTriQJUtP/dxacfqrC5A1GH +EYAA/S1VShPUtpljADZWyEemWBzZacC2SQ5cChkXTmqJ9t3wYBSw/guHAgMBAAEw +DQYJKoZIhvcNAQEFBQADgYEAbuPFhXlMbdYX0XpcPiiRamvO2Qha2GEBRSfqg1Qe +fZo5oRXlOd+QVh4O8A3AFY06ERKE72Ho01B+KM2MwpJk0izQhmC4a0pks0jrBuyW +dGoVczyK8eCtbw3Y2uiALV+60EidhCbOqml+3kIDVF0cXkCYi5FVbHRTls7wL0gR +Fe0= -----END CERTIFICATE----- diff --git a/test/fixtures/keys/agent1-csr.pem b/test/fixtures/keys/agent1-csr.pem index 748fd0003675..7f1677a2f57e 100644 --- a/test/fixtures/keys/agent1-csr.pem +++ b/test/fixtures/keys/agent1-csr.pem @@ -1,10 +1,13 @@ -----BEGIN CERTIFICATE REQUEST----- -MIIBXTCCAQcCAQAwfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQswCQYDVQQH +MIIB4jCCAUsCAQAwfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQswCQYDVQQH EwJTRjEPMA0GA1UEChMGSm95ZW50MRAwDgYDVQQLEwdOb2RlLmpzMQ8wDQYDVQQD -EwZhZ2VudDExIDAeBgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMub3JnMFwwDQYJ -KoZIhvcNAQEBBQADSwAwSAJBAJ86QKnKF2cVic/1hSuwV8A9t45URMhtdce4JMnb -Xh75+j61QWwecn7unG5PMN/wK+tPAHMjEPbx45C0Ch+3IxECAwEAAaAlMCMGCSqG -SIb3DQEJBzEWExRBIGNoYWxsZW5nZSBwYXNzd29yZDANBgkqhkiG9w0BAQUFAANB -AF+AfG64hNyYHum46m6i7RgnUBrJSOynGjs23TekV4he3QdMSAAPPqbll8W14+y3 -vOo7/yQ2v2uTqxCjakUNPPs= +EwZhZ2VudDExIDAeBgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMub3JnMIGfMA0G +CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDUE1gHJLTSZZqRG7tMSic46SNDCX1mWrl +IORlw+vwl0RjhEPyJrqhuwK9ty6xSv8toKBwhfv33ySmhcyeIrr9pwJZcvx064kC +VLT/3cWnH6qwuQNRhxGAAP0tVUoT1LaZYwA2VshHplgc2WnAtkkOXAoZF05qifbd +8GAUsP4LhwIDAQABoCUwIwYJKoZIhvcNAQkHMRYTFEEgY2hhbGxlbmdlIHBhc3N3 +b3JkMA0GCSqGSIb3DQEBBQUAA4GBAFRwfX09wCEqB5fOGTLSAQqK7/Tm47t8TcFy +PsCoHcYSHCSSthknJgdnK9nQaVVVqVpDRgmUFmcWC27JOAFQLt79FqOYNLGrmvR/ +ZaRbz3BBi4TBHClalnyBBzaYJJQz16qbT4j48TmzRQvBGR/gT2FpPoLVDWKU+U6E +oU6hMCpb -----END CERTIFICATE REQUEST----- diff --git a/test/fixtures/keys/agent1-key.pem b/test/fixtures/keys/agent1-key.pem index 5dae7eb99d54..29df32186284 100644 --- a/test/fixtures/keys/agent1-key.pem +++ b/test/fixtures/keys/agent1-key.pem @@ -1,9 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIIBOwIBAAJBAJ86QKnKF2cVic/1hSuwV8A9t45URMhtdce4JMnbXh75+j61QWwe -cn7unG5PMN/wK+tPAHMjEPbx45C0Ch+3IxECAwEAAQJBAI2cU1IuR+4IO87WPyAB -76kruoo87AeNQkjjvuQ/00+b/6IS45mcEP5Kw0NukbqBhIw2di9uQ9J51DJ/ZfQr -+YECIQDUHaN3ZjIdJ7/w8Yq9Zzz+3kY2F/xEz6e4ftOFW8bY2QIhAMAref+WYckC -oECgOLAvAxB1lI4j7oCbAaawfxKdnPj5AiEAi95rXx09aGpAsBGmSdScrPdG1v6j -83/2ebrvoZ1uFqkCIB0AssnrRVjUB6GZTNTyU3ERfdkx/RX1zvr8WkFR/lXpAiB7 -cUZ1i8ZkZrPrdVgw2cb28UJM7qZHQnXcMHTXFFvxeQ== +MIICXAIBAAKBgQDDUE1gHJLTSZZqRG7tMSic46SNDCX1mWrlIORlw+vwl0RjhEPy +JrqhuwK9ty6xSv8toKBwhfv33ySmhcyeIrr9pwJZcvx064kCVLT/3cWnH6qwuQNR +hxGAAP0tVUoT1LaZYwA2VshHplgc2WnAtkkOXAoZF05qifbd8GAUsP4LhwIDAQAB +AoGAJI+nrFIs+fhQe9wLl8MYAyZp6y1W/b6WUAX0O0iNph/q4WYlAfNWBGhpfvIH +f5C2a+ghoG60WBYhWjq5rvB5aCX/DchIATuaVHgaWcBf7y9NXnWDH9JMtDOTaVI6 +s7inJwjqIJAHbloa82NGuwz/EN4Ncng6wTmf1gbF6UtOqGECQQD15UNAtpRqpGPz +xPAZwT3TkY4gYLlZvqn21r/92P5XVbTJXyBTo9pwY4F7o/pNZAQcq3sPUrZW7T4X +t8nPT4RrAkEAy1bvewVS3U10V8ffzCl7F5WiaTEMa39F4e0QqBKOXdnDS2T1FJZl +VSVSXiVMd4qFQf4IVgBZCwihS1hpPSo8VQJBAL7vpBY27+4S8k4SaUIGbITBLHR1 +xtcqFv5F6NUrTuvv8C7Bf++Sdwb4LU4dmTnI5OyCN09Bsba0B5gRLVKd8zsCQAu4 +AetEHkd0zEy2zzYT+e0dCZQoaH/VgPCJWhlloGDWSQQSWHGMTWC/2uRkH+kPyahI +/LAAKyGQqMMP4FjPE1UCQAyPkF3dJy+KRZSQ2rz0bpBVGoUV31hl+SvMigCy0yUy +QwvJxgN14LQJP+pCcuJGaSdiPsOjxqhPX7KMg3SiSlA= -----END RSA PRIVATE KEY----- diff --git a/test/fixtures/keys/agent2-cert.pem b/test/fixtures/keys/agent2-cert.pem index 8e4354db4ed0..7538cfb9b048 100644 --- a/test/fixtures/keys/agent2-cert.pem +++ b/test/fixtures/keys/agent2-cert.pem @@ -1,13 +1,16 @@ -----BEGIN CERTIFICATE----- -MIIB7DCCAZYCCQC7gs0MDNn6MTANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJV +MIICcTCCAdoCCQDTgzSLdDTF0TANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJV UzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNGMQ8wDQYDVQQKEwZKb3llbnQxEDAO BgNVBAsTB05vZGUuanMxDzANBgNVBAMTBmFnZW50MjEgMB4GCSqGSIb3DQEJARYR -cnlAdGlueWNsb3Vkcy5vcmcwHhcNMTEwMzE0MTgyOTEyWhcNMzgwNzI5MTgyOTEy +cnlAdGlueWNsb3Vkcy5vcmcwHhcNMTMwODAxMTExOTAwWhcNNDAxMjE2MTExOTAw WjB9MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNGMQ8wDQYD VQQKEwZKb3llbnQxEDAOBgNVBAsTB05vZGUuanMxDzANBgNVBAMTBmFnZW50MjEg -MB4GCSqGSIb3DQEJARYRcnlAdGlueWNsb3Vkcy5vcmcwXDANBgkqhkiG9w0BAQEF -AANLADBIAkEAyXb8FrRdKbhrKLgLSsn61i1C7w7fVVVd7OQsmV/7p9WB2lWFiDlC -WKGU9SiIz/A6wNZDUAuc2E+VwtpCT561AQIDAQABMA0GCSqGSIb3DQEBBQUAA0EA -C8HzpuNhFLCI3A5KkBS5zHAQax6TFUOhbpBCR0aTDbJ6F1liDTK1lmU/BjvPoj+9 -1LHwrmh29rK8kBPEjmymCQ== +MB4GCSqGSIb3DQEJARYRcnlAdGlueWNsb3Vkcy5vcmcwgZ8wDQYJKoZIhvcNAQEB +BQADgY0AMIGJAoGBAKGYRnu2BdY2R8flqKPLICWO/7NoRVGH4KZBY1uBF/VYXyA2 +VT5O7461mt6oA372BItGyNxdbMEvQBRcLiXTueKF5D+KYu30bWem6A/AxxYvnqU4 +tP+uhsXNuGNQTp8i0vBDM/nUx7QGeP1Kda6C936PCNt7wbGPKPNyACNMbnptAgMB +AAEwDQYJKoZIhvcNAQEFBQADgYEATzjDAPocPA2Jm8wrLBW+fOC478wMo9gT3Y3N +ZU6fnF2dEPFLNETCMtDxnKhi4hnBpaiZ0fu0oaR1cSDRIVtlyW4azNjny4495C0F +JLuP5P5pz+rJe+ImKw+mO1ARA9fUAL3VN6/kVXY/EspwWJcLbJ5jdsDmkRbV52hX +Th4jkAI= -----END CERTIFICATE----- diff --git a/test/fixtures/keys/agent2-csr.pem b/test/fixtures/keys/agent2-csr.pem index a670c4c632b3..30d06a37ebb0 100644 --- a/test/fixtures/keys/agent2-csr.pem +++ b/test/fixtures/keys/agent2-csr.pem @@ -1,10 +1,13 @@ -----BEGIN CERTIFICATE REQUEST----- -MIIBXTCCAQcCAQAwfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQswCQYDVQQH +MIIB4jCCAUsCAQAwfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQswCQYDVQQH EwJTRjEPMA0GA1UEChMGSm95ZW50MRAwDgYDVQQLEwdOb2RlLmpzMQ8wDQYDVQQD -EwZhZ2VudDIxIDAeBgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMub3JnMFwwDQYJ -KoZIhvcNAQEBBQADSwAwSAJBAMl2/Ba0XSm4ayi4C0rJ+tYtQu8O31VVXezkLJlf -+6fVgdpVhYg5QlihlPUoiM/wOsDWQ1ALnNhPlcLaQk+etQECAwEAAaAlMCMGCSqG -SIb3DQEJBzEWExRBIGNoYWxsZW5nZSBwYXNzd29yZDANBgkqhkiG9w0BAQUFAANB -AJnll2pt5l0pzskQSpjjLVTlFDFmJr/AZ3UK8v0WxBjYjCe5Jx4YehkChpxIyDUm -U3J9q9MDUf0+Y2+EGkssFfk= +EwZhZ2VudDIxIDAeBgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMub3JnMIGfMA0G +CSqGSIb3DQEBAQUAA4GNADCBiQKBgQChmEZ7tgXWNkfH5aijyyAljv+zaEVRh+Cm +QWNbgRf1WF8gNlU+Tu+OtZreqAN+9gSLRsjcXWzBL0AUXC4l07niheQ/imLt9G1n +pugPwMcWL56lOLT/robFzbhjUE6fItLwQzP51Me0Bnj9SnWugvd+jwjbe8Gxjyjz +cgAjTG56bQIDAQABoCUwIwYJKoZIhvcNAQkHMRYTFEEgY2hhbGxlbmdlIHBhc3N3 +b3JkMA0GCSqGSIb3DQEBBQUAA4GBAEBfLsByEqL79HRr4QwPTARMW51ohh29kCUU +OunEyxM8Ti3lBPGOePXLBGjq6e/eLmoOfKsOXKjE+Z3Rpj2L0IKJgpBBcvD2BCyM +920PdvIHHgWXGSGiDGL/nMbX3SZrYNP/ERawg/Tzqh4QorPj91RKYez9NNLoOncm +Ug1MI/t9 -----END CERTIFICATE REQUEST----- diff --git a/test/fixtures/keys/agent2-key.pem b/test/fixtures/keys/agent2-key.pem index 522903c63549..155eacedd33d 100644 --- a/test/fixtures/keys/agent2-key.pem +++ b/test/fixtures/keys/agent2-key.pem @@ -1,9 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIIBOgIBAAJBAMl2/Ba0XSm4ayi4C0rJ+tYtQu8O31VVXezkLJlf+6fVgdpVhYg5 -QlihlPUoiM/wOsDWQ1ALnNhPlcLaQk+etQECAwEAAQJBAMT6Bf34+UHKY1ObpsbH -9u2jsVblFq1rWvs8GPMY6oertzvwm3DpuSUp7PTgOB1nLTLYtCERbQ4ovtN8tn3p -OHUCIQDzIEGsoCr5vlxXvy2zJwu+fxYuhTZWMVuo1397L0VyhwIhANQh+yzqUgaf -WRtSB4T2W7ADtJI35ET61jKBty3CqJY3AiAIwju7dVW3A5WeD6Qc1SZGKZvp9yCb -AFI2BfVwwaY11wIgXF3PeGcvACMyMWsuSv7aPXHfliswAbkWuzcwA4TW01ECIGWa -cgsDvVFxmfM5NPSuT/UDTa6R5BFISB5ea0N0AR3I +MIICXQIBAAKBgQChmEZ7tgXWNkfH5aijyyAljv+zaEVRh+CmQWNbgRf1WF8gNlU+ +Tu+OtZreqAN+9gSLRsjcXWzBL0AUXC4l07niheQ/imLt9G1npugPwMcWL56lOLT/ +robFzbhjUE6fItLwQzP51Me0Bnj9SnWugvd+jwjbe8GxjyjzcgAjTG56bQIDAQAB +AoGAd19C6g5731N30T5hRqY+GCC72a90TZc/p/Fz0Vva8/4VP3mDnSS4qMaVIlgh +RP++OZjPtqI5PbiG8MNrv7vZe0UXlV7oZE0IA+jomUXsplbwMFf6pkrqdyHi+cbm +rBudhmKeLUgNA6peMGVA83C5g2SMqU5kB+tWzZT7Rs9rsyECQQDWpXxZgULqbFZv +wjpIDGWjOpQZrv123bJ9TQ+VoskCu4vlyDJqDJPwnscl8NnzpFJriDARn0WrB2sd +8GCX1yEpAkEAwLo/MYG5elkNRsE5/vINSIo04Gu6tP/Sd7EBtHYAPHUPjs/MhhVX +tMIGtACheHMwjGRPyr8pboEp2LEap4GjpQJBALNsy+CJ0+TfwPVU96EIc+GZcvlx +NMErGyvwwclEtSDKo2vmCHZrozLtlu1ZQueOgbMPuZbRe8w2vEzfhe8HTtkCQAYy +NrPlwsvPLyEWN0IeEBVD9D0+2WrWSrL0auSdYpaPAOgLgDzTVNWH42VIG+jeczIg +S3xuNuvJlUnVL9Ew1s0CQQCly+gduXtvOYip1/Stm/65kT7d8ICQgjh0XSPw/kUC +llVMQY3z1iFCaj/z0Csr0t0kJ534bH7GP3LOoNruV0p9 -----END RSA PRIVATE KEY----- diff --git a/test/fixtures/keys/agent3-cert.pem b/test/fixtures/keys/agent3-cert.pem index e4a235079fb2..38eef778e0e7 100644 --- a/test/fixtures/keys/agent3-cert.pem +++ b/test/fixtures/keys/agent3-cert.pem @@ -1,14 +1,16 @@ -----BEGIN CERTIFICATE----- -MIICKjCCAZMCCQCDBr594bsJmTANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJV +MIICbjCCAdcCCQDuvizlIRoS9jANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJV UzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNGMQ8wDQYDVQQKEwZKb3llbnQxEDAO BgNVBAsTB05vZGUuanMxDDAKBgNVBAMTA2NhMjEgMB4GCSqGSIb3DQEJARYRcnlA -dGlueWNsb3Vkcy5vcmcwHhcNMTEwMzE0MTgyOTEyWhcNMzgwNzI5MTgyOTEyWjB9 +dGlueWNsb3Vkcy5vcmcwHhcNMTMwODAxMTExOTAwWhcNNDAxMjE2MTExOTAwWjB9 MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNGMQ8wDQYDVQQK EwZKb3llbnQxEDAOBgNVBAsTB05vZGUuanMxDzANBgNVBAMTBmFnZW50MzEgMB4G -CSqGSIb3DQEJARYRcnlAdGlueWNsb3Vkcy5vcmcwXDANBgkqhkiG9w0BAQEFAANL -ADBIAkEAtlNDZ+bHeBI0B2gD/IWqA7Aq1hwsnS4+XpnLesjTQcL2JwFFpkR0oWrw -yjrYhCogi7c5gjKrLZF1d2JD5JgHgQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAJoK -bXwsImk7vJz9649yrmsXwnuGbEKVYMvqcGyjaZNP9lYEG41y5CeRzxhWy2rlYdhE -f2nqE2lg75oJP7LQqfQY7aCqwahM3q/GQbsfKVCGjF7TVyq9TQzd8iW+FEJIQzSE -3aN85hR67+3VAXeSzmkGSVBO2m1SJIug4qftIkc2 +CSqGSIb3DQEJARYRcnlAdGlueWNsb3Vkcy5vcmcwgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBAM8KaJS9K/7LKuV1c8Jsliy9o3ubBGHGguBLmtHLgsAhsvbB/lE7 +cuxbBXPHLgegopcOrbsp4EuHURcN2WAkGcXpBIE5msYOxmImy2FifuUi0Vj4b2Ey +cpmkADXZrAOygwPw3WH16wNlR/vsL1GFubQ6EIdK4gv9fhBBdMFKm7LRAgMBAAEw +DQYJKoZIhvcNAQEFBQADgYEAQJHyY0ghxICN5uu8GC9YRygzhiW/6xwKiHTQf9gH +pET7LrJZhWmAFh19z9CEgvyWe7RQ8SfjHJX3fFZPNIO3OPYWuY+kr6wudBXrcnAj +XLOj050lMSv3KVWI/TerEDPX1nR+rA2xzp73iJ/SC77Q02JZcVysoBB056nuHp38 +WNI= -----END CERTIFICATE----- diff --git a/test/fixtures/keys/agent3-csr.pem b/test/fixtures/keys/agent3-csr.pem index e6c0c74b3aef..c5773f2ce3ea 100644 --- a/test/fixtures/keys/agent3-csr.pem +++ b/test/fixtures/keys/agent3-csr.pem @@ -1,10 +1,13 @@ -----BEGIN CERTIFICATE REQUEST----- -MIIBXTCCAQcCAQAwfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQswCQYDVQQH +MIIB4jCCAUsCAQAwfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQswCQYDVQQH EwJTRjEPMA0GA1UEChMGSm95ZW50MRAwDgYDVQQLEwdOb2RlLmpzMQ8wDQYDVQQD -EwZhZ2VudDMxIDAeBgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMub3JnMFwwDQYJ -KoZIhvcNAQEBBQADSwAwSAJBALZTQ2fmx3gSNAdoA/yFqgOwKtYcLJ0uPl6Zy3rI -00HC9icBRaZEdKFq8Mo62IQqIIu3OYIyqy2RdXdiQ+SYB4ECAwEAAaAlMCMGCSqG -SIb3DQEJBzEWExRBIGNoYWxsZW5nZSBwYXNzd29yZDANBgkqhkiG9w0BAQUFAANB -AEGo76iH+a8pnE+RWQT+wg9/BL+iIuqrcFXLs0rbGonqderrwXAe15ODwql/Bfu3 -zgMt8ooTsgMPcMX9EgmubEM= +EwZhZ2VudDMxIDAeBgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMub3JnMIGfMA0G +CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPCmiUvSv+yyrldXPCbJYsvaN7mwRhxoLg +S5rRy4LAIbL2wf5RO3LsWwVzxy4HoKKXDq27KeBLh1EXDdlgJBnF6QSBOZrGDsZi +JsthYn7lItFY+G9hMnKZpAA12awDsoMD8N1h9esDZUf77C9Rhbm0OhCHSuIL/X4Q +QXTBSpuy0QIDAQABoCUwIwYJKoZIhvcNAQkHMRYTFEEgY2hhbGxlbmdlIHBhc3N3 +b3JkMA0GCSqGSIb3DQEBBQUAA4GBAKcTs/vSdImZFlC0sBzFjqofQJI8uDZrOhkh +Stv3k0TmlRB51zSFlOmb0ReZa3JyUzOkpvx1nIl6HeZ1lZFZhAr2WCib31H7iJF/ +rbUpCjqQ9gBXSaXxQ6QkJSIEjM+QRiDiRQ7Uphq5qsa9uzGTJI9Jv/Ej8h2pYfRD +eDO3k0+c -----END CERTIFICATE REQUEST----- diff --git a/test/fixtures/keys/agent3-key.pem b/test/fixtures/keys/agent3-key.pem index d72f071e4c04..c4636fffc89f 100644 --- a/test/fixtures/keys/agent3-key.pem +++ b/test/fixtures/keys/agent3-key.pem @@ -1,9 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIIBOwIBAAJBALZTQ2fmx3gSNAdoA/yFqgOwKtYcLJ0uPl6Zy3rI00HC9icBRaZE -dKFq8Mo62IQqIIu3OYIyqy2RdXdiQ+SYB4ECAwEAAQJAIk+G9s2SKgFa8y3a2jGZ -LfqABSzmJGooaIsOpLuYLd6eCC31XUDlT4rPVGRhysKQCQ4+NMjgdnj9ZqNnvXY/ -RQIhAOgbdltr3Ey2hy7RuDW5rmOeJTuVqCrZ7QI8ifyCEbYTAiEAyRfvWSvvASeP -kZTMUhATRUpuyDQW+058NE0oJSinTpsCIQCR/FPhBGI3TcaQyA9Ym0T4GwvIAkUX -TqInefRAAX8qSQIgZVJPAdIWGbHSL9sWW97HpukLCorcbYEtKbkamiZyrjMCIQCX -lX76ttkeId5OsJGQcF67eFMMr2UGZ1WMf6M39lCYHQ== +MIICXQIBAAKBgQDPCmiUvSv+yyrldXPCbJYsvaN7mwRhxoLgS5rRy4LAIbL2wf5R +O3LsWwVzxy4HoKKXDq27KeBLh1EXDdlgJBnF6QSBOZrGDsZiJsthYn7lItFY+G9h +MnKZpAA12awDsoMD8N1h9esDZUf77C9Rhbm0OhCHSuIL/X4QQXTBSpuy0QIDAQAB +AoGBALlX+wl0VCdTX8Jso8WgicvhtLGZs5GIMW9zn1RCmHlBccG/Jtk3nAkE7tuX +qpg/cG5EQLi1o0paB/jYeAm+J6bMypiXNeakjW8McD55XJuqmotgbZ+IhZQzr0TF +h7zDBhhzLqIuIAjsQ0H8JFR+p3vrruchCZeQ6jxE05CeSZ/VAkEA8tyL+UvEozCh +QmokAshXLhZkFn24Ss9//xQ3iu6EE+ZIQyKy87msZhD4/rJ4GO+U1dzG7yQNeym2 +S+yHSzDUjwJBANo9xPCWBGYFbwZ/GWuwwV6nBjx35//3oEKg4PW11KSHm4cFRWV4 +JCO0q1sJEQCgzFGvNAwP63/onMJT3y1gcp8CQEgKA7s/LmT519vLgEMTCkkxex7w +y+nlAyK27ILZnXQJqwW/FTYWrXzZLALhDZ7X8l49zwTAvP77sId08ezr3yECQQCV +Cvw1Ze5pEirpn+Fnd1YH4z9SCn1phN5wwlf/1gb7uhTQGBx1mJ/ttpQT3tQ6vpXq +7yE3X6PwPZbY69iNr8F3AkBbymGXgt66Lv7gdea0UlRFjEWhuP2OC0WOtg4entvZ +1KHxsgMNIrYoPjvPq/3ReCZapnKpQfMuR564BCOY4bnX -----END RSA PRIVATE KEY----- diff --git a/test/fixtures/keys/agent4-cert.pem b/test/fixtures/keys/agent4-cert.pem index 07157b919b28..6dc92badc871 100644 --- a/test/fixtures/keys/agent4-cert.pem +++ b/test/fixtures/keys/agent4-cert.pem @@ -1,15 +1,16 @@ -----BEGIN CERTIFICATE----- -MIICSDCCAbGgAwIBAgIJAIMGvn3huwmaMA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV +MIICjDCCAfWgAwIBAgIJAO6+LOUhGhL3MA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV BAYTAlVTMQswCQYDVQQIEwJDQTELMAkGA1UEBxMCU0YxDzANBgNVBAoTBkpveWVu dDEQMA4GA1UECxMHTm9kZS5qczEMMAoGA1UEAxMDY2EyMSAwHgYJKoZIhvcNAQkB -FhFyeUB0aW55Y2xvdWRzLm9yZzAeFw0xMTAzMTQxODI5MTJaFw0zODA3MjkxODI5 -MTJaMH0xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTELMAkGA1UEBxMCU0YxDzAN +FhFyeUB0aW55Y2xvdWRzLm9yZzAeFw0xMzA4MDExMTE5MDFaFw00MDEyMTYxMTE5 +MDFaMH0xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTELMAkGA1UEBxMCU0YxDzAN BgNVBAoTBkpveWVudDEQMA4GA1UECxMHTm9kZS5qczEPMA0GA1UEAxMGYWdlbnQ0 -MSAwHgYJKoZIhvcNAQkBFhFyeUB0aW55Y2xvdWRzLm9yZzBcMA0GCSqGSIb3DQEB -AQUAA0sAMEgCQQDN/yMfmQ8zdvmjlGk7b3Mn6wY2FjaMb4c5ENJX15vyYhKS1zhx -6n0kQIn2vf6yqG7tO5Okz2IJiD9Sa06mK6GrAgMBAAGjFzAVMBMGA1UdJQQMMAoG -CCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4GBAA8FXpRmdrHBdlofNvxa14zLvv0N -WnUGUmxVklFLKXvpVWTanOhVgI2TDCMrT5WvCRTD25iT1EUKWxjDhFJrklQJ+IfC -KC6fsgO7AynuxWSfSkc8/acGiAH+20vW9QxR53HYiIDMXEV/wnE0KVcr3t/d70lr -ImanTrunagV+3O4O +MSAwHgYJKoZIhvcNAQkBFhFyeUB0aW55Y2xvdWRzLm9yZzCBnzANBgkqhkiG9w0B +AQEFAAOBjQAwgYkCgYEAmRNV3/oxV+YEXxo0wXHbA45gm4SyPhxlxi0ZXd4Xasmu +D2u4G57LV3uuEQ7fT34OhiOm1zr/Mv5IE8d3d0upRjpFUru45zxKg4nbqO1e07jM +2Yq5awwfk8BZpo7BEYVZ6SOiJO+tq/RFCPoTtjagwsDgUqHw9W7oVxXWeU0NmmMC +AwEAAaMXMBUwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEA +Ll7QpD8qb6+BshGdca+SBV6lGhQBDYV6BIwU7V6LIsMkyoSLXVO59sdahtLMI9zv +pIE3IIVztY5/kBLYQxIfR+a1lL4/jraHrZp3mRTyh0nzgT567k+EeD2Q4UG+eDkM +hcEXm5jGqOm/sMC1Jx/JUIeI3RF2TuV5OhR5Y94tMjM= -----END CERTIFICATE----- diff --git a/test/fixtures/keys/agent4-csr.pem b/test/fixtures/keys/agent4-csr.pem index 97e115d03017..58b44e308b77 100644 --- a/test/fixtures/keys/agent4-csr.pem +++ b/test/fixtures/keys/agent4-csr.pem @@ -1,10 +1,13 @@ -----BEGIN CERTIFICATE REQUEST----- -MIIBXTCCAQcCAQAwfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQswCQYDVQQH +MIIB4jCCAUsCAQAwfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQswCQYDVQQH EwJTRjEPMA0GA1UEChMGSm95ZW50MRAwDgYDVQQLEwdOb2RlLmpzMQ8wDQYDVQQD -EwZhZ2VudDQxIDAeBgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMub3JnMFwwDQYJ -KoZIhvcNAQEBBQADSwAwSAJBAM3/Ix+ZDzN2+aOUaTtvcyfrBjYWNoxvhzkQ0lfX -m/JiEpLXOHHqfSRAifa9/rKobu07k6TPYgmIP1JrTqYroasCAwEAAaAlMCMGCSqG -SIb3DQEJBzEWExRBIGNoYWxsZW5nZSBwYXNzd29yZDANBgkqhkiG9w0BAQUFAANB -AMzo7GUOBtGm5MSck1rrEE2C1bU3qoVvXVuiN3A/57zXeNeq24FZMLnkDeL9U+/b -Kj646XFou04gla982Xp74p0= +EwZhZ2VudDQxIDAeBgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMub3JnMIGfMA0G +CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZE1Xf+jFX5gRfGjTBcdsDjmCbhLI+HGXG +LRld3hdqya4Pa7gbnstXe64RDt9Pfg6GI6bXOv8y/kgTx3d3S6lGOkVSu7jnPEqD +iduo7V7TuMzZirlrDB+TwFmmjsERhVnpI6Ik762r9EUI+hO2NqDCwOBSofD1buhX +FdZ5TQ2aYwIDAQABoCUwIwYJKoZIhvcNAQkHMRYTFEEgY2hhbGxlbmdlIHBhc3N3 +b3JkMA0GCSqGSIb3DQEBBQUAA4GBAG9Jbj7/DGM14TC4kT9BbCF624Tgyo7LdZVa +b31rd5q3n5DkxorUq3ALlX3AMQ4sgbYYV8SysQSloldpW4TgjXZl2ohMU/xmXhfH +WPbUk/T3eNVAohzC5YMbSWp5Kgd7T4Q8meyYYYC97akjAbPIY3pkPdxTxFi0lO69 +dOQSg6cj -----END CERTIFICATE REQUEST----- diff --git a/test/fixtures/keys/agent4-key.pem b/test/fixtures/keys/agent4-key.pem index b770b015db8d..51d2f289a6f2 100644 --- a/test/fixtures/keys/agent4-key.pem +++ b/test/fixtures/keys/agent4-key.pem @@ -1,9 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIIBOQIBAAJBAM3/Ix+ZDzN2+aOUaTtvcyfrBjYWNoxvhzkQ0lfXm/JiEpLXOHHq -fSRAifa9/rKobu07k6TPYgmIP1JrTqYroasCAwEAAQJAN8RQb+dx1A7rejtdWbfM -Rww7PD07Oz2eL/a72wgFsdIabRuVypIoHunqV0sAegYtNJt9yu+VhREw0R5tx/qz -EQIhAPY+nmzp0b4iFRk7mtGUmCTr9iwwzoqzITwphE7FpQnFAiEA1ihUHFT9YPHO -f85skM6qZv77NEgXHO8NJmQZ5GX1ZK8CICzle+Mluo0tD6W7HV4q9pZ8wzSJbY8S -W/PpKetm09F1AiAWTw8sAGKAtc/IGo3Oq+iuYAN1F8lolzJsfGMCGujsOwIgAJKP -t3eXilwX3ZlsDWSklWNZ7iYcfYrvAc3JqU6gFCE= +MIICWwIBAAKBgQCZE1Xf+jFX5gRfGjTBcdsDjmCbhLI+HGXGLRld3hdqya4Pa7gb +nstXe64RDt9Pfg6GI6bXOv8y/kgTx3d3S6lGOkVSu7jnPEqDiduo7V7TuMzZirlr +DB+TwFmmjsERhVnpI6Ik762r9EUI+hO2NqDCwOBSofD1buhXFdZ5TQ2aYwIDAQAB +AoGAHkS7g1l2rlnWXXPSILpBw3dA1R+tGykEWuaKEIyc9snAeF4lfpisvrS/G7Jk +J9TWTGH6WK7azZuIZxjXH6i/ZMxOjd2r0P5RFo0Gjn3VtlCFw1c21TndIEhT/VbB +IfnFmPS2j/tNAq03Bn+VyB665XcbO/GCJFIxEDt+Nsx6yVkCQQDJOd8TXZ1bbsEJ +KsN/XZSKgP+qqqxh1Bx7+7/a8nbhCfSV41qt/zyUMBFlB6xKaU9dRU3FErtIH7pU +8pa0WMPNAkEAwr4rGDGX3e7ihc4pjj2I8J7xEU1q30UK8YzTMJt8BipUAHhFqpQa +RJvvsCUS3If3d+ZDaTQBSogqFjOW1/gG7wJAbLhw15S/3VPExkAtqlYUWJUEDeDz +DFQ/I5nMee6A3muzk3xoVRRPVb122IBBzV6Cu+Ei+LR7Lae+1ADR/hTrjQJAaAzD +acHVqragQW3NtjoamLXTh7Mdjv2Mw1LC5A2vTnv/NeENF/7Zqh7HCg5E7Z+YEW/u +RJ+MsQ3frs0Ro4LZ8QJAehOewhlYbd3REtJ/6QxbsfsURnGzdEjYS94qgNGyPUs5 +KwcroVGbGSu+K7xtKqOuz+ILihRDkX33VNGtDnKVlw== -----END RSA PRIVATE KEY----- diff --git a/test/fixtures/keys/ca1-cert.pem b/test/fixtures/keys/ca1-cert.pem index 1951de77a206..2f7c03f8a8ca 100644 --- a/test/fixtures/keys/ca1-cert.pem +++ b/test/fixtures/keys/ca1-cert.pem @@ -1,15 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICazCCAdQCCQDTlFdg2h0DBjANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJV +MIICazCCAdQCCQCK8euGRwPfJzANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJV UzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNGMQ8wDQYDVQQKEwZKb3llbnQxEDAO BgNVBAsTB05vZGUuanMxDDAKBgNVBAMTA2NhMTEgMB4GCSqGSIb3DQEJARYRcnlA -dGlueWNsb3Vkcy5vcmcwHhcNMTEwMzE0MTgyOTEyWhcNMzgwNzI5MTgyOTEyWjB6 +dGlueWNsb3Vkcy5vcmcwHhcNMTMwODAxMTExODU5WhcNNDAxMjE2MTExODU5WjB6 MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNGMQ8wDQYDVQQK EwZKb3llbnQxEDAOBgNVBAsTB05vZGUuanMxDDAKBgNVBAMTA2NhMTEgMB4GCSqG SIb3DQEJARYRcnlAdGlueWNsb3Vkcy5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0A -MIGJAoGBAKxbsLdJbi53pcP1pzg8lgJhLEvcNlV2ogr97WURp+gPjK+HFXj2xl9w -qDQrxpmvTya+urBG7OagTjV1E7dRE7PTr4TkEqehmxF026Opb0PZewuIBOKX4UgG -PSfk0fksrje6YJb+OkiBfA/q7eznZF8cmq7MRrs7LWe9A6Bic/apAgMBAAEwDQYJ -KoZIhvcNAQEFBQADgYEAk6hlYgjCBihG4dM+3324W1WsvjU8QscsTXu8SGL0y9b6 -82zZikj0W9FU6u98WHtXwuFt3mKlGCcou2pluZvj02T2iVKSMs2oYL8JOlvM8hVf -GEeg2EriLlzmdxNz4/I86DlBiyoTijZh8/qrItsK7+a56P0exH8ouXzlhL1Bhjw= +MIGJAoGBAKk8iURIH5aHTpddeVkyMUUkiaP4W9M3x2nBqjvFTw7oP1mJYvab52ed +/2rA7fRt3kZyf7+lRt4OtXG7emsBj2F6d/iHKnWUfdMZl+cQ61Mtx6/DeO3F55aT +QrCeqDpyAOY6FvfhdflZItrEMQa9+PbsbyRBSxDJ/Qs7qhevnlqBAgMBAAEwDQYJ +KoZIhvcNAQEFBQADgYEAZwg19wn9cU9Lb7pNw50qi9DeJhUvo4/Jua8FjikvoKX5 +oQSQ+J/7+83OEuJi2Ii1xH2fAlNN7ZoJzOHY/JU2tx64OmnhEPvnX/nb1/jK3zyn +gwJDHcYG6AU6nHGWRewQpkoYYIQ7YQNx26OGQF0QdAJi2ltKZpQKIv/75XWfKrQ= -----END CERTIFICATE----- diff --git a/test/fixtures/keys/ca1-cert.srl b/test/fixtures/keys/ca1-cert.srl index 046be14b826e..dc2c049c13dd 100644 --- a/test/fixtures/keys/ca1-cert.srl +++ b/test/fixtures/keys/ca1-cert.srl @@ -1 +1 @@ -D0F28E241CA7423C +9A84ABCFB8A72AB5 diff --git a/test/fixtures/keys/ca1-key.pem b/test/fixtures/keys/ca1-key.pem index a4e4516c623e..ccc30a5db5da 100644 --- a/test/fixtures/keys/ca1-key.pem +++ b/test/fixtures/keys/ca1-key.pem @@ -1,17 +1,17 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIrulhMUmafvECAggA -MBQGCCqGSIb3DQMHBAjsjahmkf3zGwSCAoANt0xX8ZZT2CxeyUadbOuku6NrHoFy -YBvnEFvuq3TGm3NB72BxprvfMUNR5Xi6e6rJgtRQttPRX6oN2qfB8+W11vFBeFWG -gxarEotklca4bujPMwxRowyMT20n+yXvRc+Fd5tYrMcaBeweQZD69J242HJMJJmq -Lzvo2qYGaOxjpc8aUDzeDsv8cnlh5Xk1ZcRucRPM9j26KOPSt0wOd4RdN83AE8cW -Xu+k5TSMlPQLWihjS+KzEQ8Rs9CuubxrdmecF6DM70u0kYCLZ1Ex7+kBZu06CUpJ -PODaLca4W92XkBq4X25WgAAaCAj4nZZmgn0X0Fwl1lBqjOK5nEnYpjxuwjjJ2KVz -3j+kBK5tW6RBE4BM37r7NiM1FAzi8sgNYSVS9oa4m1qGfadEEQdhaMsAfM0SZ/8M -6NUPKlQmoDda9aCO7rqRuQ7pYQ9mpNxcWEBQi0cG6/3VXtqi/TewAKT1T5DToAzg -pL4eOTqeDp4VKif5r2u7Nj0EiM4j2TT88onGsdgRtjgUpNmJCRWYaCzs3QZggdYE -nLZt7ZRXpJ11tERKG3b28qrIw9jHULRAjjWEkEGbxYTpAlrgXklV/04XXnxxAVOP -0YjDzbfx5QCRCq5UHV4Gl3ELoBaOuxcIIN8YrE2oC1CY9uV/HSk4CSlxHNtWyxbA -WbCU2SoEHnwBVlTPbZyfErM33c3u4LJyNx6ah7NzMh5AoQ+cPXlzxFBEGIyAmW37 -pItxDNwL1PzXHGpfOM/QZ5wjzGIwXsh8j94jDNB+TIMG4+dm4aXkolevPjJrYAeG -XZC5mvfMsntNGNFszT/8iXLwt7tlMlQQQl/2b5m6L5yffy6m39wGqTVa +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIWE2PsdhhEj8CAggA +MBQGCCqGSIb3DQMHBAjAnjC7zH2c+ASCAoB/e9OPJqGdm2yw6CwNrdNF+besbvTB +3aLesJXqttUb7GkIG8D0wmIUfW1BgcROFyvD+Jz31NRES4/KmRpwybEoWOBtpYAZ +AbcLFAJm+RYWO6XMwq9kMnQ7I4QtXZzCywJ7TSFQlDt5BJWvhqp5rbQTj6gTGMLl +CwB12/GhpEviX9kDj49FvlylLAjkVR151nhAil2Nv9O4Ww/WV0y21tscaajFS2sb +2sZ+3iZIZL+PF8qFoBtffJHeEWIKlHtnbjl1BqMtSt67CbS0CJSqtGss3+eVq9Y1 +OzeG8EAwTCP+HwOBgGNRssJxwnz+SaAZnb7te3x3yn7zac6+8PmZLdPcYBps2krS +nDVZUBW0kybi7qGWW02SYdDXKOCBVAqlSILMdhMdArQqF7P3tAac2PJNFLBf/31w +bVeqaXHmijbobcTsR7TV8SUMVPJXcDYg5qSsbGa+PLIPPFmQ/ZSSVXn+V7yVfUT5 +S/HjwBm9jdPj5l9uI6uInD8O1OFXvaP/usjKFAB/B2b3aTjtiBdqXQMAIaFKtVXs +BP3GgXxkVjrFWcVE6BXJUNRpx9EeBLz/7s86I3SUKuGduRe7aAfO0Q76dPqh6mwJ +zvOuPJXlARTU5BVWiV7FP53KQZ6a+35urMOdnsq/Fzf4qg9yZcXp9hxJAspHgn8P +3QKCJ6HnHvl9wpjQLxjLnQgIYBNeYW6vo/hUVRfTruN8VjeKWqoNQVEAOJ5Br4i9 +/Nsjl8aw0kaRXonYtmlSD6lQycckkV7WkhFlXej8Q+mGTE60ut1gJ85cM+JHwTlk +XFDe6qYCSZk17l6MMLNwbYeJjTqSbT0UAYx2lyTtAC4L+L/H8hFedwFp -----END ENCRYPTED PRIVATE KEY----- diff --git a/test/fixtures/keys/ca2-cert.pem b/test/fixtures/keys/ca2-cert.pem index 95e30411f791..2117d0ebf056 100644 --- a/test/fixtures/keys/ca2-cert.pem +++ b/test/fixtures/keys/ca2-cert.pem @@ -1,15 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICazCCAdQCCQDVGbMO4Y2VUTANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJV +MIICazCCAdQCCQDSApRM2wt5kDANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJV UzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNGMQ8wDQYDVQQKEwZKb3llbnQxEDAO BgNVBAsTB05vZGUuanMxDDAKBgNVBAMTA2NhMjEgMB4GCSqGSIb3DQEJARYRcnlA -dGlueWNsb3Vkcy5vcmcwHhcNMTEwMzE0MTgyOTEyWhcNMzgwNzI5MTgyOTEyWjB6 +dGlueWNsb3Vkcy5vcmcwHhcNMTMwODAxMTExOTAwWhcNNDAxMjE2MTExOTAwWjB6 MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNGMQ8wDQYDVQQK EwZKb3llbnQxEDAOBgNVBAsTB05vZGUuanMxDDAKBgNVBAMTA2NhMjEgMB4GCSqG SIb3DQEJARYRcnlAdGlueWNsb3Vkcy5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0A -MIGJAoGBAMOOtRmmjoBZmyYreB1D1fjftMW6sEGBzfSKZRcn+kiEpqXELq21O/TV -jLJGbo+0PDqxECQyDbOgoQZXcCevFnFhdsSQOYb+0O2kAiMVYGxDtqoKM5g8wj0D -BiE6fnyZoQTDv5lEuvfG0+youCtXlxiK/9cfhikI+hVXuTgwQXt9AgMBAAEwDQYJ -KoZIhvcNAQEFBQADgYEAbMrLydFajwfZXDH3PfpKtDPCm+yV3qvEMGWLfjBdN50g -PwsZE/OIp+KJttdS+MjMG1TfwfWIqa5zGG2ctxx+fHsKH+t3NsO76Eol1p+dKqZp -PdFp2UhViMgURkrpP593AsTTO9BGaz+awSaESDHm8pO+cLaeGKQp93W0sgC0lHQ= +MIGJAoGBALmu6bos5wqBAFKo+xjCvepdN+wpveHocCMBbMTAbJztT9i1dayQdun6 +iPq7zjn6MfFhtvy3yN1HtHjI5PiheZmEx9iZ19qTabA9EDXCRVIeryapmj87PMiD +UAo4NApT3r7DBNzwfH6xTJA81ZzkrgAcMSy5/FPhhWQw5Ovx9xcZAgMBAAEwDQYJ +KoZIhvcNAQEFBQADgYEAt6EyYlKqjoPgr/R0hmDciYRebV5K72XNlKDIFPGRhcwh +ICQDg7OYjE8kAluLV6QorjX5JA2/wx3DcZ7gevJIwBzlM/nrojOeF3ufhjogL9Fk +DqZhkZ/EodPzd1amO9wbGkEz4eyqChmxmQg9gbb2iEEqPOAflTM2qiq2muaU8tE= -----END CERTIFICATE----- diff --git a/test/fixtures/keys/ca2-cert.srl b/test/fixtures/keys/ca2-cert.srl index 00dca7dcd0f6..1821c066a78f 100644 --- a/test/fixtures/keys/ca2-cert.srl +++ b/test/fixtures/keys/ca2-cert.srl @@ -1 +1 @@ -8306BE7DE1BB099A +EEBE2CE5211A12F7 diff --git a/test/fixtures/keys/ca2-crl.pem b/test/fixtures/keys/ca2-crl.pem index 166df7458332..31ece2346ddb 100644 --- a/test/fixtures/keys/ca2-crl.pem +++ b/test/fixtures/keys/ca2-crl.pem @@ -2,9 +2,9 @@ MIIBXTCBxzANBgkqhkiG9w0BAQQFADB6MQswCQYDVQQGEwJVUzELMAkGA1UECBMC Q0ExCzAJBgNVBAcTAlNGMQ8wDQYDVQQKEwZKb3llbnQxEDAOBgNVBAsTB05vZGUu anMxDDAKBgNVBAMTA2NhMjEgMB4GCSqGSIb3DQEJARYRcnlAdGlueWNsb3Vkcy5v -cmcXDTExMDMxNDE4MjkxNloXDTEzMTIwNzE4MjkxNlowHDAaAgkAgwa+feG7CZoX -DTExMDMxNDE4MjkxNFowDQYJKoZIhvcNAQEEBQADgYEArRKuEkOla61fm4zlZtHe -LTXFV0Hgo21PScHAp6JqPol4rN5R9+EmUkv7gPCVVBJ9VjIgxSosHiLsDiz3zR+u -txHemhzbdIVANAIiChnFct8sEqH2eL4N6XNUIlMIR06NjNl7NbN8w8haqiearnuT -wmnaL4TThPmpbpKAF7N7JqQ= +cmcXDTEzMDgwMTExMTkwMVoXDTE2MDQyNjExMTkwMVowHDAaAgkA7r4s5SEaEvcX +DTEzMDgwMTExMTkwMVowDQYJKoZIhvcNAQEEBQADgYEAlaBfn4ZNvhcfTL2Ayt0B +diipUlM12tU3L4EGfYb1FSFIz1tbL0wZwCElagBO/b+H6w3hY6C1xskTfoJedsZE +EKPCeY/CbZA8x2gccJH86b9IXpmEctOSlbMICsgToJGwY1SnML27fn/n3szHCPI0 +BZok7a8EmBOBx0dyCKNZT70= -----END X509 CRL----- diff --git a/test/fixtures/keys/ca2-database.txt b/test/fixtures/keys/ca2-database.txt index a0966d2697ae..0e563acefc68 100644 --- a/test/fixtures/keys/ca2-database.txt +++ b/test/fixtures/keys/ca2-database.txt @@ -1 +1 @@ -R 380729182912Z 110314182914Z 8306BE7DE1BB099A unknown /C=US/ST=CA/L=SF/O=Joyent/OU=Node.js/CN=agent4/emailAddress=ry@tinyclouds.org +R 401216111901Z 130801111901Z EEBE2CE5211A12F7 unknown /C=US/ST=CA/L=SF/O=Joyent/OU=Node.js/CN=agent4/emailAddress=ry@tinyclouds.org diff --git a/test/fixtures/keys/ca2-key.pem b/test/fixtures/keys/ca2-key.pem index 49f678a351c9..2259c9ed6fb6 100644 --- a/test/fixtures/keys/ca2-key.pem +++ b/test/fixtures/keys/ca2-key.pem @@ -1,17 +1,17 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIbhsCgrscf9MCAggA -MBQGCCqGSIb3DQMHBAjz0LdWOB2KVQSCAoDu+sHRLP6v6QiEwqynnF43yP02/F+8 -Jssz6cgFPpm4MWm+xwzvMsS4ET0UYE68OTZz/QgihwH0mp/34tkUnP0HqtdbnTH1 -fkG47hb8fVSEyDQSzs1ha/u31GIachNURKyhWR5mr15AJxu2B94Z3ldNv1yjI+Fy -M1muuyx/cdkKTdpfpYr6n//wF1tup2u8Y7nkKsFus/mCuRlpItxKcRb1+nvW0s+K -3bSR8CTlEWd1Tx6Qx+ogRbP8gwqd6gelcz/Zj8nInx/Y0gTkQ4eodmLJ5iqsvC36 -SgQB5LuP12ujTyXB3Hwqb8LJ4lULERX6AYHAa7h0c+fxuFr0W9/8atplrd22hoiP -zZhgPHeH3R1fibB4M4xW2xgtbysOHj74RYlhQm1TCXLlqvzKkvT2oQ1bk7tUUqoR -ozRxVzdL9oKWLzvR4LF8S67i35JlnOPU1AhcxD2+5ywRvTpugPyCE1mZOeVLHlGW -2pdmSKbdd2gm2iSfadDPJ1DPdHLp844jRg/D6XDs4rlBnt9FjMWaXYo+ELmokoYe -Yljv2MGfy6zsb5iKcNsx+llu04xGXfZ9BAuG+aT6DLCIcDIVvE0d6asc4Lz1xZli -BrgyB8el2a/PomPbbf1vI2vtDi3Rg/pQhu/2++ODI08jI9Rudz1EltQQ4Lo38Ton -nSZegTAy6afXiEh2ty09KxMo4sWs+F2I46e5Q3zGY9b/K19bbQTFxeBf2Rfwa8BF -cf8Xs+DlcOMz5w0U2iBQfT1cV7dWLlaop7avYkpQ0fLa1pConlNhpguezcaAB8Lb -VCfpoTh6VfHRtCLokQlkq0mlKPUSlMr/JAyVdvppp/T6Abt0VirM9ILV +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI8bZHR2S/7CECAggA +MBQGCCqGSIb3DQMHBAj7VxqGH8gLKwSCAoCV4n2KmHtVe/Rs+mfz9qdElGc5YBz3 +k5WmqsfyXFUqf/AU710aorwHH/RGvBTGBtP6zYdcN+ZNCk80LBgSskLewfPUQm2c +/0y1ZHrvPm8LNXVHPiQnWXIh8k/QU/UHywYcZCpuJZjPk7iKVLDNUkmvr3h9pQfH +1H+Q8qfV85o4ZReyXkj0meaDMckc8JfHZ9hhSB9sm/Jbyyo5WQISiqGWXNA67yUf +qU3bmbTWWaUC8vH8ZBXJUUsZMQlhF+DVg+SIOallJ4iTxecwp1xSZQjTvriEb9Ov +r3Azs6E4UedChQLvC3HC6SSmQJEKRcYdT8t1TKkwy1mGAjqE288XqdP51zYh0ViL +5z33K1UHkkEizNxsfFFD2VA8sOqAyRssGFA2l6wI/NwHnZ+jAZJlbHC2m6cCJ9f+ +mvDkznPgO2OzPBEbdNjWzMgMFT99PfDeZIQmXLXBU81QXGWje9fdb8zp0vi9sUo3 +W0UNN0eupPTCIbBQywqDqcP+kzOLzii913UFIY1NO9xx5DgekfbnT+Zko9uU8v6F +yKLGdnYD0Dqsk6adddzIAuVNU7bwhsDV9LN4IuONU+9sL6GZvR6lz1w8uUnp/I6H +v3RMLr1FhQw3BRT+H8muoaSZw6pzF1drdBN06jCP5r/etSxEXFzPY7RDmnNMx61s +hzsI4Nu/GGJ1nxuBjke5BUGH9vTVXkm2GYYwUbE4lckwULHOdkzUMT4XR9226Tdh +FzTYgPd7v6oFdzyXGxq1Li4hxvdDMhdMIGTNHD8xrRQBVMeZeQfi01aSVFoOvo61 +MO7r+K2zOZvHRXNjCZzkFi+oH62BacqMyx2/VLD8gh5y/LxQmuhdEBSL -----END ENCRYPTED PRIVATE KEY----- diff --git a/test/simple/test-tls-ecdh-disable.js b/test/simple/test-tls-ecdh-disable.js new file mode 100644 index 000000000000..b76b16f063a9 --- /dev/null +++ b/test/simple/test-tls-ecdh-disable.js @@ -0,0 +1,61 @@ +// Copyright Joyent, Inc. and other Node contributors. +// +// Permission is hereby granted, free of charge, to any person obtaining a +// copy of this software and associated documentation files (the +// "Software"), to deal in the Software without restriction, including +// without limitation the rights to use, copy, modify, merge, publish, +// distribute, sublicense, and/or sell copies of the Software, and to permit +// persons to whom the Software is furnished to do so, subject to the +// following conditions: +// +// The above copyright notice and this permission notice shall be included +// in all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN +// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, +// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR +// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE +// USE OR OTHER DEALINGS IN THE SOFTWARE. + +var common = require('../common'); +var assert = require('assert'); +var exec = require('child_process').exec; +var tls = require('tls'); +var fs = require('fs'); + +if (process.platform === 'win32') { + console.log("Skipping test, you probably don't have openssl installed."); + process.exit(); +} + +var options = { + key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'), + cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'), + ciphers: 'ECDHE-RSA-RC4-SHA', + ecdhCurve: false +}; + +var nconns = 0; + +process.on('exit', function() { + assert.equal(nconns, 0); +}); + +var server = tls.createServer(options, function(conn) { + conn.end(); + nconns++; +}); + +server.listen(common.PORT, '127.0.0.1', function() { + var cmd = 'openssl s_client -cipher ' + options.ciphers + + ' -connect 127.0.0.1:' + common.PORT; + + exec(cmd, function(err, stdout, stderr) { + // Old versions of openssl will still exit with 0 so we + // can't just check if err is not null. + assert.notEqual(stderr.indexOf('handshake failure'), -1); + server.close(); + }); +}); diff --git a/test/simple/test-tls-ecdh.js b/test/simple/test-tls-ecdh.js new file mode 100644 index 000000000000..9138df51d696 --- /dev/null +++ b/test/simple/test-tls-ecdh.js @@ -0,0 +1,63 @@ +// Copyright Joyent, Inc. and other Node contributors. +// +// Permission is hereby granted, free of charge, to any person obtaining a +// copy of this software and associated documentation files (the +// "Software"), to deal in the Software without restriction, including +// without limitation the rights to use, copy, modify, merge, publish, +// distribute, sublicense, and/or sell copies of the Software, and to permit +// persons to whom the Software is furnished to do so, subject to the +// following conditions: +// +// The above copyright notice and this permission notice shall be included +// in all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN +// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, +// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR +// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE +// USE OR OTHER DEALINGS IN THE SOFTWARE. + +var common = require('../common'); +var assert = require('assert'); +var exec = require('child_process').exec; +var tls = require('tls'); +var fs = require('fs'); + +if (process.platform === 'win32') { + console.log("Skipping test, you probably don't have openssl installed."); + process.exit(); +} + +var options = { + key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'), + cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'), + ciphers: 'ECDHE-RSA-RC4-SHA', + ecdhCurve: 'prime256v1' +}; + +var reply = 'I AM THE WALRUS'; // something recognizable +var nconns = 0; +var response = ''; + +process.on('exit', function() { + assert.equal(nconns, 1); + assert.notEqual(response.indexOf(reply), -1); +}); + +var server = tls.createServer(options, function(conn) { + conn.end(reply); + nconns++; +}); + +server.listen(common.PORT, '127.0.0.1', function() { + var cmd = 'openssl s_client -cipher ' + options.ciphers + + ' -connect 127.0.0.1:' + common.PORT; + + exec(cmd, function(err, stdout, stderr) { + if (err) throw err; + response = stdout; + server.close(); + }); +});