test: regenerate X509 test certs

thozza · Nov 22, 2024 · 32b1b91 · 32b1b91
1 parent 349c192
commit 32b1b91
Show file tree

Hide file tree

Showing 32 changed files with 792 additions and 322 deletions.
diff --git a/.gitignore b/.gitignore
@@ -23,3 +23,5 @@ venv
 .venv
 
 /.tox
+
+/test/data/certs/lib.sh
diff --git a/sources/test/test_curl_source.py b/sources/test/test_curl_source.py
@@ -408,15 +408,15 @@ def test_curl_download_many_mixed_certs(tmp_path, monkeypatch, sources_module, c
 def test_curl_download_mtls(tmp_path, monkeypatch, sources_service):
     fake_httpd_root = tmp_path / "fake-httpd-root"
     cert_dir = pathlib.Path(__file__).parent.parent.parent / "test/data/certs"
-    cacert = cert_dir / "test-ca.crt"
+    cacert = cert_dir / "ca/cert.pem"
     assert cacert.exists()
-    servercert = cert_dir / "localhost-server.crt"
+    servercert = cert_dir / "server/cert.pem"
     assert servercert.exists()
-    serverkey = cert_dir / "localhost-server.key"
+    serverkey = cert_dir / "server/key.pem"
     assert serverkey.exists()
-    clientcert = cert_dir / "client1-client.crt"
+    clientcert = cert_dir / "client/cert.pem"
     assert clientcert.exists()
-    clientkey = cert_dir / "client1-client.key"
+    clientkey = cert_dir / "client/key.pem"
     assert clientkey.exists()
 
     monkeypatch.setenv("OSBUILD_SOURCES_CURL_SSL_CA_CERT", cacert.as_posix())

diff --git a/test/data/certs/README.md b/test/data/certs/README.md
@@ -13,9 +13,47 @@ $ openssl req -new -newkey rsa:2048  -nodes -x509  \
 
 The following files were generated via a shell script named `generate-test-certs` and can be used for MTLS testing:
 
-* `test-ca.crt`: Certificate Authority
-* `test-ca.key`: Certificate Authority key without any password
-* `localhost-server.crt`: MTLS server certificate signed by `test-ca.crt`
-* `localhost-server.key`: MTLS server certificate key without any password
-* `client1-client.crt`: MTLS client certificate signed by `test-ca.crt`
-* `client1-client.key`: MTLS client certificate key without any password
+* `ca/cert.pem`: Certificate Authority
+* `ca/cert.key`: Certificate Authority key without any password
+* `server/cert.pem`: MTLS server certificate signed by `test-ca.crt`
+* `server/key.pem`: MTLS server certificate key without any password
+* `client/cert.pem`: MTLS client certificate signed by `test-ca.crt`
+* `client/key.pem`: MTLS client certificate key without any password
+
+Quick test:
+
+```
+openssl s_server -accept 4433 -www \
+    -CAfile ./ca/cert.pem \
+    -cert ./server/cert.pem \
+    -key ./server/key.pem
+```
+
+And client:
+
+```
+openssl s_client -connect localhost:4433 \
+    -CAfile ./ca/cert.pem \
+    -cert ./client/cert.pem \
+    -key ./client/cert.pem
+```
+
+A python server:
+
+```python
+import http.server
+import ssl
+
+cert_dir = "."
+cacert = cert_dir + "ca/cert.pem"
+servercert = cert_dir + "server/cert.pem"
+serverkey = cert_dir + "server/key.pem"
+clientcert = cert_dir + "client/cert.pem"
+clientkey = cert_dir + "client/key.pem"
+httpd = http.server.HTTPServer(('127.0.0.1', 4433), http.server.SimpleHTTPRequestHandler)
+ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH, cafile=cacert)
+ctx.load_cert_chain(certfile=servercert, keyfile=serverkey)
+ctx.verify_mode = ssl.CERT_REQUIRED
+httpd.socket = ctx.wrap_socket(httpd.socket, server_side=True)
+httpd.serve_forever()
+```
diff --git a/test/data/certs/ca/01.pem b/test/data/certs/ca/01.pem
@@ -0,0 +1,78 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: O=Example CA
+        Validity
+            Not Before: Nov 20 21:15:21 2019 GMT
+            Not After : Nov 20 21:15:21 2037 GMT
+        Subject: O=Example CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:a9:ce:7d:cf:0e:53:8f:1a:96:b4:d5:21:4a:e6:
+                    8f:f2:f8:24:9a:5a:18:74:50:4d:01:31:78:c6:bd:
+                    ba:a8:a7:62:1c:29:f2:52:be:4d:a9:db:f2:a4:c8:
+                    cc:3c:01:bd:91:81:9d:7d:ae:e4:b4:01:1b:b5:9d:
+                    6b:80:1e:f3:ae:e3:ba:82:fc:56:3d:87:b7:92:63:
+                    ee:3d:6c:a9:1c:b3:75:2a:b5:f0:44:96:81:93:9c:
+                    80:5d:c1:c4:23:ca:ee:03:d7:27:05:1e:57:3d:93:
+                    3f:89:88:25:df:27:35:f3:54:10:55:5c:e6:54:2b:
+                    23:06:cf:b1:44:db:38:ec:75:1b:bb:85:44:3d:db:
+                    cf:ad:8b:23:13:c3:b9:5b:a8:ab:06:ef:0e:4c:74:
+                    d2:22:c8:25:01:30:bd:3d:63:a7:b2:b0:c9:25:b3:
+                    26:70:ff:63:8f:40:2a:cd:27:73:d8:d4:0e:64:95:
+                    fe:75:ff:00:d4:78:fe:b0:86:0d:bf:0f:4c:eb:b5:
+                    97:90:cb:77:8c:0f:53:ca:00:dc:57:82:e8:d6:08:
+                    8a:06:bc:78:ff:26:ef:d1:f8:b2:7c:b1:4b:28:c5:
+                    8c:30:14:a3:bc:a8:3c:8c:07:e5:73:de:be:2d:fc:
+                    55:d8:fd:02:64:87:b0:b5:91:0b:d1:0c:31:e5:b7:
+                    e4:f7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                8D:05:22:3A:EF:F4:DE:43:C8:EF:6C:7C:58:8A:15:B9:83:2D:50:D4
+            X509v3 Authority Key Identifier: 
+                8D:05:22:3A:EF:F4:DE:43:C8:EF:6C:7C:58:8A:15:B9:83:2D:50:D4
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        83:d2:fd:2d:e8:50:c1:34:8d:a9:2e:eb:ba:13:71:2c:f3:c2:
+        9b:0f:59:84:46:53:7b:6b:b3:0b:20:50:55:29:62:45:ec:79:
+        b9:66:6e:3b:13:a1:e3:54:38:c3:f0:41:13:1e:61:cc:53:0e:
+        7b:9b:71:30:f4:33:e5:c2:64:88:bc:ab:9d:26:d6:65:f5:09:
+        6f:3f:5e:42:6d:8b:50:60:f2:ec:75:48:9d:d2:26:e8:d3:f2:
+        0c:d1:e2:6b:ab:9d:f3:2c:96:ee:34:4a:00:f0:87:9c:69:82:
+        96:a8:ca:ac:88:87:52:ac:2d:3a:5d:6a:f2:77:43:38:53:88:
+        21:c6:c8:62:d6:b6:c7:91:30:29:69:34:3d:75:f2:b4:47:92:
+        c7:8f:ef:65:54:e0:ce:5c:3f:8f:0b:04:33:1a:1d:22:14:73:
+        6c:e7:0f:a5:57:46:8a:64:ce:b4:05:47:b9:34:8d:fb:77:2f:
+        cb:71:b2:bb:ea:13:ce:66:74:11:d7:d3:b8:fb:14:64:2e:a4:
+        5c:d2:11:67:74:d5:a2:9a:b6:85:80:54:be:08:b6:13:b2:33:
+        94:a0:ae:52:c8:c2:f6:a7:50:3f:8d:37:7b:f3:f8:32:28:be:
+        c3:b0:4a:5f:7f:30:00:13:78:db:1e:6f:a6:45:56:d6:ed:6c:
+        a4:64:d7:30
+-----BEGIN CERTIFICATE-----
+MIIDCDCCAfCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt
+cGxlIENBMB4XDTE5MTEyMDIxMTUyMVoXDTM3MTEyMDIxMTUyMVowFTETMBEGA1UE
+CgwKRXhhbXBsZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKnO
+fc8OU48alrTVIUrmj/L4JJpaGHRQTQExeMa9uqinYhwp8lK+Tanb8qTIzDwBvZGB
+nX2u5LQBG7Wda4Ae867juoL8Vj2Ht5Jj7j1sqRyzdSq18ESWgZOcgF3BxCPK7gPX
+JwUeVz2TP4mIJd8nNfNUEFVc5lQrIwbPsUTbOOx1G7uFRD3bz62LIxPDuVuoqwbv
+Dkx00iLIJQEwvT1jp7KwySWzJnD/Y49AKs0nc9jUDmSV/nX/ANR4/rCGDb8PTOu1
+l5DLd4wPU8oA3FeC6NYIiga8eP8m79H4snyxSyjFjDAUo7yoPIwH5XPevi38Vdj9
+AmSHsLWRC9EMMeW35PcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B
+Af8EBAMCAQYwHQYDVR0OBBYEFI0FIjrv9N5DyO9sfFiKFbmDLVDUMB8GA1UdIwQY
+MBaAFI0FIjrv9N5DyO9sfFiKFbmDLVDUMA0GCSqGSIb3DQEBCwUAA4IBAQCD0v0t
+6FDBNI2pLuu6E3Es88KbD1mERlN7a7MLIFBVKWJF7Hm5Zm47E6HjVDjD8EETHmHM
+Uw57m3Ew9DPlwmSIvKudJtZl9QlvP15CbYtQYPLsdUid0ibo0/IM0eJrq53zLJbu
+NEoA8IecaYKWqMqsiIdSrC06XWryd0M4U4ghxshi1rbHkTApaTQ9dfK0R5LHj+9l
+VODOXD+PCwQzGh0iFHNs5w+lV0aKZM60BUe5NI37dy/LcbK76hPOZnQR19O4+xRk
+LqRc0hFndNWimraFgFS+CLYTsjOUoK5SyML2p1A/jTd78/gyKL7DsEpffzAAE3jb
+Hm+mRVbW7WykZNcw
+-----END CERTIFICATE-----
diff --git a/test/data/certs/ca/02.pem b/test/data/certs/ca/02.pem
@@ -0,0 +1,78 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: O=Example CA
+        Validity
+            Not Before: Nov 20 21:15:21 2024 GMT
+            Not After : Nov 20 21:15:21 2037 GMT
+        Subject: CN=localhost
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c6:33:69:67:a5:42:27:7c:dc:62:b3:5f:b3:7c:
+                    c0:05:7a:b1:9a:33:b0:62:b0:76:8d:7a:f2:0a:82:
+                    97:2e:49:33:70:11:12:b7:59:9f:bf:21:f6:e3:b0:
+                    51:58:e6:b9:3e:fc:5e:05:46:c5:cd:dd:46:9b:45:
+                    77:73:d0:c8:d5:70:b7:9c:3f:2d:a2:31:a0:9a:53:
+                    e3:24:21:9b:80:92:f9:39:20:cf:9a:73:e5:00:3e:
+                    65:7a:9a:a8:37:e0:96:38:e0:1a:3a:fe:89:9b:b2:
+                    81:34:10:16:4f:ff:91:7c:4d:bd:e3:5a:3a:b0:12:
+                    77:0b:53:56:ad:75:89:49:25:27:08:b9:3c:ac:48:
+                    07:bf:15:51:8c:4e:25:21:35:51:b5:cf:8e:c8:42:
+                    e9:9b:46:8a:db:f3:3b:d8:13:ec:17:98:ec:f8:ce:
+                    89:80:14:2d:ad:a4:98:fd:be:64:c8:9e:54:eb:6a:
+                    fc:ee:67:c7:9a:af:a3:e6:17:02:f1:26:e1:d9:29:
+                    6f:25:87:f2:1a:2e:f4:56:82:a6:bf:bc:3a:93:5b:
+                    30:e1:07:e2:47:62:e9:39:c1:d9:16:98:55:f1:3e:
+                    92:be:40:49:2f:2e:0b:ab:d1:72:c3:9c:ae:dd:ac:
+                    07:d6:92:2b:bb:34:b6:7a:e0:c8:76:af:81:90:ab:
+                    d4:e1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment, Key Agreement
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Subject Key Identifier: 
+                88:AC:B1:BD:03:14:22:F9:23:E2:CB:61:40:73:71:73:E6:9F:FF:C4
+            X509v3 Authority Key Identifier: 
+                8D:05:22:3A:EF:F4:DE:43:C8:EF:6C:7C:58:8A:15:B9:83:2D:50:D4
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        36:56:de:9b:5e:2e:e7:05:e3:1f:a8:2b:f9:9d:c3:f8:d0:eb:
+        4b:7a:49:a5:fe:34:ef:a8:f1:5d:3d:eb:6d:db:29:a3:f0:e9:
+        dd:58:e4:ac:a8:58:1e:df:98:e4:12:86:d0:94:03:44:27:f6:
+        e3:80:97:41:6b:e0:03:95:22:3e:43:c3:35:83:e0:e7:79:82:
+        c0:89:c5:4d:d0:a7:21:ac:f8:ed:d7:b5:a1:25:41:fc:68:7e:
+        d3:43:95:69:60:91:58:6b:fb:2e:61:9f:a0:a1:b9:0f:55:42:
+        55:e3:51:42:2d:6d:da:7a:dc:e0:e1:d7:f9:8a:3d:c9:23:dc:
+        08:ed:54:19:f0:89:5b:3d:1e:28:3d:d6:a9:65:1d:7f:e7:61:
+        1e:62:57:27:9d:07:65:94:b6:be:67:08:71:63:18:73:c2:86:
+        cb:f1:7f:4f:b0:cc:74:40:3c:71:78:60:f4:71:8d:68:2c:b4:
+        ba:93:ec:40:c3:02:44:9c:0e:74:4a:50:a0:53:ec:04:52:1e:
+        e1:78:3b:a5:c0:c8:84:b9:2c:90:ff:33:d3:88:3d:4f:68:0b:
+        f7:0f:d9:ee:cb:f9:c0:16:42:2c:8f:6b:14:e8:fe:18:e2:40:
+        55:28:6e:f5:b0:09:64:51:ad:22:da:fa:af:7f:34:08:7d:c1:
+        1b:8f:78:0f
+-----BEGIN CERTIFICATE-----
+MIIDCzCCAfOgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt
+cGxlIENBMB4XDTI0MTEyMDIxMTUyMVoXDTM3MTEyMDIxMTUyMVowFDESMBAGA1UE
+AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjNp
+Z6VCJ3zcYrNfs3zABXqxmjOwYrB2jXryCoKXLkkzcBESt1mfvyH247BRWOa5Pvxe
+BUbFzd1Gm0V3c9DI1XC3nD8tojGgmlPjJCGbgJL5OSDPmnPlAD5lepqoN+CWOOAa
+Ov6Jm7KBNBAWT/+RfE2941o6sBJ3C1NWrXWJSSUnCLk8rEgHvxVRjE4lITVRtc+O
+yELpm0aK2/M72BPsF5js+M6JgBQtraSY/b5kyJ5U62r87mfHmq+j5hcC8Sbh2Slv
+JYfyGi70VoKmv7w6k1sw4QfiR2LpOcHZFphV8T6SvkBJLy4Lq9Fyw5yu3awH1pIr
+uzS2euDIdq+BkKvU4QIDAQABo2cwZTAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwHQYDVR0OBBYEFIissb0DFCL5I+LLYUBzcXPmn//EMB8GA1Ud
+IwQYMBaAFI0FIjrv9N5DyO9sfFiKFbmDLVDUMA0GCSqGSIb3DQEBCwUAA4IBAQA2
+Vt6bXi7nBeMfqCv5ncP40OtLekml/jTvqPFdPett2ymj8OndWOSsqFge35jkEobQ
+lANEJ/bjgJdBa+ADlSI+Q8M1g+DneYLAicVN0KchrPjt17WhJUH8aH7TQ5VpYJFY
+a/suYZ+gobkPVUJV41FCLW3aetzg4df5ij3JI9wI7VQZ8IlbPR4oPdapZR1/52Ee
+YlcnnQdllLa+ZwhxYxhzwobL8X9PsMx0QDxxeGD0cY1oLLS6k+xAwwJEnA50SlCg
+U+wEUh7heDulwMiEuSyQ/zPTiD1PaAv3D9nuy/nAFkIsj2sU6P4Y4kBVKG71sAlk
+Ua0i2vqvfzQIfcEbj3gP
+-----END CERTIFICATE-----
diff --git a/test/data/certs/ca/03.pem b/test/data/certs/ca/03.pem
@@ -0,0 +1,78 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: O=Example CA
+        Validity
+            Not Before: Nov 20 21:15:21 2024 GMT
+            Not After : Nov 20 21:15:21 2037 GMT
+        Subject: CN=John Smith
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:d0:3e:17:22:d2:9b:ee:23:32:bb:cf:ee:2a:a1:
+                    a0:6d:3d:80:df:65:7e:13:34:3f:eb:44:dc:74:90:
+                    7f:8d:9e:c8:95:59:1f:1c:0e:9e:ce:92:cb:7d:6f:
+                    02:5c:e7:e5:d7:37:2a:fd:d2:6c:6a:ef:39:9f:5f:
+                    d3:76:25:bc:7f:dc:c0:7a:54:35:ab:3d:a1:77:26:
+                    e9:c5:9f:29:98:23:7a:f0:20:f0:5f:b0:e4:07:7f:
+                    77:c3:82:f1:4d:9b:93:03:0a:65:88:8c:73:e0:6b:
+                    81:5f:91:50:0c:22:b1:84:ee:68:af:7e:57:c8:1b:
+                    9a:04:7b:fc:48:4d:5e:66:dd:d9:fa:3b:18:73:81:
+                    ee:c9:c5:ee:f1:01:c4:9a:8f:13:46:15:42:2a:f9:
+                    d6:cc:23:81:06:2a:f2:53:4b:34:83:1a:bd:77:ac:
+                    d6:dd:3a:f6:ce:f6:76:6f:5d:3f:a5:d6:6a:e4:f4:
+                    40:9f:15:c9:b0:c4:48:8f:f9:bf:cb:44:a1:70:6a:
+                    fc:ab:9b:94:63:6c:7d:7e:8b:0c:cd:ea:4f:84:b2:
+                    a7:09:65:c6:4e:80:57:8d:97:59:91:52:b6:be:0f:
+                    67:e1:51:f8:ba:e4:f3:7d:8f:44:22:a9:e7:57:08:
+                    e0:2d:ce:20:11:83:b8:cb:65:8d:41:5b:56:f4:b1:
+                    06:3d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication, E-mail Protection
+            X509v3 Subject Key Identifier: 
+                21:63:B7:F4:B2:30:E4:00:D8:74:3C:94:42:3D:2E:08:F8:01:66:01
+            X509v3 Authority Key Identifier: 
+                8D:05:22:3A:EF:F4:DE:43:C8:EF:6C:7C:58:8A:15:B9:83:2D:50:D4
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        22:7f:f9:65:ef:22:21:f9:76:ad:99:bd:ae:d6:e7:c1:cb:a7:
+        28:9e:34:aa:1e:c6:da:c4:59:f9:14:f4:ee:92:5c:97:f9:13:
+        b5:9b:ce:4f:89:9b:8f:25:21:0b:2b:b2:5f:d0:65:8e:e0:18:
+        1c:c8:5e:ae:df:02:88:98:ec:67:c6:c6:58:39:be:f7:4d:be:
+        7f:a2:7d:e8:e8:39:b7:44:1d:17:7c:2c:64:ad:ab:cc:b1:bd:
+        69:6b:5a:36:7d:bf:8e:8e:be:78:96:5d:82:27:15:1b:a4:55:
+        a2:79:8c:c3:b5:00:37:25:9e:84:7a:9f:6c:98:50:07:71:1b:
+        ac:4c:aa:b9:17:b9:d1:92:83:c4:48:14:97:31:0c:8a:a3:1d:
+        8c:a9:90:75:b1:52:70:46:d6:42:09:1d:b3:8b:f5:41:26:23:
+        82:77:51:04:18:32:49:f7:52:8a:16:d4:bb:8c:3c:9c:5a:a4:
+        98:c3:dd:77:14:0e:f6:f7:6b:08:4a:7c:d9:e1:d5:bc:cc:2c:
+        77:23:94:8c:79:a5:7a:94:66:04:3f:11:37:cd:db:9d:f1:6f:
+        84:b8:c3:1c:c5:4f:97:b1:6f:ef:fd:f5:93:8f:06:b1:cf:5c:
+        92:52:a4:f6:89:ac:13:3e:a8:13:62:39:b5:a3:c5:7e:4e:d0:
+        e8:54:f8:5a
+-----BEGIN CERTIFICATE-----
+MIIDEzCCAfugAwIBAgIBAzANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt
+cGxlIENBMB4XDTI0MTEyMDIxMTUyMVoXDTM3MTEyMDIxMTUyMVowFTETMBEGA1UE
+AwwKSm9obiBTbWl0aDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANA+
+FyLSm+4jMrvP7iqhoG09gN9lfhM0P+tE3HSQf42eyJVZHxwOns6Sy31vAlzn5dc3
+Kv3SbGrvOZ9f03YlvH/cwHpUNas9oXcm6cWfKZgjevAg8F+w5Ad/d8OC8U2bkwMK
+ZYiMc+BrgV+RUAwisYTuaK9+V8gbmgR7/EhNXmbd2fo7GHOB7snF7vEBxJqPE0YV
+Qir51swjgQYq8lNLNIMavXes1t069s72dm9dP6XWauT0QJ8VybDESI/5v8tEoXBq
+/KublGNsfX6LDM3qT4Sypwllxk6AV42XWZFStr4PZ+FR+Lrk832PRCKp51cI4C3O
+IBGDuMtljUFbVvSxBj0CAwEAAaNuMGwwCwYDVR0PBAQDAgWgMB0GA1UdJQQWMBQG
+CCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQUIWO39LIw5ADYdDyUQj0uCPgB
+ZgEwHwYDVR0jBBgwFoAUjQUiOu/03kPI72x8WIoVuYMtUNQwDQYJKoZIhvcNAQEL
+BQADggEBACJ/+WXvIiH5dq2Zva7W58HLpyieNKoextrEWfkU9O6SXJf5E7Wbzk+J
+m48lIQsrsl/QZY7gGBzIXq7fAoiY7GfGxlg5vvdNvn+ifejoObdEHRd8LGStq8yx
+vWlrWjZ9v46OvniWXYInFRukVaJ5jMO1ADclnoR6n2yYUAdxG6xMqrkXudGSg8RI
+FJcxDIqjHYypkHWxUnBG1kIJHbOL9UEmI4J3UQQYMkn3UooW1LuMPJxapJjD3XcU
+Dvb3awhKfNnh1bzMLHcjlIx5pXqUZgQ/ETfN253xb4S4wxzFT5exb+/99ZOPBrHP
+XJJSpPaJrBM+qBNiObWjxX5O0OhU+Fo=
+-----END CERTIFICATE-----
diff --git a/test/data/certs/ca/ca.cnf b/test/data/certs/ca/ca.cnf
@@ -0,0 +1,38 @@
+[ ca ]
+default_ca = ca_cnf
+
+[ ca_cnf ]
+crlnumber = ca/crlnumber
+default_crl_days = 365
+default_md = sha256
+default_startdate = 20241120211521Z
+default_enddate   = 20371120211521Z
+policy = policy_anything
+preserve = yes
+email_in_dn = no
+unique_subject = no
+database = ca/index.txt
+serial = ca/serial
+new_certs_dir = ca/
+
+[ policy_anything ]
+#countryName             = optional
+#stateOrProvinceName     = optional
+#localityName            = optional
+#organizationName        = optional
+#organizationalUnitName  = optional
+commonName              = optional
+#emailAddress            = optional
+
+[ req ]
+prompt = no
+distinguished_name = cert_req
+
+[ cert_req ]
+CN = John Smith
+
+[ v3_ext ]
+keyUsage =digitalSignature, keyEncipherment
+extendedKeyUsage =clientAuth,emailProtection
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
Original file line number	Diff line number	Diff line change
Expand Up		@@ -23,3 +23,5 @@ venv
		.venv

		/.tox

		/test/data/certs/lib.sh