[PATCH] run_ap_wpa2_eap_tls_intermediate_ca_ocsp[_revoked]: fix cert config for wolfSSL
Juliusz Sosinowicz
juliusz at wolfssl.com
Tue Mar 4 04:29:32 PST 2025
When wolfSSL is on the server side, it won't send the entire chain. The client needs to have the server CA loaded to be able to verify the server and needs to load user_and_ica.pem so it sends a cert chain.
Use entire cert chain PEM since the test relies on chain being sent. wolfSSL only sends the certificate that was loaded and not the full chain.
Signed-off-by: Juliusz Sosinowicz <juliusz at wolfssl.com>
---
.../iCA-server/ica_and_server-revoked.pem | 167 ++++++++++++++++++
.../auth_serv/iCA-server/ica_and_server.pem | 167 ++++++++++++++++++
tests/hwsim/auth_serv/ica-generate.sh | 2 +
tests/hwsim/test_ap_eap.py | 16 +-
4 files changed, 350 insertions(+), 2 deletions(-)
create mode 100644 tests/hwsim/auth_serv/iCA-server/ica_and_server-revoked.pem
create mode 100644 tests/hwsim/auth_serv/iCA-server/ica_and_server.pem
diff --git a/tests/hwsim/auth_serv/iCA-server/ica_and_server-revoked.pem b/tests/hwsim/auth_serv/iCA-server/ica_and_server-revoked.pem
new file mode 100644
index 0000000000..22997b8655
--- /dev/null
+++ b/tests/hwsim/auth_serv/iCA-server/ica_and_server-revoked.pem
@@ -0,0 +1,167 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 5c:9d:e4:a6:d1:7a:49:c8:83:75:e7:57:68:f7:72:16:b2:ae:b7:83
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=FI, O=w1.fi, CN=Server Intermediate CA
+ Validity
+ Not Before: May 3 15:20:10 2020 GMT
+ Not After : May 1 15:20:10 2030 GMT
+ Subject: C=FI, O=w1.fi, CN=server-revoked.w1.fi
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public-Key: (2048 bit)
+ Modulus:
+ 00:ba:86:db:62:ad:55:bc:3b:41:f1:c1:ef:3d:61:
+ 13:6d:65:8a:d1:be:58:41:a6:e0:5d:f2:c5:f3:a7:
+ c1:c2:6c:9e:b0:5f:f0:16:2c:e4:ba:7d:26:b7:69:
+ 43:72:b1:d7:28:d2:06:3d:6e:9c:67:32:38:3f:3c:
+ 63:94:8d:63:e9:7f:b3:7b:67:0b:d6:c9:02:ec:da:
+ 7e:e1:5b:21:e4:a1:ea:01:ec:b8:bd:6f:5e:d2:92:
+ e5:33:da:a5:13:a6:8e:04:b5:19:7a:07:9a:e8:03:
+ ee:bd:4a:2c:65:6c:ec:3a:48:38:7e:0d:30:30:ee:
+ 1a:d9:1a:be:02:d0:e1:f2:95:17:21:08:3c:49:4d:
+ 8f:11:c7:b4:8c:e6:93:4b:4a:fa:dd:ac:0a:72:d8:
+ 82:8a:e1:6c:99:1e:77:1b:88:12:b3:72:cf:dc:fa:
+ 57:d2:63:e1:2d:c0:5a:57:36:d4:ff:37:20:20:01:
+ b4:11:19:2c:f9:9b:f6:fa:93:ff:ca:69:f2:84:eb:
+ 6f:af:44:b8:18:e3:d8:42:29:97:21:01:e1:47:a1:
+ fc:ed:58:74:b0:ab:f9:75:5c:e8:49:aa:16:4a:19:
+ 31:e8:c5:8c:60:99:48:9f:d9:78:92:ec:31:0b:20:
+ 64:d9:57:1c:6e:6a:a6:dd:f8:55:2f:cc:2b:76:11:
+ b5:9b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ FB:67:34:A4:0E:E6:BB:BF:90:0D:7C:B2:69:E8:04:D5:71:8F:76:44
+ X509v3 Authority Key Identifier:
+ keyid:EB:DC:8D:38:75:10:2F:E6:82:8E:FE:43:EC:9F:7E:63:22:BD:51:55
+
+ X509v3 Subject Alternative Name: critical
+ DNS:server-revoked.w1.fi
+ X509v3 Extended Key Usage: critical
+ TLS Web Server Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ Signature Algorithm: sha256WithRSAEncryption
+ 22:c0:a0:7c:25:b4:4d:61:44:25:09:9c:14:8d:35:6e:36:7b:
+ 91:60:6b:35:90:48:a9:a2:ee:81:70:c4:d8:2a:9d:a3:7e:a2:
+ c9:0c:dc:b2:73:98:01:cf:db:d4:3a:17:8a:b6:3d:b5:97:47:
+ 33:e9:b6:14:ed:a6:8e:a4:6d:34:d0:03:3a:01:04:ce:28:24:
+ f9:c3:15:a9:b1:8c:2a:dc:8d:40:98:ac:78:8f:f5:fc:53:88:
+ 0e:84:28:39:86:75:59:ad:12:54:77:f2:9c:e1:d2:4e:e1:ee:
+ 8d:57:f3:41:ab:15:4d:ab:77:75:47:9a:c6:36:28:08:b5:8d:
+ c7:9f:5a:87:87:f8:a7:17:9a:44:4e:ce:84:24:12:da:7f:a8:
+ ab:15:fd:24:9b:cf:1c:ae:2f:8f:13:28:27:09:1e:57:2b:ca:
+ 1f:c8:bc:a4:95:08:27:4e:c4:21:68:a5:45:9f:5a:42:1c:7f:
+ 37:59:d7:ed:30:be:ed:26:12:5d:80:f5:7d:7d:94:ff:52:56:
+ fc:67:0f:3f:00:21:e7:b4:2f:48:7b:77:86:fb:16:28:ab:68:
+ e1:4d:80:eb:5e:4b:99:88:2f:ec:a3:1d:06:c5:04:2e:bb:56:
+ fb:6b:75:9d:5b:78:83:63:2b:70:7c:21:94:a1:58:a4:8e:8b:
+ 30:d3:28:88
+-----BEGIN CERTIFICATE-----
+MIIDozCCAougAwIBAgIUXJ3kptF6SciDdedXaPdyFrKut4MwDQYJKoZIhvcNAQEL
+BQAwPjELMAkGA1UEBhMCRkkxDjAMBgNVBAoMBXcxLmZpMR8wHQYDVQQDDBZTZXJ2
+ZXIgSW50ZXJtZWRpYXRlIENBMB4XDTIwMDUwMzE1MjAxMFoXDTMwMDUwMTE1MjAx
+MFowPDELMAkGA1UEBhMCRkkxDjAMBgNVBAoMBXcxLmZpMR0wGwYDVQQDDBRzZXJ2
+ZXItcmV2b2tlZC53MS5maTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ALqG22KtVbw7QfHB7z1hE21litG+WEGm4F3yxfOnwcJsnrBf8BYs5Lp9JrdpQ3Kx
+1yjSBj1unGcyOD88Y5SNY+l/s3tnC9bJAuzafuFbIeSh6gHsuL1vXtKS5TPapROm
+jgS1GXoHmugD7r1KLGVs7DpIOH4NMDDuGtkavgLQ4fKVFyEIPElNjxHHtIzmk0tK
++t2sCnLYgorhbJkedxuIErNyz9z6V9Jj4S3AWlc21P83ICABtBEZLPmb9vqT/8pp
+8oTrb69EuBjj2EIplyEB4Ueh/O1YdLCr+XVc6EmqFkoZMejFjGCZSJ/ZeJLsMQsg
+ZNlXHG5qpt34VS/MK3YRtZsCAwEAAaOBmjCBlzAMBgNVHRMBAf8EAjAAMB0GA1Ud
+DgQWBBT7ZzSkDua7v5ANfLJp6ATVcY92RDAfBgNVHSMEGDAWgBTr3I04dRAv5oKO
+/kPsn35jIr1RVTAiBgNVHREBAf8EGDAWghRzZXJ2ZXItcmV2b2tlZC53MS5maTAW
+BgNVHSUBAf8EDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwDQYJKoZIhvcNAQEL
+BQADggEBACLAoHwltE1hRCUJnBSNNW42e5FgazWQSKmi7oFwxNgqnaN+oskM3LJz
+mAHP29Q6F4q2PbWXRzPpthTtpo6kbTTQAzoBBM4oJPnDFamxjCrcjUCYrHiP9fxT
+iA6EKDmGdVmtElR38pzh0k7h7o1X80GrFU2rd3VHmsY2KAi1jcefWoeH+KcXmkRO
+zoQkEtp/qKsV/SSbzxyuL48TKCcJHlcryh/IvKSVCCdOxCFopUWfWkIcfzdZ1+0w
+vu0mEl2A9X19lP9SVvxnDz8AIee0L0h7d4b7FiiraOFNgOteS5mIL+yjHQbFBC67
+VvtrdZ1beINjK3B8IZShWKSOizDTKIg=
+-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ d8:d3:e3:a6:cb:e3:cc:f7
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
+ Validity
+ Not Before: May 3 15:20:10 2020 GMT
+ Not After : May 3 15:20:10 2030 GMT
+ Subject: C=FI, O=w1.fi, CN=Server Intermediate CA
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public-Key: (2048 bit)
+ Modulus:
+ 00:a2:b0:de:7f:e6:17:69:4b:bb:8d:dc:4f:8b:95:
+ 33:5e:13:ee:a1:01:f5:82:de:6e:fc:83:db:e7:22:
+ 5f:b9:8d:2b:de:10:72:4e:da:81:c1:f7:f3:eb:0e:
+ db:5b:5f:90:92:bb:41:68:55:4f:84:d9:73:5b:0c:
+ 6d:40:e6:c5:0f:5d:5c:5e:80:1e:64:87:5a:99:44:
+ 8b:3d:61:20:f0:15:cc:87:95:5b:a0:46:0f:bc:5c:
+ 14:ee:ac:4f:c8:7c:d2:c0:ef:60:94:22:b6:74:05:
+ 4f:ca:97:01:0a:30:b4:50:44:89:d0:c2:6b:e5:7f:
+ ce:66:22:1a:d6:38:7c:ff:42:42:ca:58:a0:38:85:
+ ca:f1:b1:1f:33:27:db:bf:5c:49:96:36:7a:11:2f:
+ 62:d7:eb:7e:9f:9b:9c:0e:2b:df:cd:59:bc:ee:e8:
+ 6a:e3:7d:fa:06:ba:34:42:b5:7d:e7:be:e1:7b:85:
+ af:1b:25:a9:45:33:06:cb:cc:0d:ca:78:5c:56:52:
+ ac:43:7e:f6:0c:e7:fb:86:b4:ac:d7:f4:b2:54:ee:
+ 65:7a:5c:32:6b:33:a0:68:1b:d8:ea:c8:74:94:08:
+ 00:7f:9b:f0:da:80:0f:f2:45:13:11:63:4c:e6:d2:
+ 97:d3:ae:12:b0:7c:e8:f0:56:c0:7b:7c:82:99:6d:
+ 3b:5d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ EB:DC:8D:38:75:10:2F:E6:82:8E:FE:43:EC:9F:7E:63:22:BD:51:55
+ X509v3 Authority Key Identifier:
+ keyid:A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
+
+ X509v3 Basic Constraints: critical
+ CA:TRUE, pathlen:0
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ Signature Algorithm: sha256WithRSAEncryption
+ 86:74:75:b2:bb:b0:85:25:48:38:e1:34:54:d5:d4:3a:9f:0e:
+ b1:96:fd:cc:ea:15:21:72:da:9e:ef:e2:fa:ae:29:74:dc:83:
+ 36:87:88:7d:75:51:9a:c5:6e:a8:80:77:3f:5c:ed:9e:ac:57:
+ 17:ed:ab:64:4f:15:8b:47:90:0a:17:2a:7e:49:a9:01:a1:41:
+ 66:d4:fe:be:18:70:d6:23:f7:0b:0a:53:d7:75:a8:7f:0a:52:
+ 1c:1d:8c:63:6f:82:ed:ed:fd:e2:fe:86:ef:0a:4c:f8:d7:93:
+ 56:9a:a3:dd:74:02:8c:b3:31:83:c1:8a:66:c6:c0:1d:dc:00:
+ 5c:57:f4:31:31:8b:d4:84:d8:da:6d:d6:f6:e4:10:7e:bb:f2:
+ 41:95:dd:a6:0c:37:c7:22:80:e6:36:3e:34:c6:1c:73:ab:42:
+ 90:6e:f8:db:e8:b6:c0:b2:f5:17:d2:6f:d3:8c:fb:14:25:8e:
+ 72:81:45:76:86:f7:d1:d9:3d:ff:b1:a2:10:6f:c0:24:e7:70:
+ 3f:2d:cf:32:ee:06:70:d5:1b:04:84:6d:48:69:26:1e:98:5a:
+ ed:e3:61:f5:29:45:88:25:cf:7f:c4:fb:f3:87:a7:11:95:9e:
+ cf:a8:aa:88:db:12:32:66:66:c4:1d:12:b1:62:1d:fa:28:f4:
+ 97:ac:df:2e
+-----BEGIN CERTIFICATE-----
+MIIDaDCCAlCgAwIBAgIJANjT46bL48z3MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
+BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
+AwwHUm9vdCBDQTAeFw0yMDA1MDMxNTIwMTBaFw0zMDA1MDMxNTIwMTBaMD4xCzAJ
+BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEfMB0GA1UEAwwWU2VydmVyIEludGVy
+bWVkaWF0ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKKw3n/m
+F2lLu43cT4uVM14T7qEB9YLebvyD2+ciX7mNK94Qck7agcH38+sO21tfkJK7QWhV
+T4TZc1sMbUDmxQ9dXF6AHmSHWplEiz1hIPAVzIeVW6BGD7xcFO6sT8h80sDvYJQi
+tnQFT8qXAQowtFBEidDCa+V/zmYiGtY4fP9CQspYoDiFyvGxHzMn279cSZY2ehEv
+Ytfrfp+bnA4r381ZvO7oauN9+ga6NEK1fee+4XuFrxslqUUzBsvMDcp4XFZSrEN+
+9gzn+4a0rNf0slTuZXpcMmszoGgb2OrIdJQIAH+b8NqAD/JFExFjTObSl9OuErB8
+6PBWwHt8gpltO10CAwEAAaNmMGQwHQYDVR0OBBYEFOvcjTh1EC/mgo7+Q+yffmMi
+vVFVMB8GA1UdIwQYMBaAFKT9uTkbgbOq64gd1IGptRFwzKfhMBIGA1UdEwEB/wQI
+MAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCGdHWy
+u7CFJUg44TRU1dQ6nw6xlv3M6hUhctqe7+L6ril03IM2h4h9dVGaxW6ogHc/XO2e
+rFcX7atkTxWLR5AKFyp+SakBoUFm1P6+GHDWI/cLClPXdah/ClIcHYxjb4Lt7f3i
+/obvCkz415NWmqPddAKMszGDwYpmxsAd3ABcV/QxMYvUhNjabdb25BB+u/JBld2m
+DDfHIoDmNj40xhxzq0KQbvjb6LbAsvUX0m/TjPsUJY5ygUV2hvfR2T3/saIQb8Ak
+53A/Lc8y7gZw1RsEhG1IaSYemFrt42H1KUWIJc9/xPvzh6cRlZ7PqKqI2xIyZmbE
+HRKxYh36KPSXrN8u
+-----END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/iCA-server/ica_and_server.pem b/tests/hwsim/auth_serv/iCA-server/ica_and_server.pem
new file mode 100644
index 0000000000..a7545bc056
--- /dev/null
+++ b/tests/hwsim/auth_serv/iCA-server/ica_and_server.pem
@@ -0,0 +1,167 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 5c:9d:e4:a6:d1:7a:49:c8:83:75:e7:57:68:f7:72:16:b2:ae:b7:82
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=FI, O=w1.fi, CN=Server Intermediate CA
+ Validity
+ Not Before: May 3 15:20:10 2020 GMT
+ Not After : May 1 15:20:10 2030 GMT
+ Subject: C=FI, O=w1.fi, CN=server.w1.fi
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public-Key: (2048 bit)
+ Modulus:
+ 00:ac:21:ec:55:e2:94:6c:d5:1b:6d:fa:77:87:7f:
+ 7e:2a:f5:26:4e:3c:28:d4:70:50:70:55:e2:a9:d5:
+ ab:62:15:01:02:b5:90:e8:55:91:7c:b0:f4:9f:fd:
+ 11:3c:73:72:f7:56:7d:4c:b5:56:21:8f:17:c4:65:
+ 5c:2a:3f:0d:e2:22:a5:80:ed:1a:b0:a8:8c:e2:9a:
+ f7:8f:77:6d:c5:24:9f:2b:c0:3a:26:9b:13:75:96:
+ d2:cf:19:4c:ca:ed:90:b3:c8:da:e7:20:03:a6:0a:
+ 5d:ad:04:9d:6b:37:9d:69:e9:6c:63:d5:12:da:ff:
+ c2:a5:d4:f4:04:df:ce:39:c2:06:3d:3f:ec:8b:3d:
+ 9e:1c:a7:2d:f2:63:53:7e:3a:aa:68:0a:b0:93:b2:
+ 69:3d:23:da:b1:ae:fe:90:fa:c6:ea:ee:35:94:4d:
+ 9a:d8:5d:6f:b9:ed:80:6b:1b:bd:46:56:ab:bf:29:
+ 8a:c9:20:e5:31:3d:11:96:e0:c5:56:58:e1:f1:84:
+ 6d:bc:0f:e5:9b:bc:9f:75:2b:03:01:1a:58:8e:88:
+ 22:b3:0a:7c:8d:b3:4d:1e:82:31:75:7f:cf:28:3a:
+ aa:c0:f5:c3:45:72:bc:48:f7:9a:61:11:2c:31:d4:
+ 3d:5b:6e:25:ca:2a:ea:88:e9:58:fe:ee:0d:00:d5:
+ 36:8b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ E9:E3:CE:7A:C2:27:BF:88:CF:19:9E:5C:6C:DC:12:C0:D5:00:64:15
+ X509v3 Authority Key Identifier:
+ keyid:EB:DC:8D:38:75:10:2F:E6:82:8E:FE:43:EC:9F:7E:63:22:BD:51:55
+
+ X509v3 Subject Alternative Name: critical
+ DNS:server.w1.fi
+ X509v3 Extended Key Usage: critical
+ TLS Web Server Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ Signature Algorithm: sha256WithRSAEncryption
+ 1b:c4:4a:ea:b3:ee:c3:82:4d:98:93:49:6a:34:98:80:b6:a3:
+ dc:00:d5:ca:27:56:43:e2:71:4c:60:a1:ef:c2:41:9c:fa:93:
+ a4:61:20:f5:3f:2c:3a:91:e8:12:e1:7a:51:c0:86:2b:cf:1b:
+ 73:26:b3:0c:e7:03:2e:8e:48:49:3e:32:29:df:b2:9e:d5:29:
+ 26:bf:c3:3e:eb:7d:34:96:c7:6e:0e:ae:16:a1:a1:fa:25:dd:
+ a3:2e:3e:4e:3e:76:ff:d6:35:ef:d4:07:2f:d2:6f:48:08:ab:
+ e7:4a:09:ff:43:09:ec:32:49:19:52:cd:30:03:22:3c:f0:9c:
+ 9b:e3:fd:bc:e7:f9:d1:7a:da:c6:66:bf:e0:86:95:5c:45:43:
+ 07:26:6d:70:fc:24:66:4a:cd:86:bd:6c:d3:7a:0d:12:4b:33:
+ bc:a0:4b:81:08:1a:26:bc:42:a2:e7:37:36:56:ac:ef:85:34:
+ 52:89:33:df:b6:33:11:ac:20:67:cd:8d:ce:d7:bb:cb:bc:b5:
+ 16:3c:08:cf:c7:1a:68:60:16:9c:55:e6:b5:17:4f:3f:69:f9:
+ b4:18:70:af:60:5d:0f:c4:66:08:b9:75:a3:78:11:f7:8f:8d:
+ f1:2b:4e:05:b9:90:b6:f3:99:8b:0c:43:6a:8c:b4:cc:ff:2f:
+ 58:70:d7:8e
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIUXJ3kptF6SciDdedXaPdyFrKut4IwDQYJKoZIhvcNAQEL
+BQAwPjELMAkGA1UEBhMCRkkxDjAMBgNVBAoMBXcxLmZpMR8wHQYDVQQDDBZTZXJ2
+ZXIgSW50ZXJtZWRpYXRlIENBMB4XDTIwMDUwMzE1MjAxMFoXDTMwMDUwMTE1MjAx
+MFowNDELMAkGA1UEBhMCRkkxDjAMBgNVBAoMBXcxLmZpMRUwEwYDVQQDDAxzZXJ2
+ZXIudzEuZmkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsIexV4pRs
+1Rtt+neHf34q9SZOPCjUcFBwVeKp1atiFQECtZDoVZF8sPSf/RE8c3L3Vn1MtVYh
+jxfEZVwqPw3iIqWA7RqwqIzimvePd23FJJ8rwDommxN1ltLPGUzK7ZCzyNrnIAOm
+Cl2tBJ1rN51p6Wxj1RLa/8Kl1PQE3845wgY9P+yLPZ4cpy3yY1N+OqpoCrCTsmk9
+I9qxrv6Q+sbq7jWUTZrYXW+57YBrG71GVqu/KYrJIOUxPRGW4MVWWOHxhG28D+Wb
+vJ91KwMBGliOiCKzCnyNs00egjF1f88oOqrA9cNFcrxI95phESwx1D1bbiXKKuqI
+6Vj+7g0A1TaLAgMBAAGjgZIwgY8wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU6ePO
+esInv4jPGZ5cbNwSwNUAZBUwHwYDVR0jBBgwFoAU69yNOHUQL+aCjv5D7J9+YyK9
+UVUwGgYDVR0RAQH/BBAwDoIMc2VydmVyLncxLmZpMBYGA1UdJQEB/wQMMAoGCCsG
+AQUFBwMBMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQsFAAOCAQEAG8RK6rPuw4JN
+mJNJajSYgLaj3ADVyidWQ+JxTGCh78JBnPqTpGEg9T8sOpHoEuF6UcCGK88bcyaz
+DOcDLo5IST4yKd+yntUpJr/DPut9NJbHbg6uFqGh+iXdoy4+Tj52/9Y179QHL9Jv
+SAir50oJ/0MJ7DJJGVLNMAMiPPCcm+P9vOf50Xraxma/4IaVXEVDByZtcPwkZkrN
+hr1s03oNEkszvKBLgQgaJrxCouc3Nlas74U0Uokz37YzEawgZ82Nzte7y7y1FjwI
+z8caaGAWnFXmtRdPP2n5tBhwr2BdD8RmCLl1o3gR94+N8StOBbmQtvOZiwxDaoy0
+zP8vWHDXjg==
+-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ d8:d3:e3:a6:cb:e3:cc:f7
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
+ Validity
+ Not Before: May 3 15:20:10 2020 GMT
+ Not After : May 3 15:20:10 2030 GMT
+ Subject: C=FI, O=w1.fi, CN=Server Intermediate CA
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public-Key: (2048 bit)
+ Modulus:
+ 00:a2:b0:de:7f:e6:17:69:4b:bb:8d:dc:4f:8b:95:
+ 33:5e:13:ee:a1:01:f5:82:de:6e:fc:83:db:e7:22:
+ 5f:b9:8d:2b:de:10:72:4e:da:81:c1:f7:f3:eb:0e:
+ db:5b:5f:90:92:bb:41:68:55:4f:84:d9:73:5b:0c:
+ 6d:40:e6:c5:0f:5d:5c:5e:80:1e:64:87:5a:99:44:
+ 8b:3d:61:20:f0:15:cc:87:95:5b:a0:46:0f:bc:5c:
+ 14:ee:ac:4f:c8:7c:d2:c0:ef:60:94:22:b6:74:05:
+ 4f:ca:97:01:0a:30:b4:50:44:89:d0:c2:6b:e5:7f:
+ ce:66:22:1a:d6:38:7c:ff:42:42:ca:58:a0:38:85:
+ ca:f1:b1:1f:33:27:db:bf:5c:49:96:36:7a:11:2f:
+ 62:d7:eb:7e:9f:9b:9c:0e:2b:df:cd:59:bc:ee:e8:
+ 6a:e3:7d:fa:06:ba:34:42:b5:7d:e7:be:e1:7b:85:
+ af:1b:25:a9:45:33:06:cb:cc:0d:ca:78:5c:56:52:
+ ac:43:7e:f6:0c:e7:fb:86:b4:ac:d7:f4:b2:54:ee:
+ 65:7a:5c:32:6b:33:a0:68:1b:d8:ea:c8:74:94:08:
+ 00:7f:9b:f0:da:80:0f:f2:45:13:11:63:4c:e6:d2:
+ 97:d3:ae:12:b0:7c:e8:f0:56:c0:7b:7c:82:99:6d:
+ 3b:5d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ EB:DC:8D:38:75:10:2F:E6:82:8E:FE:43:EC:9F:7E:63:22:BD:51:55
+ X509v3 Authority Key Identifier:
+ keyid:A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
+
+ X509v3 Basic Constraints: critical
+ CA:TRUE, pathlen:0
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ Signature Algorithm: sha256WithRSAEncryption
+ 86:74:75:b2:bb:b0:85:25:48:38:e1:34:54:d5:d4:3a:9f:0e:
+ b1:96:fd:cc:ea:15:21:72:da:9e:ef:e2:fa:ae:29:74:dc:83:
+ 36:87:88:7d:75:51:9a:c5:6e:a8:80:77:3f:5c:ed:9e:ac:57:
+ 17:ed:ab:64:4f:15:8b:47:90:0a:17:2a:7e:49:a9:01:a1:41:
+ 66:d4:fe:be:18:70:d6:23:f7:0b:0a:53:d7:75:a8:7f:0a:52:
+ 1c:1d:8c:63:6f:82:ed:ed:fd:e2:fe:86:ef:0a:4c:f8:d7:93:
+ 56:9a:a3:dd:74:02:8c:b3:31:83:c1:8a:66:c6:c0:1d:dc:00:
+ 5c:57:f4:31:31:8b:d4:84:d8:da:6d:d6:f6:e4:10:7e:bb:f2:
+ 41:95:dd:a6:0c:37:c7:22:80:e6:36:3e:34:c6:1c:73:ab:42:
+ 90:6e:f8:db:e8:b6:c0:b2:f5:17:d2:6f:d3:8c:fb:14:25:8e:
+ 72:81:45:76:86:f7:d1:d9:3d:ff:b1:a2:10:6f:c0:24:e7:70:
+ 3f:2d:cf:32:ee:06:70:d5:1b:04:84:6d:48:69:26:1e:98:5a:
+ ed:e3:61:f5:29:45:88:25:cf:7f:c4:fb:f3:87:a7:11:95:9e:
+ cf:a8:aa:88:db:12:32:66:66:c4:1d:12:b1:62:1d:fa:28:f4:
+ 97:ac:df:2e
+-----BEGIN CERTIFICATE-----
+MIIDaDCCAlCgAwIBAgIJANjT46bL48z3MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
+BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
+AwwHUm9vdCBDQTAeFw0yMDA1MDMxNTIwMTBaFw0zMDA1MDMxNTIwMTBaMD4xCzAJ
+BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEfMB0GA1UEAwwWU2VydmVyIEludGVy
+bWVkaWF0ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKKw3n/m
+F2lLu43cT4uVM14T7qEB9YLebvyD2+ciX7mNK94Qck7agcH38+sO21tfkJK7QWhV
+T4TZc1sMbUDmxQ9dXF6AHmSHWplEiz1hIPAVzIeVW6BGD7xcFO6sT8h80sDvYJQi
+tnQFT8qXAQowtFBEidDCa+V/zmYiGtY4fP9CQspYoDiFyvGxHzMn279cSZY2ehEv
+Ytfrfp+bnA4r381ZvO7oauN9+ga6NEK1fee+4XuFrxslqUUzBsvMDcp4XFZSrEN+
+9gzn+4a0rNf0slTuZXpcMmszoGgb2OrIdJQIAH+b8NqAD/JFExFjTObSl9OuErB8
+6PBWwHt8gpltO10CAwEAAaNmMGQwHQYDVR0OBBYEFOvcjTh1EC/mgo7+Q+yffmMi
+vVFVMB8GA1UdIwQYMBaAFKT9uTkbgbOq64gd1IGptRFwzKfhMBIGA1UdEwEB/wQI
+MAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCGdHWy
+u7CFJUg44TRU1dQ6nw6xlv3M6hUhctqe7+L6ril03IM2h4h9dVGaxW6ogHc/XO2e
+rFcX7atkTxWLR5AKFyp+SakBoUFm1P6+GHDWI/cLClPXdah/ClIcHYxjb4Lt7f3i
+/obvCkz415NWmqPddAKMszGDwYpmxsAd3ABcV/QxMYvUhNjabdb25BB+u/JBld2m
+DDfHIoDmNj40xhxzq0KQbvjb6LbAsvUX0m/TjPsUJY5ygUV2hvfR2T3/saIQb8Ak
+53A/Lc8y7gZw1RsEhG1IaSYemFrt42H1KUWIJc9/xPvzh6cRlZ7PqKqI2xIyZmbE
+HRKxYh36KPSXrN8u
+-----END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/ica-generate.sh b/tests/hwsim/auth_serv/ica-generate.sh
index d3fe7b9645..263c2685a9 100755
--- a/tests/hwsim/auth_serv/ica-generate.sh
+++ b/tests/hwsim/auth_serv/ica-generate.sh
@@ -44,6 +44,7 @@ cat ec-ca-openssl.cnf |
$OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -keyout iCA-server/server.key -out iCA-server/server.req -outform PEM -sha256
$OPENSSL ca -config openssl.cnf.tmp -batch -keyfile iCA-server/private/cakey.pem -cert iCA-server/cacert.pem -create_serial -in iCA-server/server.req -out iCA-server/server.pem -extensions ext_server -md sha256
cat iCA-server/cacert.pem iCA-server/server.pem > iCA-server/server_and_ica.pem
+cat iCA-server/server.pem iCA-server/cacert.pem > iCA-server/ica_and_server.pem
rm openssl.cnf.tmp
echo
@@ -59,6 +60,7 @@ $OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -keyout
$OPENSSL ca -config openssl.cnf.tmp -batch -keyfile iCA-server/private/cakey.pem -cert iCA-server/cacert.pem -create_serial -in iCA-server/server-revoked.req -out iCA-server/server-revoked.pem -extensions ext_server -md sha256
$OPENSSL ca -config openssl.cnf.tmp -revoke iCA-server/server-revoked.pem -keyfile iCA-server/private/cakey.pem -cert iCA-server/cacert.pem
cat iCA-server/cacert.pem iCA-server/server-revoked.pem > iCA-server/server-revoked_and_ica.pem
+cat iCA-server/server-revoked.pem iCA-server/cacert.pem > iCA-server/ica_and_server-revoked.pem
rm openssl.cnf.tmp
echo
diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py
index 3f214a9a9e..8320a56eb7 100644
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@@ -4969,7 +4969,13 @@ def test_ap_wpa2_eap_tls_intermediate_ca_ocsp_sha1(dev, apdev, params):
def run_ap_wpa2_eap_tls_intermediate_ca_ocsp(dev, apdev, params, md):
params = int_eap_server_params()
params["ca_cert"] = "auth_serv/iCA-server/ca-and-root.pem"
- params["server_cert"] = "auth_serv/iCA-server/server.pem"
+ as_hapd = hostapd.Hostapd("as")
+ tls = as_hapd.request("GET tls_library")
+ del as_hapd
+ if "wolfSSL" in tls:
+ params["server_cert"] = "auth_serv/iCA-server/ica_and_server.pem"
+ else:
+ params["server_cert"] = "auth_serv/iCA-server/server.pem"
params["private_key"] = "auth_serv/iCA-server/server.key"
fn = ica_ocsp("server.pem", md)
params["ocsp_stapling_response"] = fn
@@ -5005,7 +5011,13 @@ def run_ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked(dev, apdev, params, md):
check_ocsp_support(dev[0])
params = int_eap_server_params()
params["ca_cert"] = "auth_serv/iCA-server/ca-and-root.pem"
- params["server_cert"] = "auth_serv/iCA-server/server-revoked.pem"
+ as_hapd = hostapd.Hostapd("as")
+ tls = as_hapd.request("GET tls_library")
+ del as_hapd
+ if "wolfSSL" in tls:
+ params["server_cert"] = "auth_serv/iCA-server/ica_and_server-revoked.pem"
+ else:
+ params["server_cert"] = "auth_serv/iCA-server/server-revoked.pem"
params["private_key"] = "auth_serv/iCA-server/server-revoked.key"
fn = ica_ocsp("server-revoked.pem", md)
params["ocsp_stapling_response"] = fn
--
2.43.0
More information about the Hostap
mailing list