iPXE
x509_test.c
Go to the documentation of this file.
00001 /*
00002  * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
00003  *
00004  * This program is free software; you can redistribute it and/or
00005  * modify it under the terms of the GNU General Public License as
00006  * published by the Free Software Foundation; either version 2 of the
00007  * License, or any later version.
00008  *
00009  * This program is distributed in the hope that it will be useful, but
00010  * WITHOUT ANY WARRANTY; without even the implied warranty of
00011  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00012  * General Public License for more details.
00013  *
00014  * You should have received a copy of the GNU General Public License
00015  * along with this program; if not, write to the Free Software
00016  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
00017  * 02110-1301, USA.
00018  *
00019  * You can also choose to distribute this program under the terms of
00020  * the Unmodified Binary Distribution Licence (as given in the file
00021  * COPYING.UBDL), provided that you have satisfied its requirements.
00022  */
00023 
00024 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
00025 
00026 /** @file
00027  *
00028  * X.509 self-tests
00029  *
00030  */
00031 
00032 /* Forcibly enable assertions */
00033 #undef NDEBUG
00034 
00035 #include <stdint.h>
00036 #include <string.h>
00037 #include <errno.h>
00038 #include <ipxe/x509.h>
00039 #include <ipxe/asn1.h>
00040 #include <ipxe/sha256.h>
00041 #include <ipxe/test.h>
00042 
00043 /** Fingerprint algorithm used for X.509 test certificates */
00044 #define x509_test_algorithm sha256_algorithm
00045 
00046 /** An X.509 test certificate */
00047 struct x509_test_certificate {
00048         /** Data */
00049         const void *data;
00050         /** Length of data */
00051         size_t len;
00052         /** Fingerprint */
00053         const void *fingerprint;
00054 
00055         /** Parsed certificate */
00056         struct x509_certificate *cert;
00057 };
00058 
00059 /** An X.509 test certificate chain */
00060 struct x509_test_chain {
00061         /** Test certificates */
00062         struct x509_test_certificate **certs;
00063         /** Number of certificates */
00064         unsigned int count;
00065 
00066         /** Parsed certificate chain */
00067         struct x509_chain *chain;
00068 };
00069 
00070 /** Define inline certificate data */
00071 #define DATA(...) { __VA_ARGS__ }
00072 
00073 /** Define inline fingerprint data */
00074 #define FINGERPRINT(...) { __VA_ARGS__ }
00075 
00076 /** Define a test certificate */
00077 #define CERTIFICATE( name, DATA, FINGERPRINT )                          \
00078         static const uint8_t name ## _data[] = DATA;                    \
00079         static const uint8_t name ## _fingerprint[] = FINGERPRINT;      \
00080         static struct x509_test_certificate name = {                    \
00081                 .data = name ## _data,                                  \
00082                 .len = sizeof ( name ## _data ),                        \
00083                 .fingerprint = name ## _fingerprint,                    \
00084         }
00085 
00086 /** Define a test certificate chain */
00087 #define CHAIN( name, ... )                                              \
00088         static struct x509_test_certificate * name ## _certs[] =        \
00089                 { __VA_ARGS__ };                                        \
00090         static struct x509_test_chain name = {                          \
00091                 .certs = name ## _certs,                                \
00092                 .count = ( sizeof ( name ## _certs ) /                  \
00093                            sizeof ( name ## _certs[0] ) ),              \
00094         }
00095 
00096 /*
00097  * subject      iPXE self-test root CA
00098  * issuer       iPXE self-test root CA
00099  */
00100 CERTIFICATE ( root_crt,
00101         DATA ( 0x30, 0x82, 0x02, 0xb3, 0x30, 0x82, 0x02, 0x1c, 0xa0, 0x03,
00102                0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xc6, 0xb8, 0x9c, 0x58,
00103                0xd2, 0xdc, 0xc9, 0x5d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
00104                0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30,
00105                0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
00106                0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30, 0x15, 0x06,
00107                0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d, 0x62,
00108                0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69, 0x72, 0x65,
00109                0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c,
00110                0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65,
00111                0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
00112                0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74, 0x65,
00113                0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30, 0x0f,
00114                0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70, 0x78,
00115                0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06,
00116                0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50, 0x58, 0x45,
00117                0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65, 0x73, 0x74,
00118                0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e,
00119                0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32, 0x32, 0x30, 0x30,
00120                0x30, 0x31, 0x33, 0x33, 0x5a, 0x17, 0x0d, 0x33, 0x39, 0x30,
00121                0x38, 0x30, 0x38, 0x30, 0x30, 0x30, 0x31, 0x33, 0x33, 0x5a,
00122                0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
00123                0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30, 0x15,
00124                0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d,
00125                0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69, 0x72,
00126                0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07,
00127                0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67,
00128                0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a,
00129                0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74,
00130                0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30,
00131                0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70,
00132                0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30, 0x1d,
00133                0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50, 0x58,
00134                0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65, 0x73,
00135                0x74, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x30,
00136                0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
00137                0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d,
00138                0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xaa, 0x72,
00139                0xb5, 0xc1, 0x73, 0xf4, 0x95, 0x76, 0xa4, 0x27, 0xab, 0x5e,
00140                0xeb, 0x1d, 0x9d, 0xd0, 0x04, 0xb2, 0x93, 0x05, 0xc7, 0xfa,
00141                0x75, 0x84, 0x66, 0xe6, 0x3a, 0x26, 0x1f, 0xbc, 0x2d, 0xfd,
00142                0x8f, 0x59, 0x64, 0xac, 0xcf, 0x65, 0x9d, 0x82, 0x23, 0xc3,
00143                0x72, 0x93, 0xf2, 0x40, 0x68, 0x32, 0xd1, 0xb8, 0xf1, 0x47,
00144                0x61, 0x50, 0xea, 0xbc, 0xcc, 0x3c, 0x6b, 0x74, 0x7a, 0xec,
00145                0x2b, 0x75, 0xa6, 0xc2, 0xa2, 0xb8, 0xbf, 0x23, 0x48, 0x97,
00146                0xd5, 0xaf, 0x77, 0xc1, 0x92, 0x88, 0xd7, 0x38, 0xb7, 0x9e,
00147                0xda, 0xee, 0x72, 0x04, 0xcb, 0x96, 0xe5, 0xdb, 0xfd, 0x9b,
00148                0x5d, 0x99, 0x4e, 0x7a, 0x60, 0x23, 0x34, 0xa4, 0x8d, 0xd7,
00149                0x6c, 0xe7, 0x5d, 0x93, 0x97, 0xe1, 0xab, 0x36, 0x2c, 0x24,
00150                0x16, 0x92, 0x66, 0xf6, 0x6a, 0x14, 0x23, 0x1d, 0x18, 0xb9,
00151                0x44, 0x24, 0x61, 0x6b, 0xd3, 0x75, 0x02, 0x03, 0x01, 0x00,
00152                0x01, 0xa3, 0x23, 0x30, 0x21, 0x30, 0x0f, 0x06, 0x03, 0x55,
00153                0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01,
00154                0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01,
00155                0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x0d,
00156                0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
00157                0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x94, 0x9e, 0xea,
00158                0x17, 0x8d, 0x27, 0xa9, 0x17, 0xe5, 0xa9, 0x19, 0xbe, 0x82,
00159                0x36, 0xbd, 0xac, 0x74, 0xf3, 0x6e, 0x75, 0x71, 0x30, 0x1c,
00160                0x05, 0x80, 0x6d, 0x1a, 0x69, 0x37, 0x86, 0x9c, 0x77, 0x75,
00161                0x29, 0xa1, 0xc6, 0xb7, 0x11, 0x0a, 0x63, 0x27, 0xee, 0xb1,
00162                0xc8, 0x94, 0xa9, 0x2e, 0x56, 0x8f, 0xca, 0x9d, 0xbe, 0xf4,
00163                0xdb, 0x63, 0x97, 0x68, 0x3b, 0x13, 0xf8, 0x6a, 0xa5, 0xd1,
00164                0x3d, 0xed, 0xbb, 0x86, 0x9d, 0x42, 0xfc, 0x15, 0x0a, 0x04,
00165                0xf8, 0x3c, 0x0e, 0xc4, 0x86, 0x05, 0x57, 0x56, 0x96, 0xf6,
00166                0xc0, 0x18, 0x53, 0xb0, 0xc5, 0xf0, 0xca, 0x72, 0x77, 0x77,
00167                0xc9, 0x8e, 0x90, 0xa5, 0x4b, 0xb6, 0x80, 0x4a, 0x4c, 0x34,
00168                0x6f, 0xc9, 0xe8, 0x6f, 0xc2, 0x28, 0xdf, 0x93, 0xa9, 0xf5,
00169                0x63, 0x18, 0xc0, 0xec, 0x9e, 0xd5, 0x19, 0x36, 0xc5, 0x94,
00170                0x10, 0xd4, 0x72, 0xd2, 0xb8 ),
00171         FINGERPRINT ( 0x71, 0x5d, 0x51, 0x37, 0x5e, 0x18, 0xb3, 0xbc,
00172                       0xbb, 0x30, 0x0e, 0x8f, 0x50, 0xc7, 0x55, 0xf5,
00173                       0x96, 0xe7, 0xa8, 0x6d, 0x63, 0x2d, 0x32, 0x38,
00174                       0xaf, 0x00, 0xc4, 0x1a, 0xfc, 0xd8, 0xac, 0xc3 ) );
00175 
00176 /*
00177  * subject      iPXE self-test intermediate CA
00178  * issuer       iPXE self-test root CA
00179  */
00180 CERTIFICATE ( intermediate_crt,
00181         DATA ( 0x30, 0x82, 0x02, 0xb3, 0x30, 0x82, 0x02, 0x1c, 0xa0, 0x03,
00182                0x02, 0x01, 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09,
00183                0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,
00184                0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
00185                0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30,
00186                0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61,
00187                0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69,
00188                0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
00189                0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
00190                0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
00191                0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73,
00192                0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
00193                0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69,
00194                0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30,
00195                0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50,
00196                0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65,
00197                0x73, 0x74, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41,
00198                0x30, 0x1e, 0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32, 0x32,
00199                0x30, 0x30, 0x30, 0x31, 0x33, 0x33, 0x5a, 0x17, 0x0d, 0x31,
00200                0x34, 0x31, 0x32, 0x31, 0x37, 0x30, 0x30, 0x30, 0x31, 0x33,
00201                0x33, 0x5a, 0x30, 0x81, 0x90, 0x31, 0x0b, 0x30, 0x09, 0x06,
00202                0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17,
00203                0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43,
00204                0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68,
00205                0x69, 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
00206                0x04, 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69,
00207                0x64, 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
00208                0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79,
00209                0x73, 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31,
00210                0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08,
00211                0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x27,
00212                0x30, 0x25, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1e, 0x69,
00213                0x50, 0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74,
00214                0x65, 0x73, 0x74, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d,
00215                0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x43, 0x41, 0x30,
00216                0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
00217                0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d,
00218                0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xc9, 0x3a,
00219                0xee, 0xc6, 0x3c, 0xac, 0x4d, 0x81, 0xc6, 0x98, 0x5e, 0xe1,
00220                0x48, 0x66, 0x1a, 0x1e, 0x60, 0x19, 0x41, 0xae, 0xca, 0x14,
00221                0x97, 0xc8, 0x3a, 0x50, 0xb6, 0x48, 0xf5, 0x42, 0xac, 0x0f,
00222                0xe1, 0xe3, 0x47, 0xf0, 0xbf, 0x7c, 0xd0, 0xee, 0x8f, 0xb7,
00223                0xa6, 0x19, 0xad, 0xbb, 0xc5, 0x1b, 0x34, 0x38, 0xc8, 0xbd,
00224                0x55, 0x84, 0x93, 0x72, 0xaf, 0x84, 0xfc, 0x9b, 0x97, 0x1d,
00225                0xb5, 0x54, 0x24, 0xd6, 0x5d, 0xb7, 0x31, 0xf4, 0xbd, 0x3b,
00226                0x40, 0x97, 0xc0, 0xa9, 0x5a, 0x2a, 0xcb, 0x6b, 0x98, 0x07,
00227                0xdb, 0xb5, 0x9f, 0xe8, 0x31, 0x3f, 0x01, 0x46, 0x46, 0x70,
00228                0x05, 0xa2, 0x0f, 0x8c, 0x7a, 0x61, 0xf3, 0xdf, 0xdb, 0xa1,
00229                0x37, 0x2c, 0x88, 0x6a, 0x81, 0x21, 0x12, 0x4c, 0xf5, 0xcd,
00230                0xaf, 0xc9, 0xd2, 0x36, 0x3d, 0x82, 0xd1, 0xca, 0x19, 0xaf,
00231                0x4e, 0xae, 0x50, 0x71, 0x44, 0xbf, 0x02, 0x03, 0x01, 0x00,
00232                0x01, 0xa3, 0x23, 0x30, 0x21, 0x30, 0x0f, 0x06, 0x03, 0x55,
00233                0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01,
00234                0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01,
00235                0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x0d,
00236                0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
00237                0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x5d, 0x3c, 0xb3,
00238                0x52, 0x19, 0xa6, 0x9e, 0x4a, 0x44, 0x98, 0xbf, 0x51, 0x20,
00239                0x47, 0x0a, 0xf3, 0x26, 0x1a, 0xcc, 0x35, 0x2f, 0xc9, 0xed,
00240                0xe0, 0x9d, 0x46, 0xeb, 0xbc, 0x7e, 0xc9, 0xb9, 0x1d, 0x76,
00241                0xa4, 0x1d, 0xc2, 0xd9, 0x16, 0x29, 0x77, 0x01, 0x40, 0xdd,
00242                0xe5, 0xcb, 0x28, 0x91, 0x3a, 0x0c, 0x13, 0x01, 0x1b, 0x72,
00243                0x62, 0x45, 0x27, 0xfd, 0xd7, 0x00, 0x47, 0x36, 0x09, 0x1e,
00244                0x7b, 0xd2, 0xcb, 0x95, 0x3d, 0x28, 0x82, 0xce, 0x83, 0x59,
00245                0x32, 0xf9, 0xe6, 0xec, 0x89, 0xac, 0x88, 0x45, 0x22, 0x88,
00246                0x6f, 0x5e, 0xa2, 0x79, 0x95, 0xba, 0xb9, 0xc9, 0xb6, 0x4c,
00247                0x7c, 0xb4, 0x29, 0xa1, 0x02, 0xf5, 0xac, 0x5d, 0x8e, 0x52,
00248                0xeb, 0xe8, 0xb1, 0x56, 0x49, 0xb3, 0x77, 0x62, 0x7d, 0x87,
00249                0x4d, 0x17, 0xf2, 0x62, 0x83, 0x08, 0x59, 0x21, 0x60, 0x0d,
00250                0x84, 0x8e, 0x5a, 0x84, 0xf6 ),
00251         FINGERPRINT ( 0x88, 0x70, 0xbf, 0xf0, 0xd6, 0x09, 0x03, 0x3a,
00252                       0xe1, 0x80, 0xa7, 0xa5, 0x5c, 0x3e, 0xe1, 0x05,
00253                       0x38, 0x97, 0xde, 0xe1, 0xe9, 0x74, 0x55, 0xb1,
00254                       0x1e, 0x59, 0x69, 0x44, 0x42, 0x1b, 0xc8, 0xff ) );
00255 
00256 /*
00257  * subject      iPXE self-test leaf CA
00258  * issuer       iPXE self-test intermediate CA
00259  */
00260 CERTIFICATE ( leaf_crt,
00261         DATA ( 0x30, 0x82, 0x02, 0xb6, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03,
00262                0x02, 0x01, 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09,
00263                0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,
00264                0x00, 0x30, 0x81, 0x90, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
00265                0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30,
00266                0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61,
00267                0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69,
00268                0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
00269                0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
00270                0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
00271                0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73,
00272                0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
00273                0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69,
00274                0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x27, 0x30,
00275                0x25, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1e, 0x69, 0x50,
00276                0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65,
00277                0x73, 0x74, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65,
00278                0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x43, 0x41, 0x30, 0x1e,
00279                0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32, 0x32, 0x30, 0x30,
00280                0x30, 0x31, 0x33, 0x33, 0x5a, 0x17, 0x0d, 0x31, 0x34, 0x31,
00281                0x32, 0x31, 0x37, 0x30, 0x30, 0x30, 0x31, 0x33, 0x33, 0x5a,
00282                0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
00283                0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30, 0x15,
00284                0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d,
00285                0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69, 0x72,
00286                0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07,
00287                0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67,
00288                0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a,
00289                0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74,
00290                0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30,
00291                0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70,
00292                0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30, 0x1d,
00293                0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50, 0x58,
00294                0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65, 0x73,
00295                0x74, 0x20, 0x6c, 0x65, 0x61, 0x66, 0x20, 0x43, 0x41, 0x30,
00296                0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
00297                0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d,
00298                0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xc3, 0x55,
00299                0xad, 0xdf, 0x7b, 0xd1, 0x48, 0xc3, 0xd3, 0x02, 0x54, 0x6c,
00300                0x92, 0x45, 0x22, 0x3d, 0x90, 0xd8, 0xc7, 0x13, 0xcd, 0xc1,
00301                0x59, 0xc6, 0xe0, 0xad, 0x0e, 0xe6, 0xdb, 0x3b, 0xe8, 0x63,
00302                0xea, 0x4e, 0xb6, 0xea, 0x50, 0xea, 0x6e, 0x33, 0x9d, 0x28,
00303                0x25, 0x42, 0x49, 0xd0, 0xf0, 0xed, 0xc5, 0x5b, 0x6b, 0x4a,
00304                0xe7, 0x45, 0xfa, 0xd3, 0x3f, 0xae, 0xde, 0x5a, 0x90, 0xab,
00305                0xf1, 0x61, 0x2f, 0x40, 0x5e, 0xcf, 0x8b, 0x0b, 0x10, 0x59,
00306                0xa9, 0xd0, 0x1e, 0x0f, 0x18, 0x6b, 0x92, 0xd8, 0x9f, 0x58,
00307                0x10, 0x84, 0xb6, 0x15, 0xe8, 0x5b, 0xc4, 0xa0, 0x3e, 0x49,
00308                0x8b, 0xea, 0xdd, 0xa9, 0x7e, 0x32, 0x26, 0x9a, 0x68, 0x44,
00309                0xf0, 0x30, 0xca, 0x2a, 0xd6, 0x19, 0x7a, 0x80, 0xfd, 0xd7,
00310                0xfc, 0xc7, 0x5d, 0xe7, 0x61, 0xd2, 0x3f, 0x1f, 0x2c, 0x40,
00311                0x70, 0x7b, 0x34, 0xcb, 0x08, 0xa9, 0x02, 0x03, 0x01, 0x00,
00312                0x01, 0xa3, 0x26, 0x30, 0x24, 0x30, 0x12, 0x06, 0x03, 0x55,
00313                0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01,
00314                0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55,
00315                0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02,
00316                0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
00317                0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00,
00318                0x40, 0xd2, 0x70, 0x02, 0x08, 0x19, 0xa0, 0xb8, 0x8d, 0x9d,
00319                0x3d, 0x62, 0x41, 0x90, 0x2a, 0x36, 0x4a, 0x8b, 0x21, 0x42,
00320                0x9a, 0xb4, 0xc5, 0xf8, 0x79, 0x17, 0xd7, 0x64, 0x4d, 0xbf,
00321                0x8f, 0x6a, 0x04, 0x54, 0x7a, 0x0b, 0xd4, 0xb5, 0x0e, 0xab,
00322                0xf7, 0xb7, 0x06, 0x2b, 0xf8, 0xde, 0x87, 0xb2, 0x37, 0x3b,
00323                0x95, 0x01, 0xba, 0x9f, 0x8f, 0xec, 0x0a, 0x86, 0xca, 0x51,
00324                0xb6, 0x25, 0x73, 0x2f, 0xa1, 0x66, 0xc8, 0x7a, 0x5e, 0x51,
00325                0xbd, 0x49, 0xb5, 0x75, 0xda, 0xea, 0xe5, 0xeb, 0x5d, 0xe3,
00326                0xb0, 0xad, 0x49, 0x9f, 0x8b, 0xfd, 0x89, 0xb3, 0xb7, 0xb2,
00327                0x4c, 0x7d, 0x8a, 0x29, 0xb2, 0xbe, 0x04, 0xef, 0x9c, 0x73,
00328                0x3c, 0xea, 0xa3, 0x9f, 0x07, 0x66, 0x5a, 0x2f, 0x38, 0xad,
00329                0x1a, 0xeb, 0xe1, 0xb0, 0x62, 0x14, 0x55, 0xdc, 0x8c, 0x83,
00330                0xbb, 0xc7, 0x13, 0x04, 0x41, 0x54, 0xf1, 0x45 ),
00331         FINGERPRINT ( 0xca, 0xcf, 0xea, 0x98, 0x3d, 0x71, 0xb6, 0x9d,
00332                       0x4f, 0x5b, 0x84, 0x5e, 0xaa, 0x8e, 0xae, 0x63,
00333                       0x0e, 0xad, 0x52, 0xe8, 0xc7, 0x51, 0x81, 0x07,
00334                       0xd1, 0xa1, 0x66, 0xdb, 0xd5, 0x62, 0xe1, 0xe6 ) );
00335 
00336 /*
00337  * subject      iPXE self-test useless CA
00338  * issuer       iPXE self-test leaf CA
00339  */
00340 CERTIFICATE ( useless_crt,
00341         DATA ( 0x30, 0x82, 0x02, 0xae, 0x30, 0x82, 0x02, 0x17, 0xa0, 0x03,
00342                0x02, 0x01, 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09,
00343                0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,
00344                0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
00345                0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30,
00346                0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61,
00347                0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69,
00348                0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
00349                0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
00350                0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
00351                0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73,
00352                0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
00353                0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69,
00354                0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30,
00355                0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50,
00356                0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65,
00357                0x73, 0x74, 0x20, 0x6c, 0x65, 0x61, 0x66, 0x20, 0x43, 0x41,
00358                0x30, 0x1e, 0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32, 0x32,
00359                0x30, 0x30, 0x30, 0x31, 0x33, 0x34, 0x5a, 0x17, 0x0d, 0x31,
00360                0x34, 0x31, 0x32, 0x31, 0x37, 0x30, 0x30, 0x30, 0x31, 0x33,
00361                0x34, 0x5a, 0x30, 0x81, 0x8b, 0x31, 0x0b, 0x30, 0x09, 0x06,
00362                0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17,
00363                0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43,
00364                0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68,
00365                0x69, 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
00366                0x04, 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69,
00367                0x64, 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
00368                0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79,
00369                0x73, 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31,
00370                0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08,
00371                0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22,
00372                0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x19, 0x69,
00373                0x50, 0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74,
00374                0x65, 0x73, 0x74, 0x20, 0x75, 0x73, 0x65, 0x6c, 0x65, 0x73,
00375                0x73, 0x20, 0x43, 0x41, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06,
00376                0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
00377                0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
00378                0x81, 0x81, 0x00, 0xbe, 0x7f, 0x5a, 0x07, 0x7c, 0x61, 0xc2,
00379                0x3a, 0x7e, 0xe3, 0x94, 0xcb, 0xe9, 0xc3, 0x4c, 0x6f, 0x8d,
00380                0x5c, 0x4a, 0xf0, 0xc2, 0x13, 0x54, 0x09, 0x39, 0xa8, 0xf9,
00381                0xc2, 0xc3, 0xdd, 0xbe, 0x42, 0x99, 0xa6, 0xe1, 0x58, 0x0a,
00382                0xd5, 0x89, 0x12, 0xa6, 0xd6, 0x4e, 0xfb, 0x6c, 0xe5, 0xab,
00383                0xff, 0x40, 0x52, 0xcc, 0x1e, 0x63, 0x10, 0xd7, 0xfe, 0x49,
00384                0xf3, 0x86, 0x29, 0x58, 0x6a, 0x90, 0xe4, 0xe2, 0x56, 0x85,
00385                0x14, 0x7d, 0xa5, 0xf8, 0xe0, 0x7e, 0x96, 0x88, 0xd9, 0x23,
00386                0xe5, 0x44, 0x72, 0xa9, 0x5a, 0xbb, 0x76, 0x6b, 0x59, 0x3e,
00387                0x85, 0xd4, 0xe7, 0xb2, 0x31, 0x32, 0xea, 0x40, 0x1f, 0xce,
00388                0xfb, 0xb1, 0x91, 0xee, 0x86, 0x91, 0x3e, 0xa4, 0x86, 0xa4,
00389                0xe9, 0x74, 0xd7, 0x14, 0x8c, 0xb6, 0xb4, 0xc0, 0x08, 0xbb,
00390                0xc8, 0x38, 0xc3, 0x96, 0x3d, 0x85, 0xcf, 0xef, 0x94, 0x52,
00391                0x29, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x23, 0x30, 0x21,
00392                0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
00393                0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06,
00394                0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03,
00395                0x02, 0x02, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
00396                0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81,
00397                0x81, 0x00, 0x50, 0x59, 0xfb, 0x9d, 0x4d, 0xfe, 0x0e, 0x5b,
00398                0xc4, 0x51, 0xe9, 0xe8, 0xa4, 0xf5, 0x2f, 0x32, 0x8b, 0x06,
00399                0x78, 0xbe, 0xf1, 0x18, 0xc5, 0x6f, 0xd9, 0x20, 0xee, 0xb7,
00400                0x51, 0x40, 0xaf, 0xf3, 0x3c, 0xe4, 0x74, 0x00, 0xa4, 0x63,
00401                0x3b, 0x37, 0xe1, 0xef, 0x80, 0xdc, 0xd5, 0x90, 0xed, 0xba,
00402                0x91, 0x86, 0x7f, 0x97, 0x5d, 0x3e, 0x8f, 0x29, 0xcc, 0x57,
00403                0xee, 0x79, 0x15, 0x6b, 0xe3, 0xd1, 0x25, 0x14, 0x24, 0xdf,
00404                0xbf, 0x38, 0xee, 0xe3, 0x8a, 0x88, 0x19, 0x0f, 0xc8, 0x10,
00405                0xae, 0x27, 0x99, 0xa8, 0x35, 0x47, 0xc9, 0xfb, 0x92, 0x47,
00406                0xa2, 0x36, 0x2a, 0x8c, 0x26, 0x12, 0xb1, 0x0d, 0x46, 0xe2,
00407                0xdc, 0x33, 0x29, 0x0c, 0x32, 0xcf, 0x22, 0x49, 0xde, 0xc3,
00408                0x55, 0x2a, 0xba, 0xdd, 0xe3, 0x98, 0xc0, 0xe4, 0x9a, 0xa2,
00409                0xe5, 0x43, 0x04, 0x32, 0xd3, 0x50, 0x7d, 0x9c, 0x71, 0x23 ),
00410         FINGERPRINT ( 0xda, 0xbf, 0xd3, 0x5e, 0x2e, 0x29, 0xa9, 0xfd,
00411                       0x4d, 0x40, 0xba, 0xb8, 0xdd, 0x66, 0x93, 0x4c,
00412                       0x10, 0xea, 0x5b, 0x07, 0xa6, 0xe2, 0x27, 0x63,
00413                       0x2e, 0xfe, 0x01, 0x63, 0x7c, 0xea, 0xc6, 0xd0 ) );
00414 
00415 /*
00416  * subject      boot.test.ipxe.org
00417  * issuer       iPXE self-test leaf CA
00418  */
00419 CERTIFICATE ( server_crt,
00420         DATA ( 0x30, 0x82, 0x02, 0xd2, 0x30, 0x82, 0x02, 0x3b, 0xa0, 0x03,
00421                0x02, 0x01, 0x02, 0x02, 0x01, 0x1e, 0x30, 0x0d, 0x06, 0x09,
00422                0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,
00423                0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
00424                0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30,
00425                0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61,
00426                0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69,
00427                0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
00428                0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
00429                0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
00430                0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73,
00431                0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
00432                0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69,
00433                0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30,
00434                0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50,
00435                0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65,
00436                0x73, 0x74, 0x20, 0x6c, 0x65, 0x61, 0x66, 0x20, 0x43, 0x41,
00437                0x30, 0x1e, 0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x30, 0x35,
00438                0x31, 0x33, 0x34, 0x35, 0x30, 0x35, 0x5a, 0x17, 0x0d, 0x31,
00439                0x33, 0x30, 0x33, 0x30, 0x35, 0x31, 0x33, 0x34, 0x35, 0x30,
00440                0x35, 0x5a, 0x30, 0x81, 0x84, 0x31, 0x0b, 0x30, 0x09, 0x06,
00441                0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17,
00442                0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43,
00443                0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68,
00444                0x69, 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
00445                0x04, 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69,
00446                0x64, 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
00447                0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79,
00448                0x73, 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31,
00449                0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08,
00450                0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1b,
00451                0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x12, 0x62,
00452                0x6f, 0x6f, 0x74, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x69,
00453                0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x81, 0x9f,
00454                0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
00455                0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30,
00456                0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xac, 0x7b, 0x54, 0xc1,
00457                0x97, 0x4d, 0x56, 0xbd, 0xb2, 0x52, 0xb3, 0x5c, 0x1b, 0x28,
00458                0xae, 0x91, 0x33, 0xf0, 0xc8, 0xc2, 0x3c, 0x7d, 0xe8, 0x95,
00459                0x72, 0xaf, 0xfe, 0xa1, 0x68, 0xe1, 0xbd, 0xe2, 0x9d, 0x4c,
00460                0xe8, 0x95, 0x56, 0x94, 0xce, 0x47, 0x57, 0x1b, 0xb1, 0x08,
00461                0xa1, 0x5b, 0x02, 0x8f, 0x56, 0x75, 0x1e, 0x4f, 0xfd, 0xc5,
00462                0x87, 0x5c, 0x1c, 0x3f, 0xab, 0x4f, 0xba, 0x25, 0x14, 0x6d,
00463                0xe3, 0xa2, 0x47, 0x33, 0xd0, 0x78, 0x63, 0xcc, 0x11, 0x37,
00464                0x08, 0x73, 0x25, 0x42, 0x20, 0xa9, 0x57, 0x29, 0xeb, 0x44,
00465                0x80, 0x0d, 0xe6, 0x76, 0x4b, 0x02, 0x8b, 0x67, 0xb2, 0x99,
00466                0xfe, 0xb3, 0x44, 0x62, 0xdf, 0x34, 0x0e, 0xf3, 0xe2, 0x17,
00467                0x42, 0x8f, 0x36, 0x42, 0x5a, 0x1c, 0x03, 0x3e, 0x06, 0x0d,
00468                0x5e, 0x08, 0x52, 0xd1, 0x06, 0xfb, 0xa9, 0xdb, 0x13, 0x15,
00469                0x08, 0x6d, 0x03, 0x85, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3,
00470                0x4e, 0x30, 0x4c, 0x30, 0x4a, 0x06, 0x03, 0x55, 0x1d, 0x11,
00471                0x04, 0x43, 0x30, 0x41, 0x82, 0x12, 0x64, 0x65, 0x6d, 0x6f,
00472                0x2e, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x69, 0x70, 0x78, 0x65,
00473                0x2e, 0x6f, 0x72, 0x67, 0x82, 0x13, 0x2a, 0x2e, 0x61, 0x6c,
00474                0x74, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x69, 0x70, 0x78,
00475                0x65, 0x2e, 0x6f, 0x72, 0x67, 0x87, 0x04, 0xc0, 0xa8, 0x00,
00476                0x01, 0x87, 0x10, 0xfe, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
00477                0x00, 0x00, 0x00, 0x69, 0xff, 0xfe, 0x50, 0x58, 0x45, 0x30,
00478                0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
00479                0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x63, 0x83,
00480                0xf5, 0xde, 0xf7, 0x59, 0x81, 0xd3, 0x34, 0x61, 0xfd, 0x2c,
00481                0x0c, 0xec, 0x1c, 0x25, 0xd2, 0x2c, 0xe8, 0x90, 0x4f, 0x34,
00482                0x43, 0x2c, 0x86, 0x18, 0x9e, 0x66, 0x26, 0x0d, 0x02, 0x2a,
00483                0xea, 0x28, 0xc6, 0xbb, 0x51, 0x02, 0xbe, 0x8f, 0x51, 0x50,
00484                0xc7, 0x04, 0x49, 0x97, 0xb9, 0xd4, 0xa5, 0x74, 0x39, 0xaa,
00485                0x22, 0xbb, 0x4e, 0x46, 0x57, 0x15, 0x0e, 0xcf, 0x64, 0x60,
00486                0xc8, 0x13, 0xdf, 0x82, 0x09, 0x3b, 0x92, 0xf5, 0x69, 0x80,
00487                0xd2, 0x5e, 0x53, 0x9d, 0x3a, 0xcd, 0x9e, 0x81, 0xa1, 0xbd,
00488                0x5b, 0x66, 0x89, 0x4d, 0xf7, 0xa4, 0xd6, 0x92, 0xe4, 0xe1,
00489                0x80, 0x87, 0xfa, 0xa5, 0x47, 0x25, 0x9c, 0x35, 0x77, 0xa5,
00490                0x11, 0x1b, 0x48, 0x4c, 0x5e, 0x5e, 0x2f, 0xc7, 0xf8, 0x78,
00491                0x4c, 0x36, 0x41, 0xfb, 0x91, 0x5d, 0xf6, 0x43, 0x99, 0x7c,
00492                0xcd, 0x7f, 0x27, 0x4c, 0x75, 0xca ),
00493         FINGERPRINT ( 0x82, 0xd3, 0xa0, 0x4c, 0x0d, 0x7d, 0x3c, 0xb1,
00494                       0x90, 0x63, 0xd8, 0xef, 0x1e, 0xd2, 0xdd, 0x10,
00495                       0xd5, 0x89, 0x40, 0x35, 0xb9, 0x5e, 0x98, 0x44,
00496                       0x30, 0xa2, 0x48, 0x9a, 0xb8, 0x2f, 0xcf, 0xe3 ) );
00497 
00498 /*
00499  * subject      not.a.ca.test.ipxe.org
00500  * issuer       boot.test.ipxe.org
00501  */
00502 CERTIFICATE ( not_ca_crt,
00503         DATA ( 0x30, 0x82, 0x02, 0x7d, 0x30, 0x82, 0x01, 0xe6, 0x02, 0x01,
00504                0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
00505                0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, 0x84, 0x31,
00506                0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
00507                0x47, 0x42, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04,
00508                0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
00509                0x67, 0x65, 0x73, 0x68, 0x69, 0x72, 0x65, 0x31, 0x12, 0x30,
00510                0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09, 0x43, 0x61,
00511                0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x31, 0x18, 0x30,
00512                0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65,
00513                0x6e, 0x20, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x73, 0x20,
00514                0x4c, 0x74, 0x64, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55,
00515                0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f,
00516                0x72, 0x67, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04,
00517                0x03, 0x0c, 0x12, 0x62, 0x6f, 0x6f, 0x74, 0x2e, 0x74, 0x65,
00518                0x73, 0x74, 0x2e, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72,
00519                0x67, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32,
00520                0x32, 0x30, 0x30, 0x30, 0x31, 0x33, 0x34, 0x5a, 0x17, 0x0d,
00521                0x31, 0x33, 0x30, 0x33, 0x32, 0x32, 0x30, 0x30, 0x30, 0x31,
00522                0x33, 0x34, 0x5a, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09,
00523                0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31,
00524                0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e,
00525                0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73,
00526                0x68, 0x69, 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03,
00527                0x55, 0x04, 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72,
00528                0x69, 0x64, 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
00529                0x55, 0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53,
00530                0x79, 0x73, 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64,
00531                0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
00532                0x08, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31,
00533                0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16,
00534                0x6e, 0x6f, 0x74, 0x2e, 0x61, 0x2e, 0x63, 0x61, 0x2e, 0x74,
00535                0x65, 0x73, 0x74, 0x2e, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f,
00536                0x72, 0x67, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a,
00537                0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00,
00538                0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81,
00539                0x00, 0xc3, 0x5b, 0x6d, 0xb3, 0x8d, 0x74, 0x9c, 0x1d, 0xbd,
00540                0x94, 0x41, 0xa2, 0x42, 0x96, 0x3c, 0x41, 0x82, 0xc0, 0xf1,
00541                0x95, 0xbf, 0xc5, 0x34, 0x92, 0x92, 0xa3, 0xed, 0xed, 0x5c,
00542                0x07, 0xaa, 0xb4, 0xc1, 0x66, 0xbb, 0xa6, 0xd1, 0xd9, 0x78,
00543                0x93, 0xf1, 0x9c, 0x3e, 0x13, 0x3a, 0xee, 0x74, 0x31, 0xeb,
00544                0x55, 0x86, 0xa5, 0x43, 0x8a, 0x5d, 0x0c, 0x2c, 0x0d, 0xfb,
00545                0x91, 0x9e, 0x31, 0x22, 0xbe, 0x96, 0xb5, 0x0e, 0x44, 0xc8,
00546                0x5b, 0x65, 0xb2, 0xf5, 0xec, 0x2a, 0x51, 0xed, 0x8f, 0x28,
00547                0xd8, 0xb2, 0x4b, 0x45, 0x39, 0x31, 0x1f, 0x11, 0xb7, 0x12,
00548                0xe3, 0xc6, 0xb2, 0xd2, 0x8d, 0x50, 0xd5, 0xf4, 0xd2, 0x71,
00549                0x77, 0xc9, 0x4c, 0x67, 0xee, 0xf7, 0xdc, 0xdb, 0x68, 0xa6,
00550                0xac, 0x33, 0xd4, 0xb2, 0x12, 0x61, 0x5c, 0xae, 0x4c, 0x2e,
00551                0x26, 0xe8, 0xdf, 0x46, 0x3a, 0x05, 0xaf, 0xeb, 0x0d, 0x02,
00552                0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
00553                0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03,
00554                0x81, 0x81, 0x00, 0x90, 0x3e, 0x16, 0x27, 0x2f, 0x4e, 0x4b,
00555                0x31, 0x0e, 0xae, 0x31, 0x9d, 0x64, 0x88, 0x9f, 0xce, 0xd8,
00556                0x22, 0x51, 0x9d, 0xd9, 0x2b, 0xfe, 0xed, 0x75, 0xbe, 0xec,
00557                0x5a, 0x73, 0xaf, 0x6c, 0xa5, 0x5e, 0xd1, 0x15, 0x9a, 0x08,
00558                0xcf, 0x4d, 0x41, 0x78, 0x48, 0xb4, 0x29, 0xf1, 0xf7, 0x63,
00559                0x9b, 0x11, 0x91, 0x16, 0x94, 0x55, 0xff, 0xeb, 0xe9, 0x6f,
00560                0x0a, 0x34, 0x89, 0xed, 0xf2, 0xd1, 0x79, 0x91, 0x9d, 0xe5,
00561                0x73, 0x48, 0x68, 0x7f, 0x9b, 0xf4, 0x94, 0x80, 0x29, 0xbb,
00562                0x2f, 0xac, 0x6c, 0xf7, 0x6a, 0x43, 0xcc, 0x40, 0x34, 0x85,
00563                0xc8, 0xa1, 0x6d, 0x16, 0x36, 0x65, 0x3f, 0x93, 0x60, 0xc1,
00564                0x64, 0x33, 0x91, 0xa1, 0x8f, 0x86, 0x8c, 0xce, 0x14, 0x19,
00565                0x72, 0x28, 0xef, 0x94, 0x3d, 0x09, 0xb8, 0x3b, 0x39, 0xe8,
00566                0xd1, 0x66, 0x2b, 0x38, 0xb4, 0x46, 0x50, 0xf4, 0xcd, 0xc4,
00567                0x9a ),
00568         FINGERPRINT ( 0x37, 0x6b, 0xc2, 0x20, 0xa9, 0xbc, 0xe2, 0x83,
00569                       0x99, 0x60, 0x06, 0x2e, 0xaf, 0x94, 0xfe, 0xb0,
00570                       0x1a, 0x2c, 0x17, 0x47, 0x1e, 0xc0, 0xd1, 0x66,
00571                       0xb6, 0x76, 0xeb, 0x1c, 0x07, 0xae, 0x72, 0xf2 ) );
00572 
00573 /*
00574  * subject      bad.path.len.test.ipxe.org
00575  * issuer       iPXE self-test useless CA
00576  */
00577 CERTIFICATE ( bad_path_len_crt,
00578         DATA ( 0x30, 0x82, 0x02, 0x88, 0x30, 0x82, 0x01, 0xf1, 0x02, 0x01,
00579                0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
00580                0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, 0x8b, 0x31,
00581                0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
00582                0x47, 0x42, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04,
00583                0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
00584                0x67, 0x65, 0x73, 0x68, 0x69, 0x72, 0x65, 0x31, 0x12, 0x30,
00585                0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09, 0x43, 0x61,
00586                0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x31, 0x18, 0x30,
00587                0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65,
00588                0x6e, 0x20, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x73, 0x20,
00589                0x4c, 0x74, 0x64, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55,
00590                0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f,
00591                0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04,
00592                0x03, 0x0c, 0x19, 0x69, 0x50, 0x58, 0x45, 0x20, 0x73, 0x65,
00593                0x6c, 0x66, 0x2d, 0x74, 0x65, 0x73, 0x74, 0x20, 0x75, 0x73,
00594                0x65, 0x6c, 0x65, 0x73, 0x73, 0x20, 0x43, 0x41, 0x30, 0x1e,
00595                0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32, 0x32, 0x30, 0x30,
00596                0x30, 0x31, 0x33, 0x34, 0x5a, 0x17, 0x0d, 0x31, 0x33, 0x30,
00597                0x33, 0x32, 0x32, 0x30, 0x30, 0x30, 0x31, 0x33, 0x34, 0x5a,
00598                0x30, 0x81, 0x8c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
00599                0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30, 0x15,
00600                0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d,
00601                0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69, 0x72,
00602                0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07,
00603                0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67,
00604                0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a,
00605                0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74,
00606                0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30,
00607                0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70,
00608                0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x23, 0x30, 0x21,
00609                0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1a, 0x62, 0x61, 0x64,
00610                0x2e, 0x70, 0x61, 0x74, 0x68, 0x2e, 0x6c, 0x65, 0x6e, 0x2e,
00611                0x74, 0x65, 0x73, 0x74, 0x2e, 0x69, 0x70, 0x78, 0x65, 0x2e,
00612                0x6f, 0x72, 0x67, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09,
00613                0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
00614                0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81,
00615                0x81, 0x00, 0xed, 0xf1, 0xe3, 0xb2, 0x61, 0x68, 0xa0, 0xd5,
00616                0x43, 0xfe, 0xad, 0xee, 0xfb, 0x8e, 0x2c, 0xf0, 0x44, 0xaf,
00617                0x0a, 0x3c, 0x87, 0xc2, 0x56, 0x9b, 0x66, 0x15, 0xc6, 0xbc,
00618                0x5b, 0x96, 0xef, 0xa1, 0x49, 0xd6, 0xe7, 0xeb, 0xb8, 0xf6,
00619                0x3d, 0x62, 0xf5, 0x51, 0xfd, 0xb1, 0xa5, 0x4e, 0x92, 0x7c,
00620                0x7a, 0x31, 0x1b, 0xb8, 0x21, 0x5c, 0xfe, 0x0b, 0x4e, 0x58,
00621                0xd6, 0xd0, 0x8b, 0x81, 0x00, 0x4a, 0xf8, 0xf7, 0x2a, 0xc9,
00622                0xea, 0xfa, 0x9c, 0xc9, 0x33, 0x0b, 0xc4, 0xce, 0x96, 0x4c,
00623                0x30, 0x6e, 0xf0, 0x07, 0xfa, 0x1b, 0x94, 0x1f, 0xe3, 0x3b,
00624                0xb2, 0x7d, 0x31, 0x1a, 0x37, 0x64, 0xe2, 0xc3, 0xf1, 0xe5,
00625                0xb9, 0xcc, 0xd1, 0x02, 0xae, 0x16, 0x39, 0x9b, 0xfc, 0x55,
00626                0xca, 0xdd, 0x33, 0x92, 0xe3, 0x12, 0x40, 0xc5, 0x32, 0x51,
00627                0x62, 0xac, 0x3a, 0xc0, 0x17, 0x36, 0xd0, 0x27, 0x3d, 0xbb,
00628                0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a,
00629                0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00,
00630                0x03, 0x81, 0x81, 0x00, 0x07, 0x53, 0x2a, 0x80, 0xd6, 0x25,
00631                0x10, 0x37, 0xce, 0x3b, 0x87, 0x87, 0xfc, 0xae, 0xe2, 0x2a,
00632                0x28, 0x3f, 0xf7, 0xa6, 0x32, 0x5b, 0x06, 0xbd, 0x4f, 0x34,
00633                0x6b, 0x47, 0x8a, 0x4b, 0x47, 0x51, 0xe8, 0x45, 0x69, 0xe3,
00634                0xf3, 0xdf, 0xa4, 0x25, 0x8f, 0x34, 0xbe, 0xe5, 0x2c, 0xa4,
00635                0x6c, 0x8c, 0x6e, 0x02, 0x74, 0x23, 0x43, 0x21, 0x4d, 0xe3,
00636                0x75, 0x93, 0x8e, 0xa8, 0x2c, 0x54, 0xba, 0x35, 0xe7, 0xab,
00637                0x44, 0xfa, 0x07, 0x7a, 0x18, 0xb4, 0xa7, 0xce, 0xfa, 0xa6,
00638                0x74, 0x5a, 0x45, 0x2c, 0x6f, 0x86, 0x34, 0x8f, 0x4a, 0x09,
00639                0xe0, 0xf3, 0x4f, 0x37, 0xbb, 0xa3, 0xa0, 0xcb, 0xad, 0x6b,
00640                0xc1, 0x16, 0x06, 0xdf, 0x83, 0x98, 0xaf, 0xa8, 0xc3, 0xa0,
00641                0x5f, 0x33, 0x09, 0x01, 0x12, 0xbd, 0xd3, 0x45, 0x9f, 0x5f,
00642                0x96, 0x93, 0xe9, 0x69, 0xe9, 0xb1, 0x8a, 0xe4, 0x94, 0xce,
00643                0xe4, 0x8d ),
00644         FINGERPRINT ( 0xb6, 0x80, 0x84, 0xf1, 0x45, 0x55, 0x1f, 0xbc,
00645                       0x15, 0xa6, 0xd8, 0x4b, 0xf3, 0x19, 0x65, 0xef,
00646                       0x53, 0x5a, 0xc8, 0x99, 0xe5, 0xdf, 0x79, 0x07,
00647                       0x00, 0x2c, 0x9f, 0x49, 0x91, 0x21, 0xeb, 0xfc ) );
00648 
00649 /** Valid certificate chain up to boot.test.ipxe.org */
00650 CHAIN ( server_chain, &server_crt, &leaf_crt, &intermediate_crt, &root_crt );
00651 
00652 /** Broken certificate chain up to boot.test.ipxe.org */
00653 CHAIN ( broken_server_chain, &server_crt, &leaf_crt, &root_crt );
00654 
00655 /** Incomplete certificate chain up to boot.test.ipxe.org */
00656 CHAIN ( incomplete_server_chain, &server_crt, &leaf_crt, &intermediate_crt );
00657 
00658 /** Non-functional certificate chain up to not_ca.test.ipxe.org */
00659 CHAIN ( not_ca_chain,
00660         &not_ca_crt, &server_crt, &leaf_crt, &intermediate_crt, &root_crt );
00661 
00662 /** Valid certificate chain up to iPXE self-test useless CA */
00663 CHAIN ( useless_chain, &useless_crt, &leaf_crt, &intermediate_crt, &root_crt );
00664 
00665 /** Non-functional certificate chain up to bad.path.len.test.ipxe.org */
00666 CHAIN ( bad_path_len_chain, &bad_path_len_crt, &useless_crt, &leaf_crt,
00667         &intermediate_crt, &root_crt );
00668 
00669 /** Empty certificate store */
00670 static struct x509_chain empty_store = {
00671         .refcnt = REF_INIT ( ref_no_free ),
00672         .links = LIST_HEAD_INIT ( empty_store.links ),
00673 };
00674 
00675 /** Root certificate list containing the iPXE self-test root CA */
00676 static struct x509_root test_root = {
00677         .digest = &x509_test_algorithm,
00678         .count = 1,
00679         .fingerprints = root_crt_fingerprint,
00680 };
00681 
00682 /** Root certificate list containing the iPXE self-test intermediate CA */
00683 static struct x509_root intermediate_root = {
00684         .digest = &x509_test_algorithm,
00685         .count = 1,
00686         .fingerprints = intermediate_crt_fingerprint,
00687 };
00688 
00689 /** Dummy fingerprint (not matching any certificates) */
00690 static uint8_t dummy_fingerprint[] =
00691         FINGERPRINT ( 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
00692                       0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
00693                       0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
00694                       0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff );
00695 
00696 /** Certificate store containing a dummy fingerprint */
00697 static struct x509_root dummy_root = {
00698         .digest = &x509_test_algorithm,
00699         .count = 1,
00700         .fingerprints = dummy_fingerprint,
00701 };
00702 
00703 /** Time at which all test certificates are valid */
00704 static time_t test_time = 1332374737ULL; /* Thu Mar 22 00:05:37 2012 */
00705 
00706 /** Time at which end-entity test certificates are invalid */
00707 static time_t test_expired = 1375573111ULL; /* Sat Aug  3 23:38:31 2013 */
00708 
00709 /** Time at which CA test certificates are invalid */
00710 static time_t test_ca_expired = 2205014905ULL; /* Wed Nov 16 00:08:25 2039 */
00711 
00712 /**
00713  * Report certificate parsing test result
00714  *
00715  * @v crt               Test certificate
00716  * @v file              Test code file
00717  * @v line              Test code line
00718  */
00719 static void x509_certificate_okx ( struct x509_test_certificate *crt,
00720                                    const char *file, unsigned int line ) {
00721 
00722         okx ( x509_certificate ( crt->data, crt->len, &crt->cert ) == 0,
00723               file, line );
00724 }
00725 #define x509_certificate_ok( crt ) \
00726         x509_certificate_okx ( crt, __FILE__, __LINE__ )
00727 
00728 /**
00729  * Report cached certificate parsing test result
00730  *
00731  * @v crt               Test certificate
00732  * @v file              Test code file
00733  * @v line              Test code line
00734  */
00735 static void x509_cached_okx ( struct x509_test_certificate *crt,
00736                               const char *file, unsigned int line ) {
00737         struct x509_certificate *temp;
00738 
00739         okx ( x509_certificate ( crt->data, crt->len, &temp ) == 0,
00740               file, line );
00741         okx ( temp == crt->cert, file, line );
00742         x509_put ( temp );
00743 }
00744 #define x509_cached_ok( crt ) x509_cached_okx ( crt, __FILE__, __LINE__ )
00745 
00746 /**
00747  * Report certificate fingerprint test result
00748  *
00749  * @v crt               Test certificate
00750  * @v file              Test code file
00751  * @v line              Test code line
00752  */
00753 static void x509_fingerprint_okx ( struct x509_test_certificate *crt,
00754                                    const char *file, unsigned int line ) {
00755         uint8_t fingerprint[ x509_test_algorithm.digestsize ];
00756 
00757         x509_fingerprint ( crt->cert, &x509_test_algorithm, fingerprint );
00758         okx ( memcmp ( fingerprint, crt->fingerprint,
00759                        sizeof ( fingerprint ) ) == 0, file, line );
00760 }
00761 #define x509_fingerprint_ok( crt ) \
00762         x509_fingerprint_okx ( crt, __FILE__, __LINE__ )
00763 
00764 /**
00765  * Report certificate issuer validation test result
00766  *
00767  * @v crt               Test certificate
00768  * @v issuer            Test issuer
00769  * @v file              Test code file
00770  * @v line              Test code line
00771  */
00772 static void x509_check_issuer_okx ( struct x509_test_certificate *crt,
00773                                     struct x509_test_certificate *issuer,
00774                                     const char *file, unsigned int line ) {
00775 
00776         okx ( x509_check_issuer ( crt->cert, issuer->cert ) == 0, file, line );
00777 }
00778 #define x509_check_issuer_ok( crt, issuer ) \
00779         x509_check_issuer_okx ( crt, issuer, __FILE__, __LINE__ )
00780 
00781 /**
00782  * Report certificate issuer validation failure test result
00783  *
00784  * @v crt               Test certificate
00785  * @v issuer            Test issuer
00786  * @v file              Test code file
00787  * @v line              Test code line
00788  */
00789 static void x509_check_issuer_fail_okx ( struct x509_test_certificate *crt,
00790                                          struct x509_test_certificate *issuer,
00791                                          const char *file, unsigned int line ) {
00792 
00793         okx ( x509_check_issuer ( crt->cert, issuer->cert ) != 0,
00794               file, line );
00795 }
00796 #define x509_check_issuer_fail_ok( crt, issuer ) \
00797         x509_check_issuer_fail_okx ( crt, issuer, __FILE__, __LINE__ )
00798 
00799 /**
00800  * Report certificate root validation test result
00801  *
00802  * @v crt               Test certificate
00803  * @v root              Test root certificate store
00804  * @v file              Test code file
00805  * @v line              Test code line
00806  */
00807 static void x509_check_root_okx ( struct x509_test_certificate *crt,
00808                                   struct x509_root *root, const char *file,
00809                                   unsigned int line ) {
00810 
00811         okx ( x509_check_root ( crt->cert, root ) == 0, file, line );
00812 }
00813 #define x509_check_root_ok( crt, root ) \
00814         x509_check_root_okx ( crt, root, __FILE__, __LINE__ )
00815 
00816 /**
00817  * Report certificate root validation failure test result
00818  *
00819  * @v crt               Test certificate
00820  * @v root              Test root certificate store
00821  * @v file              Test code file
00822  * @v line              Test code line
00823  */
00824 static void x509_check_root_fail_okx ( struct x509_test_certificate *crt,
00825                                        struct x509_root *root,
00826                                        const char *file, unsigned int line ) {
00827 
00828         okx ( x509_check_root ( crt->cert, root ) != 0, file, line );
00829 }
00830 #define x509_check_root_fail_ok( crt, root ) \
00831         x509_check_root_fail_okx ( crt, root, __FILE__, __LINE__ )
00832 
00833 /**
00834  * Report certificate time validation test result
00835  *
00836  * @v crt               Test certificate
00837  * @v time              Test time
00838  * @v file              Test code file
00839  * @v line              Test code line
00840  */
00841 static void x509_check_time_okx ( struct x509_test_certificate *crt,
00842                                   time_t time, const char *file,
00843                                   unsigned int line ) {
00844 
00845         okx ( x509_check_time ( crt->cert, time ) == 0, file, line );
00846 }
00847 #define x509_check_time_ok( crt, time ) \
00848         x509_check_time_okx ( crt, time, __FILE__, __LINE__ )
00849 
00850 /**
00851  * Report certificate time validation failure test result
00852  *
00853  * @v crt               Test certificate
00854  * @v time              Test time
00855  * @v file              Test code file
00856  * @v line              Test code line
00857  */
00858 static void x509_check_time_fail_okx ( struct x509_test_certificate *crt,
00859                                        time_t time, const char *file,
00860                                        unsigned int line ) {
00861 
00862         okx ( x509_check_time ( crt->cert, time ) != 0, file, line );
00863 }
00864 #define x509_check_time_fail_ok( crt, time ) \
00865         x509_check_time_fail_okx ( crt, time, __FILE__, __LINE__ )
00866 
00867 /**
00868  * Report certificate name validation test result
00869  *
00870  * @v crt               Test certificate
00871  * @v name              Test name
00872  * @v file              Test code file
00873  * @v line              Test code line
00874  */
00875 static void x509_check_name_okx ( struct x509_test_certificate *crt,
00876                                   const char *name, const char *file,
00877                                   unsigned int line ) {
00878 
00879         okx ( x509_check_name ( crt->cert, name ) == 0, file, line );
00880 }
00881 #define x509_check_name_ok( crt, name ) \
00882         x509_check_name_okx ( crt, name, __FILE__, __LINE__ )
00883 
00884 /**
00885  * Report certificate name validation failure test result
00886  *
00887  * @v crt               Test certificate
00888  * @v name              Test name
00889  * @v file              Test code file
00890  * @v line              Test code line
00891  */
00892 static void x509_check_name_fail_okx ( struct x509_test_certificate *crt,
00893                                        const char *name, const char *file,
00894                                        unsigned int line ) {
00895 
00896         okx ( x509_check_name ( crt->cert, name ) != 0, file, line );
00897 }
00898 #define x509_check_name_fail_ok( crt, name ) \
00899         x509_check_name_fail_okx ( crt, name, __FILE__, __LINE__ )
00900 
00901 /**
00902  * Report certificate chain parsing test result
00903  *
00904  * @v chn               Test certificate chain
00905  * @v file              Test code file
00906  * @v line              Test code line
00907  */
00908 static void x509_chain_okx ( struct x509_test_chain *chn, const char *file,
00909                              unsigned int line ) {
00910         unsigned int i;
00911         struct x509_certificate *first;
00912 
00913         chn->chain = x509_alloc_chain();
00914         okx ( chn->chain != NULL, file, line );
00915         for ( i = 0 ; i < chn->count ; i++ ) {
00916                 okx ( x509_append ( chn->chain, chn->certs[i]->cert ) == 0,
00917                       file, line );
00918         }
00919         first = x509_first ( chn->chain );
00920         okx ( first != NULL, file, line );
00921         okx ( first->raw.len == chn->certs[0]->len, file, line );
00922         okx ( memcmp ( first->raw.data, chn->certs[0]->data,
00923                        first->raw.len ) == 0, file, line );
00924 }
00925 #define x509_chain_ok( chn ) \
00926         x509_chain_okx ( chn, __FILE__, __LINE__ )
00927 
00928 /**
00929  * Report certificate chain validation test result
00930  *
00931  * @v chn               Test certificate chain
00932  * @v time              Test certificate validation time
00933  * @v store             Test certificate store
00934  * @v root              Test root certificate list
00935  * @v file              Test code file
00936  * @v line              Test code line
00937  */
00938 static void x509_validate_chain_okx ( struct x509_test_chain *chn, time_t time,
00939                                       struct x509_chain *store,
00940                                       struct x509_root *root, const char *file,
00941                                       unsigned int line ) {
00942 
00943         x509_invalidate_chain ( chn->chain );
00944         okx ( x509_validate_chain ( chn->chain, time, store, root ) == 0,
00945               file, line );
00946 }
00947 #define x509_validate_chain_ok( chn, time, store, root ) \
00948         x509_validate_chain_okx ( chn, time, store, root, __FILE__, __LINE__ )
00949 
00950 /**
00951  * Report certificate chain validation failure test result
00952  *
00953  * @v chn               Test certificate chain
00954  * @v time              Test certificate validation time
00955  * @v store             Test certificate store
00956  * @v root              Test root certificate list
00957  * @v file              Test code file
00958  * @v line              Test code line
00959  */
00960 static void x509_validate_chain_fail_okx ( struct x509_test_chain *chn,
00961                                            time_t time,
00962                                            struct x509_chain *store,
00963                                            struct x509_root *root,
00964                                            const char *file,
00965                                            unsigned int line ) {
00966 
00967         x509_invalidate_chain ( chn->chain );
00968         okx ( x509_validate_chain ( chn->chain, time, store, root ) != 0,
00969               file, line );
00970 }
00971 #define x509_validate_chain_fail_ok( chn, time, store, root )           \
00972         x509_validate_chain_fail_okx ( chn, time, store, root,          \
00973                                        __FILE__, __LINE__ )
00974 
00975 /**
00976  * Perform X.509 self-tests
00977  *
00978  */
00979 static void x509_test_exec ( void ) {
00980 
00981         /* Parse all certificates */
00982         x509_certificate_ok ( &root_crt );
00983         x509_certificate_ok ( &intermediate_crt );
00984         x509_certificate_ok ( &leaf_crt );
00985         x509_certificate_ok ( &useless_crt );
00986         x509_certificate_ok ( &server_crt );
00987         x509_certificate_ok ( &not_ca_crt );
00988         x509_certificate_ok ( &bad_path_len_crt );
00989 
00990         /* Check cache functionality */
00991         x509_cached_ok ( &root_crt );
00992         x509_cached_ok ( &intermediate_crt );
00993         x509_cached_ok ( &leaf_crt );
00994         x509_cached_ok ( &useless_crt );
00995         x509_cached_ok ( &server_crt );
00996         x509_cached_ok ( &not_ca_crt );
00997         x509_cached_ok ( &bad_path_len_crt );
00998 
00999         /* Check all certificate fingerprints */
01000         x509_fingerprint_ok ( &root_crt );
01001         x509_fingerprint_ok ( &intermediate_crt );
01002         x509_fingerprint_ok ( &leaf_crt );
01003         x509_fingerprint_ok ( &useless_crt );
01004         x509_fingerprint_ok ( &server_crt );
01005         x509_fingerprint_ok ( &not_ca_crt );
01006         x509_fingerprint_ok ( &bad_path_len_crt );
01007 
01008         /* Check pairwise issuing */
01009         x509_check_issuer_ok ( &intermediate_crt, &root_crt );
01010         x509_check_issuer_ok ( &leaf_crt, &intermediate_crt );
01011         x509_check_issuer_ok ( &useless_crt, &leaf_crt );
01012         x509_check_issuer_ok ( &server_crt, &leaf_crt );
01013         x509_check_issuer_fail_ok ( &not_ca_crt, &server_crt );
01014         x509_check_issuer_ok ( &bad_path_len_crt, &useless_crt );
01015 
01016         /* Check root certificate stores */
01017         x509_check_root_ok ( &root_crt, &test_root );
01018         x509_check_root_fail_ok ( &intermediate_crt, &test_root );
01019         x509_check_root_ok ( &intermediate_crt, &intermediate_root );
01020         x509_check_root_fail_ok ( &root_crt, &intermediate_root );
01021         x509_check_root_fail_ok ( &root_crt, &dummy_root );
01022 
01023         /* Check certificate validity periods */
01024         x509_check_time_ok ( &server_crt, test_time );
01025         x509_check_time_fail_ok ( &server_crt, test_expired );
01026         x509_check_time_ok ( &root_crt, test_time );
01027         x509_check_time_ok ( &root_crt, test_expired );
01028         x509_check_time_fail_ok ( &root_crt, test_ca_expired );
01029 
01030         /* Check certificate names */
01031         x509_check_name_ok ( &server_crt, "boot.test.ipxe.org" );
01032         x509_check_name_ok ( &server_crt, "demo.test.ipxe.org" );
01033         x509_check_name_fail_ok ( &server_crt, "incorrect.test.ipxe.org" );
01034         x509_check_name_ok ( &server_crt, "anything.alt.test.ipxe.org" );
01035         x509_check_name_ok ( &server_crt, "wildcard.alt.test.ipxe.org" );
01036         x509_check_name_fail_ok ( &server_crt, "sub.domain.alt.test.ipxe.org" );
01037         x509_check_name_fail_ok ( &server_crt, "alt.test.ipxe.org" );
01038         x509_check_name_fail_ok ( &server_crt, "test.ipxe.org" );
01039         x509_check_name_fail_ok ( &server_crt, "ipxe.org" );
01040         x509_check_name_fail_ok ( &server_crt, "org" );
01041         x509_check_name_fail_ok ( &server_crt, "" );
01042         x509_check_name_ok ( &server_crt, "192.168.0.1" );
01043         x509_check_name_fail_ok ( &server_crt, "192.168.0.2" );
01044         x509_check_name_ok ( &server_crt, "fe80::69ff:fe50:5845" );
01045         x509_check_name_ok ( &server_crt, "FE80:0:0:0:0:69FF:FE50:5845" );
01046         x509_check_name_fail_ok ( &server_crt, "fe80::69ff:fe50:5846" );
01047 
01048         /* Parse all certificate chains */
01049         x509_chain_ok ( &server_chain );
01050         x509_chain_ok ( &broken_server_chain );
01051         x509_chain_ok ( &incomplete_server_chain );
01052         x509_chain_ok ( &not_ca_chain );
01053         x509_chain_ok ( &useless_chain );
01054         x509_chain_ok ( &bad_path_len_chain );
01055 
01056         /* Check certificate chains */
01057         x509_validate_chain_ok ( &server_chain, test_time,
01058                                  &empty_store, &test_root );
01059         x509_validate_chain_ok ( &server_chain, test_time,
01060                                  &empty_store, &intermediate_root );
01061         x509_validate_chain_fail_ok ( &server_chain, test_time,
01062                                       &empty_store, &dummy_root );
01063         x509_validate_chain_fail_ok ( &broken_server_chain, test_time,
01064                                       &empty_store, &test_root );
01065         x509_validate_chain_fail_ok ( &incomplete_server_chain, test_time,
01066                                       &empty_store, &test_root );
01067         x509_validate_chain_ok ( &incomplete_server_chain, test_time,
01068                                  &empty_store, &intermediate_root );
01069         x509_validate_chain_fail_ok ( &not_ca_chain, test_time,
01070                                       &empty_store, &test_root );
01071         x509_validate_chain_ok ( &useless_chain, test_time,
01072                                  &empty_store, &test_root );
01073         x509_validate_chain_fail_ok ( &bad_path_len_chain, test_time,
01074                                       &empty_store, &test_root );
01075 
01076         /* Check certificate chain expiry times */
01077         x509_validate_chain_fail_ok ( &server_chain, test_expired,
01078                                       &empty_store, &test_root );
01079         x509_validate_chain_ok ( &useless_chain, test_expired,
01080                                  &empty_store, &test_root );
01081         x509_validate_chain_fail_ok ( &useless_chain, test_ca_expired,
01082                                       &empty_store, &test_root );
01083 
01084         /* Sanity check */
01085         assert ( list_empty ( &empty_store.links ) );
01086 
01087         /* Drop chain references */
01088         x509_chain_put ( bad_path_len_chain.chain );
01089         x509_chain_put ( useless_chain.chain );
01090         x509_chain_put ( not_ca_chain.chain );
01091         x509_chain_put ( incomplete_server_chain.chain );
01092         x509_chain_put ( broken_server_chain.chain );
01093         x509_chain_put ( server_chain.chain );
01094 
01095         /* Drop certificate references */
01096         x509_put ( bad_path_len_crt.cert );
01097         x509_put ( not_ca_crt.cert );
01098         x509_put ( server_crt.cert );
01099         x509_put ( useless_crt.cert );
01100         x509_put ( leaf_crt.cert );
01101         x509_put ( intermediate_crt.cert );
01102         x509_put ( root_crt.cert );
01103 }
01104 
01105 /** X.509 self-test */
01106 struct self_test x509_test __self_test = {
01107         .name = "x509",
01108         .exec = x509_test_exec,
01109 };
01110 
01111 /* Drag in algorithms required for tests */
01112 REQUIRING_SYMBOL ( x509_test );
01113 REQUIRE_OBJECT ( rsa );
01114 REQUIRE_OBJECT ( sha1 );
01115 REQUIRE_OBJECT ( sha256 );
01116 REQUIRE_OBJECT ( ipv4 );
01117 REQUIRE_OBJECT ( ipv6 );