iPXE
x509_test.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU General Public License as
6  * published by the Free Software Foundation; either version 2 of the
7  * License, or any later version.
8  *
9  * This program is distributed in the hope that it will be useful, but
10  * WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17  * 02110-1301, USA.
18  *
19  * You can also choose to distribute this program under the terms of
20  * the Unmodified Binary Distribution Licence (as given in the file
21  * COPYING.UBDL), provided that you have satisfied its requirements.
22  */
23 
24 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25 
26 /** @file
27  *
28  * X.509 self-tests
29  *
30  */
31 
32 /* Forcibly enable assertions */
33 #undef NDEBUG
34 
35 #include <stdint.h>
36 #include <string.h>
37 #include <errno.h>
38 #include <ipxe/x509.h>
39 #include <ipxe/asn1.h>
40 #include <ipxe/sha256.h>
41 #include <ipxe/test.h>
42 
43 /** Fingerprint algorithm used for X.509 test certificates */
44 #define x509_test_algorithm sha256_algorithm
45 
46 /** An X.509 test certificate */
48  /** Data */
49  const void *data;
50  /** Length of data */
51  size_t len;
52  /** Fingerprint */
53  const void *fingerprint;
54 
55  /** Parsed certificate */
57 };
58 
59 /** An X.509 test certificate chain */
61  /** Test certificates */
63  /** Number of certificates */
64  unsigned int count;
65 
66  /** Parsed certificate chain */
67  struct x509_chain *chain;
68 };
69 
70 /** Define inline certificate data */
71 #define DATA(...) { __VA_ARGS__ }
72 
73 /** Define inline fingerprint data */
74 #define FINGERPRINT(...) { __VA_ARGS__ }
75 
76 /** Define a test certificate */
77 #define CERTIFICATE( name, DATA, FINGERPRINT ) \
78  static const uint8_t name ## _data[] = DATA; \
79  static const uint8_t name ## _fingerprint[] = FINGERPRINT; \
80  static struct x509_test_certificate name = { \
81  .data = name ## _data, \
82  .len = sizeof ( name ## _data ), \
83  .fingerprint = name ## _fingerprint, \
84  }
85 
86 /** Define a test certificate chain */
87 #define CHAIN( name, ... ) \
88  static struct x509_test_certificate * name ## _certs[] = \
89  { __VA_ARGS__ }; \
90  static struct x509_test_chain name = { \
91  .certs = name ## _certs, \
92  .count = ( sizeof ( name ## _certs ) / \
93  sizeof ( name ## _certs[0] ) ), \
94  }
95 
96 /*
97  * subject iPXE self-test root CA
98  * issuer iPXE self-test root CA
99  */
100 CERTIFICATE ( root_crt,
101  DATA ( 0x30, 0x82, 0x02, 0xb3, 0x30, 0x82, 0x02, 0x1c, 0xa0, 0x03,
102  0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xc6, 0xb8, 0x9c, 0x58,
103  0xd2, 0xdc, 0xc9, 0x5d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
104  0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30,
105  0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
106  0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30, 0x15, 0x06,
107  0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d, 0x62,
108  0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69, 0x72, 0x65,
109  0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c,
110  0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65,
111  0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
112  0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74, 0x65,
113  0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30, 0x0f,
114  0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70, 0x78,
115  0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06,
116  0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50, 0x58, 0x45,
117  0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65, 0x73, 0x74,
118  0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e,
119  0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32, 0x32, 0x30, 0x30,
120  0x30, 0x31, 0x33, 0x33, 0x5a, 0x17, 0x0d, 0x33, 0x39, 0x30,
121  0x38, 0x30, 0x38, 0x30, 0x30, 0x30, 0x31, 0x33, 0x33, 0x5a,
122  0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
123  0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30, 0x15,
124  0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d,
125  0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69, 0x72,
126  0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07,
127  0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67,
128  0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a,
129  0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74,
130  0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30,
131  0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70,
132  0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30, 0x1d,
133  0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50, 0x58,
134  0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65, 0x73,
135  0x74, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x30,
136  0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
137  0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d,
138  0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xaa, 0x72,
139  0xb5, 0xc1, 0x73, 0xf4, 0x95, 0x76, 0xa4, 0x27, 0xab, 0x5e,
140  0xeb, 0x1d, 0x9d, 0xd0, 0x04, 0xb2, 0x93, 0x05, 0xc7, 0xfa,
141  0x75, 0x84, 0x66, 0xe6, 0x3a, 0x26, 0x1f, 0xbc, 0x2d, 0xfd,
142  0x8f, 0x59, 0x64, 0xac, 0xcf, 0x65, 0x9d, 0x82, 0x23, 0xc3,
143  0x72, 0x93, 0xf2, 0x40, 0x68, 0x32, 0xd1, 0xb8, 0xf1, 0x47,
144  0x61, 0x50, 0xea, 0xbc, 0xcc, 0x3c, 0x6b, 0x74, 0x7a, 0xec,
145  0x2b, 0x75, 0xa6, 0xc2, 0xa2, 0xb8, 0xbf, 0x23, 0x48, 0x97,
146  0xd5, 0xaf, 0x77, 0xc1, 0x92, 0x88, 0xd7, 0x38, 0xb7, 0x9e,
147  0xda, 0xee, 0x72, 0x04, 0xcb, 0x96, 0xe5, 0xdb, 0xfd, 0x9b,
148  0x5d, 0x99, 0x4e, 0x7a, 0x60, 0x23, 0x34, 0xa4, 0x8d, 0xd7,
149  0x6c, 0xe7, 0x5d, 0x93, 0x97, 0xe1, 0xab, 0x36, 0x2c, 0x24,
150  0x16, 0x92, 0x66, 0xf6, 0x6a, 0x14, 0x23, 0x1d, 0x18, 0xb9,
151  0x44, 0x24, 0x61, 0x6b, 0xd3, 0x75, 0x02, 0x03, 0x01, 0x00,
152  0x01, 0xa3, 0x23, 0x30, 0x21, 0x30, 0x0f, 0x06, 0x03, 0x55,
153  0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01,
154  0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01,
155  0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x0d,
156  0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
157  0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x94, 0x9e, 0xea,
158  0x17, 0x8d, 0x27, 0xa9, 0x17, 0xe5, 0xa9, 0x19, 0xbe, 0x82,
159  0x36, 0xbd, 0xac, 0x74, 0xf3, 0x6e, 0x75, 0x71, 0x30, 0x1c,
160  0x05, 0x80, 0x6d, 0x1a, 0x69, 0x37, 0x86, 0x9c, 0x77, 0x75,
161  0x29, 0xa1, 0xc6, 0xb7, 0x11, 0x0a, 0x63, 0x27, 0xee, 0xb1,
162  0xc8, 0x94, 0xa9, 0x2e, 0x56, 0x8f, 0xca, 0x9d, 0xbe, 0xf4,
163  0xdb, 0x63, 0x97, 0x68, 0x3b, 0x13, 0xf8, 0x6a, 0xa5, 0xd1,
164  0x3d, 0xed, 0xbb, 0x86, 0x9d, 0x42, 0xfc, 0x15, 0x0a, 0x04,
165  0xf8, 0x3c, 0x0e, 0xc4, 0x86, 0x05, 0x57, 0x56, 0x96, 0xf6,
166  0xc0, 0x18, 0x53, 0xb0, 0xc5, 0xf0, 0xca, 0x72, 0x77, 0x77,
167  0xc9, 0x8e, 0x90, 0xa5, 0x4b, 0xb6, 0x80, 0x4a, 0x4c, 0x34,
168  0x6f, 0xc9, 0xe8, 0x6f, 0xc2, 0x28, 0xdf, 0x93, 0xa9, 0xf5,
169  0x63, 0x18, 0xc0, 0xec, 0x9e, 0xd5, 0x19, 0x36, 0xc5, 0x94,
170  0x10, 0xd4, 0x72, 0xd2, 0xb8 ),
171  FINGERPRINT ( 0x71, 0x5d, 0x51, 0x37, 0x5e, 0x18, 0xb3, 0xbc,
172  0xbb, 0x30, 0x0e, 0x8f, 0x50, 0xc7, 0x55, 0xf5,
173  0x96, 0xe7, 0xa8, 0x6d, 0x63, 0x2d, 0x32, 0x38,
174  0xaf, 0x00, 0xc4, 0x1a, 0xfc, 0xd8, 0xac, 0xc3 ) );
175 
176 /*
177  * subject iPXE self-test intermediate CA
178  * issuer iPXE self-test root CA
179  */
180 CERTIFICATE ( intermediate_crt,
181  DATA ( 0x30, 0x82, 0x02, 0xb3, 0x30, 0x82, 0x02, 0x1c, 0xa0, 0x03,
182  0x02, 0x01, 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09,
183  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,
184  0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
185  0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30,
186  0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61,
187  0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69,
188  0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
189  0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
190  0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
191  0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73,
192  0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
193  0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69,
194  0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30,
195  0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50,
196  0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65,
197  0x73, 0x74, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41,
198  0x30, 0x1e, 0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32, 0x32,
199  0x30, 0x30, 0x30, 0x31, 0x33, 0x33, 0x5a, 0x17, 0x0d, 0x31,
200  0x34, 0x31, 0x32, 0x31, 0x37, 0x30, 0x30, 0x30, 0x31, 0x33,
201  0x33, 0x5a, 0x30, 0x81, 0x90, 0x31, 0x0b, 0x30, 0x09, 0x06,
202  0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17,
203  0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43,
204  0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68,
205  0x69, 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
206  0x04, 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69,
207  0x64, 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
208  0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79,
209  0x73, 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31,
210  0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08,
211  0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x27,
212  0x30, 0x25, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1e, 0x69,
213  0x50, 0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74,
214  0x65, 0x73, 0x74, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d,
215  0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x43, 0x41, 0x30,
216  0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
217  0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d,
218  0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xc9, 0x3a,
219  0xee, 0xc6, 0x3c, 0xac, 0x4d, 0x81, 0xc6, 0x98, 0x5e, 0xe1,
220  0x48, 0x66, 0x1a, 0x1e, 0x60, 0x19, 0x41, 0xae, 0xca, 0x14,
221  0x97, 0xc8, 0x3a, 0x50, 0xb6, 0x48, 0xf5, 0x42, 0xac, 0x0f,
222  0xe1, 0xe3, 0x47, 0xf0, 0xbf, 0x7c, 0xd0, 0xee, 0x8f, 0xb7,
223  0xa6, 0x19, 0xad, 0xbb, 0xc5, 0x1b, 0x34, 0x38, 0xc8, 0xbd,
224  0x55, 0x84, 0x93, 0x72, 0xaf, 0x84, 0xfc, 0x9b, 0x97, 0x1d,
225  0xb5, 0x54, 0x24, 0xd6, 0x5d, 0xb7, 0x31, 0xf4, 0xbd, 0x3b,
226  0x40, 0x97, 0xc0, 0xa9, 0x5a, 0x2a, 0xcb, 0x6b, 0x98, 0x07,
227  0xdb, 0xb5, 0x9f, 0xe8, 0x31, 0x3f, 0x01, 0x46, 0x46, 0x70,
228  0x05, 0xa2, 0x0f, 0x8c, 0x7a, 0x61, 0xf3, 0xdf, 0xdb, 0xa1,
229  0x37, 0x2c, 0x88, 0x6a, 0x81, 0x21, 0x12, 0x4c, 0xf5, 0xcd,
230  0xaf, 0xc9, 0xd2, 0x36, 0x3d, 0x82, 0xd1, 0xca, 0x19, 0xaf,
231  0x4e, 0xae, 0x50, 0x71, 0x44, 0xbf, 0x02, 0x03, 0x01, 0x00,
232  0x01, 0xa3, 0x23, 0x30, 0x21, 0x30, 0x0f, 0x06, 0x03, 0x55,
233  0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01,
234  0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01,
235  0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x0d,
236  0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
237  0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x5d, 0x3c, 0xb3,
238  0x52, 0x19, 0xa6, 0x9e, 0x4a, 0x44, 0x98, 0xbf, 0x51, 0x20,
239  0x47, 0x0a, 0xf3, 0x26, 0x1a, 0xcc, 0x35, 0x2f, 0xc9, 0xed,
240  0xe0, 0x9d, 0x46, 0xeb, 0xbc, 0x7e, 0xc9, 0xb9, 0x1d, 0x76,
241  0xa4, 0x1d, 0xc2, 0xd9, 0x16, 0x29, 0x77, 0x01, 0x40, 0xdd,
242  0xe5, 0xcb, 0x28, 0x91, 0x3a, 0x0c, 0x13, 0x01, 0x1b, 0x72,
243  0x62, 0x45, 0x27, 0xfd, 0xd7, 0x00, 0x47, 0x36, 0x09, 0x1e,
244  0x7b, 0xd2, 0xcb, 0x95, 0x3d, 0x28, 0x82, 0xce, 0x83, 0x59,
245  0x32, 0xf9, 0xe6, 0xec, 0x89, 0xac, 0x88, 0x45, 0x22, 0x88,
246  0x6f, 0x5e, 0xa2, 0x79, 0x95, 0xba, 0xb9, 0xc9, 0xb6, 0x4c,
247  0x7c, 0xb4, 0x29, 0xa1, 0x02, 0xf5, 0xac, 0x5d, 0x8e, 0x52,
248  0xeb, 0xe8, 0xb1, 0x56, 0x49, 0xb3, 0x77, 0x62, 0x7d, 0x87,
249  0x4d, 0x17, 0xf2, 0x62, 0x83, 0x08, 0x59, 0x21, 0x60, 0x0d,
250  0x84, 0x8e, 0x5a, 0x84, 0xf6 ),
251  FINGERPRINT ( 0x88, 0x70, 0xbf, 0xf0, 0xd6, 0x09, 0x03, 0x3a,
252  0xe1, 0x80, 0xa7, 0xa5, 0x5c, 0x3e, 0xe1, 0x05,
253  0x38, 0x97, 0xde, 0xe1, 0xe9, 0x74, 0x55, 0xb1,
254  0x1e, 0x59, 0x69, 0x44, 0x42, 0x1b, 0xc8, 0xff ) );
255 
256 /*
257  * subject iPXE self-test leaf CA
258  * issuer iPXE self-test intermediate CA
259  */
260 CERTIFICATE ( leaf_crt,
261  DATA ( 0x30, 0x82, 0x02, 0xb6, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03,
262  0x02, 0x01, 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09,
263  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,
264  0x00, 0x30, 0x81, 0x90, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
265  0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30,
266  0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61,
267  0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69,
268  0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
269  0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
270  0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
271  0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73,
272  0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
273  0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69,
274  0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x27, 0x30,
275  0x25, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1e, 0x69, 0x50,
276  0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65,
277  0x73, 0x74, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65,
278  0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x43, 0x41, 0x30, 0x1e,
279  0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32, 0x32, 0x30, 0x30,
280  0x30, 0x31, 0x33, 0x33, 0x5a, 0x17, 0x0d, 0x31, 0x34, 0x31,
281  0x32, 0x31, 0x37, 0x30, 0x30, 0x30, 0x31, 0x33, 0x33, 0x5a,
282  0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
283  0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30, 0x15,
284  0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d,
285  0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69, 0x72,
286  0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07,
287  0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67,
288  0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a,
289  0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74,
290  0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30,
291  0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70,
292  0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30, 0x1d,
293  0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50, 0x58,
294  0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65, 0x73,
295  0x74, 0x20, 0x6c, 0x65, 0x61, 0x66, 0x20, 0x43, 0x41, 0x30,
296  0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
297  0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d,
298  0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xc3, 0x55,
299  0xad, 0xdf, 0x7b, 0xd1, 0x48, 0xc3, 0xd3, 0x02, 0x54, 0x6c,
300  0x92, 0x45, 0x22, 0x3d, 0x90, 0xd8, 0xc7, 0x13, 0xcd, 0xc1,
301  0x59, 0xc6, 0xe0, 0xad, 0x0e, 0xe6, 0xdb, 0x3b, 0xe8, 0x63,
302  0xea, 0x4e, 0xb6, 0xea, 0x50, 0xea, 0x6e, 0x33, 0x9d, 0x28,
303  0x25, 0x42, 0x49, 0xd0, 0xf0, 0xed, 0xc5, 0x5b, 0x6b, 0x4a,
304  0xe7, 0x45, 0xfa, 0xd3, 0x3f, 0xae, 0xde, 0x5a, 0x90, 0xab,
305  0xf1, 0x61, 0x2f, 0x40, 0x5e, 0xcf, 0x8b, 0x0b, 0x10, 0x59,
306  0xa9, 0xd0, 0x1e, 0x0f, 0x18, 0x6b, 0x92, 0xd8, 0x9f, 0x58,
307  0x10, 0x84, 0xb6, 0x15, 0xe8, 0x5b, 0xc4, 0xa0, 0x3e, 0x49,
308  0x8b, 0xea, 0xdd, 0xa9, 0x7e, 0x32, 0x26, 0x9a, 0x68, 0x44,
309  0xf0, 0x30, 0xca, 0x2a, 0xd6, 0x19, 0x7a, 0x80, 0xfd, 0xd7,
310  0xfc, 0xc7, 0x5d, 0xe7, 0x61, 0xd2, 0x3f, 0x1f, 0x2c, 0x40,
311  0x70, 0x7b, 0x34, 0xcb, 0x08, 0xa9, 0x02, 0x03, 0x01, 0x00,
312  0x01, 0xa3, 0x26, 0x30, 0x24, 0x30, 0x12, 0x06, 0x03, 0x55,
313  0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01,
314  0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55,
315  0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02,
316  0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
317  0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00,
318  0x40, 0xd2, 0x70, 0x02, 0x08, 0x19, 0xa0, 0xb8, 0x8d, 0x9d,
319  0x3d, 0x62, 0x41, 0x90, 0x2a, 0x36, 0x4a, 0x8b, 0x21, 0x42,
320  0x9a, 0xb4, 0xc5, 0xf8, 0x79, 0x17, 0xd7, 0x64, 0x4d, 0xbf,
321  0x8f, 0x6a, 0x04, 0x54, 0x7a, 0x0b, 0xd4, 0xb5, 0x0e, 0xab,
322  0xf7, 0xb7, 0x06, 0x2b, 0xf8, 0xde, 0x87, 0xb2, 0x37, 0x3b,
323  0x95, 0x01, 0xba, 0x9f, 0x8f, 0xec, 0x0a, 0x86, 0xca, 0x51,
324  0xb6, 0x25, 0x73, 0x2f, 0xa1, 0x66, 0xc8, 0x7a, 0x5e, 0x51,
325  0xbd, 0x49, 0xb5, 0x75, 0xda, 0xea, 0xe5, 0xeb, 0x5d, 0xe3,
326  0xb0, 0xad, 0x49, 0x9f, 0x8b, 0xfd, 0x89, 0xb3, 0xb7, 0xb2,
327  0x4c, 0x7d, 0x8a, 0x29, 0xb2, 0xbe, 0x04, 0xef, 0x9c, 0x73,
328  0x3c, 0xea, 0xa3, 0x9f, 0x07, 0x66, 0x5a, 0x2f, 0x38, 0xad,
329  0x1a, 0xeb, 0xe1, 0xb0, 0x62, 0x14, 0x55, 0xdc, 0x8c, 0x83,
330  0xbb, 0xc7, 0x13, 0x04, 0x41, 0x54, 0xf1, 0x45 ),
331  FINGERPRINT ( 0xca, 0xcf, 0xea, 0x98, 0x3d, 0x71, 0xb6, 0x9d,
332  0x4f, 0x5b, 0x84, 0x5e, 0xaa, 0x8e, 0xae, 0x63,
333  0x0e, 0xad, 0x52, 0xe8, 0xc7, 0x51, 0x81, 0x07,
334  0xd1, 0xa1, 0x66, 0xdb, 0xd5, 0x62, 0xe1, 0xe6 ) );
335 
336 /*
337  * subject iPXE self-test useless CA
338  * issuer iPXE self-test leaf CA
339  */
340 CERTIFICATE ( useless_crt,
341  DATA ( 0x30, 0x82, 0x02, 0xae, 0x30, 0x82, 0x02, 0x17, 0xa0, 0x03,
342  0x02, 0x01, 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09,
343  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,
344  0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
345  0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30,
346  0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61,
347  0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69,
348  0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
349  0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
350  0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
351  0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73,
352  0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
353  0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69,
354  0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30,
355  0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50,
356  0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65,
357  0x73, 0x74, 0x20, 0x6c, 0x65, 0x61, 0x66, 0x20, 0x43, 0x41,
358  0x30, 0x1e, 0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32, 0x32,
359  0x30, 0x30, 0x30, 0x31, 0x33, 0x34, 0x5a, 0x17, 0x0d, 0x31,
360  0x34, 0x31, 0x32, 0x31, 0x37, 0x30, 0x30, 0x30, 0x31, 0x33,
361  0x34, 0x5a, 0x30, 0x81, 0x8b, 0x31, 0x0b, 0x30, 0x09, 0x06,
362  0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17,
363  0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43,
364  0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68,
365  0x69, 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
366  0x04, 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69,
367  0x64, 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
368  0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79,
369  0x73, 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31,
370  0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08,
371  0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22,
372  0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x19, 0x69,
373  0x50, 0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74,
374  0x65, 0x73, 0x74, 0x20, 0x75, 0x73, 0x65, 0x6c, 0x65, 0x73,
375  0x73, 0x20, 0x43, 0x41, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06,
376  0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
377  0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
378  0x81, 0x81, 0x00, 0xbe, 0x7f, 0x5a, 0x07, 0x7c, 0x61, 0xc2,
379  0x3a, 0x7e, 0xe3, 0x94, 0xcb, 0xe9, 0xc3, 0x4c, 0x6f, 0x8d,
380  0x5c, 0x4a, 0xf0, 0xc2, 0x13, 0x54, 0x09, 0x39, 0xa8, 0xf9,
381  0xc2, 0xc3, 0xdd, 0xbe, 0x42, 0x99, 0xa6, 0xe1, 0x58, 0x0a,
382  0xd5, 0x89, 0x12, 0xa6, 0xd6, 0x4e, 0xfb, 0x6c, 0xe5, 0xab,
383  0xff, 0x40, 0x52, 0xcc, 0x1e, 0x63, 0x10, 0xd7, 0xfe, 0x49,
384  0xf3, 0x86, 0x29, 0x58, 0x6a, 0x90, 0xe4, 0xe2, 0x56, 0x85,
385  0x14, 0x7d, 0xa5, 0xf8, 0xe0, 0x7e, 0x96, 0x88, 0xd9, 0x23,
386  0xe5, 0x44, 0x72, 0xa9, 0x5a, 0xbb, 0x76, 0x6b, 0x59, 0x3e,
387  0x85, 0xd4, 0xe7, 0xb2, 0x31, 0x32, 0xea, 0x40, 0x1f, 0xce,
388  0xfb, 0xb1, 0x91, 0xee, 0x86, 0x91, 0x3e, 0xa4, 0x86, 0xa4,
389  0xe9, 0x74, 0xd7, 0x14, 0x8c, 0xb6, 0xb4, 0xc0, 0x08, 0xbb,
390  0xc8, 0x38, 0xc3, 0x96, 0x3d, 0x85, 0xcf, 0xef, 0x94, 0x52,
391  0x29, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x23, 0x30, 0x21,
392  0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
393  0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06,
394  0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03,
395  0x02, 0x02, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
396  0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81,
397  0x81, 0x00, 0x50, 0x59, 0xfb, 0x9d, 0x4d, 0xfe, 0x0e, 0x5b,
398  0xc4, 0x51, 0xe9, 0xe8, 0xa4, 0xf5, 0x2f, 0x32, 0x8b, 0x06,
399  0x78, 0xbe, 0xf1, 0x18, 0xc5, 0x6f, 0xd9, 0x20, 0xee, 0xb7,
400  0x51, 0x40, 0xaf, 0xf3, 0x3c, 0xe4, 0x74, 0x00, 0xa4, 0x63,
401  0x3b, 0x37, 0xe1, 0xef, 0x80, 0xdc, 0xd5, 0x90, 0xed, 0xba,
402  0x91, 0x86, 0x7f, 0x97, 0x5d, 0x3e, 0x8f, 0x29, 0xcc, 0x57,
403  0xee, 0x79, 0x15, 0x6b, 0xe3, 0xd1, 0x25, 0x14, 0x24, 0xdf,
404  0xbf, 0x38, 0xee, 0xe3, 0x8a, 0x88, 0x19, 0x0f, 0xc8, 0x10,
405  0xae, 0x27, 0x99, 0xa8, 0x35, 0x47, 0xc9, 0xfb, 0x92, 0x47,
406  0xa2, 0x36, 0x2a, 0x8c, 0x26, 0x12, 0xb1, 0x0d, 0x46, 0xe2,
407  0xdc, 0x33, 0x29, 0x0c, 0x32, 0xcf, 0x22, 0x49, 0xde, 0xc3,
408  0x55, 0x2a, 0xba, 0xdd, 0xe3, 0x98, 0xc0, 0xe4, 0x9a, 0xa2,
409  0xe5, 0x43, 0x04, 0x32, 0xd3, 0x50, 0x7d, 0x9c, 0x71, 0x23 ),
410  FINGERPRINT ( 0xda, 0xbf, 0xd3, 0x5e, 0x2e, 0x29, 0xa9, 0xfd,
411  0x4d, 0x40, 0xba, 0xb8, 0xdd, 0x66, 0x93, 0x4c,
412  0x10, 0xea, 0x5b, 0x07, 0xa6, 0xe2, 0x27, 0x63,
413  0x2e, 0xfe, 0x01, 0x63, 0x7c, 0xea, 0xc6, 0xd0 ) );
414 
415 /*
416  * subject boot.test.ipxe.org
417  * issuer iPXE self-test leaf CA
418  */
419 CERTIFICATE ( server_crt,
420  DATA ( 0x30, 0x82, 0x02, 0xd2, 0x30, 0x82, 0x02, 0x3b, 0xa0, 0x03,
421  0x02, 0x01, 0x02, 0x02, 0x01, 0x1e, 0x30, 0x0d, 0x06, 0x09,
422  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,
423  0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
424  0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30,
425  0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61,
426  0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69,
427  0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
428  0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
429  0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
430  0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73,
431  0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
432  0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69,
433  0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30,
434  0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50,
435  0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65,
436  0x73, 0x74, 0x20, 0x6c, 0x65, 0x61, 0x66, 0x20, 0x43, 0x41,
437  0x30, 0x1e, 0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x30, 0x35,
438  0x31, 0x33, 0x34, 0x35, 0x30, 0x35, 0x5a, 0x17, 0x0d, 0x31,
439  0x33, 0x30, 0x33, 0x30, 0x35, 0x31, 0x33, 0x34, 0x35, 0x30,
440  0x35, 0x5a, 0x30, 0x81, 0x84, 0x31, 0x0b, 0x30, 0x09, 0x06,
441  0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17,
442  0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43,
443  0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68,
444  0x69, 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
445  0x04, 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69,
446  0x64, 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
447  0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79,
448  0x73, 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31,
449  0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08,
450  0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1b,
451  0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x12, 0x62,
452  0x6f, 0x6f, 0x74, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x69,
453  0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x81, 0x9f,
454  0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
455  0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30,
456  0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xac, 0x7b, 0x54, 0xc1,
457  0x97, 0x4d, 0x56, 0xbd, 0xb2, 0x52, 0xb3, 0x5c, 0x1b, 0x28,
458  0xae, 0x91, 0x33, 0xf0, 0xc8, 0xc2, 0x3c, 0x7d, 0xe8, 0x95,
459  0x72, 0xaf, 0xfe, 0xa1, 0x68, 0xe1, 0xbd, 0xe2, 0x9d, 0x4c,
460  0xe8, 0x95, 0x56, 0x94, 0xce, 0x47, 0x57, 0x1b, 0xb1, 0x08,
461  0xa1, 0x5b, 0x02, 0x8f, 0x56, 0x75, 0x1e, 0x4f, 0xfd, 0xc5,
462  0x87, 0x5c, 0x1c, 0x3f, 0xab, 0x4f, 0xba, 0x25, 0x14, 0x6d,
463  0xe3, 0xa2, 0x47, 0x33, 0xd0, 0x78, 0x63, 0xcc, 0x11, 0x37,
464  0x08, 0x73, 0x25, 0x42, 0x20, 0xa9, 0x57, 0x29, 0xeb, 0x44,
465  0x80, 0x0d, 0xe6, 0x76, 0x4b, 0x02, 0x8b, 0x67, 0xb2, 0x99,
466  0xfe, 0xb3, 0x44, 0x62, 0xdf, 0x34, 0x0e, 0xf3, 0xe2, 0x17,
467  0x42, 0x8f, 0x36, 0x42, 0x5a, 0x1c, 0x03, 0x3e, 0x06, 0x0d,
468  0x5e, 0x08, 0x52, 0xd1, 0x06, 0xfb, 0xa9, 0xdb, 0x13, 0x15,
469  0x08, 0x6d, 0x03, 0x85, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3,
470  0x4e, 0x30, 0x4c, 0x30, 0x4a, 0x06, 0x03, 0x55, 0x1d, 0x11,
471  0x04, 0x43, 0x30, 0x41, 0x82, 0x12, 0x64, 0x65, 0x6d, 0x6f,
472  0x2e, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x69, 0x70, 0x78, 0x65,
473  0x2e, 0x6f, 0x72, 0x67, 0x82, 0x13, 0x2a, 0x2e, 0x61, 0x6c,
474  0x74, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x69, 0x70, 0x78,
475  0x65, 0x2e, 0x6f, 0x72, 0x67, 0x87, 0x04, 0xc0, 0xa8, 0x00,
476  0x01, 0x87, 0x10, 0xfe, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
477  0x00, 0x00, 0x00, 0x69, 0xff, 0xfe, 0x50, 0x58, 0x45, 0x30,
478  0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
479  0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x63, 0x83,
480  0xf5, 0xde, 0xf7, 0x59, 0x81, 0xd3, 0x34, 0x61, 0xfd, 0x2c,
481  0x0c, 0xec, 0x1c, 0x25, 0xd2, 0x2c, 0xe8, 0x90, 0x4f, 0x34,
482  0x43, 0x2c, 0x86, 0x18, 0x9e, 0x66, 0x26, 0x0d, 0x02, 0x2a,
483  0xea, 0x28, 0xc6, 0xbb, 0x51, 0x02, 0xbe, 0x8f, 0x51, 0x50,
484  0xc7, 0x04, 0x49, 0x97, 0xb9, 0xd4, 0xa5, 0x74, 0x39, 0xaa,
485  0x22, 0xbb, 0x4e, 0x46, 0x57, 0x15, 0x0e, 0xcf, 0x64, 0x60,
486  0xc8, 0x13, 0xdf, 0x82, 0x09, 0x3b, 0x92, 0xf5, 0x69, 0x80,
487  0xd2, 0x5e, 0x53, 0x9d, 0x3a, 0xcd, 0x9e, 0x81, 0xa1, 0xbd,
488  0x5b, 0x66, 0x89, 0x4d, 0xf7, 0xa4, 0xd6, 0x92, 0xe4, 0xe1,
489  0x80, 0x87, 0xfa, 0xa5, 0x47, 0x25, 0x9c, 0x35, 0x77, 0xa5,
490  0x11, 0x1b, 0x48, 0x4c, 0x5e, 0x5e, 0x2f, 0xc7, 0xf8, 0x78,
491  0x4c, 0x36, 0x41, 0xfb, 0x91, 0x5d, 0xf6, 0x43, 0x99, 0x7c,
492  0xcd, 0x7f, 0x27, 0x4c, 0x75, 0xca ),
493  FINGERPRINT ( 0x82, 0xd3, 0xa0, 0x4c, 0x0d, 0x7d, 0x3c, 0xb1,
494  0x90, 0x63, 0xd8, 0xef, 0x1e, 0xd2, 0xdd, 0x10,
495  0xd5, 0x89, 0x40, 0x35, 0xb9, 0x5e, 0x98, 0x44,
496  0x30, 0xa2, 0x48, 0x9a, 0xb8, 0x2f, 0xcf, 0xe3 ) );
497 
498 /*
499  * subject not.a.ca.test.ipxe.org
500  * issuer boot.test.ipxe.org
501  */
502 CERTIFICATE ( not_ca_crt,
503  DATA ( 0x30, 0x82, 0x02, 0x7d, 0x30, 0x82, 0x01, 0xe6, 0x02, 0x01,
504  0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
505  0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, 0x84, 0x31,
506  0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
507  0x47, 0x42, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04,
508  0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
509  0x67, 0x65, 0x73, 0x68, 0x69, 0x72, 0x65, 0x31, 0x12, 0x30,
510  0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09, 0x43, 0x61,
511  0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x31, 0x18, 0x30,
512  0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65,
513  0x6e, 0x20, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x73, 0x20,
514  0x4c, 0x74, 0x64, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55,
515  0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f,
516  0x72, 0x67, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04,
517  0x03, 0x0c, 0x12, 0x62, 0x6f, 0x6f, 0x74, 0x2e, 0x74, 0x65,
518  0x73, 0x74, 0x2e, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72,
519  0x67, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32,
520  0x32, 0x30, 0x30, 0x30, 0x31, 0x33, 0x34, 0x5a, 0x17, 0x0d,
521  0x31, 0x33, 0x30, 0x33, 0x32, 0x32, 0x30, 0x30, 0x30, 0x31,
522  0x33, 0x34, 0x5a, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09,
523  0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31,
524  0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e,
525  0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73,
526  0x68, 0x69, 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03,
527  0x55, 0x04, 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72,
528  0x69, 0x64, 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
529  0x55, 0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53,
530  0x79, 0x73, 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64,
531  0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
532  0x08, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31,
533  0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16,
534  0x6e, 0x6f, 0x74, 0x2e, 0x61, 0x2e, 0x63, 0x61, 0x2e, 0x74,
535  0x65, 0x73, 0x74, 0x2e, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f,
536  0x72, 0x67, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a,
537  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00,
538  0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81,
539  0x00, 0xc3, 0x5b, 0x6d, 0xb3, 0x8d, 0x74, 0x9c, 0x1d, 0xbd,
540  0x94, 0x41, 0xa2, 0x42, 0x96, 0x3c, 0x41, 0x82, 0xc0, 0xf1,
541  0x95, 0xbf, 0xc5, 0x34, 0x92, 0x92, 0xa3, 0xed, 0xed, 0x5c,
542  0x07, 0xaa, 0xb4, 0xc1, 0x66, 0xbb, 0xa6, 0xd1, 0xd9, 0x78,
543  0x93, 0xf1, 0x9c, 0x3e, 0x13, 0x3a, 0xee, 0x74, 0x31, 0xeb,
544  0x55, 0x86, 0xa5, 0x43, 0x8a, 0x5d, 0x0c, 0x2c, 0x0d, 0xfb,
545  0x91, 0x9e, 0x31, 0x22, 0xbe, 0x96, 0xb5, 0x0e, 0x44, 0xc8,
546  0x5b, 0x65, 0xb2, 0xf5, 0xec, 0x2a, 0x51, 0xed, 0x8f, 0x28,
547  0xd8, 0xb2, 0x4b, 0x45, 0x39, 0x31, 0x1f, 0x11, 0xb7, 0x12,
548  0xe3, 0xc6, 0xb2, 0xd2, 0x8d, 0x50, 0xd5, 0xf4, 0xd2, 0x71,
549  0x77, 0xc9, 0x4c, 0x67, 0xee, 0xf7, 0xdc, 0xdb, 0x68, 0xa6,
550  0xac, 0x33, 0xd4, 0xb2, 0x12, 0x61, 0x5c, 0xae, 0x4c, 0x2e,
551  0x26, 0xe8, 0xdf, 0x46, 0x3a, 0x05, 0xaf, 0xeb, 0x0d, 0x02,
552  0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
553  0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03,
554  0x81, 0x81, 0x00, 0x90, 0x3e, 0x16, 0x27, 0x2f, 0x4e, 0x4b,
555  0x31, 0x0e, 0xae, 0x31, 0x9d, 0x64, 0x88, 0x9f, 0xce, 0xd8,
556  0x22, 0x51, 0x9d, 0xd9, 0x2b, 0xfe, 0xed, 0x75, 0xbe, 0xec,
557  0x5a, 0x73, 0xaf, 0x6c, 0xa5, 0x5e, 0xd1, 0x15, 0x9a, 0x08,
558  0xcf, 0x4d, 0x41, 0x78, 0x48, 0xb4, 0x29, 0xf1, 0xf7, 0x63,
559  0x9b, 0x11, 0x91, 0x16, 0x94, 0x55, 0xff, 0xeb, 0xe9, 0x6f,
560  0x0a, 0x34, 0x89, 0xed, 0xf2, 0xd1, 0x79, 0x91, 0x9d, 0xe5,
561  0x73, 0x48, 0x68, 0x7f, 0x9b, 0xf4, 0x94, 0x80, 0x29, 0xbb,
562  0x2f, 0xac, 0x6c, 0xf7, 0x6a, 0x43, 0xcc, 0x40, 0x34, 0x85,
563  0xc8, 0xa1, 0x6d, 0x16, 0x36, 0x65, 0x3f, 0x93, 0x60, 0xc1,
564  0x64, 0x33, 0x91, 0xa1, 0x8f, 0x86, 0x8c, 0xce, 0x14, 0x19,
565  0x72, 0x28, 0xef, 0x94, 0x3d, 0x09, 0xb8, 0x3b, 0x39, 0xe8,
566  0xd1, 0x66, 0x2b, 0x38, 0xb4, 0x46, 0x50, 0xf4, 0xcd, 0xc4,
567  0x9a ),
568  FINGERPRINT ( 0x37, 0x6b, 0xc2, 0x20, 0xa9, 0xbc, 0xe2, 0x83,
569  0x99, 0x60, 0x06, 0x2e, 0xaf, 0x94, 0xfe, 0xb0,
570  0x1a, 0x2c, 0x17, 0x47, 0x1e, 0xc0, 0xd1, 0x66,
571  0xb6, 0x76, 0xeb, 0x1c, 0x07, 0xae, 0x72, 0xf2 ) );
572 
573 /*
574  * subject bad.path.len.test.ipxe.org
575  * issuer iPXE self-test useless CA
576  */
577 CERTIFICATE ( bad_path_len_crt,
578  DATA ( 0x30, 0x82, 0x02, 0x88, 0x30, 0x82, 0x01, 0xf1, 0x02, 0x01,
579  0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
580  0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, 0x8b, 0x31,
581  0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
582  0x47, 0x42, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04,
583  0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
584  0x67, 0x65, 0x73, 0x68, 0x69, 0x72, 0x65, 0x31, 0x12, 0x30,
585  0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09, 0x43, 0x61,
586  0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x31, 0x18, 0x30,
587  0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65,
588  0x6e, 0x20, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x73, 0x20,
589  0x4c, 0x74, 0x64, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55,
590  0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f,
591  0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04,
592  0x03, 0x0c, 0x19, 0x69, 0x50, 0x58, 0x45, 0x20, 0x73, 0x65,
593  0x6c, 0x66, 0x2d, 0x74, 0x65, 0x73, 0x74, 0x20, 0x75, 0x73,
594  0x65, 0x6c, 0x65, 0x73, 0x73, 0x20, 0x43, 0x41, 0x30, 0x1e,
595  0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32, 0x32, 0x30, 0x30,
596  0x30, 0x31, 0x33, 0x34, 0x5a, 0x17, 0x0d, 0x31, 0x33, 0x30,
597  0x33, 0x32, 0x32, 0x30, 0x30, 0x30, 0x31, 0x33, 0x34, 0x5a,
598  0x30, 0x81, 0x8c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
599  0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30, 0x15,
600  0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d,
601  0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69, 0x72,
602  0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07,
603  0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67,
604  0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a,
605  0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74,
606  0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30,
607  0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70,
608  0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x23, 0x30, 0x21,
609  0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1a, 0x62, 0x61, 0x64,
610  0x2e, 0x70, 0x61, 0x74, 0x68, 0x2e, 0x6c, 0x65, 0x6e, 0x2e,
611  0x74, 0x65, 0x73, 0x74, 0x2e, 0x69, 0x70, 0x78, 0x65, 0x2e,
612  0x6f, 0x72, 0x67, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09,
613  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
614  0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81,
615  0x81, 0x00, 0xed, 0xf1, 0xe3, 0xb2, 0x61, 0x68, 0xa0, 0xd5,
616  0x43, 0xfe, 0xad, 0xee, 0xfb, 0x8e, 0x2c, 0xf0, 0x44, 0xaf,
617  0x0a, 0x3c, 0x87, 0xc2, 0x56, 0x9b, 0x66, 0x15, 0xc6, 0xbc,
618  0x5b, 0x96, 0xef, 0xa1, 0x49, 0xd6, 0xe7, 0xeb, 0xb8, 0xf6,
619  0x3d, 0x62, 0xf5, 0x51, 0xfd, 0xb1, 0xa5, 0x4e, 0x92, 0x7c,
620  0x7a, 0x31, 0x1b, 0xb8, 0x21, 0x5c, 0xfe, 0x0b, 0x4e, 0x58,
621  0xd6, 0xd0, 0x8b, 0x81, 0x00, 0x4a, 0xf8, 0xf7, 0x2a, 0xc9,
622  0xea, 0xfa, 0x9c, 0xc9, 0x33, 0x0b, 0xc4, 0xce, 0x96, 0x4c,
623  0x30, 0x6e, 0xf0, 0x07, 0xfa, 0x1b, 0x94, 0x1f, 0xe3, 0x3b,
624  0xb2, 0x7d, 0x31, 0x1a, 0x37, 0x64, 0xe2, 0xc3, 0xf1, 0xe5,
625  0xb9, 0xcc, 0xd1, 0x02, 0xae, 0x16, 0x39, 0x9b, 0xfc, 0x55,
626  0xca, 0xdd, 0x33, 0x92, 0xe3, 0x12, 0x40, 0xc5, 0x32, 0x51,
627  0x62, 0xac, 0x3a, 0xc0, 0x17, 0x36, 0xd0, 0x27, 0x3d, 0xbb,
628  0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a,
629  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00,
630  0x03, 0x81, 0x81, 0x00, 0x07, 0x53, 0x2a, 0x80, 0xd6, 0x25,
631  0x10, 0x37, 0xce, 0x3b, 0x87, 0x87, 0xfc, 0xae, 0xe2, 0x2a,
632  0x28, 0x3f, 0xf7, 0xa6, 0x32, 0x5b, 0x06, 0xbd, 0x4f, 0x34,
633  0x6b, 0x47, 0x8a, 0x4b, 0x47, 0x51, 0xe8, 0x45, 0x69, 0xe3,
634  0xf3, 0xdf, 0xa4, 0x25, 0x8f, 0x34, 0xbe, 0xe5, 0x2c, 0xa4,
635  0x6c, 0x8c, 0x6e, 0x02, 0x74, 0x23, 0x43, 0x21, 0x4d, 0xe3,
636  0x75, 0x93, 0x8e, 0xa8, 0x2c, 0x54, 0xba, 0x35, 0xe7, 0xab,
637  0x44, 0xfa, 0x07, 0x7a, 0x18, 0xb4, 0xa7, 0xce, 0xfa, 0xa6,
638  0x74, 0x5a, 0x45, 0x2c, 0x6f, 0x86, 0x34, 0x8f, 0x4a, 0x09,
639  0xe0, 0xf3, 0x4f, 0x37, 0xbb, 0xa3, 0xa0, 0xcb, 0xad, 0x6b,
640  0xc1, 0x16, 0x06, 0xdf, 0x83, 0x98, 0xaf, 0xa8, 0xc3, 0xa0,
641  0x5f, 0x33, 0x09, 0x01, 0x12, 0xbd, 0xd3, 0x45, 0x9f, 0x5f,
642  0x96, 0x93, 0xe9, 0x69, 0xe9, 0xb1, 0x8a, 0xe4, 0x94, 0xce,
643  0xe4, 0x8d ),
644  FINGERPRINT ( 0xb6, 0x80, 0x84, 0xf1, 0x45, 0x55, 0x1f, 0xbc,
645  0x15, 0xa6, 0xd8, 0x4b, 0xf3, 0x19, 0x65, 0xef,
646  0x53, 0x5a, 0xc8, 0x99, 0xe5, 0xdf, 0x79, 0x07,
647  0x00, 0x2c, 0x9f, 0x49, 0x91, 0x21, 0xeb, 0xfc ) );
648 
649 /** Valid certificate chain up to boot.test.ipxe.org */
650 CHAIN ( server_chain, &server_crt, &leaf_crt, &intermediate_crt, &root_crt );
651 
652 /** Broken certificate chain up to boot.test.ipxe.org */
653 CHAIN ( broken_server_chain, &server_crt, &leaf_crt, &root_crt );
654 
655 /** Incomplete certificate chain up to boot.test.ipxe.org */
656 CHAIN ( incomplete_server_chain, &server_crt, &leaf_crt, &intermediate_crt );
657 
658 /** Non-functional certificate chain up to not_ca.test.ipxe.org */
659 CHAIN ( not_ca_chain,
660  &not_ca_crt, &server_crt, &leaf_crt, &intermediate_crt, &root_crt );
661 
662 /** Valid certificate chain up to iPXE self-test useless CA */
663 CHAIN ( useless_chain, &useless_crt, &leaf_crt, &intermediate_crt, &root_crt );
664 
665 /** Non-functional certificate chain up to bad.path.len.test.ipxe.org */
666 CHAIN ( bad_path_len_chain, &bad_path_len_crt, &useless_crt, &leaf_crt,
667  &intermediate_crt, &root_crt );
668 
669 /** Empty certificate store */
670 static struct x509_chain empty_store = {
671  .refcnt = REF_INIT ( ref_no_free ),
672  .links = LIST_HEAD_INIT ( empty_store.links ),
673 };
674 
675 /** Root certificate list containing the iPXE self-test root CA */
676 static struct x509_root test_root = {
678  .count = 1,
679  .fingerprints = root_crt_fingerprint,
680 };
681 
682 /** Root certificate list containing the iPXE self-test intermediate CA */
683 static struct x509_root intermediate_root = {
685  .count = 1,
686  .fingerprints = intermediate_crt_fingerprint,
687 };
688 
689 /** Dummy fingerprint (not matching any certificates) */
691  FINGERPRINT ( 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
692  0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
693  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
694  0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff );
695 
696 /** Certificate store containing a dummy fingerprint */
697 static struct x509_root dummy_root = {
699  .count = 1,
700  .fingerprints = dummy_fingerprint,
701 };
702 
703 /** Time at which all test certificates are valid */
704 static time_t test_time = 1332374737ULL; /* Thu Mar 22 00:05:37 2012 */
705 
706 /** Time at which end-entity test certificates are invalid */
707 static time_t test_expired = 1375573111ULL; /* Sat Aug 3 23:38:31 2013 */
708 
709 /** Time at which CA test certificates are invalid */
710 static time_t test_ca_expired = 2205014905ULL; /* Wed Nov 16 00:08:25 2039 */
711 
712 /**
713  * Report certificate parsing test result
714  *
715  * @v crt Test certificate
716  * @v file Test code file
717  * @v line Test code line
718  */
719 static void x509_certificate_okx ( struct x509_test_certificate *crt,
720  const char *file, unsigned int line ) {
721 
722  okx ( x509_certificate ( crt->data, crt->len, &crt->cert ) == 0,
723  file, line );
724 }
725 #define x509_certificate_ok( crt ) \
726  x509_certificate_okx ( crt, __FILE__, __LINE__ )
727 
728 /**
729  * Report cached certificate parsing test result
730  *
731  * @v crt Test certificate
732  * @v file Test code file
733  * @v line Test code line
734  */
735 static void x509_cached_okx ( struct x509_test_certificate *crt,
736  const char *file, unsigned int line ) {
737  struct x509_certificate *temp;
738 
739  okx ( x509_certificate ( crt->data, crt->len, &temp ) == 0,
740  file, line );
741  okx ( temp == crt->cert, file, line );
742  x509_put ( temp );
743 }
744 #define x509_cached_ok( crt ) x509_cached_okx ( crt, __FILE__, __LINE__ )
745 
746 /**
747  * Report certificate fingerprint test result
748  *
749  * @v crt Test certificate
750  * @v file Test code file
751  * @v line Test code line
752  */
753 static void x509_fingerprint_okx ( struct x509_test_certificate *crt,
754  const char *file, unsigned int line ) {
755  uint8_t fingerprint[ x509_test_algorithm.digestsize ];
756 
757  x509_fingerprint ( crt->cert, &x509_test_algorithm, fingerprint );
758  okx ( memcmp ( fingerprint, crt->fingerprint,
759  sizeof ( fingerprint ) ) == 0, file, line );
760 }
761 #define x509_fingerprint_ok( crt ) \
762  x509_fingerprint_okx ( crt, __FILE__, __LINE__ )
763 
764 /**
765  * Report certificate issuer validation test result
766  *
767  * @v crt Test certificate
768  * @v issuer Test issuer
769  * @v file Test code file
770  * @v line Test code line
771  */
774  const char *file, unsigned int line ) {
775 
776  okx ( x509_check_issuer ( crt->cert, issuer->cert ) == 0, file, line );
777 }
778 #define x509_check_issuer_ok( crt, issuer ) \
779  x509_check_issuer_okx ( crt, issuer, __FILE__, __LINE__ )
780 
781 /**
782  * Report certificate issuer validation failure test result
783  *
784  * @v crt Test certificate
785  * @v issuer Test issuer
786  * @v file Test code file
787  * @v line Test code line
788  */
791  const char *file, unsigned int line ) {
792 
793  okx ( x509_check_issuer ( crt->cert, issuer->cert ) != 0,
794  file, line );
795 }
796 #define x509_check_issuer_fail_ok( crt, issuer ) \
797  x509_check_issuer_fail_okx ( crt, issuer, __FILE__, __LINE__ )
798 
799 /**
800  * Report certificate root validation test result
801  *
802  * @v crt Test certificate
803  * @v root Test root certificate store
804  * @v file Test code file
805  * @v line Test code line
806  */
807 static void x509_check_root_okx ( struct x509_test_certificate *crt,
808  struct x509_root *root, const char *file,
809  unsigned int line ) {
810 
811  okx ( x509_check_root ( crt->cert, root ) == 0, file, line );
812 }
813 #define x509_check_root_ok( crt, root ) \
814  x509_check_root_okx ( crt, root, __FILE__, __LINE__ )
815 
816 /**
817  * Report certificate root validation failure test result
818  *
819  * @v crt Test certificate
820  * @v root Test root certificate store
821  * @v file Test code file
822  * @v line Test code line
823  */
825  struct x509_root *root,
826  const char *file, unsigned int line ) {
827 
828  okx ( x509_check_root ( crt->cert, root ) != 0, file, line );
829 }
830 #define x509_check_root_fail_ok( crt, root ) \
831  x509_check_root_fail_okx ( crt, root, __FILE__, __LINE__ )
832 
833 /**
834  * Report certificate time validation test result
835  *
836  * @v crt Test certificate
837  * @v time Test time
838  * @v file Test code file
839  * @v line Test code line
840  */
841 static void x509_check_time_okx ( struct x509_test_certificate *crt,
842  time_t time, const char *file,
843  unsigned int line ) {
844 
845  okx ( x509_check_time ( crt->cert, time ) == 0, file, line );
846 }
847 #define x509_check_time_ok( crt, time ) \
848  x509_check_time_okx ( crt, time, __FILE__, __LINE__ )
849 
850 /**
851  * Report certificate time validation failure test result
852  *
853  * @v crt Test certificate
854  * @v time Test time
855  * @v file Test code file
856  * @v line Test code line
857  */
859  time_t time, const char *file,
860  unsigned int line ) {
861 
862  okx ( x509_check_time ( crt->cert, time ) != 0, file, line );
863 }
864 #define x509_check_time_fail_ok( crt, time ) \
865  x509_check_time_fail_okx ( crt, time, __FILE__, __LINE__ )
866 
867 /**
868  * Report certificate name validation test result
869  *
870  * @v crt Test certificate
871  * @v name Test name
872  * @v file Test code file
873  * @v line Test code line
874  */
875 static void x509_check_name_okx ( struct x509_test_certificate *crt,
876  const char *name, const char *file,
877  unsigned int line ) {
878 
879  okx ( x509_check_name ( crt->cert, name ) == 0, file, line );
880 }
881 #define x509_check_name_ok( crt, name ) \
882  x509_check_name_okx ( crt, name, __FILE__, __LINE__ )
883 
884 /**
885  * Report certificate name validation failure test result
886  *
887  * @v crt Test certificate
888  * @v name Test name
889  * @v file Test code file
890  * @v line Test code line
891  */
893  const char *name, const char *file,
894  unsigned int line ) {
895 
896  okx ( x509_check_name ( crt->cert, name ) != 0, file, line );
897 }
898 #define x509_check_name_fail_ok( crt, name ) \
899  x509_check_name_fail_okx ( crt, name, __FILE__, __LINE__ )
900 
901 /**
902  * Report certificate chain parsing test result
903  *
904  * @v chn Test certificate chain
905  * @v file Test code file
906  * @v line Test code line
907  */
908 static void x509_chain_okx ( struct x509_test_chain *chn, const char *file,
909  unsigned int line ) {
910  unsigned int i;
911  struct x509_certificate *first;
912 
913  chn->chain = x509_alloc_chain();
914  okx ( chn->chain != NULL, file, line );
915  for ( i = 0 ; i < chn->count ; i++ ) {
916  okx ( x509_append ( chn->chain, chn->certs[i]->cert ) == 0,
917  file, line );
918  }
919  first = x509_first ( chn->chain );
920  okx ( first != NULL, file, line );
921  okx ( first->raw.len == chn->certs[0]->len, file, line );
922  okx ( memcmp ( first->raw.data, chn->certs[0]->data,
923  first->raw.len ) == 0, file, line );
924 }
925 #define x509_chain_ok( chn ) \
926  x509_chain_okx ( chn, __FILE__, __LINE__ )
927 
928 /**
929  * Report certificate chain validation test result
930  *
931  * @v chn Test certificate chain
932  * @v time Test certificate validation time
933  * @v store Test certificate store
934  * @v root Test root certificate list
935  * @v file Test code file
936  * @v line Test code line
937  */
939  struct x509_chain *store,
940  struct x509_root *root, const char *file,
941  unsigned int line ) {
942 
943  x509_invalidate_chain ( chn->chain );
944  okx ( x509_validate_chain ( chn->chain, time, store, root ) == 0,
945  file, line );
946 }
947 #define x509_validate_chain_ok( chn, time, store, root ) \
948  x509_validate_chain_okx ( chn, time, store, root, __FILE__, __LINE__ )
949 
950 /**
951  * Report certificate chain validation failure test result
952  *
953  * @v chn Test certificate chain
954  * @v time Test certificate validation time
955  * @v store Test certificate store
956  * @v root Test root certificate list
957  * @v file Test code file
958  * @v line Test code line
959  */
961  time_t time,
962  struct x509_chain *store,
963  struct x509_root *root,
964  const char *file,
965  unsigned int line ) {
966 
967  x509_invalidate_chain ( chn->chain );
968  okx ( x509_validate_chain ( chn->chain, time, store, root ) != 0,
969  file, line );
970 }
971 #define x509_validate_chain_fail_ok( chn, time, store, root ) \
972  x509_validate_chain_fail_okx ( chn, time, store, root, \
973  __FILE__, __LINE__ )
974 
975 /**
976  * Perform X.509 self-tests
977  *
978  */
979 static void x509_test_exec ( void ) {
980 
981  /* Parse all certificates */
982  x509_certificate_ok ( &root_crt );
983  x509_certificate_ok ( &intermediate_crt );
984  x509_certificate_ok ( &leaf_crt );
985  x509_certificate_ok ( &useless_crt );
986  x509_certificate_ok ( &server_crt );
987  x509_certificate_ok ( &not_ca_crt );
988  x509_certificate_ok ( &bad_path_len_crt );
989 
990  /* Check cache functionality */
991  x509_cached_ok ( &root_crt );
992  x509_cached_ok ( &intermediate_crt );
993  x509_cached_ok ( &leaf_crt );
994  x509_cached_ok ( &useless_crt );
995  x509_cached_ok ( &server_crt );
996  x509_cached_ok ( &not_ca_crt );
997  x509_cached_ok ( &bad_path_len_crt );
998 
999  /* Check all certificate fingerprints */
1000  x509_fingerprint_ok ( &root_crt );
1001  x509_fingerprint_ok ( &intermediate_crt );
1002  x509_fingerprint_ok ( &leaf_crt );
1003  x509_fingerprint_ok ( &useless_crt );
1004  x509_fingerprint_ok ( &server_crt );
1005  x509_fingerprint_ok ( &not_ca_crt );
1006  x509_fingerprint_ok ( &bad_path_len_crt );
1007 
1008  /* Check pairwise issuing */
1009  x509_check_issuer_ok ( &intermediate_crt, &root_crt );
1010  x509_check_issuer_ok ( &leaf_crt, &intermediate_crt );
1011  x509_check_issuer_ok ( &useless_crt, &leaf_crt );
1012  x509_check_issuer_ok ( &server_crt, &leaf_crt );
1013  x509_check_issuer_fail_ok ( &not_ca_crt, &server_crt );
1014  x509_check_issuer_ok ( &bad_path_len_crt, &useless_crt );
1015 
1016  /* Check root certificate stores */
1017  x509_check_root_ok ( &root_crt, &test_root );
1018  x509_check_root_fail_ok ( &intermediate_crt, &test_root );
1019  x509_check_root_ok ( &intermediate_crt, &intermediate_root );
1021  x509_check_root_fail_ok ( &root_crt, &dummy_root );
1022 
1023  /* Check certificate validity periods */
1024  x509_check_time_ok ( &server_crt, test_time );
1025  x509_check_time_fail_ok ( &server_crt, test_expired );
1026  x509_check_time_ok ( &root_crt, test_time );
1027  x509_check_time_ok ( &root_crt, test_expired );
1029 
1030  /* Check certificate names */
1031  x509_check_name_ok ( &server_crt, "boot.test.ipxe.org" );
1032  x509_check_name_ok ( &server_crt, "demo.test.ipxe.org" );
1033  x509_check_name_fail_ok ( &server_crt, "incorrect.test.ipxe.org" );
1034  x509_check_name_ok ( &server_crt, "anything.alt.test.ipxe.org" );
1035  x509_check_name_ok ( &server_crt, "wildcard.alt.test.ipxe.org" );
1036  x509_check_name_fail_ok ( &server_crt, "sub.domain.alt.test.ipxe.org" );
1037  x509_check_name_fail_ok ( &server_crt, "alt.test.ipxe.org" );
1038  x509_check_name_fail_ok ( &server_crt, "test.ipxe.org" );
1039  x509_check_name_fail_ok ( &server_crt, "ipxe.org" );
1040  x509_check_name_fail_ok ( &server_crt, "org" );
1041  x509_check_name_fail_ok ( &server_crt, "" );
1042  x509_check_name_ok ( &server_crt, "192.168.0.1" );
1043  x509_check_name_fail_ok ( &server_crt, "192.168.0.2" );
1044  x509_check_name_ok ( &server_crt, "fe80::69ff:fe50:5845" );
1045  x509_check_name_ok ( &server_crt, "FE80:0:0:0:0:69FF:FE50:5845" );
1046  x509_check_name_fail_ok ( &server_crt, "fe80::69ff:fe50:5846" );
1047 
1048  /* Parse all certificate chains */
1049  x509_chain_ok ( &server_chain );
1050  x509_chain_ok ( &broken_server_chain );
1051  x509_chain_ok ( &incomplete_server_chain );
1052  x509_chain_ok ( &not_ca_chain );
1053  x509_chain_ok ( &useless_chain );
1054  x509_chain_ok ( &bad_path_len_chain );
1055 
1056  /* Check certificate chains */
1057  x509_validate_chain_ok ( &server_chain, test_time,
1058  &empty_store, &test_root );
1059  x509_validate_chain_ok ( &server_chain, test_time,
1061  x509_validate_chain_fail_ok ( &server_chain, test_time,
1062  &empty_store, &dummy_root );
1063  x509_validate_chain_fail_ok ( &broken_server_chain, test_time,
1064  &empty_store, &test_root );
1065  x509_validate_chain_fail_ok ( &incomplete_server_chain, test_time,
1066  &empty_store, &test_root );
1067  x509_validate_chain_ok ( &incomplete_server_chain, test_time,
1069  x509_validate_chain_fail_ok ( &not_ca_chain, test_time,
1070  &empty_store, &test_root );
1071  x509_validate_chain_ok ( &useless_chain, test_time,
1072  &empty_store, &test_root );
1073  x509_validate_chain_fail_ok ( &bad_path_len_chain, test_time,
1074  &empty_store, &test_root );
1075 
1076  /* Check certificate chain expiry times */
1077  x509_validate_chain_fail_ok ( &server_chain, test_expired,
1078  &empty_store, &test_root );
1079  x509_validate_chain_ok ( &useless_chain, test_expired,
1080  &empty_store, &test_root );
1081  x509_validate_chain_fail_ok ( &useless_chain, test_ca_expired,
1082  &empty_store, &test_root );
1083 
1084  /* Sanity check */
1086 
1087  /* Drop chain references */
1088  x509_chain_put ( bad_path_len_chain.chain );
1089  x509_chain_put ( useless_chain.chain );
1090  x509_chain_put ( not_ca_chain.chain );
1091  x509_chain_put ( incomplete_server_chain.chain );
1092  x509_chain_put ( broken_server_chain.chain );
1093  x509_chain_put ( server_chain.chain );
1094 
1095  /* Drop certificate references */
1096  x509_put ( bad_path_len_crt.cert );
1097  x509_put ( not_ca_crt.cert );
1098  x509_put ( server_crt.cert );
1099  x509_put ( useless_crt.cert );
1100  x509_put ( leaf_crt.cert );
1101  x509_put ( intermediate_crt.cert );
1102  x509_put ( root_crt.cert );
1103 }
1104 
1105 /** X.509 self-test */
1106 struct self_test x509_test __self_test = {
1107  .name = "x509",
1108  .exec = x509_test_exec,
1109 };
1110 
1111 /* Drag in algorithms required for tests */
1112 REQUIRING_SYMBOL ( x509_test );
1113 REQUIRE_OBJECT ( rsa );
1114 REQUIRE_OBJECT ( sha1 );
1115 REQUIRE_OBJECT ( sha256 );
1116 REQUIRE_OBJECT ( ipv4 );
1117 REQUIRE_OBJECT ( ipv6 );
static time_t test_ca_expired
Time at which CA test certificates are invalid.
Definition: x509_test.c:710
static time_t test_expired
Time at which end-entity test certificates are invalid.
Definition: x509_test.c:707
static void x509_chain_put(struct x509_chain *chain)
Drop reference to X.509 certificate chain.
Definition: x509.h:269
static void x509_check_name_okx(struct x509_test_certificate *crt, const char *name, const char *file, unsigned int line)
Report certificate name validation test result.
Definition: x509_test.c:875
#define x509_check_issuer_ok(crt, issuer)
Definition: x509_test.c:778
const char * name
Definition: ath9k_hw.c:1984
static struct x509_root intermediate_root
Root certificate list containing the iPXE self-test intermediate CA.
Definition: x509_test.c:683
static void x509_check_name_fail_okx(struct x509_test_certificate *crt, const char *name, const char *file, unsigned int line)
Report certificate name validation failure test result.
Definition: x509_test.c:892
static void x509_check_root_okx(struct x509_test_certificate *crt, struct x509_root *root, const char *file, unsigned int line)
Report certificate root validation test result.
Definition: x509_test.c:807
#define x509_certificate_ok(crt)
Definition: x509_test.c:725
#define CERTIFICATE(name, DATA, FINGERPRINT)
Define a test certificate.
Definition: x509_test.c:77
static uint8_t dummy_fingerprint[]
Dummy fingerprint (not matching any certificates)
Definition: x509_test.c:690
size_t len
Length of data.
Definition: x509_test.c:51
#define x509_validate_chain_ok(chn, time, store, root)
Definition: x509_test.c:947
struct x509_certificate * cert
Parsed certificate.
Definition: x509_test.c:56
#define x509_check_root_ok(crt, root)
Definition: x509_test.c:813
struct stp_switch root
Root switch.
Definition: stp.h:26
struct list_head links
List of links.
Definition: x509.h:181
Error codes.
struct self_test x509_test __self_test
X.509 self-test.
Definition: x509_test.c:1106
#define x509_test_algorithm
Fingerprint algorithm used for X.509 test certificates.
Definition: x509_test.c:44
int x509_check_name(struct x509_certificate *cert, const char *name)
Check X.509 certificate name.
Definition: x509.c:1519
struct x509_issuer issuer
Issuer.
Definition: x509.h:208
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
int x509_append(struct x509_chain *chain, struct x509_certificate *cert)
Append X.509 certificate to X.509 certificate chain.
Definition: x509.c:1600
struct x509_chain * x509_alloc_chain(void)
Allocate X.509 certificate chain.
Definition: x509.c:1577
Self-test infrastructure.
const char * name
Test set name.
Definition: test.h:17
static void x509_fingerprint_okx(struct x509_test_certificate *crt, const char *file, unsigned int line)
Report certificate fingerprint test result.
Definition: x509_test.c:753
struct x509_chain * chain
Parsed certificate chain.
Definition: x509_test.c:67
A self-test set.
Definition: test.h:15
#define x509_validate_chain_fail_ok(chn, time, store, root)
Definition: x509_test.c:971
#define x509_check_issuer_fail_ok(crt, issuer)
Definition: x509_test.c:796
#define CHAIN(name,...)
Define a test certificate chain.
Definition: x509_test.c:87
#define list_empty(list)
Test whether a list is empty.
Definition: list.h:136
An X.509 certificate chain.
Definition: x509.h:177
static void x509_check_time_okx(struct x509_test_certificate *crt, time_t time, const char *file, unsigned int line)
Report certificate time validation test result.
Definition: x509_test.c:841
#define okx(success, file, line)
Report test result.
Definition: test.h:44
unsigned int count
Number of certificates.
Definition: x509_test.c:64
assert((readw(&hdr->flags) &(GTF_reading|GTF_writing))==0)
static void x509_check_issuer_fail_okx(struct x509_test_certificate *crt, struct x509_test_certificate *issuer, const char *file, unsigned int line)
Report certificate issuer validation failure test result.
Definition: x509_test.c:789
ASN.1 encoding.
struct digest_algorithm * digest
Fingerprint digest algorithm.
Definition: x509.h:346
static struct x509_root test_root
Root certificate list containing the iPXE self-test root CA.
Definition: x509_test.c:676
static struct x509_root dummy_root
Certificate store containing a dummy fingerprint.
Definition: x509_test.c:697
static void x509_chain_okx(struct x509_test_chain *chn, const char *file, unsigned int line)
Report certificate chain parsing test result.
Definition: x509_test.c:908
int x509_validate_chain(struct x509_chain *chain, time_t time, struct x509_chain *store, struct x509_root *root)
Validate X.509 certificate chain.
Definition: x509.c:1724
int x509_check_root(struct x509_certificate *cert, struct x509_root *root)
Check X.509 root certificate.
Definition: x509.c:1246
An X.509 certificate.
Definition: x509.h:185
static void x509_certificate_okx(struct x509_test_certificate *crt, const char *file, unsigned int line)
Report certificate parsing test result.
Definition: x509_test.c:719
#define x509_fingerprint_ok(crt)
Definition: x509_test.c:761
static void x509_test_exec(void)
Perform X.509 self-tests.
Definition: x509_test.c:979
unsigned char uint8_t
Definition: stdint.h:10
static uint8_t root_crt_fingerprint[]
iPXE self-test root CA certificate
Definition: cms_test.c:1306
X.509 certificates.
static void x509_cached_okx(struct x509_test_certificate *crt, const char *file, unsigned int line)
Report cached certificate parsing test result.
Definition: x509_test.c:735
REQUIRE_OBJECT(rsa)
void x509_fingerprint(struct x509_certificate *cert, struct digest_algorithm *digest, void *fingerprint)
Calculate X.509 certificate fingerprint.
Definition: x509.c:1228
#define x509_check_name_fail_ok(crt, name)
Definition: x509_test.c:898
An X.509 test certificate chain.
Definition: x509_test.c:60
#define DATA(...)
Define inline certificate data.
Definition: x509_test.c:71
An X.509 root certificate store.
Definition: x509.h:344
const void * fingerprint
Fingerprint.
Definition: x509_test.c:53
struct x509_test_certificate ** certs
Test certificates.
Definition: x509_test.c:62
static void x509_put(struct x509_certificate *cert)
Drop reference to X.509 certificate.
Definition: x509.h:247
static struct x509_certificate * x509_first(struct x509_chain *chain)
Get first certificate in X.509 certificate chain.
Definition: x509.h:280
#define FINGERPRINT(...)
Define inline fingerprint data.
Definition: x509_test.c:74
int x509_check_issuer(struct x509_certificate *cert, struct x509_certificate *issuer)
Check X.509 certificate against issuer certificate.
Definition: x509.c:1168
#define x509_check_time_ok(crt, time)
Definition: x509_test.c:847
struct x509_link store
Link in certificate store.
Definition: x509.h:190
#define REF_INIT(free_fn)
Initialise a static reference counter.
Definition: refcnt.h:77
static void x509_invalidate_chain(struct x509_chain *chain)
Invalidate X.509 certificate chain.
Definition: x509.h:410
#define x509_check_root_fail_ok(crt, root)
Definition: x509_test.c:830
#define x509_check_time_fail_ok(crt, time)
Definition: x509_test.c:864
static void x509_check_issuer_okx(struct x509_test_certificate *crt, struct x509_test_certificate *issuer, const char *file, unsigned int line)
Report certificate issuer validation test result.
Definition: x509_test.c:772
static void x509_validate_chain_fail_okx(struct x509_test_chain *chn, time_t time, struct x509_chain *store, struct x509_root *root, const char *file, unsigned int line)
Report certificate chain validation failure test result.
Definition: x509_test.c:960
#define LIST_HEAD_INIT(list)
Initialise a static list head.
Definition: list.h:30
static void x509_validate_chain_okx(struct x509_test_chain *chn, time_t time, struct x509_chain *store, struct x509_root *root, const char *file, unsigned int line)
Report certificate chain validation test result.
Definition: x509_test.c:938
int64_t time_t
Seconds since the Epoch.
Definition: time.h:18
#define x509_cached_ok(crt)
Definition: x509_test.c:744
REQUIRING_SYMBOL(x509_test)
static time_t test_time
Time at which all test certificates are valid.
Definition: x509_test.c:704
uint64_t time
Current time.
Definition: ntlm.h:20
#define x509_check_name_ok(crt, name)
Definition: x509_test.c:881
static void x509_check_time_fail_okx(struct x509_test_certificate *crt, time_t time, const char *file, unsigned int line)
Report certificate time validation failure test result.
Definition: x509_test.c:858
int memcmp(const void *first, const void *second, size_t len)
Compare memory regions.
Definition: string.c:98
SHA-256 algorithm.
static struct x509_chain empty_store
Empty certificate store.
Definition: x509_test.c:670
void ref_no_free(struct refcnt *refcnt __unused)
Do not free reference-counted object.
Definition: refcnt.c:101
#define NULL
NULL pointer (VOID *)
Definition: Base.h:362
String functions.
int x509_check_time(struct x509_certificate *cert, time_t time)
Check X.509 certificate validity period.
Definition: x509.c:1278
uint32_t first
Length to skip in first segment.
Definition: pccrc.h:23
struct refcnt refcnt
Reference count.
Definition: x509.h:179
const void * data
Data.
Definition: x509_test.c:49
An X.509 test certificate.
Definition: x509_test.c:47
static void x509_check_root_fail_okx(struct x509_test_certificate *crt, struct x509_root *root, const char *file, unsigned int line)
Report certificate root validation failure test result.
Definition: x509_test.c:824
#define x509_chain_ok(chn)
Definition: x509_test.c:925