iPXE
x509_test.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU General Public License as
6  * published by the Free Software Foundation; either version 2 of the
7  * License, or any later version.
8  *
9  * This program is distributed in the hope that it will be useful, but
10  * WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17  * 02110-1301, USA.
18  *
19  * You can also choose to distribute this program under the terms of
20  * the Unmodified Binary Distribution Licence (as given in the file
21  * COPYING.UBDL), provided that you have satisfied its requirements.
22  */
23 
24 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25 
26 /** @file
27  *
28  * X.509 self-tests
29  *
30  */
31 
32 /* Forcibly enable assertions */
33 #undef NDEBUG
34 
35 #include <stdint.h>
36 #include <string.h>
37 #include <errno.h>
38 #include <ipxe/x509.h>
39 #include <ipxe/asn1.h>
40 #include <ipxe/sha256.h>
41 #include <ipxe/test.h>
42 
43 /** Fingerprint algorithm used for X.509 test certificates */
44 #define x509_test_algorithm sha256_algorithm
45 
46 /** An X.509 test certificate */
47 struct x509_test_certificate {
48  /** Data */
49  const void *data;
50  /** Length of data */
51  size_t len;
52  /** Fingerprint */
53  const void *fingerprint;
54 
55  /** Parsed certificate */
56  struct x509_certificate *cert;
57 };
58 
59 /** An X.509 test certificate chain */
60 struct x509_test_chain {
61  /** Test certificates */
62  struct x509_test_certificate **certs;
63  /** Number of certificates */
64  unsigned int count;
65 
66  /** Parsed certificate chain */
67  struct x509_chain *chain;
68 };
69 
70 /** Define inline certificate data */
71 #define DATA(...) { __VA_ARGS__ }
72 
73 /** Define inline fingerprint data */
74 #define FINGERPRINT(...) { __VA_ARGS__ }
75 
76 /** Define a test certificate */
77 #define CERTIFICATE( name, DATA, FINGERPRINT ) \
78  static const uint8_t name ## _data[] = DATA; \
79  static const uint8_t name ## _fingerprint[] = FINGERPRINT; \
80  static struct x509_test_certificate name = { \
81  .data = name ## _data, \
82  .len = sizeof ( name ## _data ), \
83  .fingerprint = name ## _fingerprint, \
84  }
85 
86 /** Define a test certificate chain */
87 #define CHAIN( name, ... ) \
88  static struct x509_test_certificate * name ## _certs[] = \
89  { __VA_ARGS__ }; \
90  static struct x509_test_chain name = { \
91  .certs = name ## _certs, \
92  .count = ( sizeof ( name ## _certs ) / \
93  sizeof ( name ## _certs[0] ) ), \
94  }
95 
96 /*
97  * subject iPXE self-test root CA
98  * issuer iPXE self-test root CA
99  */
100 CERTIFICATE ( root_crt,
101  DATA ( 0x30, 0x82, 0x02, 0xb3, 0x30, 0x82, 0x02, 0x1c, 0xa0, 0x03,
102  0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xc6, 0xb8, 0x9c, 0x58,
103  0xd2, 0xdc, 0xc9, 0x5d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
104  0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30,
105  0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
106  0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30, 0x15, 0x06,
107  0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d, 0x62,
108  0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69, 0x72, 0x65,
109  0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c,
110  0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65,
111  0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
112  0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74, 0x65,
113  0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30, 0x0f,
114  0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70, 0x78,
115  0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06,
116  0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50, 0x58, 0x45,
117  0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65, 0x73, 0x74,
118  0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e,
119  0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32, 0x32, 0x30, 0x30,
120  0x30, 0x31, 0x33, 0x33, 0x5a, 0x17, 0x0d, 0x33, 0x39, 0x30,
121  0x38, 0x30, 0x38, 0x30, 0x30, 0x30, 0x31, 0x33, 0x33, 0x5a,
122  0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
123  0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30, 0x15,
124  0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d,
125  0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69, 0x72,
126  0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07,
127  0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67,
128  0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a,
129  0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74,
130  0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30,
131  0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70,
132  0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30, 0x1d,
133  0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50, 0x58,
134  0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65, 0x73,
135  0x74, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x30,
136  0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
137  0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d,
138  0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xaa, 0x72,
139  0xb5, 0xc1, 0x73, 0xf4, 0x95, 0x76, 0xa4, 0x27, 0xab, 0x5e,
140  0xeb, 0x1d, 0x9d, 0xd0, 0x04, 0xb2, 0x93, 0x05, 0xc7, 0xfa,
141  0x75, 0x84, 0x66, 0xe6, 0x3a, 0x26, 0x1f, 0xbc, 0x2d, 0xfd,
142  0x8f, 0x59, 0x64, 0xac, 0xcf, 0x65, 0x9d, 0x82, 0x23, 0xc3,
143  0x72, 0x93, 0xf2, 0x40, 0x68, 0x32, 0xd1, 0xb8, 0xf1, 0x47,
144  0x61, 0x50, 0xea, 0xbc, 0xcc, 0x3c, 0x6b, 0x74, 0x7a, 0xec,
145  0x2b, 0x75, 0xa6, 0xc2, 0xa2, 0xb8, 0xbf, 0x23, 0x48, 0x97,
146  0xd5, 0xaf, 0x77, 0xc1, 0x92, 0x88, 0xd7, 0x38, 0xb7, 0x9e,
147  0xda, 0xee, 0x72, 0x04, 0xcb, 0x96, 0xe5, 0xdb, 0xfd, 0x9b,
148  0x5d, 0x99, 0x4e, 0x7a, 0x60, 0x23, 0x34, 0xa4, 0x8d, 0xd7,
149  0x6c, 0xe7, 0x5d, 0x93, 0x97, 0xe1, 0xab, 0x36, 0x2c, 0x24,
150  0x16, 0x92, 0x66, 0xf6, 0x6a, 0x14, 0x23, 0x1d, 0x18, 0xb9,
151  0x44, 0x24, 0x61, 0x6b, 0xd3, 0x75, 0x02, 0x03, 0x01, 0x00,
152  0x01, 0xa3, 0x23, 0x30, 0x21, 0x30, 0x0f, 0x06, 0x03, 0x55,
153  0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01,
154  0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01,
155  0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x0d,
156  0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
157  0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x94, 0x9e, 0xea,
158  0x17, 0x8d, 0x27, 0xa9, 0x17, 0xe5, 0xa9, 0x19, 0xbe, 0x82,
159  0x36, 0xbd, 0xac, 0x74, 0xf3, 0x6e, 0x75, 0x71, 0x30, 0x1c,
160  0x05, 0x80, 0x6d, 0x1a, 0x69, 0x37, 0x86, 0x9c, 0x77, 0x75,
161  0x29, 0xa1, 0xc6, 0xb7, 0x11, 0x0a, 0x63, 0x27, 0xee, 0xb1,
162  0xc8, 0x94, 0xa9, 0x2e, 0x56, 0x8f, 0xca, 0x9d, 0xbe, 0xf4,
163  0xdb, 0x63, 0x97, 0x68, 0x3b, 0x13, 0xf8, 0x6a, 0xa5, 0xd1,
164  0x3d, 0xed, 0xbb, 0x86, 0x9d, 0x42, 0xfc, 0x15, 0x0a, 0x04,
165  0xf8, 0x3c, 0x0e, 0xc4, 0x86, 0x05, 0x57, 0x56, 0x96, 0xf6,
166  0xc0, 0x18, 0x53, 0xb0, 0xc5, 0xf0, 0xca, 0x72, 0x77, 0x77,
167  0xc9, 0x8e, 0x90, 0xa5, 0x4b, 0xb6, 0x80, 0x4a, 0x4c, 0x34,
168  0x6f, 0xc9, 0xe8, 0x6f, 0xc2, 0x28, 0xdf, 0x93, 0xa9, 0xf5,
169  0x63, 0x18, 0xc0, 0xec, 0x9e, 0xd5, 0x19, 0x36, 0xc5, 0x94,
170  0x10, 0xd4, 0x72, 0xd2, 0xb8 ),
171  FINGERPRINT ( 0x71, 0x5d, 0x51, 0x37, 0x5e, 0x18, 0xb3, 0xbc,
172  0xbb, 0x30, 0x0e, 0x8f, 0x50, 0xc7, 0x55, 0xf5,
173  0x96, 0xe7, 0xa8, 0x6d, 0x63, 0x2d, 0x32, 0x38,
174  0xaf, 0x00, 0xc4, 0x1a, 0xfc, 0xd8, 0xac, 0xc3 ) );
175 
176 /*
177  * subject iPXE self-test intermediate CA
178  * issuer iPXE self-test root CA
179  */
180 CERTIFICATE ( intermediate_crt,
181  DATA ( 0x30, 0x82, 0x02, 0xb3, 0x30, 0x82, 0x02, 0x1c, 0xa0, 0x03,
182  0x02, 0x01, 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09,
183  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,
184  0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
185  0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30,
186  0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61,
187  0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69,
188  0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
189  0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
190  0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
191  0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73,
192  0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
193  0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69,
194  0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30,
195  0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50,
196  0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65,
197  0x73, 0x74, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41,
198  0x30, 0x1e, 0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32, 0x32,
199  0x30, 0x30, 0x30, 0x31, 0x33, 0x33, 0x5a, 0x17, 0x0d, 0x31,
200  0x34, 0x31, 0x32, 0x31, 0x37, 0x30, 0x30, 0x30, 0x31, 0x33,
201  0x33, 0x5a, 0x30, 0x81, 0x90, 0x31, 0x0b, 0x30, 0x09, 0x06,
202  0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17,
203  0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43,
204  0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68,
205  0x69, 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
206  0x04, 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69,
207  0x64, 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
208  0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79,
209  0x73, 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31,
210  0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08,
211  0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x27,
212  0x30, 0x25, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1e, 0x69,
213  0x50, 0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74,
214  0x65, 0x73, 0x74, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d,
215  0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x43, 0x41, 0x30,
216  0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
217  0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d,
218  0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xc9, 0x3a,
219  0xee, 0xc6, 0x3c, 0xac, 0x4d, 0x81, 0xc6, 0x98, 0x5e, 0xe1,
220  0x48, 0x66, 0x1a, 0x1e, 0x60, 0x19, 0x41, 0xae, 0xca, 0x14,
221  0x97, 0xc8, 0x3a, 0x50, 0xb6, 0x48, 0xf5, 0x42, 0xac, 0x0f,
222  0xe1, 0xe3, 0x47, 0xf0, 0xbf, 0x7c, 0xd0, 0xee, 0x8f, 0xb7,
223  0xa6, 0x19, 0xad, 0xbb, 0xc5, 0x1b, 0x34, 0x38, 0xc8, 0xbd,
224  0x55, 0x84, 0x93, 0x72, 0xaf, 0x84, 0xfc, 0x9b, 0x97, 0x1d,
225  0xb5, 0x54, 0x24, 0xd6, 0x5d, 0xb7, 0x31, 0xf4, 0xbd, 0x3b,
226  0x40, 0x97, 0xc0, 0xa9, 0x5a, 0x2a, 0xcb, 0x6b, 0x98, 0x07,
227  0xdb, 0xb5, 0x9f, 0xe8, 0x31, 0x3f, 0x01, 0x46, 0x46, 0x70,
228  0x05, 0xa2, 0x0f, 0x8c, 0x7a, 0x61, 0xf3, 0xdf, 0xdb, 0xa1,
229  0x37, 0x2c, 0x88, 0x6a, 0x81, 0x21, 0x12, 0x4c, 0xf5, 0xcd,
230  0xaf, 0xc9, 0xd2, 0x36, 0x3d, 0x82, 0xd1, 0xca, 0x19, 0xaf,
231  0x4e, 0xae, 0x50, 0x71, 0x44, 0xbf, 0x02, 0x03, 0x01, 0x00,
232  0x01, 0xa3, 0x23, 0x30, 0x21, 0x30, 0x0f, 0x06, 0x03, 0x55,
233  0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01,
234  0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01,
235  0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x0d,
236  0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
237  0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x5d, 0x3c, 0xb3,
238  0x52, 0x19, 0xa6, 0x9e, 0x4a, 0x44, 0x98, 0xbf, 0x51, 0x20,
239  0x47, 0x0a, 0xf3, 0x26, 0x1a, 0xcc, 0x35, 0x2f, 0xc9, 0xed,
240  0xe0, 0x9d, 0x46, 0xeb, 0xbc, 0x7e, 0xc9, 0xb9, 0x1d, 0x76,
241  0xa4, 0x1d, 0xc2, 0xd9, 0x16, 0x29, 0x77, 0x01, 0x40, 0xdd,
242  0xe5, 0xcb, 0x28, 0x91, 0x3a, 0x0c, 0x13, 0x01, 0x1b, 0x72,
243  0x62, 0x45, 0x27, 0xfd, 0xd7, 0x00, 0x47, 0x36, 0x09, 0x1e,
244  0x7b, 0xd2, 0xcb, 0x95, 0x3d, 0x28, 0x82, 0xce, 0x83, 0x59,
245  0x32, 0xf9, 0xe6, 0xec, 0x89, 0xac, 0x88, 0x45, 0x22, 0x88,
246  0x6f, 0x5e, 0xa2, 0x79, 0x95, 0xba, 0xb9, 0xc9, 0xb6, 0x4c,
247  0x7c, 0xb4, 0x29, 0xa1, 0x02, 0xf5, 0xac, 0x5d, 0x8e, 0x52,
248  0xeb, 0xe8, 0xb1, 0x56, 0x49, 0xb3, 0x77, 0x62, 0x7d, 0x87,
249  0x4d, 0x17, 0xf2, 0x62, 0x83, 0x08, 0x59, 0x21, 0x60, 0x0d,
250  0x84, 0x8e, 0x5a, 0x84, 0xf6 ),
251  FINGERPRINT ( 0x88, 0x70, 0xbf, 0xf0, 0xd6, 0x09, 0x03, 0x3a,
252  0xe1, 0x80, 0xa7, 0xa5, 0x5c, 0x3e, 0xe1, 0x05,
253  0x38, 0x97, 0xde, 0xe1, 0xe9, 0x74, 0x55, 0xb1,
254  0x1e, 0x59, 0x69, 0x44, 0x42, 0x1b, 0xc8, 0xff ) );
255 
256 /*
257  * subject iPXE self-test leaf CA
258  * issuer iPXE self-test intermediate CA
259  */
260 CERTIFICATE ( leaf_crt,
261  DATA ( 0x30, 0x82, 0x02, 0xb6, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03,
262  0x02, 0x01, 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09,
263  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,
264  0x00, 0x30, 0x81, 0x90, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
265  0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30,
266  0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61,
267  0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69,
268  0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
269  0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
270  0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
271  0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73,
272  0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
273  0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69,
274  0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x27, 0x30,
275  0x25, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1e, 0x69, 0x50,
276  0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65,
277  0x73, 0x74, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65,
278  0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x43, 0x41, 0x30, 0x1e,
279  0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32, 0x32, 0x30, 0x30,
280  0x30, 0x31, 0x33, 0x33, 0x5a, 0x17, 0x0d, 0x31, 0x34, 0x31,
281  0x32, 0x31, 0x37, 0x30, 0x30, 0x30, 0x31, 0x33, 0x33, 0x5a,
282  0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
283  0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30, 0x15,
284  0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d,
285  0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69, 0x72,
286  0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07,
287  0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67,
288  0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a,
289  0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74,
290  0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30,
291  0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70,
292  0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30, 0x1d,
293  0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50, 0x58,
294  0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65, 0x73,
295  0x74, 0x20, 0x6c, 0x65, 0x61, 0x66, 0x20, 0x43, 0x41, 0x30,
296  0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
297  0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d,
298  0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xc3, 0x55,
299  0xad, 0xdf, 0x7b, 0xd1, 0x48, 0xc3, 0xd3, 0x02, 0x54, 0x6c,
300  0x92, 0x45, 0x22, 0x3d, 0x90, 0xd8, 0xc7, 0x13, 0xcd, 0xc1,
301  0x59, 0xc6, 0xe0, 0xad, 0x0e, 0xe6, 0xdb, 0x3b, 0xe8, 0x63,
302  0xea, 0x4e, 0xb6, 0xea, 0x50, 0xea, 0x6e, 0x33, 0x9d, 0x28,
303  0x25, 0x42, 0x49, 0xd0, 0xf0, 0xed, 0xc5, 0x5b, 0x6b, 0x4a,
304  0xe7, 0x45, 0xfa, 0xd3, 0x3f, 0xae, 0xde, 0x5a, 0x90, 0xab,
305  0xf1, 0x61, 0x2f, 0x40, 0x5e, 0xcf, 0x8b, 0x0b, 0x10, 0x59,
306  0xa9, 0xd0, 0x1e, 0x0f, 0x18, 0x6b, 0x92, 0xd8, 0x9f, 0x58,
307  0x10, 0x84, 0xb6, 0x15, 0xe8, 0x5b, 0xc4, 0xa0, 0x3e, 0x49,
308  0x8b, 0xea, 0xdd, 0xa9, 0x7e, 0x32, 0x26, 0x9a, 0x68, 0x44,
309  0xf0, 0x30, 0xca, 0x2a, 0xd6, 0x19, 0x7a, 0x80, 0xfd, 0xd7,
310  0xfc, 0xc7, 0x5d, 0xe7, 0x61, 0xd2, 0x3f, 0x1f, 0x2c, 0x40,
311  0x70, 0x7b, 0x34, 0xcb, 0x08, 0xa9, 0x02, 0x03, 0x01, 0x00,
312  0x01, 0xa3, 0x26, 0x30, 0x24, 0x30, 0x12, 0x06, 0x03, 0x55,
313  0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01,
314  0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55,
315  0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02,
316  0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
317  0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00,
318  0x40, 0xd2, 0x70, 0x02, 0x08, 0x19, 0xa0, 0xb8, 0x8d, 0x9d,
319  0x3d, 0x62, 0x41, 0x90, 0x2a, 0x36, 0x4a, 0x8b, 0x21, 0x42,
320  0x9a, 0xb4, 0xc5, 0xf8, 0x79, 0x17, 0xd7, 0x64, 0x4d, 0xbf,
321  0x8f, 0x6a, 0x04, 0x54, 0x7a, 0x0b, 0xd4, 0xb5, 0x0e, 0xab,
322  0xf7, 0xb7, 0x06, 0x2b, 0xf8, 0xde, 0x87, 0xb2, 0x37, 0x3b,
323  0x95, 0x01, 0xba, 0x9f, 0x8f, 0xec, 0x0a, 0x86, 0xca, 0x51,
324  0xb6, 0x25, 0x73, 0x2f, 0xa1, 0x66, 0xc8, 0x7a, 0x5e, 0x51,
325  0xbd, 0x49, 0xb5, 0x75, 0xda, 0xea, 0xe5, 0xeb, 0x5d, 0xe3,
326  0xb0, 0xad, 0x49, 0x9f, 0x8b, 0xfd, 0x89, 0xb3, 0xb7, 0xb2,
327  0x4c, 0x7d, 0x8a, 0x29, 0xb2, 0xbe, 0x04, 0xef, 0x9c, 0x73,
328  0x3c, 0xea, 0xa3, 0x9f, 0x07, 0x66, 0x5a, 0x2f, 0x38, 0xad,
329  0x1a, 0xeb, 0xe1, 0xb0, 0x62, 0x14, 0x55, 0xdc, 0x8c, 0x83,
330  0xbb, 0xc7, 0x13, 0x04, 0x41, 0x54, 0xf1, 0x45 ),
331  FINGERPRINT ( 0xca, 0xcf, 0xea, 0x98, 0x3d, 0x71, 0xb6, 0x9d,
332  0x4f, 0x5b, 0x84, 0x5e, 0xaa, 0x8e, 0xae, 0x63,
333  0x0e, 0xad, 0x52, 0xe8, 0xc7, 0x51, 0x81, 0x07,
334  0xd1, 0xa1, 0x66, 0xdb, 0xd5, 0x62, 0xe1, 0xe6 ) );
335 
336 /*
337  * subject iPXE self-test useless CA
338  * issuer iPXE self-test leaf CA
339  */
340 CERTIFICATE ( useless_crt,
341  DATA ( 0x30, 0x82, 0x02, 0xae, 0x30, 0x82, 0x02, 0x17, 0xa0, 0x03,
342  0x02, 0x01, 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09,
343  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,
344  0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
345  0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30,
346  0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61,
347  0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69,
348  0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
349  0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
350  0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
351  0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73,
352  0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
353  0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69,
354  0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30,
355  0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50,
356  0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65,
357  0x73, 0x74, 0x20, 0x6c, 0x65, 0x61, 0x66, 0x20, 0x43, 0x41,
358  0x30, 0x1e, 0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32, 0x32,
359  0x30, 0x30, 0x30, 0x31, 0x33, 0x34, 0x5a, 0x17, 0x0d, 0x31,
360  0x34, 0x31, 0x32, 0x31, 0x37, 0x30, 0x30, 0x30, 0x31, 0x33,
361  0x34, 0x5a, 0x30, 0x81, 0x8b, 0x31, 0x0b, 0x30, 0x09, 0x06,
362  0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17,
363  0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43,
364  0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68,
365  0x69, 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
366  0x04, 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69,
367  0x64, 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
368  0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79,
369  0x73, 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31,
370  0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08,
371  0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22,
372  0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x19, 0x69,
373  0x50, 0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74,
374  0x65, 0x73, 0x74, 0x20, 0x75, 0x73, 0x65, 0x6c, 0x65, 0x73,
375  0x73, 0x20, 0x43, 0x41, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06,
376  0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
377  0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
378  0x81, 0x81, 0x00, 0xbe, 0x7f, 0x5a, 0x07, 0x7c, 0x61, 0xc2,
379  0x3a, 0x7e, 0xe3, 0x94, 0xcb, 0xe9, 0xc3, 0x4c, 0x6f, 0x8d,
380  0x5c, 0x4a, 0xf0, 0xc2, 0x13, 0x54, 0x09, 0x39, 0xa8, 0xf9,
381  0xc2, 0xc3, 0xdd, 0xbe, 0x42, 0x99, 0xa6, 0xe1, 0x58, 0x0a,
382  0xd5, 0x89, 0x12, 0xa6, 0xd6, 0x4e, 0xfb, 0x6c, 0xe5, 0xab,
383  0xff, 0x40, 0x52, 0xcc, 0x1e, 0x63, 0x10, 0xd7, 0xfe, 0x49,
384  0xf3, 0x86, 0x29, 0x58, 0x6a, 0x90, 0xe4, 0xe2, 0x56, 0x85,
385  0x14, 0x7d, 0xa5, 0xf8, 0xe0, 0x7e, 0x96, 0x88, 0xd9, 0x23,
386  0xe5, 0x44, 0x72, 0xa9, 0x5a, 0xbb, 0x76, 0x6b, 0x59, 0x3e,
387  0x85, 0xd4, 0xe7, 0xb2, 0x31, 0x32, 0xea, 0x40, 0x1f, 0xce,
388  0xfb, 0xb1, 0x91, 0xee, 0x86, 0x91, 0x3e, 0xa4, 0x86, 0xa4,
389  0xe9, 0x74, 0xd7, 0x14, 0x8c, 0xb6, 0xb4, 0xc0, 0x08, 0xbb,
390  0xc8, 0x38, 0xc3, 0x96, 0x3d, 0x85, 0xcf, 0xef, 0x94, 0x52,
391  0x29, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x23, 0x30, 0x21,
392  0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
393  0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06,
394  0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03,
395  0x02, 0x02, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
396  0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81,
397  0x81, 0x00, 0x50, 0x59, 0xfb, 0x9d, 0x4d, 0xfe, 0x0e, 0x5b,
398  0xc4, 0x51, 0xe9, 0xe8, 0xa4, 0xf5, 0x2f, 0x32, 0x8b, 0x06,
399  0x78, 0xbe, 0xf1, 0x18, 0xc5, 0x6f, 0xd9, 0x20, 0xee, 0xb7,
400  0x51, 0x40, 0xaf, 0xf3, 0x3c, 0xe4, 0x74, 0x00, 0xa4, 0x63,
401  0x3b, 0x37, 0xe1, 0xef, 0x80, 0xdc, 0xd5, 0x90, 0xed, 0xba,
402  0x91, 0x86, 0x7f, 0x97, 0x5d, 0x3e, 0x8f, 0x29, 0xcc, 0x57,
403  0xee, 0x79, 0x15, 0x6b, 0xe3, 0xd1, 0x25, 0x14, 0x24, 0xdf,
404  0xbf, 0x38, 0xee, 0xe3, 0x8a, 0x88, 0x19, 0x0f, 0xc8, 0x10,
405  0xae, 0x27, 0x99, 0xa8, 0x35, 0x47, 0xc9, 0xfb, 0x92, 0x47,
406  0xa2, 0x36, 0x2a, 0x8c, 0x26, 0x12, 0xb1, 0x0d, 0x46, 0xe2,
407  0xdc, 0x33, 0x29, 0x0c, 0x32, 0xcf, 0x22, 0x49, 0xde, 0xc3,
408  0x55, 0x2a, 0xba, 0xdd, 0xe3, 0x98, 0xc0, 0xe4, 0x9a, 0xa2,
409  0xe5, 0x43, 0x04, 0x32, 0xd3, 0x50, 0x7d, 0x9c, 0x71, 0x23 ),
410  FINGERPRINT ( 0xda, 0xbf, 0xd3, 0x5e, 0x2e, 0x29, 0xa9, 0xfd,
411  0x4d, 0x40, 0xba, 0xb8, 0xdd, 0x66, 0x93, 0x4c,
412  0x10, 0xea, 0x5b, 0x07, 0xa6, 0xe2, 0x27, 0x63,
413  0x2e, 0xfe, 0x01, 0x63, 0x7c, 0xea, 0xc6, 0xd0 ) );
414 
415 /*
416  * subject boot.test.ipxe.org
417  * issuer iPXE self-test leaf CA
418  */
419 CERTIFICATE ( server_crt,
420  DATA ( 0x30, 0x82, 0x02, 0xd2, 0x30, 0x82, 0x02, 0x3b, 0xa0, 0x03,
421  0x02, 0x01, 0x02, 0x02, 0x01, 0x1e, 0x30, 0x0d, 0x06, 0x09,
422  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,
423  0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
424  0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30,
425  0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61,
426  0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69,
427  0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
428  0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
429  0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
430  0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73,
431  0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
432  0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69,
433  0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30,
434  0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50,
435  0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65,
436  0x73, 0x74, 0x20, 0x6c, 0x65, 0x61, 0x66, 0x20, 0x43, 0x41,
437  0x30, 0x1e, 0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x30, 0x35,
438  0x31, 0x33, 0x34, 0x35, 0x30, 0x35, 0x5a, 0x17, 0x0d, 0x31,
439  0x33, 0x30, 0x33, 0x30, 0x35, 0x31, 0x33, 0x34, 0x35, 0x30,
440  0x35, 0x5a, 0x30, 0x81, 0x84, 0x31, 0x0b, 0x30, 0x09, 0x06,
441  0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17,
442  0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43,
443  0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68,
444  0x69, 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
445  0x04, 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69,
446  0x64, 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
447  0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79,
448  0x73, 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31,
449  0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08,
450  0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1b,
451  0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x12, 0x62,
452  0x6f, 0x6f, 0x74, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x69,
453  0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x81, 0x9f,
454  0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
455  0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30,
456  0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xac, 0x7b, 0x54, 0xc1,
457  0x97, 0x4d, 0x56, 0xbd, 0xb2, 0x52, 0xb3, 0x5c, 0x1b, 0x28,
458  0xae, 0x91, 0x33, 0xf0, 0xc8, 0xc2, 0x3c, 0x7d, 0xe8, 0x95,
459  0x72, 0xaf, 0xfe, 0xa1, 0x68, 0xe1, 0xbd, 0xe2, 0x9d, 0x4c,
460  0xe8, 0x95, 0x56, 0x94, 0xce, 0x47, 0x57, 0x1b, 0xb1, 0x08,
461  0xa1, 0x5b, 0x02, 0x8f, 0x56, 0x75, 0x1e, 0x4f, 0xfd, 0xc5,
462  0x87, 0x5c, 0x1c, 0x3f, 0xab, 0x4f, 0xba, 0x25, 0x14, 0x6d,
463  0xe3, 0xa2, 0x47, 0x33, 0xd0, 0x78, 0x63, 0xcc, 0x11, 0x37,
464  0x08, 0x73, 0x25, 0x42, 0x20, 0xa9, 0x57, 0x29, 0xeb, 0x44,
465  0x80, 0x0d, 0xe6, 0x76, 0x4b, 0x02, 0x8b, 0x67, 0xb2, 0x99,
466  0xfe, 0xb3, 0x44, 0x62, 0xdf, 0x34, 0x0e, 0xf3, 0xe2, 0x17,
467  0x42, 0x8f, 0x36, 0x42, 0x5a, 0x1c, 0x03, 0x3e, 0x06, 0x0d,
468  0x5e, 0x08, 0x52, 0xd1, 0x06, 0xfb, 0xa9, 0xdb, 0x13, 0x15,
469  0x08, 0x6d, 0x03, 0x85, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3,
470  0x4e, 0x30, 0x4c, 0x30, 0x4a, 0x06, 0x03, 0x55, 0x1d, 0x11,
471  0x04, 0x43, 0x30, 0x41, 0x82, 0x12, 0x64, 0x65, 0x6d, 0x6f,
472  0x2e, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x69, 0x70, 0x78, 0x65,
473  0x2e, 0x6f, 0x72, 0x67, 0x82, 0x13, 0x2a, 0x2e, 0x61, 0x6c,
474  0x74, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x69, 0x70, 0x78,
475  0x65, 0x2e, 0x6f, 0x72, 0x67, 0x87, 0x04, 0xc0, 0xa8, 0x00,
476  0x01, 0x87, 0x10, 0xfe, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
477  0x00, 0x00, 0x00, 0x69, 0xff, 0xfe, 0x50, 0x58, 0x45, 0x30,
478  0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
479  0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x63, 0x83,
480  0xf5, 0xde, 0xf7, 0x59, 0x81, 0xd3, 0x34, 0x61, 0xfd, 0x2c,
481  0x0c, 0xec, 0x1c, 0x25, 0xd2, 0x2c, 0xe8, 0x90, 0x4f, 0x34,
482  0x43, 0x2c, 0x86, 0x18, 0x9e, 0x66, 0x26, 0x0d, 0x02, 0x2a,
483  0xea, 0x28, 0xc6, 0xbb, 0x51, 0x02, 0xbe, 0x8f, 0x51, 0x50,
484  0xc7, 0x04, 0x49, 0x97, 0xb9, 0xd4, 0xa5, 0x74, 0x39, 0xaa,
485  0x22, 0xbb, 0x4e, 0x46, 0x57, 0x15, 0x0e, 0xcf, 0x64, 0x60,
486  0xc8, 0x13, 0xdf, 0x82, 0x09, 0x3b, 0x92, 0xf5, 0x69, 0x80,
487  0xd2, 0x5e, 0x53, 0x9d, 0x3a, 0xcd, 0x9e, 0x81, 0xa1, 0xbd,
488  0x5b, 0x66, 0x89, 0x4d, 0xf7, 0xa4, 0xd6, 0x92, 0xe4, 0xe1,
489  0x80, 0x87, 0xfa, 0xa5, 0x47, 0x25, 0x9c, 0x35, 0x77, 0xa5,
490  0x11, 0x1b, 0x48, 0x4c, 0x5e, 0x5e, 0x2f, 0xc7, 0xf8, 0x78,
491  0x4c, 0x36, 0x41, 0xfb, 0x91, 0x5d, 0xf6, 0x43, 0x99, 0x7c,
492  0xcd, 0x7f, 0x27, 0x4c, 0x75, 0xca ),
493  FINGERPRINT ( 0x82, 0xd3, 0xa0, 0x4c, 0x0d, 0x7d, 0x3c, 0xb1,
494  0x90, 0x63, 0xd8, 0xef, 0x1e, 0xd2, 0xdd, 0x10,
495  0xd5, 0x89, 0x40, 0x35, 0xb9, 0x5e, 0x98, 0x44,
496  0x30, 0xa2, 0x48, 0x9a, 0xb8, 0x2f, 0xcf, 0xe3 ) );
497 
498 /*
499  * subject not.a.ca.test.ipxe.org
500  * issuer boot.test.ipxe.org
501  */
502 CERTIFICATE ( not_ca_crt,
503  DATA ( 0x30, 0x82, 0x02, 0x7d, 0x30, 0x82, 0x01, 0xe6, 0x02, 0x01,
504  0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
505  0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, 0x84, 0x31,
506  0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
507  0x47, 0x42, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04,
508  0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
509  0x67, 0x65, 0x73, 0x68, 0x69, 0x72, 0x65, 0x31, 0x12, 0x30,
510  0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09, 0x43, 0x61,
511  0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x31, 0x18, 0x30,
512  0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65,
513  0x6e, 0x20, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x73, 0x20,
514  0x4c, 0x74, 0x64, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55,
515  0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f,
516  0x72, 0x67, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04,
517  0x03, 0x0c, 0x12, 0x62, 0x6f, 0x6f, 0x74, 0x2e, 0x74, 0x65,
518  0x73, 0x74, 0x2e, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72,
519  0x67, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32,
520  0x32, 0x30, 0x30, 0x30, 0x31, 0x33, 0x34, 0x5a, 0x17, 0x0d,
521  0x31, 0x33, 0x30, 0x33, 0x32, 0x32, 0x30, 0x30, 0x30, 0x31,
522  0x33, 0x34, 0x5a, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09,
523  0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31,
524  0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e,
525  0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73,
526  0x68, 0x69, 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03,
527  0x55, 0x04, 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72,
528  0x69, 0x64, 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
529  0x55, 0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53,
530  0x79, 0x73, 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64,
531  0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
532  0x08, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31,
533  0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16,
534  0x6e, 0x6f, 0x74, 0x2e, 0x61, 0x2e, 0x63, 0x61, 0x2e, 0x74,
535  0x65, 0x73, 0x74, 0x2e, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f,
536  0x72, 0x67, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a,
537  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00,
538  0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81,
539  0x00, 0xc3, 0x5b, 0x6d, 0xb3, 0x8d, 0x74, 0x9c, 0x1d, 0xbd,
540  0x94, 0x41, 0xa2, 0x42, 0x96, 0x3c, 0x41, 0x82, 0xc0, 0xf1,
541  0x95, 0xbf, 0xc5, 0x34, 0x92, 0x92, 0xa3, 0xed, 0xed, 0x5c,
542  0x07, 0xaa, 0xb4, 0xc1, 0x66, 0xbb, 0xa6, 0xd1, 0xd9, 0x78,
543  0x93, 0xf1, 0x9c, 0x3e, 0x13, 0x3a, 0xee, 0x74, 0x31, 0xeb,
544  0x55, 0x86, 0xa5, 0x43, 0x8a, 0x5d, 0x0c, 0x2c, 0x0d, 0xfb,
545  0x91, 0x9e, 0x31, 0x22, 0xbe, 0x96, 0xb5, 0x0e, 0x44, 0xc8,
546  0x5b, 0x65, 0xb2, 0xf5, 0xec, 0x2a, 0x51, 0xed, 0x8f, 0x28,
547  0xd8, 0xb2, 0x4b, 0x45, 0x39, 0x31, 0x1f, 0x11, 0xb7, 0x12,
548  0xe3, 0xc6, 0xb2, 0xd2, 0x8d, 0x50, 0xd5, 0xf4, 0xd2, 0x71,
549  0x77, 0xc9, 0x4c, 0x67, 0xee, 0xf7, 0xdc, 0xdb, 0x68, 0xa6,
550  0xac, 0x33, 0xd4, 0xb2, 0x12, 0x61, 0x5c, 0xae, 0x4c, 0x2e,
551  0x26, 0xe8, 0xdf, 0x46, 0x3a, 0x05, 0xaf, 0xeb, 0x0d, 0x02,
552  0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
553  0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03,
554  0x81, 0x81, 0x00, 0x90, 0x3e, 0x16, 0x27, 0x2f, 0x4e, 0x4b,
555  0x31, 0x0e, 0xae, 0x31, 0x9d, 0x64, 0x88, 0x9f, 0xce, 0xd8,
556  0x22, 0x51, 0x9d, 0xd9, 0x2b, 0xfe, 0xed, 0x75, 0xbe, 0xec,
557  0x5a, 0x73, 0xaf, 0x6c, 0xa5, 0x5e, 0xd1, 0x15, 0x9a, 0x08,
558  0xcf, 0x4d, 0x41, 0x78, 0x48, 0xb4, 0x29, 0xf1, 0xf7, 0x63,
559  0x9b, 0x11, 0x91, 0x16, 0x94, 0x55, 0xff, 0xeb, 0xe9, 0x6f,
560  0x0a, 0x34, 0x89, 0xed, 0xf2, 0xd1, 0x79, 0x91, 0x9d, 0xe5,
561  0x73, 0x48, 0x68, 0x7f, 0x9b, 0xf4, 0x94, 0x80, 0x29, 0xbb,
562  0x2f, 0xac, 0x6c, 0xf7, 0x6a, 0x43, 0xcc, 0x40, 0x34, 0x85,
563  0xc8, 0xa1, 0x6d, 0x16, 0x36, 0x65, 0x3f, 0x93, 0x60, 0xc1,
564  0x64, 0x33, 0x91, 0xa1, 0x8f, 0x86, 0x8c, 0xce, 0x14, 0x19,
565  0x72, 0x28, 0xef, 0x94, 0x3d, 0x09, 0xb8, 0x3b, 0x39, 0xe8,
566  0xd1, 0x66, 0x2b, 0x38, 0xb4, 0x46, 0x50, 0xf4, 0xcd, 0xc4,
567  0x9a ),
568  FINGERPRINT ( 0x37, 0x6b, 0xc2, 0x20, 0xa9, 0xbc, 0xe2, 0x83,
569  0x99, 0x60, 0x06, 0x2e, 0xaf, 0x94, 0xfe, 0xb0,
570  0x1a, 0x2c, 0x17, 0x47, 0x1e, 0xc0, 0xd1, 0x66,
571  0xb6, 0x76, 0xeb, 0x1c, 0x07, 0xae, 0x72, 0xf2 ) );
572 
573 /*
574  * subject bad.path.len.test.ipxe.org
575  * issuer iPXE self-test useless CA
576  */
577 CERTIFICATE ( bad_path_len_crt,
578  DATA ( 0x30, 0x82, 0x02, 0x88, 0x30, 0x82, 0x01, 0xf1, 0x02, 0x01,
579  0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
580  0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, 0x8b, 0x31,
581  0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
582  0x47, 0x42, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04,
583  0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
584  0x67, 0x65, 0x73, 0x68, 0x69, 0x72, 0x65, 0x31, 0x12, 0x30,
585  0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09, 0x43, 0x61,
586  0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x31, 0x18, 0x30,
587  0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65,
588  0x6e, 0x20, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x73, 0x20,
589  0x4c, 0x74, 0x64, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55,
590  0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f,
591  0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04,
592  0x03, 0x0c, 0x19, 0x69, 0x50, 0x58, 0x45, 0x20, 0x73, 0x65,
593  0x6c, 0x66, 0x2d, 0x74, 0x65, 0x73, 0x74, 0x20, 0x75, 0x73,
594  0x65, 0x6c, 0x65, 0x73, 0x73, 0x20, 0x43, 0x41, 0x30, 0x1e,
595  0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32, 0x32, 0x30, 0x30,
596  0x30, 0x31, 0x33, 0x34, 0x5a, 0x17, 0x0d, 0x31, 0x33, 0x30,
597  0x33, 0x32, 0x32, 0x30, 0x30, 0x30, 0x31, 0x33, 0x34, 0x5a,
598  0x30, 0x81, 0x8c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
599  0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30, 0x15,
600  0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d,
601  0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69, 0x72,
602  0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07,
603  0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67,
604  0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a,
605  0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74,
606  0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30,
607  0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70,
608  0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x23, 0x30, 0x21,
609  0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1a, 0x62, 0x61, 0x64,
610  0x2e, 0x70, 0x61, 0x74, 0x68, 0x2e, 0x6c, 0x65, 0x6e, 0x2e,
611  0x74, 0x65, 0x73, 0x74, 0x2e, 0x69, 0x70, 0x78, 0x65, 0x2e,
612  0x6f, 0x72, 0x67, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09,
613  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
614  0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81,
615  0x81, 0x00, 0xed, 0xf1, 0xe3, 0xb2, 0x61, 0x68, 0xa0, 0xd5,
616  0x43, 0xfe, 0xad, 0xee, 0xfb, 0x8e, 0x2c, 0xf0, 0x44, 0xaf,
617  0x0a, 0x3c, 0x87, 0xc2, 0x56, 0x9b, 0x66, 0x15, 0xc6, 0xbc,
618  0x5b, 0x96, 0xef, 0xa1, 0x49, 0xd6, 0xe7, 0xeb, 0xb8, 0xf6,
619  0x3d, 0x62, 0xf5, 0x51, 0xfd, 0xb1, 0xa5, 0x4e, 0x92, 0x7c,
620  0x7a, 0x31, 0x1b, 0xb8, 0x21, 0x5c, 0xfe, 0x0b, 0x4e, 0x58,
621  0xd6, 0xd0, 0x8b, 0x81, 0x00, 0x4a, 0xf8, 0xf7, 0x2a, 0xc9,
622  0xea, 0xfa, 0x9c, 0xc9, 0x33, 0x0b, 0xc4, 0xce, 0x96, 0x4c,
623  0x30, 0x6e, 0xf0, 0x07, 0xfa, 0x1b, 0x94, 0x1f, 0xe3, 0x3b,
624  0xb2, 0x7d, 0x31, 0x1a, 0x37, 0x64, 0xe2, 0xc3, 0xf1, 0xe5,
625  0xb9, 0xcc, 0xd1, 0x02, 0xae, 0x16, 0x39, 0x9b, 0xfc, 0x55,
626  0xca, 0xdd, 0x33, 0x92, 0xe3, 0x12, 0x40, 0xc5, 0x32, 0x51,
627  0x62, 0xac, 0x3a, 0xc0, 0x17, 0x36, 0xd0, 0x27, 0x3d, 0xbb,
628  0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a,
629  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00,
630  0x03, 0x81, 0x81, 0x00, 0x07, 0x53, 0x2a, 0x80, 0xd6, 0x25,
631  0x10, 0x37, 0xce, 0x3b, 0x87, 0x87, 0xfc, 0xae, 0xe2, 0x2a,
632  0x28, 0x3f, 0xf7, 0xa6, 0x32, 0x5b, 0x06, 0xbd, 0x4f, 0x34,
633  0x6b, 0x47, 0x8a, 0x4b, 0x47, 0x51, 0xe8, 0x45, 0x69, 0xe3,
634  0xf3, 0xdf, 0xa4, 0x25, 0x8f, 0x34, 0xbe, 0xe5, 0x2c, 0xa4,
635  0x6c, 0x8c, 0x6e, 0x02, 0x74, 0x23, 0x43, 0x21, 0x4d, 0xe3,
636  0x75, 0x93, 0x8e, 0xa8, 0x2c, 0x54, 0xba, 0x35, 0xe7, 0xab,
637  0x44, 0xfa, 0x07, 0x7a, 0x18, 0xb4, 0xa7, 0xce, 0xfa, 0xa6,
638  0x74, 0x5a, 0x45, 0x2c, 0x6f, 0x86, 0x34, 0x8f, 0x4a, 0x09,
639  0xe0, 0xf3, 0x4f, 0x37, 0xbb, 0xa3, 0xa0, 0xcb, 0xad, 0x6b,
640  0xc1, 0x16, 0x06, 0xdf, 0x83, 0x98, 0xaf, 0xa8, 0xc3, 0xa0,
641  0x5f, 0x33, 0x09, 0x01, 0x12, 0xbd, 0xd3, 0x45, 0x9f, 0x5f,
642  0x96, 0x93, 0xe9, 0x69, 0xe9, 0xb1, 0x8a, 0xe4, 0x94, 0xce,
643  0xe4, 0x8d ),
644  FINGERPRINT ( 0xb6, 0x80, 0x84, 0xf1, 0x45, 0x55, 0x1f, 0xbc,
645  0x15, 0xa6, 0xd8, 0x4b, 0xf3, 0x19, 0x65, 0xef,
646  0x53, 0x5a, 0xc8, 0x99, 0xe5, 0xdf, 0x79, 0x07,
647  0x00, 0x2c, 0x9f, 0x49, 0x91, 0x21, 0xeb, 0xfc ) );
648 
649 /*
650  * subject iPXE self-test EC intermediate CA
651  * issuer iPXE self-test root CA
652  */
653 CERTIFICATE ( ecintermediate_crt,
654  DATA ( 0x30, 0x82, 0x03, 0x3a, 0x30, 0x82, 0x02, 0xa3, 0xa0, 0x03,
655  0x02, 0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09,
656  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
657  0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
658  0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30,
659  0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61,
660  0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69,
661  0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
662  0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
663  0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
664  0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73,
665  0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
666  0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69,
667  0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30,
668  0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50,
669  0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65,
670  0x73, 0x74, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41,
671  0x30, 0x1e, 0x17, 0x0d, 0x32, 0x35, 0x31, 0x32, 0x31, 0x39,
672  0x31, 0x34, 0x33, 0x32, 0x35, 0x39, 0x5a, 0x17, 0x0d, 0x32,
673  0x38, 0x30, 0x39, 0x31, 0x34, 0x31, 0x34, 0x33, 0x32, 0x35,
674  0x39, 0x5a, 0x30, 0x81, 0x93, 0x31, 0x0b, 0x30, 0x09, 0x06,
675  0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17,
676  0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43,
677  0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68,
678  0x69, 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
679  0x04, 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69,
680  0x64, 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
681  0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79,
682  0x73, 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31,
683  0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08,
684  0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x2a,
685  0x30, 0x28, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x21, 0x69,
686  0x50, 0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74,
687  0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x69, 0x6e, 0x74,
688  0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20,
689  0x43, 0x41, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
690  0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48,
691  0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xf8,
692  0xb9, 0xac, 0x83, 0x58, 0xf1, 0xa9, 0x6f, 0x85, 0x22, 0xf7,
693  0x04, 0x8d, 0x52, 0xff, 0xef, 0x85, 0xd1, 0x43, 0xfa, 0xdb,
694  0x1a, 0xa1, 0x8d, 0x8b, 0x40, 0x6f, 0x85, 0x2f, 0x38, 0x4c,
695  0x19, 0x79, 0xe0, 0x6a, 0x52, 0x1f, 0x6c, 0x78, 0x3e, 0x2e,
696  0x06, 0x40, 0x35, 0x8b, 0x93, 0xe8, 0xe1, 0xef, 0x37, 0x93,
697  0xe6, 0x70, 0x37, 0xf3, 0x12, 0x05, 0x82, 0x46, 0xdd, 0xf2,
698  0x8a, 0x26, 0x70, 0xa3, 0x81, 0xed, 0x30, 0x81, 0xea, 0x30,
699  0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04,
700  0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03,
701  0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02,
702  0x02, 0x04, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04,
703  0x16, 0x04, 0x14, 0x15, 0x30, 0x20, 0x14, 0x09, 0xba, 0x24,
704  0x27, 0x38, 0x39, 0x28, 0xc9, 0x02, 0x62, 0x4e, 0x76, 0x79,
705  0x91, 0x89, 0x9b, 0x30, 0x81, 0xa7, 0x06, 0x03, 0x55, 0x1d,
706  0x23, 0x04, 0x81, 0x9f, 0x30, 0x81, 0x9c, 0xa1, 0x81, 0x8e,
707  0xa4, 0x81, 0x8b, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09,
708  0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31,
709  0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e,
710  0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73,
711  0x68, 0x69, 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03,
712  0x55, 0x04, 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72,
713  0x69, 0x64, 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
714  0x55, 0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53,
715  0x79, 0x73, 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64,
716  0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
717  0x08, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31,
718  0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16,
719  0x69, 0x50, 0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d,
720  0x74, 0x65, 0x73, 0x74, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20,
721  0x43, 0x41, 0x82, 0x09, 0x00, 0xc6, 0xb8, 0x9c, 0x58, 0xd2,
722  0xdc, 0xc9, 0x5d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
723  0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x81,
724  0x81, 0x00, 0x19, 0x30, 0x56, 0x0d, 0x5d, 0x6c, 0x4d, 0x7c,
725  0x68, 0x47, 0x59, 0xf1, 0xde, 0xd6, 0x6b, 0xdc, 0xa4, 0x43,
726  0x01, 0x1b, 0xff, 0xb3, 0xfc, 0x78, 0xda, 0x31, 0xe0, 0x36,
727  0xd8, 0x0c, 0x5d, 0x4e, 0xb7, 0x33, 0xd2, 0xb3, 0x2c, 0x41,
728  0xb0, 0xc6, 0x8a, 0xba, 0x64, 0xe8, 0x85, 0x46, 0x81, 0x3a,
729  0x8f, 0xef, 0x17, 0x66, 0x68, 0x91, 0xbd, 0x54, 0xea, 0x03,
730  0xa4, 0xf9, 0x15, 0x47, 0x2a, 0xde, 0xeb, 0xe0, 0x2c, 0xd8,
731  0x49, 0x1a, 0x10, 0xed, 0x72, 0x78, 0x77, 0x94, 0xed, 0xf9,
732  0x68, 0xe6, 0x93, 0x93, 0xb5, 0x99, 0x1b, 0xd7, 0x07, 0x1d,
733  0xe3, 0x94, 0xa6, 0xd3, 0x48, 0xcc, 0x7a, 0x1f, 0x59, 0xba,
734  0x31, 0x23, 0xf9, 0x09, 0xe5, 0x2f, 0xda, 0xea, 0xf3, 0xd8,
735  0xc8, 0xa8, 0x71, 0xb9, 0x69, 0xf3, 0x17, 0x4c, 0xc2, 0xf1,
736  0x67, 0xbb, 0xf5, 0x8c, 0x4e, 0x46, 0x63, 0x58, 0x54, 0x8e ),
737  FINGERPRINT ( 0x21, 0x7b, 0x48, 0x59, 0xf1, 0x5e, 0x8a, 0x75,
738  0xd1, 0xee, 0x60, 0x4a, 0x7d, 0x8f, 0xa8, 0xe2,
739  0x6c, 0x25, 0xc4, 0x05, 0x13, 0x46, 0x65, 0x63,
740  0x0b, 0x8d, 0x46, 0x52, 0x6e, 0x3c, 0x4e, 0x10 ) );
741 
742 /*
743  * subject iPXE self-test EC leaf CA
744  * issuer iPXE self-test EC intermediate CA
745  */
746 CERTIFICATE ( ecleaf_crt,
747  DATA ( 0x30, 0x82, 0x02, 0x74, 0x30, 0x82, 0x02, 0x1b, 0xa0, 0x03,
748  0x02, 0x01, 0x02, 0x02, 0x01, 0x02, 0x30, 0x0a, 0x06, 0x08,
749  0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x81,
750  0x93, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
751  0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03,
752  0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d, 0x62, 0x72,
753  0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69, 0x72, 0x65, 0x31,
754  0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09,
755  0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x31,
756  0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0f,
757  0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d,
758  0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30, 0x0f, 0x06,
759  0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70, 0x78, 0x65,
760  0x2e, 0x6f, 0x72, 0x67, 0x31, 0x2a, 0x30, 0x28, 0x06, 0x03,
761  0x55, 0x04, 0x03, 0x0c, 0x21, 0x69, 0x50, 0x58, 0x45, 0x20,
762  0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65, 0x73, 0x74, 0x20,
763  0x45, 0x43, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65,
764  0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x43, 0x41, 0x30, 0x1e,
765  0x17, 0x0d, 0x32, 0x35, 0x31, 0x32, 0x31, 0x39, 0x31, 0x34,
766  0x33, 0x32, 0x35, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x38, 0x30,
767  0x39, 0x31, 0x34, 0x31, 0x34, 0x33, 0x32, 0x35, 0x39, 0x5a,
768  0x30, 0x81, 0x8b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
769  0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30, 0x15,
770  0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d,
771  0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69, 0x72,
772  0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07,
773  0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67,
774  0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a,
775  0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74,
776  0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30,
777  0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70,
778  0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20,
779  0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x19, 0x69, 0x50, 0x58,
780  0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65, 0x73,
781  0x74, 0x20, 0x45, 0x43, 0x20, 0x6c, 0x65, 0x61, 0x66, 0x20,
782  0x43, 0x41, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
783  0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48,
784  0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xa4,
785  0x10, 0x14, 0x39, 0xde, 0x28, 0x87, 0x52, 0xb0, 0xe3, 0x87,
786  0x1b, 0x0f, 0xeb, 0xdf, 0x9b, 0x78, 0x47, 0xeb, 0x76, 0xbb,
787  0xf6, 0x6d, 0x26, 0x0e, 0x2b, 0xec, 0xd2, 0x8e, 0x78, 0xac,
788  0x35, 0x44, 0xd7, 0x79, 0x3f, 0x97, 0x01, 0x8e, 0x8f, 0x08,
789  0xcb, 0x87, 0x1e, 0xd2, 0xba, 0x1b, 0x4b, 0xd2, 0x93, 0x99,
790  0x62, 0x05, 0xeb, 0x75, 0x2a, 0x8f, 0xf9, 0xdb, 0x9c, 0xf4,
791  0xbb, 0x60, 0x8d, 0xa3, 0x66, 0x30, 0x64, 0x30, 0x12, 0x06,
792  0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30,
793  0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06,
794  0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03,
795  0x02, 0x02, 0x04, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
796  0x04, 0x16, 0x04, 0x14, 0xbc, 0xca, 0xd5, 0xfb, 0x11, 0x6d,
797  0xf4, 0xa8, 0x43, 0x12, 0x5f, 0x72, 0xe8, 0x28, 0xe1, 0x9a,
798  0xe8, 0xd5, 0xc7, 0x7f, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d,
799  0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x15, 0x30, 0x20,
800  0x14, 0x09, 0xba, 0x24, 0x27, 0x38, 0x39, 0x28, 0xc9, 0x02,
801  0x62, 0x4e, 0x76, 0x79, 0x91, 0x89, 0x9b, 0x30, 0x0a, 0x06,
802  0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03,
803  0x47, 0x00, 0x30, 0x44, 0x02, 0x20, 0x22, 0x73, 0x07, 0xe2,
804  0x21, 0xaa, 0xc5, 0x0a, 0x88, 0x51, 0xd6, 0x8e, 0x51, 0xf7,
805  0x67, 0x88, 0x6e, 0xe4, 0xe4, 0x14, 0xb7, 0x5b, 0x4d, 0xd1,
806  0xfc, 0x21, 0xc8, 0xd8, 0x94, 0xf6, 0x7e, 0x54, 0x02, 0x20,
807  0x33, 0x2a, 0x0c, 0x58, 0xfd, 0x0f, 0xd5, 0x89, 0x79, 0x60,
808  0x81, 0xeb, 0x23, 0x4f, 0x49, 0x92, 0x09, 0xa5, 0x0f, 0xb6,
809  0xf3, 0x52, 0xa3, 0x2e, 0xf6, 0x37, 0xbf, 0x9f, 0x9d, 0x7a,
810  0xbf, 0x15 ),
811  FINGERPRINT ( 0xe3, 0x46, 0x2e, 0x10, 0x43, 0x1b, 0xca, 0xb8,
812  0x7c, 0x2e, 0xa0, 0xd5, 0x60, 0x09, 0xb6, 0xef,
813  0x5d, 0x62, 0x23, 0xe1, 0xcd, 0xbb, 0x71, 0x28,
814  0xf0, 0x93, 0xd7, 0xf3, 0x6e, 0x1e, 0x71, 0xe5 ) );
815 
816 /*
817  * subject boot.test.ipxe.org
818  * issuer iPXE self-test EC leaf CA
819  */
820 CERTIFICATE ( ecserver_crt,
821  DATA ( 0x30, 0x82, 0x02, 0x43, 0x30, 0x82, 0x01, 0xe8, 0xa0, 0x03,
822  0x02, 0x01, 0x02, 0x02, 0x01, 0x03, 0x30, 0x0a, 0x06, 0x08,
823  0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x81,
824  0x8b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
825  0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03,
826  0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d, 0x62, 0x72,
827  0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69, 0x72, 0x65, 0x31,
828  0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09,
829  0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x31,
830  0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0f,
831  0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d,
832  0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30, 0x0f, 0x06,
833  0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70, 0x78, 0x65,
834  0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03,
835  0x55, 0x04, 0x03, 0x0c, 0x19, 0x69, 0x50, 0x58, 0x45, 0x20,
836  0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65, 0x73, 0x74, 0x20,
837  0x45, 0x43, 0x20, 0x6c, 0x65, 0x61, 0x66, 0x20, 0x43, 0x41,
838  0x30, 0x1e, 0x17, 0x0d, 0x32, 0x35, 0x31, 0x32, 0x31, 0x39,
839  0x31, 0x34, 0x33, 0x32, 0x35, 0x39, 0x5a, 0x17, 0x0d, 0x32,
840  0x36, 0x31, 0x32, 0x31, 0x39, 0x31, 0x34, 0x33, 0x32, 0x35,
841  0x39, 0x5a, 0x30, 0x81, 0x84, 0x31, 0x0b, 0x30, 0x09, 0x06,
842  0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17,
843  0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43,
844  0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68,
845  0x69, 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
846  0x04, 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69,
847  0x64, 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
848  0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79,
849  0x73, 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31,
850  0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08,
851  0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1b,
852  0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x12, 0x62,
853  0x6f, 0x6f, 0x74, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x69,
854  0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x59, 0x30,
855  0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01,
856  0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
857  0x03, 0x42, 0x00, 0x04, 0x81, 0xac, 0xb9, 0xde, 0x2e, 0xf9,
858  0xae, 0x5c, 0x33, 0xba, 0x43, 0x54, 0xeb, 0xc6, 0x08, 0xa1,
859  0xed, 0xf7, 0x6a, 0x78, 0x77, 0x8b, 0x2c, 0x59, 0x61, 0x6d,
860  0x25, 0xaf, 0x2c, 0xe4, 0x3e, 0x22, 0x65, 0x85, 0xa4, 0x9a,
861  0x7f, 0xe3, 0xbe, 0x6c, 0x65, 0xa1, 0x4f, 0x74, 0x60, 0x06,
862  0x8b, 0xf2, 0x5f, 0xe3, 0xdf, 0x8b, 0xc2, 0xb9, 0x67, 0x0e,
863  0xcc, 0x4e, 0x87, 0x53, 0x2e, 0xad, 0x71, 0xbb, 0xa3, 0x42,
864  0x30, 0x40, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04,
865  0x16, 0x04, 0x14, 0x4f, 0xe2, 0x6c, 0x54, 0xd0, 0x6c, 0x66,
866  0x39, 0xb8, 0x2a, 0x3f, 0x30, 0x6e, 0x56, 0x84, 0x3b, 0xb2,
867  0x6b, 0xef, 0x89, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23,
868  0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xbc, 0xca, 0xd5, 0xfb,
869  0x11, 0x6d, 0xf4, 0xa8, 0x43, 0x12, 0x5f, 0x72, 0xe8, 0x28,
870  0xe1, 0x9a, 0xe8, 0xd5, 0xc7, 0x7f, 0x30, 0x0a, 0x06, 0x08,
871  0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x49,
872  0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0x8d, 0x22, 0x2a, 0x92,
873  0xcf, 0x39, 0xc6, 0xbe, 0x01, 0x09, 0x82, 0x75, 0x2b, 0xe2,
874  0xd7, 0xf0, 0x78, 0x2e, 0xde, 0x95, 0x0a, 0xbf, 0xbe, 0x2e,
875  0xb4, 0x17, 0x0f, 0x44, 0x22, 0xa4, 0x27, 0x27, 0x02, 0x21,
876  0x00, 0x80, 0xa8, 0x37, 0xab, 0xd6, 0xf4, 0x38, 0x73, 0xe0,
877  0x48, 0x69, 0x67, 0xbc, 0xbb, 0xfd, 0x3e, 0x2a, 0xb4, 0xe7,
878  0xd0, 0x93, 0xb3, 0xff, 0xc8, 0xd0, 0x9a, 0x8b, 0xc6, 0x06,
879  0xfa, 0xe3, 0x8d ),
880  FINGERPRINT ( 0xcf, 0x32, 0x56, 0xb9, 0x9c, 0x0c, 0x4a, 0xf5,
881  0x92, 0x59, 0x90, 0x11, 0x87, 0x17, 0x85, 0xea,
882  0xc8, 0x8c, 0x5e, 0x13, 0xe2, 0x09, 0xb6, 0xe9,
883  0x15, 0xa8, 0xf5, 0x57, 0x93, 0x47, 0x46, 0xc2 ) );
884 
885 /** Valid certificate chain up to boot.test.ipxe.org */
886 CHAIN ( server_chain, &server_crt, &leaf_crt, &intermediate_crt, &root_crt );
887 
888 /** Broken certificate chain up to boot.test.ipxe.org */
889 CHAIN ( broken_server_chain, &server_crt, &leaf_crt, &root_crt );
890 
891 /** Incomplete certificate chain up to boot.test.ipxe.org */
892 CHAIN ( incomplete_server_chain, &server_crt, &leaf_crt, &intermediate_crt );
893 
894 /** Non-functional certificate chain up to not_ca.test.ipxe.org */
895 CHAIN ( not_ca_chain,
896  &not_ca_crt, &server_crt, &leaf_crt, &intermediate_crt, &root_crt );
897 
898 /** Valid certificate chain up to iPXE self-test useless CA */
899 CHAIN ( useless_chain, &useless_crt, &leaf_crt, &intermediate_crt, &root_crt );
900 
901 /** Non-functional certificate chain up to bad.path.len.test.ipxe.org */
902 CHAIN ( bad_path_len_chain, &bad_path_len_crt, &useless_crt, &leaf_crt,
903  &intermediate_crt, &root_crt );
904 
905 /** Valid certificate chain up to ECDSA boot.test.ipxe.org */
906 CHAIN ( ecserver_chain,
907  &ecserver_crt, &ecleaf_crt, &ecintermediate_crt, &root_crt );
908 
909 /** Broken certificate chain up to ECDSA boot.test.ipxe.org */
910 CHAIN ( broken_ecserver_chain, &ecserver_crt, &ecintermediate_crt, &root_crt );
911 
912 /** Empty certificate store */
913 static struct x509_chain empty_store = {
914  .refcnt = REF_INIT ( ref_no_free ),
915  .links = LIST_HEAD_INIT ( empty_store.links ),
916 };
917 
918 /** Root certificate list containing the iPXE self-test root CA */
919 static struct x509_root test_root = {
920  .refcnt = REF_INIT ( ref_no_free ),
921  .digest = &x509_test_algorithm,
922  .count = 1,
923  .fingerprints = root_crt_fingerprint,
924 };
925 
926 /** Root certificate list containing the iPXE self-test intermediate CA */
927 static struct x509_root intermediate_root = {
928  .refcnt = REF_INIT ( ref_no_free ),
929  .digest = &x509_test_algorithm,
930  .count = 1,
931  .fingerprints = intermediate_crt_fingerprint,
932 };
933 
934 /** Dummy fingerprint (not matching any certificates) */
935 static uint8_t dummy_fingerprint[] =
936  FINGERPRINT ( 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
937  0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
938  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
939  0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff );
940 
941 /** Certificate store containing a dummy fingerprint */
942 static struct x509_root dummy_root = {
943  .refcnt = REF_INIT ( ref_no_free ),
944  .digest = &x509_test_algorithm,
945  .count = 1,
946  .fingerprints = dummy_fingerprint,
947 };
948 
949 /** Time at which all test certificates are valid */
950 static time_t test_time = 1332374737ULL; /* Thu Mar 22 00:05:37 2012 */
951 
952 /** Time at which all ECDSA test certificates are valid */
953 static time_t ectest_time = 1766154603ULL; /* Fri 19 Dec 14:30:03 GMT 2025 */
954 
955 /** Time at which end-entity test certificates are invalid */
956 static time_t test_expired = 1375573111ULL; /* Sat Aug 3 23:38:31 2013 */
957 
958 /** Time at which CA test certificates are invalid */
959 static time_t test_ca_expired = 2205014905ULL; /* Wed Nov 16 00:08:25 2039 */
960 
961 /**
962  * Report certificate parsing test result
963  *
964  * @v crt Test certificate
965  * @v file Test code file
966  * @v line Test code line
967  */
968 static void x509_certificate_okx ( struct x509_test_certificate *crt,
969  const char *file, unsigned int line ) {
970 
971  okx ( x509_certificate ( crt->data, crt->len, &crt->cert ) == 0,
972  file, line );
973 }
974 #define x509_certificate_ok( crt ) \
975  x509_certificate_okx ( crt, __FILE__, __LINE__ )
976 
977 /**
978  * Report cached certificate parsing test result
979  *
980  * @v crt Test certificate
981  * @v file Test code file
982  * @v line Test code line
983  */
984 static void x509_cached_okx ( struct x509_test_certificate *crt,
985  const char *file, unsigned int line ) {
986  struct x509_certificate *temp;
987 
988  okx ( x509_certificate ( crt->data, crt->len, &temp ) == 0,
989  file, line );
990  okx ( temp == crt->cert, file, line );
991  x509_put ( temp );
992 }
993 #define x509_cached_ok( crt ) x509_cached_okx ( crt, __FILE__, __LINE__ )
994 
995 /**
996  * Report certificate fingerprint test result
997  *
998  * @v crt Test certificate
999  * @v file Test code file
1000  * @v line Test code line
1001  */
1002 static void x509_fingerprint_okx ( struct x509_test_certificate *crt,
1003  const char *file, unsigned int line ) {
1004  uint8_t fingerprint[ x509_test_algorithm.digestsize ];
1005 
1006  x509_fingerprint ( crt->cert, &x509_test_algorithm, fingerprint );
1007  okx ( memcmp ( fingerprint, crt->fingerprint,
1008  sizeof ( fingerprint ) ) == 0, file, line );
1009 }
1010 #define x509_fingerprint_ok( crt ) \
1011  x509_fingerprint_okx ( crt, __FILE__, __LINE__ )
1012 
1013 /**
1014  * Report certificate issuer validation test result
1015  *
1016  * @v crt Test certificate
1017  * @v issuer Test issuer
1018  * @v file Test code file
1019  * @v line Test code line
1020  */
1021 static void x509_check_issuer_okx ( struct x509_test_certificate *crt,
1022  struct x509_test_certificate *issuer,
1023  const char *file, unsigned int line ) {
1024 
1025  okx ( x509_check_issuer ( crt->cert, issuer->cert ) == 0, file, line );
1026 }
1027 #define x509_check_issuer_ok( crt, issuer ) \
1028  x509_check_issuer_okx ( crt, issuer, __FILE__, __LINE__ )
1029 
1030 /**
1031  * Report certificate issuer validation failure test result
1032  *
1033  * @v crt Test certificate
1034  * @v issuer Test issuer
1035  * @v file Test code file
1036  * @v line Test code line
1037  */
1038 static void x509_check_issuer_fail_okx ( struct x509_test_certificate *crt,
1039  struct x509_test_certificate *issuer,
1040  const char *file, unsigned int line ) {
1041 
1042  okx ( x509_check_issuer ( crt->cert, issuer->cert ) != 0,
1043  file, line );
1044 }
1045 #define x509_check_issuer_fail_ok( crt, issuer ) \
1046  x509_check_issuer_fail_okx ( crt, issuer, __FILE__, __LINE__ )
1047 
1048 /**
1049  * Report certificate root validation test result
1050  *
1051  * @v crt Test certificate
1052  * @v root Test root certificate store
1053  * @v file Test code file
1054  * @v line Test code line
1055  */
1056 static void x509_check_root_okx ( struct x509_test_certificate *crt,
1057  struct x509_root *root, const char *file,
1058  unsigned int line ) {
1059 
1060  okx ( x509_check_root ( crt->cert, root ) == 0, file, line );
1061 }
1062 #define x509_check_root_ok( crt, root ) \
1063  x509_check_root_okx ( crt, root, __FILE__, __LINE__ )
1064 
1065 /**
1066  * Report certificate root validation failure test result
1067  *
1068  * @v crt Test certificate
1069  * @v root Test root certificate store
1070  * @v file Test code file
1071  * @v line Test code line
1072  */
1073 static void x509_check_root_fail_okx ( struct x509_test_certificate *crt,
1074  struct x509_root *root,
1075  const char *file, unsigned int line ) {
1076 
1077  okx ( x509_check_root ( crt->cert, root ) != 0, file, line );
1078 }
1079 #define x509_check_root_fail_ok( crt, root ) \
1080  x509_check_root_fail_okx ( crt, root, __FILE__, __LINE__ )
1081 
1082 /**
1083  * Report certificate time validation test result
1084  *
1085  * @v crt Test certificate
1086  * @v time Test time
1087  * @v file Test code file
1088  * @v line Test code line
1089  */
1090 static void x509_check_time_okx ( struct x509_test_certificate *crt,
1091  time_t time, const char *file,
1092  unsigned int line ) {
1093 
1094  okx ( x509_check_time ( crt->cert, time ) == 0, file, line );
1095 }
1096 #define x509_check_time_ok( crt, time ) \
1097  x509_check_time_okx ( crt, time, __FILE__, __LINE__ )
1098 
1099 /**
1100  * Report certificate time validation failure test result
1101  *
1102  * @v crt Test certificate
1103  * @v time Test time
1104  * @v file Test code file
1105  * @v line Test code line
1106  */
1107 static void x509_check_time_fail_okx ( struct x509_test_certificate *crt,
1108  time_t time, const char *file,
1109  unsigned int line ) {
1110 
1111  okx ( x509_check_time ( crt->cert, time ) != 0, file, line );
1112 }
1113 #define x509_check_time_fail_ok( crt, time ) \
1114  x509_check_time_fail_okx ( crt, time, __FILE__, __LINE__ )
1115 
1116 /**
1117  * Report certificate name validation test result
1118  *
1119  * @v crt Test certificate
1120  * @v name Test name
1121  * @v file Test code file
1122  * @v line Test code line
1123  */
1124 static void x509_check_name_okx ( struct x509_test_certificate *crt,
1125  const char *name, const char *file,
1126  unsigned int line ) {
1127 
1128  okx ( x509_check_name ( crt->cert, name ) == 0, file, line );
1129 }
1130 #define x509_check_name_ok( crt, name ) \
1131  x509_check_name_okx ( crt, name, __FILE__, __LINE__ )
1132 
1133 /**
1134  * Report certificate name validation failure test result
1135  *
1136  * @v crt Test certificate
1137  * @v name Test name
1138  * @v file Test code file
1139  * @v line Test code line
1140  */
1141 static void x509_check_name_fail_okx ( struct x509_test_certificate *crt,
1142  const char *name, const char *file,
1143  unsigned int line ) {
1144 
1145  okx ( x509_check_name ( crt->cert, name ) != 0, file, line );
1146 }
1147 #define x509_check_name_fail_ok( crt, name ) \
1148  x509_check_name_fail_okx ( crt, name, __FILE__, __LINE__ )
1149 
1150 /**
1151  * Report certificate chain parsing test result
1152  *
1153  * @v chn Test certificate chain
1154  * @v file Test code file
1155  * @v line Test code line
1156  */
1157 static void x509_chain_okx ( struct x509_test_chain *chn, const char *file,
1158  unsigned int line ) {
1159  unsigned int i;
1160  struct x509_certificate *first;
1161 
1162  chn->chain = x509_alloc_chain();
1163  okx ( chn->chain != NULL, file, line );
1164  for ( i = 0 ; i < chn->count ; i++ ) {
1165  okx ( x509_append ( chn->chain, chn->certs[i]->cert ) == 0,
1166  file, line );
1167  }
1168  first = x509_first ( chn->chain );
1169  okx ( first != NULL, file, line );
1170  okx ( first->raw.len == chn->certs[0]->len, file, line );
1171  okx ( memcmp ( first->raw.data, chn->certs[0]->data,
1172  first->raw.len ) == 0, file, line );
1173 }
1174 #define x509_chain_ok( chn ) \
1175  x509_chain_okx ( chn, __FILE__, __LINE__ )
1176 
1177 /**
1178  * Report certificate chain validation test result
1179  *
1180  * @v chn Test certificate chain
1181  * @v time Test certificate validation time
1182  * @v store Test certificate store
1183  * @v root Test root certificate list
1184  * @v file Test code file
1185  * @v line Test code line
1186  */
1187 static void x509_validate_chain_okx ( struct x509_test_chain *chn, time_t time,
1188  struct x509_chain *store,
1189  struct x509_root *root, const char *file,
1190  unsigned int line ) {
1191 
1192  x509_invalidate_chain ( chn->chain );
1193  okx ( x509_validate_chain ( chn->chain, time, store, root ) == 0,
1194  file, line );
1195  okx ( x509_is_valid ( chn->certs[0]->cert, root ),
1196  file, line );
1197  okx ( ! x509_is_valid ( chn->certs[0]->cert, &dummy_root ),
1198  file, line );
1199 }
1200 #define x509_validate_chain_ok( chn, time, store, root ) \
1201  x509_validate_chain_okx ( chn, time, store, root, __FILE__, __LINE__ )
1202 
1203 /**
1204  * Report certificate chain validation failure test result
1205  *
1206  * @v chn Test certificate chain
1207  * @v time Test certificate validation time
1208  * @v store Test certificate store
1209  * @v root Test root certificate list
1210  * @v file Test code file
1211  * @v line Test code line
1212  */
1213 static void x509_validate_chain_fail_okx ( struct x509_test_chain *chn,
1214  time_t time,
1215  struct x509_chain *store,
1216  struct x509_root *root,
1217  const char *file,
1218  unsigned int line ) {
1219 
1220  x509_invalidate_chain ( chn->chain );
1221  okx ( x509_validate_chain ( chn->chain, time, store, root ) != 0,
1222  file, line );
1223 }
1224 #define x509_validate_chain_fail_ok( chn, time, store, root ) \
1225  x509_validate_chain_fail_okx ( chn, time, store, root, \
1226  __FILE__, __LINE__ )
1227 
1228 /**
1229  * Perform X.509 self-tests
1230  *
1231  */
1232 static void x509_test_exec ( void ) {
1233  struct x509_link *link;
1234 
1235  /* Parse all certificates */
1236  x509_certificate_ok ( &root_crt );
1237  x509_certificate_ok ( &intermediate_crt );
1238  x509_certificate_ok ( &leaf_crt );
1239  x509_certificate_ok ( &useless_crt );
1240  x509_certificate_ok ( &server_crt );
1241  x509_certificate_ok ( &not_ca_crt );
1242  x509_certificate_ok ( &bad_path_len_crt );
1243  x509_certificate_ok ( &ecintermediate_crt );
1244  x509_certificate_ok ( &ecleaf_crt );
1245  x509_certificate_ok ( &ecserver_crt );
1246 
1247  /* Check cache functionality */
1248  x509_cached_ok ( &root_crt );
1249  x509_cached_ok ( &intermediate_crt );
1250  x509_cached_ok ( &leaf_crt );
1251  x509_cached_ok ( &useless_crt );
1252  x509_cached_ok ( &server_crt );
1253  x509_cached_ok ( &not_ca_crt );
1254  x509_cached_ok ( &bad_path_len_crt );
1255  x509_cached_ok ( &ecintermediate_crt );
1256  x509_cached_ok ( &ecleaf_crt );
1257  x509_cached_ok ( &ecserver_crt );
1258 
1259  /* Check all certificate fingerprints */
1260  x509_fingerprint_ok ( &root_crt );
1261  x509_fingerprint_ok ( &intermediate_crt );
1262  x509_fingerprint_ok ( &leaf_crt );
1263  x509_fingerprint_ok ( &useless_crt );
1264  x509_fingerprint_ok ( &server_crt );
1265  x509_fingerprint_ok ( &not_ca_crt );
1266  x509_fingerprint_ok ( &bad_path_len_crt );
1267  x509_fingerprint_ok ( &ecintermediate_crt );
1268  x509_fingerprint_ok ( &ecleaf_crt );
1269  x509_fingerprint_ok ( &ecserver_crt );
1270 
1271  /* Check pairwise issuing */
1272  x509_check_issuer_ok ( &intermediate_crt, &root_crt );
1273  x509_check_issuer_ok ( &leaf_crt, &intermediate_crt );
1274  x509_check_issuer_ok ( &useless_crt, &leaf_crt );
1275  x509_check_issuer_ok ( &server_crt, &leaf_crt );
1276  x509_check_issuer_fail_ok ( &not_ca_crt, &server_crt );
1277  x509_check_issuer_ok ( &bad_path_len_crt, &useless_crt );
1278  x509_check_issuer_ok ( &ecintermediate_crt, &root_crt );
1279  x509_check_issuer_ok ( &ecleaf_crt, &ecintermediate_crt );
1280  x509_check_issuer_ok ( &ecserver_crt, &ecleaf_crt );
1281 
1282  /* Check root certificate stores */
1283  x509_check_root_ok ( &root_crt, &test_root );
1284  x509_check_root_fail_ok ( &intermediate_crt, &test_root );
1285  x509_check_root_ok ( &intermediate_crt, &intermediate_root );
1286  x509_check_root_fail_ok ( &root_crt, &intermediate_root );
1287  x509_check_root_fail_ok ( &root_crt, &dummy_root );
1288 
1289  /* Check certificate validity periods */
1290  x509_check_time_ok ( &server_crt, test_time );
1291  x509_check_time_fail_ok ( &server_crt, test_expired );
1292  x509_check_time_ok ( &root_crt, test_time );
1293  x509_check_time_ok ( &root_crt, test_expired );
1294  x509_check_time_fail_ok ( &root_crt, test_ca_expired );
1295 
1296  /* Check certificate names */
1297  x509_check_name_ok ( &server_crt, "boot.test.ipxe.org" );
1298  x509_check_name_ok ( &server_crt, "demo.test.ipxe.org" );
1299  x509_check_name_ok ( &server_crt, "demo.test.iPXE.org" );
1300  x509_check_name_fail_ok ( &server_crt, "incorrect.test.ipxe.org" );
1301  x509_check_name_ok ( &server_crt, "anything.alt.test.ipxe.org" );
1302  x509_check_name_ok ( &server_crt, "wildcard.alt.test.ipxe.org" );
1303  x509_check_name_fail_ok ( &server_crt, "sub.domain.alt.test.ipxe.org" );
1304  x509_check_name_fail_ok ( &server_crt, "alt.test.ipxe.org" );
1305  x509_check_name_fail_ok ( &server_crt, "test.ipxe.org" );
1306  x509_check_name_fail_ok ( &server_crt, "ipxe.org" );
1307  x509_check_name_fail_ok ( &server_crt, "org" );
1308  x509_check_name_fail_ok ( &server_crt, "" );
1309  x509_check_name_ok ( &server_crt, "192.168.0.1" );
1310  x509_check_name_fail_ok ( &server_crt, "192.168.0.2" );
1311  x509_check_name_ok ( &server_crt, "fe80::69ff:fe50:5845" );
1312  x509_check_name_ok ( &server_crt, "FE80:0:0:0:0:69FF:FE50:5845" );
1313  x509_check_name_fail_ok ( &server_crt, "fe80::69ff:fe50:5846" );
1314 
1315  /* Parse all certificate chains */
1316  x509_chain_ok ( &server_chain );
1317  x509_chain_ok ( &broken_server_chain );
1318  x509_chain_ok ( &incomplete_server_chain );
1319  x509_chain_ok ( &not_ca_chain );
1320  x509_chain_ok ( &useless_chain );
1321  x509_chain_ok ( &bad_path_len_chain );
1322  x509_chain_ok ( &ecserver_chain );
1323  x509_chain_ok ( &broken_ecserver_chain );
1324 
1325  /* Check certificate chains */
1326  x509_validate_chain_ok ( &server_chain, test_time,
1327  &empty_store, &test_root );
1328  x509_validate_chain_ok ( &server_chain, test_time,
1329  &empty_store, &intermediate_root );
1330  x509_validate_chain_fail_ok ( &server_chain, test_time,
1331  &empty_store, &dummy_root );
1332  x509_validate_chain_fail_ok ( &broken_server_chain, test_time,
1333  &empty_store, &test_root );
1334  x509_validate_chain_fail_ok ( &incomplete_server_chain, test_time,
1335  &empty_store, &test_root );
1336  x509_validate_chain_ok ( &incomplete_server_chain, test_time,
1337  &empty_store, &intermediate_root );
1338  x509_validate_chain_fail_ok ( &not_ca_chain, test_time,
1339  &empty_store, &test_root );
1340  x509_validate_chain_ok ( &useless_chain, test_time,
1341  &empty_store, &test_root );
1342  x509_validate_chain_fail_ok ( &bad_path_len_chain, test_time,
1343  &empty_store, &test_root );
1344  x509_validate_chain_ok ( &ecserver_chain, ectest_time, &empty_store,
1345  &test_root );
1346  x509_validate_chain_fail_ok ( &broken_ecserver_chain, ectest_time,
1347  &empty_store, &test_root );
1348 
1349  /* Check certificate chain expiry times */
1350  x509_validate_chain_fail_ok ( &server_chain, test_expired,
1351  &empty_store, &test_root );
1352  x509_validate_chain_ok ( &useless_chain, test_expired,
1353  &empty_store, &test_root );
1354  x509_validate_chain_fail_ok ( &useless_chain, test_ca_expired,
1355  &empty_store, &test_root );
1356 
1357  /* Check chain truncation */
1358  link = list_last_entry ( &server_chain.chain->links,
1359  struct x509_link, list );
1360  ok ( link->cert == root_crt.cert );
1361  link = list_prev_entry ( link, &server_chain.chain->links, list );
1362  ok ( link->cert == intermediate_crt.cert );
1363  x509_validate_chain_ok ( &server_chain, test_time,
1364  &empty_store, &test_root );
1365  x509_truncate ( server_chain.chain, link );
1366  x509_validate_chain_fail_ok ( &server_chain, test_time,
1367  &empty_store, &test_root );
1368 
1369  /* Check self-signedess */
1370  ok ( x509_is_self_signed ( root_crt.cert ) );
1371  ok ( ! x509_is_self_signed ( intermediate_crt.cert ) );
1372 
1373  /* Sanity check */
1374  assert ( list_empty ( &empty_store.links ) );
1375 
1376  /* Drop chain references */
1377  x509_chain_put ( broken_ecserver_chain.chain );
1378  x509_chain_put ( ecserver_chain.chain );
1379  x509_chain_put ( bad_path_len_chain.chain );
1380  x509_chain_put ( useless_chain.chain );
1381  x509_chain_put ( not_ca_chain.chain );
1382  x509_chain_put ( incomplete_server_chain.chain );
1383  x509_chain_put ( broken_server_chain.chain );
1384  x509_chain_put ( server_chain.chain );
1385 
1386  /* Drop certificate references */
1387  x509_put ( ecserver_crt.cert );
1388  x509_put ( ecintermediate_crt.cert );
1389  x509_put ( ecleaf_crt.cert );
1390  x509_put ( bad_path_len_crt.cert );
1391  x509_put ( not_ca_crt.cert );
1392  x509_put ( server_crt.cert );
1393  x509_put ( useless_crt.cert );
1394  x509_put ( leaf_crt.cert );
1395  x509_put ( intermediate_crt.cert );
1396  x509_put ( root_crt.cert );
1397 }
1398 
1399 /** X.509 self-test */
1400 struct self_test x509_test __self_test = {
1401  .name = "x509",
1402  .exec = x509_test_exec,
1403 };
1404 
1405 /* Drag in algorithms required for tests */
1406 REQUIRING_SYMBOL ( x509_test );
1407 REQUIRE_OBJECT ( rsa_sha1 );
1408 REQUIRE_OBJECT ( rsa_sha256 );
1409 REQUIRE_OBJECT ( ecdsa_sha256 );
1410 REQUIRE_OBJECT ( oid_p256 );
1411 REQUIRE_OBJECT ( ipv4 );
1412 REQUIRE_OBJECT ( ipv6 );
test_ca_expired
static time_t test_ca_expired
Time at which CA test certificates are invalid.
Definition: x509_test.c:959
test_expired
static time_t test_expired
Time at which end-entity test certificates are invalid.
Definition: x509_test.c:956
x509_chain_put
static void x509_chain_put(struct x509_chain *chain)
Drop reference to X.509 certificate chain.
Definition: x509.h:299
x509_check_name_okx
static void x509_check_name_okx(struct x509_test_certificate *crt, const char *name, const char *file, unsigned int line)
Report certificate name validation test result.
Definition: x509_test.c:1124
x509_check_issuer_ok
#define x509_check_issuer_ok(crt, issuer)
Definition: x509_test.c:1027
name
const char * name
Definition: ath9k_hw.c:1984
intermediate_root
static struct x509_root intermediate_root
Root certificate list containing the iPXE self-test intermediate CA.
Definition: x509_test.c:927
x509_check_name_fail_okx
static void x509_check_name_fail_okx(struct x509_test_certificate *crt, const char *name, const char *file, unsigned int line)
Report certificate name validation failure test result.
Definition: x509_test.c:1141
x509_check_root_okx
static void x509_check_root_okx(struct x509_test_certificate *crt, struct x509_root *root, const char *file, unsigned int line)
Report certificate root validation test result.
Definition: x509_test.c:1056
x509_certificate_ok
#define x509_certificate_ok(crt)
Definition: x509_test.c:974
CERTIFICATE
#define CERTIFICATE(name, DATA, FINGERPRINT)
Define a test certificate.
Definition: x509_test.c:77
dummy_fingerprint
static uint8_t dummy_fingerprint[]
Dummy fingerprint (not matching any certificates)
Definition: x509_test.c:935
x509_test_certificate::len
size_t len
Length of data.
Definition: x509_test.c:51
x509_validate_chain_ok
#define x509_validate_chain_ok(chn, time, store, root)
Definition: x509_test.c:1200
x509_test_certificate::cert
struct x509_certificate * cert
Parsed certificate.
Definition: x509_test.c:56
x509_check_root_ok
#define x509_check_root_ok(crt, root)
Definition: x509_test.c:1062
root
struct stp_switch root
Root switch.
Definition: stp.h:26
x509_chain::links
struct list_head links
List of links.
Definition: x509.h:204
x509_root::refcnt
struct refcnt refcnt
Reference count.
Definition: x509.h:376
first
uint32_t first
First block in range.
Definition: pccrr.h:14
errno.h
Error codes.
__self_test
struct self_test x509_test __self_test
X.509 self-test.
Definition: x509_test.c:1400
x509_test_algorithm
#define x509_test_algorithm
Fingerprint algorithm used for X.509 test certificates.
Definition: x509_test.c:44
x509_check_name
int x509_check_name(struct x509_certificate *cert, const char *name)
Check X.509 certificate name.
Definition: x509.c:1563
x509_link::list
struct list_head list
List of links.
Definition: x509.h:172
x509_certificate::issuer
struct x509_issuer issuer
Issuer.
Definition: x509.h:240
FILE_LICENCE
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
REQUIRE_OBJECT
REQUIRE_OBJECT(rsa_sha1)
x509_append
int x509_append(struct x509_chain *chain, struct x509_certificate *cert)
Append X.509 certificate to X.509 certificate chain.
Definition: x509.c:1637
x509_alloc_chain
struct x509_chain * x509_alloc_chain(void)
Allocate X.509 certificate chain.
Definition: x509.c:1614
test.h
Self-test infrastructure.
self_test::name
const char * name
Test set name.
Definition: test.h:17
x509_fingerprint_okx
static void x509_fingerprint_okx(struct x509_test_certificate *crt, const char *file, unsigned int line)
Report certificate fingerprint test result.
Definition: x509_test.c:1002
x509_truncate
void x509_truncate(struct x509_chain *chain, struct x509_link *link)
Truncate X.509 certificate chain.
Definition: x509.c:1703
x509_is_valid
int x509_is_valid(struct x509_certificate *cert, struct x509_root *root)
Check if X.509 certificate is valid.
Definition: x509.c:1312
x509_test_chain::chain
struct x509_chain * chain
Parsed certificate chain.
Definition: x509_test.c:67
ectest_time
static time_t ectest_time
Time at which all ECDSA test certificates are valid.
Definition: x509_test.c:953
self_test
A self-test set.
Definition: test.h:15
list_last_entry
#define list_last_entry(list, type, member)
Get the container of the last entry in a list.
Definition: list.h:346
x509_validate_chain_fail_ok
#define x509_validate_chain_fail_ok(chn, time, store, root)
Definition: x509_test.c:1224
x509_check_issuer_fail_ok
#define x509_check_issuer_fail_ok(crt, issuer)
Definition: x509_test.c:1045
CHAIN
#define CHAIN(name,...)
Define a test certificate chain.
Definition: x509_test.c:87
list_empty
#define list_empty(list)
Test whether a list is empty.
Definition: list.h:136
x509_is_self_signed
static int x509_is_self_signed(struct x509_certificate *cert)
Check if X.509 certificate is self-signed.
Definition: x509.h:413
x509_chain
An X.509 certificate chain.
Definition: x509.h:200
x509_check_time_okx
static void x509_check_time_okx(struct x509_test_certificate *crt, time_t time, const char *file, unsigned int line)
Report certificate time validation test result.
Definition: x509_test.c:1090
okx
#define okx(success, file, line)
Report test result.
Definition: test.h:44
x509_test_chain::count
unsigned int count
Number of certificates.
Definition: x509_test.c:64
assert
assert((readw(&hdr->flags) &(GTF_reading|GTF_writing))==0)
x509_check_issuer_fail_okx
static void x509_check_issuer_fail_okx(struct x509_test_certificate *crt, struct x509_test_certificate *issuer, const char *file, unsigned int line)
Report certificate issuer validation failure test result.
Definition: x509_test.c:1038
asn1.h
ASN.1 encoding.
test_root
static struct x509_root test_root
Root certificate list containing the iPXE self-test root CA.
Definition: x509_test.c:919
dummy_root
static struct x509_root dummy_root
Certificate store containing a dummy fingerprint.
Definition: x509_test.c:942
link
u32 link
Link to next descriptor.
Definition: ar9003_mac.h:68
x509_chain_okx
static void x509_chain_okx(struct x509_test_chain *chn, const char *file, unsigned int line)
Report certificate chain parsing test result.
Definition: x509_test.c:1157
x509_validate_chain
int x509_validate_chain(struct x509_chain *chain, time_t time, struct x509_chain *store, struct x509_root *root)
Validate X.509 certificate chain.
Definition: x509.c:1907
x509_check_root
int x509_check_root(struct x509_certificate *cert, struct x509_root *root)
Check X.509 root certificate.
Definition: x509.c:1254
x509_link
A link in an X.509 certificate chain.
Definition: x509.h:170
x509_certificate
An X.509 certificate.
Definition: x509.h:215
list_prev_entry
#define list_prev_entry(pos, head, member)
Get the container of the previous entry in a list.
Definition: list.h:373
x509_certificate_okx
static void x509_certificate_okx(struct x509_test_certificate *crt, const char *file, unsigned int line)
Report certificate parsing test result.
Definition: x509_test.c:968
x509_fingerprint_ok
#define x509_fingerprint_ok(crt)
Definition: x509_test.c:1010
x509_test_exec
static void x509_test_exec(void)
Perform X.509 self-tests.
Definition: x509_test.c:1232
uint8_t
unsigned char uint8_t
Definition: stdint.h:10
root_crt_fingerprint
static uint8_t root_crt_fingerprint[]
iPXE self-test root CA certificate
Definition: cms_test.c:1604
x509.h
X.509 certificates.
x509_cached_okx
static void x509_cached_okx(struct x509_test_certificate *crt, const char *file, unsigned int line)
Report cached certificate parsing test result.
Definition: x509_test.c:984
x509_fingerprint
void x509_fingerprint(struct x509_certificate *cert, struct digest_algorithm *digest, void *fingerprint)
Calculate X.509 certificate fingerprint.
Definition: x509.c:1236
x509_check_name_fail_ok
#define x509_check_name_fail_ok(crt, name)
Definition: x509_test.c:1147
x509_test_chain
An X.509 test certificate chain.
Definition: x509_test.c:60
DATA
#define DATA(...)
Define inline certificate data.
Definition: x509_test.c:71
x509_root
An X.509 root certificate list.
Definition: x509.h:374
x509_test_certificate::fingerprint
const void * fingerprint
Fingerprint.
Definition: x509_test.c:53
x509_test_chain::certs
struct x509_test_certificate ** certs
Test certificates.
Definition: x509_test.c:62
x509_put
static void x509_put(struct x509_certificate *cert)
Drop reference to X.509 certificate.
Definition: x509.h:277
x509_first
static struct x509_certificate * x509_first(struct x509_chain *chain)
Get first certificate in X.509 certificate chain.
Definition: x509.h:310
FINGERPRINT
#define FINGERPRINT(...)
Define inline fingerprint data.
Definition: x509_test.c:74
x509_check_issuer
int x509_check_issuer(struct x509_certificate *cert, struct x509_certificate *issuer)
Check X.509 certificate against issuer certificate.
Definition: x509.c:1176
x509_check_time_ok
#define x509_check_time_ok(crt, time)
Definition: x509_test.c:1096
x509_certificate::store
struct x509_link store
Link in certificate store.
Definition: x509.h:220
REF_INIT
#define REF_INIT(free_fn)
Initialise a static reference counter.
Definition: refcnt.h:77
x509_invalidate_chain
static void x509_invalidate_chain(struct x509_chain *chain)
Invalidate X.509 certificate chain.
Definition: x509.h:483
x509_check_root_fail_ok
#define x509_check_root_fail_ok(crt, root)
Definition: x509_test.c:1079
x509_check_time_fail_ok
#define x509_check_time_fail_ok(crt, time)
Definition: x509_test.c:1113
x509_check_issuer_okx
static void x509_check_issuer_okx(struct x509_test_certificate *crt, struct x509_test_certificate *issuer, const char *file, unsigned int line)
Report certificate issuer validation test result.
Definition: x509_test.c:1021
x509_validate_chain_fail_okx
static void x509_validate_chain_fail_okx(struct x509_test_chain *chn, time_t time, struct x509_chain *store, struct x509_root *root, const char *file, unsigned int line)
Report certificate chain validation failure test result.
Definition: x509_test.c:1213
LIST_HEAD_INIT
#define LIST_HEAD_INIT(list)
Initialise a static list head.
Definition: list.h:30
x509_validate_chain_okx
static void x509_validate_chain_okx(struct x509_test_chain *chn, time_t time, struct x509_chain *store, struct x509_root *root, const char *file, unsigned int line)
Report certificate chain validation test result.
Definition: x509_test.c:1187
time_t
int64_t time_t
Seconds since the Epoch.
Definition: time.h:18
x509_cached_ok
#define x509_cached_ok(crt)
Definition: x509_test.c:993
REQUIRING_SYMBOL
REQUIRING_SYMBOL(x509_test)
test_time
static time_t test_time
Time at which all test certificates are valid.
Definition: x509_test.c:950
ok
#define ok(success)
Definition: test.h:46
x509_check_name_ok
#define x509_check_name_ok(crt, name)
Definition: x509_test.c:1130
x509_check_time_fail_okx
static void x509_check_time_fail_okx(struct x509_test_certificate *crt, time_t time, const char *file, unsigned int line)
Report certificate time validation failure test result.
Definition: x509_test.c:1107
memcmp
int memcmp(const void *first, const void *second, size_t len)
Compare memory regions.
Definition: string.c:114
sha256.h
SHA-256 algorithm.
empty_store
static struct x509_chain empty_store
Empty certificate store.
Definition: x509_test.c:913
ref_no_free
void ref_no_free(struct refcnt *refcnt __unused)
Do not free reference-counted object.
Definition: refcnt.c:101
NULL
#define NULL
NULL pointer (VOID *)
Definition: Base.h:321
string.h
String functions.
x509_check_time
int x509_check_time(struct x509_certificate *cert, time_t time)
Check X.509 certificate validity period.
Definition: x509.c:1286
x509_chain::refcnt
struct refcnt refcnt
Reference count.
Definition: x509.h:202
x509_test_certificate::data
const void * data
Data.
Definition: x509_test.c:49
x509_test_certificate
An X.509 test certificate.
Definition: x509_test.c:47
x509_check_root_fail_okx
static void x509_check_root_fail_okx(struct x509_test_certificate *crt, struct x509_root *root, const char *file, unsigned int line)
Report certificate root validation failure test result.
Definition: x509_test.c:1073
x509_chain_ok
#define x509_chain_ok(chn)
Definition: x509_test.c:1174
Generated by   doxygen 1.8.15