iPXE
x509_test.c
Go to the documentation of this file.
1/*
2 * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License as
6 * published by the Free Software Foundation; either version 2 of the
7 * License, or any later version.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17 * 02110-1301, USA.
18 *
19 * You can also choose to distribute this program under the terms of
20 * the Unmodified Binary Distribution Licence (as given in the file
21 * COPYING.UBDL), provided that you have satisfied its requirements.
22 */
23
24FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25
26/** @file
27 *
28 * X.509 self-tests
29 *
30 */
31
32/* Forcibly enable assertions */
33#undef NDEBUG
34
35#include <stdint.h>
36#include <string.h>
37#include <errno.h>
38#include <ipxe/x509.h>
39#include <ipxe/asn1.h>
40#include <ipxe/sha256.h>
41#include <ipxe/test.h>
42
43/** Fingerprint algorithm used for X.509 test certificates */
44#define x509_test_algorithm sha256_algorithm
45
46/** An X.509 test certificate */
47struct x509_test_certificate {
48 /** Data */
49 const void *data;
50 /** Length of data */
51 size_t len;
52 /** Fingerprint */
53 const void *fingerprint;
54
55 /** Parsed certificate */
56 struct x509_certificate *cert;
57};
58
59/** An X.509 test certificate chain */
60struct x509_test_chain {
61 /** Test certificates */
62 struct x509_test_certificate **certs;
63 /** Number of certificates */
64 unsigned int count;
65
66 /** Parsed certificate chain */
67 struct x509_chain *chain;
68};
69
70/** Define inline certificate data */
71#define DATA(...) { __VA_ARGS__ }
72
73/** Define inline fingerprint data */
74#define FINGERPRINT(...) { __VA_ARGS__ }
75
76/** Define a test certificate */
77#define CERTIFICATE( name, DATA, FINGERPRINT ) \
78 static const uint8_t name ## _data[] = DATA; \
79 static const uint8_t name ## _fingerprint[] = FINGERPRINT; \
80 static struct x509_test_certificate name = { \
81 .data = name ## _data, \
82 .len = sizeof ( name ## _data ), \
83 .fingerprint = name ## _fingerprint, \
84 }
85
86/** Define a test certificate chain */
87#define CHAIN( name, ... ) \
88 static struct x509_test_certificate * name ## _certs[] = \
89 { __VA_ARGS__ }; \
90 static struct x509_test_chain name = { \
91 .certs = name ## _certs, \
92 .count = ( sizeof ( name ## _certs ) / \
93 sizeof ( name ## _certs[0] ) ), \
94 }
95
96/*
97 * subject iPXE self-test root CA
98 * issuer iPXE self-test root CA
99 */
100CERTIFICATE ( root_crt,
101 DATA ( 0x30, 0x82, 0x02, 0xb3, 0x30, 0x82, 0x02, 0x1c, 0xa0, 0x03,
102 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xc6, 0xb8, 0x9c, 0x58,
103 0xd2, 0xdc, 0xc9, 0x5d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
104 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30,
105 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
106 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30, 0x15, 0x06,
107 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d, 0x62,
108 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69, 0x72, 0x65,
109 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c,
110 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65,
111 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
112 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74, 0x65,
113 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30, 0x0f,
114 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70, 0x78,
115 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06,
116 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50, 0x58, 0x45,
117 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65, 0x73, 0x74,
118 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e,
119 0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32, 0x32, 0x30, 0x30,
120 0x30, 0x31, 0x33, 0x33, 0x5a, 0x17, 0x0d, 0x33, 0x39, 0x30,
121 0x38, 0x30, 0x38, 0x30, 0x30, 0x30, 0x31, 0x33, 0x33, 0x5a,
122 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
123 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30, 0x15,
124 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d,
125 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69, 0x72,
126 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07,
127 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67,
128 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a,
129 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74,
130 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30,
131 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70,
132 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30, 0x1d,
133 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50, 0x58,
134 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65, 0x73,
135 0x74, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x30,
136 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
137 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d,
138 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xaa, 0x72,
139 0xb5, 0xc1, 0x73, 0xf4, 0x95, 0x76, 0xa4, 0x27, 0xab, 0x5e,
140 0xeb, 0x1d, 0x9d, 0xd0, 0x04, 0xb2, 0x93, 0x05, 0xc7, 0xfa,
141 0x75, 0x84, 0x66, 0xe6, 0x3a, 0x26, 0x1f, 0xbc, 0x2d, 0xfd,
142 0x8f, 0x59, 0x64, 0xac, 0xcf, 0x65, 0x9d, 0x82, 0x23, 0xc3,
143 0x72, 0x93, 0xf2, 0x40, 0x68, 0x32, 0xd1, 0xb8, 0xf1, 0x47,
144 0x61, 0x50, 0xea, 0xbc, 0xcc, 0x3c, 0x6b, 0x74, 0x7a, 0xec,
145 0x2b, 0x75, 0xa6, 0xc2, 0xa2, 0xb8, 0xbf, 0x23, 0x48, 0x97,
146 0xd5, 0xaf, 0x77, 0xc1, 0x92, 0x88, 0xd7, 0x38, 0xb7, 0x9e,
147 0xda, 0xee, 0x72, 0x04, 0xcb, 0x96, 0xe5, 0xdb, 0xfd, 0x9b,
148 0x5d, 0x99, 0x4e, 0x7a, 0x60, 0x23, 0x34, 0xa4, 0x8d, 0xd7,
149 0x6c, 0xe7, 0x5d, 0x93, 0x97, 0xe1, 0xab, 0x36, 0x2c, 0x24,
150 0x16, 0x92, 0x66, 0xf6, 0x6a, 0x14, 0x23, 0x1d, 0x18, 0xb9,
151 0x44, 0x24, 0x61, 0x6b, 0xd3, 0x75, 0x02, 0x03, 0x01, 0x00,
152 0x01, 0xa3, 0x23, 0x30, 0x21, 0x30, 0x0f, 0x06, 0x03, 0x55,
153 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01,
154 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01,
155 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x0d,
156 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
157 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x94, 0x9e, 0xea,
158 0x17, 0x8d, 0x27, 0xa9, 0x17, 0xe5, 0xa9, 0x19, 0xbe, 0x82,
159 0x36, 0xbd, 0xac, 0x74, 0xf3, 0x6e, 0x75, 0x71, 0x30, 0x1c,
160 0x05, 0x80, 0x6d, 0x1a, 0x69, 0x37, 0x86, 0x9c, 0x77, 0x75,
161 0x29, 0xa1, 0xc6, 0xb7, 0x11, 0x0a, 0x63, 0x27, 0xee, 0xb1,
162 0xc8, 0x94, 0xa9, 0x2e, 0x56, 0x8f, 0xca, 0x9d, 0xbe, 0xf4,
163 0xdb, 0x63, 0x97, 0x68, 0x3b, 0x13, 0xf8, 0x6a, 0xa5, 0xd1,
164 0x3d, 0xed, 0xbb, 0x86, 0x9d, 0x42, 0xfc, 0x15, 0x0a, 0x04,
165 0xf8, 0x3c, 0x0e, 0xc4, 0x86, 0x05, 0x57, 0x56, 0x96, 0xf6,
166 0xc0, 0x18, 0x53, 0xb0, 0xc5, 0xf0, 0xca, 0x72, 0x77, 0x77,
167 0xc9, 0x8e, 0x90, 0xa5, 0x4b, 0xb6, 0x80, 0x4a, 0x4c, 0x34,
168 0x6f, 0xc9, 0xe8, 0x6f, 0xc2, 0x28, 0xdf, 0x93, 0xa9, 0xf5,
169 0x63, 0x18, 0xc0, 0xec, 0x9e, 0xd5, 0x19, 0x36, 0xc5, 0x94,
170 0x10, 0xd4, 0x72, 0xd2, 0xb8 ),
171 FINGERPRINT ( 0x71, 0x5d, 0x51, 0x37, 0x5e, 0x18, 0xb3, 0xbc,
172 0xbb, 0x30, 0x0e, 0x8f, 0x50, 0xc7, 0x55, 0xf5,
173 0x96, 0xe7, 0xa8, 0x6d, 0x63, 0x2d, 0x32, 0x38,
174 0xaf, 0x00, 0xc4, 0x1a, 0xfc, 0xd8, 0xac, 0xc3 ) );
175
176/*
177 * subject iPXE self-test intermediate CA
178 * issuer iPXE self-test root CA
179 */
180CERTIFICATE ( intermediate_crt,
181 DATA ( 0x30, 0x82, 0x02, 0xb3, 0x30, 0x82, 0x02, 0x1c, 0xa0, 0x03,
182 0x02, 0x01, 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09,
183 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,
184 0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
185 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30,
186 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61,
187 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69,
188 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
189 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
190 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
191 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73,
192 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
193 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69,
194 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30,
195 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50,
196 0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65,
197 0x73, 0x74, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41,
198 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32, 0x32,
199 0x30, 0x30, 0x30, 0x31, 0x33, 0x33, 0x5a, 0x17, 0x0d, 0x31,
200 0x34, 0x31, 0x32, 0x31, 0x37, 0x30, 0x30, 0x30, 0x31, 0x33,
201 0x33, 0x5a, 0x30, 0x81, 0x90, 0x31, 0x0b, 0x30, 0x09, 0x06,
202 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17,
203 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43,
204 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68,
205 0x69, 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
206 0x04, 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69,
207 0x64, 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
208 0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79,
209 0x73, 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31,
210 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08,
211 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x27,
212 0x30, 0x25, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1e, 0x69,
213 0x50, 0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74,
214 0x65, 0x73, 0x74, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d,
215 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x43, 0x41, 0x30,
216 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
217 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d,
218 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xc9, 0x3a,
219 0xee, 0xc6, 0x3c, 0xac, 0x4d, 0x81, 0xc6, 0x98, 0x5e, 0xe1,
220 0x48, 0x66, 0x1a, 0x1e, 0x60, 0x19, 0x41, 0xae, 0xca, 0x14,
221 0x97, 0xc8, 0x3a, 0x50, 0xb6, 0x48, 0xf5, 0x42, 0xac, 0x0f,
222 0xe1, 0xe3, 0x47, 0xf0, 0xbf, 0x7c, 0xd0, 0xee, 0x8f, 0xb7,
223 0xa6, 0x19, 0xad, 0xbb, 0xc5, 0x1b, 0x34, 0x38, 0xc8, 0xbd,
224 0x55, 0x84, 0x93, 0x72, 0xaf, 0x84, 0xfc, 0x9b, 0x97, 0x1d,
225 0xb5, 0x54, 0x24, 0xd6, 0x5d, 0xb7, 0x31, 0xf4, 0xbd, 0x3b,
226 0x40, 0x97, 0xc0, 0xa9, 0x5a, 0x2a, 0xcb, 0x6b, 0x98, 0x07,
227 0xdb, 0xb5, 0x9f, 0xe8, 0x31, 0x3f, 0x01, 0x46, 0x46, 0x70,
228 0x05, 0xa2, 0x0f, 0x8c, 0x7a, 0x61, 0xf3, 0xdf, 0xdb, 0xa1,
229 0x37, 0x2c, 0x88, 0x6a, 0x81, 0x21, 0x12, 0x4c, 0xf5, 0xcd,
230 0xaf, 0xc9, 0xd2, 0x36, 0x3d, 0x82, 0xd1, 0xca, 0x19, 0xaf,
231 0x4e, 0xae, 0x50, 0x71, 0x44, 0xbf, 0x02, 0x03, 0x01, 0x00,
232 0x01, 0xa3, 0x23, 0x30, 0x21, 0x30, 0x0f, 0x06, 0x03, 0x55,
233 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01,
234 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01,
235 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x0d,
236 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
237 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x5d, 0x3c, 0xb3,
238 0x52, 0x19, 0xa6, 0x9e, 0x4a, 0x44, 0x98, 0xbf, 0x51, 0x20,
239 0x47, 0x0a, 0xf3, 0x26, 0x1a, 0xcc, 0x35, 0x2f, 0xc9, 0xed,
240 0xe0, 0x9d, 0x46, 0xeb, 0xbc, 0x7e, 0xc9, 0xb9, 0x1d, 0x76,
241 0xa4, 0x1d, 0xc2, 0xd9, 0x16, 0x29, 0x77, 0x01, 0x40, 0xdd,
242 0xe5, 0xcb, 0x28, 0x91, 0x3a, 0x0c, 0x13, 0x01, 0x1b, 0x72,
243 0x62, 0x45, 0x27, 0xfd, 0xd7, 0x00, 0x47, 0x36, 0x09, 0x1e,
244 0x7b, 0xd2, 0xcb, 0x95, 0x3d, 0x28, 0x82, 0xce, 0x83, 0x59,
245 0x32, 0xf9, 0xe6, 0xec, 0x89, 0xac, 0x88, 0x45, 0x22, 0x88,
246 0x6f, 0x5e, 0xa2, 0x79, 0x95, 0xba, 0xb9, 0xc9, 0xb6, 0x4c,
247 0x7c, 0xb4, 0x29, 0xa1, 0x02, 0xf5, 0xac, 0x5d, 0x8e, 0x52,
248 0xeb, 0xe8, 0xb1, 0x56, 0x49, 0xb3, 0x77, 0x62, 0x7d, 0x87,
249 0x4d, 0x17, 0xf2, 0x62, 0x83, 0x08, 0x59, 0x21, 0x60, 0x0d,
250 0x84, 0x8e, 0x5a, 0x84, 0xf6 ),
251 FINGERPRINT ( 0x88, 0x70, 0xbf, 0xf0, 0xd6, 0x09, 0x03, 0x3a,
252 0xe1, 0x80, 0xa7, 0xa5, 0x5c, 0x3e, 0xe1, 0x05,
253 0x38, 0x97, 0xde, 0xe1, 0xe9, 0x74, 0x55, 0xb1,
254 0x1e, 0x59, 0x69, 0x44, 0x42, 0x1b, 0xc8, 0xff ) );
255
256/*
257 * subject iPXE self-test leaf CA
258 * issuer iPXE self-test intermediate CA
259 */
260CERTIFICATE ( leaf_crt,
261 DATA ( 0x30, 0x82, 0x02, 0xb6, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03,
262 0x02, 0x01, 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09,
263 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,
264 0x00, 0x30, 0x81, 0x90, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
265 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30,
266 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61,
267 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69,
268 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
269 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
270 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
271 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73,
272 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
273 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69,
274 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x27, 0x30,
275 0x25, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1e, 0x69, 0x50,
276 0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65,
277 0x73, 0x74, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65,
278 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x43, 0x41, 0x30, 0x1e,
279 0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32, 0x32, 0x30, 0x30,
280 0x30, 0x31, 0x33, 0x33, 0x5a, 0x17, 0x0d, 0x31, 0x34, 0x31,
281 0x32, 0x31, 0x37, 0x30, 0x30, 0x30, 0x31, 0x33, 0x33, 0x5a,
282 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
283 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30, 0x15,
284 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d,
285 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69, 0x72,
286 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07,
287 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67,
288 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a,
289 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74,
290 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30,
291 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70,
292 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30, 0x1d,
293 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50, 0x58,
294 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65, 0x73,
295 0x74, 0x20, 0x6c, 0x65, 0x61, 0x66, 0x20, 0x43, 0x41, 0x30,
296 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
297 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d,
298 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xc3, 0x55,
299 0xad, 0xdf, 0x7b, 0xd1, 0x48, 0xc3, 0xd3, 0x02, 0x54, 0x6c,
300 0x92, 0x45, 0x22, 0x3d, 0x90, 0xd8, 0xc7, 0x13, 0xcd, 0xc1,
301 0x59, 0xc6, 0xe0, 0xad, 0x0e, 0xe6, 0xdb, 0x3b, 0xe8, 0x63,
302 0xea, 0x4e, 0xb6, 0xea, 0x50, 0xea, 0x6e, 0x33, 0x9d, 0x28,
303 0x25, 0x42, 0x49, 0xd0, 0xf0, 0xed, 0xc5, 0x5b, 0x6b, 0x4a,
304 0xe7, 0x45, 0xfa, 0xd3, 0x3f, 0xae, 0xde, 0x5a, 0x90, 0xab,
305 0xf1, 0x61, 0x2f, 0x40, 0x5e, 0xcf, 0x8b, 0x0b, 0x10, 0x59,
306 0xa9, 0xd0, 0x1e, 0x0f, 0x18, 0x6b, 0x92, 0xd8, 0x9f, 0x58,
307 0x10, 0x84, 0xb6, 0x15, 0xe8, 0x5b, 0xc4, 0xa0, 0x3e, 0x49,
308 0x8b, 0xea, 0xdd, 0xa9, 0x7e, 0x32, 0x26, 0x9a, 0x68, 0x44,
309 0xf0, 0x30, 0xca, 0x2a, 0xd6, 0x19, 0x7a, 0x80, 0xfd, 0xd7,
310 0xfc, 0xc7, 0x5d, 0xe7, 0x61, 0xd2, 0x3f, 0x1f, 0x2c, 0x40,
311 0x70, 0x7b, 0x34, 0xcb, 0x08, 0xa9, 0x02, 0x03, 0x01, 0x00,
312 0x01, 0xa3, 0x26, 0x30, 0x24, 0x30, 0x12, 0x06, 0x03, 0x55,
313 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01,
314 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55,
315 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02,
316 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
317 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00,
318 0x40, 0xd2, 0x70, 0x02, 0x08, 0x19, 0xa0, 0xb8, 0x8d, 0x9d,
319 0x3d, 0x62, 0x41, 0x90, 0x2a, 0x36, 0x4a, 0x8b, 0x21, 0x42,
320 0x9a, 0xb4, 0xc5, 0xf8, 0x79, 0x17, 0xd7, 0x64, 0x4d, 0xbf,
321 0x8f, 0x6a, 0x04, 0x54, 0x7a, 0x0b, 0xd4, 0xb5, 0x0e, 0xab,
322 0xf7, 0xb7, 0x06, 0x2b, 0xf8, 0xde, 0x87, 0xb2, 0x37, 0x3b,
323 0x95, 0x01, 0xba, 0x9f, 0x8f, 0xec, 0x0a, 0x86, 0xca, 0x51,
324 0xb6, 0x25, 0x73, 0x2f, 0xa1, 0x66, 0xc8, 0x7a, 0x5e, 0x51,
325 0xbd, 0x49, 0xb5, 0x75, 0xda, 0xea, 0xe5, 0xeb, 0x5d, 0xe3,
326 0xb0, 0xad, 0x49, 0x9f, 0x8b, 0xfd, 0x89, 0xb3, 0xb7, 0xb2,
327 0x4c, 0x7d, 0x8a, 0x29, 0xb2, 0xbe, 0x04, 0xef, 0x9c, 0x73,
328 0x3c, 0xea, 0xa3, 0x9f, 0x07, 0x66, 0x5a, 0x2f, 0x38, 0xad,
329 0x1a, 0xeb, 0xe1, 0xb0, 0x62, 0x14, 0x55, 0xdc, 0x8c, 0x83,
330 0xbb, 0xc7, 0x13, 0x04, 0x41, 0x54, 0xf1, 0x45 ),
331 FINGERPRINT ( 0xca, 0xcf, 0xea, 0x98, 0x3d, 0x71, 0xb6, 0x9d,
332 0x4f, 0x5b, 0x84, 0x5e, 0xaa, 0x8e, 0xae, 0x63,
333 0x0e, 0xad, 0x52, 0xe8, 0xc7, 0x51, 0x81, 0x07,
334 0xd1, 0xa1, 0x66, 0xdb, 0xd5, 0x62, 0xe1, 0xe6 ) );
335
336/*
337 * subject iPXE self-test useless CA
338 * issuer iPXE self-test leaf CA
339 */
340CERTIFICATE ( useless_crt,
341 DATA ( 0x30, 0x82, 0x02, 0xae, 0x30, 0x82, 0x02, 0x17, 0xa0, 0x03,
342 0x02, 0x01, 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09,
343 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,
344 0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
345 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30,
346 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61,
347 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69,
348 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
349 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
350 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
351 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73,
352 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
353 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69,
354 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30,
355 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50,
356 0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65,
357 0x73, 0x74, 0x20, 0x6c, 0x65, 0x61, 0x66, 0x20, 0x43, 0x41,
358 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32, 0x32,
359 0x30, 0x30, 0x30, 0x31, 0x33, 0x34, 0x5a, 0x17, 0x0d, 0x31,
360 0x34, 0x31, 0x32, 0x31, 0x37, 0x30, 0x30, 0x30, 0x31, 0x33,
361 0x34, 0x5a, 0x30, 0x81, 0x8b, 0x31, 0x0b, 0x30, 0x09, 0x06,
362 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17,
363 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43,
364 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68,
365 0x69, 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
366 0x04, 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69,
367 0x64, 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
368 0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79,
369 0x73, 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31,
370 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08,
371 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22,
372 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x19, 0x69,
373 0x50, 0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74,
374 0x65, 0x73, 0x74, 0x20, 0x75, 0x73, 0x65, 0x6c, 0x65, 0x73,
375 0x73, 0x20, 0x43, 0x41, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06,
376 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
377 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
378 0x81, 0x81, 0x00, 0xbe, 0x7f, 0x5a, 0x07, 0x7c, 0x61, 0xc2,
379 0x3a, 0x7e, 0xe3, 0x94, 0xcb, 0xe9, 0xc3, 0x4c, 0x6f, 0x8d,
380 0x5c, 0x4a, 0xf0, 0xc2, 0x13, 0x54, 0x09, 0x39, 0xa8, 0xf9,
381 0xc2, 0xc3, 0xdd, 0xbe, 0x42, 0x99, 0xa6, 0xe1, 0x58, 0x0a,
382 0xd5, 0x89, 0x12, 0xa6, 0xd6, 0x4e, 0xfb, 0x6c, 0xe5, 0xab,
383 0xff, 0x40, 0x52, 0xcc, 0x1e, 0x63, 0x10, 0xd7, 0xfe, 0x49,
384 0xf3, 0x86, 0x29, 0x58, 0x6a, 0x90, 0xe4, 0xe2, 0x56, 0x85,
385 0x14, 0x7d, 0xa5, 0xf8, 0xe0, 0x7e, 0x96, 0x88, 0xd9, 0x23,
386 0xe5, 0x44, 0x72, 0xa9, 0x5a, 0xbb, 0x76, 0x6b, 0x59, 0x3e,
387 0x85, 0xd4, 0xe7, 0xb2, 0x31, 0x32, 0xea, 0x40, 0x1f, 0xce,
388 0xfb, 0xb1, 0x91, 0xee, 0x86, 0x91, 0x3e, 0xa4, 0x86, 0xa4,
389 0xe9, 0x74, 0xd7, 0x14, 0x8c, 0xb6, 0xb4, 0xc0, 0x08, 0xbb,
390 0xc8, 0x38, 0xc3, 0x96, 0x3d, 0x85, 0xcf, 0xef, 0x94, 0x52,
391 0x29, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x23, 0x30, 0x21,
392 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
393 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06,
394 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03,
395 0x02, 0x02, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
396 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81,
397 0x81, 0x00, 0x50, 0x59, 0xfb, 0x9d, 0x4d, 0xfe, 0x0e, 0x5b,
398 0xc4, 0x51, 0xe9, 0xe8, 0xa4, 0xf5, 0x2f, 0x32, 0x8b, 0x06,
399 0x78, 0xbe, 0xf1, 0x18, 0xc5, 0x6f, 0xd9, 0x20, 0xee, 0xb7,
400 0x51, 0x40, 0xaf, 0xf3, 0x3c, 0xe4, 0x74, 0x00, 0xa4, 0x63,
401 0x3b, 0x37, 0xe1, 0xef, 0x80, 0xdc, 0xd5, 0x90, 0xed, 0xba,
402 0x91, 0x86, 0x7f, 0x97, 0x5d, 0x3e, 0x8f, 0x29, 0xcc, 0x57,
403 0xee, 0x79, 0x15, 0x6b, 0xe3, 0xd1, 0x25, 0x14, 0x24, 0xdf,
404 0xbf, 0x38, 0xee, 0xe3, 0x8a, 0x88, 0x19, 0x0f, 0xc8, 0x10,
405 0xae, 0x27, 0x99, 0xa8, 0x35, 0x47, 0xc9, 0xfb, 0x92, 0x47,
406 0xa2, 0x36, 0x2a, 0x8c, 0x26, 0x12, 0xb1, 0x0d, 0x46, 0xe2,
407 0xdc, 0x33, 0x29, 0x0c, 0x32, 0xcf, 0x22, 0x49, 0xde, 0xc3,
408 0x55, 0x2a, 0xba, 0xdd, 0xe3, 0x98, 0xc0, 0xe4, 0x9a, 0xa2,
409 0xe5, 0x43, 0x04, 0x32, 0xd3, 0x50, 0x7d, 0x9c, 0x71, 0x23 ),
410 FINGERPRINT ( 0xda, 0xbf, 0xd3, 0x5e, 0x2e, 0x29, 0xa9, 0xfd,
411 0x4d, 0x40, 0xba, 0xb8, 0xdd, 0x66, 0x93, 0x4c,
412 0x10, 0xea, 0x5b, 0x07, 0xa6, 0xe2, 0x27, 0x63,
413 0x2e, 0xfe, 0x01, 0x63, 0x7c, 0xea, 0xc6, 0xd0 ) );
414
415/*
416 * subject boot.test.ipxe.org
417 * issuer iPXE self-test leaf CA
418 */
419CERTIFICATE ( server_crt,
420 DATA ( 0x30, 0x82, 0x02, 0xd2, 0x30, 0x82, 0x02, 0x3b, 0xa0, 0x03,
421 0x02, 0x01, 0x02, 0x02, 0x01, 0x1e, 0x30, 0x0d, 0x06, 0x09,
422 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,
423 0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
424 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30,
425 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61,
426 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69,
427 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
428 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
429 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
430 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73,
431 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
432 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69,
433 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30,
434 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50,
435 0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65,
436 0x73, 0x74, 0x20, 0x6c, 0x65, 0x61, 0x66, 0x20, 0x43, 0x41,
437 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x30, 0x35,
438 0x31, 0x33, 0x34, 0x35, 0x30, 0x35, 0x5a, 0x17, 0x0d, 0x31,
439 0x33, 0x30, 0x33, 0x30, 0x35, 0x31, 0x33, 0x34, 0x35, 0x30,
440 0x35, 0x5a, 0x30, 0x81, 0x84, 0x31, 0x0b, 0x30, 0x09, 0x06,
441 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17,
442 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43,
443 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68,
444 0x69, 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
445 0x04, 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69,
446 0x64, 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
447 0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79,
448 0x73, 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31,
449 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08,
450 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1b,
451 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x12, 0x62,
452 0x6f, 0x6f, 0x74, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x69,
453 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x81, 0x9f,
454 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
455 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30,
456 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xac, 0x7b, 0x54, 0xc1,
457 0x97, 0x4d, 0x56, 0xbd, 0xb2, 0x52, 0xb3, 0x5c, 0x1b, 0x28,
458 0xae, 0x91, 0x33, 0xf0, 0xc8, 0xc2, 0x3c, 0x7d, 0xe8, 0x95,
459 0x72, 0xaf, 0xfe, 0xa1, 0x68, 0xe1, 0xbd, 0xe2, 0x9d, 0x4c,
460 0xe8, 0x95, 0x56, 0x94, 0xce, 0x47, 0x57, 0x1b, 0xb1, 0x08,
461 0xa1, 0x5b, 0x02, 0x8f, 0x56, 0x75, 0x1e, 0x4f, 0xfd, 0xc5,
462 0x87, 0x5c, 0x1c, 0x3f, 0xab, 0x4f, 0xba, 0x25, 0x14, 0x6d,
463 0xe3, 0xa2, 0x47, 0x33, 0xd0, 0x78, 0x63, 0xcc, 0x11, 0x37,
464 0x08, 0x73, 0x25, 0x42, 0x20, 0xa9, 0x57, 0x29, 0xeb, 0x44,
465 0x80, 0x0d, 0xe6, 0x76, 0x4b, 0x02, 0x8b, 0x67, 0xb2, 0x99,
466 0xfe, 0xb3, 0x44, 0x62, 0xdf, 0x34, 0x0e, 0xf3, 0xe2, 0x17,
467 0x42, 0x8f, 0x36, 0x42, 0x5a, 0x1c, 0x03, 0x3e, 0x06, 0x0d,
468 0x5e, 0x08, 0x52, 0xd1, 0x06, 0xfb, 0xa9, 0xdb, 0x13, 0x15,
469 0x08, 0x6d, 0x03, 0x85, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3,
470 0x4e, 0x30, 0x4c, 0x30, 0x4a, 0x06, 0x03, 0x55, 0x1d, 0x11,
471 0x04, 0x43, 0x30, 0x41, 0x82, 0x12, 0x64, 0x65, 0x6d, 0x6f,
472 0x2e, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x69, 0x70, 0x78, 0x65,
473 0x2e, 0x6f, 0x72, 0x67, 0x82, 0x13, 0x2a, 0x2e, 0x61, 0x6c,
474 0x74, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x69, 0x70, 0x78,
475 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x87, 0x04, 0xc0, 0xa8, 0x00,
476 0x01, 0x87, 0x10, 0xfe, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
477 0x00, 0x00, 0x00, 0x69, 0xff, 0xfe, 0x50, 0x58, 0x45, 0x30,
478 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
479 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x63, 0x83,
480 0xf5, 0xde, 0xf7, 0x59, 0x81, 0xd3, 0x34, 0x61, 0xfd, 0x2c,
481 0x0c, 0xec, 0x1c, 0x25, 0xd2, 0x2c, 0xe8, 0x90, 0x4f, 0x34,
482 0x43, 0x2c, 0x86, 0x18, 0x9e, 0x66, 0x26, 0x0d, 0x02, 0x2a,
483 0xea, 0x28, 0xc6, 0xbb, 0x51, 0x02, 0xbe, 0x8f, 0x51, 0x50,
484 0xc7, 0x04, 0x49, 0x97, 0xb9, 0xd4, 0xa5, 0x74, 0x39, 0xaa,
485 0x22, 0xbb, 0x4e, 0x46, 0x57, 0x15, 0x0e, 0xcf, 0x64, 0x60,
486 0xc8, 0x13, 0xdf, 0x82, 0x09, 0x3b, 0x92, 0xf5, 0x69, 0x80,
487 0xd2, 0x5e, 0x53, 0x9d, 0x3a, 0xcd, 0x9e, 0x81, 0xa1, 0xbd,
488 0x5b, 0x66, 0x89, 0x4d, 0xf7, 0xa4, 0xd6, 0x92, 0xe4, 0xe1,
489 0x80, 0x87, 0xfa, 0xa5, 0x47, 0x25, 0x9c, 0x35, 0x77, 0xa5,
490 0x11, 0x1b, 0x48, 0x4c, 0x5e, 0x5e, 0x2f, 0xc7, 0xf8, 0x78,
491 0x4c, 0x36, 0x41, 0xfb, 0x91, 0x5d, 0xf6, 0x43, 0x99, 0x7c,
492 0xcd, 0x7f, 0x27, 0x4c, 0x75, 0xca ),
493 FINGERPRINT ( 0x82, 0xd3, 0xa0, 0x4c, 0x0d, 0x7d, 0x3c, 0xb1,
494 0x90, 0x63, 0xd8, 0xef, 0x1e, 0xd2, 0xdd, 0x10,
495 0xd5, 0x89, 0x40, 0x35, 0xb9, 0x5e, 0x98, 0x44,
496 0x30, 0xa2, 0x48, 0x9a, 0xb8, 0x2f, 0xcf, 0xe3 ) );
497
498/*
499 * subject not.a.ca.test.ipxe.org
500 * issuer boot.test.ipxe.org
501 */
502CERTIFICATE ( not_ca_crt,
503 DATA ( 0x30, 0x82, 0x02, 0x7d, 0x30, 0x82, 0x01, 0xe6, 0x02, 0x01,
504 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
505 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, 0x84, 0x31,
506 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
507 0x47, 0x42, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04,
508 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
509 0x67, 0x65, 0x73, 0x68, 0x69, 0x72, 0x65, 0x31, 0x12, 0x30,
510 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09, 0x43, 0x61,
511 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x31, 0x18, 0x30,
512 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65,
513 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x73, 0x20,
514 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55,
515 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f,
516 0x72, 0x67, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04,
517 0x03, 0x0c, 0x12, 0x62, 0x6f, 0x6f, 0x74, 0x2e, 0x74, 0x65,
518 0x73, 0x74, 0x2e, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72,
519 0x67, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32,
520 0x32, 0x30, 0x30, 0x30, 0x31, 0x33, 0x34, 0x5a, 0x17, 0x0d,
521 0x31, 0x33, 0x30, 0x33, 0x32, 0x32, 0x30, 0x30, 0x30, 0x31,
522 0x33, 0x34, 0x5a, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09,
523 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31,
524 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e,
525 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73,
526 0x68, 0x69, 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03,
527 0x55, 0x04, 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72,
528 0x69, 0x64, 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
529 0x55, 0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53,
530 0x79, 0x73, 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64,
531 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
532 0x08, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31,
533 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16,
534 0x6e, 0x6f, 0x74, 0x2e, 0x61, 0x2e, 0x63, 0x61, 0x2e, 0x74,
535 0x65, 0x73, 0x74, 0x2e, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f,
536 0x72, 0x67, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a,
537 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00,
538 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81,
539 0x00, 0xc3, 0x5b, 0x6d, 0xb3, 0x8d, 0x74, 0x9c, 0x1d, 0xbd,
540 0x94, 0x41, 0xa2, 0x42, 0x96, 0x3c, 0x41, 0x82, 0xc0, 0xf1,
541 0x95, 0xbf, 0xc5, 0x34, 0x92, 0x92, 0xa3, 0xed, 0xed, 0x5c,
542 0x07, 0xaa, 0xb4, 0xc1, 0x66, 0xbb, 0xa6, 0xd1, 0xd9, 0x78,
543 0x93, 0xf1, 0x9c, 0x3e, 0x13, 0x3a, 0xee, 0x74, 0x31, 0xeb,
544 0x55, 0x86, 0xa5, 0x43, 0x8a, 0x5d, 0x0c, 0x2c, 0x0d, 0xfb,
545 0x91, 0x9e, 0x31, 0x22, 0xbe, 0x96, 0xb5, 0x0e, 0x44, 0xc8,
546 0x5b, 0x65, 0xb2, 0xf5, 0xec, 0x2a, 0x51, 0xed, 0x8f, 0x28,
547 0xd8, 0xb2, 0x4b, 0x45, 0x39, 0x31, 0x1f, 0x11, 0xb7, 0x12,
548 0xe3, 0xc6, 0xb2, 0xd2, 0x8d, 0x50, 0xd5, 0xf4, 0xd2, 0x71,
549 0x77, 0xc9, 0x4c, 0x67, 0xee, 0xf7, 0xdc, 0xdb, 0x68, 0xa6,
550 0xac, 0x33, 0xd4, 0xb2, 0x12, 0x61, 0x5c, 0xae, 0x4c, 0x2e,
551 0x26, 0xe8, 0xdf, 0x46, 0x3a, 0x05, 0xaf, 0xeb, 0x0d, 0x02,
552 0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
553 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03,
554 0x81, 0x81, 0x00, 0x90, 0x3e, 0x16, 0x27, 0x2f, 0x4e, 0x4b,
555 0x31, 0x0e, 0xae, 0x31, 0x9d, 0x64, 0x88, 0x9f, 0xce, 0xd8,
556 0x22, 0x51, 0x9d, 0xd9, 0x2b, 0xfe, 0xed, 0x75, 0xbe, 0xec,
557 0x5a, 0x73, 0xaf, 0x6c, 0xa5, 0x5e, 0xd1, 0x15, 0x9a, 0x08,
558 0xcf, 0x4d, 0x41, 0x78, 0x48, 0xb4, 0x29, 0xf1, 0xf7, 0x63,
559 0x9b, 0x11, 0x91, 0x16, 0x94, 0x55, 0xff, 0xeb, 0xe9, 0x6f,
560 0x0a, 0x34, 0x89, 0xed, 0xf2, 0xd1, 0x79, 0x91, 0x9d, 0xe5,
561 0x73, 0x48, 0x68, 0x7f, 0x9b, 0xf4, 0x94, 0x80, 0x29, 0xbb,
562 0x2f, 0xac, 0x6c, 0xf7, 0x6a, 0x43, 0xcc, 0x40, 0x34, 0x85,
563 0xc8, 0xa1, 0x6d, 0x16, 0x36, 0x65, 0x3f, 0x93, 0x60, 0xc1,
564 0x64, 0x33, 0x91, 0xa1, 0x8f, 0x86, 0x8c, 0xce, 0x14, 0x19,
565 0x72, 0x28, 0xef, 0x94, 0x3d, 0x09, 0xb8, 0x3b, 0x39, 0xe8,
566 0xd1, 0x66, 0x2b, 0x38, 0xb4, 0x46, 0x50, 0xf4, 0xcd, 0xc4,
567 0x9a ),
568 FINGERPRINT ( 0x37, 0x6b, 0xc2, 0x20, 0xa9, 0xbc, 0xe2, 0x83,
569 0x99, 0x60, 0x06, 0x2e, 0xaf, 0x94, 0xfe, 0xb0,
570 0x1a, 0x2c, 0x17, 0x47, 0x1e, 0xc0, 0xd1, 0x66,
571 0xb6, 0x76, 0xeb, 0x1c, 0x07, 0xae, 0x72, 0xf2 ) );
572
573/*
574 * subject bad.path.len.test.ipxe.org
575 * issuer iPXE self-test useless CA
576 */
577CERTIFICATE ( bad_path_len_crt,
578 DATA ( 0x30, 0x82, 0x02, 0x88, 0x30, 0x82, 0x01, 0xf1, 0x02, 0x01,
579 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
580 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, 0x8b, 0x31,
581 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
582 0x47, 0x42, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04,
583 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
584 0x67, 0x65, 0x73, 0x68, 0x69, 0x72, 0x65, 0x31, 0x12, 0x30,
585 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09, 0x43, 0x61,
586 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x31, 0x18, 0x30,
587 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65,
588 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x73, 0x20,
589 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55,
590 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f,
591 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04,
592 0x03, 0x0c, 0x19, 0x69, 0x50, 0x58, 0x45, 0x20, 0x73, 0x65,
593 0x6c, 0x66, 0x2d, 0x74, 0x65, 0x73, 0x74, 0x20, 0x75, 0x73,
594 0x65, 0x6c, 0x65, 0x73, 0x73, 0x20, 0x43, 0x41, 0x30, 0x1e,
595 0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32, 0x32, 0x30, 0x30,
596 0x30, 0x31, 0x33, 0x34, 0x5a, 0x17, 0x0d, 0x31, 0x33, 0x30,
597 0x33, 0x32, 0x32, 0x30, 0x30, 0x30, 0x31, 0x33, 0x34, 0x5a,
598 0x30, 0x81, 0x8c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
599 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30, 0x15,
600 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d,
601 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69, 0x72,
602 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07,
603 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67,
604 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a,
605 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74,
606 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30,
607 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70,
608 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x23, 0x30, 0x21,
609 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1a, 0x62, 0x61, 0x64,
610 0x2e, 0x70, 0x61, 0x74, 0x68, 0x2e, 0x6c, 0x65, 0x6e, 0x2e,
611 0x74, 0x65, 0x73, 0x74, 0x2e, 0x69, 0x70, 0x78, 0x65, 0x2e,
612 0x6f, 0x72, 0x67, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09,
613 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
614 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81,
615 0x81, 0x00, 0xed, 0xf1, 0xe3, 0xb2, 0x61, 0x68, 0xa0, 0xd5,
616 0x43, 0xfe, 0xad, 0xee, 0xfb, 0x8e, 0x2c, 0xf0, 0x44, 0xaf,
617 0x0a, 0x3c, 0x87, 0xc2, 0x56, 0x9b, 0x66, 0x15, 0xc6, 0xbc,
618 0x5b, 0x96, 0xef, 0xa1, 0x49, 0xd6, 0xe7, 0xeb, 0xb8, 0xf6,
619 0x3d, 0x62, 0xf5, 0x51, 0xfd, 0xb1, 0xa5, 0x4e, 0x92, 0x7c,
620 0x7a, 0x31, 0x1b, 0xb8, 0x21, 0x5c, 0xfe, 0x0b, 0x4e, 0x58,
621 0xd6, 0xd0, 0x8b, 0x81, 0x00, 0x4a, 0xf8, 0xf7, 0x2a, 0xc9,
622 0xea, 0xfa, 0x9c, 0xc9, 0x33, 0x0b, 0xc4, 0xce, 0x96, 0x4c,
623 0x30, 0x6e, 0xf0, 0x07, 0xfa, 0x1b, 0x94, 0x1f, 0xe3, 0x3b,
624 0xb2, 0x7d, 0x31, 0x1a, 0x37, 0x64, 0xe2, 0xc3, 0xf1, 0xe5,
625 0xb9, 0xcc, 0xd1, 0x02, 0xae, 0x16, 0x39, 0x9b, 0xfc, 0x55,
626 0xca, 0xdd, 0x33, 0x92, 0xe3, 0x12, 0x40, 0xc5, 0x32, 0x51,
627 0x62, 0xac, 0x3a, 0xc0, 0x17, 0x36, 0xd0, 0x27, 0x3d, 0xbb,
628 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a,
629 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00,
630 0x03, 0x81, 0x81, 0x00, 0x07, 0x53, 0x2a, 0x80, 0xd6, 0x25,
631 0x10, 0x37, 0xce, 0x3b, 0x87, 0x87, 0xfc, 0xae, 0xe2, 0x2a,
632 0x28, 0x3f, 0xf7, 0xa6, 0x32, 0x5b, 0x06, 0xbd, 0x4f, 0x34,
633 0x6b, 0x47, 0x8a, 0x4b, 0x47, 0x51, 0xe8, 0x45, 0x69, 0xe3,
634 0xf3, 0xdf, 0xa4, 0x25, 0x8f, 0x34, 0xbe, 0xe5, 0x2c, 0xa4,
635 0x6c, 0x8c, 0x6e, 0x02, 0x74, 0x23, 0x43, 0x21, 0x4d, 0xe3,
636 0x75, 0x93, 0x8e, 0xa8, 0x2c, 0x54, 0xba, 0x35, 0xe7, 0xab,
637 0x44, 0xfa, 0x07, 0x7a, 0x18, 0xb4, 0xa7, 0xce, 0xfa, 0xa6,
638 0x74, 0x5a, 0x45, 0x2c, 0x6f, 0x86, 0x34, 0x8f, 0x4a, 0x09,
639 0xe0, 0xf3, 0x4f, 0x37, 0xbb, 0xa3, 0xa0, 0xcb, 0xad, 0x6b,
640 0xc1, 0x16, 0x06, 0xdf, 0x83, 0x98, 0xaf, 0xa8, 0xc3, 0xa0,
641 0x5f, 0x33, 0x09, 0x01, 0x12, 0xbd, 0xd3, 0x45, 0x9f, 0x5f,
642 0x96, 0x93, 0xe9, 0x69, 0xe9, 0xb1, 0x8a, 0xe4, 0x94, 0xce,
643 0xe4, 0x8d ),
644 FINGERPRINT ( 0xb6, 0x80, 0x84, 0xf1, 0x45, 0x55, 0x1f, 0xbc,
645 0x15, 0xa6, 0xd8, 0x4b, 0xf3, 0x19, 0x65, 0xef,
646 0x53, 0x5a, 0xc8, 0x99, 0xe5, 0xdf, 0x79, 0x07,
647 0x00, 0x2c, 0x9f, 0x49, 0x91, 0x21, 0xeb, 0xfc ) );
648
649/*
650 * subject iPXE self-test EC intermediate CA
651 * issuer iPXE self-test root CA
652 */
653CERTIFICATE ( ecintermediate_crt,
654 DATA ( 0x30, 0x82, 0x03, 0x3a, 0x30, 0x82, 0x02, 0xa3, 0xa0, 0x03,
655 0x02, 0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09,
656 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
657 0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
658 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30,
659 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61,
660 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69,
661 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
662 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
663 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
664 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73,
665 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
666 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69,
667 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30,
668 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50,
669 0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65,
670 0x73, 0x74, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41,
671 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x35, 0x31, 0x32, 0x31, 0x39,
672 0x31, 0x34, 0x33, 0x32, 0x35, 0x39, 0x5a, 0x17, 0x0d, 0x32,
673 0x38, 0x30, 0x39, 0x31, 0x34, 0x31, 0x34, 0x33, 0x32, 0x35,
674 0x39, 0x5a, 0x30, 0x81, 0x93, 0x31, 0x0b, 0x30, 0x09, 0x06,
675 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17,
676 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43,
677 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68,
678 0x69, 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
679 0x04, 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69,
680 0x64, 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
681 0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79,
682 0x73, 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31,
683 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08,
684 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x2a,
685 0x30, 0x28, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x21, 0x69,
686 0x50, 0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74,
687 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x69, 0x6e, 0x74,
688 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20,
689 0x43, 0x41, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
690 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48,
691 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xf8,
692 0xb9, 0xac, 0x83, 0x58, 0xf1, 0xa9, 0x6f, 0x85, 0x22, 0xf7,
693 0x04, 0x8d, 0x52, 0xff, 0xef, 0x85, 0xd1, 0x43, 0xfa, 0xdb,
694 0x1a, 0xa1, 0x8d, 0x8b, 0x40, 0x6f, 0x85, 0x2f, 0x38, 0x4c,
695 0x19, 0x79, 0xe0, 0x6a, 0x52, 0x1f, 0x6c, 0x78, 0x3e, 0x2e,
696 0x06, 0x40, 0x35, 0x8b, 0x93, 0xe8, 0xe1, 0xef, 0x37, 0x93,
697 0xe6, 0x70, 0x37, 0xf3, 0x12, 0x05, 0x82, 0x46, 0xdd, 0xf2,
698 0x8a, 0x26, 0x70, 0xa3, 0x81, 0xed, 0x30, 0x81, 0xea, 0x30,
699 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04,
700 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03,
701 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02,
702 0x02, 0x04, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04,
703 0x16, 0x04, 0x14, 0x15, 0x30, 0x20, 0x14, 0x09, 0xba, 0x24,
704 0x27, 0x38, 0x39, 0x28, 0xc9, 0x02, 0x62, 0x4e, 0x76, 0x79,
705 0x91, 0x89, 0x9b, 0x30, 0x81, 0xa7, 0x06, 0x03, 0x55, 0x1d,
706 0x23, 0x04, 0x81, 0x9f, 0x30, 0x81, 0x9c, 0xa1, 0x81, 0x8e,
707 0xa4, 0x81, 0x8b, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09,
708 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31,
709 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e,
710 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73,
711 0x68, 0x69, 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03,
712 0x55, 0x04, 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72,
713 0x69, 0x64, 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
714 0x55, 0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53,
715 0x79, 0x73, 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64,
716 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
717 0x08, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31,
718 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16,
719 0x69, 0x50, 0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d,
720 0x74, 0x65, 0x73, 0x74, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20,
721 0x43, 0x41, 0x82, 0x09, 0x00, 0xc6, 0xb8, 0x9c, 0x58, 0xd2,
722 0xdc, 0xc9, 0x5d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
723 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x81,
724 0x81, 0x00, 0x19, 0x30, 0x56, 0x0d, 0x5d, 0x6c, 0x4d, 0x7c,
725 0x68, 0x47, 0x59, 0xf1, 0xde, 0xd6, 0x6b, 0xdc, 0xa4, 0x43,
726 0x01, 0x1b, 0xff, 0xb3, 0xfc, 0x78, 0xda, 0x31, 0xe0, 0x36,
727 0xd8, 0x0c, 0x5d, 0x4e, 0xb7, 0x33, 0xd2, 0xb3, 0x2c, 0x41,
728 0xb0, 0xc6, 0x8a, 0xba, 0x64, 0xe8, 0x85, 0x46, 0x81, 0x3a,
729 0x8f, 0xef, 0x17, 0x66, 0x68, 0x91, 0xbd, 0x54, 0xea, 0x03,
730 0xa4, 0xf9, 0x15, 0x47, 0x2a, 0xde, 0xeb, 0xe0, 0x2c, 0xd8,
731 0x49, 0x1a, 0x10, 0xed, 0x72, 0x78, 0x77, 0x94, 0xed, 0xf9,
732 0x68, 0xe6, 0x93, 0x93, 0xb5, 0x99, 0x1b, 0xd7, 0x07, 0x1d,
733 0xe3, 0x94, 0xa6, 0xd3, 0x48, 0xcc, 0x7a, 0x1f, 0x59, 0xba,
734 0x31, 0x23, 0xf9, 0x09, 0xe5, 0x2f, 0xda, 0xea, 0xf3, 0xd8,
735 0xc8, 0xa8, 0x71, 0xb9, 0x69, 0xf3, 0x17, 0x4c, 0xc2, 0xf1,
736 0x67, 0xbb, 0xf5, 0x8c, 0x4e, 0x46, 0x63, 0x58, 0x54, 0x8e ),
737 FINGERPRINT ( 0x21, 0x7b, 0x48, 0x59, 0xf1, 0x5e, 0x8a, 0x75,
738 0xd1, 0xee, 0x60, 0x4a, 0x7d, 0x8f, 0xa8, 0xe2,
739 0x6c, 0x25, 0xc4, 0x05, 0x13, 0x46, 0x65, 0x63,
740 0x0b, 0x8d, 0x46, 0x52, 0x6e, 0x3c, 0x4e, 0x10 ) );
741
742/*
743 * subject iPXE self-test EC leaf CA
744 * issuer iPXE self-test EC intermediate CA
745 */
746CERTIFICATE ( ecleaf_crt,
747 DATA ( 0x30, 0x82, 0x02, 0x74, 0x30, 0x82, 0x02, 0x1b, 0xa0, 0x03,
748 0x02, 0x01, 0x02, 0x02, 0x01, 0x02, 0x30, 0x0a, 0x06, 0x08,
749 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x81,
750 0x93, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
751 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03,
752 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d, 0x62, 0x72,
753 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69, 0x72, 0x65, 0x31,
754 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09,
755 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x31,
756 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0f,
757 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d,
758 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30, 0x0f, 0x06,
759 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70, 0x78, 0x65,
760 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x2a, 0x30, 0x28, 0x06, 0x03,
761 0x55, 0x04, 0x03, 0x0c, 0x21, 0x69, 0x50, 0x58, 0x45, 0x20,
762 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65, 0x73, 0x74, 0x20,
763 0x45, 0x43, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65,
764 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x43, 0x41, 0x30, 0x1e,
765 0x17, 0x0d, 0x32, 0x35, 0x31, 0x32, 0x31, 0x39, 0x31, 0x34,
766 0x33, 0x32, 0x35, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x38, 0x30,
767 0x39, 0x31, 0x34, 0x31, 0x34, 0x33, 0x32, 0x35, 0x39, 0x5a,
768 0x30, 0x81, 0x8b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
769 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30, 0x15,
770 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d,
771 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69, 0x72,
772 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07,
773 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67,
774 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a,
775 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74,
776 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30,
777 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70,
778 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20,
779 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x19, 0x69, 0x50, 0x58,
780 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65, 0x73,
781 0x74, 0x20, 0x45, 0x43, 0x20, 0x6c, 0x65, 0x61, 0x66, 0x20,
782 0x43, 0x41, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
783 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48,
784 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xa4,
785 0x10, 0x14, 0x39, 0xde, 0x28, 0x87, 0x52, 0xb0, 0xe3, 0x87,
786 0x1b, 0x0f, 0xeb, 0xdf, 0x9b, 0x78, 0x47, 0xeb, 0x76, 0xbb,
787 0xf6, 0x6d, 0x26, 0x0e, 0x2b, 0xec, 0xd2, 0x8e, 0x78, 0xac,
788 0x35, 0x44, 0xd7, 0x79, 0x3f, 0x97, 0x01, 0x8e, 0x8f, 0x08,
789 0xcb, 0x87, 0x1e, 0xd2, 0xba, 0x1b, 0x4b, 0xd2, 0x93, 0x99,
790 0x62, 0x05, 0xeb, 0x75, 0x2a, 0x8f, 0xf9, 0xdb, 0x9c, 0xf4,
791 0xbb, 0x60, 0x8d, 0xa3, 0x66, 0x30, 0x64, 0x30, 0x12, 0x06,
792 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30,
793 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06,
794 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03,
795 0x02, 0x02, 0x04, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
796 0x04, 0x16, 0x04, 0x14, 0xbc, 0xca, 0xd5, 0xfb, 0x11, 0x6d,
797 0xf4, 0xa8, 0x43, 0x12, 0x5f, 0x72, 0xe8, 0x28, 0xe1, 0x9a,
798 0xe8, 0xd5, 0xc7, 0x7f, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d,
799 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x15, 0x30, 0x20,
800 0x14, 0x09, 0xba, 0x24, 0x27, 0x38, 0x39, 0x28, 0xc9, 0x02,
801 0x62, 0x4e, 0x76, 0x79, 0x91, 0x89, 0x9b, 0x30, 0x0a, 0x06,
802 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03,
803 0x47, 0x00, 0x30, 0x44, 0x02, 0x20, 0x22, 0x73, 0x07, 0xe2,
804 0x21, 0xaa, 0xc5, 0x0a, 0x88, 0x51, 0xd6, 0x8e, 0x51, 0xf7,
805 0x67, 0x88, 0x6e, 0xe4, 0xe4, 0x14, 0xb7, 0x5b, 0x4d, 0xd1,
806 0xfc, 0x21, 0xc8, 0xd8, 0x94, 0xf6, 0x7e, 0x54, 0x02, 0x20,
807 0x33, 0x2a, 0x0c, 0x58, 0xfd, 0x0f, 0xd5, 0x89, 0x79, 0x60,
808 0x81, 0xeb, 0x23, 0x4f, 0x49, 0x92, 0x09, 0xa5, 0x0f, 0xb6,
809 0xf3, 0x52, 0xa3, 0x2e, 0xf6, 0x37, 0xbf, 0x9f, 0x9d, 0x7a,
810 0xbf, 0x15 ),
811 FINGERPRINT ( 0xe3, 0x46, 0x2e, 0x10, 0x43, 0x1b, 0xca, 0xb8,
812 0x7c, 0x2e, 0xa0, 0xd5, 0x60, 0x09, 0xb6, 0xef,
813 0x5d, 0x62, 0x23, 0xe1, 0xcd, 0xbb, 0x71, 0x28,
814 0xf0, 0x93, 0xd7, 0xf3, 0x6e, 0x1e, 0x71, 0xe5 ) );
815
816/*
817 * subject boot.test.ipxe.org
818 * issuer iPXE self-test EC leaf CA
819 */
820CERTIFICATE ( ecserver_crt,
821 DATA ( 0x30, 0x82, 0x02, 0x43, 0x30, 0x82, 0x01, 0xe8, 0xa0, 0x03,
822 0x02, 0x01, 0x02, 0x02, 0x01, 0x03, 0x30, 0x0a, 0x06, 0x08,
823 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x81,
824 0x8b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
825 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03,
826 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d, 0x62, 0x72,
827 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69, 0x72, 0x65, 0x31,
828 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09,
829 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x31,
830 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0f,
831 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d,
832 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30, 0x0f, 0x06,
833 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70, 0x78, 0x65,
834 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03,
835 0x55, 0x04, 0x03, 0x0c, 0x19, 0x69, 0x50, 0x58, 0x45, 0x20,
836 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65, 0x73, 0x74, 0x20,
837 0x45, 0x43, 0x20, 0x6c, 0x65, 0x61, 0x66, 0x20, 0x43, 0x41,
838 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x35, 0x31, 0x32, 0x31, 0x39,
839 0x31, 0x34, 0x33, 0x32, 0x35, 0x39, 0x5a, 0x17, 0x0d, 0x32,
840 0x36, 0x31, 0x32, 0x31, 0x39, 0x31, 0x34, 0x33, 0x32, 0x35,
841 0x39, 0x5a, 0x30, 0x81, 0x84, 0x31, 0x0b, 0x30, 0x09, 0x06,
842 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17,
843 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43,
844 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68,
845 0x69, 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
846 0x04, 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69,
847 0x64, 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
848 0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79,
849 0x73, 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31,
850 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08,
851 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1b,
852 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x12, 0x62,
853 0x6f, 0x6f, 0x74, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x69,
854 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x59, 0x30,
855 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01,
856 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
857 0x03, 0x42, 0x00, 0x04, 0x81, 0xac, 0xb9, 0xde, 0x2e, 0xf9,
858 0xae, 0x5c, 0x33, 0xba, 0x43, 0x54, 0xeb, 0xc6, 0x08, 0xa1,
859 0xed, 0xf7, 0x6a, 0x78, 0x77, 0x8b, 0x2c, 0x59, 0x61, 0x6d,
860 0x25, 0xaf, 0x2c, 0xe4, 0x3e, 0x22, 0x65, 0x85, 0xa4, 0x9a,
861 0x7f, 0xe3, 0xbe, 0x6c, 0x65, 0xa1, 0x4f, 0x74, 0x60, 0x06,
862 0x8b, 0xf2, 0x5f, 0xe3, 0xdf, 0x8b, 0xc2, 0xb9, 0x67, 0x0e,
863 0xcc, 0x4e, 0x87, 0x53, 0x2e, 0xad, 0x71, 0xbb, 0xa3, 0x42,
864 0x30, 0x40, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04,
865 0x16, 0x04, 0x14, 0x4f, 0xe2, 0x6c, 0x54, 0xd0, 0x6c, 0x66,
866 0x39, 0xb8, 0x2a, 0x3f, 0x30, 0x6e, 0x56, 0x84, 0x3b, 0xb2,
867 0x6b, 0xef, 0x89, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23,
868 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xbc, 0xca, 0xd5, 0xfb,
869 0x11, 0x6d, 0xf4, 0xa8, 0x43, 0x12, 0x5f, 0x72, 0xe8, 0x28,
870 0xe1, 0x9a, 0xe8, 0xd5, 0xc7, 0x7f, 0x30, 0x0a, 0x06, 0x08,
871 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x49,
872 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0x8d, 0x22, 0x2a, 0x92,
873 0xcf, 0x39, 0xc6, 0xbe, 0x01, 0x09, 0x82, 0x75, 0x2b, 0xe2,
874 0xd7, 0xf0, 0x78, 0x2e, 0xde, 0x95, 0x0a, 0xbf, 0xbe, 0x2e,
875 0xb4, 0x17, 0x0f, 0x44, 0x22, 0xa4, 0x27, 0x27, 0x02, 0x21,
876 0x00, 0x80, 0xa8, 0x37, 0xab, 0xd6, 0xf4, 0x38, 0x73, 0xe0,
877 0x48, 0x69, 0x67, 0xbc, 0xbb, 0xfd, 0x3e, 0x2a, 0xb4, 0xe7,
878 0xd0, 0x93, 0xb3, 0xff, 0xc8, 0xd0, 0x9a, 0x8b, 0xc6, 0x06,
879 0xfa, 0xe3, 0x8d ),
880 FINGERPRINT ( 0xcf, 0x32, 0x56, 0xb9, 0x9c, 0x0c, 0x4a, 0xf5,
881 0x92, 0x59, 0x90, 0x11, 0x87, 0x17, 0x85, 0xea,
882 0xc8, 0x8c, 0x5e, 0x13, 0xe2, 0x09, 0xb6, 0xe9,
883 0x15, 0xa8, 0xf5, 0x57, 0x93, 0x47, 0x46, 0xc2 ) );
884
885/** Valid certificate chain up to boot.test.ipxe.org */
886CHAIN ( server_chain, &server_crt, &leaf_crt, &intermediate_crt, &root_crt );
887
888/** Broken certificate chain up to boot.test.ipxe.org */
889CHAIN ( broken_server_chain, &server_crt, &leaf_crt, &root_crt );
890
891/** Incomplete certificate chain up to boot.test.ipxe.org */
892CHAIN ( incomplete_server_chain, &server_crt, &leaf_crt, &intermediate_crt );
893
894/** Non-functional certificate chain up to not_ca.test.ipxe.org */
895CHAIN ( not_ca_chain,
896 &not_ca_crt, &server_crt, &leaf_crt, &intermediate_crt, &root_crt );
897
898/** Valid certificate chain up to iPXE self-test useless CA */
899CHAIN ( useless_chain, &useless_crt, &leaf_crt, &intermediate_crt, &root_crt );
900
901/** Non-functional certificate chain up to bad.path.len.test.ipxe.org */
902CHAIN ( bad_path_len_chain, &bad_path_len_crt, &useless_crt, &leaf_crt,
903 &intermediate_crt, &root_crt );
904
905/** Valid certificate chain up to ECDSA boot.test.ipxe.org */
906CHAIN ( ecserver_chain,
907 &ecserver_crt, &ecleaf_crt, &ecintermediate_crt, &root_crt );
908
909/** Broken certificate chain up to ECDSA boot.test.ipxe.org */
910CHAIN ( broken_ecserver_chain, &ecserver_crt, &ecintermediate_crt, &root_crt );
911
912/** Empty certificate store */
913static struct x509_chain empty_store = {
914 .refcnt = REF_INIT ( ref_no_free ),
915 .links = LIST_HEAD_INIT ( empty_store.links ),
916};
917
918/** Root certificate list containing the iPXE self-test root CA */
919static struct x509_root test_root = {
920 .refcnt = REF_INIT ( ref_no_free ),
921 .digest = &x509_test_algorithm,
922 .count = 1,
923 .fingerprints = root_crt_fingerprint,
924};
925
926/** Root certificate list containing the iPXE self-test intermediate CA */
927static struct x509_root intermediate_root = {
928 .refcnt = REF_INIT ( ref_no_free ),
929 .digest = &x509_test_algorithm,
930 .count = 1,
931 .fingerprints = intermediate_crt_fingerprint,
932};
933
934/** Dummy fingerprint (not matching any certificates) */
935static uint8_t dummy_fingerprint[] =
936 FINGERPRINT ( 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
937 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
938 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
939 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff );
940
941/** Certificate store containing a dummy fingerprint */
942static struct x509_root dummy_root = {
943 .refcnt = REF_INIT ( ref_no_free ),
944 .digest = &x509_test_algorithm,
945 .count = 1,
946 .fingerprints = dummy_fingerprint,
947};
948
949/** Time at which all test certificates are valid */
950static time_t test_time = 1332374737ULL; /* Thu Mar 22 00:05:37 2012 */
951
952/** Time at which all ECDSA test certificates are valid */
953static time_t ectest_time = 1766154603ULL; /* Fri 19 Dec 14:30:03 GMT 2025 */
954
955/** Time at which end-entity test certificates are invalid */
956static time_t test_expired = 1375573111ULL; /* Sat Aug 3 23:38:31 2013 */
957
958/** Time at which CA test certificates are invalid */
959static time_t test_ca_expired = 2205014905ULL; /* Wed Nov 16 00:08:25 2039 */
960
961/**
962 * Report certificate parsing test result
963 *
964 * @v crt Test certificate
965 * @v file Test code file
966 * @v line Test code line
967 */
968static void x509_certificate_okx ( struct x509_test_certificate *crt,
969 const char *file, unsigned int line ) {
970
971 okx ( x509_certificate ( crt->data, crt->len, &crt->cert ) == 0,
972 file, line );
973}
974#define x509_certificate_ok( crt ) \
975 x509_certificate_okx ( crt, __FILE__, __LINE__ )
976
977/**
978 * Report cached certificate parsing test result
979 *
980 * @v crt Test certificate
981 * @v file Test code file
982 * @v line Test code line
983 */
984static void x509_cached_okx ( struct x509_test_certificate *crt,
985 const char *file, unsigned int line ) {
986 struct x509_certificate *temp;
987
988 okx ( x509_certificate ( crt->data, crt->len, &temp ) == 0,
989 file, line );
990 okx ( temp == crt->cert, file, line );
991 x509_put ( temp );
992}
993#define x509_cached_ok( crt ) x509_cached_okx ( crt, __FILE__, __LINE__ )
994
995/**
996 * Report certificate fingerprint test result
997 *
998 * @v crt Test certificate
999 * @v file Test code file
1000 * @v line Test code line
1001 */
1002static void x509_fingerprint_okx ( struct x509_test_certificate *crt,
1003 const char *file, unsigned int line ) {
1004 uint8_t fingerprint[ x509_test_algorithm.digestsize ];
1005
1006 x509_fingerprint ( crt->cert, &x509_test_algorithm, fingerprint );
1007 okx ( memcmp ( fingerprint, crt->fingerprint,
1008 sizeof ( fingerprint ) ) == 0, file, line );
1009}
1010#define x509_fingerprint_ok( crt ) \
1011 x509_fingerprint_okx ( crt, __FILE__, __LINE__ )
1012
1013/**
1014 * Report certificate issuer validation test result
1015 *
1016 * @v crt Test certificate
1017 * @v issuer Test issuer
1018 * @v file Test code file
1019 * @v line Test code line
1020 */
1021static void x509_check_issuer_okx ( struct x509_test_certificate *crt,
1022 struct x509_test_certificate *issuer,
1023 const char *file, unsigned int line ) {
1024
1025 okx ( x509_check_issuer ( crt->cert, issuer->cert ) == 0, file, line );
1026}
1027#define x509_check_issuer_ok( crt, issuer ) \
1028 x509_check_issuer_okx ( crt, issuer, __FILE__, __LINE__ )
1029
1030/**
1031 * Report certificate issuer validation failure test result
1032 *
1033 * @v crt Test certificate
1034 * @v issuer Test issuer
1035 * @v file Test code file
1036 * @v line Test code line
1037 */
1038static void x509_check_issuer_fail_okx ( struct x509_test_certificate *crt,
1039 struct x509_test_certificate *issuer,
1040 const char *file, unsigned int line ) {
1041
1042 okx ( x509_check_issuer ( crt->cert, issuer->cert ) != 0,
1043 file, line );
1044}
1045#define x509_check_issuer_fail_ok( crt, issuer ) \
1046 x509_check_issuer_fail_okx ( crt, issuer, __FILE__, __LINE__ )
1047
1048/**
1049 * Report certificate root validation test result
1050 *
1051 * @v crt Test certificate
1052 * @v root Test root certificate store
1053 * @v file Test code file
1054 * @v line Test code line
1055 */
1056static void x509_check_root_okx ( struct x509_test_certificate *crt,
1057 struct x509_root *root, const char *file,
1058 unsigned int line ) {
1059
1060 okx ( x509_check_root ( crt->cert, root ) == 0, file, line );
1061}
1062#define x509_check_root_ok( crt, root ) \
1063 x509_check_root_okx ( crt, root, __FILE__, __LINE__ )
1064
1065/**
1066 * Report certificate root validation failure test result
1067 *
1068 * @v crt Test certificate
1069 * @v root Test root certificate store
1070 * @v file Test code file
1071 * @v line Test code line
1072 */
1073static void x509_check_root_fail_okx ( struct x509_test_certificate *crt,
1074 struct x509_root *root,
1075 const char *file, unsigned int line ) {
1076
1077 okx ( x509_check_root ( crt->cert, root ) != 0, file, line );
1078}
1079#define x509_check_root_fail_ok( crt, root ) \
1080 x509_check_root_fail_okx ( crt, root, __FILE__, __LINE__ )
1081
1082/**
1083 * Report certificate time validation test result
1084 *
1085 * @v crt Test certificate
1086 * @v time Test time
1087 * @v file Test code file
1088 * @v line Test code line
1089 */
1090static void x509_check_time_okx ( struct x509_test_certificate *crt,
1091 time_t time, const char *file,
1092 unsigned int line ) {
1093
1094 okx ( x509_check_time ( crt->cert, time ) == 0, file, line );
1095}
1096#define x509_check_time_ok( crt, time ) \
1097 x509_check_time_okx ( crt, time, __FILE__, __LINE__ )
1098
1099/**
1100 * Report certificate time validation failure test result
1101 *
1102 * @v crt Test certificate
1103 * @v time Test time
1104 * @v file Test code file
1105 * @v line Test code line
1106 */
1107static void x509_check_time_fail_okx ( struct x509_test_certificate *crt,
1108 time_t time, const char *file,
1109 unsigned int line ) {
1110
1111 okx ( x509_check_time ( crt->cert, time ) != 0, file, line );
1112}
1113#define x509_check_time_fail_ok( crt, time ) \
1114 x509_check_time_fail_okx ( crt, time, __FILE__, __LINE__ )
1115
1116/**
1117 * Report certificate name validation test result
1118 *
1119 * @v crt Test certificate
1120 * @v name Test name
1121 * @v file Test code file
1122 * @v line Test code line
1123 */
1124static void x509_check_name_okx ( struct x509_test_certificate *crt,
1125 const char *name, const char *file,
1126 unsigned int line ) {
1127
1128 okx ( x509_check_name ( crt->cert, name ) == 0, file, line );
1129}
1130#define x509_check_name_ok( crt, name ) \
1131 x509_check_name_okx ( crt, name, __FILE__, __LINE__ )
1132
1133/**
1134 * Report certificate name validation failure test result
1135 *
1136 * @v crt Test certificate
1137 * @v name Test name
1138 * @v file Test code file
1139 * @v line Test code line
1140 */
1141static void x509_check_name_fail_okx ( struct x509_test_certificate *crt,
1142 const char *name, const char *file,
1143 unsigned int line ) {
1144
1145 okx ( x509_check_name ( crt->cert, name ) != 0, file, line );
1146}
1147#define x509_check_name_fail_ok( crt, name ) \
1148 x509_check_name_fail_okx ( crt, name, __FILE__, __LINE__ )
1149
1150/**
1151 * Report certificate chain parsing test result
1152 *
1153 * @v chn Test certificate chain
1154 * @v file Test code file
1155 * @v line Test code line
1156 */
1157static void x509_chain_okx ( struct x509_test_chain *chn, const char *file,
1158 unsigned int line ) {
1159 unsigned int i;
1160 struct x509_certificate *first;
1161
1162 chn->chain = x509_alloc_chain();
1163 okx ( chn->chain != NULL, file, line );
1164 for ( i = 0 ; i < chn->count ; i++ ) {
1165 okx ( x509_append ( chn->chain, chn->certs[i]->cert ) == 0,
1166 file, line );
1167 }
1168 first = x509_first ( chn->chain );
1169 okx ( first != NULL, file, line );
1170 okx ( first->raw.len == chn->certs[0]->len, file, line );
1171 okx ( memcmp ( first->raw.data, chn->certs[0]->data,
1172 first->raw.len ) == 0, file, line );
1173}
1174#define x509_chain_ok( chn ) \
1175 x509_chain_okx ( chn, __FILE__, __LINE__ )
1176
1177/**
1178 * Report certificate chain validation test result
1179 *
1180 * @v chn Test certificate chain
1181 * @v time Test certificate validation time
1182 * @v store Test certificate store
1183 * @v root Test root certificate list
1184 * @v file Test code file
1185 * @v line Test code line
1186 */
1187static void x509_validate_chain_okx ( struct x509_test_chain *chn, time_t time,
1188 struct x509_chain *store,
1189 struct x509_root *root, const char *file,
1190 unsigned int line ) {
1191
1192 x509_invalidate_chain ( chn->chain );
1193 okx ( x509_validate_chain ( chn->chain, time, store, root ) == 0,
1194 file, line );
1195 okx ( x509_is_valid ( chn->certs[0]->cert, root ),
1196 file, line );
1197 okx ( ! x509_is_valid ( chn->certs[0]->cert, &dummy_root ),
1198 file, line );
1199}
1200#define x509_validate_chain_ok( chn, time, store, root ) \
1201 x509_validate_chain_okx ( chn, time, store, root, __FILE__, __LINE__ )
1202
1203/**
1204 * Report certificate chain validation failure test result
1205 *
1206 * @v chn Test certificate chain
1207 * @v time Test certificate validation time
1208 * @v store Test certificate store
1209 * @v root Test root certificate list
1210 * @v file Test code file
1211 * @v line Test code line
1212 */
1213static void x509_validate_chain_fail_okx ( struct x509_test_chain *chn,
1214 time_t time,
1215 struct x509_chain *store,
1216 struct x509_root *root,
1217 const char *file,
1218 unsigned int line ) {
1219
1220 x509_invalidate_chain ( chn->chain );
1221 okx ( x509_validate_chain ( chn->chain, time, store, root ) != 0,
1222 file, line );
1223}
1224#define x509_validate_chain_fail_ok( chn, time, store, root ) \
1225 x509_validate_chain_fail_okx ( chn, time, store, root, \
1226 __FILE__, __LINE__ )
1227
1228/**
1229 * Perform X.509 self-tests
1230 *
1231 */
1232static void x509_test_exec ( void ) {
1233 struct x509_link *link;
1234
1235 /* Parse all certificates */
1236 x509_certificate_ok ( &root_crt );
1237 x509_certificate_ok ( &intermediate_crt );
1238 x509_certificate_ok ( &leaf_crt );
1239 x509_certificate_ok ( &useless_crt );
1240 x509_certificate_ok ( &server_crt );
1241 x509_certificate_ok ( &not_ca_crt );
1242 x509_certificate_ok ( &bad_path_len_crt );
1243 x509_certificate_ok ( &ecintermediate_crt );
1244 x509_certificate_ok ( &ecleaf_crt );
1245 x509_certificate_ok ( &ecserver_crt );
1246
1247 /* Check cache functionality */
1248 x509_cached_ok ( &root_crt );
1249 x509_cached_ok ( &intermediate_crt );
1250 x509_cached_ok ( &leaf_crt );
1251 x509_cached_ok ( &useless_crt );
1252 x509_cached_ok ( &server_crt );
1253 x509_cached_ok ( &not_ca_crt );
1254 x509_cached_ok ( &bad_path_len_crt );
1255 x509_cached_ok ( &ecintermediate_crt );
1256 x509_cached_ok ( &ecleaf_crt );
1257 x509_cached_ok ( &ecserver_crt );
1258
1259 /* Check all certificate fingerprints */
1260 x509_fingerprint_ok ( &root_crt );
1261 x509_fingerprint_ok ( &intermediate_crt );
1262 x509_fingerprint_ok ( &leaf_crt );
1263 x509_fingerprint_ok ( &useless_crt );
1264 x509_fingerprint_ok ( &server_crt );
1265 x509_fingerprint_ok ( &not_ca_crt );
1266 x509_fingerprint_ok ( &bad_path_len_crt );
1267 x509_fingerprint_ok ( &ecintermediate_crt );
1268 x509_fingerprint_ok ( &ecleaf_crt );
1269 x509_fingerprint_ok ( &ecserver_crt );
1270
1271 /* Check pairwise issuing */
1272 x509_check_issuer_ok ( &intermediate_crt, &root_crt );
1273 x509_check_issuer_ok ( &leaf_crt, &intermediate_crt );
1274 x509_check_issuer_ok ( &useless_crt, &leaf_crt );
1275 x509_check_issuer_ok ( &server_crt, &leaf_crt );
1276 x509_check_issuer_fail_ok ( &not_ca_crt, &server_crt );
1277 x509_check_issuer_ok ( &bad_path_len_crt, &useless_crt );
1278 x509_check_issuer_ok ( &ecintermediate_crt, &root_crt );
1279 x509_check_issuer_ok ( &ecleaf_crt, &ecintermediate_crt );
1280 x509_check_issuer_ok ( &ecserver_crt, &ecleaf_crt );
1281
1282 /* Check root certificate stores */
1283 x509_check_root_ok ( &root_crt, &test_root );
1284 x509_check_root_fail_ok ( &intermediate_crt, &test_root );
1285 x509_check_root_ok ( &intermediate_crt, &intermediate_root );
1286 x509_check_root_fail_ok ( &root_crt, &intermediate_root );
1287 x509_check_root_fail_ok ( &root_crt, &dummy_root );
1288
1289 /* Check certificate validity periods */
1290 x509_check_time_ok ( &server_crt, test_time );
1291 x509_check_time_fail_ok ( &server_crt, test_expired );
1292 x509_check_time_ok ( &root_crt, test_time );
1293 x509_check_time_ok ( &root_crt, test_expired );
1294 x509_check_time_fail_ok ( &root_crt, test_ca_expired );
1295
1296 /* Check certificate names */
1297 x509_check_name_ok ( &server_crt, "boot.test.ipxe.org" );
1298 x509_check_name_ok ( &server_crt, "demo.test.ipxe.org" );
1299 x509_check_name_ok ( &server_crt, "demo.test.iPXE.org" );
1300 x509_check_name_fail_ok ( &server_crt, "incorrect.test.ipxe.org" );
1301 x509_check_name_ok ( &server_crt, "anything.alt.test.ipxe.org" );
1302 x509_check_name_ok ( &server_crt, "wildcard.alt.test.ipxe.org" );
1303 x509_check_name_fail_ok ( &server_crt, "sub.domain.alt.test.ipxe.org" );
1304 x509_check_name_fail_ok ( &server_crt, "alt.test.ipxe.org" );
1305 x509_check_name_fail_ok ( &server_crt, "test.ipxe.org" );
1306 x509_check_name_fail_ok ( &server_crt, "ipxe.org" );
1307 x509_check_name_fail_ok ( &server_crt, "org" );
1308 x509_check_name_fail_ok ( &server_crt, "" );
1309 x509_check_name_ok ( &server_crt, "192.168.0.1" );
1310 x509_check_name_fail_ok ( &server_crt, "192.168.0.2" );
1311 x509_check_name_ok ( &server_crt, "fe80::69ff:fe50:5845" );
1312 x509_check_name_ok ( &server_crt, "FE80:0:0:0:0:69FF:FE50:5845" );
1313 x509_check_name_fail_ok ( &server_crt, "fe80::69ff:fe50:5846" );
1314
1315 /* Parse all certificate chains */
1316 x509_chain_ok ( &server_chain );
1317 x509_chain_ok ( &broken_server_chain );
1318 x509_chain_ok ( &incomplete_server_chain );
1319 x509_chain_ok ( &not_ca_chain );
1320 x509_chain_ok ( &useless_chain );
1321 x509_chain_ok ( &bad_path_len_chain );
1322 x509_chain_ok ( &ecserver_chain );
1323 x509_chain_ok ( &broken_ecserver_chain );
1324
1325 /* Check certificate chains */
1326 x509_validate_chain_ok ( &server_chain, test_time,
1327 &empty_store, &test_root );
1328 x509_validate_chain_ok ( &server_chain, test_time,
1329 &empty_store, &intermediate_root );
1330 x509_validate_chain_fail_ok ( &server_chain, test_time,
1331 &empty_store, &dummy_root );
1332 x509_validate_chain_fail_ok ( &broken_server_chain, test_time,
1333 &empty_store, &test_root );
1334 x509_validate_chain_fail_ok ( &incomplete_server_chain, test_time,
1335 &empty_store, &test_root );
1336 x509_validate_chain_ok ( &incomplete_server_chain, test_time,
1337 &empty_store, &intermediate_root );
1338 x509_validate_chain_fail_ok ( &not_ca_chain, test_time,
1339 &empty_store, &test_root );
1340 x509_validate_chain_ok ( &useless_chain, test_time,
1341 &empty_store, &test_root );
1342 x509_validate_chain_fail_ok ( &bad_path_len_chain, test_time,
1343 &empty_store, &test_root );
1344 x509_validate_chain_ok ( &ecserver_chain, ectest_time, &empty_store,
1345 &test_root );
1346 x509_validate_chain_fail_ok ( &broken_ecserver_chain, ectest_time,
1347 &empty_store, &test_root );
1348
1349 /* Check certificate chain expiry times */
1350 x509_validate_chain_fail_ok ( &server_chain, test_expired,
1351 &empty_store, &test_root );
1352 x509_validate_chain_ok ( &useless_chain, test_expired,
1353 &empty_store, &test_root );
1354 x509_validate_chain_fail_ok ( &useless_chain, test_ca_expired,
1355 &empty_store, &test_root );
1356
1357 /* Check chain truncation */
1358 link = list_last_entry ( &server_chain.chain->links,
1359 struct x509_link, list );
1360 ok ( link->cert == root_crt.cert );
1361 link = list_prev_entry ( link, &server_chain.chain->links, list );
1362 ok ( link->cert == intermediate_crt.cert );
1363 x509_validate_chain_ok ( &server_chain, test_time,
1364 &empty_store, &test_root );
1365 x509_truncate ( server_chain.chain, link );
1366 x509_validate_chain_fail_ok ( &server_chain, test_time,
1367 &empty_store, &test_root );
1368
1369 /* Check self-signedess */
1370 ok ( x509_is_self_signed ( root_crt.cert ) );
1371 ok ( ! x509_is_self_signed ( intermediate_crt.cert ) );
1372
1373 /* Sanity check */
1374 assert ( list_empty ( &empty_store.links ) );
1375
1376 /* Drop chain references */
1377 x509_chain_put ( broken_ecserver_chain.chain );
1378 x509_chain_put ( ecserver_chain.chain );
1379 x509_chain_put ( bad_path_len_chain.chain );
1380 x509_chain_put ( useless_chain.chain );
1381 x509_chain_put ( not_ca_chain.chain );
1382 x509_chain_put ( incomplete_server_chain.chain );
1383 x509_chain_put ( broken_server_chain.chain );
1384 x509_chain_put ( server_chain.chain );
1385
1386 /* Drop certificate references */
1387 x509_put ( ecserver_crt.cert );
1388 x509_put ( ecintermediate_crt.cert );
1389 x509_put ( ecleaf_crt.cert );
1390 x509_put ( bad_path_len_crt.cert );
1391 x509_put ( not_ca_crt.cert );
1392 x509_put ( server_crt.cert );
1393 x509_put ( useless_crt.cert );
1394 x509_put ( leaf_crt.cert );
1395 x509_put ( intermediate_crt.cert );
1396 x509_put ( root_crt.cert );
1397}
1398
1399/** X.509 self-test */
1400struct self_test x509_test __self_test = {
1401 .name = "x509",
1402 .exec = x509_test_exec,
1403};
1404
1405/* Drag in algorithms required for tests */
1406REQUIRING_SYMBOL ( x509_test );
1407REQUIRE_OBJECT ( rsa_sha1 );
1408REQUIRE_OBJECT ( rsa_sha256 );
1409REQUIRE_OBJECT ( ecdsa_sha256 );
1410REQUIRE_OBJECT ( oid_p256 );
1411REQUIRE_OBJECT ( ipv4 );
1412REQUIRE_OBJECT ( ipv6 );
NULL
#define NULL
NULL pointer (VOID *)
Definition Base.h:322
DATA
#define DATA(...)
Define inline data.
Definition acpi_test.c:74
link
u32 link
Link to next descriptor.
Definition ar9003_mac.h:1
uint8_t
unsigned char uint8_t
Definition stdint.h:10
asn1.h
ASN.1 encoding.
assert
#define assert(condition)
Assert a condition at run-time.
Definition assert.h:50
name
const char * name
Definition ath9k_hw.c:1986
FINGERPRINT
#define FINGERPRINT(...)
Define inline fingerprint data.
Definition cms_test.c:78
test_root
static struct x509_root test_root
Root certificate list containing the iPXE self-test root CA.
Definition cms_test.c:1617
test_expired
static time_t test_expired
Time at which end-entity test certificates are invalid.
Definition cms_test.c:1643
root_crt_fingerprint
static uint8_t root_crt_fingerprint[]
iPXE self-test root CA certificate
Definition cms_test.c:1604
empty_store
static struct x509_chain empty_store
Empty certificate store.
Definition cms_test.c:1611
dummy_root
static struct x509_root dummy_root
Certificate store containing a dummy fingerprint.
Definition cms_test.c:1632
dummy_fingerprint
static uint8_t dummy_fingerprint[]
Dummy fingerprint (not matching any certificates)
Definition cms_test.c:1625
test_time
static time_t test_time
Time at which all test certificates are valid.
Definition cms_test.c:1640
errno.h
Error codes.
FILE_LICENCE
#define FILE_LICENCE(_licence)
Declare a particular licence as applying to a file.
Definition compiler.h:896
REQUIRE_OBJECT
#define REQUIRE_OBJECT(object)
Require an object.
Definition compiler.h:202
REQUIRING_SYMBOL
#define REQUIRING_SYMBOL(symbol)
Specify the file's requiring symbol.
Definition compiler.h:140
string.h
String functions.
time_t
int64_t time_t
Seconds since the Epoch.
Definition time.h:19
list_last_entry
#define list_last_entry(list, type, member)
Get the container of the last entry in a list.
Definition list.h:347
LIST_HEAD_INIT
#define LIST_HEAD_INIT(list)
Initialise a static list head.
Definition list.h:31
list_prev_entry
#define list_prev_entry(pos, head, member)
Get the container of the previous entry in a list.
Definition list.h:374
list_empty
#define list_empty(list)
Test whether a list is empty.
Definition list.h:137
first
uint32_t first
First block in range.
Definition pccrr.h:1
ref_no_free
void ref_no_free(struct refcnt *refcnt __unused)
Do not free reference-counted object.
Definition refcnt.c:102
REF_INIT
#define REF_INIT(free_fn)
Initialise a static reference counter.
Definition refcnt.h:78
sha256.h
SHA-256 algorithm.
root
struct stp_switch root
Root switch.
Definition stp.h:15
memcmp
int memcmp(const void *first, const void *second, size_t len)
Compare memory regions.
Definition string.c:115
self_test
A self-test set.
Definition test.h:15
x509_certificate
An X.509 certificate.
Definition x509.h:216
x509_certificate::store
struct x509_link store
Link in certificate store.
Definition x509.h:221
x509_certificate::issuer
struct x509_issuer issuer
Issuer.
Definition x509.h:241
x509_chain
An X.509 certificate chain.
Definition x509.h:201
x509_link
A link in an X.509 certificate chain.
Definition x509.h:171
x509_link::list
struct list_head list
List of links.
Definition x509.h:173
x509_root
An X.509 root certificate list.
Definition x509.h:375
x509_test_certificate
An X.509 test certificate.
Definition x509_test.c:47
x509_test_certificate::cert
struct x509_certificate * cert
Parsed certificate.
Definition x509_test.c:56
x509_test_certificate::fingerprint
const void * fingerprint
Fingerprint.
Definition x509_test.c:53
x509_test_certificate::len
size_t len
Length of data.
Definition x509_test.c:51
x509_test_certificate::data
const void * data
Data.
Definition x509_test.c:49
x509_test_chain
An X.509 test certificate chain.
Definition x509_test.c:60
x509_test_chain::certs
struct x509_test_certificate ** certs
Test certificates.
Definition x509_test.c:62
x509_test_chain::chain
struct x509_chain * chain
Parsed certificate chain.
Definition x509_test.c:67
x509_test_chain::count
unsigned int count
Number of certificates.
Definition x509_test.c:64
test.h
Self-test infrastructure.
okx
#define okx(success, file, line)
Report test result.
Definition test.h:44
ok
#define ok(success)
Definition test.h:46
__self_test
#define __self_test
Declare a self-test.
Definition test.h:32
x509_check_root
int x509_check_root(struct x509_certificate *cert, struct x509_root *root)
Check X.509 root certificate.
Definition x509.c:1255
x509_check_issuer
int x509_check_issuer(struct x509_certificate *cert, struct x509_certificate *issuer)
Check X.509 certificate against issuer certificate.
Definition x509.c:1177
x509_is_valid
int x509_is_valid(struct x509_certificate *cert, struct x509_root *root)
Check if X.509 certificate is valid.
Definition x509.c:1313
x509_check_name
int x509_check_name(struct x509_certificate *cert, const char *name)
Check X.509 certificate name.
Definition x509.c:1564
x509_validate_chain
int x509_validate_chain(struct x509_chain *chain, time_t time, struct x509_chain *store, struct x509_root *root)
Validate X.509 certificate chain.
Definition x509.c:1908
x509_truncate
void x509_truncate(struct x509_chain *chain, struct x509_link *link)
Truncate X.509 certificate chain.
Definition x509.c:1704
x509_alloc_chain
struct x509_chain * x509_alloc_chain(void)
Allocate X.509 certificate chain.
Definition x509.c:1615
x509_fingerprint
void x509_fingerprint(struct x509_certificate *cert, struct digest_algorithm *digest, void *fingerprint)
Calculate X.509 certificate fingerprint.
Definition x509.c:1237
x509_check_time
int x509_check_time(struct x509_certificate *cert, time_t time)
Check X.509 certificate validity period.
Definition x509.c:1287
x509_append
int x509_append(struct x509_chain *chain, struct x509_certificate *cert)
Append X.509 certificate to X.509 certificate chain.
Definition x509.c:1638
x509.h
X.509 certificates.
x509_first
static struct x509_certificate * x509_first(struct x509_chain *chain)
Get first certificate in X.509 certificate chain.
Definition x509.h:311
x509_is_self_signed
static int x509_is_self_signed(struct x509_certificate *cert)
Check if X.509 certificate is self-signed.
Definition x509.h:414
x509_put
static void x509_put(struct x509_certificate *cert)
Drop reference to X.509 certificate.
Definition x509.h:278
x509_invalidate_chain
static void x509_invalidate_chain(struct x509_chain *chain)
Invalidate X.509 certificate chain.
Definition x509.h:484
x509_chain_put
static void x509_chain_put(struct x509_chain *chain)
Drop reference to X.509 certificate chain.
Definition x509.h:300
x509_check_root_fail_ok
#define x509_check_root_fail_ok(crt, root)
Definition x509_test.c:1079
x509_check_root_okx
static void x509_check_root_okx(struct x509_test_certificate *crt, struct x509_root *root, const char *file, unsigned int line)
Report certificate root validation test result.
Definition x509_test.c:1056
x509_chain_ok
#define x509_chain_ok(chn)
Definition x509_test.c:1174
x509_certificate_ok
#define x509_certificate_ok(crt)
Definition x509_test.c:974
FINGERPRINT
#define FINGERPRINT(...)
Define inline fingerprint data.
Definition x509_test.c:74
x509_check_root_fail_okx
static void x509_check_root_fail_okx(struct x509_test_certificate *crt, struct x509_root *root, const char *file, unsigned int line)
Report certificate root validation failure test result.
Definition x509_test.c:1073
x509_fingerprint_okx
static void x509_fingerprint_okx(struct x509_test_certificate *crt, const char *file, unsigned int line)
Report certificate fingerprint test result.
Definition x509_test.c:1002
x509_check_name_okx
static void x509_check_name_okx(struct x509_test_certificate *crt, const char *name, const char *file, unsigned int line)
Report certificate name validation test result.
Definition x509_test.c:1124
x509_check_time_okx
static void x509_check_time_okx(struct x509_test_certificate *crt, time_t time, const char *file, unsigned int line)
Report certificate time validation test result.
Definition x509_test.c:1090
test_ca_expired
static time_t test_ca_expired
Time at which CA test certificates are invalid.
Definition x509_test.c:959
x509_certificate_okx
static void x509_certificate_okx(struct x509_test_certificate *crt, const char *file, unsigned int line)
Report certificate parsing test result.
Definition x509_test.c:968
x509_check_issuer_fail_okx
static void x509_check_issuer_fail_okx(struct x509_test_certificate *crt, struct x509_test_certificate *issuer, const char *file, unsigned int line)
Report certificate issuer validation failure test result.
Definition x509_test.c:1038
x509_validate_chain_fail_okx
static void x509_validate_chain_fail_okx(struct x509_test_chain *chn, time_t time, struct x509_chain *store, struct x509_root *root, const char *file, unsigned int line)
Report certificate chain validation failure test result.
Definition x509_test.c:1213
x509_validate_chain_ok
#define x509_validate_chain_ok(chn, time, store, root)
Definition x509_test.c:1200
x509_cached_ok
#define x509_cached_ok(crt)
Definition x509_test.c:993
intermediate_root
static struct x509_root intermediate_root
Root certificate list containing the iPXE self-test intermediate CA.
Definition x509_test.c:927
x509_check_time_fail_ok
#define x509_check_time_fail_ok(crt, time)
Definition x509_test.c:1113
CHAIN
#define CHAIN(name,...)
Define a test certificate chain.
Definition x509_test.c:87
x509_check_time_ok
#define x509_check_time_ok(crt, time)
Definition x509_test.c:1096
x509_validate_chain_okx
static void x509_validate_chain_okx(struct x509_test_chain *chn, time_t time, struct x509_chain *store, struct x509_root *root, const char *file, unsigned int line)
Report certificate chain validation test result.
Definition x509_test.c:1187
x509_check_name_fail_okx
static void x509_check_name_fail_okx(struct x509_test_certificate *crt, const char *name, const char *file, unsigned int line)
Report certificate name validation failure test result.
Definition x509_test.c:1141
x509_chain_okx
static void x509_chain_okx(struct x509_test_chain *chn, const char *file, unsigned int line)
Report certificate chain parsing test result.
Definition x509_test.c:1157
x509_check_root_ok
#define x509_check_root_ok(crt, root)
Definition x509_test.c:1062
x509_fingerprint_ok
#define x509_fingerprint_ok(crt)
Definition x509_test.c:1010
ectest_time
static time_t ectest_time
Time at which all ECDSA test certificates are valid.
Definition x509_test.c:953
x509_check_issuer_ok
#define x509_check_issuer_ok(crt, issuer)
Definition x509_test.c:1027
x509_test_exec
static void x509_test_exec(void)
Perform X.509 self-tests.
Definition x509_test.c:1232
x509_check_time_fail_okx
static void x509_check_time_fail_okx(struct x509_test_certificate *crt, time_t time, const char *file, unsigned int line)
Report certificate time validation failure test result.
Definition x509_test.c:1107
x509_check_name_ok
#define x509_check_name_ok(crt, name)
Definition x509_test.c:1130
x509_check_name_fail_ok
#define x509_check_name_fail_ok(crt, name)
Definition x509_test.c:1147
x509_test_algorithm
#define x509_test_algorithm
Fingerprint algorithm used for X.509 test certificates.
Definition x509_test.c:44
CERTIFICATE
#define CERTIFICATE(name, DATA, FINGERPRINT)
Define a test certificate.
Definition x509_test.c:77
x509_check_issuer_fail_ok
#define x509_check_issuer_fail_ok(crt, issuer)
Definition x509_test.c:1045
x509_validate_chain_fail_ok
#define x509_validate_chain_fail_ok(chn, time, store, root)
Definition x509_test.c:1224
x509_cached_okx
static void x509_cached_okx(struct x509_test_certificate *crt, const char *file, unsigned int line)
Report cached certificate parsing test result.
Definition x509_test.c:984
x509_check_issuer_okx
static void x509_check_issuer_okx(struct x509_test_certificate *crt, struct x509_test_certificate *issuer, const char *file, unsigned int line)
Report certificate issuer validation test result.
Definition x509_test.c:1021
Generated by doxygen 1.14.0