From ee8db10a5fc55e51efa04481e563e74e8b9ee1f5 Mon Sep 17 00:00:00 2001 From: Shane Bryldt Date: Thu, 7 Sep 2017 06:44:16 -0600 Subject: [PATCH] FS-10167: Added support for SSL/TLS, specifically enforcing TLS 1.2 currently but could be more configurable later. Added support for obtaining SANS from X509 certificates within the default wss transport, SANS will be used for preapproved automatically registered identities, currently only being cached on server side for downstream connections providing the remote client upstream certificate SANS, but can also be used by a master to obtain initial master identities from it's own downstream certificate in the future (planned, but not yet implemented) as it is the exception with no upstream and MUST have downstream available. Also added the openssl executable to the projects being built in the libblade solution to provide a windows executable for certificate production when required. --- libs/libblade/libblade.sln | 18 ++ libs/libblade/src/blade_transport_wss.c | 259 +++++++++++++----- libs/libblade/switchblade/switchblade.cfg | 21 +- libs/libblade/test/ca/certs/ca.cert.pem | 33 +++ libs/libblade/test/ca/index.txt | 1 + libs/libblade/test/ca/index.txt.attr | 1 + libs/libblade/test/ca/index.txt.old | 0 .../ca/intermediate/certs/ca-chain.cert.pem | 66 +++++ .../certs/client@freeswitch-upstream.cert.pem | 30 ++ .../controller@freeswitch-downstream.cert.pem | 32 +++ .../controller@freeswitch-upstream.cert.pem | 31 +++ .../intermediate/certs/intermediate.cert.pem | 33 +++ .../master@freeswitch-downstream.cert.pem | 33 +++ .../cnf/client@freeswitch-upstream.cnf | 133 +++++++++ .../cnf/controller@freeswitch-upstream.cnf | 133 +++++++++ .../cnf/master@freeswitch-downstream.cnf | 133 +++++++++ libs/libblade/test/ca/intermediate/crlnumber | 1 + .../csr/client@freeswitch-upstream.csr.pem | 17 ++ .../controller@freeswitch-downstream.csr.pem | 17 ++ .../controller@freeswitch-upstream.csr.pem | 17 ++ .../ca/intermediate/csr/intermediate.csr.pem | 28 ++ .../csr/master@freeswitch-downstream.csr.pem | 17 ++ libs/libblade/test/ca/intermediate/index.txt | 4 + .../test/ca/intermediate/index.txt.attr | 1 + .../test/ca/intermediate/index.txt.attr.old | 1 + .../test/ca/intermediate/index.txt.old | 3 + .../test/ca/intermediate/newcerts/1000.pem | 33 +++ .../test/ca/intermediate/newcerts/1001.pem | 32 +++ .../test/ca/intermediate/newcerts/1002.pem | 31 +++ .../test/ca/intermediate/newcerts/1003.pem | 30 ++ .../libblade/test/ca/intermediate/openssl.cnf | 132 +++++++++ .../client@freeswitch-upstream.key.pem | 27 ++ .../controller@freeswitch-downstream.key.pem | 27 ++ .../controller@freeswitch-upstream.key.pem | 27 ++ .../intermediate/private/intermediate.key.pem | 51 ++++ .../master@freeswitch-downstream.key.pem | 27 ++ libs/libblade/test/ca/intermediate/serial | 1 + libs/libblade/test/ca/intermediate/serial.old | 1 + libs/libblade/test/ca/newcerts/1000.pem | 33 +++ libs/libblade/test/ca/openssl.cnf | 132 +++++++++ libs/libblade/test/ca/private/ca.key.pem | 51 ++++ libs/libblade/test/ca/serial | 1 + libs/libblade/test/ca/serial.old | 1 + libs/libblade/test/testcli.cfg | 12 + libs/libblade/test/testcon.cfg | 17 +- libs/libks/src/include/ks_ssl.h | 1 + libs/libks/src/include/kws.h | 3 + libs/libks/src/ks_ssl.c | 1 + libs/libks/src/kws.c | 81 +++++- 49 files changed, 1731 insertions(+), 84 deletions(-) create mode 100644 libs/libblade/test/ca/certs/ca.cert.pem create mode 100644 libs/libblade/test/ca/index.txt create mode 100644 libs/libblade/test/ca/index.txt.attr create mode 100644 libs/libblade/test/ca/index.txt.old create mode 100644 libs/libblade/test/ca/intermediate/certs/ca-chain.cert.pem create mode 100644 libs/libblade/test/ca/intermediate/certs/client@freeswitch-upstream.cert.pem create mode 100644 libs/libblade/test/ca/intermediate/certs/controller@freeswitch-downstream.cert.pem create mode 100644 libs/libblade/test/ca/intermediate/certs/controller@freeswitch-upstream.cert.pem create mode 100644 libs/libblade/test/ca/intermediate/certs/intermediate.cert.pem create mode 100644 libs/libblade/test/ca/intermediate/certs/master@freeswitch-downstream.cert.pem create mode 100644 libs/libblade/test/ca/intermediate/cnf/client@freeswitch-upstream.cnf create mode 100644 libs/libblade/test/ca/intermediate/cnf/controller@freeswitch-upstream.cnf create mode 100644 libs/libblade/test/ca/intermediate/cnf/master@freeswitch-downstream.cnf create mode 100644 libs/libblade/test/ca/intermediate/crlnumber create mode 100644 libs/libblade/test/ca/intermediate/csr/client@freeswitch-upstream.csr.pem create mode 100644 libs/libblade/test/ca/intermediate/csr/controller@freeswitch-downstream.csr.pem create mode 100644 libs/libblade/test/ca/intermediate/csr/controller@freeswitch-upstream.csr.pem create mode 100644 libs/libblade/test/ca/intermediate/csr/intermediate.csr.pem create mode 100644 libs/libblade/test/ca/intermediate/csr/master@freeswitch-downstream.csr.pem create mode 100644 libs/libblade/test/ca/intermediate/index.txt create mode 100644 libs/libblade/test/ca/intermediate/index.txt.attr create mode 100644 libs/libblade/test/ca/intermediate/index.txt.attr.old create mode 100644 libs/libblade/test/ca/intermediate/index.txt.old create mode 100644 libs/libblade/test/ca/intermediate/newcerts/1000.pem create mode 100644 libs/libblade/test/ca/intermediate/newcerts/1001.pem create mode 100644 libs/libblade/test/ca/intermediate/newcerts/1002.pem create mode 100644 libs/libblade/test/ca/intermediate/newcerts/1003.pem create mode 100644 libs/libblade/test/ca/intermediate/openssl.cnf create mode 100644 libs/libblade/test/ca/intermediate/private/client@freeswitch-upstream.key.pem create mode 100644 libs/libblade/test/ca/intermediate/private/controller@freeswitch-downstream.key.pem create mode 100644 libs/libblade/test/ca/intermediate/private/controller@freeswitch-upstream.key.pem create mode 100644 libs/libblade/test/ca/intermediate/private/intermediate.key.pem create mode 100644 libs/libblade/test/ca/intermediate/private/master@freeswitch-downstream.key.pem create mode 100644 libs/libblade/test/ca/intermediate/serial create mode 100644 libs/libblade/test/ca/intermediate/serial.old create mode 100644 libs/libblade/test/ca/newcerts/1000.pem create mode 100644 libs/libblade/test/ca/openssl.cnf create mode 100644 libs/libblade/test/ca/private/ca.key.pem create mode 100644 libs/libblade/test/ca/serial create mode 100644 libs/libblade/test/ca/serial.old diff --git a/libs/libblade/libblade.sln b/libs/libblade/libblade.sln index 4eed1e7669..d5a1f60ad6 100644 --- a/libs/libblade/libblade.sln +++ b/libs/libblade/libblade.sln @@ -27,6 +27,8 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testcli", "test\testcli.vcx EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testcon", "test\testcon.vcxproj", "{D67EEF66-B323-4BCF-9E3C-3A640B9949B7}" EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "openssl", "..\win32\openssl\openssl.2015.vcxproj", "{25BD39B1-C8BF-4676-A738-9CABD9C6BC79}" +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|x64 = Debug|x64 @@ -231,6 +233,22 @@ Global {D67EEF66-B323-4BCF-9E3C-3A640B9949B7}.ReleaseDLL|x64.Build.0 = Release|x64 {D67EEF66-B323-4BCF-9E3C-3A640B9949B7}.ReleaseDLL|x86.ActiveCfg = Release|Win32 {D67EEF66-B323-4BCF-9E3C-3A640B9949B7}.ReleaseDLL|x86.Build.0 = Release|Win32 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Debug|x64.ActiveCfg = Debug|x64 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Debug|x64.Build.0 = Debug|x64 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Debug|x86.ActiveCfg = Debug|Win32 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Debug|x86.Build.0 = Debug|Win32 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.DebugDLL|x64.ActiveCfg = Debug|x64 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.DebugDLL|x64.Build.0 = Debug|x64 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.DebugDLL|x86.ActiveCfg = Debug|Win32 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.DebugDLL|x86.Build.0 = Debug|Win32 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Release|x64.ActiveCfg = Release|x64 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Release|x64.Build.0 = Release|x64 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Release|x86.ActiveCfg = Release|Win32 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Release|x86.Build.0 = Release|Win32 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.ReleaseDLL|x64.ActiveCfg = Release|x64 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.ReleaseDLL|x64.Build.0 = Release|x64 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.ReleaseDLL|x86.ActiveCfg = Release|Win32 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.ReleaseDLL|x86.Build.0 = Release|Win32 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE diff --git a/libs/libblade/src/blade_transport_wss.c b/libs/libblade/src/blade_transport_wss.c index 57d0568117..6178a560ae 100644 --- a/libs/libblade/src/blade_transport_wss.c +++ b/libs/libblade/src/blade_transport_wss.c @@ -44,11 +44,17 @@ struct blade_transport_wss_s { blade_transport_t *transport; blade_transport_callbacks_t *callbacks; + const char *ssl_key; + const char *ssl_cert; + const char *ssl_chain; ks_sockaddr_t endpoints_ipv4[BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX]; ks_sockaddr_t endpoints_ipv6[BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX]; int32_t endpoints_ipv4_length; int32_t endpoints_ipv6_length; int32_t endpoints_backlog; + const char *endpoints_ssl_key; + const char *endpoints_ssl_cert; + const char *endpoints_ssl_chain; volatile ks_bool_t shutdown; @@ -62,6 +68,7 @@ struct blade_transport_wss_link_s { const char *session_id; ks_socket_t sock; kws_t *kws; + SSL_CTX *ssl; }; @@ -162,6 +169,7 @@ static void blade_transport_wss_link_cleanup(void *ptr, void *arg, ks_pool_clean if (btwssl->session_id) ks_pool_free(&btwssl->session_id); if (btwssl->kws) kws_destroy(&btwssl->kws); else ks_socket_close(&btwssl->sock); + if (btwssl->ssl) SSL_CTX_free(btwssl->ssl); break; case KS_MPCL_DESTROY: break; @@ -191,26 +199,94 @@ ks_status_t blade_transport_wss_link_create(blade_transport_wss_link_t **btwsslP return KS_STATUS_SUCCESS; } +ks_status_t blade_transport_wss_link_ssl_init(blade_transport_wss_link_t *btwssl, ks_bool_t server) +{ + const SSL_METHOD *method = NULL; + const char *key = NULL; + const char *cert = NULL; + const char *chain = NULL; + + ks_assert(btwssl); + + method = server ? TLSv1_2_server_method() : TLSv1_2_client_method(); + key = server ? btwssl->transport->endpoints_ssl_key : btwssl->transport->ssl_key; + cert = server ? btwssl->transport->endpoints_ssl_cert : btwssl->transport->ssl_cert; + chain = server ? btwssl->transport->endpoints_ssl_chain : btwssl->transport->ssl_chain; + + if (key && cert) { + btwssl->ssl = SSL_CTX_new(method); + + // @todo probably manage this through configuration, but TLS 1.2 is preferred + SSL_CTX_set_options(btwssl->ssl, SSL_OP_NO_SSLv2); + SSL_CTX_set_options(btwssl->ssl, SSL_OP_NO_SSLv3); + SSL_CTX_set_options(btwssl->ssl, SSL_OP_NO_TLSv1); + SSL_CTX_set_options(btwssl->ssl, SSL_OP_NO_TLSv1_1); + SSL_CTX_set_options(btwssl->ssl, SSL_OP_NO_DTLSv1); + SSL_CTX_set_options(btwssl->ssl, SSL_OP_NO_COMPRESSION); + if (server) SSL_CTX_set_verify(btwssl->ssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); + + if (chain) { + if (!SSL_CTX_use_certificate_chain_file(btwssl->ssl, chain)) { + ks_log(KS_LOG_DEBUG, "SSL Chain File Error\n"); + return KS_STATUS_FAIL; + } + if (!SSL_CTX_load_verify_locations(btwssl->ssl, chain, NULL)) { + ks_log(KS_LOG_DEBUG, "SSL Verify File Error\n"); + return KS_STATUS_FAIL; + } + } + + if (!SSL_CTX_use_certificate_file(btwssl->ssl, cert, SSL_FILETYPE_PEM)) { + ks_log(KS_LOG_DEBUG, "SSL Cert File Error\n"); + return KS_STATUS_FAIL; + } + + if (!SSL_CTX_use_PrivateKey_file(btwssl->ssl, key, SSL_FILETYPE_PEM)) { + ks_log(KS_LOG_DEBUG, "SSL Key File Error\n"); + return KS_STATUS_FAIL; + } + + if (!SSL_CTX_check_private_key(btwssl->ssl)) { + ks_log(KS_LOG_DEBUG, "SSL Key File Verification Error\n"); + return KS_STATUS_FAIL; + } + + SSL_CTX_set_cipher_list(btwssl->ssl, "HIGH:!DSS:!aNULL@STRENGTH"); + } + + return KS_STATUS_SUCCESS; +} + ks_status_t blade_transport_wss_config(blade_transport_wss_t *btwss, config_setting_t *config) { + ks_pool_t *pool = NULL; config_setting_t *transport = NULL; config_setting_t *transport_wss = NULL; + config_setting_t *transport_wss_ssl = NULL; config_setting_t *transport_wss_endpoints = NULL; config_setting_t *transport_wss_endpoints_ipv4 = NULL; config_setting_t *transport_wss_endpoints_ipv6 = NULL; - config_setting_t *transport_wss_ssl = NULL; - config_setting_t *element; + config_setting_t *transport_wss_endpoints_ssl = NULL; + config_setting_t *element; config_setting_t *tmp1; config_setting_t *tmp2; + const char *ssl_key = NULL; + const char *ssl_cert = NULL; + const char *ssl_chain = NULL; ks_sockaddr_t endpoints_ipv4[BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX]; ks_sockaddr_t endpoints_ipv6[BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX]; int32_t endpoints_ipv4_length = 0; int32_t endpoints_ipv6_length = 0; int32_t endpoints_backlog = 8; + const char *endpoints_ssl_key = NULL; + const char *endpoints_ssl_cert = NULL; + const char *endpoints_ssl_chain = NULL; ks_assert(btwss); ks_assert(config); + pool = ks_pool_get(btwss); + if (!config_setting_is_group(config)) { ks_log(KS_LOG_DEBUG, "!config_setting_is_group(config)\n"); return KS_STATUS_FAIL; @@ -219,69 +295,94 @@ ks_status_t blade_transport_wss_config(blade_transport_wss_t *btwss, config_sett if (transport) { transport_wss = config_setting_get_member(transport, "wss"); if (transport_wss) { - transport_wss_endpoints = config_setting_get_member(transport_wss, "endpoints"); - if (!transport_wss_endpoints) { - ks_log(KS_LOG_DEBUG, "!wss_endpoints\n"); - return KS_STATUS_FAIL; - } - transport_wss_endpoints_ipv4 = config_lookup_from(transport_wss_endpoints, "ipv4"); - transport_wss_endpoints_ipv6 = config_lookup_from(transport_wss_endpoints, "ipv6"); - if (transport_wss_endpoints_ipv4) { - if (config_setting_type(transport_wss_endpoints_ipv4) != CONFIG_TYPE_LIST) return KS_STATUS_FAIL; - if ((endpoints_ipv4_length = config_setting_length(transport_wss_endpoints_ipv4)) > BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX) - return KS_STATUS_FAIL; - - for (int32_t index = 0; index < endpoints_ipv4_length; ++index) { - element = config_setting_get_elem(transport_wss_endpoints_ipv4, index); - tmp1 = config_lookup_from(element, "address"); - tmp2 = config_lookup_from(element, "port"); - if (!tmp1 || !tmp2) return KS_STATUS_FAIL; - if (config_setting_type(tmp1) != CONFIG_TYPE_STRING) return KS_STATUS_FAIL; - if (config_setting_type(tmp2) != CONFIG_TYPE_INT) return KS_STATUS_FAIL; - - if (ks_addr_set(&endpoints_ipv4[index], - config_setting_get_string(tmp1), - config_setting_get_int(tmp2), - AF_INET) != KS_STATUS_SUCCESS) return KS_STATUS_FAIL; - ks_log(KS_LOG_DEBUG, - "Binding to IPV4 %s on port %d\n", - ks_addr_get_host(&endpoints_ipv4[index]), - ks_addr_get_port(&endpoints_ipv4[index])); - } - } - if (transport_wss_endpoints_ipv6) { - if (config_setting_type(transport_wss_endpoints_ipv6) != CONFIG_TYPE_LIST) return KS_STATUS_FAIL; - if ((endpoints_ipv6_length = config_setting_length(transport_wss_endpoints_ipv6)) > BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX) - return KS_STATUS_FAIL; - - for (int32_t index = 0; index < endpoints_ipv6_length; ++index) { - element = config_setting_get_elem(transport_wss_endpoints_ipv6, index); - tmp1 = config_lookup_from(element, "address"); - tmp2 = config_lookup_from(element, "port"); - if (!tmp1 || !tmp2) return KS_STATUS_FAIL; - if (config_setting_type(tmp1) != CONFIG_TYPE_STRING) return KS_STATUS_FAIL; - if (config_setting_type(tmp2) != CONFIG_TYPE_INT) return KS_STATUS_FAIL; - - - if (ks_addr_set(&endpoints_ipv6[index], - config_setting_get_string(tmp1), - config_setting_get_int(tmp2), - AF_INET6) != KS_STATUS_SUCCESS) return KS_STATUS_FAIL; - ks_log(KS_LOG_DEBUG, - "Binding to IPV6 %s on port %d\n", - ks_addr_get_host(&endpoints_ipv6[index]), - ks_addr_get_port(&endpoints_ipv6[index])); - } - } - if (endpoints_ipv4_length + endpoints_ipv6_length <= 0) return KS_STATUS_FAIL; - tmp1 = config_lookup_from(transport_wss_endpoints, "backlog"); - if (tmp1) { - if (config_setting_type(tmp1) != CONFIG_TYPE_INT) return KS_STATUS_FAIL; - endpoints_backlog = config_setting_get_int(tmp1); - } transport_wss_ssl = config_setting_get_member(transport_wss, "ssl"); if (transport_wss_ssl) { - // @todo: SSL stuffs from wss_ssl into config_wss_ssl envelope + tmp1 = config_setting_get_member(transport_wss_ssl, "key"); + if (tmp1) ssl_key = config_setting_get_string(tmp1); + tmp1 = config_setting_get_member(transport_wss_ssl, "cert"); + if (tmp1) ssl_cert = config_setting_get_string(tmp1); + tmp1 = config_setting_get_member(transport_wss_ssl, "chain"); + if (tmp1) ssl_chain = config_setting_get_string(tmp1); + if (!ssl_key || !ssl_cert || !ssl_chain) return KS_STATUS_FAIL; + ks_log(KS_LOG_DEBUG, + "Using SSL: %s, %s, %s\n", + ssl_key, + ssl_cert, + ssl_chain); + } + + transport_wss_endpoints = config_setting_get_member(transport_wss, "endpoints"); + if (transport_wss_endpoints) { + transport_wss_endpoints_ipv4 = config_setting_get_member(transport_wss_endpoints, "ipv4"); + transport_wss_endpoints_ipv6 = config_setting_get_member(transport_wss_endpoints, "ipv6"); + if (transport_wss_endpoints_ipv4) { + if (config_setting_type(transport_wss_endpoints_ipv4) != CONFIG_TYPE_LIST) return KS_STATUS_FAIL; + if ((endpoints_ipv4_length = config_setting_length(transport_wss_endpoints_ipv4)) > BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX) + return KS_STATUS_FAIL; + + for (int32_t index = 0; index < endpoints_ipv4_length; ++index) { + element = config_setting_get_elem(transport_wss_endpoints_ipv4, index); + tmp1 = config_setting_get_member(element, "address"); + tmp2 = config_setting_get_member(element, "port"); + if (!tmp1 || !tmp2) return KS_STATUS_FAIL; + if (config_setting_type(tmp1) != CONFIG_TYPE_STRING) return KS_STATUS_FAIL; + if (config_setting_type(tmp2) != CONFIG_TYPE_INT) return KS_STATUS_FAIL; + + if (ks_addr_set(&endpoints_ipv4[index], + config_setting_get_string(tmp1), + config_setting_get_int(tmp2), + AF_INET) != KS_STATUS_SUCCESS) return KS_STATUS_FAIL; + ks_log(KS_LOG_DEBUG, + "Binding to IPV4 %s on port %d\n", + ks_addr_get_host(&endpoints_ipv4[index]), + ks_addr_get_port(&endpoints_ipv4[index])); + } + } + if (transport_wss_endpoints_ipv6) { + if (config_setting_type(transport_wss_endpoints_ipv6) != CONFIG_TYPE_LIST) return KS_STATUS_FAIL; + if ((endpoints_ipv6_length = config_setting_length(transport_wss_endpoints_ipv6)) > BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX) + return KS_STATUS_FAIL; + + for (int32_t index = 0; index < endpoints_ipv6_length; ++index) { + element = config_setting_get_elem(transport_wss_endpoints_ipv6, index); + tmp1 = config_setting_get_member(element, "address"); + tmp2 = config_setting_get_member(element, "port"); + if (!tmp1 || !tmp2) return KS_STATUS_FAIL; + if (config_setting_type(tmp1) != CONFIG_TYPE_STRING) return KS_STATUS_FAIL; + if (config_setting_type(tmp2) != CONFIG_TYPE_INT) return KS_STATUS_FAIL; + + + if (ks_addr_set(&endpoints_ipv6[index], + config_setting_get_string(tmp1), + config_setting_get_int(tmp2), + AF_INET6) != KS_STATUS_SUCCESS) return KS_STATUS_FAIL; + ks_log(KS_LOG_DEBUG, + "Binding to IPV6 %s on port %d\n", + ks_addr_get_host(&endpoints_ipv6[index]), + ks_addr_get_port(&endpoints_ipv6[index])); + } + } + if (endpoints_ipv4_length + endpoints_ipv6_length <= 0) return KS_STATUS_FAIL; + tmp1 = config_setting_get_member(transport_wss_endpoints, "backlog"); + if (tmp1) { + if (config_setting_type(tmp1) != CONFIG_TYPE_INT) return KS_STATUS_FAIL; + endpoints_backlog = config_setting_get_int(tmp1); + } + transport_wss_endpoints_ssl = config_setting_get_member(transport_wss_endpoints, "ssl"); + if (transport_wss_endpoints_ssl) { + tmp1 = config_setting_get_member(transport_wss_endpoints_ssl, "key"); + if (tmp1) endpoints_ssl_key = config_setting_get_string(tmp1); + tmp1 = config_setting_get_member(transport_wss_endpoints_ssl, "cert"); + if (tmp1) endpoints_ssl_cert = config_setting_get_string(tmp1); + tmp1 = config_setting_get_member(transport_wss_endpoints_ssl, "chain"); + if (tmp1) endpoints_ssl_chain = config_setting_get_string(tmp1); + if (!endpoints_ssl_key || !endpoints_ssl_cert || !endpoints_ssl_chain) return KS_STATUS_FAIL; + ks_log(KS_LOG_DEBUG, + "Using Endpoint SSL: %s, %s, %s\n", + endpoints_ssl_key, + endpoints_ssl_cert, + endpoints_ssl_chain); + } } } } @@ -289,6 +390,12 @@ ks_status_t blade_transport_wss_config(blade_transport_wss_t *btwss, config_sett // Configuration is valid, now assign it to the variables that are used // If the configuration was invalid, then this does not get changed + if (ssl_key) { + btwss->ssl_key = ks_pstrdup(pool, ssl_key); + btwss->ssl_cert = ks_pstrdup(pool, ssl_cert); + btwss->ssl_chain = ks_pstrdup(pool, ssl_chain); + } + for (int32_t index = 0; index < endpoints_ipv4_length; ++index) btwss->endpoints_ipv4[index] = endpoints_ipv4[index]; for (int32_t index = 0; index < endpoints_ipv6_length; ++index) @@ -296,7 +403,11 @@ ks_status_t blade_transport_wss_config(blade_transport_wss_t *btwss, config_sett btwss->endpoints_ipv4_length = endpoints_ipv4_length; btwss->endpoints_ipv6_length = endpoints_ipv6_length; btwss->endpoints_backlog = endpoints_backlog; - //btwss->ssl = ssl; + if (endpoints_ssl_key) { + btwss->endpoints_ssl_key = ks_pstrdup(pool, endpoints_ssl_key); + btwss->endpoints_ssl_cert = ks_pstrdup(pool, endpoints_ssl_cert); + btwss->endpoints_ssl_chain = ks_pstrdup(pool, endpoints_ssl_chain); + } ks_log(KS_LOG_DEBUG, "Configured\n"); @@ -739,8 +850,12 @@ blade_connection_state_hook_t blade_transport_wss_onstate_startup_inbound(blade_ btwssl = (blade_transport_wss_link_t *)blade_connection_transport_get(bc); - // @todo: SSL init stuffs based on data from config to pass into kws_init - if (kws_init(&btwssl->kws, btwssl->sock, NULL, NULL, KWS_BLOCK, ks_pool_get(btwssl)) != KS_STATUS_SUCCESS) { + if (blade_transport_wss_link_ssl_init(btwssl, KS_TRUE) != KS_STATUS_SUCCESS) { + ret = BLADE_CONNECTION_STATE_HOOK_DISCONNECT; + goto done; + } + + if (kws_init(&btwssl->kws, btwssl->sock, btwssl->ssl, NULL, KWS_BLOCK, ks_pool_get(btwssl)) != KS_STATUS_SUCCESS) { ks_log(KS_LOG_DEBUG, "Failed websocket init\n"); ret = BLADE_CONNECTION_STATE_HOOK_DISCONNECT; goto done; @@ -853,6 +968,8 @@ blade_connection_state_hook_t blade_transport_wss_onstate_startup_inbound(blade_ cJSON_AddStringToObject(json_result, "nodeid", nodeid); + // @todo process automatic identity registration from remote SANS entries + pool = ks_pool_get(bh); blade_upstreammgr_masterid_copy(blade_handle_upstreammgr_get(bh), pool, &master_nodeid); if (!master_nodeid) { @@ -939,8 +1056,12 @@ blade_connection_state_hook_t blade_transport_wss_onstate_startup_outbound(blade btwssl = (blade_transport_wss_link_t *)blade_connection_transport_get(bc); pool = ks_pool_get(bh); - // @todo: SSL init stuffs based on data from config to pass into kws_init - if (kws_init(&btwssl->kws, btwssl->sock, NULL, "/blade:blade.invalid:blade", KWS_BLOCK, ks_pool_get(btwssl)) != KS_STATUS_SUCCESS) { + if (blade_transport_wss_link_ssl_init(btwssl, KS_FALSE) != KS_STATUS_SUCCESS) { + ret = BLADE_CONNECTION_STATE_HOOK_DISCONNECT; + goto done; + } + + if (kws_init(&btwssl->kws, btwssl->sock, btwssl->ssl, "/blade:blade.invalid:blade", KWS_BLOCK, ks_pool_get(btwssl)) != KS_STATUS_SUCCESS) { ks_log(KS_LOG_DEBUG, "Failed websocket init\n"); ret = BLADE_CONNECTION_STATE_HOOK_DISCONNECT; goto done; @@ -1010,6 +1131,8 @@ blade_connection_state_hook_t blade_transport_wss_onstate_startup_outbound(blade goto done; } + // @todo parse and process automatic identity registration coming from local SANS entries, but given back in the connect response in case there are any errors (IE: missing realm or duplicate identity) + master_nodeid = cJSON_GetObjectCstr(json_result, "master-nodeid"); if (!master_nodeid) { ks_log(KS_LOG_DEBUG, "Received message 'result' is missing 'master-nodeid'\n"); diff --git a/libs/libblade/switchblade/switchblade.cfg b/libs/libblade/switchblade/switchblade.cfg index 13adf0ac00..a0219cac65 100644 --- a/libs/libblade/switchblade/switchblade.cfg +++ b/libs/libblade/switchblade/switchblade.cfg @@ -4,7 +4,7 @@ blade: { enabled = true; nodeid = "00000000-0000-0000-0000-000000000000"; - realms = ( "mydomain.com" ); + realms = ( "freeswitch" ); }; transport: { @@ -13,14 +13,15 @@ blade: endpoints: { ipv4 = ( { address = "0.0.0.0", port = 2100 } ); - ipv6 = ( { address = "::", port = 2100 } ); - backlog = 128; - }; - # SSL group is optional, disabled when absent - ssl: - { - # todo: server SSL stuffs here - }; - }; + ipv6 = ( { address = "::", port = 2100 } ); + backlog = 128; + ssl: + { + key = "../test/ca/intermediate/private/master@freeswitch-downstream.key.pem"; + cert = "../test/ca/intermediate/certs/master@freeswitch-downstream.cert.pem"; + chain = "../test/ca/intermediate/certs/ca-chain.cert.pem"; + }; + }; + }; }; }; diff --git a/libs/libblade/test/ca/certs/ca.cert.pem b/libs/libblade/test/ca/certs/ca.cert.pem new file mode 100644 index 0000000000..7dbdbae98f --- /dev/null +++ b/libs/libblade/test/ca/certs/ca.cert.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFxDCCA6ygAwIBAgIJANi9lXvHAbx4MA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNV +BAYTAlVTMREwDwYDVQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzETMBEG +A1UECgwKRnJlZVNXSVRDSDEOMAwGA1UECwwFQmxhZGUxFjAUBgNVBAMMDUJsYWRl +IFJvb3QgQ0EwHhcNMTcwOTA3MDkyNDE2WhcNMjcwOTA1MDkyNDE2WjBvMQswCQYD +VQQGEwJVUzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xEzAR +BgNVBAoMCkZyZWVTV0lUQ0gxDjAMBgNVBAsMBUJsYWRlMRYwFAYDVQQDDA1CbGFk +ZSBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3Pt3X1j8 +YaRuGb4ENkhfazwZl0K4VlaPhGj4h4wiL5S2Tp8E83HoRkoyQRX0fhKCrHtjNucO +ODkVbf+QMlv1mgEwCq+3SIEA6keBzsUv5sahunfPd+Vgh6+lgp1sAfjFuFlxrRvi +ghO/yHHKE6P2BBgIz3t5QSakE/fLPwejZ98dacyAIxklzLvt4xHRVP7rxfiNFXKR +XHsQd1iaWGSUBNMkUspCl8wO5IAPX75RiFGeA80IjZ518YVjiFBjCdzQfJb9iGJC +GzrOcPJahfum+tzyIO/rIj+ldFyLPY0wbpa0wKeF58HWt52p3HmKnK5FUa7L8RNA +fc3/H+6qyDeBFx92+T6J30q61dcmPayKooUJNsTKslrZ5L2OicWZepa/Oc5dagyz +GEUc+Z11Mgl8/4pT4rUOna29v1d8+StJPN8XgWAHxmwpZ/cY/9GluSq5oB+6PTPc +Q0aFHHUAI97QqfpGOeAWjtVd/3YUcNo82Pa3577rRgh55X+XEySQmBiPWNOsfuCZ +ZvYGOkLmby1SYR/LOwH8opKJyG/bOiZq23aaTPkmEQQSLRzsKxWc2jlE/UllpYX3 +FCu8nFn+L7Tam495IImi8FrpEX16ZpTGhr7YnfbOkMYw+LaRA36U55e5DToJAB5T +CsC2CLhk8QDVoIMPfpYpY4XpdmA4EfDHOG0CAwEAAaNjMGEwHQYDVR0OBBYEFFoz +OX01zWns+ANZ9/6m9g510yWWMB8GA1UdIwQYMBaAFFozOX01zWns+ANZ9/6m9g51 +0yWWMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB +CwUAA4ICAQAg74tSgyZKqZtqJPXt/fadZJqWS75cW5TN0rXTKWfzdDXnPfMD2dhZ +h0bH1ZQRamXmXWZni0LpWaOjvqaVNB2TMVStyjEIjLhcBLzR9fhBSXB0BkdVKXvF +Y/pmGN0ZM7BRwbbltgTPYIefftU6BvAyUP5k6y0JJZGy6RTYp7SN2iJ00msqfie/ +zmF83arhFAmW8wjDXMPsSz958+TNgeetFeQjrJ5sbMaApCE21QazHcZw6/zPMRvX +Gr+TPyx/p335MViz5SjeFThQ7XES871pZSbOhmIrugCHO8LJOat3oOlnsc8HkZ/T +AfUjka0SSPA/sRqPxjLWw/OwDn7g5GpbXl7RXpRsKR8CDIRMVrzD71Nk0SOEb3T9 +Dv7UTl6NDYlyYYqx35t/KsiwWjnPtr6Xcl8O9l/tuzf5Tjt1mz9i80BybE9wXHYi +Y3/1SGloKYVXC+HLLrLm1MEldi9GcYZDzxlydAPfHhSHlYWrvOS/J2Dq6uhH7RHn +JV0nE3bVQE01e6iR4BZMYSj4e3BrhMQvkMX67NndYEmoK6+9d77MsK7wblSXja7t +YyXysfQhcudaN/A00CLJt8VNq+h8Q9BR5PFmvIv6/jzV3kmLO4nX9z0CdERyBBUr +cFXfDn2TBpwlLvOQbEWvZPlEh7Vx2hXRRZr97NstLmFLGTdnVdAl9w== +-----END CERTIFICATE----- diff --git a/libs/libblade/test/ca/index.txt b/libs/libblade/test/ca/index.txt new file mode 100644 index 0000000000..7403eb59d4 --- /dev/null +++ b/libs/libblade/test/ca/index.txt @@ -0,0 +1 @@ +V 270905092804Z 1000 unknown /C=US/ST=Illinois/O=FreeSWITCH/OU=Blade/CN=Blade Intermediate CA diff --git a/libs/libblade/test/ca/index.txt.attr b/libs/libblade/test/ca/index.txt.attr new file mode 100644 index 0000000000..8f7e63a347 --- /dev/null +++ b/libs/libblade/test/ca/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/libs/libblade/test/ca/index.txt.old b/libs/libblade/test/ca/index.txt.old new file mode 100644 index 0000000000..e69de29bb2 diff --git a/libs/libblade/test/ca/intermediate/certs/ca-chain.cert.pem b/libs/libblade/test/ca/intermediate/certs/ca-chain.cert.pem new file mode 100644 index 0000000000..36ddebc71d --- /dev/null +++ b/libs/libblade/test/ca/intermediate/certs/ca-chain.cert.pem @@ -0,0 +1,66 @@ +-----BEGIN CERTIFICATE----- +MIIFtjCCA56gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwbzELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApG +cmVlU1dJVENIMQ4wDAYDVQQLDAVCbGFkZTEWMBQGA1UEAwwNQmxhZGUgUm9vdCBD +QTAeFw0xNzA5MDcwOTI4MDRaFw0yNzA5MDUwOTI4MDRaMGUxCzAJBgNVBAYTAlVT +MREwDwYDVQQIDAhJbGxpbm9pczETMBEGA1UECgwKRnJlZVNXSVRDSDEOMAwGA1UE +CwwFQmxhZGUxHjAcBgNVBAMMFUJsYWRlIEludGVybWVkaWF0ZSBDQTCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBALIlY1JmV9z6wjE6iEIXHUl2CRnsa1jD ++uDk4I/OncOdezpfv2mRO9C7VkcefXb5yDrda/qq8r9pNVm6Q2wCJICIlrK9uK90 +SLsB8WsO8Dnrv9E5Tx96U6J5qDx5Ma3IFM7fF1KUP1LVawpS4lMMKFhcyd/P1dAN +ZWlzHCBoM4O9HMo4sKYx4fzxn00yKNK+RU4Wyd3ecntOOg/Dtx3FHt1bExUFuPUW +sgVUR8b+R6Z/1U6iWe+3x/XBAUVCBhyzt7OrCpY0g3TX7wVCh7CafpZnTe54gjMo +1lqSraJ5Dr4Sn1LV1gRa8cVQrNbUZ+m2aHsNLxmpEviHDLTd267x5qXEDCNajesJ +iSALRpQzAJE/neQvVa2fiaV7PbPGlxtUcyR8J9sGfuuby48/RulPQ1CjL1+sI+IE +lnMZqTiab+1TT5OyKMYYRjQ4k3R/gUGn0MhQBcy1VOP6GVGEgeOYACbDSjvYO9HZ +dyM9ivpxLhV3BMVM2B0PmFxLgFdyBlIPkP36/5kBzOFJWdYrMLP/vahFVmTgevDm +8Uhi3PvEt6kKUnWHkBHdajzDKLvbh8y+Ucgap7PtT8apZR+8J9TX87gMFzH5r4Xc +SF97inJ/q098V8dyoPJpL6PRAzigBXGmB2fFhLgtoXfuKfI/nfgQHO7MbYCCFP4z +Och2kFZYehBTAgMBAAGjZjBkMB0GA1UdDgQWBBT24ScXvFFEdGFsK+X5SxmWnAmd +/jAfBgNVHSMEGDAWgBRaMzl9Nc1p7PgDWff+pvYOddMlljASBgNVHRMBAf8ECDAG +AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAgGzDCfJm +weo6oeSFmSLTmlBlTJZO+7igFWf8tunmTkg8wvKe+lCyDd2efNgUocI/NA+X4kRj +YtDH+hq0H+JlDu/p4y4/t6Srx/dh33Ow7eCv2wtuSCeK5Y0euysXhI9gmPquUGOC +HlHkmQcG03NbbrWt0+4IaPAaKxMuV0FR7KArudZvr+8gp9S8o0AkQVFZSbW41HQe +a7DAJmLF0vLQWoVz/YltKjwAMs/ws8OWxUdvcOA3w6XmWmjAFn5hc2MgHgu513c4 +Vbq0535ghU0Eneqc23y2ELa+8hbn5yS5wcK1AS2HG4VoDqOJw+pv4Ko3T33mCR6X +bUABSB+znX5kEZn8KQaP8sLm07kERGjCI3FLPscM1S851tah/iqBgddlIUn/YNpM +9uYQ2PWu6UWvqyZfhgVIlb2LYJNERtKZPeI05SRIbUW93wUTiC6A93fl8SEE7XHa +LMJt6+HLysR2IsXLqlSRZw3rIoT0B3G4uS9Xop89znLAknrOI57OvVAMLaeBrtkl +jepE7RrNX6VcyEY+Ar1p30ax4UJNxjxd3rszIznccerWQzuLo5wYUkuZEfNtnAFB +Z/4qlIn7wkbRevafgmlf/bhP6ZkeJFhqEjOq36Zci5JrnRu3rM/+Vex2ibHVat0E +IZjeGxeofAPEwTaLfPJT7EIWZ+33ZHMcz+8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFxDCCA6ygAwIBAgIJANi9lXvHAbx4MA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNV +BAYTAlVTMREwDwYDVQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzETMBEG +A1UECgwKRnJlZVNXSVRDSDEOMAwGA1UECwwFQmxhZGUxFjAUBgNVBAMMDUJsYWRl +IFJvb3QgQ0EwHhcNMTcwOTA3MDkyNDE2WhcNMjcwOTA1MDkyNDE2WjBvMQswCQYD +VQQGEwJVUzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xEzAR +BgNVBAoMCkZyZWVTV0lUQ0gxDjAMBgNVBAsMBUJsYWRlMRYwFAYDVQQDDA1CbGFk +ZSBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3Pt3X1j8 +YaRuGb4ENkhfazwZl0K4VlaPhGj4h4wiL5S2Tp8E83HoRkoyQRX0fhKCrHtjNucO +ODkVbf+QMlv1mgEwCq+3SIEA6keBzsUv5sahunfPd+Vgh6+lgp1sAfjFuFlxrRvi +ghO/yHHKE6P2BBgIz3t5QSakE/fLPwejZ98dacyAIxklzLvt4xHRVP7rxfiNFXKR +XHsQd1iaWGSUBNMkUspCl8wO5IAPX75RiFGeA80IjZ518YVjiFBjCdzQfJb9iGJC +GzrOcPJahfum+tzyIO/rIj+ldFyLPY0wbpa0wKeF58HWt52p3HmKnK5FUa7L8RNA +fc3/H+6qyDeBFx92+T6J30q61dcmPayKooUJNsTKslrZ5L2OicWZepa/Oc5dagyz +GEUc+Z11Mgl8/4pT4rUOna29v1d8+StJPN8XgWAHxmwpZ/cY/9GluSq5oB+6PTPc +Q0aFHHUAI97QqfpGOeAWjtVd/3YUcNo82Pa3577rRgh55X+XEySQmBiPWNOsfuCZ +ZvYGOkLmby1SYR/LOwH8opKJyG/bOiZq23aaTPkmEQQSLRzsKxWc2jlE/UllpYX3 +FCu8nFn+L7Tam495IImi8FrpEX16ZpTGhr7YnfbOkMYw+LaRA36U55e5DToJAB5T +CsC2CLhk8QDVoIMPfpYpY4XpdmA4EfDHOG0CAwEAAaNjMGEwHQYDVR0OBBYEFFoz +OX01zWns+ANZ9/6m9g510yWWMB8GA1UdIwQYMBaAFFozOX01zWns+ANZ9/6m9g51 +0yWWMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB +CwUAA4ICAQAg74tSgyZKqZtqJPXt/fadZJqWS75cW5TN0rXTKWfzdDXnPfMD2dhZ +h0bH1ZQRamXmXWZni0LpWaOjvqaVNB2TMVStyjEIjLhcBLzR9fhBSXB0BkdVKXvF +Y/pmGN0ZM7BRwbbltgTPYIefftU6BvAyUP5k6y0JJZGy6RTYp7SN2iJ00msqfie/ +zmF83arhFAmW8wjDXMPsSz958+TNgeetFeQjrJ5sbMaApCE21QazHcZw6/zPMRvX +Gr+TPyx/p335MViz5SjeFThQ7XES871pZSbOhmIrugCHO8LJOat3oOlnsc8HkZ/T +AfUjka0SSPA/sRqPxjLWw/OwDn7g5GpbXl7RXpRsKR8CDIRMVrzD71Nk0SOEb3T9 +Dv7UTl6NDYlyYYqx35t/KsiwWjnPtr6Xcl8O9l/tuzf5Tjt1mz9i80BybE9wXHYi +Y3/1SGloKYVXC+HLLrLm1MEldi9GcYZDzxlydAPfHhSHlYWrvOS/J2Dq6uhH7RHn +JV0nE3bVQE01e6iR4BZMYSj4e3BrhMQvkMX67NndYEmoK6+9d77MsK7wblSXja7t +YyXysfQhcudaN/A00CLJt8VNq+h8Q9BR5PFmvIv6/jzV3kmLO4nX9z0CdERyBBUr +cFXfDn2TBpwlLvOQbEWvZPlEh7Vx2hXRRZr97NstLmFLGTdnVdAl9w== +-----END CERTIFICATE----- diff --git a/libs/libblade/test/ca/intermediate/certs/client@freeswitch-upstream.cert.pem b/libs/libblade/test/ca/intermediate/certs/client@freeswitch-upstream.cert.pem new file mode 100644 index 0000000000..b77891973f --- /dev/null +++ b/libs/libblade/test/ca/intermediate/certs/client@freeswitch-upstream.cert.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFPDCCAySgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL +DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw +NzEyMDgwNloXDTI3MDkwNTEyMDgwNlowdzELMAkGA1UEBhMCVVMxETAPBgNVBAgM +CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI +MQ4wDAYDVQQLDAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgQ2xpZW50IFVwc3RyZWFt +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7QkR1NA64HPzuYYko7LT +ciwCWu1JLGuA3/7DkskMZ180+sQ3dBG4UjujKMRc0h65oFZc//WYIfmfUznLvLsR +ygghlevPqgGRGdf9WHIMjo9+hLM6MgZ51Eqqydh42L7sen/2bO85gh/pfxno3+uP +FGIJtX6GFiJ5Hp86wF+cqnfRRUFo+0L34+rLY08fITEkTbPjNg5R2jcWa+dWJXIJ +i3pud+ulWPTKalYiUvsqN8tucjJIZb279yzrxsV2qjRqHBCToBj9/kcJHD8gKrpE +f1HsiLLJ7PEAID1fMONTL5sVXCJ1TXpjWNZTlcTCCMAhrEghGMZV0FIm7GS//naq +ywIDAQABo4HjMIHgMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMDMGCWCG +SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBDbGllbnQgQ2VydGlmaWNhdGUw +HQYDVR0OBBYEFCZDQ3rDX5H3YjuUjV5wsBi/GYyhMB8GA1UdIwQYMBaAFPbhJxe8 +UUR0YWwr5flLGZacCZ3+MA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEF +BQcDAgYIKwYBBQUHAwQwHAYDVR0RBBUwE4IRY2xpZW50QGZyZWVzd2l0Y2gwDQYJ +KoZIhvcNAQELBQADggIBAETxSF12VHvtjQA/uP6oUyENmu7wSbINUQZznzyJZSUQ +X0eym9llkUqviMeT9g6wRIoFGSnoMuDkxKbG5k6xVIw6xBUeS+Ce40nhH3qmMkRi +2DZgoqpQHb4DrTszJlXCxLhnnE83DuGDGxN2MbdY1HhCUo8yHqlCiA27hnxk46xh +Xuyx44zoYsdpnROppSwBAeaW9Ewanp7GL8ayWUkbBy0kGV+8wH7u9bpijevmGZSC +iykbYBM7V+RvDvZoywfNSP+l9H77Tv3SI6G40Pfc55M5MbFOa/Po+XjNVeoTOFCu +YIgIm/kA2OUySyBiOy54HfxG5BecZYW+uUm2KIrDX5bS2tZcCww2eo4AKCXEYWrh +1NM1xbeZCregMQ+2gRap4jhB5a49JoH3KPrjFc+1fhnv68bmSAUWwF0twwxev1Aq +ugYwx5lOhAl9+wAZbtsUsmsCp0AmzsIzgv43H6lMXUMjwH8v770J7vpKgMzvXlu8 +wWxFKVMfyocQqvOvBQ3i9SwptnA0ORO8Y8/+Tyu8uW8as/H7z9qaHBcCOWl1RZkR +diBrb5f+OtnamvmDM32APxYtfomj9pgWyxK9vmeCpCILdga3c41iBHbGNJDaNz9q +y9N8z9w887aKQT+HUjoDD2/Zb92Nia1tY+NU0Qd3AQZysJjz1Pq/Eu7KRpHAirTC +-----END CERTIFICATE----- diff --git a/libs/libblade/test/ca/intermediate/certs/controller@freeswitch-downstream.cert.pem b/libs/libblade/test/ca/intermediate/certs/controller@freeswitch-downstream.cert.pem new file mode 100644 index 0000000000..2e4878f946 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/certs/controller@freeswitch-downstream.cert.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFmDCCA4CgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL +DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw +NzA5NTIxNloXDTI3MDkwNTA5NTIxNlowfTELMAkGA1UEBhMCVVMxETAPBgNVBAgM +CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI +MQ4wDAYDVQQLDAVCbGFkZTEkMCIGA1UEAwwbQmxhZGUgQ29udHJvbGxlciBEb3du +c3RyZWFtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEA1njlU4qAG +2/KskXthKBI35KDTND92Dqg6gkAvbC/IGEJJyzxw7Fd2AjNMAbNLuaasK9HFRwPh +ZXOLQjvl+wjwtBEAgGw+gLqrLdC3RVuiWlxGsbfB4tAYn9Av44jURYc1Prprnvqz +l8+DIU6UTuRh9JimoyL6NC4rqgcvo8LjR01RNn27RdyeO/VhDjdiU2/vC/OujUqn +InhtGvTB/KrDJtxLEcl15zBGe0PBoolYCF2+8FS2cMFw8y2aeeNeOfvjlzMXOxGG +4vohxUNx/DZh6aNUzbh9Fp7gvJQ8ZRsRNqtI3AgGW4+7Bt4US9ekM8RQjRb51Vk/ +NcFhOKejswIDAQABo4IBODCCATQwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMC +BkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIFNlcnZlciBDZXJ0 +aWZpY2F0ZTAdBgNVHQ4EFgQUowMxPRDVCvF5Ax/Nvn+quWWny/kwgZoGA1UdIwSB +kjCBj4AU9uEnF7xRRHRhbCvl+UsZlpwJnf6hc6RxMG8xCzAJBgNVBAYTAlVTMREw +DwYDVQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzETMBEGA1UECgwKRnJl +ZVNXSVRDSDEOMAwGA1UECwwFQmxhZGUxFjAUBgNVBAMMDUJsYWRlIFJvb3QgQ0GC +AhAAMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG +9w0BAQsFAAOCAgEAayl96eapLsMHWJDT/p1qfNhMYR+JtO7xaaGLJ+yiibY6T1Be +1R5dLhG7y00Ww1Os9B4F3rWScFxpGqI9GgX8FAGo94Rm3c6+qLAKj/IZmXC6Dgg/ +VzqppcxMt+wo4HsYYhiamVLCyPTrOpPZ82X0+rlR+7iQRbEQ09ubfrb1ec/rDbfU +Kucr1ugwAyOLCmTsK+PAXhAdT/9ci/pL2uO9AxKYgSqvc9VnxoyUusq4Qouxb76I +qmbkGxVN0iP67tJ9jecyaXSoAJ6kBUPAdOesp9shPXmxnU6sPbk5FuJqNU5uZmK+ +KFwGMycLOl8wGAtK88GlupSYHmUT1CDo5rKFtOtyD0wcjM1p+lieQIFYDRV4OLXh +qTa3gtgVRqEcXdn2GdtNFlO87HWR8ptr4gA3jfm/yaC3WGqsgbZtXyPerSIUSd3B +op+5tvE8oqaIahCJV+Lj5XbmXoQkVKGel1xQjZ9rZavBxvwT4BlTNjYBZQHN0wsk +T9Pd1jbytZ9Ffwf3BO/vnkeo4mXSybYN+Ohfh3+bDPMu+NDL7m2/V8ZhIuRCJP0w +YBrlHHxvn4wjVOMix/KXcYXMlVenL0V1xTUHhFhQhBWQ9V4TzzWq/YeZH18MyB/Q +J9vGivKGGFUcs2F7ze+juVOPuUv/hE4ypdPAa4uq+v4HUQAD3mYZkeJnq8o= +-----END CERTIFICATE----- diff --git a/libs/libblade/test/ca/intermediate/certs/controller@freeswitch-upstream.cert.pem b/libs/libblade/test/ca/intermediate/certs/controller@freeswitch-upstream.cert.pem new file mode 100644 index 0000000000..3f8d405924 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/certs/controller@freeswitch-upstream.cert.pem @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFVjCCAz6gAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL +DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw +NzA5NTY1MFoXDTI3MDkwNTA5NTY1MFowezELMAkGA1UEBhMCVVMxETAPBgNVBAgM +CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI +MQ4wDAYDVQQLDAVCbGFkZTEiMCAGA1UEAwwZQmxhZGUgQ29udHJvbGxlciBVcHN0 +cmVhbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOLeR7h7lhJR2/T3 +uaG8P20ko4Zo9wudGS/GN+aFv5EpFjlnRRxxbaqc5FFxWSWoJpMvrciX+4izC/jg +mVSU9L7TdK2svGT8rqbXz31H3wEIBP4irKLtW22UbOZL2JoiW8kDUMcyOsc3jTqp +Ewm96PSiYUJHvP6aTJRJdsAlmxZoJu46hxg8tNuy0V6YVPBZFU9NODEosm/wwAFo +Aly70lvUD/kXBZFPBbgMy6xHVPrXKdou2p4IwfWNqm4VmS652YkjG7avSSAnTaph +taTTCvtwOkCvrjJHvg4AG+zgwPdRxSZRqm7+zQdAIyC3zQzQRkbOizlZXej+ffXj +EiPNmNMCAwEAAaOB+TCB9jAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAz +BglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRpZmlj +YXRlMB0GA1UdDgQWBBSmUpL+sqt/zQFJU1CnvyTAKVEttzAfBgNVHSMEGDAWgBT2 +4ScXvFFEdGFsK+X5SxmWnAmd/jAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYI +KwYBBQUHAwIGCCsGAQUFBwMEMDIGA1UdEQQrMCmCFWNvbnRyb2xsZXJAZnJlZXN3 +aXRjaIIQY29udHJvbGxlckBibGFkZTANBgkqhkiG9w0BAQsFAAOCAgEASJ0KLhWJ +74j+jbHNAKMvqjrhCBSrAr6Ma94L7ut35umYx9jVQhlvW5FQnI+cGU9s+RRm/tkK +bze6aP+FaQdQvQMaxH9P7nCUjEXvKutzATwmXdRNv8MS+i9xVxX1vodZz2nSJ4uE +4GqwiS+HtF5W4DCSId55RQ/1lMsTHsDNi0SspV5nubGJ4qDv/EA6vgkEUMbR6X3J +phLcVTNeM+MvwYFZWZtnXkLnejZUYXMvtCCPwOW3fMQP8lWzNHwCOT+rZCboCnba +NMAOKKkZDiz525wYUsYqDrLN8Q94m1EwgCjIhd9Vn4aLZTBouKAouFW+//L8WWHA +rHFQuw4fy/efZzd1B+AaiM5FfWcKZuGQqa2LJS//GHDQGbRYZZOX505qOSKonSBU +vTLFDYIE4gIYWFFUZqzVOJnafRUGEVl1V5xLZajM7HWMuhCK8p+XA6QM7HQXDUMd +tMa9+EhU5nDF5V+gQmzjNDkh3xGLMbkZceEIP4nSRT9rTEVfILsQ8Q6G9pWYfYf7 +NsSBmax/F/8Jbx2gw9UVo7HVDx6dA5FRht4K8qiT6aA/5pRSOADMRz6ISM2idiF9 +NjadbBo+nVPtKosSF5ZGKxTAdYMUb34FMdp1N7J4UzG1ZBiLpNa3+7R3GGbtlNy5 +WLn35rnLEHYt9KvftBeYz58KVaiPQz/af8c= +-----END CERTIFICATE----- diff --git a/libs/libblade/test/ca/intermediate/certs/intermediate.cert.pem b/libs/libblade/test/ca/intermediate/certs/intermediate.cert.pem new file mode 100644 index 0000000000..8e915f4784 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/certs/intermediate.cert.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFtjCCA56gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwbzELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApG +cmVlU1dJVENIMQ4wDAYDVQQLDAVCbGFkZTEWMBQGA1UEAwwNQmxhZGUgUm9vdCBD +QTAeFw0xNzA5MDcwOTI4MDRaFw0yNzA5MDUwOTI4MDRaMGUxCzAJBgNVBAYTAlVT +MREwDwYDVQQIDAhJbGxpbm9pczETMBEGA1UECgwKRnJlZVNXSVRDSDEOMAwGA1UE +CwwFQmxhZGUxHjAcBgNVBAMMFUJsYWRlIEludGVybWVkaWF0ZSBDQTCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBALIlY1JmV9z6wjE6iEIXHUl2CRnsa1jD ++uDk4I/OncOdezpfv2mRO9C7VkcefXb5yDrda/qq8r9pNVm6Q2wCJICIlrK9uK90 +SLsB8WsO8Dnrv9E5Tx96U6J5qDx5Ma3IFM7fF1KUP1LVawpS4lMMKFhcyd/P1dAN +ZWlzHCBoM4O9HMo4sKYx4fzxn00yKNK+RU4Wyd3ecntOOg/Dtx3FHt1bExUFuPUW +sgVUR8b+R6Z/1U6iWe+3x/XBAUVCBhyzt7OrCpY0g3TX7wVCh7CafpZnTe54gjMo +1lqSraJ5Dr4Sn1LV1gRa8cVQrNbUZ+m2aHsNLxmpEviHDLTd267x5qXEDCNajesJ +iSALRpQzAJE/neQvVa2fiaV7PbPGlxtUcyR8J9sGfuuby48/RulPQ1CjL1+sI+IE +lnMZqTiab+1TT5OyKMYYRjQ4k3R/gUGn0MhQBcy1VOP6GVGEgeOYACbDSjvYO9HZ +dyM9ivpxLhV3BMVM2B0PmFxLgFdyBlIPkP36/5kBzOFJWdYrMLP/vahFVmTgevDm +8Uhi3PvEt6kKUnWHkBHdajzDKLvbh8y+Ucgap7PtT8apZR+8J9TX87gMFzH5r4Xc +SF97inJ/q098V8dyoPJpL6PRAzigBXGmB2fFhLgtoXfuKfI/nfgQHO7MbYCCFP4z +Och2kFZYehBTAgMBAAGjZjBkMB0GA1UdDgQWBBT24ScXvFFEdGFsK+X5SxmWnAmd +/jAfBgNVHSMEGDAWgBRaMzl9Nc1p7PgDWff+pvYOddMlljASBgNVHRMBAf8ECDAG +AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAgGzDCfJm +weo6oeSFmSLTmlBlTJZO+7igFWf8tunmTkg8wvKe+lCyDd2efNgUocI/NA+X4kRj +YtDH+hq0H+JlDu/p4y4/t6Srx/dh33Ow7eCv2wtuSCeK5Y0euysXhI9gmPquUGOC +HlHkmQcG03NbbrWt0+4IaPAaKxMuV0FR7KArudZvr+8gp9S8o0AkQVFZSbW41HQe +a7DAJmLF0vLQWoVz/YltKjwAMs/ws8OWxUdvcOA3w6XmWmjAFn5hc2MgHgu513c4 +Vbq0535ghU0Eneqc23y2ELa+8hbn5yS5wcK1AS2HG4VoDqOJw+pv4Ko3T33mCR6X +bUABSB+znX5kEZn8KQaP8sLm07kERGjCI3FLPscM1S851tah/iqBgddlIUn/YNpM +9uYQ2PWu6UWvqyZfhgVIlb2LYJNERtKZPeI05SRIbUW93wUTiC6A93fl8SEE7XHa +LMJt6+HLysR2IsXLqlSRZw3rIoT0B3G4uS9Xop89znLAknrOI57OvVAMLaeBrtkl +jepE7RrNX6VcyEY+Ar1p30ax4UJNxjxd3rszIznccerWQzuLo5wYUkuZEfNtnAFB +Z/4qlIn7wkbRevafgmlf/bhP6ZkeJFhqEjOq36Zci5JrnRu3rM/+Vex2ibHVat0E +IZjeGxeofAPEwTaLfPJT7EIWZ+33ZHMcz+8= +-----END CERTIFICATE----- diff --git a/libs/libblade/test/ca/intermediate/certs/master@freeswitch-downstream.cert.pem b/libs/libblade/test/ca/intermediate/certs/master@freeswitch-downstream.cert.pem new file mode 100644 index 0000000000..2e0a69d061 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/certs/master@freeswitch-downstream.cert.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFwDCCA6igAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL +DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw +NzA5NDQ1OVoXDTI3MDkwNTA5NDQ1OVoweTELMAkGA1UEBhMCVVMxETAPBgNVBAgM +CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI +MQ4wDAYDVQQLDAVCbGFkZTEgMB4GA1UEAwwXQmxhZGUgTWFzdGVyIERvd25zdHJl +YW0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK8mciD1y9F1fz08+4 +V1d6VZfv87h0V4/JihsjFEAlvog1W1BsfMPw1eNGmykDVZPVgmmgjP95UZYBm9gW +P26ze6hzA/7wpqdCs/tG0XsiCS5NsyP/9g33hcXJqzhTQXoqn0cGRJzrre2AfPoX +2CijWpjH3ufUMyZzN7fP7/VCYNEDR/4Geyp3RjBnqw4PlFqroME2762kNC5jGkCh +hPUpYrKwNE6mvQ6H0DwjJl9cHR9ynssU81h0TDa98N6kKcDLzK7BAoFtFGRKrFkL +db8LtvbG6zyLZrpJtwkcgfyOoKtXMuHGfISnnMtbgi6IyZPfo/9RcKK6q6a3/ZHE +plwJAgMBAAGjggFkMIIBYDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAz +BglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmlj +YXRlMB0GA1UdDgQWBBT5po36vCPKHCecbSz1ueDbFDZ1jjCBmgYDVR0jBIGSMIGP +gBT24ScXvFFEdGFsK+X5SxmWnAmd/qFzpHEwbzELMAkGA1UEBhMCVVMxETAPBgNV +BAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJ +VENIMQ4wDAYDVQQLDAVCbGFkZTEWMBQGA1UEAwwNQmxhZGUgUm9vdCBDQYICEAAw +DgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMCoGA1UdEQQjMCGC +EW1hc3RlckBmcmVlc3dpdGNoggxtYXN0ZXJAYmxhZGUwDQYJKoZIhvcNAQELBQAD +ggIBAJ73CuGQvtFkzQxhVvmWcg7TOHeV6I1IycBXDgyEdL3MEC+z2vXpz7NwzcnD +F0gYBVXAszSkNsLxmzUsxSr2IOy6rTJ/5R/GP9/3NLfjF1H2r1lxytfngMokp6ts +AiCPu5fiIyYPlwj3Gcbw0+n8LL06oPKGf291eHRjWlJbbI0grUW2W1Mdajd9U42z +vadoY0NAtWiZI3sM+OpicAg8hsYLN40KsnEag3Y6JdsDNiT05qKDhUcqVROlVcu4 +CT4u1gNROClAt/iUGA2s8jsPutPEedtGuAcIHqDk60C6D0v1+PokdFGG2ZBgHZLg +fXRsPYzAtsqhyUW3jyR3XYEoIj1tU+zHRZT7B5wPczhOBk5LOHf+QYVVzwV3Ff5x +8de8KRXRSg2ygLQGpBWTqMzzrjVgeSBNzC5nW/WaQHkMxmSGvUyvpUVUX/ySpDFf +r4JfpYHmxSNWVdRVBmCzTBq2qM8npaPWsagXWOv/hdZcrTTi6nnrWxSIFogiY9DX +YW2GUENt56AlXlyhiKd/NCWkQN5c/pRjV8EVUSTNuLNwFsGWmdZdjiaOUeILxHQS +OyzvTgKohqHikECl1wISRuDY8Fbu+xfqUaERsSfS35CBKW3qtmnmg+9meE6MRj7I +sbWoHXx7dJZst7vcDDsBptUPNUFKsgHKqfaGrb7hJGro/vTV +-----END CERTIFICATE----- diff --git a/libs/libblade/test/ca/intermediate/cnf/client@freeswitch-upstream.cnf b/libs/libblade/test/ca/intermediate/cnf/client@freeswitch-upstream.cnf new file mode 100644 index 0000000000..c6c37bfca8 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/cnf/client@freeswitch-upstream.cnf @@ -0,0 +1,133 @@ +# OpenSSL intermediate CA configuration file. +# Copy to `/root/ca/intermediate/openssl.cnf`. + +[ ca ] +# `man ca` +default_ca = CA_default + +[ CA_default ] +# Directory and file locations. +dir = . +certs = $dir/certs +crl_dir = $dir/crl +new_certs_dir = $dir/newcerts +database = $dir/index.txt +serial = $dir/serial +RANDFILE = $dir/private/.rand + +# The root key and root certificate. +private_key = $dir/private/intermediate.key.pem +certificate = $dir/certs/intermediate.cert.pem + +# For certificate revocation lists. +crlnumber = $dir/crlnumber +crl = $dir/crl/intermediate.crl.pem +crl_extensions = crl_ext +default_crl_days = 30 + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +name_opt = ca_default +cert_opt = ca_default +default_days = 375 +preserve = no +policy = policy_loose + +[ policy_strict ] +# The root CA should only sign intermediate certificates that match. +# See the POLICY FORMAT section of `man ca`. +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ policy_loose ] +# Allow the intermediate CA to sign a more diverse range of certificates. +# See the POLICY FORMAT section of the `ca` man page. +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ req ] +# Options for the `req` tool (`man req`). +default_bits = 2048 +distinguished_name = req_distinguished_name +string_mask = utf8only + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +# Extension to add when the -x509 option is used. +x509_extensions = v3_ca + +[ req_distinguished_name ] +# See . +countryName = Country Name (2 letter code) +stateOrProvinceName = State or Province Name +localityName = Locality Name +0.organizationName = Organization Name +organizationalUnitName = Organizational Unit Name +commonName = Common Name +emailAddress = Email Address + +# Optionally, specify some defaults. +countryName_default = US +stateOrProvinceName_default = Illinois +localityName_default = Chicago +0.organizationName_default = FreeSWITCH +organizationalUnitName_default = Blade +emailAddress_default = + +[ v3_ca ] +# Extensions for a typical CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ v3_intermediate_ca ] +# Extensions for a typical intermediate CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true, pathlen:0 +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ usr_cert ] +# Extensions for client certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth, emailProtection +subjectAltName = DNS: client@freeswitch + +[ server_cert ] +# Extensions for server certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +keyUsage = critical, digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth + +[ crl_ext ] +# Extension for CRLs (`man x509v3_config`). +authorityKeyIdentifier=keyid:always + +[ ocsp ] +# Extension for OCSP signing certificates (`man ocsp`). +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, digitalSignature +extendedKeyUsage = critical, OCSPSigning \ No newline at end of file diff --git a/libs/libblade/test/ca/intermediate/cnf/controller@freeswitch-upstream.cnf b/libs/libblade/test/ca/intermediate/cnf/controller@freeswitch-upstream.cnf new file mode 100644 index 0000000000..6f7c702fc2 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/cnf/controller@freeswitch-upstream.cnf @@ -0,0 +1,133 @@ +# OpenSSL intermediate CA configuration file. +# Copy to `/root/ca/intermediate/openssl.cnf`. + +[ ca ] +# `man ca` +default_ca = CA_default + +[ CA_default ] +# Directory and file locations. +dir = . +certs = $dir/certs +crl_dir = $dir/crl +new_certs_dir = $dir/newcerts +database = $dir/index.txt +serial = $dir/serial +RANDFILE = $dir/private/.rand + +# The root key and root certificate. +private_key = $dir/private/intermediate.key.pem +certificate = $dir/certs/intermediate.cert.pem + +# For certificate revocation lists. +crlnumber = $dir/crlnumber +crl = $dir/crl/intermediate.crl.pem +crl_extensions = crl_ext +default_crl_days = 30 + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +name_opt = ca_default +cert_opt = ca_default +default_days = 375 +preserve = no +policy = policy_loose + +[ policy_strict ] +# The root CA should only sign intermediate certificates that match. +# See the POLICY FORMAT section of `man ca`. +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ policy_loose ] +# Allow the intermediate CA to sign a more diverse range of certificates. +# See the POLICY FORMAT section of the `ca` man page. +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ req ] +# Options for the `req` tool (`man req`). +default_bits = 2048 +distinguished_name = req_distinguished_name +string_mask = utf8only + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +# Extension to add when the -x509 option is used. +x509_extensions = v3_ca + +[ req_distinguished_name ] +# See . +countryName = Country Name (2 letter code) +stateOrProvinceName = State or Province Name +localityName = Locality Name +0.organizationName = Organization Name +organizationalUnitName = Organizational Unit Name +commonName = Common Name +emailAddress = Email Address + +# Optionally, specify some defaults. +countryName_default = US +stateOrProvinceName_default = Illinois +localityName_default = Chicago +0.organizationName_default = FreeSWITCH +organizationalUnitName_default = Blade +emailAddress_default = + +[ v3_ca ] +# Extensions for a typical CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ v3_intermediate_ca ] +# Extensions for a typical intermediate CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true, pathlen:0 +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ usr_cert ] +# Extensions for client certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth, emailProtection +subjectAltName = DNS: controller@freeswitch, DNS: controller@blade + +[ server_cert ] +# Extensions for server certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +keyUsage = critical, digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth + +[ crl_ext ] +# Extension for CRLs (`man x509v3_config`). +authorityKeyIdentifier=keyid:always + +[ ocsp ] +# Extension for OCSP signing certificates (`man ocsp`). +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, digitalSignature +extendedKeyUsage = critical, OCSPSigning \ No newline at end of file diff --git a/libs/libblade/test/ca/intermediate/cnf/master@freeswitch-downstream.cnf b/libs/libblade/test/ca/intermediate/cnf/master@freeswitch-downstream.cnf new file mode 100644 index 0000000000..f23e7c91e1 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/cnf/master@freeswitch-downstream.cnf @@ -0,0 +1,133 @@ +# OpenSSL intermediate CA configuration file. +# Copy to `/root/ca/intermediate/openssl.cnf`. + +[ ca ] +# `man ca` +default_ca = CA_default + +[ CA_default ] +# Directory and file locations. +dir = . +certs = $dir/certs +crl_dir = $dir/crl +new_certs_dir = $dir/newcerts +database = $dir/index.txt +serial = $dir/serial +RANDFILE = $dir/private/.rand + +# The root key and root certificate. +private_key = $dir/private/intermediate.key.pem +certificate = $dir/certs/intermediate.cert.pem + +# For certificate revocation lists. +crlnumber = $dir/crlnumber +crl = $dir/crl/intermediate.crl.pem +crl_extensions = crl_ext +default_crl_days = 30 + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +name_opt = ca_default +cert_opt = ca_default +default_days = 375 +preserve = no +policy = policy_loose + +[ policy_strict ] +# The root CA should only sign intermediate certificates that match. +# See the POLICY FORMAT section of `man ca`. +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ policy_loose ] +# Allow the intermediate CA to sign a more diverse range of certificates. +# See the POLICY FORMAT section of the `ca` man page. +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ req ] +# Options for the `req` tool (`man req`). +default_bits = 2048 +distinguished_name = req_distinguished_name +string_mask = utf8only + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +# Extension to add when the -x509 option is used. +x509_extensions = v3_ca + +[ req_distinguished_name ] +# See . +countryName = Country Name (2 letter code) +stateOrProvinceName = State or Province Name +localityName = Locality Name +0.organizationName = Organization Name +organizationalUnitName = Organizational Unit Name +commonName = Common Name +emailAddress = Email Address + +# Optionally, specify some defaults. +countryName_default = US +stateOrProvinceName_default = Illinois +localityName_default = Chicago +0.organizationName_default = FreeSWITCH +organizationalUnitName_default = Blade +emailAddress_default = + +[ v3_ca ] +# Extensions for a typical CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ v3_intermediate_ca ] +# Extensions for a typical intermediate CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true, pathlen:0 +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ usr_cert ] +# Extensions for client certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth, emailProtection + +[ server_cert ] +# Extensions for server certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +keyUsage = critical, digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth +subjectAltName = DNS: master@freeswitch, DNS: master@blade + +[ crl_ext ] +# Extension for CRLs (`man x509v3_config`). +authorityKeyIdentifier=keyid:always + +[ ocsp ] +# Extension for OCSP signing certificates (`man ocsp`). +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, digitalSignature +extendedKeyUsage = critical, OCSPSigning \ No newline at end of file diff --git a/libs/libblade/test/ca/intermediate/crlnumber b/libs/libblade/test/ca/intermediate/crlnumber new file mode 100644 index 0000000000..e37d32abba --- /dev/null +++ b/libs/libblade/test/ca/intermediate/crlnumber @@ -0,0 +1 @@ +1000 \ No newline at end of file diff --git a/libs/libblade/test/ca/intermediate/csr/client@freeswitch-upstream.csr.pem b/libs/libblade/test/ca/intermediate/csr/client@freeswitch-upstream.csr.pem new file mode 100644 index 0000000000..f39fb3c5d0 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/csr/client@freeswitch-upstream.csr.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCElsbGlub2lzMRAw +DgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQLDAVC +bGFkZTEeMBwGA1UEAwwVQmxhZGUgQ2xpZW50IFVwc3RyZWFtMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7QkR1NA64HPzuYYko7LTciwCWu1JLGuA3/7D +kskMZ180+sQ3dBG4UjujKMRc0h65oFZc//WYIfmfUznLvLsRygghlevPqgGRGdf9 +WHIMjo9+hLM6MgZ51Eqqydh42L7sen/2bO85gh/pfxno3+uPFGIJtX6GFiJ5Hp86 +wF+cqnfRRUFo+0L34+rLY08fITEkTbPjNg5R2jcWa+dWJXIJi3pud+ulWPTKalYi +UvsqN8tucjJIZb279yzrxsV2qjRqHBCToBj9/kcJHD8gKrpEf1HsiLLJ7PEAID1f +MONTL5sVXCJ1TXpjWNZTlcTCCMAhrEghGMZV0FIm7GS//naqywIDAQABoAAwDQYJ +KoZIhvcNAQELBQADggEBAJd+fNwHr5soFlNbWb5kMP5utXwJhElEfnQ25puC0jhP +I03z63MS8Chi1Uaxo9MBpFnC84LVmhPT+7RwpRBubVJEWq2WUjZRvbt5dih+kGum +zC7dDhHAMx8Gk8TwsYnnzCDkcvetCCTfrn5otYlVxc/36PWoMB4dL426XSi5JVx0 +nxeXmbiIpZP9udwXDl6J6i8HhjtGpveiVIV3RrfleApYHAxFa5pVP9l3pwMt9RqX ++TbqXexAXrJoVoi8JENjDMGl2H/95UaXB7W/6iIHc/1hy3ebk5OCahxeIoS8LHgX +LsLKJDVsz5eOmfo5rF7lT1WVgp2TTS+W6ys2uX3j/cY= +-----END CERTIFICATE REQUEST----- diff --git a/libs/libblade/test/ca/intermediate/csr/controller@freeswitch-downstream.csr.pem b/libs/libblade/test/ca/intermediate/csr/controller@freeswitch-downstream.csr.pem new file mode 100644 index 0000000000..d143bb913f --- /dev/null +++ b/libs/libblade/test/ca/intermediate/csr/controller@freeswitch-downstream.csr.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICwjCCAaoCAQAwfTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCElsbGlub2lzMRAw +DgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQLDAVC +bGFkZTEkMCIGA1UEAwwbQmxhZGUgQ29udHJvbGxlciBEb3duc3RyZWFtMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEA1njlU4qAG2/KskXthKBI35KDT +ND92Dqg6gkAvbC/IGEJJyzxw7Fd2AjNMAbNLuaasK9HFRwPhZXOLQjvl+wjwtBEA +gGw+gLqrLdC3RVuiWlxGsbfB4tAYn9Av44jURYc1Prprnvqzl8+DIU6UTuRh9Jim +oyL6NC4rqgcvo8LjR01RNn27RdyeO/VhDjdiU2/vC/OujUqnInhtGvTB/KrDJtxL +Ecl15zBGe0PBoolYCF2+8FS2cMFw8y2aeeNeOfvjlzMXOxGG4vohxUNx/DZh6aNU +zbh9Fp7gvJQ8ZRsRNqtI3AgGW4+7Bt4US9ekM8RQjRb51Vk/NcFhOKejswIDAQAB +oAAwDQYJKoZIhvcNAQELBQADggEBAHvlM/HiAI9fO2QlQRX4lAo0Y+pLYZDI0kjY +2PWsLEzI69mBYLTGFrvzYaSzwDUzkHBuypV69BTsWHQBbnMfRRvvqXQCObYcnMUa +IDaM4m4YLSYICWUYe+aCQZIMjg13TRspR8H1DlbRUlYFvsYumMeaeAauHW0t6xfL +H5vaFtNs0G4apJpb++CoCW/2cWS5Iyj4oViGitX1ajl4oRBzjPMqRQFlqUWExcM8 +a/XA1STOcIw8qlIWZw9hL7StOoMcAFhybjadZIGLYSI8Y1vCl2+Ur+bRNEU0VY4h +k9jhjr09pI0rHcXhXziZ88NRIQL4rT04MJnjR2G7AY18bKIGnqk= +-----END CERTIFICATE REQUEST----- diff --git a/libs/libblade/test/ca/intermediate/csr/controller@freeswitch-upstream.csr.pem b/libs/libblade/test/ca/intermediate/csr/controller@freeswitch-upstream.csr.pem new file mode 100644 index 0000000000..9704b1280e --- /dev/null +++ b/libs/libblade/test/ca/intermediate/csr/controller@freeswitch-upstream.csr.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICwDCCAagCAQAwezELMAkGA1UEBhMCVVMxETAPBgNVBAgMCElsbGlub2lzMRAw +DgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQLDAVC +bGFkZTEiMCAGA1UEAwwZQmxhZGUgQ29udHJvbGxlciBVcHN0cmVhbTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOLeR7h7lhJR2/T3uaG8P20ko4Zo9wud +GS/GN+aFv5EpFjlnRRxxbaqc5FFxWSWoJpMvrciX+4izC/jgmVSU9L7TdK2svGT8 +rqbXz31H3wEIBP4irKLtW22UbOZL2JoiW8kDUMcyOsc3jTqpEwm96PSiYUJHvP6a +TJRJdsAlmxZoJu46hxg8tNuy0V6YVPBZFU9NODEosm/wwAFoAly70lvUD/kXBZFP +BbgMy6xHVPrXKdou2p4IwfWNqm4VmS652YkjG7avSSAnTaphtaTTCvtwOkCvrjJH +vg4AG+zgwPdRxSZRqm7+zQdAIyC3zQzQRkbOizlZXej+ffXjEiPNmNMCAwEAAaAA +MA0GCSqGSIb3DQEBCwUAA4IBAQDTJmaPVFGJ7lgj2TOJi66WSLkXUc3wKCX7dkX/ +GIGXyr2hsabYT3FOkWlL0W/CI2KXkFEItnHPE4Plit9E+O/fZYGWjfSHhVUa6rzF +w+rM2EWklAl6s/zH1/MoliRG68aluyqv8aIyovRNfAj3F3FaDW5qiIaSVtp3Znlu +OlrIQD3ixqIa4na0+kr9MEV+wehDl5Uib0j8GLf7dM/drEywzWVkjaPRttrgvu/M +loill3Ta13RQMs0qzu1zx36mbb+hyahq5kyrabWDisV6cmWxbcSCIGCOCfgHdXMl +KYupqGBp1ey7KEl3erB4WQ8Rhl7z01+5QEhd875pNmHRE5/w +-----END CERTIFICATE REQUEST----- diff --git a/libs/libblade/test/ca/intermediate/csr/intermediate.csr.pem b/libs/libblade/test/ca/intermediate/csr/intermediate.csr.pem new file mode 100644 index 0000000000..900701b01a --- /dev/null +++ b/libs/libblade/test/ca/intermediate/csr/intermediate.csr.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEvDCCAqQCAQAwdzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCElsbGlub2lzMRAw +DgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQLDAVC +bGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMIICIjANBgkqhkiG +9w0BAQEFAAOCAg8AMIICCgKCAgEAsiVjUmZX3PrCMTqIQhcdSXYJGexrWMP64OTg +j86dw517Ol+/aZE70LtWRx59dvnIOt1r+qryv2k1WbpDbAIkgIiWsr24r3RIuwHx +aw7wOeu/0TlPH3pTonmoPHkxrcgUzt8XUpQ/UtVrClLiUwwoWFzJ38/V0A1laXMc +IGgzg70cyjiwpjHh/PGfTTIo0r5FThbJ3d5ye046D8O3HcUe3VsTFQW49RayBVRH +xv5Hpn/VTqJZ77fH9cEBRUIGHLO3s6sKljSDdNfvBUKHsJp+lmdN7niCMyjWWpKt +onkOvhKfUtXWBFrxxVCs1tRn6bZoew0vGakS+IcMtN3brvHmpcQMI1qN6wmJIAtG +lDMAkT+d5C9VrZ+JpXs9s8aXG1RzJHwn2wZ+65vLjz9G6U9DUKMvX6wj4gSWcxmp +OJpv7VNPk7IoxhhGNDiTdH+BQafQyFAFzLVU4/oZUYSB45gAJsNKO9g70dl3Iz2K ++nEuFXcExUzYHQ+YXEuAV3IGUg+Q/fr/mQHM4UlZ1isws/+9qEVWZOB68ObxSGLc ++8S3qQpSdYeQEd1qPMMou9uHzL5RyBqns+1PxqllH7wn1NfzuAwXMfmvhdxIX3uK +cn+rT3xXx3Kg8mkvo9EDOKAFcaYHZ8WEuC2hd+4p8j+d+BAc7sxtgIIU/jM5yHaQ +Vlh6EFMCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQBjDnbyUJMn5Av78pt611u3 +/QrYxH1SHEwjtSwPcusmoTCNhMIF07GLlRuLNB1teyNLFtLzq345d/sr+o9BmFAS +ODpW0rN5RGXnZKvHPrBARFRb/UdyZDlvbl/ksVT6b9fzroPRtU3IqgdAXvKnvJ7G +1RCaIxyZd7T856Z7Eq2tmn0AblyXJLWy2JpBy6CzRK4KFCuNHbs+HrVBXeHD6Tgc +pcbtIKohHw/x3r+OX2uf6hr0bfewePE7y5pf4yVb+eaN6TMQQHHSN+oIVSNi8yKk +Sr1wd8F5OEp6teYKj4Nlrc8giOkrIV91a1XUJsKgYfzpT4GevIw+8U1uIa8qB3Ow +ZchgdsltZAFR0MGmwJNKGQ6JAmFmZTGD2G43P3Y9EnXDiGYWo5k0UkdghaoJIIAO +DYxGhEGOINjHmJyQik0ha+38+cLAWoItrSIShZaHDMSXx5ujaFBrZxPa662BwkF4 +zUXmAW09ww64owAYZ+a1EuujTcLDYszSzIbF6UqBoCeDpq3L5wEgFzl0zktVIwWI +YQ99IKOj0JVbsIbikFoteXFbE1x0dR05Mgx9NaCDrIlmmydnsNW5xvwQISYnr92U +HgS0/xfgaPo8hqDpl6rjlfwj0Ay/LZTAfH/xGjN69DZbTgf55PRhkTdwMLiQuY6e +ENqjprP7sJ7aYdND59jAmQ== +-----END CERTIFICATE REQUEST----- diff --git a/libs/libblade/test/ca/intermediate/csr/master@freeswitch-downstream.csr.pem b/libs/libblade/test/ca/intermediate/csr/master@freeswitch-downstream.csr.pem new file mode 100644 index 0000000000..e8922958b8 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/csr/master@freeswitch-downstream.csr.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICvjCCAaYCAQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCElsbGlub2lzMRAw +DgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQLDAVC +bGFkZTEgMB4GA1UEAwwXQmxhZGUgTWFzdGVyIERvd25zdHJlYW0wggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK8mciD1y9F1fz08+4V1d6VZfv87h0V4/J +ihsjFEAlvog1W1BsfMPw1eNGmykDVZPVgmmgjP95UZYBm9gWP26ze6hzA/7wpqdC +s/tG0XsiCS5NsyP/9g33hcXJqzhTQXoqn0cGRJzrre2AfPoX2CijWpjH3ufUMyZz +N7fP7/VCYNEDR/4Geyp3RjBnqw4PlFqroME2762kNC5jGkChhPUpYrKwNE6mvQ6H +0DwjJl9cHR9ynssU81h0TDa98N6kKcDLzK7BAoFtFGRKrFkLdb8LtvbG6zyLZrpJ +twkcgfyOoKtXMuHGfISnnMtbgi6IyZPfo/9RcKK6q6a3/ZHEplwJAgMBAAGgADAN +BgkqhkiG9w0BAQsFAAOCAQEAGJ9T9wIQ5i8X8bkvsNKJMWBWWx6O5ihP77ve6Pet +BHvfJyV++lFbaU4Af/5R5eE5aOXpfIzMm6MHmvE3sSSL9+Bkaqw+VL1jKieG919C ++5CEC1T053QWjbqYG7dp5wVTMJ3MSawvsrkD6sr2rSHhu2pcmEeF5bFcaaYSXVsG +vmCGQh7lUj8N79xdiuQvYUM1Lpgo/81WeUWXjCaMVkv6Hdzp0Hx9avCSweb6kklE +dSUjOkOKGA/+IoCXmFiLxNs0hzxrkG85aVCmv1x5fcm9mqNVoqBY2YqWWguavDnz +DT88l92ZDGqJpVmB+a5H1pC9JY54UUyii462ZMcDmrMK7g== +-----END CERTIFICATE REQUEST----- diff --git a/libs/libblade/test/ca/intermediate/index.txt b/libs/libblade/test/ca/intermediate/index.txt new file mode 100644 index 0000000000..b4cb5e3ca0 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/index.txt @@ -0,0 +1,4 @@ +V 270905094459Z 1000 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Master Downstream +V 270905095216Z 1001 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Controller Downstream +V 270905095650Z 1002 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Controller Upstream +V 270905120806Z 1003 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Client Upstream diff --git a/libs/libblade/test/ca/intermediate/index.txt.attr b/libs/libblade/test/ca/intermediate/index.txt.attr new file mode 100644 index 0000000000..8f7e63a347 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/libs/libblade/test/ca/intermediate/index.txt.attr.old b/libs/libblade/test/ca/intermediate/index.txt.attr.old new file mode 100644 index 0000000000..8f7e63a347 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = yes diff --git a/libs/libblade/test/ca/intermediate/index.txt.old b/libs/libblade/test/ca/intermediate/index.txt.old new file mode 100644 index 0000000000..47a2db0ebf --- /dev/null +++ b/libs/libblade/test/ca/intermediate/index.txt.old @@ -0,0 +1,3 @@ +V 270905094459Z 1000 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Master Downstream +V 270905095216Z 1001 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Controller Downstream +V 270905095650Z 1002 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Controller Upstream diff --git a/libs/libblade/test/ca/intermediate/newcerts/1000.pem b/libs/libblade/test/ca/intermediate/newcerts/1000.pem new file mode 100644 index 0000000000..2e0a69d061 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/newcerts/1000.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFwDCCA6igAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL +DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw +NzA5NDQ1OVoXDTI3MDkwNTA5NDQ1OVoweTELMAkGA1UEBhMCVVMxETAPBgNVBAgM +CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI +MQ4wDAYDVQQLDAVCbGFkZTEgMB4GA1UEAwwXQmxhZGUgTWFzdGVyIERvd25zdHJl +YW0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK8mciD1y9F1fz08+4 +V1d6VZfv87h0V4/JihsjFEAlvog1W1BsfMPw1eNGmykDVZPVgmmgjP95UZYBm9gW +P26ze6hzA/7wpqdCs/tG0XsiCS5NsyP/9g33hcXJqzhTQXoqn0cGRJzrre2AfPoX +2CijWpjH3ufUMyZzN7fP7/VCYNEDR/4Geyp3RjBnqw4PlFqroME2762kNC5jGkCh +hPUpYrKwNE6mvQ6H0DwjJl9cHR9ynssU81h0TDa98N6kKcDLzK7BAoFtFGRKrFkL +db8LtvbG6zyLZrpJtwkcgfyOoKtXMuHGfISnnMtbgi6IyZPfo/9RcKK6q6a3/ZHE +plwJAgMBAAGjggFkMIIBYDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAz +BglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmlj +YXRlMB0GA1UdDgQWBBT5po36vCPKHCecbSz1ueDbFDZ1jjCBmgYDVR0jBIGSMIGP +gBT24ScXvFFEdGFsK+X5SxmWnAmd/qFzpHEwbzELMAkGA1UEBhMCVVMxETAPBgNV +BAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJ +VENIMQ4wDAYDVQQLDAVCbGFkZTEWMBQGA1UEAwwNQmxhZGUgUm9vdCBDQYICEAAw +DgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMCoGA1UdEQQjMCGC +EW1hc3RlckBmcmVlc3dpdGNoggxtYXN0ZXJAYmxhZGUwDQYJKoZIhvcNAQELBQAD +ggIBAJ73CuGQvtFkzQxhVvmWcg7TOHeV6I1IycBXDgyEdL3MEC+z2vXpz7NwzcnD +F0gYBVXAszSkNsLxmzUsxSr2IOy6rTJ/5R/GP9/3NLfjF1H2r1lxytfngMokp6ts +AiCPu5fiIyYPlwj3Gcbw0+n8LL06oPKGf291eHRjWlJbbI0grUW2W1Mdajd9U42z +vadoY0NAtWiZI3sM+OpicAg8hsYLN40KsnEag3Y6JdsDNiT05qKDhUcqVROlVcu4 +CT4u1gNROClAt/iUGA2s8jsPutPEedtGuAcIHqDk60C6D0v1+PokdFGG2ZBgHZLg +fXRsPYzAtsqhyUW3jyR3XYEoIj1tU+zHRZT7B5wPczhOBk5LOHf+QYVVzwV3Ff5x +8de8KRXRSg2ygLQGpBWTqMzzrjVgeSBNzC5nW/WaQHkMxmSGvUyvpUVUX/ySpDFf +r4JfpYHmxSNWVdRVBmCzTBq2qM8npaPWsagXWOv/hdZcrTTi6nnrWxSIFogiY9DX +YW2GUENt56AlXlyhiKd/NCWkQN5c/pRjV8EVUSTNuLNwFsGWmdZdjiaOUeILxHQS +OyzvTgKohqHikECl1wISRuDY8Fbu+xfqUaERsSfS35CBKW3qtmnmg+9meE6MRj7I +sbWoHXx7dJZst7vcDDsBptUPNUFKsgHKqfaGrb7hJGro/vTV +-----END CERTIFICATE----- diff --git a/libs/libblade/test/ca/intermediate/newcerts/1001.pem b/libs/libblade/test/ca/intermediate/newcerts/1001.pem new file mode 100644 index 0000000000..2e4878f946 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/newcerts/1001.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFmDCCA4CgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL +DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw +NzA5NTIxNloXDTI3MDkwNTA5NTIxNlowfTELMAkGA1UEBhMCVVMxETAPBgNVBAgM +CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI +MQ4wDAYDVQQLDAVCbGFkZTEkMCIGA1UEAwwbQmxhZGUgQ29udHJvbGxlciBEb3du +c3RyZWFtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEA1njlU4qAG +2/KskXthKBI35KDTND92Dqg6gkAvbC/IGEJJyzxw7Fd2AjNMAbNLuaasK9HFRwPh +ZXOLQjvl+wjwtBEAgGw+gLqrLdC3RVuiWlxGsbfB4tAYn9Av44jURYc1Prprnvqz +l8+DIU6UTuRh9JimoyL6NC4rqgcvo8LjR01RNn27RdyeO/VhDjdiU2/vC/OujUqn +InhtGvTB/KrDJtxLEcl15zBGe0PBoolYCF2+8FS2cMFw8y2aeeNeOfvjlzMXOxGG +4vohxUNx/DZh6aNUzbh9Fp7gvJQ8ZRsRNqtI3AgGW4+7Bt4US9ekM8RQjRb51Vk/ +NcFhOKejswIDAQABo4IBODCCATQwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMC +BkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIFNlcnZlciBDZXJ0 +aWZpY2F0ZTAdBgNVHQ4EFgQUowMxPRDVCvF5Ax/Nvn+quWWny/kwgZoGA1UdIwSB +kjCBj4AU9uEnF7xRRHRhbCvl+UsZlpwJnf6hc6RxMG8xCzAJBgNVBAYTAlVTMREw +DwYDVQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzETMBEGA1UECgwKRnJl +ZVNXSVRDSDEOMAwGA1UECwwFQmxhZGUxFjAUBgNVBAMMDUJsYWRlIFJvb3QgQ0GC +AhAAMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG +9w0BAQsFAAOCAgEAayl96eapLsMHWJDT/p1qfNhMYR+JtO7xaaGLJ+yiibY6T1Be +1R5dLhG7y00Ww1Os9B4F3rWScFxpGqI9GgX8FAGo94Rm3c6+qLAKj/IZmXC6Dgg/ +VzqppcxMt+wo4HsYYhiamVLCyPTrOpPZ82X0+rlR+7iQRbEQ09ubfrb1ec/rDbfU +Kucr1ugwAyOLCmTsK+PAXhAdT/9ci/pL2uO9AxKYgSqvc9VnxoyUusq4Qouxb76I +qmbkGxVN0iP67tJ9jecyaXSoAJ6kBUPAdOesp9shPXmxnU6sPbk5FuJqNU5uZmK+ +KFwGMycLOl8wGAtK88GlupSYHmUT1CDo5rKFtOtyD0wcjM1p+lieQIFYDRV4OLXh +qTa3gtgVRqEcXdn2GdtNFlO87HWR8ptr4gA3jfm/yaC3WGqsgbZtXyPerSIUSd3B +op+5tvE8oqaIahCJV+Lj5XbmXoQkVKGel1xQjZ9rZavBxvwT4BlTNjYBZQHN0wsk +T9Pd1jbytZ9Ffwf3BO/vnkeo4mXSybYN+Ohfh3+bDPMu+NDL7m2/V8ZhIuRCJP0w +YBrlHHxvn4wjVOMix/KXcYXMlVenL0V1xTUHhFhQhBWQ9V4TzzWq/YeZH18MyB/Q +J9vGivKGGFUcs2F7ze+juVOPuUv/hE4ypdPAa4uq+v4HUQAD3mYZkeJnq8o= +-----END CERTIFICATE----- diff --git a/libs/libblade/test/ca/intermediate/newcerts/1002.pem b/libs/libblade/test/ca/intermediate/newcerts/1002.pem new file mode 100644 index 0000000000..3f8d405924 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/newcerts/1002.pem @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFVjCCAz6gAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL +DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw +NzA5NTY1MFoXDTI3MDkwNTA5NTY1MFowezELMAkGA1UEBhMCVVMxETAPBgNVBAgM +CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI +MQ4wDAYDVQQLDAVCbGFkZTEiMCAGA1UEAwwZQmxhZGUgQ29udHJvbGxlciBVcHN0 +cmVhbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOLeR7h7lhJR2/T3 +uaG8P20ko4Zo9wudGS/GN+aFv5EpFjlnRRxxbaqc5FFxWSWoJpMvrciX+4izC/jg +mVSU9L7TdK2svGT8rqbXz31H3wEIBP4irKLtW22UbOZL2JoiW8kDUMcyOsc3jTqp +Ewm96PSiYUJHvP6aTJRJdsAlmxZoJu46hxg8tNuy0V6YVPBZFU9NODEosm/wwAFo +Aly70lvUD/kXBZFPBbgMy6xHVPrXKdou2p4IwfWNqm4VmS652YkjG7avSSAnTaph +taTTCvtwOkCvrjJHvg4AG+zgwPdRxSZRqm7+zQdAIyC3zQzQRkbOizlZXej+ffXj +EiPNmNMCAwEAAaOB+TCB9jAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAz +BglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRpZmlj +YXRlMB0GA1UdDgQWBBSmUpL+sqt/zQFJU1CnvyTAKVEttzAfBgNVHSMEGDAWgBT2 +4ScXvFFEdGFsK+X5SxmWnAmd/jAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYI +KwYBBQUHAwIGCCsGAQUFBwMEMDIGA1UdEQQrMCmCFWNvbnRyb2xsZXJAZnJlZXN3 +aXRjaIIQY29udHJvbGxlckBibGFkZTANBgkqhkiG9w0BAQsFAAOCAgEASJ0KLhWJ +74j+jbHNAKMvqjrhCBSrAr6Ma94L7ut35umYx9jVQhlvW5FQnI+cGU9s+RRm/tkK +bze6aP+FaQdQvQMaxH9P7nCUjEXvKutzATwmXdRNv8MS+i9xVxX1vodZz2nSJ4uE +4GqwiS+HtF5W4DCSId55RQ/1lMsTHsDNi0SspV5nubGJ4qDv/EA6vgkEUMbR6X3J +phLcVTNeM+MvwYFZWZtnXkLnejZUYXMvtCCPwOW3fMQP8lWzNHwCOT+rZCboCnba +NMAOKKkZDiz525wYUsYqDrLN8Q94m1EwgCjIhd9Vn4aLZTBouKAouFW+//L8WWHA +rHFQuw4fy/efZzd1B+AaiM5FfWcKZuGQqa2LJS//GHDQGbRYZZOX505qOSKonSBU +vTLFDYIE4gIYWFFUZqzVOJnafRUGEVl1V5xLZajM7HWMuhCK8p+XA6QM7HQXDUMd +tMa9+EhU5nDF5V+gQmzjNDkh3xGLMbkZceEIP4nSRT9rTEVfILsQ8Q6G9pWYfYf7 +NsSBmax/F/8Jbx2gw9UVo7HVDx6dA5FRht4K8qiT6aA/5pRSOADMRz6ISM2idiF9 +NjadbBo+nVPtKosSF5ZGKxTAdYMUb34FMdp1N7J4UzG1ZBiLpNa3+7R3GGbtlNy5 +WLn35rnLEHYt9KvftBeYz58KVaiPQz/af8c= +-----END CERTIFICATE----- diff --git a/libs/libblade/test/ca/intermediate/newcerts/1003.pem b/libs/libblade/test/ca/intermediate/newcerts/1003.pem new file mode 100644 index 0000000000..b77891973f --- /dev/null +++ b/libs/libblade/test/ca/intermediate/newcerts/1003.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFPDCCAySgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL +DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw +NzEyMDgwNloXDTI3MDkwNTEyMDgwNlowdzELMAkGA1UEBhMCVVMxETAPBgNVBAgM +CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI +MQ4wDAYDVQQLDAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgQ2xpZW50IFVwc3RyZWFt +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7QkR1NA64HPzuYYko7LT +ciwCWu1JLGuA3/7DkskMZ180+sQ3dBG4UjujKMRc0h65oFZc//WYIfmfUznLvLsR +ygghlevPqgGRGdf9WHIMjo9+hLM6MgZ51Eqqydh42L7sen/2bO85gh/pfxno3+uP +FGIJtX6GFiJ5Hp86wF+cqnfRRUFo+0L34+rLY08fITEkTbPjNg5R2jcWa+dWJXIJ +i3pud+ulWPTKalYiUvsqN8tucjJIZb279yzrxsV2qjRqHBCToBj9/kcJHD8gKrpE +f1HsiLLJ7PEAID1fMONTL5sVXCJ1TXpjWNZTlcTCCMAhrEghGMZV0FIm7GS//naq +ywIDAQABo4HjMIHgMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMDMGCWCG +SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBDbGllbnQgQ2VydGlmaWNhdGUw +HQYDVR0OBBYEFCZDQ3rDX5H3YjuUjV5wsBi/GYyhMB8GA1UdIwQYMBaAFPbhJxe8 +UUR0YWwr5flLGZacCZ3+MA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEF +BQcDAgYIKwYBBQUHAwQwHAYDVR0RBBUwE4IRY2xpZW50QGZyZWVzd2l0Y2gwDQYJ +KoZIhvcNAQELBQADggIBAETxSF12VHvtjQA/uP6oUyENmu7wSbINUQZznzyJZSUQ +X0eym9llkUqviMeT9g6wRIoFGSnoMuDkxKbG5k6xVIw6xBUeS+Ce40nhH3qmMkRi +2DZgoqpQHb4DrTszJlXCxLhnnE83DuGDGxN2MbdY1HhCUo8yHqlCiA27hnxk46xh +Xuyx44zoYsdpnROppSwBAeaW9Ewanp7GL8ayWUkbBy0kGV+8wH7u9bpijevmGZSC +iykbYBM7V+RvDvZoywfNSP+l9H77Tv3SI6G40Pfc55M5MbFOa/Po+XjNVeoTOFCu +YIgIm/kA2OUySyBiOy54HfxG5BecZYW+uUm2KIrDX5bS2tZcCww2eo4AKCXEYWrh +1NM1xbeZCregMQ+2gRap4jhB5a49JoH3KPrjFc+1fhnv68bmSAUWwF0twwxev1Aq +ugYwx5lOhAl9+wAZbtsUsmsCp0AmzsIzgv43H6lMXUMjwH8v770J7vpKgMzvXlu8 +wWxFKVMfyocQqvOvBQ3i9SwptnA0ORO8Y8/+Tyu8uW8as/H7z9qaHBcCOWl1RZkR +diBrb5f+OtnamvmDM32APxYtfomj9pgWyxK9vmeCpCILdga3c41iBHbGNJDaNz9q +y9N8z9w887aKQT+HUjoDD2/Zb92Nia1tY+NU0Qd3AQZysJjz1Pq/Eu7KRpHAirTC +-----END CERTIFICATE----- diff --git a/libs/libblade/test/ca/intermediate/openssl.cnf b/libs/libblade/test/ca/intermediate/openssl.cnf new file mode 100644 index 0000000000..2a0e3561f0 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/openssl.cnf @@ -0,0 +1,132 @@ +# OpenSSL intermediate CA configuration file. +# Copy to `/root/ca/intermediate/openssl.cnf`. + +[ ca ] +# `man ca` +default_ca = CA_default + +[ CA_default ] +# Directory and file locations. +dir = . +certs = $dir/certs +crl_dir = $dir/crl +new_certs_dir = $dir/newcerts +database = $dir/index.txt +serial = $dir/serial +RANDFILE = $dir/private/.rand + +# The root key and root certificate. +private_key = $dir/private/intermediate.key.pem +certificate = $dir/certs/intermediate.cert.pem + +# For certificate revocation lists. +crlnumber = $dir/crlnumber +crl = $dir/crl/intermediate.crl.pem +crl_extensions = crl_ext +default_crl_days = 30 + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +name_opt = ca_default +cert_opt = ca_default +default_days = 375 +preserve = no +policy = policy_loose + +[ policy_strict ] +# The root CA should only sign intermediate certificates that match. +# See the POLICY FORMAT section of `man ca`. +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ policy_loose ] +# Allow the intermediate CA to sign a more diverse range of certificates. +# See the POLICY FORMAT section of the `ca` man page. +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ req ] +# Options for the `req` tool (`man req`). +default_bits = 2048 +distinguished_name = req_distinguished_name +string_mask = utf8only + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +# Extension to add when the -x509 option is used. +x509_extensions = v3_ca + +[ req_distinguished_name ] +# See . +countryName = Country Name (2 letter code) +stateOrProvinceName = State or Province Name +localityName = Locality Name +0.organizationName = Organization Name +organizationalUnitName = Organizational Unit Name +commonName = Common Name +emailAddress = Email Address + +# Optionally, specify some defaults. +countryName_default = US +stateOrProvinceName_default = Illinois +localityName_default = Chicago +0.organizationName_default = FreeSWITCH +organizationalUnitName_default = Blade +emailAddress_default = + +[ v3_ca ] +# Extensions for a typical CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ v3_intermediate_ca ] +# Extensions for a typical intermediate CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true, pathlen:0 +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ usr_cert ] +# Extensions for client certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth, emailProtection + +[ server_cert ] +# Extensions for server certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +keyUsage = critical, digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth + +[ crl_ext ] +# Extension for CRLs (`man x509v3_config`). +authorityKeyIdentifier=keyid:always + +[ ocsp ] +# Extension for OCSP signing certificates (`man ocsp`). +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, digitalSignature +extendedKeyUsage = critical, OCSPSigning \ No newline at end of file diff --git a/libs/libblade/test/ca/intermediate/private/client@freeswitch-upstream.key.pem b/libs/libblade/test/ca/intermediate/private/client@freeswitch-upstream.key.pem new file mode 100644 index 0000000000..60289fa059 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/private/client@freeswitch-upstream.key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA7QkR1NA64HPzuYYko7LTciwCWu1JLGuA3/7DkskMZ180+sQ3 +dBG4UjujKMRc0h65oFZc//WYIfmfUznLvLsRygghlevPqgGRGdf9WHIMjo9+hLM6 +MgZ51Eqqydh42L7sen/2bO85gh/pfxno3+uPFGIJtX6GFiJ5Hp86wF+cqnfRRUFo ++0L34+rLY08fITEkTbPjNg5R2jcWa+dWJXIJi3pud+ulWPTKalYiUvsqN8tucjJI +Zb279yzrxsV2qjRqHBCToBj9/kcJHD8gKrpEf1HsiLLJ7PEAID1fMONTL5sVXCJ1 +TXpjWNZTlcTCCMAhrEghGMZV0FIm7GS//naqywIDAQABAoIBABSZ9TLJ5lQbv9Mg +FY8ku7vwl0PP28xAi7LsMZNQZgOWAsTIyQkNgTekd0nTxz177iZBW1PjxJUvXOme +3FZK7ADjNAgTtrjP6gyU+S/2uaCqWBSwfx5Z8bzBwJZKejZcYbFD7ecJ47WrkF+7 +oMHVd1oOK0na9Ux3Mo+2xyRxKuyl0ngwYp71pDh2QyCqZUXBEeY/gD6rPOf6Bt02 ++fEjsePe0wGJUpiTpThwJuYH8nHQviXIN/zEK5CN3kOFC+fVVRLrXENmOrVBUMjC +l8falZza/dtzStDDKsC5gQw+GZM3TC/1zo0eb+uzTeTLDH3o5GWsCAKC9MMImZo/ +gu9KkgECgYEA+Ecnv+nfAn6REU4jztFYcAHGMs0dEJPJK1AD/TkwMYC7Ve2uUNuz +/0KsKiz0SyqhQxsvBHnj2FVlTZCxGQFe2KhVF3cp5miALMHlH/mbQyP2nnoO2+Ny +A8GBizPNvugdDKUrnj/6jIp6S+2jhR5OfEtY2KgA5QjGRMIxndhsNo0CgYEA9Ghm +Hk+UtutZ7NPXoZBH0iuBiDj3NOfqX/84mUb4XAQ+EVUw62pGpTf2OU8RRuHgGoHf +aRcrfga/wtKx3/UA2m31xNhIWIHSGE35neyzQQXBp6fB2bhUCpPBgFCJz+fQCdOj +fcCw3vrMf2H5oS/0azIsgsDRVp9lNAOtgdfFXLcCgYB5IgZTzSBAUE4o+k3gLyWN +6F+yE38VwnUJC84Wcxt/W4aLIx7EVp0YcogbP7mlHtR1MEMdVPcEao21bV3qjE+h +N2fkvgAUaXH35FYM5rSI6nf91CGByROsn3G73/eHKCpcLA3+9MoiXcHTX8tDPIkg +fYaIlldxZ3mMvI6Gq7wIVQKBgQCba0P85GhSRalCg5fson45dPcC9A6ncw7Eityo +A8xtXzlE9mKMYWGZMNP/r3ryEzLaSFoUTuqWUp5gunDoVLl9LU2LJmoi9jLux68D +MQDwSUPTZEdONvwiWcFD4nMwZV4S0aV2kzEmKmAeZOREDuWjwR0y7IByUBwgDnKo +TdiwUwKBgQDJ8OYzNPvp6wJ0vGg3s7ula8tiHCPmFCRJVLV6H1a+UDQD4MY2DdFa +MgyxbetwglrSJNI4KJnc+WRYKspvTHlIkkr/GyJRW1EtBBED+drkOmvZE7vc51mN +vj79bK66jJls/ul7YQxaKPHhB77zVNFJzWfZ8BrOCMhNTuxIE1xpRA== +-----END RSA PRIVATE KEY----- diff --git a/libs/libblade/test/ca/intermediate/private/controller@freeswitch-downstream.key.pem b/libs/libblade/test/ca/intermediate/private/controller@freeswitch-downstream.key.pem new file mode 100644 index 0000000000..6a516337b4 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/private/controller@freeswitch-downstream.key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAwEA1njlU4qAG2/KskXthKBI35KDTND92Dqg6gkAvbC/IGEJJ +yzxw7Fd2AjNMAbNLuaasK9HFRwPhZXOLQjvl+wjwtBEAgGw+gLqrLdC3RVuiWlxG +sbfB4tAYn9Av44jURYc1Prprnvqzl8+DIU6UTuRh9JimoyL6NC4rqgcvo8LjR01R +Nn27RdyeO/VhDjdiU2/vC/OujUqnInhtGvTB/KrDJtxLEcl15zBGe0PBoolYCF2+ +8FS2cMFw8y2aeeNeOfvjlzMXOxGG4vohxUNx/DZh6aNUzbh9Fp7gvJQ8ZRsRNqtI +3AgGW4+7Bt4US9ekM8RQjRb51Vk/NcFhOKejswIDAQABAoIBAQCPBjXdhGF2R/9S +WnOvt85L9WHHoS3/TMcTmGwOwpmFLvb5tTcZD9oiud59PJRrH2xSrYChCOpvLp/c +zdzoZY9u9vO7wnpREDZfpn/7Ea+G1ekuuD+Pr1l61726BzPZXs4s+63NAPtXxsMd +SbAQc1k6aAXH5ljyPO9PKpopYDc86FCJwPikedeYAHzRG7o5msMUiyTQJkiti505 +cpK+YC6F0KxLzhYKKy5UlWW9J/j5rZf1UkK9keaP+dWxi3u1177aaZh3f/RMl04I +QFxhfIElyuzcJK84uC3Ddmwjk88ix9RqP3Ho7EY+ly5WpHcuHJVXxKgOQXheRYeH +4GQN2nBBAoGBAPOwQGPrwYkHjjWUAZ6NAvhxwUfJipjcdj0mF1J9aHzg6nn3PpE3 +nbFipPGdfTIf+v6QdpQJ4BEwCEgXNctfcqyu5UUv6S5TR4vAIpkuffA10GQaxcX0 +OXkdi/KgcHle0RQW+FJXMBfkr7DXidMy4XFK06kp0VPsECrINpM4B8hJAoGBAMn2 +sCrHn8zq3N1hO9gRPCjyArLLJEwL1QzwY07oIjPQFUsIHmt9ixh3VcipMoChqxfn +dPSWqeLiq/t0e3ekSGLQf9juivoKZzv5KQqFoPg8/9eWnM988OuXQ525AgnaQIq2 +Sb1I+Yo5pS+PUShHrDBTI7Di+wMkljERZ4qy0WQbAoGAdkXU+qoyBI/mNZrgLlPC +XVLYvD7VRdu6h3M1XpP/YpzHMOsPMuwLXUzDQYFugiWDbIoxAyjH14+4dUTOlyZ8 +QdOg8zONuS4yS2G1aSNnfG6h9fQIiUs/mcj9Y4T7Ee0zDM0ZON2YOgCERRBXlGnd +gV8P28qwDktEjX8e/dTz8gECgYEAugjSHZXkTQ3KhOGcDltR3yWN9sPIm4QKq/CC +iZyqZK+37XV9D+aEyfSiwEOakYJZ55r80JA3zRae9PFHCd36D4ufOGQDAG+0yDmq +5FZTAFawFBZYO4gLI/giAJb6mbjA2wUux30A36JZ1oVdbI0YvyrWJYnvTeXVsz0k +803kMyECgYAZW+NOhX4mXr2N4qfpQqE2JZZCPY9SlOJLwbS117xXqeOuE5Ht5owr +DUO7z5Ps5dvDFdcvWf7wE4L8ZTxUNywFUbONb3dIH7AuIQXn8wcu3LqQbt15g9f3 +7vpm6snlbgebSMWarvE+W8DhklceuYizodI639HSjd8qNqCsiVWLbw== +-----END RSA PRIVATE KEY----- diff --git a/libs/libblade/test/ca/intermediate/private/controller@freeswitch-upstream.key.pem b/libs/libblade/test/ca/intermediate/private/controller@freeswitch-upstream.key.pem new file mode 100644 index 0000000000..d09a16cf66 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/private/controller@freeswitch-upstream.key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA4t5HuHuWElHb9Pe5obw/bSSjhmj3C50ZL8Y35oW/kSkWOWdF +HHFtqpzkUXFZJagmky+tyJf7iLML+OCZVJT0vtN0ray8ZPyuptfPfUffAQgE/iKs +ou1bbZRs5kvYmiJbyQNQxzI6xzeNOqkTCb3o9KJhQke8/ppMlEl2wCWbFmgm7jqH +GDy027LRXphU8FkVT004MSiyb/DAAWgCXLvSW9QP+RcFkU8FuAzLrEdU+tcp2i7a +ngjB9Y2qbhWZLrnZiSMbtq9JICdNqmG1pNMK+3A6QK+uMke+DgAb7ODA91HFJlGq +bv7NB0AjILfNDNBGRs6LOVld6P599eMSI82Y0wIDAQABAoIBADhwdAdBN6R3GPFo +b5X87wqIAuZ9VnhdLNblySJgQ7gpMI43Usowrce0IFjiifsEShRz2Bf/N2Rapq/T +sFGKfRi8IlrSjkvRUOHQ7p2MM75d8GAI4EnoIsawFid01v4BbjQjzwS/SkAlYc0m +IsZZqIqzmt6SWkI8wLBjVleXA24fIvzgb/k0scAK51Zu4sgEYQmZYzzIdEjPoaj3 +SgU3YgsHFkTl6fwu56BqIyXIymmKIYmMyljFXXvEzqePsLAxH3nBoOjViIzybCRz +twoCY2Ww3ddNJpJmldccs+0pB0i+rdnxg8lS0QCExI8cLNy8fzEQmKX5BQtGnd13 +8dO+0AECgYEA/gx5Oe5GZGMFtwVkUpAdwlGHB4chaX3BWAG2aHM6qmEoV6GntQog +FMko6ifHY2oFt7gLR18bYQqgvpqkRlFieG89Y5Crsz6rSqu9HtBezuLibQ+9DRaZ +MdGDrNjZ9gIv4W4bwakp9SHnvIyVDXzvX464XBF4Xp7B3kGkIPkQh4ECgYEA5Jxc +3DYy8G2svF5hln3DmR2EKsoAfC0pdq+pxCxPDE5v6GONuwPnSB6YdP0nAZuMr+CY +VZuiajH8lbZTjKYLAvi31B8hNV7s68YegUKYM21mzlGvlc9agjkuIQsHullHN/8R +A7wuXoBC93m+0sQ86gX4Yw56kzHvmt3bt/R2qlMCgYBzYazpP6veyg59akh/Kw8p +AyglphzpsYDPfK+gzrzVRx0wd64Yjkm1xwr7Fif7odqI72DIAI0JzO7mwotbmHj1 +o+gowTsKRKs9VbSmOxLkOa2GxQAi4qGfO73nEfIkRigC5aRbl34D5GtAekT0BEsf +hk17G0AlEUuRqxRlGVmFgQKBgQCybpjMCEGaBwBbxg7FN0QDrlYKT8AxK87BJDqN +M0g/grk12P42icVrNPYp2a0oRBB69gHwT5lk6b8L21M65B6UIyzYE7QHxB+HpwsI +OMIy4aDsSDWT6FPscFTg1Ysil6xOuHa/Q5GtkM6z+gJG34Pr5N0J87MYUFGDvsZP +vi8goQKBgQDWvwsSBOdVp0A5CxjjCDdIZWSg9VnHDulNiKg1uk3Ohg/N12ZmK0ZY +HBy5hHSYBIx0PixfdKC6fkjbDdWCeKCoLqeUN3NU7WyDb+hnvDHI4uYU12CkXBnE +sSdNVzfzCouLg1czYdxnlItwYRc5pTnTdEvdZJC4lNDSvrx+wM1GeA== +-----END RSA PRIVATE KEY----- diff --git a/libs/libblade/test/ca/intermediate/private/intermediate.key.pem b/libs/libblade/test/ca/intermediate/private/intermediate.key.pem new file mode 100644 index 0000000000..8a2f0e7b2b --- /dev/null +++ b/libs/libblade/test/ca/intermediate/private/intermediate.key.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAsiVjUmZX3PrCMTqIQhcdSXYJGexrWMP64OTgj86dw517Ol+/ +aZE70LtWRx59dvnIOt1r+qryv2k1WbpDbAIkgIiWsr24r3RIuwHxaw7wOeu/0TlP +H3pTonmoPHkxrcgUzt8XUpQ/UtVrClLiUwwoWFzJ38/V0A1laXMcIGgzg70cyjiw +pjHh/PGfTTIo0r5FThbJ3d5ye046D8O3HcUe3VsTFQW49RayBVRHxv5Hpn/VTqJZ +77fH9cEBRUIGHLO3s6sKljSDdNfvBUKHsJp+lmdN7niCMyjWWpKtonkOvhKfUtXW +BFrxxVCs1tRn6bZoew0vGakS+IcMtN3brvHmpcQMI1qN6wmJIAtGlDMAkT+d5C9V +rZ+JpXs9s8aXG1RzJHwn2wZ+65vLjz9G6U9DUKMvX6wj4gSWcxmpOJpv7VNPk7Io +xhhGNDiTdH+BQafQyFAFzLVU4/oZUYSB45gAJsNKO9g70dl3Iz2K+nEuFXcExUzY +HQ+YXEuAV3IGUg+Q/fr/mQHM4UlZ1isws/+9qEVWZOB68ObxSGLc+8S3qQpSdYeQ +Ed1qPMMou9uHzL5RyBqns+1PxqllH7wn1NfzuAwXMfmvhdxIX3uKcn+rT3xXx3Kg +8mkvo9EDOKAFcaYHZ8WEuC2hd+4p8j+d+BAc7sxtgIIU/jM5yHaQVlh6EFMCAwEA +AQKCAgA4vlX7qiO0fJ8cZSN/wbMPciyF+FtdA9fGiMDKraps452bw2HJ83vVCcb6 +kkiue/N+ZIb/ajI2LAHVWdId9jTASEGQH4RTRrvf7UeDrVdxa5lGwHVmdmVrbErd +MFFVpFSUbFUWdagR727P9ASpJUc4lh2rT50wTwQNaZ/85pP6E2O3OgVyepMcKa5v +PVnpfre+nt2f8ToP8qPl35ZVQjOJmHfki1UVpCwCLI1MYjRaYX+FM4toIubrbZXF +BLnDrK8H6KRPodx5fEpjJ4TnCN7nc3JMUlBOkWRtpyjthpfejTn4fapU6s715bOY +HkIXHIX9I/7rsoIbbZDrj3tpJx4rCM1SkbjIylOvgWe7fEa5awiHnVQYL2Mwx60w +Ag35r+ZvChu7+rNP/xXh812jNPOoFfwdXktJ0QSIbZp2dJGJLwaaaf2WscuYtKii +0L4eY4wuJFd08nIIKDSxx+U+kO9JImZE1gxrFZJFBkt5fR1HtiK5904AUExVHcFC +Bkkar++TztO4rZSRm5kcIQQ8e0zFFSnQNX3FAgRPt+FG7Rqq2TbN0QnyCu6WtY/a +66sUgFoJHv/kkiukUYZgzHLsUuQn12U1hl6hPKjxQFaYUQU+ZDVuT8dJ1C/XQbPO +V5REaV5gcATsCIvcWIb6R1gqqT6xaDK8AfDUdcBG7RAZFP3g6QKCAQEA2Usr0l2r +xUSSfvQEd/YgORwZaCBmDpPi+MmLDZGij44aUemo+3QlzJBu88sCQRHAHBsxshA5 +8aQxb2gLyKyhbYjp7PQwlvJdWXrsTYtQaJ5j41x62PDqZg3EuBs6hmmpHk9srl3J +RS171C4GrY+hvCetpfBFjvBpGMkS5xxuf7ghtfEqihHeWEfhoBFxCovyTcEG5EpV +bIGkAQmEqjihUkwqSs1beR7Uo3lbBQv7TJ8IpqJoO2KguuCmrqxJD7blAGA09XoC +Ndjum3/xLUVv8X1aLa3NkGgsfNBYyEVOxmbxmtrEXmrOQ7ryr6XUQcbiWCpiRJUB +le1UX5wOgOP25wKCAQEA0eELKk6nfhizZ4RT9Va5W70gidIcXk6n2bVxACybj+cZ +yDMClyYQCREl2N/ndxWzlMAJG5v8+4fzhUHMvzh6HJirdJXWU0AD8ujPHDTEO1Ot +3S8GXj+q6t9Q2Ov1bmAHIlT97rrPqiMKjgl6NrCg8LUJ5FiVqAONlPdb/vk7GRvi +KdyccJPwEO8hXWljXRMx0Rb2g7OWXfTWxTi3APf5HVAYWIpPzzAAlNfnM8i+rPxM +YnWPj3BZXNfo2T5dyL8tFvW0aNp8wSe8y31FXtanwzfkhEune9aeS6me/SJnTuVZ +D4IVS5QmBl5uxp9EM3f5Q12wx8wQf6k7CSt26IKptQKCAQAaWwjEqkHkWm3eYiCM +oFjGNIdMXumiCQP1oxRvn+N0wAqnNs0dOrg++KHMhioO1GVVw2Kis18j1QN9/MO5 +Il8uFvYwnGmsVVdHPCafPS+SkOuSryvjVk1H9ZGPtxXBKd2uZHnNKGj6MAsd8Ds1 +H//A/5sLTnpRXQ2SSQk26PbqHN5R4B+FwacTVBykupjYa6MHFUuNswprb8oBqjLi +Jp5CiiRzEDdxGHE4JscIdKyVXZDCDV7RHSRbplXxR8pQ0qEyC3lA8PyFpXtDdyA8 +mnh6dPbUJYmSY2BJ/0dVezqTy/awDqrUvOWpx2oaLeXx2HqpsPJcWSppEfEy643C +ymOvAoIBAQCBw2pr1gWo6QzDTAW9AsnH9r9PdyEjDe6ppI0hVnM4HeLK7P8FBPuV +H40O8iDieAB4T+NRtrhLrFrcYTp+YCTf2WToyFujTUkjvt2OyvEo3Sv6PUDqtOKw +JTKPbBRrEeRXTcVS/R24S8IS37k4ZyyaptRe4oZlQw0etXGjy+TGOX8z8rqmwFEF +p1QxtR9CRMPgSxpPg5HMtby0Y8SCTM8xWHw1Ag8mQr+ZR4QjeFKsEbIIjjccsJIP +3U6SQwUpQUpXj8LjsXLA2hjYl7N0V7OR99TKFxyObLuifFVYnRTSqurNs9gGyqpX +9br4AzDfwaXUCPFsFrd8tt1RZhY229KhAoIBAQCO7m9O9VCPVff5G8ZPyBx0dBa5 +9izwZ+eOJVXAMJUlw6uA5rgzne6di3JS8IOzaKOrNVK2cXESbS97n1pBybqqHibg +bBOMESsoin8VdQZVic5rGYr3f8llMrv3yaVK8UievCNBdVPXlBY58uVyZIxrkVyo +Xv2x/+6EcarY46CT874zLhYHRcq/ZNWfQpUx5V2ySO/eNgSbbob4dzEdP52HpPx1 +JAGpTHiOkicORAu1RWN1HvGxMITz6q/pY81cEwOI4QsQJQs+Qk0xMKLqW6f1EZY1 +dgvQq8YnwSo1fOrVM0TL5jvbXK7vRVT2zQ/RkEMIza1qvfeGbpCDD8/O21so +-----END RSA PRIVATE KEY----- diff --git a/libs/libblade/test/ca/intermediate/private/master@freeswitch-downstream.key.pem b/libs/libblade/test/ca/intermediate/private/master@freeswitch-downstream.key.pem new file mode 100644 index 0000000000..9a7ecbaa3c --- /dev/null +++ b/libs/libblade/test/ca/intermediate/private/master@freeswitch-downstream.key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAyvJnIg9cvRdX89PPuFdXelWX7/O4dFePyYobIxRAJb6INVtQ +bHzD8NXjRpspA1WT1YJpoIz/eVGWAZvYFj9us3uocwP+8KanQrP7RtF7IgkuTbMj +//YN94XFyas4U0F6Kp9HBkSc663tgHz6F9goo1qYx97n1DMmcze3z+/1QmDRA0f+ +Bnsqd0YwZ6sOD5Raq6DBNu+tpDQuYxpAoYT1KWKysDROpr0Oh9A8IyZfXB0fcp7L +FPNYdEw2vfDepCnAy8yuwQKBbRRkSqxZC3W/C7b2xus8i2a6SbcJHIH8jqCrVzLh +xnyEp5zLW4IuiMmT36P/UXCiuqumt/2RxKZcCQIDAQABAoIBADimja9uRl7qQzzm +5Vb52otllTIAAH9JafPCP2z9XCKtGux5/uspsLBrpDOzYDF0E/5HlyCf+zhsU8lD +LYCYWFh1rkHc3a9jddEi2IOeOhb4JRq/ZM8wahmsF9gBmYlz/5wiNftD7+HB/Uge +mtlJF57xzTANwvzzAkqrRP4gZ4ANct1zlqfsSojObV7a8BN7nk5xWw9lfQ2JmB8/ +ZLcXqKOyHZzH7A1XigeBoFglONWbBkxaziWiTld5QT1CiL4u3vke3QefLEUtOQq0 +ti8iaapS9q/qMcBzJuBvlEG1QdrHpz7moLlinplnLJy0tVdPFBr2ICX5im+SxHik +nUJd+QECgYEA90618dSSxGguB7EWm51yIuLw7TXlh3FPzD3O3FNhxcmdfd9HrNRO +lJYev/z8j1c2YK0F2n4zn5XRyiu2NKa6U3EpF55+LW61WibkK494HwkzLpRWQUJE +aoDVz6iNhmZQDMTecKl6xVJSIhYV2wf6uh+PRbxlxNAyFIB0dPf0cLkCgYEA0hSI +XM4l0w3goTVqAVfbm92gRi6KEq1iMO6kXTCMs3SN6b3X8BW4AgD6rIOszrhbpkqp +Y6qkPSsOoo0x0er4ErQIZgnNH+eDQIxRaj84zpkwj8NKw43NYSurK9VGDPsJz6dS +dcJPIe6jKCrYPp/XDx8fZorcAqXOHscKFFVsfdECgYEAyYbVkzxzYSO4JsJzNtol +cTJXvCWIZke7DCdt03MLIJ77/N+fS8IySrjOVAr3UGN0R3GXbIYc0TXIICRgtSUM +fwSexMV98s3dcJpyouCltTzM/W8ZntI+aD+WfELRGS10nAMtdMdW6Ub88RPoOXWW +JmejW+N7VteFh9lpjQuloNkCgYEAgwTtOrwS2PsZslDmyOmrfB0PvVV/JUDfMVdU +SQ5jYfR6IWIWD5TsCsvjir4gg1h1SFPeKtuczM1StkxK2vmpN7jyV/ka5h/0OsiI +ajP90NO3dqG8uhNxGH4spgzAQI48Qza+ddT2l1oGhaGa9guoC7VEVyaZKkmQMJ/A +CIhyPlECgYAxxTfosu1A7ZrceRPONl6rgVFGoWlqsI5COL5fcNmrl8rGfTkSOMQF +ZPNO/7rl/3Ziaah6CZf06qMSG9atVfOJ9OQ6bPcS6JLSIHGwU9NVlAjGpFSAlM2m +/KEffzPMJlyz6c7sXLt1Hb+hjO15yYsDpHZynFSSffd91GHNx8Lhew== +-----END RSA PRIVATE KEY----- diff --git a/libs/libblade/test/ca/intermediate/serial b/libs/libblade/test/ca/intermediate/serial new file mode 100644 index 0000000000..59c1122662 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/serial @@ -0,0 +1 @@ +1004 diff --git a/libs/libblade/test/ca/intermediate/serial.old b/libs/libblade/test/ca/intermediate/serial.old new file mode 100644 index 0000000000..baccd0398f --- /dev/null +++ b/libs/libblade/test/ca/intermediate/serial.old @@ -0,0 +1 @@ +1003 diff --git a/libs/libblade/test/ca/newcerts/1000.pem b/libs/libblade/test/ca/newcerts/1000.pem new file mode 100644 index 0000000000..8e915f4784 --- /dev/null +++ b/libs/libblade/test/ca/newcerts/1000.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFtjCCA56gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwbzELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApG +cmVlU1dJVENIMQ4wDAYDVQQLDAVCbGFkZTEWMBQGA1UEAwwNQmxhZGUgUm9vdCBD +QTAeFw0xNzA5MDcwOTI4MDRaFw0yNzA5MDUwOTI4MDRaMGUxCzAJBgNVBAYTAlVT +MREwDwYDVQQIDAhJbGxpbm9pczETMBEGA1UECgwKRnJlZVNXSVRDSDEOMAwGA1UE +CwwFQmxhZGUxHjAcBgNVBAMMFUJsYWRlIEludGVybWVkaWF0ZSBDQTCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBALIlY1JmV9z6wjE6iEIXHUl2CRnsa1jD ++uDk4I/OncOdezpfv2mRO9C7VkcefXb5yDrda/qq8r9pNVm6Q2wCJICIlrK9uK90 +SLsB8WsO8Dnrv9E5Tx96U6J5qDx5Ma3IFM7fF1KUP1LVawpS4lMMKFhcyd/P1dAN +ZWlzHCBoM4O9HMo4sKYx4fzxn00yKNK+RU4Wyd3ecntOOg/Dtx3FHt1bExUFuPUW +sgVUR8b+R6Z/1U6iWe+3x/XBAUVCBhyzt7OrCpY0g3TX7wVCh7CafpZnTe54gjMo +1lqSraJ5Dr4Sn1LV1gRa8cVQrNbUZ+m2aHsNLxmpEviHDLTd267x5qXEDCNajesJ +iSALRpQzAJE/neQvVa2fiaV7PbPGlxtUcyR8J9sGfuuby48/RulPQ1CjL1+sI+IE +lnMZqTiab+1TT5OyKMYYRjQ4k3R/gUGn0MhQBcy1VOP6GVGEgeOYACbDSjvYO9HZ +dyM9ivpxLhV3BMVM2B0PmFxLgFdyBlIPkP36/5kBzOFJWdYrMLP/vahFVmTgevDm +8Uhi3PvEt6kKUnWHkBHdajzDKLvbh8y+Ucgap7PtT8apZR+8J9TX87gMFzH5r4Xc +SF97inJ/q098V8dyoPJpL6PRAzigBXGmB2fFhLgtoXfuKfI/nfgQHO7MbYCCFP4z +Och2kFZYehBTAgMBAAGjZjBkMB0GA1UdDgQWBBT24ScXvFFEdGFsK+X5SxmWnAmd +/jAfBgNVHSMEGDAWgBRaMzl9Nc1p7PgDWff+pvYOddMlljASBgNVHRMBAf8ECDAG +AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAgGzDCfJm +weo6oeSFmSLTmlBlTJZO+7igFWf8tunmTkg8wvKe+lCyDd2efNgUocI/NA+X4kRj +YtDH+hq0H+JlDu/p4y4/t6Srx/dh33Ow7eCv2wtuSCeK5Y0euysXhI9gmPquUGOC +HlHkmQcG03NbbrWt0+4IaPAaKxMuV0FR7KArudZvr+8gp9S8o0AkQVFZSbW41HQe +a7DAJmLF0vLQWoVz/YltKjwAMs/ws8OWxUdvcOA3w6XmWmjAFn5hc2MgHgu513c4 +Vbq0535ghU0Eneqc23y2ELa+8hbn5yS5wcK1AS2HG4VoDqOJw+pv4Ko3T33mCR6X +bUABSB+znX5kEZn8KQaP8sLm07kERGjCI3FLPscM1S851tah/iqBgddlIUn/YNpM +9uYQ2PWu6UWvqyZfhgVIlb2LYJNERtKZPeI05SRIbUW93wUTiC6A93fl8SEE7XHa +LMJt6+HLysR2IsXLqlSRZw3rIoT0B3G4uS9Xop89znLAknrOI57OvVAMLaeBrtkl +jepE7RrNX6VcyEY+Ar1p30ax4UJNxjxd3rszIznccerWQzuLo5wYUkuZEfNtnAFB +Z/4qlIn7wkbRevafgmlf/bhP6ZkeJFhqEjOq36Zci5JrnRu3rM/+Vex2ibHVat0E +IZjeGxeofAPEwTaLfPJT7EIWZ+33ZHMcz+8= +-----END CERTIFICATE----- diff --git a/libs/libblade/test/ca/openssl.cnf b/libs/libblade/test/ca/openssl.cnf new file mode 100644 index 0000000000..5a44dfb4b0 --- /dev/null +++ b/libs/libblade/test/ca/openssl.cnf @@ -0,0 +1,132 @@ +# OpenSSL root CA configuration file. +# Copy to `/root/ca/openssl.cnf`. + +[ ca ] +# `man ca` +default_ca = CA_default + +[ CA_default ] +# Directory and file locations. +dir = . +certs = $dir/certs +crl_dir = $dir/crl +new_certs_dir = $dir/newcerts +database = $dir/index.txt +serial = $dir/serial +RANDFILE = $dir/private/.rand + +# The root key and root certificate. +private_key = $dir/private/ca.key.pem +certificate = $dir/certs/ca.cert.pem + +# For certificate revocation lists. +crlnumber = $dir/crlnumber +crl = $dir/crl/ca.crl.pem +crl_extensions = crl_ext +default_crl_days = 30 + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +name_opt = ca_default +cert_opt = ca_default +default_days = 375 +preserve = no +policy = policy_strict + +[ policy_strict ] +# The root CA should only sign intermediate certificates that match. +# See the POLICY FORMAT section of `man ca`. +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ policy_loose ] +# Allow the intermediate CA to sign a more diverse range of certificates. +# See the POLICY FORMAT section of the `ca` man page. +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ req ] +# Options for the `req` tool (`man req`). +default_bits = 2048 +distinguished_name = req_distinguished_name +string_mask = utf8only + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +# Extension to add when the -x509 option is used. +x509_extensions = v3_ca + +[ req_distinguished_name ] +# See . +countryName = Country Name (2 letter code) +stateOrProvinceName = State or Province Name +localityName = Locality Name +0.organizationName = Organization Name +organizationalUnitName = Organizational Unit Name +commonName = Common Name +emailAddress = Email Address + +# Optionally, specify some defaults. +countryName_default = US +stateOrProvinceName_default = Illinois +localityName_default = Chicago +0.organizationName_default = FreeSWITCH +organizationalUnitName_default = Blade +emailAddress_default = + +[ v3_ca ] +# Extensions for a typical CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ v3_intermediate_ca ] +# Extensions for a typical intermediate CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true, pathlen:0 +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ usr_cert ] +# Extensions for client certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth, emailProtection + +[ server_cert ] +# Extensions for server certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +keyUsage = critical, digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth + +[ crl_ext ] +# Extension for CRLs (`man x509v3_config`). +authorityKeyIdentifier=keyid:always + +[ ocsp ] +# Extension for OCSP signing certificates (`man ocsp`). +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, digitalSignature +extendedKeyUsage = critical, OCSPSigning \ No newline at end of file diff --git a/libs/libblade/test/ca/private/ca.key.pem b/libs/libblade/test/ca/private/ca.key.pem new file mode 100644 index 0000000000..9c305f8510 --- /dev/null +++ b/libs/libblade/test/ca/private/ca.key.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEA3Pt3X1j8YaRuGb4ENkhfazwZl0K4VlaPhGj4h4wiL5S2Tp8E +83HoRkoyQRX0fhKCrHtjNucOODkVbf+QMlv1mgEwCq+3SIEA6keBzsUv5sahunfP +d+Vgh6+lgp1sAfjFuFlxrRvighO/yHHKE6P2BBgIz3t5QSakE/fLPwejZ98dacyA +IxklzLvt4xHRVP7rxfiNFXKRXHsQd1iaWGSUBNMkUspCl8wO5IAPX75RiFGeA80I +jZ518YVjiFBjCdzQfJb9iGJCGzrOcPJahfum+tzyIO/rIj+ldFyLPY0wbpa0wKeF +58HWt52p3HmKnK5FUa7L8RNAfc3/H+6qyDeBFx92+T6J30q61dcmPayKooUJNsTK +slrZ5L2OicWZepa/Oc5dagyzGEUc+Z11Mgl8/4pT4rUOna29v1d8+StJPN8XgWAH +xmwpZ/cY/9GluSq5oB+6PTPcQ0aFHHUAI97QqfpGOeAWjtVd/3YUcNo82Pa3577r +Rgh55X+XEySQmBiPWNOsfuCZZvYGOkLmby1SYR/LOwH8opKJyG/bOiZq23aaTPkm +EQQSLRzsKxWc2jlE/UllpYX3FCu8nFn+L7Tam495IImi8FrpEX16ZpTGhr7YnfbO +kMYw+LaRA36U55e5DToJAB5TCsC2CLhk8QDVoIMPfpYpY4XpdmA4EfDHOG0CAwEA +AQKCAgEAiAH9pqGONEqPuShKT16b29RRq9dUvU7pZgV1cXe+Uqqkyh71XSBuZVSl +OYnZwP6DjsUie1gaWGBJ4Dm69kPDFdZFS0568BT2CzuXmTukD9WRFMNI3fI/R0PE +Cm/5Wf1TM/NZE8Jl1slw8F2Ykh4H/N0ODyVfq8mskt2gKlr5J6Ua5VMISpHfwfKo +p2j//eAoHOCtdNXewZy8tbfCx0SgFZgecxYphmQBhoGK9NKeO9h/+Lbo3MD6tnvy +lqNjUV6mswf7Y0WWikvXY4zGSlBopV33aG5BugKSQtvylx+e/3GiLjDtKYcUME7J +jPkBZw2bfHqo6ud+ee+fZnfuhOwkdoHCGPA4aN7L3B19XJBKsI4zAoQNlUAteegg +D59Fdnq8362xLE0F0crEgwMFYj4Qg9jy12em3iSvuKa17o0FuovGug4nHiQQ5asH +nmjadXNfM6xAoQqCgbwjrVYD+i+/ofFAqDhPbjH+nOxS8l4MD+0i7nzQAIqIjsvl +S5XM548ufxcEgwpMGc2bbJS5qg1weIgHZGT/RqnzeqFfHaJ8VN33Lbk2H5w6Qj87 +QFNqE6ZxFnf/k8FRF1QJB6BhmkhExvYgiK51DElnkinDDa6nkbwlkr1dE5zVv2zQ +jLmQdBoHw2dBWEmik0lZ4m6rIvMD5rkR45oNPcyZ2wA8dKgr6AECggEBAPjmq0vK +ur8RSpqEIXvI6dvGNXayGAFM0KLaHYfB6+qWXP6j+cn2wJHvH9sxl9vmUdE8auj+ +DaoaK6XeFcvBryO4+EwzrnY4eVU6QW/UiCgmSnRupLBxeyQOSgbok+3gMeJieSPw +CpyH5cC3v9mWpg5X5dmm+ENUqv3d4hjsZzxwkJ/k92/29F7eaCVmlEOPw2skkz3O +4BBznOSL9foKp0zAx/hqV2hkJmnb6DK14D6QkX+A0o8mOvhq1NjJ0isMUtllVzkq +Lro3J8NEwkMhwYfVMOoj/URdZ8iskp5T6ez/BmIPE5zE9F8ZKmU4PkmpMoHISzDz +5zTJOBCJ9AslNuECggEBAONI81qE5gxk1DCXLkfdCDe1paoy2DTGFX2MXTeDipv+ +C466l/odu9JQZASfXgpVkyjAPKFTCgAZL20V3izuk2izskZKN16KaNG3SJWmwWx1 +o2Gle2Z0Jd8AqaXvPzAKDFio/6MfD/EQFzOv9+BEBAlCFCz39Q19neSarhS6Ckv8 +kljsOambnjGtSliPZkrFueG9BLRqaTCU3yZpXsS8DqCVTqw4xmNcMGADkhn568Jq +664iFXjD5aiAnrmBKzW7GLY7mbH4oyxmL+NNj0mwjB80evFZ8RIQuJ4tmIRFK0vo +czNWo6CPOVbd4qMbhsHk4Pm1gH7LHbbT1PFlrsZ0Tw0CggEAWFHJoLhMMbZaCaAv +HXR6fzDDEd46JGP0eIT7C4wlQXWfg//9h8vWIzJ91FKxtybwC1Xr/ccAZEarDE1U +4JtWoU9mU+vW0T5S14o3ZA4/TjfgHZaRO8bY0j97xx3KOBNgwBr/L2Bi845JWWwa +WIRbYiWQev4DhCjMEA8mxn9EVq7+sq4VmxY/OlajD/ppS9v8lM1CriD1YwETQAnl ++5bCLLsPejeJ0pIPC2sr5qqg6rJz3pGApakELdgCtPZQbFQQJfIO1EsCj7M4mdKR +OC8HNELS+5JPsW2PgSazVBkknaMUycDdzbgZmpEceRRPDeZK9MB05eb2OMXZ7gx1 +m2rWIQKCAQB6rpLk5l2CjR5YCBKsKavY3kzI3N8FRXKuLQjYAUHdR7iXVzLXiBss +v8XtFNTfASgI1BMmBTudp/qIiEg/upuI5Y4yELdoaY+Au80LMlKvp6QD/h3oxIL4 +p1PrRIO3+4SEitxKAWdKeKP9e1tyC2SeVrOrPkBhAtAqaC/U8kLCl1erdf7+BQjT +ybUarnTJoYbfSXbzp4iV95WoFzJXQScoGM+5eH/lfAqEmQjQyq0uaSZD/RPX9u3N +EXgbq5RWUWJaYztn7Eyvl4z7xY61eP15jotaIXFVjf8JKpVruCZRt+wO5xI1hXmu +4OAHqMEJgfDJ+OWeCydD233Su08mwfs1AoIBABnzt5VGd6K835vpZHsXiAxmCh5y +rk85wcnWy/Id1IpP91bDkHF/ilD/IpegS+dKGrmaEauKpRy+mRT+KyhUQAzS/Xnv +k/6wbbwzLFvmD3zm1pID4/LucetyyFQmM/45V+sDTNsf1sWA92we0n4q+MiR3Xep +apQoO90u3q2I811UlwfUzeLknnGr0+5FiQ2Lkt34GAgUr3ydNNw31fR9uWU4FRLq +JZNXYQcaeH7NoAW4bhS0fo3+KKl6Yqza8O4iu1v8wqbTgVuNd/OJSvYZSc76yDrc +Ghju++Rz9enWJfA00sTebHC+TDm97ASS6uZH2gwR6xjKggUbxlJ3uw/yQK4= +-----END RSA PRIVATE KEY----- diff --git a/libs/libblade/test/ca/serial b/libs/libblade/test/ca/serial new file mode 100644 index 0000000000..dd11724042 --- /dev/null +++ b/libs/libblade/test/ca/serial @@ -0,0 +1 @@ +1001 diff --git a/libs/libblade/test/ca/serial.old b/libs/libblade/test/ca/serial.old new file mode 100644 index 0000000000..83b33d238d --- /dev/null +++ b/libs/libblade/test/ca/serial.old @@ -0,0 +1 @@ +1000 diff --git a/libs/libblade/test/testcli.cfg b/libs/libblade/test/testcli.cfg index 6d7e93b5a0..2315c2456d 100644 --- a/libs/libblade/test/testcli.cfg +++ b/libs/libblade/test/testcli.cfg @@ -1,3 +1,15 @@ blade: { + transport: + { + wss: + { + ssl: + { + key = "./ca/intermediate/private/client@freeswitch-upstream.key.pem"; + cert = "./ca/intermediate/certs/client@freeswitch-upstream.cert.pem"; + chain = "./ca/intermediate/certs/ca-chain.cert.pem"; + }; + }; + }; }; diff --git a/libs/libblade/test/testcon.cfg b/libs/libblade/test/testcon.cfg index 6deb9958e2..011c06deb1 100644 --- a/libs/libblade/test/testcon.cfg +++ b/libs/libblade/test/testcon.cfg @@ -4,16 +4,23 @@ blade: { wss: { + ssl: + { + key = "./ca/intermediate/private/controller@freeswitch-upstream.key.pem"; + cert = "./ca/intermediate/certs/controller@freeswitch-upstream.cert.pem"; + chain = "./ca/intermediate/certs/ca-chain.cert.pem"; + }; endpoints: { ipv4 = ( { address = "0.0.0.0", port = 2101 } ); ipv6 = ( { address = "::", port = 2101 } ); backlog = 128; - }; - # SSL group is optional, disabled when absent - ssl: - { - # todo: server SSL stuffs here + ssl: + { + key = "./ca/intermediate/private/controller@freeswitch-downstream.key.pem"; + cert = "./ca/intermediate/cert/controller@freeswitch-downstream.cert.pem"; + chain = "./ca/intermediate/cert/ca-chain.cert.pem"; + }; }; }; }; diff --git a/libs/libks/src/include/ks_ssl.h b/libs/libks/src/include/ks_ssl.h index b899c64cc3..53d758154b 100644 --- a/libs/libks/src/include/ks_ssl.h +++ b/libs/libks/src/include/ks_ssl.h @@ -5,6 +5,7 @@ #include #include +#include KS_BEGIN_EXTERN_C diff --git a/libs/libks/src/include/kws.h b/libs/libks/src/include/kws.h index 2ffe523c92..734591ab59 100644 --- a/libs/libks/src/include/kws.h +++ b/libs/libks/src/include/kws.h @@ -79,6 +79,9 @@ KS_DECLARE(ks_status_t) kws_init(kws_t **kwsP, ks_socket_t sock, SSL_CTX *ssl_ct KS_DECLARE(ks_ssize_t) kws_close(kws_t *kws, int16_t reason); KS_DECLARE(void) kws_destroy(kws_t **kwsP); KS_DECLARE(ks_status_t) kws_get_buffer(kws_t *kws, char **bufP, ks_size_t *buflen); +KS_DECLARE(ks_size_t) kws_sans_count(kws_t *kws); +KS_DECLARE(const char *) kws_sans_get(kws_t *kws, ks_size_t index); + diff --git a/libs/libks/src/ks_ssl.c b/libs/libks/src/ks_ssl.c index 0670cfed19..5db491d4d5 100644 --- a/libs/libks/src/ks_ssl.c +++ b/libs/libks/src/ks_ssl.c @@ -63,6 +63,7 @@ KS_DECLARE(void) ks_ssl_init_ssl_locks(void) is_init = 1; SSL_library_init(); + SSL_load_error_strings(); if (ssl_count == 0) { num = CRYPTO_num_locks(); diff --git a/libs/libks/src/kws.c b/libs/libks/src/kws.c index c6fa4087c4..fed6668ce9 100644 --- a/libs/libks/src/kws.c +++ b/libs/libks/src/kws.c @@ -85,6 +85,9 @@ struct kws_s { char *req_uri; char *req_host; char *req_proto; + + char **sans; + ks_size_t sans_count; }; @@ -619,7 +622,8 @@ static int establish_server_logical_layer(kws_t *kws) } if (code < 0) { - if (code == -1 && SSL_get_error(kws->ssl, code) != SSL_ERROR_WANT_READ) { + int sslerr = SSL_get_error(kws->ssl, code); + if (code == -1 && sslerr != SSL_ERROR_WANT_READ) { return -1; } } @@ -733,6 +737,27 @@ KS_DECLARE(ks_status_t) kws_init(kws_t **kwsP, ks_socket_t sock, SSL_CTX *ssl_ct goto err; } + if (kws->type == KWS_SERVER) + { + X509 *cert = SSL_get_peer_certificate(kws->ssl); + + if (cert && SSL_get_verify_result(kws->ssl) == X509_V_OK) { + GENERAL_NAMES *sans = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); + if (sans) { + kws->sans_count = (ks_size_t)sk_GENERAL_NAME_num(sans); + if (kws->sans_count) kws->sans = ks_pool_calloc(pool, kws->sans_count, sizeof(char *)); + for (ks_size_t i = 0; i < kws->sans_count; i++) { + const GENERAL_NAME *gname = sk_GENERAL_NAME_value(sans, (int)i); + char *name = (char *)ASN1_STRING_data(gname->d.dNSName); + kws->sans[i] = ks_pstrdup(pool, name); + } + sk_GENERAL_NAME_pop_free(sans, GENERAL_NAME_free); + } + } + + if (cert) X509_free(cert); + } + *kwsP = kws; return KS_STATUS_SUCCESS; @@ -864,6 +889,46 @@ uint64_t ntoh64(uint64_t val) #endif } +KS_DECLARE(ks_status_t) kws_peer_sans(kws_t *kws, char *buf, ks_size_t buflen) +{ + ks_status_t ret = KS_STATUS_SUCCESS; + X509 *cert = NULL; + + ks_assert(kws); + ks_assert(buf); + ks_assert(buflen); + + cert = SSL_get_peer_certificate(kws->ssl); + if (!cert) { + ret = KS_STATUS_FAIL; + goto done; + } + + if (SSL_get_verify_result(kws->ssl) != X509_V_OK) { + ret = KS_STATUS_FAIL; + goto done; + } + + //if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert), NID_commonName, buf, (int)buflen) < 0) { + // ret = KS_STATUS_FAIL; + // goto done; + //} + + GENERAL_NAMES *san_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); + if (san_names) { + int san_names_nb = sk_GENERAL_NAME_num(san_names); + for (int i = 0; i < san_names_nb; i++) { + const GENERAL_NAME *current_name = sk_GENERAL_NAME_value(san_names, i); + char *name = (char *)ASN1_STRING_data(current_name->d.dNSName); + if (name) continue; + } + sk_GENERAL_NAME_pop_free(san_names, GENERAL_NAME_free); + } +done: + if (cert) X509_free(cert); + + return ret; +} KS_DECLARE(ks_ssize_t) kws_read_frame(kws_t *kws, kws_opcode_t *oc, uint8_t **data) { @@ -1182,3 +1247,17 @@ KS_DECLARE(ks_status_t) kws_get_buffer(kws_t *kws, char **bufP, ks_size_t *bufle return KS_STATUS_SUCCESS; } + +KS_DECLARE(ks_size_t) kws_sans_count(kws_t *kws) +{ + ks_assert(kws); + + return kws->sans_count; +} + +KS_DECLARE(const char *) kws_sans_get(kws_t *kws, ks_size_t index) +{ + ks_assert(kws); + if (index >= kws->sans_count) return NULL; + return kws->sans[index]; +}