search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add announcement message.
[gnutls.git] / tests / hostname-check.c
blob7cefa15130cb9dfb9978567842462d41e58ed8ff
1 /*
2 * Copyright (C) 2007, 2009, 2010 Free Software Foundation, Inc.
3 *
4 * Author: Simon Josefsson
5 *
6 * This file is part of GNUTLS.
7 *
8 * GNUTLS is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
12 *
13 * GNUTLS is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with GNUTLS; if not, write to the Free Software Foundation,
20 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
21 */
22
23 #ifdef HAVE_CONFIG_H
24 # include <config.h>
25 #endif
26
27 #include <string.h>
28 #include <gnutls/gnutls.h>
29 #include <gnutls/x509.h>
30 #ifdef ENABLE_OPENPGP
31 # include <gnutls/openpgp.h>
32 #endif
33
34 #include "utils.h"
35
36 /*
37 A self-test of the RFC 2818 hostname matching algorithm. Used to
38 detect regressions of the bug reported in:
39 http://lists.gnupg.org/pipermail/gnutls-dev/2007-February/001385.html
40 */
41
42 /* Certificate with no SAN nor CN. */
43 char pem1[] =
44 "X.509 Certificate Information:\n"
45 " Version: 3\n"
46 " Serial Number (hex): 00\n"
47 " Issuer: O=GnuTLS hostname check test CA\n"
48 " Validity:\n"
49 " Not Before: Fri Feb 16 12:59:09 UTC 2007\n"
50 " Not After: Fri Mar 30 12:59:13 UTC 2007\n"
51 " Subject: O=GnuTLS hostname check test CA\n"
52 " Subject Public Key Algorithm: RSA\n"
53 " Modulus (bits 1024):\n"
54 " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
55 " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
56 " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
57 " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
58 " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
59 " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
60 " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
61 " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
62 " Exponent:\n"
63 " 01:00:01\n"
64 " Extensions:\n"
65 " Basic Constraints (critical):\n"
66 " Certificate Authority (CA): TRUE\n"
67 " Subject Key Identifier (not critical):\n"
68 " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
69 " Signature Algorithm: RSA-SHA\n"
70 " Signature:\n"
71 " 7b:e8:11:6c:15:3f:f9:01:a0:f1:28:0c:62:50:58:f8\n"
72 " 92:44:fb:bf:ab:20:8a:3b:81:ca:e5:68:60:71:df:2b\n"
73 " e8:50:58:82:32:ef:fb:6e:4a:72:2c:c9:37:4f:88:1d\n"
74 " d7:1b:68:5b:db:83:1b:1a:f3:b4:8e:e0:88:03:e2:43\n"
75 " 91:be:d8:b1:ca:f2:62:ec:a1:fd:1a:c8:41:8c:fe:53\n"
76 " 1b:be:03:c9:a1:3d:f4:ae:57:fc:44:a6:34:bb:2c:2e\n"
77 " a7:56:14:1f:89:e9:3a:ec:1f:a3:da:d7:a1:94:3b:72\n"
78 " 1d:12:71:b9:65:a1:85:a2:4c:3a:d1:2c:e9:e9:ea:1c\n"
79 "Other Information:\n"
80 " MD5 fingerprint:\n"
81 " fd845ded8c28ba5e78d6c1844ceafd24\n"
82 " SHA-1 fingerprint:\n"
83 " 0bae431dda3cae76012b82276e4cd92ad7961798\n"
84 " Public Key Id:\n"
85 " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
86 "\n"
87 "-----BEGIN CERTIFICATE-----\n"
88 "MIIB8TCCAVygAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
89 "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDcwMjE2MTI1OTA5WhcNMDcwMzMw\n"
90 "MTI1OTEzWjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n"
91 "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGAvuyYeh1vfmslnuggeEKgZAVmQ5lt\n"
92 "SdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T7EPH/N6RvB4BprdssgcQLsthR3XK\n"
93 "A84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRikfYSW2JazLrtCC4yRCas/SPOUxu7\n"
94 "8of+3HiTfFm/oXUCAwEAAaMyMDAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU\n"
95 "6Twc+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBAHvoEWwVP/kBoPEo\n"
96 "DGJQWPiSRPu/qyCKO4HK5Whgcd8r6FBYgjLv+25KcizJN0+IHdcbaFvbgxsa87SO\n"
97 "4IgD4kORvtixyvJi7KH9GshBjP5TG74DyaE99K5X/ESmNLssLqdWFB+J6TrsH6Pa\n"
98 "16GUO3IdEnG5ZaGFokw60Szp6eoc\n" "-----END CERTIFICATE-----\n";
99
100 /* Certificate with CN but no SAN. */
101 char pem2[] =
102 "X.509 Certificate Information:\n"
103 " Version: 3\n"
104 " Serial Number (hex): 00\n"
105 " Issuer: CN=www.example.org\n"
106 " Validity:\n"
107 " Not Before: Fri Feb 16 13:30:30 UTC 2007\n"
108 " Not After: Fri Mar 30 13:30:32 UTC 2007\n"
109 " Subject: CN=www.example.org\n"
110 " Subject Public Key Algorithm: RSA\n"
111 " Modulus (bits 1024):\n"
112 " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
113 " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
114 " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
115 " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
116 " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
117 " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
118 " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
119 " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
120 " Exponent:\n"
121 " 01:00:01\n"
122 " Extensions:\n"
123 " Basic Constraints (critical):\n"
124 " Certificate Authority (CA): TRUE\n"
125 " Subject Key Identifier (not critical):\n"
126 " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
127 " Signature Algorithm: RSA-SHA\n"
128 " Signature:\n"
129 " b0:4e:ac:fb:89:12:36:27:f3:72:b8:1a:57:dc:bf:f3\n"
130 " a9:27:de:15:75:94:4f:65:cc:3a:59:12:4b:91:0e:28\n"
131 " b9:8d:d3:6e:ac:5d:a8:3e:b9:35:81:0c:8f:c7:95:72\n"
132 " d9:51:61:06:00:c6:aa:68:54:c8:52:3f:b6:1f:21:92\n"
133 " c8:fd:15:50:15:ac:d4:18:29:a1:ff:c9:25:5a:ce:5e\n"
134 " 11:7f:82:b2:94:8c:44:3c:3f:de:d7:3b:ff:1c:da:9c\n"
135 " 81:fa:63:e1:a7:67:ee:aa:fa:d0:c9:2f:66:1b:5e:af\n"
136 " 46:8c:f9:53:55:e7:80:7e:74:95:98:d4:2d:5f:94:ab\n"
137 "Other Information:\n"
138 " MD5 fingerprint:\n"
139 " 30cda7de4f0360892547974f45111ac1\n"
140 " SHA-1 fingerprint:\n"
141 " 39e3f8fec6a8d842390b6536998a957c1a6b7322\n"
142 " Public Key Id:\n"
143 " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
144 "\n"
145 "-----BEGIN CERTIFICATE-----\n"
146 "MIIB1TCCAUCgAwIBAgIBADALBgkqhkiG9w0BAQUwGjEYMBYGA1UEAxMPd3d3LmV4\n"
147 "YW1wbGUub3JnMB4XDTA3MDIxNjEzMzAzMFoXDTA3MDMzMDEzMzAzMlowGjEYMBYG\n"
148 "A1UEAxMPd3d3LmV4YW1wbGUub3JnMIGcMAsGCSqGSIb3DQEBAQOBjAAwgYgCgYC+\n"
149 "7Jh6HW9+ayWe6CB4QqBkBWZDmW1J1RjsfblYZLKAoxRhnQpPvi/wLvzSq1w231Ps\n"
150 "Q8f83pG8HgGmt2yyBxAuy2FHdcoDziNuOPE0JxoazfeW87PwDWd/yneEP5wp9GKR\n"
151 "9hJbYlrMuu0ILjJEJqz9I85TG7vyh/7ceJN8Wb+hdQIDAQABozIwMDAPBgNVHRMB\n"
152 "Af8EBTADAQH/MB0GA1UdDgQWBBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG\n"
153 "9w0BAQUDgYEAsE6s+4kSNifzcrgaV9y/86kn3hV1lE9lzDpZEkuRDii5jdNurF2o\n"
154 "Prk1gQyPx5Vy2VFhBgDGqmhUyFI/th8hksj9FVAVrNQYKaH/ySVazl4Rf4KylIxE\n"
155 "PD/e1zv/HNqcgfpj4adn7qr60MkvZhter0aM+VNV54B+dJWY1C1flKs=\n"
156 "-----END CERTIFICATE-----\n";
157
158 /* Certificate with SAN but no CN. */
159 char pem3[] =
160 "X.509 Certificate Information:"
161 " Version: 3\n"
162 " Serial Number (hex): 00\n"
163 " Issuer: O=GnuTLS hostname check test CA\n"
164 " Validity:\n"
165 " Not Before: Fri Feb 16 13:36:27 UTC 2007\n"
166 " Not After: Fri Mar 30 13:36:29 UTC 2007\n"
167 " Subject: O=GnuTLS hostname check test CA\n"
168 " Subject Public Key Algorithm: RSA\n"
169 " Modulus (bits 1024):\n"
170 " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
171 " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
172 " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
173 " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
174 " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
175 " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
176 " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
177 " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
178 " Exponent:\n"
179 " 01:00:01\n"
180 " Extensions:\n"
181 " Basic Constraints (critical):\n"
182 " Certificate Authority (CA): TRUE\n"
183 " Subject Alternative Name (not critical):\n"
184 " DNSname: www.example.org\n"
185 " Key Purpose (not critical):\n"
186 " TLS WWW Server.\n"
187 " Subject Key Identifier (not critical):\n"
188 " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
189 " Signature Algorithm: RSA-SHA\n"
190 " Signature:\n"
191 " a1:30:bc:01:b3:0f:98:7f:8e:76:7d:23:87:34:15:7f\n"
192 " a6:ae:a1:fb:87:75:e3:e8:1a:e5:5e:03:5d:bf:44:75\n"
193 " 46:4f:d2:a1:28:50:84:49:6d:3b:e0:bc:4e:de:79:85\n"
194 " fa:e1:07:b7:6e:0c:14:04:4a:82:b9:f3:22:6a:bc:99\n"
195 " 14:20:3b:49:1f:e4:97:d9:ea:eb:73:9a:83:a6:cc:b8\n"
196 " 55:fb:52:8e:5f:86:7c:9d:fa:af:03:76:ae:97:e0:64\n"
197 " 50:59:73:22:99:55:cf:da:59:31:0a:e8:6d:a0:53:bc\n"
198 " 39:63:2e:ac:92:4a:e9:8b:1e:d0:03:df:33:bb:4e:88\n"
199 "Other Information:\n"
200 " MD5 fingerprint:\n"
201 " df3f57d00c8149bd826b177d6ea4f369\n"
202 " SHA-1 fingerprint:\n"
203 " e95e56e2acac305f72ea6f698c11624663a595bd\n"
204 " Public Key Id:\n"
205 " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
206 "\n"
207 "-----BEGIN CERTIFICATE-----\n"
208 "MIICIjCCAY2gAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
209 "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDcwMjE2MTMzNjI3WhcNMDcwMzMw\n"
210 "MTMzNjI5WjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n"
211 "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGAvuyYeh1vfmslnuggeEKgZAVmQ5lt\n"
212 "SdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T7EPH/N6RvB4BprdssgcQLsthR3XK\n"
213 "A84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRikfYSW2JazLrtCC4yRCas/SPOUxu7\n"
214 "8of+3HiTfFm/oXUCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAaBgNVHREEEzAR\n"
215 "gg93d3cuZXhhbXBsZS5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYE\n"
216 "FOk8HPutkm7mBqRWLKLhwFMnyPKVMAsGCSqGSIb3DQEBBQOBgQChMLwBsw+Yf452\n"
217 "fSOHNBV/pq6h+4d14+ga5V4DXb9EdUZP0qEoUIRJbTvgvE7eeYX64Qe3bgwUBEqC\n"
218 "ufMiaryZFCA7SR/kl9nq63Oag6bMuFX7Uo5fhnyd+q8Ddq6X4GRQWXMimVXP2lkx\n"
219 "CuhtoFO8OWMurJJK6Yse0APfM7tOiA==\n" "-----END CERTIFICATE-----\n";
220
221 /* Certificate with wildcard SAN but no CN. */
222 char pem4[] =
223 "X.509 Certificate Information:\n"
224 " Version: 3\n"
225 " Serial Number (hex): 00\n"
226 " Issuer:\n"
227 " Validity:\n"
228 " Not Before: Fri Feb 16 13:40:10 UTC 2007\n"
229 " Not After: Fri Mar 30 13:40:12 UTC 2007\n"
230 " Subject:\n"
231 " Subject Public Key Algorithm: RSA\n"
232 " Modulus (bits 1024):\n"
233 " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
234 " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
235 " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
236 " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
237 " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
238 " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
239 " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
240 " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
241 " Exponent:\n"
242 " 01:00:01\n"
243 " Extensions:\n"
244 " Basic Constraints (critical):\n"
245 " Certificate Authority (CA): TRUE\n"
246 " Subject Alternative Name (not critical):\n"
247 " DNSname: *.example.org\n"
248 " Key Purpose (not critical):\n"
249 " TLS WWW Server.\n"
250 " Subject Key Identifier (not critical):\n"
251 " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
252 " Signature Algorithm: RSA-SHA\n"
253 " Signature:\n"
254 " b1:62:e5:e3:0b:a5:99:58:b0:1c:5c:f5:d1:3f:7c:bb\n"
255 " 67:e1:43:c5:d7:a2:5c:db:f2:5a:f3:03:fc:76:e4:4d\n"
256 " c1:a0:89:36:24:82:a4:a1:ad:f5:83:e3:96:75:f4:c4\n"
257 " f3:eb:ff:3a:9b:da:d2:2c:58:d4:10:37:50:33:d1:39\n"
258 " 53:71:9e:48:2d:b2:5b:27:ce:1e:d9:d5:36:59:ac:17\n"
259 " 3a:83:cc:59:6b:8f:6a:24:b8:9f:f0:e6:14:03:23:5a\n"
260 " 87:e7:33:10:32:11:58:a2:bb:f1:e5:5a:88:87:bb:80\n"
261 " 1b:b6:bb:12:18:cb:15:d5:3a:fc:99:e4:42:5a:ba:45\n"
262 "Other Information:\n"
263 " MD5 fingerprint:\n"
264 " a411da7b0fa064d214116d5f94e06c24\n"
265 " SHA-1 fingerprint:\n"
266 " 3596e796c73ed096d762ab3d440a9ab55a386b3b\n"
267 " Public Key Id:\n"
268 " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
269 "\n"
270 "-----BEGIN CERTIFICATE-----\n"
271 "MIIB0DCCATugAwIBAgIBADALBgkqhkiG9w0BAQUwADAeFw0wNzAyMTYxMzQwMTBa\n"
272 "Fw0wNzAzMzAxMzQwMTJaMAAwgZwwCwYJKoZIhvcNAQEBA4GMADCBiAKBgL7smHod\n"
273 "b35rJZ7oIHhCoGQFZkOZbUnVGOx9uVhksoCjFGGdCk++L/Au/NKrXDbfU+xDx/ze\n"
274 "kbweAaa3bLIHEC7LYUd1ygPOI2448TQnGhrN95bzs/ANZ3/Kd4Q/nCn0YpH2Elti\n"
275 "Wsy67QguMkQmrP0jzlMbu/KH/tx4k3xZv6F1AgMBAAGjYTBfMA8GA1UdEwEB/wQF\n"
276 "MAMBAf8wGAYDVR0RBBEwD4INKi5leGFtcGxlLm9yZzATBgNVHSUEDDAKBggrBgEF\n"
277 "BQcDATAdBgNVHQ4EFgQU6Twc+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEF\n"
278 "A4GBALFi5eMLpZlYsBxc9dE/fLtn4UPF16Jc2/Ja8wP8duRNwaCJNiSCpKGt9YPj\n"
279 "lnX0xPPr/zqb2tIsWNQQN1Az0TlTcZ5ILbJbJ84e2dU2WawXOoPMWWuPaiS4n/Dm\n"
280 "FAMjWofnMxAyEViiu/HlWoiHu4AbtrsSGMsV1Tr8meRCWrpF\n"
281 "-----END CERTIFICATE-----\n";
282
283 /* Certificate with ipaddress CN but no SAN. */
284 char pem5[] =
285 "X.509 Certificate Information:"
286 " Version: 3\n"
287 " Serial Number (hex): 00\n"
288 " Issuer: CN=www.example.org\n"
289 " Validity:\n"
290 " Not Before: Fri Feb 16 13:44:29 UTC 2007\n"
291 " Not After: Fri Mar 30 13:44:30 UTC 2007\n"
292 " Subject: CN=www.example.org\n"
293 " Subject Public Key Algorithm: RSA\n"
294 " Modulus (bits 1024):\n"
295 " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
296 " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
297 " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
298 " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
299 " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
300 " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
301 " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
302 " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
303 " Exponent:\n"
304 " 01:00:01\n"
305 " Extensions:\n"
306 " Basic Constraints (critical):\n"
307 " Certificate Authority (CA): TRUE\n"
308 " Subject Alternative Name (not critical):\n"
309 " IPAddress: 1.2.3.4\n"
310 " Key Purpose (not critical):\n"
311 " TLS WWW Server.\n"
312 " Subject Key Identifier (not critical):\n"
313 " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
314 " Signature Algorithm: RSA-SHA\n"
315 " Signature:\n"
316 " 66:b1:32:9f:6e:06:d7:da:28:bf:3a:d7:56:d5:b6:fe\n"
317 " 78:40:f0:48:92:3a:19:8a:1c:37:ad:59:6f:bc:af:f2\n"
318 " f0:89:81:33:33:01:a8:e4:1a:c1:31:a7:3c:6d:4a:9f\n"
319 " a5:86:6d:22:6e:5b:8b:69:65:83:28:b5:b8:68:72:c5\n"
320 " 2b:af:99:89:dd:48:ad:fc:f6:90:55:c3:a5:41:f3:d7\n"
321 " bc:a2:57:56:25:f1:d1:12:fb:08:70:58:d5:45:57:86\n"
322 " 1b:aa:f2:d4:63:62:c6:fd:b3:04:64:60:9c:77:c3:4b\n"
323 " d1:e4:c7:77:00:17:79:d2:2b:1f:14:ad:e9:34:c8:da\n"
324 "Other Information:\n"
325 " MD5 fingerprint:\n"
326 " cdffe1ac9bf42a4f04a15298f9d18bf6\n"
327 " SHA-1 fingerprint:\n"
328 " 4fa47b29e928499142c88c598ea175b9453957f7\n"
329 " Public Key Id:\n"
330 " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
331 "\n"
332 "-----BEGIN CERTIFICATE-----\n"
333 "MIIB/jCCAWmgAwIBAgIBADALBgkqhkiG9w0BAQUwGjEYMBYGA1UEAxMPd3d3LmV4\n"
334 "YW1wbGUub3JnMB4XDTA3MDIxNjEzNDQyOVoXDTA3MDMzMDEzNDQzMFowGjEYMBYG\n"
335 "A1UEAxMPd3d3LmV4YW1wbGUub3JnMIGcMAsGCSqGSIb3DQEBAQOBjAAwgYgCgYC+\n"
336 "7Jh6HW9+ayWe6CB4QqBkBWZDmW1J1RjsfblYZLKAoxRhnQpPvi/wLvzSq1w231Ps\n"
337 "Q8f83pG8HgGmt2yyBxAuy2FHdcoDziNuOPE0JxoazfeW87PwDWd/yneEP5wp9GKR\n"
338 "9hJbYlrMuu0ILjJEJqz9I85TG7vyh/7ceJN8Wb+hdQIDAQABo1swWTAPBgNVHRMB\n"
339 "Af8EBTADAQH/MBIGA1UdEQQLMAmHBzEuMi4zLjQwEwYDVR0lBAwwCgYIKwYBBQUH\n"
340 "AwEwHQYDVR0OBBYEFOk8HPutkm7mBqRWLKLhwFMnyPKVMAsGCSqGSIb3DQEBBQOB\n"
341 "gQBmsTKfbgbX2ii/OtdW1bb+eEDwSJI6GYocN61Zb7yv8vCJgTMzAajkGsExpzxt\n"
342 "Sp+lhm0ibluLaWWDKLW4aHLFK6+Zid1Irfz2kFXDpUHz17yiV1Yl8dES+whwWNVF\n"
343 "V4YbqvLUY2LG/bMEZGCcd8NL0eTHdwAXedIrHxSt6TTI2g==\n"
344 "-----END CERTIFICATE-----\n";
345
346 /* Certificate with multiple wildcards SAN but no CN. */
347 char pem6[] =
348 "X.509 Certificate Information:\n"
349 " Version: 3\n"
350 " Serial Number (hex): 00\n"
351 " Validity:\n"
352 " Not Before: Sat May 3 11:00:51 UTC 2008\n"
353 " Not After: Sat May 17 11:00:54 UTC 2008\n"
354 " Subject: O=GnuTLS hostname check test CA\n"
355 " Subject Public Key Algorithm: RSA\n"
356 " Modulus (bits 1024):\n"
357 " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n"
358 " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n"
359 " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n"
360 " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n"
361 " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n"
362 " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n"
363 " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n"
364 " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n"
365 " Exponent:\n"
366 " 01:00:01\n"
367 " Extensions:\n"
368 " Basic Constraints (critical):\n"
369 " Certificate Authority (CA): TRUE\n"
370 " Subject Alternative Name (not critical):\n"
371 " DNSname: *.*.example.org\n"
372 " Key Purpose (not critical):\n"
373 " TLS WWW Server.\n"
374 " Subject Key Identifier (not critical):\n"
375 " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
376 "Other Information:\n"
377 " Public Key Id:\n"
378 " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
379 "\n"
380 "-----BEGIN CERTIFICATE-----\n"
381 "MIICIjCCAY2gAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
382 "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDgwNTAzMTEwMDUxWhcNMDgwNTE3\n"
383 "MTEwMDU0WjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n"
384 "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA0gXBZcu9Hi7re4cHlEyTM/OBg30y\n"
385 "G3FOTn/HvL9LL/JJtc+/wLjoKczzYb0uHeToGd3FvS7wNbH9MNf1qHyDmhOevyXt\n"
386 "CKYFnntOI1nDDlrzv1TH3NQTV6EPop7Iq3Vm3geEjWitcQTgnL3L9gh6l0L4EJQp\n"
387 "AUp+YdcEIQVM8QcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAaBgNVHREEEzAR\n"
388 "gg8qLiouZXhhbXBsZS5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYE\n"
389 "FFST5lmbKDtFKTeIGK75pKu/TZkYMAsGCSqGSIb3DQEBBQOBgQAQ9PStleVvfmlK\n"
390 "wRs8RE/oOO+ouC3qLdnumNEITMRFh8Q12/X4yMLD3CH0aQ/hvHcP26PxAWzpNutk\n"
391 "swNx7AzsCu6pN1t1aI3jLgo8e4/zZi57e8QcRuXZPDJxtJxVhJZX/C4pSz802WhS\n"
392 "64NgtpHEMu9JUHFhtRwPcvVGYqPUUA==\n" "-----END CERTIFICATE-----\n";
393
394 /* Certificate with prefixed and suffixed wildcard SAN but no CN. */
395 char pem7[] =
396 "X.509 Certificate Information:\n"
397 " Version: 3\n"
398 " Serial Number (hex): 00\n"
399 " Validity:\n"
400 " Not Before: Sat May 3 11:02:43 UTC 2008\n"
401 " Not After: Sat May 17 11:02:45 UTC 2008\n"
402 " Subject: O=GnuTLS hostname check test CA\n"
403 " Subject Public Key Algorithm: RSA\n"
404 " Modulus (bits 1024):\n"
405 " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n"
406 " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n"
407 " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n"
408 " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n"
409 " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n"
410 " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n"
411 " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n"
412 " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n"
413 " Exponent:\n"
414 " 01:00:01\n"
415 " Extensions:\n"
416 " Basic Constraints (critical):\n"
417 " Certificate Authority (CA): TRUE\n"
418 " Subject Alternative Name (not critical):\n"
419 " DNSname: foo*bar.example.org\n"
420 " Key Purpose (not critical):\n"
421 " TLS WWW Server.\n"
422 " Subject Key Identifier (not critical):\n"
423 " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
424 "Other Information:\n"
425 " Public Key Id:\n"
426 " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
427 "\n"
428 "-----BEGIN CERTIFICATE-----\n"
429 "MIICJjCCAZGgAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
430 "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDgwNTAzMTEwMjQzWhcNMDgwNTE3\n"
431 "MTEwMjQ1WjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n"
432 "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA0gXBZcu9Hi7re4cHlEyTM/OBg30y\n"
433 "G3FOTn/HvL9LL/JJtc+/wLjoKczzYb0uHeToGd3FvS7wNbH9MNf1qHyDmhOevyXt\n"
434 "CKYFnntOI1nDDlrzv1TH3NQTV6EPop7Iq3Vm3geEjWitcQTgnL3L9gh6l0L4EJQp\n"
435 "AUp+YdcEIQVM8QcCAwEAAaNnMGUwDwYDVR0TAQH/BAUwAwEB/zAeBgNVHREEFzAV\n"
436 "ghNmb28qYmFyLmV4YW1wbGUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1Ud\n"
437 "DgQWBBRUk+ZZmyg7RSk3iBiu+aSrv02ZGDALBgkqhkiG9w0BAQUDgYEAPPNe38jc\n"
438 "8NsZQVKKLYc1Y4y8LRPhvnxkSnlcGa1RzYZY1s12BZ6OVIfyxD1Z9BcNdqRSq7bQ\n"
439 "kEicsGp5ugGQTNq6aSlzYOUD9/fUP3jDsH7HVb36aCF3waGCQWj+pLqK0LYcW2p/\n"
440 "xnr5+z4YevFBhn7l/fMhg8TzKejxYm7TECg=\n" "-----END CERTIFICATE-----\n";
441
442 /* Certificate with ending wildcard SAN but no CN. */
443 char pem8[] =
444 "X.509 Certificate Information:\n"
445 " Version: 3\n"
446 " Serial Number (hex): 00\n"
447 " Validity:\n"
448 " Not Before: Sat May 3 11:24:38 UTC 2008\n"
449 " Not After: Sat May 17 11:24:40 UTC 2008\n"
450 " Subject: O=GnuTLS hostname check test CA\n"
451 " Subject Public Key Algorithm: RSA\n"
452 " Modulus (bits 1024):\n"
453 " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n"
454 " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n"
455 " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n"
456 " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n"
457 " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n"
458 " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n"
459 " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n"
460 " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n"
461 " Exponent:\n"
462 " 01:00:01\n"
463 " Extensions:\n"
464 " Basic Constraints (critical):\n"
465 " Certificate Authority (CA): TRUE\n"
466 " Subject Alternative Name (not critical):\n"
467 " DNSname: www.example.*\n"
468 " Key Purpose (not critical):\n"
469 " TLS WWW Server.\n"
470 " Subject Key Identifier (not critical):\n"
471 " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
472 "Other Information:\n"
473 " Public Key Id:\n"
474 " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
475 "\n"
476 "-----BEGIN CERTIFICATE-----\n"
477 "MIICIDCCAYugAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
478 "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDgwNTAzMTEyNDM4WhcNMDgwNTE3\n"
479 "MTEyNDQwWjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n"
480 "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA0gXBZcu9Hi7re4cHlEyTM/OBg30y\n"
481 "G3FOTn/HvL9LL/JJtc+/wLjoKczzYb0uHeToGd3FvS7wNbH9MNf1qHyDmhOevyXt\n"
482 "CKYFnntOI1nDDlrzv1TH3NQTV6EPop7Iq3Vm3geEjWitcQTgnL3L9gh6l0L4EJQp\n"
483 "AUp+YdcEIQVM8QcCAwEAAaNhMF8wDwYDVR0TAQH/BAUwAwEB/zAYBgNVHREEETAP\n"
484 "gg13d3cuZXhhbXBsZS4qMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBRU\n"
485 "k+ZZmyg7RSk3iBiu+aSrv02ZGDALBgkqhkiG9w0BAQUDgYEAZ7gLXtXwFW61dSAM\n"
486 "0Qt6IN68WBH7LCzetSF8ofG1WVUImCUU3pqXhXYtPGTrswOh2AavWTRbzVTtrFvf\n"
487 "WJg09Z7H6I70RPvAYGsK9t9qJ/4TPoYTGYQgsTbVpkv13O54O6jzemd8Zws/xMH5\n"
488 "7/q6C7P5OUmGOtfVe7UVDY0taQM=\n" "-----END CERTIFICATE-----\n";
489
490 /* Certificate with SAN and CN but for different names. */
491 char pem9[] =
492 "X.509 Certificate Information:\n"
493 " Version: 3\n"
494 " Serial Number (hex): 4a827d5c\n"
495 " Issuer: O=GnuTLS hostname check test CA,CN=foo.example.org\n"
496 " Validity:\n"
497 " Not Before: Wed Aug 12 08:29:17 UTC 2009\n"
498 " Not After: Thu Aug 13 08:29:23 UTC 2009\n"
499 " Subject: O=GnuTLS hostname check test CA,CN=foo.example.org\n"
500 " Subject Public Key Algorithm: RSA\n"
501 " Modulus (bits 1024):\n"
502 " bb:66:43:f5:f2:c5:d7:b6:8c:cc:c5:df:f5:88:3b:b1\n"
503 " c9:4b:6a:0e:a1:ad:20:50:40:08:80:a1:4f:5c:a3:d0\n"
504 " f8:6c:cf:e6:3c:f7:ec:04:76:13:17:8b:64:89:22:5b\n"
505 " c0:dd:53:7c:3b:ed:7c:04:bb:80:b9:28:be:8e:9b:c6\n"
506 " 8e:a0:a5:12:cb:f5:57:1e:a2:e7:bb:b7:33:49:9f:e3\n"
507 " bb:4a:ae:6a:4d:68:ff:c9:11:e2:32:8d:ce:3d:80:0b\n"
508 " 8d:75:ef:d8:00:81:8f:28:04:03:a0:22:8d:61:04:07\n"
509 " fa:b6:37:7d:21:07:49:d2:09:61:69:98:90:a3:58:a9\n"
510 " Exponent (bits 24):\n"
511 " 01:00:01\n"
512 " Extensions:\n"
513 " Basic Constraints (critical):\n"
514 " Certificate Authority (CA): TRUE\n"
515 " Subject Alternative Name (not critical):\n"
516 " DNSname: bar.example.org\n"
517 " Key Purpose (not critical):\n"
518 " TLS WWW Server.\n"
519 " Subject Key Identifier (not critical):\n"
520 " 4cb90a9bfa1d34e37edecbd20715fea1dacb6891\n"
521 " Signature Algorithm: RSA-SHA\n"
522 " Signature:\n"
523 " a2:1f:d2:90:5f:c9:1c:6f:92:1d:c5:0b:ac:b0:17:23\n"
524 " c5:67:46:94:6f:0f:62:7d:66:4c:28:ff:b7:10:73:60\n"
525 " ae:0e:a2:47:82:83:bb:89:0d:f1:16:5e:f9:5b:35:4b\n"
526 " ce:ee:5e:d0:ad:b5:8b:cc:37:b3:ac:4d:1b:58:c2:4f\n"
527 " 1c:7f:c6:ac:3d:25:18:67:37:f0:27:11:9b:2c:20:b6\n"
528 " 78:24:21:a6:77:44:e7:1a:e5:f6:bf:45:84:32:81:67\n"
529 " af:8d:96:26:f7:39:31:6b:63:c5:15:9d:e0:a0:9a:1e\n"
530 " 96:12:cb:ad:85:cb:a7:d4:86:ac:d8:f5:e9:a4:2b:20\n"
531 "Other Information:\n"
532 " MD5 fingerprint:\n"
533 " f27b18092c7497f206e70f504eee0f8e\n"
534 " SHA-1 fingerprint:\n"
535 " bebdac9d0dd54e8f044642e0f065fae5d75ca6e5\n"
536 " Public Key Id:\n"
537 " 4cb90a9bfa1d34e37edecbd20715fea1dacb6891\n"
538 "\n"
539 "-----BEGIN CERTIFICATE-----\n"
540 "MIICWTCCAcSgAwIBAgIESoJ9XDALBgkqhkiG9w0BAQUwQjEmMCQGA1UEChMdR251\n"
541 "VExTIGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0ExGDAWBgNVBAMTD2Zvby5leGFtcGxl\n"
542 "Lm9yZzAeFw0wOTA4MTIwODI5MTdaFw0wOTA4MTMwODI5MjNaMEIxJjAkBgNVBAoT\n"
543 "HUdudVRMUyBob3N0bmFtZSBjaGVjayB0ZXN0IENBMRgwFgYDVQQDEw9mb28uZXhh\n"
544 "bXBsZS5vcmcwgZwwCwYJKoZIhvcNAQEBA4GMADCBiAKBgLtmQ/Xyxde2jMzF3/WI\n"
545 "O7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeLZIkiW8DdU3w77XwEu4C5KL6O\n"
546 "m8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKNzj2AC41179gAgY8oBAOgIo1h\n"
547 "BAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wGgYD\n"
548 "VR0RBBMwEYIPYmFyLmV4YW1wbGUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0G\n"
549 "A1UdDgQWBBRMuQqb+h00437ey9IHFf6h2stokTALBgkqhkiG9w0BAQUDgYEAoh/S\n"
550 "kF/JHG+SHcULrLAXI8VnRpRvD2J9Zkwo/7cQc2CuDqJHgoO7iQ3xFl75WzVLzu5e\n"
551 "0K21i8w3s6xNG1jCTxx/xqw9JRhnN/AnEZssILZ4JCGmd0TnGuX2v0WEMoFnr42W\n"
552 "Jvc5MWtjxRWd4KCaHpYSy62Fy6fUhqzY9emkKyA=\n" "-----END CERTIFICATE-----\n";
553
554 /* Certificate with SAN and CN that match iff you truncate the SAN to
555 the embedded NUL.
556 See <http://thread.gmane.org/gmane.network.gnutls.general/1735>. */
557 char pem10[] =
558 "X.509 Certificate Information:\n"
559 " Version: 3\n"
560 " Serial Number (hex): 0b5d0a870d09\n"
561 " Issuer: C=NN,O=Edel Curl Arctic Illudium Research Cloud,CN=Nothern Nowhere Trust Anchor\n"
562 " Validity:\n"
563 " Not Before: Tue Aug 04 22:07:33 UTC 2009\n"
564 " Not After: Sat Oct 21 22:07:33 UTC 2017\n"
565 " Subject: C=NN,O=Edel Curl Arctic Illudium Research Cloud,CN=localhost\n"
566 " Subject Public Key Algorithm: RSA\n"
567 " Modulus (bits 1024):\n"
568 " be:67:3b:b4:ea:c0:85:b4:c3:56:c1:a4:96:23:36:f5\n"
569 " c6:77:aa:ad:e5:c1:dd:ce:c1:9a:97:07:dd:16:90:eb\n"
570 " f0:38:b5:95:6b:a6:0f:b9:73:4e:7d:82:57:ab:5f:b5\n"
571 " ba:5c:a0:48:8c:82:77:fd:67:d8:53:44:61:86:a5:06\n"
572 " 19:bf:73:51:68:2e:1a:0a:c5:05:39:ca:3d:ca:83:ed\n"
573 " 07:fe:ae:b7:73:1d:60:dd:ab:9e:0e:7e:02:f3:68:42\n"
574 " 93:27:c8:5f:c5:fa:cb:a9:84:06:2f:f3:66:bd:de:7d\n"
575 " 29:82:57:47:e4:a9:df:bf:8b:bc:c0:46:33:5a:7b:87\n"
576 " Exponent (bits 24):\n"
577 " 01:00:01\n"
578 " Extensions:\n"
579 " Subject Alternative Name (not critical):\n"
580 "warning: SAN contains an embedded NUL, replacing with '!'\n"
581 " DNSname: localhost!h\n"
582 " Key Usage (not critical):\n"
583 " Key encipherment.\n"
584 " Key Purpose (not critical):\n"
585 " TLS WWW Server.\n"
586 " Subject Key Identifier (not critical):\n"
587 " 0c37a3db0f73b3388a69d36eb3a7d6d8774eda67\n"
588 " Authority Key Identifier (not critical):\n"
589 " 126b24d24a68b7a1b01ccdbfd64ccc405b7fe040\n"
590 " Basic Constraints (critical):\n"
591 " Certificate Authority (CA): FALSE\n"
592 " Signature Algorithm: RSA-SHA\n"
593 " Signature:\n"
594 " 88:a0:17:77:77:bf:c1:8a:18:4e:a3:94:6e:45:18:31\n"
595 " fa:2f:7b:1f:ee:95:20:d1:cd:40:df:ee:f0:45:2e:e9\n"
596 " e6:cf:c8:77:bd:85:16:d7:9f:18:52:78:3f:ea:9c:86\n"
597 " 62:6e:db:90:b0:cd:f1:c1:6f:2d:87:4a:a0:be:b3:dc\n"
598 " 6d:e4:6b:d1:da:b9:10:25:7e:35:1f:1b:aa:a7:09:2f\n"
599 " 84:77:27:b0:48:a8:6d:54:57:38:35:22:34:03:0f:d4\n"
600 " 5d:ab:1c:72:15:b1:d9:89:56:10:12:fb:7d:0d:18:12\n"
601 " a9:0a:38:dc:93:cf:69:ff:75:86:9e:e3:6b:eb:92:6c\n"
602 " 55:16:d5:65:8b:d7:9c:5e:4b:82:c8:92:6c:8b:e6:18\n"
603 " a2:f8:8c:65:aa:b6:eb:23:ed:cb:99:db:fc:8b:8e:1d\n"
604 " 7a:39:c9:f5:7b:7f:58:7b:ed:01:6c:3c:40:ec:e3:a9\n"
605 " 5f:c4:3d:cb:81:17:03:6d:2d:d7:bd:00:5f:c4:79:f2\n"
606 " fb:ab:c6:0e:a2:01:8b:a1:42:73:de:96:29:3e:bf:d7\n"
607 " d9:51:a7:d4:98:07:7f:f0:f4:cd:00:a1:e1:ac:6c:05\n"
608 " ac:ab:93:1b:b0:5c:2c:13:ad:ff:27:dc:80:99:34:66\n"
609 " bd:e3:31:54:d5:b6:3f:ce:d4:08:a3:52:28:61:5e:bd\n"
610 "Other Information:\n"
611 " MD5 fingerprint:\n"
612 " 0b4d6d944200cdd1639008b24dc0fe0a\n"
613 " SHA-1 fingerprint:\n"
614 " ce85660f5451b0cc12f525577f0eb9411a20c76b\n"
615 " Public Key Id:\n"
616 " a1d18c15e65c7c4935512eeea7ca5d3e6baad4e1\n"
617 "\n"
618 "-----BEGIN CERTIFICATE-----\n"
619 "MIIDQzCCAiugAwIBAgIGC10Khw0JMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT\n"
620 "Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo\n"
621 "IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X\n"
622 "DTA5MDgwNDIyMDczM1oXDTE3MTAyMTIyMDczM1owVDELMAkGA1UEBhMCTk4xMTAv\n"
623 "BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx\n"
624 "EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n"
625 "vmc7tOrAhbTDVsGkliM29cZ3qq3lwd3OwZqXB90WkOvwOLWVa6YPuXNOfYJXq1+1\n"
626 "ulygSIyCd/1n2FNEYYalBhm/c1FoLhoKxQU5yj3Kg+0H/q63cx1g3aueDn4C82hC\n"
627 "kyfIX8X6y6mEBi/zZr3efSmCV0fkqd+/i7zARjNae4cCAwEAAaOBizCBiDAWBgNV\n"
628 "HREEDzANggtsb2NhbGhvc3QAaDALBgNVHQ8EBAMCBSAwEwYDVR0lBAwwCgYIKwYB\n"
629 "BQUHAwEwHQYDVR0OBBYEFAw3o9sPc7M4imnTbrOn1th3TtpnMB8GA1UdIwQYMBaA\n"
630 "FBJrJNJKaLehsBzNv9ZMzEBbf+BAMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEF\n"
631 "BQADggEBAIigF3d3v8GKGE6jlG5FGDH6L3sf7pUg0c1A3+7wRS7p5s/Id72FFtef\n"
632 "GFJ4P+qchmJu25CwzfHBby2HSqC+s9xt5GvR2rkQJX41HxuqpwkvhHcnsEiobVRX\n"
633 "ODUiNAMP1F2rHHIVsdmJVhAS+30NGBKpCjjck89p/3WGnuNr65JsVRbVZYvXnF5L\n"
634 "gsiSbIvmGKL4jGWqtusj7cuZ2/yLjh16Ocn1e39Ye+0BbDxA7OOpX8Q9y4EXA20t\n"
635 "170AX8R58vurxg6iAYuhQnPelik+v9fZUafUmAd/8PTNAKHhrGwFrKuTG7BcLBOt\n"
636 "/yfcgJk0Zr3jMVTVtj/O1AijUihhXr0=\n" "-----END CERTIFICATE-----\n";
637
638 #ifdef ENABLE_OPENPGP
639 /* Check basic OpenPGP comparison too.
640 <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3812>. */
641 char pem11[] =
642 "-----BEGIN PGP PUBLIC KEY BLOCK-----\n"
643 "Version: GnuPG v1.4.6 (GNU/Linux)\n"
644 "\n"
645 "mQGiBEXInlgRBAD0teb6ohIlchkHcFlmmvtVW1KXexlDfXExf8T+fOz5z354GPOX\n"
646 "sDq98ztCEE3hnPEOFj4NT0X3nEtrvLkhmZqrDHSbuJACB4qxeHwEbGFx7OIDW8+u\n"
647 "4sKxpaza1GVf1NQ7VIaQiXaGHy8Esn9SW7oNhK6z5l4TIRlm3OBt3cxU3wCgjnnO\n"
648 "jpGJeeo0OnZzSH+xsNLJQEcEAOmUc+7N9OhpT/gqddIgzYRr/FD0Ad6HBfABol6Q\n"
649 "wWCapzIxggnZJ9i+lHujpcA8idtrBU/DGhkGtW95QaHwQ8d5SvetM7Wc/xoHEP3o\n"
650 "HGvSGoXtfqlofastcC7eso39EBD10cpIB+gUmhe1MpaXm7A6m+KJO+2CkqE1vMkc\n"
651 "tmKHBACzDRrWgkV+AtGWKl3ge9RkYHKxAPc0FBrpzDrvmvvNMaIme2u/+WP/xa4T\n"
652 "nTjgys+pfeplHVfCO/n6nKWrVepMPE0+ZeNWzY6CsfhL7VjSN99vm7qzNHswBiJS\n"
653 "gCSwJXRmQcJcS9hxqLciUyVEB32zPqX24QHnsyPYaSCzEBgOnLQPdGVzdC5nbnV0\n"
654 "bHMub3JniF8EExECACAFAkXInlgCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAK\n"
655 "CRCuX60+XR0U2FcfAJ9eZDmhk5a9k4K/zu+a5xFwb9SWsgCXTkDnOIQmueZPHg5U\n"
656 "VgKnazckK7kCDQRFyJ51EAgAozi9Vk9R5I2AtRcqV4jLfpzh3eiBYSUt4U3ZLxff\n"
657 "LAyvGMUXA7OATGGhuKphNQLux17AGpRN4nugnIWMLE9akyrxXqg/165UFKbwwVsl\n"
658 "po7KzPvEXHmOYDgVEqS0sZNWmkJeMPdCVsD2wifPkocufUu2Ux8CmrvT1nEgoiVu\n"
659 "kUjplJOralQBdsPkIEk8LMVtF3IW2aHCEET0yrJ2Y2q0i/u1K4bxSUi5ESrN0UNa\n"
660 "WT7wtCegdwWlObwJEgwcu/8YtjMnfBI855gXVdJiRLdOJvkU+65I/jnPQG5QEIQM\n"
661 "weLty/+GHkXVN2xw5OGUIryIPUHi8+EDGOGqoxqNUMTzvwADBQf/bTPc0z3oHp+X\n"
662 "hsj3JP/AMCSQV87peKqFYEnRIubsN4Y4tTwVjEkRA3s5u+qTNvdypE1tvAEmdspa\n"
663 "CL/EKfMCEltcW3WUwqUIULQ2Z0t9tBuVfMEH1Z1jjb68IOVwTJYz+iBtmbq5Wxoq\n"
664 "lc5woOCDVL9qaKR6hOuAukTl6L3wQL+5zGBE4k5UfLf8UVJEa4ZTqsoMi3iyQAFO\n"
665 "/h7WzqUATH3aQSz9tpilJ760wadDhc+Sdt2a0W6cC+SBmJaU/ym9seTd26nyWHG+\n"
666 "03G+ynCHf5pBAXHhfCNhA0lMv5h3eJECNElcCh0sYGmo19jOzbnlRSGKRqrflOtO\n"
667 "YwhQXK9y/ohJBBgRAgAJBQJFyJ51AhsMAAoJEK5frT5dHRTYDDgAn2bLaS5n3Xy8\n"
668 "Z/V2Me1st/9pqPfZAJ4+9YBnyjCq/0vosIoZabi+s92m7g==\n"
669 "=NkXV\n" "-----END PGP PUBLIC KEY BLOCK-----\n";
670 #endif
671
672 void
673 doit (void)
674 {
675 gnutls_x509_crt_t x509;
676 #ifdef ENABLE_OPENPGP
677 gnutls_openpgp_crt_t pgp;
678 #endif
679 gnutls_datum_t data;
680 int ret;
681
682 ret = gnutls_global_init ();
683 if (ret < 0)
684 fail ("gnutls_global_init: %d\n", ret);
685
686 ret = gnutls_x509_crt_init (&x509);
687 if (ret < 0)
688 fail ("gnutls_x509_crt_init: %d\n", ret);
689
690 #ifdef ENABLE_OPENPGP
691 ret = gnutls_openpgp_crt_init (&pgp);
692 if (ret < 0)
693 fail ("gnutls_openpgp_crt_init: %d\n", ret);
694 #endif
695
696 success ("Testing pem1...\n");
697 data.data = pem1;
698 data.size = strlen (pem1);
699
700 ret = gnutls_x509_crt_import (x509, &data, GNUTLS_X509_FMT_PEM);
701 if (ret < 0)
702 fail ("gnutls_x509_crt_import: %d\n", ret);
703
704 ret = gnutls_x509_crt_check_hostname (x509, "foo");
705 if (ret)
706 fail ("Hostname incorrectly matches (%d)\n", ret);
707 else
708 success ("Hostname correctly does not match (%d)\n", ret);
709
710 success ("Testing pem2...\n");
711 data.data = pem2;
712 data.size = strlen (pem2);
713
714 ret = gnutls_x509_crt_import (x509, &data, GNUTLS_X509_FMT_PEM);
715 if (ret < 0)
716 fail ("gnutls_x509_crt_import: %d\n", ret);
717
718 ret = gnutls_x509_crt_check_hostname (x509, "foo");
719 if (ret)
720 fail ("Hostname incorrectly matches (%d)\n", ret);
721 else
722 success ("Hostname correctly does not match (%d)\n", ret);
723
724 ret = gnutls_x509_crt_check_hostname (x509, "www.example.org");
725 if (ret)
726 success ("Hostname correctly matches (%d)\n", ret);
727 else
728 fail ("Hostname incorrectly does not match (%d)\n", ret);
729
730 ret = gnutls_x509_crt_check_hostname (x509, "*.example.org");
731 if (ret)
732 fail ("Hostname incorrectly matches (%d)\n", ret);
733 else
734 success ("Hostname correctly does not match (%d)\n", ret);
735
736 success ("Testing pem3...\n");
737 data.data = pem3;
738 data.size = strlen (pem3);
739
740 ret = gnutls_x509_crt_import (x509, &data, GNUTLS_X509_FMT_PEM);
741 if (ret < 0)
742 fail ("gnutls_x509_crt_import: %d\n", ret);
743
744 ret = gnutls_x509_crt_check_hostname (x509, "foo");
745 if (ret)
746 fail ("Hostname incorrectly matches (%d)\n", ret);
747 else
748 success ("Hostname correctly does not match (%d)\n", ret);
749
750 ret = gnutls_x509_crt_check_hostname (x509, "www.example.org");
751 if (ret)
752 success ("Hostname correctly matches (%d)\n", ret);
753 else
754 fail ("Hostname incorrectly does not match (%d)\n", ret);
755
756 ret = gnutls_x509_crt_check_hostname (x509, "*.example.org");
757 if (ret)
758 fail ("Hostname incorrectly matches (%d)\n", ret);
759 else
760 success ("Hostname correctly does not match (%d)\n", ret);
761
762 success ("Testing pem4...\n");
763 data.data = pem4;
764 data.size = strlen (pem4);
765
766 ret = gnutls_x509_crt_import (x509, &data, GNUTLS_X509_FMT_PEM);
767 if (ret < 0)
768 fail ("gnutls_x509_crt_import: %d\n", ret);
769
770 ret = gnutls_x509_crt_check_hostname (x509, "foo");
771 if (ret)
772 fail ("Hostname incorrectly matches (%d)\n", ret);
773 else
774 success ("Hostname correctly does not match (%d)\n", ret);
775
776 ret = gnutls_x509_crt_check_hostname (x509, "www.example.org");
777 if (ret)
778 success ("Hostname correctly matches (%d)\n", ret);
779 else
780 fail ("Hostname incorrectly does not match (%d)\n", ret);
781
782 ret = gnutls_x509_crt_check_hostname (x509, "foo.example.org");
783 if (ret)
784 success ("Hostname correctly matches (%d)\n", ret);
785 else
786 fail ("Hostname incorrectly does not match (%d)\n", ret);
787
788 ret = gnutls_x509_crt_check_hostname (x509, "foo.example.com");
789 if (ret)
790 fail ("Hostname incorrectly matches (%d)\n", ret);
791 else
792 success ("Hostname correctly does not match (%d)\n", ret);
793
794 success ("Testing pem5...\n");
795 data.data = pem5;
796 data.size = strlen (pem5);
797
798 ret = gnutls_x509_crt_import (x509, &data, GNUTLS_X509_FMT_PEM);
799 if (ret < 0)
800 fail ("gnutls_x509_crt_import: %d\n", ret);
801
802 ret = gnutls_x509_crt_check_hostname (x509, "foo");
803 if (ret)
804 fail ("Hostname incorrectly matches (%d)\n", ret);
805 else
806 success ("Hostname correctly does not match (%d)\n", ret);
807
808 ret = gnutls_x509_crt_check_hostname (x509, "1.2.3.4");
809 if (ret)
810 success ("Hostname correctly matches (%d)\n", ret);
811 else
812 fail ("Hostname incorrectly does not match (%d)\n", ret);
813
814 ret = gnutls_x509_crt_check_hostname (x509, "www.example.org");
815 if (ret)
816 fail ("Hostname incorrectly matches (%d)\n", ret);
817 else
818 success ("Hostname correctly does not match (%d)\n", ret);
819
820 success ("Testing pem6...\n");
821 data.data = pem6;
822 data.size = strlen (pem6);
823
824 ret = gnutls_x509_crt_import (x509, &data, GNUTLS_X509_FMT_PEM);
825 if (ret < 0)
826 fail ("gnutls_x509_crt_import: %d\n", ret);
827
828 ret = gnutls_x509_crt_check_hostname (x509, "foo.example.org");
829 if (ret)
830 fail ("Hostname incorrectly matches (%d)\n", ret);
831 else
832 success ("Hostname correctly does not match (%d)\n", ret);
833
834 ret = gnutls_x509_crt_check_hostname (x509, "bar.foo.example.org");
835 if (ret)
836 success ("Hostname correctly matches (%d)\n", ret);
837 else
838 fail ("Hostname incorrectly does not match (%d)\n", ret);
839
840 success ("Testing pem7...\n");
841 data.data = pem7;
842 data.size = strlen (pem7);
843
844 ret = gnutls_x509_crt_import (x509, &data, GNUTLS_X509_FMT_PEM);
845 if (ret < 0)
846 fail ("gnutls_x509_crt_import: %d\n", ret);
847
848 ret = gnutls_x509_crt_check_hostname (x509, "foo.bar.example.org");
849 if (ret)
850 fail ("Hostname incorrectly matches (%d)\n", ret);
851 else
852 success ("Hostname correctly does not match (%d)\n", ret);
853
854 ret = gnutls_x509_crt_check_hostname (x509, "foobar.bar.example.org");
855 if (ret)
856 fail ("Hostname incorrectly matches (%d)\n", ret);
857 else
858 success ("Hostname correctly does not match (%d)\n", ret);
859
860 ret = gnutls_x509_crt_check_hostname (x509, "foobar.example.org");
861 if (ret)
862 success ("Hostname correctly matches (%d)\n", ret);
863 else
864 fail ("Hostname incorrectly does not match (%d)\n", ret);
865
866 ret = gnutls_x509_crt_check_hostname (x509, "foobazbar.example.org");
867 if (ret)
868 success ("Hostname correctly matches (%d)\n", ret);
869 else
870 fail ("Hostname incorrectly does not match (%d)\n", ret);
871
872 success ("Testing pem8...\n");
873 data.data = pem8;
874 data.size = strlen (pem8);
875
876 ret = gnutls_x509_crt_import (x509, &data, GNUTLS_X509_FMT_PEM);
877 if (ret < 0)
878 fail ("gnutls_x509_crt_import: %d\n", ret);
879
880 ret = gnutls_x509_crt_check_hostname (x509, "www.example.org");
881 if (ret)
882 success ("Hostname correctly matches (%d)\n", ret);
883 else
884 fail ("Hostname incorrectly does not match (%d)\n", ret);
885
886 ret = gnutls_x509_crt_check_hostname (x509, "www.example.");
887 if (ret)
888 success ("Hostname correctly matches (%d)\n", ret);
889 else
890 fail ("Hostname incorrectly does not match (%d)\n", ret);
891
892 ret = gnutls_x509_crt_check_hostname (x509, "www.example.com");
893 if (ret)
894 success ("Hostname correctly matches (%d)\n", ret);
895 else
896 fail ("Hostname incorrectly does not match (%d)\n", ret);
897
898 ret = gnutls_x509_crt_check_hostname (x509, "www.example.foo.com");
899 if (ret)
900 fail ("Hostname incorrectly matches (%d)\n", ret);
901 else
902 success ("Hostname correctly does not match (%d)\n", ret);
903
904 success ("Testing pem9...\n");
905 data.data = pem9;
906 data.size = strlen (pem9);
907
908 ret = gnutls_x509_crt_import (x509, &data, GNUTLS_X509_FMT_PEM);
909 if (ret < 0)
910 fail ("gnutls_x509_crt_import: %d\n", ret);
911
912 ret = gnutls_x509_crt_check_hostname (x509, "foo.example.org");
913 if (ret)
914 fail ("Hostname incorrectly matches (%d)\n", ret);
915 else
916 success ("Hostname correctly does not match (%d)\n", ret);
917
918 ret = gnutls_x509_crt_check_hostname (x509, "bar.example.org");
919 if (ret)
920 success ("Hostname correctly matches (%d)\n", ret);
921 else
922 fail ("Hostname incorrectly does not match (%d)\n", ret);
923
924 success ("Testing pem10...\n");
925 data.data = pem10;
926 data.size = strlen (pem10);
927
928 ret = gnutls_x509_crt_import (x509, &data, GNUTLS_X509_FMT_PEM);
929 if (ret < 0)
930 fail ("gnutls_x509_crt_import: %d\n", ret);
931
932 ret = gnutls_x509_crt_check_hostname (x509, "localhost");
933 if (ret)
934 fail ("Hostname incorrectly matches (%d)\n", ret);
935 else
936 success ("Hostname correctly does not match (%d)\n", ret);
937
938 #ifdef ENABLE_OPENPGP
939 success ("Testing pem11...\n");
940 data.data = pem11;
941 data.size = strlen (pem11);
942
943 ret = gnutls_openpgp_crt_import (pgp, &data, GNUTLS_OPENPGP_FMT_BASE64);
944 if (ret < 0)
945 fail ("gnutls_openpgp_crt_import: %d\n", ret);
946
947 ret = gnutls_openpgp_crt_check_hostname (pgp, "test.gnutls.org");
948 if (ret)
949 success ("Hostname correctly matches (%d)\n", ret);
950 else
951 fail ("Hostname incorrectly does not match (%d)\n", ret);
952
953 gnutls_openpgp_crt_deinit (pgp);
954 #endif
955 gnutls_x509_crt_deinit (x509);
956
957 gnutls_global_deinit ();
958 }
Implementation of the SSL/TLS protocol