diff options
author | Matt Caswell <matt@openssl.org> | 2021-12-03 15:18:27 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2021-12-14 13:48:34 +0000 |
commit | 752aa4a6f0f3098258fb6be5592fd18929da59c0 (patch) | |
tree | f2f928d76e672f337fc81798046b4596e3d7f80b /test/certs | |
parent | 3269c8bd9489cf9b03abceab5dee24f831a5e492 (diff) |
Add a TLS test for name constraints with an EE cert without a SAN
It is valid for name constraints to be in force but for there to be no
SAN extension in a certificate. Previous versions of OpenSSL mishandled
this.
Test for CVE-2021-4044
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Diffstat (limited to 'test/certs')
-rw-r--r-- | test/certs/goodcn2-chain.pem | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/test/certs/goodcn2-chain.pem b/test/certs/goodcn2-chain.pem new file mode 100644 index 0000000000..01b7f47f7d --- /dev/null +++ b/test/certs/goodcn2-chain.pem @@ -0,0 +1,40 @@ +-----BEGIN CERTIFICATE----- +MIIDHTCCAgWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 +IE5DIENBIDEwIBcNMjExMjAyMTcyNTAyWhgPMjEyMTEyMDMxNzI1MDJaMDwxIzAh +BgNVBAoMGkdvb2QgTkMgVGVzdCBDZXJ0aWZpY2F0ZSAxMRUwEwYDVQQDDAx3d3cu +Z29vZC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqx1t7HiPe +kRAWdiGUt4pklKGZ7338An6R7/y0e/8Grx2jeUfyc19BAB7MW1p8L+zdMjbclNE0 +UZ6RZZNexfgMksNI/nW+4Lzu8qu2wFx1MjbTpMT8w/vnsGBMthxLu6+2wdnpdD1B +0led8xu7PSBgVULqyHcUvoLeRGEsB14yGx7dbIsokYxno1nr4u3BK5ic9KTTSxJR +Ig93qwo2pAZR7mfnOo33B9alhzvSwmEKJ9v7pERDnIP5ED0HaWFAeXl7GFgoH2y9 +QDyJVuwWsoSWIx4Mr8UIr0IbVJU6KsqEiqqc5P5rX/y4tYMkpHZd9U1EONd2uwmX +dwSp0LEmQb/DAgMBAAGjTTBLMB0GA1UdDgQWBBSfJPZqs1tk+xjjDrovr13ORDWn +ojAfBgNVHSMEGDAWgBQI0Zv55tVkcKDxaxqe7VLa3fVQQzAJBgNVHRMEAjAAMA0G +CSqGSIb3DQEBCwUAA4IBAQAEKXs56hB4DOO1vJe7pByfCHU33ij/ux7u68BdkDQ8 +S9SNaoD7h1XNSmC8kKULvpoKctJzJxh1IH4wtvGGGXsUt1By0a6Y5SnKW9/mG4NM +D4fGea0G2AeI8BHFs6vl8voYK9wgx9Ygus3Kj/8h6V7t2zB8ZhhVqpZkAQEjj0C2 +1IV273wD0VdZl7uB+MEKk+7eTjNMeo6JzlBBf5GhtA1WbLNdszMfI0ljo7HAX+9L +yco0xKSKkZQ+v7VdJBfC6odp+epPMZqfyHrkFzUr8XRJfriP1lydPK7AbXLVrLJg +fIXCvUdxQx4B1LaclUDORL5r2tRhRYdAEKtUz7RpQzJK +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDZjCCAk6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTIwMTIxMjIwMTk0NFoYDzIxMjAxMjEzMjAxOTQ0WjAXMRUwEwYDVQQD +DAxUZXN0IE5DIENBIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC +XjL5JEImsGFW5whlXCfDTeqjZAVb+rSXAhZQ25bP9YvhsbmPVYe8A61zwGStl2rF +mChzN9/+LA40/lh0mjCV82mfNp1XLRPhE9sPGXwfLgJGCy/d6pp/8yGuFmkWPus9 +bhxlOk7ADw4e3R3kVdwn9I3O3mIrI+I45ywZpzrbs/NGFiqhRxXbZTAKyI4INxgB +VZfkoxqesnjD1j36fq7qEVas6gVm27YA9b+31ofFLM7WN811LQELwTdWiF0/xXiO +XawU1QnkrNPxCSPWyeaM4tN50ZPRQA/ArV4I7szKhKskRzGwFgdaxorYn8c+2gTq +fedLPvNw1WPryAumidqTAgMBAAGjgb8wgbwwDwYDVR0TAQH/BAUwAwEB/zALBgNV +HQ8EBAMCAQYwHQYDVR0OBBYEFAjRm/nm1WRwoPFrGp7tUtrd9VBDMB8GA1UdIwQY +MBaAFI71Ja8em2uEPXyAmslTnE1y96NSMFwGA1UdHgRVMFOgUTAOggx3d3cuZ29v +ZC5vcmcwCoIIZ29vZC5jb20wD4ENZ29vZEBnb29kLm9yZzAKgQhnb29kLmNvbTAK +hwh/AAAB/////zAKhwjAqAAA//8AADANBgkqhkiG9w0BAQsFAAOCAQEAVyRsB6B8 +iCYZxBTOO10Bor+Q4xxgs0udVR90/tM57P8GHd10e8suaW2Dtg9stxZJ3cmsn3zd ++QNxNIQuwHTNtVU0OSqKv6puj6ZQETSya4jDAmRqY47R866MHkSwLUYDMFtuM1Wy +gnoD5m1/Uy1K/Wvbnp1Zq4jtTB6su8TmIdJgtpEmte7tIQu5kPXsuJrz/x5a1TfR +hu7h4LJYwKlQtd/LRINnHKd241YSE7PVdG8SPxyrX11hJSC+1Z5Epxc6BCVDVN1E +fyVDdLXvKf30Nlbg2hZfO/cGTmwOt7RImygzhV/s41v4wtMW0EPuVanGQusRgHFm +3JC//UMgfkkwAA== +-----END CERTIFICATE----- |