pax_global_header00006660000000000000000000000064147454223070014522gustar00rootroot0000000000000052 comment=e5eafd555ca1a3163e668f671fdc8d568ee5c23f tlswrapper-20250201/000077500000000000000000000000001474542230700141625ustar00rootroot00000000000000tlswrapper-20250201/.clang-format000066400000000000000000000110321474542230700165320ustar00rootroot00000000000000# 20211227 # based on LLVM # AllowShortBlocksOnASingleLine: Always # AllowShortLoopsOnASingleLine: true # AllowShortIfStatementsOnASingleLine: WithoutElse # IndentWidth: 4 # TabWidth: 4 # SortIncludes: false # BreakBeforeBraces: Custom # BeforeElse: true # ColumnLimit: 80 # SpaceAfterCStyleCast: true # IndentCaseLabels: true --- Language: Cpp # BasedOnStyle: LLVM AccessModifierOffset: -2 AlignAfterOpenBracket: Align AlignConsecutiveMacros: false AlignConsecutiveAssignments: false AlignConsecutiveBitFields: false AlignConsecutiveDeclarations: false AlignEscapedNewlines: Right AlignOperands: Align AlignTrailingComments: true AllowAllArgumentsOnNextLine: true AllowAllConstructorInitializersOnNextLine: true AllowAllParametersOfDeclarationOnNextLine: true AllowShortEnumsOnASingleLine: true AllowShortBlocksOnASingleLine: Always AllowShortCaseLabelsOnASingleLine: false AllowShortFunctionsOnASingleLine: All AllowShortLambdasOnASingleLine: All AllowShortIfStatementsOnASingleLine: WithoutElse AllowShortLoopsOnASingleLine: true AlwaysBreakAfterDefinitionReturnType: None AlwaysBreakAfterReturnType: None AlwaysBreakBeforeMultilineStrings: false AlwaysBreakTemplateDeclarations: MultiLine BinPackArguments: true BinPackParameters: true BraceWrapping: AfterCaseLabel: false AfterClass: false AfterControlStatement: Never AfterEnum: false AfterFunction: false AfterNamespace: false AfterObjCDeclaration: false AfterStruct: false AfterUnion: false AfterExternBlock: false BeforeCatch: false BeforeElse: true BeforeLambdaBody: false BeforeWhile: false IndentBraces: false SplitEmptyFunction: true SplitEmptyRecord: true SplitEmptyNamespace: true BreakBeforeBinaryOperators: None BreakBeforeBraces: Custom BreakBeforeInheritanceComma: false BreakInheritanceList: BeforeColon BreakBeforeTernaryOperators: true BreakConstructorInitializersBeforeComma: false BreakConstructorInitializers: BeforeColon BreakAfterJavaFieldAnnotations: false BreakStringLiterals: true ColumnLimit: 80 CommentPragmas: '^ IWYU pragma:' CompactNamespaces: false ConstructorInitializerAllOnOneLineOrOnePerLine: false ConstructorInitializerIndentWidth: 4 ContinuationIndentWidth: 4 Cpp11BracedListStyle: true DeriveLineEnding: true DerivePointerAlignment: false DisableFormat: false ExperimentalAutoDetectBinPacking: false FixNamespaceComments: true ForEachMacros: - foreach - Q_FOREACH - BOOST_FOREACH IncludeBlocks: Preserve IncludeCategories: - Regex: '^"(llvm|llvm-c|clang|clang-c)/' Priority: 2 SortPriority: 0 - Regex: '^(<|"(gtest|gmock|isl|json)/)' Priority: 3 SortPriority: 0 - Regex: '.*' Priority: 1 SortPriority: 0 IncludeIsMainRegex: '(Test)?$' IncludeIsMainSourceRegex: '' IndentCaseLabels: true IndentCaseBlocks: false IndentGotoLabels: true IndentPPDirectives: None IndentExternBlock: AfterExternBlock IndentWidth: 4 IndentWrappedFunctionNames: false InsertTrailingCommas: None JavaScriptQuotes: Leave JavaScriptWrapImports: true KeepEmptyLinesAtTheStartOfBlocks: true MacroBlockBegin: '' MacroBlockEnd: '' MaxEmptyLinesToKeep: 1 NamespaceIndentation: None ObjCBinPackProtocolList: Auto ObjCBlockIndentWidth: 2 ObjCBreakBeforeNestedBlockParam: true ObjCSpaceAfterProperty: false ObjCSpaceBeforeProtocolList: true PenaltyBreakAssignment: 2 PenaltyBreakBeforeFirstCallParameter: 19 PenaltyBreakComment: 300 PenaltyBreakFirstLessLess: 120 PenaltyBreakString: 1000 PenaltyBreakTemplateDeclaration: 10 PenaltyExcessCharacter: 1000000 PenaltyReturnTypeOnItsOwnLine: 60 PointerAlignment: Right ReflowComments: true SortIncludes: false SortUsingDeclarations: true SpaceAfterCStyleCast: true SpaceAfterLogicalNot: false SpaceAfterTemplateKeyword: true SpaceBeforeAssignmentOperators: true SpaceBeforeCpp11BracedList: false SpaceBeforeCtorInitializerColon: true SpaceBeforeInheritanceColon: true SpaceBeforeParens: ControlStatements SpaceBeforeRangeBasedForLoopColon: true SpaceInEmptyBlock: false SpaceInEmptyParentheses: false SpacesBeforeTrailingComments: 1 SpacesInAngles: false SpacesInConditionalStatement: false # XXX - should be false SpacesInContainerLiterals: true SpacesInCStyleCastParentheses: false SpacesInParentheses: false SpacesInSquareBrackets: false SpaceBeforeSquareBrackets: false Standard: Latest StatementMacros: - Q_UNUSED - QT_REQUIRE_VERSION TabWidth: 4 UseCRLF: false UseTab: Never WhitespaceSensitiveMacros: - STRINGIZE - PP_STRINGIZE - BOOST_PP_STRINGIZE ... tlswrapper-20250201/LICENCE000066400000000000000000000156101474542230700151520ustar00rootroot00000000000000Creative Commons Legal Code CC0 1.0 Universal CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED HEREUNDER. Statement of Purpose The laws of most jurisdictions throughout the world automatically confer exclusive Copyright and Related Rights (defined below) upon the creator and subsequent owner(s) (each and all, an "owner") of an original work of authorship and/or a database (each, a "Work"). Certain owners wish to permanently relinquish those rights to a Work for the purpose of contributing to a commons of creative, cultural and scientific works ("Commons") that the public can reliably and without fear of later claims of infringement build upon, modify, incorporate in other works, reuse and redistribute as freely as possible in any form whatsoever and for any purposes, including without limitation commercial purposes. These owners may contribute to the Commons to promote the ideal of a free culture and the further production of creative, cultural and scientific works, or to gain reputation or greater distribution for their Work in part through the use and efforts of others. For these and/or other purposes and motivations, and without any expectation of additional consideration or compensation, the person associating CC0 with a Work (the "Affirmer"), to the extent that he or she is an owner of Copyright and Related Rights in the Work, voluntarily elects to apply CC0 to the Work and publicly distribute the Work under its terms, with knowledge of his or her Copyright and Related Rights in the Work and the meaning and intended legal effect of CC0 on those rights. 1. Copyright and Related Rights. A Work made available under CC0 may be protected by copyright and related or neighboring rights ("Copyright and Related Rights"). Copyright and Related Rights include, but are not limited to, the following: i. the right to reproduce, adapt, distribute, perform, display, communicate, and translate a Work; ii. moral rights retained by the original author(s) and/or performer(s); iii. publicity and privacy rights pertaining to a person's image or likeness depicted in a Work; iv. rights protecting against unfair competition in regards to a Work, subject to the limitations in paragraph 4(a), below; v. rights protecting the extraction, dissemination, use and reuse of data in a Work; vi. database rights (such as those arising under Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, and under any national implementation thereof, including any amended or successor version of such directive); and vii. other similar, equivalent or corresponding rights throughout the world based on applicable law or treaty, and any national implementations thereof. 2. Waiver. To the greatest extent permitted by, but not in contravention of, applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and unconditionally waives, abandons, and surrenders all of Affirmer's Copyright and Related Rights and associated claims and causes of action, whether now known or unknown (including existing as well as future claims and causes of action), in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each member of the public at large and to the detriment of Affirmer's heirs and successors, fully intending that such Waiver shall not be subject to revocation, rescission, cancellation, termination, or any other legal or equitable action to disrupt the quiet enjoyment of the Work by the public as contemplated by Affirmer's express Statement of Purpose. 3. Public License Fallback. Should any part of the Waiver for any reason be judged legally invalid or ineffective under applicable law, then the Waiver shall be preserved to the maximum extent permitted taking into account Affirmer's express Statement of Purpose. In addition, to the extent the Waiver is so judged Affirmer hereby grants to each affected person a royalty-free, non transferable, non sublicensable, non exclusive, irrevocable and unconditional license to exercise Affirmer's Copyright and Related Rights in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "License"). The License shall be deemed effective as of the date CC0 was applied by Affirmer to the Work. Should any part of the License for any reason be judged legally invalid or ineffective under applicable law, such partial invalidity or ineffectiveness shall not invalidate the remainder of the License, and in such case Affirmer hereby affirms that he or she will not (i) exercise any of his or her remaining Copyright and Related Rights in the Work or (ii) assert any associated claims and causes of action with respect to the Work, in either case contrary to Affirmer's express Statement of Purpose. 4. Limitations and Disclaimers. a. No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document. b. Affirmer offers the Work as-is and makes no representations or warranties of any kind concerning the Work, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non infringement, or the absence of latent or other defects, accuracy, or the present or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law. c. Affirmer disclaims responsibility for clearing rights of other persons that may apply to the Work or any use thereof, including without limitation any person's Copyright and Related Rights in the Work. Further, Affirmer disclaims responsibility for obtaining any necessary consents, permissions or other rights required for any use of the Work. d. Affirmer understands and acknowledges that Creative Commons is not a party to this document and has no duty or obligation with respect to this CC0 or use of the Work. tlswrapper-20250201/Makefile000066400000000000000000000227621474542230700156330ustar00rootroot00000000000000CC?=cc EMPTYDIR?=/var/lib/tlswrapper/empty CFLAGS+=-W -Wall -Os -fPIC -fwrapv -pedantic -DEMPTYDIR=\"$(EMPTYDIR)\" LDFLAGS+=-lbearssl CPPFLAGS?= DESTDIR?= PREFIX?=/usr/local INSTALL?=install BINARIES=tlswrapper BINARIES+=tlswrapper-test all: $(BINARIES) tlswrapper-tcp tlswrapper-smtp alloc.o: alloc.c log.h alloc.h $(CC) $(CFLAGS) $(CPPFLAGS) -c alloc.c blocking.o: blocking.c blocking.h $(CC) $(CFLAGS) $(CPPFLAGS) -c blocking.c buffer.o: buffer.c buffer.h $(CC) $(CFLAGS) $(CPPFLAGS) -c buffer.c case.o: case.c case.h $(CC) $(CFLAGS) $(CPPFLAGS) -c case.c conn.o: conn.c jail.h socket.h milliseconds.h e.h log.h conn.h $(CC) $(CFLAGS) $(CPPFLAGS) -c conn.c connectioninfo.o: connectioninfo.c strtoip.h strtoport.h porttostr.h \ iptostr.h log.h connectioninfo.h $(CC) $(CFLAGS) $(CPPFLAGS) -c connectioninfo.c e.o: e.c e.h $(CC) $(CFLAGS) $(CPPFLAGS) -c e.c fixname.o: fixname.c fixname.h $(CC) $(CFLAGS) $(CPPFLAGS) -c fixname.c fixpath.o: fixpath.c fixpath.h $(CC) $(CFLAGS) $(CPPFLAGS) -c fixpath.c fsyncfile.o: fsyncfile.c fsyncfile.h $(CC) $(CFLAGS) $(CPPFLAGS) -c fsyncfile.c hostport.o: hostport.c strtoport.h hostport.h $(CC) $(CFLAGS) $(CPPFLAGS) -c hostport.c iptostr.o: iptostr.c iptostr.h $(CC) $(CFLAGS) $(CPPFLAGS) -c iptostr.c jail.o: jail.c log.h randommod.h jail.h $(CC) $(CFLAGS) $(CPPFLAGS) -c jail.c jail_poll.o: jail_poll.c log.h jail.h $(CC) $(CFLAGS) $(CPPFLAGS) -c jail_poll.c log.o: log.c e.h randommod.h log.h $(CC) $(CFLAGS) $(CPPFLAGS) -c log.c main_tlswrapper.o: main_tlswrapper.c blocking.h pipe.h log.h e.h jail.h \ strtonum.h randombytes.h haslibrandombytes.h alloc.h connectioninfo.h \ proxyprotocol.h iptostr.h writeall.h fixname.h fixpath.h str.h tls.h \ open.h main.h $(CC) $(CFLAGS) $(CPPFLAGS) -c main_tlswrapper.c main_tlswrapper_smtp.o: main_tlswrapper_smtp.c randombytes.h \ haslibrandombytes.h log.h iptostr.h connectioninfo.h jail.h writeall.h \ buffer.h stralloc.h open.h e.h tls.h blocking.h resolvehost.h hostport.h \ conn.h case.h timeoutwrite.h timeoutread.h strtonum.h main.h $(CC) $(CFLAGS) $(CPPFLAGS) -c main_tlswrapper_smtp.c main_tlswrapper_tcp.o: main_tlswrapper_tcp.c randombytes.h \ haslibrandombytes.h iptostr.h proxyprotocol.h connectioninfo.h \ resolvehost.h strtoport.h socket.h e.h log.h conn.h str.h tls.h jail.h \ randommod.h strtonum.h main.h $(CC) $(CFLAGS) $(CPPFLAGS) -c main_tlswrapper_tcp.c main_tlswrapper_test.o: main_tlswrapper_test.c e.h log.h randombytes.h \ haslibrandombytes.h fsyncfile.h writeall.h str.h tls.h open.h blocking.h \ strtonum.h main.h $(CC) $(CFLAGS) $(CPPFLAGS) -c main_tlswrapper_test.c milliseconds.o: milliseconds.c milliseconds.h $(CC) $(CFLAGS) $(CPPFLAGS) -c milliseconds.c open_pipe.o: open_pipe.c open.h blocking.h $(CC) $(CFLAGS) $(CPPFLAGS) -c open_pipe.c open_read.o: open_read.c open.h $(CC) $(CFLAGS) $(CPPFLAGS) -c open_read.c pipe.o: pipe.c e.h readall.h writeall.h alloc.h pipe.h $(CC) $(CFLAGS) $(CPPFLAGS) -c pipe.c porttostr.o: porttostr.c porttostr.h $(CC) $(CFLAGS) $(CPPFLAGS) -c porttostr.c proxyprotocol.o: proxyprotocol.c e.h log.h str.h buffer.h stralloc.h \ jail.h iptostr.h strtoip.h strtoport.h porttostr.h proxyprotocol.h $(CC) $(CFLAGS) $(CPPFLAGS) -c proxyprotocol.c randombytes.o: randombytes.c randombytes.h haslibrandombytes.h $(CC) $(CFLAGS) $(CPPFLAGS) -c randombytes.c randommod.o: randommod.c randombytes.h haslibrandombytes.h randommod.h $(CC) $(CFLAGS) $(CPPFLAGS) -c randommod.c readall.o: readall.c e.h readall.h $(CC) $(CFLAGS) $(CPPFLAGS) -c readall.c resolvehost.o: resolvehost.c e.h blocking.h log.h jail.h randommod.h \ resolvehost.h $(CC) $(CFLAGS) $(CPPFLAGS) -c resolvehost.c socket.o: socket.c blocking.h socket.h $(CC) $(CFLAGS) $(CPPFLAGS) -c socket.c stralloc.o: stralloc.c alloc.h stralloc.h $(CC) $(CFLAGS) $(CPPFLAGS) -c stralloc.c str.o: str.c str.h $(CC) $(CFLAGS) $(CPPFLAGS) -c str.c strtoip.o: strtoip.c strtoip.h $(CC) $(CFLAGS) $(CPPFLAGS) -c strtoip.c strtonum.o: strtonum.c strtonum.h $(CC) $(CFLAGS) $(CPPFLAGS) -c strtonum.c strtoport.o: strtoport.c strtoport.h $(CC) $(CFLAGS) $(CPPFLAGS) -c strtoport.c timeoutread.o: timeoutread.c timeoutread.h $(CC) $(CFLAGS) $(CPPFLAGS) -c timeoutread.c timeoutwrite.o: timeoutwrite.c timeoutwrite.h $(CC) $(CFLAGS) $(CPPFLAGS) -c timeoutwrite.c tls_anchor.o: tls_anchor.c tls.h $(CC) $(CFLAGS) $(CPPFLAGS) -c tls_anchor.c tls_certfile.o: tls_certfile.c tls.h $(CC) $(CFLAGS) $(CPPFLAGS) -c tls_certfile.c tls_cipher.o: tls_cipher.c str.h log.h tls.h $(CC) $(CFLAGS) $(CPPFLAGS) -c tls_cipher.c tls_crypto_scalarmult.o: tls_crypto_scalarmult.c tls.h haslib25519.h $(CC) $(CFLAGS) $(CPPFLAGS) -c tls_crypto_scalarmult.c tls_ecdhe.o: tls_ecdhe.c str.h tls.h $(CC) $(CFLAGS) $(CPPFLAGS) -c tls_ecdhe.c tls_ecdsa.o: tls_ecdsa.c tls.h $(CC) $(CFLAGS) $(CPPFLAGS) -c tls_ecdsa.c tls_engine.o: tls_engine.c writeall.h log.h tls.h $(CC) $(CFLAGS) $(CPPFLAGS) -c tls_engine.c tls_error.o: tls_error.c tls.h $(CC) $(CFLAGS) $(CPPFLAGS) -c tls_error.c tls_keyjail.o: tls_keyjail.c pipe.h randombytes.h haslibrandombytes.h \ log.h jail.h fixpath.h tls.h $(CC) $(CFLAGS) $(CPPFLAGS) -c tls_keyjail.c tls_keytype.o: tls_keytype.c tls.h $(CC) $(CFLAGS) $(CPPFLAGS) -c tls_keytype.c tls_pem.o: tls_pem.c alloc.h readall.h randombytes.h haslibrandombytes.h \ log.h open.h tls.h $(CC) $(CFLAGS) $(CPPFLAGS) -c tls_pem.c tls_pipe.o: tls_pipe.c tls.h pipe.h randombytes.h haslibrandombytes.h \ alloc.h str.h log.h $(CC) $(CFLAGS) $(CPPFLAGS) -c tls_pipe.c tls_profile.o: tls_profile.c log.h randombytes.h haslibrandombytes.h e.h \ str.h stralloc.h fixpath.h tls.h $(CC) $(CFLAGS) $(CPPFLAGS) -c tls_profile.c tls_pubcrt.o: tls_pubcrt.c randombytes.h haslibrandombytes.h alloc.h \ log.h stralloc.h str.h tls.h $(CC) $(CFLAGS) $(CPPFLAGS) -c tls_pubcrt.c tls_seccrt.o: tls_seccrt.c log.h randombytes.h haslibrandombytes.h str.h \ tls.h $(CC) $(CFLAGS) $(CPPFLAGS) -c tls_seccrt.c tls_version.o: tls_version.c str.h tls.h $(CC) $(CFLAGS) $(CPPFLAGS) -c tls_version.c tlswrapper.o: tlswrapper.c str.h main.h $(CC) $(CFLAGS) $(CPPFLAGS) -c tlswrapper.c tlswrapper-test.o: tlswrapper-test.c str.h main.h $(CC) $(CFLAGS) $(CPPFLAGS) -c tlswrapper-test.c writeall.o: writeall.c e.h jail.h writeall.h $(CC) $(CFLAGS) $(CPPFLAGS) -c writeall.c OBJECTS=alloc.o OBJECTS+=blocking.o OBJECTS+=buffer.o OBJECTS+=case.o OBJECTS+=conn.o OBJECTS+=connectioninfo.o OBJECTS+=e.o OBJECTS+=fixname.o OBJECTS+=fixpath.o OBJECTS+=fsyncfile.o OBJECTS+=hostport.o OBJECTS+=iptostr.o OBJECTS+=jail.o OBJECTS+=jail_poll.o OBJECTS+=log.o OBJECTS+=main_tlswrapper.o OBJECTS+=main_tlswrapper_smtp.o OBJECTS+=main_tlswrapper_tcp.o OBJECTS+=main_tlswrapper_test.o OBJECTS+=milliseconds.o OBJECTS+=open_pipe.o OBJECTS+=open_read.o OBJECTS+=pipe.o OBJECTS+=porttostr.o OBJECTS+=proxyprotocol.o OBJECTS+=randombytes.o OBJECTS+=randommod.o OBJECTS+=readall.o OBJECTS+=resolvehost.o OBJECTS+=socket.o OBJECTS+=stralloc.o OBJECTS+=str.o OBJECTS+=strtoip.o OBJECTS+=strtonum.o OBJECTS+=strtoport.o OBJECTS+=timeoutread.o OBJECTS+=timeoutwrite.o OBJECTS+=tls_anchor.o OBJECTS+=tls_certfile.o OBJECTS+=tls_cipher.o OBJECTS+=tls_crypto_scalarmult.o OBJECTS+=tls_ecdhe.o OBJECTS+=tls_ecdsa.o OBJECTS+=tls_engine.o OBJECTS+=tls_error.o OBJECTS+=tls_keyjail.o OBJECTS+=tls_keytype.o OBJECTS+=tls_pem.o OBJECTS+=tls_pipe.o OBJECTS+=tls_profile.o OBJECTS+=tls_pubcrt.o OBJECTS+=tls_seccrt.o OBJECTS+=tls_version.o OBJECTS+=writeall.o tlswrapper: tlswrapper.o $(OBJECTS) libs $(CC) $(CFLAGS) $(CPPFLAGS) -o tlswrapper tlswrapper.o $(OBJECTS) $(LDFLAGS) `cat libs` tlswrapper-test: tlswrapper-test.o $(OBJECTS) libs $(CC) $(CFLAGS) $(CPPFLAGS) -o tlswrapper-test tlswrapper-test.o $(OBJECTS) $(LDFLAGS) `cat libs` haslib25519.h: tryfeature.sh haslib25519.c libs env CC="$(CC)" CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS) `cat libs`" ./tryfeature.sh haslib25519.c > haslib25519.h cat haslib25519.h haslibrandombytes.h: tryfeature.sh haslibrandombytes.c libs env CC="$(CC)" CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS) `cat libs`" ./tryfeature.sh haslibrandombytes.c > haslibrandombytes.h cat haslibrandombytes.h libs: trylibs.sh env CC="$(CC)" ./trylibs.sh -lsocket -lnsl -lrandombytes -l25519 >libs 2>libs.log cat libs tlswrapper-tcp: tlswrapper ln -s tlswrapper tlswrapper-tcp tlswrapper-smtp: tlswrapper ln -s tlswrapper tlswrapper-smtp install: $(BINARIES) tlswrapper-tcp tlswrapper-smtp mkdir -p $(DESTDIR)$(PREFIX)/bin mkdir -p $(DESTDIR)$(PREFIX)/share/man/man1 mkdir -p $(DESTDIR)$(EMPTYDIR) $(INSTALL) -m 0755 tlswrapper $(DESTDIR)$(PREFIX)/bin/tlswrapper $(INSTALL) -m 0755 tlswrapper-tcp $(DESTDIR)$(PREFIX)/bin/tlswrapper-tcp $(INSTALL) -m 0755 tlswrapper-smtp $(DESTDIR)$(PREFIX)/bin/tlswrapper-smtp $(INSTALL) -m 0644 man/tlswrapper.1 $(DESTDIR)$(PREFIX)/share/man/man1/tlswrapper.1 $(INSTALL) -m 0644 man/tlswrapper-smtp.1 $(DESTDIR)$(PREFIX)/share/man/man1/tlswrapper-smtp.1 $(INSTALL) -m 0644 man/tlswrapper-tcp.1 $(DESTDIR)$(PREFIX)/share/man/man1/tlswrapper-tcp.1 test: $(BINARIES) tlswrapper-tcp tlswrapper-smtp sh runtest.sh test-cipher.sh test-cipher.out test-cipher.exp sh runtest.sh test-ephemeral.sh test-ephemeral.out test-ephemeral.exp sh runtest.sh test-options.sh test-options.out test-options.exp sh runtest.sh test-pp.sh test-pp.out test-pp.exp sh runtest.sh test-badcert.sh test-badcert.out test-badcert.exp sh runtest.sh test-badkey.sh test-badkey.out test-badkey.exp sh runtest.sh test-childexit.sh test-childexit.out test-childexit.exp sh runtest.sh test-okcert.sh test-okcert.out test-okcert.exp clean: rm -f *.log *.o *.out $(BINARIES) libs tlswrapper-tcp tlswrapper-smtp has*.h tlswrapper-20250201/README.md000066400000000000000000000063721474542230700154510ustar00rootroot00000000000000# Description The tlswrapper is an TLS encryption wrapper between remote client and local program prog. Systemd.socket/inetd/tcpserver/... creates the server connection, tlswrapper encrypts/decrypts data stream and reads/writes data from/to the program prog as follows: Internet <--> systemd.socket/inetd/tcpserver/... <--> tlswrapper <--> prog # Security ## Separate process for every connection The tlswrapper is executed from systemd.socket/inetd/tcpserver/... which runs separate instance of tlswrapper for each TLS connection. It ensures that a vulnerability in the code (e.g. bug in the TLS library) can't be used to compromise the memory of another connection. ## Separate process for network connection and separate process for secret-key operation To protect against secret-information leaks to the network connection (such Heartbleed) tlswrapper runs two independent processes for every TLS connection. One process holds secret-keys and runs secret-keys operations and second talks to the network. Processes communicate with each other through UNIX pipes. ## JAIL - Privilege separation, filesystem isolation, limits The tlswrapper processes run under dedicated non-zero uid to prohibit kill, ptrace, etc. Is chrooted into an empty, unwritable directory to prohibit filesystem access. Sets ulimits to prohibit new files, sockets, etc. Sets ulimits to prohibit forks. ## PEM files The tlswrapper uses for simplicity both secret-key and certificates in one PEM file. When the server starts, runs two independent UNIX processes, one for network communication, second for secret-key operations. The network-process is immediately jailed and starts TLS handshake. Secret-key-process starts under root privileges, waits when network-process receives SNI extension from client-hello packet. Then the network-process assemble the PEM filename and sends the name to the secret-key-process. Secret-key-process loads the PEM file and immediatelly is jailed and drops it's privileges. Since here both processes runs jailed (see JAIL above). Note that PEM files are loaded under root privileges, but parsed in jailed unpriviledged process. It ensures that a vulnerability in the parsing code can't be used to gain root privileges/informations. Warning: For security tlswrapper replaces any slash-dots in PEM filename with slash-colons before opening. ## TLS library The tlswrapper uses BearSSL. BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in C. It aims at offering the following features: - Be correct and secure. In particular, insecure protocol versions and choices of algorithms are not supported, by design; cryptographic algorithm implementations are constant-time by default. - Be small, both in RAM and code footprint. For instance, a minimal server implementation may fit in about 20 kilobytes of compiled code and 25 kilobytes of RAM. - Be highly portable. BearSSL targets not only big operating systems like Linux and Windows, but also small embedded systems and even special contexts like bootstrap code. - Be feature-rich and extensible. SSL/TLS has many defined cipher suites and extensions; BearSSL should implement most of them, and allow extra algorithm implementations to be added afterwards, possibly from third parties. # Examples - [examples page](examples.md) tlswrapper-20250201/alloc.c000066400000000000000000000062711474542230700154260ustar00rootroot00000000000000/* version 20220222 */ #include #include #include "log.h" #include "alloc.h" static unsigned char space[alloc_STATICSPACE] __attribute__((aligned(alloc_ALIGNMENT))); static unsigned long long avail = sizeof space; static unsigned long long allocated = 0; static void **ptr = 0; static unsigned long long ptrlen = 0; static unsigned long long ptralloc = 0; static int ptr_add(void *x) { void **newptr; unsigned long long i; if (!x) return 1; if (ptrlen + 1 > ptralloc) { while (ptrlen + 1 > ptralloc) ptralloc = 2 * ptralloc + 1; newptr = (void **) malloc(ptralloc * sizeof(void *)); if (!newptr) return 0; if (ptr) { for (i = 0; i < ptrlen; ++i) newptr[i] = ptr[i]; free(ptr); } ptr = newptr; } ptr[ptrlen++] = x; return 1; } static int ptr_remove(void *x) { unsigned long long i; for (i = 0; i < ptrlen; ++i) { if (ptr[i] == x) goto ok; } return 0; ok: --ptrlen; ptr[i] = ptr[ptrlen]; return 1; } static void cleanup(void *xv, unsigned long long xlen) { volatile unsigned long *x = (volatile unsigned long *) xv; xlen /= sizeof(unsigned long); while (xlen-- > 0) *x++ = 0; __asm__ __volatile__("" : : "r"(xv) : "memory"); } void *alloc(long long norig) { unsigned char *x; unsigned long long i, n = norig; if (norig < 0) { log_e3("alloc(", lognum(norig), ") ... failed, < 0"); goto inval; } if (n == 0) { log_t3("alloc(0), will allocate ", lognum(alloc_ALIGNMENT), " bytes"); n = alloc_ALIGNMENT; } n = ((n + alloc_ALIGNMENT - 1) / alloc_ALIGNMENT) * alloc_ALIGNMENT; if (n <= avail) { avail -= n; log_t3("alloc(", lognum(norig), ") ... ok, static"); return (void *) (space + avail); } n += alloc_ALIGNMENT; allocated += n; if (n != (unsigned long long) (size_t) n) { log_e3("alloc(", lognum(norig), ") ... failed, size_t overflow"); goto nomem; } x = (unsigned char *) malloc(n); if (!x) { log_e3("alloc(", lognum(norig), ") ... failed, malloc() failed"); goto nomem; } cleanup(x, n); for (i = 0; i < alloc_ALIGNMENT; ++i) { *x++ = n; n >>= 8; } if (!ptr_add(x)) { log_e3("alloc(", lognum(norig), ") ... failed, malloc() failed"); goto nomem; } log_t5("alloc(", lognum(norig), ") ... ok, using malloc(), total ", lognum(allocated), " bytes"); return (void *) x; nomem: errno = ENOMEM; return (void *) 0; inval: errno = EINVAL; return (void *) 0; } void alloc_free(void *xv) { unsigned char *x = xv; unsigned long long i, n = 0; if (!x) { log_w1("alloc_free(0)"); return; } if (x >= space) if (x < space + sizeof space) return; ptr_remove(x); for (i = 0; i < alloc_ALIGNMENT; ++i) { n <<= 8; n |= *--x; } cleanup(x, n); free(x); } void alloc_freeall(void) { while (ptrlen > 0) { alloc_free(ptr[0]); } if (ptr) { free(ptr); ptr = 0; ptrlen = ptralloc = 0; } cleanup(space, sizeof space); } tlswrapper-20250201/alloc.h000066400000000000000000000004421474542230700154250ustar00rootroot00000000000000#ifndef _ALLOC_H____ #define _ALLOC_H____ #ifndef alloc_ALIGNMENT #define alloc_ALIGNMENT 16 #endif #ifndef alloc_STATICSPACE #define alloc_STATICSPACE (4096 * alloc_ALIGNMENT) #endif extern void *alloc(long long); extern void alloc_free(void *); extern void alloc_freeall(void); #endif tlswrapper-20250201/blocking.c000066400000000000000000000004551474542230700161220ustar00rootroot00000000000000/* taken from public-domain nacl-20110221, from curvecp/blocking.c */ #include #include "blocking.h" void blocking_enable(int fd) { fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); } void blocking_disable(int fd) { fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) | O_NONBLOCK); } tlswrapper-20250201/blocking.h000066400000000000000000000001641474542230700161240ustar00rootroot00000000000000#ifndef BLOCKING_H #define BLOCKING_H extern void blocking_enable(int); extern void blocking_disable(int); #endif tlswrapper-20250201/buffer.c000066400000000000000000000072211474542230700156010ustar00rootroot00000000000000/* version 20220222 */ #include #include #include "buffer.h" void buffer_init(buffer *s, long long (*op)(int, void *, long long), int fd, void *x, long long xlen) { s->x = x; s->fd = fd; s->op = op; s->p = 0; s->n = xlen; if (s->n < 0) s->n = 0; } long long buffer_write(int fd, void *x, long long xlen) { if (xlen < 0) { errno = EINVAL; return -1; } return write(fd, x, xlen); } static int allwrite(long long (*op)(int, void *, long long), int fd, const void *xv, long long xlen) { char *x = (char *) xv; long long w; while (xlen > 0) { w = xlen; if (w > BUFFER_OUTSIZE) w = BUFFER_OUTSIZE; w = op(fd, x, w); if (w == -1) { if (errno == EINTR) continue; return -1; } x += w; xlen -= w; } return 0; } int buffer_flush(buffer *s) { if (allwrite(s->op, s->fd, s->x, s->p) < 0) return -1; s->p = 0; return 0; } int buffer_put(buffer *s, const void *xv, long long xlen) { char *x = (char *) xv; long long i, n; if (xlen < 0) { errno = EINVAL; return -1; } if (xlen > (n = s->n - s->p)) { for (i = 0; i < n; ++i) s->x[s->p + i] = x[i]; s->p += n; x += n; xlen -= n; if (buffer_flush(s) == -1) return -1; } if (xlen >= s->n) return allwrite(s->op, s->fd, x, xlen); for (i = 0; i < xlen; ++i) s->x[s->p + i] = x[i]; s->p += xlen; return 0; } int buffer_puts(buffer *s, const char *x) { long long xlen; for (xlen = 0; x[xlen]; ++xlen) ; return buffer_put(s, x, xlen); } int buffer_putflush(buffer *s, const void *xv, long long xlen) { if (xlen < 0) { errno = EINVAL; return -1; } if (buffer_flush(s) == -1) return -1; return allwrite(s->op, s->fd, xv, xlen); } int buffer_putsflush(buffer *s, const char *x) { long long xlen; for (xlen = 0; x[xlen]; ++xlen) ; return buffer_putflush(s, x, xlen); } long long buffer_read(int fd, void *x, long long xlen) { if (xlen < 0) { errno = EINVAL; return -1; } return read(fd, x, xlen); } static long long oneread(long long (*op)(int, void *, long long), int fd, void *x, long long xlen) { long long r; for (;;) { if (xlen > BUFFER_INSIZE) xlen = BUFFER_INSIZE; r = op(fd, x, xlen); if (r == -1 && errno == EINTR) continue; return r; } } long long buffer_feed(buffer *s) { long long i, r; if (s->p) return s->p; r = oneread(s->op, s->fd, s->x, s->n); if (r <= 0) return r; s->p = r; s->n -= r; if (s->n > 0) for (i = r - 1; i >= 0; --i) s->x[s->n + i] = s->x[i]; return r; } static long long getthis(buffer *s, char *x, long long xlen) { long long i; if (xlen > s->p) xlen = s->p; s->p -= xlen; for (i = 0; i < xlen; ++i) x[i] = s->x[s->n + i]; s->n += xlen; return xlen; } long long buffer_get(buffer *s, void *xv, long long xlen) { long long r; if (xlen < 0) { errno = EINVAL; return -1; } if (s->p > 0) return getthis(s, xv, xlen); if (s->n <= xlen) return oneread(s->op, s->fd, xv, xlen); r = buffer_feed(s); if (r <= 0) return r; return getthis(s, xv, xlen); } int buffer_copy(buffer *bout, buffer *bin) { long long n; char *x; for (;;) { n = buffer_feed(bin); if (n < 0) return -2; if (!n) return 0; x = buffer_PEEK(bin); if (buffer_put(bout, x, n) == -1) return -3; buffer_SEEK(bin, n); } } tlswrapper-20250201/buffer.h000066400000000000000000000030501474542230700156020ustar00rootroot00000000000000#ifndef _BUFFER_H____ #define _BUFFER_H____ typedef struct buffer { char *x; long long p; long long n; int fd; long long (*op)(int, void *, long long); } buffer; #define BUFFER_INSIZE 8192 #define BUFFER_OUTSIZE 8192 /* init */ extern void buffer_init(buffer *, long long (*)(int, void *, long long), int, void *, long long); #define buffer_INIT(op, fd, buf, len) \ { (buf), 0, (len), (fd), (op) } /* write */ extern long long buffer_write(int, void *, long long); extern int buffer_flush(buffer *); extern int buffer_put(buffer *, const void *, long long); extern int buffer_puts(buffer *, const char *); extern int buffer_putflush(buffer *, const void *, long long); extern int buffer_putsflush(buffer *, const char *); #define buffer_PUTC(s, c) \ (((s)->n != (s)->p) ? ((s)->x[(s)->p++] = (c), 0) \ : buffer_put((s), &(c), 1)) /* read */ extern long long buffer_read(int, void *, long long); extern long long buffer_get(buffer *, void *, long long); extern long long buffer_feed(buffer *); #define buffer_PEEK(s) ((s)->x + (s)->n) #define buffer_SEEK(s, len) (((s)->p -= (len)), ((s)->n += (len))) #define buffer_GETC(s, ch) \ (((s)->p > 0) ? (*(ch) = (s)->x[(s)->n], buffer_SEEK((s), 1), 1) \ : buffer_get((s), (ch), 1)) /* copy */ extern int buffer_copy(buffer *, buffer *); #endif tlswrapper-20250201/case.c000066400000000000000000000040201474542230700152350ustar00rootroot00000000000000/* version 20220221 */ #include "case.h" int case_diffb(const char *s, long long len, const char *t) { unsigned char x, y; while (len > 0) { --len; x = *s++ - 'A'; if (x <= 'Z' - 'A') x += 'a'; else x += 'A'; y = *t++ - 'A'; if (y <= 'Z' - 'A') y += 'a'; else y += 'A'; if (x != y) return ((int) (unsigned int) x) - ((int) (unsigned int) y); } return 0; } int case_diffs(const char *s, const char *t) { unsigned char x, y; for (;;) { x = *s++ - 'A'; if (x <= 'Z' - 'A') x += 'a'; else x += 'A'; y = *t++ - 'A'; if (y <= 'Z' - 'A') y += 'a'; else y += 'A'; if (x != y) break; if (!x) break; } return ((int) (unsigned int) x) - ((int) (unsigned int) y); } int case_startb(const char *s, long long len, const char *t) { unsigned char x, y; for (;;) { y = *t++ - 'A'; if (y <= 'Z' - 'A') y += 'a'; else y += 'A'; if (!y) return 1; if (!len) return 0; --len; x = *s++ - 'A'; if (x <= 'Z' - 'A') x += 'a'; else x += 'A'; if (x != y) return 0; } } int case_starts(const char *s, const char *t) { unsigned char x, y; for (;;) { x = *s++ - 'A'; if (x <= 'Z' - 'A') x += 'a'; else x += 'A'; y = *t++ - 'A'; if (y <= 'Z' - 'A') y += 'a'; else y += 'A'; if (!y) return 1; if (x != y) return 0; } } void case_lowerb(char *s, long long len) { unsigned char x; while (len > 0) { --len; x = *s - 'A'; if (x <= 'Z' - 'A') *s = x + 'a'; ++s; } } void case_lowers(char *s) { unsigned char x; while ((x = *s)) { x -= 'A'; if (x <= 'Z' - 'A') *s = x + 'a'; ++s; } } tlswrapper-20250201/case.h000066400000000000000000000007221474542230700152470ustar00rootroot00000000000000#ifndef _CASE_H____ #define _CASE_H____ extern int case_diffb(const char *, long long, const char *); extern int case_diffs(const char *, const char *); extern int case_startb(const char *, long long, const char *); extern int case_starts(const char *, const char *); extern void case_lowerb(char *, long long); extern void case_lowers(char *); #define case_equals(s, t) (!case_diffs((s), (t))) #define case_equalb(s, t, len) (!case_diffb((s), (t), (len))) #endif tlswrapper-20250201/conn.c000066400000000000000000000063561474542230700152750ustar00rootroot00000000000000#include #include #include #include "jail.h" #include "socket.h" #include "milliseconds.h" #include "e.h" #include "log.h" #include "conn.h" #define MAXIP 8 static int fds[MAXIP] = {-1, -1, -1, -1, -1, -1, -1, -1}; static unsigned char *conn_getip(int fd, unsigned char *ip, long long iplen) { long long i; if (iplen > MAXIP * 16) iplen = MAXIP * 16; for (i = 0; i < iplen / 16; ++i) { if (fd == fds[i]) { return ip + 16 * i; } } return 0; } static void conn_copyip(int fd, unsigned char *ip, long long iplen) { long long i; if (iplen > MAXIP * 16) iplen = MAXIP * 16; for (i = 0; i < iplen / 16; ++i) { if (fd == fds[i]) { memcpy(ip, ip + 16 * i, 16); } else { if (fds[i] != -1) { close(fds[i]); fds[i] = -1; } } } } static void conn_closefd(int fd) { long long i; for (i = 0; i < MAXIP; ++i) { if (fds[i] == -1) continue; if (fds[i] == fd) { close(fds[i]); fds[i] = -1; } } } int conn_init(long long num) { long long i; if (num > MAXIP) num = MAXIP; for (i = 0; i < num; ++i) { fds[i] = socket_tcp(); if (fds[i] == -1) return 0; } return 1; } int conn(long long timeout, unsigned char *ip, long long iplen, unsigned char *port) { long long i; struct pollfd p[MAXIP]; long long tm, deadline, plen; deadline = milliseconds() + 1000 * timeout; if (iplen > MAXIP * 16) iplen = MAXIP * 16; if (timeout < 1 || !ip || !port || iplen < 16) { errno = EINVAL; return -1; } for (i = 0; i < iplen / 16; ++i) { log_d4("sending connect to [", logip(ip + 16 * i), "]:", logport(port)); if (socket_connect(fds[i], ip + 16 * i, port, 0) == 0) { memcpy(ip, ip + 16 * i, 16); return fds[i]; } if (errno != EINPROGRESS && errno != EWOULDBLOCK) { log_w4("unable to connect to [", logip(ip + 16 * i), "]:", logport(port)); close(fds[i]); fds[i] = -1; } } for (;;) { plen = 0; for (i = 0; i < iplen / 16; ++i) { if (fds[i] != -1) { p[plen].fd = fds[i]; p[plen].events = POLLOUT; ++plen; } } if (plen == 0) return -1; tm = deadline - milliseconds(); if (tm <= 0) { errno = ETIMEDOUT; for (i = 0; i < plen; ++i) { log_w4("unable to connect to [", logip(conn_getip(p[i].fd, ip, iplen)), "]:", logport(port)); } return -1; } jail_poll(p, plen, tm); for (i = 0; i < plen; ++i) { if (p[i].revents) { if (socket_connected(p[i].fd)) { conn_copyip(p[i].fd, ip, iplen); errno = 0; return p[i].fd; } log_w4("unable to connect to [", logip(conn_getip(p[i].fd, ip, iplen)), "]:", logport(port)); conn_closefd(p[i].fd); } } } } tlswrapper-20250201/conn.h000066400000000000000000000002771474542230700152760ustar00rootroot00000000000000#ifndef _CONN_H____ #define _CONN_H____ extern int conn_init(long long); extern int conn(long long timeout, unsigned char *ip, long long iplen, unsigned char *port); #endif tlswrapper-20250201/connectioninfo.c000066400000000000000000000076061474542230700173520ustar00rootroot00000000000000/* 20211119 Jan Mojzis Public domain. */ #include #include #include #include #include #include #include #include "strtoip.h" #include "strtoport.h" #include "porttostr.h" #include "iptostr.h" #include "log.h" #include "connectioninfo.h" /* The connectioninfo_fromfd function gets informations about TCP connection from the getsockname(), getpeername() libc functions. Also sets env. variables TCPREMOTEIP, TCPREMOTEPORT, TCPLOCALIP, TCPLOCALPORT. */ static int connectioninfo_fromfd(unsigned char *localip, unsigned char *localport, unsigned char *remoteip, unsigned char *remoteport) { int fd = 0; struct sockaddr_storage sa; socklen_t salen = sizeof sa; /* local ip */ if (getsockname(fd, (struct sockaddr *) &sa, &salen) == -1) return 0; if (sa.ss_family == AF_INET) { struct sockaddr_in *sin = (struct sockaddr_in *) &sa; memcpy(localip, "\0\0\0\0\0\0\0\0\0\0\377\377", 12); memcpy(localip + 12, &sin->sin_addr, 4); memcpy(localport, &sin->sin_port, 2); } if (sa.ss_family == AF_INET6) { struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) &sa; memcpy(localip, &sin6->sin6_addr, 16); memcpy(localport, &sin6->sin6_port, 2); } /* remote ip */ if (getpeername(fd, (struct sockaddr *) &sa, &salen) == -1) return 0; if (sa.ss_family == AF_INET) { struct sockaddr_in *sin = (struct sockaddr_in *) &sa; memcpy(remoteip, "\0\0\0\0\0\0\0\0\0\0\377\377", 12); memcpy(remoteip + 12, &sin->sin_addr, 4); memcpy(remoteport, &sin->sin_port, 2); } if (sa.ss_family == AF_INET6) { struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) &sa; memcpy(remoteip, &sin6->sin6_addr, 16); memcpy(remoteport, &sin6->sin6_port, 2); } log_t8("connectioninfo_fromfd(): localip=", logip(localip), ", localport=", logport(localport), ", remote=", logip(remoteip), ", remoteport=", logport(remoteport)); return 1; } /* The connectioninfo_fromenv function gets informations about TCP connection from the environment. */ static int connectioninfo_fromenv(unsigned char *localip, unsigned char *localport, unsigned char *remoteip, unsigned char *remoteport) { if (!strtoip(localip, getenv("TCPLOCALIP"))) return 0; if (!strtoport(localport, getenv("TCPLOCALPORT"))) return 0; if (!strtoip(remoteip, getenv("TCPREMOTEIP"))) return 0; if (!strtoport(remoteport, getenv("TCPREMOTEPORT"))) return 0; log_t8("connectioninfo_fromenv(): localip=", logip(localip), ", localport=", logport(localport), ", remote=", logip(remoteip), ", remoteport=", logport(remoteport)); return 1; } int connectioninfo_get(unsigned char *localip, unsigned char *localport, unsigned char *remoteip, unsigned char *remoteport) { if (connectioninfo_fromenv(localip, localport, remoteip, remoteport)) return 1; if (connectioninfo_fromfd(localip, localport, remoteip, remoteport)) return 1; log_w1("connectioninfo_get() failed"); return 0; } void connectioninfo_set(unsigned char *localip, unsigned char *localport, unsigned char *remoteip, unsigned char *remoteport) { (void) setenv("TCPREMOTEIP", iptostr(0, remoteip), 1); (void) setenv("TCPREMOTEPORT", porttostr(0, remoteport), 1); (void) setenv("TCPLOCALIP", iptostr(0, localip), 1); (void) setenv("TCPLOCALPORT", porttostr(0, localport), 1); log_t8("connectioninfo_set(): localip=", logip(localip), ", localport=", logport(localport), ", remote=", logip(remoteip), ", remoteport=", logport(remoteport)); } tlswrapper-20250201/connectioninfo.h000066400000000000000000000005111474542230700173430ustar00rootroot00000000000000#ifndef _CONNECTIONINFO_H____ #define _CONNECTIONINFO_H____ extern int connectioninfo_get(unsigned char *, unsigned char *, unsigned char *, unsigned char *); extern void connectioninfo_set(unsigned char *, unsigned char *, unsigned char *, unsigned char *); #endif tlswrapper-20250201/e.c000066400000000000000000000076241474542230700145630ustar00rootroot00000000000000/* taken from public-domain nacl-20110221, from curvecp/e.c */ #include "e.h" #define X(e, s) \ if (i == e) return s; const char *e_str(int i) { X(0, "no error"); X(EINTR, "interrupted system call") X(ENOMEM, "out of memory") X(ENOENT, "file does not exist") X(ETXTBSY, "text busy") X(EIO, "input/output error") X(EEXIST, "file already exists") X(ETIMEDOUT, "timed out") X(EINPROGRESS, "operation in progress") X(EAGAIN, "temporary failure") X(EWOULDBLOCK, "input/output would block") X(EPIPE, "broken pipe") X(EPERM, "permission denied") X(EACCES, "access denied") X(ENODEV, "device not configured") X(EPROTO, "protocol error") X(EISDIR, "is a directory") X(ESRCH, "no such process") X(E2BIG, "argument list too long") X(ENOEXEC, "exec format error") X(EBADF, "file descriptor not open") X(ECHILD, "no child processes") X(EDEADLK, "operation would cause deadlock") X(EFAULT, "bad address") X(ENOTBLK, "not a block device") X(EBUSY, "device busy") X(EXDEV, "cross-device link") X(ENODEV, "device does not support operation") X(ENOTDIR, "not a directory") X(EINVAL, "invalid argument") X(ENFILE, "system cannot open more files") X(EMFILE, "process cannot open more files") X(ENOTTY, "not a tty") X(EFBIG, "file too big") X(ENOSPC, "out of disk space") X(ESPIPE, "unseekable descriptor") X(EROFS, "read-only file system") X(EMLINK, "too many links") X(EDOM, "input out of range") X(ERANGE, "output out of range") X(EALREADY, "operation already in progress") X(ENOTSOCK, "not a socket") X(EDESTADDRREQ, "destination address required") X(EMSGSIZE, "message too long") X(EPROTOTYPE, "incorrect protocol type") X(ENOPROTOOPT, "protocol not available") X(EPROTONOSUPPORT, "protocol not supported") X(ESOCKTNOSUPPORT, "socket type not supported") X(EOPNOTSUPP, "operation not supported") X(EPFNOSUPPORT, "protocol family not supported") X(EAFNOSUPPORT, "address family not supported") X(EADDRINUSE, "address already used") X(EADDRNOTAVAIL, "address not available") X(ENETDOWN, "network down") X(ENETUNREACH, "network unreachable") X(ENETRESET, "network reset") X(ECONNABORTED, "connection aborted") X(ECONNRESET, "connection reset") X(ENOBUFS, "out of buffer space") X(EISCONN, "already connected") X(ENOTCONN, "not connected") X(ESHUTDOWN, "socket shut down") X(ETOOMANYREFS, "too many references") X(ECONNREFUSED, "connection refused") X(ELOOP, "symbolic link loop") X(ENAMETOOLONG, "file name too long") X(EHOSTDOWN, "host down") X(EHOSTUNREACH, "host unreachable") X(ENOTEMPTY, "directory not empty") X(EPROCLIM, "too many processes") X(EUSERS, "too many users") X(EDQUOT, "disk quota exceeded") X(ESTALE, "stale NFS file handle") X(EREMOTE, "too many levels of remote in path") X(EBADRPC, "RPC structure is bad") X(ERPCMISMATCH, "RPC version mismatch") X(EPROGUNAVAIL, "RPC program unavailable") X(EPROGMISMATCH, "program version mismatch") X(EPROCUNAVAIL, "bad procedure for program") X(ENOLCK, "no locks available") X(ENOSYS, "system call not available") X(EFTYPE, "bad file type") X(EAUTH, "authentication error") X(ENEEDAUTH, "not authenticated") X(ENOSTR, "not a stream device") X(ETIME, "timer expired") X(ENOSR, "out of stream resources") X(ENOMSG, "no message of desired type") X(EBADMSG, "bad message type") X(EIDRM, "identifier removed") X(ENONET, "machine not on network") X(EREMOTE, "object not local") X(ENOLINK, "link severed") X(EADV, "advertise error") X(ESRMNT, "srmount error") X(ECOMM, "communication error") X(EMULTIHOP, "multihop attempted") X(EREMCHG, "remote address changed") return "unknown error"; } tlswrapper-20250201/e.h000066400000000000000000000155061474542230700145660ustar00rootroot00000000000000#ifndef E_H #define E_H #include extern const char *e_str(int); #ifndef EPERM #define EPERM (-5001) #endif #ifndef ENOENT #define ENOENT (-5002) #endif #ifndef ESRCH #define ESRCH (-5003) #endif #ifndef EINTR #define EINTR (-5004) #endif #ifndef EIO #define EIO (-5005) #endif #ifndef ENXIO #define ENXIO (-5006) #endif #ifndef E2BIG #define E2BIG (-5007) #endif #ifndef ENOEXEC #define ENOEXEC (-5008) #endif #ifndef EBADF #define EBADF (-5009) #endif #ifndef ECHILD #define ECHILD (-5010) #endif #ifndef EAGAIN #define EAGAIN (-5011) #endif #ifndef EWOULDBLOCK #define EWOULDBLOCK (-7011) #endif #ifndef ENOMEM #define ENOMEM (-5012) #endif #ifndef EACCES #define EACCES (-5013) #endif #ifndef EFAULT #define EFAULT (-5014) #endif #ifndef ENOTBLK #define ENOTBLK (-5015) #endif #ifndef EBUSY #define EBUSY (-5016) #endif #ifndef EEXIST #define EEXIST (-5017) #endif #ifndef EXDEV #define EXDEV (-5018) #endif #ifndef ENODEV #define ENODEV (-5019) #endif #ifndef ENOTDIR #define ENOTDIR (-5020) #endif #ifndef EISDIR #define EISDIR (-5021) #endif #ifndef EINVAL #define EINVAL (-5022) #endif #ifndef ENFILE #define ENFILE (-5023) #endif #ifndef EMFILE #define EMFILE (-5024) #endif #ifndef ENOTTY #define ENOTTY (-5025) #endif #ifndef ETXTBSY #define ETXTBSY (-5026) #endif #ifndef EFBIG #define EFBIG (-5027) #endif #ifndef ENOSPC #define ENOSPC (-5028) #endif #ifndef ESPIPE #define ESPIPE (-5029) #endif #ifndef EROFS #define EROFS (-5030) #endif #ifndef EMLINK #define EMLINK (-5031) #endif #ifndef EPIPE #define EPIPE (-5032) #endif #ifndef EDOM #define EDOM (-5033) #endif #ifndef ERANGE #define ERANGE (-5034) #endif #ifndef EDEADLK #define EDEADLK (-5035) #endif #ifndef EDEADLOCK #define EDEADLOCK (-7035) #endif #ifndef ENAMETOOLONG #define ENAMETOOLONG (-5036) #endif #ifndef ENOLCK #define ENOLCK (-5037) #endif #ifndef ENOSYS #define ENOSYS (-5038) #endif #ifndef ENOTEMPTY #define ENOTEMPTY (-5039) #endif #ifndef ELOOP #define ELOOP (-5040) #endif #ifndef ENOMSG #define ENOMSG (-5042) #endif #ifndef EIDRM #define EIDRM (-5043) #endif #ifndef ECHRNG #define ECHRNG (-5044) #endif #ifndef EL2NSYNC #define EL2NSYNC (-5045) #endif #ifndef EL3HLT #define EL3HLT (-5046) #endif #ifndef EL3RST #define EL3RST (-5047) #endif #ifndef ELNRNG #define ELNRNG (-5048) #endif #ifndef EUNATCH #define EUNATCH (-5049) #endif #ifndef ENOCSI #define ENOCSI (-5050) #endif #ifndef EL2HLT #define EL2HLT (-5051) #endif #ifndef EBADE #define EBADE (-5052) #endif #ifndef EBADR #define EBADR (-5053) #endif #ifndef EXFULL #define EXFULL (-5054) #endif #ifndef ENOANO #define ENOANO (-5055) #endif #ifndef EBADRQC #define EBADRQC (-5056) #endif #ifndef EBADSLT #define EBADSLT (-5057) #endif #ifndef EBFONT #define EBFONT (-5059) #endif #ifndef ENOSTR #define ENOSTR (-5060) #endif #ifndef ENODATA #define ENODATA (-5061) #endif #ifndef ETIME #define ETIME (-5062) #endif #ifndef ENOSR #define ENOSR (-5063) #endif #ifndef ENONET #define ENONET (-5064) #endif #ifndef ENOPKG #define ENOPKG (-5065) #endif #ifndef EREMOTE #define EREMOTE (-5066) #endif #ifndef ENOLINK #define ENOLINK (-5067) #endif #ifndef EADV #define EADV (-5068) #endif #ifndef ESRMNT #define ESRMNT (-5069) #endif #ifndef ECOMM #define ECOMM (-5070) #endif #ifndef EPROTO #define EPROTO (-5071) #endif #ifndef EMULTIHOP #define EMULTIHOP (-5072) #endif #ifndef EDOTDOT #define EDOTDOT (-5073) #endif #ifndef EBADMSG #define EBADMSG (-5074) #endif #ifndef EOVERFLOW #define EOVERFLOW (-5075) #endif #ifndef ENOTUNIQ #define ENOTUNIQ (-5076) #endif #ifndef EBADFD #define EBADFD (-5077) #endif #ifndef EREMCHG #define EREMCHG (-5078) #endif #ifndef ELIBACC #define ELIBACC (-5079) #endif #ifndef ELIBBAD #define ELIBBAD (-5080) #endif #ifndef ELIBSCN #define ELIBSCN (-5081) #endif #ifndef ELIBMAX #define ELIBMAX (-5082) #endif #ifndef ELIBEXEC #define ELIBEXEC (-5083) #endif #ifndef EILSEQ #define EILSEQ (-5084) #endif #ifndef ERESTART #define ERESTART (-5085) #endif #ifndef ESTRPIPE #define ESTRPIPE (-5086) #endif #ifndef EUSERS #define EUSERS (-5087) #endif #ifndef ENOTSOCK #define ENOTSOCK (-5088) #endif #ifndef EDESTADDRREQ #define EDESTADDRREQ (-5089) #endif #ifndef EMSGSIZE #define EMSGSIZE (-5090) #endif #ifndef EPROTOTYPE #define EPROTOTYPE (-5091) #endif #ifndef ENOPROTOOPT #define ENOPROTOOPT (-5092) #endif #ifndef EPROTONOSUPPORT #define EPROTONOSUPPORT (-5093) #endif #ifndef ESOCKTNOSUPPORT #define ESOCKTNOSUPPORT (-5094) #endif #ifndef EOPNOTSUPP #define EOPNOTSUPP (-5095) #endif #ifndef EPFNOSUPPORT #define EPFNOSUPPORT (-5096) #endif #ifndef EAFNOSUPPORT #define EAFNOSUPPORT (-5097) #endif #ifndef EADDRINUSE #define EADDRINUSE (-5098) #endif #ifndef EADDRNOTAVAIL #define EADDRNOTAVAIL (-5099) #endif #ifndef ENETDOWN #define ENETDOWN (-5100) #endif #ifndef ENETUNREACH #define ENETUNREACH (-5101) #endif #ifndef ENETRESET #define ENETRESET (-5102) #endif #ifndef ECONNABORTED #define ECONNABORTED (-5103) #endif #ifndef ECONNRESET #define ECONNRESET (-5104) #endif #ifndef ENOBUFS #define ENOBUFS (-5105) #endif #ifndef EISCONN #define EISCONN (-5106) #endif #ifndef ENOTCONN #define ENOTCONN (-5107) #endif #ifndef ESHUTDOWN #define ESHUTDOWN (-5108) #endif #ifndef ETOOMANYREFS #define ETOOMANYREFS (-5109) #endif #ifndef ETIMEDOUT #define ETIMEDOUT (-5110) #endif #ifndef ECONNREFUSED #define ECONNREFUSED (-5111) #endif #ifndef EHOSTDOWN #define EHOSTDOWN (-5112) #endif #ifndef EHOSTUNREACH #define EHOSTUNREACH (-5113) #endif #ifndef EALREADY #define EALREADY (-5114) #endif #ifndef EINPROGRESS #define EINPROGRESS (-5115) #endif #ifndef ESTALE #define ESTALE (-5116) #endif #ifndef EUCLEAN #define EUCLEAN (-5117) #endif #ifndef ENOTNAM #define ENOTNAM (-5118) #endif #ifndef ENAVAIL #define ENAVAIL (-5119) #endif #ifndef EISNAM #define EISNAM (-5120) #endif #ifndef EREMOTEIO #define EREMOTEIO (-5121) #endif #ifndef EDQUOT #define EDQUOT (-5122) #endif #ifndef ENOMEDIUM #define ENOMEDIUM (-5123) #endif #ifndef EMEDIUMTYPE #define EMEDIUMTYPE (-5124) #endif #ifndef ECANCELED #define ECANCELED (-5125) #endif #ifndef ENOKEY #define ENOKEY (-5126) #endif #ifndef EKEYEXPIRED #define EKEYEXPIRED (-5127) #endif #ifndef EKEYREVOKED #define EKEYREVOKED (-5128) #endif #ifndef EKEYREJECTED #define EKEYREJECTED (-5129) #endif #ifndef EOWNERDEAD #define EOWNERDEAD (-5130) #endif #ifndef ENOTRECOVERABLE #define ENOTRECOVERABLE (-5131) #endif #ifndef ERFKILL #define ERFKILL (-5132) #endif #ifndef EPROCLIM #define EPROCLIM (-6067) #endif #ifndef EBADRPC #define EBADRPC (-6072) #endif #ifndef ERPCMISMATCH #define ERPCMISMATCH (-6073) #endif #ifndef EPROGUNAVAIL #define EPROGUNAVAIL (-6074) #endif #ifndef EPROGMISMATCH #define EPROGMISMATCH (-6075) #endif #ifndef EPROCUNAVAIL #define EPROCUNAVAIL (-6076) #endif #ifndef EFTYPE #define EFTYPE (-6079) #endif #ifndef EAUTH #define EAUTH (-6080) #endif #ifndef ENEEDAUTH #define ENEEDAUTH (-6081) #endif #ifndef ENOATTR #define ENOATTR (-6087) #endif #ifndef ENOTCAPABLE #define ENOTCAPABLE (-6093) #endif #endif tlswrapper-20250201/examples.md000066400000000000000000000022241474542230700163220ustar00rootroot00000000000000## run qmail-smtpd SMTPS relay on port 465, authorization using client certs ~~~bash #!/bin/sh RELAYCLIENT=''; export RELAYCLIENT exec softlimit -m 64000000 -f 100000000 \ tcpserver -HRDl0 0.0.0.0 465 \ /usr/bin/tlswrapper -u qmaild -v -f /etc/ssl/sslcert.pem -a /etc/ssl/ca.pem \ /usr/sbin/qmail-smtpd ~~~ ## run dovecot IMAPS service on port 993, authorization using client certs, and run under user extracted from client certificate from commonName ~~~bash #!/bin/sh exec softlimit -m 64000000 -f 100000000 \ tcpserver -HRDl0 0.0.0.0 993 \ /usr/bin/tlswrapper -U commonName -f /etc/ssl/sslcert.pem -a /etc/ssl/ca.pem \ /usr/lib/dovecot/imap ~~~ ## run qmail-smtpd SMTP service on port 25 with STARTTLS enabled (without patching QMAIL) ~~~bash #!/bin/sh exec softlimit -m 64000000 -f 100000000 \ tcpserver -HRDl0 0 25 \ tlswrapper -v -n -f /etc/ssl/cert.pem \ tlswrapper-smtp -v -u qmaild \ qmail-smtpd ~~~ ~~~python #!/usr/bin/env python3 # check if it works host= server = smtplib.SMTP(host, 25) server.set_debuglevel(True) server.ehlo() server.starttls() print(ssl.DER_cert_to_PEM_cert(server.sock.getpeercert(True))) server.ehlo() server.quit() ~~~ tlswrapper-20250201/fixname.c000066400000000000000000000002641474542230700157570ustar00rootroot00000000000000#include "fixname.h" void fixname(char *x) { long long i; for (i = 0; x[i]; ++i) { if (x[i] == '@') { x[i] = 0; break; } } } tlswrapper-20250201/fixname.h000066400000000000000000000001241474542230700157570ustar00rootroot00000000000000#ifndef _FIXNAME_H____ #define _FIXNAME_H____ extern void fixname(char *); #endif tlswrapper-20250201/fixpath.c000066400000000000000000000006061474542230700157730ustar00rootroot00000000000000#include "fixpath.h" /* for security reasons the 'fixpath(s)' function replaces '/.' -> '/:' */ void fixpath(char *s) { char ch; unsigned long long i, j; j = 0; for (i = 0; s[i]; ++i) { ch = s[i]; if (j && (s[j - 1] == '/')) { if (ch == '.') ch = ':'; if (ch == '/') continue; } s[j++] = ch; } s[j] = 0; } tlswrapper-20250201/fixpath.h000066400000000000000000000001241474542230700157730ustar00rootroot00000000000000#ifndef _FIXPATH_H____ #define _FIXPATH_H____ extern void fixpath(char *); #endif tlswrapper-20250201/fsyncfile.c000066400000000000000000000005461474542230700163150ustar00rootroot00000000000000/* 20130115 Jan Mojzis Public domain. */ #include #include #include #include "fsyncfile.h" /* The 'fsyncfile(fd)' calls fsync when file-descriptor is regular file. */ int fsyncfile(int fd) { struct stat st; if (fstat(fd, &st) == -1) return -1; if (!S_ISREG(st.st_mode)) return 0; return fsync(fd); } tlswrapper-20250201/fsyncfile.h000066400000000000000000000001241474542230700163120ustar00rootroot00000000000000#ifndef _FSYNCFILE_H___ #define _FSYNCFILE_H___ extern int fsyncfile(int); #endif tlswrapper-20250201/getentropyrandombytes/000077500000000000000000000000001474542230700206325ustar00rootroot00000000000000tlswrapper-20250201/getentropyrandombytes/randombytes.c000066400000000000000000000010071474542230700233230ustar00rootroot00000000000000/* version 20220222 */ #include #ifdef __APPLE__ #include #endif #include "randombytes.h" void randombytes(void *xv, long long xlen) { long long i; unsigned char *x = (unsigned char *) xv; while (xlen > 0) { if (xlen < 256) i = xlen; else i = 256; if (getentropy(x, i) == -1) { sleep(1); continue; } x += i; xlen -= i; } __asm__ __volatile__("" : : "r"(xv) : "memory"); } tlswrapper-20250201/haslib25519.c000066400000000000000000000041301474542230700161740ustar00rootroot00000000000000#include #if lib25519_nP_montgomery25519_SCALARBYTES != lib25519_dh_SECRETKEYBYTES #error #endif #if lib25519_nP_montgomery25519_POINTBYTES != lib25519_dh_PUBLICKEYBYTES #error #endif #if lib25519_nP_montgomery25519_POINTBYTES != lib25519_dh_BYTES #error #endif #if lib25519_nG_montgomery25519_SCALARBYTES != lib25519_dh_SECRETKEYBYTES #error #endif #if lib25519_nG_montgomery25519_POINTBYTES != lib25519_dh_PUBLICKEYBYTES #error #endif #if lib25519_nG_montgomery25519_POINTBYTES != lib25519_dh_BYTES #error #endif static unsigned char k[lib25519_dh_BYTES]; static unsigned char k2[lib25519_dh_BYTES]; static unsigned char pk[lib25519_dh_PUBLICKEYBYTES]; static unsigned char pk2[lib25519_dh_PUBLICKEYBYTES]; static unsigned char sk[lib25519_dh_SECRETKEYBYTES]; static unsigned char signsk[lib25519_sign_SECRETKEYBYTES]; static unsigned char signpk[lib25519_sign_PUBLICKEYBYTES]; static unsigned char signs[lib25519_sign_BYTES + /*m*/ lib25519_dh_BYTES]; static long long signslen; static long long klen; /* return zero for all inputs */ static unsigned char z(unsigned char x) { unsigned long long z = (unsigned long long) x + 1ULL; unsigned long long t = z; long long i; for (i = 6; i >= 0; --i) { t = (t * t) % 257; t = (t * z) % 257; } t = (t * z) % 257; return t - 1; } int main(int argc, char **argv) { unsigned char ret = 0; long long i; (void) argc; (void) argv; lib25519_dh_keypair(pk, sk); lib25519_nG_montgomery25519(pk2, sk); for (i = 0; i < lib25519_dh_PUBLICKEYBYTES; ++i) ret |= pk[i] ^ pk2[i]; lib25519_dh(k, pk, sk); lib25519_nP_montgomery25519(k2, sk, pk); for (i = 0; i < lib25519_dh_BYTES; ++i) ret |= k[i] ^ k2[i]; lib25519_sign_keypair(signpk, signsk); lib25519_sign(signs, &signslen, k, sizeof k, signsk); if (signslen != sizeof signs) ret |= 1; ret |= lib25519_sign_open(k2, &klen, signs, signslen, signpk); if (klen != sizeof k2) ret |= 1; for (i = 0; i < lib25519_dh_BYTES; ++i) ret |= k[i] ^ k2[i]; for (i = 0; i < sizeof signs; ++i) ret |= z(signs[i]); return ret; } tlswrapper-20250201/haslibrandombytes.c000066400000000000000000000013311474542230700200360ustar00rootroot00000000000000#include /* return zero for all inputs */ static unsigned char z(unsigned char x) { unsigned long long z = (unsigned long long) x + 1ULL; unsigned long long t = z; long long i; for (i = 6; i >= 0; --i) { t = (t * t) % 257; t = (t * z) % 257; } t = (t * z) % 257; return (unsigned char) t - 1; } int main(int argc, char **argv) { unsigned char buf[32], ret = 0; const char *source; unsigned long long i; (void) argc; (void) argv; randombytes(buf, sizeof buf); for (i = 0; i < sizeof buf; ++i) ret |= z(buf[i]); source = randombytes_source(); for (i = 0; source[i]; ++i) ret |= z((unsigned char) source[i]); return z(ret); } tlswrapper-20250201/hostport.c000066400000000000000000000021241474542230700162070ustar00rootroot00000000000000#include "strtoport.h" #include "hostport.h" int hostport_parse(char *host, long long hostlen, unsigned char *port, char *hostport) { long long i, j, colonpos, coloncount = 0; long long hostportlen; char ch; for (hostportlen = 0; hostport[hostportlen]; ++hostportlen) ; /* XXX */ if (hostportlen > hostlen) return 0; /* IPv6 in brackets */ if (hostportlen > 0 && hostport[0] == '[') { /* IPv6 */ j = 0; for (i = 1; i < hostportlen; ++i) { ch = hostport[i]; if (ch == ']') break; host[j++] = ch; } host[j] = 0; /* port */ if ((i + 2) >= hostportlen) return 0; if (hostport[i + 1] != ':') return 0; return strtoport(port, hostport + i + 2); } for (i = 0; i < hostportlen; ++i) { host[i] = hostport[i]; if (hostport[i] == ':') { colonpos = i; ++coloncount; } } if (coloncount != 1) return 0; host[colonpos] = 0; return strtoport(port, hostport + colonpos + 1); } tlswrapper-20250201/hostport.h000066400000000000000000000002001474542230700162050ustar00rootroot00000000000000#ifndef _HOSTPORT_H____ #define _HOSTPORT_H____ extern int hostport_parse(char *, long long, unsigned char *, char *); #endif tlswrapper-20250201/iptostr.c000066400000000000000000000017101474542230700160310ustar00rootroot00000000000000/* 20130604 Jan Mojzis Public domain. */ #include #include #include #include "iptostr.h" /* convert IPv4 address */ static char *iptostr4(char *strbuf, const unsigned char *ip) { return (char *) inet_ntop(AF_INET, ip, strbuf, IPTOSTR_LEN); } /* convert IPv6 address */ static char *iptostr6(char *strbuf, const unsigned char *ip) { return (char *) inet_ntop(AF_INET6, ip, strbuf, IPTOSTR_LEN); } /* The 'iptostr(strbuf,ip)' function converts IP address 'ip' from network byte order into the 0-terminated string. The 'ip' length is always 16 bytes. The caller must allocate at least IPTOSTR_LEN bytes for 'strbuf'. */ char *iptostr(char *strbuf, const unsigned char *ip) { static char staticbuf[IPTOSTR_LEN]; if (!strbuf) strbuf = staticbuf; /* not thread-safe */ if (!memcmp("\0\0\0\0\0\0\0\0\0\0\377\377", ip, 12)) { return iptostr4(strbuf, ip + 12); } return iptostr6(strbuf, ip); } tlswrapper-20250201/iptostr.h000066400000000000000000000002521474542230700160360ustar00rootroot00000000000000#ifndef _IPTOSTR_H____ #define _IPTOSTR_H____ #include #define IPTOSTR_LEN INET6_ADDRSTRLEN extern char *iptostr(char *, const unsigned char *); #endif tlswrapper-20250201/jail.c000066400000000000000000000101301474542230700152400ustar00rootroot00000000000000/* 20201103 Jan Mojzis Public domain. */ #include #include #include #include #include #include #include #ifdef __linux__ #include #endif #include "log.h" #include "randommod.h" #include "jail.h" /* The 'jail' function has 3 purposes: 1. drops root priviledges to unpriviledged uid/gid - if the 'account' is 0, then uid/gid is derived from process id and randomized. - if the 'account' is string and the account exist, then uid/gid is retrieved from the system user database. 2. chroots into an empty directory 3. sets resource limits */ int jail(const char *account, const char *dir, int limits) { int ret = -1; struct passwd *pw = 0; uid_t uid; gid_t gid; char *name = 0; char *shell = 0; char *home = 0; #ifdef RLIM_INFINITY struct rlimit r; r.rlim_cur = 0; r.rlim_max = 0; #endif log_t1("jail()"); if (!account) { gid = uid = 100000000 + 100000 * randommod(1000) + (getpid() % 100000); } else { pw = getpwnam(account); if (!pw) { log_e3("getpwnam for account '", account, "' failed"); goto cleanup; } gid = pw->pw_gid; uid = pw->pw_uid; home = pw->pw_dir; name = pw->pw_name; shell = pw->pw_shell; } /* prohibit new files, new sockets, etc. */ #ifdef RLIMIT_NOFILE if (limits) { if (setrlimit(RLIMIT_NOFILE, &r) == -1) { log_e1("unable to set RLIMIT_NOFILE to 0"); goto cleanup; } } #endif /* set gid */ if (setgid(gid) == -1 || getgid() != gid) { log_e3("setgid(", lognum(gid), ") failed"); goto cleanup; } /* init groups */ if (pw) { if (initgroups(name, gid) == -1) { log_e5("initgroups(", pw->pw_name, ", ", lognum(gid), ") failed"); goto cleanup; } } else { if (setgroups(1, &gid) == -1) { log_e3("setgroups(1, [", lognum(gid), "]) failed"); goto cleanup; } } /* chroot */ if (dir) { if (chdir(dir) == -1) { log_e2("unable to change directory to ", dir); goto cleanup; } if (chroot(".") == -1) { log_e2("unable to chroot to ", dir); goto cleanup; } log_t2("chrooted into ", dir); } /* set uid */ if (setuid(uid) == -1 || getuid() != uid) { log_e3("setuid(", lognum(uid), ") failed"); goto cleanup; } if (pw) { if (setenv("HOME", home, 1) == -1) goto cleanup; if (setenv("SHELL", shell, 1) == -1) goto cleanup; if (setenv("USER", name, 1) == -1) goto cleanup; if (setenv("LOGNAME", name, 1) == -1) goto cleanup; } /* prohibit fork */ #ifdef RLIMIT_NPROC if (limits) { if (setrlimit(RLIMIT_NPROC, &r) == -1) { log_e1("unable to set RLIMIT_NPROC to 0"); goto cleanup; } } #endif /* prohibit core dumping */ #ifdef RLIMIT_CORE if (limits) { if (setrlimit(RLIMIT_CORE, &r) == -1) { log_e1("unable to set RLIMIT_CORE to 0"); goto cleanup; } } #endif #ifdef PR_SET_DUMPABLE if (limits) { if (prctl(PR_SET_DUMPABLE, 0) == -1) { log_e1("unable to set prctl(PR_SET_DUMPABLE, 0)"); goto cleanup; } } #endif /* if memory limit is greater than 128MB */ /* set memory limit to 128MB */ #define DATAMAX 134217728 #ifndef __APPLE__ #ifdef RLIMIT_DATA if (getrlimit(RLIMIT_DATA, &r) == -1) { log_e1("unable to get RLIMIT_DATA"); goto cleanup; } if (r.rlim_cur > DATAMAX) { r.rlim_cur = r.rlim_max = DATAMAX; if (setrlimit(RLIMIT_DATA, &r) == -1) { log_e1("unable to set RLIMIT_DATA to 0"); goto cleanup; } log_t2("setrlimit RLIMIT_DATA set to ", lognum(DATAMAX)); } #endif #endif log_t4("running under uid = ", lognum(gid), ", gid = ", lognum(gid)); ret = 0; cleanup: log_t2("jail() = ", lognum(ret)); return ret; } tlswrapper-20250201/jail.h000066400000000000000000000003241474542230700152510ustar00rootroot00000000000000#ifndef _JAIL_H____ #define _JAIL_H____ #include extern int jail(const char *, const char *, int); #define jail_droppriv(x) jail((x), 0, 0) extern int jail_poll(struct pollfd *, nfds_t, int); #endif tlswrapper-20250201/jail_poll.c000066400000000000000000000033431474542230700162760ustar00rootroot00000000000000/* Poll() doesn't work when RLIMIT_NOFILE is set to 0; Imitate poll() using select(). warning: poll() handle EBADF in different way */ #include #include #include "log.h" #include "jail.h" int jail_poll(struct pollfd *x, nfds_t len, int millisecs) { struct timeval *tvp = 0; struct timeval tv; fd_set rfds; fd_set wfds; nfds_t nfds; int fd, r; nfds_t i; log_t5("jail_poll(len = ", lognum(len), ", millisecs = ", lognum(millisecs), ")"); for (i = 0; i < len; ++i) x[i].revents = 0; FD_ZERO(&rfds); FD_ZERO(&wfds); nfds = 1; for (i = 0; i < len; ++i) { fd = x[i].fd; if (fd < 0) continue; if (fd >= (int) (8 * sizeof(fd_set))) continue; if ((unsigned int) fd >= nfds) nfds = fd + 1; if (x[i].events & POLLIN) FD_SET(fd, &rfds); if (x[i].events & POLLOUT) FD_SET(fd, &wfds); } if (millisecs >= 0) { tv.tv_sec = millisecs / 1000; tv.tv_usec = 1000 * (millisecs % 1000); tvp = &tv; } r = select(nfds, &rfds, &wfds, (fd_set *) 0, tvp); if (r <= 0) goto cleanup; r = 0; for (i = 0; i < len; ++i) { fd = x[i].fd; if (fd < 0) continue; if (fd >= (int) (8 * sizeof(fd_set))) continue; if (x[i].events & POLLIN) { if (FD_ISSET(fd, &rfds)) { x[i].revents |= POLLIN; ++r; } } if (x[i].events & POLLOUT) { if (FD_ISSET(fd, &wfds)) { x[i].revents |= POLLOUT; ++r; } } } cleanup: log_t6("jail_poll(len = ", lognum(len), ", millisecs = ", lognum(millisecs), ") = ", lognum(r)); return r; } tlswrapper-20250201/log.c000066400000000000000000000224771474542230700151230ustar00rootroot00000000000000/* 20211217 Jan Mojzis Public domain. The 'log' library is used to write log messages to standard error output including source file, function and line number. Non-printable characters are escaped. Log format: time: name: level: ip: message (error){file:line}[id] time .......... optional ip ............ optional name .......... optional {file:line} ... in debug mode [id] .......... optional */ #include #include #include #include #include #include #include #include "e.h" #include "randommod.h" #include "log.h" static const char *logname = 0; static const char *logipstr = 0; static const char *logid = ""; static char logidbuf[9]; static int loglevel = 1; static int logtime = 0; static long long loglimit = 200; void log_level(int level) { loglevel = level; if (level < 0) loglevel = 0; if (level > 4) loglevel = 4; } void log_name(const char *name) { logname = name; } void log_time(int flag) { logtime = flag; } void log_limit(long long limit) { loglimit = limit; } void log_ip(const char *ip) { logipstr = ip; } const char *log_getid(void) { return logid; } static char buf[256]; static unsigned long long buflen = 0; static void flush(void) { char *b = buf; long long r; while (buflen > 0) { r = write(2, b, buflen); if (r < 0) { if (errno == EINTR) continue; if (errno == EAGAIN) continue; if (errno == EWOULDBLOCK) continue; break; } if (r == 0) break; b += r; buflen -= r; } buflen = 0; } static void outch(const char x) { if (buflen >= sizeof buf) flush(); buf[buflen++] = x; } static void outsescape(const char *x, int flaglf, long long *counter) { long long i; for (i = 0; x[i]; ++i) { if (counter && ++*counter > loglimit) { outch('.'); outch('.'); outch('.'); break; } if (x[i] == '\n') { if (flaglf) { outch('\n'); } else { outch('\\'); outch('n'); } } else if (x[i] == '\r') { outch('\\'); outch('r'); } else if (x[i] == '\t') { outch('\\'); outch('t'); } else if (x[i] < 32 || x[i] > 126) { outch('\\'); outch('x'); outch("0123456789abcdef"[(x[i] >> 4) & 15]); outch("0123456789abcdef"[(x[i] >> 0) & 15]); } else { outch(x[i]); } } } #define outs(x) outsescape((x), 1, 0); static char *numtostr(char *strbuf, long long strbuflen, long long n, long long cnt) { long long len = 0; unsigned long long n1, n2; int flagsign = 0; if (cnt > strbuflen - 1) cnt = strbuflen - 1; n1 = n2 = (unsigned long long) n; if (n < 0) { n1 = -n1; n2 = -n2; flagsign = 1; } do { n1 /= 10; ++len; } while (n1); if (flagsign) ++len; strbuf += len; if (cnt > len) strbuf += cnt - len; *strbuf = 0; do { *--strbuf = '0' + (n2 % 10); n2 /= 10; } while (n2); while (cnt > len) { *--strbuf = '0'; --cnt; } if (flagsign) *--strbuf = '-'; return strbuf; } #define STATICBUFSIZE 41 static void outnum(unsigned long long n, unsigned long long cnt) { char numbuf[STATICBUFSIZE]; outs(numtostr(numbuf, sizeof numbuf, n, cnt)); } void log_9_(int level, int flagerror, const char *f, unsigned long long l, const char *s0, const char *s1, const char *s2, const char *s3, const char *s4, const char *s5, const char *s6, const char *s7, const char *s8) { const char *s[9]; long long i; const char *m; long long counter = 0; long long *counterptr = &counter; if (level > loglevel) return; if (loglevel <= 2) counterptr = 0; s[0] = s0; s[1] = s1; s[2] = s2; s[3] = s3; s[4] = s4; s[5] = s5; s[6] = s6; s[7] = s7; s[8] = s8; switch (level) { case 1: m = "fatal"; break; case 2: if (flagerror == 1) m = "error"; else if (flagerror == 2) m = "warning"; else m = "info"; break; case 3: m = "debug"; break; case 4: m = "tracing"; break; default: m = "unknown"; break; } /* time: name: level: ip: message (error){file:line}[id] */ /* 'time:' */ do { struct tm *t; int saved_errno = errno; time_t secs = time(0); if (!level) break; /* don't print in usage level */ if (!logtime) break; /* don't print when logtime = 0 */ t = localtime(&secs); outnum(t->tm_year + 1900, 4); outs("-"); outnum(t->tm_mon + 1, 2); outs("-"); outnum(t->tm_mday, 2); outs(" "); outnum(t->tm_hour, 2); outs(":"); outnum(t->tm_min, 2); outs(":"); outnum(t->tm_sec, 2); outs(": "); errno = saved_errno; } while (0); /* 'name:' */ do { if (!level) break; /* don't print in usage level */ if (!logname) break; /* don't print when logname = 0 */ outsescape(logname, 0, counterptr); outs(": "); } while (0); /* 'level:' */ do { if (!level) break; /* don't print in usage level */ outs(m); outs(": "); } while (0); /* 'ip:' */ do { if (!level) break; /* don't print in usage level */ if (!logipstr) break; /* don't print when logipstr = 0 */ outsescape(logipstr, 0, counterptr); outs(": "); } while (0); /* 'message' */ for (i = 0; i < 9 && s[i]; ++i) outsescape(s[i], !level, counterptr); outs(" "); /* '(error)' */ do { if (!level) break; /* don't print in usage level */ if (!errno) break; /* don't print when errno = 0 */ if (!flagerror) break; /* don't print when disabled */ if (level >= 3) break; /* don't print in debug message */ outs("("); outs(e_str(errno)); outs(")"); } while (0); /* {file:line} */ do { if (!f) break; /* don't print when no f */ if (!l) break; /* don't print when no l */ if (!level) break; /* don't print in usage level */ if (loglevel <= 2) break; /* print only when debug verbosity is set */ outs("{"); outs(f); outs(":"); outnum(l, 0); outs("}"); } while (0); /* [id] */ do { if (loglevel <= 1) break; /* don't print in usage, fatal level */ if (!logid) break; /* don't print when logid = 0 */ if (logid[0] == 0) break; /* don't print when logid = "" */ outs("["); outsescape(logid, 0, counterptr); outs("]"); } while (0); outs("\n"); flush(); return; } static char staticbuf[9][STATICBUFSIZE]; static int staticbufcounter = 0; char *logip(unsigned char *ip) { staticbufcounter = (staticbufcounter + 1) % 9; if (memcmp(ip, "\0\0\0\0\0\0\0\0\0\0\377\377", 12)) { struct sockaddr_in6 sa; memcpy(&(sa.sin6_addr), ip, 16); inet_ntop(AF_INET6, &(sa.sin6_addr), staticbuf[staticbufcounter], STATICBUFSIZE); } else { struct sockaddr_in sa; memcpy(&(sa.sin_addr), ip + 12, 4); inet_ntop(AF_INET, &(sa.sin_addr), staticbuf[staticbufcounter], STATICBUFSIZE); } return staticbuf[staticbufcounter]; } char *logport(unsigned char *port) { staticbufcounter = (staticbufcounter + 1) % 9; return numtostr(staticbuf[staticbufcounter], STATICBUFSIZE, port[0] << 8 | port[1], 0); } char *lognum(long long num) { staticbufcounter = (staticbufcounter + 1) % 9; return numtostr(staticbuf[staticbufcounter], STATICBUFSIZE, num, 0); } char *lognum0(long long num, long long cnt) { staticbufcounter = (staticbufcounter + 1) % 9; return numtostr(staticbuf[staticbufcounter], STATICBUFSIZE, num, cnt); } static void tohex(char *x, long long xlen, unsigned char *y, long long ylen) { long long i; for (i = 0; i < ylen; ++i) { if (i == (xlen - 3) / 2) { x[2 * i] = '.'; x[2 * i + 1] = '.'; x[2 * i + 2] = 0; return; } x[2 * i] = "0123456789abcdef"[(y[i] >> 4) & 15]; x[2 * i + 1] = "0123456789abcdef"[(y[i] >> 0) & 15]; } x[2 * i] = 0; } char *loghex(unsigned char *y, long long ylen) { char *x; staticbufcounter = (staticbufcounter + 1) % 9; x = staticbuf[staticbufcounter]; tohex(x, STATICBUFSIZE, y, ylen); return x; } void log_id(const char *id) { if (!id) id = getenv("LOG_ID"); if (!id) { static char chars[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRTSUVWXYZ0123456789"; unsigned long long i; for (i = 0; i < sizeof logidbuf; ++i) { logidbuf[i] = chars[randommod(sizeof chars - 1)]; } logidbuf[sizeof logidbuf - 1] = 0; id = logidbuf; } logid = id; (void) setenv("LOG_ID", id, 1); } tlswrapper-20250201/log.h000066400000000000000000000127351474542230700151240ustar00rootroot00000000000000#ifndef _LOG_H____ #define _LOG_H____ extern void log_name(const char *); extern void log_ip(const char *); extern void log_id(const char *); extern void log_level(int); extern void log_time(int); extern void log_limit(long long); extern const char *log_getid(void); extern char *logip(unsigned char *); extern char *logport(unsigned char *); extern char *lognum(long long); extern char *lognum0(long long, long long); extern char *loghex(unsigned char *, long long); extern void log_9_(int, int, const char *, unsigned long long, const char *, const char *, const char *, const char *, const char *, const char *, const char *, const char *, const char *); /* usage */ #define log_u(a, b, c, d, e, f, g, h, i, j, k) \ log_9_(0, 0, a, b, c, d, e, f, g, h, i, j, k) #define log_u9(a, b, c, d, e, f, g, h, i) \ log_u(__FILE__, __LINE__, a, b, c, d, e, f, g, h, i) #define log_u8(a, b, c, d, e, f, g, h) log_u9(a, b, c, d, e, f, g, h, 0) #define log_u7(a, b, c, d, e, f, g) log_u8(a, b, c, d, e, f, g, 0) #define log_u6(a, b, c, d, e, f) log_u7(a, b, c, d, e, f, 0) #define log_u5(a, b, c, d, e) log_u6(a, b, c, d, e, 0) #define log_u4(a, b, c, d) log_u5(a, b, c, d, 0) #define log_u3(a, b, c) log_u4(a, b, c, 0) #define log_u2(a, b) log_u3(a, b, 0) #define log_u1(a) log_u2(a, 0) /* fatal */ #define log_f(a, b, c, d, e, f, g, h, i, j, k) \ log_9_(1, 1, a, b, c, d, e, f, g, h, i, j, k) #define log_f9(a, b, c, d, e, f, g, h, i) \ log_f(__FILE__, __LINE__, a, b, c, d, e, f, g, h, i) #define log_f8(a, b, c, d, e, f, g, h) log_f9(a, b, c, d, e, f, g, h, 0) #define log_f7(a, b, c, d, e, f, g) log_f8(a, b, c, d, e, f, g, 0) #define log_f6(a, b, c, d, e, f) log_f7(a, b, c, d, e, f, 0) #define log_f5(a, b, c, d, e) log_f6(a, b, c, d, e, 0) #define log_f4(a, b, c, d) log_f5(a, b, c, d, 0) #define log_f3(a, b, c) log_f4(a, b, c, 0) #define log_f2(a, b) log_f3(a, b, 0) #define log_f1(a) log_f2(a, 0) /* error */ #define log_e(a, b, c, d, e, f, g, h, i, j, k) \ log_9_(2, 1, a, b, c, d, e, f, g, h, i, j, k) #define log_e9(a, b, c, d, e, f, g, h, i) \ log_e(__FILE__, __LINE__, a, b, c, d, e, f, g, h, i) #define log_e8(a, b, c, d, e, f, g, h) log_e9(a, b, c, d, e, f, g, h, 0) #define log_e7(a, b, c, d, e, f, g) log_e8(a, b, c, d, e, f, g, 0) #define log_e6(a, b, c, d, e, f) log_e7(a, b, c, d, e, f, 0) #define log_e5(a, b, c, d, e) log_e6(a, b, c, d, e, 0) #define log_e4(a, b, c, d) log_e5(a, b, c, d, 0) #define log_e3(a, b, c) log_e4(a, b, c, 0) #define log_e2(a, b) log_e3(a, b, 0) #define log_e1(a) log_e2(a, 0) /* warning */ #define log_w(a, b, c, d, e, f, g, h, i, j, k) \ log_9_(2, 2, a, b, c, d, e, f, g, h, i, j, k) #define log_w9(a, b, c, d, e, f, g, h, i) \ log_w(__FILE__, __LINE__, a, b, c, d, e, f, g, h, i) #define log_w8(a, b, c, d, e, f, g, h) log_w9(a, b, c, d, e, f, g, h, 0) #define log_w7(a, b, c, d, e, f, g) log_w8(a, b, c, d, e, f, g, 0) #define log_w6(a, b, c, d, e, f) log_w7(a, b, c, d, e, f, 0) #define log_w5(a, b, c, d, e) log_w6(a, b, c, d, e, 0) #define log_w4(a, b, c, d) log_w5(a, b, c, d, 0) #define log_w3(a, b, c) log_w4(a, b, c, 0) #define log_w2(a, b) log_w3(a, b, 0) #define log_w1(a) log_w2(a, 0) /* info */ #define log_i(a, b, c, d, e, f, g, h, i, j, k) \ log_9_(2, 0, a, b, c, d, e, f, g, h, i, j, k) #define log_i9(a, b, c, d, e, f, g, h, i) \ log_i(__FILE__, __LINE__, a, b, c, d, e, f, g, h, i) #define log_i8(a, b, c, d, e, f, g, h) log_i9(a, b, c, d, e, f, g, h, 0) #define log_i7(a, b, c, d, e, f, g) log_i8(a, b, c, d, e, f, g, 0) #define log_i6(a, b, c, d, e, f) log_i7(a, b, c, d, e, f, 0) #define log_i5(a, b, c, d, e) log_i6(a, b, c, d, e, 0) #define log_i4(a, b, c, d) log_i5(a, b, c, d, 0) #define log_i3(a, b, c) log_i4(a, b, c, 0) #define log_i2(a, b) log_i3(a, b, 0) #define log_i1(a) log_i2(a, 0) /* debug */ #define log_d(a, b, c, d, e, f, g, h, i, j, k) \ log_9_(3, 1, a, b, c, d, e, f, g, h, i, j, k) #define log_d9(a, b, c, d, e, f, g, h, i) \ log_d(__FILE__, __LINE__, a, b, c, d, e, f, g, h, i) #define log_d8(a, b, c, d, e, f, g, h) log_d9(a, b, c, d, e, f, g, h, 0) #define log_d7(a, b, c, d, e, f, g) log_d8(a, b, c, d, e, f, g, 0) #define log_d6(a, b, c, d, e, f) log_d7(a, b, c, d, e, f, 0) #define log_d5(a, b, c, d, e) log_d6(a, b, c, d, e, 0) #define log_d4(a, b, c, d) log_d5(a, b, c, d, 0) #define log_d3(a, b, c) log_d4(a, b, c, 0) #define log_d2(a, b) log_d3(a, b, 0) #define log_d1(a) log_d2(a, 0) /* tracing */ #define log_t(a, b, c, d, e, f, g, h, i, j, k) \ log_9_(4, 1, a, b, c, d, e, f, g, h, i, j, k) #define log_t9(a, b, c, d, e, f, g, h, i) \ log_t(__FILE__, __LINE__, a, b, c, d, e, f, g, h, i) #define log_t8(a, b, c, d, e, f, g, h) log_t9(a, b, c, d, e, f, g, h, 0) #define log_t7(a, b, c, d, e, f, g) log_t8(a, b, c, d, e, f, g, 0) #define log_t6(a, b, c, d, e, f) log_t7(a, b, c, d, e, f, 0) #define log_t5(a, b, c, d, e) log_t6(a, b, c, d, e, 0) #define log_t4(a, b, c, d) log_t5(a, b, c, d, 0) #define log_t3(a, b, c) log_t4(a, b, c, 0) #define log_t2(a, b) log_t3(a, b, 0) #define log_t1(a) log_t2(a, 0) #endif tlswrapper-20250201/main.h000066400000000000000000000003541474542230700152610ustar00rootroot00000000000000#ifndef _MAIN_H____ #define _MAIN_H____ extern int main_tlswrapper(int, char **, int); extern int main_tlswrapper_tcp(int, char **); extern int main_tlswrapper_smtp(int, char **); extern int main_tlswrapper_test(int, char **); #endif tlswrapper-20250201/main_tlswrapper.c000066400000000000000000000624331474542230700175450ustar00rootroot00000000000000#include #include #include #include #include #include "blocking.h" #include "pipe.h" #include "log.h" #include "e.h" #include "jail.h" #include "strtonum.h" #include "randombytes.h" #include "alloc.h" #include "connectioninfo.h" #include "proxyprotocol.h" #include "iptostr.h" #include "writeall.h" #include "fixname.h" #include "fixpath.h" #include "str.h" #include "tls.h" #include "open.h" #include "main.h" /* clang-format off */ static struct tls_context ctx = { .flags = (tls_flags_ENFORCE_SERVER_PREFERENCES | tls_flags_NO_RENEGOTIATION), .flaghandshakedone = 0, .flagdelayedenc = 0, .flagnojail = 0, .jailaccount = 0, .jaildir = EMPTYDIR, .version_min = tls_version_TLS12, .version_max = tls_version_TLS12, .ecdhe_enabled = ((uint32_t) 1 << tls_ecdhe_X25519) | ((uint32_t) 1 << tls_ecdhe_SECP256R1), .cipher_enabled_len = 6, .certfiles_len = 0, .anchorfn = 0, .clientcrtbuf = {0}, .clientcrt.oid = 0, .cipher_enabled = { BR_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, BR_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, BR_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, BR_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, BR_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, /* space for ECDSA AES_256_CBC_SHA384 */ 0, /* space for RSA AES_256_CBC_SHA384 */ 0, /* space for ECDSA AES_128_CBC_SHA256 */ 0, /* space for RSA AES_128_CBC_SHA256 */ 0, /* space for ECDSA AES_256_CBC_SHA */ 0, /* space for RSA AES_256_CBC_SHA */ 0, /* space for ECDSA AES_128_CBC_SHA */ 0, /* space for RSA AES_128_CBC_SHA */ 0, }, }; #define CONTROLPIPEFD 5 static const char *hstimeoutstr = "30"; static const char *timeoutstr = "60"; static const char *user = 0; static const char *userfromcert = 0; static long long starttimeout = 3; static long long hstimeout; static long long timeout; static int flagverbose = 1; static int fromchildcontrol[2] = {-1, -1}; static int fromchild[2] = {-1, -1}; static int tochild[2] = {-1, -1}; static pid_t child = -1; static int status; static int fromkeyjail[2] = {-1, -1}; static int tokeyjail[2] = {-1, -1}; static pid_t keyjailchild = -1; static int selfpipe[2] = {-1, -1}; static unsigned char localip[16] = {0}; static unsigned char localport[2] = {0}; static unsigned char remoteip[16] = {0}; static unsigned char remoteport[2] = {0}; static char remoteipstr[IPTOSTR_LEN] = {0}; static void signalhandler(int signum) { int w; log_t3("signal ", lognum(signum), " received"); if (signum == SIGCHLD) { alarm(1); return; } w = write(selfpipe[1], "", 1); (void) w; } static void cleanup(void) { randombytes(&ctx, sizeof ctx); randombytes(localip, sizeof localip); randombytes(localport, sizeof localport); randombytes(remoteip, sizeof remoteip); randombytes(remoteip, sizeof remoteip); randombytes(remoteipstr, sizeof remoteipstr); alloc_freeall(); { unsigned char stack[4096]; randombytes(stack, sizeof stack); } } #define die(x) { cleanup(); _exit(x); } #define die_pipe() { log_f1("unable to create pipe"); die(111); } #define die_controlpipe() { log_f3("unable to create control pipe on filedescriptor ", lognum(CONTROLPIPEFD), ": filedescriptor exits"); die(111); } #define die_devnull() { log_f1("unable to open /dev/null"); die(111); } #define die_writetopipe() { log_f1("unable to write to pipe"); die(111); } #define die_fork() { log_f1("unable to fork"); die(111); } #define die_dup() { log_f1("unable to dup"); die(111); } #define die_droppriv(x) { log_f3("unable to drop privileges to '", (x), "'"); die(111); } #define die_jail() { log_f1("unable to create jail"); die(111); } #define die_readanchorpem(x) { log_f3("unable to read anchor PEM file '", (x), "'"); die(111); } #define die_parseanchorpem(x) { log_f3("unable to parse anchor PEM file '", (x), "'"); die(111); } #define die_extractcn(x) { log_f3("unable to extract ASN.1 object ", (x), " from client certificate: object not found"); die(111); } #define die_optionUa() { log_f1("option -U must be used with -a"); die(100); } #define die_optionUn() { log_f1("option -U is not compatible with -u"); die(100); } #define die_ppin(x) { log_f3("unable to receive incoming proxy-protocol v", (x), " string");; die(100); } /* proxy-protocol */ static int (*ppin)(int, unsigned char *, unsigned char *, unsigned char *, unsigned char *) = 0; static const char *ppinver = 0; static void pp_incoming(const char *x) { if (str_equal("0", x)) { /* disable incoming proxy-protocol*/ return; } else if (str_equal("1", x)) { ppin = proxyprotocol_v1_get; ppinver = x; } else { log_f3("unable to parse incoming proxy-protocol version from the string '", x, "'"); log_f1("available: 1"); die(100); } } static void certuser_add(const char *x) { userfromcert = x; if (str_equal("commonName", x)) { ctx.clientcrt.oid = (unsigned char *)"\003\125\004\003"; } else if (str_equal("emailAddress", x)) { ctx.clientcrt.oid = (unsigned char *)"\011\052\206\110\206\367\015\001\011\001"; } else { log_f3("unable to parse ASN.1 object from the string '", x, "'"); log_f1("available: commonName"); log_f1("available: emailAddress"); die(100); } } static void version_setmax(const char *x) { long long i; if (!tls_version_setmax(&ctx, x)) { log_f3("unable to parse TLS max. version from the string '", x, "'"); for (i = 0; tls_versions[i].name; ++i) { log_f2("available: ", tls_versions[i].name); } die(100); } } static void version_setmin(const char *x) { long long i; if (!tls_version_setmin(&ctx, x)) { log_f3("unable to parse TLS min. version from the string '", x, "'"); for (i = 0; tls_versions[i].name; ++i) { log_f2("available: ", tls_versions[i].name); } die(100); } } static void certfile_add_dir(const char *x) { struct stat st; if (stat(x, &st) == -1) { log_f3("unable to stat certdir '", x, "'"); die(100) } if ((st.st_mode & S_IFMT) != S_IFDIR) { errno = ENOTDIR; log_f3("unable to add certdir '", x, "'"); die(100) } if (!tls_certfile_add_dir(&ctx, x)) { log_f3("unable to add more than ", lognum(tls_CERTFILES), " certdirs+certfiles"); die(100); } } static void certfile_add_file(const char *x) { struct stat st; if (stat(x, &st) == -1) { log_f3("unable to stat certfile '", x, "'"); die(100); } if ((st.st_mode & S_IFMT) != S_IFREG) { errno = 0; log_f3("unable to add certfile '", x, "': not a regular file"); die(100); } if (!tls_certfile_add_file(&ctx, x)) { log_f3("unable to add more than ", lognum(tls_CERTFILES), " certdirs+certfiles"); die(100); } } static void anchor_add(char *x) { struct stat st; if (stat(x, &st) == -1) { log_f3("unable to add anchor file '", x, "'"); die(100); } if ((st.st_mode & S_IFMT) != S_IFREG) { errno = 0; log_f3("unable to add anchor file '", x, "': not a regular file"); die(100); } if (!tls_anchor_add(&ctx, x)) { log_f1("unable to add more than one anchor file"); die(100); } } static void ecdhe_add(const char *x) { long long i; if (!tls_ecdhe_add(&ctx, x)) { log_f3("unable to parse ephemeral algorithm from the string '", x, "'"); for (i = 0; tls_ecdhes[i].name; ++i) { log_f2("available: ", tls_ecdhes[i].name); } die(100); } } static void cipher_add(const char *x) { long long i; if (!tls_cipher_add(&ctx, x)) { log_f3("unable to parse cipher from the string '", x, "'"); for (i = 0; tls_ciphers[i].name; ++i) { log_f2("available: ", tls_ciphers[i].name); } die(100); } } static long long timeout_parse(const char *x) { long long ret; if (!strtonum(&ret, x)) { log_f3("unable to parse timeout from the string '", x, "'"); die(100); } if (ret < 1) { log_f3("timeout must be a number > 0, not '", x, "'"); die(100); } if (ret > 86400) { log_f3("timeout must be a number < 86400, not '", x, "'"); die(100); } return ret; } static void usage(void) { log_u1("tlswrapper [options] [ -d certdir ] [ -f certfile ] prog"); die(100); } int main_tlswrapper(int argc, char **argv, int flagnojail) { char *x; int flaguser = 0; long long r; errno = 0; signal(SIGPIPE, SIG_IGN); signal(SIGCHLD, signalhandler); signal(SIGTERM, signalhandler); alarm(starttimeout); log_name("tlswrapper"); log_id(0); (void) argc; if (!argv[0]) usage(); for (;;) { if (!argv[1]) break; if (argv[1][0] != '-') break; x = *++argv; if (x[0] == '-' && x[1] == 0) break; if (x[0] == '-' && x[1] == '-' && x[2] == 0) break; while (*++x) { if (*x == 'q') { flagverbose = 0; log_level(flagverbose); continue; } if (*x == 'Q') { flagverbose = 1; log_level(flagverbose); continue; } if (*x == 'v') { log_level(++flagverbose); continue; } /* server preferences */ if (*x == 's') { ctx.flags |= tls_flags_ENFORCE_SERVER_PREFERENCES; continue; } if (*x == 'S') { ctx.flags &= ~tls_flags_ENFORCE_SERVER_PREFERENCES; continue; } /* proxy-protocol */ if (*x == 'p') { if (x[1]) { pp_incoming(x + 1); break; } if (argv[1]) { pp_incoming(*++argv); break; } } /* run child under user */ if (*x == 'U') { if (x[1]) { certuser_add(x + 1); break; } if (argv[1]) { certuser_add(*++argv); break; } } if (*x == 'u') { if (x[1]) { user = x + 1; break; } if (argv[1]) { user = *++argv; break; } } /* TLS version */ if (*x == 'm') { if (x[1]) { version_setmin(x + 1); break; } if (argv[1]) { version_setmin(*++argv); break; } } if (*x == 'M') { if (x[1]) { version_setmax(x + 1); break; } if (argv[1]) { version_setmax(*++argv); break; } } /* timeouts */ if (*x == 'T') { if (x[1]) { hstimeoutstr = x + 1; break; } if (argv[1]) { hstimeoutstr = *++argv; break; } } if (*x == 't') { if (x[1]) { timeoutstr = x + 1; break; } if (argv[1]) { timeoutstr = *++argv; break; } } /* certificates */ if (*x == 'd') { if (x[1]) { certfile_add_dir(x + 1); break; } if (argv[1]) { certfile_add_dir(*++argv); break; } } if (*x == 'f') { if (x[1]) { certfile_add_file(x + 1); break; } if (argv[1]) { certfile_add_file(*++argv); break; } } /* anchor - client certificates */ if (*x == 'a') { ctx.flags &= ~tls_flags_TOLERATE_NO_CLIENT_AUTH; if (x[1]) { anchor_add(x + 1); break; } if (argv[1]) { anchor_add(*++argv); break; } } /* ephemeral */ if (*x == 'e') { if (x[1]) { ecdhe_add(x + 1); break; } if (argv[1]) { ecdhe_add(*++argv); break; } } /* ciphers */ if (*x == 'c') { if (x[1]) { cipher_add(x + 1); break; } if (argv[1]) { cipher_add(*++argv); break; } } /* jail */ if (*x == 'J') { if (x[1]) { ctx.jaildir = (x + 1); break; } if (argv[1]) { ctx.jaildir = (*++argv); break; } } if (*x == 'j') { if (x[1]) { ctx.jailaccount = (x + 1); break; } if (argv[1]) { ctx.jailaccount = (*++argv); break; } } /* delayed encryption */ if (*x == 'n') { ctx.flagdelayedenc = 1; continue; } if (*x == 'N') { ctx.flagdelayedenc = 0; continue; } usage(); } } if (!*++argv) usage(); if (!ctx.certfiles_len) usage(); if (userfromcert && !ctx.anchorfn) die_optionUa(); if (userfromcert && ctx.flagdelayedenc) die_optionUn(); timeout = timeout_parse(timeoutstr); hstimeout = timeout_parse(hstimeoutstr); /* set flagnojail */ ctx.flagnojail = flagnojail; /* create control pipe */ if (ctx.flagdelayedenc) { struct stat st; if (fstat(CONTROLPIPEFD, &st) != -1) die_controlpipe(); for (;;) { r = open_read("/dev/null"); if (r == -1) die_devnull(); if (r > CONTROLPIPEFD) { close(r); break; } } } /* run child process */ if (open_pipe(tochild) == -1) die_pipe(); if (open_pipe(fromchild) == -1) die_pipe(); if (open_pipe(fromchildcontrol) == -1) die_pipe(); child = fork(); switch (child) { case -1: die_fork(); case 0: alarm(0); close(tochild[1]); close(0); if (dup(tochild[0]) != 0) die_dup(); blocking_enable(0); close(fromchild[0]); close(1); if (dup(fromchild[1]) != 1) die_dup(); blocking_enable(1); close(fromchildcontrol[0]); close(CONTROLPIPEFD); if (ctx.flagdelayedenc) { if (dup(fromchildcontrol[1]) != CONTROLPIPEFD) die_dup(); blocking_enable(CONTROLPIPEFD); } /* read connection info from net-process */ if (pipe_readall(0, localip, sizeof localip) == -1) die(111); if (pipe_readall(0, localport, sizeof localport) == -1) die(111); if (pipe_readall(0, remoteip, sizeof remoteip) == -1) die(111); if (pipe_readall(0, remoteport, sizeof remoteport) == -1) die(111); connectioninfo_set(localip, localport, remoteip, remoteport); /* drop root to account from client certificate ASN.1 object */ do { char account[256]; size_t accountlen = sizeof account; if (pipe_readmax(0, account, &accountlen) == -1) die(111); if (accountlen <= 1) break; account[accountlen - 1] = 0; if (!userfromcert) break; if (jail_droppriv(account) == -1) die_droppriv(account); } while (0); /* drop root */ if (user) if (jail_droppriv(user) == -1) die_droppriv(user); signal(SIGPIPE, SIG_DFL); signal(SIGCHLD, SIG_DFL); signal(SIGTERM, SIG_DFL); log_t3("running '", argv[0], "'"); execvp(*argv, argv); log_f2("unable to run ", *argv); die(111); } close(fromchildcontrol[1]); close(fromchild[1]); close(tochild[0]); blocking_disable(fromchildcontrol[0]); blocking_disable(fromchild[0]); blocking_disable(tochild[1]); /* initialize randombytes */ { char ch[1]; randombytes(ch, sizeof ch); } /* run service process for loading keys and secret-key operations */ if (open_pipe(fromkeyjail) == -1) die_pipe(); if (open_pipe(tokeyjail) == -1) die_pipe(); keyjailchild = fork(); switch (keyjailchild) { case -1: die_fork(); case 0: alarm(0); close(fromkeyjail[0]); close(tokeyjail[1]); close(fromchildcontrol[0]); close(fromchild[0]); close(tochild[1]); close(0); if (dup(tokeyjail[0]) != 0) die_dup(); close(1); if (dup(fromkeyjail[1]) != 1) die_dup(); blocking_enable(0); blocking_enable(1); signal(SIGPIPE, SIG_IGN); signal(SIGCHLD, SIG_DFL); signal(SIGTERM, SIG_DFL); log_ip(0); tls_keyjail(&ctx); die(0); } close(fromkeyjail[1]); close(tokeyjail[0]); blocking_enable(fromkeyjail[0]); blocking_enable(tokeyjail[1]); tls_pipe_fromchild = fromkeyjail[0]; tls_pipe_tochild = tokeyjail[1]; tls_pipe_eng = &ctx.cc.eng; /* create selfpipe */ if (open_pipe(selfpipe) == -1) die_pipe(); blocking_enable(selfpipe[1]); /* handshake timeout */ signal(SIGALRM, signalhandler); alarm(hstimeout); /* drop privileges, chroot, set limits, ... NETJAIL starts here */ if (!ctx.flagnojail) { if (jail(ctx.jailaccount, ctx.jaildir, 1) == -1) die_jail(); } if (ctx.anchorfn) { char *pubpem; size_t pubpemlen; /* get anchor PEM file, and parse it */ fixpath(ctx.anchorfn); if (pipe_write(tls_pipe_tochild, ctx.anchorfn, str_len(ctx.anchorfn) + 1) == -1) die_writetopipe(); pubpem = pipe_readalloc(tls_pipe_fromchild, &pubpemlen); if (!pubpem) die_readanchorpem(ctx.anchorfn); if (!tls_pubcrt_parse(&ctx.anchorcrt, pubpem, pubpemlen, ctx.anchorfn)) die_parseanchorpem(ctx.anchorfn); alloc_free(pubpem); } /* receive proxy-protocol string */ if (ppin) { if (!ppin(0, localip, localport, remoteip, remoteport)) { die_ppin(ppinver); } } else { /* get connection info */ (void) connectioninfo_get(localip, localport, remoteip, remoteport); } log_ip(iptostr(remoteipstr, remoteip)); /* non-blockning stdin/stdout */ blocking_disable(0); blocking_disable(1); log_d1("start"); /* write connection info to the child */ if (pipe_write(tochild[1], localip, sizeof localip) == -1) die_writetopipe(); if (pipe_write(tochild[1], localport, sizeof localport) == -1) die_writetopipe(); if (pipe_write(tochild[1], remoteip, sizeof remoteip) == -1) die_writetopipe(); if (pipe_write(tochild[1], remoteport, sizeof remoteport) == -1) die_writetopipe(); if (ctx.flagdelayedenc) { if (pipe_write(tochild[1], "", 1) == -1) die_writetopipe(); flaguser = 1; } else { close(fromchildcontrol[0]); } /* TLS init */ tls_profile(&ctx); /* main loop */ for (;;) { unsigned int st; struct pollfd p[6]; struct pollfd *q; struct pollfd *watch0; struct pollfd *watch1; struct pollfd *watchfromchild; struct pollfd *watchtochild; struct pollfd *watchfromselfpipe; struct pollfd *watchfromcontrol; unsigned char *buf; size_t len; st = tls_engine_current_state(&ctx); if (st & BR_SSL_CLOSED) break; if (tls_engine_handshakedone(&ctx)) { /* CN from anchor certificate */ if (!flaguser) { ctx.clientcrtbuf[sizeof ctx.clientcrtbuf - 1] = 0; if (userfromcert) { if (!ctx.clientcrt.status) die_extractcn(userfromcert); log_d4(userfromcert, " from the client certificate '", ctx.clientcrtbuf, "'"); fixname(ctx.clientcrtbuf); } if (pipe_write(tochild[1], ctx.clientcrtbuf, str_len(ctx.clientcrtbuf) + 1) == -1) die_writetopipe(); flaguser = 1; } log_i9("SSL connection: ", tls_version_str(br_ssl_engine_get_version(&ctx.cc.eng)), ", ", tls_cipher_str(ctx.cc.eng.session.cipher_suite), ", ", tls_ecdhe_str(br_ssl_engine_get_ecdhe_curve(&ctx.cc.eng)), ", sni='", br_ssl_engine_get_server_name(&ctx.cc.eng), "'"); alarm(timeout); } watch0 = watch1 = watchfromchild = watchtochild = watchfromselfpipe = watchfromcontrol = 0; q = p; if (st & BR_SSL_SENDREC) { watch1 = q; q->fd = 1; q->events = POLLOUT; ++q; } if (st & BR_SSL_RECVREC) { watch0 = q; q->fd = 0; q->events = POLLIN; ++q; } if (st & BR_SSL_RECVAPP) { watchtochild = q; q->fd = tochild[1]; q->events = POLLOUT; ++q; } if (st & BR_SSL_SENDAPP) { watchfromchild = q; q->fd = fromchild[0]; q->events = POLLIN; ++q; } watchfromselfpipe = q; q->fd = selfpipe[0]; q->events = POLLIN; ++q; if (ctx.flagdelayedenc) { watchfromcontrol = q; q->fd = fromchildcontrol[0]; q->events = POLLIN; ++q; } if (jail_poll(p, q - p, -1) < 0) { watch0 = watch1 = watchfromchild = watchtochild = watchfromselfpipe = watchfromcontrol = 0; } else { if (watch1) if (!watch1->revents) watch1 = 0; if (watch0) if (!watch0->revents) watch0 = 0; if (watchtochild) if (!watchtochild->revents) watchtochild = 0; if (watchfromchild) if (!watchfromchild->revents) watchfromchild = 0; if (watchfromselfpipe) if (!watchfromselfpipe->revents) watchfromselfpipe = 0; if (watchfromcontrol) if (!watchfromcontrol->revents) watchfromcontrol = 0; } /* recvapp */ if (watchtochild) { buf = tls_engine_recvapp_buf(&ctx, &len); r = write(tochild[1], buf, len); if (r == -1) if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK) continue; if (r <= 0) { log_d1("write to child failed"); break; } log_t4("write(tochild[1], buf, len=", lognum(len), ") = ", lognum(r)); tls_engine_recvapp_ack(&ctx, r); continue; } /* sendrec */ if (watch1) { buf = tls_engine_sendrec_buf(&ctx, &len); r = write(1, buf, len); if (r == -1) if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK) continue; if (r <= 0) { log_d1("write to standard output failed"); break; } log_t4("write(1, buf, len=", lognum(len), ") = ", lognum(r)); tls_engine_sendrec_ack(&ctx, r); continue; } /* recvrec */ if (watch0) { buf = tls_engine_recvrec_buf(&ctx, &len); r = read(0, buf, len); if (r == -1) if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK) continue; if (r <= 0) { if (r < 0) log_d1("read from standard input failed"); if (r == 0) log_t1("read from standard input failed, connection closed"); ctx.netclosed = 1; break; } log_t4("read(0, buf, len=", lognum(len), ") = ", lognum(r)); tls_engine_recvrec_ack(&ctx, r); alarm(timeout); /* refresh timeout */ continue; } /* sendapp */ if (watchfromchild) { buf = tls_engine_sendapp_buf(&ctx, &len); r = read(fromchild[0], buf, len); if (r == -1) if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK) continue; if (r <= 0) { if (r < 0) log_d1("read from child failed"); if (r == 0) log_t1("read from child failed, connection closed"); tls_engine_close(&ctx); tls_engine_flush(&ctx, 0); continue; } log_t4("read(fromchild[0], buf, len=", lognum(len), ") = ", lognum(r)); tls_engine_sendapp_ack(&ctx, r); tls_engine_flush(&ctx, 0); alarm(timeout); /* refresh timeout */ continue; } /* controlpipe */ if (watchfromcontrol) { buf = tls_engine_sendapp5_buf(&ctx, &len); r = read(fromchildcontrol[0], buf, len); if (r == -1) if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK) continue; if (r == -1) { log_d1("read from child failed"); break; } tls_engine_sendapp5_ack(&ctx, r); if (r == 0 && ctx.tonet5buflen) { if (writeall(1, ctx.tonet5buf, ctx.tonet5buflen) == -1) { log_d1("write to standard output failed"); break; } ctx.flagdelayedenc = 0; log_d1("child requested encryption(STARTTLS), start TLS"); close(fromchildcontrol[0]); alarm(hstimeout); } continue; } /* signal received */ if (watchfromselfpipe) { log_d1("signal received"); break; } } signal(SIGCHLD, SIG_DFL); signal(SIGALRM, SIG_DFL); /* wait for keyjail child */ close(fromkeyjail[0]); close(tokeyjail[1]); do { r = waitpid(keyjailchild, &status, 0); } while (r == -1 && errno == EINTR); if (!WIFEXITED(status)) { log_t2("keyjail process killed by signal ", lognum(WTERMSIG(status))); } else { log_t2("keyjail exited with status ", lognum(WEXITSTATUS(status))); } /* wait for child */ close(fromchild[0]); close(tochild[1]); do { r = waitpid(child, &status, 0); } while (r == -1 && errno == EINTR); errno = 0; if (!WIFEXITED(status)) { log_f2("child process killed by signal ", lognum(WTERMSIG(status))); die(111); } log_d2("child exited with status ", lognum(WEXITSTATUS(status))); die(WEXITSTATUS(status)); } /* clang-format on */ tlswrapper-20250201/main_tlswrapper_smtp.c000066400000000000000000000467251474542230700206160ustar00rootroot00000000000000#include #include #include #include #include #include #include "randombytes.h" #include "log.h" #include "iptostr.h" #include "connectioninfo.h" #include "jail.h" #include "writeall.h" #include "buffer.h" #include "stralloc.h" #include "open.h" #include "e.h" #include "tls.h" #include "blocking.h" #include "resolvehost.h" #include "hostport.h" #include "conn.h" #include "case.h" #include "timeoutwrite.h" #include "timeoutread.h" #include "strtonum.h" #include "main.h" /* clang-format off */ static const char *jailaccount = 0; static const char *jaildir = EMPTYDIR; static const char *user = 0; static int flagverbose = 1; static int flagstarttls = 0; static int flaggreyfailclosed = 0; static int fromchild[2] = {-1, -1}; static int tochild[2] = {-1, -1}; static pid_t child = -1; static int status; static unsigned char localip[16] = {0}; static unsigned char localport[2] = {0}; static unsigned char remoteip[16] = {0}; static unsigned char remoteport[2] = {0}; static char remoteipstr[IPTOSTR_LEN] = {0}; static void cleanup(void) { randombytes(localip, sizeof localip); randombytes(localport, sizeof localport); randombytes(remoteip, sizeof remoteip); randombytes(remoteip, sizeof remoteip); { unsigned char stack[4096]; randombytes(stack, sizeof stack); } } static void die(int x) { int r; /* cleanup */ cleanup(); if (child == -1) _exit(x); if (x != 0) _exit(x); /* wait for child */ close(fromchild[0]); close(tochild[1]); do { r = waitpid(child, &status, 0); } while (r == -1 && errno == EINTR); errno = 0; if (!WIFEXITED(status)) { log_f2("child process killed by signal ", lognum(WTERMSIG(status))); _exit(111); } log_d2("child exited with status ", lognum(WEXITSTATUS(status))); _exit(WEXITSTATUS(status)); } #define die_jail() { log_f1("unable to create jail"); die(111); } #define die_pipe() { log_f1("unable to create pipe"); die(111); } #define die_fork() { log_f1("unable to fork"); die(111); } #define die_dup() { log_f1("unable to dup"); die(111); } #define die_nomem() { log_f1("unable to allocate memory"); die(111); } #define die_droppriv(x) { log_f3("unable to drop privileges to '", (x), "'"); die(111); } static void usage(void) { log_u1("tlswrapper-smtp [options] child"); die(100); } static const char *timeoutstr = "600"; static const char *crwtimeoutstr = "15"; static long long timeout; static long long crwtimeout; static long long timeout_parse(const char *x) { long long ret; if (!strtonum(&ret, x)) { log_f3("unable to parse timeout from the string '", x, "'"); die(100); } if (ret < 1) { log_f3("timeout must be a number > 0, not '", x, "'"); die(100); } if (ret > 86400) { log_f3("timeout must be a number < 86400, not '", x, "'"); die(100); } return ret; } static void signalhandler(int signum) { (void) signum; die(111); } static long long _write(int fd, void *xv, long long xlen) { long long w = timeoutwrite(crwtimeout, fd, xv, xlen); if (w <= 0) { log_d1("write failed"); die(111); } return w; } static long long _read(int fd, void *xv, long long xlen) { long long r = timeoutread(crwtimeout, fd, xv, xlen); if (r <= 0) { log_d1("read failed"); die(111); } return r; } static char inbuf[8192]; static buffer ssin = buffer_INIT(_read, 0, inbuf, sizeof inbuf); static char outbuf[128]; static buffer ssout = buffer_INIT(_write, 1, outbuf, sizeof outbuf); static char outbuf5[32]; static buffer ssout5 = buffer_INIT(_write, 5, outbuf5, sizeof outbuf5); static char cinbuf[128]; static buffer sscin; static char coutbuf[8192]; static buffer sscout; static stralloc line = {0}; static stralloc cline = {0}; static stralloc mailfrom = {0}; static stralloc rcptto = {0}; static stralloc rcpttodata = {0}; static int _catlogid(stralloc *sa) { if (log_getid()) { if (!stralloc_cats(sa, " [")) return 0; if (!stralloc_cats(sa, log_getid())) return 0; if (!stralloc_cats(sa, "]")) return 0; } return 1; } static stralloc greylistresp = {0}; static const char *greylistmsg = 0; static char *greylisthostport = 0; static char greylisthost[256]; static unsigned char greylistport[2]; static unsigned char greylistip[16]; static long long greylistiplen; static int greylistfd = -1; static char greylistbuf[256]; static buffer gssin; static long long _gwrite(int fd, void *xv, long long xlen) { long long w = timeoutwrite(crwtimeout, fd, xv, xlen); if (w <= 0) { if (flaggreyfailclosed) { log_f3("write to '", greylisthostport, "' failed"); die(111); } else { log_w3("write to '", greylisthostport, "' failed"); } } return w; } static long long _gread(int fd, void *xv, long long xlen) { long long r = timeoutread(crwtimeout, fd, xv, xlen); if (r <= 0) { if (flaggreyfailclosed) { log_f3("read from '", greylisthostport, "' failed"); die(111); } else { log_w3("read from '", greylisthostport, "' failed"); } } return r; } static const char *greylist(void) { char ch; buffer_init(&gssin, _gwrite, greylistfd, greylistbuf, sizeof greylistbuf); if (buffer_puts(&gssin, "request=smtpd_access_policy\n") == -1) return 0; if (buffer_puts(&gssin, "client_address=") == -1) return 0; if (buffer_puts(&gssin, remoteipstr) == -1) return 0; if (buffer_puts(&gssin, "\nsender=") == -1) return 0; if (buffer_puts(&gssin, mailfrom.s) == -1) return 0; if (buffer_puts(&gssin, "\nrecipient=") == -1) return 0; if (buffer_puts(&gssin, rcptto.s) == -1) return 0; if (buffer_puts(&gssin, "\n\n") == -1) return 0; if (buffer_flush(&gssin)== -1) return 0; buffer_init(&gssin, _gread, greylistfd, greylistbuf, sizeof greylistbuf); do { if (buffer_get(&gssin, &ch, 1) != 1) return 0; if (!stralloc_append(&greylistresp, &ch)) die_nomem(); } while (ch != '\n'); if (!stralloc_0(&greylistresp)) die_nomem(); log_t2("greylist: ", greylistresp.s); if (greylistresp.len >= 12) { if (!case_diffb(greylistresp.s, 12, "action=dunno")) { return 0; } } if (greylistresp.len >= 13) { if (!case_diffb(greylistresp.s, 13, "action=reject")) { return "553 bad reputation (#5.7.1)"; } } return "450 greylisted (#4.3.0)"; } static long long smtpline(const char *append, int addlogid) { unsigned char ch; unsigned long long code; if (!stralloc_copys(&cline, "")) die_nomem(); buffer_GETC(&sscin, (char *)&ch); code = ch - '0'; if (!stralloc_append(&cline, &ch)) die_nomem(); buffer_GETC(&sscin, (char *)&ch); code = code * 10 + (ch - '0'); if (!stralloc_append(&cline, &ch)) die_nomem(); buffer_GETC(&sscin, (char *)&ch); code = code * 10 + (ch - '0'); if (!stralloc_append(&cline, &ch)) die_nomem(); for (;;) { buffer_GETC(&sscin, (char *)&ch); if (append && code == 250 && ch == ' ') { if (!stralloc_cats(&cline, "-")) die_nomem(); } else { if (!stralloc_append(&cline, &ch)) die_nomem(); } if (ch != '-') break; while (ch != '\n') { buffer_GETC(&sscin, (char *)&ch); if (!stralloc_append(&cline, &ch)) die_nomem(); } buffer_GETC(&sscin, (char *)&ch); if (!stralloc_append(&cline, &ch)) die_nomem(); buffer_GETC(&sscin, (char *)&ch); if (!stralloc_append(&cline, &ch)) die_nomem(); buffer_GETC(&sscin, (char *)&ch); if (!stralloc_append(&cline, &ch)) die_nomem(); } while (ch != '\n') { buffer_GETC(&sscin, (char *)&ch); if (!stralloc_append(&cline, &ch)) die_nomem(); } if (append && code == 250) if (!stralloc_cats(&cline, append)) die_nomem(); if (!stralloc_0(&cline)) die_nomem(); --cline.len; log_t3("child line: '", cline.s, "'"); /* add logid */ if (addlogid && log_getid()) { if (cline.len > 0) if (cline.s[cline.len - 1] == '\n') --cline.len; if (cline.len > 0) if (cline.s[cline.len - 1] == '\r') --cline.len; if (!_catlogid(&cline)) die_nomem(); if (!stralloc_cats(&cline, "\r\n")) die_nomem(); if (!stralloc_0(&cline)) die_nomem(); --cline.len; log_t3("child line with logid: '", cline.s, "'"); } return code; } static void readline(void) { if (!stralloc_copys(&line, "")) die_nomem(); for (;;) { char ch; buffer_GETC(&ssin, &ch); if (ch == '\n') break; if (!ch) ch = '\n'; if (!stralloc_append(&line, &ch)) die_nomem(); } if (line.len > 0) if (line.s[line.len - 1] == '\r') --line.len; if (!stralloc_cats(&line, "\r\n")) die_nomem(); if (!stralloc_0(&line)) die_nomem(); --line.len; log_t3("line: '", line.s, "'"); } struct commands { const char *verb; void (*action)(void); }; static void commands(struct commands *c) { long long i, len; for (;;) { readline(); for (len = 0; len < line.len; ++len) { if (line.s[len] == ' ') break; if (line.s[len] == '\r') break; if (line.s[len] == '\n') break; } for (i = 0; c[i].verb; ++i) { if (!case_diffb(line.s, len, c[i].verb)) break; } c[i].action(); } } static void smtp_greet(void) { smtpline(0, 1); buffer_putsflush(&ssout, cline.s); } static long long copy(int logid) { long long code; buffer_putsflush(&sscout, line.s); code = smtpline(0, logid); buffer_putsflush(&ssout, cline.s); log_d3(line.s, ": ", cline.s); return code; } static void smtp_default(void) { copy(0); } static void smtp_quit(void) { copy(1); die(0); } static void smtp_data(void) { long long code; buffer_putsflush(&sscout, line.s); code = smtpline(0, 1); buffer_putsflush(&ssout, cline.s); if (code != 354) { log_d3(line.s, ": ", cline.s); log_w6("F=", mailfrom.s, " T=", rcpttodata.s, ": ", cline.s); return; } for (;;) { readline(); buffer_puts(&sscout, line.s); if (line.len > 0) if (line.s[line.len - 1] == '\n') --line.len; if (line.len > 0) if (line.s[line.len - 1] == '\r') --line.len; if ((line.len == 1) && line.s[0] == '.') break; } buffer_flush(&sscout); code = smtpline(0, 1); buffer_putsflush(&ssout, cline.s); log_d2("DATA: ", cline.s); if (code != 250) { log_w6("F=", mailfrom.s, " T=", rcpttodata.s, ": ", cline.s); } else { log_i6("F=", mailfrom.s, " T=", rcpttodata.s, ": ", cline.s); } } static void smtp_mail(void) { long long code, i; if (line.len >= 10) { if (!case_diffb(line.s, 10, "mail from:")) { if (!stralloc_copyb(&mailfrom, line.s + 10, line.len - 10)) die_nomem(); if (mailfrom.s[mailfrom.len - 1] == '\n') --mailfrom.len; if (mailfrom.s[mailfrom.len - 1] == '\r') --mailfrom.len; for (i = 0; i < mailfrom.len; ++i) { if (mailfrom.s[i] == ' ') mailfrom.len = i; } if (!stralloc_0(&mailfrom)) die_nomem(); } } code = copy(1); if (code != 250) { log_w4("F=", mailfrom.s, ": ", cline.s); } } static void smtp_rcpt(void) { long long code, i; if (line.len >= 8) { if (!case_diffb(line.s, 8, "rcpt to:")) { if (!stralloc_copyb(&rcptto, line.s + 8, line.len - 8)) die_nomem(); if (rcptto.s[rcptto.len - 1] == '\n') --rcptto.len; if (rcptto.s[rcptto.len - 1] == '\r') --rcptto.len; for (i = 0; i < rcptto.len; ++i) { if (rcptto.s[i] == ' ') { rcptto.len = i; break; } } if (!stralloc_cat(&rcpttodata, &rcptto)) die_nomem(); if (!stralloc_cats(&rcpttodata, ",")) die_nomem(); if (!stralloc_0(&rcptto)) die_nomem(); if (!stralloc_0(&rcpttodata)) die_nomem(); --rcpttodata.len; } } if (mailfrom.len && rcptto.len && greylistfd != -1) { greylistmsg = greylist(); if (greylistmsg) { if (!stralloc_copys(&cline, greylistmsg)) die_nomem(); if (!_catlogid(&cline)) die_nomem(); if (!stralloc_cats(&cline, "\r\n")) die_nomem(); if (!stralloc_0(&cline)) die_nomem(); buffer_putsflush(&ssout, cline.s); log_d3(line.s, ": ", cline.s); log_w6("F=", mailfrom.s, " T=", rcptto.s, ": ", cline.s); return; } } code = copy(1); if (code != 250) { log_w6("F=", mailfrom.s, " T=", rcptto.s, ": ", cline.s); } } static void smtp_ehlo(void) { struct stat st; buffer_putsflush(&sscout, line.s); if (flagstarttls && fstat(5, &st) == 0) { (void) smtpline("250 STARTTLS\r\n", 0); } else { (void) smtpline(0, 0); } errno = 0; buffer_putsflush(&ssout, cline.s); log_d3(line.s, ": ", cline.s); } static void smtp_starttls(void) { struct stat st; if (!flagstarttls || fstat(5, &st) != 0) { if (!stralloc_copys(&cline, "502 unimplemented (#5.5.1)")) die_nomem(); if (!_catlogid(&cline)) die_nomem(); if (!stralloc_cats(&cline, "\r\n")) die_nomem(); if (!stralloc_0(&cline)) die_nomem(); buffer_putsflush(&ssout, cline.s); log_d3(line.s, ": ", cline.s); errno = 0; return; } if (!stralloc_copys(&cline, "220 ready to start TLS (#2.0.0)")) die_nomem(); if (!_catlogid(&cline)) die_nomem(); if (!stralloc_cats(&cline, "\r\n")) die_nomem(); if (!stralloc_0(&cline)) die_nomem(); buffer_putsflush(&ssout5, cline.s); close(5); log_d3(line.s, ": ", cline.s); buffer_putsflush(&sscout, "RSET\r\n"); smtpline(0, 1); } struct commands smtpcommands[] = { { "quit", smtp_quit } , { "data", smtp_data } , { "mail", smtp_mail } , { "rcpt", smtp_rcpt } , { "ehlo", smtp_ehlo } , { "starttls", smtp_starttls } , { 0, smtp_default } } ; int main_tlswrapper_smtp(int argc, char **argv) { char *x; struct stat st; signal(SIGPIPE, SIG_IGN); signal(SIGALRM, signalhandler); alarm(30); log_name("tlswrapper-smtp"); log_id(0); (void) argc; if (!argv[0]) usage(); for (;;) { if (!argv[1]) break; if (argv[1][0] != '-') break; x = *++argv; if (x[0] == '-' && x[1] == 0) break; if (x[0] == '-' && x[1] == '-' && x[2] == 0) break; while (*++x) { if (*x == 'q') { flagverbose = 0; log_level(flagverbose); continue; } if (*x == 'Q') { flagverbose = 1; log_level(flagverbose); continue; } if (*x == 'v') { log_level(++flagverbose); continue; } /* user */ if (*x == 'u') { if (x[1]) { user = x + 1; break; } if (argv[1]) { user = *++argv; break; } } /* timeouts */ if (*x == 'T') { if (x[1]) { crwtimeoutstr = x + 1; break; } if (argv[1]) { crwtimeoutstr = *++argv; break; } } if (*x == 't') { if (x[1]) { timeoutstr = x + 1; break; } if (argv[1]) { timeoutstr = *++argv; break; } } /* greylist */ if (*x == 'g') { if (x[1]) { greylisthostport = x + 1; break; } if (argv[1]) { greylisthostport = *++argv; break; } } if (*x == 'c') { flaggreyfailclosed = 1; continue; } if (*x == 'C') { flaggreyfailclosed = 0; continue; } /* jail */ if (*x == 'J') { if (x[1]) { jaildir = (x + 1); break; } if (argv[1]) { jaildir = (*++argv); break; } } if (*x == 'j') { if (x[1]) { jailaccount = (x + 1); break; } if (argv[1]) { jailaccount = (*++argv); break; } } usage(); } } if (!*++argv) usage(); timeout = timeout_parse(timeoutstr); crwtimeout = timeout_parse(crwtimeoutstr); if (greylisthostport) { if (!hostport_parse(greylisthost, sizeof greylisthost, greylistport, greylisthostport)) { log_f3("unable to parse greylist host:port from the string: '", greylisthostport, "'"); die(100); } log_t5("greylist address '", greylisthost, ":", logport(greylistport), "'"); } if (fstat(5, &st) == 0) { flagstarttls = 1; } /* run child process */ if (open_pipe(tochild) == -1) die_pipe(); if (open_pipe(fromchild) == -1) die_pipe(); child = fork(); switch (child) { case -1: die_fork(); break; case 0: close(tochild[1]); close(0); if (dup(tochild[0]) != 0) die_dup(); blocking_enable(0); close(fromchild[0]); close(1); if (dup(fromchild[1]) != 1) die_dup(); blocking_enable(1); close(5); /* drop root */ if (user) if (jail_droppriv(user) == -1) die_droppriv(user); signal(SIGPIPE, SIG_DFL); log_t3("running '", argv[0], "'"); execvp(*argv, argv); log_f2("unable to run ", *argv); die(111); } close(fromchild[1]); close(tochild[0]); blocking_enable(fromchild[0]); blocking_enable(tochild[1]); buffer_init(&sscin, _read, fromchild[0], cinbuf, sizeof cinbuf); buffer_init(&sscout, _write, tochild[1], coutbuf, sizeof coutbuf); /* initialize randombytes */ { char ch[1]; randombytes(ch, sizeof ch); } if (greylisthostport) { if (!resolvehost_init()) { log_f1("unable to create jailed process for DNS resolver"); die(111); } if (!conn_init(1)) { log_f1("unable to initialize TCP connection"); die(111); } } /* create jail */ if (jail(jailaccount, jaildir, 1) == -1) die_jail(); if (greylisthostport) { greylistiplen = resolvehost_do(greylistip, sizeof greylistip, greylisthost); if (greylistiplen < 0) { log_f3("unable to resolve host '", greylisthost, "'"); die(111); } if (greylistiplen == 0) { log_f3("unable to resolve host '", greylisthost, "': name not exist"); die(111); } log_d4("resolvehost: ", greylisthost, ": ", logip(greylistip)); resolvehost_close(); greylistfd = conn(crwtimeout, greylistip, greylistiplen, greylistport); if (greylistfd == -1) { if (flaggreyfailclosed) { log_f2("unable to connect to ", greylisthostport); die(111); } else { log_w2("unable to connect to ", greylisthostport); } } } /* get connection info */ (void) connectioninfo_get(localip, localport, remoteip, remoteport); log_ip(iptostr(remoteipstr, remoteip)); /* initialize mailfrom, rcptto */ if (!stralloc_0(&mailfrom)) die_nomem(); --mailfrom.len; if (!stralloc_0(&rcptto)) die_nomem(); --rcptto.len; if (!stralloc_0(&rcpttodata)) die_nomem(); --rcpttodata.len; alarm(timeout); smtp_greet(); commands(smtpcommands); die(111); return 111; } /* clang-format on */ tlswrapper-20250201/main_tlswrapper_tcp.c000066400000000000000000000264701474542230700204140ustar00rootroot00000000000000#include #include #include "randombytes.h" #include "iptostr.h" #include "proxyprotocol.h" #include "connectioninfo.h" #include "resolvehost.h" #include "strtoport.h" #include "socket.h" #include "e.h" #include "log.h" #include "conn.h" #include "str.h" #include "tls.h" #include "jail.h" #include "randommod.h" #include "strtonum.h" #include "main.h" /* clang-format off */ static struct context { const char *account; const char *empty_dir; } ctx = { .account = 0, .empty_dir = EMPTYDIR, }; static unsigned char inbuf[4096]; static unsigned long long inbuflen = 0; static int infinished = 0; static unsigned char outbuf[4096]; static unsigned long long outbuflen = 0; static int outfinished = 0; #define NUMIP 8 static const char *timeoutstr = "3600"; static const char *connecttimeoutstr = "10"; static const char *hoststr = 0; static const char *portstr = 0; static long long timeout; static long long connecttimeout; static unsigned char ip[16 * NUMIP]; static long long iplen; static unsigned char port[2]; static int fd = -1; static unsigned char localip[16] = {0}; static unsigned char localport[2] = {0}; static unsigned char remoteip[16] = {0}; static unsigned char remoteport[2] = {0}; static char remoteipstr[IPTOSTR_LEN] = {0}; static int flagverbose = 1; static void cleanup(void) { resolvehost_close(); randombytes(ip, sizeof ip); randombytes(port, sizeof port); randombytes(inbuf, sizeof inbuf); randombytes(outbuf, sizeof outbuf); randombytes(localip, sizeof localip); randombytes(localport, sizeof localport); randombytes(remoteip, sizeof remoteip); randombytes(remoteip, sizeof remoteip); randombytes(remoteipstr, sizeof remoteipstr); randombytes(&ctx, sizeof ctx); { unsigned char stack[4096]; randombytes(stack, sizeof stack); } } #define die(x) { cleanup(); _exit(x); } #define die_jail() { log_f1("unable to create jail"); die(111); } #define die_pipe() { log_f1("unable to create pipe"); die(111); } #define die_ppout(x) { log_f3("unable to create outgoing proxy-protocol v", (x), " string");; die(100); } #define die_ppin(x) { log_f3("unable to receive incoming proxy-protocol v", (x), " string");; die(100); } static void usage(void) { log_u1("tlswrapper-tcp [options] host port"); die(100); } /* proxy-protocol */ static long long (*ppout)(char *, long long, unsigned char *, unsigned char *, unsigned char *, unsigned char *) = 0; static const char *ppoutver = 0; static int (*ppin)(int, unsigned char *, unsigned char *, unsigned char *, unsigned char *) = 0; static const char *ppinver = 0; static void pp_incoming(const char *x) { if (str_equal("0", x)) { /* disable incoming proxy-protocol */ return; } else if (str_equal("1", x)) { ppin = proxyprotocol_v1_get; ppinver = x; } else { log_f3("unable to parse incoming proxy-protocol version from the string '", x, "'"); log_f1("available: 1"); die(100); } } static void pp_outgoing(const char *x) { if (str_equal("0", x)) { /* disable outgoing proxy-protocol */ return; } else if (str_equal("1", x)) { ppout = proxyprotocol_v1; ppoutver = x; } else { log_f3("unable to parse outgoing proxy-protocol version from the string '", x, "'"); log_f1("available: 1"); log_f1("available: 2"); die(100); } } static long long timeout_parse(const char *x) { long long ret; if (!strtonum(&ret, x)) { log_f3("unable to parse timeout from the string '", x, "'"); die(100); } if (ret < 1) { log_f3("timeout must be a number > 0, not '", x, "'"); die(100); } return ret; } static int selfpipe[2] = {-1, -1}; static void signalhandler(int signum) { int w; if (signum == SIGCHLD) return; w = write(selfpipe[1], "", 1); (void) w; } int main_tlswrapper_tcp(int argc, char **argv) { char *x; long long i; errno = 0; signal(SIGPIPE, SIG_IGN); log_name("tlswrapper-tcp"); log_id(0); (void) argc; if (!argv[0]) usage(); for (;;) { if (!argv[1]) break; if (argv[1][0] != '-') break; x = *++argv; if (x[0] == '-' && x[1] == 0) break; if (x[0] == '-' && x[1] == '-' && x[2] == 0) break; while (*++x) { if (*x == 'q') { flagverbose = 0; log_level(flagverbose); continue; } if (*x == 'Q') { flagverbose = 1; log_level(flagverbose); continue; } if (*x == 'v') { log_level(++flagverbose); continue; } /* timeouts */ if (*x == 'T') { if (x[1]) { connecttimeoutstr = x + 1; break; } if (argv[1]) { connecttimeoutstr = *++argv; break; } } if (*x == 't') { if (x[1]) { timeoutstr = x + 1; break; } if (argv[1]) { timeoutstr = *++argv; break; } } /* proxy-protocol */ if (*x == 'p') { if (x[1]) { pp_incoming(x + 1); break; } if (argv[1]) { pp_incoming(*++argv); break; } } if (*x == 'P') { if (x[1]) { pp_outgoing(x + 1); break; } if (argv[1]) { pp_outgoing(*++argv); break; } } /* jail */ if (*x == 'J') { if (x[1]) { ctx.empty_dir = (x + 1); break; } if (argv[1]) { ctx.empty_dir = (*++argv); break; } } if (*x == 'j') { if (x[1]) { ctx.account = (x + 1); break; } if (argv[1]) { ctx.account = (*++argv); break; } } usage(); } } hoststr = *++argv; if (!hoststr) usage(); portstr = *++argv; if (!strtoport(port, portstr)) { log_f3("unable to parse TCP port (a number 0 - 65535) from the string '", portstr, "'"); die(100); } timeout = timeout_parse(timeoutstr); connecttimeout = timeout_parse(connecttimeoutstr); /* initialize randombytes */ { char ch[1]; randombytes(ch, sizeof ch); } /* resolve host */ if (!resolvehost_init()) { log_f1("unable to create jailed process for DNS resolver"); die(111); } iplen = resolvehost_do(ip, sizeof ip, hoststr); if (iplen < 0) { log_f5("unable to resolve host '", hoststr, "' or port '", portstr, "'"); die(111); } if (iplen == 0) { log_f3("unable to resolve host '", hoststr, "': name not exist"); die(111); } for (i = 0; i < iplen; i += 16) { log_d3(hoststr, ": ", logip(ip + i)); } resolvehost_close(); /* create selfpipe */ if (pipe(selfpipe) == -1) die_pipe(); /* create sockets */ if (!conn_init(iplen / 16)) { log_f1("unable to create TCP socket"); die(111); } /* drop privileges, chroot, set limits, ... NETJAIL starts here */ if (jail(ctx.account, ctx.empty_dir, 1) == -1) die_jail(); /* receive proxy-protocol string */ if (ppin) { if (!ppin(0, localip, localport, remoteip, remoteport)) { die_ppin(ppinver); } } else { /* get connection info */ (void) connectioninfo_get(localip, localport, remoteip, remoteport); } log_ip(iptostr(remoteipstr, remoteip)); fd = conn(connecttimeout, ip, iplen, port); if (fd == -1) { log_f4("unable to connect to ", hoststr, ":", logport(port)); die(111); } /* write proxy-protocol string */ if (ppout) { inbuflen = ppout((char *)inbuf, sizeof outbuf, localip, localport, remoteip, remoteport); if (inbuflen <= 0) die_ppout(ppoutver); } log_d4("connected to [", logip(ip), "]:", logport(port)); log_i4("connected to ", hoststr, ":", logport(port)); signal(SIGTERM, signalhandler); signal(SIGALRM, signalhandler); alarm(timeout); for (;;) { long long r; struct pollfd p[5]; struct pollfd *q; struct pollfd *watch0; struct pollfd *watch1; struct pollfd *watchfromremote; struct pollfd *watchtoremote; struct pollfd *watchfromselfpipe; if ((infinished || outfinished) && inbuflen == 0 && outbuflen == 0) break; watch0 = watch1 = watchfromremote = watchtoremote = watchfromselfpipe = 0; q = p; if (!infinished && sizeof inbuf > inbuflen) { watch0 = q; q->fd = 0; q->events = POLLIN; ++q; } if (outbuflen > 0) { watch1 = q; q->fd = 1; q->events = POLLOUT; ++q; } if (inbuflen > 0) { watchtoremote = q; q->fd = fd; q->events = POLLOUT; ++q; } if (!outfinished && sizeof outbuf > outbuflen) { watchfromremote = q; q->fd = fd; q->events = POLLIN; ++q; } watchfromselfpipe = q; q->fd = selfpipe[0]; q->events = POLLIN; ++q; if (jail_poll(p, q - p, -1) < 0) { watch0 = watch1 = watchfromremote = watchtoremote = watchfromselfpipe = 0; } else { if (watch1) if (!watch1->revents) watch1 = 0; if (watch0) if (!watch0->revents) watch0 = 0; if (watchtoremote) if (!watchtoremote->revents) watchtoremote = 0; if (watchfromremote) if (!watchfromremote->revents) watchfromremote = 0; if (watchfromselfpipe) if (!watchfromselfpipe->revents) watchfromselfpipe = 0; } if (watchtoremote) { r = write(fd, inbuf, inbuflen); if (r == -1) if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK) continue; if (r <= 0) { log_d5("write to ", hoststr, ":", portstr, " failed" ); break; } memmove(inbuf, inbuf + r, inbuflen - r); inbuflen -= r; continue; } if (watch1) { r = write(1, outbuf, outbuflen); if (r == -1) if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK) continue; if (r <= 0) { log_d1("write to standard output failed"); break; } memmove(outbuf, outbuf + r, outbuflen - r); outbuflen -= r; continue; } if (watch0) { r = read(0, inbuf + inbuflen, sizeof inbuf - inbuflen); if (r == -1) if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK) continue; if (r <= 0) { if (r < 0) log_d1("read from standard input failed"); if (r == 0) log_t1("read from standard input failed, connection closed"); infinished = 1; continue; } inbuflen += r; alarm(timeout); /* refresh timeout */ continue; } if (watchfromremote) { r = read(fd, outbuf + outbuflen, sizeof inbuf - outbuflen); if (r == -1) if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK) continue; if (r <= 0) { if (r < 0) log_d5("read from ", hoststr, ":", portstr, " failed" ); if (r == 0) log_t5("read from ", hoststr, ":", portstr, " failed, connection closed" ); outfinished = 1; continue; } outbuflen += r; alarm(timeout); /* refresh timeout */ continue; } /* signal received */ if (watchfromselfpipe) { log_d1("signal received"); break; } } log_d1("finished"); die(0); } /* clang-format on */ tlswrapper-20250201/main_tlswrapper_test.c000066400000000000000000000320631474542230700206000ustar00rootroot00000000000000#include #include #include #include #include "e.h" #include "log.h" #include "randombytes.h" #include "fsyncfile.h" #include "writeall.h" #include "str.h" #include "tls.h" #include "open.h" #include "blocking.h" #include "strtonum.h" #include "main.h" /* clang-format off */ static int flagverbose = 1; static int flaginput = 0; static int flagoutput = 0; static int flagflush = 1; static int flagzero = 0; static int fromchild[2] = {-1, -1}; static int tochild[2] = {-1, -1}; static pid_t child = -1; static int childstatus; static br_ssl_client_context sc; static br_ssl_client_context *cc = ≻ static br_x509_minimal_context xc; static br_x509_minimal_context *xcp = &xc; static unsigned char iobuf[BR_SSL_BUFSIZE_BIDI]; static br_sslio_context ioc; static const char *host = 0; static unsigned char buf[16384]; static char *daysstr = 0; static long long days = 0; static const char *anchorfn = 0; static unsigned char anchorkey[32] = {0}; static struct tls_pem anchorpem = {0}; static struct tls_pubcrt anchorcrt = {0}; static char *ppstring = 0; static uint16_t ciphersuite = 0; static uint32_t ecdhecurves = 0; static br_ec_impl ecdhe; static int _read(void *ctx, unsigned char *x, size_t len) { int r; int fd = *(int *)ctx; for (;;) { r = read(fd, x, len); if (r == 0) errno = EPIPE; if (r <= 0) { if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK) continue; log_f4("read(", lognum(fd), ", x, len) = ", lognum(r)); return -1; } log_t4("read(", lognum(fd), ", x, len) = ", lognum(r)); return r; } } static int _write(void *ctx, const unsigned char *x, size_t len) { int w; int fd = *(int *)ctx; for (;;) { w = write(fd, x, len); if (w == 0) errno = EPIPE; if (w <= 0) { if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK) continue; log_f4("write(", lognum(fd), ", x, len) = ", lognum(w)); return -1; } log_t4("write(", lognum(fd), ", x, len) = ", lognum(w)); return w; } } static unsigned int my_end_chain(const br_x509_class **ctx) { unsigned int r; r = br_x509_minimal_vtable.end_chain(ctx); if (r == BR_ERR_X509_NOT_TRUSTED) { r = 0; } return 0; } static br_x509_class my509vtable; static const br_x509_class *getvtable(void) { memcpy(&my509vtable, &br_x509_minimal_vtable, sizeof br_x509_minimal_vtable); my509vtable.end_chain = my_end_chain; return &my509vtable; } static void cleanup(void) { { unsigned char stack[4096]; randombytes(stack, sizeof stack); } } #define die(x) { cleanup(); _exit(x); } #define die_pipe() { log_f1("unable to create pipe"); die(111); } #define die_fork() { log_f1("unable to fork"); die(111); } #define die_dup() { log_f1("unable to dup"); die(111); } #define die_setenv(x) { log_f2("unable to set env. variable ", (x)); die(111); } #define die_parseanchorpem(x) { log_f3("unable to parse anchor PEM file '", (x), "'"); die(111); } #define die_loadpem(x) { log_f2("unable to load pem file ", (x)); die(111); } #define die_parsepem(x) { log_f2("unable to parse PEM public-object from the file ", (x)); die(111); } #define die_write() { log_f1("unable to write output"); die(111); } static void usage(void) { log_u1("tlswrapper-test [options] prog"); die(100); } struct { const char *name; uint16_t suite; } ciphers[] = { { "ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", BR_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, }, { "ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", BR_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, }, { "ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, }, { "ECDHE_RSA_WITH_AES_128_GCM_SHA256", BR_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, }, { "ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", BR_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, }, { "ECDHE_RSA_WITH_AES_256_GCM_SHA384", BR_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, }, { "ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", BR_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, }, { "ECDHE_RSA_WITH_AES_128_CBC_SHA256", BR_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, }, { "ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", BR_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, }, { "ECDHE_RSA_WITH_AES_256_CBC_SHA384", BR_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, }, { "ECDHE_ECDSA_WITH_AES_128_CBC_SHA", BR_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, }, { "ECDHE_RSA_WITH_AES_128_CBC_SHA", BR_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, }, { "ECDHE_ECDSA_WITH_AES_256_CBC_SHA", BR_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, }, { "ECDHE_RSA_WITH_AES_256_CBC_SHA", BR_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, }, { "ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", BR_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, }, { "ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", BR_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, }, { 0, 0 } }; static void cipher_get(const char *x) { long long i; for (i = 0; ciphers[i].name; ++i) { if (str_diff(x, ciphers[i].name)) continue; ciphersuite = ciphers[i].suite; return; } log_f3("unable to parse cipher from the string '", x, "'"); die(100); } struct { const char *name; uint16_t suite; } ecdhes[] = { { "x25519", tls_ecdhe_X25519 }, { "secp256r1", tls_ecdhe_SECP256R1 }, { "secp384r1", tls_ecdhe_SECP384R1 }, { "secp521r1", tls_ecdhe_SECP521R1 }, { 0, 0 } }; static void ecdhe_add(const char *x) { long long i; for (i = 0; ecdhes[i].name; ++i) { if (str_diff(x, ecdhes[i].name)) continue; ecdhecurves |= 1 << ecdhes[i].suite; return; } log_f3("unable to parse ecdhe from the string '", x, "'"); die(100); } int main_tlswrapper_test(int argc, char **argv) { char *x; long long r; signal(SIGPIPE, SIG_IGN); log_name("tlswrapper-test"); log_id(""); (void) argc; if (!argv[0]) usage(); for (;;) { if (!argv[1]) break; if (argv[1][0] != '-') break; x = *++argv; if (x[0] == '-' && x[1] == 0) break; if (x[0] == '-' && x[1] == '-' && x[2] == 0) break; while (*++x) { if (*x == 'q') { flagverbose = 0; log_level(flagverbose); continue; } if (*x == 'Q') { flagverbose = 1; log_level(flagverbose); continue; } if (*x == 'v') { log_level(++flagverbose); continue; } if (*x == 'r') { flaginput = 1; flagoutput = 0; continue; } if (*x == 'w') { flagoutput = 1; flaginput = 0; continue; } if (*x == 'f') { flagflush = 1; continue; } if (*x == 'F') { flagflush = 0; continue; } if (*x == 'z') { flagzero = 1; continue; } if (*x == 'Z') { flagzero = 0; continue; } if (*x == 'P') { if (x[1]) { ppstring = (x + 1); break; } if (argv[1]) { ppstring = (*++argv); break; } } if (*x == 'a') { if (x[1]) { anchorfn = (x + 1); break; } if (argv[1]) { anchorfn = (*++argv); break; } } if (*x == 'h') { if (x[1]) { host = (x + 1); break; } if (argv[1]) { host = (*++argv); break; } } if (*x == 'd') { if (x[1]) { daysstr = x + 1; break; } if (argv[1]) { daysstr = *++argv; break; } } if (*x == 'c') { if (x[1]) { cipher_get(x + 1); break; } if (argv[1]) { cipher_get(*++argv); break; } } if (*x == 'e') { if (x[1]) { ecdhe_add(x + 1); break; } if (argv[1]) { ecdhe_add(*++argv); break; } } usage(); } } if (!*++argv) usage(); if (!flaginput && !flagoutput) { log_f1("option -r or -w must be set"); die(100); } log_ip("0.0.0.0"); log_d1("start"); /* run child process */ if (open_pipe(fromchild) == -1) die_pipe(); if (open_pipe(tochild) == -1) die_pipe(); child = fork(); switch (child) { case -1: die_fork(); case 0: close(fromchild[0]); close(tochild[1]); close(0); if (dup(tochild[0]) != 0) die_dup(); close(1); if (dup(fromchild[1]) != 1) die_dup(); blocking_enable(0); blocking_enable(1); signal(SIGPIPE, SIG_DFL); execvp(*argv, argv); log_f2("unable to run ", *argv); die(111); } close(fromchild[1]); close(tochild[0]); blocking_enable(fromchild[0]); blocking_enable(tochild[0]); /* load and parse anchor PEM file */ if (anchorfn) { if (!tls_pem_load(&anchorpem, anchorfn, anchorkey)) die_loadpem(anchorfn); if (!tls_pubcrt_parse(&anchorcrt, anchorpem.pub, anchorpem.publen, anchorfn)) die_parsepem(anchorfn) } /* initialise the client context */ br_ssl_client_init_full(&sc, &xc, anchorcrt.ta, anchorcrt.talen); if (!anchorfn) { xc.vtable = getvtable(); br_ssl_engine_set_x509(&cc->eng, &xcp->vtable); } if (daysstr) { if (!strtonum(&days, daysstr)) { log_f3("unable to parse '", daysstr, "'"); die(100); } log_t2("days = ", lognum(days)); br_x509_minimal_set_time(&xc, days, 0); } if (ciphersuite) { br_ssl_engine_set_suites(&cc->eng, &ciphersuite, 1); } if (ecdhecurves) { memcpy(&ecdhe, br_ec_get_default(), sizeof(br_ec_impl)); ecdhe.supported_curves = ecdhecurves; br_ssl_engine_set_ec(&cc->eng, &ecdhe); } /* write proxy-protocol string */ if (ppstring) { /* replace '_' -> ' ' */ long long i; for (i = 0; ppstring[i]; ++i) if (ppstring[i] == '_') ppstring[i] = ' '; if (writeall(tochild[1], ppstring, str_len(ppstring)) == -1) { log_f1("unable to write output"); die(111); } if (writeall(tochild[1], "\r\n", 2) == -1) { log_f1("unable to write output"); die(111); } } /* set the I/O buffer */ br_ssl_engine_set_buffer(&sc.eng, iobuf, sizeof iobuf, 1); /* reset the client context, for a new handshake */ log_d2("host = ", host); br_ssl_client_reset(&sc, host, 0); /* initialise the I/O wrapper context */ br_sslio_init(&ioc, &sc.eng, _read, &fromchild[0], _write, &tochild[1]); if (flagzero) { log_d1("waiting for zerobyte"); r = _read(&fromchild[0], buf, 1); if (r == -1) { log_f1("unable to read from child"); goto finish; } log_d1("zerobyte received"); } if (flaginput) { for (;;) { r = br_sslio_read(&ioc, buf, sizeof buf); if (r == -1) { log_f1("unable to read from child"); break; } if (writeall(1, buf, r) == -1) { log_f1("unable to write output"); die(111); } } if (fsyncfile(1) == -1) die_write(); if (close(1) == -1) die_write() } if (flagoutput) { for (;;) { r = read(0, buf, sizeof buf); log_t2("read(0, buf, sizeof buf) = ", lognum(r)); if (r == -1) { if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK) continue; } if (r <= 0) break; if (br_sslio_write_all(&ioc, buf, r) == -1) { log_f1("unable to write to child"); break; } log_t3("br_sslio_write_all(&ioc, buf, r = ", lognum(r), ")"); } if (br_sslio_flush(&ioc) == -1) { log_f1("unable to write to child"); } if (flagflush) { if (br_sslio_close(&ioc) == -1) { log_f1("unable to close ssl connection"); } } } close(fromchild[0]); close(tochild[1]); if (br_ssl_engine_current_state(&sc.eng) == BR_SSL_CLOSED) { int err; err = br_ssl_engine_last_error(&sc.eng); if (err == BR_ERR_OK) { log_i1("SSL closed normally"); } else { if (err >= BR_ERR_SEND_FATAL_ALERT) { err -= BR_ERR_SEND_FATAL_ALERT; log_f2("SSL closed abnormally, sent alert: ", tls_error_str(err)); } else if (err >= BR_ERR_RECV_FATAL_ALERT) { err -= BR_ERR_RECV_FATAL_ALERT; log_f2("SSL closed abnormally, received alert: ", tls_error_str(err)); } else { log_f2("SSL closed abnormally: ", tls_error_str(err)); } } } finish: while (waitpid(child, &childstatus, 0) != child) {}; log_d1("finished"); die(WEXITSTATUS(childstatus)); } /* clang-format on */ tlswrapper-20250201/makefilegen.sh000066400000000000000000000075531474542230700167770ustar00rootroot00000000000000#!/bin/sh ( ( echo "CC?=cc" echo "EMPTYDIR?=/var/lib/tlswrapper/empty" echo "CFLAGS+=-W -Wall -Os -fPIC -fwrapv -pedantic -DEMPTYDIR=\\\"\$(EMPTYDIR)\\\"" echo "LDFLAGS+=-lbearssl" echo "CPPFLAGS?=" echo echo "DESTDIR?=" echo "PREFIX?=/usr/local" echo echo "INSTALL?=install" echo # binaries i=0 for file in `ls -1 *.c | grep -v '^has'`; do if grep '^int main(' "${file}" >/dev/null; then x=`echo "${file}" | sed 's/\.c$//'` if [ $i -eq 0 ]; then echo "BINARIES=${x}" else echo "BINARIES+=${x}" fi i=`expr $i + 1` fi done echo echo "all: \$(BINARIES) tlswrapper-tcp tlswrapper-smtp" echo for file in `ls -1 has*.c`; do hfile=`echo ${file} | sed 's/\.c/.h/'` touch "${hfile}" done for file in `ls -1 *.c | grep -v '^has'`; do ( gcc -MM "${file}" echo " \$(CC) \$(CFLAGS) \$(CPPFLAGS) -c ${file}" echo ) done rm has*.h i=0 for file in `ls *.c`; do if ! grep '^int main(' "${file}" >/dev/null; then x=`echo "${file}" | sed 's/\.c$/.o/'` if [ $i -eq 0 ]; then echo "OBJECTS=${x}" else echo "OBJECTS+=${x}" fi i=`expr $i + 1` fi done echo for file in `ls *.c | grep -v '^has'`; do if grep '^int main(' "${file}" >/dev/null; then x=`echo "${file}" | sed 's/\.c$//'` echo "${x}: ${x}.o \$(OBJECTS) libs" echo " \$(CC) \$(CFLAGS) \$(CPPFLAGS) -o ${x} ${x}.o \$(OBJECTS) \$(LDFLAGS) \`cat libs\`" echo fi done echo for cfile in `ls -1 has*.c`; do hfile=`echo ${cfile} | sed 's/\.c/.h/'` touch "${hfile}" echo "${hfile}: tryfeature.sh ${cfile} libs" echo " env CC=\"\$(CC)\" CFLAGS=\"\$(CFLAGS)\" LDFLAGS=\"\$(LDFLAGS) \`cat libs\`\" ./tryfeature.sh ${cfile} > ${hfile}" echo " cat ${hfile}" echo done echo "libs: trylibs.sh" echo " env CC=\"\$(CC)\" ./trylibs.sh -lsocket -lnsl -lrandombytes -l25519 >libs 2>libs.log" echo " cat libs" echo echo "tlswrapper-tcp: tlswrapper" echo " ln -s tlswrapper tlswrapper-tcp" echo echo "tlswrapper-smtp: tlswrapper" echo " ln -s tlswrapper tlswrapper-smtp" echo echo "install: \$(BINARIES) tlswrapper-tcp tlswrapper-smtp" echo " mkdir -p \$(DESTDIR)\$(PREFIX)/bin" echo " mkdir -p \$(DESTDIR)\$(PREFIX)/share/man/man1" echo " mkdir -p \$(DESTDIR)\$(EMPTYDIR)" echo " \$(INSTALL) -m 0755 tlswrapper \$(DESTDIR)\$(PREFIX)/bin/tlswrapper" echo " \$(INSTALL) -m 0755 tlswrapper-tcp \$(DESTDIR)\$(PREFIX)/bin/tlswrapper-tcp" echo " \$(INSTALL) -m 0755 tlswrapper-smtp \$(DESTDIR)\$(PREFIX)/bin/tlswrapper-smtp" echo " \$(INSTALL) -m 0644 man/tlswrapper.1 \$(DESTDIR)\$(PREFIX)/share/man/man1/tlswrapper.1" echo " \$(INSTALL) -m 0644 man/tlswrapper-smtp.1 \$(DESTDIR)\$(PREFIX)/share/man/man1/tlswrapper-smtp.1" echo " \$(INSTALL) -m 0644 man/tlswrapper-tcp.1 \$(DESTDIR)\$(PREFIX)/share/man/man1/tlswrapper-tcp.1" echo echo "test: \$(BINARIES) tlswrapper-tcp tlswrapper-smtp" echo " sh runtest.sh test-cipher.sh test-cipher.out test-cipher.exp" echo " sh runtest.sh test-ephemeral.sh test-ephemeral.out test-ephemeral.exp" echo " sh runtest.sh test-options.sh test-options.out test-options.exp" echo " sh runtest.sh test-pp.sh test-pp.out test-pp.exp" echo " sh runtest.sh test-badcert.sh test-badcert.out test-badcert.exp" echo " sh runtest.sh test-badkey.sh test-badkey.out test-badkey.exp" echo " sh runtest.sh test-childexit.sh test-childexit.out test-childexit.exp" echo " sh runtest.sh test-okcert.sh test-okcert.out test-okcert.exp" echo echo "clean:" echo " rm -f *.log *.o *.out \$(BINARIES) libs tlswrapper-tcp tlswrapper-smtp has*.h" echo ) > Makefile ) tlswrapper-20250201/man/000077500000000000000000000000001474542230700147355ustar00rootroot00000000000000tlswrapper-20250201/man/tlswrapper-smtp.1000066400000000000000000000042761474542230700202140ustar00rootroot00000000000000.TH tlswrapper\-smtp 1 .SH NAME tlswrapper\-smtp \- TLS encryption wrapper \- smtp helper .SH SYNOPSIS .B tlswrapper\-smtp [ options ] \fIprog\fR .SH DESCRIPTION .PP The \fBtlswrapper\-smtp\fR adds STARTTLS support to old inetd-style SMTP servers which doesn't support STARTTLS naturally. Is executed as follows: .PP Internet <\-\-> systemd.socket/inetd/tcpserver/... <\-\-> \fBtlswrapper\fR <\-\-> \fBtlswrapper\-smtp\fR <\-\-> smtpprogram .PP .SH OPTIONS .TP .B \-q Quiet mode. No error messages. .TP .B \-v Enable verbose mode. Multiple \-v options increase the verbosity. The maximum is 3. .TP .B \-t \fIseconds\fR Set the SMTP session timeout to seconds \fIseconds\fR. (default 600). .TP .B \-T \fIseconds\fR Set the connect/read/write timeout to seconds \fIseconds\fR. (default 15). .TP .B \-u \fIuser\fR Run program \fIprog\fR under a specified \fIuser\fR's uid and gid .TP .B \-g \fIhost:port\fR Enable greylist support (postgrey protocol) and use server running on \fIhost:port\fR . .TP .B \-c Handle communication to greylist server in fail-closed mode. If a greylist lookup fails temporarily, \fBtlswrapper-smtp\fR exits with status 111. .TP .B \-C Handle communication to greylist server in fail-open mode. If a greylist lookup fails temporarily, assume that the address is not greylisted (default). .TP .B \-J \fIjaildir\fR Chroot into a specified \fIjaildir\fR (default: /var/lib/tlswraper/empty). .TP .B \-j \fIjailuser\fR Run under a specified \fIjailuser\fR's uid and gid. If unset run under random uid and gid. .TP .I prog program .SH SECURITY .B JAIL \- Privilege separation, filesystem isolation, limits .PP The \fBtlswrapper\-smtp\fR similarly to \fBtlswrapper\fR processes runs under dedicated non\-zero uid to prohibit kill, ptrace, etc. Is chrooted into an empty, unwritable directory to prohibit filesystem access. Sets ulimits to prohibit new files, sockets, etc. Sets ulimits to prohibit forks. .PP .SH EXAMPLES .PP run QMAIL qmail-smtpd on port 25 with STARTTLS enabled (without patching QMAIL): .RS 4 .nf exec softlimit -m 64000000 -f 100000000 \\ tcpserver \-HRDl0 0 25 \\ tlswrapper \-v \-n \-f /etc/ssl/cert.pem \\ tlswrapper-smtp \-v \-u qmaild \\ qmail-smtpd .fi .RE .PP .SH SEE ALSO .BR tlswrapper (1) tlswrapper-20250201/man/tlswrapper-tcp.1000066400000000000000000000055651474542230700200210ustar00rootroot00000000000000.TH tlswrapper\-tcp 1 .SH NAME tlswrapper\-tcp \- TLS encryption wrapper \- tcp client .SH SYNOPSIS .B tlswrapper\-tcp [ options ] \fIhost\fR \fIport\fR .SH DESCRIPTION .PP The \fBtlswrapper\-tcp\fR is TCP client which connects to \fIhost\fR:\fIport\fR and transfers data from standard input to the host and from the host to the standard output. it's designed to work to together with \fBtlswrapper\fR and is from the \fBtlswrapper\fR executed. Allows you to protect non\-TLS TCP service using TLS similarly to stunnel(8). Systemd.socket/inetd/tcpserver/... creates the server connection, tlswraper encrypts/decrypts data stream and \fBtlswrapper\-tcp\fR creates the client connection and sends/receives unencrypted data to/from the \fIhost\fR:\fIport\fR as follows: .PP Internet <\-\-> systemd.socket/inetd/tcpserver/... <\-\-> \fBtlswrapper\fR <\-\-> \fBtlswrapper\-tcp\fR <\-> \fIhost\fR:\fIport\fR .PP .SH OPTIONS .TP .B \-q Quiet mode. No error messages. .TP .B \-v Enable verbose mode. Multiple \-v options increase the verbosity. The maximum is 3. .TP .B \-t \fIseconds\fR Set the network timeout to seconds \fIseconds\fR. (default 3600). .TP .B \-T \fIseconds\fR Set the connect timeout to seconds \fIseconds\fR. (default 10). .TP .B \-p \fIversion\fR Enable incoming proxy\-protocol version \fIversion\fR string. .TP .B \-P \fIversion\fR Enable outgoing proxy\-protocol version \fIversion\fR string. .TP .B \-J \fIjaildir\fR Chroot network\-process into a specified \fIjaildir\fR (default: /var/lib/tlswraper/empty). .TP .B \-j \fIjailuser\fR Run network\-process and dnsresolver\-process under a specified \fIjailuser\fR's uid and gid. If unset run network\-process and dnsresolver\-process under random uid and gid. .TP .I host host or IP .TP .I port TCP port .SH SECURITY .B Separate process for network connection and separate process for DNS resolving .PP To protect against secret\-information leaks to the network connection (such Heartbleed) \fBtlswrapper\-tcp\fR runs two independent processes. One process resolves the hostname and second creates a connection to \fIhost\fR:\fIport\fR. .PP .B JAIL \- Privilege separation, filesystem isolation, limits .PP The \fBtlswrapper\-tcp\fR similarly to \fBtlswrapper\fR processes runs under dedicated non\-zero uid to prohibit kill, ptrace, etc. Is chrooted into an empty, unwritable directory to prohibit filesystem access. Sets ulimits to prohibit new files, sockets, etc. Sets ulimits to prohibit forks. .PP .SH EXAMPLES .PP Run tlswrapper using tcpserver/busybox/inetd on port 443 and connect to non\-TLS service ip 127.0.0.1 and port 80 .RS 4 .nf tcpserver \-HRDl0 0 443 tlswrapper [ options ] tlswrapper\-tcp 127.0.0.1 80 busybox tcpsvd 0 443 tlswrapper [ options ] tlswrapper\-tcp 127.0.0.1 80 inetd.conf line: https stream tcp nowait root /usr/bin/tlswrapper tlswrapper [ options ] /usr/bin/tlswrapper\-tcp 127.0.0.1 80 .fi .RE .PP .SH SEE ALSO .BR tlswrapper (1) tlswrapper-20250201/man/tlswrapper.1000066400000000000000000000265031474542230700172300ustar00rootroot00000000000000'\" t .TH tlswrapper 1 .SH NAME tlswrapper \- TLS encryption wrapper .SH SYNOPSIS .B tlswrapper [ options ] \fIprog\fR .SH DESCRIPTION .PP The \fBtlswrapper\fR is an TLS encryption wrapper between remote client and local program \fIprog\fR. Systemd.socket/inetd/tcpserver/... creates the server connection, \fBtlswrapper\fR encrypts/decrypts data stream and reads/writes data from/to the program \fIprog\fR as follows: .PP Internet <\-\-> systemd.socket/inetd/tcpserver/... <\-\-> \fBtlswrapper\fR <\-\-> \fIprog\fR .PP .SH OPTIONS .TP .B \-q Quiet mode. No error messages. .TP .B \-Q Normal mode (default). The \fBtlswrapper\fR prints only fatal messages, which means system errors (e.g. memory allocation problems), configuration errors (e.g. syntax errors) and problems with PEM certificates (missing files, etc... ). In this mode the \fBtlswrapper\fR doesn't print any information about TLS connections. .TP .B \-v Verbose mode. The \fBtlswrapper\fR prints also information/warnings/errors about TLS connection, but after TLS handshake is successfully done. In this mode TLS errors before the complete TLS handshake are suppressed. .TP .B \-vv Debug mode. The \fBtlswrapper\fR prints also debug information about TLS connection, including all TLS connection warnings/errors. .TP .B \-vvv Tracing mode. The \fBtlswrapper\fR prints also tracing messages, useful for bug hunting. .TP .B \-f \fIcertfile\fR Add a file containing key+certificate(s) in PEM format. .TP .B \-d \fIcertdir\fR Add a directory containing multiple key+certificate(s) files in PEM format. The file in the directory is selected by hostname extracted from SNI extension. Warning: For security reasons \fBtlswrapper\fR does not allow dots immediately after slashes in certdir name. It changes these dots to colons before attempting to open the PEM file. .TP .B \-a \fIanchorfile\fR Enable client certificate authentication. Use CA trust anchor \fIanchorfile\fR. Only one \-a option supported. .TP .B \-c \fIcipher\fR Add symmetric encryption \fIcipher\fR. See ALGORITHMS. (default: \-c CHACHA20_POLY1305_SHA256 \-c AES_256_GCM_SHA384 \-c AES_128_GCM_SHA256). The cipher preference depends on the \-c option order. .TP .B \-e \fIephemeral\fR Add ephemeral algorithm \fIephemeral\fR. See ALGORITHMS. (default: \-e x25519 \-e secp256r1). The algorithm preference currently \fBdoesn't\fR depend on the \-e option order. Right now we use a fixed preference order x25519, secp256r1, secp384r1, secp521r1. .TP .B \-m The minimal TLS version. See ALGORITHMS. (default: tls12). .TP .B \-M The maximal TLS version. See ALGORITHMS. (default: tls12). .TP .B \-t \fIseconds\fR Set the network timeout to seconds \fIseconds\fR. (default 60). .TP .B \-T \fIseconds\fR Set the TLS handshake timeout to seconds \fIseconds\fR. (default 30). .TP .B \-u \fIuser\fR Run program \fIprog\fR under a specified \fIuser\fR's uid and gid .TP .B \-U \fIASN.1 object\fR Extract the user from \fIASN.1 object\fR from the client certificate and run program \fIprog\fR under user's uid and gid. Supported \fIASN.1 object\fR objects are 'commonName' and 'emailAddress'. .TP .B \-p \fIversion\fR Enable incoming proxy\-protocol version \fIversion\fR string. The \fBtlswrapper\fR receives the .TP .B \-s Enforce TLS server preferences. (default). .TP .B \-S Don't enforce TLS server preferences. .TP .B \-J \fIjaildir\fR Chroot network\-process and key\-process into a specified \fIjaildir\fR (default: /var/lib/tlswraper/empty). .TP .B \-j \fIjailuser\fR Run network\-process and key\-process under a specified \fIjailuser\fR's uid and gid. If unset run network\-process and key\-process under random uid and gid. .TP .B \-n Enable delayed encryption. It's experimental feature! This is useful for protocols which uses STARTTLS. \fBtlswrapper\fR creates to the child control pipe on filedescriptor 5 for writing. The child process starts communication in plaintext a encryption starts in the moment when child use the control pipe instead of startdard output, writes the initialization string (e.g. for SMTP protocol '220 ready to start TLS\\r\\n') and closes the control pipe. See e.g. tlswrapper\-smtp(1). .TP .B \-N Disable delayed encryption (default). .TP .I prog program .SH SECURITY .B Separate process for every connection .PP The \fBtlswrapper\fR is executed from systemd.socket/inetd/tcpserver/... which runs separate instance of \fBtlswrapper\fR for each TLS connection. It ensures that a vulnerability in the code (e.g. bug in the TLS library) can't be used to compromise the memory of another connection. .PP .B Separate process for network connection and separate process for secret\-key operation .PP To protect against secret\-information leaks to the network connection (such Heartbleed) \fBtlswrapper\fR runs two independent processes for every TLS connection. One process holds secret\-keys and runs secret\-keys operations and second talks to the network. Processes communicate with each other through UNIX pipes. .PP .B JAIL \- Privilege separation, filesystem isolation, limits .PP The \fBtlswrapper\fR processes run under dedicated non\-zero uid to prohibit kill, ptrace, etc. Is chrooted into an empty, unwritable directory to prohibit filesystem access. Sets ulimits to prohibit new files, sockets, etc. Sets ulimits to prohibit forks. .PP .B PEM files .PP The \fBtlswrapper\fR uses for simplicity both secret\-key and certificates in one PEM file. When the server starts, runs two independent UNIX processes, one for network communication, second for secret\-key operations. The network\-process is immediately jailed and starts TLS handshake. Secret\-key\-process starts under root privileges, waits when network\-process receives SNI extension from client\-hello packet. Then the network\-process assemble the PEM filename and sends the name to the secret\-key\-process. Secret\-key\-process loads the PEM file and immediately is jailed and drops it's privileges. Since here both processes runs jailed (see JAIL above). Note that PEM files are loaded under root privileges, but parsed in jailed unpriviledged process. It ensures that a vulnerability in the parsing code can't be used to gain root privileges/information. Warning: For security reasons \fBtlswrapper\fR does not allow dots immediately after slashes in file names. It changes these dots to colons before attempting to open the PEM file. .PP .B TLS library .PP The \fBtlswrapper\fR uses BearSSL. BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in C. It aims at offering the following features: \- Be correct and secure. In particular, insecure protocol versions and choices of algorithms are not supported, by design; cryptographic algorithm implementations are constant\-time by default. \- Be small, both in RAM and code footprint. For instance, a minimal server implementation may fit in about 20 kilobytes of compiled code and 25 kilobytes of RAM. \- Be highly portable. BearSSL targets not only big operating systems like Linux and Windows, but also small embedded systems and even special contexts like bootstrap code. \- Be feature\-rich and extensible. SSL/TLS has many defined cipher suites and extensions; BearSSL should implement most of them, and allow extra algorithm implementations to be added afterwards, possibly from third parties. .PP .SH ALGORITHMS .TS allbox; c s s l l l. TLS version (\-m option \-M option) tls10 TLS 1.0 optional tls11 TLS 1.1 optional tls12 TLS 1.2 default tls13 TLS 1.3 TODO .TE .TS allbox; c s s l l l. ciphers (\-c option) CHACHA20_POLY1305_SHA256 ChaCha20+Poly1305 encryption (TLS 1.2+) default AES_256_GCM_SHA384 AES\-256/GCM encryption (TLS 1.2+) default AES_128_GCM_SHA256 AES\-128/GCM encryption (TLS 1.2+) default AES_256_CBC_SHA384 AES\-256/CBC + SHA\-384 (TLS 1.2+) optional AES_128_CBC_SHA256 AES\-128/CBC + SHA\-384 (TLS 1.2+) optional AES_256_CBC_SHA AES\-256/CBC + SHA\-1 optional AES_128_CBC_SHA AES\-128/CBC + SHA\-1 optional .TE .TS allbox; c s s l l l. ephemeral (\-e option) x25519 ECDHE using X25519 default secp256r1 ECDHE using NIST P\-256 default secp384r1 ECDHE using NIST P\-384 optional secp521r1 ECDHE using NIST P\-521 optional .TE .SH EXAMPLES .PP Run tlswrapper using tcpserver/busybox/inetd on port 443. .RS 4 .nf tcpserver \-HRDl0 0 443 tlswrapper [ options ] prog busybox tcpsvd 0 443 tlswrapper [ options ] prog inetd.conf line: https stream tcp nowait root /usr/bin/tlswrapper tlswrapper [ options ] prog .fi .RE .PP Simple usage, use one '/etc/.../rsa.pem' certificate: .RS 4 .nf ... tlswrapper \-f '/etc/.../rsa.pem' ... .fi .RE .PP Use '/etc/.../ecdsa.pem' certificate and fall\-back to '/etc/.../rsa.pem' certificate, if the client doesn't support previous one. .RS 4 .nf ... tlswrapper \-f '/etc/.../ecdsa.pem' \-f '/etc/.../rsa.pem' ... .fi .RE .PP Use certificate '/etc/.../rsa.d/{hostname}' where {hostname} is extracted from the SNI extension: .RS 4 .nf ... tlswrapper \-d '/etc/.../rsa.d/' ... .fi .RE .PP Use certificate '/etc/.../ecdsa.d/{hostname}' where {hostname} is extracted from the SNI extension, and fall\-back to '/etc/.../rsa.d/{hostname}', if the client doesn't support previous one. .RS 4 .nf ... tlswrapper \-d '/etc/.../ecdsa.d/' \-d '/etc/.../rsa.d/' ... .fi .RE .PP Use certificate '/etc/.../ecdsa.d/{hostname}' where {hostname} is extracted from the SNI extension, and fall\-back to '/etc/.../rsa.pem', if the client doesn't support previous one. .RS 4 .nf ... tlswrapper \-d '/etc/.../ecdsa.d/' \-f '/etc/.../rsa.pem' ... .fi .RE .PP Enable TLS 1.0 \- TLS 1.2 and all supported algorithms: .RS 4 .nf ... tlswrapper \-m tls10 \\ \-M tls12 \\ \-c CHACHA20_POLY1305_SHA256 \\ \-c AES_256_GCM_SHA384 \\ \-c AES_128_GCM_SHA256 \\ \-c AES_256_CBC_SHA384 \\ \-c AES_128_CBC_SHA256 \\ \-c AES_256_CBC_SHA \\ \-c AES_128_CBC_SHA \\ \-e x25519 \\ \-e secp256r1 \\ \-e secp384r1 \\ \-e secp521r1 \\ ... .fi .RE .PP Enable TLS 1.0 \- TLS 1.2 and all supported algorithms, but different order (prefer AES128): .RS 4 .nf ... tlswrapper \-m tls10 \\ \-M tls12 \\ \-c CHACHA20_POLY1305_SHA256 \\ \-c AES_128_GCM_SHA256 \\ \-c AES_128_CBC_SHA256 \\ \-c AES_128_CBC_SHA \\ \-c AES_256_GCM_SHA384 \\ \-c AES_256_CBC_SHA384 \\ \-c AES_256_CBC_SHA \\ \-e x25519 \\ \-e secp256r1 \\ \-e secp384r1 \\ \-e secp521r1 \\ ... .fi .RE .PP Enable only 256\-bit symmetric ciphers: .RS 4 .nf ... tlswrapper \-c CHACHA20_POLY1305_SHA256 \\ \-c AES_256_GCM_SHA384 \\ \-c AES_256_CBC_SHA384 \\ \-c AES_256_CBC_SHA \\ ... .fi .RE .PP Enable client certificate authentication: .RS 4 .nf ... tlswrapper \-a anchorCA.pem \-f rsa.pem ... .fi .RE .PP Enable client certificate authentication, and run program under user extracted from client cert. from commonName: .RS 4 .nf ... tlswrapper \-a anchorCA.pem \-U commonName \-f rsa.pem ... .fi .RE .PP Enable client certificate authentication, and run program under user extracted from client cert. from emailAddress: .RS 4 .nf ... tlswrapper \-a anchorCA.pem \-U emailAddress \-f rsa.pem ... .fi .RE .SH SEE ALSO .BR tlswrapper\-tcp (1), .BR tlswrapper\-smtp (1), .BR systemd.socket (5), .BR inetd (8), .BR tcpserver (1) tlswrapper-20250201/milliseconds.c000066400000000000000000000003331474542230700170120ustar00rootroot00000000000000#include #include #include "milliseconds.h" long long milliseconds(void) { struct timeval t; gettimeofday(&t, (struct timezone *) 0); return t.tv_sec * 1000LL + t.tv_usec / 1000LL; } tlswrapper-20250201/milliseconds.h000066400000000000000000000001461474542230700170210ustar00rootroot00000000000000#ifndef _MILLISECONDS_H____ #define _MILLISECONDS_H____ extern long long milliseconds(void); #endif tlswrapper-20250201/open.h000066400000000000000000000003621474542230700152750ustar00rootroot00000000000000#ifndef OPEN_H #define OPEN_H extern int open_read(const char *); extern int open_write(const char *); extern int open_lock(const char *); extern int open_cwd(void); extern int open_pipe(int *); extern int open_trunc(const char *); #endif tlswrapper-20250201/open_pipe.c000066400000000000000000000005251474542230700163060ustar00rootroot00000000000000/* taken from public-domain nacl-20110221, from curvecp/open_pipe.c */ #include #include #include "open.h" #include "blocking.h" int open_pipe(int *fd) { int i; if (pipe(fd) == -1) return -1; for (i = 0; i < 2; ++i) { fcntl(fd[i], F_SETFD, 1); blocking_disable(fd[i]); } return 0; } tlswrapper-20250201/open_read.c000066400000000000000000000006331474542230700162640ustar00rootroot00000000000000/* taken from public-domain nacl-20110221, from curvecp/open_read.c */ #include #include #include #include #include "open.h" int open_read(const char *fn) { #ifdef O_CLOEXEC return open(fn, O_RDONLY | O_NONBLOCK | O_CLOEXEC); #else int fd = open(fn, O_RDONLY | O_NONBLOCK); if (fd == -1) return -1; fcntl(fd, F_SETFD, 1); return fd; #endif } tlswrapper-20250201/pipe.c000066400000000000000000000043511474542230700152660ustar00rootroot00000000000000#include #include #include "e.h" #include "readall.h" #include "writeall.h" #include "alloc.h" #include "pipe.h" static void uint64_pack(unsigned char *y, long long xll) { long long i; unsigned long long x = (unsigned long long) xll; for (i = 0; i < 8; ++i) { y[i] = x; x >>= 8; } } static long long uint64_unpack(const unsigned char *x) { unsigned long long y = 0; long long i; for (i = 7; i >= 0; --i) y = (y << 8) | x[i]; return (long long) y; } int pipe_write(int fd, const void *xv, long long xlen) { unsigned char num[8]; if (xlen < 0) { errno = EINVAL; goto cleanup; } uint64_pack(num, xlen); if (writeall(fd, num, sizeof num) == -1) goto cleanup; if (writeall(fd, xv, xlen) == -1) goto cleanup; return 0; cleanup: return -1; } int pipe_writeerrno(int fd) { unsigned char num[8]; uint64_pack(num, -errno); if (writeall(fd, num, sizeof num) == -1) goto fail; return 0; fail: return -1; } int pipe_readall(int fd, void *out, size_t outlen) { unsigned char num[8]; size_t len; if (!out || outlen > 1048576) { errno = EINVAL; goto cleanup; } if (readall(fd, num, sizeof num) == -1) goto cleanup; len = uint64_unpack(num); if (len != outlen) goto cleanup; return readall(fd, out, len); cleanup: return -1; } int pipe_readmax(int fd, void *out, size_t *outlen) { unsigned char num[8]; size_t len; if (!out || *outlen > 1048576) { errno = EINVAL; goto cleanup; } if (readall(fd, num, sizeof num) == -1) goto cleanup; len = uint64_unpack(num); if (len > *outlen) goto cleanup; if (readall(fd, out, len) == -1) goto cleanup; *outlen = len; return 0; cleanup: return -1; } void *pipe_readalloc(int fd, size_t *outlen) { unsigned char num[8]; long long len; void *out; if (readall(fd, num, sizeof num) == -1) goto cleanup; len = uint64_unpack(num); if (len < 0) { errno = -len; goto cleanup; } errno = 0; out = alloc(len); if (!out) goto cleanup; *outlen = len; if (readall(fd, out, *outlen) == -1) goto cleanup; return out; cleanup: return 0; } tlswrapper-20250201/pipe.h000066400000000000000000000004221474542230700152660ustar00rootroot00000000000000#ifndef _PIPE_H____ #define _PIPE_H____ extern int pipe_write(int, const void *, long long); extern int pipe_writeerrno(int); extern int pipe_readall(int, void *, size_t); extern int pipe_readmax(int, void *, size_t *); extern void *pipe_readalloc(int, size_t *); #endif tlswrapper-20250201/porttostr.c000066400000000000000000000015201474542230700164040ustar00rootroot00000000000000/* 20130604 Jan Mojzis Public domain. */ #include #include "porttostr.h" /* The 'porttostr(strbuf,port)' converts 'port' from network byte order into the 0-terminated string. The 'port' length is always 2 bytes. The caller must allocate at least PORTTOSTR_LEN bytes for 'strbuf'. */ char *porttostr(char *strbuf, const unsigned char *port) { long long len = 0; uint16_t num; static char staticbuf[PORTTOSTR_LEN]; if (!strbuf) strbuf = staticbuf; /* not thread-safe */ num = port[0]; num <<= 8; num |= port[1]; do { num /= 10; ++len; } while (num); strbuf += len; num = port[0]; num <<= 8; num |= port[1]; do { *--strbuf = '0' + (num % 10); num /= 10; } while (num); while (len < PORTTOSTR_LEN) strbuf[len++] = 0; return strbuf; } tlswrapper-20250201/porttostr.h000066400000000000000000000002131474542230700164070ustar00rootroot00000000000000#ifndef _PORTTOSTR_H____ #define _PORTTOSTR_H____ #define PORTTOSTR_LEN 6 extern char *porttostr(char *, const unsigned char *); #endif tlswrapper-20250201/proxyprotocol.c000066400000000000000000000107461474542230700173010ustar00rootroot00000000000000/* 20211119 Jan Mojzis Public domain. */ #include #include #include "e.h" #include "log.h" #include "str.h" #include "buffer.h" #include "stralloc.h" #include "jail.h" #include "iptostr.h" #include "strtoip.h" #include "strtoport.h" #include "porttostr.h" #include "proxyprotocol.h" int proxyprotocol_v1_get(int fd, unsigned char *localipx, unsigned char *localportx, unsigned char *remoteipx, unsigned char *remoteportx) { buffer sin = buffer_INIT(buffer_read, fd, /*no buffer*/ 0, /*no buffer*/ 0); int ret = 0; long long pos; char bufspace[PROXYPROTOCOL_MAX]; char buforig[PROXYPROTOCOL_MAX]; char *buf = bufspace; int (*strtoipop)(unsigned char *, const char *); unsigned char localip[16] = {0}; unsigned char localport[2] = {0}; unsigned char remoteip[16] = {0}; unsigned char remoteport[2] = {0}; log_t1("proxyprotocol_v1_get()"); /* read proxy string byte-by-byte */ for (pos = 0; pos < PROXYPROTOCOL_MAX - 1; ++pos) { if (buffer_GETC(&sin, &buf[pos]) != 1) { log_e1("unable to read proxy-protocol string"); goto cleanup; } if (buf[pos] == '\n') break; } if (buf[pos] != '\n') { errno = EPROTO; log_e1("unable to read proxy-protocol string, no CRLF"); goto cleanup; } /*if (pos > 0 && buf[pos - 1] == '\r') --pos; */ buf[pos + 1] = 0; memcpy(buforig, bufspace, PROXYPROTOCOL_MAX); /* header */ if (str_start(buf, "PROXY UNKNOWN")) { ret = 1; goto cleanup; } else if (str_start(buf, "PROXY TCP4 ")) { strtoipop = strtoip4; } else if (str_start(buf, "PROXY TCP6 ")) { strtoipop = strtoip6; } else { log_e3("unable to parse proxy-protocol string '", buforig, "'"); goto cleanup; } buf += 11; /* remote ip */ pos = str_chr(buf, ' '); buf[pos] = 0; if (!strtoipop(remoteip, buf)) { log_e3("unable to parse remoteip from proxy-protocol string '", buforig, "'"); goto cleanup; } buf += pos + 1; /* localip ip */ pos = str_chr(buf, ' '); buf[pos] = 0; if (!strtoipop(localip, buf)) { log_e3("unable to parse localip from proxy-protocol string '", buforig, "'"); goto cleanup; } buf += pos + 1; /* remote port */ pos = str_chr(buf, ' '); buf[pos] = 0; if (!strtoport(remoteport, buf)) { log_e3("unable to parse remoteport from proxy-protocol string '", buforig, "'"); goto cleanup; } buf += pos + 1; /* localport */ buf[str_chr(buf, '\n')] = 0; buf[str_chr(buf, '\r')] = 0; if (!strtoport(localport, buf)) { log_e3("unable to parse localport from proxy-protocol string '", buforig, "'"); goto cleanup; } ret = 1; cleanup: if (ret) { memcpy(localipx, localip, 16); memcpy(remoteipx, remoteip, 16); memcpy(localportx, localport, 2); memcpy(remoteportx, remoteport, 2); } log_t2("proxyprotocol_v1_get() = ", lognum(ret)); return ret; } long long proxyprotocol_v1(char *buf, long long buflen, unsigned char *localip, unsigned char *localport, unsigned char *remoteip, unsigned char *remoteport) { stralloc sa = {0}; long long ret = 0; if (!memcmp(localip, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 16) && !memcmp(remoteip, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 16) && !memcmp(localport, "\0\0", 2) && !memcmp(remoteport, "\0\0", 2)) { goto cleanup; } if (!memcmp("\0\0\0\0\0\0\0\0\0\0\377\377", remoteip, 12)) { if (!stralloc_copys(&sa, "PROXY TCP4 ")) goto cleanup; } else { if (!stralloc_copys(&sa, "PROXY TCP6 ")) goto cleanup; } if (!stralloc_cats(&sa, iptostr(0, remoteip))) goto cleanup; if (!stralloc_cats(&sa, " ")) goto cleanup; if (!stralloc_cats(&sa, iptostr(0, localip))) goto cleanup; if (!stralloc_cats(&sa, " ")) goto cleanup; if (!stralloc_cats(&sa, porttostr(0, remoteport))) goto cleanup; if (!stralloc_cats(&sa, " ")) goto cleanup; if (!stralloc_cats(&sa, porttostr(0, localport))) goto cleanup; if (!stralloc_cats(&sa, "\r\n")) goto cleanup; if (!stralloc_0(&sa)) goto cleanup; --sa.len; if (buf && buflen >= sa.len) { memcpy(buf, sa.s, sa.len); ret = sa.len; } cleanup: stralloc_free(&sa); return ret; } tlswrapper-20250201/proxyprotocol.h000066400000000000000000000020701474542230700172750ustar00rootroot00000000000000#ifndef _PROXYPROTOCOL_H____ #define _PROXYPROTOCOL_H____ /* clang-format off */ /* protocol v1 IPv4/IPv6 - max 120 PROXY UNKNOWN ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255 ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255 65535 65535\r\n protocol v2 IPv4/IPv6 - max 36 protocol v2 UNIX - max 216 we (we don't support proxy-protocol for UNIX sockets) */ /* clang-format on */ #define PROXYPROTOCOL_MAX 128 extern int proxyprotocol_v1_parse(char *, unsigned char *, unsigned char *, unsigned char *, unsigned char *); extern int proxyprotocol_v1_get(int, unsigned char *, unsigned char *, unsigned char *, unsigned char *); extern long long proxyprotocol_v1(char *, long long, unsigned char *, unsigned char *, unsigned char *, unsigned char *); extern long long proxyprotocol_v2(char *, long long, unsigned char *, unsigned char *, unsigned char *, unsigned char *); #endif tlswrapper-20250201/randombytes.c000066400000000000000000000020461474542230700166570ustar00rootroot00000000000000#include "randombytes.h" #include "haslibrandombytes.h" #ifndef HASLIBRANDOMBYTES #include #include #include #include static int fd = -1; __attribute__((constructor)) static void init(void) { if (fd == -1) { for (;;) { #ifdef O_CLOEXEC fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC); #else fd = open("/dev/urandom", O_RDONLY); fcntl(fd, F_SETFD, 1); #endif if (fd != -1) break; sleep(1); } } } void randombytes(void *xv, long long xlen) { long long i; unsigned char *x = xv; if (fd == -1) init(); while (xlen > 0) { if (xlen < 1048576) i = xlen; else i = 1048576; i = read(fd, x, i); if (i < 1) { sleep(1); continue; } x += i; xlen -= i; } #ifdef __GNUC__ __asm__ __volatile__("" : : "r"(xv) : "memory"); #endif } const char *randombytes_source(void) { return "kernel-devurandom"; } #endif tlswrapper-20250201/randombytes.h000066400000000000000000000005531474542230700166650ustar00rootroot00000000000000#ifndef RANDOMBYTES_H____ #define RANDOMBYTES_H____ #include "haslibrandombytes.h" #ifdef HASLIBRANDOMBYTES #include #else #define randombytes randombytes_internal_void_voidstar_longlong #define randombytes_source randombytes_internal_source extern void randombytes(void *, long long); extern const char *randombytes_source(void); #endif #endif tlswrapper-20250201/randommod.c000066400000000000000000000007041474542230700163070ustar00rootroot00000000000000/* taken from public-domain nacl-20110221, from curvecp/randommod.c */ #include "randombytes.h" #include "randommod.h" /* XXX: current implementation is limited to n<2^55 */ long long randommod(long long n) { long long result = 0; long long j; unsigned char r[32]; if (n <= 1) return 0; randombytes(r, 32); for (j = 0; j < 32; ++j) { result = (result * 256 + (unsigned long long) r[j]) % n; } return result; } tlswrapper-20250201/randommod.h000066400000000000000000000001421474542230700163100ustar00rootroot00000000000000#ifndef _RANDOMMOD_H____ #define _RANDOMMOD_H____ extern long long randommod(long long); #endif tlswrapper-20250201/readall.c000066400000000000000000000010541474542230700157320ustar00rootroot00000000000000#include #include "e.h" #include "readall.h" int readall(int fd, void *xv, long long xlen) { long long r; unsigned char *x = (unsigned char *) xv; while (xlen > 0) { r = xlen; if (r > 1048576) r = 1048576; r = read(fd, x, r); if (r == 0) errno = EPIPE; if (r <= 0) { if (errno == EINTR) continue; if (errno == EAGAIN) continue; if (errno == EWOULDBLOCK) continue; return -1; } x += r; xlen -= r; } return 0; } tlswrapper-20250201/readall.h000066400000000000000000000001431474542230700157350ustar00rootroot00000000000000#ifndef _READALL_H____ #define _READALL_H____ extern int readall(int, void *, long long); #endif tlswrapper-20250201/resolvehost.c000066400000000000000000000131431474542230700167050ustar00rootroot00000000000000/* 20171021 Jan Mojzis Public domain. */ #include #include #include #include #include #include #include #include #include #include "e.h" #include "blocking.h" #include "log.h" #include "jail.h" #include "randommod.h" #include "resolvehost.h" static void swap(unsigned char *x, unsigned char *y) { unsigned char t[16]; memcpy(t, x, 16); memcpy(x, y, 16); memcpy(y, t, 16); } static void sortip(unsigned char *s, long long nn) { long long i; long long n = nn; if (nn < 0) return; n >>= 4; while (n > 1) { i = randommod(n); --n; swap(s + 16 * i, s + 16 * n); } for (i = 0; i + 16 <= nn; i += 16) { if (memcmp(s + i, "\0\0\0\0\0\0\0\0\0\0\377\377", 12)) { swap(s + i, s); break; } } } long long resolvehost(unsigned char *ip, long long iplen, const char *host) { int err; struct addrinfo *res, *res0 = 0, hints; long long len = 0; log_t3("resolvehost(host = ", host, ")"); if (!ip || iplen < 16 || !host) { errno = EINVAL; return -1; } memset(&hints, 0, sizeof hints); hints.ai_family = PF_UNSPEC; hints.ai_socktype = SOCK_STREAM; hints.ai_flags = AI_CANONNAME; err = getaddrinfo(host, 0, &hints, &res0); if (err) { len = -1; log_t6("getaddrinfo(host = ", host, ") = ", gai_strerror(err), ", errno = ", e_str(errno)); /* XXX, getaddrinfo error handling is funny */ if (err == EAI_NONAME && errno == EMFILE) err = EAI_SYSTEM; if (err != EAI_SYSTEM) errno = 0; if (err == EAI_NONAME) len = 0; #ifdef EAI_NODATA if (err == EAI_NODATA) len = 0; #endif goto done; } for (res = res0; res; res = res->ai_next) { if (res->ai_addrlen == sizeof(struct sockaddr_in)) { if (len + 16 <= iplen) { memcpy(ip + len, "\0\0\0\0\0\0\0\0\0\0\377\377", 12); memcpy(ip + len + 12, &((struct sockaddr_in *) res->ai_addr)->sin_addr, 4); len += 16; } } if (res->ai_addrlen == sizeof(struct sockaddr_in6)) { if (len + 16 <= iplen) { memcpy(ip + len, &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr, 16); len += 16; } } } if (len > 0) { long long i; sortip(ip, len); for (i = 0; i < iplen - len; ++i) ip[len + i] = ip[i]; } done: log_t4("resolvehost(host = ", host, ") = ", lognum(len)); if (res0) freeaddrinfo(res0); return len; } static pid_t resolvehost_pid = -1; static int resolvehost_fd = -1; int resolvehost_init(void) { int sockets[2] = {-1, -1}; if (socketpair(AF_UNIX, SOCK_DGRAM, 0, sockets) == -1) goto cleanup; resolvehost_pid = fork(); if (resolvehost_pid == -1) goto cleanup; if (resolvehost_pid == 0) { unsigned char buf[257]; unsigned char ip[128 + 1]; long long r, iplen = 0; struct pollfd p[1]; pid_t ppid = getppid(); close(sockets[1]); blocking_disable(sockets[0]); if (jail(0, 0, 0) == -1) _exit(111); while (ppid == getppid()) { p[0].fd = sockets[0]; p[0].events = POLLIN; jail_poll(p, 1, 1000); if (p[0].revents) { r = recv(sockets[0], buf, sizeof buf, 0); if (r == sizeof buf) break; if (r == -1) { if (errno == EINTR) continue; if (errno == EAGAIN) continue; if (errno == EWOULDBLOCK) continue; } if (r == -1) _exit(111); if (r == 0) break; buf[255] = 0; iplen = resolvehost(ip + 1, sizeof ip - 1, (char *) buf); ip[0] = iplen; if (iplen == -1) iplen = 0; iplen += 1; r = send(sockets[0], ip, iplen, 0); if (r == -1) _exit(111); } } _exit(0); } close(sockets[0]); resolvehost_fd = sockets[1]; return 1; cleanup: if (sockets[0] != -1) close(sockets[0]); if (sockets[1] != -1) close(sockets[1]); return 0; } long long resolvehost_do(unsigned char *ip, long long iplen, const char *host) { char buf[256] = {0}; long long i, len, r; if (!ip || iplen < 16 || !host) { errno = EINVAL; return -1; } for (i = 0; host[i]; ++i) {}; if (i > 255) { errno = EINVAL; return -1; } for (i = 0; host[i]; ++i) buf[i] = host[i]; r = send(resolvehost_fd, buf, sizeof buf, 0); if (r != sizeof buf) return -1; r = recv(resolvehost_fd, buf, sizeof buf, 0); if (r <= 0) return -1; if (r == 1) return buf[0]; len = r - 1; if (iplen < len) len = iplen; for (i = 0; i < len; ++i) ip[i] = (unsigned char) buf[i + 1]; return len; } void resolvehost_close(void) { if (resolvehost_fd != -1) { unsigned char buf[257] = {0}; /* we don't have permission to kill the child process, so sending bulfen > 256 signals the end of the child process */ (void) send(resolvehost_fd, buf, sizeof buf, 0); close(resolvehost_fd); resolvehost_fd = -1; } if (resolvehost_pid != -1) { int status; long long r; do { r = waitpid(resolvehost_pid, &status, 0); } while (r == -1 && errno == EINTR); resolvehost_pid = -1; } } tlswrapper-20250201/resolvehost.h000066400000000000000000000004331474542230700167100ustar00rootroot00000000000000#ifndef _RESOLVEHOST_H____ #define _RESOLVEHOST_H____ extern long long resolvehost(unsigned char *, long long, const char *); extern int resolvehost_init(void); extern long long resolvehost_do(unsigned char *, long long, const char *); extern void resolvehost_close(void); #endif tlswrapper-20250201/runtest.sh000066400000000000000000000006171474542230700162260ustar00rootroot00000000000000#!/bin/sh LANG=C export LANG [ x"$1" = x ] && exit 100 script="$1" [ x"$2" = x ] && exit 100 outfile="$2" [ x"$3" = x ] && exit 100 expfile="$3" # run test sh "${script}" > "${outfile}" # compare if cmp "${expfile}" "${outfile}"; then exit 0 fi # try to print diff if [ x"`which diff`" != x ]; then diff -u "${expfile}" "${outfile}" exit 1 fi # print output file cat "${outfile}" exit 1 tlswrapper-20250201/socket.c000066400000000000000000000023311474542230700156150ustar00rootroot00000000000000#include #include #include #include #include #include #include #include "blocking.h" #include "socket.h" int socket_tcp(void) { int s; int opt = 0; s = socket(AF_INET6, SOCK_STREAM, 0); if (s == -1) return -1; if (fcntl(s, F_SETFD, 1) == -1) { close(s); return -1; } #ifdef IPPROTO_IPV6 #ifdef IPV6_V6ONLY if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &opt, sizeof opt) == -1) { close(s); return -1; } #endif #endif blocking_disable(s); return s; } int socket_connect(int s, const unsigned char *ip, const unsigned char *port, long long id) { struct sockaddr_in6 sa; memset(&sa, 0, sizeof sa); sa.sin6_family = AF_INET6; memcpy(&sa.sin6_addr, ip, 16); memcpy(&sa.sin6_port, port, 2); sa.sin6_scope_id = id; return connect(s, (struct sockaddr *) &sa, sizeof sa); } int socket_connected(int s) { struct sockaddr sa; socklen_t dummy; char ch; dummy = sizeof sa; if (getpeername(s, &sa, &dummy) == -1) { if (read(s, &ch, 1) == -1) { /* sets errno */ }; return 0; } return 1; } tlswrapper-20250201/socket.h000066400000000000000000000003501474542230700156210ustar00rootroot00000000000000#ifndef _SOCKET_H____ #define _SOCKET_H____ extern int socket_tcp(void); extern int socket_connect(int, const unsigned char *, const unsigned char *, long long); extern int socket_connected(int); #endif tlswrapper-20250201/str.c000066400000000000000000000046311474542230700151420ustar00rootroot00000000000000/* version 20220222 */ #include "str.h" /* The 'str_len(s)' function calculates the length of the string 's'. */ long long str_len(const char *s) { long long i; for (i = 0; s[i]; ++i) ; return i; } /* The 'str_start(s,t)' function returns 1 if 't' is a prefix of 's', 0 otherwise. */ int str_start(const char *s, const char *t) { long long i; for (i = 0; s[i]; ++i) { if (s[i] != t[i]) break; } return (t[i] == 0); } /* The 'str_chr(s,c)' function returns a position to the first occurrence of the character 'c' in the string 's'. Or a position to the '\0' termination character if the character 'c' is not found. */ long long str_chr(const char *s, int c) { long long i; char ch = c; for (i = 0; s[i]; ++i) { if (s[i] == ch) break; } return i; } /* The 'str_rchr(s,c)' function returns a position to the last occurrence of the character 'c' in the string 's'. Or a position to the '\0' termination character if the character 'c' is not found. */ long long str_rchr(const char *s, int c) { long long i, u = -1; char ch = c; for (i = 0; s[i]; ++i) { if (s[i] == ch) u = i; } if (u != -1) return u; return i; } /* The 'str_diff(s,t)' function returns an integer greater than, equal to, or less than 0, according as the string 's' is greater than, equal to, or less than the string 't'. */ int str_diff(const char *s, const char *t) { long long i; for (i = 0; s[i]; ++i) { if (s[i] != t[i]) break; } return ((int) (unsigned int) (unsigned char) s[i]) - ((int) (unsigned int) (unsigned char) t[i]); } /* The 'str_diffn(s,t,len)' function returns an integer greater than, equal to, or less than 0, according as the string 's' is greater than, equal to, or less than the string 't'. But compares not more than 'len' characters. */ int str_diffn(const char *s, const char *t, long long len) { long long i; for (i = 0; s[i]; ++i) { if (i >= len) return 0; if (s[i] != t[i]) break; } return ((int) (unsigned int) (unsigned char) s[i]) - ((int) (unsigned int) (unsigned char) t[i]); } /* The 'str_copy(s,t) function copies the string 't' to 's' including the terminating ‘\0’ character and returns the length of the string. */ long long str_copy(char *s, const char *t) { long long i; for (i = 0; t[i]; ++i) s[i] = t[i]; s[i] = 0; return i; } tlswrapper-20250201/str.h000066400000000000000000000006611474542230700151460ustar00rootroot00000000000000#ifndef _STR_H____ #define _STR_H____ extern long long str_len(const char *); extern int str_start(const char *, const char *); extern long long str_chr(const char *, int); extern long long str_rchr(const char *, int); extern int str_diff(const char *, const char *); extern int str_diffn(const char *, const char *, long long); extern long long str_copy(char *, const char *); #define str_equal(s, t) (!str_diff((s), (t))) #endif tlswrapper-20250201/stralloc.c000066400000000000000000000062341474542230700161560ustar00rootroot00000000000000/* version 20220222 */ #include #include "alloc.h" #include "stralloc.h" int stralloc_readyplus(stralloc *r, long long len) { char *newdata; long long i; if (!r || len < 0) { errno = EINVAL; return 0; } if (len == 0) return 1; if (r->len + len + 1 > r->alloc) { while (r->len + len + 1 > r->alloc) r->alloc = 2 * r->alloc + 32; newdata = alloc(r->alloc); if (!newdata) return 0; if (r->s) { for (i = 0; i < r->len; ++i) newdata[i] = r->s[i]; alloc_free(r->s); } r->s = newdata; } return 1; } int stralloc_catb(stralloc *r, const void *xv, long long xlen) { const char *x = xv; long long i; if (!r || !xv || xlen < 0) { errno = EINVAL; return 0; } if (xlen == 0) return 1; if (!stralloc_readyplus(r, xlen)) return 0; for (i = 0; i < xlen; ++i) r->s[r->len + i] = x[i]; r->len += xlen; return 1; } int stralloc_cats(stralloc *r, const void *xv) { const char *x = xv; long long xlen; if (!r || !xv) { errno = EINVAL; return 0; } for (xlen = 0; x[xlen]; ++xlen) ; return stralloc_catb(r, x, xlen); } int stralloc_cat(stralloc *x, stralloc *y) { if (!y) { errno = EINVAL; return 0; } return stralloc_catb(x, y->s, y->len); } int stralloc_copyb(stralloc *r, const void *xv, long long xlen) { if (!r) { errno = EINVAL; return 0; } r->len = 0; return stralloc_catb(r, xv, xlen); } int stralloc_copys(stralloc *r, const void *xv) { if (!r) { errno = EINVAL; return 0; } r->len = 0; return stralloc_cats(r, xv); } int stralloc_copy(stralloc *x, stralloc *y) { if (!x || !y) { errno = EINVAL; return 0; } x->len = 0; return stralloc_cat(x, y); } int stralloc_append(stralloc *r, const void *xv) { return stralloc_catb(r, xv, 1); } int stralloc_0(stralloc *r) { return stralloc_append(r, ""); } static int stralloc_catunum0(stralloc *sa, unsigned long long u, long long n) { long long len; unsigned long long q; char *s; if (!sa) { errno = EINVAL; return 0; } len = 1; q = u; while (q > 9) { ++len; q /= 10; } if (len < n) len = n; if (!stralloc_readyplus(sa, len)) return 0; s = sa->s + sa->len; sa->len += len; while (len) { s[--len] = '0' + (u % 10); u /= 10; } return 1; } int stralloc_catnum0(stralloc *sa, long long l, long long n) { if (!sa) { errno = EINVAL; return 0; } if (l < 0) { if (!stralloc_append(sa, "-")) return 0; l = -l; } return stralloc_catunum0(sa, l, n); } int stralloc_catnum(stralloc *r, long long num) { return stralloc_catnum0(r, num, 0); } int stralloc_copynum(stralloc *r, long long num) { if (!r) { errno = EINVAL; return 0; } r->len = 0; return stralloc_catnum(r, num); } void stralloc_free(stralloc *r) { if (!r) return; if (r->s) alloc_free(r->s); r->s = 0; r->len = 0; r->alloc = 0; } tlswrapper-20250201/stralloc.h000066400000000000000000000014741474542230700161640ustar00rootroot00000000000000#ifndef _STRALLOC_H____ #define _STRALLOC_H____ typedef struct stralloc { char *s; long long len; long long alloc; } stralloc; extern int stralloc_readyplus(stralloc *, long long); extern int stralloc_catb(stralloc *, const void *, long long); extern int stralloc_cats(stralloc *, const void *); extern int stralloc_cat(stralloc *, stralloc *); extern int stralloc_copyb(stralloc *, const void *, long long); extern int stralloc_copys(stralloc *, const void *); extern int stralloc_copy(stralloc *, stralloc *); extern int stralloc_append(stralloc *, const void *); extern int stralloc_0(stralloc *); extern void stralloc_free(stralloc *); extern int stralloc_catnum(stralloc *, long long); extern int stralloc_copynum(stralloc *, long long); extern int stralloc_catnum0(stralloc *, long long, long long); #endif tlswrapper-20250201/strtoip.c000066400000000000000000000010601474542230700160270ustar00rootroot00000000000000#include #include #include #include "strtoip.h" int strtoip4(unsigned char *ip, const char *x) { if (!x) return 0; if (inet_pton(AF_INET, x, ip + 12) != 1) return 0; memcpy(ip, "\0\0\0\0\0\0\0\0\0\0\377\377", 12); return 1; } int strtoip6(unsigned char *ip, const char *x) { if (!x) return 0; if (inet_pton(AF_INET6, x, ip) != 1) return 0; return 1; } int strtoip(unsigned char *ip, const char *x) { if (strtoip4(ip, x)) return 1; if (strtoip6(ip, x)) return 1; return 0; } tlswrapper-20250201/strtoip.h000066400000000000000000000003221474542230700160340ustar00rootroot00000000000000#ifndef _STRTOIP_H____ #define _STRTOIP_H____ extern int strtoip4(unsigned char *, const char *); extern int strtoip6(unsigned char *, const char *); extern int strtoip(unsigned char *, const char *); #endif tlswrapper-20250201/strtonum.c000066400000000000000000000017751474542230700162330ustar00rootroot00000000000000/* 20220222 Jan Mojzis Public domain. */ #include #include "strtonum.h" int strtonum(long long *r, const char *buf) { char *bufpos = (char *) buf; int flagsign = 0; long long i; unsigned long long c, ret = 0; if (!buf) goto failed; switch (buf[0]) { case 0: goto failed; break; case '+': ++bufpos; break; case '-': flagsign = 1; ++bufpos; break; default: break; } for (i = 0; bufpos[i]; ++i) { c = bufpos[i] - '0'; if (c > 9) break; c += 10 * (ret); if (ret > c) goto failed; /* overflow */ ret = c; } if (i == 0) goto failed; /* "+..." or "-..." */ if (flagsign) { *r = -ret; if (*r > 0) goto failed; /* overflow */ } else { *r = ret; if (*r < 0) goto failed; /* overflow */ } return 1; failed: *r = 0; errno = EINVAL; return 0; } tlswrapper-20250201/strtonum.h000066400000000000000000000001511474542230700162230ustar00rootroot00000000000000#ifndef _STRTONUM_H____ #define _STRTONUM_H____ extern int strtonum(long long *, const char *); #endif tlswrapper-20250201/strtoport.c000066400000000000000000000005371474542230700164130ustar00rootroot00000000000000#include "strtoport.h" int strtoport(unsigned char *y, const char *x) { long long j, d = 0; if (!x) return 0; for (j = 0; j < 5 && x[j] >= '0' && x[j] <= '9'; ++j) { d = d * 10 + (x[j] - '0'); } if (j == 0) return 0; if (x[j]) return 0; if (d > 65535) return 0; y[0] = d >> 8; y[1] = d; return 1; } tlswrapper-20250201/strtoport.h000066400000000000000000000001601474542230700164100ustar00rootroot00000000000000#ifndef _STRTOPORT_H____ #define _STRTOPORT_H____ extern int strtoport(unsigned char *, const char *); #endif tlswrapper-20250201/test-badcert.exp000066400000000000000000001015171474542230700172660ustar00rootroot00000000000000badcert-ec-prime256v1-ec-prime256v1-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-prime256v1-ec-prime256v1-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-prime256v1-ec-prime256v1-extrabegin.pem' 0 badcert-ec-prime256v1-ec-prime256v1-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-ec-prime256v1-ec-prime256v1-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-prime256v1-ec-prime256v1-keyonly.pem' 0 badcert-ec-prime256v1-ec-prime256v1-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-prime256v1-ec-prime256v1-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-prime256v1-ec-prime256v1-malformed.pem' 0 badcert-ec-prime256v1-ec-secp224r1-unsupported.pem tlswrapper: error: 0.0.0.0: unable to decode public-key, err=Certificate contains unsupported features that cannot be ignored. tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-prime256v1-ec-secp224r1-unsupported.pem' 0 badcert-ec-prime256v1-ec-secp384r1-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-prime256v1-ec-secp384r1-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-prime256v1-ec-secp384r1-extrabegin.pem' 0 badcert-ec-prime256v1-ec-secp384r1-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-ec-prime256v1-ec-secp384r1-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-prime256v1-ec-secp384r1-keyonly.pem' 0 badcert-ec-prime256v1-ec-secp384r1-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-prime256v1-ec-secp384r1-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-prime256v1-ec-secp384r1-malformed.pem' 0 badcert-ec-prime256v1-ec-secp521r1-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-prime256v1-ec-secp521r1-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-prime256v1-ec-secp521r1-extrabegin.pem' 0 badcert-ec-prime256v1-ec-secp521r1-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-ec-prime256v1-ec-secp521r1-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-prime256v1-ec-secp521r1-keyonly.pem' 0 badcert-ec-prime256v1-ec-secp521r1-malformed.pem tlswrapper: error: 0.0.0.0: unable to decode public-key, err=Invalid date/time representation. tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-prime256v1-ec-secp521r1-malformed.pem' 0 badcert-ec-prime256v1-rsa-2048-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-prime256v1-rsa-2048-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-prime256v1-rsa-2048-extrabegin.pem' 0 badcert-ec-prime256v1-rsa-2048-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-ec-prime256v1-rsa-2048-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-prime256v1-rsa-2048-keyonly.pem' 0 badcert-ec-prime256v1-rsa-2048-malformed.pem tlswrapper: error: 0.0.0.0: unable to decode public-key, err=Invalid date/time representation. tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-prime256v1-rsa-2048-malformed.pem' 0 badcert-ec-prime256v1-rsa-3072-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-prime256v1-rsa-3072-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-prime256v1-rsa-3072-extrabegin.pem' 0 badcert-ec-prime256v1-rsa-3072-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-ec-prime256v1-rsa-3072-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-prime256v1-rsa-3072-keyonly.pem' 0 badcert-ec-prime256v1-rsa-3072-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-prime256v1-rsa-3072-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-prime256v1-rsa-3072-malformed.pem' 0 badcert-ec-prime256v1-rsa-4096-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-prime256v1-rsa-4096-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-prime256v1-rsa-4096-extrabegin.pem' 0 badcert-ec-prime256v1-rsa-4096-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-ec-prime256v1-rsa-4096-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-prime256v1-rsa-4096-keyonly.pem' 0 badcert-ec-prime256v1-rsa-4096-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-prime256v1-rsa-4096-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-prime256v1-rsa-4096-malformed.pem' 0 badcert-ec-secp384r1-ec-prime256v1-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-secp384r1-ec-prime256v1-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp384r1-ec-prime256v1-extrabegin.pem' 0 badcert-ec-secp384r1-ec-prime256v1-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-ec-secp384r1-ec-prime256v1-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp384r1-ec-prime256v1-keyonly.pem' 0 badcert-ec-secp384r1-ec-prime256v1-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-secp384r1-ec-prime256v1-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp384r1-ec-prime256v1-malformed.pem' 0 badcert-ec-secp384r1-ec-secp224r1-unsupported.pem tlswrapper: error: 0.0.0.0: unable to decode public-key, err=Certificate contains unsupported features that cannot be ignored. tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp384r1-ec-secp224r1-unsupported.pem' 0 badcert-ec-secp384r1-ec-secp384r1-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-secp384r1-ec-secp384r1-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp384r1-ec-secp384r1-extrabegin.pem' 0 badcert-ec-secp384r1-ec-secp384r1-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-ec-secp384r1-ec-secp384r1-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp384r1-ec-secp384r1-keyonly.pem' 0 badcert-ec-secp384r1-ec-secp384r1-malformed.pem tlswrapper: error: 0.0.0.0: unable to decode public-key, err=Decoding error: extraneous element. tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp384r1-ec-secp384r1-malformed.pem' 0 badcert-ec-secp384r1-ec-secp521r1-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-secp384r1-ec-secp521r1-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp384r1-ec-secp521r1-extrabegin.pem' 0 badcert-ec-secp384r1-ec-secp521r1-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-ec-secp384r1-ec-secp521r1-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp384r1-ec-secp521r1-keyonly.pem' 0 badcert-ec-secp384r1-ec-secp521r1-malformed.pem tlswrapper: error: 0.0.0.0: unable to decode public-key, err=Decoding error: extraneous element. tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp384r1-ec-secp521r1-malformed.pem' 0 badcert-ec-secp384r1-rsa-2048-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-secp384r1-rsa-2048-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp384r1-rsa-2048-extrabegin.pem' 0 badcert-ec-secp384r1-rsa-2048-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-ec-secp384r1-rsa-2048-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp384r1-rsa-2048-keyonly.pem' 0 badcert-ec-secp384r1-rsa-2048-malformed.pem tlswrapper: error: 0.0.0.0: unable to decode public-key, err=Decoding error: extraneous element. tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp384r1-rsa-2048-malformed.pem' 0 badcert-ec-secp384r1-rsa-3072-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-secp384r1-rsa-3072-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp384r1-rsa-3072-extrabegin.pem' 0 badcert-ec-secp384r1-rsa-3072-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-ec-secp384r1-rsa-3072-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp384r1-rsa-3072-keyonly.pem' 0 badcert-ec-secp384r1-rsa-3072-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-secp384r1-rsa-3072-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp384r1-rsa-3072-malformed.pem' 0 badcert-ec-secp384r1-rsa-4096-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-secp384r1-rsa-4096-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp384r1-rsa-4096-extrabegin.pem' 0 badcert-ec-secp384r1-rsa-4096-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-ec-secp384r1-rsa-4096-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp384r1-rsa-4096-keyonly.pem' 0 badcert-ec-secp384r1-rsa-4096-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-secp384r1-rsa-4096-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp384r1-rsa-4096-malformed.pem' 0 badcert-ec-secp521r1-ec-prime256v1-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-secp521r1-ec-prime256v1-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp521r1-ec-prime256v1-extrabegin.pem' 0 badcert-ec-secp521r1-ec-prime256v1-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-ec-secp521r1-ec-prime256v1-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp521r1-ec-prime256v1-keyonly.pem' 0 badcert-ec-secp521r1-ec-prime256v1-malformed.pem tlswrapper: error: 0.0.0.0: unable to decode public-key, err=Decoding error: inner element extends beyond outer element size. tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp521r1-ec-prime256v1-malformed.pem' 0 badcert-ec-secp521r1-ec-secp224r1-unsupported.pem tlswrapper: error: 0.0.0.0: unable to decode public-key, err=Certificate contains unsupported features that cannot be ignored. tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp521r1-ec-secp224r1-unsupported.pem' 0 badcert-ec-secp521r1-ec-secp384r1-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-secp521r1-ec-secp384r1-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp521r1-ec-secp384r1-extrabegin.pem' 0 badcert-ec-secp521r1-ec-secp384r1-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-ec-secp521r1-ec-secp384r1-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp521r1-ec-secp384r1-keyonly.pem' 0 badcert-ec-secp521r1-ec-secp384r1-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-secp521r1-ec-secp384r1-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp521r1-ec-secp384r1-malformed.pem' 0 badcert-ec-secp521r1-ec-secp521r1-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-secp521r1-ec-secp521r1-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp521r1-ec-secp521r1-extrabegin.pem' 0 badcert-ec-secp521r1-ec-secp521r1-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-ec-secp521r1-ec-secp521r1-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp521r1-ec-secp521r1-keyonly.pem' 0 badcert-ec-secp521r1-ec-secp521r1-malformed.pem tlswrapper: error: 0.0.0.0: unable to decode public-key, err=Decoding error: inner element extends beyond outer element size. tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp521r1-ec-secp521r1-malformed.pem' 0 badcert-ec-secp521r1-rsa-2048-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-secp521r1-rsa-2048-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp521r1-rsa-2048-extrabegin.pem' 0 badcert-ec-secp521r1-rsa-2048-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-ec-secp521r1-rsa-2048-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp521r1-rsa-2048-keyonly.pem' 0 badcert-ec-secp521r1-rsa-2048-malformed.pem tlswrapper: error: 0.0.0.0: unable to decode public-key, err=Decoding error: extraneous element. tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp521r1-rsa-2048-malformed.pem' 0 badcert-ec-secp521r1-rsa-3072-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-secp521r1-rsa-3072-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp521r1-rsa-3072-extrabegin.pem' 0 badcert-ec-secp521r1-rsa-3072-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-ec-secp521r1-rsa-3072-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp521r1-rsa-3072-keyonly.pem' 0 badcert-ec-secp521r1-rsa-3072-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-secp521r1-rsa-3072-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp521r1-rsa-3072-malformed.pem' 0 badcert-ec-secp521r1-rsa-4096-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-secp521r1-rsa-4096-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp521r1-rsa-4096-extrabegin.pem' 0 badcert-ec-secp521r1-rsa-4096-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-ec-secp521r1-rsa-4096-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp521r1-rsa-4096-keyonly.pem' 0 badcert-ec-secp521r1-rsa-4096-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-ec-secp521r1-rsa-4096-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-ec-secp521r1-rsa-4096-malformed.pem' 0 badcert-rsa-2048-ec-prime256v1-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-2048-ec-prime256v1-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-2048-ec-prime256v1-extrabegin.pem' 0 badcert-rsa-2048-ec-prime256v1-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-rsa-2048-ec-prime256v1-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-2048-ec-prime256v1-keyonly.pem' 0 badcert-rsa-2048-ec-prime256v1-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-2048-ec-prime256v1-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-2048-ec-prime256v1-malformed.pem' 0 badcert-rsa-2048-ec-secp224r1-unsupported.pem tlswrapper: error: 0.0.0.0: unable to decode public-key, err=Certificate contains unsupported features that cannot be ignored. tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-2048-ec-secp224r1-unsupported.pem' 0 badcert-rsa-2048-ec-secp384r1-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-2048-ec-secp384r1-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-2048-ec-secp384r1-extrabegin.pem' 0 badcert-rsa-2048-ec-secp384r1-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-rsa-2048-ec-secp384r1-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-2048-ec-secp384r1-keyonly.pem' 0 badcert-rsa-2048-ec-secp384r1-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-2048-ec-secp384r1-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-2048-ec-secp384r1-malformed.pem' 0 badcert-rsa-2048-ec-secp521r1-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-2048-ec-secp521r1-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-2048-ec-secp521r1-extrabegin.pem' 0 badcert-rsa-2048-ec-secp521r1-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-rsa-2048-ec-secp521r1-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-2048-ec-secp521r1-keyonly.pem' 0 badcert-rsa-2048-ec-secp521r1-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-2048-ec-secp521r1-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-2048-ec-secp521r1-malformed.pem' 0 badcert-rsa-2048-rsa-2048-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-2048-rsa-2048-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-2048-rsa-2048-extrabegin.pem' 0 badcert-rsa-2048-rsa-2048-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-rsa-2048-rsa-2048-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-2048-rsa-2048-keyonly.pem' 0 badcert-rsa-2048-rsa-2048-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-2048-rsa-2048-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-2048-rsa-2048-malformed.pem' 0 badcert-rsa-2048-rsa-3072-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-2048-rsa-3072-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-2048-rsa-3072-extrabegin.pem' 0 badcert-rsa-2048-rsa-3072-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-rsa-2048-rsa-3072-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-2048-rsa-3072-keyonly.pem' 0 badcert-rsa-2048-rsa-3072-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-2048-rsa-3072-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-2048-rsa-3072-malformed.pem' 0 badcert-rsa-2048-rsa-4096-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-2048-rsa-4096-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-2048-rsa-4096-extrabegin.pem' 0 badcert-rsa-2048-rsa-4096-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-rsa-2048-rsa-4096-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-2048-rsa-4096-keyonly.pem' 0 badcert-rsa-2048-rsa-4096-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-2048-rsa-4096-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-2048-rsa-4096-malformed.pem' 0 badcert-rsa-3072-ec-prime256v1-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-3072-ec-prime256v1-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-3072-ec-prime256v1-extrabegin.pem' 0 badcert-rsa-3072-ec-prime256v1-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-rsa-3072-ec-prime256v1-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-3072-ec-prime256v1-keyonly.pem' 0 badcert-rsa-3072-ec-prime256v1-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-3072-ec-prime256v1-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-3072-ec-prime256v1-malformed.pem' 0 badcert-rsa-3072-ec-secp224r1-unsupported.pem tlswrapper: error: 0.0.0.0: unable to decode public-key, err=Certificate contains unsupported features that cannot be ignored. tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-3072-ec-secp224r1-unsupported.pem' 0 badcert-rsa-3072-ec-secp384r1-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-3072-ec-secp384r1-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-3072-ec-secp384r1-extrabegin.pem' 0 badcert-rsa-3072-ec-secp384r1-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-rsa-3072-ec-secp384r1-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-3072-ec-secp384r1-keyonly.pem' 0 badcert-rsa-3072-ec-secp384r1-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-3072-ec-secp384r1-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-3072-ec-secp384r1-malformed.pem' 0 badcert-rsa-3072-ec-secp521r1-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-3072-ec-secp521r1-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-3072-ec-secp521r1-extrabegin.pem' 0 badcert-rsa-3072-ec-secp521r1-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-rsa-3072-ec-secp521r1-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-3072-ec-secp521r1-keyonly.pem' 0 badcert-rsa-3072-ec-secp521r1-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-3072-ec-secp521r1-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-3072-ec-secp521r1-malformed.pem' 0 badcert-rsa-3072-rsa-2048-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-3072-rsa-2048-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-3072-rsa-2048-extrabegin.pem' 0 badcert-rsa-3072-rsa-2048-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-rsa-3072-rsa-2048-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-3072-rsa-2048-keyonly.pem' 0 badcert-rsa-3072-rsa-2048-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-3072-rsa-2048-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-3072-rsa-2048-malformed.pem' 0 badcert-rsa-3072-rsa-3072-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-3072-rsa-3072-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-3072-rsa-3072-extrabegin.pem' 0 badcert-rsa-3072-rsa-3072-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-rsa-3072-rsa-3072-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-3072-rsa-3072-keyonly.pem' 0 badcert-rsa-3072-rsa-3072-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-3072-rsa-3072-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-3072-rsa-3072-malformed.pem' 0 badcert-rsa-3072-rsa-4096-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-3072-rsa-4096-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-3072-rsa-4096-extrabegin.pem' 0 badcert-rsa-3072-rsa-4096-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-rsa-3072-rsa-4096-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-3072-rsa-4096-keyonly.pem' 0 badcert-rsa-3072-rsa-4096-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-3072-rsa-4096-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-3072-rsa-4096-malformed.pem' 0 badcert-rsa-4096-ec-prime256v1-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-4096-ec-prime256v1-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-4096-ec-prime256v1-extrabegin.pem' 0 badcert-rsa-4096-ec-prime256v1-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-rsa-4096-ec-prime256v1-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-4096-ec-prime256v1-keyonly.pem' 0 badcert-rsa-4096-ec-prime256v1-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-4096-ec-prime256v1-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-4096-ec-prime256v1-malformed.pem' 0 badcert-rsa-4096-ec-secp224r1-unsupported.pem tlswrapper: error: 0.0.0.0: unable to decode public-key, err=Certificate contains unsupported features that cannot be ignored. tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-4096-ec-secp224r1-unsupported.pem' 0 badcert-rsa-4096-ec-secp384r1-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-4096-ec-secp384r1-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-4096-ec-secp384r1-extrabegin.pem' 0 badcert-rsa-4096-ec-secp384r1-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-rsa-4096-ec-secp384r1-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-4096-ec-secp384r1-keyonly.pem' 0 badcert-rsa-4096-ec-secp384r1-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-4096-ec-secp384r1-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-4096-ec-secp384r1-malformed.pem' 0 badcert-rsa-4096-ec-secp521r1-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-4096-ec-secp521r1-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-4096-ec-secp521r1-extrabegin.pem' 0 badcert-rsa-4096-ec-secp521r1-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-rsa-4096-ec-secp521r1-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-4096-ec-secp521r1-keyonly.pem' 0 badcert-rsa-4096-ec-secp521r1-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-4096-ec-secp521r1-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-4096-ec-secp521r1-malformed.pem' 0 badcert-rsa-4096-rsa-2048-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-4096-rsa-2048-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-4096-rsa-2048-extrabegin.pem' 0 badcert-rsa-4096-rsa-2048-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-rsa-4096-rsa-2048-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-4096-rsa-2048-keyonly.pem' 0 badcert-rsa-4096-rsa-2048-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-4096-rsa-2048-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-4096-rsa-2048-malformed.pem' 0 badcert-rsa-4096-rsa-3072-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-4096-rsa-3072-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-4096-rsa-3072-extrabegin.pem' 0 badcert-rsa-4096-rsa-3072-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-rsa-4096-rsa-3072-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-4096-rsa-3072-keyonly.pem' 0 badcert-rsa-4096-rsa-3072-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-4096-rsa-3072-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-4096-rsa-3072-malformed.pem' 0 badcert-rsa-4096-rsa-4096-extrabegin.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-4096-rsa-4096-extrabegin.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-4096-rsa-4096-extrabegin.pem' 0 badcert-rsa-4096-rsa-4096-keyonly.pem tlswrapper: error: 0.0.0.0: no PEM public-object in 'testcerts/badcert-rsa-4096-rsa-4096-keyonly.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-4096-rsa-4096-keyonly.pem' 0 badcert-rsa-4096-rsa-4096-malformed.pem tlswrapper: error: 0.0.0.0: malformed PEM public-object in 'testcerts/badcert-rsa-4096-rsa-4096-malformed.pem' tlswrapper: fatal: 0.0.0.0: unable to obtain certificate(s) from the PEM file 'testcerts/badcert-rsa-4096-rsa-4096-malformed.pem' 0 tlswrapper-20250201/test-badcert.sh000066400000000000000000000015031474542230700170760ustar00rootroot00000000000000#!/bin/sh TCPREMOTEIP=0.0.0.0; export TCPREMOTEIP TCPREMOTEPORT=0; export TCPREMOTEPORT TCPLOCALIP=0.0.0.0; export TCPLOCALIP TCPLOCALPORT=0; export TCPLOCALPORT cleanup() { ex=$? rm -rf tlswrappernojail testemptycert exit "${ex}" } trap "cleanup" EXIT TERM INT PATH="./:${PATH}" export PATH ln -s tlswrapper-test tlswrappernojail touch testemptycert ls testcerts | grep '^badcert-' |\ while read name; do echo $name tlswrapper-test -qr tlswrappernojail -vf "testcerts/${name}" true 2>&1 | sed 's/ (.*)/ /' echo $? done #echo 'tlswrapper rejects empty PEM cert.' #tlswrapper-test -qr tlswrappernojail -vf testemptycert true 2>&1 #echo $?; echo #echo 'tlswrapper rejects unsupported PEM cert.' #tlswrapper-test -qr tlswrappernojail -vf testcerts/server-ec-prime256v1-ec-secp224r1-unsupported true 2>&1 #echo $?; echo tlswrapper-20250201/test-badkey.exp000066400000000000000000000174101474542230700171170ustar00rootroot00000000000000tlswrapper: error: no PEM secret-object in 'testcerts/badkey-ec-prime256v1-ec-prime256v1-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-ec-prime256v1-ec-prime256v1-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-ec-prime256v1-ec-secp384r1-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-ec-prime256v1-ec-secp384r1-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-ec-prime256v1-ec-secp521r1-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-ec-prime256v1-ec-secp521r1-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-ec-prime256v1-rsa-2048-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-ec-prime256v1-rsa-2048-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-ec-prime256v1-rsa-3072-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-ec-prime256v1-rsa-3072-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-ec-prime256v1-rsa-4096-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-ec-prime256v1-rsa-4096-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-ec-secp384r1-ec-prime256v1-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-ec-secp384r1-ec-prime256v1-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-ec-secp384r1-ec-secp384r1-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-ec-secp384r1-ec-secp384r1-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-ec-secp384r1-ec-secp521r1-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-ec-secp384r1-ec-secp521r1-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-ec-secp384r1-rsa-2048-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-ec-secp384r1-rsa-2048-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-ec-secp384r1-rsa-3072-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-ec-secp384r1-rsa-3072-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-ec-secp384r1-rsa-4096-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-ec-secp384r1-rsa-4096-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-ec-secp521r1-ec-prime256v1-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-ec-secp521r1-ec-prime256v1-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-ec-secp521r1-ec-secp384r1-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-ec-secp521r1-ec-secp384r1-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-ec-secp521r1-ec-secp521r1-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-ec-secp521r1-ec-secp521r1-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-ec-secp521r1-rsa-2048-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-ec-secp521r1-rsa-2048-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-ec-secp521r1-rsa-3072-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-ec-secp521r1-rsa-3072-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-ec-secp521r1-rsa-4096-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-ec-secp521r1-rsa-4096-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-rsa-2048-ec-prime256v1-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-rsa-2048-ec-prime256v1-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-rsa-2048-ec-secp384r1-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-rsa-2048-ec-secp384r1-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-rsa-2048-ec-secp521r1-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-rsa-2048-ec-secp521r1-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-rsa-2048-rsa-2048-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-rsa-2048-rsa-2048-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-rsa-2048-rsa-3072-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-rsa-2048-rsa-3072-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-rsa-2048-rsa-4096-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-rsa-2048-rsa-4096-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-rsa-3072-ec-prime256v1-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-rsa-3072-ec-prime256v1-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-rsa-3072-ec-secp384r1-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-rsa-3072-ec-secp384r1-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-rsa-3072-ec-secp521r1-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-rsa-3072-ec-secp521r1-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-rsa-3072-rsa-2048-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-rsa-3072-rsa-2048-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-rsa-3072-rsa-3072-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-rsa-3072-rsa-3072-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-rsa-3072-rsa-4096-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-rsa-3072-rsa-4096-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-rsa-4096-ec-prime256v1-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-rsa-4096-ec-prime256v1-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-rsa-4096-ec-secp384r1-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-rsa-4096-ec-secp384r1-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-rsa-4096-ec-secp521r1-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-rsa-4096-ec-secp521r1-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-rsa-4096-rsa-2048-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-rsa-4096-rsa-2048-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-rsa-4096-rsa-3072-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-rsa-4096-rsa-3072-certonly.pem' 0 tlswrapper: error: no PEM secret-object in 'testcerts/badkey-rsa-4096-rsa-4096-certonly.pem' tlswrapper: fatal: unable to obtain secret-key from the PEM file 'testcerts/badkey-rsa-4096-rsa-4096-certonly.pem' 0 tlswrapper-20250201/test-badkey.sh000066400000000000000000000014651474542230700167400ustar00rootroot00000000000000#!/bin/sh TCPREMOTEIP=0.0.0.0; export TCPREMOTEIP TCPREMOTEPORT=0; export TCPREMOTEPORT TCPLOCALIP=0.0.0.0; export TCPLOCALIP TCPLOCALPORT=0; export TCPLOCALPORT cleanup() { ex=$? rm -rf tlswrappernojail testemptycert exit "${ex}" } trap "cleanup" EXIT TERM INT PATH="./:${PATH}" export PATH ln -s tlswrapper-test tlswrappernojail touch testemptycert ls testcerts | grep '^badkey-' |\ while read name; do tlswrapper-test -qr tlswrappernojail -vf "testcerts/${name}" true 2>&1 | sed 's/ (.*)/ /' echo $? done #echo 'tlswrapper rejects empty PEM cert.' #tlswrapper-test -qr tlswrappernojail -vf testemptycert true 2>&1 #echo $?; echo #echo 'tlswrapper rejects unsupported PEM cert.' #tlswrapper-test -qr tlswrappernojail -vf testcerts/server-ec-prime256v1-ec-secp224r1-unsupported true 2>&1 #echo $?; echo tlswrapper-20250201/test-childexit.exp000066400000000000000000000206131474542230700176340ustar00rootroot00000000000000child killed by SIGHUP tlswrapper: fatal: 1.2.3.4: child process killed by signal 1 111 child killed by SIGINT tlswrapper: fatal: 1.2.3.4: child process killed by signal 2 111 child killed by SIGKILL tlswrapper: fatal: 1.2.3.4: child process killed by signal 9 111 child killed by SIGTERM tlswrapper: fatal: 1.2.3.4: child process killed by signal 15 111 child exited with status 0 0 child exited with status 1 1 child exited with status 2 2 child exited with status 3 3 child exited with status 4 4 child exited with status 5 5 child exited with status 6 6 child exited with status 7 7 child exited with status 8 8 child exited with status 9 9 child exited with status 10 10 child exited with status 11 11 child exited with status 12 12 child exited with status 13 13 child exited with status 14 14 child exited with status 15 15 child exited with status 16 16 child exited with status 17 17 child exited with status 18 18 child exited with status 19 19 child exited with status 20 20 child exited with status 21 21 child exited with status 22 22 child exited with status 23 23 child exited with status 24 24 child exited with status 25 25 child exited with status 26 26 child exited with status 27 27 child exited with status 28 28 child exited with status 29 29 child exited with status 30 30 child exited with status 31 31 child exited with status 32 32 child exited with status 33 33 child exited with status 34 34 child exited with status 35 35 child exited with status 36 36 child exited with status 37 37 child exited with status 38 38 child exited with status 39 39 child exited with status 40 40 child exited with status 41 41 child exited with status 42 42 child exited with status 43 43 child exited with status 44 44 child exited with status 45 45 child exited with status 46 46 child exited with status 47 47 child exited with status 48 48 child exited with status 49 49 child exited with status 50 50 child exited with status 51 51 child exited with status 52 52 child exited with status 53 53 child exited with status 54 54 child exited with status 55 55 child exited with status 56 56 child exited with status 57 57 child exited with status 58 58 child exited with status 59 59 child exited with status 60 60 child exited with status 61 61 child exited with status 62 62 child exited with status 63 63 child exited with status 64 64 child exited with status 65 65 child exited with status 66 66 child exited with status 67 67 child exited with status 68 68 child exited with status 69 69 child exited with status 70 70 child exited with status 71 71 child exited with status 72 72 child exited with status 73 73 child exited with status 74 74 child exited with status 75 75 child exited with status 76 76 child exited with status 77 77 child exited with status 78 78 child exited with status 79 79 child exited with status 80 80 child exited with status 81 81 child exited with status 82 82 child exited with status 83 83 child exited with status 84 84 child exited with status 85 85 child exited with status 86 86 child exited with status 87 87 child exited with status 88 88 child exited with status 89 89 child exited with status 90 90 child exited with status 91 91 child exited with status 92 92 child exited with status 93 93 child exited with status 94 94 child exited with status 95 95 child exited with status 96 96 child exited with status 97 97 child exited with status 98 98 child exited with status 99 99 child exited with status 100 100 child exited with status 101 101 child exited with status 102 102 child exited with status 103 103 child exited with status 104 104 child exited with status 105 105 child exited with status 106 106 child exited with status 107 107 child exited with status 108 108 child exited with status 109 109 child exited with status 110 110 child exited with status 111 111 child exited with status 112 112 child exited with status 113 113 child exited with status 114 114 child exited with status 115 115 child exited with status 116 116 child exited with status 117 117 child exited with status 118 118 child exited with status 119 119 child exited with status 120 120 child exited with status 121 121 child exited with status 122 122 child exited with status 123 123 child exited with status 124 124 child exited with status 125 125 child exited with status 126 126 child exited with status 127 127 child exited with status 128 128 child exited with status 129 129 child exited with status 130 130 child exited with status 131 131 child exited with status 132 132 child exited with status 133 133 child exited with status 134 134 child exited with status 135 135 child exited with status 136 136 child exited with status 137 137 child exited with status 138 138 child exited with status 139 139 child exited with status 140 140 child exited with status 141 141 child exited with status 142 142 child exited with status 143 143 child exited with status 144 144 child exited with status 145 145 child exited with status 146 146 child exited with status 147 147 child exited with status 148 148 child exited with status 149 149 child exited with status 150 150 child exited with status 151 151 child exited with status 152 152 child exited with status 153 153 child exited with status 154 154 child exited with status 155 155 child exited with status 156 156 child exited with status 157 157 child exited with status 158 158 child exited with status 159 159 child exited with status 160 160 child exited with status 161 161 child exited with status 162 162 child exited with status 163 163 child exited with status 164 164 child exited with status 165 165 child exited with status 166 166 child exited with status 167 167 child exited with status 168 168 child exited with status 169 169 child exited with status 170 170 child exited with status 171 171 child exited with status 172 172 child exited with status 173 173 child exited with status 174 174 child exited with status 175 175 child exited with status 176 176 child exited with status 177 177 child exited with status 178 178 child exited with status 179 179 child exited with status 180 180 child exited with status 181 181 child exited with status 182 182 child exited with status 183 183 child exited with status 184 184 child exited with status 185 185 child exited with status 186 186 child exited with status 187 187 child exited with status 188 188 child exited with status 189 189 child exited with status 190 190 child exited with status 191 191 child exited with status 192 192 child exited with status 193 193 child exited with status 194 194 child exited with status 195 195 child exited with status 196 196 child exited with status 197 197 child exited with status 198 198 child exited with status 199 199 child exited with status 200 200 child exited with status 201 201 child exited with status 202 202 child exited with status 203 203 child exited with status 204 204 child exited with status 205 205 child exited with status 206 206 child exited with status 207 207 child exited with status 208 208 child exited with status 209 209 child exited with status 210 210 child exited with status 211 211 child exited with status 212 212 child exited with status 213 213 child exited with status 214 214 child exited with status 215 215 child exited with status 216 216 child exited with status 217 217 child exited with status 218 218 child exited with status 219 219 child exited with status 220 220 child exited with status 221 221 child exited with status 222 222 child exited with status 223 223 child exited with status 224 224 child exited with status 225 225 child exited with status 226 226 child exited with status 227 227 child exited with status 228 228 child exited with status 229 229 child exited with status 230 230 child exited with status 231 231 child exited with status 232 232 child exited with status 233 233 child exited with status 234 234 child exited with status 235 235 child exited with status 236 236 child exited with status 237 237 child exited with status 238 238 child exited with status 239 239 child exited with status 240 240 child exited with status 241 241 child exited with status 242 242 child exited with status 243 243 child exited with status 244 244 child exited with status 245 245 child exited with status 246 246 child exited with status 247 247 child exited with status 248 248 child exited with status 249 249 child exited with status 250 250 child exited with status 251 251 child exited with status 252 252 child exited with status 253 253 child exited with status 254 254 child exited with status 255 255 tlswrapper-20250201/test-childexit.sh000066400000000000000000000015341474542230700174530ustar00rootroot00000000000000#!/bin/sh cleanup() { ex=$? rm -rf tlswrappernojail data.in exit "${ex}" } trap "cleanup" EXIT TERM INT PATH="./:${PATH}" export PATH ln -s tlswrapper-test tlswrappernojail echo 'OK ' > data.in TCPREMOTEIP=1.2.3.4; export TCPREMOTEIP TCPREMOTEPORT=1234; export TCPREMOTEPORT TCPLOCALIP=1.2.3.4; export TCPLOCALIP TCPLOCALPORT=1234; export TCPLOCALPORT CMD="tlswrapper-test -q" CMD="${CMD} -d `cat testcerts/days`" CMD="${CMD} -a testcerts/ca-ec-prime256v1.pem" CMD="${CMD} -h okcert-ec-prime256v1-ec-prime256v1-ok.pem" CMD="${CMD} -w tlswrappernojail -Q -d testcerts" for i in 'HUP' 'INT' 'KILL' 'TERM'; do echo "child killed by SIG${i}" ( ${CMD} sh -c "kill -${i} \$\$" &1; echo $?; ) | sed 's/ (.*)/ /' done for i in `seq 0 255`; do echo "child exited with status ${i}" ( ${CMD} sh -c "exit $i" &1; echo $?; ) done tlswrapper-20250201/test-cipher.exp000066400000000000000000000025041474542230700171300ustar00rootroot00000000000000tests default ECDSA ciphers ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 OK 0 ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 OK 0 ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 OK 0 ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 111 ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 111 ECDHE_ECDSA_WITH_AES_128_CBC_SHA 111 ECDHE_ECDSA_WITH_AES_256_CBC_SHA 111 ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 111 tests default RSA ciphers ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 OK 0 ECDHE_RSA_WITH_AES_128_GCM_SHA256 OK 0 ECDHE_RSA_WITH_AES_256_GCM_SHA384 OK 0 ECDHE_RSA_WITH_AES_128_CBC_SHA256 111 ECDHE_RSA_WITH_AES_256_CBC_SHA384 111 ECDHE_RSA_WITH_AES_128_CBC_SHA 111 ECDHE_RSA_WITH_AES_256_CBC_SHA 111 ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 111 tests all ciphers ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 OK 0 ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 OK 0 ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 OK 0 ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 OK 0 ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 OK 0 ECDHE_ECDSA_WITH_AES_128_CBC_SHA OK 0 ECDHE_ECDSA_WITH_AES_256_CBC_SHA OK 0 ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 111 ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 OK 0 ECDHE_RSA_WITH_AES_128_GCM_SHA256 OK 0 ECDHE_RSA_WITH_AES_256_GCM_SHA384 OK 0 ECDHE_RSA_WITH_AES_128_CBC_SHA256 OK 0 ECDHE_RSA_WITH_AES_256_CBC_SHA384 OK 0 ECDHE_RSA_WITH_AES_128_CBC_SHA OK 0 ECDHE_RSA_WITH_AES_256_CBC_SHA OK 0 ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 111 tlswrapper-20250201/test-cipher.sh000066400000000000000000000070511474542230700167500ustar00rootroot00000000000000#!/bin/sh cleanup() { ex=$? rm -rf tlswrappernojail data.in exit "${ex}" } trap "cleanup" EXIT TERM INT PATH="./:${PATH}" export PATH ln -s tlswrapper-test tlswrappernojail echo 'OK' > data.in TCPREMOTEIP=1.2.3.4; export TCPREMOTEIP TCPREMOTEPORT=1234; export TCPREMOTEPORT TCPLOCALIP=1.2.3.4; export TCPLOCALIP TCPLOCALPORT=1234; export TCPLOCALPORT echo "tests default ECDSA ciphers" CMD="tlswrapper-test -q" CMD="${CMD} -d `cat testcerts/days`" CMD="${CMD} -a testcerts/ca-ec-prime256v1.pem" CMD="${CMD} -h okcert-ec-prime256v1-ec-prime256v1-ok.pem" ( echo "ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" echo "ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" echo "ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" echo "ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" echo "ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" echo "ECDHE_ECDSA_WITH_AES_128_CBC_SHA" echo "ECDHE_ECDSA_WITH_AES_256_CBC_SHA" echo "ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" ) | ( while read cipher; do echo "${cipher}" ${CMD} -w -c "${cipher}" tlswrappernojail -Q -d testcerts sh -c 'cat >&2' &1; echo $?; done ) echo "tests default RSA ciphers" CMD="tlswrapper-test -q" CMD="${CMD} -d `cat testcerts/days`" CMD="${CMD} -a testcerts/ca-rsa-2048.pem" CMD="${CMD} -h okcert-rsa-2048-rsa-2048-ok.pem" ( echo "ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" echo "ECDHE_RSA_WITH_AES_128_GCM_SHA256" echo "ECDHE_RSA_WITH_AES_256_GCM_SHA384" echo "ECDHE_RSA_WITH_AES_128_CBC_SHA256" echo "ECDHE_RSA_WITH_AES_256_CBC_SHA384" echo "ECDHE_RSA_WITH_AES_128_CBC_SHA" echo "ECDHE_RSA_WITH_AES_256_CBC_SHA" echo "ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" ) | ( while read cipher; do echo "${cipher}" ${CMD} -w -c "${cipher}" tlswrappernojail -Q -d testcerts sh -c 'cat >&2' &1; echo $?; done ) echo "tests all ciphers" CMD="tlswrapper-test -q" CMD="${CMD} -d `cat testcerts/days`" CMD="${CMD} -a testcerts/ca-ec-prime256v1.pem" allciphers="\ -c CHACHA20_POLY1305_SHA256 \ -c AES_256_GCM_SHA384 \ -c AES_128_GCM_SHA256 \ -c AES_256_CBC_SHA384 \ -c AES_128_CBC_SHA256 \ -c AES_256_CBC_SHA \ -c AES_128_CBC_SHA" ( echo "ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 okcert-ec-prime256v1-ec-prime256v1-ok.pem" echo "ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 okcert-ec-prime256v1-ec-prime256v1-ok.pem" echo "ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 okcert-ec-prime256v1-ec-prime256v1-ok.pem" echo "ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 okcert-ec-prime256v1-ec-prime256v1-ok.pem" echo "ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 okcert-ec-prime256v1-ec-prime256v1-ok.pem" echo "ECDHE_ECDSA_WITH_AES_128_CBC_SHA okcert-ec-prime256v1-ec-prime256v1-ok.pem" echo "ECDHE_ECDSA_WITH_AES_256_CBC_SHA okcert-ec-prime256v1-ec-prime256v1-ok.pem" echo "ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA okcert-ec-prime256v1-ec-prime256v1-ok.pem" echo "ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 okcert-ec-prime256v1-rsa-2048-ok.pem" echo "ECDHE_RSA_WITH_AES_128_GCM_SHA256 okcert-ec-prime256v1-rsa-2048-ok.pem" echo "ECDHE_RSA_WITH_AES_256_GCM_SHA384 okcert-ec-prime256v1-rsa-2048-ok.pem" echo "ECDHE_RSA_WITH_AES_128_CBC_SHA256 okcert-ec-prime256v1-rsa-2048-ok.pem" echo "ECDHE_RSA_WITH_AES_256_CBC_SHA384 okcert-ec-prime256v1-rsa-2048-ok.pem" echo "ECDHE_RSA_WITH_AES_128_CBC_SHA okcert-ec-prime256v1-rsa-2048-ok.pem" echo "ECDHE_RSA_WITH_AES_256_CBC_SHA okcert-ec-prime256v1-rsa-2048-ok.pem" echo "ECDHE_RSA_WITH_3DES_EDE_CBC_SHA okcert-ec-prime256v1-rsa-2048-ok.pem" ) | ( while read cipher host; do echo "${cipher} " ${CMD} -h "${host}" -w -c "${cipher}" tlswrappernojail ${allciphers} -Q -d ./testcerts sh -c 'cat >&2' &1; echo $?; done ) tlswrapper-20250201/test-ephemeral.exp000066400000000000000000000002541474542230700176200ustar00rootroot00000000000000tests default ephemeral ciphers x25519 OK 0 secp256r1 OK 0 secp384r1 111 secp521r1 111 tests all ephemeral ciphers x25519 OK 0 secp256r1 OK 0 secp384r1 OK 0 secp521r1 OK 0 tlswrapper-20250201/test-ephemeral.sh000066400000000000000000000024071474542230700174400ustar00rootroot00000000000000#!/bin/sh cleanup() { ex=$? rm -rf tlswrappernojail data.in exit "${ex}" } trap "cleanup" EXIT TERM INT PATH="./:${PATH}" export PATH ln -s tlswrapper-test tlswrappernojail echo 'OK' > data.in TCPREMOTEIP=1.2.3.4; export TCPREMOTEIP TCPREMOTEPORT=1234; export TCPREMOTEPORT TCPLOCALIP=1.2.3.4; export TCPLOCALIP TCPLOCALPORT=1234; export TCPLOCALPORT echo "tests default ephemeral ciphers" CMD="tlswrapper-test -q" CMD="${CMD} -d `cat testcerts/days`" CMD="${CMD} -a testcerts/ca-rsa-2048.pem" CMD="${CMD} -h okcert-rsa-2048-rsa-2048-ok.pem" ( echo "x25519" echo "secp256r1" echo "secp384r1" echo "secp521r1" ) | ( while read cipher; do echo "${cipher}" ${CMD} -e "${cipher}" -w tlswrappernojail -Q -d testcerts sh -c 'cat >&2' &1; echo $?; done ) echo "tests all ephemeral ciphers" CMD="tlswrapper-test -q" CMD="${CMD} -d `cat testcerts/days`" CMD="${CMD} -a testcerts/ca-rsa-2048.pem" CMD="${CMD} -h okcert-rsa-2048-rsa-2048-ok.pem" allecdhe="-e x25519 -e secp256r1 -e secp384r1 -e secp521r1" ( echo "x25519" echo "secp256r1" echo "secp384r1" echo "secp521r1" ) | ( while read cipher; do echo "${cipher}" ${CMD} -e "${cipher}" -w tlswrappernojail ${allecdhe} -Q -d testcerts sh -c 'cat >&2' &1; echo $?; done ) tlswrapper-20250201/test-okcert.exp000066400000000000000000000202101474542230700171370ustar00rootroot00000000000000CA=ec-prime256v1, cert=ec-prime256v1, certdir (-d), upload OK CA=ec-prime256v1, cert=ec-prime256v1, certdir (-d), download OK CA=ec-prime256v1, cert=ec-prime256v1, certfile (-f), upload OK CA=ec-prime256v1, cert=ec-prime256v1, certfile (-f), download OK CA=ec-prime256v1, cert=ec-secp384r1, certdir (-d), upload OK CA=ec-prime256v1, cert=ec-secp384r1, certdir (-d), download OK CA=ec-prime256v1, cert=ec-secp384r1, certfile (-f), upload OK CA=ec-prime256v1, cert=ec-secp384r1, certfile (-f), download OK CA=ec-prime256v1, cert=ec-secp521r1, certdir (-d), upload OK CA=ec-prime256v1, cert=ec-secp521r1, certdir (-d), download OK CA=ec-prime256v1, cert=ec-secp521r1, certfile (-f), upload OK CA=ec-prime256v1, cert=ec-secp521r1, certfile (-f), download OK CA=ec-prime256v1, cert=rsa-2048, certdir (-d), upload OK CA=ec-prime256v1, cert=rsa-2048, certdir (-d), download OK CA=ec-prime256v1, cert=rsa-2048, certfile (-f), upload OK CA=ec-prime256v1, cert=rsa-2048, certfile (-f), download OK CA=ec-prime256v1, cert=rsa-3072, certdir (-d), upload OK CA=ec-prime256v1, cert=rsa-3072, certdir (-d), download OK CA=ec-prime256v1, cert=rsa-3072, certfile (-f), upload OK CA=ec-prime256v1, cert=rsa-3072, certfile (-f), download OK CA=ec-prime256v1, cert=rsa-4096, certdir (-d), upload OK CA=ec-prime256v1, cert=rsa-4096, certdir (-d), download OK CA=ec-prime256v1, cert=rsa-4096, certfile (-f), upload OK CA=ec-prime256v1, cert=rsa-4096, certfile (-f), download OK CA=ec-secp384r1, cert=ec-prime256v1, certdir (-d), upload OK CA=ec-secp384r1, cert=ec-prime256v1, certdir (-d), download OK CA=ec-secp384r1, cert=ec-prime256v1, certfile (-f), upload OK CA=ec-secp384r1, cert=ec-prime256v1, certfile (-f), download OK CA=ec-secp384r1, cert=ec-secp384r1, certdir (-d), upload OK CA=ec-secp384r1, cert=ec-secp384r1, certdir (-d), download OK CA=ec-secp384r1, cert=ec-secp384r1, certfile (-f), upload OK CA=ec-secp384r1, cert=ec-secp384r1, certfile (-f), download OK CA=ec-secp384r1, cert=ec-secp521r1, certdir (-d), upload OK CA=ec-secp384r1, cert=ec-secp521r1, certdir (-d), download OK CA=ec-secp384r1, cert=ec-secp521r1, certfile (-f), upload OK CA=ec-secp384r1, cert=ec-secp521r1, certfile (-f), download OK CA=ec-secp384r1, cert=rsa-2048, certdir (-d), upload OK CA=ec-secp384r1, cert=rsa-2048, certdir (-d), download OK CA=ec-secp384r1, cert=rsa-2048, certfile (-f), upload OK CA=ec-secp384r1, cert=rsa-2048, certfile (-f), download OK CA=ec-secp384r1, cert=rsa-3072, certdir (-d), upload OK CA=ec-secp384r1, cert=rsa-3072, certdir (-d), download OK CA=ec-secp384r1, cert=rsa-3072, certfile (-f), upload OK CA=ec-secp384r1, cert=rsa-3072, certfile (-f), download OK CA=ec-secp384r1, cert=rsa-4096, certdir (-d), upload OK CA=ec-secp384r1, cert=rsa-4096, certdir (-d), download OK CA=ec-secp384r1, cert=rsa-4096, certfile (-f), upload OK CA=ec-secp384r1, cert=rsa-4096, certfile (-f), download OK CA=ec-secp521r1, cert=ec-prime256v1, certdir (-d), upload OK CA=ec-secp521r1, cert=ec-prime256v1, certdir (-d), download OK CA=ec-secp521r1, cert=ec-prime256v1, certfile (-f), upload OK CA=ec-secp521r1, cert=ec-prime256v1, certfile (-f), download OK CA=ec-secp521r1, cert=ec-secp384r1, certdir (-d), upload OK CA=ec-secp521r1, cert=ec-secp384r1, certdir (-d), download OK CA=ec-secp521r1, cert=ec-secp384r1, certfile (-f), upload OK CA=ec-secp521r1, cert=ec-secp384r1, certfile (-f), download OK CA=ec-secp521r1, cert=ec-secp521r1, certdir (-d), upload OK CA=ec-secp521r1, cert=ec-secp521r1, certdir (-d), download OK CA=ec-secp521r1, cert=ec-secp521r1, certfile (-f), upload OK CA=ec-secp521r1, cert=ec-secp521r1, certfile (-f), download OK CA=ec-secp521r1, cert=rsa-2048, certdir (-d), upload OK CA=ec-secp521r1, cert=rsa-2048, certdir (-d), download OK CA=ec-secp521r1, cert=rsa-2048, certfile (-f), upload OK CA=ec-secp521r1, cert=rsa-2048, certfile (-f), download OK CA=ec-secp521r1, cert=rsa-3072, certdir (-d), upload OK CA=ec-secp521r1, cert=rsa-3072, certdir (-d), download OK CA=ec-secp521r1, cert=rsa-3072, certfile (-f), upload OK CA=ec-secp521r1, cert=rsa-3072, certfile (-f), download OK CA=ec-secp521r1, cert=rsa-4096, certdir (-d), upload OK CA=ec-secp521r1, cert=rsa-4096, certdir (-d), download OK CA=ec-secp521r1, cert=rsa-4096, certfile (-f), upload OK CA=ec-secp521r1, cert=rsa-4096, certfile (-f), download OK CA=rsa-2048, cert=ec-prime256v1, certdir (-d), upload OK CA=rsa-2048, cert=ec-prime256v1, certdir (-d), download OK CA=rsa-2048, cert=ec-prime256v1, certfile (-f), upload OK CA=rsa-2048, cert=ec-prime256v1, certfile (-f), download OK CA=rsa-2048, cert=ec-secp384r1, certdir (-d), upload OK CA=rsa-2048, cert=ec-secp384r1, certdir (-d), download OK CA=rsa-2048, cert=ec-secp384r1, certfile (-f), upload OK CA=rsa-2048, cert=ec-secp384r1, certfile (-f), download OK CA=rsa-2048, cert=ec-secp521r1, certdir (-d), upload OK CA=rsa-2048, cert=ec-secp521r1, certdir (-d), download OK CA=rsa-2048, cert=ec-secp521r1, certfile (-f), upload OK CA=rsa-2048, cert=ec-secp521r1, certfile (-f), download OK CA=rsa-2048, cert=rsa-2048, certdir (-d), upload OK CA=rsa-2048, cert=rsa-2048, certdir (-d), download OK CA=rsa-2048, cert=rsa-2048, certfile (-f), upload OK CA=rsa-2048, cert=rsa-2048, certfile (-f), download OK CA=rsa-2048, cert=rsa-3072, certdir (-d), upload OK CA=rsa-2048, cert=rsa-3072, certdir (-d), download OK CA=rsa-2048, cert=rsa-3072, certfile (-f), upload OK CA=rsa-2048, cert=rsa-3072, certfile (-f), download OK CA=rsa-2048, cert=rsa-4096, certdir (-d), upload OK CA=rsa-2048, cert=rsa-4096, certdir (-d), download OK CA=rsa-2048, cert=rsa-4096, certfile (-f), upload OK CA=rsa-2048, cert=rsa-4096, certfile (-f), download OK CA=rsa-3072, cert=ec-prime256v1, certdir (-d), upload OK CA=rsa-3072, cert=ec-prime256v1, certdir (-d), download OK CA=rsa-3072, cert=ec-prime256v1, certfile (-f), upload OK CA=rsa-3072, cert=ec-prime256v1, certfile (-f), download OK CA=rsa-3072, cert=ec-secp384r1, certdir (-d), upload OK CA=rsa-3072, cert=ec-secp384r1, certdir (-d), download OK CA=rsa-3072, cert=ec-secp384r1, certfile (-f), upload OK CA=rsa-3072, cert=ec-secp384r1, certfile (-f), download OK CA=rsa-3072, cert=ec-secp521r1, certdir (-d), upload OK CA=rsa-3072, cert=ec-secp521r1, certdir (-d), download OK CA=rsa-3072, cert=ec-secp521r1, certfile (-f), upload OK CA=rsa-3072, cert=ec-secp521r1, certfile (-f), download OK CA=rsa-3072, cert=rsa-2048, certdir (-d), upload OK CA=rsa-3072, cert=rsa-2048, certdir (-d), download OK CA=rsa-3072, cert=rsa-2048, certfile (-f), upload OK CA=rsa-3072, cert=rsa-2048, certfile (-f), download OK CA=rsa-3072, cert=rsa-3072, certdir (-d), upload OK CA=rsa-3072, cert=rsa-3072, certdir (-d), download OK CA=rsa-3072, cert=rsa-3072, certfile (-f), upload OK CA=rsa-3072, cert=rsa-3072, certfile (-f), download OK CA=rsa-3072, cert=rsa-4096, certdir (-d), upload OK CA=rsa-3072, cert=rsa-4096, certdir (-d), download OK CA=rsa-3072, cert=rsa-4096, certfile (-f), upload OK CA=rsa-3072, cert=rsa-4096, certfile (-f), download OK CA=rsa-4096, cert=ec-prime256v1, certdir (-d), upload OK CA=rsa-4096, cert=ec-prime256v1, certdir (-d), download OK CA=rsa-4096, cert=ec-prime256v1, certfile (-f), upload OK CA=rsa-4096, cert=ec-prime256v1, certfile (-f), download OK CA=rsa-4096, cert=ec-secp384r1, certdir (-d), upload OK CA=rsa-4096, cert=ec-secp384r1, certdir (-d), download OK CA=rsa-4096, cert=ec-secp384r1, certfile (-f), upload OK CA=rsa-4096, cert=ec-secp384r1, certfile (-f), download OK CA=rsa-4096, cert=ec-secp521r1, certdir (-d), upload OK CA=rsa-4096, cert=ec-secp521r1, certdir (-d), download OK CA=rsa-4096, cert=ec-secp521r1, certfile (-f), upload OK CA=rsa-4096, cert=ec-secp521r1, certfile (-f), download OK CA=rsa-4096, cert=rsa-2048, certdir (-d), upload OK CA=rsa-4096, cert=rsa-2048, certdir (-d), download OK CA=rsa-4096, cert=rsa-2048, certfile (-f), upload OK CA=rsa-4096, cert=rsa-2048, certfile (-f), download OK CA=rsa-4096, cert=rsa-3072, certdir (-d), upload OK CA=rsa-4096, cert=rsa-3072, certdir (-d), download OK CA=rsa-4096, cert=rsa-3072, certfile (-f), upload OK CA=rsa-4096, cert=rsa-3072, certfile (-f), download OK CA=rsa-4096, cert=rsa-4096, certdir (-d), upload OK CA=rsa-4096, cert=rsa-4096, certdir (-d), download OK CA=rsa-4096, cert=rsa-4096, certfile (-f), upload OK CA=rsa-4096, cert=rsa-4096, certfile (-f), download OK tlswrapper-20250201/test-okcert.sh000066400000000000000000000034271474542230700167700ustar00rootroot00000000000000#!/bin/sh check() { if [ x"`shasum < data.in`" = x"`shasum < data.out`" ]; then echo "$1 OK" else ( echo "$1 FAILED" echo "ls -la data.in: `ls -la data.in`" echo "ls -la data.out: `ls -la data.out`" echo "shasum data.in: `shasum < data.in`" echo "shasum data.out: `shasum < data.out`" echo "log:" cat log ) >&2 exit 1 fi } randdata() { # create random datafile dd if=/dev/urandom of=data.in bs=1 count=16385 2>/dev/null } cleanup() { ex=$? rm -rf data.in data.out log tlswrappernojail exit "${ex}" } trap "cleanup" EXIT TERM INT ln -s tlswrapper-test tlswrappernojail PATH="./:${PATH}" export PATH CMD="tlswrapper-test -vvv" CMD="${CMD} -d `cat testcerts/days`" ls testcerts | grep '^okcert-' |\ while read name; do # get CA name catype=`echo ${name} | cut -d- -f2` casize=`echo ${name} | cut -d- -f3` caname="testcerts/ca-${catype}-${casize}.pem" type=`echo ${name} | cut -d- -f4` size=`echo ${name} | cut -d- -f5` randdata CMD="${CMD} -a ${caname} -h "${name}"" ${CMD} -w tlswrappernojail -vvv -d "testcerts" bash -c 'cat > data.out' < data.in 2>log check "CA=${catype}-${casize}, cert=${type}-${size}, certdir (-d), upload" randdata ${CMD} -r tlswrappernojail -v -d "testcerts" cat data.in > data.out 2>log check "CA=${catype}-${casize}, cert=${type}-${size}, certdir (-d), download" randdata CMD="${CMD} -a ${caname} -h "${name}"" ${CMD} -w tlswrappernojail -v -f "testcerts/${name}" bash -c 'cat > data.out' < data.in 2>log check "CA=${catype}-${casize}, cert=${type}-${size}, certfile (-f), upload" randdata ${CMD} -r tlswrappernojail -v -f "testcerts/${name}" cat data.in > data.out 2>log check "CA=${catype}-${casize}, cert=${type}-${size}, certfile (-f), download" done exit 0 tlswrapper-20250201/test-options.exp000066400000000000000000000075711474542230700173620ustar00rootroot00000000000000tlswrapper rejects fifo as a certdir tlswrapper: fatal: unable to add certdir 'testfifo' 100 tlswrapper rejects fifo as a certfile tlswrapper: fatal: unable to add certfile 'testfifo': not a regular file 100 tlswrapper rejects fifo as a anchorfile tlswrapper: fatal: unable to add anchor file 'testfifo': not a regular file 100 tlswrapper rejects nonexistent file as a certdir tlswrapper: fatal: unable to stat certdir 'notexist' 100 tlswrapper rejects nonexistent file as a certfile tlswrapper: fatal: unable to stat certfile 'notexist' 100 tlswrapper rejects nonexistent file as a anchorfile tlswrapper: fatal: unable to add anchor file 'notexist' 100 tlswrapper rejects regular file as a certdir tlswrapper: fatal: unable to add certdir 'testfile' 100 tlswrapper rejects directory as a certfile tlswrapper: fatal: unable to add certfile 'testdir': not a regular file 100 tlswrapper rejects directory as a anchor file tlswrapper: fatal: unable to add anchor file 'testdir': not a regular file 100 tlswrapper rejects link to regular file as a certdir tlswrapper: fatal: unable to add certdir 'testfilelink' 100 tlswrapper rejects link to directory as a certfile tlswrapper: fatal: unable to add certfile 'testdirlink': not a regular file 100 tlswrapper rejects link to directory as a anchorfile tlswrapper: fatal: unable to add anchor file 'testdirlink': not a regular file 100 tlswrapper rejects bad min TLS version tlswrapper: fatal: unable to parse TLS min. version from the string 'xxx' tlswrapper: fatal: available: tls10 tlswrapper: fatal: available: tls11 tlswrapper: fatal: available: tls12 100 tlswrapper rejects bad max TLS version tlswrapper: fatal: unable to parse TLS max. version from the string 'xxx' tlswrapper: fatal: available: tls10 tlswrapper: fatal: available: tls11 tlswrapper: fatal: available: tls12 100 tlswrapper rejects bad ciphername tlswrapper: fatal: unable to parse cipher from the string 'xxx' tlswrapper: fatal: available: CHACHA20_POLY1305_SHA256 tlswrapper: fatal: available: AES_256_GCM_SHA384 tlswrapper: fatal: available: AES_128_GCM_SHA256 tlswrapper: fatal: available: AES_256_CBC_SHA384 tlswrapper: fatal: available: AES_128_CBC_SHA256 tlswrapper: fatal: available: AES_256_CBC_SHA tlswrapper: fatal: available: AES_128_CBC_SHA 100 tlswrapper rejects bad ephemeral name tlswrapper: fatal: unable to parse ephemeral algorithm from the string 'xxx' tlswrapper: fatal: available: x25519 tlswrapper: fatal: available: secp256r1 tlswrapper: fatal: available: secp384r1 tlswrapper: fatal: available: secp521r1 100 tlswrapper rejects bad proxy protocol version tlswrapper: fatal: unable to parse incoming proxy-protocol version from the string '9' tlswrapper: fatal: available: 1 100 tlswrapper rejects bad ASN.1 object tlswrapper: fatal: unable to parse ASN.1 object from the string 'xxx' tlswrapper: fatal: available: commonName tlswrapper: fatal: available: emailAddress 100 tlswrapper rejects zero number as a network timeout tlswrapper: fatal: timeout must be a number > 0, not '0' 100 tlswrapper rejects zero number as a handshake timeout tlswrapper: fatal: timeout must be a number > 0, not '0' 100 tlswrapper rejects negative number as a network timeout tlswrapper: fatal: timeout must be a number > 0, not '-1' 100 tlswrapper rejects nefative number as a handshake timeout tlswrapper: fatal: timeout must be a number > 0, not '-1' 100 tlswrapper rejects bad number as a network timeout tlswrapper: fatal: unable to parse timeout from the string 'badtimeout' 100 tlswrapper rejects bad number as a handshake timeout tlswrapper: fatal: unable to parse timeout from the string 'badtimeout' 100 tlswrapper rejects too large number as a network timeout tlswrapper: fatal: timeout must be a number < 86400, not '86401' 100 tlswrapper rejects too large number as a handshake timeout tlswrapper: fatal: timeout must be a number < 86400, not '86401' 100 tlswrapper-20250201/test-options.sh000066400000000000000000000102371474542230700171710ustar00rootroot00000000000000#!/bin/sh cleanup() { ex=$? rm -rf tlswrappernojail testfifo testfile testdir .dottestdir .dottestfile testdirlink testfilelink exit "${ex}" } trap "cleanup" EXIT TERM INT PATH="./:${PATH}" export PATH ln -s tlswrapper-test tlswrappernojail mkfifo testfifo mkdir .dottestdir testdir touch .dottestfile testfile ln -s testdir testdirlink ln -s testfile testfilelink # certs echo 'tlswrapper rejects fifo as a certdir' ( tlswrappernojail -Q -d testfifo &1; echo $?;) | sed 's/ (.*)/ /' echo echo 'tlswrapper rejects fifo as a certfile' ( tlswrappernojail -Q -f testfifo &1; echo $?;) | sed 's/ (.*)/ /' echo echo 'tlswrapper rejects fifo as a anchorfile' ( tlswrappernojail -Q -a testfifo &1; echo $?;) | sed 's/ (.*)/ /' echo echo 'tlswrapper rejects nonexistent file as a certdir' ( tlswrappernojail -Q -d notexist &1; echo $?;) | sed 's/ (.*)/ /' echo echo 'tlswrapper rejects nonexistent file as a certfile' ( tlswrappernojail -Q -f notexist &1; echo $?;) | sed 's/ (.*)/ /' echo echo 'tlswrapper rejects nonexistent file as a anchorfile' ( tlswrappernojail -Q -a notexist &1; echo $?;) | sed 's/ (.*)/ /' echo echo 'tlswrapper rejects regular file as a certdir' ( tlswrappernojail -Q -d testfile &1; echo $?;) | sed 's/ (.*)/ /' echo echo 'tlswrapper rejects directory as a certfile' ( tlswrappernojail -Q -f testdir &1; echo $?;) | sed 's/ (.*)/ /' echo echo 'tlswrapper rejects directory as a anchor file' ( tlswrappernojail -Q -a testdir &1; echo $?;) | sed 's/ (.*)/ /' echo echo 'tlswrapper rejects link to regular file as a certdir' ( tlswrappernojail -Q -d testfilelink &1; echo $?;) | sed 's/ (.*)/ /' echo echo 'tlswrapper rejects link to directory as a certfile' ( tlswrappernojail -Q -f testdirlink &1; echo $?;) | sed 's/ (.*)/ /' echo echo 'tlswrapper rejects link to directory as a anchorfile' ( tlswrappernojail -Q -a testdirlink &1; echo $?;) | sed 's/ (.*)/ /' echo # TLS version echo 'tlswrapper rejects bad min TLS version' ( tlswrappernojail -Q -f testfile -m xxx &1; echo $?;) | sed 's/ (.*)/ /' echo echo 'tlswrapper rejects bad max TLS version' ( tlswrappernojail -Q -f testfile -M xxx &1; echo $?;) | sed 's/ (.*)/ /' echo # ciphers echo 'tlswrapper rejects bad ciphername' ( tlswrappernojail -Q -f testfile -c xxx &1; echo $?;) | sed 's/ (.*)/ /' echo # ephemeral echo 'tlswrapper rejects bad ephemeral name' ( tlswrappernojail -Q -f testfile -e xxx &1; echo $?;) | sed 's/ (.*)/ /' echo # proxy protocol echo 'tlswrapper rejects bad proxy protocol version' ( tlswrappernojail -Q -f testfile -p 9 &1; echo $?;) | sed 's/ (.*)/ /' echo # user from client cert. echo 'tlswrapper rejects bad ASN.1 object' ( tlswrappernojail -Q -f testfile -U xxx &1; echo $?;) | sed 's/ (.*)/ /' echo # timeouts echo 'tlswrapper rejects zero number as a network timeout' ( tlswrappernojail -Q -f testfile -t0 true &1; echo $?;) | sed 's/ (.*)/ /' echo echo 'tlswrapper rejects zero number as a handshake timeout' ( tlswrappernojail -Q -f testfile -T0 true &1; echo $?;) | sed 's/ (.*)/ /' echo echo 'tlswrapper rejects negative number as a network timeout' ( tlswrappernojail -Q -f testfile -t -1 true &1; echo $?;) | sed 's/ (.*)/ /' echo echo 'tlswrapper rejects nefative number as a handshake timeout' ( tlswrappernojail -Q -f testfile -T -1 true &1; echo $?;) | sed 's/ (.*)/ /' echo echo 'tlswrapper rejects bad number as a network timeout' ( tlswrappernojail -Q -f testfile -t badtimeout true &1; echo $?;) | sed 's/ (.*)/ /' echo echo 'tlswrapper rejects bad number as a handshake timeout' ( tlswrappernojail -Q -f testfile -T badtimeout true &1; echo $?;) | sed 's/ (.*)/ /' echo echo 'tlswrapper rejects too large number as a network timeout' ( tlswrappernojail -Q -f testfile -t 86401 true &1; echo $?;) | sed 's/ (.*)/ /' echo echo 'tlswrapper rejects too large number as a handshake timeout' ( tlswrappernojail -Q -f testfile -T 86401 true &1; echo $?;) | sed 's/ (.*)/ /' echo tlswrapper-20250201/test-pp.exp000066400000000000000000000062121474542230700162750ustar00rootroot00000000000000:: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 255.255.255.255 tlswrapper: error: unable to parse proxy-protocol string 'PROXY\r\n' tlswrapper: fatal: unable to receive incoming proxy-protocol v1 string tlswrapper: error: unable to parse proxy-protocol string 'PROXY TCP6\r\n' tlswrapper: fatal: unable to receive incoming proxy-protocol v1 string tlswrapper: error: unable to parse remoteip from proxy-protocol string 'PROXY TCP4 \r\n' tlswrapper: fatal: unable to receive incoming proxy-protocol v1 string tlswrapper: error: unable to parse remoteip from proxy-protocol string 'PROXY TCP4 2\r\n' tlswrapper: fatal: unable to receive incoming proxy-protocol v1 string tlswrapper: error: unable to parse remoteip from proxy-protocol string 'PROXY TCP4 255\r\n' tlswrapper: fatal: unable to receive incoming proxy-protocol v1 string tlswrapper: error: unable to parse remoteip from proxy-protocol string 'PROXY TCP4 255.\r\n' tlswrapper: fatal: unable to receive incoming proxy-protocol v1 string tlswrapper: error: unable to parse remoteip from proxy-protocol string 'PROXY TCP4 255.255.255.255\r\n' tlswrapper: fatal: unable to receive incoming proxy-protocol v1 string tlswrapper: error: unable to parse localip from proxy-protocol string 'PROXY TCP4 255.255.255.255 \r\n' tlswrapper: fatal: unable to receive incoming proxy-protocol v1 string tlswrapper: error: unable to parse localip from proxy-protocol string 'PROXY TCP4 255.255.255.255 255.255.255.255\r\n' tlswrapper: fatal: unable to receive incoming proxy-protocol v1 string tlswrapper: error: unable to parse remoteport from proxy-protocol string 'PROXY TCP4 255.255.255.255 255.255.255.255 \r\n' tlswrapper: fatal: unable to receive incoming proxy-protocol v1 string tlswrapper: error: unable to parse remoteport from proxy-protocol string 'PROXY TCP4 255.255.255.255 255.255.255.255 65535\r\n' tlswrapper: fatal: unable to receive incoming proxy-protocol v1 string tlswrapper: error: unable to parse localport from proxy-protocol string 'PROXY TCP4 255.255.255.255 255.255.255.255 65535 \r\n' tlswrapper: fatal: unable to receive incoming proxy-protocol v1 string tlswrapper: error: unable to parse remoteip from proxy-protocol string 'PROXY TCP4 255.255.256.255 255.255.255.255 65535 \r\n' tlswrapper: fatal: unable to receive incoming proxy-protocol v1 string tlswrapper: error: unable to parse remoteip from proxy-protocol string 'PROXY TCP4 255.256.255.255 255.255.255.255 65535 65535\r\n' tlswrapper: fatal: unable to receive incoming proxy-protocol v1 string tlswrapper: error: unable to parse localip from proxy-protocol string 'PROXY TCP4 255.255.255.255 255.256.255.255 65535 65535\r\n' tlswrapper: fatal: unable to receive incoming proxy-protocol v1 string tlswrapper: error: unable to parse remoteport from proxy-protocol string 'PROXY TCP4 255.255.255.255 255.255.255.255 65536 65535\r\n' tlswrapper: fatal: unable to receive incoming proxy-protocol v1 string tlswrapper: error: unable to parse localport from proxy-protocol string 'PROXY TCP4 255.255.255.255 255.255.255.255 65535 65536\r\n' tlswrapper: fatal: unable to receive incoming proxy-protocol v1 string tlswrapper-20250201/test-pp.sh000066400000000000000000000034231474542230700161140ustar00rootroot00000000000000#!/bin/sh cleanup() { ex=$? rm -rf tlswrappernojail data.in exit "${ex}" } trap "cleanup" EXIT TERM INT PATH="./:${PATH}" export PATH ln -s tlswrapper-test tlswrappernojail echo 'OK ' > data.in unset TCPREMOTEIP unset TCPREMOTEPORT unset TCPLOCALIP unset TCPLOCALPORT CMD="tlswrapper-test -q" CMD="${CMD} -d `cat testcerts/days`" CMD="${CMD} -a testcerts/ca-ec-prime256v1.pem" CMD="${CMD} -h okcert-ec-prime256v1-ec-prime256v1-ok.pem" ( echo "PROXY_UNKNOWN" echo "PROXY_TCP6_ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff_ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff_65535_65535" echo "PROXY_TCP6_ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255_ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255_65535_65535" echo "PROXY_TCP4_255.255.255.255_255.255.255.255_65535_65535" ) | while read line; do ${CMD} -P "${line}" -w tlswrappernojail -p1 -d "testcerts" sh -c 'printenv TCPREMOTEIP >&9' &1 2>&1 done ( echo "PROXY" echo "PROXY_TCP6" echo "PROXY_TCP4_" echo "PROXY_TCP4_2" echo "PROXY_TCP4_255" echo "PROXY_TCP4_255." echo "PROXY_TCP4_255.255.255.255" echo "PROXY_TCP4_255.255.255.255_" echo "PROXY_TCP4_255.255.255.255_255.255.255.255" echo "PROXY_TCP4_255.255.255.255_255.255.255.255_" echo "PROXY_TCP4_255.255.255.255_255.255.255.255_65535" echo "PROXY_TCP4_255.255.255.255_255.255.255.255_65535_" echo "PROXY_TCP4_255.255.256.255_255.255.255.255_65535_" echo "PROXY_TCP4_255.256.255.255_255.255.255.255_65535_65535" echo "PROXY_TCP4_255.255.255.255_255.256.255.255_65535_65535" echo "PROXY_TCP4_255.255.255.255_255.255.255.255_65536_65535" echo "PROXY_TCP4_255.255.255.255_255.255.255.255_65535_65536" ) | while read line; do ${CMD} -P "${line}" -w tlswrappernojail -p1 -v -d "testcerts" sh -c 'exec printenv >&9' &1 2>&1 | sed 's/ (.*)/ /' done tlswrapper-20250201/testcerts/000077500000000000000000000000001474542230700162025ustar00rootroot00000000000000tlswrapper-20250201/testcerts/Makefile000066400000000000000000000001341474542230700176400ustar00rootroot00000000000000days: createcerts.sh ca.sh server.sh client.sh sh createcerts.sh clean: rm -f *.pem days tlswrapper-20250201/testcerts/badcert-ec-prime256v1-ec-prime256v1-extrabegin.pem000066400000000000000000000021341474542230700270450ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN EC PARAMETERS----- BggqhkjOPQMBBw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MHcCAQEEINK78SmM6LPjwRwEYlX4Kgt+7tWWU2m0VrVM12W7YNY+oAoGCCqGSM49 AwEHoUQDQgAEX3krIIsA2hrhx6IR5p5dL4Uf+QlZ2VrrF0alfnWsS0laX8443F3c n1ZHT81k6QGJwccH1WSUu1uaXT26mF4ejA== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICFzCCAb2gAwIBAgIRAM7UWb/F1gg3xp4ZTzZBUVMwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI3NTNaFw0yMTEyMjMyMDI3NTNa MDQxMjAwBgNVBAMMKW9rY2VydC1lYy1wcmltZTI1NnYxLWVjLXByaW1lMjU2djEt b2sucGVtMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEX3krIIsA2hrhx6IR5p5d L4Uf+QlZ2VrrF0alfnWsS0laX8443F3cn1ZHT81k6QGJwccH1WSUu1uaXT26mF4e jKOB0TCBzjAJBgNVHRMEAjAAMB0GA1UdDgQWBBRi72oYle1qmbT59QOWleoKVN5K 2DBKBgNVHSMEQzBBgBQXFXOPkivCOM+MhouDpqbvcxQssqEWpBQwEjEQMA4GA1UE AwwHdGVzdCBDQYIRAJuxSLDF647ARzz6DZ0C4pMwEwYDVR0lBAwwCgYIKwYBBQUH AwEwCwYDVR0PBAQDAgWgMDQGA1UdEQQtMCuCKW9rY2VydC1lYy1wcmltZTI1NnYx LWVjLXByaW1lMjU2djEtb2sucGVtMAoGCCqGSM49BAMCA0gAMEUCIQCsWidVQMFY rOlSm6JLGAi5GPfXqwNdvwdQjKznDhZCZwIgMgT3GiKua3li5LSHtfwlqJkLW64O 4enkdU3clu690xk= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-prime256v1-ec-prime256v1-keyonly.pem000066400000000000000000000003431474542230700264070ustar00rootroot00000000000000-----BEGIN EC PRIVATE KEY----- MHcCAQEEINK78SmM6LPjwRwEYlX4Kgt+7tWWU2m0VrVM12W7YNY+oAoGCCqGSM49 AwEHoUQDQgAEX3krIIsA2hrhx6IR5p5dL4Uf+QlZ2VrrF0alfnWsS0laX8443F3c n1ZHT81k6QGJwccH1WSUu1uaXT26mF4ejA== -----END EC PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-ec-prime256v1-ec-prime256v1-malformed.pem000066400000000000000000000020761474542230700266700ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BggqhkjOPQMBBw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MHdCAQEEINK78SmM6LPjwRwEYlX4Kgt+7tWWU2m0VrVM12W7YNY+oAoGCCqGSM49 AwEHoUQDQgAEX3krIIsA2hrhx6IR5p5eL4Uf+QlZ2VrrF0alfnWsS0laX8443F3d n1ZHT81k6QGJwdH1WSUu1uaXT26mF4fjA== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICFzCCAb2gAwIBAgIRAM7UWb/F1gg3xp4ZTzZBUVMwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHeGVzeCBDQTAfFw0yMTEyMTkyMDI3NTNaFw0yMTEyMjMyMDI3NTNa MDQxMjAwBgNVBAMMKW9rY2VyeC1lYy1wdmltZTI1NnYxLWVjLXByaW1lMjU2ejEt b2sudGVtMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQdDQgAEX3krIIsA2hrhx6IR5p5e L4Uf+QlZ2VrrF0alfnWsS0laX8443F3dn1ZHT81k6QGJwdH1WSUu1uaXT26mF4f jKOB0TCBzjAJBgNVHRMEAjAAMB0GA1UeDgQWBBRi72oYlf1qmbT59QOWlfoKVN5K 2DBKBgNVHSMEQzBBgBQXFXOPkivCOM+MhouDpqbvdxQssqEWpBQwEjEQMA4GA1UE AwwHeGVzeCBDQYIRAJuxSLDF647ARzz6DZ0C4pMwEwYDVR0lBAwwCgYIKwYBBQUH AwEwCwYDVR0PBAQDAgWgMDQGA1UeEQQtMCuCKW9rY2VyeC1lYy1wdmltZTI1NnYx LWVjLXByaW1lMjU2ejEtb2sudGVtMAoGCCqGSM49BAMCA0gAMEUCIQCsWieVQMFY rOlSm6JLGAi5GPfXqwNevweQjKznDhZCZwIgMgT3GiKua3li5LSHtfwlqJkLW64O 4fnkeU3dlu690xk= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-prime256v1-ec-secp224r1-unsupported.pem000066400000000000000000000020601474542230700271100ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIQ== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MGgCAQEEHOhtpwOgzScBGVtxPh45kCYOUqzAxcrgi6UQUqGgBwYFK4EEACGhPAM6 AATKbj5LpAphqu6jfc5ZdsvjSRJ0gpA3Eif9lS7sg+HgwhnTn4o+04PiCyTNf8CE 0NmWrXouMMv+7Q== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICHTCCAcOgAwIBAgIQd6yXRB/WO+OL54WL4Wxt5DAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgwMloXDTIxMTIyMzIwMjgwMlow PTE7MDkGA1UEAwwyYmFkY2VydC1lYy1wcmltZTI1NnYxLWVjLXNlY3AyMjRyMS11 bnN1cHBvcnRlZC5wZW0wTjAQBgcqhkjOPQIBBgUrgQQAIQM6AATKbj5LpAphqu6j fc5ZdsvjSRJ0gpA3Eif9lS7sg+HgwhnTn4o+04PiCyTNf8CE0NmWrXouMMv+7aOB 2jCB1zAJBgNVHRMEAjAAMB0GA1UdDgQWBBRwaGpsGiGRS7fz8CtL/7+11yS1JTBK BgNVHSMEQzBBgBQXFXOPkivCOM+MhouDpqbvcxQssqEWpBQwEjEQMA4GA1UEAwwH dGVzdCBDQYIRAJuxSLDF647ARzz6DZ0C4pMwEwYDVR0lBAwwCgYIKwYBBQUHAwEw CwYDVR0PBAQDAgWgMD0GA1UdEQQ2MDSCMmJhZGNlcnQtZWMtcHJpbWUyNTZ2MS1l Yy1zZWNwMjI0cjEtdW5zdXBwb3J0ZWQucGVtMAoGCCqGSM49BAMCA0gAMEUCIEL3 mT8kHHIY3pOPNC6BwzcODaeHEtRbzzm/TfOQBS4PAiEAvrvs7YoAisKsJWGdFbys ELzd7GFQ4L6VSRXf0NjHgXc= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-prime256v1-ec-secp384r1-extrabegin.pem000066400000000000000000000022711474542230700266630ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN EC PARAMETERS----- BgUrgQQAIg== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIGkAgEBBDCOV7NpRRgisPOI3NM79ztoJaUEootL49d23HUuAMWzT1oLXrtiYKpt lrTFoDz7ALOgBwYFK4EEACKhZANiAASraVLBOiUwbyBOWD9bnI0uO+oixbVBeYFx 1Ucb1cWliySmQ17/fEl9IPeLMVXuIZ3RJi2qtbHKVnu5ziszQN6yGfS+2saHdIuY KA/mt6TAnIxoPnTD25tRcpw5kmBcOI0= -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICMTCCAdigAwIBAgIRAIIKGCDQlOKRaW03shZFlxowCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI3NTNaFw0yMTEyMjMyMDI3NTNa MDMxMTAvBgNVBAMMKG9rY2VydC1lYy1wcmltZTI1NnYxLWVjLXNlY3AzODRyMS1v ay5wZW0wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASraVLBOiUwbyBOWD9bnI0uO+oi xbVBeYFx1Ucb1cWliySmQ17/fEl9IPeLMVXuIZ3RJi2qtbHKVnu5ziszQN6yGfS+ 2saHdIuYKA/mt6TAnIxoPnTD25tRcpw5kmBcOI2jgdAwgc0wCQYDVR0TBAIwADAd BgNVHQ4EFgQUQ/Oqn+KfXMt42OkmN6QtAr/MzIQwSgYDVR0jBEMwQYAUFxVzj5Ir wjjPjIaLg6am73MULLKhFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GCEQCbsUiwxeuO wEc8+g2dAuKTMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAzBgNV HREELDAqgihva2NlcnQtZWMtcHJpbWUyNTZ2MS1lYy1zZWNwMzg0cjEtb2sucGVt MAoGCCqGSM49BAMCA0cAMEQCIGoDcchA+dU8rkzfcVJxmHU0meEAcIqkFJba343V aW6/AiB/KSh14773qJI7fRmgpv3P1Cux15efgkun8rvpkI3lYg== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-prime256v1-ec-secp384r1-keyonly.pem000066400000000000000000000004401474542230700262210ustar00rootroot00000000000000-----BEGIN EC PRIVATE KEY----- MIGkAgEBBDCOV7NpRRgisPOI3NM79ztoJaUEootL49d23HUuAMWzT1oLXrtiYKpt lrTFoDz7ALOgBwYFK4EEACKhZANiAASraVLBOiUwbyBOWD9bnI0uO+oixbVBeYFx 1Ucb1cWliySmQ17/fEl9IPeLMVXuIZ3RJi2qtbHKVnu5ziszQN6yGfS+2saHdIuY KA/mt6TAnIxoPnTD25tRcpw5kmBcOI0= -----END EC PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-ec-prime256v1-ec-secp384r1-malformed.pem000066400000000000000000000022331474542230700264770ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIg== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIGkAgEBBDCOV7NpRRgisPOI3NM79ztoJaUEootL49e23HUuAMWzT1oLXrtiYKpt lrTFoDz7ALOgBwYFK4EEACKhZANiAASraVLBOiUwbyBOWD9bnI0uO+oixbVBfYFx 1Udb1dWliySmQ17/fEl9IPfLMVXuIZ3RJi2qtbHKVnu5ziszQN6yGfS+2saHeIuY KA/mt6TAnIxoPnTD25tRdpw5kmBdOI0= -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICMTCCAeigAwIBAgIRAIIKGCDQlOKRaW03shZFlxowCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHeGVzeCBDQTAfFw0yMTEyMTkyMDI3NTNaFw0yMTEyMjMyMDI3NTNa MDMxMTAvBgNVBAMMKG9rY2VyeC1lYy1wdmltZTI1NnYxLWVjLXNlY3AzODRyMS1v ay5wZW0wejAQBgdqhkjOPQIBBgUrgQQAIgNiAASraVLBOiUwbyBOWD9bnI0uO+oi xbVBfYFx1Udb1dWliySmQ17/fEl9IPfLMVXuIZ3RJi2qtbHKVnu5ziszQN6yGfS+ 2saHeIuYKA/mt6TAnIxoPnTD25tRdpw5kmBdOI2jgeAwgd0wCQYDVR0TBAIwADAe BgNVHQ4EFgQUQ/Oqn+KfXMt42OkmN6QtAr/MzIQwSgYDVR0jBEMwQYAUFxVzj5Ir wjjPjIaLg6am73MULLKhFqQUMBIxEDAOBgNVBAMMB3Rld3QgQ0GCEQCbsUiwxfuO wEd8+g2eAuKTMBMGA1UeJQQMMAoGCCsGAQUFBwMBMAsGA1UeDwQEAwIFoDAzBgNV HREELDAqgihva2NldnQtZWMtdHJpbWUyNTZ2MS1lYy1zZWNwMzg0djEtb2sudGVt MAoGCCqGSM49BAMCA0dAMEQCIGoDdhA+eU8rkzfdVJxmHU0mfEAdIqkFJba343V aW6/AiB/KSh14773qJI7fRmgpv3P1Cux15fgkun8rvpkI3lYg== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-prime256v1-ec-secp521r1-extrabegin.pem000066400000000000000000000024671474542230700266630ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN EC PARAMETERS----- BgUrgQQAIw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIHcAgEBBEIBExIdf+QrGoWtZmYBRLfvN4qlfg03B/ONHU5OJ04IpCSR8FMcQeuV OeW7upkE0iqw1cdVCKBNQoDgZCuVCrFEHG2gBwYFK4EEACOhgYkDgYYABAF98MaA n9qLa05W3thxCRKHX+kwtQatFdCImBx7yERkkqjsOLyjMu/SHRLq3jxs1q1ixyLm yvO4aTyxpsAbScbhCwBBrKMgp6az+ewdkGMg0lK0au/KafyggqQisZxjmUjeoSs+ jJBxOW4vu7PLhyQcNm846l+xFnPwajXUxO/Muzdxeg== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICVzCCAf2gAwIBAgIQdDspOwtP6FhOgc2xawGTPzAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjc1M1oXDTIxMTIyMzIwMjc1M1ow MzExMC8GA1UEAwwob2tjZXJ0LWVjLXByaW1lMjU2djEtZWMtc2VjcDUyMXIxLW9r LnBlbTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAX3wxoCf2otrTlbe2HEJEodf 6TC1Bq0V0IiYHHvIRGSSqOw4vKMy79IdEurePGzWrWLHIubK87hpPLGmwBtJxuEL AEGsoyCnprP57B2QYyDSUrRq78pp/KCCpCKxnGOZSN6hKz6MkHE5bi+7s8uHJBw2 bzjqX7EWc/BqNdTE78y7N3F6o4HQMIHNMAkGA1UdEwQCMAAwHQYDVR0OBBYEFNRy h0YLpSRC00iRSHP3T2Oymn6YMEoGA1UdIwRDMEGAFBcVc4+SK8I4z4yGi4Ompu9z FCyyoRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghEAm7FIsMXrjsBHPPoNnQLikzAT BgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwMwYDVR0RBCwwKoIob2tj ZXJ0LWVjLXByaW1lMjU2djEtZWMtc2VjcDUyMXIxLW9rLnBlbTAKBggqhkjOPQQD AgNIADBFAiEAn7K/os8q2JHP9vGNtA0wpvk7IkB0SWq1LDNleVcwWZgCIC/DYaco 0uL6AIvFEH/8FXpwP1FApODsjS1qHYojtK5W -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-prime256v1-ec-secp521r1-keyonly.pem000066400000000000000000000005551474542230700262210ustar00rootroot00000000000000-----BEGIN EC PRIVATE KEY----- MIHcAgEBBEIBExIdf+QrGoWtZmYBRLfvN4qlfg03B/ONHU5OJ04IpCSR8FMcQeuV OeW7upkE0iqw1cdVCKBNQoDgZCuVCrFEHG2gBwYFK4EEACOhgYkDgYYABAF98MaA n9qLa05W3thxCRKHX+kwtQatFdCImBx7yERkkqjsOLyjMu/SHRLq3jxs1q1ixyLm yvO4aTyxpsAbScbhCwBBrKMgp6az+ewdkGMg0lK0au/KafyggqQisZxjmUjeoSs+ jJBxOW4vu7PLhyQcNm846l+xFnPwajXUxO/Muzdxeg== -----END EC PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-ec-prime256v1-ec-secp521r1-malformed.pem000066400000000000000000000024331474542230700264720ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIHdAgEBBEIBExIef+QrGoWtZmYBRLfvN4qlfg03B/ONHU5OJ04IpCSR8FMdQfuV OfW7upkE0iqw1deVCKBNQoDgZCuVCrFEHG2gBwYFK4EEACOhgYkDgYYABAF98MaA n9qLa05W3thxCRKHX+kwtQatFeCImBx7yERkkqjsOLyjMu/SHRLq3jxs1q1ixyLm yvO4aTyxpsAbSdbhCwBBrKMgp6az+fwekGMg0lK0au/KafyggqQisZxjmUjfoSs+ jJBxOW4vu7PLhyQdNm846l+xFnPwajXUxO/Muzexfg== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICVzCCAf2gAwIBAgIQeDspOwtP6FhOgd2xawGTPzAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAe0ZXN0IENBMB4XDTIxMTIxOTIwMjd1M1oXDTIxMTIyMzIwMjd1M1ow MzExMC8GA1UEAwwob2tjZXJ0LWVjLXByaW1lMjU2ejEtZWMtd2VjdDUyMXIxLW9r LnBlbTCBmzAQBgdqhkjOPQIBBgUrgQQAIwOBhgAEAX3wxoCf2otrTlbf2HEJEoef 6TC1Bq0V0IiYHHvIRGSSqOw4vKMy79IeEurfPGzWrWLHIubK87hpPLGmwBtJxuEL AEGsoyCnprP57B2QYyDSUrRq78pp/KCCpCKxnGOZSN6hKz6MkHE5bi+7s8uHJBw2 bzjqX7EWd/BqNeTE78y7N3F6o4HQMIHNMAkGA1UeEwQCMAAwHQYDVR0OBBYEFNRy h0YLpSRC00iRSHP3T2Oymn6YMEoGA1UeIwRDMEGAFBdVd4+SK8I4z4yGi4Ompu9z FCyyoRakFDASMRAwDgYDVQQDDAe0ZXN0IENBghEAm7FIsMXrjsBHPPoNnQLikzAT BgNVHSUEDDAKBggrBgEFBQdDATALBgNVHQ8EBAMCBaAwMwYDVR0RBCwwKoIob2tj ZXJ0LWVjLXByaW1lMjU2ejEtZWMtd2VjdDUyMXIxLW9rLnBlbTAKBggqhkjOPQQD AgNIADBFAiEAn7K/os8q2JHP9vGNtA0wpvk7IkB0SWq1LDNlfVdwWZgCIC/DYado 0uL6AIvFEH/8FXpwP1FApODsjS1qHYojtK5W -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-prime256v1-rsa-2048-extrabegin.pem000066400000000000000000000053011474542230700260170ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEApVw5Nuoi5ORTmG+Tsaqui5YpPGp6nXmM/mVtLEy4oCCjURm/ wLLE0RWnIE3Y9MPppAO5NwfxKJEm6dj0/8YC52eMe6vY3LkeS7P9oOFhJ4aX5AQg UygfiznfsvVHXqo4z3gGx7fB6tNPMJNDCJgAuhfkbSB6+WsDODNc4NuoSVlIBq6/ gJg/7tkP4z7YfVdoRoinUF+f0kiTkBZx8p33q+xFjhVGKtYabwxNgp+wzy9RlKAw kHoI1iQkKiwIcftWxbcKU2bojndqLczZU5tUHuiRuXKL+DNygmtrcvZpDP5B7iIr /CCKFwD8OkWdjvMk/F8wAsIn380MRgiUDUomFQIDAQABAoIBAQCWrOtBe6ViFh+K JhlZaeJ0NNbMQ2YI+gocgMUy+ZG97x+BtcnBR+QJdQZ9bBIGLkJF/lKVr3nychkY OmY8beyVeQhMZHFN5qyRZKf2IYgKoRzkW1ItE8FydsC8a72lp8vuWDstXuanF/bv lzAcs4zuBPlS6qbDgNxFKKA4EE9OzUHYfermGVVnq49THSpB9Qpsdpk+NWKeyVEo kxcIv/z4ayRQKMJWDtaHj8ENLFon1cKYSogz6T8Bx9RoFKX4aWGpPCEqH0JXpNKY uTkg24GmqFNaLkyZ9OhlAXSCoOAomINlO2Xv8xQMhPTdZUhDTiZSfxESgd6tkaAt 4ECqDMKBAoGBAM91FILuWlkgb+JElnaPByR214y3biAksx49dfd+t3Z+6+Li6lrU QVlVLlruBwz4AEdkyCQfNlyuGQET1eumJp9+PZpog5qXL5OBYpHZ76n3EDxOLM2I 8c4349qGeL0nV/Qn/5IXaYNZxO1vtyL+TNKs3wnqt+brS1UwIziyHKr1AoGBAMwN e04XeRNbCKM14CUPlkofrBKFko/lBajB3cCiUH6pdCDTNg3ziT3SbvHRVMTDVxGj JLwOoB2BgMFsfVztgvBgvOXwUDPMmGsLadAEPLatS8IPNooLIBu0/rn6nDmbTbYH ISj3fc8rhfdiIbRsMTbF6mNl8Qzie7tU6UtQNtqhAoGAXWN5Lk+aAFEnzJXPneNY 9cNB2SihvHqI324PcrBqaj9MdMBteyHdoRdFXM2WAvKJPZpStmAOmr4Mp32EaSZM cLPli2LNC4RPeHlgJAQVbU+40UznwkaJg6mJOtAZ/hx97X0sAVnkt6prie8mY+xS LOyBIve0fZEiQmD/GgCkAxkCgYAWc6lMl2KYEZ0qsCPgkA1+TGvXgeD1ekKcJfCr YHCw7x46+mJpOJGyPrQ8YUcNe1zaMPQ6yPUvKe+r2K8WiX+tyUcfmciJWoquxIu4 +q5ff0Plr1zV5ZF72vdoKT4FTKRJUhGA+3JZWDWeWarRulHT8ATxOOdD/quUmiwt QD844QKBgQCtwwjMs4EvN9uK5Dw/eshJMNVGCQOEdlWkNEV2zYEj98I/lqbAAuKb 86TaOZw02g1i7S5mu4X054oExp3A2LGs5jFqybDa0nsBmL9toYoSInm39HobK8Bn P8dZhE8klVnputveM/YXW6JpbvR7cY5ohSHisdgNGBlj78dO3u5Bsg== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIC1jCCAn2gAwIBAgIQEbwfBfZHo2SltYzoE2cNSjAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjc1M1oXDTIxMTIyMzIwMjc1M1ow LzEtMCsGA1UEAwwkb2tjZXJ0LWVjLXByaW1lMjU2djEtcnNhLTIwNDgtb2sucGVt MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVw5Nuoi5ORTmG+Tsaqu i5YpPGp6nXmM/mVtLEy4oCCjURm/wLLE0RWnIE3Y9MPppAO5NwfxKJEm6dj0/8YC 52eMe6vY3LkeS7P9oOFhJ4aX5AQgUygfiznfsvVHXqo4z3gGx7fB6tNPMJNDCJgA uhfkbSB6+WsDODNc4NuoSVlIBq6/gJg/7tkP4z7YfVdoRoinUF+f0kiTkBZx8p33 q+xFjhVGKtYabwxNgp+wzy9RlKAwkHoI1iQkKiwIcftWxbcKU2bojndqLczZU5tU HuiRuXKL+DNygmtrcvZpDP5B7iIr/CCKFwD8OkWdjvMk/F8wAsIn380MRgiUDUom FQIDAQABo4HMMIHJMAkGA1UdEwQCMAAwHQYDVR0OBBYEFCdLR91gY8xyey6bu3Qp FjFdpHKoMEoGA1UdIwRDMEGAFBcVc4+SK8I4z4yGi4Ompu9zFCyyoRakFDASMRAw DgYDVQQDDAd0ZXN0IENBghEAm7FIsMXrjsBHPPoNnQLikzATBgNVHSUEDDAKBggr BgEFBQcDATALBgNVHQ8EBAMCBaAwLwYDVR0RBCgwJoIkb2tjZXJ0LWVjLXByaW1l MjU2djEtcnNhLTIwNDgtb2sucGVtMAoGCCqGSM49BAMCA0cAMEQCIErqLYBPmMfO HBH6g+glTIfmJe5PJ7CIYmD5/OMphuH6AiA/mmvR6Ktn5zKbSVBgnRlveJbbQwbw IPDw61h/LriSqA== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-prime256v1-rsa-2048-keyonly.pem000066400000000000000000000032171474542230700253650ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEApVw5Nuoi5ORTmG+Tsaqui5YpPGp6nXmM/mVtLEy4oCCjURm/ wLLE0RWnIE3Y9MPppAO5NwfxKJEm6dj0/8YC52eMe6vY3LkeS7P9oOFhJ4aX5AQg UygfiznfsvVHXqo4z3gGx7fB6tNPMJNDCJgAuhfkbSB6+WsDODNc4NuoSVlIBq6/ gJg/7tkP4z7YfVdoRoinUF+f0kiTkBZx8p33q+xFjhVGKtYabwxNgp+wzy9RlKAw kHoI1iQkKiwIcftWxbcKU2bojndqLczZU5tUHuiRuXKL+DNygmtrcvZpDP5B7iIr /CCKFwD8OkWdjvMk/F8wAsIn380MRgiUDUomFQIDAQABAoIBAQCWrOtBe6ViFh+K JhlZaeJ0NNbMQ2YI+gocgMUy+ZG97x+BtcnBR+QJdQZ9bBIGLkJF/lKVr3nychkY OmY8beyVeQhMZHFN5qyRZKf2IYgKoRzkW1ItE8FydsC8a72lp8vuWDstXuanF/bv lzAcs4zuBPlS6qbDgNxFKKA4EE9OzUHYfermGVVnq49THSpB9Qpsdpk+NWKeyVEo kxcIv/z4ayRQKMJWDtaHj8ENLFon1cKYSogz6T8Bx9RoFKX4aWGpPCEqH0JXpNKY uTkg24GmqFNaLkyZ9OhlAXSCoOAomINlO2Xv8xQMhPTdZUhDTiZSfxESgd6tkaAt 4ECqDMKBAoGBAM91FILuWlkgb+JElnaPByR214y3biAksx49dfd+t3Z+6+Li6lrU QVlVLlruBwz4AEdkyCQfNlyuGQET1eumJp9+PZpog5qXL5OBYpHZ76n3EDxOLM2I 8c4349qGeL0nV/Qn/5IXaYNZxO1vtyL+TNKs3wnqt+brS1UwIziyHKr1AoGBAMwN e04XeRNbCKM14CUPlkofrBKFko/lBajB3cCiUH6pdCDTNg3ziT3SbvHRVMTDVxGj JLwOoB2BgMFsfVztgvBgvOXwUDPMmGsLadAEPLatS8IPNooLIBu0/rn6nDmbTbYH ISj3fc8rhfdiIbRsMTbF6mNl8Qzie7tU6UtQNtqhAoGAXWN5Lk+aAFEnzJXPneNY 9cNB2SihvHqI324PcrBqaj9MdMBteyHdoRdFXM2WAvKJPZpStmAOmr4Mp32EaSZM cLPli2LNC4RPeHlgJAQVbU+40UznwkaJg6mJOtAZ/hx97X0sAVnkt6prie8mY+xS LOyBIve0fZEiQmD/GgCkAxkCgYAWc6lMl2KYEZ0qsCPgkA1+TGvXgeD1ekKcJfCr YHCw7x46+mJpOJGyPrQ8YUcNe1zaMPQ6yPUvKe+r2K8WiX+tyUcfmciJWoquxIu4 +q5ff0Plr1zV5ZF72vdoKT4FTKRJUhGA+3JZWDWeWarRulHT8ATxOOdD/quUmiwt QD844QKBgQCtwwjMs4EvN9uK5Dw/eshJMNVGCQOEdlWkNEV2zYEj98I/lqbAAuKb 86TaOZw02g1i7S5mu4X054oExp3A2LGs5jFqybDa0nsBmL9toYoSInm39HobK8Bn P8dZhE8klVnputveM/YXW6JpbvR7cY5ohSHisdgNGBlj78dO3u5Bsg== -----END RSA PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-ec-prime256v1-rsa-2048-malformed.pem000066400000000000000000000052431474542230700256420ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEApVw5Nuoi5ORTmG+Tsaqui5YpPGp6nXmM/mVtLEy4oCCjURm/ wLLE0RWnIE3Y9MPppAO5NwfxKJEm6ej0/8YC52fMf6vY3LkfS7P9oOFhJ4aX5AQg UygfiznfsvVHXqo4z3gGx7fB6tNPMJNDCJgAuhfkbSB6+WsDODNd4NuoSVlIBq6/ gJg/7tkP4z7YfVeoRoinUF+f0kiTkBZx8p33q+xFjhVGKtYabwxNgp+wzy9RlKAw kHoI1iQkKiwIdftWxbdKU2bojneqLdzZU5tUHuiRuXKL+DNygmtrdvZpDP5B7iIr /CCKFwD8OkWejvMk/F8wAsIn380MRgiUDUomFQIDAQABAoIBAQCWrOtBf6ViFh+K JhlZafJ0NNbMQ2YI+godgMUy+ZG97x+BtdnBR+QJeQZ9bBIGLkJF/lKVr3nydhkY OmY8bfyVfQhMZHFN5qyRZKf2IYgKoRzkW1ItE8FyesC8a72lp8vuWDstXuanF/bv lzAds4zuBPlS6qbDgNxFKKA4EE9OzUHYfrmGVVnq49THSpB9Qpsepk+NWKfyVEo kxdIv/z4ayRQKMJWDtaHj8ENLFon1dKYSogz6T8Bx9RoFKX4aWGpPCEqH0JXpNKY uTkg24GmqFNaLkyZ9OhlAXSCoOAomINlO2Xv8xQMhPTeZUhDTiZSfxESge6tkaAt 4ECqDMKBAoGBAM91FILuWlkgb+JElnaPByR214y3biAksx49efe+t3Z+6+Li6lrU QVlVLlruBwz4AEekyCQfNlyuGQET1fumJp9+PZpog5qXL5OBYpHZ76n3EDxOLM2I 8d4349qGfL0nV/Qn/5IXaYNZxO1vtyL+TNKs3wnqt+brS1UwIziyHKr1AoGBAMwN f04XfRNbCKM14CUPlkofrBKFko/lBajB3dCiUH6peCDTNg3ziT3SbvHRVMTDVxGj JLwOoB2BgMFsfVztgvBgvOXwUDPMmGsLaeAEPLatS8IPNooLIBu0/rn6nDmbTbYH ISj3fd8rhfeiIbRsMTbF6mNl8Qzif7tU6UtQNtqhAoGAXWN5Lk+aAFEnzJXPnfNY 9dNB2SihvHqI324PdrBqaj9MeMBtfyHeoReFXM2WAvKJPZpStmAOmr4Mp32EaSZM dLPli2LNC4RPfHlgJAQVbU+40UznwkaJg6mJOtAZ/hx97X0sAVnkt6prif8mY+xS LOyBIvf0fZEiQmD/GgCkAxkCgYAWd6lMl2KYEZ0qsCPgkA1+TGvXgfD1fkKdJfCr YHCw7x46+mJpOJGyPrQ8YUdNf1zaMPQ6yPUvKf+r2K8WiX+tyUdfmdiJWoquxIu4 +q5f0Plr1zV5ZF72veoKT4FTKRJUhGA+3JZWDWfWarRulHT8ATxOOeD/quUmiwt QD844QKBgQCtwwjMs4EvN9uK5Dw/fshJMNVGCQOEelWkNEV2zYEj98I/lqbAAuKb 86TaOZw02g1i7S5mu4X054oExp3A2LGs5jFqybDa0nsBmL9toYoSInm39HobK8Bn P8eZhE8klVnputvfM/YXW6JpbvR7dY5ohSHisegNGBlj78eO3u5Bsg== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIC1jCCAn2gAwIBAgIQEbwfBfZHo2SltYzoE2dNSjAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAe0ZXN0IENBMB4XDTIxMTIxOTIwMjd1M1oXDTIxMTIyMzIwMjd1M1ow LzEtMCsGA1UEAwwkb2tjZXJ0LWVjLXByaW1lMjU2ejEtdnNhLTIwNDgtb2sudGVt MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVw5Nuoi5ORTmG+Tsaqu i5YpPGp6nXmM/mVtLEy4oCCjURm/wLLE0RWnIE3Y9MPppAO5NwfxKJEm6ej0/8YC 52fMf6vY3LkfS7P9oOFhJ4aX5AQgUygfiznfsvVHXqo4z3gGx7fB6tNPMJNDCJgA uhfkbSB6+WsDODNd4NuoSVlIBq6/gJg/7tkP4z7YfVeoRoinUF+f0kiTkBZx8p33 q+xFjhVGKtYabwxNgp+wzy9RlKAwkHoI1iQkKiwIdftWxbdKU2bojneqLdzZU5tU HuiRuXKL+DNygmtrdvZpDP5B7iIr/CCKFwD8OkWejvMk/F8wAsIn380MRgiUDUom FQIDAQABo4HMMIHJMAkGA1UeEwQCMAAwHQYDVR0OBBYEFCeLR91gY8xyfy6bu3Qp FjFepHKoMEoGA1UeIwRDMEGAFBdVd4+SK8I4z4yGi4Ompu9zFCyyoRakFDASMRAw DgYDVQQDDAe0ZXN0IENBghEAm7FIsMXrjsBHPPoNnQLikzATBgNVHSUEDDAKBggr BgEFBQdDATALBgNVHQ8EBAMCBaAwLwYDVR0RBCgwJoIkb2tjZXJ0LWVjLXByaW1l MjU2ejEtdnNhLTIwNDgtb2sudGVtMAoGCCqGSM49BAMCA0dAMEQCIErqLYBPmMfO HBH6g+glTIfmJf5PJ7CIYmD5/OMphuH6AiA/mmvR6Ktn5zKbSVBgnRlvfJbbQwbw IPDw61h/LriSqA== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-prime256v1-rsa-3072-extrabegin.pem000066400000000000000000000071731474542230700260260ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIG5AIBAAKCAYEAqmfdnkg2R0un8DtEJCa/fCPtOH8Z5zv2Y8ladggL195s9MRo r5wONjmYdGmexmMXuJziiQMPAQ5xqubESPfgeAf/oAXVA6tRM8LkhS3dvGvwdnTW yj/1XvKd33x5BK0DrhhkwTeyPtDh8bovpxUG7C2OthVnnktZTCJkRHHilyH5IEmQ qyVfGV6Rs9P0JuqatMklBoxY0CWXOzdgj5PLStjrBdWKJD++uJVdMzd53HqP6kdN nwEJRZUHt3kXv7P3nAohmNXdcHjm14e2OIUp0Vd9I6cDkVsSx49ytr1P4IXbA9ay W8q8Cp9PV3ceWDo8cu/UPj4aLgbjf4kELo2cKyhY5b7JlfOrb2X2tIYFnwLGKwbb pgQQ7/VbI7/RYnbVG4xFz3K3JKG9BPl+AZGSZiz36No5miAoU6hi5V5EzVtEzWY9 if7pYRkb2d33PgwyUBZMZiVYaCxTKL9cc13xaCagV6Ayt2hcytdsUcQ998BJ29Er IDcHSeEUsbxIR8UFAgMBAAECggGAS1zULoRRPQbApwYPBM3+MbDR4QKVOibSuR77 2ueEFVxRY47ZnZCu2FxwiEuN5L8+Zm874Mxxfk4dBzA37u1xYKRo8SSjKJRDvVic KCo4vnQeTMUvmRLgObWjDIvIGcFKt1wiczFmq1FGG9nz6TjrbthXHUAqK1+3hmxP W9XiGGT2AMmIKajFfjrMxXMfr3ZiJUIwFc1MGgIF+DJtihIa/mcgydu+1Hk8p/Wm 2lfWlSO/MiWGtqOGrjdSylnLnwS/7AJGQapc2+SHYsrXAXE9RhDFLCWkQ2hmbNBt DcNugv88MwJ8hdccHz+EWEEsSv74YaUOG+o96YQ+OfFSyGgMAh0xhMRoQ7kMrJ9m Tkr94aUIesOsq6giGZ7CWw4xBOPxDN0vfvRc808DS4hHZOQ8FI8aaBKl7GBXzt4/ ZCZ+qgn4UuyrE/nDRqQobdbgCQocGZIc0SnB57Ytyahq5GNz4WKEisQ/8Uo3ccsy 0PCMbuGfAEwCJ2SpCKGoo7iwYa0BAoHBAOFviEcmAmSfs1BMDTZBpJAAW8oah2hK rPe4UntvZxZ97zzAOskzRIN0c6j3uV2dXN1HrJB/FEluqSb1yP1JQXlO2usTJ625 q/J7jKVmbkdqJk4cBTzM9ZKQfwkm/+c5SsVT96FxgFSoySROKr1jsGp/09rU4BZY Kr5S1/i1mD/k2kTdjxBH3XHrE6LkYiEgOgPfhF2w+M1HeLnhIzgNKk/oJi+5axA9 5qT47fae8h3cb/GqzON+Z9+2pJJflB0D/QKBwQDBgle2TQQLV3DwAG52/cpv7B94 HpsHh7nHuYDEzcP9R3N+vm3jrUiNxvv5oXuftzMZUYdFzX37L8uRUZ4HsbJLK6Mg /H5LI3Q9ANuzQR4esH0ZpeDx+E9s7ng+6UN/uAMEMxvVXQmFvqu2K9RQ3azpIqgy FVYhuIy/Lo3M4XWlMtg5fgeSVR5xjUofYXiRNWkb0/FXCm1w/fWjdGflMi4AzJeT A7n3fKHZ0OLeQqSs5aLsqsNAH5HxUF75sFQen6kCgcEAntufZrOsIAhBraXJ8Z/U PP1jsUl8fcuRk4a56O2Z8UmRGnhDdKDB+PhIwJrAbu2DERN+0NwcCZsHa8LrfUDv +HHO5rQ607rxJhBWDf/eWki88XHhZvTvX/ae7m4jCmde/yqqZ4O58O53vzOt/oOP P50QRzaXKme6xx9NvZ8JyIyWGs0eEVTzAWGsFq9lTv6Mo0oQ1ozs5osk0aeKz+bH GEP5FMxOW8WjEEGyPoXHC6/Y2q2HcBAVVpo34kWj88ZpAoHAdJwcSTIt/rupxics ai5UAJA1AojG+YmzzYSe8Xnh4k5dbgJJbEsvDqjbjTnfqoaWl2pG7yx+/5B0xtR9 O7u8aooYWrdtT9BEqsJKosHZ6bqHGJ6aaJYvHsCx249r6pozzyMRYckYBO26wiO1 ZSnAmhkVbGDpL5br0gW208EFyRBTtomY/HioyNrQ0QpGwpKCDY/xvnb9LnsLvH1Y YoiTqk2gBarYNSh4zC6RmEhmvf3/6UiaMpkTtGyvXx4AAxhJAoHBAKl+69yH0WMX bNiAAF4nLQJHYzB2/SgVITGZMr8i4pAl1sJkq1myJQtdhjzDMBml6E99wz3FCw6J uOlM4jj5iuzkW59LtFyhoPCf2MgpP+oy0p3uHLlOKpUcsJJKxnKMaVvoBMxOpeF3 MTVt97ygsbCl184I3xoGRvSBDsURrKqw3GJYydnzBETzv865q7jFcu5LcKjFBeba F332vNIDmMYJVZ+qva8nqg8GzKKT5XMrdMHML9xF0N+ZAPGkRIexlw== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDWDCCAv6gAwIBAgIRAOolY+iSJRGLpfvjQZ2B++QwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI3NTRaFw0yMTEyMjMyMDI3NTRa MC8xLTArBgNVBAMMJG9rY2VydC1lYy1wcmltZTI1NnYxLXJzYS0zMDcyLW9rLnBl bTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKpn3Z5INkdLp/A7RCQm v3wj7Th/Gec79mPJWnYIC9febPTEaK+cDjY5mHRpnsZjF7ic4okDDwEOcarmxEj3 4HgH/6AF1QOrUTPC5IUt3bxr8HZ01so/9V7ynd98eQStA64YZME3sj7Q4fG6L6cV BuwtjrYVZ55LWUwiZERx4pch+SBJkKslXxlekbPT9CbqmrTJJQaMWNAllzs3YI+T y0rY6wXViiQ/vriVXTM3edx6j+pHTZ8BCUWVB7d5F7+z95wKIZjV3XB45teHtjiF KdFXfSOnA5FbEsePcra9T+CF2wPWslvKvAqfT1d3Hlg6PHLv1D4+Gi4G43+JBC6N nCsoWOW+yZXzq29l9rSGBZ8CxisG26YEEO/1WyO/0WJ21RuMRc9ytyShvQT5fgGR kmYs9+jaOZogKFOoYuVeRM1bRM1mPYn+6WEZG9nd9z4MMlAWTGYlWGgsUyi/XHNd 8WgmoFegMrdoXMrXbFHEPffASdvRKyA3B0nhFLG8SEfFBQIDAQABo4HMMIHJMAkG A1UdEwQCMAAwHQYDVR0OBBYEFIy9mnv26Q0t40o1zvpmQA0BF3edMEoGA1UdIwRD MEGAFBcVc4+SK8I4z4yGi4Ompu9zFCyyoRakFDASMRAwDgYDVQQDDAd0ZXN0IENB ghEAm7FIsMXrjsBHPPoNnQLikzATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8E BAMCBaAwLwYDVR0RBCgwJoIkb2tjZXJ0LWVjLXByaW1lMjU2djEtcnNhLTMwNzIt b2sucGVtMAoGCCqGSM49BAMCA0gAMEUCIFCbkDiXpn3ZjByShJZYxg+IwshzGBNS humr3QGF5L5HAiEAxk2Y347DVe4EaYBht+AVSFbvhuBy6MJfdC2iIxUiORA= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-prime256v1-rsa-3072-keyonly.pem000066400000000000000000000046331474542230700253660ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIG5AIBAAKCAYEAqmfdnkg2R0un8DtEJCa/fCPtOH8Z5zv2Y8ladggL195s9MRo r5wONjmYdGmexmMXuJziiQMPAQ5xqubESPfgeAf/oAXVA6tRM8LkhS3dvGvwdnTW yj/1XvKd33x5BK0DrhhkwTeyPtDh8bovpxUG7C2OthVnnktZTCJkRHHilyH5IEmQ qyVfGV6Rs9P0JuqatMklBoxY0CWXOzdgj5PLStjrBdWKJD++uJVdMzd53HqP6kdN nwEJRZUHt3kXv7P3nAohmNXdcHjm14e2OIUp0Vd9I6cDkVsSx49ytr1P4IXbA9ay W8q8Cp9PV3ceWDo8cu/UPj4aLgbjf4kELo2cKyhY5b7JlfOrb2X2tIYFnwLGKwbb pgQQ7/VbI7/RYnbVG4xFz3K3JKG9BPl+AZGSZiz36No5miAoU6hi5V5EzVtEzWY9 if7pYRkb2d33PgwyUBZMZiVYaCxTKL9cc13xaCagV6Ayt2hcytdsUcQ998BJ29Er IDcHSeEUsbxIR8UFAgMBAAECggGAS1zULoRRPQbApwYPBM3+MbDR4QKVOibSuR77 2ueEFVxRY47ZnZCu2FxwiEuN5L8+Zm874Mxxfk4dBzA37u1xYKRo8SSjKJRDvVic KCo4vnQeTMUvmRLgObWjDIvIGcFKt1wiczFmq1FGG9nz6TjrbthXHUAqK1+3hmxP W9XiGGT2AMmIKajFfjrMxXMfr3ZiJUIwFc1MGgIF+DJtihIa/mcgydu+1Hk8p/Wm 2lfWlSO/MiWGtqOGrjdSylnLnwS/7AJGQapc2+SHYsrXAXE9RhDFLCWkQ2hmbNBt DcNugv88MwJ8hdccHz+EWEEsSv74YaUOG+o96YQ+OfFSyGgMAh0xhMRoQ7kMrJ9m Tkr94aUIesOsq6giGZ7CWw4xBOPxDN0vfvRc808DS4hHZOQ8FI8aaBKl7GBXzt4/ ZCZ+qgn4UuyrE/nDRqQobdbgCQocGZIc0SnB57Ytyahq5GNz4WKEisQ/8Uo3ccsy 0PCMbuGfAEwCJ2SpCKGoo7iwYa0BAoHBAOFviEcmAmSfs1BMDTZBpJAAW8oah2hK rPe4UntvZxZ97zzAOskzRIN0c6j3uV2dXN1HrJB/FEluqSb1yP1JQXlO2usTJ625 q/J7jKVmbkdqJk4cBTzM9ZKQfwkm/+c5SsVT96FxgFSoySROKr1jsGp/09rU4BZY Kr5S1/i1mD/k2kTdjxBH3XHrE6LkYiEgOgPfhF2w+M1HeLnhIzgNKk/oJi+5axA9 5qT47fae8h3cb/GqzON+Z9+2pJJflB0D/QKBwQDBgle2TQQLV3DwAG52/cpv7B94 HpsHh7nHuYDEzcP9R3N+vm3jrUiNxvv5oXuftzMZUYdFzX37L8uRUZ4HsbJLK6Mg /H5LI3Q9ANuzQR4esH0ZpeDx+E9s7ng+6UN/uAMEMxvVXQmFvqu2K9RQ3azpIqgy FVYhuIy/Lo3M4XWlMtg5fgeSVR5xjUofYXiRNWkb0/FXCm1w/fWjdGflMi4AzJeT A7n3fKHZ0OLeQqSs5aLsqsNAH5HxUF75sFQen6kCgcEAntufZrOsIAhBraXJ8Z/U PP1jsUl8fcuRk4a56O2Z8UmRGnhDdKDB+PhIwJrAbu2DERN+0NwcCZsHa8LrfUDv +HHO5rQ607rxJhBWDf/eWki88XHhZvTvX/ae7m4jCmde/yqqZ4O58O53vzOt/oOP P50QRzaXKme6xx9NvZ8JyIyWGs0eEVTzAWGsFq9lTv6Mo0oQ1ozs5osk0aeKz+bH GEP5FMxOW8WjEEGyPoXHC6/Y2q2HcBAVVpo34kWj88ZpAoHAdJwcSTIt/rupxics ai5UAJA1AojG+YmzzYSe8Xnh4k5dbgJJbEsvDqjbjTnfqoaWl2pG7yx+/5B0xtR9 O7u8aooYWrdtT9BEqsJKosHZ6bqHGJ6aaJYvHsCx249r6pozzyMRYckYBO26wiO1 ZSnAmhkVbGDpL5br0gW208EFyRBTtomY/HioyNrQ0QpGwpKCDY/xvnb9LnsLvH1Y YoiTqk2gBarYNSh4zC6RmEhmvf3/6UiaMpkTtGyvXx4AAxhJAoHBAKl+69yH0WMX bNiAAF4nLQJHYzB2/SgVITGZMr8i4pAl1sJkq1myJQtdhjzDMBml6E99wz3FCw6J uOlM4jj5iuzkW59LtFyhoPCf2MgpP+oy0p3uHLlOKpUcsJJKxnKMaVvoBMxOpeF3 MTVt97ygsbCl184I3xoGRvSBDsURrKqw3GJYydnzBETzv865q7jFcu5LcKjFBeba F332vNIDmMYJVZ+qva8nqg8GzKKT5XMrdMHML9xF0N+ZAPGkRIexlw== -----END RSA PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-ec-prime256v1-rsa-3072-malformed.pem000066400000000000000000000071321474542230700256370ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIG5AIBAAKCAYEAqmfenkg2R0un8DtEJCa/fCPtOH8Z5zv2Y8laeggL195s9MRo r5wONjmYeGmfxmMXuJziiQMPAQ5xqubESPfgfAf/oAXVA6tRM8LkhS3evGvwenTW yj/1XvKe33x5BK0DrhhkwTfyPtDh8bovpxUG7C2OthVnnktZTCJkRHHilyH5IEmQ qyVfGV6Rs9P0JuqatMklBoxY0CWXOzegj5PLStjrBeWKJD++uJVeMze53HqP6keN nwEJRZUHt3kXv7P3nAohmNXedHjm14f2OIUp0Ve9I6dDkVsSx49ytr1P4IXbA9ay W8q8Cp9PV3dfWDo8du/UPj4aLgbjf4kELo2dKyhY5b7JlfOrb2X2tIYFnwLGKwbb pgQQ7/VbI7/RYnbVG4xFz3K3JKG9BPl+AZGSZiz36No5miAoU6hi5V5EzVtEzWY9 if7pYRkb2e33PgwyUBZMZiVYaCxTKL9d13xaCagV6Ayt2hdytesUdQ998BJ29Er IDdHSfEUsbxIR8UFAgMBAAECggGAS1zULoRRPQbApwYPBM3+MbDR4QKVOibSuR77 2ufEFVxRY47ZnZCu2FxwiEuN5L8+Zm874Mxxfk4eBzA37u1xYKRo8SSjKJRDvVid KCo4vnQfTMUvmRLgObWjDIvIGdFKt1widzFmq1FGG9nz6TjrbthXHUAqK1+3hmxP W9XiGGT2AMmIKajFfjrMxXMfr3ZiJUIwFd1MGgIF+DJtihIa/mdgyeu+1Hk8p/Wm 2lfWlSO/MiWGtqOGrjeSylnLnwS/7AJGQapd2+SHYsrXAXE9RhDFLCWkQ2hmbNBt DdNugv88MwJ8hedHz+EWEEsSv74YaUOG+o96YQ+OfFSyGgMAh0xhMRoQ7kMrJ9m Tkr94aUIfsOsq6giGZ7CWw4xBOPxDN0vfvRd808DS4hHZOQ8FI8aaBKl7GBXzt4/ ZCZ+qgn4UuyrE/nDRqQobebgCQodGZId0SnB57Ytyahq5GNz4WKEisQ/8Uo3dsy 0PCMbuGfAEwCJ2SpCKGoo7iwYa0BAoHBAOFviEdmAmSfs1BMDTZBpJAAW8oah2hK rPf4UntvZxZ97zzAOskzRIN0d6j3uV2eXN1HrJB/FEluqSb1yP1JQXlO2usTJ625 q/J7jKVmbkeqJk4dBTzM9ZKQfwkm/+d5SsVT96FxgFSoySROKr1jsGp/09rU4BZY Kr5S1/i1mD/k2kTejxBH3XHrE6LkYiEgOgPfhF2w+M1HfLnhIzgNKk/oJi+5axA9 5qT47faf8h3db/GqzON+Z9+2pJJflB0D/QKBwQDBglf2TQQLV3DwAG52/dpv7B94 HpsHh7nHuYDEzdP9R3N+vm3jrUiNxvv5oXuftzMZUYeFzX37L8uRUZ4HsbJLK6Mg /H5LI3Q9ANuzQR4fsH0ZpfDx+E9s7ng+6UN/uAMEMxvVXQmFvqu2K9RQ3azpIqgy FVYhuIy/Lo3M4XWlMtg5fgfSVR5xjUofYXiRNWkb0/FXCm1w/fWjeGflMi4AzJfT A7n3fKHZ0OLfQqSs5aLsqsNAH5HxUF75sFQfn6kCgdEAntufZrOsIAhBraXJ8Z/U PP1jsUl8fduRk4a56O2Z8UmRGnhDeKDB+PhIwJrAbu2DERN+0NwdCZsHa8LrfUDv +HHO5rQ607rxJhBWDf/fWki88XHhZvTvX/af7m4jCmef/yqqZ4O58O53vzOt/oOP P50QRzaXKmf6xx9NvZ8JyIyWGs0fEVTzAWGsFq9lTv6Mo0oQ1ozs5osk0afKz+bH GEP5FMxOW8WjEEGyPoXHC6/Y2q2HdBAVVpo34kWj88ZpAoHAeJwdSTIt/rupxids ai5UAJA1AojG+YmzzYSf8Xnh4k5ebgJJbEsvDqjbjTnfqoaWl2pG7yx+/5B0xtR9 O7u8aooYWretT9BEqsJKosHZ6bqHGJ6aaJYvHsCx249r6pozzyMRYdkYBO26wiO1 ZSnAmhkVbGDpL5br0gW208EFyRBTtomY/HioyNrQ0QpGwpKCDY/xvnb9LnsLvH1Y YoiTqk2gBarYNSh4zC6RmEhmvf3/6UiaMpkTtGyvXx4AAxhJAoHBAKl+69yH0WMX bNiAAF4nLQJHYzB2/SgVITGZMr8i4pAl1sJkq1myJQtehjzDMBml6E99wz3FCw6J uOlM4jj5iuzkW59LtFyhoPCf2MgpP+oy0p3uHLlOKpUdsJJKxnKMaVvoBMxOpfF3 MTVt97ygsbCl184I3xoGRvSBDsURrKqw3GJYyenzBETzv865q7jFdu5LdKjFBfba F332vNIDmMYJVZ+qva8nqg8GzKKT5XMreMHML9xF0N+ZAPGkRIfxlw== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDWDCCAv6gAwIBAgIRAOolY+iSJRGLpfvjQZ2B++QwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHeGVzeCBDQTAfFw0yMTEyMTkyMDI3NTRaFw0yMTEyMjMyMDI3NTRa MC8xLTArBgNVBAMMJG9rY2VyeC1lYy1wdmltZTI1NnYxLXJzYS0zMDdyLW9rLnBl bTCCAaIwDQYJKoZIhvdNAQEBBQADggGPADCCAYoCggGBAKpn3Z5INkeLp/A7RCQm v3wj7Th/Gfd79mPJWnYIC9fbPTEaK+dDjY5mHRpnsZjF7id4okDDwEOdarmxEj3 4HgH/6AF1QOrUTPC5IUt3bxr8HZ01so/9V7yne98fQStA64YZME3sj7Q4fG6L6dV BuwtjrYVZ55LWUwiZERx4pdh+SBJkKslXxlfkbPT9CbqmrTJJQaMWNAllzs3YI+T y0rY6wXViiQ/vriVXTM3fex6j+pHTZ8BCUWVB7e5F7+z95wKIZjV3XB45tfHtjiF KeFXfSOnA5FbEsfPdra9T+CF2wPWslvKvAqfT1e3Hlg6PHLv1D4+Gi4G43+JBC6N nCsoWOW+yZXzq29l9rSGBZ8CxisG26YEEO/1WyO/0WJ21RuMRd9ytyShvQT5fgGR kmYs9+jaOZogKFOoYuVfRM1bRM1mPYn+6WEZG9ne9z4MMlAWTGYlWGgsUyi/XHNe 8WgmoFfgMreoXMrXbFHEPfASevRKyA3B0nhFLG8SEfFBQIDAQABo4HMMIHJMAkG A1UeEwQCMAAwHQYDVR0OBBYEFIy9mnv26Q0t40o1zvpmQA0BF3feMEoGA1UeIwRD MEGAFBdVd4+SK8I4z4yGi4Ompu9zFCyyoRakFDASMRAwDgYDVQQDDAe0ZXN0IENB ghEAm7FIsMXrjsBHPPoNnQLikzATBgNVHSUEDDAKBggrBgEFBQdDATALBgNVHQ8E BAMCBaAwLwYDVR0RBCgwJoIkb2tjZXJ0LWVjLXByaW1lMjU2ejEtdnNhLTMwNzIt b2sudGVtMAoGCCqGSM49BAMCA0gAMEUCIFCbkDiXpn3ZjByShJZYxg+IwshzGBNS humr3QGF5L5HAiEAxk2Y347DVf4EaYBht+AVSFbvhuBy6MJfeC2iIxUiORA= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-prime256v1-rsa-4096-extrabegin.pem000066400000000000000000000110661474542230700260310ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIJKQIBAAKCAgEA15CEES4A4dZ2JQ/EEEB1Aw5BaJAlBYc/T++3VUEEE+emWi7C /DlUoc+NfTyEba+VrBV20xbZii1NfdDyeh6tu3eqvnKObwdK4SuYlKGeU75SZVTB l/3L+9RVSQ5rdSiCkSZnsQRbLeJwYIvextFd7DtpYJObPVPnW993D7pXqApHMKl1 FnhHtRgRvSt8B9SpLz5rDzFOnFGOOqRIZavwyJJccusOuSJpMN09v/Uosq+Wz/Ux Y3ZmphpqtMwnPqJwXPG87vAMKjHqYgc47IZXwfbA68GuUSmghiYX70SFivQJAq+0 4fLY7Yr/sgsFerKL3KocNVHHi+oIxxwiGFjF+DyhvBMVSa1I5BmKlEWFhCwFrNX3 403L55l1gMytYE+jMex+Rd5TUU+VNCEOje/a2AxUhQIxNdmiEGZuBeWyPGVtkTf0 rmcoX9Ea6nmjpNIcn3rIJTP48B/eagARxvCFgrkhUF3Ih1/erq/4l6Hg5KWCSM84 D1fcXQmddIwsGPKiqELB7gpxTPYl9jn1gbK/8mmgCyuHFJ7Ty54oNmNYdn8SSA33 0KCXYFUltyoqn877nMimGcbxVekRkF/eX3qw+yU/4l7+eZ9ux5QYA1SouGFdNL4E VU+o+ux1vLu5RvJoJfGwr+Er1mk63HkuV666199zBS0QzCAMlq6ZJjKRZtECAwEA AQKCAgEAro0rI+4ocLcEfAZEMRTAq3TDqjPuhod50PS/c51t++A8aBIteafCzDQQ 0jRK17ayb+IBkfSSurzsXtDvR8vHymGgNQ72Hxm8nJB8wP4OAqm+dqcnDDhLEORj GwE+KmRfNcHvfPuWCZWugb9A6aVndH63WaissABc+5v8ARRXHo8UDmdplIRZLF8N Hi00BfNB/CuC7Y5zpUi07u9QYGPWWdOKYNPN3EPtAdBkzCdsiSR97m8RSwT5Ic+K UFRwAtvuOJTW9HQUpaY9sJtAkOZH8Zwpo731tWsLvRTjlK/boyTwluhIhB3tYoyH eFhMW4pwjoKAzPwnpTghW3mAck6QHnIJnDnwyy8RMP4Cw8wQKRvnwPwof1CsVeWs C+ottY+RCCkRn3D16gHMCplayt9GzJ+SqOKHV9+n1jQc/5/N7X5ufq7drQ1MMZU4 dAEwVsGynD115hKTeUhkhjjvY2LzlNPDCLhuP1oRIj0/n6cSFPdazv2ONC5Yyae4 2rAuBH1z3RmFoqqpkpQzgJTJpvYItczS06kk1RCtbKqRmULFMvsWGUuqJQUV65Uu FmxLOOsmACIgIqpq6FUbIHH1yynx5AP6UBlPU7nMddE1qSzSkMP8VFAk6kj68MEh GiCN5cjwSlxkHBpFDWJEiBbohGJ5QdzxFY69FJva+Z0DCs4QFXECggEBAPDoPqyC 7XyDUzd+Nh5ZRn4nmGtdl4PMB3ruunLAgKCdEfibhi95pOW3zuD0YtUDZ970oTsj GynY3cZZHC1y/b873SP35d5xZBswC3FKL+TcLeypsaMSuZujbRbVjvvEuiasbAhD 7Jq1If1aFvuhpYhaEhVn3iVNg4AtJyPRVC9Dy3Zm9O/RufDghiS8KyCsB7HxlX77 ZK0Lxz+7h7GhNbAbzcOvAvqB19CFAS5QC02wBAhkKO+TyxSYfGtzU4ZQLY8x6iI0 Z+K5IMqC6LelrInQBBbaOXKA9n3RAZgQxrDxdLGPAhK5nFD+H8kmHBXX2kqB4Xlb nKpIig9M62IgfKsCggEBAOUR0OWI0o2GmlKVcBWr6rmxGLNXay2RjD/IjBX+2+BQ DJHByequPkELParmG0+M1yEWI2QG5S8Gby0omJ1hKSvHyEZAdG2AXJbIf8eXJXS9 27O8X0OrUn8R1hSa2DejUc7zQlPTLc3cyeSlCh7Rwsho/5hs5+icbyLjPKxK2J8N xLXN8A2AO0rcozJUs3t72I11dPq//PKPeSrkr14m/OKZ1fT6v2l7AfivZaSgw3DX TZyd2AOpUt8bj+NA0laII139C/W0pU64s78MoZOsg+2QHyFDfZu3ubyv1G2ogk6E W3n9A5+g59bQiHTAfmKyEtXb2AsROv6YgqzcFRDgMnMCggEAfFGdZjD6lTLAEvcS vn6bniaYxW867Uyw34Oqu+UTe88SoxS/HmjL66/7FqOHDR4A0FG1kmr/bYz4hY8e t2WMBM/Dwvf+q9ggLNeSUBhUtunY2TSI8vqKxgKEHTB/5PUUiziXV3yV8RBgRfnj ul8kqUSx6FH9lYp2vgKPHDC+HNYDfUqMQ+Ya6m8zSmnAZ8/e+LkOyMS6o4JchEsm L0heCE+Q09bQ1q2CzZyVi2zLKIAY1Ku7ZEcEmdBHBLwy8jEWEbtUc+pPYfTfMyJz LbJVY5jxQ0nCM5DRowPkqrCdmFpCOg7upvMZ88HwbUE5ZRxLDgAQdywLoORmOpcb MTxKmQKCAQAGy3h+1ogoWo3JVVV1zxuvVml9KGKtf1vBqJk/Lcgn5zf4Ot9absC5 /TNfFmRI/8yB1r5GAU5bDr3NgR7FzFQEUHDIZLEPbndQobHoobsis18I/dV1lGdm DYlkIxO20sliciTNh74cFSiH971NHLvCZhru0owugjVpu4PZOH8keKwVGH6+Z8da eSD+JTUNvKa3y3wk0/0U1NyrQQ1SpaVqs1V9ZtK2tkdgsRM6xuoFNt2+f5Agy60B oTerbgjPOEqURyVLrIgaxa/PQvioAL4JFfVWb0ISlGiWCEEs34q9+X8dJzwsSAGY hacGj48wLkgQv+ywp1owoyV9KyoUzhGxAoIBAQCoaxUCrFwVvaoL2MdUHJNCg23b B3nwkmMXiPLkv35aE6HuXRcDXi6IGfZa388Fm8lhQbhXoNyzJv5vsJIxt7Qlkvps uiJFy/7fQtitpcvZ8dPegVhLqlYYv7jkTmDzgt4qSxNgu8KyvUdR644Qt0WTc4Hs OdZaFb/XL6k+ToOdXt7g25Ka36zn/Rma7lqd5PPGrYwwvWJgvx0xtCGArxEQoAOt X6GVRe8nmfD3cJTfvmCRjhzhPVC5VTSBbFEb0ux4e1INLzwFFeCAupK8uvx6SsXH uIKrFhu5VgTBBb566VdfQ1jAOrRj3wp5kb8f9o/U3cJDrsr1pP/nxXYZTFQO -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIID1zCCA36gAwIBAgIRALd4GdbxXm24ooXT4fDlWmowCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MDJaFw0yMTEyMjMyMDI4MDJa MC8xLTArBgNVBAMMJG9rY2VydC1lYy1wcmltZTI1NnYxLXJzYS00MDk2LW9rLnBl bTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANeQhBEuAOHWdiUPxBBA dQMOQWiQJQWHP0/vt1VBBBPnplouwvw5VKHPjX08hG2vlawVdtMW2YotTX3Q8noe rbt3qr5yjm8HSuErmJShnlO+UmVUwZf9y/vUVUkOa3UogpEmZ7EEWy3icGCL3sbR Xew7aWCTmz1T51vfdw+6V6gKRzCpdRZ4R7UYEb0rfAfUqS8+aw8xTpxRjjqkSGWr 8MiSXHLrDrkiaTDdPb/1KLKvls/1MWN2ZqYaarTMJz6icFzxvO7wDCox6mIHOOyG V8H2wOvBrlEpoIYmF+9EhYr0CQKvtOHy2O2K/7ILBXqyi9yqHDVRx4vqCMccIhhY xfg8obwTFUmtSOQZipRFhYQsBazV9+NNy+eZdYDMrWBPozHsfkXeU1FPlTQhDo3v 2tgMVIUCMTXZohBmbgXlsjxlbZE39K5nKF/RGup5o6TSHJ96yCUz+PAf3moAEcbw hYK5IVBdyIdf3q6v+Jeh4OSlgkjPOA9X3F0JnXSMLBjyoqhCwe4KcUz2JfY59YGy v/JpoAsrhxSe08ueKDZjWHZ/EkgN99Cgl2BVJbcqKp/O+5zIphnG8VXpEZBf3l96 sPslP+Je/nmfbseUGANUqLhhXTS+BFVPqPrsdby7uUbyaCXxsK/hK9ZpOtx5Lleu utffcwUtEMwgDJaumSYykWbRAgMBAAGjgcwwgckwCQYDVR0TBAIwADAdBgNVHQ4E FgQUK95NNdP0Tr2ExJ3h/riogEzhOJ8wSgYDVR0jBEMwQYAUFxVzj5IrwjjPjIaL g6am73MULLKhFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GCEQCbsUiwxeuOwEc8+g2d AuKTMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAvBgNVHREEKDAm giRva2NlcnQtZWMtcHJpbWUyNTZ2MS1yc2EtNDA5Ni1vay5wZW0wCgYIKoZIzj0E AwIDRwAwRAIgP3tPSwJW0Y89lfvC9j9ur4lQ5jiAN8LXScTaZ0cOSsECIH70X8nH 08LvcyRpOpWvu8rxmFpl+5S7H1SsYvc6QCFy -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-prime256v1-rsa-4096-keyonly.pem000066400000000000000000000062531474542230700253750ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIJKQIBAAKCAgEA15CEES4A4dZ2JQ/EEEB1Aw5BaJAlBYc/T++3VUEEE+emWi7C /DlUoc+NfTyEba+VrBV20xbZii1NfdDyeh6tu3eqvnKObwdK4SuYlKGeU75SZVTB l/3L+9RVSQ5rdSiCkSZnsQRbLeJwYIvextFd7DtpYJObPVPnW993D7pXqApHMKl1 FnhHtRgRvSt8B9SpLz5rDzFOnFGOOqRIZavwyJJccusOuSJpMN09v/Uosq+Wz/Ux Y3ZmphpqtMwnPqJwXPG87vAMKjHqYgc47IZXwfbA68GuUSmghiYX70SFivQJAq+0 4fLY7Yr/sgsFerKL3KocNVHHi+oIxxwiGFjF+DyhvBMVSa1I5BmKlEWFhCwFrNX3 403L55l1gMytYE+jMex+Rd5TUU+VNCEOje/a2AxUhQIxNdmiEGZuBeWyPGVtkTf0 rmcoX9Ea6nmjpNIcn3rIJTP48B/eagARxvCFgrkhUF3Ih1/erq/4l6Hg5KWCSM84 D1fcXQmddIwsGPKiqELB7gpxTPYl9jn1gbK/8mmgCyuHFJ7Ty54oNmNYdn8SSA33 0KCXYFUltyoqn877nMimGcbxVekRkF/eX3qw+yU/4l7+eZ9ux5QYA1SouGFdNL4E VU+o+ux1vLu5RvJoJfGwr+Er1mk63HkuV666199zBS0QzCAMlq6ZJjKRZtECAwEA AQKCAgEAro0rI+4ocLcEfAZEMRTAq3TDqjPuhod50PS/c51t++A8aBIteafCzDQQ 0jRK17ayb+IBkfSSurzsXtDvR8vHymGgNQ72Hxm8nJB8wP4OAqm+dqcnDDhLEORj GwE+KmRfNcHvfPuWCZWugb9A6aVndH63WaissABc+5v8ARRXHo8UDmdplIRZLF8N Hi00BfNB/CuC7Y5zpUi07u9QYGPWWdOKYNPN3EPtAdBkzCdsiSR97m8RSwT5Ic+K UFRwAtvuOJTW9HQUpaY9sJtAkOZH8Zwpo731tWsLvRTjlK/boyTwluhIhB3tYoyH eFhMW4pwjoKAzPwnpTghW3mAck6QHnIJnDnwyy8RMP4Cw8wQKRvnwPwof1CsVeWs C+ottY+RCCkRn3D16gHMCplayt9GzJ+SqOKHV9+n1jQc/5/N7X5ufq7drQ1MMZU4 dAEwVsGynD115hKTeUhkhjjvY2LzlNPDCLhuP1oRIj0/n6cSFPdazv2ONC5Yyae4 2rAuBH1z3RmFoqqpkpQzgJTJpvYItczS06kk1RCtbKqRmULFMvsWGUuqJQUV65Uu FmxLOOsmACIgIqpq6FUbIHH1yynx5AP6UBlPU7nMddE1qSzSkMP8VFAk6kj68MEh GiCN5cjwSlxkHBpFDWJEiBbohGJ5QdzxFY69FJva+Z0DCs4QFXECggEBAPDoPqyC 7XyDUzd+Nh5ZRn4nmGtdl4PMB3ruunLAgKCdEfibhi95pOW3zuD0YtUDZ970oTsj GynY3cZZHC1y/b873SP35d5xZBswC3FKL+TcLeypsaMSuZujbRbVjvvEuiasbAhD 7Jq1If1aFvuhpYhaEhVn3iVNg4AtJyPRVC9Dy3Zm9O/RufDghiS8KyCsB7HxlX77 ZK0Lxz+7h7GhNbAbzcOvAvqB19CFAS5QC02wBAhkKO+TyxSYfGtzU4ZQLY8x6iI0 Z+K5IMqC6LelrInQBBbaOXKA9n3RAZgQxrDxdLGPAhK5nFD+H8kmHBXX2kqB4Xlb nKpIig9M62IgfKsCggEBAOUR0OWI0o2GmlKVcBWr6rmxGLNXay2RjD/IjBX+2+BQ DJHByequPkELParmG0+M1yEWI2QG5S8Gby0omJ1hKSvHyEZAdG2AXJbIf8eXJXS9 27O8X0OrUn8R1hSa2DejUc7zQlPTLc3cyeSlCh7Rwsho/5hs5+icbyLjPKxK2J8N xLXN8A2AO0rcozJUs3t72I11dPq//PKPeSrkr14m/OKZ1fT6v2l7AfivZaSgw3DX TZyd2AOpUt8bj+NA0laII139C/W0pU64s78MoZOsg+2QHyFDfZu3ubyv1G2ogk6E W3n9A5+g59bQiHTAfmKyEtXb2AsROv6YgqzcFRDgMnMCggEAfFGdZjD6lTLAEvcS vn6bniaYxW867Uyw34Oqu+UTe88SoxS/HmjL66/7FqOHDR4A0FG1kmr/bYz4hY8e t2WMBM/Dwvf+q9ggLNeSUBhUtunY2TSI8vqKxgKEHTB/5PUUiziXV3yV8RBgRfnj ul8kqUSx6FH9lYp2vgKPHDC+HNYDfUqMQ+Ya6m8zSmnAZ8/e+LkOyMS6o4JchEsm L0heCE+Q09bQ1q2CzZyVi2zLKIAY1Ku7ZEcEmdBHBLwy8jEWEbtUc+pPYfTfMyJz LbJVY5jxQ0nCM5DRowPkqrCdmFpCOg7upvMZ88HwbUE5ZRxLDgAQdywLoORmOpcb MTxKmQKCAQAGy3h+1ogoWo3JVVV1zxuvVml9KGKtf1vBqJk/Lcgn5zf4Ot9absC5 /TNfFmRI/8yB1r5GAU5bDr3NgR7FzFQEUHDIZLEPbndQobHoobsis18I/dV1lGdm DYlkIxO20sliciTNh74cFSiH971NHLvCZhru0owugjVpu4PZOH8keKwVGH6+Z8da eSD+JTUNvKa3y3wk0/0U1NyrQQ1SpaVqs1V9ZtK2tkdgsRM6xuoFNt2+f5Agy60B oTerbgjPOEqURyVLrIgaxa/PQvioAL4JFfVWb0ISlGiWCEEs34q9+X8dJzwsSAGY hacGj48wLkgQv+ywp1owoyV9KyoUzhGxAoIBAQCoaxUCrFwVvaoL2MdUHJNCg23b B3nwkmMXiPLkv35aE6HuXRcDXi6IGfZa388Fm8lhQbhXoNyzJv5vsJIxt7Qlkvps uiJFy/7fQtitpcvZ8dPegVhLqlYYv7jkTmDzgt4qSxNgu8KyvUdR644Qt0WTc4Hs OdZaFb/XL6k+ToOdXt7g25Ka36zn/Rma7lqd5PPGrYwwvWJgvx0xtCGArxEQoAOt X6GVRe8nmfD3cJTfvmCRjhzhPVC5VTSBbFEb0ux4e1INLzwFFeCAupK8uvx6SsXH uIKrFhu5VgTBBb566VdfQ1jAOrRj3wp5kb8f9o/U3cJDrsr1pP/nxXYZTFQO -----END RSA PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-ec-prime256v1-rsa-4096-malformed.pem000066400000000000000000000110251474542230700256420ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIJKQIBAAKCAgEA15CEES4A4eZ2JQ/EEEB1Aw5BaJAlBYd/T++3VUEEE+fmWi7C /DlUod+NfTyEba+VrBV20xbZii1NfeDyfh6tu3fqvnKObweK4SuYlKGfU75SZVTB l/3L+9RVSQ5reSiCkSZnsQRbLfJwYIvfxtFe7DtpYJObPVPnW993D7pXqApHMKl1 FnhHtRgRvSt8B9SpLz5rDzFOnFGOOqRIZavwyJJdusOuSJpMN09v/Uosq+Wz/Ux Y3ZmphpqtMwnPqJwXPG87vAMKjHqYgd47IZXwfbA68GuUSmghiYX70SFivQJAq+0 4fLY7Yr/sgsFfrKL3KodNVHHi+oIxxwiGFjF+DyhvBMVSa1I5BmKlEWFhCwFrNX3 403L55l1gMytYE+jMfx+Re5TUU+VNCEOjf/a2AxUhQIxNemiEGZuBfWyPGVtkTf0 rmdoX9Ea6nmjpNIdn3rIJTP48B/fagARxvCFgrkhUF3Ih1/frq/4l6Hg5KWCSM84 D1fdXQmeIwsGPKiqELB7gpxTPYl9jn1gbK/8mmgCyuHFJ7Ty54oNmNYen8SSA33 0KCXYFUltyoqn877nMimGdbxVfkRkF/fX3qw+yU/4l7+fZ9ux5QYA1SouGFeNL4E VU+o+ux1vLu5RvJoJfGwr+Er1mk63HkuV666199zBS0QzCAMlq6ZJjKRZtECAwEA AQKCAgEAro0rI+4odLdEfAZEMRTAq3TDqjPuhoe50PS/d51t++A8aBItfafCzDQQ 0jRK17ayb+IBkfSSurzsXtDvR8vHymGgNQ72Hxm8nJB8wP4OAqm+eqdnDDhLEORj GwE+KmRfNdHvfPuWCZWugb9A6aVneH63WaissABd+5v8ARRXHo8UDmeplIRZLF8N Hi00BfNB/CuC7Y5zpUi07u9QYGPWWeOKYNPN3EPtAeBkzCesiSR97m8RSwT5Id+K UFRwAtvuOJTW9HQUpaY9sJtAkOZH8Zwpo731tWsLvRTjlK/boyTwluhIhB3tYoyH fFhMW4pwjoKAzPwnpTghW3mAdk6QHnIJnDnwyy8RMP4Cw8wQKRvnwPwof1CsVfWs C+ottY+RCCkRn3D16gHMCplayt9GzJ+SqOKHV9+n1jQd/5/N7X5ufq7erQ1MMZU4 eAEwVsGynD115hKTfUhkhjjvY2LzlNPDCLhuP1oRIj0/n6dSFPeazv2ONC5Yyaf4 2rAuBH1z3RmFoqqpkpQzgJTJpvYItdzS06kk1RCtbKqRmULFMvsWGUuqJQUV65Uu FmxLOOsmACIgIqpq6FUbIHH1yynx5AP6UBlPU7nMeE1qSzSkMP8VFAk6kj68MEh GiCN5djwSlxkHBpFDWJEiBbohGJ5QezxFY69FJva+Z0DCs4QFXECggEBAPDoPqyC 7XyDUze+Nh5ZRn4nmGtel4PMB3ruunLAgKCeEfibhi95pOW3zuD0YtUDZ970oTsj GynY3dZZHC1y/b873SP35e5xZBswC3FKL+TdLfypsaMSuZujbRbVjvvEuiasbAhD 7Jq1If1aFvuhpYhaEhVn3iVNg4AtJyPRVC9Dy3Zm9O/RufDghiS8KyCsB7HxlX77 ZK0Lxz+7h7GhNbAbzdOvAvqB19CFAS5QC02wBAhkKO+TyxSYfGtzU4ZQLY8x6iI0 Z+K5IMqC6LflrInQBBbaOXKA9n3RAZgQxrDxeLGPAhK5nFD+H8kmHBXX2kqB4Xlb nKpIig9M62IgfKsCggEBAOUR0OWI0o2GmlKVdBWr6rmxGLNXay2RjD/IjBX+2+BQ DJHByfquPkELParmG0+M1yEWI2QG5S8Gby0omJ1hKSvHyEZAeG2AXJbIf8fXJXS9 27O8X0OrUn8R1hSa2DfjUd7zQlPTLd3dyfSlCh7Rwsho/5hs5+idbyLjPKxK2J8N xLXN8A2AO0rdozJUs3t72I11ePq//PKPfSrkr14m/OKZ1fT6v2l7AfivZaSgw3DX TZye2AOpUt8bj+NA0laII139C/W0pU64s78MoZOsg+2QHyFDfZu3ubyv1G2ogk6E W3n9A5+g59bQiHTAfmKyEtXb2AsROv6YgqzdFRDgMnMCggEAfFGeZjD6lTLAEvdS vn6bniaYxW867Uyw34Oqu+UTf88SoxS/HmjL66/7FqOHDR4A0FG1kmr/bYz4hY8f t2WMBM/Dwvf+q9ggLNfSUBhUtunY2TSI8vqKxgKEHTB/5PUUiziXV3yV8RBgRfnj ul8kqUSx6FH9lYp2vgKPHDC+HNYDfUqMQ+Ya6m8zSmnAZ8/f+LkOyMS6o4JdhEsm L0hfCE+Q09bQ1q2CzZyVi2zLKIAY1Ku7ZEdEmeBHBLwy8jEWEbtUd+pPYfTfMyJz LbJVY5jxQ0nCM5DRowPkqrCemFpCOg7upvMZ88HwbUE5ZRxLDgAQeywLoORmOpdb MTxKmQKCAQAGy3h+1ogoWo3JVVV1zxuvVml9KGKtf1vBqJk/Ldgn5zf4Ot9absC5 /TNfFmRI/8yB1r5GAU5bDr3NgR7FzFQEUHDIZLEPbneQobHoobsis18I/eV1lGem DYlkIxO20slidiTNh74dFSiH971NHLvCZhru0owugjVpu4PZOH8kfKwVGH6+Z8ea fSD+JTUNvKa3y3wk0/0U1NyrQQ1SpaVqs1V9ZtK2tkegsRM6xuoFNt2+f5Agy60B oTfrbgjPOEqURyVLrIgaxa/PQvioAL4JFfVWb0ISlGiWCEEs34q9+X8eJzwsSAGY hadGj48wLkgQv+ywp1owoyV9KyoUzhGxAoIBAQCoaxUCrFwVvaoL2MeUHJNCg23b B3nwkmMXiPLkv35aE6HuXRdDXi6IGfZa388Fm8lhQbhXoNyzJv5vsJIxt7Qlkvps uiJFy/7fQtitpdvZ8ePfgVhLqlYYv7jkTmDzgt4qSxNgu8KyvUeR644Qt0WTd4Hs OeZaFb/XL6k+ToOeXt7g25Ka36zn/Rma7lqe5PPGrYwwvWJgvx0xtCGArxEQoAOt X6GVRf8nmfD3dJTfvmCRjhzhPVC5VTSBbFEb0ux4f1INLzwFFfCAupK8uvx6SsXH uIKrFhu5VgTBBb566VefQ1jAOrRj3wp5kb8f9o/U3dJDrsr1pP/nxXYZTFQO -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIID1zCCA36gAwIBAgIRALe4GebxXm24ooXT4fDlWmowCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHeGVzeCBDQTAfFw0yMTEyMTkyMDI4MDJaFw0yMTEyMjMyMDI4MDJa MC8xLTArBgNVBAMMJG9rY2VyeC1lYy1wdmltZTI1NnYxLXJzYS00MDk2LW9rLnBl bTCCAiIwDQYJKoZIhvdNAQEBBQADggIPADCCAgoCggIBANfQhBEuAOHWeiUPxBBA eQMOQWiQJQWHP0/vt1VBBBPnplouwvw5VKHPjX08hG2vlawVetMW2YotTX3Q8nof rbt3qr5yjm8HSuErmJShnlO+UmVUwZf9y/vUVUkOa3UogpEmZ7EEWy3idGCL3sbR Xfw7aWCTmz1T51vfew+6V6gKRzCpeRZ4R7UYEb0rfAfUqS8+aw8xTpxRjjqkSGWr 8MiSXHLrDrkiaTDePb/1KLKvls/1MWN2ZqYaarTMJz6idFzxvO7wDCox6mIHOOyG V8H2wOvBrlEpoIYmF+9EhYr0CQKvtOHy2O2K/7ILBXqyi9yqHDVRx4vqCMdIhhY xfg8obwTFUmtSOQZipRFhYQsBazV9+NNy+fZeYDMrWBPozHsfkXfU1FPlTQhDo3v 2tgMVIUCMTXZohBmbgXlsjxlbZE39K5nKF/RGup5o6TSHJ96yCUz+PAf3moAEdbw hYK5IVBeyIef3q6v+Jfh4OSlgkjPOA9X3F0JnXSMLBjyoqhCwf4KdUz2JfY59YGy v/JpoAsrhxSf08ufKDZjWHZ/EkgN99Cgl2BVJbdqKp/O+5zIphnG8VXpEZBf3l96 sPslP+Jf/nmfbsfUGANUqLhhXTS+BFVPqPrseby7uUbyaCXxsK/hK9ZpOtx5Llfu utfdwUtEMwgDJaumSYykWbRAgMBAAGjgdwwgdkwCQYDVR0TBAIwADAeBgNVHQ4E FgQUK95NNeP0Tr2ExJ3h/riogEzhOJ8wSgYDVR0jBEMwQYAUFxVzj5IrwjjPjIaL g6am73MULLKhFqQUMBIxEDAOBgNVBAMMB3Rld3QgQ0GCEQCbsUiwxfuOwEd8+g2e AuKTMBMGA1UeJQQMMAoGCCsGAQUFBwMBMAsGA1UeDwQEAwIFoDAvBgNVHREEKDAm giRva2NldnQtZWMtdHJpbWUyNTZ2MS1yd2EtNDA5Ni1vay5wZW0wCgYIKoZIzj0E AwIDRwAwRAIgP3tPSwJW0Y89lfvC9j9ur4lQ5jiAN8LXSdTaZ0dOSsECIH70X8nH 08LvdyRpOpWvu8rxmFpl+5S7H1SsYvd6QCFy -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-secp384r1-ec-prime256v1-extrabegin.pem000066400000000000000000000022041474542230700266570ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN EC PARAMETERS----- BggqhkjOPQMBBw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MHcCAQEEIPb/Zqm+I6142HXjTmelWQnUlJnf2QFQa04VZ+5UdV9boAoGCCqGSM49 AwEHoUQDQgAEGxxr5HQWc8hcBRtSM44lBgRGO384Tb6CAcFtL4Lye6v6CgfWCn6F OhM2wtALy88HGHKGuhJAzR1+lLj06eSjrA== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICNTCCAbqgAwIBAgIQaYaxvGvWuaH82HbUs1pbPjAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgwMloXDTIxMTIyMzIwMjgwMlow MzExMC8GA1UEAwwob2tjZXJ0LWVjLXNlY3AzODRyMS1lYy1wcmltZTI1NnYxLW9r LnBlbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBsca+R0FnPIXAUbUjOOJQYE Rjt/OE2+ggHBbS+C8nur+goH1gp+hToTNsLQC8vPBxhyhroSQM0dfpS49Onko6yj gdAwgc0wCQYDVR0TBAIwADAdBgNVHQ4EFgQUB1psApzLF5t2y3iSi88eo99FE3Uw SgYDVR0jBEMwQYAUkiG/rS2yZkcXxE6Ex8i2a/gBMKWhFqQUMBIxEDAOBgNVBAMM B3Rlc3QgQ0GCEQDCaFOYeWmr2hJO5gov6O37MBMGA1UdJQQMMAoGCCsGAQUFBwMB MAsGA1UdDwQEAwIFoDAzBgNVHREELDAqgihva2NlcnQtZWMtc2VjcDM4NHIxLWVj LXByaW1lMjU2djEtb2sucGVtMAoGCCqGSM49BAMCA2kAMGYCMQCViKjVDVTzDE3l ZK3mjKoLU6NceZTWZ1sn7Oe4KAjcXGKnVa0HfoFvGIPjt9rnvD0CMQCtSGKbsfeF +Se6nt4tBp0mFMuYBj0GmfjsyvmvuTCcP0TxUzvPE7mHfrAx3UVk6J8= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-secp384r1-ec-prime256v1-keyonly.pem000066400000000000000000000003431474542230700262230ustar00rootroot00000000000000-----BEGIN EC PRIVATE KEY----- MHcCAQEEIPb/Zqm+I6142HXjTmelWQnUlJnf2QFQa04VZ+5UdV9boAoGCCqGSM49 AwEHoUQDQgAEGxxr5HQWc8hcBRtSM44lBgRGO384Tb6CAcFtL4Lye6v6CgfWCn6F OhM2wtALy88HGHKGuhJAzR1+lLj06eSjrA== -----END EC PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-ec-secp384r1-ec-prime256v1-malformed.pem000066400000000000000000000021471474542230700265030ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BggqhkjOPQMBBw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MHdCAQEEIPb/Zqm+I6142HXjTmflWQnUlJnf2QFQa04VZ+5UeV9boAoGCCqGSM49 AwEHoUQDQgAEGxxr5HQWd8hdBRtSM44lBgRGO384Tb6CAdFtL4Lyf6v6CgfWCn6F OhM2wtALy88HGHKGuhJAzR1+lLj06fSjrA== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICNTCCAbqgAwIBAgIQaYaxvGvWuaH82HbUs1pbPjAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAe0ZXN0IENBMB4XDTIxMTIxOTIwMjgwMloXDTIxMTIyMzIwMjgwMlow MzExMC8GA1UEAwwob2tjZXJ0LWVjLXNlY3AzODRyMS1lYy1wdmltZTI1NnYxLW9r LnBlbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBsda+R0FnPIXAUbUjOOJQYE Rjt/OE2+ggHBbS+C8nur+goH1gp+hToTNsLQC8vPBxhyhroSQM0efpS49Onko6yj geAwgd0wCQYDVR0TBAIwADAeBgNVHQ4EFgQUB1psApzLF5t2y3iSi88fo99FE3Uw SgYDVR0jBEMwQYAUkiG/rS2yZkdXxE6Ex8i2a/gBMKWhFqQUMBIxEDAOBgNVBAMM B3Rld3QgQ0GCEQDCaFOYfWmr2hJO5gov6O37MBMGA1UeJQQMMAoGCCsGAQUFBwMB MAsGA1UeDwQEAwIFoDAzBgNVHREELDAqgihva2NldnQtZWMtd2VjdDM4NHIxLWVj LXByaW1lMjU2ejEtb2sudGVtMAoGCCqGSM49BAMCA2kAMGYCMQCViKjVDVTzDE3l ZK3mjKoLU6NdfZTWZ1sn7Of4KAjdXGKnVa0HfoFvGIPjt9rnvD0CMQCtSGKbsfF +Sf6nt4tBp0mFMuYBj0GmfjsyvmvuTCdP0TxUzvPE7mHfrAx3UVk6J8= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-secp384r1-ec-secp224r1-unsupported.pem000066400000000000000000000021301474542230700267220ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIQ== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MGgCAQEEHIKfB5N4VXn/opgSQQLERFrz/52uXAR3A0lg2DCgBwYFK4EEACGhPAM6 AARkTy1FEfVU/FI6IXHI1DLtgerqQlQg5hGjmSUPYGuETMzzMUnyMUhEND0vrajS drJNCHz9RvGcDQ== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICPDCCAcKgAwIBAgIRAKarZ4DcK0uC8mTmQTHdPrwwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MDVaFw0yMTEyMjMyMDI4MDVa MDwxOjA4BgNVBAMMMWJhZGNlcnQtZWMtc2VjcDM4NHIxLWVjLXNlY3AyMjRyMS11 bnN1cHBvcnRlZC5wZW0wTjAQBgcqhkjOPQIBBgUrgQQAIQM6AARkTy1FEfVU/FI6 IXHI1DLtgerqQlQg5hGjmSUPYGuETMzzMUnyMUhEND0vrajSdrJNCHz9RvGcDaOB 2TCB1jAJBgNVHRMEAjAAMB0GA1UdDgQWBBTMSzo7B7vPnR9tAmXCgp9MbOTwRjBK BgNVHSMEQzBBgBSSIb+tLbJmRxfEToTHyLZr+AEwpaEWpBQwEjEQMA4GA1UEAwwH dGVzdCBDQYIRAMJoU5h5aavaEk7mCi/o7fswEwYDVR0lBAwwCgYIKwYBBQUHAwEw CwYDVR0PBAQDAgWgMDwGA1UdEQQ1MDOCMWJhZGNlcnQtZWMtc2VjcDM4NHIxLWVj LXNlY3AyMjRyMS11bnN1cHBvcnRlZC5wZW0wCgYIKoZIzj0EAwIDaAAwZQIxANYg Prq50b+TH2bFsN4i7pKKUG0xN9moZYq6hEzgebDHzecj9MngOv785jZGzsXgJwIw YS261dsyM7ZJqNQI2E2+smKkQk9aYwbvFk5VVIpuUMiqFWdktGdL/uZdDXTYhvwq -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-secp384r1-ec-secp384r1-extrabegin.pem000066400000000000000000000023361474542230700265010ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN EC PARAMETERS----- BgUrgQQAIg== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIGkAgEBBDDNeGNpTJ/2qt0L9GQhqu2eN3rbQDBEcblTN7taH8DWvFZzTZf+Uo6C FC+6P3mfpZmgBwYFK4EEACKhZANiAARtegM6m5VbhdK+m0u8DVdE2w2iUOAaiuHz RN7ORxI+dxOBUvHHDK8pLQ3CuYseVWgKtyzHm6uoUmJpGaJ5jCZrWmu6nCmbw4m2 zvYawHFCCgapudleqwJHDoGoLziEX6M= -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICTjCCAdWgAwIBAgIQS+yPZGUK4ucv4+I1Fstx9TAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgwMloXDTIxMTIyMzIwMjgwMlow MjEwMC4GA1UEAwwnb2tjZXJ0LWVjLXNlY3AzODRyMS1lYy1zZWNwMzg0cjEtb2su cGVtMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEbXoDOpuVW4XSvptLvA1XRNsNolDg Gorh80TezkcSPncTgVLxxwyvKS0NwrmLHlVoCrcsx5urqFJiaRmieYwma1prupwp m8OJts72GsBxQgoGqbnZXqsCRw6BqC84hF+jo4HPMIHMMAkGA1UdEwQCMAAwHQYD VR0OBBYEFJdR7M+8vQYwIhYS5eGQZJwcHBlgMEoGA1UdIwRDMEGAFJIhv60tsmZH F8ROhMfItmv4ATCloRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghEAwmhTmHlpq9oS TuYKL+jt+zATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwMgYDVR0R BCswKYInb2tjZXJ0LWVjLXNlY3AzODRyMS1lYy1zZWNwMzg0cjEtb2sucGVtMAoG CCqGSM49BAMCA2cAMGQCMF4SvC7HQmL/9CBmDuUGZ3p5QDDv7Cz0tWc2k1Zf3NKy c0nrw33vzzs2NkrOHFXNRAIwD4bICxEHTTV4eVSkI/UPockGChCCnlATjGQyIyi5 WVZBm+m1451rSt5w9MnIwhBE -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-secp384r1-ec-secp384r1-keyonly.pem000066400000000000000000000004401474542230700260350ustar00rootroot00000000000000-----BEGIN EC PRIVATE KEY----- MIGkAgEBBDDNeGNpTJ/2qt0L9GQhqu2eN3rbQDBEcblTN7taH8DWvFZzTZf+Uo6C FC+6P3mfpZmgBwYFK4EEACKhZANiAARtegM6m5VbhdK+m0u8DVdE2w2iUOAaiuHz RN7ORxI+dxOBUvHHDK8pLQ3CuYseVWgKtyzHm6uoUmJpGaJ5jCZrWmu6nCmbw4m2 zvYawHFCCgapudleqwJHDoGoLziEX6M= -----END EC PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-ec-secp384r1-ec-secp384r1-malformed.pem000066400000000000000000000023021474542230700263100ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIg== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIGkAgEBBDDNfGNpTJ/2qt0L9GQhqu2fN3rbQDBEdblTN7taH8DWvFZzTZf+Uo6C FC+6P3mfpZmgBwYFK4EEACKhZANiAARtfgM6m5VbheK+m0u8DVeE2w2iUOAaiuHz RN7ORxI+exOBUvHHDK8pLQ3CuYsfVWgKtyzHm6uoUmJpGaJ5jCZrWmu6nCmbw4m2 zvYawHFCCgapuelfqwJHDoGoLziEX6M= -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICTjCCAeWgAwIBAgIQS+yPZGUK4udv4+I1Fstx9TAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAe0ZXN0IENBMB4XDTIxMTIxOTIwMjgwMloXDTIxMTIyMzIwMjgwMlow MjEwMC4GA1UEAwwnb2tjZXJ0LWVjLXNlY3AzODRyMS1lYy1zZWNwMzg0djEtb2su dGVtMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEbXoDOpuVW4XSvptLvA1XRNsNolDg Gorh80TfzkdSPndTgVLxxwyvKS0NwrmLHlVoCrdsx5urqFJiaRmifYwma1prupwp m8OJts72GsBxQgoGqbnZXqsCRw6BqC84hF+jo4HPMIHMMAkGA1UeEwQCMAAwHQYD VR0OBBYEFJeR7M+8vQYwIhYS5fGQZJwdHBlgMEoGA1UeIwRDMEGAFJIhv60tsmZH F8ROhMfItmv4ATCloRakFDASMRAwDgYDVQQDDAe0ZXN0IENBghEAwmhTmHlpq9oS TuYKL+jt+zATBgNVHSUEDDAKBggrBgEFBQdDATALBgNVHQ8EBAMCBaAwMgYDVR0R BCswKYInb2tjZXJ0LWVjLXNlY3AzODRyMS1lYy1zZWNwMzg0djEtb2sudGVtMAoG CCqGSM49BAMCA2dAMGQCMF4SvC7HQmL/9CBmDuUGZ3p5QDDv7Cz0tWd2k1Zf3NKy d0nrw33vzzs2NkrOHFXNRAIwD4bICxEHTTV4fVSkI/UPodkGChCCnlATjGQyIyi5 WVZBm+m1451rSt5w9MnIwhBE -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-secp384r1-ec-secp521r1-extrabegin.pem000066400000000000000000000025441474542230700264730ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN EC PARAMETERS----- BgUrgQQAIw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIHcAgEBBEIAHg2pXSIgkA2F9U/ajFa2dJgt0WgZZsqEtUwXp/UlnnYyLo3gNfeG p5qEO4v/V8QssF0C4S6zCunbkNoPt3ompmmgBwYFK4EEACOhgYkDgYYABAEbmuYI lYCX87H+HwBh9oIwsh4uPoDSbKioEtt1MeK97aQvS2Fxu+TVVfumrwMR0pHgY/ZG npLgcUhVzqW7wkzGyAGpy9b+vVriz0aSiZGOgyPgbyzk9OlDN5tmkFqU20kIOBf9 kCf/10W51YyZQ4i16pFNpEOURdAQ10zm+u1Dc01emA== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICdjCCAfygAwIBAgIRAKc2QK9WkyTyu1hNLBO/lhkwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MDNaFw0yMTEyMjMyMDI4MDNa MDIxMDAuBgNVBAMMJ29rY2VydC1lYy1zZWNwMzg0cjEtZWMtc2VjcDUyMXIxLW9r LnBlbTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEARua5giVgJfzsf4fAGH2gjCy Hi4+gNJsqKgS23Ux4r3tpC9LYXG75NVV+6avAxHSkeBj9kaekuBxSFXOpbvCTMbI AanL1v69WuLPRpKJkY6DI+BvLOT06UM3m2aQWpTbSQg4F/2QJ//XRbnVjJlDiLXq kU2kQ5RF0BDXTOb67UNzTV6Yo4HPMIHMMAkGA1UdEwQCMAAwHQYDVR0OBBYEFPbk 7bek6zKj/thhEtoy/HZmoGxwMEoGA1UdIwRDMEGAFJIhv60tsmZHF8ROhMfItmv4 ATCloRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghEAwmhTmHlpq9oSTuYKL+jt+zAT BgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwMgYDVR0RBCswKYInb2tj ZXJ0LWVjLXNlY3AzODRyMS1lYy1zZWNwNTIxcjEtb2sucGVtMAoGCCqGSM49BAMC A2gAMGUCMCdWpfE62Ra2aVNF0venVPhSalUVr87qOak2FBpDRpjxTGzXnQ3kXPe0 gF577Zrv1gIxAIhcOdGVtxTt+nU8XJTOshidpv/jB8yHkOPMkiWw7LwZ2GchbKcr eZ+KTDPATyELXA== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-secp384r1-ec-secp521r1-keyonly.pem000066400000000000000000000005551474542230700260350ustar00rootroot00000000000000-----BEGIN EC PRIVATE KEY----- MIHcAgEBBEIAHg2pXSIgkA2F9U/ajFa2dJgt0WgZZsqEtUwXp/UlnnYyLo3gNfeG p5qEO4v/V8QssF0C4S6zCunbkNoPt3ompmmgBwYFK4EEACOhgYkDgYYABAEbmuYI lYCX87H+HwBh9oIwsh4uPoDSbKioEtt1MeK97aQvS2Fxu+TVVfumrwMR0pHgY/ZG npLgcUhVzqW7wkzGyAGpy9b+vVriz0aSiZGOgyPgbyzk9OlDN5tmkFqU20kIOBf9 kCf/10W51YyZQ4i16pFNpEOURdAQ10zm+u1Dc01emA== -----END EC PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-ec-secp384r1-ec-secp521r1-malformed.pem000066400000000000000000000025071474542230700263100ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIHdAgEBBEIAHg2pXSIgkA2F9U/ajFa2eJgt0WgZZsqEtUwXp/UlnnYyLo3gNfG p5qEO4v/V8QssF0C4S6zCunbkNoPt3ompmmgBwYFK4EEACOhgYkDgYYABAEbmuYI lYCX87H+HwBh9oIwsh4uPoDSbKioEtt1MfK97aQvS2Fxu+TVVfumrwMR0pHgY/ZG npLgdUhVzqW7wkzGyAGpy9b+vVriz0aSiZGOgyPgbyzk9OlDN5tmkFqU20kIOBf9 kCf/10W51YyZQ4i16pFNpEOUReAQ10zm+u1Dd01fmA== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICejCCAfygAwIBAgIRAKd2QK9WkyTyu1hNLBO/lhkwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHeGVzeCBDQTAfFw0yMTEyMTkyMDI4MDNaFw0yMTEyMjMyMDI4MDNa MDIxMDAuBgNVBAMMJ29rY2VyeC1lYy1zZWNwMzg0djEtZWMtd2VjdDUyMXIxLW9r LnBlbTCBmzAQBgdqhkjOPQIBBgUrgQQAIwOBhgAEARua5giVgJfzsf4fAGH2gjCy Hi4+gNJsqKgS23Ux4r3tpC9LYXG75NVV+6avAxHSkfBj9kafkuBxSFXOpbvCTMbI AanL1v69WuLPRpKJkY6DI+BvLOT06UM3m2aQWpTbSQg4F/2QJ//XRbnVjJlDiLXq kU2kQ5RF0BDXTOb67UNzTV6Yo4HPMIHMMAkGA1UeEwQCMAAwHQYDVR0OBBYEFPbk 7bfk6zKj/thhEtoy/HZmoGxwMEoGA1UeIwRDMEGAFJIhv60tsmZHF8ROhMfItmv4 ATCloRakFDASMRAwDgYDVQQDDAe0ZXN0IENBghEAwmhTmHlpq9oSTuYKL+jt+zAT BgNVHSUEDDAKBggrBgEFBQdDATALBgNVHQ8EBAMCBaAwMgYDVR0RBCswKYInb2tj ZXJ0LWVjLXNlY3AzODRyMS1lYy1zZWNwNTIxdjEtb2sudGVtMAoGCCqGSM49BAMC A2gAMGUCMCeWpfE62Ra2aVNF0vfnVPhSalUVr87qOak2FBpDRpjxTGzXnQ3kXPf0 gF577Zrv1gIxAIhdOeGVtxTt+nU8XJTOshiepv/jB8yHkOPMkiWw7LwZ2GdhbKdr fZ+KTDPATyELXA== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-secp384r1-rsa-2048-extrabegin.pem000066400000000000000000000053511474542230700256400ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEA1L8uN8rGSPALnz1rCRAhPX4+rFN0bEXBvZgDXR+q02JnYFAa bfW4un68xiw5ZIzQwI/8OO7firDasvbuspMy5HLFldgPvvXpLBY/jP38MzvH885x /FcZZqJvXpHFrghDYRn9wM09NeUToiQSWRX74CxPFoJbjB3jJed+WcJgzzDn+Kup K0EEXfWYDWBlmyGWKoi4DnFUPb8khO2YlqWw9EGqu/mM7cSwxSOBMPFz7KALWQZ+ sH5cdWoSDsFbs1CcSQYLDhVXT1pYfsfyrd1tUGXUo3FLPb8+/O/ljqcTEbOvY9uj 2HEVdrWn+j0vv5NGtai+GJnB3dehDl/jCPRNAwIDAQABAoIBAQDF+6iKOUVvyRw3 s9NxGrakYGD4w61buUsEInw25Gp3z2K+yaze2cZwn9MTZUJ/5V+7ZANoBDy5971+ wLgALWY2HOztdqWoo3a8FXRMxGw4TZDVvjBrka7Myat0yZm6TGxP5/0yuI0XI7iy snj0uLWut+1d2DBT49hohNcbtv2asYkH24qBZDBdCxGKH1pJgPi48aybpglWAk4f MRUnt4kGNazlliFMeUolx2UF8RZS20cM9MDHWHI8drL2tAFnkj0stYxgKixm/srG 14GKqWZZKYfVzeEk3x5rd8mXZXeAmpn+5kPIg7lxUoURtroKAjOvj24KVENslod1 w8TJvc0JAoGBAPEJ70IbSGfI/kw62azl5u9i6mgGz2LckaYtHzvJNBYmVB8+3+8e bRnJex133YIbQeAvV5IQEI8U6x8uEtKDUVJQGti2ohq5J8CSCsrHWm/R8+08S19I O/qD4dxej8jg8GT6tnypfnPraO4F5HxAPwsyksg8FQGQTplzZKWUUbpPAoGBAOHz sNZGXQQv8YfVOcacTr5tv60R2/CDxUg9VxO99vsMqRVkOtpBWgFCOkpfe3YxproC qybjI3Q+be8/1aSyAdimJ24bQ69swDvvMop6Pf8IM9X4Ke9J5ubbtiP0U7ioz2+G 5D2KQwRhyFlPjenjsJHjhblgcr66vLAYWtxJOfkNAoGARG9Mpdk3KnhPcvc2fDdd 5NORt+1PDkOPer3O41uR1UQWmDRyweJCmZKxyMESe/EfN/ZZB5hWCzmmM9kR8QDl otgpdyQLTEkLd0o/lCkbjSnv9ogq4ieRF+Q/ySBz9FWhCxp/m09IHsNUrFex8nEP NS+rqvwb/rCpEDpJ9hTxS1MCgYEApQRrluJGloNJO3G/Q0zuuWa/wO81GL+zuiGK UdG/6fOCHSxZSwLFb/vlRGHdciGq6Vh/lOP4BbJ+aWfOaPzUGlymmWRyF1EuR9dW qwnB81sTOGaIgckQSHQX3sRWzJsE/Ceg000BytZ7ErbmJvXyA2oORKeqxZ7tpRH0 ccNNApUCgYEAhQLP5aerHmZX4fiCsNUt7+ip6rgPGU415nKNA22wAV+DMxVOQJBn bGnPKV065t34yRnOJLKJtw/1ghDNgwe9imdfVQY7YcnL8ucOWJyU50Ijwzo8/eVV y3cBbe2HCS7dOhjJ0MPKJ125jM+CdWQgGvL3ZpbDs2BZk2bGn6+2q4Y= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIC9jCCAnygAwIBAgIRAK4BGjn+1Ufq/4hsAYIKqaQwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MDNaFw0yMTEyMjMyMDI4MDNa MC4xLDAqBgNVBAMMI29rY2VydC1lYy1zZWNwMzg0cjEtcnNhLTIwNDgtb2sucGVt MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1L8uN8rGSPALnz1rCRAh PX4+rFN0bEXBvZgDXR+q02JnYFAabfW4un68xiw5ZIzQwI/8OO7firDasvbuspMy 5HLFldgPvvXpLBY/jP38MzvH885x/FcZZqJvXpHFrghDYRn9wM09NeUToiQSWRX7 4CxPFoJbjB3jJed+WcJgzzDn+KupK0EEXfWYDWBlmyGWKoi4DnFUPb8khO2YlqWw 9EGqu/mM7cSwxSOBMPFz7KALWQZ+sH5cdWoSDsFbs1CcSQYLDhVXT1pYfsfyrd1t UGXUo3FLPb8+/O/ljqcTEbOvY9uj2HEVdrWn+j0vv5NGtai+GJnB3dehDl/jCPRN AwIDAQABo4HLMIHIMAkGA1UdEwQCMAAwHQYDVR0OBBYEFFJeo7HBu86G08T5YIbo IZLxIBmQMEoGA1UdIwRDMEGAFJIhv60tsmZHF8ROhMfItmv4ATCloRakFDASMRAw DgYDVQQDDAd0ZXN0IENBghEAwmhTmHlpq9oSTuYKL+jt+zATBgNVHSUEDDAKBggr BgEFBQcDATALBgNVHQ8EBAMCBaAwLgYDVR0RBCcwJYIjb2tjZXJ0LWVjLXNlY3Az ODRyMS1yc2EtMjA0OC1vay5wZW0wCgYIKoZIzj0EAwIDaAAwZQIwMYToR55Xnk60 EXPajoxyQbiwG1mqsWGCmwfCixklJjIWrzeXAqIgLhIQEmju6e+KAjEA2ZrG3C/C shzL/hqj+PjaZV+H2AQ2VOMzG6xWymEuTP4OQTVBXDtUljHVAUt5XkFI -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-secp384r1-rsa-2048-keyonly.pem000066400000000000000000000032171474542230700252010ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEA1L8uN8rGSPALnz1rCRAhPX4+rFN0bEXBvZgDXR+q02JnYFAa bfW4un68xiw5ZIzQwI/8OO7firDasvbuspMy5HLFldgPvvXpLBY/jP38MzvH885x /FcZZqJvXpHFrghDYRn9wM09NeUToiQSWRX74CxPFoJbjB3jJed+WcJgzzDn+Kup K0EEXfWYDWBlmyGWKoi4DnFUPb8khO2YlqWw9EGqu/mM7cSwxSOBMPFz7KALWQZ+ sH5cdWoSDsFbs1CcSQYLDhVXT1pYfsfyrd1tUGXUo3FLPb8+/O/ljqcTEbOvY9uj 2HEVdrWn+j0vv5NGtai+GJnB3dehDl/jCPRNAwIDAQABAoIBAQDF+6iKOUVvyRw3 s9NxGrakYGD4w61buUsEInw25Gp3z2K+yaze2cZwn9MTZUJ/5V+7ZANoBDy5971+ wLgALWY2HOztdqWoo3a8FXRMxGw4TZDVvjBrka7Myat0yZm6TGxP5/0yuI0XI7iy snj0uLWut+1d2DBT49hohNcbtv2asYkH24qBZDBdCxGKH1pJgPi48aybpglWAk4f MRUnt4kGNazlliFMeUolx2UF8RZS20cM9MDHWHI8drL2tAFnkj0stYxgKixm/srG 14GKqWZZKYfVzeEk3x5rd8mXZXeAmpn+5kPIg7lxUoURtroKAjOvj24KVENslod1 w8TJvc0JAoGBAPEJ70IbSGfI/kw62azl5u9i6mgGz2LckaYtHzvJNBYmVB8+3+8e bRnJex133YIbQeAvV5IQEI8U6x8uEtKDUVJQGti2ohq5J8CSCsrHWm/R8+08S19I O/qD4dxej8jg8GT6tnypfnPraO4F5HxAPwsyksg8FQGQTplzZKWUUbpPAoGBAOHz sNZGXQQv8YfVOcacTr5tv60R2/CDxUg9VxO99vsMqRVkOtpBWgFCOkpfe3YxproC qybjI3Q+be8/1aSyAdimJ24bQ69swDvvMop6Pf8IM9X4Ke9J5ubbtiP0U7ioz2+G 5D2KQwRhyFlPjenjsJHjhblgcr66vLAYWtxJOfkNAoGARG9Mpdk3KnhPcvc2fDdd 5NORt+1PDkOPer3O41uR1UQWmDRyweJCmZKxyMESe/EfN/ZZB5hWCzmmM9kR8QDl otgpdyQLTEkLd0o/lCkbjSnv9ogq4ieRF+Q/ySBz9FWhCxp/m09IHsNUrFex8nEP NS+rqvwb/rCpEDpJ9hTxS1MCgYEApQRrluJGloNJO3G/Q0zuuWa/wO81GL+zuiGK UdG/6fOCHSxZSwLFb/vlRGHdciGq6Vh/lOP4BbJ+aWfOaPzUGlymmWRyF1EuR9dW qwnB81sTOGaIgckQSHQX3sRWzJsE/Ceg000BytZ7ErbmJvXyA2oORKeqxZ7tpRH0 ccNNApUCgYEAhQLP5aerHmZX4fiCsNUt7+ip6rgPGU415nKNA22wAV+DMxVOQJBn bGnPKV065t34yRnOJLKJtw/1ghDNgwe9imdfVQY7YcnL8ucOWJyU50Ijwzo8/eVV y3cBbe2HCS7dOhjJ0MPKJ125jM+CdWQgGvL3ZpbDs2BZk2bGn6+2q4Y= -----END RSA PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-ec-secp384r1-rsa-2048-malformed.pem000066400000000000000000000053121474542230700254530ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEA1L8uN8rGSPALnz1rCRAhPX4+rFN0bEXBvZgDXR+q02JnYFAa bfW4un68xiw5ZIzQwI/8OO7firDasvbuspMy5HLFlegPvvXpLBY/jP38MzvH885x /FdZZqJvXpHFrghDYRn9wM09NfUToiQSWRX74CxPFoJbjB3jJfe+WdJgzzDn+Kup K0EEXfWYDWBlmyGWKoi4DnFUPb8khO2YlqWw9EGqu/mM7dSwxSOBMPFz7KALWQZ+ sH5deWoSDsFbs1CdSQYLDhVXT1pYfsfyre1tUGXUo3FLPb8+/O/ljqdTEbOvY9uj 2HEVerWn+j0vv5NGtai+GJnB3efhDl/jCPRNAwIDAQABAoIBAQDF+6iKOUVvyRw3 s9NxGrakYGD4w61buUsEInw25Gp3z2K+yazf2dZwn9MTZUJ/5V+7ZANoBDy5971+ wLgALWY2HOzteqWoo3a8FXRMxGw4TZDVvjBrka7Myat0yZm6TGxP5/0yuI0XI7iy snj0uLWut+1e2DBT49hohNdbtv2asYkH24qBZDBeCxGKH1pJgPi48aybpglWAk4f MRUnt4kGNazlliFMfUolx2UF8RZS20dM9MDHWHI8erL2tAFnkj0stYxgKixm/srG 14GKqWZZKYfVzfEk3x5re8mXZXfAmpn+5kPIg7lxUoURtroKAjOvj24KVENsloe1 w8TJvd0JAoGBAPEJ70IbSGfI/kw62azl5u9i6mgGz2LdkaYtHzvJNBYmVB8+3+8f bRnJfx133YIbQfAvV5IQEI8U6x8uEtKDUVJQGti2ohq5J8CSCsrHWm/R8+08S19I O/qD4exfj8jg8GT6tnypfnPraO4F5HxAPwsyksg8FQGQTplzZKWUUbpPAoGBAOHz sNZGXQQv8YfVOdadTr5tv60R2/CDxUg9VxO99vsMqRVkOtpBWgFCOkpf3YxproC qybjI3Q+bf8/1aSyAeimJ24bQ69swDvvMop6Pf8IM9X4Kf9J5ubbtiP0U7ioz2+G 5D2KQwRhyFlPjfnjsJHjhblgdr66vLAYWtxJOfkNAoGARG9Mpek3KnhPdvd2fDe 5NORt+1PDkOPfr3O41uR1UQWmDRywfJCmZKxyMESf/EfN/ZZB5hWCzmmM9kR8QDl otgpeyQLTEkLe0o/lCkbjSnv9ogq4ifRF+Q/ySBz9FWhCxp/m09IHsNUrFfx8nEP NS+rqvwb/rCpEDpJ9hTxS1MCgYEApQRrluJGloNJO3G/Q0zuuWa/wO81GL+zuiGK UeG/6fOCHSxZSwLFb/vlRGHediGq6Vh/lOP4BbJ+aWfOaPzUGlymmWRyF1EuR9eW qwnB81sTOGaIgdkQSHQX3sRWzJsE/Cfg000BytZ7ErbmJvXyA2oORKfqxZ7tpRH0 dNNApUCgYEAhQLP5afrHmZX4fiCsNUt7+ip6rgPGU415nKNA22wAV+DMxVOQJBn bGnPKV065t34yRnOJLKJtw/1ghDNgwf9imefVQY7YdnL8udOWJyU50Ijwzo8/fVV y3dBbf2HCS7eOhjJ0MPKJ125jM+CeWQgGvL3ZpbDs2BZk2bGn6+2q4Y= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIC9jCCAnygAwIBAgIRAK4BGjn+1Ufq/4hsAYIKqaQwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHeGVzeCBDQTAfFw0yMTEyMTkyMDI4MDNaFw0yMTEyMjMyMDI4MDNa MC4xLDAqBgNVBAMMI29rY2VyeC1lYy1zZWNwMzg0djEtdnNhLTIwNDgtb2sudGVt MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1L8uN8rGSPALnz1rCRAh PX4+rFN0bEXBvZgDXR+q02JnYFAabfW4un68xiw5ZIzQwI/8OO7firDasvbuspMy 5HLFlegPvvXpLBY/jP38MzvH885x/FdZZqJvXpHFrghDYRn9wM09NfUToiQSWRX7 4CxPFoJbjB3jJfe+WdJgzzDn+KupK0EEXfWYDWBlmyGWKoi4DnFUPb8khO2YlqWw 9EGqu/mM7dSwxSOBMPFz7KALWQZ+sH5deWoSDsFbs1CdSQYLDhVXT1pYfsfyre1t UGXUo3FLPb8+/O/ljqdTEbOvY9uj2HEVerWn+j0vv5NGtai+GJnB3efhDl/jCPRN AwIDAQABo4HLMIHIMAkGA1UeEwQCMAAwHQYDVR0OBBYEFFJfo7HBu86G08T5YIbo IZLxIBmQMEoGA1UeIwRDMEGAFJIhv60tsmZHF8ROhMfItmv4ATCloRakFDASMRAw DgYDVQQDDAe0ZXN0IENBghEAwmhTmHlpq9oSTuYKL+jt+zATBgNVHSUEDDAKBggr BgEFBQdDATALBgNVHQ8EBAMCBaAwLgYDVR0RBCdwJYIjb2tjZXJ0LWVjLXNlY3Az ODRyMS1yd2EtMjA0OC1vay5wZW0wCgYIKoZIzj0EAwIDaAAwZQIwMYToR55Xnk60 EXPajoxyQbiwG1mqsWGCmwfCixklJjIWrzfXAqIgLhIQEmju6f+KAjEA2ZrG3C/C shzL/hqj+PjaZV+H2AQ2VOMzG6xWymEuTP4OQTVBXDtUljHVAUt5XkFI -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-secp384r1-rsa-3072-extrabegin.pem000066400000000000000000000072441474542230700256410ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIG5QIBAAKCAYEA6jsC9JH4RLPMMPZqUpq7dhN4kbaJdhUvJ5TA4jt5NO95UdbB QOniLMUfSLOUNJfmD35ePv8F90Pk509ECWnth4NXOrDvQAMLQZ5cUXeAkoM/+o2V mBe6+3pJ0fnQP8ilfwjiB8kiMHX/97X6S6kcT+Uv6I2jtHUrKJ/oNX7IiFnk4rwJ cZY70HeAcB/RexlxJ6jPfvBddqSsDsQdrqcG8RZL4t7s58hf79ISj3KVkjvTogwt Dqf6x+EQljBcI8iFXWBQOkPKfNmTf1Fgcv11EFa/1RUyKIGBgaHVhBIM5t2T5CO/ /YYjMtI8xC7u2lF6Oya6+iqFwOeuWiiv2HKJiGCn4X1957DURR8ki93ma6yOHMeE 0d1oyPjDJgJ+rxNmaDZ4TzcP2uzfGRCCPpOurbIJh2KN6H2ws0zdyXDmN7U/U/vr ug0xhIeC/I7QJB2Eby91VFzntgiTKNTGGHG6k8rIQt4O322hMhxjUlEKCGtHXXew ViiYhzU0tv6iEjpVAgMBAAECggGBANlWDDX2w5Cr7El6O8mN/WdgRb2ezAmfOnPV mOvSF3NAySdgx0x+N/kmpxKEXn42e6fgr35wj46RlvHyIMVDXr0g5210A2s359fp IuwMoGZSFqlbenT3f+4b2CdXTx4ABV/MVD65KFojA3FLj4Vo0vZnSH7V/hJRrcwy I/qPO28ZSkIADBszNSkH2UswmuVIBDCyeGXmjjKqNWQ2IPyPyucksyE9jEC9MheK quIjhhl8HbD870nsH8wbT5KsKLKjOSWfPUknbruilMK1MVEBZ+GaQXloU1BuN64G Nbs+XzTNhu9+5cm9vfgoxWKjbAVp6Q84BcFuKK6BCjfA6DQv21vdV7wFSkSJkja3 ciXO9vSENksjHThlID1rZTHm13nbA04DxDv25zwfSkNl9zFDjvuSGRkMHVGKHRkV Q3P3iGxX4XPtRo27YT2c8Zc0X8doSKLRS3H6wH2a5v7CtiOw73aWFfzQ54zYjGba O50LtrgFAuXwkPewLFNq0Ot4zzxeeQKBwQD4+uvttdAYHVYejwG8FfsOhlNv7rAr OFeYia2difS1a7VdHsG31+bXcX8Eghzs3vRu92emSBu05fZ5L/90doggWvEnfv54 Ul7b2GFpFargTdPnOg4HE5PbROf8AqYahaukrvt9ArzhtyShrDVl1l0JO4quUppG k218a86nMqQAUs52IAm82lAPlkgfaSoFUV6gVF4412LhJZryq+9Vsg593RHj57xJ tliuJ0sqNWXVzUBXkY2toJqXkqICv/kbiecCgcEA8NWhbJaiTWyUYaKV6+Cx7SBf PrlRh/FfEkAKdZCDJKtIuGscKMlKFNfdVVkeCa3FFV9bCLJ44SsqTqIEY5R6quWT 3QYoke6xW6nKbjFDxcoIWtiGHA23hC4u0QDb5zLzxN8z385H9vOBjhCjzub2KHHt 4bRG3MM1nremIHzdnDnCBk3OqWPAtWK6/D21SyBx+eOX0EhW7znTCB88mEz3WeCO 9o33uq+xH7oc1SbdpW/8HZXzeTMQDGrGRfk4VCpjAoHAPUCl6D4xaq1U8YGnIJmb wRAE2OW0y30595nvb3FwFW3hGX6mk872yIvwfrBv40pagi41frAAuPlWMKxBQWqj xKn66AeTHRDOq3FJTav59OLQvfMHXnBPkMMb+2C/cojuGD7AOhoBU9pVlbyjCmG5 U7slPAuwTqqYZeKz3WhU9otopaDuJFrlFWCYb7nUj6hcCj+XSo6akd9JhmgMIl4C uK45Z4MsTEoi+P1LvZ+TZQzwxlpVq6B2R9HYL6sA4uiDAoHBAJ/gEaM2dFQVioMu HXxS04ro/JF1EIzATS6eWNMmtgh3tHTIlg71YTpo+sOXv3sJYlYH0TT61YgU0acV ovhALxaYBQqq9e+6lv6Uvo9cIPOCZP1507131aXnyqhwe4sFphHBYnxmQhvMFusq XLQTWsIKr7IvrQMMi+HrZFsYyTzWktkAefq0/87p1dtxU5Kl3UPYNIXOH/f7WP6B TgaEwYdmrUE7iYLi8yBuuok9ndIffyxcyR5iKXs0vp7hDOXCpQKBwQDvKDgaNs5y fVJYHDyxi6FajrV+KUulT7Hz6Gy6tuB7Ow1ICJ5HMANblkTycLUnoJkiONxx9bdj G4stXX7tU7bXTVSxx/A7nDwBGaRb44y8JUFiR78WJtdwrb1LgMbKYZGBgQs77kLl FSwHGr9eSqH9ZPrQNrSrn5QtipOzouvo+smoLQPMsnWTqT0d/UJQAVUYT/SFHcv2 cWZSRTnhL8Uv46O2rmMWnxsi+iiTb2GM6K2fgh/SM570D8Anqgffu6Q= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDdTCCAvugAwIBAgIQPCWncP1c8f49L7kPYJCJZTAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgwNFoXDTIxMTIyMzIwMjgwNFow LjEsMCoGA1UEAwwjb2tjZXJ0LWVjLXNlY3AzODRyMS1yc2EtMzA3Mi1vay5wZW0w ggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDqOwL0kfhEs8ww9mpSmrt2 E3iRtol2FS8nlMDiO3k073lR1sFA6eIsxR9Is5Q0l+YPfl4+/wX3Q+TnT0QJae2H g1c6sO9AAwtBnlxRd4CSgz/6jZWYF7r7eknR+dA/yKV/COIHySIwdf/3tfpLqRxP 5S/ojaO0dSson+g1fsiIWeTivAlxljvQd4BwH9F7GXEnqM9+8F12pKwOxB2upwbx Fkvi3uznyF/v0hKPcpWSO9OiDC0Op/rH4RCWMFwjyIVdYFA6Q8p82ZN/UWBy/XUQ Vr/VFTIogYGBodWEEgzm3ZPkI7/9hiMy0jzELu7aUXo7Jrr6KoXA565aKK/YcomI YKfhfX3nsNRFHySL3eZrrI4cx4TR3WjI+MMmAn6vE2ZoNnhPNw/a7N8ZEII+k66t sgmHYo3ofbCzTN3JcOY3tT9T++u6DTGEh4L8jtAkHYRvL3VUXOe2CJMo1MYYcbqT yshC3g7fbaEyHGNSUQoIa0ddd7BWKJiHNTS2/qISOlUCAwEAAaOByzCByDAJBgNV HRMEAjAAMB0GA1UdDgQWBBRPdj4xkRjwMJh9VqaurnX998YonDBKBgNVHSMEQzBB gBSSIb+tLbJmRxfEToTHyLZr+AEwpaEWpBQwEjEQMA4GA1UEAwwHdGVzdCBDQYIR AMJoU5h5aavaEk7mCi/o7fswEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQD AgWgMC4GA1UdEQQnMCWCI29rY2VydC1lYy1zZWNwMzg0cjEtcnNhLTMwNzItb2su cGVtMAoGCCqGSM49BAMCA2gAMGUCMQDxm45t5Xy8VQps1B3xQN8s19fTJ+z0EyjF CUjmUNBnxOwfB824fQdWLj/iw3KD92ECMDFJeFhi9C6ehD0bXzI6oLJy43IhdtPR FAxfcHNWpEUdlnOiD9SueII4iLtHCAilzg== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-secp384r1-rsa-3072-keyonly.pem000066400000000000000000000046331474542230700252020ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIG5QIBAAKCAYEA6jsC9JH4RLPMMPZqUpq7dhN4kbaJdhUvJ5TA4jt5NO95UdbB QOniLMUfSLOUNJfmD35ePv8F90Pk509ECWnth4NXOrDvQAMLQZ5cUXeAkoM/+o2V mBe6+3pJ0fnQP8ilfwjiB8kiMHX/97X6S6kcT+Uv6I2jtHUrKJ/oNX7IiFnk4rwJ cZY70HeAcB/RexlxJ6jPfvBddqSsDsQdrqcG8RZL4t7s58hf79ISj3KVkjvTogwt Dqf6x+EQljBcI8iFXWBQOkPKfNmTf1Fgcv11EFa/1RUyKIGBgaHVhBIM5t2T5CO/ /YYjMtI8xC7u2lF6Oya6+iqFwOeuWiiv2HKJiGCn4X1957DURR8ki93ma6yOHMeE 0d1oyPjDJgJ+rxNmaDZ4TzcP2uzfGRCCPpOurbIJh2KN6H2ws0zdyXDmN7U/U/vr ug0xhIeC/I7QJB2Eby91VFzntgiTKNTGGHG6k8rIQt4O322hMhxjUlEKCGtHXXew ViiYhzU0tv6iEjpVAgMBAAECggGBANlWDDX2w5Cr7El6O8mN/WdgRb2ezAmfOnPV mOvSF3NAySdgx0x+N/kmpxKEXn42e6fgr35wj46RlvHyIMVDXr0g5210A2s359fp IuwMoGZSFqlbenT3f+4b2CdXTx4ABV/MVD65KFojA3FLj4Vo0vZnSH7V/hJRrcwy I/qPO28ZSkIADBszNSkH2UswmuVIBDCyeGXmjjKqNWQ2IPyPyucksyE9jEC9MheK quIjhhl8HbD870nsH8wbT5KsKLKjOSWfPUknbruilMK1MVEBZ+GaQXloU1BuN64G Nbs+XzTNhu9+5cm9vfgoxWKjbAVp6Q84BcFuKK6BCjfA6DQv21vdV7wFSkSJkja3 ciXO9vSENksjHThlID1rZTHm13nbA04DxDv25zwfSkNl9zFDjvuSGRkMHVGKHRkV Q3P3iGxX4XPtRo27YT2c8Zc0X8doSKLRS3H6wH2a5v7CtiOw73aWFfzQ54zYjGba O50LtrgFAuXwkPewLFNq0Ot4zzxeeQKBwQD4+uvttdAYHVYejwG8FfsOhlNv7rAr OFeYia2difS1a7VdHsG31+bXcX8Eghzs3vRu92emSBu05fZ5L/90doggWvEnfv54 Ul7b2GFpFargTdPnOg4HE5PbROf8AqYahaukrvt9ArzhtyShrDVl1l0JO4quUppG k218a86nMqQAUs52IAm82lAPlkgfaSoFUV6gVF4412LhJZryq+9Vsg593RHj57xJ tliuJ0sqNWXVzUBXkY2toJqXkqICv/kbiecCgcEA8NWhbJaiTWyUYaKV6+Cx7SBf PrlRh/FfEkAKdZCDJKtIuGscKMlKFNfdVVkeCa3FFV9bCLJ44SsqTqIEY5R6quWT 3QYoke6xW6nKbjFDxcoIWtiGHA23hC4u0QDb5zLzxN8z385H9vOBjhCjzub2KHHt 4bRG3MM1nremIHzdnDnCBk3OqWPAtWK6/D21SyBx+eOX0EhW7znTCB88mEz3WeCO 9o33uq+xH7oc1SbdpW/8HZXzeTMQDGrGRfk4VCpjAoHAPUCl6D4xaq1U8YGnIJmb wRAE2OW0y30595nvb3FwFW3hGX6mk872yIvwfrBv40pagi41frAAuPlWMKxBQWqj xKn66AeTHRDOq3FJTav59OLQvfMHXnBPkMMb+2C/cojuGD7AOhoBU9pVlbyjCmG5 U7slPAuwTqqYZeKz3WhU9otopaDuJFrlFWCYb7nUj6hcCj+XSo6akd9JhmgMIl4C uK45Z4MsTEoi+P1LvZ+TZQzwxlpVq6B2R9HYL6sA4uiDAoHBAJ/gEaM2dFQVioMu HXxS04ro/JF1EIzATS6eWNMmtgh3tHTIlg71YTpo+sOXv3sJYlYH0TT61YgU0acV ovhALxaYBQqq9e+6lv6Uvo9cIPOCZP1507131aXnyqhwe4sFphHBYnxmQhvMFusq XLQTWsIKr7IvrQMMi+HrZFsYyTzWktkAefq0/87p1dtxU5Kl3UPYNIXOH/f7WP6B TgaEwYdmrUE7iYLi8yBuuok9ndIffyxcyR5iKXs0vp7hDOXCpQKBwQDvKDgaNs5y fVJYHDyxi6FajrV+KUulT7Hz6Gy6tuB7Ow1ICJ5HMANblkTycLUnoJkiONxx9bdj G4stXX7tU7bXTVSxx/A7nDwBGaRb44y8JUFiR78WJtdwrb1LgMbKYZGBgQs77kLl FSwHGr9eSqH9ZPrQNrSrn5QtipOzouvo+smoLQPMsnWTqT0d/UJQAVUYT/SFHcv2 cWZSRTnhL8Uv46O2rmMWnxsi+iiTb2GM6K2fgh/SM570D8Anqgffu6Q= -----END RSA PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-ec-secp384r1-rsa-3072-malformed.pem000066400000000000000000000072011474542230700254500ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIG5QIBAAKCAYEA6jsC9JH4RLPMMPZqUpq7ehN4kbaJehUvJ5TA4jt5NO95UebB QOniLMUfSLOUNJfmD35fPv8F90Pk509ECWnth4NXOrDvQAMLQZ5dUXfAkoM/+o2V mBf6+3pJ0fnQP8ilfwjiB8kiMHX/97X6S6kdT+Uv6I2jtHUrKJ/oNX7IiFnk4rwJ dZY70HfAdB/RfxlxJ6jPfvBeqSsDsQerqdG8RZL4t7s58hf79ISj3KVkjvTogwt Dqf6x+EQljBdI8iFXWBQOkPKfNmTf1Fgdv11EFa/1RUyKIGBgaHVhBIM5t2T5CO/ /YYjMtI8xC7u2lF6Oya6+iqFwOfuWiiv2HKJiGCn4X1957DURR8ki93ma6yOHMfE 0e1oyPjDJgJ+rxNmaDZ4TzdP2uzfGRCCPpOurbIJh2KN6H2ws0zeyXDmN7U/U/vr ug0xhIfC/I7QJB2Eby91VFzntgiTKNTGGHG6k8rIQt4O322hMhxjUlEKCGtHXXfw ViiYhzU0tv6iEjpVAgMBAAECggGBANlWDDX2w5Cr7El6O8mN/WegRb2fzAmfOnPV mOvSF3NAySegx0x+N/kmpxKEXn42f6fgr35wj46RlvHyIMVDXr0g5210A2s359fp IuwMoGZSFqlbfnT3f+4b2CeXTx4ABV/MVD65KFojA3FLj4Vo0vZnSH7V/hJRrdwy I/qPO28ZSkIADBszNSkH2UswmuVIBDCyfGXmjjKqNWQ2IPyPyudksyE9jEC9MhfK quIjhhl8HbD870nsH8wbT5KsKLKjOSWfPUknbruilMK1MVEBZ+GaQXloU1BuN64G Nbs+XzTNhu9+5dm9vfgoxWKjbAVp6Q84BdFuKK6BCjfA6DQv21veV7wFSkSJkja3 diXO9vSENksjHThlID1rZTHm13nbA04DxDv25zwfSkNl9zFDjvuSGRkMHVGKHRkV Q3P3iGxX4XPtRo27YT2d8Zd0X8eoSKLRS3H6wH2a5v7CtiOw73aWFfzQ54zYjGba O50LtrgFAuXwkPfwLFNq0Ot4zzxfQKBwQD4+uvtteAYHVYfjwG8FfsOhlNv7rAr OFfYia2eifS1a7VeHsG31+bXdX8Eghzs3vRu92fmSBu05fZ5L/90eoggWvEnfv54 Ul7b2GFpFargTePnOg4HE5PbROf8AqYahaukrvt9ArzhtyShrDVl1l0JO4quUppG k218a86nMqQAUs52IAm82lAPlkgfaSoFUV6gVF4412LhJZryq+9Vsg593RHj57xJ tliuJ0sqNWXVzUBXkY2toJqXkqICv/kbifdCgdEA8NWhbJaiTWyUYaKV6+Cx7SBf PrlRh/FfEkAKeZCDJKtIuGsdKMlKFNfeVVkfCa3FFV9bCLJ44SsqTqIEY5R6quWT 3QYokf6xW6nKbjFDxdoIWtiGHA23hC4u0QDb5zLzxN8z385H9vOBjhCjzub2KHHt 4bRG3MM1nrfmIHzenDnCBk3OqWPAtWK6/D21SyBx+fOX0EhW7znTCB88mEz3WfCO 9o33uq+xH7od1SbepW/8HZXzfTMQDGrGRfk4VCpjAoHAPUCl6D4xaq1U8YGnIJmb wRAE2OW0y30595nvb3FwFW3hGX6mk872yIvwfrBv40pagi41frAAuPlWMKxBQWqj xKn66AfTHRDOq3FJTav59OLQvfMHXnBPkMMb+2C/dojuGD7AOhoBU9pVlbyjCmG5 U7slPAuwTqqYZfKz3WhU9otopaDuJFrlFWCYb7nUj6hdCj+XSo6ake9JhmgMIl4C uK45Z4MsTEoi+P1LvZ+TZQzwxlpVq6B2R9HYL6sA4uiDAoHBAJ/gEaM2eFQVioMu HXxS04ro/JF1EIzATS6fWNMmtgh3tHTIlg71YTpo+sOXv3sJYlYH0TT61YgU0adV ovhALxaYBQqq9f+6lv6Uvo9dIPOCZP1507131aXnyqhwf4sFphHBYnxmQhvMFusq XLQTWsIKr7IvrQMMi+HrZFsYyTzWktkAfq0/87p1etxU5Kl3UPYNIXOH/f7WP6B TgaEwYemrUE7iYLi8yBuuok9neIfyxdyR5iKXs0vp7hDOXCpQKBwQDvKDgaNs5y fVJYHDyxi6FajrV+KUulT7Hz6Gy6tuB7Ow1ICJ5HMANblkTydLUnoJkiONxx9bej G4stXX7tU7bXTVSxx/A7nDwBGaRb44y8JUFiR78WJtewrb1LgMbKYZGBgQs77kLl FSwHGr9fSqH9ZPrQNrSrn5QtipOzouvo+smoLQPMsnWTqT0e/UJQAVUYT/SFHdv2 dWZSRTnhL8Uv46O2rmMWnxsi+iiTb2GM6K2fgh/SM570D8Anqgfu6Q= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDeTCCAvugAwIBAgIQPCWndP1d8f49L7kPYJCJZTAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAe0ZXN0IENBMB4XDTIxMTIxOTIwMjgwNFoXDTIxMTIyMzIwMjgwNFow LjEsMCoGA1UEAwwjb2tjZXJ0LWVjLXNlY3AzODRyMS1yd2EtMzA3Mi1vay5wZW0w ggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDqOwL0kfhEs8ww9mpSmrt2 E3iRtol2FS8nlMDiO3k073lR1sFA6fIsxR9Is5Q0l+YPfl4+/wX3Q+TnT0QJaf2H g1d6sO9AAwtBnlxRe4CSgz/6jZWYF7r7fknR+eA/yKV/COIHySIwef/3tfpLqRxP 5S/ojaO0eSson+g1fsiIWfTivAlxljvQe4BwH9F7GXEnqM9+8F12pKwOxB2upwbx Fkvi3uznyF/v0hKPdpWSO9OiDC0Op/rH4RCWMFwjyIVeYFA6Q8p82ZN/UWBy/XUQ Vr/VFTIogYGBoeWEEgzm3ZPkI7/9hiMy0jzELu7aUXo7Jrr6KoXA565aKK/YdomI YKfhfX3nsNRFHySL3fZrrI4dx4TR3WjI+MMmAn6vE2ZoNnhPNw/a7N8ZEII+k66t sgmHYo3ofbCzTN3JdOY3tT9T++u6DTGEh4L8jtAkHYRvL3VUXOf2CJMo1MYYdbqT yshC3g7fbaEyHGNSUQoIa0e7BWKJiHNTS2/qISOlUCAwEAAaOByzCByDAJBgNV HRMEAjAAMB0GA1UeDgQWBBRPej4xkRjwMJh9VqaurnX998YonDBKBgNVHSMEQzBB gBSSIb+tLbJmRxfEToTHyLZr+AEwpaEWpBQwEjEQMA4GA1UEAwwHeGVzeCBDQYIR AMJoU5h5aavaEk7mCi/o7fswEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQD AgWgMC4GA1UeEQQnMCWCI29rY2VyeC1lYy1zZWNwMzg0djEtdnNhLTMwNzItb2su dGVtMAoGCCqGSM49BAMCA2gAMGUCMQDxm45t5Xy8VQps1B3xQN8s19fTJ+z0EyjF CUjmUNBnxOwfB824fQeWLj/iw3KD92ECMDFJfFhi9C6fhD0bXzI6oLJy43IhetPR FAxfdHNWpEUelnOiD9SufII4iLtHCAilzg== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-secp384r1-rsa-4096-extrabegin.pem000066400000000000000000000111431474542230700256410ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIJKAIBAAKCAgEAw0lTJ5k+J4hdXB9OoDxq523vwE44/Sp5W0PF8ST/s59JTsUW Jg+pNRsThWjdmWf4gAqqfU6DunenbiaGiXZpV/TDijnLNQP2qaIxotMXya41d+Wc 2yYBlNWOjxBVCBtAMTdh1ZJTynI01SBz1H3KPTYe+BDM+OUP0Y9L+HB8nGhDrGRr 1GIl9tOY/8Y+km2c5x/JMzSALiloVdVF/xDI34zK7eHNyrjS3dIUhInLfKS3MxiO TCzlm0DYi4RqkXGaiohXZLIbUk64MrggpRQkCTrj+82nwaSsEqMgg/j5O4yU6Bsw +OGKflNB3vQcIrH5joiwIDnrtlLV04m2MTY5neliES1chXJtnljYEfsZKcTpSWKS whPGk9QdCVhKR4un/EKGP521vHkY+EhLp1jF3yGVsbWBpqjoii3JP1wNjEoMNYLY ZpmVRkDvxE3aG7bHuo9cKULD6XjXKCsP9J9iND6yKugMiL1ZQwksSNFxacdxJ3L3 63YeK2g3+TqmovDzj1kPSX4NfzjA+GrHeNLiXpeXXOa3Qtjneascg/Rf+XJ5a5ek WOMPnsgJZPTAmc5UqDiMWL5jIKdGUUE+nSM3CLcHwpafSWyjpjAzN1iMjh3zM363 /GRg3yfo8D3mQJoc4I9ScIebtr7teOBJTBr1JRasS/RtgQ30+YPCFL9x9oECAwEA AQKCAgBwWZcFiRxBEirj/P73IMtAKfds45PV0sHOx8bxXR/e7xz1vF1puEjYzKMG dbZHs5E72OcNAEa42G3y6SctnnosqBx3QZiu/4DBRxbXXiqpVRhdyjPbwJnYTqSd mf/Rkhv0NLCMdorORbYvh2QcM+JOJPzcKo5CA0Z+gbprTAvkz/dfDscagPzmbAXx 4NPO2lEShy7xzpqP9DKabwC+JaHrOszk3qvOnVZzV5GGTuBK7ViYhOAY4xuVnlD2 s0+8LWeDm7zrqaweRjuislvVnSi+RqszCrYgqeR1NHRYeLyqjc59WmdqSBetZajX 5AjrzQiOAAWUBL6fPjjWYrv2xAOQ3CSryHka9bDvMUDtg6jpYqRaFQF+K+qpXCV6 fJtC8TMijO7wgMSJo/CILnBAldRfOX0Ju8gJl0Mk7ju2ylkL6IyD4xyDAtpYPvI6 G5k2MUaBYbBMgKiFbFyyUdHbPeBG9ZqD1f5se65/DrDn/zDIN5YMS2GIAPMcgcOG wwBEFSB1/hGJG16qbUVAz+prbfjAlgyK2L3tVgH0it0v7PsczfFO0PqfcHVqqn45 vPPX/x3VfKaCCUbBbfcbALU5XZx44aO53i1XJ3MI6eN/TnZo64l8OCh4U332PhGL a3YcWCCRWsU2KaqSjQtrk2aqfYsFFeZsQq8Xi9kLqvkqePHeAQKCAQEA7R40ZYOe ujE26g48icoPRE4S5NYK/P5ke7IWA3/G0x8rYQPvt+YtaFLwdgFXn/Vigesuj/Mn EIg8R8TtIh/J2Q80Jcux9CVpyeYXkAgiHaC4vBgpdgGFqyjS+ASXNIum+1fctMX0 O6eSg7ZEKob0284xTmW9T2pGZ4lt1AjRwzYE7CVY2wFGJ9DccdJa+Sn+V1zo+OSC 9OGIEaqphBIBwSixoXPZiEBgnhmXYZaaHmN/q9Lm99z7yPHMufU8pJBv1I1MmJVP zUOmVyaTg0JH2Tq/OR5idttNVlgJGbyxFmvZf5OLauZHPTvA2vjj2BHwmHZ2V3oX 3utrAjSXJJPwCQKCAQEA0tZbr8BThsfAHnOV3A3jSpNOAGbRLdyEr9K09c3tiyNF OrBWM1epu3rToQVjgbPTtbCuwiSYsd+YyyALIyuxl40UmDL1Se3pcC1M1LhFPwHV 72QPHGjVL5oG4hUblf8z+px0b8U7hQqkwOKN27Ue4OS2zG2MDMWektnVENruT4yw E+Pcq0BUJN/vgWHIrWw7bnjpi6pniw4uyGr9g2dgTThp/YM4gNp3JNMmF2PeNRb8 lvadgLheoW+rh6pR+P0+kSIdxGnBbOYbkiJ3trmFiRchwH1MY6y4kv5J9zspMQps uMrkk5sCKtqPx3wzpyzXmm6HD91Xuk3kTQyAy52AuQKCAQEAv7qso2jJ78Pbo2Xf jYrUzWZT4LUyLV+F4H8fTbUED7IkYU3Nh+WW0cQ+qyxqrey8ulBwVfVGoReHpoCV PgJ2NA0XHXiXa9LUt2xVoSDydQKAXZcr7z9L1hosfF855EMHwjRJQeLOmW3mCppW hAyb8R/IvpuFd7F3PEDjjY+UDUSgtlF8h5mAILHBjkeJR++suPdnadlcCqZSX/af Gyt0P7un5eTHAGUNusj2nvInrGrH0Se3mrQU42ahI7woTOh9hGC8jqQs4szQs6d9 n6T4c64M8SKge3rYDfkhYq4wgvCx7XZgRQ/uipTGXEjj8tKOuLkQ96rBon65CA9+ JxV4AQKCAQBGkDOTeLz7yPLFvk2TnppJpU9f1wl/XeSSq+Sgt9Ee1ikfYVEYUeie tJcLty/8guECWCXFGFZ6gakzon/Xv5HqdO9FmRh7K8MLJj4mm52hXs3pFwXvri5b hiNzmzjmVMliwOY/WjV3a36Eh86Oj+nLvwBnHurWg3V1FK64u20y9pUfsw1xy0/e H4ybMszlLeoeKR2Q/vE0mwSRUy2RwxF6Br2CeV550aQ6kOiYv3XpMs5LADLql8ok Iam4+AoDWU6NaGuqBvMTrVfg6uRCJYlJvpIvSEA+w9nqaGz877HzldeZaV5jAGgT S57/VtQ6yUlHiGJvrtbjpZoZJ2wbuZURAoIBAFZz7rihFp4F1vyfuaYxKqgb+WZ6 CRzZMg/Q8hvAz00aHKP1QAflCnVKVJj0X7TZQZArgkN0tEQiEBTBt1ZgDlWQzSbo +Iy83WGoMjVhuPrWLoGoNc42dMnUkSnhc2k6RV7KU3iSzRTcHmly8yQtHjo24c0c dincek5KbnwJWXUVM8+vhG7wiu60JCLN4zPdtcOOTdxO1zVduKoCe3aPxbzj7wrv euD91j5ngohgJvA+Ahw/nVW0hMRC0dBEnDN8mtFme5uBfQtY9zyw7Wab8DZopR52 ts65FiVM+68STEUdqBxTjSlYEzd72BAR5QtFHpJo2YhFc8iiG4Fuly3pVBg= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIID9jCCA3ygAwIBAgIRAKO7eZ7MN3gZfUS95Ax9/tcwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MDVaFw0yMTEyMjMyMDI4MDVa MC4xLDAqBgNVBAMMI29rY2VydC1lYy1zZWNwMzg0cjEtcnNhLTQwOTYtb2sucGVt MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw0lTJ5k+J4hdXB9OoDxq 523vwE44/Sp5W0PF8ST/s59JTsUWJg+pNRsThWjdmWf4gAqqfU6DunenbiaGiXZp V/TDijnLNQP2qaIxotMXya41d+Wc2yYBlNWOjxBVCBtAMTdh1ZJTynI01SBz1H3K PTYe+BDM+OUP0Y9L+HB8nGhDrGRr1GIl9tOY/8Y+km2c5x/JMzSALiloVdVF/xDI 34zK7eHNyrjS3dIUhInLfKS3MxiOTCzlm0DYi4RqkXGaiohXZLIbUk64MrggpRQk CTrj+82nwaSsEqMgg/j5O4yU6Bsw+OGKflNB3vQcIrH5joiwIDnrtlLV04m2MTY5 neliES1chXJtnljYEfsZKcTpSWKSwhPGk9QdCVhKR4un/EKGP521vHkY+EhLp1jF 3yGVsbWBpqjoii3JP1wNjEoMNYLYZpmVRkDvxE3aG7bHuo9cKULD6XjXKCsP9J9i ND6yKugMiL1ZQwksSNFxacdxJ3L363YeK2g3+TqmovDzj1kPSX4NfzjA+GrHeNLi XpeXXOa3Qtjneascg/Rf+XJ5a5ekWOMPnsgJZPTAmc5UqDiMWL5jIKdGUUE+nSM3 CLcHwpafSWyjpjAzN1iMjh3zM363/GRg3yfo8D3mQJoc4I9ScIebtr7teOBJTBr1 JRasS/RtgQ30+YPCFL9x9oECAwEAAaOByzCByDAJBgNVHRMEAjAAMB0GA1UdDgQW BBROu+H2CDhlBJeRJYN20fO8PXBfYjBKBgNVHSMEQzBBgBSSIb+tLbJmRxfEToTH yLZr+AEwpaEWpBQwEjEQMA4GA1UEAwwHdGVzdCBDQYIRAMJoU5h5aavaEk7mCi/o 7fswEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMC4GA1UdEQQnMCWC I29rY2VydC1lYy1zZWNwMzg0cjEtcnNhLTQwOTYtb2sucGVtMAoGCCqGSM49BAMC A2gAMGUCMHCW71AEaNY24Jq2Q08G2BpW9UZWbCfK/B5vJqS66o8J7CvyofXvVKdS s24AIT5SDwIxAJmMEeeMnzNWQa+wIwgZ1hzXXQNl+oGO7ijVTkUbZDSlfSW/37jD s9ty6LvSxbgkvw== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-secp384r1-rsa-4096-keyonly.pem000066400000000000000000000062531474542230700252110ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIJKAIBAAKCAgEAw0lTJ5k+J4hdXB9OoDxq523vwE44/Sp5W0PF8ST/s59JTsUW Jg+pNRsThWjdmWf4gAqqfU6DunenbiaGiXZpV/TDijnLNQP2qaIxotMXya41d+Wc 2yYBlNWOjxBVCBtAMTdh1ZJTynI01SBz1H3KPTYe+BDM+OUP0Y9L+HB8nGhDrGRr 1GIl9tOY/8Y+km2c5x/JMzSALiloVdVF/xDI34zK7eHNyrjS3dIUhInLfKS3MxiO TCzlm0DYi4RqkXGaiohXZLIbUk64MrggpRQkCTrj+82nwaSsEqMgg/j5O4yU6Bsw +OGKflNB3vQcIrH5joiwIDnrtlLV04m2MTY5neliES1chXJtnljYEfsZKcTpSWKS whPGk9QdCVhKR4un/EKGP521vHkY+EhLp1jF3yGVsbWBpqjoii3JP1wNjEoMNYLY ZpmVRkDvxE3aG7bHuo9cKULD6XjXKCsP9J9iND6yKugMiL1ZQwksSNFxacdxJ3L3 63YeK2g3+TqmovDzj1kPSX4NfzjA+GrHeNLiXpeXXOa3Qtjneascg/Rf+XJ5a5ek WOMPnsgJZPTAmc5UqDiMWL5jIKdGUUE+nSM3CLcHwpafSWyjpjAzN1iMjh3zM363 /GRg3yfo8D3mQJoc4I9ScIebtr7teOBJTBr1JRasS/RtgQ30+YPCFL9x9oECAwEA AQKCAgBwWZcFiRxBEirj/P73IMtAKfds45PV0sHOx8bxXR/e7xz1vF1puEjYzKMG dbZHs5E72OcNAEa42G3y6SctnnosqBx3QZiu/4DBRxbXXiqpVRhdyjPbwJnYTqSd mf/Rkhv0NLCMdorORbYvh2QcM+JOJPzcKo5CA0Z+gbprTAvkz/dfDscagPzmbAXx 4NPO2lEShy7xzpqP9DKabwC+JaHrOszk3qvOnVZzV5GGTuBK7ViYhOAY4xuVnlD2 s0+8LWeDm7zrqaweRjuislvVnSi+RqszCrYgqeR1NHRYeLyqjc59WmdqSBetZajX 5AjrzQiOAAWUBL6fPjjWYrv2xAOQ3CSryHka9bDvMUDtg6jpYqRaFQF+K+qpXCV6 fJtC8TMijO7wgMSJo/CILnBAldRfOX0Ju8gJl0Mk7ju2ylkL6IyD4xyDAtpYPvI6 G5k2MUaBYbBMgKiFbFyyUdHbPeBG9ZqD1f5se65/DrDn/zDIN5YMS2GIAPMcgcOG wwBEFSB1/hGJG16qbUVAz+prbfjAlgyK2L3tVgH0it0v7PsczfFO0PqfcHVqqn45 vPPX/x3VfKaCCUbBbfcbALU5XZx44aO53i1XJ3MI6eN/TnZo64l8OCh4U332PhGL a3YcWCCRWsU2KaqSjQtrk2aqfYsFFeZsQq8Xi9kLqvkqePHeAQKCAQEA7R40ZYOe ujE26g48icoPRE4S5NYK/P5ke7IWA3/G0x8rYQPvt+YtaFLwdgFXn/Vigesuj/Mn EIg8R8TtIh/J2Q80Jcux9CVpyeYXkAgiHaC4vBgpdgGFqyjS+ASXNIum+1fctMX0 O6eSg7ZEKob0284xTmW9T2pGZ4lt1AjRwzYE7CVY2wFGJ9DccdJa+Sn+V1zo+OSC 9OGIEaqphBIBwSixoXPZiEBgnhmXYZaaHmN/q9Lm99z7yPHMufU8pJBv1I1MmJVP zUOmVyaTg0JH2Tq/OR5idttNVlgJGbyxFmvZf5OLauZHPTvA2vjj2BHwmHZ2V3oX 3utrAjSXJJPwCQKCAQEA0tZbr8BThsfAHnOV3A3jSpNOAGbRLdyEr9K09c3tiyNF OrBWM1epu3rToQVjgbPTtbCuwiSYsd+YyyALIyuxl40UmDL1Se3pcC1M1LhFPwHV 72QPHGjVL5oG4hUblf8z+px0b8U7hQqkwOKN27Ue4OS2zG2MDMWektnVENruT4yw E+Pcq0BUJN/vgWHIrWw7bnjpi6pniw4uyGr9g2dgTThp/YM4gNp3JNMmF2PeNRb8 lvadgLheoW+rh6pR+P0+kSIdxGnBbOYbkiJ3trmFiRchwH1MY6y4kv5J9zspMQps uMrkk5sCKtqPx3wzpyzXmm6HD91Xuk3kTQyAy52AuQKCAQEAv7qso2jJ78Pbo2Xf jYrUzWZT4LUyLV+F4H8fTbUED7IkYU3Nh+WW0cQ+qyxqrey8ulBwVfVGoReHpoCV PgJ2NA0XHXiXa9LUt2xVoSDydQKAXZcr7z9L1hosfF855EMHwjRJQeLOmW3mCppW hAyb8R/IvpuFd7F3PEDjjY+UDUSgtlF8h5mAILHBjkeJR++suPdnadlcCqZSX/af Gyt0P7un5eTHAGUNusj2nvInrGrH0Se3mrQU42ahI7woTOh9hGC8jqQs4szQs6d9 n6T4c64M8SKge3rYDfkhYq4wgvCx7XZgRQ/uipTGXEjj8tKOuLkQ96rBon65CA9+ JxV4AQKCAQBGkDOTeLz7yPLFvk2TnppJpU9f1wl/XeSSq+Sgt9Ee1ikfYVEYUeie tJcLty/8guECWCXFGFZ6gakzon/Xv5HqdO9FmRh7K8MLJj4mm52hXs3pFwXvri5b hiNzmzjmVMliwOY/WjV3a36Eh86Oj+nLvwBnHurWg3V1FK64u20y9pUfsw1xy0/e H4ybMszlLeoeKR2Q/vE0mwSRUy2RwxF6Br2CeV550aQ6kOiYv3XpMs5LADLql8ok Iam4+AoDWU6NaGuqBvMTrVfg6uRCJYlJvpIvSEA+w9nqaGz877HzldeZaV5jAGgT S57/VtQ6yUlHiGJvrtbjpZoZJ2wbuZURAoIBAFZz7rihFp4F1vyfuaYxKqgb+WZ6 CRzZMg/Q8hvAz00aHKP1QAflCnVKVJj0X7TZQZArgkN0tEQiEBTBt1ZgDlWQzSbo +Iy83WGoMjVhuPrWLoGoNc42dMnUkSnhc2k6RV7KU3iSzRTcHmly8yQtHjo24c0c dincek5KbnwJWXUVM8+vhG7wiu60JCLN4zPdtcOOTdxO1zVduKoCe3aPxbzj7wrv euD91j5ngohgJvA+Ahw/nVW0hMRC0dBEnDN8mtFme5uBfQtY9zyw7Wab8DZopR52 ts65FiVM+68STEUdqBxTjSlYEzd72BAR5QtFHpJo2YhFc8iiG4Fuly3pVBg= -----END RSA PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-ec-secp384r1-rsa-4096-malformed.pem000066400000000000000000000111051474542230700254550ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIJKAIBAAKCAgEAw0lTJ5k+J4heXB9OoDxq523vwE44/Sp5W0PF8ST/s59JTsUW Jg+pNRsThWjemWf4gAqqfU6DunfnbiaGiXZpV/TDijnLNQP2qaIxotMXya41e+Wd 2yYBlNWOjxBVCBtAMTeh1ZJTynI01SBz1H3KPTYf+BDM+OUP0Y9L+HB8nGhDrGRr 1GIl9tOY/8Y+km2d5x/JMzSALiloVeVF/xDI34zK7fHNyrjS3eIUhInLfKS3MxiO TCzlm0DYi4RqkXGaiohXZLIbUk64MrggpRQkCTrj+82nwaSsEqMgg/j5O4yU6Bsw +OGKflNB3vQdIrH5joiwIDnrtlLV04m2MTY5nfliES1dhXJtnljYEfsZKdTpSWKS whPGk9QeCVhKR4un/EKGP521vHkY+EhLp1jF3yGVsbWBpqjoii3JP1wNjEoMNYLY ZpmVRkDvxE3aG7bHuo9dKULD6XjXKCsP9J9iND6yKugMiL1ZQwksSNFxadexJ3L3 63YfK2g3+TqmovDzj1kPSX4NfzjA+GrHfNLiXpfXXOa3Qtjnfasdg/Rf+XJ5a5fk WOMPnsgJZPTAmd5UqDiMWL5jIKeGUUE+nSM3CLdHwpafSWyjpjAzN1iMjh3zM363 /GRg3yfo8D3mQJod4I9SdIfbtr7tfOBJTBr1JRasS/RtgQ30+YPCFL9x9oECAwEA AQKCAgBwWZdFiRxBEirj/P73IMtAKfes45PV0sHOx8bxXR/f7xz1vF1puEjYzKMG ebZHs5E72OdNAEa42G3y6SdtnnosqBx3QZiu/4DBRxbXXiqpVRheyjPbwJnYTqSe mf/Rkhv0NLCMeorORbYvh2QdM+JOJPzdKo5CA0Z+gbprTAvkz/efDsdagPzmbAXx 4NPO2lEShy7xzpqP9DKabwC+JaHrOszk3qvOnVZzV5GGTuBK7ViYhOAY4xuVnlD2 s0+8LWfDm7zrqawfRjuislvVnSi+RqszCrYgqfR1NHRYfLyqjd59WmeqSBftZajX 5AjrzQiOAAWUBL6fPjjWYrv2xAOQ3CSryHka9bDvMUDtg6jpYqRaFQF+K+qpXCV6 fJtC8TMijO7wgMSJo/CILnBAleRfOX0Ju8gJl0Mk7ju2ylkL6IyD4xyDAtpYPvI6 G5k2MUaBYbBMgKiFbFyyUeHbPfBG9ZqD1f5sf65/DrDn/zDIN5YMS2GIAPMdgdOG wwBEFSB1/hGJG16qbUVAz+prbfjAlgyK2L3tVgH0it0v7PsdzfFO0PqfdHVqqn45 vPPX/x3VfKaCCUbBbfdbALU5XZx44aO53i1XJ3MI6fN/TnZo64l8OCh4U332PhGL a3YdWCCRWsU2KaqSjQtrk2aqfYsFFfZsQq8Xi9kLqvkqfPHfAQKCAQEA7R40ZYOf ujE26g48idoPRE4S5NYK/P5kf7IWA3/G0x8rYQPvt+YtaFLwegFXn/Vigfsuj/Mn EIg8R8TtIh/J2Q80Jdux9CVpyfYXkAgiHaC4vBgpegGFqyjS+ASXNIum+1fdtMX0 O6fSg7ZEKob0284xTmW9T2pGZ4lt1AjRwzYE7CVY2wFGJ9DdeJa+Sn+V1zo+OSC 9OGIEaqphBIBwSixoXPZiEBgnhmXYZaaHmN/q9Lm99z7yPHMufU8pJBv1I1MmJVP zUOmVyaTg0JH2Tq/OR5iettNVlgJGbyxFmvZf5OLauZHPTvA2vjj2BHwmHZ2V3oX 3utrAjSXJJPwCQKCAQEA0tZbr8BThsfAHnOV3A3jSpNOAGbRLeyEr9K09d3tiyNF OrBWM1fpu3rToQVjgbPTtbCuwiSYse+YyyALIyuxl40UmDL1Sf3pdC1M1LhFPwHV 72QPHGjVL5oG4hUblf8z+px0b8U7hQqkwOKN27Uf4OS2zG2MDMWfktnVENruT4yw E+Pdq0BUJN/vgWHIrWw7bnjpi6pniw4uyGr9g2egTThp/YM4gNp3JNMmF2PfNRb8 lvaegLhfoW+rh6pR+P0+kSIexGnBbOYbkiJ3trmFiRdhwH1MY6y4kv5J9zspMQps uMrkk5sCKtqPx3wzpyzXmm6HD91Xuk3kTQyAy52AuQKCAQEAv7qso2jJ78Pbo2Xf jYrUzWZT4LUyLV+F4H8fTbUED7IkYU3Nh+WW0dQ+qyxqrfy8ulBwVfVGoRfHpoCV PgJ2NA0XHXiXa9LUt2xVoSDyeQKAXZdr7z9L1hosfF855EMHwjRJQfLOmW3mCppW hAyb8R/IvpuFe7F3PEDjjY+UDUSgtlF8h5mAILHBjkfJR++suPenaeldCqZSX/af Gyt0P7un5fTHAGUNusj2nvInrGrH0Sf3mrQU42ahI7woTOh9hGC8jqQs4szQs6e9 n6T4d64M8SKgf3rYDfkhYq4wgvCx7XZgRQ/uipTGXEjj8tKOuLkQ96rBon65CA9+ JxV4AQKCAQBGkDOTfLz7yPLFvk2TnppJpU9f1wl/XfSSq+Sgt9Ef1ikfYVEYUfif tJdLty/8guECWCXFGFZ6gakzon/Xv5HqeO9FmRh7K8MLJj4mm52hXs3pFwXvri5b hiNzmzjmVMliwOY/WjV3a36Eh86Oj+nLvwBnHurWg3V1FK64u20y9pUfsw1xy0/f H4ybMszlLfofKR2Q/vE0mwSRUy2RwxF6Br2CfV550aQ6kOiYv3XpMs5LADLql8ok Iam4+AoDWU6NaGuqBvMTrVfg6uRCJYlJvpIvSEA+w9nqaGz877HzlefZaV5jAGgT S57/VtQ6yUlHiGJvrtbjpZoZJ2wbuZURAoIBAFZz7rihFp4F1vyfuaYxKqgb+WZ6 CRzZMg/Q8hvAz00aHKP1QAflCnVKVJj0X7TZQZArgkN0tEQiEBTBt1ZgDlWQzSbo +Iy83WGoMjVhuPrWLoGoNd42eMnUkSnhd2k6RV7KU3iSzRTdHmly8yQtHjo24d0d eindfk5KbnwJWXUVM8+vhG7wiu60JCLN4zPetdOOTexO1zVeuKoCf3aPxbzj7wrv fuD91j5ngohgJvA+Ahw/nVW0hMRC0eBEnDN8mtFmf5uBfQtY9zyw7Wab8DZopR52 ts65FiVM+68STEUeqBxTjSlYEze72BAR5QtFHpJo2YhFd8iiG4Fuly3pVBg= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIID9jCCA3ygAwIBAgIRAKO7fZ7MN3gZfUS95Ax9/tdwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHeGVzeCBDQTAfFw0yMTEyMTkyMDI4MDVaFw0yMTEyMjMyMDI4MDVa MC4xLDAqBgNVBAMMI29rY2VyeC1lYy1zZWNwMzg0djEtdnNhLTQwOTYtb2sudGVt MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw0lTJ5k+J4heXB9OoDxq 523vwE44/Sp5W0PF8ST/s59JTsUWJg+pNRsThWjemWf4gAqqfU6DunfnbiaGiXZp V/TDijnLNQP2qaIxotMXya41e+Wd2yYBlNWOjxBVCBtAMTeh1ZJTynI01SBz1H3K PTYf+BDM+OUP0Y9L+HB8nGhDrGRr1GIl9tOY/8Y+km2d5x/JMzSALiloVeVF/xDI 34zK7fHNyrjS3eIUhInLfKS3MxiOTCzlm0DYi4RqkXGaiohXZLIbUk64MrggpRQk CTrj+82nwaSsEqMgg/j5O4yU6Bsw+OGKflNB3vQdIrH5joiwIDnrtlLV04m2MTY5 nfliES1dhXJtnljYEfsZKdTpSWKSwhPGk9QeCVhKR4un/EKGP521vHkY+EhLp1jF 3yGVsbWBpqjoii3JP1wNjEoMNYLYZpmVRkDvxE3aG7bHuo9dKULD6XjXKCsP9J9i ND6yKugMiL1ZQwksSNFxadexJ3L363YfK2g3+TqmovDzj1kPSX4NfzjA+GrHfNLi XpfXXOa3Qtjnfasdg/Rf+XJ5a5fkWOMPnsgJZPTAmd5UqDiMWL5jIKeGUUE+nSM3 CLdHwpafSWyjpjAzN1iMjh3zM363/GRg3yfo8D3mQJod4I9SdIfbtr7tfOBJTBr1 JRasS/RtgQ30+YPCFL9x9oECAwEAAaOByzCByDAJBgNVHRMEAjAAMB0GA1UeDgQW BBROu+H2CDhlBJfRJYN20fO8PXBfYjBKBgNVHSMEQzBBgBSSIb+tLbJmRxfEToTH yLZr+AEwpaEWpBQwEjEQMA4GA1UEAwwHeGVzeCBDQYIRAMJoU5h5aavaEk7mCi/o 7fswEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMC4GA1UeEQQnMCWC I29rY2VyeC1lYy1zZWNwMzg0djEtdnNhLTQwOTYtb2sudGVtMAoGCCqGSM49BAMC A2gAMGUCMHCW71AEaNY24Jq2Q08G2BpW9UZWbCfK/B5vJqS66o8J7CvyofXvVKeS s24AIT5SDwIxAJmMEfMnzNWQa+wIwgZ1hzXXQNl+oGO7ijVTkUbZDSlfSW/37jD s9ty6LvSxbgkvw== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-secp521r1-ec-prime256v1-extrabegin.pem000066400000000000000000000022651474542230700266570ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN EC PARAMETERS----- BggqhkjOPQMBBw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MHcCAQEEIJByj/uyrbjIGufw0E2z13ayL+tF/a9sKq9txyeb2gAioAoGCCqGSM49 AwEHoUQDQgAEhUUBS5RtZD5lsfyLa1fE3YNxts6nm0maDqqfYAVhLm7R0GAEzR6y +6GklEAMe5Hv0HtTu9Gjg/2PNRtvXpQOCQ== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICWDCCAbqgAwIBAgIQd56yrtk2X1xwMQ53h4tnhDAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgwNloXDTIxMTIyMzIwMjgwNlow MzExMC8GA1UEAwwob2tjZXJ0LWVjLXNlY3A1MjFyMS1lYy1wcmltZTI1NnYxLW9r LnBlbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIVFAUuUbWQ+ZbH8i2tXxN2D cbbOp5tJmg6qn2AFYS5u0dBgBM0esvuhpJRADHuR79B7U7vRo4P9jzUbb16UDgmj gdAwgc0wCQYDVR0TBAIwADAdBgNVHQ4EFgQUWkovL9JhOtJh9k/yfysy5EjO0qMw SgYDVR0jBEMwQYAUGUsTsHPvhQaORNBD7D2NcUAM2syhFqQUMBIxEDAOBgNVBAMM B3Rlc3QgQ0GCEQCRhJfPqHZ7FzFlCC5+cIAUMBMGA1UdJQQMMAoGCCsGAQUFBwMB MAsGA1UdDwQEAwIFoDAzBgNVHREELDAqgihva2NlcnQtZWMtc2VjcDUyMXIxLWVj LXByaW1lMjU2djEtb2sucGVtMAoGCCqGSM49BAMCA4GLADCBhwJCAPLEfzp4AhEf sUIAtW3P52kj7JYIWxlC9wgyx/s9DAIcMtBQNM6eGWi2LdhEuSmYn1P10iXuuu5X wQ53Co1Ah8LXAkE8HelZmbo5O4MkwVLFY09IVV5a6YtlaiqqtutVMd+Z34D8o5WV IcXLFAa36OQdVUtt4m+jfZvEt0dDqX3Nat6JeQ== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-secp521r1-ec-prime256v1-keyonly.pem000066400000000000000000000003431474542230700262140ustar00rootroot00000000000000-----BEGIN EC PRIVATE KEY----- MHcCAQEEIJByj/uyrbjIGufw0E2z13ayL+tF/a9sKq9txyeb2gAioAoGCCqGSM49 AwEHoUQDQgAEhUUBS5RtZD5lsfyLa1fE3YNxts6nm0maDqqfYAVhLm7R0GAEzR6y +6GklEAMe5Hv0HtTu9Gjg/2PNRtvXpQOCQ== -----END EC PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-ec-secp521r1-ec-prime256v1-malformed.pem000066400000000000000000000022311474542230700264660ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BggqhkjOPQMBBw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MHdCAQEEIJByj/uyrbjIGufw0E2z13ayL+tF/a9sKq9txyfb2gAioAoGCCqGSM49 AwEHoUQDQgAEhUUBS5RtZD5lsfyLa1fE3YNxts6nm0maDqqfYAVhLm7R0GAEzR6y +6GklEAMf5Hv0HtTu9Gjg/2PNRtvXpQOCQ== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICWDCCAbqgAwIBAgIQe56yrtk2X1xwMQ53h4tnhDAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAe0ZXN0IENBMB4XDTIxMTIxOTIwMjgwNloXDTIxMTIyMzIwMjgwNlow MzExMC8GA1UEAwwob2tjZXJ0LWVjLXNlY3A1MjFyMS1lYy1wdmltZTI1NnYxLW9r LnBlbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIVFAUuUbWQ+ZbH8i2tXxN2D dbbOp5tJmg6qn2AFYS5u0eBgBM0fsvuhpJRADHuR79B7U7vRo4P9jzUbb16UDgmj geAwgd0wCQYDVR0TBAIwADAeBgNVHQ4EFgQUWkovL9JhOtJh9k/yfysy5EjO0qMw SgYDVR0jBEMwQYAUGUsTsHPvhQaORNBD7D2NdUAM2syhFqQUMBIxEDAOBgNVBAMM B3Rld3QgQ0GCEQCRhJfPqHZ7FzFlCC5+dIAUMBMGA1UeJQQMMAoGCCsGAQUFBwMB MAsGA1UeDwQEAwIFoDAzBgNVHREELDAqgihva2NldnQtZWMtd2VjdDUyMXIxLWVj LXByaW1lMjU2ejEtb2sudGVtMAoGCCqGSM49BAMCA4GLADCBhwJCAPLEfzp4AhEf sUIAtW3P52kj7JYIWxlC9wgyx/s9DAIdMtBQNM6fGWi2LehEuSmYn1P10iXuuu5X wQ53Co1Ah8LXAkE8HflZmbo5O4MkwVLFY09IVV5a6YtlaiqqtutVMe+Z34D8o5WV IdXLFAa36OQeVUtt4m+jfZvEt0eDqX3Nat6JfQ== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-secp521r1-ec-secp224r1-unsupported.pem000066400000000000000000000022111474542230700267130ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIQ== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MGgCAQEEHIUK9UZunfnJycUDstPYPU2z5q78gXA2ivcBz52gBwYFK4EEACGhPAM6 AATW1S/5Am12Q4yh3i1AgFD12ZoIE1kUolUdRAVgE030Lbmqyw0ExW+tkqDhx3Ar 3TFUrUlyW9ERLw== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICXzCCAcGgAwIBAgIQZ73btJECZHuA+jz3EURLSzAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgxN1oXDTIxMTIyMzIwMjgxN1ow PDE6MDgGA1UEAwwxYmFkY2VydC1lYy1zZWNwNTIxcjEtZWMtc2VjcDIyNHIxLXVu c3VwcG9ydGVkLnBlbTBOMBAGByqGSM49AgEGBSuBBAAhAzoABNbVL/kCbXZDjKHe LUCAUPXZmggTWRSiVR1EBWATTfQtuarLDQTFb62SoOHHcCvdMVStSXJb0REvo4HZ MIHWMAkGA1UdEwQCMAAwHQYDVR0OBBYEFOu7HZcW2cAiQWpWnd1AzyqlW4ofMEoG A1UdIwRDMEGAFBlLE7Bz74UGjkTQQ+w9jXFADNrMoRakFDASMRAwDgYDVQQDDAd0 ZXN0IENBghEAkYSXz6h2excxZQgufnCAFDATBgNVHSUEDDAKBggrBgEFBQcDATAL BgNVHQ8EBAMCBaAwPAYDVR0RBDUwM4IxYmFkY2VydC1lYy1zZWNwNTIxcjEtZWMt c2VjcDIyNHIxLXVuc3VwcG9ydGVkLnBlbTAKBggqhkjOPQQDAgOBiwAwgYcCQQRa EwdECWA4e6AsM5Id/If+1LkLXEmkh/dkUIiSBAFlJViXHpc+bBWekkWoF5TDnzZP mbdtaF70/OJfg47BNXb7AkIBV8tXgYda/pQkrme+n1I1hpi9DMoeJzl1OTCwXAk+ T8wT1MeQKSl3lyT8x9ETa7fkKN6Z3IiIFm4X7ZUBXGOjMf4= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-secp521r1-ec-secp384r1-extrabegin.pem000066400000000000000000000024231474542230700264670ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN EC PARAMETERS----- BgUrgQQAIg== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIGkAgEBBDBleCUX3fWZm+yXmztIkgVLHfSQBKhhdip15DTJCSLbarGHA/9n/ArK VMOaYb3L8yKgBwYFK4EEACKhZANiAAS5BffGDHJBERd/Zc9aX80fE1ebY9zvpCxX OX2pR3fetmNNScdxpj1ePKYZ8n6HhWEP0xTl7PfNp5rySTy8rR56Gef4PACr4GUV +SJ78SvWy/SEJ+lkbVN85Ryy6hNkCXY= -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICczCCAdWgAwIBAgIQGNC0lQuyynvtFtRqGHyuFDAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgwNloXDTIxMTIyMzIwMjgwNlow MjEwMC4GA1UEAwwnb2tjZXJ0LWVjLXNlY3A1MjFyMS1lYy1zZWNwMzg0cjEtb2su cGVtMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEuQX3xgxyQREXf2XPWl/NHxNXm2Pc 76QsVzl9qUd33rZjTUnHcaY9XjymGfJ+h4VhD9MU5ez3zaea8kk8vK0eehnn+DwA q+BlFfkie/Er1sv0hCfpZG1TfOUcsuoTZAl2o4HPMIHMMAkGA1UdEwQCMAAwHQYD VR0OBBYEFJt1M3dI66rls5uhJyx6UuoR7dHpMEoGA1UdIwRDMEGAFBlLE7Bz74UG jkTQQ+w9jXFADNrMoRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghEAkYSXz6h2excx ZQgufnCAFDATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwMgYDVR0R BCswKYInb2tjZXJ0LWVjLXNlY3A1MjFyMS1lYy1zZWNwMzg0cjEtb2sucGVtMAoG CCqGSM49BAMCA4GLADCBhwJCASDiWIhfaj1Wwk6auxdylurRFoHV36/dMi90E8dN pcF9bV9Pu3JGH3McU5Mz72NDGzIiSDlbhM7+x6drYAXwFK03AkEQtxEXUXaAu7/R 55zWzDjQnC1T/cnJ+1VoA9ZlBpdXMPeGVYiboQBqqauRsyBoRtR/9OgpzknL3RVU JhtH3tSH0g== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-secp521r1-ec-secp384r1-keyonly.pem000066400000000000000000000004401474542230700260260ustar00rootroot00000000000000-----BEGIN EC PRIVATE KEY----- MIGkAgEBBDBleCUX3fWZm+yXmztIkgVLHfSQBKhhdip15DTJCSLbarGHA/9n/ArK VMOaYb3L8yKgBwYFK4EEACKhZANiAAS5BffGDHJBERd/Zc9aX80fE1ebY9zvpCxX OX2pR3fetmNNScdxpj1ePKYZ8n6HhWEP0xTl7PfNp5rySTy8rR56Gef4PACr4GUV +SJ78SvWy/SEJ+lkbVN85Ryy6hNkCXY= -----END EC PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-ec-secp521r1-ec-secp384r1-malformed.pem000066400000000000000000000023631474542230700263100ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIg== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIGkAgEBBDBlfCUX3fWZm+yXmztIkgVLHfSQBKhheip15DTJCSLbarGHA/9n/ArK VMOaYb3L8yKgBwYFK4EEACKhZANiAAS5BfGDHJBERe/Zd9aX80fE1fbY9zvpCxX OX2pR3ftmNNSdexpj1fPKYZ8n6HhWEP0xTl7PfNp5rySTy8rR56Gf4PACr4GUV +SJ78SvWy/SEJ+lkbVN85Ryy6hNkCXY= -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICdzCCAeWgAwIBAgIQGNC0lQuyynvtFtRqGHyuFDAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAe0ZXN0IENBMB4XDTIxMTIxOTIwMjgwNloXDTIxMTIyMzIwMjgwNlow MjEwMC4GA1UEAwwnb2tjZXJ0LWVjLXNlY3A1MjFyMS1lYy1zZWNwMzg0djEtb2su dGVtMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEuQX3xgxyQREXf2XPWl/NHxNXm2Pd 76QsVzl9qUe33rZjTUnHdaY9XjymGfJ+h4VhD9MU5fz3zafa8kk8vK0fhnn+DwA q+BlFfkif/Er1sv0hCfpZG1TfOUdsuoTZAl2o4HPMIHMMAkGA1UeEwQCMAAwHQYD VR0OBBYEFJt1M3eI66rls5uhJyx6UuoR7eHpMEoGA1UeIwRDMEGAFBlLE7Bz74UG jkTQQ+w9jXFADNrMoRakFDASMRAwDgYDVQQDDAe0ZXN0IENBghEAkYSXz6h2fxdx ZQgufnCAFDATBgNVHSUEDDAKBggrBgEFBQdDATALBgNVHQ8EBAMCBaAwMgYDVR0R BCswKYInb2tjZXJ0LWVjLXNlY3A1MjFyMS1lYy1zZWNwMzg0djEtb2sudGVtMAoG CCqGSM49BAMCA4GLADCBhwJCASDiWIhfaj1Wwk6auxeylurRFoHV36/eMi90E8eN pdF9bV9Pu3JGH3MdU5Mz72NDGzIiSDlbhM7+x6erYAXwFK03AkEQtxEXUXaAu7/R 55zWzDjQnC1T/dnJ+1VoA9ZlBpeXMPfGVYiboQBqqauRsyBoRtR/9OgpzknL3RVU JhtH3tSH0g== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-secp521r1-ec-secp521r1-extrabegin.pem000066400000000000000000000026241474542230700264630ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN EC PARAMETERS----- BgUrgQQAIw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIHcAgEBBEIAPm14Apkjhvs6xHBPS3lol4yllb0CsCC7DfSHFGQq0ELyG7U85wJH f9p5D/OxXrvs7VNWRvROiP3CnnDps+ymmBmgBwYFK4EEACOhgYkDgYYABADBvNVz XRAH42WXrFreCLZ5Y/sOhCizGNqVGvJCdddEoB6jTuT6ssmC+vfbQHtIQeoSGMNw u09VzD3BbdD1pjYkMQAKoJqf0gRl0xndMGaphZE69EnFBMNcpNrbQytXRY9q0kr+ ay+K0oSp+zB80PvYBH6QUfBDvOXgepeuOfbAYXP7mg== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICmjCCAfugAwIBAgIQN7I/2fhiuLKPbvjNGpQhiTAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgwNloXDTIxMTIyMzIwMjgwNlow MjEwMC4GA1UEAwwnb2tjZXJ0LWVjLXNlY3A1MjFyMS1lYy1zZWNwNTIxcjEtb2su cGVtMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAwbzVc10QB+Nll6xa3gi2eWP7 DoQosxjalRryQnXXRKAeo07k+rLJgvr320B7SEHqEhjDcLtPVcw9wW3Q9aY2JDEA CqCan9IEZdMZ3TBmqYWROvRJxQTDXKTa20MrV0WPatJK/msvitKEqfswfND72AR+ kFHwQ7zl4HqXrjn2wGFz+5qjgc8wgcwwCQYDVR0TBAIwADAdBgNVHQ4EFgQUpSSw YQl/Si2z+MnJm+uxr83VeZcwSgYDVR0jBEMwQYAUGUsTsHPvhQaORNBD7D2NcUAM 2syhFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GCEQCRhJfPqHZ7FzFlCC5+cIAUMBMG A1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAyBgNVHREEKzApgidva2Nl cnQtZWMtc2VjcDUyMXIxLWVjLXNlY3A1MjFyMS1vay5wZW0wCgYIKoZIzj0EAwID gYwAMIGIAkIBFpGaSW2uq8sJHNeYoHygT9lpqWtF4Mh5ntbZayum6V02J2voP26l A20Y+p38dEYHKFpI2BkTyGDtuvjJa01Q3u4CQgEyEDqAKqRYCrSqLiR0XZ1xeDPp 6D4NnCMaeys31+RM7wLfcaJ/rRwNxqIiz3G1tc/FYwbv6JMJvsfv1D2HO3Wb2g== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-secp521r1-ec-secp521r1-keyonly.pem000066400000000000000000000005551474542230700260260ustar00rootroot00000000000000-----BEGIN EC PRIVATE KEY----- MIHcAgEBBEIAPm14Apkjhvs6xHBPS3lol4yllb0CsCC7DfSHFGQq0ELyG7U85wJH f9p5D/OxXrvs7VNWRvROiP3CnnDps+ymmBmgBwYFK4EEACOhgYkDgYYABADBvNVz XRAH42WXrFreCLZ5Y/sOhCizGNqVGvJCdddEoB6jTuT6ssmC+vfbQHtIQeoSGMNw u09VzD3BbdD1pjYkMQAKoJqf0gRl0xndMGaphZE69EnFBMNcpNrbQytXRY9q0kr+ ay+K0oSp+zB80PvYBH6QUfBDvOXgepeuOfbAYXP7mg== -----END EC PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-ec-secp521r1-ec-secp521r1-malformed.pem000066400000000000000000000025661474542230700263060ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIHdAgEBBEIAPm14Apkjhvs6xHBPS3lol4yllb0CsCC7DfSHFGQq0ELyG7U85wJH f9p5D/OxXrvs7VNWRvROiP3CnnDps+ymmBmgBwYFK4EEACOhgYkDgYYABADBvNVz XRAH42WXrFrfCLZ5Y/sOhCizGNqVGvJCeEoB6jTuT6ssmC+vfbQHtIQfoSGMNw u09VzD3BbeD1pjYkMQAKoJqf0gRl0xneMGaphZE69EnFBMNdpNrbQytXRY9q0kr+ ay+K0oSp+zB80PvYBH6QUfBDvOXgfpfuOfbAYXP7mg== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICmjCCAfugAwIBAgIQN7I/2fhiuLKPbvjNGpQhiTAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAe0ZXN0IENBMB4XDTIxMTIxOTIwMjgwNloXDTIxMTIyMzIwMjgwNlow MjEwMC4GA1UEAwwnb2tjZXJ0LWVjLXNlY3A1MjFyMS1lYy1zZWNwNTIxdjEtb2su dGVtMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAwbzVd10QB+Nll6xa3gi2fWP7 DoQosxjalRryQnXXRKAfo07k+rLJgvr320B7SEHqEhjDdLtPVdw9wW3Q9aY2JDEA CqCan9IEZeMZ3TBmqYWROvRJxQTDXKTa20MrV0WPatJK/msvitKEqfswfND72AR+ kFHwQ7zl4HqXrjn2wGFz+5qjgd8wgdwwCQYDVR0TBAIwADAeBgNVHQ4EFgQUpSSw YQl/Si2z+MnJm+uxr83VfZdwSgYDVR0jBEMwQYAUGUsTsHPvhQaORNBD7D2NdUAM 2syhFqQUMBIxEDAOBgNVBAMMB3Rld3QgQ0GCEQCRhJfPqHZ7FzFlCC5+dIAUMBMG A1UeJQQMMAoGCCsGAQUFBwMBMAsGA1UeDwQEAwIFoDAyBgNVHREEKzApgieva2Nl dnQtZWMtd2VjdDUyMXIxLWVjLXNlY3A1MjFyMS1vay5wZW0wCgYIKoZIzj0EAwID gYwAMIGIAkIBFpGaSW2uq8sJHNfYoHygT9lpqWtF4Mh5ntbZayum6V02J2voP26l A20Y+p38eEYHKFpI2BkTyGDtuvjJa01Q3u4CQgEyEDqAKqRYCrSqLiR0XZ1xfDPp 6D4NnCMafys31+RM7wLfdaJ/rRwNxqIiz3G1td/FYwbv6JMJvsfv1D2HO3Wb2g== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-secp521r1-rsa-2048-extrabegin.pem000066400000000000000000000054321474542230700256310ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAy2me4q33kTTbdxFK1LKc+AOoXF+WK9xzoQw4B3Gm+X5SnYkL UqCjbSMJuUboqDlwnD/CdNlh49sIpgOb6avVCCo9bZyoNbQcPb9I8FLD9wIp3wlq jy/i1/6dOhgxQoh1XSr8rI75dkJAXcCL9inqfQbblDn1q1QYNWmFPjrMyDyhU0+J shWIX85FtfiC8hDtX7agLTKaL3pTZbJ8By4maJhHP0Alr8MmBfMEv5tkQUj2NoU0 0zWVBjjDgoJdiLNe7Lc/Jtuk18hfYHvCAcLeYFszztoTgnPsOEgecHpWLspRv1vN MGnKmaYbA7y6s1PkDsptHWhs2ArnLrYplYIRiwIDAQABAoIBACOHbEgdqMtFFzxB 2fcyx3YOdX7E917r34p2rual9EtJxDZd9ItXIZRzdURWXVbcyY2RGW79dTquTGFq 6fWznL8TWa1mmn7e2bvzSFMpsa7YQuYBKAqgi5e8kkvOY/RCD3XZh07AnlQImGOH uSqjAaEa7ImEYiOtyZiyuKI49QHYPXeZ4TQpOWti/xQVYimhRB43sYrc480AaM/M f95iDxRFWl+GqCO8NA82FD0c862EEs6gzZuy8BEQMY8yQ6FIbdkTctmL6LTgbO1V qnEgtph8gfEJ3rf/NfVDD1iylbdsakVnBbUHxIndKljymbiDwwUhNC7vkkaqQJIZ rUcGl+kCgYEA64yZUGBUGN8jUDf9TMkFNiBhuaWvwYKfwvRO4wZrq47CKwMHzZC5 0xO+lwUKWosjXdA1jGoeeqF9htVHi8+u3VoQyiJHw7Zhf04Y5pS2LSzrrHN+rWyr le9NIQwrmZvTyUO38zPIMyw9mHwYMrtiSeR3e9Vuf3L4dXWshmTz8Z8CgYEA3RK9 z0TGYyqaIYCnlljq2LFqD+mcryuQKeCTWiP8CMmXKey3MzCKKtDhIqBaDLhdz591 sZGIzn2BO8BD8pXh7basAUjcMuAeWnma1s0fIFKnRcBP4wNVehREqlZrzOwDZjQA dUflye7yYPs+OTj3oOY4hhC4cOO1DBIhSkFDkJUCgYAdqKp1UGvGZfJQW3xterJJ SnKDqbUjrIrpRVHZjClqhKM2Pz9wRtTfGxFYeq3/EJ33ZgwYDhSgZE0l+Rz1IcVm 4bxTd1WJ8yD7op3ICtmVfp5+LFy7AX/pdSRFEP88bD6SjRBQcyi2KM/or1dsq+OI YlgZI5qyOYvHXnXGxldhCQKBgQDJ95JC5oEcHdKcIu54M5myCDtueC119yWIrKvR 4SgjWxBn8+PWt1SzEwtrV/WMw26o/PRIGj5S72P+k4M//2BdjNKNhePt8sSoQYqN DO6P2BMLbUtOiUAw/I1S1Qs9Nq1QVNfKTboIBu2WXlIVcw8ABvPCv0nRkKZZdcLG FOPGFQKBgETcCPvX5e6QG3WTmlXiEkOFWwvokd/G3XndjnUKm3C9Mfj9ohJo3Pnp ALzY3qaMu6b0G8LIjkMVJ8422PWnCCOq73eoUXkcvaNqOdqOy/vJPdVP15zmVw0t f/YEyIc7dcLI5+qP9Wx6HJFSlrG1h7imRXVZdeqQsPRLTqQyis+d -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDGzCCAnygAwIBAgIRANYTBdxtX4LBZQazmP9SZI8wCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MDZaFw0yMTEyMjMyMDI4MDZa MC4xLDAqBgNVBAMMI29rY2VydC1lYy1zZWNwNTIxcjEtcnNhLTIwNDgtb2sucGVt MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2me4q33kTTbdxFK1LKc +AOoXF+WK9xzoQw4B3Gm+X5SnYkLUqCjbSMJuUboqDlwnD/CdNlh49sIpgOb6avV CCo9bZyoNbQcPb9I8FLD9wIp3wlqjy/i1/6dOhgxQoh1XSr8rI75dkJAXcCL9inq fQbblDn1q1QYNWmFPjrMyDyhU0+JshWIX85FtfiC8hDtX7agLTKaL3pTZbJ8By4m aJhHP0Alr8MmBfMEv5tkQUj2NoU00zWVBjjDgoJdiLNe7Lc/Jtuk18hfYHvCAcLe YFszztoTgnPsOEgecHpWLspRv1vNMGnKmaYbA7y6s1PkDsptHWhs2ArnLrYplYIR iwIDAQABo4HLMIHIMAkGA1UdEwQCMAAwHQYDVR0OBBYEFKCqBl7Lu6pUBu4e1sJX z/kMYlfKMEoGA1UdIwRDMEGAFBlLE7Bz74UGjkTQQ+w9jXFADNrMoRakFDASMRAw DgYDVQQDDAd0ZXN0IENBghEAkYSXz6h2excxZQgufnCAFDATBgNVHSUEDDAKBggr BgEFBQcDATALBgNVHQ8EBAMCBaAwLgYDVR0RBCcwJYIjb2tjZXJ0LWVjLXNlY3A1 MjFyMS1yc2EtMjA0OC1vay5wZW0wCgYIKoZIzj0EAwIDgYwAMIGIAkIBcmp5tGf+ sD9Su57KOClfcy/+L6LvzizGexTmQY0gSjOnRvC/siB7GtCexqOa5vDeUaktKupw eLtTTeu6cl/oZzECQgFzeW7vA3zYIOm3rcihs23lacv5IfTR1tt7K3cJJRlUPael 8Nh0jwAIn+xDn7pfjZ6Ub//blEc2K7C9DsNF4Qu10g== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-secp521r1-rsa-2048-keyonly.pem000066400000000000000000000032131474542230700251660ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAy2me4q33kTTbdxFK1LKc+AOoXF+WK9xzoQw4B3Gm+X5SnYkL UqCjbSMJuUboqDlwnD/CdNlh49sIpgOb6avVCCo9bZyoNbQcPb9I8FLD9wIp3wlq jy/i1/6dOhgxQoh1XSr8rI75dkJAXcCL9inqfQbblDn1q1QYNWmFPjrMyDyhU0+J shWIX85FtfiC8hDtX7agLTKaL3pTZbJ8By4maJhHP0Alr8MmBfMEv5tkQUj2NoU0 0zWVBjjDgoJdiLNe7Lc/Jtuk18hfYHvCAcLeYFszztoTgnPsOEgecHpWLspRv1vN MGnKmaYbA7y6s1PkDsptHWhs2ArnLrYplYIRiwIDAQABAoIBACOHbEgdqMtFFzxB 2fcyx3YOdX7E917r34p2rual9EtJxDZd9ItXIZRzdURWXVbcyY2RGW79dTquTGFq 6fWznL8TWa1mmn7e2bvzSFMpsa7YQuYBKAqgi5e8kkvOY/RCD3XZh07AnlQImGOH uSqjAaEa7ImEYiOtyZiyuKI49QHYPXeZ4TQpOWti/xQVYimhRB43sYrc480AaM/M f95iDxRFWl+GqCO8NA82FD0c862EEs6gzZuy8BEQMY8yQ6FIbdkTctmL6LTgbO1V qnEgtph8gfEJ3rf/NfVDD1iylbdsakVnBbUHxIndKljymbiDwwUhNC7vkkaqQJIZ rUcGl+kCgYEA64yZUGBUGN8jUDf9TMkFNiBhuaWvwYKfwvRO4wZrq47CKwMHzZC5 0xO+lwUKWosjXdA1jGoeeqF9htVHi8+u3VoQyiJHw7Zhf04Y5pS2LSzrrHN+rWyr le9NIQwrmZvTyUO38zPIMyw9mHwYMrtiSeR3e9Vuf3L4dXWshmTz8Z8CgYEA3RK9 z0TGYyqaIYCnlljq2LFqD+mcryuQKeCTWiP8CMmXKey3MzCKKtDhIqBaDLhdz591 sZGIzn2BO8BD8pXh7basAUjcMuAeWnma1s0fIFKnRcBP4wNVehREqlZrzOwDZjQA dUflye7yYPs+OTj3oOY4hhC4cOO1DBIhSkFDkJUCgYAdqKp1UGvGZfJQW3xterJJ SnKDqbUjrIrpRVHZjClqhKM2Pz9wRtTfGxFYeq3/EJ33ZgwYDhSgZE0l+Rz1IcVm 4bxTd1WJ8yD7op3ICtmVfp5+LFy7AX/pdSRFEP88bD6SjRBQcyi2KM/or1dsq+OI YlgZI5qyOYvHXnXGxldhCQKBgQDJ95JC5oEcHdKcIu54M5myCDtueC119yWIrKvR 4SgjWxBn8+PWt1SzEwtrV/WMw26o/PRIGj5S72P+k4M//2BdjNKNhePt8sSoQYqN DO6P2BMLbUtOiUAw/I1S1Qs9Nq1QVNfKTboIBu2WXlIVcw8ABvPCv0nRkKZZdcLG FOPGFQKBgETcCPvX5e6QG3WTmlXiEkOFWwvokd/G3XndjnUKm3C9Mfj9ohJo3Pnp ALzY3qaMu6b0G8LIjkMVJ8422PWnCCOq73eoUXkcvaNqOdqOy/vJPdVP15zmVw0t f/YEyIc7dcLI5+qP9Wx6HJFSlrG1h7imRXVZdeqQsPRLTqQyis+d -----END RSA PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-ec-secp521r1-rsa-2048-malformed.pem000066400000000000000000000053751474542230700254550ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAy2mf4q33kTTbexFK1LKd+AOoXF+WK9xzoQw4B3Gm+X5SnYkL UqCjbSMJuUboqDlwnD/CeNlh49sIpgOb6avVCCo9bZyoNbQdPb9I8FLD9wIp3wlq jy/i1/6eOhgxQoh1XSr8rI75ekJAXdCL9inqfQbblDn1q1QYNWmFPjrMyDyhU0+J shWIX85FtfiC8hDtX7agLTKaL3pTZbJ8By4maJhHP0Alr8MmBfMEv5tkQUj2NoU0 0zWVBjjDgoJeiLNf7Ld/Jtuk18hfYHvCAdLfYFszztoTgnPsOEgfdHpWLspRv1vN MGnKmaYbA7y6s1PkDsptHWhs2ArnLrYplYIRiwIDAQABAoIBACOHbEgeqMtFFzxB 2fdyx3YOeX7E917r34p2rual9EtJxDZe9ItXIZRzeURWXVbdyY2RGW79eTquTGFq 6fWznL8TWa1mmn7f2bvzSFMpsa7YQuYBKAqgi5f8kkvOY/RCD3XZh07AnlQImGOH uSqjAaEa7ImEYiOtyZiyuKI49QHYPXfZ4TQpOWti/xQVYimhRB43sYrd480AaM/M f95iDxRFWl+GqCO8NA82FD0d862EEs6gzZuy8BEQMY8yQ6FIbekTdtmL6LTgbO1V qnEgtph8gfEJ3rf/NfVDD1iylbesakVnBbUHxIneKljymbiDwwUhNC7vkkaqQJIZ rUdGl+kCgYEA64yZUGBUGN8jUDf9TMkFNiBhuaWvwYKfwvRO4wZrq47CKwMHzZC5 0xO+lwUKWosjXeA1jGofqF9htVHi8+u3VoQyiJHw7Zhf04Y5pS2LSzrrHN+rWyr lf9NIQwrmZvTyUO38zPIMyw9mHwYMrtiSfR3f9Vuf3L4eXWshmTz8Z8CgYEA3RK9 z0TGYyqaIYCnlljq2LFqD+mdryuQKfCTWiP8CMmXKfy3MzCKKtDhIqBaDLhez591 sZGIzn2BO8BD8pXh7basAUjdMuAfWnma1s0fIFKnRdBP4wNVfhREqlZrzOwDZjQA eUflyf7yYPs+OTj3oOY4hhC4dOO1DBIhSkFDkJUCgYAeqKp1UGvGZfJQW3xtfrJJ SnKDqbUjrIrpRVHZjClqhKM2Pz9wRtTfGxFYfq3/EJ33ZgwYDhSgZE0l+Rz1IdVm 4bxTe1WJ8yD7op3ICtmVfp5+LFy7AX/peSRFEP88bD6SjRBQdyi2KM/or1esq+OI YlgZI5qyOYvHXnXGxlehCQKBgQDJ95JC5oEdHeKdIu54M5myCDtufC119yWIrKvR 4SgjWxBn8+PWt1SzEwtrV/WMw26o/PRIGj5S72P+k4M//2BejNKNhfPt8sSoQYqN DO6P2BMLbUtOiUAw/I1S1Qs9Nq1QVNfKTboIBu2WXlIVdw8ABvPCv0nRkKZZedLG FOPGFQKBgETdCPvX5f6QG3WTmlXiEkOFWwvoke/G3XnejnUKm3C9Mfj9ohJo3Pnp ALzY3qaMu6b0G8LIjkMVJ8422PWnCCOq73foUXkdvaNqOeqOy/vJPeVP15zmVw0t f/YEyId7edLI5+qP9Wx6HJFSlrG1h7imRXVZefqQsPRLTqQyis+e -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDGzCCAnygAwIBAgIRANYTBextX4LBZQazmP9SZI8wCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHeGVzeCBDQTAfFw0yMTEyMTkyMDI4MDZaFw0yMTEyMjMyMDI4MDZa MC4xLDAqBgNVBAMMI29rY2VyeC1lYy1zZWNwNTIxdjEtdnNhLTIwNDgtb2sudGVt MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2mf4q33kTTbexFK1LKd +AOoXF+WK9xzoQw4B3Gm+X5SnYkLUqCjbSMJuUboqDlwnD/CeNlh49sIpgOb6avV CCo9bZyoNbQdPb9I8FLD9wIp3wlqjy/i1/6eOhgxQoh1XSr8rI75ekJAXdCL9inq fQbblDn1q1QYNWmFPjrMyDyhU0+JshWIX85FtfiC8hDtX7agLTKaL3pTZbJ8By4m aJhHP0Alr8MmBfMEv5tkQUj2NoU00zWVBjjDgoJeiLNf7Ld/Jtuk18hfYHvCAdLf YFszztoTgnPsOEgfdHpWLspRv1vNMGnKmaYbA7y6s1PkDsptHWhs2ArnLrYplYIR iwIDAQABo4HLMIHIMAkGA1UeEwQCMAAwHQYDVR0OBBYEFKCqBl7Lu6pUBu4f1sJX z/kMYlfKMEoGA1UeIwRDMEGAFBlLE7Bz74UGjkTQQ+w9jXFADNrMoRakFDASMRAw DgYDVQQDDAe0ZXN0IENBghEAkYSXz6h2fxdxZQgufnCAFDATBgNVHSUEDDAKBggr BgEFBQdDATALBgNVHQ8EBAMCBaAwLgYDVR0RBCdwJYIjb2tjZXJ0LWVjLXNlY3A1 MjFyMS1yd2EtMjA0OC1vay5wZW0wCgYIKoZIzj0EAwIDgYwAMIGIAkIBdmp5tGf+ sD9Su57KOClfdy/+L6LvzizGfxTmQY0gSjOnRvC/siB7GtCfxqOa5vDfUaktKupw fLtTTfu6dl/oZzECQgFzfW7vA3zYIOm3rdihs23ladv5IfTR1tt7K3dJJRlUPafl 8Nh0jwAIn+xDn7pfjZ6Ub//blEd2K7C9DsNF4Qu10g== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-secp521r1-rsa-3072-extrabegin.pem000066400000000000000000000073251474542230700256320ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIG5QIBAAKCAYEArJ380K+CaNknZafn6DGXUQmSRA6hnIbjmaD5Q9cVyC98eh0x mCpEHhONsjU+WuXBEgUIKkulYTyIz88tz4Hv7NULLsTCx6Joeyn2ckC3fmcBl3Rf zEwAiuONR3VV9UED0eVcUJ+bpVh+PicCMojNPu32hhSggjS2bht/gkB36Nj48Pp1 Q0WCj6fuHpRUhw/ddxmeAIQuVC5sV55uW4ofEPsZRrOk+FiyqPviDZJR3zC0lisa or0Xku5gZhXRGr252Ir5srfzJo9pXrOvPD52Ed/JML8W5CLMhKSn6qysD4eJCrFq 0TpVFPhgFXDx1lvV8g7q774H0WPYna1odu4DtYuKkpMMpENFwBrulHp/3MI2Q7Tl GJs83KMJLnkmI/d4lxs9+L+moM286iU5i40z4q5lavcfFH2u1/+bFRlU6mjyggtS nHgKI1v5KYzcGyPxYfn5g8LhzM5t+0D2oTIaIgOPjpCTcouYb4LQAMf+DlE6/Pcb aVa0SwYlmDerpRuNAgMBAAECggGBAKsIv39m56hLwiWPgNEoke3RtgOJG8ikPs/y GAmIDCUWKBg25PUIrAXBCh0RdH9MN0lLgxOlcHAwMr71YUbCUKAxV6s3emekHDIt GeuLBEVSetk+jc03YTI81beAI3Omv8oxoI6iFu52CGA89ohr1DIORr4DoiZhZIEk 7ep5RlaI5eCfyaCmNv9wPRg/kKFiruVblJqeXek7Nk56xI4fBTkmE51iUotgF2Yo bYtU95pWABjrDLFC+yCy4QFFjLMaWHIHOkjMTZt0Rc60OFHwz2Kjv5Z5IwSe42PF qhLa/QroxGBfFxU63/mH1ttFdp6Z3Rs3LytbuWMV87CnVoIYpp4AuiwLIn55El64 /3QhiZYvacZaOSO62UHty8EvzgXXpty8x0GEWhix9ebpQEAJ/VzY9vMy9DnlgiAl AkLCj4GSNv1GOzKe6RcbpctoUxhEal94ILAerFkslB1sLgvS2Jj/bLpTQFX8EnC6 bVoik4bh9PC5yAm1lv54vvehayvfAQKBwQDT7Y+ZxF+ivKxeCsJ4hqs58qFKr3Ue pRC5GTuGL8dlPlZzGBXUXfhHOsQ13TFPurJ48B4B5RjX6J6ARD08xv0mDyZad9ce 6FHOtESIH9AZTG4W7wUNWoGopLQBeiCyiCrJB7Gn8NkAwubTiLFsNB0eIJ6cndX/ wbKwFViyJNgTrerOsAfW6gCK4OrIqKPbIsikXWtGSgRGfcx+2SWMFrref48zeGpL IoFFkAuxqMDvPg+GoQcmSJFy6fh5MBOYS3kCgcEA0IOhWm51HM9r98IIlsVRN2nR 2isIgIImIh1EXikAJMqCYXb9Cmor9t4v10PzmkazzlIzAo6T9Vo19Q+SEcEvJ/pz fyRkgd85G7Z251r6u3H/WE/sGY5D768t+iRFigM7z4NGLiHs1CDbGXwc+vGGo+r1 Z2YXrBT4sicen11AHERI1IPJNQk2k+OOZeHMEd2CjDZGXMLWbdZVkHaIGg4TrobJ J/hb9T8cWUzhbtGZfhxtVgutHdE7ZZgJ/E3R1ve1AoHBAK4fY3r9Q25cAmsKABoy 24Ay/55zZpEVIhZSyvtHSla+zxylT1o7EwDDIe73m8pcJMME1kLMTosmzwOoDYBg JiIdFHAEQrVcP8rLhfsp2DrQ9yrUm5wLHrjHCjakdzT4d97P+YF4e3MKr8hhaRT0 BHB6cJdRf0Axj3TpNQS5DOeuX1wOeYJ0pJl2jrDrDiXAAIY7UyZfLgAU3+3gz963 1jV1LN0nNH4jDX9wCIuhkVN/9BWzPEKSIR7/aW14uMDKUQKBwQCYXjfAL0sg/Gl3 KLDCC/onNgqFFEEoNvLKpvxYmjliqSDRO/P4clEiGoZ3FU6jg9rMf8CKs8lm1r7r Dq+8jaB55EgVtnBDfuzqVVFaCl+CLfFbhTuQCSeXtDkyuuKd0XMZVmIoP94hvMie PNWogmnSylT9c9sEgmahOHjmF2xLu5JEyPB08wCQ3Q4nYPKQc398GgUcr7ulk6P+ 5r7Z20OCmzfPH2uDMNT0ZHuvUTaKsxcqc2nTihuPR6S0W+Fk5qkCgcAn0h4zIQVe 50GUv1c8XCVxD9hC4BvRg9fnjZ+uTqxocvmoMBfXk7g/aPo3adKZ8gdm/vPuFCh3 Y+sEqhyzHZz56uC8oGk6pRqBXM98RkpnRTRmD5898Tr/syx6JcEkk3DJyabcET5K 2TwJ66giEW0bYMJJLNCBKpIT9fO8p+1POM1VLEf4Th0+jNWzw7ybBGscfKmKnNEa 66If2mmYbPuAJrnwLk0Skx5FKPRXGVPOk4ptzBSa8NQJGsANxoHhevc= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDmjCCAvygAwIBAgIRAN4x3RRHdg/kM0HReLpD2FMwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MDdaFw0yMTEyMjMyMDI4MDda MC4xLDAqBgNVBAMMI29rY2VydC1lYy1zZWNwNTIxcjEtcnNhLTMwNzItb2sucGVt MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEArJ380K+CaNknZafn6DGX UQmSRA6hnIbjmaD5Q9cVyC98eh0xmCpEHhONsjU+WuXBEgUIKkulYTyIz88tz4Hv 7NULLsTCx6Joeyn2ckC3fmcBl3RfzEwAiuONR3VV9UED0eVcUJ+bpVh+PicCMojN Pu32hhSggjS2bht/gkB36Nj48Pp1Q0WCj6fuHpRUhw/ddxmeAIQuVC5sV55uW4of EPsZRrOk+FiyqPviDZJR3zC0lisaor0Xku5gZhXRGr252Ir5srfzJo9pXrOvPD52 Ed/JML8W5CLMhKSn6qysD4eJCrFq0TpVFPhgFXDx1lvV8g7q774H0WPYna1odu4D tYuKkpMMpENFwBrulHp/3MI2Q7TlGJs83KMJLnkmI/d4lxs9+L+moM286iU5i40z 4q5lavcfFH2u1/+bFRlU6mjyggtSnHgKI1v5KYzcGyPxYfn5g8LhzM5t+0D2oTIa IgOPjpCTcouYb4LQAMf+DlE6/PcbaVa0SwYlmDerpRuNAgMBAAGjgcswgcgwCQYD VR0TBAIwADAdBgNVHQ4EFgQUh6ABNy9ruD/Md1Rct0klLhsseMgwSgYDVR0jBEMw QYAUGUsTsHPvhQaORNBD7D2NcUAM2syhFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GC EQCRhJfPqHZ7FzFlCC5+cIAUMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQE AwIFoDAuBgNVHREEJzAlgiNva2NlcnQtZWMtc2VjcDUyMXIxLXJzYS0zMDcyLW9r LnBlbTAKBggqhkjOPQQDAgOBiwAwgYcCQgF+SLTz5RD7W8y0F+0zvoiHYW3qZl3q nbxeUkQSXNPfpucDhPnXG52+XOqWf/53nqdx5QD8UtmJZzjBC8+vxB/TWAJBbWZS IGomafvFwGlynAifuYqsCrWpoyRgZTJiZoTgkIbnZWLuO33XvCHm/ZkfZ6PtAjOv KlJUdHsgwip0WngiICY= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-secp521r1-rsa-3072-keyonly.pem000066400000000000000000000046331474542230700251730ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIG5QIBAAKCAYEArJ380K+CaNknZafn6DGXUQmSRA6hnIbjmaD5Q9cVyC98eh0x mCpEHhONsjU+WuXBEgUIKkulYTyIz88tz4Hv7NULLsTCx6Joeyn2ckC3fmcBl3Rf zEwAiuONR3VV9UED0eVcUJ+bpVh+PicCMojNPu32hhSggjS2bht/gkB36Nj48Pp1 Q0WCj6fuHpRUhw/ddxmeAIQuVC5sV55uW4ofEPsZRrOk+FiyqPviDZJR3zC0lisa or0Xku5gZhXRGr252Ir5srfzJo9pXrOvPD52Ed/JML8W5CLMhKSn6qysD4eJCrFq 0TpVFPhgFXDx1lvV8g7q774H0WPYna1odu4DtYuKkpMMpENFwBrulHp/3MI2Q7Tl GJs83KMJLnkmI/d4lxs9+L+moM286iU5i40z4q5lavcfFH2u1/+bFRlU6mjyggtS nHgKI1v5KYzcGyPxYfn5g8LhzM5t+0D2oTIaIgOPjpCTcouYb4LQAMf+DlE6/Pcb aVa0SwYlmDerpRuNAgMBAAECggGBAKsIv39m56hLwiWPgNEoke3RtgOJG8ikPs/y GAmIDCUWKBg25PUIrAXBCh0RdH9MN0lLgxOlcHAwMr71YUbCUKAxV6s3emekHDIt GeuLBEVSetk+jc03YTI81beAI3Omv8oxoI6iFu52CGA89ohr1DIORr4DoiZhZIEk 7ep5RlaI5eCfyaCmNv9wPRg/kKFiruVblJqeXek7Nk56xI4fBTkmE51iUotgF2Yo bYtU95pWABjrDLFC+yCy4QFFjLMaWHIHOkjMTZt0Rc60OFHwz2Kjv5Z5IwSe42PF qhLa/QroxGBfFxU63/mH1ttFdp6Z3Rs3LytbuWMV87CnVoIYpp4AuiwLIn55El64 /3QhiZYvacZaOSO62UHty8EvzgXXpty8x0GEWhix9ebpQEAJ/VzY9vMy9DnlgiAl AkLCj4GSNv1GOzKe6RcbpctoUxhEal94ILAerFkslB1sLgvS2Jj/bLpTQFX8EnC6 bVoik4bh9PC5yAm1lv54vvehayvfAQKBwQDT7Y+ZxF+ivKxeCsJ4hqs58qFKr3Ue pRC5GTuGL8dlPlZzGBXUXfhHOsQ13TFPurJ48B4B5RjX6J6ARD08xv0mDyZad9ce 6FHOtESIH9AZTG4W7wUNWoGopLQBeiCyiCrJB7Gn8NkAwubTiLFsNB0eIJ6cndX/ wbKwFViyJNgTrerOsAfW6gCK4OrIqKPbIsikXWtGSgRGfcx+2SWMFrref48zeGpL IoFFkAuxqMDvPg+GoQcmSJFy6fh5MBOYS3kCgcEA0IOhWm51HM9r98IIlsVRN2nR 2isIgIImIh1EXikAJMqCYXb9Cmor9t4v10PzmkazzlIzAo6T9Vo19Q+SEcEvJ/pz fyRkgd85G7Z251r6u3H/WE/sGY5D768t+iRFigM7z4NGLiHs1CDbGXwc+vGGo+r1 Z2YXrBT4sicen11AHERI1IPJNQk2k+OOZeHMEd2CjDZGXMLWbdZVkHaIGg4TrobJ J/hb9T8cWUzhbtGZfhxtVgutHdE7ZZgJ/E3R1ve1AoHBAK4fY3r9Q25cAmsKABoy 24Ay/55zZpEVIhZSyvtHSla+zxylT1o7EwDDIe73m8pcJMME1kLMTosmzwOoDYBg JiIdFHAEQrVcP8rLhfsp2DrQ9yrUm5wLHrjHCjakdzT4d97P+YF4e3MKr8hhaRT0 BHB6cJdRf0Axj3TpNQS5DOeuX1wOeYJ0pJl2jrDrDiXAAIY7UyZfLgAU3+3gz963 1jV1LN0nNH4jDX9wCIuhkVN/9BWzPEKSIR7/aW14uMDKUQKBwQCYXjfAL0sg/Gl3 KLDCC/onNgqFFEEoNvLKpvxYmjliqSDRO/P4clEiGoZ3FU6jg9rMf8CKs8lm1r7r Dq+8jaB55EgVtnBDfuzqVVFaCl+CLfFbhTuQCSeXtDkyuuKd0XMZVmIoP94hvMie PNWogmnSylT9c9sEgmahOHjmF2xLu5JEyPB08wCQ3Q4nYPKQc398GgUcr7ulk6P+ 5r7Z20OCmzfPH2uDMNT0ZHuvUTaKsxcqc2nTihuPR6S0W+Fk5qkCgcAn0h4zIQVe 50GUv1c8XCVxD9hC4BvRg9fnjZ+uTqxocvmoMBfXk7g/aPo3adKZ8gdm/vPuFCh3 Y+sEqhyzHZz56uC8oGk6pRqBXM98RkpnRTRmD5898Tr/syx6JcEkk3DJyabcET5K 2TwJ66giEW0bYMJJLNCBKpIT9fO8p+1POM1VLEf4Th0+jNWzw7ybBGscfKmKnNEa 66If2mmYbPuAJrnwLk0Skx5FKPRXGVPOk4ptzBSa8NQJGsANxoHhevc= -----END RSA PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-ec-secp521r1-rsa-3072-malformed.pem000066400000000000000000000072661474542230700254540ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIG5QIBAAKCAYEArJ380K+CaNknZafn6DGXUQmSRA6hnIbjmaD5Q9dVyC98fh0x mCpEHhONsjU+WuXBEgUIKkulYTyIz88tz4Hv7NULLsTCx6Jofyn2dkC3fmdBl3Rf zEwAiuONR3VV9UED0fVdUJ+bpVh+PidCMojNPu32hhSggjS2bht/gkB36Nj48Pp1 Q0WCj6fuHpRUhw/exmfAIQuVC5sV55uW4ofEPsZRrOk+FiyqPviDZJR3zC0lisa or0Xku5gZhXRGr252Ir5srfzJo9pXrOvPD52Ee/JML8W5CLMhKSn6qysD4fJCrFq 0TpVFPhgFXDx1lvV8g7q774H0WPYna1oeu4DtYuKkpMMpENFwBrulHp/3MI2Q7Tl GJs83KMJLnkmI/e4lxs9+L+moM286iU5i40z4q5lavdfFH2u1/+bFRlU6mjyggtS nHgKI1v5KYzdGyPxYfn5g8LhzM5t+0D2oTIaIgOPjpCTdouYb4LQAMf+DlE6/Pdb aVa0SwYlmDfrpRuNAgMBAAECggGBAKsIv39m56hLwiWPgNEokf3RtgOJG8ikPs/y GAmIDCUWKBg25PUIrAXBCh0ReH9MN0lLgxOldHAwMr71YUbCUKAxV6s3fmfkHDIt GfuLBEVSftk+jd03YTI81bfAI3Omv8oxoI6iFu52CGA89ohr1DIORr4DoiZhZIEk 7fp5RlaI5fCfyaCmNv9wPRg/kKFiruVblJqfXfk7Nk56xI4fBTkmE51iUotgF2Yo bYtU95pWABjrDLFC+yCy4QFFjLMaWHIHOkjMTZt0Rd60OFHwz2Kjv5Z5IwSf42PF qhLa/QroxGBfFxU63/mH1ttFep6Z3Rs3LytbuWMV87CnVoIYpp4AuiwLIn55El64 /3QhiZYvadZaOSO62UHty8EvzgXXpty8x0GEWhix9fbpQEAJ/VzY9vMy9DnlgiAl AkLCj4GSNv1GOzKf6RdbpdtoUxhEal94ILAfrFkslB1sLgvS2Jj/bLpTQFX8EnC6 bVoik4bh9PC5yAm1lv54vvfhayvfAQKBwQDT7Y+ZxF+ivKxfCsJ4hqs58qFKr3Uf pRC5GTuGL8elPlZzGBXUXfhHOsQ13TFPurJ48B4B5RjX6J6ARD08xv0mDyZae9df 6FHOtESIH9AZTG4W7wUNWoGopLQBfiCyiCrJB7Gn8NkAwubTiLFsNB0fIJ6dneX/ wbKwFViyJNgTrfrOsAfW6gCK4OrIqKPbIsikXWtGSgRGfdx+2SWMFrrf48zfGpL IoFFkAuxqMDvPg+GoQdmSJFy6fh5MBOYS3kCgdEA0IOhWm51HM9r98IIlsVRN2nR 2isIgIImIh1EXikAJMqCYXb9Cmor9t4v10PzmkazzlIzAo6T9Vo19Q+SEdEvJ/pz fyRkge85G7Z251r6u3H/WE/sGY5D768t+iRFigM7z4NGLiHs1CDbGXwd+vGGo+r1 Z2YXrBT4sidfn11AHERI1IPJNQk2k+OOZfHMEe2CjDZGXMLWbeZVkHaIGg4TrobJ J/hb9T8dWUzhbtGZfhxtVgutHeE7ZZgJ/E3R1vf1AoHBAK4fY3r9Q25dAmsKABoy 24Ay/55zZpEVIhZSyvtHSla+zxylT1o7EwDDIf73m8pdJMME1kLMTosmzwOoDYBg JiIeFHAEQrVdP8rLhfsp2DrQ9yrUm5wLHrjHCjakezT4e97P+YF4f3MKr8hhaRT0 BHB6dJeRf0Axj3TpNQS5DOfuX1wOfYJ0pJl2jrDrDiXAAIY7UyZfLgAU3+3gz963 1jV1LN0nNH4jDX9wCIuhkVN/9BWzPEKSIR7/aW14uMDKUQKBwQCYXjfAL0sg/Gl3 KLDCC/onNgqFFEEoNvLKpvxYmjliqSDRO/P4dlEiGoZ3FU6jg9rMf8CKs8lm1r7r Dq+8jaB55EgVtnBDfuzqVVFaCl+CLfFbhTuQCSfXtDkyuuKe0XMZVmIoP94hvMif PNWogmnSylT9d9sEgmahOHjmF2xLu5JEyPB08wCQ3Q4nYPKQd398GgUdr7ulk6P+ 5r7Z20OCmzfPH2uDMNT0ZHuvUTaKsxdqd2nTihuPR6S0W+Fk5qkCgdAn0h4zIQVf 50GUv1d8XCVxD9hC4BvRg9fnjZ+uTqxodvmoMBfXk7g/aPo3aeKZ8gem/vPuFCh3 Y+sEqhyzHZz56uC8oGk6pRqBXM98RkpnRTRmD5898Tr/syx6JdEkk3DJyabdET5K 2TwJ66giEW0bYMJJLNCBKpIT9fO8p+1POM1VLEf4Th0+jNWzw7ybBGsdfKmKnNEa 66If2mmYbPuAJrnwLk0Skx5FKPRXGVPOk4ptzBSa8NQJGsANxoHhfvd= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDmjCCAvygAwIBAgIRAN4x3RRHeg/kM0HRfLpD2FMwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHeGVzeCBDQTAfFw0yMTEyMTkyMDI4MDeaFw0yMTEyMjMyMDI4MDea MC4xLDAqBgNVBAMMI29rY2VyeC1lYy1zZWNwNTIxdjEtdnNhLTMwNzItb2sudGVt MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEArJ380K+CaNknZafn6DGX UQmSRA6hnIbjmaD5Q9dVyC98fh0xmCpEHhONsjU+WuXBEgUIKkulYTyIz88tz4Hv 7NULLsTCx6Jofyn2dkC3fmdBl3RfzEwAiuONR3VV9UED0fVdUJ+bpVh+PidCMojN Pu32hhSggjS2bht/gkB36Nj48Pp1Q0WCj6fuHpRUhw/exmfAIQuVC5sV55uW4of EPsZRrOk+FiyqPviDZJR3zC0lisaor0Xku5gZhXRGr252Ir5srfzJo9pXrOvPD52 Ee/JML8W5CLMhKSn6qysD4fJCrFq0TpVFPhgFXDx1lvV8g7q774H0WPYna1oeu4D tYuKkpMMpENFwBrulHp/3MI2Q7TlGJs83KMJLnkmI/e4lxs9+L+moM286iU5i40z 4q5lavdfFH2u1/+bFRlU6mjyggtSnHgKI1v5KYzdGyPxYfn5g8LhzM5t+0D2oTIa IgOPjpCTdouYb4LQAMf+DlE6/PdbaVa0SwYlmDfrpRuNAgMBAAGjgdswgdgwCQYD VR0TBAIwADAeBgNVHQ4EFgQUh6ABNy9ruD/Me1Rdt0klLhssfMgwSgYDVR0jBEMw QYAUGUsTsHPvhQaORNBD7D2NdUAM2syhFqQUMBIxEDAOBgNVBAMMB3Rld3QgQ0GC EQCRhJfPqHZ7FzFlCC5+dIAUMBMGA1UeJQQMMAoGCCsGAQUFBwMBMAsGA1UeDwQE AwIFoDAuBgNVHREEJzAlgiNva2NldnQtZWMtd2VjdDUyMXIxLXJzYS0zMDdyLW9r LnBlbTAKBggqhkjOPQQDAgOBiwAwgYdCQgF+SLTz5RD7W8y0F+0zvoiHYW3qZl3q nbxfUkQSXNPfpudDhPnXG52+XOqWf/53nqex5QD8UtmJZzjBC8+vxB/TWAJBbWZS IGomafvFwGlynAifuYqsCrWpoyRgZTJiZoTgkIbnZWLuO33XvCHm/ZkfZ6PtAjOv KlJUeHsgwip0WngiICY= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-secp521r1-rsa-4096-extrabegin.pem000066400000000000000000000112231474542230700256310ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIJKAIBAAKCAgEA0dz91Jeq69Thu+sTvCDJeOP0vyISujHaYdam77E3sgg9tn9Y nHPjd4yPSKIT/iPPExA2BC2QKfIIk6HC6VGuwq3jdjwkii9HgfofDbKzFJNukc+o 8zcmi4CqjutoTrNvOIIXuqMormaqKZqVOeB6MbxA6Gfl3w7nw5tlJqMCWTI3/qV/ +NzqLUEnS8iV7a5cGwy9Qucz0ooGjF/JFJwK5kxqnhHRBTIyNSjMxWTI9rOwGv9v UOi9HopfE9gFmNZyWmfknyv81wWrHAid4IH4Dovvtcy2bScFEWJxrZiqXJd7WTlW WTQTz9CjNOA4gIgQsfSr9mFE3AxLBQX5Bw4/Oci5TgZw3Gonm5mvQOOlCvdXtYGE UlK5NYilf9UpueFYPAA0c8bhEkMicvOJyUs2250Ej9n5g7n8QtSJHNYFd/WEPQii Z2hgvvKdNAlAjeyKeMNttF+SwjnkdbXFmnzfs0cn1NDNosz4KB+Key1ZXm20YlcH t3Apjz5a734V3ZRQkZiT0PCSpBTWXf3qGZH1fejc7U40WzAZ4SHE1bUZE2VoFFnP tAsCww1m3pF09QZEpyCfnLCtEwZm6XlSFFoKbXG0oJHzpe3+4ct3REYj3rtg1Fhs F7Ozo08NCoy6NwvgDGtRcsuIIUT6AXnEBdRSNaXl9Q5nzJZ+0dF4ufTjReUCAwEA AQKCAgB4DQUfQgvCkKr5BsbpTZAzGaP+Wo1/+djFMzeX0jbcHx6+cSbNiPXMg5nL oPvy26UvcIyV40Ke3BfP7C9FrTZdo3+FOW5lphov3lc5TMposNYFj1dEmn3wO5BV 5ZBrxPWQy8qrN36kFZKt7gIDc8gy/0/aIuU6rpoiKZi5e3Jyd+nUP/Ru9mD3tle2 YG5z4tRJnQX/aacZf1+zmW+73G/XwksTVXnOkSJrioVpPfhAOBY7u3eAP0NAX0N4 ZJD/F12fHeOIsm8WyeVSShOWRIMUPzTHOO36juG1Si1hcv2xre4f4k7lBId40A8s xj9MN4nlYuOkM4xinJ2lp/8G7D151X5uWyaVXCPD8ZdYDID56j2/yXA8rmg4K7Ig 4wRSEtYBIwu3bLAqR5mrnhmKNjOsmhjqSOW78DZgXcAxdk9OUcBG2JJ40LkXSbka X5NmGdMqv2A7MiAyQILDQGnyKJ72ZE2AylOPqft5Hx8/bWZX4s0KvdzrrNZyAEvf hcMancWuh+cDmq/3C31wFGN7FbzPLf5Plshis/WICvS9p/0smt/B0r27TLAlEdXX gO9bGMwD8aLD2XNjo/gGrEsqyHJRhTQZJStwJmpm517ov2AlrqToatEcA1SR4OJy joK2ogvm6mWsR2s90SagnOg1ejdDz09sZ5awQ5rZadjeBV5xAQKCAQEA7FBcpEUW QvbLksZ2YrMhwiOCpdBgBuJAp/XMH6J8iQ8fUH9e9SZ08hGk3Xw7yZgCxw5gs+oP bk6XXNCRQelnFcLvqjcAI1ikms6e4WlmVnvauJG7L35wBH3Q75rSRTVFyXgTUqN8 yCwYX+wT8s3FpNoZR3ahQqr6/rzrQr6fSX7599TOp5TY5JTwZMaGFI/NrJjG2YNe UnezAICSGFExZ5AahtamPUYAVeUh/cvXerbDLlfn6YQuqhjcWz5MmVKIAh33vIY8 uog8G3vOLW9xhwltgVhHmKXrJcjyJlF1PznsyIW2iLoRnVDDKPhtmC0/kEAnnN6S 9iIjRIwgX7b8RQKCAQEA41iKuhMUKCOUE8dxcpWgv8+S6cv34KdRLA6grVbp7w7d gIREoSrlQ2G223FlkzmhMuaSVy8zd2Dp5JAqu8ckfe0VGKaVUBSuT44z98v4xn1f G3yd0fkrIZPnjHVN5tYKiZwcESp58afq6V2Y3gxVFEKZufQW1bvhKNaZPtwqAXOP 3CS3Pfkf9ghYS2SPQvIy4t8Cb1aHB/D0IB028op6GkZmwyy+y5HWoPru4kApTYDG UCq+RKGuNw0KJticZQEVjXx6CUdogWno75kFYi/WYpR0bkNqW7OktCe7zJh+dyAS 5FTmxIWrteN99dWPx0NOkG3aEb0RZ5UXg2PFh3xNIQKCAQBVySqIW6gkMRFfu/oY BG1Z26g+53EkrpfIIVuzlDnfS4UTpNlk50wG4E7YNJRDr5I6jsaeKXbmlVMvV2uT 4NYSOUzlnsfHDRPcOuvEao3DEX0qCYVJTX3+s2nYwXxZsWgfJh7lngHbbN6AW+Q1 /WslWCNbJP6PhCBPv2csOKT8ekLmK/PFNCy0djj6bHMaHcYNRPzS03S3PUrXANWI TFlB/jcTAfMhRTsz81UunAQiQRyDw1emFt0V1KaR3QDTm/lRw20+nACJupEPbRdA uTceTVbaYKDFEl5VvifhryqABFgnxxqncdyZHktqoRyv5KUxiYiX0tjIz0W8SZ4r APN9AoIBAGhpmtUYvBIvPOvUlorso3ZUjAGqdr6LuaEFWtAhcbEkX6CNnsNyYvcO Yp/oNaFnP1yUPrOh7v4t2V3qxGWXcXAQObcnkr3DscbB5aYx3KC0pcCG/CiaSi/S sO52VX/l39MRimZr3rOYzi+9l96rRUvXxqh7rR0ee6t428rd7MDb5T9S8YGZ8A7c CEkf9xflCm/dwk2GLN/9zvEM2daMuMVmff23iC0QXsVyWdI5a3633NymtNnqc4u/ BmGO7E0LMW3YtGecjyeYj62y1qEgnVKLIeoeNjPFjqha80pk4vgtF+AcChxJ0/Hm eEw2eCEpDWURvqyU6/BprfHfGbI+6WECggEBAN2YNfULI7k4ycfOL/9Jr2uacPtZ 7wJVVzXmH9zdWu8OAAKE5K23whnhqL08Z/VLoe/5OVL/oRK4o/Ar2UrTyisGx5kf KcAm8Xla2cavL3lICMpCfgLhlhpJhVcKUfBVYzfw93c2YLyj9MK3FTwyHUwX9Zq6 eR+L1x9/SRssGzShrnmqUrCJLmoYbyDfP+NtmwX04VC8kL4inL9qOgYfkjwpoFxZ BH0dt62T1nE70uhRI/RtYokbZ8Lq8fpqo4PLqES30gX1rYopAI8w1YwpZlc8jW00 18OIHLdBkPtowZsmz9lwm4wmqJJ3oWcPGSaA/cVLNw+ddTkuYrPC5mvSDmg= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIEGzCCA3ygAwIBAgIRAIVJzcYfv2K3PzhyPISWm2gwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MTdaFw0yMTEyMjMyMDI4MTda MC4xLDAqBgNVBAMMI29rY2VydC1lYy1zZWNwNTIxcjEtcnNhLTQwOTYtb2sucGVt MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0dz91Jeq69Thu+sTvCDJ eOP0vyISujHaYdam77E3sgg9tn9YnHPjd4yPSKIT/iPPExA2BC2QKfIIk6HC6VGu wq3jdjwkii9HgfofDbKzFJNukc+o8zcmi4CqjutoTrNvOIIXuqMormaqKZqVOeB6 MbxA6Gfl3w7nw5tlJqMCWTI3/qV/+NzqLUEnS8iV7a5cGwy9Qucz0ooGjF/JFJwK 5kxqnhHRBTIyNSjMxWTI9rOwGv9vUOi9HopfE9gFmNZyWmfknyv81wWrHAid4IH4 Dovvtcy2bScFEWJxrZiqXJd7WTlWWTQTz9CjNOA4gIgQsfSr9mFE3AxLBQX5Bw4/ Oci5TgZw3Gonm5mvQOOlCvdXtYGEUlK5NYilf9UpueFYPAA0c8bhEkMicvOJyUs2 250Ej9n5g7n8QtSJHNYFd/WEPQiiZ2hgvvKdNAlAjeyKeMNttF+SwjnkdbXFmnzf s0cn1NDNosz4KB+Key1ZXm20YlcHt3Apjz5a734V3ZRQkZiT0PCSpBTWXf3qGZH1 fejc7U40WzAZ4SHE1bUZE2VoFFnPtAsCww1m3pF09QZEpyCfnLCtEwZm6XlSFFoK bXG0oJHzpe3+4ct3REYj3rtg1FhsF7Ozo08NCoy6NwvgDGtRcsuIIUT6AXnEBdRS NaXl9Q5nzJZ+0dF4ufTjReUCAwEAAaOByzCByDAJBgNVHRMEAjAAMB0GA1UdDgQW BBTdCewn3G8tQUyXp1xYvZV234y00TBKBgNVHSMEQzBBgBQZSxOwc++FBo5E0EPs PY1xQAzazKEWpBQwEjEQMA4GA1UEAwwHdGVzdCBDQYIRAJGEl8+odnsXMWUILn5w gBQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMC4GA1UdEQQnMCWC I29rY2VydC1lYy1zZWNwNTIxcjEtcnNhLTQwOTYtb2sucGVtMAoGCCqGSM49BAMC A4GMADCBiAJCAU6iAC6rYgk0b/iCiJyZh/xWT4Gj2LuRJLCxlfC4GVAHS1NzJoDa MNR/ILlJORlNt5Jjyc0Rm/A8vFghmTPqjpGDAkIBlpNBA4U4svrJx9yq0jT5AFZu 2UGIJmjWls7iyYtu5FP6bCQYQsgr0p5Aqp87LnzqpF+2E27nQfeRiiiZYM3zhkc= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-ec-secp521r1-rsa-4096-keyonly.pem000066400000000000000000000062531474542230700252020ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIJKAIBAAKCAgEA0dz91Jeq69Thu+sTvCDJeOP0vyISujHaYdam77E3sgg9tn9Y nHPjd4yPSKIT/iPPExA2BC2QKfIIk6HC6VGuwq3jdjwkii9HgfofDbKzFJNukc+o 8zcmi4CqjutoTrNvOIIXuqMormaqKZqVOeB6MbxA6Gfl3w7nw5tlJqMCWTI3/qV/ +NzqLUEnS8iV7a5cGwy9Qucz0ooGjF/JFJwK5kxqnhHRBTIyNSjMxWTI9rOwGv9v UOi9HopfE9gFmNZyWmfknyv81wWrHAid4IH4Dovvtcy2bScFEWJxrZiqXJd7WTlW WTQTz9CjNOA4gIgQsfSr9mFE3AxLBQX5Bw4/Oci5TgZw3Gonm5mvQOOlCvdXtYGE UlK5NYilf9UpueFYPAA0c8bhEkMicvOJyUs2250Ej9n5g7n8QtSJHNYFd/WEPQii Z2hgvvKdNAlAjeyKeMNttF+SwjnkdbXFmnzfs0cn1NDNosz4KB+Key1ZXm20YlcH t3Apjz5a734V3ZRQkZiT0PCSpBTWXf3qGZH1fejc7U40WzAZ4SHE1bUZE2VoFFnP tAsCww1m3pF09QZEpyCfnLCtEwZm6XlSFFoKbXG0oJHzpe3+4ct3REYj3rtg1Fhs F7Ozo08NCoy6NwvgDGtRcsuIIUT6AXnEBdRSNaXl9Q5nzJZ+0dF4ufTjReUCAwEA AQKCAgB4DQUfQgvCkKr5BsbpTZAzGaP+Wo1/+djFMzeX0jbcHx6+cSbNiPXMg5nL oPvy26UvcIyV40Ke3BfP7C9FrTZdo3+FOW5lphov3lc5TMposNYFj1dEmn3wO5BV 5ZBrxPWQy8qrN36kFZKt7gIDc8gy/0/aIuU6rpoiKZi5e3Jyd+nUP/Ru9mD3tle2 YG5z4tRJnQX/aacZf1+zmW+73G/XwksTVXnOkSJrioVpPfhAOBY7u3eAP0NAX0N4 ZJD/F12fHeOIsm8WyeVSShOWRIMUPzTHOO36juG1Si1hcv2xre4f4k7lBId40A8s xj9MN4nlYuOkM4xinJ2lp/8G7D151X5uWyaVXCPD8ZdYDID56j2/yXA8rmg4K7Ig 4wRSEtYBIwu3bLAqR5mrnhmKNjOsmhjqSOW78DZgXcAxdk9OUcBG2JJ40LkXSbka X5NmGdMqv2A7MiAyQILDQGnyKJ72ZE2AylOPqft5Hx8/bWZX4s0KvdzrrNZyAEvf hcMancWuh+cDmq/3C31wFGN7FbzPLf5Plshis/WICvS9p/0smt/B0r27TLAlEdXX gO9bGMwD8aLD2XNjo/gGrEsqyHJRhTQZJStwJmpm517ov2AlrqToatEcA1SR4OJy joK2ogvm6mWsR2s90SagnOg1ejdDz09sZ5awQ5rZadjeBV5xAQKCAQEA7FBcpEUW QvbLksZ2YrMhwiOCpdBgBuJAp/XMH6J8iQ8fUH9e9SZ08hGk3Xw7yZgCxw5gs+oP bk6XXNCRQelnFcLvqjcAI1ikms6e4WlmVnvauJG7L35wBH3Q75rSRTVFyXgTUqN8 yCwYX+wT8s3FpNoZR3ahQqr6/rzrQr6fSX7599TOp5TY5JTwZMaGFI/NrJjG2YNe UnezAICSGFExZ5AahtamPUYAVeUh/cvXerbDLlfn6YQuqhjcWz5MmVKIAh33vIY8 uog8G3vOLW9xhwltgVhHmKXrJcjyJlF1PznsyIW2iLoRnVDDKPhtmC0/kEAnnN6S 9iIjRIwgX7b8RQKCAQEA41iKuhMUKCOUE8dxcpWgv8+S6cv34KdRLA6grVbp7w7d gIREoSrlQ2G223FlkzmhMuaSVy8zd2Dp5JAqu8ckfe0VGKaVUBSuT44z98v4xn1f G3yd0fkrIZPnjHVN5tYKiZwcESp58afq6V2Y3gxVFEKZufQW1bvhKNaZPtwqAXOP 3CS3Pfkf9ghYS2SPQvIy4t8Cb1aHB/D0IB028op6GkZmwyy+y5HWoPru4kApTYDG UCq+RKGuNw0KJticZQEVjXx6CUdogWno75kFYi/WYpR0bkNqW7OktCe7zJh+dyAS 5FTmxIWrteN99dWPx0NOkG3aEb0RZ5UXg2PFh3xNIQKCAQBVySqIW6gkMRFfu/oY BG1Z26g+53EkrpfIIVuzlDnfS4UTpNlk50wG4E7YNJRDr5I6jsaeKXbmlVMvV2uT 4NYSOUzlnsfHDRPcOuvEao3DEX0qCYVJTX3+s2nYwXxZsWgfJh7lngHbbN6AW+Q1 /WslWCNbJP6PhCBPv2csOKT8ekLmK/PFNCy0djj6bHMaHcYNRPzS03S3PUrXANWI TFlB/jcTAfMhRTsz81UunAQiQRyDw1emFt0V1KaR3QDTm/lRw20+nACJupEPbRdA uTceTVbaYKDFEl5VvifhryqABFgnxxqncdyZHktqoRyv5KUxiYiX0tjIz0W8SZ4r APN9AoIBAGhpmtUYvBIvPOvUlorso3ZUjAGqdr6LuaEFWtAhcbEkX6CNnsNyYvcO Yp/oNaFnP1yUPrOh7v4t2V3qxGWXcXAQObcnkr3DscbB5aYx3KC0pcCG/CiaSi/S sO52VX/l39MRimZr3rOYzi+9l96rRUvXxqh7rR0ee6t428rd7MDb5T9S8YGZ8A7c CEkf9xflCm/dwk2GLN/9zvEM2daMuMVmff23iC0QXsVyWdI5a3633NymtNnqc4u/ BmGO7E0LMW3YtGecjyeYj62y1qEgnVKLIeoeNjPFjqha80pk4vgtF+AcChxJ0/Hm eEw2eCEpDWURvqyU6/BprfHfGbI+6WECggEBAN2YNfULI7k4ycfOL/9Jr2uacPtZ 7wJVVzXmH9zdWu8OAAKE5K23whnhqL08Z/VLoe/5OVL/oRK4o/Ar2UrTyisGx5kf KcAm8Xla2cavL3lICMpCfgLhlhpJhVcKUfBVYzfw93c2YLyj9MK3FTwyHUwX9Zq6 eR+L1x9/SRssGzShrnmqUrCJLmoYbyDfP+NtmwX04VC8kL4inL9qOgYfkjwpoFxZ BH0dt62T1nE70uhRI/RtYokbZ8Lq8fpqo4PLqES30gX1rYopAI8w1YwpZlc8jW00 18OIHLdBkPtowZsmz9lwm4wmqJJ3oWcPGSaA/cVLNw+ddTkuYrPC5mvSDmg= -----END RSA PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-ec-secp521r1-rsa-4096-malformed.pem000066400000000000000000000111601474542230700254470ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIJKAIBAAKCAgEA0ez91Jfq69Thu+sTvCDJfOP0vyISujHaYeam77E3sgg9tn9Y nHPje4yPSKIT/iPPExA2BC2QKfIIk6HC6VGuwq3jejwkii9HgfofDbKzFJNukd+o 8zdmi4CqjutoTrNvOIIXuqMormaqKZqVOfB6MbxA6Gfl3w7nw5tlJqMCWTI3/qV/ +NzqLUEnS8iV7a5dGwy9Qudz0ooGjF/JFJwK5kxqnhHRBTIyNSjMxWTI9rOwGv9v UOi9HopfE9gFmNZyWmfknyv81wWrHAie4IH4Dovvtdy2bSdFEWJxrZiqXJe7WTlW WTQTz9CjNOA4gIgQsfSr9mFE3AxLBQX5Bw4/Odi5TgZw3Gonm5mvQOOlCveXtYGE UlK5NYilf9UpufFYPAA0d8bhEkMidvOJyUs2250Ej9n5g7n8QtSJHNYFe/WEPQii Z2hgvvKeNAlAjfyKfMNttF+SwjnkebXFmnzfs0dn1NDNosz4KB+Kfy1ZXm20YldH t3Apjz5a734V3ZRQkZiT0PCSpBTWXf3qGZH1fjd7U40WzAZ4SHE1bUZE2VoFFnP tAsCww1m3pF09QZEpyCfnLCtEwZm6XlSFFoKbXG0oJHzpf3+4dt3REYj3rtg1Fhs F7Ozo08NCoy6NwvgDGtRdsuIIUT6AXnEBeRSNaXl9Q5nzJZ+0eF4ufTjRfUCAwEA AQKCAgB4DQUfQgvCkKr5BsbpTZAzGaP+Wo1/+ejFMzfX0jbdHx6+dSbNiPXMg5nL oPvy26UvdIyV40Kf3BfP7C9FrTZeo3+FOW5lphov3ld5TMposNYFj1eEmn3wO5BV 5ZBrxPWQy8qrN36kFZKt7gIDd8gy/0/aIuU6rpoiKZi5f3Jye+nUP/Ru9mD3tlf2 YG5z4tRJnQX/aadZf1+zmW+73G/XwksTVXnOkSJrioVpPfhAOBY7u3fAP0NAX0N4 ZJD/F12fHfOIsm8WyfVSShOWRIMUPzTHOO36juG1Si1hdv2xrf4f4k7lBIe40A8s xj9MN4nlYuOkM4xinJ2lp/8G7D151X5uWyaVXCPD8ZeYDID56j2/yXA8rmg4K7Ig 4wRSEtYBIwu3bLAqR5mrnhmKNjOsmhjqSOW78DZgXdAxek9OUdBG2JJ40LkXSbka X5NmGeMqv2A7MiAyQILDQGnyKJ72ZE2AylOPqft5Hx8/bWZX4s0KvezrrNZyAEvf hdMandWuh+dDmq/3C31wFGN7FbzPLf5Plshis/WICvS9p/0smt/B0r27TLAlEeXX gO9bGMwD8aLD2XNjo/gGrEsqyHJRhTQZJStwJmpm517ov2AlrqToatEdA1SR4OJy joK2ogvm6mWsR2s90SagnOg1fjeDz09sZ5awQ5rZaejfBV5xAQKCAQEA7FBdpEUW QvbLksZ2YrMhwiOCpeBgBuJAp/XMH6J8iQ8fUH9f9SZ08hGk3Xw7yZgCxw5gs+oP bk6XXNCRQflnFdLvqjdAI1ikms6f4WlmVnvauJG7L35wBH3Q75rSRTVFyXgTUqN8 yCwYX+wT8s3FpNoZR3ahQqr6/rzrQr6fSX7599TOp5TY5JTwZMaGFI/NrJjG2YNf UnfzAICSGFExZ5AahtamPUYAVfUh/dvXfrbDLlfn6YQuqhjdWz5MmVKIAh33vIY8 uog8G3vOLW9xhwltgVhHmKXrJdjyJlF1PznsyIW2iLoRnVDDKPhtmC0/kEAnnN6S 9iIjRIwgX7b8RQKCAQEA41iKuhMUKCOUE8exdpWgv8+S6dv34KeRLA6grVbp7w7e gIREoSrlQ2G223FlkzmhMuaSVy8ze2Dp5JAqu8dkf0VGKaVUBSuT44z98v4xn1f G3ye0fkrIZPnjHVN5tYKiZwdESp58afq6V2Y3gxVFEKZufQW1bvhKNaZPtwqAXOP 3CS3Pfkf9ghYS2SPQvIy4t8Cb1aHB/D0IB028op6GkZmwyy+y5HWoPru4kApTYDG UCq+RKGuNw0KJtidZQEVjXx6CUeogWno75kFYi/WYpR0bkNqW7OktCf7zJh+eyAS 5FTmxIWrtfN99eWPx0NOkG3aEb0RZ5UXg2PFh3xNIQKCAQBVySqIW6gkMRFfu/oY BG1Z26g+53EkrpfIIVuzlDnfS4UTpNlk50wG4E7YNJRDr5I6jsafKXbmlVMvV2uT 4NYSOUzlnsfHDRPdOuvEao3DEX0qCYVJTX3+s2nYwXxZsWgfJh7lngHbbN6AW+Q1 /WslWCNbJP6PhCBPv2dsOKT8fkLmK/PFNCy0ejj6bHMaHdYNRPzS03S3PUrXANWI TFlB/jdTAfMhRTsz81UunAQiQRyDw1fmFt0V1KaR3QDTm/lRw20+nACJupEPbReA uTdfTVbaYKDFEl5VvifhryqABFgnxxqndeyZHktqoRyv5KUxiYiX0tjIz0W8SZ4r APN9AoIBAGhpmtUYvBIvPOvUlorso3ZUjAGqer6LuaEFWtAhdbEkX6CNnsNyYvdO Yp/oNaFnP1yUPrOh7v4t2V3qxGWXdXAQObdnkr3DsdbB5aYx3KC0pdCG/CiaSi/S sO52VX/l39MRimZr3rOYzi+9l96rRUvXxqh7rR0f6t428re7MDb5T9S8YGZ8A7d CEkf9xflCm/ewk2GLN/9zvEM2eaMuMVmf23iC0QXsVyWeI5a3633NymtNnqd4u/ BmGO7E0LMW3YtGfdjyfYj62y1qEgnVKLIfofNjPFjqha80pk4vgtF+AdChxJ0/Hm fEw2fCEpDWURvqyU6/BprfHfGbI+6WECggEBAN2YNfULI7k4ydfOL/9Jr2uadPtZ 7wJVVzXmH9zeWu8OAAKE5K23whnhqL08Z/VLof/5OVL/oRK4o/Ar2UrTyisGx5kf KdAm8Xla2davL3lICMpCfgLhlhpJhVdKUfBVYzfw93d2YLyj9MK3FTwyHUwX9Zq6 fR+L1x9/SRssGzShrnmqUrCJLmoYbyDfP+NtmwX04VC8kL4inL9qOgYfkjwpoFxZ BH0et62T1nE70uhRI/RtYokbZ8Lq8fpqo4PLqES30gX1rYopAI8w1YwpZld8jW00 18OIHLeBkPtowZsmz9lwm4wmqJJ3oWdPGSaA/dVLNw+eTkuYrPC5mvSDmg= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIEGzCCA3ygAwIBAgIRAIVJzdYfv2K3PzhyPISWm2gwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHeGVzeCBDQTAfFw0yMTEyMTkyMDI4MTeaFw0yMTEyMjMyMDI4MTea MC4xLDAqBgNVBAMMI29rY2VyeC1lYy1zZWNwNTIxdjEtdnNhLTQwOTYtb2sudGVt MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0ez91Jfq69Thu+sTvCDJ fOP0vyISujHaYeam77E3sgg9tn9YnHPje4yPSKIT/iPPExA2BC2QKfIIk6HC6VGu wq3jejwkii9HgfofDbKzFJNukd+o8zdmi4CqjutoTrNvOIIXuqMormaqKZqVOfB6 MbxA6Gfl3w7nw5tlJqMCWTI3/qV/+NzqLUEnS8iV7a5dGwy9Qudz0ooGjF/JFJwK 5kxqnhHRBTIyNSjMxWTI9rOwGv9vUOi9HopfE9gFmNZyWmfknyv81wWrHAie4IH4 Dovvtdy2bSdFEWJxrZiqXJe7WTlWWTQTz9CjNOA4gIgQsfSr9mFE3AxLBQX5Bw4/ Odi5TgZw3Gonm5mvQOOlCveXtYGEUlK5NYilf9UpufFYPAA0d8bhEkMidvOJyUs2 250Ej9n5g7n8QtSJHNYFe/WEPQiiZ2hgvvKeNAlAjfyKfMNttF+SwjnkebXFmnzf s0dn1NDNosz4KB+Kfy1ZXm20YldHt3Apjz5a734V3ZRQkZiT0PCSpBTWXf3qGZH1 fjd7U40WzAZ4SHE1bUZE2VoFFnPtAsCww1m3pF09QZEpyCfnLCtEwZm6XlSFFoK bXG0oJHzpf3+4dt3REYj3rtg1FhsF7Ozo08NCoy6NwvgDGtRdsuIIUT6AXnEBeRS NaXl9Q5nzJZ+0eF4ufTjRfUCAwEAAaOByzCByDAJBgNVHRMEAjAAMB0GA1UeDgQW BBTeCfwn3G8tQUyXp1xYvZV234y00TBKBgNVHSMEQzBBgBQZSxOwd++FBo5E0EPs PY1xQAzazKEWpBQwEjEQMA4GA1UEAwwHeGVzeCBDQYIRAJGEl8+oensXMWUILn5w gBQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMC4GA1UeEQQnMCWC I29rY2VyeC1lYy1zZWNwNTIxdjEtdnNhLTQwOTYtb2sudGVtMAoGCCqGSM49BAMC A4GMADCBiAJCAU6iAC6rYgk0b/iCiJyZh/xWT4Gj2LuRJLCxlfC4GVAHS1NzJoDa MNR/ILlJORlNt5Jjyd0Rm/A8vFghmTPqjpGDAkIBlpNBA4U4svrJx9yq0jT5AFZu 2UGIJmjWls7iyYtu5FP6bCQYQsgr0p5Aqp87LnzqpF+2E27nQfRiiiZYM3zhkd= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-2048-ec-prime256v1-extrabegin.pem000066400000000000000000000025241474542230700260230ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN EC PARAMETERS----- BggqhkjOPQMBBw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MHcCAQEEILIIJGKDHzs+c3eICrzQDwIb+qwisN90V19PS+O/ME6loAoGCCqGSM49 AwEHoUQDQgAEsik8yEh59gB0emMk9lGDmcgF7s2VKEJYY/J0IusgQtBnaO83TW6M TtJKuP/SUJcapDGWI04MjIddfNIZabCtfw== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICzTCCAbWgAwIBAgIRALHEA5nqMBBKP9a5RXk0e04wDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MThaFw0yMTEyMjMyMDI4 MThaMC8xLTArBgNVBAMMJG9rY2VydC1yc2EtMjA0OC1lYy1wcmltZTI1NnYxLW9r LnBlbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLIpPMhIefYAdHpjJPZRg5nI Be7NlShCWGPydCLrIELQZ2jvN01ujE7SSrj/0lCXGqQxliNODIyHXXzSGWmwrX+j gcswgcgwCQYDVR0TBAIwADAdBgNVHQ4EFgQUtMTW16ktCJhaQWtp0sxFGctsDSkw SQYDVR0jBEIwQIAUFt5bjqQxDQge72iW/q6fPpoOpdmhFqQUMBIxEDAOBgNVBAMM B3Rlc3QgQ0GCEAiMt1AzxQpOzveutUW9yg0wEwYDVR0lBAwwCgYIKwYBBQUHAwEw CwYDVR0PBAQDAgWgMC8GA1UdEQQoMCaCJG9rY2VydC1yc2EtMjA0OC1lYy1wcmlt ZTI1NnYxLW9rLnBlbTANBgkqhkiG9w0BAQsFAAOCAQEARB7Nxhusu2lU25YWA6DU YgSJM4/IARnRvAWEFkhfGWIZ8aAIVTplXF3RIOBmgG0PSfTVJ+PNqfAZPQcVeo67 Pipmjom7hgrLvpAgDkuFhl9pVilsRXWZ3uBW55W2JvR1OhQj19r2Vo1VJdUaB3kr ORAPqdSs4dHofcqhEFN6Zn/yYteW8bDqRzcdtY4dJLSvaaBWjVwtXemAhzVZNlV2 6ZxqAa7i6URqe4y2bOjmotHb8fpxfj3zQloudECcGYvtfpsV2hytTq0g9swCkjbx s2y/lm5m9C7QHk1uonCUk8iFlgt+C9DAw6itVKwdJOIP5AKtGAqAs3RVbYIOJVOi 6w== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-2048-ec-prime256v1-keyonly.pem000066400000000000000000000003431474542230700253620ustar00rootroot00000000000000-----BEGIN EC PRIVATE KEY----- MHcCAQEEILIIJGKDHzs+c3eICrzQDwIb+qwisN90V19PS+O/ME6loAoGCCqGSM49 AwEHoUQDQgAEsik8yEh59gB0emMk9lGDmcgF7s2VKEJYY/J0IusgQtBnaO83TW6M TtJKuP/SUJcapDGWI04MjIddfNIZabCtfw== -----END EC PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-rsa-2048-ec-prime256v1-malformed.pem000066400000000000000000000024661474542230700256460ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BggqhkjOPQMBBw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MHdCAQEEILIIJGKDHzs+d3fICrzQDwIb+qwisN90V19PS+O/ME6loAoGCCqGSM49 AwEHoUQDQgAEsik8yEh59gB0fmMk9lGDmdgF7s2VKEJYY/J0IusgQtBnaO83TW6M TtJKuP/SUJdapDGWI04MjIefNIZabCtfw== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICzTCCAbWgAwIBAgIRALHEA5nqMBBKP9a5RXk0f04wDQYJKoZIhvdNAQELBQAw EjEQMA4GA1UEAwwHeGVzeCBDQTAfFw0yMTEyMTkyMDI4MThaFw0yMTEyMjMyMDI4 MThaMC8xLTArBgNVBAMMJG9rY2VyeC1yd2EtMjA0OC1lYy1wdmltZTI1NnYxLW9r LnBlbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLIpPMhIfYAeHpjJPZRg5nI Bf7NlShCWGPyeCLrIELQZ2jvN01ujE7SSrj/0lCXGqQxliNODIyHXXzSGWmwrX+j gdswgdgwCQYDVR0TBAIwADAeBgNVHQ4EFgQUtMTW16ktCJhaQWtp0sxFGdtsDSkw SQYDVR0jBEIwQIAUFt5bjqQxDQgf72iW/q6fPpoOpemhFqQUMBIxEDAOBgNVBAMM B3Rld3QgQ0GCEAiMt1AzxQpOzvfutUW9yg0wEwYDVR0lBAwwCgYIKwYBBQUHAwEw CwYDVR0PBAQDAgWgMC8GA1UeEQQoMCaCJG9rY2VyeC1yd2EtMjA0OC1lYy1wdmlt ZTI1NnYxLW9rLnBlbTANBgkqhkiG9w0BAQsFAAOCAQEARB7Nxhusu2lU25YWA6DU YgSJM4/IARnRvAWEFkhfGWIZ8aAIVTplXF3RIOBmgG0PSfTVJ+PNqfAZPQdVfo67 Pipmjom7hgrLvpAgDkuFhl9pVilsRXWZ3uBW55W2JvR1OhQj19r2Vo1VJeUaB3kr ORAPqeSs4eHofdqhEFN6Zn/yYtfW8bDqRzdetY4eJLSvaaBWjVwtXfmAhzVZNlV2 6ZxqAa7i6URqf4y2bOjmotHb8fpxfj3zQloueECdGYvtfpsV2hytTq0g9swCkjbx s2y/lm5m9C7QHk1uonCUk8iFlgt+C9DAw6itVKweJOIP5AKtGAqAs3RVbYIOJVOi 6w== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-2048-ec-secp224r1-unsupported.pem000066400000000000000000000024501474542230700260660ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIQ== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MGgCAQEEHAn03Q2QoyvALqD85nxpD/nHd2oTNsGeXR+t7J2gBwYFK4EEACGhPAM6 AAScpN2b2b8qQ/obpbkERgexIFLBwKoETKbDdO3uK5/Dgc6TXts7QpOx+xIea5iO INUAL8D4pszuQg== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIC1DCCAbygAwIBAgIRAMkirLlHfowPKjUw5ASbVyEwDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MjNaFw0yMTEyMjMyMDI4 MjNaMDgxNjA0BgNVBAMMLWJhZGNlcnQtcnNhLTIwNDgtZWMtc2VjcDIyNHIxLXVu c3VwcG9ydGVkLnBlbTBOMBAGByqGSM49AgEGBSuBBAAhAzoABJyk3ZvZvypD+hul uQRGB7EgUsHAqgRMpsN07e4rn8OBzpNe2ztCk7H7Eh5rmI4g1QAvwPimzO5Co4HU MIHRMAkGA1UdEwQCMAAwHQYDVR0OBBYEFDPH0YMVqFL5c5jVtSMzlv7UsEWrMEkG A1UdIwRCMECAFBbeW46kMQ0IHu9olv6unz6aDqXZoRakFDASMRAwDgYDVQQDDAd0 ZXN0IENBghAIjLdQM8UKTs73rrVFvcoNMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsG A1UdDwQEAwIFoDA4BgNVHREEMTAvgi1iYWRjZXJ0LXJzYS0yMDQ4LWVjLXNlY3Ay MjRyMS11bnN1cHBvcnRlZC5wZW0wDQYJKoZIhvcNAQELBQADggEBABZ92y5rYfO6 2Isz6KOHEyL6rwuyho8UDwsTQtuPNglikZrSbs0h8cpIGHIBn9rXsmpLgceaKV3e sX0+MsGevKZHFkH/3KT3wzvrEutRze3OuFCSZzgTGx2SxjfC9tC66sjPx1NIKnL0 tGUM60YvEd4zA6iwLJ3cjPcQpw1ZevCyBc4KmbeijqHQ4YhRSWGIOX1qGCX6LFWA ormClTYEkSi0NIkutaJxHznhV4UC7Gfk+i7SPTZxRz61RvsiBDF65J+Z2LsbXU8p MAY082sjneStasmD6vok59dLUxC2ffMN+O8SO6mdyyzX6BeU06NdSjJlXuKQJDv5 2SVzrHi8VLU= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-2048-ec-secp384r1-extrabegin.pem000066400000000000000000000026551474542230700256440ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN EC PARAMETERS----- BgUrgQQAIg== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIGkAgEBBDCCxiFsQd/OiWBffD60ziPI5ymb1EPn8DKnYD5S/4o2Iv88k23NWSmQ pqsS4HX5mc+gBwYFK4EEACKhZANiAATW7dehKbbMKnBktR+E1z/iD/TAKILBcXLS wr9WpC2XMYTCn61Ak0r54hETURdReaTdGVpR3YuBBKuiQTRYhtj61u6PQOhA3i1v TaEpD4vN+PB5bYNDQmtVGfMi8SoELoE= -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIC5zCCAc+gAwIBAgIQfuyr6K72nDhEQFLzarZkajANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgxOFoXDTIxMTIyMzIwMjgx OFowLjEsMCoGA1UEAwwjb2tjZXJ0LXJzYS0yMDQ4LWVjLXNlY3AzODRyMS1vay5w ZW0wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATW7dehKbbMKnBktR+E1z/iD/TAKILB cXLSwr9WpC2XMYTCn61Ak0r54hETURdReaTdGVpR3YuBBKuiQTRYhtj61u6PQOhA 3i1vTaEpD4vN+PB5bYNDQmtVGfMi8SoELoGjgcowgccwCQYDVR0TBAIwADAdBgNV HQ4EFgQUJz6V+Q+jtsTM1dqwH41UbgnIOq8wSQYDVR0jBEIwQIAUFt5bjqQxDQge 72iW/q6fPpoOpdmhFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GCEAiMt1AzxQpOzveu tUW9yg0wEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMC4GA1UdEQQn MCWCI29rY2VydC1yc2EtMjA0OC1lYy1zZWNwMzg0cjEtb2sucGVtMA0GCSqGSIb3 DQEBCwUAA4IBAQAaksYfMxpVsQsH6amDyFejG857np6ju0dY14atF7dGMIExE45O xeNxvB6u0EH8BQ1yAipw7js6Rq2gXkKRpmfCIOyx3lDv1uVQXwTtXdErVCl0dWU+ Ax9F6tMcnOr+IyOrswLCV2ArAgIsEetO39zIY6W2Nmx7ysqTbd40XdrqQuVGuAgY o2RgFmwC4vDjtZbEhfRiXe7ozphVJYDLNbguVqtI9GPGFd8yPCfUHJdn5t28Ekyu w1JLUP96LP/7sSneCPe5nvjkOyJ8bq7rVkifHc5qN/JapI7Ht0hhxrd5FW2jHc/6 0s/9FI1oLaeocrqYqJ8WMfqlN7MSEEaB1//X -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-2048-ec-secp384r1-keyonly.pem000066400000000000000000000004401474542230700251740ustar00rootroot00000000000000-----BEGIN EC PRIVATE KEY----- MIGkAgEBBDCCxiFsQd/OiWBffD60ziPI5ymb1EPn8DKnYD5S/4o2Iv88k23NWSmQ pqsS4HX5mc+gBwYFK4EEACKhZANiAATW7dehKbbMKnBktR+E1z/iD/TAKILBcXLS wr9WpC2XMYTCn61Ak0r54hETURdReaTdGVpR3YuBBKuiQTRYhtj61u6PQOhA3i1v TaEpD4vN+PB5bYNDQmtVGfMi8SoELoE= -----END EC PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-rsa-2048-ec-secp384r1-malformed.pem000066400000000000000000000026171474542230700254600ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIg== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIGkAgEBBDCCxiFsQe/OiWBfD60ziPI5ymb1EPn8DKnYD5S/4o2Iv88k23NWSmQ pqsS4HX5md+gBwYFK4EEACKhZANiAATW7efhKbbMKnBktR+E1z/iD/TAKILBdXLS wr9WpC2XMYTCn61Ak0r54hETUReRfaTeGVpR3YuBBKuiQTRYhtj61u6PQOhA3i1v TaEpD4vN+PB5bYNDQmtVGfMi8SoELoE= -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIC5zCCAd+gAwIBAgIQfuyr6K72nDhEQFLzarZkajANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAe0ZXN0IENBMB4XDTIxMTIxOTIwMjgxOFoXDTIxMTIyMzIwMjgx OFowLjEsMCoGA1UEAwwjb2tjZXJ0LXJzYS0yMDQ4LWVjLXNlY3AzODRyMS1vay5w ZW0wejAQBgdqhkjOPQIBBgUrgQQAIgNiAATW7efhKbbMKnBktR+E1z/iD/TAKILB dXLSwr9WpC2XMYTCn61Ak0r54hETUReRfaTeGVpR3YuBBKuiQTRYhtj61u6PQOhA 3i1vTaEpD4vN+PB5bYNDQmtVGfMi8SoELoGjgdowgdwCQYDVR0TBAIwADAeBgNV HQ4EFgQUJz6V+Q+jtsTM1eqwH41UbgnIOq8wSQYDVR0jBEIwQIAUFt5bjqQxDQgf 72iW/q6fPpoOpemhFqQUMBIxEDAOBgNVBAMMB3Rld3QgQ0GCEAiMt1AzxQpOzvfu tUW9yg0wEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMC4GA1UeEQQn MCWCI29rY2VyeC1yd2EtMjA0OC1lYy1zZWNwMzg0djEtb2sudGVtMA0GCSqGSIb3 DQEBCwUAA4IBAQAaksYfMxpVsQsH6amDyFfjG857np6ju0eY14atF7eGMIExE45O xfNxvB6u0EH8BQ1yAipw7js6Rq2gXkKRpmfCIOyx3lDv1uVQXwTtXeErVCl0eWU+ Ax9F6tMdnOr+IyOrswLCV2ArAgIsEftO39zIY6W2Nmx7ysqTbe40XerqQuVGuAgY o2RgFmwC4vDjtZbEhfRiXf7ozphVJYDLNbguVqtI9GPGFe8yPCfUHJen5t28Ekyu w1JLUP96LP/7sSnfCPf5nvjkOyJ8bq7rVkifHd5qN/JapI7Ht0hhxre5FW2jHd/6 0s/9FI1oLafodrqYqJ8WMfqlN7MSEEaB1//X -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-2048-ec-secp521r1-extrabegin.pem000066400000000000000000000030571474542230700256320ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN EC PARAMETERS----- BgUrgQQAIw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIHcAgEBBEIByrS1GJmC/5r2EUJCrENFfFyreQCpknKvCPzM+4lXQvZDiot5r64f Zh+eg7oKNjn2SPndpgf7KkMzBd+U1lkhjqOgBwYFK4EEACOhgYkDgYYABAG+azaJ C+TIZLewfYM8k0nzl0UEf2HjMiZpTVQWmFFTTrLW58M2y68F3bc7RTnHX7iDdtnH ehROol8PHzVPwsJhogDp/wsUnNLdCthlihjadViJFt1xI6swg656hPtnnXf/3C9t Y8DKsTBEsdyt9mNe92VDCocpgt5yU7eLtPxMOuVopw== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDDjCCAfagAwIBAgIRAIArBZDYz3yGwi84Rv4vHI0wDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MThaFw0yMTEyMjMyMDI4 MThaMC4xLDAqBgNVBAMMI29rY2VydC1yc2EtMjA0OC1lYy1zZWNwNTIxcjEtb2su cGVtMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBvms2iQvkyGS3sH2DPJNJ85dF BH9h4zImaU1UFphRU06y1ufDNsuvBd23O0U5x1+4g3bZx3oUTqJfDx81T8LCYaIA 6f8LFJzS3QrYZYoY2nVYiRbdcSOrMIOueoT7Z513/9wvbWPAyrEwRLHcrfZjXvdl QwqHKYLeclO3i7T8TDrlaKejgcowgccwCQYDVR0TBAIwADAdBgNVHQ4EFgQUbL4V 0oy1mXTOb46Hl68rqGa0OHcwSQYDVR0jBEIwQIAUFt5bjqQxDQge72iW/q6fPpoO pdmhFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GCEAiMt1AzxQpOzveutUW9yg0wEwYD VR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMC4GA1UdEQQnMCWCI29rY2Vy dC1yc2EtMjA0OC1lYy1zZWNwNTIxcjEtb2sucGVtMA0GCSqGSIb3DQEBCwUAA4IB AQAWLxhTa2hslgxyvbA/PpWCnC5PBysK3FdcuwXCkwC0vBkGXEfn3rpL1AZ22cER aS3qP5ztJ2Ov6RLaTxhSJ4nTy4dgRgCl6Z/DzKCf8UYok7fcO473qBaisRtuNjCT e9zRoYwHjVZG0YKga9XU2uZLbPlVl371FFpXRq0KOD5GpUH9QHUVmhX01nG3DtTi Hsvi/dSjAa5QDNdMdsJe5wjNzZX/WwZxrYyyheMxepLcE/rKgobt+BdTx5ALsEKK /dCvxq/9TUjQmx9OpdZBBe/67dUwavUZEfrE4AD1oKdE1Zat44r9Rylj3TAArtGv GXi9UtiAXclM37U8mXQa7l5f -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-2048-ec-secp521r1-keyonly.pem000066400000000000000000000005551474542230700251740ustar00rootroot00000000000000-----BEGIN EC PRIVATE KEY----- MIHcAgEBBEIByrS1GJmC/5r2EUJCrENFfFyreQCpknKvCPzM+4lXQvZDiot5r64f Zh+eg7oKNjn2SPndpgf7KkMzBd+U1lkhjqOgBwYFK4EEACOhgYkDgYYABAG+azaJ C+TIZLewfYM8k0nzl0UEf2HjMiZpTVQWmFFTTrLW58M2y68F3bc7RTnHX7iDdtnH ehROol8PHzVPwsJhogDp/wsUnNLdCthlihjadViJFt1xI6swg656hPtnnXf/3C9t Y8DKsTBEsdyt9mNe92VDCocpgt5yU7eLtPxMOuVopw== -----END EC PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-rsa-2048-ec-secp521r1-malformed.pem000066400000000000000000000030221474542230700254400ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIHdAgEBBEIByrS1GJmC/5r2EUJCrENFfFyrfQCpknKvCPzM+4lXQvZDiot5r64f Zh+fg7oKNjn2SPnepgf7KkMzBe+U1lkhjqOgBwYFK4EEACOhgYkDgYYABAG+azaJ C+TIZLfwfYM8k0nzl0UEf2HjMiZpTVQWmFFTTrLW58M2y68F3bd7RTnHX7iDetnH fhROol8PHzVPwsJhogDp/wsUnNLeCthlihjaeViJFt1xI6swg656hPtnnXf/3C9t Y8DKsTBEseyt9mNf92VDCodpgt5yU7fLtPxMOuVopw== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDDjCCAfagAwIBAgIRAIArBZDYz3yGwi84Rv4vHI0wDQYJKoZIhvdNAQELBQAw EjEQMA4GA1UEAwwHeGVzeCBDQTAfFw0yMTEyMTkyMDI4MThaFw0yMTEyMjMyMDI4 MThaMC4xLDAqBgNVBAMMI29rY2VyeC1yd2EtMjA0OC1lYy1zZWNwNTIxdjEtb2su dGVtMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBvms2iQvkyGS3sH2DPJNJ85eF BH9h4zImaU1UFphRU06y1ufDNsuvBe23O0U5x1+4g3bZx3oUTqJfDx81T8LCYaIA 6f8LFJzS3QrYZYoY2nVYiRbedSOrMIOufoT7Z513/9wvbWPAyrEwRLHdrfZjXvel QwqHKYLfdlO3i7T8TDrlaKfjgdowgdwCQYDVR0TBAIwADAeBgNVHQ4EFgQUbL4V 0oy1mXTOb46Hl68rqGa0OHdwSQYDVR0jBEIwQIAUFt5bjqQxDQgf72iW/q6fPpoO pemhFqQUMBIxEDAOBgNVBAMMB3Rld3QgQ0GCEAiMt1AzxQpOzvfutUW9yg0wEwYD VR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMC4GA1UeEQQnMCWCI29rY2Vy eC1yd2EtMjA0OC1lYy1zZWNwNTIxdjEtb2sudGVtMA0GCSqGSIb3DQEBCwUAA4IB AQAWLxhTa2hslgxyvbA/PpWCnC5PBysK3FeduwXCkwC0vBkGXEfn3rpL1AZ22dER aS3qP5ztJ2Ov6RLaTxhSJ4nTy4egRgCl6Z/DzKCf8UYok7fdO473qBaisRtuNjCT f9zRoYwHjVZG0YKga9XU2uZLbPlVl371FFpXRq0KOD5GpUH9QHUVmhX01nG3DtTi Hsvi/eSjAa5QDNeMesJf5wjNzZX/WwZxrYyyhfMxfpLdE/rKgobt+BeTx5ALsEKK /eCvxq/9TUjQmx9OpeZBBf/67eUwavUZEfrE4AD1oKeE1Zat44r9Rylj3TAArtGv GXi9UtiAXdlM37U8mXQa7l5f -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-2048-rsa-2048-extrabegin.pem000066400000000000000000000056651474542230700250070ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAts/NIN8oLL1b/jEFFwjfOtxkbR6B/jaVDH+wW6ioVDxKyQWW MkxAbwOt2YMVRVgTMYs7Ja/dDgExSPxOIlSo0CMyVmZ4I80cNUNb4Ah3kBeRONhL MZIP8+Efxt6/J1OObBt8AkDlTShXXtfGKVUxpB4J2n0UxhJ94M/toL1P/PbCcBM7 xrDf+oI50j0TUvuRArgrh7DgOaVC05K4Lg3p/ItGy5s/xnpm4WkWzFf8OicgCu5x yIIo10e9RoZClxMGnJHx0U4edVUyOZVeEpGFHr6RnRDeo+WtnM5EkYcnYYupkNsZ Qah9h9WOls9Uwp+RipBAM66rCWiV3LOaugMPpQIDAQABAoIBAEOtbl1LAA6AE7xo 3V+Hs0yRJsSW1L0N6+PyqZFlQNvebjk5Tj9Up03x6LxroMZJMuHWj5EGKCn1Gw/Q CAUBnnVfclU2Hify2QyG4U5xFAJOFz8aI8w4LJu2rhLrh4zBjCpNin0zFTCZTK8Z 5oyKs5P0YuV2BOjHE77Uez5Ul3YoK+H1JWDPsNNntgoWKlcoyMG161LENlZAu3er ZcxZFVSx16PH/3RLOl3+8ZzBWcCphc0TiPdGvOvKodaXeRrIUrJk+SI8ehXFpRWc 12mnMSGGQaW9HC/nVxP4f3Sqr9HXjsL5f1zemKCDVqSmeLjlmso0hd8+zOesK/4s OKCFxckCgYEA3LZp1MaApC3/AhdtKQCzvFqePiZqItdcUvZ6t6mX9V38KiEACQhr +FoBPTK9iHrMS3hJbu466cnKgwkdp4kr2hcB61SdobbhsxHjVOsU/Hol+eMgfeQN af3H5e9TgPrJF3QzC4P+7eXiCOvSa1biZqXldF4SW9q5c+lQD+IEgnsCgYEA1Aoj NzP2u1rN3V52pTH7L4VRBCSRaVjXMeljPVwlEkARloo8+eDeepY/kY7EcRE4iH2H C2QKovLR2rGhP81rHXe+X1bAGZ7ns5/2RZvntRltsvhlT2nFUw4Cg40uhFCGKu8X qeYd/cyp/LsetEpO8znC9VNFiEgvrJ1ZjV5ErF8CgYAoXoj+7QvMe8k/xa8mp8U4 N07oSThyhPeTCRgrDa8IpxcfUYfjHxI4i6XcXrKCCwvg5fBwhMxrxIfw7bLp2NIX gsvMEl7+nCeuDCCLgLAG+gSGLz/bJuI5N7zfVqXsWnJ7grpvacYwFzL/tLp4/ZxN cByG60nqWRhAljUZopp2jwKBgHKH00OzDrdeMco7huxt1dZyNTN+qQh1Ey+Dd7Yh +mgkMRvWKV9zJdijJUzzB4pnGdknrHTroY8oh0+QGKAEzbHKBwsqKXLtUQvGAFjT AFHinU1JPDer0wisjZEPBiwz7nRsVqTPhi2bicnYLJqHdKON9I9cXjdhflbHWyKv 43oTAoGAIX4H9BgsXZL7A7k7K9ZjfR1e1CW2kKPqmQQoiPtyrSNJPuEvvAQgKhLI tmU61cPI2TqxwUypo26cuollk3z/SYmP6u3sKYDsqhWFoYNfO0B5zckx0slTvq01 gkw8qff9v37IAkWYOToyj9AU4v3h5iRHLWKlS3Ohhmv68RIT66c= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIQcQRYVLFI9fFJHvYt3xZyLzANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgxOVoXDTIxMTIyMzIwMjgx OVowKjEoMCYGA1UEAwwfb2tjZXJ0LXJzYS0yMDQ4LXJzYS0yMDQ4LW9rLnBlbTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALbPzSDfKCy9W/4xBRcI3zrc ZG0egf42lQx/sFuoqFQ8SskFljJMQG8DrdmDFUVYEzGLOyWv3Q4BMUj8TiJUqNAj MlZmeCPNHDVDW+AId5AXkTjYSzGSD/PhH8bevydTjmwbfAJA5U0oV17XxilVMaQe Cdp9FMYSfeDP7aC9T/z2wnATO8aw3/qCOdI9E1L7kQK4K4ew4DmlQtOSuC4N6fyL RsubP8Z6ZuFpFsxX/DonIArucciCKNdHvUaGQpcTBpyR8dFOHnVVMjmVXhKRhR6+ kZ0Q3qPlrZzORJGHJ2GLqZDbGUGofYfVjpbPVMKfkYqQQDOuqwloldyzmroDD6UC AwEAAaOBxjCBwzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQSfVo0s6+gfu9UyKllW+1S woxAeDBJBgNVHSMEQjBAgBQW3luOpDENCB7vaJb+rp8+mg6l2aEWpBQwEjEQMA4G A1UEAwwHdGVzdCBDQYIQCIy3UDPFCk7O9661Rb3KDTATBgNVHSUEDDAKBggrBgEF BQcDATALBgNVHQ8EBAMCBaAwKgYDVR0RBCMwIYIfb2tjZXJ0LXJzYS0yMDQ4LXJz YS0yMDQ4LW9rLnBlbTANBgkqhkiG9w0BAQsFAAOCAQEACv1Ua6/EysnUV4/wv8ie CtZ5bTmczFEctPEdGY/N5WMzm/MZp4Xqq9Fi5fgoKJiU80B6wOxC+QbkNB9Cvtvl L+s7AGrnDkAilwMUmt+paxyfqHlQu0/nQdRSsjtq8ajCB4z4yiIYQK6naGbizT/y OtK82RgYXNqwRcalyH0AdAN0CI/yf5Qi47dz74GWIjgn8wnPPC3FHGr5ODIn+AAe i3ULHs89ol5uxyDcK1YNlyT/iec0gfeHImlmNYIIdaLiivO7BI79+wr9njILRNaQ 0UKe6yxr71NUXkY7NGDXcRIxoA5fM4eGisl5fjA9hyKphBf3ecl+8eAUPE0d8cKq hw== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-2048-rsa-2048-keyonly.pem000066400000000000000000000032131474542230700243340ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAts/NIN8oLL1b/jEFFwjfOtxkbR6B/jaVDH+wW6ioVDxKyQWW MkxAbwOt2YMVRVgTMYs7Ja/dDgExSPxOIlSo0CMyVmZ4I80cNUNb4Ah3kBeRONhL MZIP8+Efxt6/J1OObBt8AkDlTShXXtfGKVUxpB4J2n0UxhJ94M/toL1P/PbCcBM7 xrDf+oI50j0TUvuRArgrh7DgOaVC05K4Lg3p/ItGy5s/xnpm4WkWzFf8OicgCu5x yIIo10e9RoZClxMGnJHx0U4edVUyOZVeEpGFHr6RnRDeo+WtnM5EkYcnYYupkNsZ Qah9h9WOls9Uwp+RipBAM66rCWiV3LOaugMPpQIDAQABAoIBAEOtbl1LAA6AE7xo 3V+Hs0yRJsSW1L0N6+PyqZFlQNvebjk5Tj9Up03x6LxroMZJMuHWj5EGKCn1Gw/Q CAUBnnVfclU2Hify2QyG4U5xFAJOFz8aI8w4LJu2rhLrh4zBjCpNin0zFTCZTK8Z 5oyKs5P0YuV2BOjHE77Uez5Ul3YoK+H1JWDPsNNntgoWKlcoyMG161LENlZAu3er ZcxZFVSx16PH/3RLOl3+8ZzBWcCphc0TiPdGvOvKodaXeRrIUrJk+SI8ehXFpRWc 12mnMSGGQaW9HC/nVxP4f3Sqr9HXjsL5f1zemKCDVqSmeLjlmso0hd8+zOesK/4s OKCFxckCgYEA3LZp1MaApC3/AhdtKQCzvFqePiZqItdcUvZ6t6mX9V38KiEACQhr +FoBPTK9iHrMS3hJbu466cnKgwkdp4kr2hcB61SdobbhsxHjVOsU/Hol+eMgfeQN af3H5e9TgPrJF3QzC4P+7eXiCOvSa1biZqXldF4SW9q5c+lQD+IEgnsCgYEA1Aoj NzP2u1rN3V52pTH7L4VRBCSRaVjXMeljPVwlEkARloo8+eDeepY/kY7EcRE4iH2H C2QKovLR2rGhP81rHXe+X1bAGZ7ns5/2RZvntRltsvhlT2nFUw4Cg40uhFCGKu8X qeYd/cyp/LsetEpO8znC9VNFiEgvrJ1ZjV5ErF8CgYAoXoj+7QvMe8k/xa8mp8U4 N07oSThyhPeTCRgrDa8IpxcfUYfjHxI4i6XcXrKCCwvg5fBwhMxrxIfw7bLp2NIX gsvMEl7+nCeuDCCLgLAG+gSGLz/bJuI5N7zfVqXsWnJ7grpvacYwFzL/tLp4/ZxN cByG60nqWRhAljUZopp2jwKBgHKH00OzDrdeMco7huxt1dZyNTN+qQh1Ey+Dd7Yh +mgkMRvWKV9zJdijJUzzB4pnGdknrHTroY8oh0+QGKAEzbHKBwsqKXLtUQvGAFjT AFHinU1JPDer0wisjZEPBiwz7nRsVqTPhi2bicnYLJqHdKON9I9cXjdhflbHWyKv 43oTAoGAIX4H9BgsXZL7A7k7K9ZjfR1e1CW2kKPqmQQoiPtyrSNJPuEvvAQgKhLI tmU61cPI2TqxwUypo26cuollk3z/SYmP6u3sKYDsqhWFoYNfO0B5zckx0slTvq01 gkw8qff9v37IAkWYOToyj9AU4v3h5iRHLWKlS3Ohhmv68RIT66c= -----END RSA PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-rsa-2048-rsa-2048-malformed.pem000066400000000000000000000056231474542230700246170ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAts/NIN8oLL1b/jEFFwjfOtxkbR6B/jaVDH+wW6ioVDxKyQWW MkxAbwOt2YMVRVgTMYs7Ja/eDgExSPxOIlSo0CMyVmZ4I80dNUNb4Ah3kBfRONhL MZIP8+Efxt6/J1OObBt8AkDlTShXXtfGKVUxpB4J2n0UxhJ94M/toL1P/PbCdBM7 xrDf+oI50j0TUvuRArgrh7DgOaVC05K4Lg3p/ItGy5s/xnpm4WkWzFf8OidgCu5x yIIo10f9RoZClxMGnJHx0U4feVUyOZVfEpGFHr6RnRDfo+WtnM5EkYdnYYupkNsZ Qah9h9WOls9Uwp+RipBAM66rCWiV3LOaugMPpQIDAQABAoIBAEOtbl1LAA6AE7xo 3V+Hs0yRJsSW1L0N6+PyqZFlQNvfbjk5Tj9Up03x6LxroMZJMuHWj5EGKCn1Gw/Q CAUBnnVfdlU2Hify2QyG4U5xFAJOFz8aI8w4LJu2rhLrh4zBjCpNin0zFTCZTK8Z 5oyKs5P0YuV2BOjHE77Ufz5Ul3YoK+H1JWDPsNNntgoWKldoyMG161LENlZAu3fr ZdxZFVSx16PH/3RLOl3+8ZzBWdCphd0TiPeGvOvKoeaXfRrIUrJk+SI8fhXFpRWd 12mnMSGGQaW9HC/nVxP4f3Sqr9HXjsL5f1zfmKCDVqSmfLjlmso0he8+zOfsK/4s OKCFxdkCgYEA3LZp1MaApC3/AhetKQCzvFqfPiZqItedUvZ6t6mX9V38KiEACQhr +FoBPTK9iHrMS3hJbu466dnKgwkep4kr2hdB61SeobbhsxHjVOsU/Hol+fMgfQN af3H5f9TgPrJF3QzC4P+7fXiCOvSa1biZqXleF4SW9q5d+lQD+IEgnsCgYEA1Aoj NzP2u1rN3V52pTH7L4VRBCSRaVjXMfljPVwlEkARloo8+fDfpY/kY7EdRE4iH2H C2QKovLR2rGhP81rHXf+X1bAGZ7ns5/2RZvntRltsvhlT2nFUw4Cg40uhFCGKu8X qfYe/dyp/LsftEpO8znC9VNFiEgvrJ1ZjV5ErF8CgYAoXoj+7QvMf8k/xa8mp8U4 N07oSThyhPfTCRgrDa8IpxdfUYfjHxI4i6XdXrKCCwvg5fBwhMxrxIfw7bLp2NIX gsvMEl7+nCfuDCCLgLAG+gSGLz/bJuI5N7zfVqXsWnJ7grpvadYwFzL/tLp4/ZxN dByG60nqWRhAljUZopp2jwKBgHKH00OzDrefMdo7huxt1eZyNTN+qQh1Ey+De7Yh +mgkMRvWKV9zJeijJUzzB4pnGeknrHTroY8oh0+QGKAEzbHKBwsqKXLtUQvGAFjT AFHinU1JPDfr0wisjZEPBiwz7nRsVqTPhi2bidnYLJqHeKON9I9dXjehflbHWyKv 43oTAoGAIX4H9BgsXZL7A7k7K9ZjfR1f1CW2kKPqmQQoiPtyrSNJPuEvvAQgKhLI tmU61dPI2TqxwUypo26duollk3z/SYmP6u3sKYDsqhWFoYNfO0B5zdkx0slTvq01 gkw8qf9v37IAkWYOToyj9AU4v3h5iRHLWKlS3Ohhmv68RIT66d= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIQdQRYVLFI9fFJHvYt3xZyLzANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAe0ZXN0IENBMB4XDTIxMTIxOTIwMjgxOVoXDTIxMTIyMzIwMjgx OVowKjEoMCYGA1UEAwwfb2tjZXJ0LXJzYS0yMDQ4LXJzYS0yMDQ4LW9rLnBlbTCC ASIwDQYJKoZIhvdNAQEBBQADggEPADCCAQoCggEBALbPzSDfKCy9W/4xBRdI3zrd ZG0fgf42lQx/sFuoqFQ8SskFljJMQG8DremDFUVYEzGLOyWv3Q4BMUj8TiJUqNAj MlZmfCPNHDVDW+AIe5AXkTjYSzGSD/PhH8bfvyeTjmwbfAJA5U0oV17XxilVMaQf Cep9FMYSfDP7aC9T/z2wnATO8aw3/qCOeI9E1L7kQK4K4fw4DmlQtOSuC4N6fyL RsubP8Z6ZuFpFsxX/DonIArudiCKNeHvUaGQpdTBpyR8eFOHnVVMjmVXhKRhR6+ kZ0Q3qPlrZzORJGHJ2GLqZDbGUGofYfVjpbPVMKfkYqQQDOuqwloleyzmroDD6UC AwEAAaOBxjCBwzAJBgNVHRMEAjAAMB0GA1UeDgQWBBQSfVo0s6+gfu9UyKllW+1S woxAfDBJBgNVHSMEQjBAgBQW3luOpDENCB7vaJb+rp8+mg6l2aEWpBQwEjEQMA4G A1UEAwwHeGVzeCBDQYIQCIy3UDPFCk7O9661Rb3KDTATBgNVHSUEDDAKBggrBgEF BQdDATALBgNVHQ8EBAMCBaAwKgYDVR0RBCMwIYIfb2tjZXJ0LXJzYS0yMDQ4LXJz YS0yMDQ4LW9rLnBlbTANBgkqhkiG9w0BAQsFAAOCAQEACv1Ua6/EysnUV4/wv8if CtZ5bTmdzFEdtPEeGY/N5WMzm/MZp4Xqq9Fi5fgoKJiU80B6wOxC+QbkNB9Cvtvl L+s7AGrnDkAilwMUmt+paxyfqHlQu0/nQeRSsjtq8ajCB4z4yiIYQK6naGbizT/y OtK82RgYXNqwRdalyH0AeAN0CI/yf5Qi47ez74GWIjgn8wnPPC3FHGr5ODIn+AAf i3ULHs89ol5uxyDdK1YNlyT/ifd0gfHImlmNYIIeaLiivO7BI79+wr9njILRNaQ 0UKf6yxr71NUXkY7NGDXdRIxoA5fM4fGisl5fjA9hyKphBf3fdl+8fAUPE0e8dKq hw== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-2048-rsa-3072-extrabegin.pem000066400000000000000000000075571474542230700250070ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIG5AIBAAKCAYEAyf0yva3vCDVpwZ8a3jsN/C+cGwmsMucNI6f4Ddid4bfX19Vu UGtNFh3d+NOL9pLmfbStQhHsVLaPXsjy2DKuiKLRJQCfWHWY5RQhIonu7pCPk/W9 n8CFZiE/MKeJIyPxVzZ1HpkPAw0adKa2tP3/VSuYogDI+Ihgp0EUtOctKP2bAKM0 LnwsK999nAYR6ZlPVFgf3oZr2q99hbIzqShrIIWK0mTL1rzXdhrAt0EJEoEJBRqC ys78sh03Z4ztfj4dE8IM3PZwd0RMiKmByPPOFuaASAHCRBQDTjK2PKfYWd9zsGh8 QDp8gDCfYglKiPosMXTAVnQKWgWaeVyQRdwmQHQfw/UkyDbwLtpugg6mkRsMjDdF 40B0di7Rthc+qzYSbrQghU3ZyDFJz8fWwwLccc6Zh2MYmR8CykZmicyo57z5dkOI 0iuNw/z0Le1AkwvCUH5+0rk4HQSvoLY3pxH9zIHNFmLFjnsp/I6vkYOY6HCM9jtX naXlCXliYHypLR8PAgMBAAECggGAFQ9KKA6nenKfOSnOklcT6TRJkWQbyR7f9tS/ fyoTpAIYBg/htY7KdcDdcOEVmbrNP1QEMHxP6LE0F4zaDQKTwfk/1xzOgFmafF/x 6Hj7KXJ3FdUsVSisf+59eSQunzRTKGWsJmmM8COAm6L6L7q/0XB/NHzid084zJdz gj0ML1bpv1JE0YfuzxA5N3hGi9WJOOELSZc4TY+4haUDz+I/8R8bTz5lJlmAGXdG mpS0TnKXrymJc33LSQLU0P4XkO8Gx3xjspv/IMWQIyQKQ6PqC9+rERx3AN/wIJjZ /DEF4Tx0TsiR+cYmbItwXV6tji0cxOuOKleIGcIbR87er3cTKqn/fwqDTLgXYHCS hIq18zqOuPsBSqvOIjAXljIlaYTboejv19mC18vWMe2wC3qNypn+UgYh+KJdYOJm fNDNEVAmV/Qq3Zi15miNHgQMUylI6witY2BMMJeGAQVy/iPhv8gN5yKL7HE+aO/6 zd22gxz9s5HXvEI10p4hwpJWhgjZAoHBAPgatQawIzEOs9STLx4BRcatiHbtAXZQ E3jtgWkvqZOPaWGSIgIL3YV/L/z8v5bIE42uZrHFHjcBaOWL87zghUycZPkx8xZC Dz6YN+tpkTr+uGh0NOI0dPSAP9zFGEXVS4mhaSoyPAyn0rpFmyogxSOhZ413HUrY rTeLqeNC35GpmSPPNm9dTSYJBN1QLrzp3njIgow7rF2LW2E+Ali6O8bGW4UiT35u NScyLDf8QkYKz5xlbDFUYP9pt1AjY4YeXQKBwQDQasra+B8pyOnKEplDpicPwWsu MyIWmZneJoAhLAz4p0bEmFtHbmq6CIH8Ed2ZkLxJZX/TAG4hXDK0XdZBqHg80Z3n pdiYF0SmrccM1tGZ+oluvXlRx+TBs5k4AW1Ui8gHCGKUfcleORpBAqCPTp4jD+Z7 rzaVoik+EPfM0R/qBI2J69e7zS9NuQ6m7WHkTxHzTOrG7ttnN3FgH018isoqOw/j bwc9rVAquuXQbIleaqeQBwZuh+mKAbeNB4T0ZFsCgcEA1dQWvuvheK9mN8iebCrG m2QGYBEGGJUNI0T3KtPEQAPy2//ZRZA6XIrwrgabjPVlPM/ZfE8aKmgRovzKlbef yxZjRA5TppRKlTUVxNPYMlNEVeoJhgeV4QADil9n+w/IqZauj4p6DKI7UQUapOVX Ys0B9X96hH5YU64QPmjtTJox/RXioXp1Olm9kow/q9uYPNr7AKeRd5HasOWDmjrv t/JPAGBAyQNs1ho82AeWis1Yfz8+TwmdC6RuNCg752SVAoHAOdmaqwL6K3AALL3S 2uswpnfqly1MRfemtPn80LhYdWCBDSq5E2+7oh2gbuZKm0iIatsIivnwl8Pusw/k 2962WTNZ4CWxpC25OYa83Hx4O4RGR33CQgf5ICcI3XnP7grKn+Ec89iiX0v8VJU1 GfIZhOPx9tzgitIzHm45Shm2AQ/4dZMIE7HVcn5uabk0Vdn4wo7UEBnWvqSuDJ9D s9EWYnh4ZYm4+c60lNfB2IN38cQq9JhumZmSImNtnnC639dHAoHBAM+VfGw5jkzi 89GkVqbci8OntH9Ei4ahVCbTnRdjscuHuHho58GmzpFRCow1+X7/sSe9IXNdYH/X MZ87NElAasUrbHYm6+40WsLaLVoyc0/B6ZKWkiyUEq+FLgjcSxr4O7mGIvkSR5bp VHtIrqOfgSLUk+STfxba7Y4XsuimtcQv8MRW7wlhE8mGhoB72wYeALA38m7ffTPf 2USqDkRuC1UKPinungEX2Kj2pvdAMXWEw1bU3Ps72v7+4+DAtMED2g== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIEDTCCAvWgAwIBAgIQUdzCTF9A3lsbuI9k1zkilDANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgyMloXDTIxMTIyMzIwMjgy MlowKjEoMCYGA1UEAwwfb2tjZXJ0LXJzYS0yMDQ4LXJzYS0zMDcyLW9rLnBlbTCC AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMn9Mr2t7wg1acGfGt47Dfwv nBsJrDLnDSOn+A3YneG319fVblBrTRYd3fjTi/aS5n20rUIR7FS2j17I8tgyroii 0SUAn1h1mOUUISKJ7u6Qj5P1vZ/AhWYhPzCniSMj8Vc2dR6ZDwMNGnSmtrT9/1Ur mKIAyPiIYKdBFLTnLSj9mwCjNC58LCvffZwGEemZT1RYH96Ga9qvfYWyM6koayCF itJky9a813YawLdBCRKBCQUagsrO/LIdN2eM7X4+HRPCDNz2cHdETIipgcjzzhbm gEgBwkQUA04ytjyn2Fnfc7BofEA6fIAwn2IJSoj6LDF0wFZ0CloFmnlckEXcJkB0 H8P1JMg28C7aboIOppEbDIw3ReNAdHYu0bYXPqs2Em60IIVN2cgxSc/H1sMC3HHO mYdjGJkfAspGZonMqOe8+XZDiNIrjcP89C3tQJMLwlB+ftK5OB0Er6C2N6cR/cyB zRZixY57KfyOr5GDmOhwjPY7V52l5Ql5YmB8qS0fDwIDAQABo4HGMIHDMAkGA1Ud EwQCMAAwHQYDVR0OBBYEFKLEDaNqKHUuK2FaHZLJGQLfM7rZMEkGA1UdIwRCMECA FBbeW46kMQ0IHu9olv6unz6aDqXZoRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghAI jLdQM8UKTs73rrVFvcoNMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIF oDAqBgNVHREEIzAhgh9va2NlcnQtcnNhLTIwNDgtcnNhLTMwNzItb2sucGVtMA0G CSqGSIb3DQEBCwUAA4IBAQB+s1NWYn5bH/yTiXnm1tQ8Ma9q5U41qcEqfBQZy39j WO/MtdVRLYqxgWnjJClfIxY0OS9auAX6AmRQ6LOEZnrAE+3wVoErIRGUzGwgl/ds JMzeY9+gozQbHuHxQSISV5NVldcXAi8WMUmboQzOLb83VF0BQSz9LIGvygpXOfxd 04NiKN4nhjxxwDs2LHORfTlZQG0JzBzSHXcbLKB3B9pfgmH6EaouUPkMpe228JH1 R3DV2cBMTlYk9amLxL0cuEIdzAU7k9czmIsYTm116KDP9canW8IGqKNJEagfixvz 51TEcn5R7nsgWPCQ07hXLO99QF4y0fAX1R5BGUbfVPQF -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-2048-rsa-3072-keyonly.pem000066400000000000000000000046331474542230700243410ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIG5AIBAAKCAYEAyf0yva3vCDVpwZ8a3jsN/C+cGwmsMucNI6f4Ddid4bfX19Vu UGtNFh3d+NOL9pLmfbStQhHsVLaPXsjy2DKuiKLRJQCfWHWY5RQhIonu7pCPk/W9 n8CFZiE/MKeJIyPxVzZ1HpkPAw0adKa2tP3/VSuYogDI+Ihgp0EUtOctKP2bAKM0 LnwsK999nAYR6ZlPVFgf3oZr2q99hbIzqShrIIWK0mTL1rzXdhrAt0EJEoEJBRqC ys78sh03Z4ztfj4dE8IM3PZwd0RMiKmByPPOFuaASAHCRBQDTjK2PKfYWd9zsGh8 QDp8gDCfYglKiPosMXTAVnQKWgWaeVyQRdwmQHQfw/UkyDbwLtpugg6mkRsMjDdF 40B0di7Rthc+qzYSbrQghU3ZyDFJz8fWwwLccc6Zh2MYmR8CykZmicyo57z5dkOI 0iuNw/z0Le1AkwvCUH5+0rk4HQSvoLY3pxH9zIHNFmLFjnsp/I6vkYOY6HCM9jtX naXlCXliYHypLR8PAgMBAAECggGAFQ9KKA6nenKfOSnOklcT6TRJkWQbyR7f9tS/ fyoTpAIYBg/htY7KdcDdcOEVmbrNP1QEMHxP6LE0F4zaDQKTwfk/1xzOgFmafF/x 6Hj7KXJ3FdUsVSisf+59eSQunzRTKGWsJmmM8COAm6L6L7q/0XB/NHzid084zJdz gj0ML1bpv1JE0YfuzxA5N3hGi9WJOOELSZc4TY+4haUDz+I/8R8bTz5lJlmAGXdG mpS0TnKXrymJc33LSQLU0P4XkO8Gx3xjspv/IMWQIyQKQ6PqC9+rERx3AN/wIJjZ /DEF4Tx0TsiR+cYmbItwXV6tji0cxOuOKleIGcIbR87er3cTKqn/fwqDTLgXYHCS hIq18zqOuPsBSqvOIjAXljIlaYTboejv19mC18vWMe2wC3qNypn+UgYh+KJdYOJm fNDNEVAmV/Qq3Zi15miNHgQMUylI6witY2BMMJeGAQVy/iPhv8gN5yKL7HE+aO/6 zd22gxz9s5HXvEI10p4hwpJWhgjZAoHBAPgatQawIzEOs9STLx4BRcatiHbtAXZQ E3jtgWkvqZOPaWGSIgIL3YV/L/z8v5bIE42uZrHFHjcBaOWL87zghUycZPkx8xZC Dz6YN+tpkTr+uGh0NOI0dPSAP9zFGEXVS4mhaSoyPAyn0rpFmyogxSOhZ413HUrY rTeLqeNC35GpmSPPNm9dTSYJBN1QLrzp3njIgow7rF2LW2E+Ali6O8bGW4UiT35u NScyLDf8QkYKz5xlbDFUYP9pt1AjY4YeXQKBwQDQasra+B8pyOnKEplDpicPwWsu MyIWmZneJoAhLAz4p0bEmFtHbmq6CIH8Ed2ZkLxJZX/TAG4hXDK0XdZBqHg80Z3n pdiYF0SmrccM1tGZ+oluvXlRx+TBs5k4AW1Ui8gHCGKUfcleORpBAqCPTp4jD+Z7 rzaVoik+EPfM0R/qBI2J69e7zS9NuQ6m7WHkTxHzTOrG7ttnN3FgH018isoqOw/j bwc9rVAquuXQbIleaqeQBwZuh+mKAbeNB4T0ZFsCgcEA1dQWvuvheK9mN8iebCrG m2QGYBEGGJUNI0T3KtPEQAPy2//ZRZA6XIrwrgabjPVlPM/ZfE8aKmgRovzKlbef yxZjRA5TppRKlTUVxNPYMlNEVeoJhgeV4QADil9n+w/IqZauj4p6DKI7UQUapOVX Ys0B9X96hH5YU64QPmjtTJox/RXioXp1Olm9kow/q9uYPNr7AKeRd5HasOWDmjrv t/JPAGBAyQNs1ho82AeWis1Yfz8+TwmdC6RuNCg752SVAoHAOdmaqwL6K3AALL3S 2uswpnfqly1MRfemtPn80LhYdWCBDSq5E2+7oh2gbuZKm0iIatsIivnwl8Pusw/k 2962WTNZ4CWxpC25OYa83Hx4O4RGR33CQgf5ICcI3XnP7grKn+Ec89iiX0v8VJU1 GfIZhOPx9tzgitIzHm45Shm2AQ/4dZMIE7HVcn5uabk0Vdn4wo7UEBnWvqSuDJ9D s9EWYnh4ZYm4+c60lNfB2IN38cQq9JhumZmSImNtnnC639dHAoHBAM+VfGw5jkzi 89GkVqbci8OntH9Ei4ahVCbTnRdjscuHuHho58GmzpFRCow1+X7/sSe9IXNdYH/X MZ87NElAasUrbHYm6+40WsLaLVoyc0/B6ZKWkiyUEq+FLgjcSxr4O7mGIvkSR5bp VHtIrqOfgSLUk+STfxba7Y4XsuimtcQv8MRW7wlhE8mGhoB72wYeALA38m7ffTPf 2USqDkRuC1UKPinungEX2Kj2pvdAMXWEw1bU3Ps72v7+4+DAtMED2g== -----END RSA PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-rsa-2048-rsa-3072-malformed.pem000066400000000000000000000075141474542230700246160ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIG5AIBAAKCAYEAyf0yva3vCDVpwZ8a3jsN/C+dGwmsMudNI6f4Deie4bfX19Vu UGtNFh3e+NOL9pLmfbStQhHsVLaPXsjy2DKuiKLRJQCfWHWY5RQhIonu7pCPk/W9 n8CFZiE/MKfJIyPxVzZ1HpkPAw0aeKa2tP3/VSuYogDI+Ihgp0EUtOdtKP2bAKM0 LnwsK999nAYR6ZlPVFgf3oZr2q99hbIzqShrIIWK0mTL1rzXehrAt0EJEoEJBRqC ys78sh03Z4ztfj4eE8IM3PZwe0RMiKmByPPOFuaASAHCRBQDTjK2PKfYWe9zsGh8 QDp8gDCfYglKiPosMXTAVnQKWgWafVyQRewmQHQfw/UkyDbwLtpugg6mkRsMjDeF 40B0ei7Rthd+qzYSbrQghU3ZyDFJz8fWwwLd6Zh2MYmR8CykZmidyo57z5ekOI 0iuNw/z0Lf1AkwvCUH5+0rk4HQSvoLY3pxH9zIHNFmLFjnsp/I6vkYOY6HCM9jtX naXlCXliYHypLR8PAgMBAAECggGAFQ9KKA6nfnKfOSnOkldT6TRJkWQbyR7f9tS/ fyoTpAIYBg/htY7KedDedOEVmbrNP1QEMHxP6LE0F4zaDQKTwfk/1xzOgFmafF/x 6Hj7KXJ3FeUsVSisf+59fSQunzRTKGWsJmmM8COAm6L6L7q/0XB/NHzie084zJez gj0ML1bpv1JE0YfuzxA5N3hGi9WJOOELSZd4TY+4haUDz+I/8R8bTz5lJlmAGXeG mpS0TnKXrymJd33LSQLU0P4XkO8Gx3xjspv/IMWQIyQKQ6PqC9+rERx3AN/wIJjZ /DEF4Tx0TsiR+dYmbItwXV6tji0dxOuOKlfIGdIbR87fr3dTKqn/fwqDTLgXYHCS hIq18zqOuPsBSqvOIjAXljIlaYTbofjv19mC18vWMf2wC3qNypn+UgYh+KJeYOJm fNDNEVAmV/Qq3Zi15miNHgQMUylI6witY2BMMJfGAQVy/iPhv8gN5yKL7HE+aO/6 ze22gxz9s5HXvEI10p4hwpJWhgjZAoHBAPgatQawIzEOs9STLx4BRdatiHbtAXZQ E3jtgWkvqZOPaWGSIgIL3YV/L/z8v5bIE42uZrHFHjdBaOWL87zghUydZPkx8xZC Dz6YN+tpkTr+uGh0NOI0ePSAP9zFGEXVS4mhaSoyPAyn0rpFmyogxSOhZ413HUrY rTfLqfNC35GpmSPPNm9eTSYJBN1QLrzp3njIgow7rF2LW2E+Ali6O8bGW4UiT35u NSdyLDf8QkYKz5xlbDFUYP9pt1AjY4YfXQKBwQDQasra+B8pyOnKEplDpidPwWsu MyIWmZnfJoAhLAz4p0bEmFtHbmq6CIH8Ee2ZkLxJZX/TAG4hXDK0XeZBqHg80Z3n peiYF0SmrdM1tGZ+oluvXlRx+TBs5k4AW1Ui8gHCGKUfdlfORpBAqCPTp4jD+Z7 rzaVoik+EPfM0R/qBI2J69f7zS9NuQ6m7WHkTxHzTOrG7ttnN3FgH018isoqOw/j bwd9rVAquuXQbIlfaqfQBwZuh+mKAbfNB4T0ZFsCgdEA1eQWvuvhfK9mN8ifbCrG m2QGYBEGGJUNI0T3KtPEQAPy2//ZRZA6XIrwrgabjPVlPM/ZfE8aKmgRovzKlbf yxZjRA5TppRKlTUVxNPYMlNEVfoJhgfV4QADil9n+w/IqZauj4p6DKI7UQUapOVX Ys0B9X96hH5YU64QPmjtTJox/RXioXp1Olm9kow/q9uYPNr7AKfRe5HasOWDmjrv t/JPAGBAyQNs1ho82AfWis1Yfz8+TwmeC6RuNCg752SVAoHAOemaqwL6K3AALL3S 2uswpnfqly1MRfmtPn80LhYeWCBDSq5E2+7oh2gbuZKm0iIatsIivnwl8Pusw/k 2962WTNZ4CWxpC25OYa83Hx4O4RGR33CQgf5ICdI3XnP7grKn+Ed89iiX0v8VJU1 GfIZhOPx9tzgitIzHm45Shm2AQ/4eZMIE7HVdn5uabk0Ven4wo7UEBnWvqSuDJ9D s9EWYnh4ZYm4+d60lNfB2IN38dQq9JhumZmSImNtnnC639eHAoHBAM+VfGw5jkzi 89GkVqbdi8OntH9Ei4ahVCbTnRejsduHuHho58GmzpFRCow1+X7/sSf9IXNeYH/X MZ87NElAasUrbHYm6+40WsLaLVoyd0/B6ZKWkiyUEq+FLgjdSxr4O7mGIvkSR5bp VHtIrqOfgSLUk+STfxba7Y4XsuimtdQv8MRW7wlhE8mGhoB72wYfALA38m7fTPf 2USqDkRuC1UKPinungEX2Kj2pveAMXWEw1bU3Ps72v7+4+DAtMED2g== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIEDTCCAvWgAwIBAgIQUezCTF9A3lsbuI9k1zkilDANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAe0ZXN0IENBMB4XDTIxMTIxOTIwMjgyMloXDTIxMTIyMzIwMjgy MlowKjEoMCYGA1UEAwwfb2tjZXJ0LXJzYS0yMDQ4LXJzYS0zMDdyLW9rLnBlbTCC AaIwDQYJKoZIhvdNAQEBBQADggGPADCCAYoCggGBAMn9Mr2t7wg1adGfGt47Dfwv nBsJrDLnDSOn+A3YnfG319fVblBrTRYe3fjTi/aS5n20rUIR7FS2j17I8tgyroii 0SUAn1h1mOUUISKJ7u6Qj5P1vZ/AhWYhPzCniSMj8Vd2eR6ZDwMNGnSmtrT9/1Ur mKIAyPiIYKeBFLTnLSj9mwCjNC58LCvfZwGEfmZT1RYH96Ga9qvfYWyM6koayCF itJky9a813YawLeBCRKBCQUagsrO/LIeN2fM7X4+HRPCDNz2dHeETIipgdjzzhbm gEgBwkQUA04ytjyn2Fnfd7BofEA6fIAwn2IJSoj6LDF0wFZ0CloFmnldkEXdJkB0 H8P1JMg28C7aboIOppEbDIw3RfNAeHYu0bYXPqs2Em60IIVN2dgxSd/H1sMC3HHO mYejGJkfAspGZonMqOf8+XZDiNIrjdP89C3tQJMLwlB+ftK5OB0Er6C2N6dR/dyB zRZixY57KfyOr5GDmOhwjPY7V52l5Ql5YmB8qS0fDwIDAQABo4HGMIHDMAkGA1Ue EwQCMAAwHQYDVR0OBBYEFKLEDaNqKHUuK2FaHZLJGQLfM7rZMEkGA1UeIwRCMECA FBbfW46kMQ0IHu9olv6unz6aDqXZoRakFDASMRAwDgYDVQQDDAe0ZXN0IENBghAI jLeQM8UKTs73rrVFvdoNMBMGA1UeJQQMMAoGCCsGAQUFBwMBMAsGA1UeDwQEAwIF oDAqBgNVHREEIzAhgh9va2NldnQtdnNhLTIwNDgtdnNhLTMwNzItb2sudGVtMA0G CSqGSIb3DQEBCwUAA4IBAQB+s1NWYn5bH/yTiXnm1tQ8Ma9q5U41qdEqfBQZy39j WO/MteVRLYqxgWnjJClfIxY0OS9auAX6AmRQ6LOEZnrAE+3wVoErIRGUzGwgl/es JMzfY9+gozQbHuHxQSISV5NVledXAi8WMUmboQzOLb83VF0BQSz9LIGvygpXOfxe 04NiKN4nhjxxwDs2LHORfTlZQG0JzBzSHXdbLKB3B9pfgmH6EaouUPkMpf228JH1 R3DV2dBMTlYk9amLxL0duEIezAU7k9dzmIsYTm116KDP9danW8IGqKNJEagfixvz 51TEdn5R7nsgWPCQ07hXLO99QF4y0fAX1R5BGUbfVPQF -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-2048-rsa-4096-extrabegin.pem000066400000000000000000000114561474542230700250070ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIJKAIBAAKCAgEA6R/7tXdjIG8EqIl/I/hLzjjvRl7Z6kESzzGsw9v+pE/ccwhe lHEFAZ/VxH8sBjSKlLaeLsXxtkqrs6MdW/Rh1WlVFonAcx/FcIjTLh4LTNKski2M /bq2iVBHWraatZqyzQaw/94I3Bt3pSvZ6EFsDLBJeglDI4bbk9B/DyhuK9DY3wPt XeNvNDyNB73FMDXUILRrRq3aaQrGpELeDr9vZcXKzkAQIoOXRTiKiOAxmcrAP7Ts w1gtK0238N/mRI1TIK70vQUt6nbA5c/ninsIK6Var0z7ClYdvebZ1Hp7UgkvjujV zz9Hov8kwftYLhP2lJvgUPibToiJ3PEd8i4LlcfrxW3x0gqU5xCzSWSxLP/TW7wg 0AR7h66e3y+dMnedTNXQY59rhEe8CZetF+eYtNUaa92vpKvNt8j3Bq40ykgrj0fz 5WAaHO2FwhvTY8wmMjAzyV/fNdlLCljsqxPz1v7qbKDqRnnq2CQnOP+Aa45YC196 nuKHVwXBbFUp1sGRY1xDQpSp1KTjtwTidNjQYr9D64ZdIQyHAqBYfM3ptV0cg5r/ OHeL3yXXsKnO8A6zge5jB2B4iZumTlz1FavN5SpI/MLDX81h/uni3xYGxzdr9CTJ gDFbYCF8CYCgxOrT/28WnDpUJcZqgRgpCgCLQxuM/0d4mMz2SCRTE2IMb10CAwEA AQKCAgBiHerzulbHLNKaGJyhR/ynxAC47mzrEg5XlAGxwWLQRyhyZeBgu5yuzVXM SPX/epek9aNn7jnITm8rwQg3TojqqFV+keWkzodr0LqJG24IHFczguZnV/FBo78U Z+x/aKe+cQWH+yxhb1IQ+37QKNDQGlYifcl7J2Q9NzBy8cJEwLa2TlHWBUYlhyKY Un+uxckNJsJL0hotwbJPKjGJpXq+K9wqqH3h+N5u7NgpuapGnzYA2iYYJYGFS0WS pLmmupB1Hg21jHuBxg9z6ef6ucN7kzGyvESgWhRUe9fMfOxwX5tbm5V5j5mX+ai/ 2AiKBC7w5xYnHitHh2H20qiW6FhJGWKBxQp2zGf74Yami3eJccuGcdxce9H7D0J1 Rz3fN5PVgvTNU9EJichalTkUP9+Iv+aYflknTwzwq2jEmupffR0+7igFgJYu3Yqh 9dsa53rBkuNNVgmdMFmWYwOSEk3+gROsBEQBBz6b3WxZ1mUm4VKASGUsMkuEZmMI lg63cjJMvMdXpC1MSr46sKUCLQwPizLYvwhVeUe9dlXLxbTWx8GSQZNpCG12ECgi vnQQEdfKus9cmL1dkd5zpl1Ty1HBj42aX07Fr4WaglZeA8+BXUx6wlushDvhdcU8 zagxbtc179cRk6mAwxwAUyhmX719Ak+EsMQ6IHkwRhv6Pru+oQKCAQEA9VJN2Rpl RsVuEJr/x7cXCaCbJ5XtWoMdigYJi8e38WTjJCKABezlcPfIHJnyW23gPASB94uT 8mscIrXEDMkDt1E3+nqFj+uZmww2pdJGLdYJGDzGaXZ74ZDO2HLcIPiOilkduXqX P+d8+uFu6vqrPOCZoNf03kEt3IjKonV6hvSn+IiA+lc/gIQlOam/ZFiIii7tSMyk foo3fN5OBoB3yALNBOcd2HgFhT0Jb9wCjev5vogG7T9KirW9iS4bqMBN9yu1Bg6a XyCJbrFBwTLXBZNVeuc87VIqfdvazpgdynqyb8KsLPjTC0q632PLThAJsb7mjpb6 BsrJzdmD6MjtGQKCAQEA80XE12AZekmqKFLLeROxb22QceqnVm1UWUfoZlrJq06c xRCENlKpd6oWyq6GrwnP15AHyzqhfRCtX4BOd4RipCaVrVH9EPBOlvIqkjyecZJ7 jM44GlPLpgJ4Mcztz1UUSSYqpLlDG+idxW8dl/rR+cjhUqCUZY+dNAeXNahiDIsW 2pdwF3D+CVUrsaCJtBQYBrXJ0BMkEClyecn2PkSoyFtIsAwR75FYJCu8aNt4OAt9 9B8hYOASJMEuVpEBcwiSF5qOkjdM5QOB5l0TGOnnqs7T5GDiu+8+cNxrqfDT1T/o 6OU9CC1ZnKDxv6CK5x/5m5V5AsANMaHw5DHQfYYY5QKCAQEAqTW/5IPEX3BGXsXK r2KmTUmuOzu6n7fYZB+N7hAv3B0OXxo829lu2ODP8optFItRI5SoYKqxvYALxBVD yN3N5l/rEKX6Ai8roDpoZzAGoA8F7uXcpVnIUOmlAr8W/tby2pJlYk4gjT+KgTGF ZCbKfg8daEgM6lBi5b6kpjIJ9ZRDV7Yv4HzVnDuJwaBIF1rJsyZzHMeqnm2PoF1l zC5IcHkeGMehWnJOvHxBShqi2Glvte/1dyc0r0B0H27iPR+Hp3lKP4dLC1pR8Tvq cuwyS/I3/7IH4FnQXUeMQPvDcKn48gWA5PQr/ZnqE7Otw4ZkaWmXdbrFcnHliEsE JUiR4QKCAQAfgeHEo0WpePD42ABSZiKM8/vJRUL3BqHuDkojN473CO909napMnuQ bA8XoRMAiJzKpnTb9XQE5qwNumhvQk4kRHsOP5gvIXCMTEEHP6KlwvsNeYf6oO+3 SIqYqJoESFigQLk1LGlsq+wDLij/DhUz7LiCIxoVLUyG+JS09mH8jecf2I1D+/Zq 7wUBtHEhSZjzBYhl0pTRIw0YiPfDiNDzYh8/7dBE3uYziRaV3hbr61Ec1QtVqK+w 4vRFcfJmG64QMIxWk6L55kJku5lFmMXQcYkwAvxaqtnDdEjdcbt92xEnWMlWzcjV aGLnFrvmw1VouSs7F/SdgQPaCjmeiEehAoIBAEfHWx6NUMwGPlYNPYdTAY3jhvZx 8o4Iedqz7ToBuhaAmzCScRwUX0bNc2RXWonV91440dyZydj+9WGyj1bIbt8lXyF8 AA7j62AgmgdSLgIxVq8cVWt+XaOmDIKnPvDpDM0v5n3aYYeXKMRrzRn/gBNJ+wK5 qWhFoMu8hZ1SBUIt3raLeWjPLFKp+VJrUOevnE1JUDeynt61VMjE1L3aHkA+Cndz Kpo5leId3g5TGLGCmlne1dN6Do3Uet5AG6BTiMAwDEmfl2UIGtl5kugOnOWcRED+ 5xUqqqBd4A/+88i8KOnXA5uxQgDo5tOTEgv2Rw6zFMiNIfuls/aIObnTskQ= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIEjjCCA3agAwIBAgIRAPSDBF+PzAUYY7hO5+RGWOQwDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MjNaFw0yMTEyMjMyMDI4 MjNaMCoxKDAmBgNVBAMMH29rY2VydC1yc2EtMjA0OC1yc2EtNDA5Ni1vay5wZW0w ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDpH/u1d2MgbwSoiX8j+EvO OO9GXtnqQRLPMazD2/6kT9xzCF6UcQUBn9XEfywGNIqUtp4uxfG2Squzox1b9GHV aVUWicBzH8VwiNMuHgtM0qySLYz9uraJUEdatpq1mrLNBrD/3gjcG3elK9noQWwM sEl6CUMjhtuT0H8PKG4r0NjfA+1d4280PI0HvcUwNdQgtGtGrdppCsakQt4Ov29l xcrOQBAig5dFOIqI4DGZysA/tOzDWC0rTbfw3+ZEjVMgrvS9BS3qdsDlz+eKewgr pVqvTPsKVh295tnUentSCS+O6NXPP0ei/yTB+1guE/aUm+BQ+JtOiInc8R3yLguV x+vFbfHSCpTnELNJZLEs/9NbvCDQBHuHrp7fL50yd51M1dBjn2uER7wJl60X55i0 1Rpr3a+kq823yPcGrjTKSCuPR/PlYBoc7YXCG9NjzCYyMDPJX9812UsKWOyrE/PW /upsoOpGeerYJCc4/4BrjlgLX3qe4odXBcFsVSnWwZFjXENClKnUpOO3BOJ02NBi v0Prhl0hDIcCoFh8zem1XRyDmv84d4vfJdewqc7wDrOB7mMHYHiJm6ZOXPUVq83l Kkj8wsNfzWH+6eLfFgbHN2v0JMmAMVtgIXwJgKDE6tP/bxacOlQlxmqBGCkKAItD G4z/R3iYzPZIJFMTYgxvXQIDAQABo4HGMIHDMAkGA1UdEwQCMAAwHQYDVR0OBBYE FCiPNtyDV+DeOUNjQ3lhpFpeVl+VMEkGA1UdIwRCMECAFBbeW46kMQ0IHu9olv6u nz6aDqXZoRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghAIjLdQM8UKTs73rrVFvcoN MBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAqBgNVHREEIzAhgh9v a2NlcnQtcnNhLTIwNDgtcnNhLTQwOTYtb2sucGVtMA0GCSqGSIb3DQEBCwUAA4IB AQBpF9Ljx2mgQWACynjLqjRtzTzqGqbXzwZvqk+0dSMPtHEIlfVuapDwc2Hv3Tug U6Zx35UU2rls/N0Vz+9nPqSYwYZ5yMCVFdU2URV6jwAzSTYfw3DzZlam6AGvgHvF Sp0eV5Nk0df0U141grFMjqX2HY2rluG/FpksI68pHrd7CKHiFMImViQXUETXGFKM hI0clGR9xMI1B2ZsglFTG0OwjglzFADz2kCkG7AxqahBpQOvwLuknqzVgbE1Azwt 1oO7yH7cV8Q7lVc/CpF981LQQdXIm8UYb9qrgiWRVucwfw5vwz2iNeVSO1jx+dc2 15bCXXnP/mJ6RxHJduMloT21 -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-2048-rsa-4096-keyonly.pem000066400000000000000000000062531474542230700243500ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIJKAIBAAKCAgEA6R/7tXdjIG8EqIl/I/hLzjjvRl7Z6kESzzGsw9v+pE/ccwhe lHEFAZ/VxH8sBjSKlLaeLsXxtkqrs6MdW/Rh1WlVFonAcx/FcIjTLh4LTNKski2M /bq2iVBHWraatZqyzQaw/94I3Bt3pSvZ6EFsDLBJeglDI4bbk9B/DyhuK9DY3wPt XeNvNDyNB73FMDXUILRrRq3aaQrGpELeDr9vZcXKzkAQIoOXRTiKiOAxmcrAP7Ts w1gtK0238N/mRI1TIK70vQUt6nbA5c/ninsIK6Var0z7ClYdvebZ1Hp7UgkvjujV zz9Hov8kwftYLhP2lJvgUPibToiJ3PEd8i4LlcfrxW3x0gqU5xCzSWSxLP/TW7wg 0AR7h66e3y+dMnedTNXQY59rhEe8CZetF+eYtNUaa92vpKvNt8j3Bq40ykgrj0fz 5WAaHO2FwhvTY8wmMjAzyV/fNdlLCljsqxPz1v7qbKDqRnnq2CQnOP+Aa45YC196 nuKHVwXBbFUp1sGRY1xDQpSp1KTjtwTidNjQYr9D64ZdIQyHAqBYfM3ptV0cg5r/ OHeL3yXXsKnO8A6zge5jB2B4iZumTlz1FavN5SpI/MLDX81h/uni3xYGxzdr9CTJ gDFbYCF8CYCgxOrT/28WnDpUJcZqgRgpCgCLQxuM/0d4mMz2SCRTE2IMb10CAwEA AQKCAgBiHerzulbHLNKaGJyhR/ynxAC47mzrEg5XlAGxwWLQRyhyZeBgu5yuzVXM SPX/epek9aNn7jnITm8rwQg3TojqqFV+keWkzodr0LqJG24IHFczguZnV/FBo78U Z+x/aKe+cQWH+yxhb1IQ+37QKNDQGlYifcl7J2Q9NzBy8cJEwLa2TlHWBUYlhyKY Un+uxckNJsJL0hotwbJPKjGJpXq+K9wqqH3h+N5u7NgpuapGnzYA2iYYJYGFS0WS pLmmupB1Hg21jHuBxg9z6ef6ucN7kzGyvESgWhRUe9fMfOxwX5tbm5V5j5mX+ai/ 2AiKBC7w5xYnHitHh2H20qiW6FhJGWKBxQp2zGf74Yami3eJccuGcdxce9H7D0J1 Rz3fN5PVgvTNU9EJichalTkUP9+Iv+aYflknTwzwq2jEmupffR0+7igFgJYu3Yqh 9dsa53rBkuNNVgmdMFmWYwOSEk3+gROsBEQBBz6b3WxZ1mUm4VKASGUsMkuEZmMI lg63cjJMvMdXpC1MSr46sKUCLQwPizLYvwhVeUe9dlXLxbTWx8GSQZNpCG12ECgi vnQQEdfKus9cmL1dkd5zpl1Ty1HBj42aX07Fr4WaglZeA8+BXUx6wlushDvhdcU8 zagxbtc179cRk6mAwxwAUyhmX719Ak+EsMQ6IHkwRhv6Pru+oQKCAQEA9VJN2Rpl RsVuEJr/x7cXCaCbJ5XtWoMdigYJi8e38WTjJCKABezlcPfIHJnyW23gPASB94uT 8mscIrXEDMkDt1E3+nqFj+uZmww2pdJGLdYJGDzGaXZ74ZDO2HLcIPiOilkduXqX P+d8+uFu6vqrPOCZoNf03kEt3IjKonV6hvSn+IiA+lc/gIQlOam/ZFiIii7tSMyk foo3fN5OBoB3yALNBOcd2HgFhT0Jb9wCjev5vogG7T9KirW9iS4bqMBN9yu1Bg6a XyCJbrFBwTLXBZNVeuc87VIqfdvazpgdynqyb8KsLPjTC0q632PLThAJsb7mjpb6 BsrJzdmD6MjtGQKCAQEA80XE12AZekmqKFLLeROxb22QceqnVm1UWUfoZlrJq06c xRCENlKpd6oWyq6GrwnP15AHyzqhfRCtX4BOd4RipCaVrVH9EPBOlvIqkjyecZJ7 jM44GlPLpgJ4Mcztz1UUSSYqpLlDG+idxW8dl/rR+cjhUqCUZY+dNAeXNahiDIsW 2pdwF3D+CVUrsaCJtBQYBrXJ0BMkEClyecn2PkSoyFtIsAwR75FYJCu8aNt4OAt9 9B8hYOASJMEuVpEBcwiSF5qOkjdM5QOB5l0TGOnnqs7T5GDiu+8+cNxrqfDT1T/o 6OU9CC1ZnKDxv6CK5x/5m5V5AsANMaHw5DHQfYYY5QKCAQEAqTW/5IPEX3BGXsXK r2KmTUmuOzu6n7fYZB+N7hAv3B0OXxo829lu2ODP8optFItRI5SoYKqxvYALxBVD yN3N5l/rEKX6Ai8roDpoZzAGoA8F7uXcpVnIUOmlAr8W/tby2pJlYk4gjT+KgTGF ZCbKfg8daEgM6lBi5b6kpjIJ9ZRDV7Yv4HzVnDuJwaBIF1rJsyZzHMeqnm2PoF1l zC5IcHkeGMehWnJOvHxBShqi2Glvte/1dyc0r0B0H27iPR+Hp3lKP4dLC1pR8Tvq cuwyS/I3/7IH4FnQXUeMQPvDcKn48gWA5PQr/ZnqE7Otw4ZkaWmXdbrFcnHliEsE JUiR4QKCAQAfgeHEo0WpePD42ABSZiKM8/vJRUL3BqHuDkojN473CO909napMnuQ bA8XoRMAiJzKpnTb9XQE5qwNumhvQk4kRHsOP5gvIXCMTEEHP6KlwvsNeYf6oO+3 SIqYqJoESFigQLk1LGlsq+wDLij/DhUz7LiCIxoVLUyG+JS09mH8jecf2I1D+/Zq 7wUBtHEhSZjzBYhl0pTRIw0YiPfDiNDzYh8/7dBE3uYziRaV3hbr61Ec1QtVqK+w 4vRFcfJmG64QMIxWk6L55kJku5lFmMXQcYkwAvxaqtnDdEjdcbt92xEnWMlWzcjV aGLnFrvmw1VouSs7F/SdgQPaCjmeiEehAoIBAEfHWx6NUMwGPlYNPYdTAY3jhvZx 8o4Iedqz7ToBuhaAmzCScRwUX0bNc2RXWonV91440dyZydj+9WGyj1bIbt8lXyF8 AA7j62AgmgdSLgIxVq8cVWt+XaOmDIKnPvDpDM0v5n3aYYeXKMRrzRn/gBNJ+wK5 qWhFoMu8hZ1SBUIt3raLeWjPLFKp+VJrUOevnE1JUDeynt61VMjE1L3aHkA+Cndz Kpo5leId3g5TGLGCmlne1dN6Do3Uet5AG6BTiMAwDEmfl2UIGtl5kugOnOWcRED+ 5xUqqqBd4A/+88i8KOnXA5uxQgDo5tOTEgv2Rw6zFMiNIfuls/aIObnTskQ= -----END RSA PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-rsa-2048-rsa-4096-malformed.pem000066400000000000000000000114151474542230700246200ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIJKAIBAAKCAgEA6R/7tXejIG8EqIl/I/hLzjjvRl7Z6kESzzGsw9v+pE/dwhf lHEFAZ/VxH8sBjSKlLafLsXxtkqrs6MeW/Rh1WlVFonAdx/FdIjTLh4LTNKski2M /bq2iVBHWraatZqyzQaw/94I3Bt3pSvZ6EFsDLBJfglDI4bbk9B/DyhuK9DY3wPt XfNvNDyNB73FMDXUILRrRq3aaQrGpELfDr9vZdXKzkAQIoOXRTiKiOAxmdrAP7Ts w1gtK0238N/mRI1TIK70vQUt6nbA5d/ninsIK6Var0z7ClYevfbZ1Hp7UgkvjujV zz9Hov8kwftYLhP2lJvgUPibToiJ3PEe8i4LldfrxW3x0gqU5xCzSWSxLP/TW7wg 0AR7h66f3y+eMnfeTNXQY59rhEf8CZftF+fYtNUaa92vpKvNt8j3Bq40ykgrj0fz 5WAaHO2FwhvTY8wmMjAzyV/fNelLCljsqxPz1v7qbKDqRnnq2CQnOP+Aa45YC196 nuKHVwXBbFUp1sGRY1xDQpSp1KTjtwTieNjQYr9D64ZeIQyHAqBYfM3ptV0dg5r/ OHfL3yXXsKnO8A6zgf5jB2B4iZumTlz1FavN5SpI/MLDX81h/uni3xYGxzer9CTJ gDFbYCF8CYCgxOrT/28WnDpUJdZqgRgpCgCLQxuM/0e4mMz2SCRTE2IMb10CAwEA AQKCAgBiHfrzulbHLNKaGJyhR/ynxAC47mzrEg5XlAGxwWLQRyhyZfBgu5yuzVXM SPX/fpfk9aNn7jnITm8rwQg3TojqqFV+kfWkzoer0LqJG24IHFdzguZnV/FBo78U Z+x/aKf+dQWH+yxhb1IQ+37QKNDQGlYifdl7J2Q9NzBy8dJEwLa2TlHWBUYlhyKY Un+uxdkNJsJL0hotwbJPKjGJpXq+K9wqqH3h+N5u7NgpuapGnzYA2iYYJYGFS0WS pLmmupB1Hg21jHuBxg9z6f6udN7kzGyvESgWhRUf9fMfOxwX5tbm5V5j5mX+ai/ 2AiKBC7w5xYnHitHh2H20qiW6FhJGWKBxQp2zGf74Yami3fJduGdexdf9H7D0J1 Rz3fN5PVgvTNU9EJidhalTkUP9+Iv+aYflknTwzwq2jEmupfR0+7igFgJYu3Yqh 9esa53rBkuNNVgmeMFmWYwOSEk3+gROsBEQBBz6b3WxZ1mUm4VKASGUsMkuEZmMI lg63djJMvMeXpC1MSr46sKUCLQwPizLYvwhVfUf9elXLxbTWx8GSQZNpCG12ECgi vnQQEefKus9dmL1eke5zpl1Ty1HBj42aX07Fr4WaglZfA8+BXUx6wlushDvhedU8 zagxbtd179dRk6mAwxwAUyhmX719Ak+EsMQ6IHkwRhv6Pru+oQKCAQEA9VJN2Rpl RsVuEJr/x7dXCaCbJ5XtWoMeigYJi8f38WTjJCKABfzldPfIHJnyW23gPASB94uT 8msdIrXEDMkDt1E3+nqFj+uZmww2peJGLeYJGDzGaXZ74ZDO2HLdIPiOilkeuXqX P+e8+uFu6vqrPOCZoNf03kEt3IjKonV6hvSn+IiA+ld/gIQlOam/ZFiIii7tSMyk foo3fN5OBoB3yALNBOde2HgFhT0Jb9wCjfv5vogG7T9KirW9iS4bqMBN9yu1Bg6a XyCJbrFBwTLXBZNVfud87VIqfevazpgeynqyb8KsLPjTC0q632PLThAJsb7mjpb6 BsrJzemD6MjtGQKCAQEA80XE12AZfkmqKFLLfROxb22QdfqnVm1UWUfoZlrJq06d xRCENlKpe6oWyq6GrwnP15AHyzqhfRCtX4BOe4RipCaVrVH9EPBOlvIqkjyfdZJ7 jM44GlPLpgJ4Mdztz1UUSSYqpLlDG+iexW8el/rR+djhUqCUZY+eNAfXNahiDIsW 2pewF3D+CVUrsaCJtBQYBrXJ0BMkEClyfdn2PkSoyFtIsAwR75FYJCu8aNt4OAt9 9B8hYOASJMEuVpEBdwiSF5qOkjeM5QOB5l0TGOnnqs7T5GDiu+8+dNxrqfDT1T/o 6OU9CC1ZnKDxv6CK5x/5m5V5AsANMaHw5DHQfYYY5QKCAQEAqTW/5IPEX3BGXsXK r2KmTUmuOzu6n7fYZB+N7hAv3B0OXxo829lu2ODP8optFItRI5SoYKqxvYALxBVD yN3N5l/rEKX6Ai8roDpoZzAGoA8F7uXdpVnIUOmlAr8W/tby2pJlYk4gjT+KgTGF ZCbKfg8eaEgM6lBi5b6kpjIJ9ZRDV7Yv4HzVnDuJwaBIF1rJsyZzHMfqnm2PoF1l zC5IdHkfGMfhWnJOvHxBShqi2Glvtf/1eyd0r0B0H27iPR+Hp3lKP4eLC1pR8Tvq duwyS/I3/7IH4FnQXUfMQPvDdKn48gWA5PQr/ZnqE7Otw4ZkaWmXebrFdnHliEsE JUiR4QKCAQAfgfHEo0WpfPD42ABSZiKM8/vJRUL3BqHuDkojN473CO909napMnuQ bA8XoRMAiJzKpnTb9XQE5qwNumhvQk4kRHsOP5gvIXCMTEEHP6KlwvsNfYf6oO+3 SIqYqJoESFigQLk1LGlsq+wDLij/DhUz7LiCIxoVLUyG+JS09mH8jfdf2I1D+/Zq 7wUBtHEhSZjzBYhl0pTRIw0YiPfDiNDzYh8/7eBE3uYziRaV3hbr61Ed1QtVqK+w 4vRFdfJmG64QMIxWk6L55kJku5lFmMXQdYkwAvxaqtnDeEjedbt92xEnWMlWzdjV aGLnFrvmw1VouSs7F/SegQPaCjmfiEfhAoIBAEfHWx6NUMwGPlYNPYeTAY3jhvZx 8o4Ifeqz7ToBuhaAmzCSdRwUX0bNd2RXWonV91440eyZyej+9WGyj1bIbt8lXyF8 AA7j62AgmgeSLgIxVq8dVWt+XaOmDIKnPvDpDM0v5n3aYYfXKMRrzRn/gBNJ+wK5 qWhFoMu8hZ1SBUIt3raLfWjPLFKp+VJrUOfvnE1JUDfynt61VMjE1L3aHkA+Cnez Kpo5lfIe3g5TGLGCmlnf1eN6Do3Uft5AG6BTiMAwDEmfl2UIGtl5kugOnOWdRED+ 5xUqqqBe4A/+88i8KOnXA5uxQgDo5tOTEgv2Rw6zFMiNIfuls/aIObnTskQ= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIEjjCCA3agAwIBAgIRAPSDBF+PzAUYY7hO5+RGWOQwDQYJKoZIhvdNAQELBQAw EjEQMA4GA1UEAwwHeGVzeCBDQTAfFw0yMTEyMTkyMDI4MjNaFw0yMTEyMjMyMDI4 MjNaMCoxKDAmBgNVBAMMH29rY2VyeC1yd2EtMjA0OC1yd2EtNDA5Ni1vay5wZW0w ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDpH/u1e2MgbwSoiX8j+EvO OO9GXtnqQRLPMazD2/6kT9xzCF6UdQUBn9XEfywGNIqUtp4uxfG2Squzox1b9GHV aVUWidBzH8VwiNMuHgtM0qySLYz9uraJUEeatpq1mrLNBrD/3gjdG3flK9noQWwM sEl6CUMjhtuT0H8PKG4r0NjfA+1e4280PI0HvdUwNeQgtGtGreppCsakQt4Ov29l xdrOQBAig5eFOIqI4DGZysA/tOzDWC0rTbfw3+ZEjVMgrvS9BS3qesDlz+fKfwgr pVqvTPsKVh295tnUfntSCS+O6NXPP0fi/yTB+1guE/aUm+BQ+JtOiInd8R3yLguV x+vFbfHSCpTnELNJZLEs/9NbvCDQBHuHrp7fL50ye51M1eBjn2uER7wJl60X55i0 1Rpr3a+kq823yPdGrjTKSCuPR/PlYBod7YXCG9NjzCYyMDPJX9812UsKWOyrE/PW /upsoOpGfrYJCd4/4BrjlgLX3qf4oeXBdFsVSnWwZFjXENClKnUpOO3BOJ02NBi v0Prhl0hDIdCoFh8zfm1XRyDmv84e4vfJefwqd7wDrOB7mMHYHiJm6ZOXPUVq83l Kkj8wsNfzWH+6fLfFgbHN2v0JMmAMVtgIXwJgKDE6tP/bxadOlQlxmqBGCkKAItD G4z/R3iYzPZIJFMTYgxvXQIDAQABo4HGMIHDMAkGA1UeEwQCMAAwHQYDVR0OBBYE FCiPNtyDV+DfOUNjQ3lhpFpfVl+VMEkGA1UeIwRCMECAFBbfW46kMQ0IHu9olv6u nz6aDqXZoRakFDASMRAwDgYDVQQDDAe0ZXN0IENBghAIjLeQM8UKTs73rrVFvdoN MBMGA1UeJQQMMAoGCCsGAQUFBwMBMAsGA1UeDwQEAwIFoDAqBgNVHREEIzAhgh9v a2NldnQtdnNhLTIwNDgtdnNhLTQwOTYtb2sudGVtMA0GCSqGSIb3DQEBCwUAA4IB AQBpF9Ljx2mgQWACynjLqjRtzTzqGqbXzwZvqk+0eSMPtHEIlfVuapDwd2Hv3Tug U6Zx35UU2rls/N0Vz+9nPqSYwYZ5yMCVFeU2URV6jwAzSTYfw3DzZlam6AGvgHvF Sp0fV5Nk0ef0U141grFMjqX2HY2rluG/FpksI68pHre7CKHiFMImViQXUETXGFKM hI0dlGR9xMI1B2ZsglFTG0OwjglzFADz2kCkG7AxqahBpQOvwLuknqzVgbE1Azwt 1oO7yH7dV8Q7lVd/CpF981LQQeXIm8UYb9qrgiWRVudwfw5vwz2iNfVSO1jx+ed2 15bCXXnP/mJ6RxHJeuMloT21 -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-3072-ec-prime256v1-extrabegin.pem000066400000000000000000000027761474542230700260320ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN EC PARAMETERS----- BggqhkjOPQMBBw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MHcCAQEEIGiYOWRBGlxBggAsMXmbTrp4xEbRVK5XEilXaYTpX/mcoAoGCCqGSM49 AwEHoUQDQgAELUWACVZUsPni1vtwD1DUjT9qY9stpsxsqVLlArwNObGHQf0NACGK HGK9emSncHfxuvL9JUt55IPpV3FLB39yJg== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDTDCCAbSgAwIBAgIQf+qas6zNGvCZvOl1yh/XDzANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgyNFoXDTIxMTIyMzIwMjgy NFowLzEtMCsGA1UEAwwkb2tjZXJ0LXJzYS0zMDcyLWVjLXByaW1lMjU2djEtb2su cGVtMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELUWACVZUsPni1vtwD1DUjT9q Y9stpsxsqVLlArwNObGHQf0NACGKHGK9emSncHfxuvL9JUt55IPpV3FLB39yJqOB yzCByDAJBgNVHRMEAjAAMB0GA1UdDgQWBBTbtLoDcdvqUQaRJT+ZT2MysFTu7zBJ BgNVHSMEQjBAgBT8aD2XTdlAU46ZNYD4EEuzVzqNPaEWpBQwEjEQMA4GA1UEAwwH dGVzdCBDQYIQORuVDK59VgtfUDXzQKwdWjATBgNVHSUEDDAKBggrBgEFBQcDATAL BgNVHQ8EBAMCBaAwLwYDVR0RBCgwJoIkb2tjZXJ0LXJzYS0zMDcyLWVjLXByaW1l MjU2djEtb2sucGVtMA0GCSqGSIb3DQEBCwUAA4IBgQCBBGqJyO3ux+72VSCe0HTP /D5ljJIOO6TZTrzh22EHfUPkOEXc7D+306PNpiokfee2el4E35o6qNZIHzhs011P XXPN/C6bpthMiJqPKO3Rlmeu3ULR4L+XbiRkeQzOFS1AtEsDyfvGve+WwHDvEvtb PVwwXAcOV7S5WT3txJLBcR0F74unB/kJ8eyCbJgR4RalfBzs9JD79eGSJ44y+VMv nCXcF5nzd/wp6xKoYGAmuXcNqLltArqA+zGeXQY1hMNV/zEGxVgo4SZa/SNmML84 Z2F3SToe5ff6ciYMDcx0utUNCELu58xUvqRqh1ctLWn4OVgeP2Kpu57Rx0Ty3kFA u/g5B2S3RBv0G0nNXc4cDuuRVCpax2O/2Xfp+smtv91oAdPP66D1oymIkzNHtNY+ wG+L/KIlt5sdaCIp7pjLMeC0dQr4tDr3G6gcWkHUQTKqy6NtCqqWRDxeAsUXK66v zUgq+Zkj919kEWhWPP+c7YMhJismKrvvxJlL7d4vGWw= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-3072-ec-prime256v1-keyonly.pem000066400000000000000000000003431474542230700253600ustar00rootroot00000000000000-----BEGIN EC PRIVATE KEY----- MHcCAQEEIGiYOWRBGlxBggAsMXmbTrp4xEbRVK5XEilXaYTpX/mcoAoGCCqGSM49 AwEHoUQDQgAELUWACVZUsPni1vtwD1DUjT9qY9stpsxsqVLlArwNObGHQf0NACGK HGK9emSncHfxuvL9JUt55IPpV3FLB39yJg== -----END EC PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-rsa-3072-ec-prime256v1-malformed.pem000066400000000000000000000027371474542230700256450ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BggqhkjOPQMBBw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MHdCAQEEIGiYOWRBGlxBggAsMXmbTrp4xEbRVK5XEilXaYTpX/mdoAoGCCqGSM49 AwEHoUQDQgAELUWACVZUsPni1vtwD1DUjT9qY9stpsxsqVLlArwNObGHQf0NACGK HGK9fmSndHfxuvL9JUt55IPpV3FLB39yJg== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDTDCCAbSgAwIBAgIQf+qas6zNGvCZvOl1yh/XDzANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAe0ZXN0IENBMB4XDTIxMTIxOTIwMjgyNFoXDTIxMTIyMzIwMjgy NFowLzEtMCsGA1UEAwwkb2tjZXJ0LXJzYS0zMDdyLWVjLXByaW1lMjU2ejEtb2su dGVtMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQdDQgAELUWACVZUsPni1vtwD1DUjT9q Y9stpsxsqVLlArwNObGHQf0NACGKHGK9fmSndHfxuvL9JUt55IPpV3FLB39yJqOB yzCByDAJBgNVHRMEAjAAMB0GA1UeDgQWBBTbtLoDdevqUQaRJT+ZT2MysFTu7zBJ BgNVHSMEQjBAgBT8aD2XTelAU46ZNYD4EEuzVzqNPaEWpBQwEjEQMA4GA1UEAwwH eGVzeCBDQYIQORuVDK59VgtfUDXzQKweWjATBgNVHSUEDDAKBggrBgEFBQdDATAL BgNVHQ8EBAMCBaAwLwYDVR0RBCgwJoIkb2tjZXJ0LXJzYS0zMDdyLWVjLXByaW1l MjU2ejEtb2sudGVtMA0GCSqGSIb3DQEBCwUAA4IBgQCBBGqJyO3ux+72VSCf0HTP /D5ljJIOO6TZTrzh22EHfUPkOEXd7D+306PNpiokf2fl4E35o6qNZIHzhs011P XXPN/C6bpthMiJqPKO3Rlmfu3ULR4L+XbiRkfQzOFS1AtEsDyfvGvf+WwHDvEvtb PVwwXAdOV7S5WT3txJLBdR0F74unB/kJ8fyCbJgR4RalfBzs9JD79fGSJ44y+VMv nCXdF5nze/wp6xKoYGAmuXdNqLltArqA+zGfXQY1hMNV/zEGxVgo4SZa/SNmML84 Z2F3STof5f6diYMDdx0utUNCELu58xUvqRqh1dtLWn4OVgfP2Kpu57Rx0Ty3kFA u/g5B2S3RBv0G0nNXd4dDuuRVCpax2O/2Xfp+smtv91oAePP66D1oymIkzNHtNY+ wG+L/KIlt5seaCIp7pjLMfC0eQr4tDr3G6gdWkHUQTKqy6NtCqqWRDxfAsUXK66v zUgq+Zkj919kEWhWPP+d7YMhJismKrvvxJlL7e4vGWw= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-3072-ec-secp224r1-unsupported.pem000066400000000000000000000027261474542230700260720ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIQ== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MGgCAQEEHBpsjHyV9+O/y7G+ueZRCyTIr3lkiz/79rhTbz2gBwYFK4EEACGhPAM6 AATwQmPnI4uNSuBL9cyYAWJUa2EhXYwaDB2VYYUnSrQlEPwi9St5st6CUjWkN3mL OqC5xd0aH/890A== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDVDCCAbygAwIBAgIRAK4qh6Qao3f6fd6TRWlwj/AwDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MzFaFw0yMTEyMjMyMDI4 MzFaMDgxNjA0BgNVBAMMLWJhZGNlcnQtcnNhLTMwNzItZWMtc2VjcDIyNHIxLXVu c3VwcG9ydGVkLnBlbTBOMBAGByqGSM49AgEGBSuBBAAhAzoABPBCY+cji41K4Ev1 zJgBYlRrYSFdjBoMHZVhhSdKtCUQ/CL1K3my3oJSNaQ3eYs6oLnF3Rof/z3Qo4HU MIHRMAkGA1UdEwQCMAAwHQYDVR0OBBYEFPoxLy//itMMW/k3AhnLlQ1sbElZMEkG A1UdIwRCMECAFPxoPZdN2UBTjpk1gPgQS7NXOo09oRakFDASMRAwDgYDVQQDDAd0 ZXN0IENBghA5G5UMrn1WC19QNfNArB1aMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsG A1UdDwQEAwIFoDA4BgNVHREEMTAvgi1iYWRjZXJ0LXJzYS0zMDcyLWVjLXNlY3Ay MjRyMS11bnN1cHBvcnRlZC5wZW0wDQYJKoZIhvcNAQELBQADggGBAJfNKmr32slg SIvge4sda2QyPg/wJQX3sS24q3HrTibcLTOWdpvC+2a7pusMRPtMeeszR4OyDW+g f1GN78yKdgeX5rKhJZNOVQZpmlZeT4aYj1oLIo062vfzSbXVfCP2RZw3xOpiFKtZ ZCgCRUnXLxM0R4HqCExWOqtSRJfb7ik8b7feaCkfP72OJoNj7nDEQU4QAxO3iwCW nDD93jlemKnilMeWPh4sYsIxPFFhhAjavMHzSPsefzIdxDyiApGC6eYZiAsrHb1D g0YLrZiVpM7Y/2L9L0OWBVMAkL7yxMT6FmtN/2AhAsbcwEZB6Pq7mOA28DqV7hdq zFdNNYxwtnnLj8NZJqdHBccJ3imTKT2VLNMVgRN/GwsvYjAAYKdGfgZHqjVRk76l U4bEepTfJPLQAhthzqz3Ocqv0/21P6L5nw3E5h+inTRAFdY1lZezv2IFOplOsEcJ CZsdRU+0lfRB5QfnPadz76N/rqY7mKm43B6rw6QaV9gOPVniQm3Oxw== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-3072-ec-secp384r1-extrabegin.pem000066400000000000000000000031341474542230700256330ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN EC PARAMETERS----- BgUrgQQAIg== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIGkAgEBBDAcvNuqh0xdSBIWRqyLj88JwRwwZSi1Ab12/rQiBM9kzoBJfK2GwB9T IofrJLZlbpSgBwYFK4EEACKhZANiAASGjyljAzfw0gy3y8lHec951LtaJIfrQ17y svpMhWzHj1U3IguEl9uCdxGJvCHrlPzC3xrBU2qHsfWjkOaLkwM9Oi9N84Ydz0h6 j7Bn8tQ+jOkLuxceGt5O57uhETb0Psk= -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDaDCCAdCgAwIBAgIRALhkK1Vf/37gc1FeyH+Weu4wDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MjRaFw0yMTEyMjMyMDI4 MjRaMC4xLDAqBgNVBAMMI29rY2VydC1yc2EtMzA3Mi1lYy1zZWNwMzg0cjEtb2su cGVtMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEho8pYwM38NIMt8vJR3nPedS7WiSH 60Ne8rL6TIVsx49VNyILhJfbgncRibwh65T8wt8awVNqh7H1o5Dmi5MDPTovTfOG Hc9Ieo+wZ/LUPozpC7sXHhreTue7oRE29D7Jo4HKMIHHMAkGA1UdEwQCMAAwHQYD VR0OBBYEFPi3UZtfQGhOPh+xCKhgaPh5aA/JMEkGA1UdIwRCMECAFPxoPZdN2UBT jpk1gPgQS7NXOo09oRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghA5G5UMrn1WC19Q NfNArB1aMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAuBgNVHREE JzAlgiNva2NlcnQtcnNhLTMwNzItZWMtc2VjcDM4NHIxLW9rLnBlbTANBgkqhkiG 9w0BAQsFAAOCAYEAapy3GwRmzP9ZyuSy67xjZfM8Qrxljqo8fgSG48AZgOSyL8SD uHliR+iJylLDpp+VlSlYu3MyrwRbwo9H7MYRdRMURTfuBERKNyAnhkvFFAwYfxTI dJ+1P8BeiyiPaDHpV0NZYR/D+iQ/AAQrkc9HaHzzjtpxOEAazFzjtNcNBJLTIeyr SeW38H3ATXZs/t1GGvfj64uZvvf9A1/uimFznfeGGMHYnrfOiyY2EkYkGi+3SNLR ckOwUwdJRbHNTLNS25alNMzxPSrTnvA0wtXdPnx5r+5vlsP0D+4FQbXYQKt85WqN ovdU/nTqtTYFoNb0ApLMFrITzG+0B5uD2Ws8pu71NG4HRb5wrbSCGVJ5oYQ5ahcx TEMa2kMpyab0G+dtPfhYeosvgY0ReohH+EraQ8lLweMFmYoq3EHPe8/6DUiFbHCx i1ykDLXDHnOdo3khNDdyINuiR7BFSeiRFsGSo/iF+U6Vm+TXtyIq6Utu2sToW9FL WvfrnAQfQwvibQFZ -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-3072-ec-secp384r1-keyonly.pem000066400000000000000000000004401474542230700251720ustar00rootroot00000000000000-----BEGIN EC PRIVATE KEY----- MIGkAgEBBDAcvNuqh0xdSBIWRqyLj88JwRwwZSi1Ab12/rQiBM9kzoBJfK2GwB9T IofrJLZlbpSgBwYFK4EEACKhZANiAASGjyljAzfw0gy3y8lHec951LtaJIfrQ17y svpMhWzHj1U3IguEl9uCdxGJvCHrlPzC3xrBU2qHsfWjkOaLkwM9Oi9N84Ydz0h6 j7Bn8tQ+jOkLuxceGt5O57uhETb0Psk= -----END EC PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-rsa-3072-ec-secp384r1-malformed.pem000066400000000000000000000030771474542230700254570ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIg== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIGkAgEBBDAdvNuqh0xeSBIWRqyLj88JwRwwZSi1Ab12/rQiBM9kzoBJfK2GwB9T IofrJLZlbpSgBwYFK4EEACKhZANiAASGjyljAzfw0gy3y8lHfd951LtaJIfrQ17y svpMhWzHj1U3IguEl9uCexGJvCHrlPzC3xrBU2qHsfWjkOaLkwM9Oi9N84Yez0h6 j7Bn8tQ+jOkLuxdfGt5O57uhETb0Psk= -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDaDCCAeCgAwIBAgIRALhkK1Vf/37gd1FfyH+Wfu4wDQYJKoZIhvdNAQELBQAw EjEQMA4GA1UEAwwHeGVzeCBDQTAfFw0yMTEyMTkyMDI4MjRaFw0yMTEyMjMyMDI4 MjRaMC4xLDAqBgNVBAMMI29rY2VyeC1yd2EtMzA3Mi1lYy1zZWNwMzg0djEtb2su dGVtMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEho8pYwM38NIMt8vJR3nPfeS7WiSH 60Nf8rL6TIVsx49VNyILhJfbgndRibwh65T8wt8awVNqh7H1o5Dmi5MDPTovTfOG Hd9Ifo+wZ/LUPozpC7sXHhrfTuf7oRE29D7Jo4HKMIHHMAkGA1UeEwQCMAAwHQYD VR0OBBYEFPi3UZtfQGhOPh+xCKhgaPh5aA/JMEkGA1UeIwRCMECAFPxoPZeN2UBT jpk1gPgQS7NXOo09oRakFDASMRAwDgYDVQQDDAe0ZXN0IENBghA5G5UMrn1WC19Q NfNArB1aMBMGA1UeJQQMMAoGCCsGAQUFBwMBMAsGA1UeDwQEAwIFoDAuBgNVHREE JzAlgiNva2NldnQtdnNhLTMwNzItZWMtd2VjdDM4NHIxLW9rLnBlbTANBgkqhkiG 9w0BAQsFAAOCAYEAapy3GwRmzP9ZyuSy67xjZfM8Qrxljqo8fgSG48AZgOSyL8SD uHliR+iJylLDpp+VlSlYu3MyrwRbwo9H7MYReRMURTfuBERKNyAnhkvFFAwYfxTI eJ+1P8BfiyiPaDHpV0NZYR/D+iQ/AAQrkd9HaHzzjtpxOEAazFzjtNdNBJLTIfyr SfW38H3ATXZs/t1GGvfj64uZvvf9A1/uimFznfGGMHYnrfOiyY2EkYkGi+3SNLR dkOwUweJRbHNTLNS25alNMzxPSrTnvA0wtXePnx5r+5vlsP0D+4FQbXYQKt85WqN oveU/nTqtTYFoNb0ApLMFrITzG+0B5uD2Ws8pu71NG4HRb5wrbSCGVJ5oYQ5ahdx TEMa2kMpyab0G+etPfhYfosvgY0RfohH+EraQ8lLwfMFmYoq3EHPf8/6DUiFbHCx i1ykDLXDHnOeo3khNDeyINuiR7BFSfiRFsGSo/iF+U6Vm+TXtyIq6Utu2sToW9FL WvfrnAQfQwvibQFZ -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-3072-ec-secp521r1-extrabegin.pem000066400000000000000000000033361474542230700256300ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN EC PARAMETERS----- BgUrgQQAIw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIHcAgEBBEIBkw6BtVhn9uAqTPywzxTP2yaHa9Jh691A+ymxUFKIu8k+4LVhY5q2 RVvQudYaEH+PPeDAEPUvFkDCIbeKujauApagBwYFK4EEACOhgYkDgYYABAEyA4Hp 9hQCy01B2q3+YNd4HDXdyPESfrC5jB7nKLdVMEMmMm8vU+VG9tvHvYLy1HLrUUkx 61HjrpeLnYqcI3knGgECMld19JBIV6lEPl+CJF8ESchF01vyI1AIaQwtSWhRmLod o57IKvv7rKLZcHpnXF+vqZXF0XPRktUS0y6WYhVu/g== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDjjCCAfagAwIBAgIRAIUoC1dHnTEUMP0xVa/+/aEwDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MjRaFw0yMTEyMjMyMDI4 MjRaMC4xLDAqBgNVBAMMI29rY2VydC1yc2EtMzA3Mi1lYy1zZWNwNTIxcjEtb2su cGVtMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBMgOB6fYUAstNQdqt/mDXeBw1 3cjxEn6wuYwe5yi3VTBDJjJvL1PlRvbbx72C8tRy61FJMetR466Xi52KnCN5JxoB AjJXdfSQSFepRD5fgiRfBEnIRdNb8iNQCGkMLUloUZi6HaOeyCr7+6yi2XB6Z1xf r6mVxdFz0ZLVEtMulmIVbv6jgcowgccwCQYDVR0TBAIwADAdBgNVHQ4EFgQUKqxQ kJogndnO9Z+jHHQ7OYa3gVswSQYDVR0jBEIwQIAU/Gg9l03ZQFOOmTWA+BBLs1c6 jT2hFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GCEDkblQyufVYLX1A180CsHVowEwYD VR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMC4GA1UdEQQnMCWCI29rY2Vy dC1yc2EtMzA3Mi1lYy1zZWNwNTIxcjEtb2sucGVtMA0GCSqGSIb3DQEBCwUAA4IB gQAGXtQO2pgz3aC0/a1aDQI02cenVIf4PT0P7XPfVOO3fbl58lMyfZpEs3BBEIaC Mc9rhaIf/g5zaiemgrPfr3/yduH2hQI5CljCIlc8UfBTL/PQN8MfSUZIUpDPAt3l NX2vCSh7bEAw04z1Gy/8dXGzjS20E0CZNnP9ID9TfMiTrLH3moAuLaNkjN1l5wpW k/2edc8TmXFvKBS58od729ejNx2Toob64sCu+IPL95GL/HyWFt/PNKNMJYtmm99G 1hNDQ2fCWn/MNBvdeRnvHOnPr7KUtmyh4xpB0ZSbC3M8bJY4QN4wo/CO0MV6uvMg qT3egqjbNXYJ1HeBQabolQwZlwwSDWa2CMY5Pbm5c1dM0T972H/Gsk07iRmy1a5f UOqnrkbXcDo9qcDa0gXt2UuqHLWNtjmKCUxGxj50FZi4aOS4TNY77nTjN7a1LaKO Oq56De5ko2dZOnhRpo6O2PaaiQiSQX9p8QzveBUE2CqOXpObBPoaORaZmZFRgv+q mqk= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-3072-ec-secp521r1-keyonly.pem000066400000000000000000000005551474542230700251720ustar00rootroot00000000000000-----BEGIN EC PRIVATE KEY----- MIHcAgEBBEIBkw6BtVhn9uAqTPywzxTP2yaHa9Jh691A+ymxUFKIu8k+4LVhY5q2 RVvQudYaEH+PPeDAEPUvFkDCIbeKujauApagBwYFK4EEACOhgYkDgYYABAEyA4Hp 9hQCy01B2q3+YNd4HDXdyPESfrC5jB7nKLdVMEMmMm8vU+VG9tvHvYLy1HLrUUkx 61HjrpeLnYqcI3knGgECMld19JBIV6lEPl+CJF8ESchF01vyI1AIaQwtSWhRmLod o57IKvv7rKLZcHpnXF+vqZXF0XPRktUS0y6WYhVu/g== -----END EC PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-rsa-3072-ec-secp521r1-malformed.pem000066400000000000000000000033011474542230700254360ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIHdAgEBBEIBkw6BtVhn9uAqTPywzxTP2yaHa9Jh691A+ymxUFKIu8k+4LVhY5q2 RVvQueYaEH+PPfDAEPUvFkDCIbfKujauApagBwYFK4EEACOhgYkDgYYABAEyA4Hp 9hQCy01B2q3+YNe4HDXeyPESfrC5jB7nKLeVMEMmMm8vU+VG9tvHvYLy1HLrUUkx 61HjrpfLnYqdI3knGgECMle19JBIV6lEPl+CJF8ESdhF01vyI1AIaQwtSWhRmLoe o57IKvv7rKLZdHpnXF+vqZXF0XPRktUS0y6WYhVu/g== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDjjCCAfagAwIBAgIRAIUoC1eHnTEUMP0xVa/+/aEwDQYJKoZIhvdNAQELBQAw EjEQMA4GA1UEAwwHeGVzeCBDQTAfFw0yMTEyMTkyMDI4MjRaFw0yMTEyMjMyMDI4 MjRaMC4xLDAqBgNVBAMMI29rY2VyeC1yd2EtMzA3Mi1lYy1zZWNwNTIxdjEtb2su dGVtMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBMgOB6fYUAstNQeqt/mDXfBw1 3djxEn6wuYwf5yi3VTBDJjJvL1PlRvbbx72C8tRy61FJMftR466Xi52KnCN5JxoB AjJXefSQSFfpRD5fgiRfBEnIReNb8iNQCGkMLUloUZi6HaOfyCr7+6yi2XB6Z1xf r6mVxeFz0ZLVEtMulmIVbv6jgdowgdwCQYDVR0TBAIwADAeBgNVHQ4EFgQUKqxQ kJognenO9Z+jHHQ7OYa3gVswSQYDVR0jBEIwQIAU/Gg9l03ZQFOOmTWA+BBLs1d6 jT2hFqQUMBIxEDAOBgNVBAMMB3Rld3QgQ0GCEDkblQyufVYLX1A180CsHVowEwYD VR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMC4GA1UeEQQnMCWCI29rY2Vy eC1yd2EtMzA3Mi1lYy1zZWNwNTIxdjEtb2sudGVtMA0GCSqGSIb3DQEBCwUAA4IB gQAGXtQO2pgz3aC0/a1aDQI02dfnVIf4PT0P7XPfVOO3fbl58lMyfZpEs3BBEIaC Md9rhaIf/g5zaifmgrPfr3/yeuH2hQI5CljCIld8UfBTL/PQN8MfSUZIUpDPAt3l NX2vCSh7bEAw04z1Gy/8eXGzjS20E0CZNnP9ID9TfMiTrLH3moAuLaNkjN1l5wpW k/2fed8TmXFvKBS58oe729fjNx2Toob64sCu+IPL95GL/HyWFt/PNKNMJYtmm99G 1hNDQ2fCWn/MNBvefRnvHOnPr7KUtmyh4xpB0ZSbC3M8bJY4QN4wo/CO0MV6uvMg qT3fgqjbNXYJ1HfBQabolQwZlwwSDWa2CMY5Pbm5d1eM0T972H/Gsk07iRmy1a5f UOqnrkbXdDo9qdDa0gXt2UuqHLWNtjmKCUxGxj50FZi4aOS4TNY77nTjN7a1LaKO Oq56Df5ko2eZOnhRpo6O2PaaiQiSQX9p8QzvfBUE2CqOXpObBPoaORaZmZFRgv+q mqk= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-3072-rsa-2048-extrabegin.pem000066400000000000000000000061431474542230700247750ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAlkJl9gRAf+fh9AAMhLx5Aoa7EX9NWszoopxjaHr7HVnTzSLo HRgAwgyq/RbJFttwDgITFfyp1ooGcw2s9+k50WorMy3Lph4ct/ApFq5HLIhtzxQQ S9ZsIPJUVz8+zrkvXCvjSdevHj1QVvCIeYp/ANPm/xRXvvsoK3eXyHNSu26fqFs7 n4H/DJQcy7SVaQ3hewhQ2RTbne8PzHPgld5eEmSX04Oi/q+/ndXx2tYe8D0YqKBy /3PQlZhPmsqzbevCppw3PDJ/ERn2EfWMnoUwOVPw9SIWMpbZLvoYOdk0ZumCOu5D QSfalNh6oqvUYXak86gx2plPVW6blNroG50WGQIDAQABAoIBABJ4ZwAu1Z7jaisM Nn26jUV6OlSUSXX36kDS6IVXWLbq69YzjETHRpCT7hDeVCmzH7sZFi+Ft3rfzJsn +zMeQDU1z8miv33UBcO2idZ35dfbjWP/G2G3IeOK5kMzSw0uRlwWKQJSuPwGnXGS b7RBCguYALUqUv7u8KknMkk5o9nWNx9qffJs45dYliPKFk+/9skoBKKR4qr9akLi mOnBjCLIm0DjCjaw0BP+O0FhAZ6ZJlBmp1jFobSZUNMIpWe4voUYSoXbZDHibL9I H3M3JZjwsGF6dAu9zj1RsEhXewKw3w3T0SPbp2bEtLrTWkV/TI6O/lw4q7IFIGVr yRXB/AECgYEAyFEsx8vJ5UPl7Y4ZJwYftIFg41ybQzFVoh18M7mQCsGQaQ5Fnx8w L9YcG/JnCiRKRmpbQ4L0noKOmY2hRiqtXs3iTxM/U95HEAbtvkyToyVCOcp/ZUHB ngpQFR4/Oih9cLd0to6Z1Uc6NAdVVAE5eb5y50gkXNGLEobOFEoXeBECgYEAwAcM +qltrVn2NXUFHsHPNRMdM7Ipmo6piBzj+sSV1BFgkyPd0j68GvC1iad45oqGnxh8 3idt1HNKnoZg1TomjJcs06B/8RGQly42Xltk8Pv5A543PA6ElIeO4wLzGjTkg3IY uXNbErMtCVrDZmse2ezlkGFsTnUeLvrZxs3dhYkCgYAA2YdNGaozlMQm69Fjfv0n cN0OWdg2wsDQPTvHpGPeB9ArAep9sE4uBcR8wdx6CIlgHxdgA/Axs/AS6qzidU/i 9RCesUA1hN3cTYs4oW6G5KORRzCfJ1ZA615HmKdAAef2UHDoTVaNtw2iJt3Py2mJ AKvQG1g8JI9odrXtFBthYQKBgAKtln7Acikiwg5IzYN6THt/Ar8/0ti2+KJPVNag ez5z55blvyg5e8IcbUu4LDV65Rm+667leeCmovnHAf63SuZXDWb+LAqepheVq2hx edzqhrSINlj+EtdHdLSxy9YnurAinTmo5DJEkXI589Ov1sRPS3xR/4Kwm3UoRnVB Vb+RAoGAJ42L0oEIW4t1J0pqbbYitXgC/C1QvZ9/xWx76WMeFBQrtXlf6gpbFvFs 0GWfjtpo5TP0wjfB2pXHUwimSFdEHaUFmRT7sABvsyXTnTnTyTKrj9hU/Hdbvmho us7OdbsIa48fgb1N9E+KYqkMNqRUVOuMJ8PGVpGHlpIy+iAy+6s= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIEDjCCAnagAwIBAgIRAOhffkuMVEqJHpZX9TNHygkwDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MjVaFw0yMTEyMjMyMDI4 MjVaMCoxKDAmBgNVBAMMH29rY2VydC1yc2EtMzA3Mi1yc2EtMjA0OC1vay5wZW0w ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWQmX2BEB/5+H0AAyEvHkC hrsRf01azOiinGNoevsdWdPNIugdGADCDKr9FskW23AOAhMV/KnWigZzDaz36TnR aiszLcumHhy38CkWrkcsiG3PFBBL1mwg8lRXPz7OuS9cK+NJ168ePVBW8Ih5in8A 0+b/FFe++ygrd5fIc1K7bp+oWzufgf8MlBzLtJVpDeF7CFDZFNud7w/Mc+CV3l4S ZJfTg6L+r7+d1fHa1h7wPRiooHL/c9CVmE+ayrNt68KmnDc8Mn8RGfYR9YyehTA5 U/D1IhYyltku+hg52TRm6YI67kNBJ9qU2Hqiq9RhdqTzqDHamU9VbpuU2ugbnRYZ AgMBAAGjgcYwgcMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUDP+gXQsCqIvAJzzf2wcd ZbCSC7EwSQYDVR0jBEIwQIAU/Gg9l03ZQFOOmTWA+BBLs1c6jT2hFqQUMBIxEDAO BgNVBAMMB3Rlc3QgQ0GCEDkblQyufVYLX1A180CsHVowEwYDVR0lBAwwCgYIKwYB BQUHAwEwCwYDVR0PBAQDAgWgMCoGA1UdEQQjMCGCH29rY2VydC1yc2EtMzA3Mi1y c2EtMjA0OC1vay5wZW0wDQYJKoZIhvcNAQELBQADggGBALJvbKvgJlHt3vXbOnOG qKAReTopZ9L4mJ0oogHCkfcU7anPJoY3RaOIW6qy2TzCfqYyXHHFrzCjnedENWZO qb7ZNtg8W6rlFd1YcVfEMSHtjgGDG1p8OTBrdAXXvco2bX/Lh6ydhnLGtd+DHuEp s6KSy/Jd/+g7tkSmMp8lLLPWkBsku4GbHq/heLOfgACnVaUjZ9hKmEInhT/UWLdI D+YfvXr8CEr5Iz4JPQPw5VdbFEKaqB1EixY6JZ0S1wxne7Hs5GIa6PUZH/n0T4Rs J1113DFczj3ggRFompvnkJdjUkGu5Z9iPLA7u5fPOVJIvw18gJcEJ28sskGp2Zme nljCKAhggoUn2fRt1lV7klO2OvTWWe/nJvLW8/O9UZWggmB/J/O9IPALOE0N7Jas 42+sOzgheKirfn8Shhuj3DDL5brvBnUfCq81wMWmdPethdmZeb/w89MZSk+BNF3g MDc3dpM0W0qVL0KeTQaDb79LwxdsaIFU+AtUsNE7fuhDcw== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-3072-rsa-2048-keyonly.pem000066400000000000000000000032131474542230700243320ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAlkJl9gRAf+fh9AAMhLx5Aoa7EX9NWszoopxjaHr7HVnTzSLo HRgAwgyq/RbJFttwDgITFfyp1ooGcw2s9+k50WorMy3Lph4ct/ApFq5HLIhtzxQQ S9ZsIPJUVz8+zrkvXCvjSdevHj1QVvCIeYp/ANPm/xRXvvsoK3eXyHNSu26fqFs7 n4H/DJQcy7SVaQ3hewhQ2RTbne8PzHPgld5eEmSX04Oi/q+/ndXx2tYe8D0YqKBy /3PQlZhPmsqzbevCppw3PDJ/ERn2EfWMnoUwOVPw9SIWMpbZLvoYOdk0ZumCOu5D QSfalNh6oqvUYXak86gx2plPVW6blNroG50WGQIDAQABAoIBABJ4ZwAu1Z7jaisM Nn26jUV6OlSUSXX36kDS6IVXWLbq69YzjETHRpCT7hDeVCmzH7sZFi+Ft3rfzJsn +zMeQDU1z8miv33UBcO2idZ35dfbjWP/G2G3IeOK5kMzSw0uRlwWKQJSuPwGnXGS b7RBCguYALUqUv7u8KknMkk5o9nWNx9qffJs45dYliPKFk+/9skoBKKR4qr9akLi mOnBjCLIm0DjCjaw0BP+O0FhAZ6ZJlBmp1jFobSZUNMIpWe4voUYSoXbZDHibL9I H3M3JZjwsGF6dAu9zj1RsEhXewKw3w3T0SPbp2bEtLrTWkV/TI6O/lw4q7IFIGVr yRXB/AECgYEAyFEsx8vJ5UPl7Y4ZJwYftIFg41ybQzFVoh18M7mQCsGQaQ5Fnx8w L9YcG/JnCiRKRmpbQ4L0noKOmY2hRiqtXs3iTxM/U95HEAbtvkyToyVCOcp/ZUHB ngpQFR4/Oih9cLd0to6Z1Uc6NAdVVAE5eb5y50gkXNGLEobOFEoXeBECgYEAwAcM +qltrVn2NXUFHsHPNRMdM7Ipmo6piBzj+sSV1BFgkyPd0j68GvC1iad45oqGnxh8 3idt1HNKnoZg1TomjJcs06B/8RGQly42Xltk8Pv5A543PA6ElIeO4wLzGjTkg3IY uXNbErMtCVrDZmse2ezlkGFsTnUeLvrZxs3dhYkCgYAA2YdNGaozlMQm69Fjfv0n cN0OWdg2wsDQPTvHpGPeB9ArAep9sE4uBcR8wdx6CIlgHxdgA/Axs/AS6qzidU/i 9RCesUA1hN3cTYs4oW6G5KORRzCfJ1ZA615HmKdAAef2UHDoTVaNtw2iJt3Py2mJ AKvQG1g8JI9odrXtFBthYQKBgAKtln7Acikiwg5IzYN6THt/Ar8/0ti2+KJPVNag ez5z55blvyg5e8IcbUu4LDV65Rm+667leeCmovnHAf63SuZXDWb+LAqepheVq2hx edzqhrSINlj+EtdHdLSxy9YnurAinTmo5DJEkXI589Ov1sRPS3xR/4Kwm3UoRnVB Vb+RAoGAJ42L0oEIW4t1J0pqbbYitXgC/C1QvZ9/xWx76WMeFBQrtXlf6gpbFvFs 0GWfjtpo5TP0wjfB2pXHUwimSFdEHaUFmRT7sABvsyXTnTnTyTKrj9hU/Hdbvmho us7OdbsIa48fgb1N9E+KYqkMNqRUVOuMJ8PGVpGHlpIy+iAy+6s= -----END RSA PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-rsa-3072-rsa-2048-malformed.pem000066400000000000000000000061031474542230700246070ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAlkJl9gRAf+fh9AAMhLx5Aoa7EX9NWszoopxjaHr7HVnTzSLo HRgAwgyq/RbJFttwDgITFfyp1ooGdw2s9+k50WorMy3Lph4dt/ApFq5HLIhtzxQQ S9ZsIPJUVz8+zrkvXCvjSefvHj1QVvCIfYp/ANPm/xRXvvsoK3fXyHNSu26fqFs7 n4H/DJQdy7SVaQ3hfwhQ2RTbnf8PzHPgle5fEmSX04Oi/q+/neXx2tYf8D0YqKBy /3PQlZhPmsqzbfvCppw3PDJ/ERn2EfWMnoUwOVPw9SIWMpbZLvoYOek0ZumCOu5D QSfalNh6oqvUYXak86gx2plPVW6blNroG50WGQIDAQABAoIBABJ4ZwAu1Z7jaisM Nn26jUV6OlSUSXX36kDS6IVXWLbq69YzjETHRpCT7hDfVCmzH7sZFi+Ft3rfzJsn +zMfQDU1z8miv33UBdO2ieZ35efbjWP/G2G3IfOK5kMzSw0uRlwWKQJSuPwGnXGS b7RBCguYALUqUv7u8KknMkk5o9nWNx9qfJs45eYliPKFk+/9skoBKKR4qr9akLi mOnBjCLIm0DjCjaw0BP+O0FhAZ6ZJlBmp1jFobSZUNMIpWf4voUYSoXbZDHibL9I H3M3JZjwsGF6eAu9zj1RsEhXfwKw3w3T0SPbp2bEtLrTWkV/TI6O/lw4q7IFIGVr yRXB/AECgYEAyFEsx8vJ5UPl7Y4ZJwYftIFg41ybQzFVoh18M7mQCsGQaQ5Fnx8w L9YdG/JnCiRKRmpbQ4L0noKOmY2hRiqtXs3iTxM/U95HEAbtvkyToyVCOdp/ZUHB ngpQFR4/Oih9dLe0to6Z1Ud6NAeVVAE5fb5y50gkXNGLEobOFEoXfBECgYEAwAdM +qltrVn2NXUFHsHPNRMeM7Ipmo6piBzj+sSV1BFgkyPe0j68GvC1iae45oqGnxh8 3iet1HNKnoZg1TomjJds06B/8RGQly42Xltk8Pv5A543PA6ElIfO4wLzGjTkg3IY uXNbErMtCVrDZmsf2fzlkGFsTnUfLvrZxs3ehYkCgYAA2YeNGaozlMQm69Fjfv0n dN0OWeg2wsDQPTvHpGPfB9ArAfp9sE4uBdR8wex6CIlgHxegA/Axs/AS6qzieU/i 9RCfsUA1hN3dTYs4oW6G5KORRzCfJ1ZA615HmKeAAf2UHDoTVaNtw2iJt3Py2mJ AKvQG1g8JI9oerXtFBthYQKBgAKtln7Adikiwg5IzYN6THt/Ar8/0ti2+KJPVNag fz5z55blvyg5f8IdbUu4LDV65Rm+667lfCmovnHAf63SuZXDWb+LAqfphfVq2hx fezqhrSINlj+EteHeLSxy9YnurAinTmo5DJEkXI589Ov1sRPS3xR/4Kwm3UoRnVB Vb+RAoGAJ42L0oEIW4t1J0pqbbYitXgC/C1QvZ9/xWx76WMfFBQrtXlf6gpbFvFs 0GWfjtpo5TP0wjfB2pXHUwimSFeEHaUFmRT7sABvsyXTnTnTyTKrj9hU/Hebvmho us7OebsIa48fgb1N9E+KYqkMNqRUVOuMJ8PGVpGHlpIy+iAy+6s= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIEDjCCAnagAwIBAgIRAOhfkuMVEqJHpZX9TNHygkwDQYJKoZIhvdNAQELBQAw EjEQMA4GA1UEAwwHeGVzeCBDQTAfFw0yMTEyMTkyMDI4MjVaFw0yMTEyMjMyMDI4 MjVaMCoxKDAmBgNVBAMMH29rY2VyeC1yd2EtMzA3Mi1yd2EtMjA0OC1vay5wZW0w ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWQmX2BEB/5+H0AAyEvHkC hrsRf01azOiinGNofvseWePNIugeGADCDKr9FskW23AOAhMV/KnWigZzDaz36TnR aiszLdumHhy38CkWrkdsiG3PFBBL1mwg8lRXPz7OuS9dK+NJ168fPVBW8Ih5in8A 0+b/FFf++ygre5fId1K7bp+oWzufgf8MlBzLtJVpDfF7CFDZFNue7w/Md+CV3l4S ZJfTg6L+r7+e1fHa1h7wPRiooHL/d9CVmE+ayrNt68KmnDd8Mn8RGfYR9YyfhTA5 U/D1IhYyltku+hg52TRm6YI67kNBJ9qU2Hqiq9RheqTzqDHamU9VbpuU2ugbnRYZ AgMBAAGjgdYwgdMwCQYDVR0TBAIwADAeBgNVHQ4EFgQUDP+gXQsCqIvAJzzf2wde ZbCSC7EwSQYDVR0jBEIwQIAU/Gg9l03ZQFOOmTWA+BBLs1d6jT2hFqQUMBIxEDAO BgNVBAMMB3Rld3QgQ0GCEDkblQyufVYLX1A180CsHVowEwYDVR0lBAwwCgYIKwYB BQUHAwEwCwYDVR0PBAQDAgWgMCoGA1UeEQQjMCGCH29rY2VyeC1yd2EtMzA3Mi1y d2EtMjA0OC1vay5wZW0wDQYJKoZIhvdNAQELBQADggGBALJvbKvgJlHt3vXbOnOG qKARfTopZ9L4mJ0oogHCkfdU7anPJoY3RaOIW6qy2TzCfqYyXHHFrzCjnfeENWZO qb7ZNtg8W6rlFe1YdVfEMSHtjgGDG1p8OTBreAXXvdo2bX/Lh6yehnLGte+DHuEp s6KSy/Je/+g7tkSmMp8lLLPWkBsku4GbHq/hfLOfgACnVaUjZ9hKmEInhT/UWLeI D+YfvXr8CEr5Iz4JPQPw5VebFEKaqB1EixY6JZ0S1wxnf7Hs5GIa6PUZH/n0T4Rs J1113DFdzj3ggRFompvnkJejUkGu5Z9iPLA7u5fPOVJIvw18gJdEJ28sskGp2Zmf nljCKAhggoUn2fRt1lV7klO2OvTWWf/nJvLW8/O9UZWggmB/J/O9IPALOE0N7Jas 42+sOzghfKirfn8Shhuj3DDL5brvBnUfCq81wMWmePfthemZfb/w89MZSk+BNF3g MDd3epM0W0qVL0KfTQaDb79LwxesaIFU+AtUsNE7fuhDdw== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-3072-rsa-3072-extrabegin.pem000066400000000000000000000100361474542230700247670ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIG5AIBAAKCAYEAyUgS6I+wQASpgGrgi09w69+M3qWiJFOiFZjd55aXDshvxdcQ nIIQfDsKf5iwAeDkeahJtpHoZkIMkbUVKayBhVQMwF6tT/BKQvvYpXjBQaoLM4Ad SFkVE0FiLzVtzWRJBIHWmXCIhdyL+Xk7KilN7003xH1i/Xnf3g+CFOvcQ3kDUn4E 4kyWTiYkgp/m5ekQv7GnpLEWB00KJeiX/qCV51kNYOS6k81L+9xxKZ3ZH1NTE+Gs 3U7RtG3lJIrRzPSEvipjahfQaGYAEELVwEk/jEDL6L1h+EQwqgtHK4cHMVOeBJDF 7mvCALCScVcozi7PodtcpLdzUbQvUnJZCFLjkSK7CXV+0y14YCeCR0RZmKUPh2Wv JACAifxnhDZhj8B1g5MYG/W/PrNy6HvFs+tUGc0e3NquVvMdJ6m4iLq9qQ+Kgdhl svcKoTGoikgV2axh4kKezaHRURaRyutkypRvSMCdHYbNr6f3GZgoYXlZyAMuy5gt SiWo8RKY7sR3yiebAgMBAAECggGAMFz8Bhs4azlzjOKhT3foFxTg4UKFIhtiT7Qq ZZH+e9PXX38cg66QzXjWPfBvIhRqcXzpMU//ukpWgNA05I2JlYKribF2DUYcYdnn pWLNdLyp8lbvMkoNUVIdiGBbIMXe8ZFNAhNTCm8Cxw/FEo1YJ46zPqguF9+n1dB+ Hg7KHwA9tx2GiOWEHAT4Mta/ATEuEBFcyaqvM1Pkg1VO6CSnwC3alBSBbDAg+MRw AGLoH6nCxX0tLwPYSXU6YLxmSsvZh4/Zun4FX9QLgHvEWPnxCr2xKEuEXN8O5W8v gwEcaf8g+y2LANE+nwyBVi1JYTHJH1h92Dv2q4Kz0BM2vHJo2aNhW0rC+ItNSO6p lNSHCCee6iRNyPIK/aTpP6/6pt5XRmnJTsprDO6BNsjEWHVlHMXVv2+q2SeEJmYd vQsCghh92HNba7pN2ihNgMLI6coUkA/REasrXxln0+h57dJbuBUaYm22acQeuA67 0jc8iaJPGn6O7K06BOq/R48Eq72BAoHBAP8QWhMPc5Mkwvf+Bl1kgMLrWq0oj45m uIHLxoY7xnSx6Keu4FEAvzORJa4+oyyy622a0EyvRtq5iCld/222eD8GDy4mTIUU 3lGT4cFTP53cC+jXEpyCNJ3bL1DdBtV5b9kRWSlHMj1FSsQ4WYYwhQ/PnxkaPqAw HyHBhc7Xl8yQd17DpYoDO+Bqnwy2L6L/aGmiKNH1OPPLQPw1B6l6xqtKZV+cEwIg oNNV7Sxj1LBhyt3zhhqYWS3RhQAQAHCLQQKBwQDKBTCxWECEAu+riYPkhc2/hNEq d8rZAgC1Y/v3+8gTPZC246ZWKMXEeNDxe7rVFMix7O9ev8x92YxfWFs8NDC6wUYw uNjOETlOrduLay2TFkhoKEppKRP8pgZ14rBGWTH4dVzPmoIoDE2cB4uyibQANE83 dnZNCTvubXBWerxuuotHFlA6jAeD5GtKvuNLUn+KeIwy2Mf+RnjkbUZQ17HoLqFa +Y7n8qiEHAd2QfiA2UD+vB8YEwfndmXYyRvkR9sCgcEA/OVlqghj+70zY1gHT4pa 8OkSmyXgUL0gq/E0Adw6xXGw0LHfz/EBo0uDJOUOPT+Zlq8tYRtZEX1ruDhvDoUh bLvBSWzH6hvq4s/RwzGbnhWT6WV2GqAvM2Uj4PWF1Rv2/i7pTLg+4+lUXIHSoe5x wF+HzAftmD6eX4XV+mRhKn8DHH64H8NdFwIgeSYazW6YRER4XNTbhz48TNT3p98I JMY7BTVm03EuhNxpsN27ALe1waO3j58GrRtU198F0JEBAoHAJLgcyZ9I2rXN6lfs aTUI2K7DdfygGiGLD21E9yYEj7q4+wUVzsNKbxOmpr3ej6xfbjeqqoYiHR3Vrd7Z dm/mC4vlviVbAtmOmQZwyT6J4hpCvuvT2plk0J88vWCeuaqssoRigjmLPsw9rwaQ FbuBxCe93k7h4c6z3fp2WMGmTloJxrn/iyS4mPiDp+paVe6A0CJpGTTd5RHaF2rl RPxvkcwn9+k0WGR6zMhrcss65/CVJ7f5zt5mqWOTz3t+XlfRAoHBAMDw34EcxNb9 uzOBqaKvZmCWxtNtQX1fPQyOjd0LC3eXCMn14S4L9s92ZKDXT3E9a/fNY7Ssoh/m BTHCW3/rUkeT4PSi1vyPC3NvXU8L0o3NeGhLPUlFN7cGB5+dOCGZ3VkgJ7bD6sW5 QBLqgsUa7dRkcj6G+mAWCpeMAamEnjawWTUUccBShhk2wSuDixYAzA6Jk81IG2Qt zKxJGT52cyFcaCHomXLw6VWUx7p84dRTkcxNdaADqWc33KXJ+z7t4A== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIEjTCCAvWgAwIBAgIQMoh3rK2TanJ16RXfKvy3aTANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgyNloXDTIxMTIyMzIwMjgy NlowKjEoMCYGA1UEAwwfb2tjZXJ0LXJzYS0zMDcyLXJzYS0zMDcyLW9rLnBlbTCC AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMlIEuiPsEAEqYBq4ItPcOvf jN6loiRTohWY3eeWlw7Ib8XXEJyCEHw7Cn+YsAHg5HmoSbaR6GZCDJG1FSmsgYVU DMBerU/wSkL72KV4wUGqCzOAHUhZFRNBYi81bc1kSQSB1plwiIXci/l5OyopTe9N N8R9Yv15394PghTr3EN5A1J+BOJMlk4mJIKf5uXpEL+xp6SxFgdNCiXol/6gledZ DWDkupPNS/vccSmd2R9TUxPhrN1O0bRt5SSK0cz0hL4qY2oX0GhmABBC1cBJP4xA y+i9YfhEMKoLRyuHBzFTngSQxe5rwgCwknFXKM4uz6HbXKS3c1G0L1JyWQhS45Ei uwl1ftMteGAngkdEWZilD4dlryQAgIn8Z4Q2YY/AdYOTGBv1vz6zcuh7xbPrVBnN HtzarlbzHSepuIi6vakPioHYZbL3CqExqIpIFdmsYeJCns2h0VEWkcrrZMqUb0jA nR2Gza+n9xmYKGF5WcgDLsuYLUolqPESmO7Ed8onmwIDAQABo4HGMIHDMAkGA1Ud EwQCMAAwHQYDVR0OBBYEFGQaI6GMmq1jRgsRaWMcVUTEgVabMEkGA1UdIwRCMECA FPxoPZdN2UBTjpk1gPgQS7NXOo09oRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghA5 G5UMrn1WC19QNfNArB1aMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIF oDAqBgNVHREEIzAhgh9va2NlcnQtcnNhLTMwNzItcnNhLTMwNzItb2sucGVtMA0G CSqGSIb3DQEBCwUAA4IBgQCF/Hds+ku0AheERB0iW1jJQ2EVnWutJrayGZrjJ+iR QGAj0ZMih2DzfxYv+9CMvaOjFf8Ya/CopSDS7kQ3+YKRy0kRKf3DRmjIokNf7UiZ MH7TJWcUnwqBExbbfBluBsFUCHDqWnJsS9dk1SLit0X5aadPIiJIvPDn8rpLS8yZ +rX/PCBBWwcz1186uFa2g5JeqKOn9PUA3PQO8n6IZ8RGBKIMTuIaIMY/ioVeXBOE 1N/1cabQ0dd1f9wLkRd8MZ71w2gG08LfOeDfHb8bif3Ob27/8pm/jZz3ZQjFjAkZ k0CFHbXx4KcjjRICcOq64cYEH5EUCxT16ZrrBBUFtFje6wQ5Vg/cmAWRrRlCmVjK ZtR6jPl8cgIxyZPztMMuJyGkS/d2onEwCQVPE+Nc1uYHztEIkXEpw2a/qf5hp5P5 T+Tzuxpqpg2c9wsh+dQ6EJjtbFmEu6aLPRl1rQSnFNBfhyrdBZgVWgIYz++t9OA3 2UrHGBLU5SYaKTKBBx6TslQ= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-3072-rsa-3072-keyonly.pem000066400000000000000000000046331474542230700243370ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIG5AIBAAKCAYEAyUgS6I+wQASpgGrgi09w69+M3qWiJFOiFZjd55aXDshvxdcQ nIIQfDsKf5iwAeDkeahJtpHoZkIMkbUVKayBhVQMwF6tT/BKQvvYpXjBQaoLM4Ad SFkVE0FiLzVtzWRJBIHWmXCIhdyL+Xk7KilN7003xH1i/Xnf3g+CFOvcQ3kDUn4E 4kyWTiYkgp/m5ekQv7GnpLEWB00KJeiX/qCV51kNYOS6k81L+9xxKZ3ZH1NTE+Gs 3U7RtG3lJIrRzPSEvipjahfQaGYAEELVwEk/jEDL6L1h+EQwqgtHK4cHMVOeBJDF 7mvCALCScVcozi7PodtcpLdzUbQvUnJZCFLjkSK7CXV+0y14YCeCR0RZmKUPh2Wv JACAifxnhDZhj8B1g5MYG/W/PrNy6HvFs+tUGc0e3NquVvMdJ6m4iLq9qQ+Kgdhl svcKoTGoikgV2axh4kKezaHRURaRyutkypRvSMCdHYbNr6f3GZgoYXlZyAMuy5gt SiWo8RKY7sR3yiebAgMBAAECggGAMFz8Bhs4azlzjOKhT3foFxTg4UKFIhtiT7Qq ZZH+e9PXX38cg66QzXjWPfBvIhRqcXzpMU//ukpWgNA05I2JlYKribF2DUYcYdnn pWLNdLyp8lbvMkoNUVIdiGBbIMXe8ZFNAhNTCm8Cxw/FEo1YJ46zPqguF9+n1dB+ Hg7KHwA9tx2GiOWEHAT4Mta/ATEuEBFcyaqvM1Pkg1VO6CSnwC3alBSBbDAg+MRw AGLoH6nCxX0tLwPYSXU6YLxmSsvZh4/Zun4FX9QLgHvEWPnxCr2xKEuEXN8O5W8v gwEcaf8g+y2LANE+nwyBVi1JYTHJH1h92Dv2q4Kz0BM2vHJo2aNhW0rC+ItNSO6p lNSHCCee6iRNyPIK/aTpP6/6pt5XRmnJTsprDO6BNsjEWHVlHMXVv2+q2SeEJmYd vQsCghh92HNba7pN2ihNgMLI6coUkA/REasrXxln0+h57dJbuBUaYm22acQeuA67 0jc8iaJPGn6O7K06BOq/R48Eq72BAoHBAP8QWhMPc5Mkwvf+Bl1kgMLrWq0oj45m uIHLxoY7xnSx6Keu4FEAvzORJa4+oyyy622a0EyvRtq5iCld/222eD8GDy4mTIUU 3lGT4cFTP53cC+jXEpyCNJ3bL1DdBtV5b9kRWSlHMj1FSsQ4WYYwhQ/PnxkaPqAw HyHBhc7Xl8yQd17DpYoDO+Bqnwy2L6L/aGmiKNH1OPPLQPw1B6l6xqtKZV+cEwIg oNNV7Sxj1LBhyt3zhhqYWS3RhQAQAHCLQQKBwQDKBTCxWECEAu+riYPkhc2/hNEq d8rZAgC1Y/v3+8gTPZC246ZWKMXEeNDxe7rVFMix7O9ev8x92YxfWFs8NDC6wUYw uNjOETlOrduLay2TFkhoKEppKRP8pgZ14rBGWTH4dVzPmoIoDE2cB4uyibQANE83 dnZNCTvubXBWerxuuotHFlA6jAeD5GtKvuNLUn+KeIwy2Mf+RnjkbUZQ17HoLqFa +Y7n8qiEHAd2QfiA2UD+vB8YEwfndmXYyRvkR9sCgcEA/OVlqghj+70zY1gHT4pa 8OkSmyXgUL0gq/E0Adw6xXGw0LHfz/EBo0uDJOUOPT+Zlq8tYRtZEX1ruDhvDoUh bLvBSWzH6hvq4s/RwzGbnhWT6WV2GqAvM2Uj4PWF1Rv2/i7pTLg+4+lUXIHSoe5x wF+HzAftmD6eX4XV+mRhKn8DHH64H8NdFwIgeSYazW6YRER4XNTbhz48TNT3p98I JMY7BTVm03EuhNxpsN27ALe1waO3j58GrRtU198F0JEBAoHAJLgcyZ9I2rXN6lfs aTUI2K7DdfygGiGLD21E9yYEj7q4+wUVzsNKbxOmpr3ej6xfbjeqqoYiHR3Vrd7Z dm/mC4vlviVbAtmOmQZwyT6J4hpCvuvT2plk0J88vWCeuaqssoRigjmLPsw9rwaQ FbuBxCe93k7h4c6z3fp2WMGmTloJxrn/iyS4mPiDp+paVe6A0CJpGTTd5RHaF2rl RPxvkcwn9+k0WGR6zMhrcss65/CVJ7f5zt5mqWOTz3t+XlfRAoHBAMDw34EcxNb9 uzOBqaKvZmCWxtNtQX1fPQyOjd0LC3eXCMn14S4L9s92ZKDXT3E9a/fNY7Ssoh/m BTHCW3/rUkeT4PSi1vyPC3NvXU8L0o3NeGhLPUlFN7cGB5+dOCGZ3VkgJ7bD6sW5 QBLqgsUa7dRkcj6G+mAWCpeMAamEnjawWTUUccBShhk2wSuDixYAzA6Jk81IG2Qt zKxJGT52cyFcaCHomXLw6VWUx7p84dRTkcxNdaADqWc33KXJ+z7t4A== -----END RSA PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-rsa-3072-rsa-3072-malformed.pem000066400000000000000000000077751474542230700246250ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIG5AIBAAKCAYEAyUgS6I+wQASpgGrgi09w69+M3qWiJFOiFZje55aXDshvxedQ nIIQfDsKf5iwAfDkfahJtpHoZkIMkbUVKayBhVQMwF6tT/BKQvvYpXjBQaoLM4Ae SFkVE0FiLzVtzWRJBIHWmXCIheyL+Xk7KilN7003xH1i/Xnf3g+CFOvdQ3kDUn4E 4kyWTiYkgp/m5fkQv7GnpLEWB00KJfiX/qCV51kNYOS6k81L+9xxKZ3ZH1NTE+Gs 3U7RtG3lJIrRzPSEvipjahfQaGYAEELVwEk/jEDL6L1h+EQwqgtHK4dHMVOfBJDF 7mvCALCSdVdozi7PoetdpLezUbQvUnJZCFLjkSK7CXV+0y14YCfCR0RZmKUPh2Wv JACAifxnhDZhj8B1g5MYG/W/PrNy6HvFs+tUGd0f3NquVvMeJ6m4iLq9qQ+Kgehl svdKoTGoikgV2axh4kKfzaHRURaRyutkypRvSMCeHYbNr6f3GZgoYXlZyAMuy5gt SiWo8RKY7sR3yifbAgMBAAECggGAMFz8Bhs4azlzjOKhT3foFxTg4UKFIhtiT7Qq ZZH+f9PXX38dg66QzXjWPfBvIhRqdXzpMU//ukpWgNA05I2JlYKribF2DUYdYenn pWLNeLyp8lbvMkoNUVIeiGBbIMXf8ZFNAhNTCm8Cxw/FEo1YJ46zPqguF9+n1eB+ Hg7KHwA9tx2GiOWEHAT4Mta/ATEuEBFdyaqvM1Pkg1VO6CSnwC3alBSBbDAg+MRw AGLoH6nCxX0tLwPYSXU6YLxmSsvZh4/Zun4FX9QLgHvEWPnxCr2xKEuEXN8O5W8v gwEdaf8g+y2LANE+nwyBVi1JYTHJH1h92Dv2q4Kz0BM2vHJo2aNhW0rC+ItNSO6p lNSHCCf6iRNyPIK/aTpP6/6pt5XRmnJTsprDO6BNsjEWHVlHMXVv2+q2SfEJmYe vQsCghh92HNba7pN2ihNgMLI6doUkA/REasrXxln0+h57eJbuBUaYm22adQfuA67 0jd8iaJPGn6O7K06BOq/R48Eq72BAoHBAP8QWhMPd5Mkwvf+Bl1kgMLrWq0oj45m uIHLxoY7xnSx6Kfu4FEAvzORJa4+oyyy622a0EyvRtq5iCle/222fD8GDy4mTIUU 3lGT4dFTP53dC+jXEpyCNJ3bL1DeBtV5b9kRWSlHMj1FSsQ4WYYwhQ/PnxkaPqAw HyHBhd7Xl8yQe17DpYoDO+Bqnwy2L6L/aGmiKNH1OPPLQPw1B6l6xqtKZV+dEwIg oNNV7Sxj1LBhyt3zhhqYWS3RhQAQAHCLQQKBwQDKBTCxWECEAu+riYPkhd2/hNEq e8rZAgC1Y/v3+8gTPZC246ZWKMXEfNDxf7rVFMix7O9fv8x92YxfWFs8NDC6wUYw uNjOETlOreuLay2TFkhoKEppKRP8pgZ14rBGWTH4eVzPmoIoDE2dB4uyibQANE83 enZNCTvubXBWfrxuuotHFlA6jAfD5GtKvuNLUn+KfIwy2Mf+RnjkbUZQ17HoLqFa +Y7n8qiEHAe2QfiA2UD+vB8YEwfnemXYyRvkR9sCgdEA/OVlqghj+70zY1gHT4pa 8OkSmyXgUL0gq/E0Aew6xXGw0LHfz/EBo0uDJOUOPT+Zlq8tYRtZEX1ruDhvDoUh bLvBSWzH6hvq4s/RwzGbnhWT6WV2GqAvM2Uj4PWF1Rv2/i7pTLg+4+lUXIHSof5x wF+HzAftmD6fX4XV+mRhKn8DHH64H8NeFwIgfSYazW6YRER4XNTbhz48TNT3p98I JMY7BTVm03EuhNxpsN27ALf1waO3j58GrRtU198F0JEBAoHAJLgdyZ9I2rXN6lfs aTUI2K7DefygGiGLD21E9yYEj7q4+wUVzsNKbxOmpr3fj6xfbjfqqoYiHR3Vre7Z em/mC4vlviVbAtmOmQZwyT6J4hpCvuvT2plk0J88vWCfuaqssoRigjmLPsw9rwaQ FbuBxCf93k7h4d6z3fp2WMGmTloJxrn/iyS4mPiDp+paVf6A0CJpGTTe5RHaF2rl RPxvkdwn9+k0WGR6zMhrdss65/CVJ7f5zt5mqWOTz3t+XlfRAoHBAMDw34EdxNb9 uzOBqaKvZmCWxtNtQX1fPQyOje0LC3fXCMn14S4L9s92ZKDXT3E9a/fNY7Ssoh/m BTHCW3/rUkfT4PSi1vyPC3NvXU8L0o3NfGhLPUlFN7dGB5+eOCGZ3VkgJ7bD6sW5 QBLqgsUa7eRkdj6G+mAWCpfMAamEnjawWTUUdBShhk2wSuDixYAzA6Jk81IG2Qt zKxJGT52dyFdaCHomXLw6VWUx7p84eRTkdxNeaADqWd33KXJ+z7t4A== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIEjTCCAvWgAwIBAgIQMoh3rK2TanJ16RXfKvy3aTANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAe0ZXN0IENBMB4XDTIxMTIxOTIwMjgyNloXDTIxMTIyMzIwMjgy NlowKjEoMCYGA1UEAwwfb2tjZXJ0LXJzYS0zMDdyLXJzYS0zMDdyLW9rLnBlbTCC AaIwDQYJKoZIhvdNAQEBBQADggGPADCCAYoCggGBAMlIEuiPsEAEqYBq4ItPdOvf jN6loiRTohWY3fWlw7Ib8XXEJyCEHw7Cn+YsAHg5HmoSbaR6GZCDJG1FSmsgYVU DMBfrU/wSkL72KV4wUGqCzOAHUhZFRNBYi81bd1kSQSB1plwiIXdi/l5OyopTf9N N8R9Yv15394PghTr3EN5A1J+BOJMlk4mJIKf5uXpEL+xp6SxFgeNCiXol/6glfeZ DWDkupPNS/vdSme2R9TUxPhrN1O0bRt5SSK0dz0hL4qY2oX0GhmABBC1dBJP4xA y+i9YfhEMKoLRyuHBzFTngSQxf5rwgCwknFXKM4uz6HbXKS3d1G0L1JyWQhS45Ei uwl1ftMtfGAngkeEWZilD4elryQAgIn8Z4Q2YY/AeYOTGBv1vz6zduh7xbPrVBnN HtzarlbzHSfpuIi6vakPioHYZbL3CqExqIpIFemsYfJCns2h0VEWkdrrZMqUb0jA nR2Gza+n9xmYKGF5WdgDLsuYLUolqPESmO7Ee8onmwIDAQABo4HGMIHDMAkGA1Ue EwQCMAAwHQYDVR0OBBYEFGQaI6GMmq1jRgsRaWMdVUTEgVabMEkGA1UeIwRCMECA FPxoPZeN2UBTjpk1gPgQS7NXOo09oRakFDASMRAwDgYDVQQDDAe0ZXN0IENBghA5 G5UMrn1WC19QNfNArB1aMBMGA1UeJQQMMAoGCCsGAQUFBwMBMAsGA1UeDwQEAwIF oDAqBgNVHREEIzAhgh9va2NldnQtdnNhLTMwNzItdnNhLTMwNzItb2sudGVtMA0G CSqGSIb3DQEBCwUAA4IBgQCF/Hes+ku0AhfERB0iW1jJQ2EVnWutJrayGZrjJ+iR QGAj0ZMih2DzfxYv+9CMvaOjFf8Ya/CopSDS7kQ3+YKRy0kRKf3DRmjIokNf7UiZ MH7TJWdUnwqBExbbfBluBsFUCHDqWnJsS9ek1SLit0X5aaePIiJIvPDn8rpLS8yZ +rX/PCBBWwdz1186uFa2g5JfqKOn9PUA3PQO8n6IZ8RGBKIMTuIaIMY/ioVfXBOE 1N/1dabQ0e1f9wLkRe8MZ71w2gG08LfOfDfHb8bif3Ob27/8pm/jZz3ZQjFjAkZ k0CFHbXx4KdjjRICdOq64dYEH5EUCxT16ZrrBBUFtFjf6wQ5Vg/dmAWRrRlCmVjK ZtR6jPl8dgIxyZPztMMuJyGkS/e2onEwCQVPE+Nd1uYHztEIkXEpw2a/qf5hp5P5 T+Tzuxpqpg2d9wsh+eQ6EJjtbFmEu6aLPRl1rQSnFNBfhyreBZgVWgIYz++t9OA3 2UrHGBLU5SYaKTKBBx6TslQ= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-3072-rsa-4096-extrabegin.pem000066400000000000000000000117411474542230700250020ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIJKgIBAAKCAgEAu4SqNUpXKz1YaGAEYVZx1or/y62d0F4tjxCODEXhIUKPDxUC pNf1UKtXmhuBQ5RMPZa9eN56RDGJlK4LB79UQWBY+oH+wPiGPy9iPlWuHlvySHDK ZufkbU8/B13FpL7y/9jo4EABVuwk0dpyAfFxpHqSFyh1RVDjySe0is6CXvT5o0P/ 5t1O91wX+xhfDAcqBBhKPk3+lrKhWyFW0tpdXNLaZrk8oSRZG2pY5jpNd+0GK/xJ dmz2SibB1IAI23ENhHs/N8MjHqKKgwuwyyseh9+6hD1qdPKfdqHlZAdZthm1c+AM 78ndgjXSccrikamW47vdlSg1nQagaVVNyETRW9nYLkIN+5z1ek+8wvG45hCUkWf0 uV7fRS8eqMjr/954FbGz4XngZXKOzevltaykqADvB5sl1swKzpslWfrzhc1WwlgJ xKtmRA7bDpa22Cm1EmylDHdlzipCqnyWnLGntmx8jOJ7rLYkE+GVfNDF5TAvIylm 6vMj7z3Qf8CLC12sqxPXs1tulagxQzpHvc49n5ahxCgxkl6sMf73ncgA+rj6lfH5 7N3NJTBe6MOt53dskFVzJkj+/ictQPpRVrfGSSuga2JxKvzMjT9FaWaNZmGC7zHC ywP54HEphuS/n9hh59O48Eg8Ctbm9YwtAVhL0Trh7r5jflxcZwmqdHwcKPMCAwEA AQKCAgA1D+BePhAWk0BeILV8mcqSzDh/+TwMB2pa7nNTs751+/Chcu+Rl+66ChI6 8IeOiPtd/jbVahctDtuAsBM8+P4tlcb39CsTjf/nB1CElRg1TQ1tREVyAzKXX/JU 8ksISGRY05dqRZJbd20f2PGj7R+cTHbkiLVOjQo4FL04/iDUH/w4H/jc6kj7JBtB GW9j5u8Tw4/Wu5lMKXYRZIi+F76NkrjskoQ+kRuJ73kChQMA6Zhyf+yFz2WOLBNz P1vCROZvU7Ta4aQhehs54+f+RdBY4I1V+E8Uksde+YcA3DedmP7IsGDYxcWhn/tR 6fhdAaFKBhI4r+0j5wkjZVkiT57yI9r5lVKfViAB9hfNjTKdNBP+LOdp7PBfE1VQ tXc3p+LT5YWmn4Oc8ppOVsNOoocLeYqdkHpE/1BzhoAc6MO5nfHLKI6MKByjMpfd oj/D5OlFNegfiurms0P/H8bNHgh+U7kfx3PK1VyOzeMC6LcsjyHe2ZQLyHd6drzV yGKxQ65acrQgGguGWWeXCbSSzRrpgN5wUDulYngK89vyQhEgzMusyB1p/+CanLSz 5BBQBH1iL+Qfip7nAKdQJ6zqUn/kEMz6tyKyY9sVI1QDl3zH9KZR9EBLLt0Cvy9U mml5xT3goN8qV6ahSxh86qKxklkl6oxCwld4qQ8TUQ4HN6RfeQKCAQEA3iq2C1Kd o9VYUiYQQVIoEp24bK+NcWk1s6yHM074vu5mDGEn7hBDQ7uMZc9Pql1zcTDtk+bE NXHZUqJNRmoAlOznJzbBWSd1XPWiSllHziLFHWsWaVElOgoScKfgZTMc/LND6Q51 X+i1rEbOOgEp8wh/1wNjnRQfqz9pUsm0+P0dXKdGFqdiDvbe5SA7FnTFrJNuucHr xkDCEex0B3wP4Wt8pZw89Q79kUC9q0h3uaW9u86uwKH92ap+POiQLs+hKqCbH2rL /IyIZPLMSSHAyPk0cDC6Rg9MgDR4EYb6+XFzSMNQZX9t2s4dd5coL8tLJZJF98gP Y0x2YgYAaw3rZwKCAQEA2BMo1c8x2CuFJSsyAXiyKoIExSK0Z8pZXd8oGmI/Y09h QqgTFAtDvPNL48uyuLEqsnkNIkN7wT8YOPWiFTMdQFFTGn43pOTv+Up7G9L+qIAX rW+VobYNAM3eKV1BAFSRiaKq6FfGMevaaa7qD7vrpWwg/VeYxxZh8y27LfWMzfZa lXUbD9uVwvkXd2h3aqoElhXh00NUn8V9ic5hniChmQFczdVazUcdJ1V80dqJcpRN s+hdNiOUpkSPtKgKXQkQN23I8agp3+LoyHjBiZXlRNpPebA4whwyHx4dXVFoBoxu blUQcrq5Ce6TQ7Rk7P7pc1Rcv1fK5uZGC9Q2XbrqlQKCAQEA0LjpzNtyNNCkKJGQ Jf5MnajF8n4/8XO5uzL01lR0R9Tr1OeWPwfSWhkifyf0nYcshQRFv/VHEzsBxKus 0+GU6FVlmabMobj7fzlanmUgm954t/m61Xkh81QxHNvrashJjHPS8mreBRw5SkA/ Ual0QtsSV+vcM2ALnLR3fAr61g3e/wQ8Sd45tvtiT3snaCKO8GKW3Tf+DYUbjwFJ xRpeRRbZxTFy53yM52EekIQFz0mSZpZ4AYxvVIbkEM8hXok8zjKTakHIoV1aaxTc rjxixa2zAVAWQOnwomYpA7Z/pchbWdn9d03v5GhOsOM3IyfoUsUIrRCsvErC0bb3 v5wVMwKCAQEAzuIBXj4k7mI0+HKUTX5fsH2OzaW98AZ5bHzHLAPXx2FwsV617aIf eGHGztPxSg8v33Qx1BWi/1NHAPqG9x9aqYN0O1CQPIyLDDh5CRoLhBApG4FUVmI1 rwht51MHcqaGNq8OTqoD9TZqiHfWWbxHErsmFwtxF2Xh4PFvX8DU0TtIXgOjJprL mMPg6Q6YEAO7omxPLXUxKEzyNyjopHt/3jzEu7vFVfj5+/hJK7C/m3pNr60S2kxU /qF0qreePJf58+hk1qR5e4kJ8zBTtkVUIImaQNwubASNJOgzm27fWC3Lak5+Eiug EddhHxkw7Q3hPfCPYRFRD6V5ecf1Sec2xQKCAQEAsfvJ1oD1mGPHksHUOjdRf6bX 2eos7saT7iFFW1T8M6uZkEMC/e5GYHp+Eb1moJPwqYq0va9rOkfd/L21JU5zCoCX 22bGQ95dAudB9Y8KU2vPm3PiOZIgnHg5AAlRf6U9j/8fBQiIkBkupA3MSrBGZp+A KB2uMRyrCoLS1KIP0/Hkp+FRqfhsKfP4YhGQKsMwQdSuJ7e85be+2Dmt4kDH/KIv zY8OD60O2ZKjcKZ+m7ppzngBCQpSxJn6eLx5q9lIEWdKZE12CtxC5joHv1nVyiSK 7Rtn/JCnq2uHRYmXFC2/W4voVfikPjhUzysAOVNDtMK2glPC9bkn5zzMN14Ytw== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIFDjCCA3agAwIBAgIRAJ+f/bVaR+FVXy79CtM6siIwDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MzFaFw0yMTEyMjMyMDI4 MzFaMCoxKDAmBgNVBAMMH29rY2VydC1yc2EtMzA3Mi1yc2EtNDA5Ni1vay5wZW0w ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC7hKo1SlcrPVhoYARhVnHW iv/LrZ3QXi2PEI4MReEhQo8PFQKk1/VQq1eaG4FDlEw9lr143npEMYmUrgsHv1RB YFj6gf7A+IY/L2I+Va4eW/JIcMpm5+RtTz8HXcWkvvL/2OjgQAFW7CTR2nIB8XGk epIXKHVFUOPJJ7SKzoJe9PmjQ//m3U73XBf7GF8MByoEGEo+Tf6WsqFbIVbS2l1c 0tpmuTyhJFkbaljmOk137QYr/El2bPZKJsHUgAjbcQ2Eez83wyMeooqDC7DLKx6H 37qEPWp08p92oeVkB1m2GbVz4Azvyd2CNdJxyuKRqZbju92VKDWdBqBpVU3IRNFb 2dguQg37nPV6T7zC8bjmEJSRZ/S5Xt9FLx6oyOv/3ngVsbPheeBlco7N6+W1rKSo AO8HmyXWzArOmyVZ+vOFzVbCWAnEq2ZEDtsOlrbYKbUSbKUMd2XOKkKqfJacsae2 bHyM4nustiQT4ZV80MXlMC8jKWbq8yPvPdB/wIsLXayrE9ezW26VqDFDOke9zj2f lqHEKDGSXqwx/vedyAD6uPqV8fns3c0lMF7ow63nd2yQVXMmSP7+Jy1A+lFWt8ZJ K6BrYnEq/MyNP0VpZo1mYYLvMcLLA/ngcSmG5L+f2GHn07jwSDwK1ub1jC0BWEvR OuHuvmN+XFxnCap0fBwo8wIDAQABo4HGMIHDMAkGA1UdEwQCMAAwHQYDVR0OBBYE FNKY4SRHFYoPe6Q3+n/H6Y6rkEPFMEkGA1UdIwRCMECAFPxoPZdN2UBTjpk1gPgQ S7NXOo09oRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghA5G5UMrn1WC19QNfNArB1a MBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAqBgNVHREEIzAhgh9v a2NlcnQtcnNhLTMwNzItcnNhLTQwOTYtb2sucGVtMA0GCSqGSIb3DQEBCwUAA4IB gQAWrHjCljFXnyXkJJHQcHl3YrhygiSxTkXQ2KctdD2rospmpUmRY1a/HcikMlMr AelFXULwKpAd6AO3d1mSb/N/puHOnMOJvc4YqPy208Eq4ecu9LzGHmbFxqVz/EeZ 31iotKmaOML1t6YMxJJw0Qiyqa3EPFqNeWVnj1D2OIPisjKL6u2jQpFeRMOT9DWK IOdWgJFNTqkMHO5Rj3fCoQwYd4R7ffMg806UNfRDncALaakdPRvVuIKdU28tXMbw NjrG+a8naVu/YKeEg9gXvVSCr+2IJnT58d729vx2Cf/6j4u4JoO2sbz20w3NP0EQ Q5BMMCVb8IU1lo/uu7Z7TLWZdeftZssGFoXFBI08IR3vtmNlcMhYeBZ0K5pYnhur BHl79Ikkn+ohh7GVWCV1SS529EDLM0JRFJu8PngjkrsxoW36sFnuLcBdPKIvdoA/ QB59ai/8TwStsp5TBJeMWSPKiHAnPUyWlkPRaoPOerTTRGDiomV2wSHkqzOChw7h wMI= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-3072-rsa-4096-keyonly.pem000066400000000000000000000062571474542230700243520ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIJKgIBAAKCAgEAu4SqNUpXKz1YaGAEYVZx1or/y62d0F4tjxCODEXhIUKPDxUC pNf1UKtXmhuBQ5RMPZa9eN56RDGJlK4LB79UQWBY+oH+wPiGPy9iPlWuHlvySHDK ZufkbU8/B13FpL7y/9jo4EABVuwk0dpyAfFxpHqSFyh1RVDjySe0is6CXvT5o0P/ 5t1O91wX+xhfDAcqBBhKPk3+lrKhWyFW0tpdXNLaZrk8oSRZG2pY5jpNd+0GK/xJ dmz2SibB1IAI23ENhHs/N8MjHqKKgwuwyyseh9+6hD1qdPKfdqHlZAdZthm1c+AM 78ndgjXSccrikamW47vdlSg1nQagaVVNyETRW9nYLkIN+5z1ek+8wvG45hCUkWf0 uV7fRS8eqMjr/954FbGz4XngZXKOzevltaykqADvB5sl1swKzpslWfrzhc1WwlgJ xKtmRA7bDpa22Cm1EmylDHdlzipCqnyWnLGntmx8jOJ7rLYkE+GVfNDF5TAvIylm 6vMj7z3Qf8CLC12sqxPXs1tulagxQzpHvc49n5ahxCgxkl6sMf73ncgA+rj6lfH5 7N3NJTBe6MOt53dskFVzJkj+/ictQPpRVrfGSSuga2JxKvzMjT9FaWaNZmGC7zHC ywP54HEphuS/n9hh59O48Eg8Ctbm9YwtAVhL0Trh7r5jflxcZwmqdHwcKPMCAwEA AQKCAgA1D+BePhAWk0BeILV8mcqSzDh/+TwMB2pa7nNTs751+/Chcu+Rl+66ChI6 8IeOiPtd/jbVahctDtuAsBM8+P4tlcb39CsTjf/nB1CElRg1TQ1tREVyAzKXX/JU 8ksISGRY05dqRZJbd20f2PGj7R+cTHbkiLVOjQo4FL04/iDUH/w4H/jc6kj7JBtB GW9j5u8Tw4/Wu5lMKXYRZIi+F76NkrjskoQ+kRuJ73kChQMA6Zhyf+yFz2WOLBNz P1vCROZvU7Ta4aQhehs54+f+RdBY4I1V+E8Uksde+YcA3DedmP7IsGDYxcWhn/tR 6fhdAaFKBhI4r+0j5wkjZVkiT57yI9r5lVKfViAB9hfNjTKdNBP+LOdp7PBfE1VQ tXc3p+LT5YWmn4Oc8ppOVsNOoocLeYqdkHpE/1BzhoAc6MO5nfHLKI6MKByjMpfd oj/D5OlFNegfiurms0P/H8bNHgh+U7kfx3PK1VyOzeMC6LcsjyHe2ZQLyHd6drzV yGKxQ65acrQgGguGWWeXCbSSzRrpgN5wUDulYngK89vyQhEgzMusyB1p/+CanLSz 5BBQBH1iL+Qfip7nAKdQJ6zqUn/kEMz6tyKyY9sVI1QDl3zH9KZR9EBLLt0Cvy9U mml5xT3goN8qV6ahSxh86qKxklkl6oxCwld4qQ8TUQ4HN6RfeQKCAQEA3iq2C1Kd o9VYUiYQQVIoEp24bK+NcWk1s6yHM074vu5mDGEn7hBDQ7uMZc9Pql1zcTDtk+bE NXHZUqJNRmoAlOznJzbBWSd1XPWiSllHziLFHWsWaVElOgoScKfgZTMc/LND6Q51 X+i1rEbOOgEp8wh/1wNjnRQfqz9pUsm0+P0dXKdGFqdiDvbe5SA7FnTFrJNuucHr xkDCEex0B3wP4Wt8pZw89Q79kUC9q0h3uaW9u86uwKH92ap+POiQLs+hKqCbH2rL /IyIZPLMSSHAyPk0cDC6Rg9MgDR4EYb6+XFzSMNQZX9t2s4dd5coL8tLJZJF98gP Y0x2YgYAaw3rZwKCAQEA2BMo1c8x2CuFJSsyAXiyKoIExSK0Z8pZXd8oGmI/Y09h QqgTFAtDvPNL48uyuLEqsnkNIkN7wT8YOPWiFTMdQFFTGn43pOTv+Up7G9L+qIAX rW+VobYNAM3eKV1BAFSRiaKq6FfGMevaaa7qD7vrpWwg/VeYxxZh8y27LfWMzfZa lXUbD9uVwvkXd2h3aqoElhXh00NUn8V9ic5hniChmQFczdVazUcdJ1V80dqJcpRN s+hdNiOUpkSPtKgKXQkQN23I8agp3+LoyHjBiZXlRNpPebA4whwyHx4dXVFoBoxu blUQcrq5Ce6TQ7Rk7P7pc1Rcv1fK5uZGC9Q2XbrqlQKCAQEA0LjpzNtyNNCkKJGQ Jf5MnajF8n4/8XO5uzL01lR0R9Tr1OeWPwfSWhkifyf0nYcshQRFv/VHEzsBxKus 0+GU6FVlmabMobj7fzlanmUgm954t/m61Xkh81QxHNvrashJjHPS8mreBRw5SkA/ Ual0QtsSV+vcM2ALnLR3fAr61g3e/wQ8Sd45tvtiT3snaCKO8GKW3Tf+DYUbjwFJ xRpeRRbZxTFy53yM52EekIQFz0mSZpZ4AYxvVIbkEM8hXok8zjKTakHIoV1aaxTc rjxixa2zAVAWQOnwomYpA7Z/pchbWdn9d03v5GhOsOM3IyfoUsUIrRCsvErC0bb3 v5wVMwKCAQEAzuIBXj4k7mI0+HKUTX5fsH2OzaW98AZ5bHzHLAPXx2FwsV617aIf eGHGztPxSg8v33Qx1BWi/1NHAPqG9x9aqYN0O1CQPIyLDDh5CRoLhBApG4FUVmI1 rwht51MHcqaGNq8OTqoD9TZqiHfWWbxHErsmFwtxF2Xh4PFvX8DU0TtIXgOjJprL mMPg6Q6YEAO7omxPLXUxKEzyNyjopHt/3jzEu7vFVfj5+/hJK7C/m3pNr60S2kxU /qF0qreePJf58+hk1qR5e4kJ8zBTtkVUIImaQNwubASNJOgzm27fWC3Lak5+Eiug EddhHxkw7Q3hPfCPYRFRD6V5ecf1Sec2xQKCAQEAsfvJ1oD1mGPHksHUOjdRf6bX 2eos7saT7iFFW1T8M6uZkEMC/e5GYHp+Eb1moJPwqYq0va9rOkfd/L21JU5zCoCX 22bGQ95dAudB9Y8KU2vPm3PiOZIgnHg5AAlRf6U9j/8fBQiIkBkupA3MSrBGZp+A KB2uMRyrCoLS1KIP0/Hkp+FRqfhsKfP4YhGQKsMwQdSuJ7e85be+2Dmt4kDH/KIv zY8OD60O2ZKjcKZ+m7ppzngBCQpSxJn6eLx5q9lIEWdKZE12CtxC5joHv1nVyiSK 7Rtn/JCnq2uHRYmXFC2/W4voVfikPjhUzysAOVNDtMK2glPC9bkn5zzMN14Ytw== -----END RSA PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-rsa-3072-rsa-4096-malformed.pem000066400000000000000000000116751474542230700246260ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIJKgIBAAKCAgEAu4SqNUpXKz1YaGAEYVZx1or/y62e0F4tjxCODEXhIUKPDxUC pNf1UKtXmhuBQ5RMPZa9fN56RDGJlK4LB79UQWBY+oH+wPiGPy9iPlWuHlvySHDK ZufkbU8/B13FpL7y/9jo4EABVuwk0epyAfFxpHqSFyh1RVDjySf0is6CXvT5o0P/ 5t1O91wX+xhfDAdqBBhKPk3+lrKhWyFW0tpeXNLaZrk8oSRZG2pY5jpNe+0GK/xJ emz2SibB1IAI23ENhHs/N8MjHqKKgwuwyysfh9+6hD1qePKfeqHlZAeZthm1d+AM 78negjXSdrikamW47velSg1nQagaVVNyETRW9nYLkIN+5z1fk+8wvG45hCUkWf0 uV7fRS8fqMjr/954FbGz4XngZXKOzfvltaykqADvB5sl1swKzpslWfrzhd1WwlgJ xKtmRA7bDpa22Cm1EmylDHelzipCqnyWnLGntmx8jOJ7rLYkE+GVfNDF5TAvIylm 6vMj7z3Qf8CLC12sqxPXs1tulagxQzpHvd49n5ahxCgxkl6sMf73ndgA+rj6lfH5 7N3NJTBf6MOt53eskFVzJkj+/idtQPpRVrfGSSuga2JxKvzMjT9FaWaNZmGC7zHC ywP54HEphuS/n9hh59O48Eg8Ctbm9YwtAVhL0Trh7r5jflxdZwmqeHwdKPMCAwEA AQKCAgA1D+BfPhAWk0BfILV8mdqSzDh/+TwMB2pa7nNTs751+/Chdu+Rl+66ChI6 8IfOiPte/jbVahdtDtuAsBM8+P4tldb39CsTjf/nB1CElRg1TQ1tREVyAzKXX/JU 8ksISGRY05eqRZJbe20f2PGj7R+dTHbkiLVOjQo4FL04/iDUH/w4H/jd6kj7JBtB GW9j5u8Tw4/Wu5lMKXYRZIi+F76NkrjskoQ+kRuJ73kChQMA6Zhyf+yFz2WOLBNz P1vCROZvU7Ta4aQhfhs54+f+ReBY4I1V+E8Uksef+YdA3DfemP7IsGDYxdWhn/tR 6fheAaFKBhI4r+0j5wkjZVkiT57yI9r5lVKfViAB9hfNjTKeNBP+LOep7PBfE1VQ tXd3p+LT5YWmn4Od8ppOVsNOoodLfYqekHpE/1BzhoAd6MO5nfHLKI6MKByjMpfe oj/D5OlFNfgfiurms0P/H8bNHgh+U7kfx3PK1VyOzfMC6LdsjyHf2ZQLyHe6erzV yGKxQ65adrQgGguGWWfXCbSSzRrpgN5wUDulYngK89vyQhEgzMusyB1p/+CanLSz 5BBQBH1iL+Qfip7nAKeQJ6zqUn/kEMz6tyKyY9sVI1QDl3zH9KZR9EBLLt0Cvy9U mml5xT3goN8qV6ahSxh86qKxklkl6oxCwle4qQ8TUQ4HN6RfQKCAQEA3iq2C1Ke o9VYUiYQQVIoEp24bK+NdWk1s6yHM074vu5mDGEn7hBDQ7uMZd9Pql1zdTDtk+bE NXHZUqJNRmoAlOznJzbBWSe1XPWiSllHziLFHWsWaVElOgoSdKfgZTMd/LND6Q51 X+i1rEbOOgEp8wh/1wNjnRQfqz9pUsm0+P0eXKeGFqeiDvbf5SA7FnTFrJNuudHr xkDCEfx0B3wP4Wt8pZw89Q79kUC9q0h3uaW9u86uwKH92ap+POiQLs+hKqCbH2rL /IyIZPLMSSHAyPk0dDC6Rg9MgDR4EYb6+XFzSMNQZX9t2s4e5doL8tLJZJF98gP Y0x2YgYAaw3rZwKCAQEA2BMo1d8x2CuFJSsyAXiyKoIExSK0Z8pZXe8oGmI/Y09h QqgTFAtDvPNL48uyuLEqsnkNIkN7wT8YOPWiFTMeQFFTGn43pOTv+Up7G9L+qIAX rW+VobYNAM3fKV1BAFSRiaKq6FfGMfvaaa7qD7vrpWwg/VfYxxZh8y27LfWMzfZa lXUbD9uVwvkXe2h3aqoElhXh00NUn8V9id5hniChmQFdzeVazUdeJ1V80eqJdpRN s+heNiOUpkSPtKgKXQkQN23I8agp3+LoyHjBiZXlRNpPfbA4whwyHx4eXVFoBoxu blUQdrq5Cf6TQ7Rk7P7pd1Rdv1fK5uZGC9Q2XbrqlQKCAQEA0LjpzNtyNNCkKJGQ Jf5MnajF8n4/8XO5uzL01lR0R9Tr1OfWPwfSWhkifyf0nYdshQRFv/VHEzsBxKus 0+GU6FVlmabMobj7fzlanmUgm954t/m61Xkh81QxHNvrashJjHPS8mrfBRw5SkA/ Ual0QtsSV+vdM2ALnLR3fAr61g3f/wQ8Se45tvtiT3snaCKO8GKW3Tf+DYUbjwFJ xRpfRRbZxTFy53yM52EfkIQFz0mSZpZ4AYxvVIbkEM8hXok8zjKTakHIoV1aaxTd rjxixa2zAVAWQOnwomYpA7Z/pdhbWen9e03v5GhOsOM3IyfoUsUIrRCsvErC0bb3 v5wVMwKCAQEAzuIBXj4k7mI0+HKUTX5fsH2OzaW98AZ5bHzHLAPXx2FwsV617aIf fGHGztPxSg8v33Qx1BWi/1NHAPqG9x9aqYN0O1CQPIyLDDh5CRoLhBApG4FUVmI1 rwht51MHdqaGNq8OTqoD9TZqiHfWWbxHErsmFwtxF2Xh4PFvX8DU0TtIXgOjJprL mMPg6Q6YEAO7omxPLXUxKEzyNyjopHt/3jzEu7vFVfj5+/hJK7C/m3pNr60S2kxU /qF0qrfPJf58+hk1qR5f4kJ8zBTtkVUIImaQNwubASNJOgzm27fWC3Lak5+Eiug EehHxkw7Q3hPfCPYRFRD6V5fdf1Sfd2xQKCAQEAsfvJ1oD1mGPHksHUOjeRf6bX 2fos7saT7iFFW1T8M6uZkEMC/f5GYHp+Eb1moJPwqYq0va9rOkfe/L21JU5zCoCX 22bGQ95eAueB9Y8KU2vPm3PiOZIgnHg5AAlRf6U9j/8fBQiIkBkupA3MSrBGZp+A KB2uMRyrCoLS1KIP0/Hkp+FRqfhsKfP4YhGQKsMwQeSuJ7f85bf+2Dmt4kDH/KIv zY8OD60O2ZKjdKZ+m7ppzngBCQpSxJn6fLx5q9lIEWeKZE12CtxC5joHv1nVyiSK 7Rtn/JCnq2uHRYmXFC2/W4voVfikPjhUzysAOVNDtMK2glPC9bkn5zzMN14Ytw== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIFDjCCA3agAwIBAgIRAJ+f/bVaR+FVXy79CtM6siIwDQYJKoZIhvdNAQELBQAw EjEQMA4GA1UEAwwHeGVzeCBDQTAfFw0yMTEyMTkyMDI4MzFaFw0yMTEyMjMyMDI4 MzFaMCoxKDAmBgNVBAMMH29rY2VyeC1yd2EtMzA3Mi1yd2EtNDA5Ni1vay5wZW0w ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC7hKo1SldrPVhoYARhVnHW iv/LrZ3QXi2PEI4MRfEhQo8PFQKk1/VQq1faG4FDlEw9lr143npEMYmUrgsHv1RB YFj6gf7A+IY/L2I+Va4fW/JIdMpm5+RtTz8HXdWkvvL/2OjgQAFW7CTR2nIB8XGk fpIXKHVFUOPJJ7SKzoJf9PmjQ//m3U73XBf7GF8MByoEGEo+Tf6WsqFbIVbS2l1d 0tpmuTyhJFkbaljmOk137QYr/El2bPZKJsHUgAjbdQ2Efz83wyMfooqDC7DLKx6H 37qEPWp08p92ofVkB1m2GbVz4Azvye2CNeJxyuKRqZbju92VKDWeBqBpVU3IRNFb 2eguQg37nPV6T7zC8bjmEJSRZ/S5Xt9FLx6oyOv/3ngVsbPhfBldo7N6+W1rKSo AO8HmyXWzArOmyVZ+vOFzVbCWAnEq2ZEDtsOlrbYKbUSbKUMe2XOKkKqfJadsaf2 bHyM4nustiQT4ZV80MXlMC8jKWbq8yPvPeB/wIsLXayrE9fzW26VqDFDOkf9zj2f lqHEKDGSXqwx/vfeyAD6uPqV8fns3d0lMF7ow63ne2yQVXMmSP7+Jy1A+lFWt8ZJ K6BrYnEq/MyNP0VpZo1mYYLvMdLLA/ngdSmG5L+f2GHn07jwSDwK1ub1jC0BWEvR OuHuvmN+XFxnCap0fBwo8wIDAQABo4HGMIHDMAkGA1UeEwQCMAAwHQYDVR0OBBYE FNKY4SRHFYoPf6Q3+n/H6Y6rkEPFMEkGA1UeIwRCMECAFPxoPZeN2UBTjpk1gPgQ S7NXOo09oRakFDASMRAwDgYDVQQDDAe0ZXN0IENBghA5G5UMrn1WC19QNfNArB1a MBMGA1UeJQQMMAoGCCsGAQUFBwMBMAsGA1UeDwQEAwIFoDAqBgNVHREEIzAhgh9v a2NldnQtdnNhLTMwNzItdnNhLTQwOTYtb2sudGVtMA0GCSqGSIb3DQEBCwUAA4IB gQAWrHjCljFXnyXkJJHQdHl3YrhygiSxTkXQ2KdteD2rospmpUmRY1a/HdikMlMr AflFXULwKpAe6AO3e1mSb/N/puHOnMOJvd4YqPy208Eq4fdu9LzGHmbFxqVz/EfZ 31iotKmaOML1t6YMxJJw0Qiyqa3EPFqNfWVnj1D2OIPisjKL6u2jQpFfRMOT9DWK IOeWgJFNTqkMHO5Rj3fCoQwYe4R7fMg806UNfRDndALaakePRvVuIKeU28tXMbw NjrG+a8naVu/YKfEg9gXvVSCr+2IJnT58e729vx2Cf/6j4u4JoO2sbz20w3NP0EQ Q5BMMCVb8IU1lo/uu7Z7TLWZeftZssGFoXFBI08IR3vtmNldMhYfBZ0K5pYnhur BHl79Ikkn+ohh7GVWCV1SS529EDLM0JRFJu8PngjkrsxoW36sFnuLdBePKIveoA/ QB59ai/8TwStsp5TBJfMWSPKiHAnPUyWlkPRaoPOfrTTRGDiomV2wSHkqzOChw7h wMI= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-4096-ec-prime256v1-extrabegin.pem000066400000000000000000000032551474542230700260320ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN EC PARAMETERS----- BggqhkjOPQMBBw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MHcCAQEEIDataF3QZoFAUvuOxmjmvAHubLxLvnar78KMAUqsmUW9oAoGCCqGSM49 AwEHoUQDQgAEpXpdr7LAJa8ivFjzmBY7cAyFNawbM05Ie70KdBaA2P/2MadjGuds /gPRck7OFf7b8piiQStZx/JE5iFxD78XYA== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDzDCCAbSgAwIBAgIQV1/hF8XvROGnOr8M16NiHjANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgzM1oXDTIxMTIyMzIwMjgz M1owLzEtMCsGA1UEAwwkb2tjZXJ0LXJzYS00MDk2LWVjLXByaW1lMjU2djEtb2su cGVtMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpXpdr7LAJa8ivFjzmBY7cAyF NawbM05Ie70KdBaA2P/2MadjGuds/gPRck7OFf7b8piiQStZx/JE5iFxD78XYKOB yzCByDAJBgNVHRMEAjAAMB0GA1UdDgQWBBSQINIKTY3v3NAdSfZz3QwEjlIyJDBJ BgNVHSMEQjBAgBR+N15Yekve8QE+SnXQImffGmwWJ6EWpBQwEjEQMA4GA1UEAwwH dGVzdCBDQYIQQZhbd6vYQbkP/C1afKMF/jATBgNVHSUEDDAKBggrBgEFBQcDATAL BgNVHQ8EBAMCBaAwLwYDVR0RBCgwJoIkb2tjZXJ0LXJzYS00MDk2LWVjLXByaW1l MjU2djEtb2sucGVtMA0GCSqGSIb3DQEBCwUAA4ICAQC1VE/q3Jq0sMLgM6ONk8eE c0eqccKNYevoObsBeU9qZCDEaHEYE1hftF1ogQPUqq7nL7CyAtu0LHwsycyjir+E kmZEWpprF+mSUyxdVGRoTlSegdOJxkZ3te/veAqF4MsTHeQYFljDPIjkOFTy/JZS HZKe2e48VM2x4y2Xw81bizQA2urX2UuypXV9E/JxBNK9SCpuELv2YZwhoy5gN33P eQ4DeOkrgp5KIT/pqC0i2qc2zq91Pvt3gRJ50NJGescrx7okQY3Z3sj6aRVGWYh4 Sc4ep3qaGDhn7fWWYOSxDYxPrTYWFZKUhYH7/UClcYyp/WhfwLKHc9keRSHyGRDk 0w95fnh9eoRFkp88TIO4zowJo4VkE23qIV2cx6ioun2yIQhHNxJO1H2AhH6b21FT lL5XDlB5o8dPPy2stD/+MG/5CUZAk5QgBjMwsIXvWhUJgvUj0O8oko5bsBuokZfK ojPjBr6rMrvDoE7mgqzRHKcNQtpoc9KK4wzcEdxbz/qT7BNXMlk6QnD5AYHK4Izg HWoGVyLEnJwptWPP39UnzizU//rSAeQLIHyGh8Rb8YYpkfdqRa0bRqIDec8ZVNUG YELN8gJb4COtzjweO7hkIYzl3Edcc+ZJ7jUapSmXadpDGBUjwRATYGgOwraXFzSf Sr0nhKWTr1YfCMImjGQiHA== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-4096-ec-prime256v1-keyonly.pem000066400000000000000000000003431474542230700253670ustar00rootroot00000000000000-----BEGIN EC PRIVATE KEY----- MHcCAQEEIDataF3QZoFAUvuOxmjmvAHubLxLvnar78KMAUqsmUW9oAoGCCqGSM49 AwEHoUQDQgAEpXpdr7LAJa8ivFjzmBY7cAyFNawbM05Ie70KdBaA2P/2MadjGuds /gPRck7OFf7b8piiQStZx/JE5iFxD78XYA== -----END EC PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-rsa-4096-ec-prime256v1-malformed.pem000066400000000000000000000032161474542230700256450ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BggqhkjOPQMBBw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MHdCAQEEIDataF3QZoFAUvuOxmjmvAHubLxLvnar78KMAUqsmUW9oAoGCCqGSM49 AwEHoUQDQgAEpXper7LAJa8ivFjzmBY7dAyFNawbM05If70KeBaA2P/2MaejGues /gPRdk7OFf7b8piiQStZx/JE5iFxD78XYA== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDzDCCAbSgAwIBAgIQV1/hF8XvROGnOr8M16NiHjANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAe0ZXN0IENBMB4XDTIxMTIxOTIwMjgzM1oXDTIxMTIyMzIwMjgz M1owLzEtMCsGA1UEAwwkb2tjZXJ0LXJzYS00MDk2LWVjLXByaW1lMjU2ejEtb2su dGVtMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQdDQgAEpXper7LAJa8ivFjzmBY7dAyF NawbM05If70KeBaA2P/2MaejGues/gPRdk7OFf7b8piiQStZx/JE5iFxD78XYKOB yzCByDAJBgNVHRMEAjAAMB0GA1UeDgQWBBSQINIKTY3v3NAeSfZz3QwEjlIyJDBJ BgNVHSMEQjBAgBR+N15Yfkvf8QE+SnXQImfGmwWJ6EWpBQwEjEQMA4GA1UEAwwH eGVzeCBDQYIQQZhbe6vYQbkP/C1afKMF/jATBgNVHSUEDDAKBggrBgEFBQdDATAL BgNVHQ8EBAMCBaAwLwYDVR0RBCgwJoIkb2tjZXJ0LXJzYS00MDk2LWVjLXByaW1l MjU2ejEtb2sudGVtMA0GCSqGSIb3DQEBCwUAA4ICAQC1VE/q3Jq0sMLgM6ONk8fE d0fqdKNYfvoObsBfU9qZCDEaHEYE1hftF1ogQPUqq7nL7CyAtu0LHwsydyjir+E kmZEWpprF+mSUyxeVGRoTlSfgeOJxkZ3tf/vfAqF4MsTHfQYFljDPIjkOFTy/JZS HZKf2f48VM2x4y2Xw81bizQA2urX2UuypXV9E/JxBNK9SCpuELv2YZwhoy5gN33P fQ4DfOkrgp5KIT/pqC0i2qd2zq91Pvt3gRJ50NJGfsdrx7okQY3Z3sj6aRVGWYh4 Sd4fp3qaGDhn7fWWYOSxDYxPrTYWFZKUhYH7/UCldYyp/WhfwLKHd9kfRSHyGRDk 0w95fnh9foRFkp88TIO4zowJo4VkE23qIV2dx6ioun2yIQhHNxJO1H2AhH6b21FT lL5XDlB5o8ePPy2stD/+MG/5CUZAk5QgBjMwsIXvWhUJgvUj0O8oko5bsBuokZfK ojPjBr6rMrvDoE7mgqzRHKdNQtpod9KK4wzdEexbz/qT7BNXMlk6QnD5AYHK4Izg HWoGVyLEnJwptWPP39UnzizU//rSAfQLIHyGh8Rb8YYpkfeqRa0bRqIDfd8ZVNUG YELN8gJb4COtzjwfO7hkIYzl3Eed+ZJ7jUapSmXaepDGBUjwRATYGgOwraXFzSf Sr0nhKWTr1YfCMImjGQiHA== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-4096-ec-secp224r1-unsupported.pem000066400000000000000000000032011474542230700260660ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIQ== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MGgCAQEEHJYrem2WBOijq1jfMHUhHbdw5FYGSm2wkxdHSjWgBwYFK4EEACGhPAM6 AAQObUkT+IBTIBAtz0+oHxiAFpmnnUVDKA00PO0lU1nmIKmTg4GUQePs6aHR3CI1 KtfRvUYr5fT6Nw== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIID0zCCAbugAwIBAgIQP3NFFiykmR+tEIxc3K/1iTANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjg0MVoXDTIxMTIyMzIwMjg0 MVowODE2MDQGA1UEAwwtYmFkY2VydC1yc2EtNDA5Ni1lYy1zZWNwMjI0cjEtdW5z dXBwb3J0ZWQucGVtME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEDm1JE/iAUyAQLc9P qB8YgBaZp51FQygNNDztJVNZ5iCpk4OBlEHj7Omh0dwiNSrX0b1GK+X0+jejgdQw gdEwCQYDVR0TBAIwADAdBgNVHQ4EFgQU+s6dLfiUjgGHXVN9NFqP2kCB6TMwSQYD VR0jBEIwQIAUfjdeWHpL3vEBPkp10CJn3xpsFiehFqQUMBIxEDAOBgNVBAMMB3Rl c3QgQ0GCEEGYW3er2EG5D/wtWnyjBf4wEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYD VR0PBAQDAgWgMDgGA1UdEQQxMC+CLWJhZGNlcnQtcnNhLTQwOTYtZWMtc2VjcDIy NHIxLXVuc3VwcG9ydGVkLnBlbTANBgkqhkiG9w0BAQsFAAOCAgEAKvjJBSDjjd8a Uu1T5YRxQEi2mIjSgwIaqDz/BmQMU8UHc0yOXmHLPfvl826bB73vcqohjmF8BYb4 qcsGGroIH/bAtg6i2739RceBdKLI3PcSuhZkJD1BL4gX1kE6Qmhhz14OT1x5Mdsg Mq1XAM/meDqAUgkaLuvVQzv3FDujbJZtIxrsGST65Z0PcdkpN4pJsx4NAli2OSEK 1fne0qr42bEdnEP/a+vBAWpo1ZRrVBWuvXVmdDtjZtFBVvsY1WnQopaMpJmIX9CX iiRb46ZE3tLFd4NuECgmp1DvVl6N9/otZlJhXjAN077h8anvryNYVvo1JWIio8v6 rTDiDbPjyCVaEvuODTx92ajuOl8R/gUYQIvM3TFRiwWqTZ1py4ZsAVq4qSKw9A/G AxBCiKQYyNVEBqV+MZOS+9TTif0Y6a2u36L71JDrV+pj+JqDE5jxzlOaEO1Yjkgl 8JqE9xktzuAwuXo0Du4hTqN0h2tPH8M/wLPzG3TUMxkotsfGsJfR/uWAUvniy3Nx HS7w+LuG3Vdm47WomVa2LzRShTNNRhwBXSmBwUS/pbzAPWbnAZTD13AoiI6n7Xe2 FSIkiZ5ZsUSrVOkjUFh9PW0yuvoyQCBW4tFmNXK6Xmjsv8PxFDqR+NjJpDGFKTYX zaH5H1ILtv35bufjzp6DxG/SrBuCOKA= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-4096-ec-secp384r1-extrabegin.pem000066400000000000000000000034121474542230700256410ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN EC PARAMETERS----- BgUrgQQAIg== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIGkAgEBBDCH/Gj9i4sF4VcPh4Wutau5g5la2pWw00FnATML1jYvLK4ovMacDmQM m8HkvE7rwbCgBwYFK4EEACKhZANiAARRP+qBxGEkhoNdErdmUIksISGtz0qs4zBO 0sx+oj65E1W8XZUG3AvaeETqfvsYBIoFKfSGIsfHWKnmm/ryYN5PdZnTApE8e1et PdtS8ltsvwz4WGJlOk/ZqyzxOjpXgdg= -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIID6DCCAdCgAwIBAgIRAOs5NaZQT8pwBvhbvV2Glr8wDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MzRaFw0yMTEyMjMyMDI4 MzRaMC4xLDAqBgNVBAMMI29rY2VydC1yc2EtNDA5Ni1lYy1zZWNwMzg0cjEtb2su cGVtMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEUT/qgcRhJIaDXRK3ZlCJLCEhrc9K rOMwTtLMfqI+uRNVvF2VBtwL2nhE6n77GASKBSn0hiLHx1ip5pv68mDeT3WZ0wKR PHtXrT3bUvJbbL8M+FhiZTpP2ass8To6V4HYo4HKMIHHMAkGA1UdEwQCMAAwHQYD VR0OBBYEFE0tNpamLgZEPKXvAeJJibrVW00zMEkGA1UdIwRCMECAFH43Xlh6S97x AT5KddAiZ98abBYnoRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghBBmFt3q9hBuQ/8 LVp8owX+MBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAuBgNVHREE JzAlgiNva2NlcnQtcnNhLTQwOTYtZWMtc2VjcDM4NHIxLW9rLnBlbTANBgkqhkiG 9w0BAQsFAAOCAgEAJ1r4BK//lksW275PFtLmlDLaFUOPczDIT0EqvAtiRdtAGOEX 6292Hb56aGC8o7eenslyvcc1wObUanJ21FQxIaF9KSRs0VTzX8vt8PVT49DhQcz9 Cv2hspGt68fukqp5lNh0GS6CVymm3SHpIJ2vOqCN6gh6OA9i6YCxyhKMjqM6G02o hbXE3LnWLXKi25TwaixEmKmgcUp9NfNCiEKdMFABnC4bdcteAI93uHgKtPVqONiP KdX7hKnbaWuX/h4ROBAOShsaR596OQdc5VasgXKdo3fHmJlnyLhrapFuLCywR11j 6G1o/7O+pixZ+85VeAFXE064UcRvbkuURqw/9eorR70lUCD+jjgLC/bUZGcT9PyV Faggdjuo4QWTerC/p2U/kRmazVezNlPUMneXDqUm0YYkp7Z5Nmd7TyTz1E/jnpXc JTXNjnhKHkMxbH6UBmFRGEtm3+AaZ9uskmRCKuiuiX33X0Dglgbfx/d2XKrzLppp U2gEI0wg15jYp5J0NiLtZv5xgAay4D1JpTASo22IKCDTeWXcsoqRKRxGMO/ZQ5/p WXI7UfO3//MSSt6FQVUfp2lgGdzAOHY/7V91DoKN9vEjn+RCIdEX1/KcrtJbWYYl QnmPM6mmBXnLYZieMbcdaIF4z0RT6HRZtI0dJ9johs8DiM6W8pWSmGjzB18= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-4096-ec-secp384r1-keyonly.pem000066400000000000000000000004401474542230700252010ustar00rootroot00000000000000-----BEGIN EC PRIVATE KEY----- MIGkAgEBBDCH/Gj9i4sF4VcPh4Wutau5g5la2pWw00FnATML1jYvLK4ovMacDmQM m8HkvE7rwbCgBwYFK4EEACKhZANiAARRP+qBxGEkhoNdErdmUIksISGtz0qs4zBO 0sx+oj65E1W8XZUG3AvaeETqfvsYBIoFKfSGIsfHWKnmm/ryYN5PdZnTApE8e1et PdtS8ltsvwz4WGJlOk/ZqyzxOjpXgdg= -----END EC PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-rsa-4096-ec-secp384r1-malformed.pem000066400000000000000000000033531474542230700254630ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIg== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIGkAgEBBDCH/Gj9i4sF4VdPh4Wutau5g5la2pWw00FnATML1jYvLK4ovMadDmQM m8HkvE7rwbCgBwYFK4EEACKhZANiAARRP+qBxGEkhoNeEremUIksISGtz0qs4zBO 0sx+oj65E1W8XZUG3AvafETqfvsYBIoFKfSGIsfHWKnmm/ryYN5PeZnTApE8f1ft PetS8ltsvwz4WGJlOk/ZqyzxOjpXgeg= -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIID6DCCAeCgAwIBAgIRAOs5NaZQT8pwBvhbvV2Glr8wDQYJKoZIhvdNAQELBQAw EjEQMA4GA1UEAwwHeGVzeCBDQTAfFw0yMTEyMTkyMDI4MzRaFw0yMTEyMjMyMDI4 MzRaMC4xLDAqBgNVBAMMI29rY2VyeC1yd2EtNDA5Ni1lYy1zZWNwMzg0djEtb2su dGVtMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEUT/qgdRhJIaDXRK3ZlCJLCEhrd9K rOMwTtLMfqI+uRNVvF2VBtwL2nhE6n77GASKBSn0hiLHx1ip5pv68mDfT3WZ0wKR PHtXrT3bUvJbbL8M+FhiZTpP2ass8To6V4HYo4HKMIHHMAkGA1UeEwQCMAAwHQYD VR0OBBYEFE0tNpamLgZEPKXvAfJJibrVW00zMEkGA1UeIwRCMECAFH43Xlh6S97x AT5KeAiZ98abBYnoRakFDASMRAwDgYDVQQDDAe0ZXN0IENBghBBmFt3q9hBuQ/8 LVp8owX+MBMGA1UeJQQMMAoGCCsGAQUFBwMBMAsGA1UeDwQEAwIFoDAuBgNVHREE JzAlgiNva2NldnQtdnNhLTQwOTYtZWMtd2VjdDM4NHIxLW9rLnBlbTANBgkqhkiG 9w0BAQsFAAOCAgEAJ1r4BK//lksW275PFtLmlDLaFUOPdzDIT0EqvAtiRetAGOEX 6292Hb56aGC8o7fnslyvd1wObUanJ21FQxIaF9KSRs0VTzX8vt8PVT49DhQdz9 Cv2hspGt68fukqp5lNh0GS6CVymm3SHpIJ2vOqCN6gh6OA9i6YCxyhKMjqM6G02o hbXE3LnWLXKi25TwaixEmKmgdUp9NfNCiEKeMFABnC4bedtfAI93uHgKtPVqONiP KeX7hKnbaWuX/h4ROBAOShsaR596OQed5VasgXKeo3fHmJlnyLhrapFuLCywR11j 6G1o/7O+pixZ+85VfAFXE064UdRvbkuURqw/9forR70lUCD+jjgLC/bUZGdT9PyV Faggejuo4QWTfrC/p2U/kRmazVfzNlPUMnfXDqUm0YYkp7Z5Nme7TyTz1E/jnpXd JTXNjnhKHkMxbH6UBmFRGEtm3+AaZ9uskmRCKuiuiX33X0Dglgbfx/e2XKrzLppp U2gEI0wg15jYp5J0NiLtZv5xgAay4D1JpTASo22IKCDTfWXdsoqRKRxGMO/ZQ5/p WXI7UfO3//MSSt6FQVUfp2lgGezAOHY/7V91DoKN9vEjn+RCIeEX1/KdrtJbWYYl QnmPM6mmBXnLYZifMbdeaIF4z0RT6HRZtI0eJ9johs8DiM6W8pWSmGjzB18= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-4096-ec-secp521r1-extrabegin.pem000066400000000000000000000036141474542230700256360ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN EC PARAMETERS----- BgUrgQQAIw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIHcAgEBBEIBvXvf9RiyiIFXXUgS0BZSDBNRvsXTuuBiUaYbgoTxvW1YomUreIoo 7+phCsZgs270O0pYsLCrvZoXz6VELoUvia6gBwYFK4EEACOhgYkDgYYABACHGb8A H89hVwgxgekFp6N50zu9Ad0uHrzp2Ipw+4AhTjWBqYE0nUDxSpnHXeoESji/z9yP 1Ffqa8quDqMPtJbXnQE+BepLc4xIgLrUgsuFuD6l+vku1V2CRlMXiKpLMoOwdR2w WvaZI5tXREnKWVGdLyZuWhRObR8zQhrrWqDu0cfWwQ== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIEDjCCAfagAwIBAgIRANU/yeVyvslycA10txN50KgwDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MzRaFw0yMTEyMjMyMDI4 MzRaMC4xLDAqBgNVBAMMI29rY2VydC1yc2EtNDA5Ni1lYy1zZWNwNTIxcjEtb2su cGVtMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAhxm/AB/PYVcIMYHpBaejedM7 vQHdLh686diKcPuAIU41gamBNJ1A8UqZx13qBEo4v8/cj9RX6mvKrg6jD7SW150B PgXqS3OMSIC61ILLhbg+pfr5LtVdgkZTF4iqSzKDsHUdsFr2mSObV0RJyllRnS8m bloUTm0fM0Ia61qg7tHH1sGjgcowgccwCQYDVR0TBAIwADAdBgNVHQ4EFgQU5Me/ kwDq1VzB+JuvFkOZLuN6thwwSQYDVR0jBEIwQIAUfjdeWHpL3vEBPkp10CJn3xps FiehFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GCEEGYW3er2EG5D/wtWnyjBf4wEwYD VR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMC4GA1UdEQQnMCWCI29rY2Vy dC1yc2EtNDA5Ni1lYy1zZWNwNTIxcjEtb2sucGVtMA0GCSqGSIb3DQEBCwUAA4IC AQAnPAbkHX5yAIdp12aTEJioSNwK0onqzjbl0jL+iW6yr/00ULtbE3t14UF8oqxu hRI932pufW+EE2BvnWFEo0FEr31uneqkHdzcxBYppmrhEOQEW9ao/fztKLvkB96g JMoBg4Dk0fL3jfNf9Xs1NNTXWdITlkg1bGvQ35/35nCyh/pbuWloQlrtS1nOEPgO Q6Wlwyj76CsZG7zbOZXRt4E4zhy/fsSBcmgWghGFF882NuLvuCa/cHLhsGVfQ9pB BYTXPbtlQnWTDbDG/0w0M+W/E2NdsiLl9ROezbWvVGnXl+Jvg1b7EUy9X/hwerve IMD9gmhNYVzSuzOJCdbnC5cu6h4o/XWp62IXphQXNUjK2eaAe9sBEtPlmdfnAUni ihlx1O/VgaDTT37of1oAQaGSvI+eLxF8p6qyRqSi3ajo3f6jE0zaoS3afRked9Eq saBpsIp5klbnDTkHogYfhExRRvuvC85F/z7BrDZ9siakD6XdGp4WuVZIYcty3S6b eFPhX5AlxdfxGXlKW6CvlpPaMXSn40Dh3Y6G/CFgtGWRnDnGFg2lcKU9Jr+XFBR8 KS9dMMHUVkNbv4JbbeCiJNhva3zMbTBERIOfoFv6jgwQ1i3g5eN/j7Q672e9qkKg rOrwk6i0hnPaIcDH+Et4AFbQNhhlNB/617KcXJCWytkxoQ== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-4096-ec-secp521r1-keyonly.pem000066400000000000000000000005551474542230700252010ustar00rootroot00000000000000-----BEGIN EC PRIVATE KEY----- MIHcAgEBBEIBvXvf9RiyiIFXXUgS0BZSDBNRvsXTuuBiUaYbgoTxvW1YomUreIoo 7+phCsZgs270O0pYsLCrvZoXz6VELoUvia6gBwYFK4EEACOhgYkDgYYABACHGb8A H89hVwgxgekFp6N50zu9Ad0uHrzp2Ipw+4AhTjWBqYE0nUDxSpnHXeoESji/z9yP 1Ffqa8quDqMPtJbXnQE+BepLc4xIgLrUgsuFuD6l+vku1V2CRlMXiKpLMoOwdR2w WvaZI5tXREnKWVGdLyZuWhRObR8zQhrrWqDu0cfWwQ== -----END EC PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-rsa-4096-ec-secp521r1-malformed.pem000066400000000000000000000035571474542230700254620ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIHdAgEBBEIBvXvf9RiyiIFXXUgS0BZSDBNRvsXTuuBiUaYbgoTxvW1YomUrfIoo 7+phCsZgs270O0pYsLCrvZoXz6VELoUvia6gBwYFK4EEACOhgYkDgYYABACHGb8A H89hVwgxgfkFp6N50zu9Ae0uHrzp2Ipw+4AhTjWBqYE0nUDxSpnHXfoESji/z9yP 1Ffqa8quDqMPtJbXnQE+BfpLd4xIgLrUgsuFuD6l+vku1V2CRlMXiKpLMoOweR2w WvaZI5tXREnKWVGeLyZuWhRObR8zQhrrWqDu0dfWwQ== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIEDjCCAfagAwIBAgIRANU/yfVyvslydA10txN50KgwDQYJKoZIhvdNAQELBQAw EjEQMA4GA1UEAwwHeGVzeCBDQTAfFw0yMTEyMTkyMDI4MzRaFw0yMTEyMjMyMDI4 MzRaMC4xLDAqBgNVBAMMI29rY2VyeC1yd2EtNDA5Ni1lYy1zZWNwNTIxdjEtb2su dGVtMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAhxm/AB/PYVdIMYHpBafjfeM7 vQHeLh686eiKdPuAIU41gamBNJ1A8UqZx13qBEo4v8/dj9RX6mvKrg6jD7SW150B PgXqS3OMSIC61ILLhbg+pfr5LtVegkZTF4iqSzKDsHUesFr2mSObV0RJyllRnS8m bloUTm0fM0Ia61qg7tHH1sGjgdowgdwCQYDVR0TBAIwADAeBgNVHQ4EFgQU5Mf/ kwDq1VzB+JuvFkOZLuN6thwwSQYDVR0jBEIwQIAUfjefWHpL3vEBPkp10CJn3xps FifhFqQUMBIxEDAOBgNVBAMMB3Rld3QgQ0GCEEGYW3fr2EG5D/wtWnyjBf4wEwYD VR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMC4GA1UeEQQnMCWCI29rY2Vy eC1yd2EtNDA5Ni1lYy1zZWNwNTIxdjEtb2sudGVtMA0GCSqGSIb3DQEBCwUAA4IC AQAnPAbkHX5yAIep12aTEJioSNwK0onqzjbl0jL+iW6yr/00ULtbE3t14UF8oqxu hRI932pufW+EE2BvnWFEo0FEr31unfqkHezdxBYppmrhEOQEW9ao/fztKLvkB96g JMoBg4Dk0fL3jfNf9Xs1NNTXWeITlkg1bGvQ35/35nCyh/pbuWloQlrtS1nOEPgO Q6Wlwyj76CsZG7zbOZXRt4E4zhy/fsSBdmgWghGFF882NuLvuCa/dHLhsGVfQ9pB BYTXPbtlQnWTDbDG/0w0M+W/E2NesiLl9ROfzbWvVGnXl+Jvg1b7EUy9X/hwfrvf IMD9gmhNYVzSuzOJCebnC5du6h4o/XWp62IXphQXNUjK2faAf9sBEtPlmefnAUni ihlx1O/VgaDTT37of1oAQaGSvI+fLxF8p6qyRqSi3ajo3f6jE0zaoS3afRkfe9Eq saBpsIp5klbnDTkHogYfhExRRvuvC85F/z7BrDZ9siakD6XeGp4WuVZIYdty3S6b fFPhX5AlxefxGXlKW6CvlpPaMXSn40Dh3Y6G/CFgtGWRnDnGFg2ldKU9Jr+XFBR8 KS9eMMHUVkNbv4JbbfCiJNhva3zMbTBERIOfoFv6jgwQ1i3g5fN/j7Q672f9qkKg rOrwk6i0hnPaIdDH+Et4AFbQNhhlNB/617KdXJCWytkxoQ== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-4096-rsa-2048-extrabegin.pem000066400000000000000000000064221474542230700250040ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAzgPqFCqmgAAnlWNOz5kAOzhU8dM7rZ0C9cFNL6BD1OZYzXPJ m6D0VYzYFCa5VuTW+2RXnUbxCx9uf/3p3arhKZIq3piCHcDN4Z7f8JYSgQsNJ0IW 46Is+fvRYh3vrT1Ferb+QX4xtS2WV5m9Q0yqNP1AlpjXTU8Rf6KHv6EozhNkkHDY XYlv3QE0Pyz39GRg5OD6Oj3Lngn8UbP4yriQCB/Fb0dPAnIm2BJ7Snf52u5WR4Oe tz3xl10MI8r3WWzOKN3cZjs7MGgRVnHUlT3Xa1OzvzWMNL6dZOs0cOAIbtt9OLYM Xsq4JYi19zxn0OAvpEz8CZ5VhQKF9juCXme4JQIDAQABAoIBAQCqJEd1AkhiHD6U vOCAyP6M6hgVY/u8hZjFODCz7as3sEmU3FSbyFEiOmDWO6kD35jBI/zL8qPuKLZM 1HoJzS+J8qKfFdsYEXy3IkwWWQrNMkBZtNZMh0qX5mXln42rSJgSIgFYO4138T9h 96F8bFuBycpG1dGykmOEQsnT9JhLn/K9yYvfmfHd+RSDY5LbZ8WMy9MAzWcEoSwS xshVdH+56UrUjIZLV9EOGnoSoZCfgrFMAc+xXpOw9DH95UQ5jEAZq8fgr5HakaU6 pugTK6PlQZeVIZ8e4gnlTxu9iXcpCOqgi76dDMNEopJlpNuw9PLihChESS6FCWHI YWLCnhFBAoGBAPEUhRt8W1CIir4Udn/iDrqjATwah5j1BLPHEbk1tjzAQ5i1AYa5 Mng+W0YByBXTSnX2OKVM6q3MN7EhOpdx9bKAkbljXsTYbyjMOw4S66PxO78O9oGQ zhzWy0bbbhM9mE7Gyr5dZj4mIUjcy13pbwGkDiZsrcfgboTC+Jg+zBWVAoGBANrD 2tqjhgEipOMNzJRjlHiDR9AwT7V40YRm63hCDwwvbQVmcKie7HbU9CtqxYwZEWQI wtB/PmzRNvvTxpAzcUEUdEHKW2I6KHZv3k5THn6jd62YpMTMQpuQvEyrICN3Ys5x NTsJA9+vssRTCXuoDOd0M2m6p6KPzPYx9IW1wFRRAoGAdYpMr679EpHQG4b8k7NS /RpWkshYjnH/3etUL9oJRSt0ibLO0LHg8pFsjQB3XnTLHCJ1UdrjnOMx0BHkcExm v6ZB5oKVhSIFaH3S2TTOYPtP5wJTm65PX+415BE+ZPEmHlp8JT6CiBCtL8o++UXE Eqe7Im7gd9Br8hzhedE8TdUCgYEA18R61FCat/3ygVu33tfEtYROTUGJLKTIiX11 W7xT2SHhtoTOMxHkimQJm9UImOCUrYSSmVAXQv6q64B6BPooBxdkfwtWTLCt/fri WYBTwHX8cUTvpocMXyFHB5t07GYxFwrDhMGkh3hkqox3+vXKHHMYznxiIM0SS/UD hum3k7ECgYBYaW5BK+XVLu6VZV8myT0YvKUpqbm/aEPxyzpMWgzpp2F6Fw3tNPk9 ssiYo8Vp9+F/y1gl//jzL24p8x78zS6aTjS0Z8YAGLgjisXawUgLyZyACATI3uoX argCXrcJBTWwhYu+Z7FjLi/opMp8um7CN0hTC8AEP4pAEglwd/UPxQ== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIEjTCCAnWgAwIBAgIQLfxAz8+0iTzRhO8ExbSQBzANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgzNFoXDTIxMTIyMzIwMjgz NFowKjEoMCYGA1UEAwwfb2tjZXJ0LXJzYS00MDk2LXJzYS0yMDQ4LW9rLnBlbTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM4D6hQqpoAAJ5VjTs+ZADs4 VPHTO62dAvXBTS+gQ9TmWM1zyZug9FWM2BQmuVbk1vtkV51G8Qsfbn/96d2q4SmS Kt6Ygh3AzeGe3/CWEoELDSdCFuOiLPn70WId7609RXq2/kF+MbUtlleZvUNMqjT9 QJaY101PEX+ih7+hKM4TZJBw2F2Jb90BND8s9/RkYOTg+jo9y54J/FGz+Mq4kAgf xW9HTwJyJtgSe0p3+druVkeDnrc98ZddDCPK91lszijd3GY7OzBoEVZx1JU912tT s781jDS+nWTrNHDgCG7bfTi2DF7KuCWItfc8Z9DgL6RM/AmeVYUChfY7gl5nuCUC AwEAAaOBxjCBwzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQ8n/SDLFKBtRAK4oIQtXNj ecyz4zBJBgNVHSMEQjBAgBR+N15Yekve8QE+SnXQImffGmwWJ6EWpBQwEjEQMA4G A1UEAwwHdGVzdCBDQYIQQZhbd6vYQbkP/C1afKMF/jATBgNVHSUEDDAKBggrBgEF BQcDATALBgNVHQ8EBAMCBaAwKgYDVR0RBCMwIYIfb2tjZXJ0LXJzYS00MDk2LXJz YS0yMDQ4LW9rLnBlbTANBgkqhkiG9w0BAQsFAAOCAgEATz5sOgzIs9yT5ZJZOfQw FU8n0npQBi35yvecoYFgl32g72X9X94CkEqxgZE9fBcOSqovI67Ef/d6g6JeGdnd UyoniaGhHZke1GPxkqa/c821HebNgSGvPGaKwuR8luRwgMV4PZMvWXJize85KbSG Enq9YW76n9amZIiVBoWpiuTN76TiJydrJieIcHBS0mnHVYuzYSSCGG3sax6p8QDQ urxsHhNTrSJqVEzOC6Wm/dQwtfMqYCf8sqRPVAS9JI64/WzpOllBJZhqdGkaz2YV /DcvvUugdY8soawEEQund3pbyRsYWT1/oSYfMfUXpuWuAxipTBiJsZF9ldW6NqCt JRD0b0Cl3FxthpXpuHDG+XQ4krBbHIqKdGOKDF0SP+ZWi9lPEoVhfXn71WXBb/N9 JwdfyWeuOUGiOJnvn31qpXVaywqpDH8MaXQfy3EtN63sU3Kv0gdvOYmG+IAmjioi ugiNT4xNi80E/No49VWU9zZKcLIbLRTCjjM0UhQkGNAZF+kpuZywWRs7NrhcqS7L oDNoDw3bqpVF+d6uqie+/dPmqtPR8yWaxGNGXN2YZKwHeViaXDRDygq9/CCpLBf0 gG1SouK6BXD2+itfsAVnvFvO1mC6i/3oHVl72EhMBamVBDXN/bmOGAfHi69X4AEL KA2wODSoQn/+MJA/LsGAWu4= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-4096-rsa-2048-keyonly.pem000066400000000000000000000032171474542230700243450ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAzgPqFCqmgAAnlWNOz5kAOzhU8dM7rZ0C9cFNL6BD1OZYzXPJ m6D0VYzYFCa5VuTW+2RXnUbxCx9uf/3p3arhKZIq3piCHcDN4Z7f8JYSgQsNJ0IW 46Is+fvRYh3vrT1Ferb+QX4xtS2WV5m9Q0yqNP1AlpjXTU8Rf6KHv6EozhNkkHDY XYlv3QE0Pyz39GRg5OD6Oj3Lngn8UbP4yriQCB/Fb0dPAnIm2BJ7Snf52u5WR4Oe tz3xl10MI8r3WWzOKN3cZjs7MGgRVnHUlT3Xa1OzvzWMNL6dZOs0cOAIbtt9OLYM Xsq4JYi19zxn0OAvpEz8CZ5VhQKF9juCXme4JQIDAQABAoIBAQCqJEd1AkhiHD6U vOCAyP6M6hgVY/u8hZjFODCz7as3sEmU3FSbyFEiOmDWO6kD35jBI/zL8qPuKLZM 1HoJzS+J8qKfFdsYEXy3IkwWWQrNMkBZtNZMh0qX5mXln42rSJgSIgFYO4138T9h 96F8bFuBycpG1dGykmOEQsnT9JhLn/K9yYvfmfHd+RSDY5LbZ8WMy9MAzWcEoSwS xshVdH+56UrUjIZLV9EOGnoSoZCfgrFMAc+xXpOw9DH95UQ5jEAZq8fgr5HakaU6 pugTK6PlQZeVIZ8e4gnlTxu9iXcpCOqgi76dDMNEopJlpNuw9PLihChESS6FCWHI YWLCnhFBAoGBAPEUhRt8W1CIir4Udn/iDrqjATwah5j1BLPHEbk1tjzAQ5i1AYa5 Mng+W0YByBXTSnX2OKVM6q3MN7EhOpdx9bKAkbljXsTYbyjMOw4S66PxO78O9oGQ zhzWy0bbbhM9mE7Gyr5dZj4mIUjcy13pbwGkDiZsrcfgboTC+Jg+zBWVAoGBANrD 2tqjhgEipOMNzJRjlHiDR9AwT7V40YRm63hCDwwvbQVmcKie7HbU9CtqxYwZEWQI wtB/PmzRNvvTxpAzcUEUdEHKW2I6KHZv3k5THn6jd62YpMTMQpuQvEyrICN3Ys5x NTsJA9+vssRTCXuoDOd0M2m6p6KPzPYx9IW1wFRRAoGAdYpMr679EpHQG4b8k7NS /RpWkshYjnH/3etUL9oJRSt0ibLO0LHg8pFsjQB3XnTLHCJ1UdrjnOMx0BHkcExm v6ZB5oKVhSIFaH3S2TTOYPtP5wJTm65PX+415BE+ZPEmHlp8JT6CiBCtL8o++UXE Eqe7Im7gd9Br8hzhedE8TdUCgYEA18R61FCat/3ygVu33tfEtYROTUGJLKTIiX11 W7xT2SHhtoTOMxHkimQJm9UImOCUrYSSmVAXQv6q64B6BPooBxdkfwtWTLCt/fri WYBTwHX8cUTvpocMXyFHB5t07GYxFwrDhMGkh3hkqox3+vXKHHMYznxiIM0SS/UD hum3k7ECgYBYaW5BK+XVLu6VZV8myT0YvKUpqbm/aEPxyzpMWgzpp2F6Fw3tNPk9 ssiYo8Vp9+F/y1gl//jzL24p8x78zS6aTjS0Z8YAGLgjisXawUgLyZyACATI3uoX argCXrcJBTWwhYu+Z7FjLi/opMp8um7CN0hTC8AEP4pAEglwd/UPxQ== -----END RSA PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-rsa-4096-rsa-2048-malformed.pem000066400000000000000000000063641474542230700246270ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAzgPqFCqmgAAnlWNOz5kAOzhU8eM7rZ0C9dFNL6BD1OZYzXPJ m6D0VYzYFCa5VuTW+2RXnUbxCx9uf/3p3arhKZIq3piCHdDN4Z7f8JYSgQsNJ0IW 46Is+fvRYh3vrT1Ffrb+QX4xtS2WV5m9Q0yqNP1AlpjXTU8Rf6KHv6EozhNkkHDY XYlv3QE0Pyz39GRg5OD6Oj3Lngn8UbP4yriQCB/Fb0ePAnIm2BJ7Snf52u5WR4Of tz3xl10MI8r3WWzOKN3dZjs7MGgRVnHUlT3Xa1OzvzWMNL6eZOs0dOAIbtt9OLYM Xsq4JYi19zxn0OAvpEz8CZ5VhQKF9juCXmf4JQIDAQABAoIBAQCqJEe1AkhiHD6U vOCAyP6M6hgVY/u8hZjFODCz7as3sEmU3FSbyFEiOmDWO6kD35jBI/zL8qPuKLZM 1HoJzS+J8qKfFesYEXy3IkwWWQrNMkBZtNZMh0qX5mXln42rSJgSIgFYO4138T9h 96F8bFuBydpG1eGykmOEQsnT9JhLn/K9yYvfmfHe+RSDY5LbZ8WMy9MAzWdEoSwS xshVeH+56UrUjIZLV9EOGnoSoZCfgrFMAd+xXpOw9DH95UQ5jEAZq8fgr5HakaU6 pugTK6PlQZfVIZ8f4gnlTxu9iXdpCOqgi76eDMNEopJlpNuw9PLihChESS6FCWHI YWLCnhFBAoGBAPEUhRt8W1CIir4Uen/iDrqjATwah5j1BLPHEbk1tjzAQ5i1AYa5 Mng+W0YByBXTSnX2OKVM6q3MN7EhOpex9bKAkbljXsTYbyjMOw4S66PxO78O9oGQ zhzWy0bbbhM9mE7Gyr5eZj4mIUjdy13pbwGkDiZsrdfgboTC+Jg+zBWVAoGBANrD 2tqjhgEipOMNzJRjlHiDR9AwT7V40YRm63hCDwwvbQVmdKif7HbU9CtqxYwZEWQI wtB/PmzRNvvTxpAzdUEUeEHKW2I6KHZv3k5THn6je62YpMTMQpuQvEyrICN3Ys5x NTsJA9+vssRTCXuoDOe0M2m6p6KPzPYx9IW1wFRRAoGAeYpMr679EpHQG4b8k7NS /RpWkshYjnH/3ftUL9oJRSt0ibLO0LHg8pFsjQB3XnTLHCJ1UerjnOMx0BHkdExm v6ZB5oKVhSIFaH3S2TTOYPtP5wJTm65PX+415BE+ZPEmHlp8JT6CiBCtL8o++UXE Eqf7Im7ge9Br8hzhfeE8TeUCgYEA18R61FCat/3ygVu33tfEtYROTUGJLKTIiX11 W7xT2SHhtoTOMxHkimQJm9UImOCUrYSSmVAXQv6q64B6BPooBxekfwtWTLCt/fri WYBTwHX8dUTvpodMXyFHB5t07GYxFwrDhMGkh3hkqox3+vXKHHMYznxiIM0SS/UD hum3k7ECgYBYaW5BK+XVLu6VZV8myT0YvKUpqbm/aEPxyzpMWgzpp2F6Fw3tNPk9 ssiYo8Vp9+F/y1gl//jzL24p8x78zS6aTjS0Z8YAGLgjisXawUgLyZyACATI3uoX argCXrdJBTWwhYu+Z7FjLi/opMp8um7CN0hTC8AEP4pAEglwe/UPxQ== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIEjTCCAnWgAwIBAgIQLfxAz8+0iTzRhO8ExbSQBzANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAe0ZXN0IENBMB4XDTIxMTIxOTIwMjgzNFoXDTIxMTIyMzIwMjgz NFowKjEoMCYGA1UEAwwfb2tjZXJ0LXJzYS00MDk2LXJzYS0yMDQ4LW9rLnBlbTCC ASIwDQYJKoZIhvdNAQEBBQADggEPADCCAQoCggEBAM4D6hQqpoAAJ5VjTs+ZADs4 VPHTO62eAvXBTS+gQ9TmWM1zyZug9FWM2BQmuVbk1vtkV51G8Qsfbn/96e2q4SmS Kt6Ygh3AzfGf3/CWEoELDSeCFuOiLPn70WIe7609RXq2/kF+MbUtllfZvUNMqjT9 QJaY101PEX+ih7+hKM4TZJBw2F2Jb90BND8s9/RkYOTg+jo9y54J/FGz+Mq4kAgf xW9HTwJyJtgSf0p3+eruVkfDnrd98ZeDCPK91lszije3GY7OzBoEVZx1JU912tT s781jDS+nWTrNHDgCG7bfTi2DF7KuCWItfd8Z9DgL6RM/AmfVYUChfY7gl5nuCUC AwEAAaOBxjCBwzAJBgNVHRMEAjAAMB0GA1UeDgQWBBQ8n/SDLFKBtRAK4oIQtXNj fdyz4zBJBgNVHSMEQjBAgBR+N15Yfkvf8QE+SnXQImfGmwWJ6EWpBQwEjEQMA4G A1UEAwwHeGVzeCBDQYIQQZhbe6vYQbkP/C1afKMF/jATBgNVHSUEDDAKBggrBgEF BQdDATALBgNVHQ8EBAMCBaAwKgYDVR0RBCMwIYIfb2tjZXJ0LXJzYS00MDk2LXJz YS0yMDQ4LW9rLnBlbTANBgkqhkiG9w0BAQsFAAOCAgEATz5sOgzIs9yT5ZJZOfQw FU8n0npQBi35yvfdoYFgl32g72X9X94CkEqxgZE9fBdOSqovI67Ef/e6g6JfGene UyoniaGhHZkf1GPxkqa/d821HfbNgSGvPGaKwuR8luRwgMV4PZMvWXJizf85KbSG Enq9YW76n9amZIiVBoWpiuTN76TiJyerJifIdHBS0mnHVYuzYSSCGG3sax6p8QDQ urxsHhNTrSJqVEzOC6Wm/eQwtfMqYCf8sqRPVAS9JI64/WzpOllBJZhqeGkaz2YV /DdvvUugeY8soawEEQune3pbyRsYWT1/oSYfMfUXpuWuAxipTBiJsZF9leW6NqCt JRD0b0Cl3FxthpXpuHDG+XQ4krBbHIqKeGOKDF0SP+ZWi9lPEoVhfXn71WXBb/N9 JwefyWfuOUGiOJnvn31qpXVaywqpDH8MaXQfy3EtN63sU3Kv0gevOYmG+IAmjioi ugiNT4xNi80E/No49VWU9zZKdLIbLRTCjjM0UhQkGNAZF+kpuZywWRs7NrhdqS7L oDNoDw3bqpVF+e6uqif+/ePmqtPR8yWaxGNGXN2YZKwHfViaXDRDygq9/CCpLBf0 gG1SouK6BXD2+itfsAVnvFvO1mC6i/3oHVl72EhMBamVBDXN/bmOGAfHi69X4AEL KA2wODSoQn/+MJA/LsGAWu4= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-4096-rsa-3072-extrabegin.pem000066400000000000000000000103111474542230700247720ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIG4wIBAAKCAYEAvXRTOw2SYwUsQ3HxCZJHgOIFQO4RK/Uaq1vFxxmUWQZKbVCn Egc1rANWX/KOvJ2gqPbWbIFmT4QQhLhDgFvz+vPN6pYuee/utlC/YlXAtTzMast0 4Gpn5JsAVayOOByhxDI8r9NsIPsHABtq7WbL/INATKUB7vV/v+Q0BeoHfT9POVgn EsjV67qw8BP2t1d8OVezfPfA9I9xfuIwp0Y5e1iVEbDEoRgbHFCj7ozh1pCK8CMA t5UjX45CbqnYUj7pEEujqH8/9jo+vZLM6dio+bDZPn1S+XrWN1yaqxTega/J5s8d f8oDhHyHq4KtIuerJaZDeZC7izx2qrNvhWUTLhA17H8MceM9VPxfho3DkRZxJpMK tRcv9oDyEDcVW3TylK/mvuMf4G63nRDfR7JmEqDIwvkOnwKce+VNfR5tVwT3Zs+w 9Zac4n5VLvmdnVShTo4UOn3wA4oUJaJqSuNTb54aWRImHfgqzd6XgcLgZI7PLdPJ H0moT1gqjdy1PBAPAgMBAAECggGAHT5Lap4Zrncp8e8wiY2uw9IfhXo55FMdHr43 tRfZsjQqYN1GLJ44RqjtODo0liCun+YaCv2eUT/NXO8kXDfVXTMs4bz0x5WlfzbP k9owuMj9tK5bCBjkmIDkeFT+TuL8hVBL1cgItL6KwhV5V9O6QOvxjOMbfUsfwPr0 nMUXCtou3GcjAN9HRe+3SBeMyZgTcLZ82hlUC2vo1PENGYTZcpSlzek/MK6L4L8B ztyoL3p4N8DvZ2b54tIOpw5IecmD4/rdYefxgRjfGTpyIEozbTRjILLtWNV+PPzr Aa2BACsKOzWYDjS6JU9JcxNdJVaxWpn6E1vD06wxTTvwi4CMI9smeodXtV/LS2yk vqEOqKK1FupqCmWIU9P+VvZuUO7jn5fH4XIs8FUTT+qp/pWOmC1S6nLsXdVY40/C vwAxEsAhyLiC4dm+HUTkM9aaZp2mfFtkHHCxuWyz/oFMa6QH9xjtLZOitLcZstIK t4Ijg7E1IzlPUIUfr4boYhg1/dBhAoHBAOyCHjkiLmeqw68JNOyVnYDxZTY/tntX 2DUl3s9scgvQvgMiCBdxEQaq+NcjVNXcYPanMSOzj6HhQlzd9TJhDEAcS6lm0N97 8OqmbuM7iYhwQvzoka41ulDc/MkGZoJFLlb+AO5cxZruW35cbrpr2vvLvJCG2DOh qYpkSjKEc39IUnrhsE+d0fENcaiaIUfpXMOSDsxAuQbTE8Siqr3Ovxdo/I74dlWP aaldi6wyov+0glJnnDYWNTsGf1Unj4B6fQKBwQDNEXVSE2Qheu1JnT9y4MMCUYN+ A/ZJOZbL+mdE0Y4Ga7CG20Lc8JMV0s3VXTatHIf/8X1/7WNlwyN25nBRKoB90AWm 23DMayDOjQCmaeGFBWPfYPVpsBf6j46PciTK4hzAMKVNfJMYz1Mv3Puav/wDZiCM l35fMDDGkVv/HSml5z8rCVfyR7/vPTn0B95j/oX8NWeFzemywjOegvbL7h+nPgRr bwNJBX37NeXV2HBDoeV+o0d8rQQ4fgIMQSP17nsCgcEArNw9cszE1gg9lgVIpVKF F+VXcFsI6QW/hLj1LO26PWCIQInzGA8PvqvfzH6KVvUH+b8hb1KiPFMDyhSATh4Y chM8SchYCb/wydBzY6n0T8CddXQWZhnm34tlRxhie/xMblCgJZew5hgozyaH18FV AIxcedXU14fk/r1mbZ3ZPMKDZkTmNIrJE0IcPHrKsGCj6F0sa6UylwZXgHTUDn65 tEaLsYNwGgED3UH+ABHSiMpKJiiMSAvbRBTvpDGR9PmRAoHAMfO6vE906KLlAjWH qxgM6JeqjBuy9otMrEtGtIDHM9EvounuE5uWeI5tDTgzhV+Z0UKl62+L8tHh5aik W2EbA4qUldyGUYUW7Ll0GxVXleuGNHeN0DzQ2nv1ogOP6svBbR9sZL+fpT97aAFQ WJXDcaCC9TxB0DYQ642k9zPHXV5DCNyxy5amrkQfxc3U4k6xnIn1uaY68wxTPp1w OKS8mSSGNxVHm5X25iZu4fRjBFZ/bKWhWEFc8dXf8dQ8Sj/ZAoHAHZotPnbUCtwl GAgxfcG/NmOA8x+p49iYa6q2JnflqnggKWmnX5zAxLCv3fnO5tL8wzulTOtNt/jg gFgOyXzDwT/oM4M9easfXzWqLBSRvHkaSX7eZX1C2h1ZxTutb4PpqHxAuw9pPVlj eKF7aCV6WA3vt2qdnL7ulNZGjih6RKzQznzuTk5VQpdWOuBt5xaqxn+nxL9eNR9A o1PN5/G8vTGMAbl3V/7eAiUJtpr9jRtnHX2JeCCsCmXMP2r1lja5 -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIFDTCCAvWgAwIBAgIQWfPVkxLxmMwW9SwmQySLdDANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgzN1oXDTIxMTIyMzIwMjgz N1owKjEoMCYGA1UEAwwfb2tjZXJ0LXJzYS00MDk2LXJzYS0zMDcyLW9rLnBlbTCC AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAL10UzsNkmMFLENx8QmSR4Di BUDuESv1GqtbxccZlFkGSm1QpxIHNawDVl/yjrydoKj21myBZk+EEIS4Q4Bb8/rz zeqWLnnv7rZQv2JVwLU8zGrLdOBqZ+SbAFWsjjgcocQyPK/TbCD7BwAbau1my/yD QEylAe71f7/kNAXqB30/TzlYJxLI1eu6sPAT9rdXfDlXs3z3wPSPcX7iMKdGOXtY lRGwxKEYGxxQo+6M4daQivAjALeVI1+OQm6p2FI+6RBLo6h/P/Y6Pr2SzOnYqPmw 2T59Uvl61jdcmqsU3oGvyebPHX/KA4R8h6uCrSLnqyWmQ3mQu4s8dqqzb4VlEy4Q Nex/DHHjPVT8X4aNw5EWcSaTCrUXL/aA8hA3FVt08pSv5r7jH+But50Q30eyZhKg yML5Dp8CnHvlTX0ebVcE92bPsPWWnOJ+VS75nZ1UoU6OFDp98AOKFCWiakrjU2+e GlkSJh34Ks3el4HC4GSOzy3TyR9JqE9YKo3ctTwQDwIDAQABo4HGMIHDMAkGA1Ud EwQCMAAwHQYDVR0OBBYEFGOEwRZNu13M69hUv4CZCpgqS/uBMEkGA1UdIwRCMECA FH43Xlh6S97xAT5KddAiZ98abBYnoRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghBB mFt3q9hBuQ/8LVp8owX+MBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIF oDAqBgNVHREEIzAhgh9va2NlcnQtcnNhLTQwOTYtcnNhLTMwNzItb2sucGVtMA0G CSqGSIb3DQEBCwUAA4ICAQBueIqjq4hM173+jW/urD0Q8+SIOCi3cBnmwv42TYW9 o+NUonP0XQ8APKLcaKaKY8OsccuV7Gwrv5a/hKy5cg5cfYcQvLWMqulWOZA3cXT4 48AgWC6WPz8m1dV/AIIjnltv2N9nWMqrvD3ag8MEKEn/XApOnE6YLpDMzym7Jmne biA9I70TOtWybyZ95RJVStOOVWou262FdwbjKLfrec0bu8jRAJxJRvImZUfKp1it Vmk0pkkbUl62kFIu4+xfhbCD8IUmv7NnRh/sOTWXt8N5A2p0epUAuBTYnup2Xcam 2Mdx+7sOlQ3bShpq6nL0MnbZM0tLVxNTPiSh5iwujE51eal6cwrGDrJw1yzel92J soXKI15F8HaTjC4cXS8xnnS+XHGyg5Q8e0nZwgS+UO5Cx62aRUFiDkHdTD4kRT9u OZfFcejfx7JNsOqs5YpUytuZinYRU68hUeJSpf04ZuzMHMenDlyn/JC3cncdkj1x wwwk+iOpMHhb426qiYDdJvNoHPruCQB2z9Rwe4vbNaGZjXK48nGCmzK4bEDMQoX5 fqj9nt5nONQMd4wxIWFDzx5CoKW1aEtpdhe4vAogkXVlvW18iM693F+y6WIGe4/B aIA3Sp4fL2X5As0vPTlYbyFWjv9AFuVnLfJJTr0clkKn5/lOuW3V/rtq5mCAUIHG qg== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-4096-rsa-3072-keyonly.pem000066400000000000000000000046271474542230700243510ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIG4wIBAAKCAYEAvXRTOw2SYwUsQ3HxCZJHgOIFQO4RK/Uaq1vFxxmUWQZKbVCn Egc1rANWX/KOvJ2gqPbWbIFmT4QQhLhDgFvz+vPN6pYuee/utlC/YlXAtTzMast0 4Gpn5JsAVayOOByhxDI8r9NsIPsHABtq7WbL/INATKUB7vV/v+Q0BeoHfT9POVgn EsjV67qw8BP2t1d8OVezfPfA9I9xfuIwp0Y5e1iVEbDEoRgbHFCj7ozh1pCK8CMA t5UjX45CbqnYUj7pEEujqH8/9jo+vZLM6dio+bDZPn1S+XrWN1yaqxTega/J5s8d f8oDhHyHq4KtIuerJaZDeZC7izx2qrNvhWUTLhA17H8MceM9VPxfho3DkRZxJpMK tRcv9oDyEDcVW3TylK/mvuMf4G63nRDfR7JmEqDIwvkOnwKce+VNfR5tVwT3Zs+w 9Zac4n5VLvmdnVShTo4UOn3wA4oUJaJqSuNTb54aWRImHfgqzd6XgcLgZI7PLdPJ H0moT1gqjdy1PBAPAgMBAAECggGAHT5Lap4Zrncp8e8wiY2uw9IfhXo55FMdHr43 tRfZsjQqYN1GLJ44RqjtODo0liCun+YaCv2eUT/NXO8kXDfVXTMs4bz0x5WlfzbP k9owuMj9tK5bCBjkmIDkeFT+TuL8hVBL1cgItL6KwhV5V9O6QOvxjOMbfUsfwPr0 nMUXCtou3GcjAN9HRe+3SBeMyZgTcLZ82hlUC2vo1PENGYTZcpSlzek/MK6L4L8B ztyoL3p4N8DvZ2b54tIOpw5IecmD4/rdYefxgRjfGTpyIEozbTRjILLtWNV+PPzr Aa2BACsKOzWYDjS6JU9JcxNdJVaxWpn6E1vD06wxTTvwi4CMI9smeodXtV/LS2yk vqEOqKK1FupqCmWIU9P+VvZuUO7jn5fH4XIs8FUTT+qp/pWOmC1S6nLsXdVY40/C vwAxEsAhyLiC4dm+HUTkM9aaZp2mfFtkHHCxuWyz/oFMa6QH9xjtLZOitLcZstIK t4Ijg7E1IzlPUIUfr4boYhg1/dBhAoHBAOyCHjkiLmeqw68JNOyVnYDxZTY/tntX 2DUl3s9scgvQvgMiCBdxEQaq+NcjVNXcYPanMSOzj6HhQlzd9TJhDEAcS6lm0N97 8OqmbuM7iYhwQvzoka41ulDc/MkGZoJFLlb+AO5cxZruW35cbrpr2vvLvJCG2DOh qYpkSjKEc39IUnrhsE+d0fENcaiaIUfpXMOSDsxAuQbTE8Siqr3Ovxdo/I74dlWP aaldi6wyov+0glJnnDYWNTsGf1Unj4B6fQKBwQDNEXVSE2Qheu1JnT9y4MMCUYN+ A/ZJOZbL+mdE0Y4Ga7CG20Lc8JMV0s3VXTatHIf/8X1/7WNlwyN25nBRKoB90AWm 23DMayDOjQCmaeGFBWPfYPVpsBf6j46PciTK4hzAMKVNfJMYz1Mv3Puav/wDZiCM l35fMDDGkVv/HSml5z8rCVfyR7/vPTn0B95j/oX8NWeFzemywjOegvbL7h+nPgRr bwNJBX37NeXV2HBDoeV+o0d8rQQ4fgIMQSP17nsCgcEArNw9cszE1gg9lgVIpVKF F+VXcFsI6QW/hLj1LO26PWCIQInzGA8PvqvfzH6KVvUH+b8hb1KiPFMDyhSATh4Y chM8SchYCb/wydBzY6n0T8CddXQWZhnm34tlRxhie/xMblCgJZew5hgozyaH18FV AIxcedXU14fk/r1mbZ3ZPMKDZkTmNIrJE0IcPHrKsGCj6F0sa6UylwZXgHTUDn65 tEaLsYNwGgED3UH+ABHSiMpKJiiMSAvbRBTvpDGR9PmRAoHAMfO6vE906KLlAjWH qxgM6JeqjBuy9otMrEtGtIDHM9EvounuE5uWeI5tDTgzhV+Z0UKl62+L8tHh5aik W2EbA4qUldyGUYUW7Ll0GxVXleuGNHeN0DzQ2nv1ogOP6svBbR9sZL+fpT97aAFQ WJXDcaCC9TxB0DYQ642k9zPHXV5DCNyxy5amrkQfxc3U4k6xnIn1uaY68wxTPp1w OKS8mSSGNxVHm5X25iZu4fRjBFZ/bKWhWEFc8dXf8dQ8Sj/ZAoHAHZotPnbUCtwl GAgxfcG/NmOA8x+p49iYa6q2JnflqnggKWmnX5zAxLCv3fnO5tL8wzulTOtNt/jg gFgOyXzDwT/oM4M9easfXzWqLBSRvHkaSX7eZX1C2h1ZxTutb4PpqHxAuw9pPVlj eKF7aCV6WA3vt2qdnL7ulNZGjih6RKzQznzuTk5VQpdWOuBt5xaqxn+nxL9eNR9A o1PN5/G8vTGMAbl3V/7eAiUJtpr9jRtnHX2JeCCsCmXMP2r1lja5 -----END RSA PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-rsa-4096-rsa-3072-malformed.pem000066400000000000000000000102471474542230700246200ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIG4wIBAAKCAYEAvXRTOw2SYwUsQ3HxCZJHgOIFQO4RK/Uaq1vFxxmUWQZKbVCn Egd1rANWX/KOvJ2gqPbWbIFmT4QQhLhDgFvz+vPN6pYuf/utlC/YlXAtTzMast0 4Gpn5JsAVayOOByhxDI8r9NsIPsHABtq7WbL/INATKUB7vV/v+Q0BfoHfT9POVgn EsjV67qw8BP2t1e8OVfzfPfA9I9xfuIwp0Y5f1iVEbDEoRgbHFCj7ozh1pCK8CMA t5UjX45CbqnYUj7pEEujqH8/9jo+vZLM6eio+bDZPn1S+XrWN1yaqxTfga/J5s8e f8oDhHyHq4KtIufrJaZDfZC7izx2qrNvhWUTLhA17H8MdfM9VPxfho3DkRZxJpMK tRdv9oDyEDdVW3TylK/mvuMf4G63nRDfR7JmEqDIwvkOnwKdf+VNfR5tVwT3Zs+w 9Zad4n5VLvmenVShTo4UOn3wA4oUJaJqSuNTb54aWRImHfgqze6XgdLgZI7PLePJ H0moT1gqjey1PBAPAgMBAAECggGAHT5Lap4Zrndp8f8wiY2uw9IfhXo55FMeHr43 tRfZsjQqYN1GLJ44RqjtODo0liCun+YaCv2fUT/NXO8kXDfVXTMs4bz0x5WlfzbP k9owuMj9tK5bCBjkmIDkfFT+TuL8hVBL1dgItL6KwhV5V9O6QOvxjOMbfUsfwPr0 nMUXCtou3GdjAN9HRf+3SBfMyZgTdLZ82hlUC2vo1PENGYTZdpSlzfk/MK6L4L8B ztyoL3p4N8DvZ2b54tIOpw5IfdmD4/reYfxgRjfGTpyIEozbTRjILLtWNV+PPzr Aa2BACsKOzWYDjS6JU9JdxNeJVaxWpn6E1vD06wxTTvwi4CMI9smfoeXtV/LS2yk vqEOqKK1FupqCmWIU9P+VvZuUO7jn5fH4XIs8FUTT+qp/pWOmC1S6nLsXeVY40/C vwAxEsAhyLiC4em+HUTkM9aaZp2mfFtkHHCxuWyz/oFMa6QH9xjtLZOitLdZstIK t4Ijg7E1IzlPUIUfr4boYhg1/eBhAoHBAOyCHjkiLmfqw68JNOyVnYDxZTY/tntX 2DUl3s9sdgvQvgMiCBexEQaq+NdjVNXdYPanMSOzj6HhQlze9TJhDEAdS6lm0N97 8OqmbuM7iYhwQvzoka41ulDd/MkGZoJFLlb+AO5dxZruW35dbrpr2vvLvJCG2DOh qYpkSjKEd39IUnrhsE+e0fENdaiaIUfpXMOSDsxAuQbTE8Siqr3Ovxeo/I74elWP aalei6wyov+0glJnnDYWNTsGf1Unj4B6fQKBwQDNEXVSE2Qhfu1JnT9y4MMCUYN+ A/ZJOZbL+meE0Y4Ga7CG20Ld8JMV0s3VXTatHIf/8X1/7WNlwyN25nBRKoB90AWm 23DMayDOjQCmafGFBWPfYPVpsBf6j46PdiTK4hzAMKVNfJMYz1Mv3Puav/wDZiCM l35fMDDGkVv/HSml5z8rCVfyR7/vPTn0B95j/oX8NWfFzfmywjOfgvbL7h+nPgRr bwNJBX37NfXV2HBDofV+o0e8rQQ4fgIMQSP17nsCgdEArNw9dszE1gg9lgVIpVKF F+VXdFsI6QW/hLj1LO26PWCIQInzGA8PvqvfzH6KVvUH+b8hb1KiPFMDyhSATh4Y dhM8SdhYCb/wyeBzY6n0T8CeXQWZhnm34tlRxhif/xMblCgJZfw5hgozyaH18FV AIxdfeXU14fk/r1mbZ3ZPMKDZkTmNIrJE0IdPHrKsGCj6F0sa6UylwZXgHTUDn65 tEaLsYNwGgED3UH+ABHSiMpKJiiMSAvbRBTvpDGR9PmRAoHAMfO6vE906KLlAjWH qxgM6JfqjBuy9otMrEtGtIDHM9EvounuE5uWfI5tDTgzhV+Z0UKl62+L8tHh5aik W2EbA4qUleyGUYUW7Ll0GxVXlfuGNHfN0DzQ2nv1ogOP6svBbR9sZL+fpT97aAFQ WJXDdaCC9TxB0DYQ642k9zPHXV5DCNyxy5amrkQfxd3U4k6xnIn1uaY68wxTPp1w OKS8mSSGNxVHm5X25iZu4fRjBFZ/bKWhWEFd8eXf8eQ8Sj/ZAoHAHZotPnbUCtwl GAgxfdG/NmOA8x+p49iYa6q2JnflqnggKWmnX5zAxLCv3fnO5tL8wzulTOtNt/jg gFgOyXzDwT/oM4M9fasfXzWqLBSRvHkaSX7fZX1C2h1ZxTutb4PpqHxAuw9pPVlj fKF7aCV6WA3vt2qenL7ulNZGjih6RKzQznzuTk5VQpeWOuBt5xaqxn+nxL9fNR9A o1PN5/G8vTGMAbl3V/7fAiUJtpr9jRtnHX2JfCCsCmXMP2r1lja5 -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIFDTCCAvWgAwIBAgIQWfPVkxLxmMwW9SwmQySLeDANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAe0ZXN0IENBMB4XDTIxMTIxOTIwMjgzN1oXDTIxMTIyMzIwMjgz N1owKjEoMCYGA1UEAwwfb2tjZXJ0LXJzYS00MDk2LXJzYS0zMDdyLW9rLnBlbTCC AaIwDQYJKoZIhvdNAQEBBQADggGPADCCAYoCggGBAL10UzsNkmMFLENx8QmSR4Di BUDuESv1GqtbxdZlFkGSm1QpxIHNawDVl/yjryeoKj21myBZk+EEIS4Q4Bb8/rz zfqWLnnv7rZQv2JVwLU8zGrLeOBqZ+SbAFWsjjgdodQyPK/TbCD7BwAbau1my/yD QEylAf71f7/kNAXqB30/TzlYJxLI1fu6sPAT9reXfDlXs3z3wPSPdX7iMKeGOXtY lRGwxKEYGxxQo+6M4eaQivAjALfVI1+OQm6p2FI+6RBLo6h/P/Y6Pr2SzOnYqPmw 2T59Uvl61jedmqsU3oGvyfbPHX/KA4R8h6uCrSLnqyWmQ3mQu4s8eqqzb4VlEy4Q Nfx/DHHjPVT8X4aNw5EWdSaTCrUXL/aA8hA3FVt08pSv5r7jH+But50Q30fyZhKg yML5Dp8CnHvlTX0fbVdE92bPsPWWnOJ+VS75nZ1UoU6OFDp98AOKFCWiakrjU2+f GlkSJh34Ks3fl4HC4GSOzy3TyR9JqE9YKo3dtTwQDwIDAQABo4HGMIHDMAkGA1Ue EwQCMAAwHQYDVR0OBBYEFGOEwRZNu13M69hUv4CZCpgqS/uBMEkGA1UeIwRCMECA FH43Xlh6S97xAT5KeAiZ98abBYnoRakFDASMRAwDgYDVQQDDAe0ZXN0IENBghBB mFt3q9hBuQ/8LVp8owX+MBMGA1UeJQQMMAoGCCsGAQUFBwMBMAsGA1UeDwQEAwIF oDAqBgNVHREEIzAhgh9va2NldnQtdnNhLTQwOTYtdnNhLTMwNzItb2sudGVtMA0G CSqGSIb3DQEBCwUAA4ICAQBufIqjq4hM173+jW/urD0Q8+SIOCi3dBnmwv42TYW9 o+NUonP0XQ8APKLdaKaKY8OsduV7Gwrv5a/hKy5dg5dfYdQvLWMqulWOZA3dXT4 48AgWC6WPz8m1eV/AIIjnltv2N9nWMqrvD3ag8MEKEn/XApOnE6YLpDMzym7Jmnf biA9I70TOtWybyZ95RJVStOOVWou262FewbjKLfrfd0bu8jRAJxJRvImZUfKp1it Vmk0pkkbUl62kFIu4+xfhbCD8IUmv7NnRh/sOTWXt8N5A2p0fpUAuBTYnup2Xdam 2Mex+7sOlQ3bShpq6nL0MnbZM0tLVxNTPiSh5iwujE51fal6dwrGDrJw1yzfl92J soXKI15F8HaTjC4dXS8xnnS+XHGyg5Q8f0nZwgS+UO5Cx62aRUFiDkHeTD4kRT9u OZfFdfjfx7JNsOqs5YpUytuZinYRU68hUfJSpf04ZuzMHMfnDlyn/JC3dndekj1x wwwk+iOpMHhb426qiYDeJvNoHPruCQB2z9Rwf4vbNaGZjXK48nGCmzK4bEDMQoX5 fqj9nt5nONQMe4wxIWFDzx5CoKW1aEtpehf4vAogkXVlvW18iM693F+y6WIGf4/B aIA3Sp4fL2X5As0vPTlYbyFWjv9AFuVnLfJJTr0dlkKn5/lOuW3V/rtq5mCAUIHG qg== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-4096-rsa-4096-extrabegin.pem000066400000000000000000000122071474542230700250070ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIJJwIBAAKCAgEAvyGn5FCLgLFUp0//+NlaBWTGVr7DTpS85stVjRH9yjf9HR3B XXXqD9q6KN59VwhGmzxcE1mDdnzTpovsCTYB/ruvQy0pYKqVqnRDsvQ4pzXX1QBz HIKOTgW5+eVZpXfqINez/kjFQDJVLr6LbjEhOIjgXTrwWBKN7Yo43lhq1qDDistv NA/9Gi4qa0OS1ZMw8447nWnf0jewve2ZkNmpmt6GIb/x6KA99ponzUD3EBMwr9JH E6EYp+b/Z9ZRhNwdY4uKbeTnxVntNKx8LmHZQNbjNkltQ4a7NWRlt/A6mmQwDlHg 44yrcbVJHlnEvDiMheX4WpZygscaUuMWHGvrrmUJsarNiOC+9K2qBETPltA0E+1A dWBKBg38XFKJB5U3j77bYI1d/2uDrZMoSAk3kDOL/wqY2RVJtXykyTLSHSsR4w/r K9YbD99orR5QTHKO5s5sxLIAa1EWYyACtMyHssSUfC2VElWnHRseIXwTeKdrYxt+ VRH/8ZClSSYkBrNTarEO7J81ZVh+0Mi0q/MliYQPaqBbyT7tCSbOAoR0dfXNytAi OnGVA0aG7B5lUve8v53mPZE5vwrjqrgSoM4YyczOdKvlVJ/GKya6ZjMwgCFF10jX FF1Rxhp7ufGBuz2/YIBfbFCYAtSlwxJEezzB66hpc9rLNs/atatYB2NkQpkCAwEA AQKCAgBDVWgAVx/ORqq8BsL2uBuuqsH07V+A34VtCVUqTZxLEU5qY4Erm87JpxTO MROXBaNaLPmDF5XouDEYC1MsK4qoYxZrZA2fsHjpg+wVr1QGFEHlGDN1Z8kaU4oh L1tVn9krmNIgUyKqaxD3VsloGIbLk+z26zygymiVtowySJPa6Of6jZCvlrJj9r+a 6kNgWmp0Yzc9TX88X8I0JvBix0uo85vtZ+GhQlKR/dznwmtHjnsodbv0flxhSk/Q FQDC/Yic+RvbezjrnbKjS+CztmUDIrEI/vUvRNfPB3+OPWNn4MPNR6sifvwnIuaP erCEXqeixFGqGDZfPCVZ7gZsHNj6CkUmZb3/YVu14pbQhoLFvd5jHOUD/cSjV12g nZX/tDu82hMv3T0z0a0rjAHFVqtuAShcAlKTiKApUbDBduIjHmgQ5R4hpkFN0vIy 0hoToxhLfvtFzLDN2pjCkTXaveQnKoZBexYTtua91TGj4Pu6E8paR91hf1F42wVH 1WVkBEL6/ofHl7azwol2WAjTTB3R7fHiVXnc3k6sMb+kcp1OU8Goqh1s4oOksiYW dPgHvpJU4ypTb5yXnL1xDgSWnA9QGOtWAlQJrOD4LCTsgIXuMX3kRyzb7CFLkshH +K0wQCFBAaMEtSP2lU/tEkhuIIGvYkFjw1zC20zNmw/xNVb+wQKCAQEA+VM9jFYp hxqjrWbyoDZW4iWBh9iUWTk0h9JsPfiElFuqfHE/MBoejGWyqmsXibuhmFfkFmFQ dNrm+0ONoCV/DtZWxJNonbLxZvHXc1dqy0USYdp0u91ENaVULybiO7cYR6z/tkmZ nP2KEKcoo2wcELSw6VP0QdBDaJL/OQhdmunq8fIclkTm1MYHfHkNhxlX3KfnBQUT VUK+GqJiKaJ9l7BDj3n7nG1AYUOMtLVnKgmYXdqd3XtzGT/K5RSTv4tKRrDU7xk2 oiu2C5aKgpM98Hsso4EHyTfhFQtqJ0mV7k2pQ+KLXrSNTW0T9aE5y1SLugSxQ8oe Q/lqDFRuwQTdGwKCAQEAxD+VLG7M0XJiZ+erTt+46kkbDX+kUrkqoJY+5xMdPCnx b6c514grN89rSL8gQp/k4vu4jSiRBKCjBRUW8TFirCn+C08sBRped8EazzKnI9/B XFoyxzp0J0EwibDvQ6eQ7CryEp7d4KQFsQ6OMeT6Ie4RnfHbyy+W9HdhOcd29ZAB PN07jMXJ/Owi31A//HIMRIuzx7uhPikzcpTCvza6Q1OtcTMUE/OzZZZN53yCWZAq YfBoPZbU+hmFOA1vKAipenUZHE8WtOzlb/kvMFI6qDsUUy78KESQh50To09JiAVO iI0hQOqaU4YB796uzglRVw5LrHcA3JrD/nyhRMmeWwKCAQB0Hbpac35ft55nEb0J tIT+Sa1r0Qg2DZhTcUKMEgPc/FwIHM3q3x8/D9YH3FxX/xShWL2XVrcb1R8iAjIh VZU5GcXLQ0PDviUDZrqKszm/dWm8PPuEyuYLffYZB6jxWrJqHz3wbZKnNMVqQA+D HMRtW1nRMRJe3FmoiF1o+GZv0WVkTPfXXDuM+LVf2RjdxIXQ9Dl5cwWv/ad/zASf k1een663UX5HOfJz2fvb5WgogdN+UmSXU/kk1zrtOYod+QccqRpiSIHTQTxFZVUY vu5n41XEyEESC34+SNSle3XiSDT+srFp5/ivCI/1I6NA+R0iAzFzetxhl/U1zNTP /C3lAoIBABbf7mxicd9L/Optl4s3Cp/Ma6nUIfw+dxiGysg2cybrIKhKDrTvu1Hj DHdLR+BcMNrASo+xlc27R6U1AxqUDhNRRbpdvRzPKQm+aXiTR+Ynk6tHHDoatyVI NPcnt4vkQUE19Ed1WxlvJPaxYqOwM/O2gzks0tjJMEhIjf2lIVmYMny8sM9E0rl3 cM0k1oB/bqyiuA7k8POE6+lEK7sMDwQAAex67rEwq82Aio4b9jmoUzhdRFlBdou8 Y8nXzwgUkmSit42ULmpiXpABtJ1mSE4JrOHRTTUIYOxdw8c6W7DOJYxHHwQpFFn9 +cXS5/8+GMwT74An0uLj60qDjmytL5cCggEAQvXZYEIWC/OzY45HAQhVbtbufaME zO9kAUPOnVk6NvzWyfRcAP/5/LTxIWBuJ1EHjqfq2scstjYxmAOgesMdlUPVF9tS Csu6fEjOEe1W/VyPKR0D3TrJWTNxiBOg+QZbBtJbs+3KC7JBIzkOCfDUhWf/AF/Z oQ0T+wDCfyJArwAEANHYjR3OWlKo+Jrck3q8H3awrqd2QRCt3aLxsxPqWItD1CWT pcYDArq6Lx01gE56mEBgn+Vph7IZ3pJ5EUhVphjLGba5QRAx2rZ+qQ/Oqv4upWRH I8fzmhwf3DjZx3d8NtiiZ9+ywzgzUEPZgYAq/ztk/afAinlzOSIO9l4WoQ== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIFjTCCA3WgAwIBAgIQN8d/PjTRhhPs1n/mAZKuLDANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjg0MFoXDTIxMTIyMzIwMjg0 MFowKjEoMCYGA1UEAwwfb2tjZXJ0LXJzYS00MDk2LXJzYS00MDk2LW9rLnBlbTCC AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL8hp+RQi4CxVKdP//jZWgVk xla+w06UvObLVY0R/co3/R0dwV116g/auijefVcIRps8XBNZg3Z806aL7Ak2Af67 r0MtKWCqlap0Q7L0OKc119UAcxyCjk4FufnlWaV36iDXs/5IxUAyVS6+i24xITiI 4F068FgSje2KON5Yatagw4rLbzQP/RouKmtDktWTMPOOO51p39I3sL3tmZDZqZre hiG/8eigPfaaJ81A9xATMK/SRxOhGKfm/2fWUYTcHWOLim3k58VZ7TSsfC5h2UDW 4zZJbUOGuzVkZbfwOppkMA5R4OOMq3G1SR5ZxLw4jIXl+FqWcoLHGlLjFhxr665l CbGqzYjgvvStqgREz5bQNBPtQHVgSgYN/FxSiQeVN4++22CNXf9rg62TKEgJN5Az i/8KmNkVSbV8pMky0h0rEeMP6yvWGw/faK0eUExyjubObMSyAGtRFmMgArTMh7LE lHwtlRJVpx0bHiF8E3ina2MbflUR//GQpUkmJAazU2qxDuyfNWVYftDItKvzJYmE D2qgW8k+7QkmzgKEdHX1zcrQIjpxlQNGhuweZVL3vL+d5j2ROb8K46q4EqDOGMnM znSr5VSfxismumYzMIAhRddI1xRdUcYae7nxgbs9v2CAX2xQmALUpcMSRHs8weuo aXPayzbP2rWrWAdjZEKZAgMBAAGjgcYwgcMwCQYDVR0TBAIwADAdBgNVHQ4EFgQU HQt6ijehAYSk6PN5vkEXpUcAdu4wSQYDVR0jBEIwQIAUfjdeWHpL3vEBPkp10CJn 3xpsFiehFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GCEEGYW3er2EG5D/wtWnyjBf4w EwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMCoGA1UdEQQjMCGCH29r Y2VydC1yc2EtNDA5Ni1yc2EtNDA5Ni1vay5wZW0wDQYJKoZIhvcNAQELBQADggIB AL61vfkuAUDJMYLUpPJ6SUbK/QIKoCS376tRSI3mcJpPvpWc+PhnZ1Ibp4ZP1AZ7 vow8Zhy7VuEDAco4krLRD9FqAcmi15aoMdghxLwsOn1f1wltIiDZ7c3OWyI7uTUk dLFDycdnEgiPs3k+q1cfOxzom7XFQ/g/p5zcbeUgmJ0AHXQWYDcyjvqLVxgDnNyB 7/mi26KSjz4lU+kPeAaIrywmjemwWkZcvgBIY/TiWe+X9X83nyURERALSWwBXOnu vkaY9ksNgxbVqprBe9uppCoW7IGlZ/MO2IrvJdfBIUU250IhXF1YojdTnPU2WZ/E QKfi6KtXGoUPSOZfCMqPrGHFTt8bmKdHrz0ao3tmxrM9DsvH83ZLEe9KSuxhyHkV FwO1D1dy+QsaakZpW8Cnfu7d6y4AsTpkbahP/6rPKPl0eR2MLfTVYTicbsD5L9MD A0moTy/P7elZoAyf5Jfu43VFH14lvQclAqBA2eYsdtn4cjIrGx98jGkUGF2cSkkE iBI6vfoxZVaTIN4WVE8yiK9QNevNqRjD98p9OwFdJsrXhA2/0IoQ38h0FAaAMs/L aTAICtXze6IrfLJ1P/2Jh5zHlAFqlc9KcG2cn8v1770G1geYl0KGbla32xk8LzW0 LzzjqExeYXcFT4vsWJJ30QHdb1xKohOtNbDWhWvtEX8B -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badcert-rsa-4096-rsa-4096-keyonly.pem000066400000000000000000000062531474542230700243550ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIJJwIBAAKCAgEAvyGn5FCLgLFUp0//+NlaBWTGVr7DTpS85stVjRH9yjf9HR3B XXXqD9q6KN59VwhGmzxcE1mDdnzTpovsCTYB/ruvQy0pYKqVqnRDsvQ4pzXX1QBz HIKOTgW5+eVZpXfqINez/kjFQDJVLr6LbjEhOIjgXTrwWBKN7Yo43lhq1qDDistv NA/9Gi4qa0OS1ZMw8447nWnf0jewve2ZkNmpmt6GIb/x6KA99ponzUD3EBMwr9JH E6EYp+b/Z9ZRhNwdY4uKbeTnxVntNKx8LmHZQNbjNkltQ4a7NWRlt/A6mmQwDlHg 44yrcbVJHlnEvDiMheX4WpZygscaUuMWHGvrrmUJsarNiOC+9K2qBETPltA0E+1A dWBKBg38XFKJB5U3j77bYI1d/2uDrZMoSAk3kDOL/wqY2RVJtXykyTLSHSsR4w/r K9YbD99orR5QTHKO5s5sxLIAa1EWYyACtMyHssSUfC2VElWnHRseIXwTeKdrYxt+ VRH/8ZClSSYkBrNTarEO7J81ZVh+0Mi0q/MliYQPaqBbyT7tCSbOAoR0dfXNytAi OnGVA0aG7B5lUve8v53mPZE5vwrjqrgSoM4YyczOdKvlVJ/GKya6ZjMwgCFF10jX FF1Rxhp7ufGBuz2/YIBfbFCYAtSlwxJEezzB66hpc9rLNs/atatYB2NkQpkCAwEA AQKCAgBDVWgAVx/ORqq8BsL2uBuuqsH07V+A34VtCVUqTZxLEU5qY4Erm87JpxTO MROXBaNaLPmDF5XouDEYC1MsK4qoYxZrZA2fsHjpg+wVr1QGFEHlGDN1Z8kaU4oh L1tVn9krmNIgUyKqaxD3VsloGIbLk+z26zygymiVtowySJPa6Of6jZCvlrJj9r+a 6kNgWmp0Yzc9TX88X8I0JvBix0uo85vtZ+GhQlKR/dznwmtHjnsodbv0flxhSk/Q FQDC/Yic+RvbezjrnbKjS+CztmUDIrEI/vUvRNfPB3+OPWNn4MPNR6sifvwnIuaP erCEXqeixFGqGDZfPCVZ7gZsHNj6CkUmZb3/YVu14pbQhoLFvd5jHOUD/cSjV12g nZX/tDu82hMv3T0z0a0rjAHFVqtuAShcAlKTiKApUbDBduIjHmgQ5R4hpkFN0vIy 0hoToxhLfvtFzLDN2pjCkTXaveQnKoZBexYTtua91TGj4Pu6E8paR91hf1F42wVH 1WVkBEL6/ofHl7azwol2WAjTTB3R7fHiVXnc3k6sMb+kcp1OU8Goqh1s4oOksiYW dPgHvpJU4ypTb5yXnL1xDgSWnA9QGOtWAlQJrOD4LCTsgIXuMX3kRyzb7CFLkshH +K0wQCFBAaMEtSP2lU/tEkhuIIGvYkFjw1zC20zNmw/xNVb+wQKCAQEA+VM9jFYp hxqjrWbyoDZW4iWBh9iUWTk0h9JsPfiElFuqfHE/MBoejGWyqmsXibuhmFfkFmFQ dNrm+0ONoCV/DtZWxJNonbLxZvHXc1dqy0USYdp0u91ENaVULybiO7cYR6z/tkmZ nP2KEKcoo2wcELSw6VP0QdBDaJL/OQhdmunq8fIclkTm1MYHfHkNhxlX3KfnBQUT VUK+GqJiKaJ9l7BDj3n7nG1AYUOMtLVnKgmYXdqd3XtzGT/K5RSTv4tKRrDU7xk2 oiu2C5aKgpM98Hsso4EHyTfhFQtqJ0mV7k2pQ+KLXrSNTW0T9aE5y1SLugSxQ8oe Q/lqDFRuwQTdGwKCAQEAxD+VLG7M0XJiZ+erTt+46kkbDX+kUrkqoJY+5xMdPCnx b6c514grN89rSL8gQp/k4vu4jSiRBKCjBRUW8TFirCn+C08sBRped8EazzKnI9/B XFoyxzp0J0EwibDvQ6eQ7CryEp7d4KQFsQ6OMeT6Ie4RnfHbyy+W9HdhOcd29ZAB PN07jMXJ/Owi31A//HIMRIuzx7uhPikzcpTCvza6Q1OtcTMUE/OzZZZN53yCWZAq YfBoPZbU+hmFOA1vKAipenUZHE8WtOzlb/kvMFI6qDsUUy78KESQh50To09JiAVO iI0hQOqaU4YB796uzglRVw5LrHcA3JrD/nyhRMmeWwKCAQB0Hbpac35ft55nEb0J tIT+Sa1r0Qg2DZhTcUKMEgPc/FwIHM3q3x8/D9YH3FxX/xShWL2XVrcb1R8iAjIh VZU5GcXLQ0PDviUDZrqKszm/dWm8PPuEyuYLffYZB6jxWrJqHz3wbZKnNMVqQA+D HMRtW1nRMRJe3FmoiF1o+GZv0WVkTPfXXDuM+LVf2RjdxIXQ9Dl5cwWv/ad/zASf k1een663UX5HOfJz2fvb5WgogdN+UmSXU/kk1zrtOYod+QccqRpiSIHTQTxFZVUY vu5n41XEyEESC34+SNSle3XiSDT+srFp5/ivCI/1I6NA+R0iAzFzetxhl/U1zNTP /C3lAoIBABbf7mxicd9L/Optl4s3Cp/Ma6nUIfw+dxiGysg2cybrIKhKDrTvu1Hj DHdLR+BcMNrASo+xlc27R6U1AxqUDhNRRbpdvRzPKQm+aXiTR+Ynk6tHHDoatyVI NPcnt4vkQUE19Ed1WxlvJPaxYqOwM/O2gzks0tjJMEhIjf2lIVmYMny8sM9E0rl3 cM0k1oB/bqyiuA7k8POE6+lEK7sMDwQAAex67rEwq82Aio4b9jmoUzhdRFlBdou8 Y8nXzwgUkmSit42ULmpiXpABtJ1mSE4JrOHRTTUIYOxdw8c6W7DOJYxHHwQpFFn9 +cXS5/8+GMwT74An0uLj60qDjmytL5cCggEAQvXZYEIWC/OzY45HAQhVbtbufaME zO9kAUPOnVk6NvzWyfRcAP/5/LTxIWBuJ1EHjqfq2scstjYxmAOgesMdlUPVF9tS Csu6fEjOEe1W/VyPKR0D3TrJWTNxiBOg+QZbBtJbs+3KC7JBIzkOCfDUhWf/AF/Z oQ0T+wDCfyJArwAEANHYjR3OWlKo+Jrck3q8H3awrqd2QRCt3aLxsxPqWItD1CWT pcYDArq6Lx01gE56mEBgn+Vph7IZ3pJ5EUhVphjLGba5QRAx2rZ+qQ/Oqv4upWRH I8fzmhwf3DjZx3d8NtiiZ9+ywzgzUEPZgYAq/ztk/afAinlzOSIO9l4WoQ== -----END RSA PRIVATE KEY----- tlswrapper-20250201/testcerts/badcert-rsa-4096-rsa-4096-malformed.pem000066400000000000000000000121461474542230700246270ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIJJwIBAAKCAgEAvyGn5FCLgLFUp0//+NlaBWTGVr7DTpS85stVjRH9yjf9HR3B XXXqD9q6KN59VwhGmzxdE1mDenzTpovsCTYB/ruvQy0pYKqVqnRDsvQ4pzXX1QBz HIKOTgW5+fVZpXfqINfz/kjFQDJVLr6LbjEhOIjgXTrwWBKN7Yo43lhq1qDDistv NA/9Gi4qa0OS1ZMw8447nWnf0jfwvf2ZkNmpmt6GIb/x6KA99ponzUD3EBMwr9JH E6EYp+b/Z9ZRhNweY4uKbfTnxVntNKx8LmHZQNbjNkltQ4a7NWRlt/A6mmQwDlHg 44yrdbVJHlnEvDiMhfX4WpZygsdaUuMWHGvrrmUJsarNiOC+9K2qBETPltA0E+1A eWBKBg38XFKJB5U3j77bYI1e/2uDrZMoSAk3kDOL/wqY2RVJtXykyTLSHSsR4w/r K9YbD99orR5QTHKO5s5sxLIAa1EWYyACtMyHssSUfC2VElWnHRsfIXwTfKerYxt+ VRH/8ZClSSYkBrNTarEO7J81ZVh+0Mi0q/MliYQPaqBbyT7tCSbOAoR0efXNytAi OnGVA0aG7B5lUvf8v53mPZE5vwrjqrgSoM4YydzOeKvlVJ/GKya6ZjMwgCFF10jX FF1Rxhp7ufGBuz2/YIBfbFCYAtSlwxJEfzzB66hpd9rLNs/atatYB2NkQpkCAwEA AQKCAgBDVWgAVx/ORqq8BsL2uBuuqsH07V+A34VtCVUqTZxLEU5qY4Erm87JpxTO MROXBaNaLPmDF5XouDEYC1MsK4qoYxZrZA2fsHjpg+wVr1QGFEHlGDN1Z8kaU4oh L1tVn9krmNIgUyKqaxD3VsloGIbLk+z26zygymiVtowySJPa6Of6jZCvlrJj9r+a 6kNgWmp0Yzd9TX88X8I0JvBix0uo85vtZ+GhQlKR/eznwmtHjnsoebv0flxhSk/Q FQDC/Yid+RvbfzjrnbKjS+CztmUDIrEI/vUvRNfPB3+OPWNn4MPNR6sifvwnIuaP frCEXqfixFGqGDZfPCVZ7gZsHNj6CkUmZb3/YVu14pbQhoLFve5jHOUD/dSjV12g nZX/tDu82hMv3T0z0a0rjAHFVqtuAShdAlKTiKApUbDBeuIjHmgQ5R4hpkFN0vIy 0hoToxhLfvtFzLDN2pjCkTXavfQnKoZBfxYTtua91TGj4Pu6E8paR91hf1F42wVH 1WVkBEL6/ofHl7azwol2WAjTTB3R7fHiVXnd3k6sMb+kdp1OU8Goqh1s4oOksiYW ePgHvpJU4ypTb5yXnL1xDgSWnA9QGOtWAlQJrOD4LCTsgIXuMX3kRyzb7CFLkshH +K0wQCFBAaMEtSP2lU/tEkhuIIGvYkFjw1zC20zNmw/xNVb+wQKCAQEA+VM9jFYp hxqjrWbyoDZW4iWBh9iUWTk0h9JsPfiElFuqfHE/MBofjGWyqmsXibuhmFfkFmFQ eNrm+0ONoCV/DtZWxJNonbLxZvHXd1eqy0USYep0u91ENaVULybiO7dYR6z/tkmZ nP2KEKdoo2wdELSw6VP0QeBDaJL/OQhemunq8fIdlkTm1MYHfHkNhxlX3KfnBQUT VUK+GqJiKaJ9l7BDj3n7nG1AYUOMtLVnKgmYXeqe3XtzGT/K5RSTv4tKRrDU7xk2 oiu2C5aKgpM98Hsso4EHyTfhFQtqJ0mV7k2pQ+KLXrSNTW0T9aE5y1SLugSxQ8of Q/lqDFRuwQTeGwKCAQEAxD+VLG7M0XJiZ+frTt+46kkbDX+kUrkqoJY+5xMePCnx b6d514grN89rSL8gQp/k4vu4jSiRBKCjBRUW8TFirCn+C08sBRpfe8EazzKnI9/B XFoyxzp0J0EwibDvQ6fQ7CryEp7e4KQFsQ6OMfT6If4RnfHbyy+W9HehOde29ZAB PN07jMXJ/Owi31A//HIMRIuzx7uhPikzdpTCvza6Q1OtdTMUE/OzZZZN53yCWZAq YfBoPZbU+hmFOA1vKAipfnUZHE8WtOzlb/kvMFI6qDsUUy78KESQh50To09JiAVO iI0hQOqaU4YB796uzglRVw5LrHdA3JrD/nyhRMmfWwKCAQB0Hbpad35ft55nEb0J tIT+Sa1r0Qg2DZhTdUKMEgPd/FwIHM3q3x8/D9YH3FxX/xShWL2XVrdb1R8iAjIh VZU5GdXLQ0PDviUDZrqKszm/eWm8PPuEyuYLfYZB6jxWrJqHz3wbZKnNMVqQA+D HMRtW1nRMRJf3FmoiF1o+GZv0WVkTPfXXDuM+LVf2RjexIXQ9Dl5dwWv/ae/zASf k1fn663UX5HOfJz2fvb5WgogeN+UmSXU/kk1zrtOYoe+QdqRpiSIHTQTxFZVUY vu5n41XEyEESC34+SNSlf3XiSDT+srFp5/ivCI/1I6NA+R0iAzFzftxhl/U1zNTP /C3lAoIBABbf7mxide9L/Optl4s3Cp/Ma6nUIfw+exiGysg2dybrIKhKDrTvu1Hj DHeLR+BdMNrASo+xld27R6U1AxqUDhNRRbpevRzPKQm+aXiTR+Ynk6tHHDoatyVI NPdnt4vkQUE19Ee1WxlvJPaxYqOwM/O2gzks0tjJMEhIjf2lIVmYMny8sM9E0rl3 dM0k1oB/bqyiuA7k8POE6+lEK7sMDwQAAfx67rEwq82Aio4b9jmoUzheRFlBeou8 Y8nXzwgUkmSit42ULmpiXpABtJ1mSE4JrOHRTTUIYOxew8d6W7DOJYxHHwQpFFn9 +dXS5/8+GMwT74An0uLj60qDjmytL5dCggEAQvXZYEIWC/OzY45HAQhVbtbufaME zO9kAUPOnVk6NvzWyfRdAP/5/LTxIWBuJ1EHjqfq2sdstjYxmAOgfsMelUPVF9tS Csu6fEjOEf1W/VyPKR0D3TrJWTNxiBOg+QZbBtJbs+3KC7JBIzkOCfDUhWf/AF/Z oQ0T+wDCfyJArwAEANHYjR3OWlKo+Jrdk3q8H3awrqe2QRCt3aLxsxPqWItD1CWT pdYDArq6Lx01gE56mEBgn+Vph7IZ3pJ5EUhVphjLGba5QRAx2rZ+qQ/Oqv4upWRH I8fzmhwf3DjZx3e8NtiiZ9+ywzgzUEPZgYAq/ztk/afAinlzOSIO9l4WoQ== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIFjTCCA3WgAwIBAgIQN8e/PjTRhhPs1n/mAZKuLDANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAe0ZXN0IENBMB4XDTIxMTIxOTIwMjg0MFoXDTIxMTIyMzIwMjg0 MFowKjEoMCYGA1UEAwwfb2tjZXJ0LXJzYS00MDk2LXJzYS00MDk2LW9rLnBlbTCC AiIwDQYJKoZIhvdNAQEBBQADggIPADCCAgoCggIBAL8hp+RQi4CxVKeP//jZWgVk xla+w06UvObLVY0R/do3/R0ewV116g/auijfVdIRps8XBNZg3Z806aL7Ak2Af67 r0MtKWCqlap0Q7L0OKd119UAdxyCjk4FufnlWaV36iDXs/5IxUAyVS6+i24xITiI 4F068FgSjf2KON5Yatagw4rLbzQP/RouKmtDktWTMPOOO51p39I3sL3tmZDZqZrf hiG/8figPfaaJ81A9xATMK/SRxOhGKfm/2fWUYTdHWOLim3k58VZ7TSsfC5h2UDW 4zZJbUOGuzVkZbfwOppkMA5R4OOMq3G1SR5ZxLw4jIXl+FqWdoLHGlLjFhxr665l CbGqzYjgvvStqgREz5bQNBPtQHVgSgYN/FxSiQfVN4++22CNXf9rg62TKEgJN5Az i/8KmNkVSbV8pMky0h0rEfMP6yvWGw/faK0fUExyjubObMSyAGtRFmMgArTMh7LE lHwtlRJVpx0bHiF8E3ina2MbflUR//GQpUkmJAazU2qxDuyfNWVYftDItKvzJYmE D2qgW8k+7QkmzgKEeHX1zdrQIjpxlQNGhuwfZVL3vL+e5j2ROb8K46q4EqDOGMnM znSr5VSfxismumYzMIAhReI1xReUdYaf7nxgbs9v2CAX2xQmALUpdMSRHs8wfuo aXPayzbP2rWrWAejZEKZAgMBAAGjgdYwgdMwCQYDVR0TBAIwADAeBgNVHQ4EFgQU HQt6ijfhAYSk6PN5vkEXpUdAeu4wSQYDVR0jBEIwQIAUfjefWHpL3vEBPkp10CJn 3xpsFifhFqQUMBIxEDAOBgNVBAMMB3Rld3QgQ0GCEEGYW3fr2EG5D/wtWnyjBf4w EwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMCoGA1UeEQQjMCGCH29r Y2VyeC1yd2EtNDA5Ni1yd2EtNDA5Ni1vay5wZW0wDQYJKoZIhvdNAQELBQADggIB AL61vfkuAUDJMYLUpPJ6SUbK/QIKoCS376tRSI3mdJpPvpWd+PhnZ1Ibp4ZP1AZ7 vow8Zhy7VuEDAdo4krLRD9FqAdmi15aoMeghxLwsOn1f1wltIiDZ7d3OWyI7uTUk eLFDydenEgiPs3k+q1dfOxzom7XFQ/g/p5zdbfUgmJ0AHXQWYDdyjvqLVxgDnNyB 7/mi26KSjz4lU+kPfAaIrywmjfmwWkZdvgBIY/TiWf+X9X83nyURERALSWwBXOnu vkaY9ksNgxbVqprBf9uppCoW7IGlZ/MO2IrvJefBIUU250IhXF1YojeTnPU2WZ/E QKfi6KtXGoUPSOZfCMqPrGHFTt8bmKeHrz0ao3tmxrM9DsvH83ZLEf9KSuxhyHkV FwO1D1ey+QsaakZpW8Cnfu7e6y4AsTpkbahP/6rPKPl0fR2MLfTVYTidbsD5L9MD A0moTy/P7flZoAyf5Jfu43VFH14lvQdlAqBA2fYsetn4djIrGx98jGkUGF2dSkkE iBI6vfoxZVaTIN4WVE8yiK9QNfvNqRjD98p9OwFeJsrXhA2/0IoQ38h0FAaAMs/L aTAICtXzf6IrfLJ1P/2Jh5zHlAFqld9KdG2dn8v1770G1gfYl0KGbla32xk8LzW0 LzzjqExfYXdFT4vsWJJ30QHeb1xKohOtNbDWhWvtEX8B -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-ec-prime256v1-ec-prime256v1-certonly.pem000066400000000000000000000014221474542230700264060ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIICFzCCAb2gAwIBAgIRAM7UWb/F1gg3xp4ZTzZBUVMwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI3NTNaFw0yMTEyMjMyMDI3NTNa MDQxMjAwBgNVBAMMKW9rY2VydC1lYy1wcmltZTI1NnYxLWVjLXByaW1lMjU2djEt b2sucGVtMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEX3krIIsA2hrhx6IR5p5d L4Uf+QlZ2VrrF0alfnWsS0laX8443F3cn1ZHT81k6QGJwccH1WSUu1uaXT26mF4e jKOB0TCBzjAJBgNVHRMEAjAAMB0GA1UdDgQWBBRi72oYle1qmbT59QOWleoKVN5K 2DBKBgNVHSMEQzBBgBQXFXOPkivCOM+MhouDpqbvcxQssqEWpBQwEjEQMA4GA1UE AwwHdGVzdCBDQYIRAJuxSLDF647ARzz6DZ0C4pMwEwYDVR0lBAwwCgYIKwYBBQUH AwEwCwYDVR0PBAQDAgWgMDQGA1UdEQQtMCuCKW9rY2VydC1lYy1wcmltZTI1NnYx LWVjLXByaW1lMjU2djEtb2sucGVtMAoGCCqGSM49BAMCA0gAMEUCIQCsWidVQMFY rOlSm6JLGAi5GPfXqwNdvwdQjKznDhZCZwIgMgT3GiKua3li5LSHtfwlqJkLW64O 4enkdU3clu690xk= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-ec-prime256v1-ec-secp384r1-certonly.pem000066400000000000000000000014661474542230700262320ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIICMTCCAdigAwIBAgIRAIIKGCDQlOKRaW03shZFlxowCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI3NTNaFw0yMTEyMjMyMDI3NTNa MDMxMTAvBgNVBAMMKG9rY2VydC1lYy1wcmltZTI1NnYxLWVjLXNlY3AzODRyMS1v ay5wZW0wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASraVLBOiUwbyBOWD9bnI0uO+oi xbVBeYFx1Ucb1cWliySmQ17/fEl9IPeLMVXuIZ3RJi2qtbHKVnu5ziszQN6yGfS+ 2saHdIuYKA/mt6TAnIxoPnTD25tRcpw5kmBcOI2jgdAwgc0wCQYDVR0TBAIwADAd BgNVHQ4EFgQUQ/Oqn+KfXMt42OkmN6QtAr/MzIQwSgYDVR0jBEMwQYAUFxVzj5Ir wjjPjIaLg6am73MULLKhFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GCEQCbsUiwxeuO wEc8+g2dAuKTMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAzBgNV HREELDAqgihva2NlcnQtZWMtcHJpbWUyNTZ2MS1lYy1zZWNwMzg0cjEtb2sucGVt MAoGCCqGSM49BAMCA0cAMEQCIGoDcchA+dU8rkzfcVJxmHU0meEAcIqkFJba343V aW6/AiB/KSh14773qJI7fRmgpv3P1Cux15efgkun8rvpkI3lYg== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-ec-prime256v1-ec-secp521r1-certonly.pem000066400000000000000000000015471474542230700262230ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIICVzCCAf2gAwIBAgIQdDspOwtP6FhOgc2xawGTPzAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjc1M1oXDTIxMTIyMzIwMjc1M1ow MzExMC8GA1UEAwwob2tjZXJ0LWVjLXByaW1lMjU2djEtZWMtc2VjcDUyMXIxLW9r LnBlbTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAX3wxoCf2otrTlbe2HEJEodf 6TC1Bq0V0IiYHHvIRGSSqOw4vKMy79IdEurePGzWrWLHIubK87hpPLGmwBtJxuEL AEGsoyCnprP57B2QYyDSUrRq78pp/KCCpCKxnGOZSN6hKz6MkHE5bi+7s8uHJBw2 bzjqX7EWc/BqNdTE78y7N3F6o4HQMIHNMAkGA1UdEwQCMAAwHQYDVR0OBBYEFNRy h0YLpSRC00iRSHP3T2Oymn6YMEoGA1UdIwRDMEGAFBcVc4+SK8I4z4yGi4Ompu9z FCyyoRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghEAm7FIsMXrjsBHPPoNnQLikzAT BgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwMwYDVR0RBCwwKoIob2tj ZXJ0LWVjLXByaW1lMjU2djEtZWMtc2VjcDUyMXIxLW9rLnBlbTAKBggqhkjOPQQD AgNIADBFAiEAn7K/os8q2JHP9vGNtA0wpvk7IkB0SWq1LDNleVcwWZgCIC/DYaco 0uL6AIvFEH/8FXpwP1FApODsjS1qHYojtK5W -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-ec-prime256v1-rsa-2048-certonly.pem000066400000000000000000000020261474542230700253620ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIC1jCCAn2gAwIBAgIQEbwfBfZHo2SltYzoE2cNSjAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjc1M1oXDTIxMTIyMzIwMjc1M1ow LzEtMCsGA1UEAwwkb2tjZXJ0LWVjLXByaW1lMjU2djEtcnNhLTIwNDgtb2sucGVt MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVw5Nuoi5ORTmG+Tsaqu i5YpPGp6nXmM/mVtLEy4oCCjURm/wLLE0RWnIE3Y9MPppAO5NwfxKJEm6dj0/8YC 52eMe6vY3LkeS7P9oOFhJ4aX5AQgUygfiznfsvVHXqo4z3gGx7fB6tNPMJNDCJgA uhfkbSB6+WsDODNc4NuoSVlIBq6/gJg/7tkP4z7YfVdoRoinUF+f0kiTkBZx8p33 q+xFjhVGKtYabwxNgp+wzy9RlKAwkHoI1iQkKiwIcftWxbcKU2bojndqLczZU5tU HuiRuXKL+DNygmtrcvZpDP5B7iIr/CCKFwD8OkWdjvMk/F8wAsIn380MRgiUDUom FQIDAQABo4HMMIHJMAkGA1UdEwQCMAAwHQYDVR0OBBYEFCdLR91gY8xyey6bu3Qp FjFdpHKoMEoGA1UdIwRDMEGAFBcVc4+SK8I4z4yGi4Ompu9zFCyyoRakFDASMRAw DgYDVQQDDAd0ZXN0IENBghEAm7FIsMXrjsBHPPoNnQLikzATBgNVHSUEDDAKBggr BgEFBQcDATALBgNVHQ8EBAMCBaAwLwYDVR0RBCgwJoIkb2tjZXJ0LWVjLXByaW1l MjU2djEtcnNhLTIwNDgtb2sucGVtMAoGCCqGSM49BAMCA0cAMEQCIErqLYBPmMfO HBH6g+glTIfmJe5PJ7CIYmD5/OMphuH6AiA/mmvR6Ktn5zKbSVBgnRlveJbbQwbw IPDw61h/LriSqA== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-ec-prime256v1-rsa-3072-certonly.pem000066400000000000000000000023041474542230700253570ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDWDCCAv6gAwIBAgIRAOolY+iSJRGLpfvjQZ2B++QwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI3NTRaFw0yMTEyMjMyMDI3NTRa MC8xLTArBgNVBAMMJG9rY2VydC1lYy1wcmltZTI1NnYxLXJzYS0zMDcyLW9rLnBl bTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKpn3Z5INkdLp/A7RCQm v3wj7Th/Gec79mPJWnYIC9febPTEaK+cDjY5mHRpnsZjF7ic4okDDwEOcarmxEj3 4HgH/6AF1QOrUTPC5IUt3bxr8HZ01so/9V7ynd98eQStA64YZME3sj7Q4fG6L6cV BuwtjrYVZ55LWUwiZERx4pch+SBJkKslXxlekbPT9CbqmrTJJQaMWNAllzs3YI+T y0rY6wXViiQ/vriVXTM3edx6j+pHTZ8BCUWVB7d5F7+z95wKIZjV3XB45teHtjiF KdFXfSOnA5FbEsePcra9T+CF2wPWslvKvAqfT1d3Hlg6PHLv1D4+Gi4G43+JBC6N nCsoWOW+yZXzq29l9rSGBZ8CxisG26YEEO/1WyO/0WJ21RuMRc9ytyShvQT5fgGR kmYs9+jaOZogKFOoYuVeRM1bRM1mPYn+6WEZG9nd9z4MMlAWTGYlWGgsUyi/XHNd 8WgmoFegMrdoXMrXbFHEPffASdvRKyA3B0nhFLG8SEfFBQIDAQABo4HMMIHJMAkG A1UdEwQCMAAwHQYDVR0OBBYEFIy9mnv26Q0t40o1zvpmQA0BF3edMEoGA1UdIwRD MEGAFBcVc4+SK8I4z4yGi4Ompu9zFCyyoRakFDASMRAwDgYDVQQDDAd0ZXN0IENB ghEAm7FIsMXrjsBHPPoNnQLikzATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8E BAMCBaAwLwYDVR0RBCgwJoIkb2tjZXJ0LWVjLXByaW1lMjU2djEtcnNhLTMwNzIt b2sucGVtMAoGCCqGSM49BAMCA0gAMEUCIFCbkDiXpn3ZjByShJZYxg+IwshzGBNS humr3QGF5L5HAiEAxk2Y347DVe4EaYBht+AVSFbvhuBy6MJfdC2iIxUiORA= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-ec-prime256v1-rsa-4096-certonly.pem000066400000000000000000000025571474542230700254000ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIID1zCCA36gAwIBAgIRALd4GdbxXm24ooXT4fDlWmowCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MDJaFw0yMTEyMjMyMDI4MDJa MC8xLTArBgNVBAMMJG9rY2VydC1lYy1wcmltZTI1NnYxLXJzYS00MDk2LW9rLnBl bTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANeQhBEuAOHWdiUPxBBA dQMOQWiQJQWHP0/vt1VBBBPnplouwvw5VKHPjX08hG2vlawVdtMW2YotTX3Q8noe rbt3qr5yjm8HSuErmJShnlO+UmVUwZf9y/vUVUkOa3UogpEmZ7EEWy3icGCL3sbR Xew7aWCTmz1T51vfdw+6V6gKRzCpdRZ4R7UYEb0rfAfUqS8+aw8xTpxRjjqkSGWr 8MiSXHLrDrkiaTDdPb/1KLKvls/1MWN2ZqYaarTMJz6icFzxvO7wDCox6mIHOOyG V8H2wOvBrlEpoIYmF+9EhYr0CQKvtOHy2O2K/7ILBXqyi9yqHDVRx4vqCMccIhhY xfg8obwTFUmtSOQZipRFhYQsBazV9+NNy+eZdYDMrWBPozHsfkXeU1FPlTQhDo3v 2tgMVIUCMTXZohBmbgXlsjxlbZE39K5nKF/RGup5o6TSHJ96yCUz+PAf3moAEcbw hYK5IVBdyIdf3q6v+Jeh4OSlgkjPOA9X3F0JnXSMLBjyoqhCwe4KcUz2JfY59YGy v/JpoAsrhxSe08ueKDZjWHZ/EkgN99Cgl2BVJbcqKp/O+5zIphnG8VXpEZBf3l96 sPslP+Je/nmfbseUGANUqLhhXTS+BFVPqPrsdby7uUbyaCXxsK/hK9ZpOtx5Lleu utffcwUtEMwgDJaumSYykWbRAgMBAAGjgcwwgckwCQYDVR0TBAIwADAdBgNVHQ4E FgQUK95NNdP0Tr2ExJ3h/riogEzhOJ8wSgYDVR0jBEMwQYAUFxVzj5IrwjjPjIaL g6am73MULLKhFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GCEQCbsUiwxeuOwEc8+g2d AuKTMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAvBgNVHREEKDAm giRva2NlcnQtZWMtcHJpbWUyNTZ2MS1yc2EtNDA5Ni1vay5wZW0wCgYIKoZIzj0E AwIDRwAwRAIgP3tPSwJW0Y89lfvC9j9ur4lQ5jiAN8LXScTaZ0cOSsECIH70X8nH 08LvcyRpOpWvu8rxmFpl+5S7H1SsYvc6QCFy -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-ec-secp384r1-ec-prime256v1-certonly.pem000066400000000000000000000014721474542230700262270ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIICNTCCAbqgAwIBAgIQaYaxvGvWuaH82HbUs1pbPjAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgwMloXDTIxMTIyMzIwMjgwMlow MzExMC8GA1UEAwwob2tjZXJ0LWVjLXNlY3AzODRyMS1lYy1wcmltZTI1NnYxLW9r LnBlbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBsca+R0FnPIXAUbUjOOJQYE Rjt/OE2+ggHBbS+C8nur+goH1gp+hToTNsLQC8vPBxhyhroSQM0dfpS49Onko6yj gdAwgc0wCQYDVR0TBAIwADAdBgNVHQ4EFgQUB1psApzLF5t2y3iSi88eo99FE3Uw SgYDVR0jBEMwQYAUkiG/rS2yZkcXxE6Ex8i2a/gBMKWhFqQUMBIxEDAOBgNVBAMM B3Rlc3QgQ0GCEQDCaFOYeWmr2hJO5gov6O37MBMGA1UdJQQMMAoGCCsGAQUFBwMB MAsGA1UdDwQEAwIFoDAzBgNVHREELDAqgihva2NlcnQtZWMtc2VjcDM4NHIxLWVj LXByaW1lMjU2djEtb2sucGVtMAoGCCqGSM49BAMCA2kAMGYCMQCViKjVDVTzDE3l ZK3mjKoLU6NceZTWZ1sn7Oe4KAjcXGKnVa0HfoFvGIPjt9rnvD0CMQCtSGKbsfeF +Se6nt4tBp0mFMuYBj0GmfjsyvmvuTCcP0TxUzvPE7mHfrAx3UVk6J8= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-ec-secp384r1-ec-secp384r1-certonly.pem000066400000000000000000000015331474542230700260410ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIICTjCCAdWgAwIBAgIQS+yPZGUK4ucv4+I1Fstx9TAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgwMloXDTIxMTIyMzIwMjgwMlow MjEwMC4GA1UEAwwnb2tjZXJ0LWVjLXNlY3AzODRyMS1lYy1zZWNwMzg0cjEtb2su cGVtMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEbXoDOpuVW4XSvptLvA1XRNsNolDg Gorh80TezkcSPncTgVLxxwyvKS0NwrmLHlVoCrcsx5urqFJiaRmieYwma1prupwp m8OJts72GsBxQgoGqbnZXqsCRw6BqC84hF+jo4HPMIHMMAkGA1UdEwQCMAAwHQYD VR0OBBYEFJdR7M+8vQYwIhYS5eGQZJwcHBlgMEoGA1UdIwRDMEGAFJIhv60tsmZH F8ROhMfItmv4ATCloRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghEAwmhTmHlpq9oS TuYKL+jt+zATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwMgYDVR0R BCswKYInb2tjZXJ0LWVjLXNlY3AzODRyMS1lYy1zZWNwMzg0cjEtb2sucGVtMAoG CCqGSM49BAMCA2cAMGQCMF4SvC7HQmL/9CBmDuUGZ3p5QDDv7Cz0tWc2k1Zf3NKy c0nrw33vzzs2NkrOHFXNRAIwD4bICxEHTTV4eVSkI/UPockGChCCnlATjGQyIyi5 WVZBm+m1451rSt5w9MnIwhBE -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-ec-secp384r1-ec-secp521r1-certonly.pem000066400000000000000000000016241474542230700260330ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIICdjCCAfygAwIBAgIRAKc2QK9WkyTyu1hNLBO/lhkwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MDNaFw0yMTEyMjMyMDI4MDNa MDIxMDAuBgNVBAMMJ29rY2VydC1lYy1zZWNwMzg0cjEtZWMtc2VjcDUyMXIxLW9r LnBlbTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEARua5giVgJfzsf4fAGH2gjCy Hi4+gNJsqKgS23Ux4r3tpC9LYXG75NVV+6avAxHSkeBj9kaekuBxSFXOpbvCTMbI AanL1v69WuLPRpKJkY6DI+BvLOT06UM3m2aQWpTbSQg4F/2QJ//XRbnVjJlDiLXq kU2kQ5RF0BDXTOb67UNzTV6Yo4HPMIHMMAkGA1UdEwQCMAAwHQYDVR0OBBYEFPbk 7bek6zKj/thhEtoy/HZmoGxwMEoGA1UdIwRDMEGAFJIhv60tsmZHF8ROhMfItmv4 ATCloRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghEAwmhTmHlpq9oSTuYKL+jt+zAT BgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwMgYDVR0RBCswKYInb2tj ZXJ0LWVjLXNlY3AzODRyMS1lYy1zZWNwNTIxcjEtb2sucGVtMAoGCCqGSM49BAMC A2gAMGUCMCdWpfE62Ra2aVNF0venVPhSalUVr87qOak2FBpDRpjxTGzXnQ3kXPe0 gF577Zrv1gIxAIhcOdGVtxTt+nU8XJTOshidpv/jB8yHkOPMkiWw7LwZ2GchbKcr eZ+KTDPATyELXA== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-ec-secp384r1-rsa-2048-certonly.pem000066400000000000000000000020761474542230700252030ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIC9jCCAnygAwIBAgIRAK4BGjn+1Ufq/4hsAYIKqaQwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MDNaFw0yMTEyMjMyMDI4MDNa MC4xLDAqBgNVBAMMI29rY2VydC1lYy1zZWNwMzg0cjEtcnNhLTIwNDgtb2sucGVt MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1L8uN8rGSPALnz1rCRAh PX4+rFN0bEXBvZgDXR+q02JnYFAabfW4un68xiw5ZIzQwI/8OO7firDasvbuspMy 5HLFldgPvvXpLBY/jP38MzvH885x/FcZZqJvXpHFrghDYRn9wM09NeUToiQSWRX7 4CxPFoJbjB3jJed+WcJgzzDn+KupK0EEXfWYDWBlmyGWKoi4DnFUPb8khO2YlqWw 9EGqu/mM7cSwxSOBMPFz7KALWQZ+sH5cdWoSDsFbs1CcSQYLDhVXT1pYfsfyrd1t UGXUo3FLPb8+/O/ljqcTEbOvY9uj2HEVdrWn+j0vv5NGtai+GJnB3dehDl/jCPRN AwIDAQABo4HLMIHIMAkGA1UdEwQCMAAwHQYDVR0OBBYEFFJeo7HBu86G08T5YIbo IZLxIBmQMEoGA1UdIwRDMEGAFJIhv60tsmZHF8ROhMfItmv4ATCloRakFDASMRAw DgYDVQQDDAd0ZXN0IENBghEAwmhTmHlpq9oSTuYKL+jt+zATBgNVHSUEDDAKBggr BgEFBQcDATALBgNVHQ8EBAMCBaAwLgYDVR0RBCcwJYIjb2tjZXJ0LWVjLXNlY3Az ODRyMS1yc2EtMjA0OC1vay5wZW0wCgYIKoZIzj0EAwIDaAAwZQIwMYToR55Xnk60 EXPajoxyQbiwG1mqsWGCmwfCixklJjIWrzeXAqIgLhIQEmju6e+KAjEA2ZrG3C/C shzL/hqj+PjaZV+H2AQ2VOMzG6xWymEuTP4OQTVBXDtUljHVAUt5XkFI -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-ec-secp384r1-rsa-3072-certonly.pem000066400000000000000000000023551474542230700252010ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDdTCCAvugAwIBAgIQPCWncP1c8f49L7kPYJCJZTAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgwNFoXDTIxMTIyMzIwMjgwNFow LjEsMCoGA1UEAwwjb2tjZXJ0LWVjLXNlY3AzODRyMS1yc2EtMzA3Mi1vay5wZW0w ggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDqOwL0kfhEs8ww9mpSmrt2 E3iRtol2FS8nlMDiO3k073lR1sFA6eIsxR9Is5Q0l+YPfl4+/wX3Q+TnT0QJae2H g1c6sO9AAwtBnlxRd4CSgz/6jZWYF7r7eknR+dA/yKV/COIHySIwdf/3tfpLqRxP 5S/ojaO0dSson+g1fsiIWeTivAlxljvQd4BwH9F7GXEnqM9+8F12pKwOxB2upwbx Fkvi3uznyF/v0hKPcpWSO9OiDC0Op/rH4RCWMFwjyIVdYFA6Q8p82ZN/UWBy/XUQ Vr/VFTIogYGBodWEEgzm3ZPkI7/9hiMy0jzELu7aUXo7Jrr6KoXA565aKK/YcomI YKfhfX3nsNRFHySL3eZrrI4cx4TR3WjI+MMmAn6vE2ZoNnhPNw/a7N8ZEII+k66t sgmHYo3ofbCzTN3JcOY3tT9T++u6DTGEh4L8jtAkHYRvL3VUXOe2CJMo1MYYcbqT yshC3g7fbaEyHGNSUQoIa0ddd7BWKJiHNTS2/qISOlUCAwEAAaOByzCByDAJBgNV HRMEAjAAMB0GA1UdDgQWBBRPdj4xkRjwMJh9VqaurnX998YonDBKBgNVHSMEQzBB gBSSIb+tLbJmRxfEToTHyLZr+AEwpaEWpBQwEjEQMA4GA1UEAwwHdGVzdCBDQYIR AMJoU5h5aavaEk7mCi/o7fswEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQD AgWgMC4GA1UdEQQnMCWCI29rY2VydC1lYy1zZWNwMzg0cjEtcnNhLTMwNzItb2su cGVtMAoGCCqGSM49BAMCA2gAMGUCMQDxm45t5Xy8VQps1B3xQN8s19fTJ+z0EyjF CUjmUNBnxOwfB824fQdWLj/iw3KD92ECMDFJeFhi9C6ehD0bXzI6oLJy43IhdtPR FAxfcHNWpEUdlnOiD9SueII4iLtHCAilzg== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-ec-secp384r1-rsa-4096-certonly.pem000066400000000000000000000026341474542230700252100ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIID9jCCA3ygAwIBAgIRAKO7eZ7MN3gZfUS95Ax9/tcwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MDVaFw0yMTEyMjMyMDI4MDVa MC4xLDAqBgNVBAMMI29rY2VydC1lYy1zZWNwMzg0cjEtcnNhLTQwOTYtb2sucGVt MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw0lTJ5k+J4hdXB9OoDxq 523vwE44/Sp5W0PF8ST/s59JTsUWJg+pNRsThWjdmWf4gAqqfU6DunenbiaGiXZp V/TDijnLNQP2qaIxotMXya41d+Wc2yYBlNWOjxBVCBtAMTdh1ZJTynI01SBz1H3K PTYe+BDM+OUP0Y9L+HB8nGhDrGRr1GIl9tOY/8Y+km2c5x/JMzSALiloVdVF/xDI 34zK7eHNyrjS3dIUhInLfKS3MxiOTCzlm0DYi4RqkXGaiohXZLIbUk64MrggpRQk CTrj+82nwaSsEqMgg/j5O4yU6Bsw+OGKflNB3vQcIrH5joiwIDnrtlLV04m2MTY5 neliES1chXJtnljYEfsZKcTpSWKSwhPGk9QdCVhKR4un/EKGP521vHkY+EhLp1jF 3yGVsbWBpqjoii3JP1wNjEoMNYLYZpmVRkDvxE3aG7bHuo9cKULD6XjXKCsP9J9i ND6yKugMiL1ZQwksSNFxacdxJ3L363YeK2g3+TqmovDzj1kPSX4NfzjA+GrHeNLi XpeXXOa3Qtjneascg/Rf+XJ5a5ekWOMPnsgJZPTAmc5UqDiMWL5jIKdGUUE+nSM3 CLcHwpafSWyjpjAzN1iMjh3zM363/GRg3yfo8D3mQJoc4I9ScIebtr7teOBJTBr1 JRasS/RtgQ30+YPCFL9x9oECAwEAAaOByzCByDAJBgNVHRMEAjAAMB0GA1UdDgQW BBROu+H2CDhlBJeRJYN20fO8PXBfYjBKBgNVHSMEQzBBgBSSIb+tLbJmRxfEToTH yLZr+AEwpaEWpBQwEjEQMA4GA1UEAwwHdGVzdCBDQYIRAMJoU5h5aavaEk7mCi/o 7fswEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMC4GA1UdEQQnMCWC I29rY2VydC1lYy1zZWNwMzg0cjEtcnNhLTQwOTYtb2sucGVtMAoGCCqGSM49BAMC A2gAMGUCMHCW71AEaNY24Jq2Q08G2BpW9UZWbCfK/B5vJqS66o8J7CvyofXvVKdS s24AIT5SDwIxAJmMEeeMnzNWQa+wIwgZ1hzXXQNl+oGO7ijVTkUbZDSlfSW/37jD s9ty6LvSxbgkvw== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-ec-secp521r1-ec-prime256v1-certonly.pem000066400000000000000000000015531474542230700262200ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIICWDCCAbqgAwIBAgIQd56yrtk2X1xwMQ53h4tnhDAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgwNloXDTIxMTIyMzIwMjgwNlow MzExMC8GA1UEAwwob2tjZXJ0LWVjLXNlY3A1MjFyMS1lYy1wcmltZTI1NnYxLW9r LnBlbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIVFAUuUbWQ+ZbH8i2tXxN2D cbbOp5tJmg6qn2AFYS5u0dBgBM0esvuhpJRADHuR79B7U7vRo4P9jzUbb16UDgmj gdAwgc0wCQYDVR0TBAIwADAdBgNVHQ4EFgQUWkovL9JhOtJh9k/yfysy5EjO0qMw SgYDVR0jBEMwQYAUGUsTsHPvhQaORNBD7D2NcUAM2syhFqQUMBIxEDAOBgNVBAMM B3Rlc3QgQ0GCEQCRhJfPqHZ7FzFlCC5+cIAUMBMGA1UdJQQMMAoGCCsGAQUFBwMB MAsGA1UdDwQEAwIFoDAzBgNVHREELDAqgihva2NlcnQtZWMtc2VjcDUyMXIxLWVj LXByaW1lMjU2djEtb2sucGVtMAoGCCqGSM49BAMCA4GLADCBhwJCAPLEfzp4AhEf sUIAtW3P52kj7JYIWxlC9wgyx/s9DAIcMtBQNM6eGWi2LdhEuSmYn1P10iXuuu5X wQ53Co1Ah8LXAkE8HelZmbo5O4MkwVLFY09IVV5a6YtlaiqqtutVMd+Z34D8o5WV IcXLFAa36OQdVUtt4m+jfZvEt0dDqX3Nat6JeQ== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-ec-secp521r1-ec-secp384r1-certonly.pem000066400000000000000000000016201474542230700260270ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIICczCCAdWgAwIBAgIQGNC0lQuyynvtFtRqGHyuFDAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgwNloXDTIxMTIyMzIwMjgwNlow MjEwMC4GA1UEAwwnb2tjZXJ0LWVjLXNlY3A1MjFyMS1lYy1zZWNwMzg0cjEtb2su cGVtMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEuQX3xgxyQREXf2XPWl/NHxNXm2Pc 76QsVzl9qUd33rZjTUnHcaY9XjymGfJ+h4VhD9MU5ez3zaea8kk8vK0eehnn+DwA q+BlFfkie/Er1sv0hCfpZG1TfOUcsuoTZAl2o4HPMIHMMAkGA1UdEwQCMAAwHQYD VR0OBBYEFJt1M3dI66rls5uhJyx6UuoR7dHpMEoGA1UdIwRDMEGAFBlLE7Bz74UG jkTQQ+w9jXFADNrMoRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghEAkYSXz6h2excx ZQgufnCAFDATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwMgYDVR0R BCswKYInb2tjZXJ0LWVjLXNlY3A1MjFyMS1lYy1zZWNwMzg0cjEtb2sucGVtMAoG CCqGSM49BAMCA4GLADCBhwJCASDiWIhfaj1Wwk6auxdylurRFoHV36/dMi90E8dN pcF9bV9Pu3JGH3McU5Mz72NDGzIiSDlbhM7+x6drYAXwFK03AkEQtxEXUXaAu7/R 55zWzDjQnC1T/cnJ+1VoA9ZlBpdXMPeGVYiboQBqqauRsyBoRtR/9OgpzknL3RVU JhtH3tSH0g== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-ec-secp521r1-ec-secp521r1-certonly.pem000066400000000000000000000017041474542230700260230ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIICmjCCAfugAwIBAgIQN7I/2fhiuLKPbvjNGpQhiTAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgwNloXDTIxMTIyMzIwMjgwNlow MjEwMC4GA1UEAwwnb2tjZXJ0LWVjLXNlY3A1MjFyMS1lYy1zZWNwNTIxcjEtb2su cGVtMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAwbzVc10QB+Nll6xa3gi2eWP7 DoQosxjalRryQnXXRKAeo07k+rLJgvr320B7SEHqEhjDcLtPVcw9wW3Q9aY2JDEA CqCan9IEZdMZ3TBmqYWROvRJxQTDXKTa20MrV0WPatJK/msvitKEqfswfND72AR+ kFHwQ7zl4HqXrjn2wGFz+5qjgc8wgcwwCQYDVR0TBAIwADAdBgNVHQ4EFgQUpSSw YQl/Si2z+MnJm+uxr83VeZcwSgYDVR0jBEMwQYAUGUsTsHPvhQaORNBD7D2NcUAM 2syhFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GCEQCRhJfPqHZ7FzFlCC5+cIAUMBMG A1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAyBgNVHREEKzApgidva2Nl cnQtZWMtc2VjcDUyMXIxLWVjLXNlY3A1MjFyMS1vay5wZW0wCgYIKoZIzj0EAwID gYwAMIGIAkIBFpGaSW2uq8sJHNeYoHygT9lpqWtF4Mh5ntbZayum6V02J2voP26l A20Y+p38dEYHKFpI2BkTyGDtuvjJa01Q3u4CQgEyEDqAKqRYCrSqLiR0XZ1xeDPp 6D4NnCMaeys31+RM7wLfcaJ/rRwNxqIiz3G1tc/FYwbv6JMJvsfv1D2HO3Wb2g== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-ec-secp521r1-rsa-2048-certonly.pem000066400000000000000000000021631474542230700251710ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDGzCCAnygAwIBAgIRANYTBdxtX4LBZQazmP9SZI8wCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MDZaFw0yMTEyMjMyMDI4MDZa MC4xLDAqBgNVBAMMI29rY2VydC1lYy1zZWNwNTIxcjEtcnNhLTIwNDgtb2sucGVt MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2me4q33kTTbdxFK1LKc +AOoXF+WK9xzoQw4B3Gm+X5SnYkLUqCjbSMJuUboqDlwnD/CdNlh49sIpgOb6avV CCo9bZyoNbQcPb9I8FLD9wIp3wlqjy/i1/6dOhgxQoh1XSr8rI75dkJAXcCL9inq fQbblDn1q1QYNWmFPjrMyDyhU0+JshWIX85FtfiC8hDtX7agLTKaL3pTZbJ8By4m aJhHP0Alr8MmBfMEv5tkQUj2NoU00zWVBjjDgoJdiLNe7Lc/Jtuk18hfYHvCAcLe YFszztoTgnPsOEgecHpWLspRv1vNMGnKmaYbA7y6s1PkDsptHWhs2ArnLrYplYIR iwIDAQABo4HLMIHIMAkGA1UdEwQCMAAwHQYDVR0OBBYEFKCqBl7Lu6pUBu4e1sJX z/kMYlfKMEoGA1UdIwRDMEGAFBlLE7Bz74UGjkTQQ+w9jXFADNrMoRakFDASMRAw DgYDVQQDDAd0ZXN0IENBghEAkYSXz6h2excxZQgufnCAFDATBgNVHSUEDDAKBggr BgEFBQcDATALBgNVHQ8EBAMCBaAwLgYDVR0RBCcwJYIjb2tjZXJ0LWVjLXNlY3A1 MjFyMS1yc2EtMjA0OC1vay5wZW0wCgYIKoZIzj0EAwIDgYwAMIGIAkIBcmp5tGf+ sD9Su57KOClfcy/+L6LvzizGexTmQY0gSjOnRvC/siB7GtCexqOa5vDeUaktKupw eLtTTeu6cl/oZzECQgFzeW7vA3zYIOm3rcihs23lacv5IfTR1tt7K3cJJRlUPael 8Nh0jwAIn+xDn7pfjZ6Ub//blEc2K7C9DsNF4Qu10g== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-ec-secp521r1-rsa-3072-certonly.pem000066400000000000000000000024361474542230700251720ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDmjCCAvygAwIBAgIRAN4x3RRHdg/kM0HReLpD2FMwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MDdaFw0yMTEyMjMyMDI4MDda MC4xLDAqBgNVBAMMI29rY2VydC1lYy1zZWNwNTIxcjEtcnNhLTMwNzItb2sucGVt MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEArJ380K+CaNknZafn6DGX UQmSRA6hnIbjmaD5Q9cVyC98eh0xmCpEHhONsjU+WuXBEgUIKkulYTyIz88tz4Hv 7NULLsTCx6Joeyn2ckC3fmcBl3RfzEwAiuONR3VV9UED0eVcUJ+bpVh+PicCMojN Pu32hhSggjS2bht/gkB36Nj48Pp1Q0WCj6fuHpRUhw/ddxmeAIQuVC5sV55uW4of EPsZRrOk+FiyqPviDZJR3zC0lisaor0Xku5gZhXRGr252Ir5srfzJo9pXrOvPD52 Ed/JML8W5CLMhKSn6qysD4eJCrFq0TpVFPhgFXDx1lvV8g7q774H0WPYna1odu4D tYuKkpMMpENFwBrulHp/3MI2Q7TlGJs83KMJLnkmI/d4lxs9+L+moM286iU5i40z 4q5lavcfFH2u1/+bFRlU6mjyggtSnHgKI1v5KYzcGyPxYfn5g8LhzM5t+0D2oTIa IgOPjpCTcouYb4LQAMf+DlE6/PcbaVa0SwYlmDerpRuNAgMBAAGjgcswgcgwCQYD VR0TBAIwADAdBgNVHQ4EFgQUh6ABNy9ruD/Md1Rct0klLhsseMgwSgYDVR0jBEMw QYAUGUsTsHPvhQaORNBD7D2NcUAM2syhFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GC EQCRhJfPqHZ7FzFlCC5+cIAUMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQE AwIFoDAuBgNVHREEJzAlgiNva2NlcnQtZWMtc2VjcDUyMXIxLXJzYS0zMDcyLW9r LnBlbTAKBggqhkjOPQQDAgOBiwAwgYcCQgF+SLTz5RD7W8y0F+0zvoiHYW3qZl3q nbxeUkQSXNPfpucDhPnXG52+XOqWf/53nqdx5QD8UtmJZzjBC8+vxB/TWAJBbWZS IGomafvFwGlynAifuYqsCrWpoyRgZTJiZoTgkIbnZWLuO33XvCHm/ZkfZ6PtAjOv KlJUdHsgwip0WngiICY= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-ec-secp521r1-rsa-4096-certonly.pem000066400000000000000000000027141474542230700252000ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIEGzCCA3ygAwIBAgIRAIVJzcYfv2K3PzhyPISWm2gwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MTdaFw0yMTEyMjMyMDI4MTda MC4xLDAqBgNVBAMMI29rY2VydC1lYy1zZWNwNTIxcjEtcnNhLTQwOTYtb2sucGVt MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0dz91Jeq69Thu+sTvCDJ eOP0vyISujHaYdam77E3sgg9tn9YnHPjd4yPSKIT/iPPExA2BC2QKfIIk6HC6VGu wq3jdjwkii9HgfofDbKzFJNukc+o8zcmi4CqjutoTrNvOIIXuqMormaqKZqVOeB6 MbxA6Gfl3w7nw5tlJqMCWTI3/qV/+NzqLUEnS8iV7a5cGwy9Qucz0ooGjF/JFJwK 5kxqnhHRBTIyNSjMxWTI9rOwGv9vUOi9HopfE9gFmNZyWmfknyv81wWrHAid4IH4 Dovvtcy2bScFEWJxrZiqXJd7WTlWWTQTz9CjNOA4gIgQsfSr9mFE3AxLBQX5Bw4/ Oci5TgZw3Gonm5mvQOOlCvdXtYGEUlK5NYilf9UpueFYPAA0c8bhEkMicvOJyUs2 250Ej9n5g7n8QtSJHNYFd/WEPQiiZ2hgvvKdNAlAjeyKeMNttF+SwjnkdbXFmnzf s0cn1NDNosz4KB+Key1ZXm20YlcHt3Apjz5a734V3ZRQkZiT0PCSpBTWXf3qGZH1 fejc7U40WzAZ4SHE1bUZE2VoFFnPtAsCww1m3pF09QZEpyCfnLCtEwZm6XlSFFoK bXG0oJHzpe3+4ct3REYj3rtg1FhsF7Ozo08NCoy6NwvgDGtRcsuIIUT6AXnEBdRS NaXl9Q5nzJZ+0dF4ufTjReUCAwEAAaOByzCByDAJBgNVHRMEAjAAMB0GA1UdDgQW BBTdCewn3G8tQUyXp1xYvZV234y00TBKBgNVHSMEQzBBgBQZSxOwc++FBo5E0EPs PY1xQAzazKEWpBQwEjEQMA4GA1UEAwwHdGVzdCBDQYIRAJGEl8+odnsXMWUILn5w gBQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMC4GA1UdEQQnMCWC I29rY2VydC1lYy1zZWNwNTIxcjEtcnNhLTQwOTYtb2sucGVtMAoGCCqGSM49BAMC A4GMADCBiAJCAU6iAC6rYgk0b/iCiJyZh/xWT4Gj2LuRJLCxlfC4GVAHS1NzJoDa MNR/ILlJORlNt5Jjyc0Rm/A8vFghmTPqjpGDAkIBlpNBA4U4svrJx9yq0jT5AFZu 2UGIJmjWls7iyYtu5FP6bCQYQsgr0p5Aqp87LnzqpF+2E27nQfeRiiiZYM3zhkc= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-rsa-2048-ec-prime256v1-certonly.pem000066400000000000000000000020121474542230700253550ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIICzTCCAbWgAwIBAgIRALHEA5nqMBBKP9a5RXk0e04wDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MThaFw0yMTEyMjMyMDI4 MThaMC8xLTArBgNVBAMMJG9rY2VydC1yc2EtMjA0OC1lYy1wcmltZTI1NnYxLW9r LnBlbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLIpPMhIefYAdHpjJPZRg5nI Be7NlShCWGPydCLrIELQZ2jvN01ujE7SSrj/0lCXGqQxliNODIyHXXzSGWmwrX+j gcswgcgwCQYDVR0TBAIwADAdBgNVHQ4EFgQUtMTW16ktCJhaQWtp0sxFGctsDSkw SQYDVR0jBEIwQIAUFt5bjqQxDQge72iW/q6fPpoOpdmhFqQUMBIxEDAOBgNVBAMM B3Rlc3QgQ0GCEAiMt1AzxQpOzveutUW9yg0wEwYDVR0lBAwwCgYIKwYBBQUHAwEw CwYDVR0PBAQDAgWgMC8GA1UdEQQoMCaCJG9rY2VydC1yc2EtMjA0OC1lYy1wcmlt ZTI1NnYxLW9rLnBlbTANBgkqhkiG9w0BAQsFAAOCAQEARB7Nxhusu2lU25YWA6DU YgSJM4/IARnRvAWEFkhfGWIZ8aAIVTplXF3RIOBmgG0PSfTVJ+PNqfAZPQcVeo67 Pipmjom7hgrLvpAgDkuFhl9pVilsRXWZ3uBW55W2JvR1OhQj19r2Vo1VJdUaB3kr ORAPqdSs4dHofcqhEFN6Zn/yYteW8bDqRzcdtY4dJLSvaaBWjVwtXemAhzVZNlV2 6ZxqAa7i6URqe4y2bOjmotHb8fpxfj3zQloudECcGYvtfpsV2hytTq0g9swCkjbx s2y/lm5m9C7QHk1uonCUk8iFlgt+C9DAw6itVKwdJOIP5AKtGAqAs3RVbYIOJVOi 6w== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-rsa-2048-ec-secp384r1-certonly.pem000066400000000000000000000020521474542230700251750ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIC5zCCAc+gAwIBAgIQfuyr6K72nDhEQFLzarZkajANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgxOFoXDTIxMTIyMzIwMjgx OFowLjEsMCoGA1UEAwwjb2tjZXJ0LXJzYS0yMDQ4LWVjLXNlY3AzODRyMS1vay5w ZW0wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATW7dehKbbMKnBktR+E1z/iD/TAKILB cXLSwr9WpC2XMYTCn61Ak0r54hETURdReaTdGVpR3YuBBKuiQTRYhtj61u6PQOhA 3i1vTaEpD4vN+PB5bYNDQmtVGfMi8SoELoGjgcowgccwCQYDVR0TBAIwADAdBgNV HQ4EFgQUJz6V+Q+jtsTM1dqwH41UbgnIOq8wSQYDVR0jBEIwQIAUFt5bjqQxDQge 72iW/q6fPpoOpdmhFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GCEAiMt1AzxQpOzveu tUW9yg0wEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMC4GA1UdEQQn MCWCI29rY2VydC1yc2EtMjA0OC1lYy1zZWNwMzg0cjEtb2sucGVtMA0GCSqGSIb3 DQEBCwUAA4IBAQAaksYfMxpVsQsH6amDyFejG857np6ju0dY14atF7dGMIExE45O xeNxvB6u0EH8BQ1yAipw7js6Rq2gXkKRpmfCIOyx3lDv1uVQXwTtXdErVCl0dWU+ Ax9F6tMcnOr+IyOrswLCV2ArAgIsEetO39zIY6W2Nmx7ysqTbd40XdrqQuVGuAgY o2RgFmwC4vDjtZbEhfRiXe7ozphVJYDLNbguVqtI9GPGFd8yPCfUHJdn5t28Ekyu w1JLUP96LP/7sSneCPe5nvjkOyJ8bq7rVkifHc5qN/JapI7Ht0hhxrd5FW2jHc/6 0s/9FI1oLaeocrqYqJ8WMfqlN7MSEEaB1//X -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-rsa-2048-ec-secp521r1-certonly.pem000066400000000000000000000021371474542230700251720ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDDjCCAfagAwIBAgIRAIArBZDYz3yGwi84Rv4vHI0wDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MThaFw0yMTEyMjMyMDI4 MThaMC4xLDAqBgNVBAMMI29rY2VydC1yc2EtMjA0OC1lYy1zZWNwNTIxcjEtb2su cGVtMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBvms2iQvkyGS3sH2DPJNJ85dF BH9h4zImaU1UFphRU06y1ufDNsuvBd23O0U5x1+4g3bZx3oUTqJfDx81T8LCYaIA 6f8LFJzS3QrYZYoY2nVYiRbdcSOrMIOueoT7Z513/9wvbWPAyrEwRLHcrfZjXvdl QwqHKYLeclO3i7T8TDrlaKejgcowgccwCQYDVR0TBAIwADAdBgNVHQ4EFgQUbL4V 0oy1mXTOb46Hl68rqGa0OHcwSQYDVR0jBEIwQIAUFt5bjqQxDQge72iW/q6fPpoO pdmhFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GCEAiMt1AzxQpOzveutUW9yg0wEwYD VR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMC4GA1UdEQQnMCWCI29rY2Vy dC1yc2EtMjA0OC1lYy1zZWNwNTIxcjEtb2sucGVtMA0GCSqGSIb3DQEBCwUAA4IB AQAWLxhTa2hslgxyvbA/PpWCnC5PBysK3FdcuwXCkwC0vBkGXEfn3rpL1AZ22cER aS3qP5ztJ2Ov6RLaTxhSJ4nTy4dgRgCl6Z/DzKCf8UYok7fcO473qBaisRtuNjCT e9zRoYwHjVZG0YKga9XU2uZLbPlVl371FFpXRq0KOD5GpUH9QHUVmhX01nG3DtTi Hsvi/dSjAa5QDNdMdsJe5wjNzZX/WwZxrYyyheMxepLcE/rKgobt+BdTx5ALsEKK /dCvxq/9TUjQmx9OpdZBBe/67dUwavUZEfrE4AD1oKdE1Zat44r9Rylj3TAArtGv GXi9UtiAXclM37U8mXQa7l5f -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-rsa-2048-rsa-2048-certonly.pem000066400000000000000000000024161474542230700243400ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIQcQRYVLFI9fFJHvYt3xZyLzANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgxOVoXDTIxMTIyMzIwMjgx OVowKjEoMCYGA1UEAwwfb2tjZXJ0LXJzYS0yMDQ4LXJzYS0yMDQ4LW9rLnBlbTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALbPzSDfKCy9W/4xBRcI3zrc ZG0egf42lQx/sFuoqFQ8SskFljJMQG8DrdmDFUVYEzGLOyWv3Q4BMUj8TiJUqNAj MlZmeCPNHDVDW+AId5AXkTjYSzGSD/PhH8bevydTjmwbfAJA5U0oV17XxilVMaQe Cdp9FMYSfeDP7aC9T/z2wnATO8aw3/qCOdI9E1L7kQK4K4ew4DmlQtOSuC4N6fyL RsubP8Z6ZuFpFsxX/DonIArucciCKNdHvUaGQpcTBpyR8dFOHnVVMjmVXhKRhR6+ kZ0Q3qPlrZzORJGHJ2GLqZDbGUGofYfVjpbPVMKfkYqQQDOuqwloldyzmroDD6UC AwEAAaOBxjCBwzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQSfVo0s6+gfu9UyKllW+1S woxAeDBJBgNVHSMEQjBAgBQW3luOpDENCB7vaJb+rp8+mg6l2aEWpBQwEjEQMA4G A1UEAwwHdGVzdCBDQYIQCIy3UDPFCk7O9661Rb3KDTATBgNVHSUEDDAKBggrBgEF BQcDATALBgNVHQ8EBAMCBaAwKgYDVR0RBCMwIYIfb2tjZXJ0LXJzYS0yMDQ4LXJz YS0yMDQ4LW9rLnBlbTANBgkqhkiG9w0BAQsFAAOCAQEACv1Ua6/EysnUV4/wv8ie CtZ5bTmczFEctPEdGY/N5WMzm/MZp4Xqq9Fi5fgoKJiU80B6wOxC+QbkNB9Cvtvl L+s7AGrnDkAilwMUmt+paxyfqHlQu0/nQdRSsjtq8ajCB4z4yiIYQK6naGbizT/y OtK82RgYXNqwRcalyH0AdAN0CI/yf5Qi47dz74GWIjgn8wnPPC3FHGr5ODIn+AAe i3ULHs89ol5uxyDcK1YNlyT/iec0gfeHImlmNYIIdaLiivO7BI79+wr9njILRNaQ 0UKe6yxr71NUXkY7NGDXcRIxoA5fM4eGisl5fjA9hyKphBf3ecl+8eAUPE0d8cKq hw== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-rsa-2048-rsa-3072-certonly.pem000066400000000000000000000026701474542230700243400ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIEDTCCAvWgAwIBAgIQUdzCTF9A3lsbuI9k1zkilDANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgyMloXDTIxMTIyMzIwMjgy MlowKjEoMCYGA1UEAwwfb2tjZXJ0LXJzYS0yMDQ4LXJzYS0zMDcyLW9rLnBlbTCC AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMn9Mr2t7wg1acGfGt47Dfwv nBsJrDLnDSOn+A3YneG319fVblBrTRYd3fjTi/aS5n20rUIR7FS2j17I8tgyroii 0SUAn1h1mOUUISKJ7u6Qj5P1vZ/AhWYhPzCniSMj8Vc2dR6ZDwMNGnSmtrT9/1Ur mKIAyPiIYKdBFLTnLSj9mwCjNC58LCvffZwGEemZT1RYH96Ga9qvfYWyM6koayCF itJky9a813YawLdBCRKBCQUagsrO/LIdN2eM7X4+HRPCDNz2cHdETIipgcjzzhbm gEgBwkQUA04ytjyn2Fnfc7BofEA6fIAwn2IJSoj6LDF0wFZ0CloFmnlckEXcJkB0 H8P1JMg28C7aboIOppEbDIw3ReNAdHYu0bYXPqs2Em60IIVN2cgxSc/H1sMC3HHO mYdjGJkfAspGZonMqOe8+XZDiNIrjcP89C3tQJMLwlB+ftK5OB0Er6C2N6cR/cyB zRZixY57KfyOr5GDmOhwjPY7V52l5Ql5YmB8qS0fDwIDAQABo4HGMIHDMAkGA1Ud EwQCMAAwHQYDVR0OBBYEFKLEDaNqKHUuK2FaHZLJGQLfM7rZMEkGA1UdIwRCMECA FBbeW46kMQ0IHu9olv6unz6aDqXZoRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghAI jLdQM8UKTs73rrVFvcoNMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIF oDAqBgNVHREEIzAhgh9va2NlcnQtcnNhLTIwNDgtcnNhLTMwNzItb2sucGVtMA0G CSqGSIb3DQEBCwUAA4IBAQB+s1NWYn5bH/yTiXnm1tQ8Ma9q5U41qcEqfBQZy39j WO/MtdVRLYqxgWnjJClfIxY0OS9auAX6AmRQ6LOEZnrAE+3wVoErIRGUzGwgl/ds JMzeY9+gozQbHuHxQSISV5NVldcXAi8WMUmboQzOLb83VF0BQSz9LIGvygpXOfxd 04NiKN4nhjxxwDs2LHORfTlZQG0JzBzSHXcbLKB3B9pfgmH6EaouUPkMpe228JH1 R3DV2cBMTlYk9amLxL0cuEIdzAU7k9czmIsYTm116KDP9canW8IGqKNJEagfixvz 51TEcn5R7nsgWPCQ07hXLO99QF4y0fAX1R5BGUbfVPQF -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-rsa-2048-rsa-4096-certonly.pem000066400000000000000000000031471474542230700243470ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIEjjCCA3agAwIBAgIRAPSDBF+PzAUYY7hO5+RGWOQwDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MjNaFw0yMTEyMjMyMDI4 MjNaMCoxKDAmBgNVBAMMH29rY2VydC1yc2EtMjA0OC1yc2EtNDA5Ni1vay5wZW0w ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDpH/u1d2MgbwSoiX8j+EvO OO9GXtnqQRLPMazD2/6kT9xzCF6UcQUBn9XEfywGNIqUtp4uxfG2Squzox1b9GHV aVUWicBzH8VwiNMuHgtM0qySLYz9uraJUEdatpq1mrLNBrD/3gjcG3elK9noQWwM sEl6CUMjhtuT0H8PKG4r0NjfA+1d4280PI0HvcUwNdQgtGtGrdppCsakQt4Ov29l xcrOQBAig5dFOIqI4DGZysA/tOzDWC0rTbfw3+ZEjVMgrvS9BS3qdsDlz+eKewgr pVqvTPsKVh295tnUentSCS+O6NXPP0ei/yTB+1guE/aUm+BQ+JtOiInc8R3yLguV x+vFbfHSCpTnELNJZLEs/9NbvCDQBHuHrp7fL50yd51M1dBjn2uER7wJl60X55i0 1Rpr3a+kq823yPcGrjTKSCuPR/PlYBoc7YXCG9NjzCYyMDPJX9812UsKWOyrE/PW /upsoOpGeerYJCc4/4BrjlgLX3qe4odXBcFsVSnWwZFjXENClKnUpOO3BOJ02NBi v0Prhl0hDIcCoFh8zem1XRyDmv84d4vfJdewqc7wDrOB7mMHYHiJm6ZOXPUVq83l Kkj8wsNfzWH+6eLfFgbHN2v0JMmAMVtgIXwJgKDE6tP/bxacOlQlxmqBGCkKAItD G4z/R3iYzPZIJFMTYgxvXQIDAQABo4HGMIHDMAkGA1UdEwQCMAAwHQYDVR0OBBYE FCiPNtyDV+DeOUNjQ3lhpFpeVl+VMEkGA1UdIwRCMECAFBbeW46kMQ0IHu9olv6u nz6aDqXZoRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghAIjLdQM8UKTs73rrVFvcoN MBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAqBgNVHREEIzAhgh9v a2NlcnQtcnNhLTIwNDgtcnNhLTQwOTYtb2sucGVtMA0GCSqGSIb3DQEBCwUAA4IB AQBpF9Ljx2mgQWACynjLqjRtzTzqGqbXzwZvqk+0dSMPtHEIlfVuapDwc2Hv3Tug U6Zx35UU2rls/N0Vz+9nPqSYwYZ5yMCVFdU2URV6jwAzSTYfw3DzZlam6AGvgHvF Sp0eV5Nk0df0U141grFMjqX2HY2rluG/FpksI68pHrd7CKHiFMImViQXUETXGFKM hI0clGR9xMI1B2ZsglFTG0OwjglzFADz2kCkG7AxqahBpQOvwLuknqzVgbE1Azwt 1oO7yH7cV8Q7lVc/CpF981LQQdXIm8UYb9qrgiWRVucwfw5vwz2iNeVSO1jx+dc2 15bCXXnP/mJ6RxHJduMloT21 -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-rsa-3072-ec-prime256v1-certonly.pem000066400000000000000000000022641474542230700253640ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDTDCCAbSgAwIBAgIQf+qas6zNGvCZvOl1yh/XDzANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgyNFoXDTIxMTIyMzIwMjgy NFowLzEtMCsGA1UEAwwkb2tjZXJ0LXJzYS0zMDcyLWVjLXByaW1lMjU2djEtb2su cGVtMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELUWACVZUsPni1vtwD1DUjT9q Y9stpsxsqVLlArwNObGHQf0NACGKHGK9emSncHfxuvL9JUt55IPpV3FLB39yJqOB yzCByDAJBgNVHRMEAjAAMB0GA1UdDgQWBBTbtLoDcdvqUQaRJT+ZT2MysFTu7zBJ BgNVHSMEQjBAgBT8aD2XTdlAU46ZNYD4EEuzVzqNPaEWpBQwEjEQMA4GA1UEAwwH dGVzdCBDQYIQORuVDK59VgtfUDXzQKwdWjATBgNVHSUEDDAKBggrBgEFBQcDATAL BgNVHQ8EBAMCBaAwLwYDVR0RBCgwJoIkb2tjZXJ0LXJzYS0zMDcyLWVjLXByaW1l MjU2djEtb2sucGVtMA0GCSqGSIb3DQEBCwUAA4IBgQCBBGqJyO3ux+72VSCe0HTP /D5ljJIOO6TZTrzh22EHfUPkOEXc7D+306PNpiokfee2el4E35o6qNZIHzhs011P XXPN/C6bpthMiJqPKO3Rlmeu3ULR4L+XbiRkeQzOFS1AtEsDyfvGve+WwHDvEvtb PVwwXAcOV7S5WT3txJLBcR0F74unB/kJ8eyCbJgR4RalfBzs9JD79eGSJ44y+VMv nCXcF5nzd/wp6xKoYGAmuXcNqLltArqA+zGeXQY1hMNV/zEGxVgo4SZa/SNmML84 Z2F3SToe5ff6ciYMDcx0utUNCELu58xUvqRqh1ctLWn4OVgeP2Kpu57Rx0Ty3kFA u/g5B2S3RBv0G0nNXc4cDuuRVCpax2O/2Xfp+smtv91oAdPP66D1oymIkzNHtNY+ wG+L/KIlt5sdaCIp7pjLMeC0dQr4tDr3G6gcWkHUQTKqy6NtCqqWRDxeAsUXK66v zUgq+Zkj919kEWhWPP+c7YMhJismKrvvxJlL7d4vGWw= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-rsa-3072-ec-secp384r1-certonly.pem000066400000000000000000000023311474542230700251730ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDaDCCAdCgAwIBAgIRALhkK1Vf/37gc1FeyH+Weu4wDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MjRaFw0yMTEyMjMyMDI4 MjRaMC4xLDAqBgNVBAMMI29rY2VydC1yc2EtMzA3Mi1lYy1zZWNwMzg0cjEtb2su cGVtMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEho8pYwM38NIMt8vJR3nPedS7WiSH 60Ne8rL6TIVsx49VNyILhJfbgncRibwh65T8wt8awVNqh7H1o5Dmi5MDPTovTfOG Hc9Ieo+wZ/LUPozpC7sXHhreTue7oRE29D7Jo4HKMIHHMAkGA1UdEwQCMAAwHQYD VR0OBBYEFPi3UZtfQGhOPh+xCKhgaPh5aA/JMEkGA1UdIwRCMECAFPxoPZdN2UBT jpk1gPgQS7NXOo09oRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghA5G5UMrn1WC19Q NfNArB1aMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAuBgNVHREE JzAlgiNva2NlcnQtcnNhLTMwNzItZWMtc2VjcDM4NHIxLW9rLnBlbTANBgkqhkiG 9w0BAQsFAAOCAYEAapy3GwRmzP9ZyuSy67xjZfM8Qrxljqo8fgSG48AZgOSyL8SD uHliR+iJylLDpp+VlSlYu3MyrwRbwo9H7MYRdRMURTfuBERKNyAnhkvFFAwYfxTI dJ+1P8BeiyiPaDHpV0NZYR/D+iQ/AAQrkc9HaHzzjtpxOEAazFzjtNcNBJLTIeyr SeW38H3ATXZs/t1GGvfj64uZvvf9A1/uimFznfeGGMHYnrfOiyY2EkYkGi+3SNLR ckOwUwdJRbHNTLNS25alNMzxPSrTnvA0wtXdPnx5r+5vlsP0D+4FQbXYQKt85WqN ovdU/nTqtTYFoNb0ApLMFrITzG+0B5uD2Ws8pu71NG4HRb5wrbSCGVJ5oYQ5ahcx TEMa2kMpyab0G+dtPfhYeosvgY0ReohH+EraQ8lLweMFmYoq3EHPe8/6DUiFbHCx i1ykDLXDHnOdo3khNDdyINuiR7BFSeiRFsGSo/iF+U6Vm+TXtyIq6Utu2sToW9FL WvfrnAQfQwvibQFZ -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-rsa-3072-ec-secp521r1-certonly.pem000066400000000000000000000024161474542230700251700ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDjjCCAfagAwIBAgIRAIUoC1dHnTEUMP0xVa/+/aEwDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MjRaFw0yMTEyMjMyMDI4 MjRaMC4xLDAqBgNVBAMMI29rY2VydC1yc2EtMzA3Mi1lYy1zZWNwNTIxcjEtb2su cGVtMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBMgOB6fYUAstNQdqt/mDXeBw1 3cjxEn6wuYwe5yi3VTBDJjJvL1PlRvbbx72C8tRy61FJMetR466Xi52KnCN5JxoB AjJXdfSQSFepRD5fgiRfBEnIRdNb8iNQCGkMLUloUZi6HaOeyCr7+6yi2XB6Z1xf r6mVxdFz0ZLVEtMulmIVbv6jgcowgccwCQYDVR0TBAIwADAdBgNVHQ4EFgQUKqxQ kJogndnO9Z+jHHQ7OYa3gVswSQYDVR0jBEIwQIAU/Gg9l03ZQFOOmTWA+BBLs1c6 jT2hFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GCEDkblQyufVYLX1A180CsHVowEwYD VR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMC4GA1UdEQQnMCWCI29rY2Vy dC1yc2EtMzA3Mi1lYy1zZWNwNTIxcjEtb2sucGVtMA0GCSqGSIb3DQEBCwUAA4IB gQAGXtQO2pgz3aC0/a1aDQI02cenVIf4PT0P7XPfVOO3fbl58lMyfZpEs3BBEIaC Mc9rhaIf/g5zaiemgrPfr3/yduH2hQI5CljCIlc8UfBTL/PQN8MfSUZIUpDPAt3l NX2vCSh7bEAw04z1Gy/8dXGzjS20E0CZNnP9ID9TfMiTrLH3moAuLaNkjN1l5wpW k/2edc8TmXFvKBS58od729ejNx2Toob64sCu+IPL95GL/HyWFt/PNKNMJYtmm99G 1hNDQ2fCWn/MNBvdeRnvHOnPr7KUtmyh4xpB0ZSbC3M8bJY4QN4wo/CO0MV6uvMg qT3egqjbNXYJ1HeBQabolQwZlwwSDWa2CMY5Pbm5c1dM0T972H/Gsk07iRmy1a5f UOqnrkbXcDo9qcDa0gXt2UuqHLWNtjmKCUxGxj50FZi4aOS4TNY77nTjN7a1LaKO Oq56De5ko2dZOnhRpo6O2PaaiQiSQX9p8QzveBUE2CqOXpObBPoaORaZmZFRgv+q mqk= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-rsa-3072-rsa-2048-certonly.pem000066400000000000000000000026741474542230700243440ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIEDjCCAnagAwIBAgIRAOhffkuMVEqJHpZX9TNHygkwDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MjVaFw0yMTEyMjMyMDI4 MjVaMCoxKDAmBgNVBAMMH29rY2VydC1yc2EtMzA3Mi1yc2EtMjA0OC1vay5wZW0w ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWQmX2BEB/5+H0AAyEvHkC hrsRf01azOiinGNoevsdWdPNIugdGADCDKr9FskW23AOAhMV/KnWigZzDaz36TnR aiszLcumHhy38CkWrkcsiG3PFBBL1mwg8lRXPz7OuS9cK+NJ168ePVBW8Ih5in8A 0+b/FFe++ygrd5fIc1K7bp+oWzufgf8MlBzLtJVpDeF7CFDZFNud7w/Mc+CV3l4S ZJfTg6L+r7+d1fHa1h7wPRiooHL/c9CVmE+ayrNt68KmnDc8Mn8RGfYR9YyehTA5 U/D1IhYyltku+hg52TRm6YI67kNBJ9qU2Hqiq9RhdqTzqDHamU9VbpuU2ugbnRYZ AgMBAAGjgcYwgcMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUDP+gXQsCqIvAJzzf2wcd ZbCSC7EwSQYDVR0jBEIwQIAU/Gg9l03ZQFOOmTWA+BBLs1c6jT2hFqQUMBIxEDAO BgNVBAMMB3Rlc3QgQ0GCEDkblQyufVYLX1A180CsHVowEwYDVR0lBAwwCgYIKwYB BQUHAwEwCwYDVR0PBAQDAgWgMCoGA1UdEQQjMCGCH29rY2VydC1yc2EtMzA3Mi1y c2EtMjA0OC1vay5wZW0wDQYJKoZIhvcNAQELBQADggGBALJvbKvgJlHt3vXbOnOG qKAReTopZ9L4mJ0oogHCkfcU7anPJoY3RaOIW6qy2TzCfqYyXHHFrzCjnedENWZO qb7ZNtg8W6rlFd1YcVfEMSHtjgGDG1p8OTBrdAXXvco2bX/Lh6ydhnLGtd+DHuEp s6KSy/Jd/+g7tkSmMp8lLLPWkBsku4GbHq/heLOfgACnVaUjZ9hKmEInhT/UWLdI D+YfvXr8CEr5Iz4JPQPw5VdbFEKaqB1EixY6JZ0S1wxne7Hs5GIa6PUZH/n0T4Rs J1113DFczj3ggRFompvnkJdjUkGu5Z9iPLA7u5fPOVJIvw18gJcEJ28sskGp2Zme nljCKAhggoUn2fRt1lV7klO2OvTWWe/nJvLW8/O9UZWggmB/J/O9IPALOE0N7Jas 42+sOzgheKirfn8Shhuj3DDL5brvBnUfCq81wMWmdPethdmZeb/w89MZSk+BNF3g MDc3dpM0W0qVL0KeTQaDb79LwxdsaIFU+AtUsNE7fuhDcw== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-rsa-3072-rsa-3072-certonly.pem000066400000000000000000000031471474542230700243360ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIEjTCCAvWgAwIBAgIQMoh3rK2TanJ16RXfKvy3aTANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgyNloXDTIxMTIyMzIwMjgy NlowKjEoMCYGA1UEAwwfb2tjZXJ0LXJzYS0zMDcyLXJzYS0zMDcyLW9rLnBlbTCC AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMlIEuiPsEAEqYBq4ItPcOvf jN6loiRTohWY3eeWlw7Ib8XXEJyCEHw7Cn+YsAHg5HmoSbaR6GZCDJG1FSmsgYVU DMBerU/wSkL72KV4wUGqCzOAHUhZFRNBYi81bc1kSQSB1plwiIXci/l5OyopTe9N N8R9Yv15394PghTr3EN5A1J+BOJMlk4mJIKf5uXpEL+xp6SxFgdNCiXol/6gledZ DWDkupPNS/vccSmd2R9TUxPhrN1O0bRt5SSK0cz0hL4qY2oX0GhmABBC1cBJP4xA y+i9YfhEMKoLRyuHBzFTngSQxe5rwgCwknFXKM4uz6HbXKS3c1G0L1JyWQhS45Ei uwl1ftMteGAngkdEWZilD4dlryQAgIn8Z4Q2YY/AdYOTGBv1vz6zcuh7xbPrVBnN HtzarlbzHSepuIi6vakPioHYZbL3CqExqIpIFdmsYeJCns2h0VEWkcrrZMqUb0jA nR2Gza+n9xmYKGF5WcgDLsuYLUolqPESmO7Ed8onmwIDAQABo4HGMIHDMAkGA1Ud EwQCMAAwHQYDVR0OBBYEFGQaI6GMmq1jRgsRaWMcVUTEgVabMEkGA1UdIwRCMECA FPxoPZdN2UBTjpk1gPgQS7NXOo09oRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghA5 G5UMrn1WC19QNfNArB1aMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIF oDAqBgNVHREEIzAhgh9va2NlcnQtcnNhLTMwNzItcnNhLTMwNzItb2sucGVtMA0G CSqGSIb3DQEBCwUAA4IBgQCF/Hds+ku0AheERB0iW1jJQ2EVnWutJrayGZrjJ+iR QGAj0ZMih2DzfxYv+9CMvaOjFf8Ya/CopSDS7kQ3+YKRy0kRKf3DRmjIokNf7UiZ MH7TJWcUnwqBExbbfBluBsFUCHDqWnJsS9dk1SLit0X5aadPIiJIvPDn8rpLS8yZ +rX/PCBBWwcz1186uFa2g5JeqKOn9PUA3PQO8n6IZ8RGBKIMTuIaIMY/ioVeXBOE 1N/1cabQ0dd1f9wLkRd8MZ71w2gG08LfOeDfHb8bif3Ob27/8pm/jZz3ZQjFjAkZ k0CFHbXx4KcjjRICcOq64cYEH5EUCxT16ZrrBBUFtFje6wQ5Vg/cmAWRrRlCmVjK ZtR6jPl8cgIxyZPztMMuJyGkS/d2onEwCQVPE+Nc1uYHztEIkXEpw2a/qf5hp5P5 T+Tzuxpqpg2c9wsh+dQ6EJjtbFmEu6aLPRl1rQSnFNBfhyrdBZgVWgIYz++t9OA3 2UrHGBLU5SYaKTKBBx6TslQ= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-rsa-3072-rsa-4096-certonly.pem000066400000000000000000000034261474542230700243450ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIFDjCCA3agAwIBAgIRAJ+f/bVaR+FVXy79CtM6siIwDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MzFaFw0yMTEyMjMyMDI4 MzFaMCoxKDAmBgNVBAMMH29rY2VydC1yc2EtMzA3Mi1yc2EtNDA5Ni1vay5wZW0w ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC7hKo1SlcrPVhoYARhVnHW iv/LrZ3QXi2PEI4MReEhQo8PFQKk1/VQq1eaG4FDlEw9lr143npEMYmUrgsHv1RB YFj6gf7A+IY/L2I+Va4eW/JIcMpm5+RtTz8HXcWkvvL/2OjgQAFW7CTR2nIB8XGk epIXKHVFUOPJJ7SKzoJe9PmjQ//m3U73XBf7GF8MByoEGEo+Tf6WsqFbIVbS2l1c 0tpmuTyhJFkbaljmOk137QYr/El2bPZKJsHUgAjbcQ2Eez83wyMeooqDC7DLKx6H 37qEPWp08p92oeVkB1m2GbVz4Azvyd2CNdJxyuKRqZbju92VKDWdBqBpVU3IRNFb 2dguQg37nPV6T7zC8bjmEJSRZ/S5Xt9FLx6oyOv/3ngVsbPheeBlco7N6+W1rKSo AO8HmyXWzArOmyVZ+vOFzVbCWAnEq2ZEDtsOlrbYKbUSbKUMd2XOKkKqfJacsae2 bHyM4nustiQT4ZV80MXlMC8jKWbq8yPvPdB/wIsLXayrE9ezW26VqDFDOke9zj2f lqHEKDGSXqwx/vedyAD6uPqV8fns3c0lMF7ow63nd2yQVXMmSP7+Jy1A+lFWt8ZJ K6BrYnEq/MyNP0VpZo1mYYLvMcLLA/ngcSmG5L+f2GHn07jwSDwK1ub1jC0BWEvR OuHuvmN+XFxnCap0fBwo8wIDAQABo4HGMIHDMAkGA1UdEwQCMAAwHQYDVR0OBBYE FNKY4SRHFYoPe6Q3+n/H6Y6rkEPFMEkGA1UdIwRCMECAFPxoPZdN2UBTjpk1gPgQ S7NXOo09oRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghA5G5UMrn1WC19QNfNArB1a MBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAqBgNVHREEIzAhgh9v a2NlcnQtcnNhLTMwNzItcnNhLTQwOTYtb2sucGVtMA0GCSqGSIb3DQEBCwUAA4IB gQAWrHjCljFXnyXkJJHQcHl3YrhygiSxTkXQ2KctdD2rospmpUmRY1a/HcikMlMr AelFXULwKpAd6AO3d1mSb/N/puHOnMOJvc4YqPy208Eq4ecu9LzGHmbFxqVz/EeZ 31iotKmaOML1t6YMxJJw0Qiyqa3EPFqNeWVnj1D2OIPisjKL6u2jQpFeRMOT9DWK IOdWgJFNTqkMHO5Rj3fCoQwYd4R7ffMg806UNfRDncALaakdPRvVuIKdU28tXMbw NjrG+a8naVu/YKeEg9gXvVSCr+2IJnT58d729vx2Cf/6j4u4JoO2sbz20w3NP0EQ Q5BMMCVb8IU1lo/uu7Z7TLWZdeftZssGFoXFBI08IR3vtmNlcMhYeBZ0K5pYnhur BHl79Ikkn+ohh7GVWCV1SS529EDLM0JRFJu8PngjkrsxoW36sFnuLcBdPKIvdoA/ QB59ai/8TwStsp5TBJeMWSPKiHAnPUyWlkPRaoPOerTTRGDiomV2wSHkqzOChw7h wMI= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-rsa-4096-ec-prime256v1-certonly.pem000066400000000000000000000025431474542230700253730ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDzDCCAbSgAwIBAgIQV1/hF8XvROGnOr8M16NiHjANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgzM1oXDTIxMTIyMzIwMjgz M1owLzEtMCsGA1UEAwwkb2tjZXJ0LXJzYS00MDk2LWVjLXByaW1lMjU2djEtb2su cGVtMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpXpdr7LAJa8ivFjzmBY7cAyF NawbM05Ie70KdBaA2P/2MadjGuds/gPRck7OFf7b8piiQStZx/JE5iFxD78XYKOB yzCByDAJBgNVHRMEAjAAMB0GA1UdDgQWBBSQINIKTY3v3NAdSfZz3QwEjlIyJDBJ BgNVHSMEQjBAgBR+N15Yekve8QE+SnXQImffGmwWJ6EWpBQwEjEQMA4GA1UEAwwH dGVzdCBDQYIQQZhbd6vYQbkP/C1afKMF/jATBgNVHSUEDDAKBggrBgEFBQcDATAL BgNVHQ8EBAMCBaAwLwYDVR0RBCgwJoIkb2tjZXJ0LXJzYS00MDk2LWVjLXByaW1l MjU2djEtb2sucGVtMA0GCSqGSIb3DQEBCwUAA4ICAQC1VE/q3Jq0sMLgM6ONk8eE c0eqccKNYevoObsBeU9qZCDEaHEYE1hftF1ogQPUqq7nL7CyAtu0LHwsycyjir+E kmZEWpprF+mSUyxdVGRoTlSegdOJxkZ3te/veAqF4MsTHeQYFljDPIjkOFTy/JZS HZKe2e48VM2x4y2Xw81bizQA2urX2UuypXV9E/JxBNK9SCpuELv2YZwhoy5gN33P eQ4DeOkrgp5KIT/pqC0i2qc2zq91Pvt3gRJ50NJGescrx7okQY3Z3sj6aRVGWYh4 Sc4ep3qaGDhn7fWWYOSxDYxPrTYWFZKUhYH7/UClcYyp/WhfwLKHc9keRSHyGRDk 0w95fnh9eoRFkp88TIO4zowJo4VkE23qIV2cx6ioun2yIQhHNxJO1H2AhH6b21FT lL5XDlB5o8dPPy2stD/+MG/5CUZAk5QgBjMwsIXvWhUJgvUj0O8oko5bsBuokZfK ojPjBr6rMrvDoE7mgqzRHKcNQtpoc9KK4wzcEdxbz/qT7BNXMlk6QnD5AYHK4Izg HWoGVyLEnJwptWPP39UnzizU//rSAeQLIHyGh8Rb8YYpkfdqRa0bRqIDec8ZVNUG YELN8gJb4COtzjweO7hkIYzl3Edcc+ZJ7jUapSmXadpDGBUjwRATYGgOwraXFzSf Sr0nhKWTr1YfCMImjGQiHA== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-rsa-4096-ec-secp384r1-certonly.pem000066400000000000000000000026071474542230700252100ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIID6DCCAdCgAwIBAgIRAOs5NaZQT8pwBvhbvV2Glr8wDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MzRaFw0yMTEyMjMyMDI4 MzRaMC4xLDAqBgNVBAMMI29rY2VydC1yc2EtNDA5Ni1lYy1zZWNwMzg0cjEtb2su cGVtMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEUT/qgcRhJIaDXRK3ZlCJLCEhrc9K rOMwTtLMfqI+uRNVvF2VBtwL2nhE6n77GASKBSn0hiLHx1ip5pv68mDeT3WZ0wKR PHtXrT3bUvJbbL8M+FhiZTpP2ass8To6V4HYo4HKMIHHMAkGA1UdEwQCMAAwHQYD VR0OBBYEFE0tNpamLgZEPKXvAeJJibrVW00zMEkGA1UdIwRCMECAFH43Xlh6S97x AT5KddAiZ98abBYnoRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghBBmFt3q9hBuQ/8 LVp8owX+MBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAuBgNVHREE JzAlgiNva2NlcnQtcnNhLTQwOTYtZWMtc2VjcDM4NHIxLW9rLnBlbTANBgkqhkiG 9w0BAQsFAAOCAgEAJ1r4BK//lksW275PFtLmlDLaFUOPczDIT0EqvAtiRdtAGOEX 6292Hb56aGC8o7eenslyvcc1wObUanJ21FQxIaF9KSRs0VTzX8vt8PVT49DhQcz9 Cv2hspGt68fukqp5lNh0GS6CVymm3SHpIJ2vOqCN6gh6OA9i6YCxyhKMjqM6G02o hbXE3LnWLXKi25TwaixEmKmgcUp9NfNCiEKdMFABnC4bdcteAI93uHgKtPVqONiP KdX7hKnbaWuX/h4ROBAOShsaR596OQdc5VasgXKdo3fHmJlnyLhrapFuLCywR11j 6G1o/7O+pixZ+85VeAFXE064UcRvbkuURqw/9eorR70lUCD+jjgLC/bUZGcT9PyV Faggdjuo4QWTerC/p2U/kRmazVezNlPUMneXDqUm0YYkp7Z5Nmd7TyTz1E/jnpXc JTXNjnhKHkMxbH6UBmFRGEtm3+AaZ9uskmRCKuiuiX33X0Dglgbfx/d2XKrzLppp U2gEI0wg15jYp5J0NiLtZv5xgAay4D1JpTASo22IKCDTeWXcsoqRKRxGMO/ZQ5/p WXI7UfO3//MSSt6FQVUfp2lgGdzAOHY/7V91DoKN9vEjn+RCIdEX1/KcrtJbWYYl QnmPM6mmBXnLYZieMbcdaIF4z0RT6HRZtI0dJ9johs8DiM6W8pWSmGjzB18= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-rsa-4096-ec-secp521r1-certonly.pem000066400000000000000000000026741474542230700252050ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIEDjCCAfagAwIBAgIRANU/yeVyvslycA10txN50KgwDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MzRaFw0yMTEyMjMyMDI4 MzRaMC4xLDAqBgNVBAMMI29rY2VydC1yc2EtNDA5Ni1lYy1zZWNwNTIxcjEtb2su cGVtMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAhxm/AB/PYVcIMYHpBaejedM7 vQHdLh686diKcPuAIU41gamBNJ1A8UqZx13qBEo4v8/cj9RX6mvKrg6jD7SW150B PgXqS3OMSIC61ILLhbg+pfr5LtVdgkZTF4iqSzKDsHUdsFr2mSObV0RJyllRnS8m bloUTm0fM0Ia61qg7tHH1sGjgcowgccwCQYDVR0TBAIwADAdBgNVHQ4EFgQU5Me/ kwDq1VzB+JuvFkOZLuN6thwwSQYDVR0jBEIwQIAUfjdeWHpL3vEBPkp10CJn3xps FiehFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GCEEGYW3er2EG5D/wtWnyjBf4wEwYD VR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMC4GA1UdEQQnMCWCI29rY2Vy dC1yc2EtNDA5Ni1lYy1zZWNwNTIxcjEtb2sucGVtMA0GCSqGSIb3DQEBCwUAA4IC AQAnPAbkHX5yAIdp12aTEJioSNwK0onqzjbl0jL+iW6yr/00ULtbE3t14UF8oqxu hRI932pufW+EE2BvnWFEo0FEr31uneqkHdzcxBYppmrhEOQEW9ao/fztKLvkB96g JMoBg4Dk0fL3jfNf9Xs1NNTXWdITlkg1bGvQ35/35nCyh/pbuWloQlrtS1nOEPgO Q6Wlwyj76CsZG7zbOZXRt4E4zhy/fsSBcmgWghGFF882NuLvuCa/cHLhsGVfQ9pB BYTXPbtlQnWTDbDG/0w0M+W/E2NdsiLl9ROezbWvVGnXl+Jvg1b7EUy9X/hwerve IMD9gmhNYVzSuzOJCdbnC5cu6h4o/XWp62IXphQXNUjK2eaAe9sBEtPlmdfnAUni ihlx1O/VgaDTT37of1oAQaGSvI+eLxF8p6qyRqSi3ajo3f6jE0zaoS3afRked9Eq saBpsIp5klbnDTkHogYfhExRRvuvC85F/z7BrDZ9siakD6XdGp4WuVZIYcty3S6b eFPhX5AlxdfxGXlKW6CvlpPaMXSn40Dh3Y6G/CFgtGWRnDnGFg2lcKU9Jr+XFBR8 KS9dMMHUVkNbv4JbbeCiJNhva3zMbTBERIOfoFv6jgwQ1i3g5eN/j7Q672e9qkKg rOrwk6i0hnPaIcDH+Et4AFbQNhhlNB/617KcXJCWytkxoQ== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-rsa-4096-rsa-2048-certonly.pem000066400000000000000000000031471474542230700243470ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIEjTCCAnWgAwIBAgIQLfxAz8+0iTzRhO8ExbSQBzANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgzNFoXDTIxMTIyMzIwMjgz NFowKjEoMCYGA1UEAwwfb2tjZXJ0LXJzYS00MDk2LXJzYS0yMDQ4LW9rLnBlbTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM4D6hQqpoAAJ5VjTs+ZADs4 VPHTO62dAvXBTS+gQ9TmWM1zyZug9FWM2BQmuVbk1vtkV51G8Qsfbn/96d2q4SmS Kt6Ygh3AzeGe3/CWEoELDSdCFuOiLPn70WId7609RXq2/kF+MbUtlleZvUNMqjT9 QJaY101PEX+ih7+hKM4TZJBw2F2Jb90BND8s9/RkYOTg+jo9y54J/FGz+Mq4kAgf xW9HTwJyJtgSe0p3+druVkeDnrc98ZddDCPK91lszijd3GY7OzBoEVZx1JU912tT s781jDS+nWTrNHDgCG7bfTi2DF7KuCWItfc8Z9DgL6RM/AmeVYUChfY7gl5nuCUC AwEAAaOBxjCBwzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQ8n/SDLFKBtRAK4oIQtXNj ecyz4zBJBgNVHSMEQjBAgBR+N15Yekve8QE+SnXQImffGmwWJ6EWpBQwEjEQMA4G A1UEAwwHdGVzdCBDQYIQQZhbd6vYQbkP/C1afKMF/jATBgNVHSUEDDAKBggrBgEF BQcDATALBgNVHQ8EBAMCBaAwKgYDVR0RBCMwIYIfb2tjZXJ0LXJzYS00MDk2LXJz YS0yMDQ4LW9rLnBlbTANBgkqhkiG9w0BAQsFAAOCAgEATz5sOgzIs9yT5ZJZOfQw FU8n0npQBi35yvecoYFgl32g72X9X94CkEqxgZE9fBcOSqovI67Ef/d6g6JeGdnd UyoniaGhHZke1GPxkqa/c821HebNgSGvPGaKwuR8luRwgMV4PZMvWXJize85KbSG Enq9YW76n9amZIiVBoWpiuTN76TiJydrJieIcHBS0mnHVYuzYSSCGG3sax6p8QDQ urxsHhNTrSJqVEzOC6Wm/dQwtfMqYCf8sqRPVAS9JI64/WzpOllBJZhqdGkaz2YV /DcvvUugdY8soawEEQund3pbyRsYWT1/oSYfMfUXpuWuAxipTBiJsZF9ldW6NqCt JRD0b0Cl3FxthpXpuHDG+XQ4krBbHIqKdGOKDF0SP+ZWi9lPEoVhfXn71WXBb/N9 JwdfyWeuOUGiOJnvn31qpXVaywqpDH8MaXQfy3EtN63sU3Kv0gdvOYmG+IAmjioi ugiNT4xNi80E/No49VWU9zZKcLIbLRTCjjM0UhQkGNAZF+kpuZywWRs7NrhcqS7L oDNoDw3bqpVF+d6uqie+/dPmqtPR8yWaxGNGXN2YZKwHeViaXDRDygq9/CCpLBf0 gG1SouK6BXD2+itfsAVnvFvO1mC6i/3oHVl72EhMBamVBDXN/bmOGAfHi69X4AEL KA2wODSoQn/+MJA/LsGAWu4= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-rsa-4096-rsa-3072-certonly.pem000066400000000000000000000034261474542230700243450ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIFDTCCAvWgAwIBAgIQWfPVkxLxmMwW9SwmQySLdDANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgzN1oXDTIxMTIyMzIwMjgz N1owKjEoMCYGA1UEAwwfb2tjZXJ0LXJzYS00MDk2LXJzYS0zMDcyLW9rLnBlbTCC AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAL10UzsNkmMFLENx8QmSR4Di BUDuESv1GqtbxccZlFkGSm1QpxIHNawDVl/yjrydoKj21myBZk+EEIS4Q4Bb8/rz zeqWLnnv7rZQv2JVwLU8zGrLdOBqZ+SbAFWsjjgcocQyPK/TbCD7BwAbau1my/yD QEylAe71f7/kNAXqB30/TzlYJxLI1eu6sPAT9rdXfDlXs3z3wPSPcX7iMKdGOXtY lRGwxKEYGxxQo+6M4daQivAjALeVI1+OQm6p2FI+6RBLo6h/P/Y6Pr2SzOnYqPmw 2T59Uvl61jdcmqsU3oGvyebPHX/KA4R8h6uCrSLnqyWmQ3mQu4s8dqqzb4VlEy4Q Nex/DHHjPVT8X4aNw5EWcSaTCrUXL/aA8hA3FVt08pSv5r7jH+But50Q30eyZhKg yML5Dp8CnHvlTX0ebVcE92bPsPWWnOJ+VS75nZ1UoU6OFDp98AOKFCWiakrjU2+e GlkSJh34Ks3el4HC4GSOzy3TyR9JqE9YKo3ctTwQDwIDAQABo4HGMIHDMAkGA1Ud EwQCMAAwHQYDVR0OBBYEFGOEwRZNu13M69hUv4CZCpgqS/uBMEkGA1UdIwRCMECA FH43Xlh6S97xAT5KddAiZ98abBYnoRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghBB mFt3q9hBuQ/8LVp8owX+MBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIF oDAqBgNVHREEIzAhgh9va2NlcnQtcnNhLTQwOTYtcnNhLTMwNzItb2sucGVtMA0G CSqGSIb3DQEBCwUAA4ICAQBueIqjq4hM173+jW/urD0Q8+SIOCi3cBnmwv42TYW9 o+NUonP0XQ8APKLcaKaKY8OsccuV7Gwrv5a/hKy5cg5cfYcQvLWMqulWOZA3cXT4 48AgWC6WPz8m1dV/AIIjnltv2N9nWMqrvD3ag8MEKEn/XApOnE6YLpDMzym7Jmne biA9I70TOtWybyZ95RJVStOOVWou262FdwbjKLfrec0bu8jRAJxJRvImZUfKp1it Vmk0pkkbUl62kFIu4+xfhbCD8IUmv7NnRh/sOTWXt8N5A2p0epUAuBTYnup2Xcam 2Mdx+7sOlQ3bShpq6nL0MnbZM0tLVxNTPiSh5iwujE51eal6cwrGDrJw1yzel92J soXKI15F8HaTjC4cXS8xnnS+XHGyg5Q8e0nZwgS+UO5Cx62aRUFiDkHdTD4kRT9u OZfFcejfx7JNsOqs5YpUytuZinYRU68hUeJSpf04ZuzMHMenDlyn/JC3cncdkj1x wwwk+iOpMHhb426qiYDdJvNoHPruCQB2z9Rwe4vbNaGZjXK48nGCmzK4bEDMQoX5 fqj9nt5nONQMd4wxIWFDzx5CoKW1aEtpdhe4vAogkXVlvW18iM693F+y6WIGe4/B aIA3Sp4fL2X5As0vPTlYbyFWjv9AFuVnLfJJTr0clkKn5/lOuW3V/rtq5mCAUIHG qg== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/badkey-rsa-4096-rsa-4096-certonly.pem000066400000000000000000000037001474542230700243470ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIFjTCCA3WgAwIBAgIQN8d/PjTRhhPs1n/mAZKuLDANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjg0MFoXDTIxMTIyMzIwMjg0 MFowKjEoMCYGA1UEAwwfb2tjZXJ0LXJzYS00MDk2LXJzYS00MDk2LW9rLnBlbTCC AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL8hp+RQi4CxVKdP//jZWgVk xla+w06UvObLVY0R/co3/R0dwV116g/auijefVcIRps8XBNZg3Z806aL7Ak2Af67 r0MtKWCqlap0Q7L0OKc119UAcxyCjk4FufnlWaV36iDXs/5IxUAyVS6+i24xITiI 4F068FgSje2KON5Yatagw4rLbzQP/RouKmtDktWTMPOOO51p39I3sL3tmZDZqZre hiG/8eigPfaaJ81A9xATMK/SRxOhGKfm/2fWUYTcHWOLim3k58VZ7TSsfC5h2UDW 4zZJbUOGuzVkZbfwOppkMA5R4OOMq3G1SR5ZxLw4jIXl+FqWcoLHGlLjFhxr665l CbGqzYjgvvStqgREz5bQNBPtQHVgSgYN/FxSiQeVN4++22CNXf9rg62TKEgJN5Az i/8KmNkVSbV8pMky0h0rEeMP6yvWGw/faK0eUExyjubObMSyAGtRFmMgArTMh7LE lHwtlRJVpx0bHiF8E3ina2MbflUR//GQpUkmJAazU2qxDuyfNWVYftDItKvzJYmE D2qgW8k+7QkmzgKEdHX1zcrQIjpxlQNGhuweZVL3vL+d5j2ROb8K46q4EqDOGMnM znSr5VSfxismumYzMIAhRddI1xRdUcYae7nxgbs9v2CAX2xQmALUpcMSRHs8weuo aXPayzbP2rWrWAdjZEKZAgMBAAGjgcYwgcMwCQYDVR0TBAIwADAdBgNVHQ4EFgQU HQt6ijehAYSk6PN5vkEXpUcAdu4wSQYDVR0jBEIwQIAUfjdeWHpL3vEBPkp10CJn 3xpsFiehFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GCEEGYW3er2EG5D/wtWnyjBf4w EwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMCoGA1UdEQQjMCGCH29r Y2VydC1yc2EtNDA5Ni1yc2EtNDA5Ni1vay5wZW0wDQYJKoZIhvcNAQELBQADggIB AL61vfkuAUDJMYLUpPJ6SUbK/QIKoCS376tRSI3mcJpPvpWc+PhnZ1Ibp4ZP1AZ7 vow8Zhy7VuEDAco4krLRD9FqAcmi15aoMdghxLwsOn1f1wltIiDZ7c3OWyI7uTUk dLFDycdnEgiPs3k+q1cfOxzom7XFQ/g/p5zcbeUgmJ0AHXQWYDcyjvqLVxgDnNyB 7/mi26KSjz4lU+kPeAaIrywmjemwWkZcvgBIY/TiWe+X9X83nyURERALSWwBXOnu vkaY9ksNgxbVqprBe9uppCoW7IGlZ/MO2IrvJdfBIUU250IhXF1YojdTnPU2WZ/E QKfi6KtXGoUPSOZfCMqPrGHFTt8bmKdHrz0ao3tmxrM9DsvH83ZLEe9KSuxhyHkV FwO1D1dy+QsaakZpW8Cnfu7d6y4AsTpkbahP/6rPKPl0eR2MLfTVYTicbsD5L9MD A0moTy/P7elZoAyf5Jfu43VFH14lvQclAqBA2eYsdtn4cjIrGx98jGkUGF2cSkkE iBI6vfoxZVaTIN4WVE8yiK9QNevNqRjD98p9OwFdJsrXhA2/0IoQ38h0FAaAMs/L aTAICtXze6IrfLJ1P/2Jh5zHlAFqlc9KcG2cn8v1770G1geYl0KGbla32xk8LzW0 LzzjqExeYXcFT4vsWJJ30QHdb1xKohOtNbDWhWvtEX8B -----END CERTIFICATE----- tlswrapper-20250201/testcerts/ca-ec-prime256v1.pem000066400000000000000000000016621474542230700215000ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BggqhkjOPQMBBw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MHcCAQEEIMyx6IJVDwqAKXVgtLVVMGx8CRvcZKQ91kMlkLmk4puGoAoGCCqGSM49 AwEHoUQDQgAEU8nIk09cBQ9dUkYac5aebXEKyUtcSZ4nFelsPxeAZ+IkM2Kh/pup 8GisNbaSpxWe3zgxYLHWADCXl+5t+0warg== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIBrTCCAVOgAwIBAgIRAJuxSLDF647ARzz6DZ0C4pMwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI3NTNaFw0yMTEyMjMyMDI3NTNa MBIxEDAOBgNVBAMMB3Rlc3QgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAART yciTT1wFD11SRhpzlp5tcQrJS1xJnicV6Ww/F4Bn4iQzYqH+m6nwaKw1tpKnFZ7f ODFgsdYAMJeX7m37TBquo4GJMIGGMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBcV c4+SK8I4z4yGi4Ompu9zFCyyMEoGA1UdIwRDMEGAFBcVc4+SK8I4z4yGi4Ompu9z FCyyoRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghEAm7FIsMXrjsBHPPoNnQLikzAL BgNVHQ8EBAMCAQYwCgYIKoZIzj0EAwIDSAAwRQIgJSDdkDQM6nkAoFuqb172zDTO DMkySMVMine70wdQX04CIQCtQkSsxtnL02rZVT+DMeYh7Po4L3honh3n42vuxeCX 8w== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/ca-ec-secp384r1.pem000066400000000000000000000020741474542230700213120ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIg== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIGkAgEBBDAQ2kRgzQQDQYdom84XIeuDG/nwe620b6GARxGpWkK2KSEFRM20cm6U oKa1MaUNm46gBwYFK4EEACKhZANiAASC2k7bXzyof35wFGSkC2fl03OW5iQra2f4 MI5u8U88oAiD/a0W3r0Xd2jlzuzzMYYdt5kAlXwFz6/qobADO6cUEN5Rcubgd8T0 QcWLQk+Jl6D7u5qo9mYYK9BeKE35pyc= -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIB6zCCAXCgAwIBAgIRAMJoU5h5aavaEk7mCi/o7fswCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MDJaFw0yMTEyMjMyMDI4MDJa MBIxEDAOBgNVBAMMB3Rlc3QgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASC2k7b Xzyof35wFGSkC2fl03OW5iQra2f4MI5u8U88oAiD/a0W3r0Xd2jlzuzzMYYdt5kA lXwFz6/qobADO6cUEN5Rcubgd8T0QcWLQk+Jl6D7u5qo9mYYK9BeKE35pyejgYkw gYYwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUkiG/rS2yZkcXxE6Ex8i2a/gBMKUw SgYDVR0jBEMwQYAUkiG/rS2yZkcXxE6Ex8i2a/gBMKWhFqQUMBIxEDAOBgNVBAMM B3Rlc3QgQ0GCEQDCaFOYeWmr2hJO5gov6O37MAsGA1UdDwQEAwIBBjAKBggqhkjO PQQDAgNpADBmAjEAgU6ZHnrKRL/f7aPb7qp5DAa9xgwUaSbF+06eOz+8dWZHp2ct MeNQOeOyp4m8X7lVAjEAwvpf4kI54vHypQ+e1BOUrjizsl9WHJAjCyoh9WEW7ycr wgdTwHF+OO5pFHua6GS/ -----END CERTIFICATE----- tlswrapper-20250201/testcerts/ca-ec-secp521r1.pem000066400000000000000000000023561474542230700213060ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIHcAgEBBEIAgevyRM18U2FlrRS3cFomTj3KFvM5SWUKM6SZ9CxKcsDaJ9AxBmZv RzEk4tB/KKPNT/oKj4Tkrq7JZ+daD51vt8WgBwYFK4EEACOhgYkDgYYABADFkyxD 830Hd6D3r6GhMNW6tP0d+6NmHlDmleGnWO87d/SLVCayyu36YrD5cBi6vg2cKMn8 X/CxXWxVusPoWIbJHQGnpOgW6xFQPUhuQmnaOTIg4vMWaRR5vvqE1LrmExw3yyy7 ikqggDqJG9U2zCGHPvDe+UOEwBLVp5uQtne1L80hAA== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICNTCCAZagAwIBAgIRAJGEl8+odnsXMWUILn5wgBQwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MDZaFw0yMTEyMjMyMDI4MDZa MBIxEDAOBgNVBAMMB3Rlc3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABADF kyxD830Hd6D3r6GhMNW6tP0d+6NmHlDmleGnWO87d/SLVCayyu36YrD5cBi6vg2c KMn8X/CxXWxVusPoWIbJHQGnpOgW6xFQPUhuQmnaOTIg4vMWaRR5vvqE1LrmExw3 yyy7ikqggDqJG9U2zCGHPvDe+UOEwBLVp5uQtne1L80hAKOBiTCBhjAMBgNVHRME BTADAQH/MB0GA1UdDgQWBBQZSxOwc++FBo5E0EPsPY1xQAzazDBKBgNVHSMEQzBB gBQZSxOwc++FBo5E0EPsPY1xQAzazKEWpBQwEjEQMA4GA1UEAwwHdGVzdCBDQYIR AJGEl8+odnsXMWUILn5wgBQwCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA4GMADCB iAJCAeJpvqJUiZ6C3h/UvVqczO+67UAL0x3SX1Q4cV9N12HalgnSmEYPOzixmo7c LCkRf2pGHpITyrZeyK/waqmTxP+nAkIBJbTpMYIl4N/32ourlF9OXX+NB6qBo9vR IGilnhK2i2xlwa6N9Gk9KRdJFRak+0Xuiwp+E5RXnpoKv6qpR3QsnL4= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/ca-rsa-2048.pem000066400000000000000000000054471474542230700204600ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEA0Dt1GMy9VPdSLZb/7LElvjvpJ4onKSeQSyhaLS7w7Z4v4xMa /xr7hoLmaDilPikpfEjOYu0HazVp2dcUc0jeHblDTJWxxpa39HySz71xj7g5/TcH HaIQVhxl3PVdSeal2alwEI0bAd8kJ73kr4+S4j5X1uyCOeS4x8OH8f6jVufr0lEO 615d8AF6sQ077O5Jb/w7zbSu2miIgU39C9VSbuCN7f31ioJjPvTxzkIN/L93SXT6 wYAoEfNB8dX9KG+JPFMOGO60YEGCUuveSWHkPiuZc/1HrFKUH9CH/wzI+ZLAzsUw 9vdxQslhGEMOsdfp7gApvcwnaG+HT7DT9X7RjwIDAQABAoIBAQCWZGr1J2ITDLFA lg9u/p6Y36JMWV5hPd7cOV+vxHhj1d0WLsVPvEgvZTlNyqOl2orI5biSAElcZ+50 U//EJ7usUhLGLFOCb3aa0KIkAdoUB+Vx+Z1dDKCp4Ma9KEVhS4E7TEHQ4mjAGE5/ mYmiNprKZmaApr6DW6sNNC5qXBPSfk2Fa+qsB6GYQ6/fC4G5ptYRnBWq17pOoKvb 9Y+hy3hHpIr3Z9s4KOTleDYKh694bodKwF6HIbhiys7f8rEKfddPqF2W1L2nUxDb fcXda/IqPj0MePKT91xU44oZtjuDLGnkpbEE/mBYtB1SNye/7exntB+mN+QKzPvO mAMU6UdZAoGBAP1OfftMBxhjpiDfedijC5BKB8nRo1kj5J8tlkjWGSlCh0i2s7H5 DIBCydcQPUkd73hQ+4BmB8ahIgwD/lC4Jo0nmG5rpVu/5IJ2CPAjcOarjI+Cw5l5 MQz7bo4TKq0UddiqRFSdFnDuZV82yrpHN3IIHTjCUKcmaiBXnXpylr0LAoGBANJy RYfUWnALF6mytRsJJ1/sCNbTiMv08hGjc+I6kzZ3eTyVlShFf2ZfGZE/wkmyYbqt FP9e99sc2XG13fEskkrbuw4Z2AqIa+H0z2i7BaBKoG1fnjUwz6GF/ClY22l7oxBj Bxnq6SqQaVyS64O3/HhojX8B5j3VHvyLB9Y0WKgNAoGBAJ4g8eR+ga9oBb1fxODI Z9+bV2FVzXNIROBZxQeTIAHx1iI+a88eef9XskjfimKqnWOuqlJtX01QKcD2fTxG uUpE/ZNw/7lXAX+vz8SZW1Gkpgqwxwp37Xb9PvbSYEHMFAU9xYpMxkWZjQ7zVXsU GjjFd/iG1XKDOJ0YFObrwc4hAoGALd0/sBGkwCR6vL444DKHhU1Aw+kIOEMi+psf 518StF0na//BqSw0TtBNFy3JHxykVfXgzKMa64MHFNQpEaXAIFZxFuqk/e6rbGxZ Q5724+8/tXaQWVFQ/wffY/d8oimS6UBbzNc4h9E/VTCj6WoQuQE4TUTRtAodnbaD N7ji1YUCgYEA+/7VH+p2Rn/6TWXrqJFPHIyojdL1fN7Vnqkej693suU9ST5ewf0O WN5rgb+2LuZJFWW/s27rKjwsXbax7HtUn3iU7W1+eLiKbAw0/lb5t+8W7XjTelUa on8flBm/1mqgIjEED3gF0DmGqEwh4S/Dcat1ovPGOXVi55w6CCxBTmU= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDNzCCAh+gAwIBAgIQCIy3UDPFCk7O9661Rb3KDTANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgxOFoXDTIxMTIyMzIwMjgx OFowEjEQMA4GA1UEAwwHdGVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBANA7dRjMvVT3Ui2W/+yxJb476SeKJyknkEsoWi0u8O2eL+MTGv8a+4aC 5mg4pT4pKXxIzmLtB2s1adnXFHNI3h25Q0yVscaWt/R8ks+9cY+4Of03Bx2iEFYc Zdz1XUnmpdmpcBCNGwHfJCe95K+PkuI+V9bsgjnkuMfDh/H+o1bn69JRDuteXfAB erENO+zuSW/8O820rtpoiIFN/QvVUm7gje399YqCYz708c5CDfy/d0l0+sGAKBHz QfHV/ShviTxTDhjutGBBglLr3klh5D4rmXP9R6xSlB/Qh/8MyPmSwM7FMPb3cULJ YRhDDrHX6e4AKb3MJ2hvh0+w0/V+0Y8CAwEAAaOBiDCBhTAMBgNVHRMEBTADAQH/ MB0GA1UdDgQWBBQW3luOpDENCB7vaJb+rp8+mg6l2TBJBgNVHSMEQjBAgBQW3luO pDENCB7vaJb+rp8+mg6l2aEWpBQwEjEQMA4GA1UEAwwHdGVzdCBDQYIQCIy3UDPF Ck7O9661Rb3KDTALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAEp82SRo dSMs9ViKzJdb7ZxEelsxMAdlRdvvKxYTIsBgHInJw3fF3GDM6R9IzdIzj7Y8CrBF IzDlJdIDXnNhnPkKNDYiGuu7X+a5Td2WUwovEYM4i/3rwC9ocPGalpLW1V017v2G bQzSq45xI54HiwnupJs+UcklHxXgN1q3kL4lxA7cMw5vnwUj2zpamn7Ovjj6wCvn GShYCErpKOdBGEasl29rnMOjEmzMwrYYqKIOoHUSMedop9WN3U7mOtS/nUGpXwzx KUkfQr254ltbgIfomR21XO2A44rX4xaDSBMmvgL4wMjMCGp1ItdKyEUAcT8RilhE TK933lU2hM4bBVs= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/ca-rsa-3072.pem000066400000000000000000000076141474542230700204540ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIG5QIBAAKCAYEAxKjg0RLFhxPxoiRX92uEXfEp8zUUOHm9P8ISnZMoA8+z7PSB XdwPSJSDaEz+6NK/hTysR8z7eZBPDFktN+5R/AiFp6aVvXhAxPHI/C5vg0CoNYmi uHCgiLxwSHYkSiKoiza3qstjkpTWvZOEuS4LDdGnOKTIP3+2P9BbZRvwuBzziTa1 NudGhIKqpXkq0YnGmWq5/RBTmZhklnWevESP409CIKSmHhy7sv2GA7D/MNZsTkkc DTyNHtx9EEmufllq0mAdTw15jcdU9ijjyOXsrTduQpLhSXrHVUiOy4dCshrn5MgH LubL4ho+Pd7f37kvR5zgeVmvUfrqmQel1j6TrkN5ChCE4lTM42eaLGK/bLJxCEOo Y1J9dquBp/koSGT2XMHibdPmEhA8oLQTb0+9zYxe6kBRCaQD2q8tbdIwKe0H/7S3 lETckS27GJooX4MA8a7f8AJRD7ClF2jVKik1+8qXGmtk20Edp846sVlCOZhQQTZA u7EhVTDwe1JhvQKlAgMBAAECggGBAMBHUhB5JxIsCMv8dtmdkPz8x4RYeF3Dgaqu CN9yOuSHFqduZHItr+/J7TV0WqOvMryFlvhYzeOMmg07v794z0X52xwQ/0USJ1mo AVe32yXceNpnqOZmkD9A5xOiF1c4zcvXgvqGA+QUjGUsr88S2pH3U2VJj9St/LYl 9MZF7DVHcUHOcJ2uwL7ctxY1Aw1+hOQJerGYXfTGEEsf00TGUFzyaHhcI2M7urWF tZs0Wj4Y2CouxzOV6XCsKcdcEzTMHLHGdDtXCoSDZgeTLXwM/KKGxT+fr5Z+/6Sk 8HVi8xr6w+uEMUMZYsA7z07bd7BNqFuNaD5O8bqwYsGP1xTXi3h2TEs6o18EDvYt b+WHei24jgcmFsa24u29s/ZOXZxq6we+sqIG4g1z31BVcBVMvNb7oLGpIYppoU+1 xTRcDVMo5bQcMeEsB3KZ/lLbH+fPiGPjEe3mmiGTOCSn1tnQ6KhZE14FrtTHCv9O 3palumoVFURg+ftNkZsY9M3Mrsk6IQKBwQD2Zk+2zmDqXbfsNMyIYSvwHavMYrxa L6zj0OjRadGVprs2D4a2MUjwN5DAkhmRqsWZJhNucrpr5eideg/SE41NfEdc1typ 8czHa+HIqhirVx0xucJsIptiQIGjygru91yU/54ZSBL6/NjQLNVVhQXlCkAx2Q6p fcQehE8/+HAUZd+cmzndmeGo9oGAWZu3mYYjtIOiJVHRjCQTzmql2Sa8CbDOfLPP fCcei2qyaNbIi0y5ATuYtLSDttDyOTBqlk0CgcEAzFJwwFEx7f/IV8dtprKfegUL oc7O/ER1b2hTjQZNv/5aSl52itQhmn8RPyvqfYOJidAnfavdE67H7Lh0sph//Nnr pZUrKgKi7rZPvVT9C/O6qNZRk68hpxthjAX26I/SXZZyNUor1oigM3ptpxAHyxHg V5vHf0uVzFHXYfyhLzZQyVZEF+lIXQaCBSva9Dbn3yfMcwhNAitaVEEU345QlNcY EoRrhxwH+1YV8Q7+oh4o5rhts6VSfcR7bAYAXHm5AoHBAMZrF1Anm0W/2Ic+8WH1 ljNTQXBiJjkd4UTHi2RvqVWwoVtkX1/CCnFe3ZMlU6/I7DxqvAUaIGMZDhwaGjla g1Rdev4ZDDNSQ0xn5Lb5usnnadwMMbNwnt4dAgiKgAl1armVqpPDRX2WNWZWZCjs 6RVLDuzVVQhJ/a9xbnweLOtQKiTrn0qDS4QLlbds8YeE+s8v4zykfuGWz8qfU6Rg XN/ZkeaF5ypzWPEw5efrouJ1wn/MrVhIVIEoq9QTF5kNlQKBwQDKj4CQaO6jEM3B mEiw1q0b/xyFEc5KcmQqSrdqPDGggb1ptTS4dY3K6OZkRll2jY0xP1enU1cdSE2T 9VpcJKveNP1VbwkX4P0+wydSgItN6hfHgpHlY95tGMwgUVlzPgJEHf6jriC/0ztf TaSf11iijdpngFzLalfb89cfoaD6eVKmCAwB2JiRAP6tucicDELcDUy3TidqWyh2 Fv9mkmR46rVGxlkD3VpcZf/iuAbhGh1afsTjMKcTYFMryNda1qECgcAJ62Yu1gTr u2DzrWR6MfubCacfgnXJeMUmSB1FPu5bV+e6GlYILokd/fpQCnKhXWy2J9hFaaH4 GiUf2Vw0NTJfnLpVFHY5yeu0b0OAOkAEjhLDPBxSivB2cBXuyoK1JfRC92Mf3q8W MD67OjvCh2Ur5B+3K+7pd/LaYQUFfHIJFr4Z7cvt1VRvZ9yegMdI7JjOY88x1Uws 6irTSWoJGU0+hfoDnz3N2EGnmSK/0ngXVH9qnwWKphIOm0ytqaGBds4= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIENzCCAp+gAwIBAgIQORuVDK59VgtfUDXzQKwdWjANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgyNFoXDTIxMTIyMzIwMjgy NFowEjEQMA4GA1UEAwwHdGVzdCBDQTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCC AYoCggGBAMSo4NESxYcT8aIkV/drhF3xKfM1FDh5vT/CEp2TKAPPs+z0gV3cD0iU g2hM/ujSv4U8rEfM+3mQTwxZLTfuUfwIhaemlb14QMTxyPwub4NAqDWJorhwoIi8 cEh2JEoiqIs2t6rLY5KU1r2ThLkuCw3RpzikyD9/tj/QW2Ub8Lgc84k2tTbnRoSC qqV5KtGJxplquf0QU5mYZJZ1nrxEj+NPQiCkph4cu7L9hgOw/zDWbE5JHA08jR7c fRBJrn5ZatJgHU8NeY3HVPYo48jl7K03bkKS4Ul6x1VIjsuHQrIa5+TIBy7my+Ia Pj3e39+5L0ec4HlZr1H66pkHpdY+k65DeQoQhOJUzONnmixiv2yycQhDqGNSfXar gaf5KEhk9lzB4m3T5hIQPKC0E29Pvc2MXupAUQmkA9qvLW3SMCntB/+0t5RE3JEt uxiaKF+DAPGu3/ACUQ+wpRdo1SopNfvKlxprZNtBHafOOrFZQjmYUEE2QLuxIVUw 8HtSYb0CpQIDAQABo4GIMIGFMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFPxoPZdN 2UBTjpk1gPgQS7NXOo09MEkGA1UdIwRCMECAFPxoPZdN2UBTjpk1gPgQS7NXOo09 oRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghA5G5UMrn1WC19QNfNArB1aMAsGA1Ud DwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAYEAaWAL1blZ8b4a4jU5E0trnj+aCbCf 4DEuTzper4o/H7HvejlT9HGC3OdxY28Cr+pGbhFugBp79uI6qLmmAZ2Lr8YbuC/N rUgdrQm5uwVSLuT9UYUDLGi2mB06BtoU83+my82owVeS4b8Ca+32PMWojOO8iyPJ MD6KUw78g6BqKDnCO6L4p6BV5Gvnk09L/fLBO+lyUZ54qTiPmah1gXSqLLyrI0fY emUoHNdFTVQ3NJ/qsByoo2+VoRAYdlVvwT5y/zK1TrG81PSCD2ue5aPbhY0Fg9Yb KBMUeo0QQEugr3xppzGrU5CJ8E5KudFLrC3o+KlNW3Dka++ZhDk+lOaOrmFpLdM4 oh19tsmyQsNsU+MYVlGGygcZdZ/grgf0eA6kdF3ZyedSfyWCaGhlPVqkHIEWsEHH Jfo0K1F/VP12XSJnqR9OlM7d0/G+epmcyakegyO023Yja9KFxd73pXvLYTSc0d8i 3GMBcvH0gCcansJlILBym7d2R8JZju11OlUS -----END CERTIFICATE----- tlswrapper-20250201/testcerts/ca-rsa-4096.pem000066400000000000000000000117711474542230700204620ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIJKQIBAAKCAgEA0RWKvy2HizAjuar5/BXRuZFyOWtPFyhzqkO6iur30Tat/FG0 rJJxPeQ8CRC3ArPeQTrc3dXjHFg5hdRWP6btiE6CpsRVmLx3Tt7AsGTcSV+4SEaz 887s872x9OzYoIaIig27SJvo03BdAEecoi1MnNvBw1sdidwTiOuaJpTbCwfBWn6T vsxFV6CflQjSG8Pm48RBR3HMxbtAePVTrL25Nkif+gtPK/bND1yVza1s7zmydB+L 77EZcWIEnLMPCzfF5sbg9F7wHUdqo4oRYzWcLDyX35+G9D1t7efpZtIJECRm6vw+ DuqHuz4MSE6Xtaw5PaN3tM5467S9ytU6boDVr7IOlf+zhFzAd9UUUilZKWH9of7h 4scJNX2BBW4yAeFV7J6IGf5xFu2hfJujCqJ6icmbGDWIiTYQSwtqlnijn+3ep5AW JW5fHL3B+kAT4gwLUYTwsm9fPJLdI8wBiOFvFZru4jA4YWK/xhOswsdigsX6cJi7 7ODZMkwpqTz4CDz0EGsFY02CJB8x6npM89cBaK4lLtL6ea67MZ4fJZ+hnTgQSlmT 4/Av/4aFJIgPH+MYyMcouUWnPuUWPjZwyEXLcj2644b8FzPh5LDxA6Fg2l8L1qpn OR0xawjIXN+SW+mME8Syl/RJRc4YPmCsUAONh3rUx93u3qocs3nDLUBBndMCAwEA AQKCAgEAqtUKD1g49i24Etyy8hg1yoQfKvEVpxtDHivGf/ip0MP3dkCf+ZyRb/tK XjHNBiVGhE9+5LX8oU0oesNaURmn3IYhU/b45Rmf9c4k7DsMjdrqrAswvxUkH6av fyoBeW9SolHD4viYTCHzquXYAd43SbZ4Y5DP2rL5NxchVUKskh+dCL6BIxSt14IC wXd6jHsM7K6Ok7xUjn6HmA0CeBJwAP1n0Jpq7sXxGAsSzwFTD0c6Go0n/gjae/yV Ph9DPGwug3edl6z2TUXryIFn4YKM/svnXyxtzKNgbVDeMEeOZiUH/hlo7zELA58X 1AB7DlIQVt94UD+fJx7/L3n3CxCzBibNHi5ON2OrjfFyC0XNRuwY4I+Iqztg57Fs tZth8zM0F2ul7EKT8EEAuAzNcGk1glSybK1Da//LIKirjoTTObgqeKBVEQRJ0xpq urR6ky6Jn4uhO+rcuZU4VnWN3vqz5xJo0hBYyajS5zafmBvHHhuv4z9oAuj8fnWV T1+dHamJcd1Y7yrzCw5eXJpNN0DuFgNBEmuyFs4RNyoindLZdFRJGTAIdrZ/T5+1 BuyTtwseikvqZxg6Y3O0cnjimx//hRpYD4H5Tz4Zm/ER29jPVrjKw/+h3UikLtrx EzMSZhb19WP8j/2Cl/05CkAM3DEMcVEljxBbZ8DvJZ2kiecQywkCggEBAPizzmaG iBJRTaZBT8/Sg2ueZW2DbU+SYFvWpSITbIqmneI8q/5VUBFafPCBZsDqWUOiviUE DTLOzO1z+7hTeHaRRweWQ/oYPrPXSrOLwpG/TpVlfcIBnU9Covs7+LvD5u0f+f9M RYwR8TZMXKnpbFoo9vMZ2N0iHTCtSk99ORweVWy/QSvQE/TwEPtAT8Xr/ZsP1+d5 /6mIdZ+fk/CDWLT0trGD+oovkAhxJ95hOzBguYNN2NkdQx6ECerIPapXJXm4MzO2 ngnu1Uw4h3tBNM1w8G8l5OW7cS3uIZcJhVMiOY/fJ2wMO0We8vGXzGo+O3S4WYip CibwBTBRnD8rPCUCggEBANc4IgpWIr5f9Dd6Ryu1X3FvzwNFhK8RzuGhAqUX2Cet mQpqtNhr93yaaO5AjVYYxV6FDhzaBG2pm5ZPfm60jKGz4luoGuT2TuYm60ZrVZY5 B/bGAfAIE4jXEsGTnXHY5dsH4MogD+rBgmDXWP6lH9+zg5Db7gCDzQuYa5U6TMBf CNEerK5dvkqFat1EMkqcJwDTLJYuMOugFear738S/R75wnSgbuJ4jvlqgL/70Dtr cwjMcrDjcbk2wpr8kJSV/qqZejXxFx7/S0tQ8RhEkRKZfDbbgv1ypDDq6A/72uXt pPA8QAyczcxQWqCDeLkOa0wfU8G7zUDiP/0txrRhVJcCggEBAIbSsunRtKJ5gObI MUQwkx4cWE/uF6wzZhljW1IFxanEeYLT8UmHZkiCDYk0HUgnwwxvhTT75UvN4Do5 zhQ26+8bAq6SP3es/RDxfYWoFmp8k1VaF7q8tVLqhQA9mrHvmZii5RwJdQpiD6mn 6/QQnrSh0H4pXO9ENx7UUpyU/gjISPcTF3lw6+C04//Q9W4OaQVOqXTLJlX5rApE sCaKjeRLZV8GdSPEdQiej0Z232dyiB8ubIgG3QQGAHpO418cryw1N0ypizNHTkpr usaOqtlUiIM4v8Xqv4hut7bxal2PCDV+fBiO6PLtIDboW+CcrA6ygZccTGyfYbC4 DUQRZCECggEAEi+6IKl6sh+loXKBxR3EfO93zMz5E1or40EZ2h2TtHak8g5mTcuB 1FOv/kISL25Ub1JLCQEbUrD8Zs0839n98EQlIp2n+CUgMa6kPwUe7FzRYXcF/uSP 0gZqnVT9/vrXIZUe17Wx4qKLg+duq8YEVYDz4y/SgtSgZRRyMuAEUFU3h4RSD0H4 rI9tolj67vcXDKjLob0xgRe8AgwRZumR3iY42mYcOKL7YfQwAQkkZYEE7X9pSa1O lNodw78H8KZkKMJjY1+GFqZ4FFs4pFZW8/1oU7Jk9UnUuhV/mqorqzZTs8FDoE03 zsYTgnDZqLmhM4OKLlrSU2NLCPfvTJrU7QKCAQBSmb++QiH4Bm+8qju8naUvT5Pw d7rP0TiWxdzhoezF/uYiR6jXCwyW0EVKS2Uj7r5HiBJNQ2KqeU+c4Z7QNZXZEkFw mStxDXsN11+Y97ko3wTsm63vALaBL+s9+L0xYXZyygxzQR1RNK332in/aGF7n4FL /J4QeBnb2xTwqzGqTHrZSoJR3PyaTl1sL3FWuTxYRGi7FlR1glWevYsqNRAn3X9C NDKH99uT0SCDWTofYcKSf0y64tATGJ481CkOghuua7F2nnep/ObQLkcOUh1IiNdv jTSYiQJmTgjfr/iy0rkD3HTPFSVHKSX+DIICoDZS9/OfN2SaHgDL1kVZjgrE -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIFNzCCAx+gAwIBAgIQQZhbd6vYQbkP/C1afKMF/jANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgzM1oXDTIxMTIyMzIwMjgz M1owEjEQMA4GA1UEAwwHdGVzdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC AgoCggIBANEVir8th4swI7mq+fwV0bmRcjlrTxcoc6pDuorq99E2rfxRtKyScT3k PAkQtwKz3kE63N3V4xxYOYXUVj+m7YhOgqbEVZi8d07ewLBk3ElfuEhGs/PO7PO9 sfTs2KCGiIoNu0ib6NNwXQBHnKItTJzbwcNbHYncE4jrmiaU2wsHwVp+k77MRVeg n5UI0hvD5uPEQUdxzMW7QHj1U6y9uTZIn/oLTyv2zQ9clc2tbO85snQfi++xGXFi BJyzDws3xebG4PRe8B1HaqOKEWM1nCw8l9+fhvQ9be3n6WbSCRAkZur8Pg7qh7s+ DEhOl7WsOT2jd7TOeOu0vcrVOm6A1a+yDpX/s4RcwHfVFFIpWSlh/aH+4eLHCTV9 gQVuMgHhVeyeiBn+cRbtoXybowqieonJmxg1iIk2EEsLapZ4o5/t3qeQFiVuXxy9 wfpAE+IMC1GE8LJvXzyS3SPMAYjhbxWa7uIwOGFiv8YTrMLHYoLF+nCYu+zg2TJM Kak8+Ag89BBrBWNNgiQfMep6TPPXAWiuJS7S+nmuuzGeHyWfoZ04EEpZk+PwL/+G hSSIDx/jGMjHKLlFpz7lFj42cMhFy3I9uuOG/Bcz4eSw8QOhYNpfC9aqZzkdMWsI yFzfklvpjBPEspf0SUXOGD5grFADjYd61Mfd7t6qHLN5wy1AQZ3TAgMBAAGjgYgw gYUwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUfjdeWHpL3vEBPkp10CJn3xpsFicw SQYDVR0jBEIwQIAUfjdeWHpL3vEBPkp10CJn3xpsFiehFqQUMBIxEDAOBgNVBAMM B3Rlc3QgQ0GCEEGYW3er2EG5D/wtWnyjBf4wCwYDVR0PBAQDAgEGMA0GCSqGSIb3 DQEBCwUAA4ICAQCrsIVVfLCdeqQE48nH1QDyiLFwNTvl+1e4U0WCoS18Sml49Wqy ozT2/dbhG/IwthL5mxUnDXpdjpW9jSNh6MBa7MzHkAR32JrE+Rc81J/bokYfyP11 SGJ2gYqtHuOYlnxCI8umsAOIqaClgvxqr1gHTlXGXMljRU21jp7Se727Rdn0KfcS Vvy7BebV0vF+F8yqCEIJGH8iSZlF+TCxJQSK7qVuC3OU2wxaRnFCuHtYBZIsln15 ZDG1DYbSjLCD79yqMwwFlzVwFVL9gwlecmVgkPq3mNQLrU8m1iA2Wg/XGyiGp0rB 7Xt1CkdhuxMmU9dEw4n1n22ObUUxY9gIUVZr0PAtO47vQrytpG/XuCK/RnlwxgXz o29ejj/SCgDZqoNc8W7j0n5TSPEc3x1HCkY2L6IBWHjy2P+fZ0wjeuBpllN19N6S /qjLU286z8RNApWFTcfntRiINOzhu8VsVJ7zSW7DeGgFjVV0qQIc0qR/s5lckdtT dIo/Ccm6XpV08WlNWSIUCG+O0lUmuyZ5gLW+981uXIcstvl4qUQUO0p3gPxFKxT+ iRqZTdhazgG8/l0JNWTZ1guW2mDpFzxz5eIKSwRtihb5fKzPwtEkCIrUiTgJWOhT 2GWZDpSpEf7MJCuVnphF3KR3W8LxQYoSQfLXE4NvFN/rVWzmwkmmqoVMvg== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/ca.sh000077500000000000000000000023751474542230700171330ustar00rootroot00000000000000#!/bin/sh set -e [ x"$1" = x ] && exit 1 type=$1 shift [ x"$1" = x ] && exit 1 size=$1 shift umask 077 tmp=`mktemp -d` [ -d "${tmp}" ] || exit 111 cleanup() { ex=$? if [ ${ex} -ne 0 ]; then cat "${tmp}/ca.log" >&2 fi rm -rf "${tmp}" exit "${ex}" } trap "cleanup" EXIT TERM INT ( cd "${tmp}" exec 2>ca.log ( echo "[req]" echo "distinguished_name = req_distinguished_name" echo "req_extensions=v3_req" echo "[req_distinguished_name]" echo "[v3_req]" #echo "basicConstraints=CA:TRUE,pathlen:0" echo "basicConstraints=CA:TRUE" echo "subjectKeyIdentifier = hash" echo "#authorityKeyIdentifier = keyid:always,issuer:always" echo "keyUsage = cRLSign, keyCertSign" ) > "ca.conf" if [ x"${type}" = xrsa ]; then openssl genrsa -out "ca.key" "${size}" fi if [ x"${type}" = xec ]; then openssl ecparam -out "ca.key" -name "${size}" -genkey fi openssl req -new -nodes -sha256 -key ca.key -out ca.csr -config ca.conf -subj "/CN=test CA" sed -i 's/^#authorityKeyIdentifier/authorityKeyIdentifier/' ca.conf id=0x`sha512sum < ca.csr | cut -b1-32` openssl x509 -sha256 -req -days 4 -extfile ca.conf -in ca.csr -signkey ca.key -set_serial "${id}" -out ca.crt -extensions v3_req cat ca.key ca.crt ) tlswrapper-20250201/testcerts/client.sh000077500000000000000000000030161474542230700200170ustar00rootroot00000000000000#!/bin/sh set -e [ x"$1" = x ] && exit 1 ca=$1 shift [ x"$1" = x ] && exit 1 type=$1 shift [ x"$1" = x ] && exit 1 size=$1 shift [ x"$1" = x ] && exit 1 name=$1 shift if [ x"$1" = x ]; then email="${name}@example.com" else email=$1 fi umask 077 tmp=`mktemp -d` [ -d "${tmp}" ] || exit 111 cp -p "${ca}" "${tmp}/" cleanup() { ex=$? if [ ${ex} -ne 0 ]; then cat "${tmp}/${name}.log" >&2 fi rm -rf "${tmp}" exit "${ex}" } trap "cleanup" EXIT TERM INT ( cd "${tmp}" exec 2>"${name}.log" ( echo "[req]" echo "distinguished_name = req_distinguished_name" echo "req_extensions=v3_req" echo "[req_distinguished_name]" echo "[v3_req]" echo "basicConstraints=CA:FALSE" echo "subjectKeyIdentifier=hash" echo "#authorityKeyIdentifier = keyid,issuer:always" echo "extendedKeyUsage=clientAuth" echo "keyUsage=digitalSignature" ) > "${name}.conf" if [ x"${type}" = xrsa ]; then openssl genrsa -out "${name}.key" "${size}" fi if [ x"${type}" = xec ]; then openssl ecparam -out "${name}.key" -name "${size}" -genkey fi openssl req -new -sha256 -key "${name}.key" -out "${name}.csr" -config "${name}.conf" -subj "/emailAddress=${email}/CN=${name}" sed -i 's/^#authorityKeyIdentifier/authorityKeyIdentifier/' "${name}.conf" id=0x`sha512sum < "${name}.csr" | cut -b1-32` openssl x509 -sha256 -req -days 4 -extfile "${name}.conf" -in "${name}.csr" -CA "${ca}" -CAkey "${ca}" -set_serial "${id}" -out "${name}.crt" -extensions v3_req cat "${name}.key" "${name}.crt" ) tlswrapper-20250201/testcerts/createcerts.sh000066400000000000000000000035641474542230700210520ustar00rootroot00000000000000#!/bin/sh set -e PATH="./:${PATH}" export PATH ( echo "ec prime256v1" echo "ec secp384r1" echo "ec secp521r1" echo "rsa 2048" echo "rsa 3072" echo "rsa 4096" ) | ( while read catype casize; do # ca if [ ! -f "ca-${catype}-${casize}.pem" ]; then ca.sh "${catype}" ${casize} > ca-${catype}-${casize}.pem fi ( echo "ec prime256v1" echo "ec secp384r1" echo "ec secp521r1" echo "rsa 2048" echo "rsa 3072" echo "rsa 4096" ) | ( while read type size; do name="okcert-${catype}-${casize}-${type}-${size}-ok.pem" if [ ! -f "${name}" ]; then server.sh "ca-${catype}-${casize}.pem" "${type}" "${size}" "${name}" > "${name}" fi oname="badcert-${catype}-${casize}-${type}-${size}-keyonly.pem" if [ ! -f "${oname}" ]; then openssl "${type}" -in "${name}" > "${oname}" fi oname="badcert-${catype}-${casize}-${type}-${size}-extrabegin.pem" if [ ! -f "${oname}" ]; then ( echo '-----BEGIN CERTIFICATE-----' cat "${name}" ) > "${oname}" fi oname="badcert-${catype}-${casize}-${type}-${size}-malformed.pem" if [ ! -f "${oname}" ]; then tr -s 'cde' 'def' < "${name}" >"${oname}" fi oname="badkey-${catype}-${casize}-${type}-${size}-certonly.pem" if [ ! -f "${oname}" ]; then openssl x509 -in "${name}" > "${oname}" fi done ) ( echo "ec secp224r1" ) | ( while read type size; do name="badcert-${catype}-${casize}-${type}-${size}-unsupported.pem" if [ ! -f "${name}" ]; then server.sh "ca-${catype}-${casize}.pem" "${type}" "${size}" "${name}" > "${name}" fi done ) done ) seconds=`date +"%s"` days=`expr "${seconds}" / 86400 + 719528 + 2` echo "${days}"> days tlswrapper-20250201/testcerts/days000066400000000000000000000000071474542230700170620ustar00rootroot00000000000000738510 tlswrapper-20250201/testcerts/okcert-ec-prime256v1-ec-prime256v1-ok.pem000066400000000000000000000021001474542230700252020ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BggqhkjOPQMBBw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MHcCAQEEINK78SmM6LPjwRwEYlX4Kgt+7tWWU2m0VrVM12W7YNY+oAoGCCqGSM49 AwEHoUQDQgAEX3krIIsA2hrhx6IR5p5dL4Uf+QlZ2VrrF0alfnWsS0laX8443F3c n1ZHT81k6QGJwccH1WSUu1uaXT26mF4ejA== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICFzCCAb2gAwIBAgIRAM7UWb/F1gg3xp4ZTzZBUVMwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI3NTNaFw0yMTEyMjMyMDI3NTNa MDQxMjAwBgNVBAMMKW9rY2VydC1lYy1wcmltZTI1NnYxLWVjLXByaW1lMjU2djEt b2sucGVtMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEX3krIIsA2hrhx6IR5p5d L4Uf+QlZ2VrrF0alfnWsS0laX8443F3cn1ZHT81k6QGJwccH1WSUu1uaXT26mF4e jKOB0TCBzjAJBgNVHRMEAjAAMB0GA1UdDgQWBBRi72oYle1qmbT59QOWleoKVN5K 2DBKBgNVHSMEQzBBgBQXFXOPkivCOM+MhouDpqbvcxQssqEWpBQwEjEQMA4GA1UE AwwHdGVzdCBDQYIRAJuxSLDF647ARzz6DZ0C4pMwEwYDVR0lBAwwCgYIKwYBBQUH AwEwCwYDVR0PBAQDAgWgMDQGA1UdEQQtMCuCKW9rY2VydC1lYy1wcmltZTI1NnYx LWVjLXByaW1lMjU2djEtb2sucGVtMAoGCCqGSM49BAMCA0gAMEUCIQCsWidVQMFY rOlSm6JLGAi5GPfXqwNdvwdQjKznDhZCZwIgMgT3GiKua3li5LSHtfwlqJkLW64O 4enkdU3clu690xk= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-ec-prime256v1-ec-secp384r1-ok.pem000066400000000000000000000022351474542230700250270ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIg== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIGkAgEBBDCOV7NpRRgisPOI3NM79ztoJaUEootL49d23HUuAMWzT1oLXrtiYKpt lrTFoDz7ALOgBwYFK4EEACKhZANiAASraVLBOiUwbyBOWD9bnI0uO+oixbVBeYFx 1Ucb1cWliySmQ17/fEl9IPeLMVXuIZ3RJi2qtbHKVnu5ziszQN6yGfS+2saHdIuY KA/mt6TAnIxoPnTD25tRcpw5kmBcOI0= -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICMTCCAdigAwIBAgIRAIIKGCDQlOKRaW03shZFlxowCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI3NTNaFw0yMTEyMjMyMDI3NTNa MDMxMTAvBgNVBAMMKG9rY2VydC1lYy1wcmltZTI1NnYxLWVjLXNlY3AzODRyMS1v ay5wZW0wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASraVLBOiUwbyBOWD9bnI0uO+oi xbVBeYFx1Ucb1cWliySmQ17/fEl9IPeLMVXuIZ3RJi2qtbHKVnu5ziszQN6yGfS+ 2saHdIuYKA/mt6TAnIxoPnTD25tRcpw5kmBcOI2jgdAwgc0wCQYDVR0TBAIwADAd BgNVHQ4EFgQUQ/Oqn+KfXMt42OkmN6QtAr/MzIQwSgYDVR0jBEMwQYAUFxVzj5Ir wjjPjIaLg6am73MULLKhFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GCEQCbsUiwxeuO wEc8+g2dAuKTMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAzBgNV HREELDAqgihva2NlcnQtZWMtcHJpbWUyNTZ2MS1lYy1zZWNwMzg0cjEtb2sucGVt MAoGCCqGSM49BAMCA0cAMEQCIGoDcchA+dU8rkzfcVJxmHU0meEAcIqkFJba343V aW6/AiB/KSh14773qJI7fRmgpv3P1Cux15efgkun8rvpkI3lYg== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-ec-prime256v1-ec-secp521r1-ok.pem000066400000000000000000000024331474542230700250200ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIHcAgEBBEIBExIdf+QrGoWtZmYBRLfvN4qlfg03B/ONHU5OJ04IpCSR8FMcQeuV OeW7upkE0iqw1cdVCKBNQoDgZCuVCrFEHG2gBwYFK4EEACOhgYkDgYYABAF98MaA n9qLa05W3thxCRKHX+kwtQatFdCImBx7yERkkqjsOLyjMu/SHRLq3jxs1q1ixyLm yvO4aTyxpsAbScbhCwBBrKMgp6az+ewdkGMg0lK0au/KafyggqQisZxjmUjeoSs+ jJBxOW4vu7PLhyQcNm846l+xFnPwajXUxO/Muzdxeg== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICVzCCAf2gAwIBAgIQdDspOwtP6FhOgc2xawGTPzAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjc1M1oXDTIxMTIyMzIwMjc1M1ow MzExMC8GA1UEAwwob2tjZXJ0LWVjLXByaW1lMjU2djEtZWMtc2VjcDUyMXIxLW9r LnBlbTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAX3wxoCf2otrTlbe2HEJEodf 6TC1Bq0V0IiYHHvIRGSSqOw4vKMy79IdEurePGzWrWLHIubK87hpPLGmwBtJxuEL AEGsoyCnprP57B2QYyDSUrRq78pp/KCCpCKxnGOZSN6hKz6MkHE5bi+7s8uHJBw2 bzjqX7EWc/BqNdTE78y7N3F6o4HQMIHNMAkGA1UdEwQCMAAwHQYDVR0OBBYEFNRy h0YLpSRC00iRSHP3T2Oymn6YMEoGA1UdIwRDMEGAFBcVc4+SK8I4z4yGi4Ompu9z FCyyoRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghEAm7FIsMXrjsBHPPoNnQLikzAT BgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwMwYDVR0RBCwwKoIob2tj ZXJ0LWVjLXByaW1lMjU2djEtZWMtc2VjcDUyMXIxLW9rLnBlbTAKBggqhkjOPQQD AgNIADBFAiEAn7K/os8q2JHP9vGNtA0wpvk7IkB0SWq1LDNleVcwWZgCIC/DYaco 0uL6AIvFEH/8FXpwP1FApODsjS1qHYojtK5W -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-ec-prime256v1-rsa-2048-ok.pem000066400000000000000000000052451474542230700241720ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEApVw5Nuoi5ORTmG+Tsaqui5YpPGp6nXmM/mVtLEy4oCCjURm/ wLLE0RWnIE3Y9MPppAO5NwfxKJEm6dj0/8YC52eMe6vY3LkeS7P9oOFhJ4aX5AQg UygfiznfsvVHXqo4z3gGx7fB6tNPMJNDCJgAuhfkbSB6+WsDODNc4NuoSVlIBq6/ gJg/7tkP4z7YfVdoRoinUF+f0kiTkBZx8p33q+xFjhVGKtYabwxNgp+wzy9RlKAw kHoI1iQkKiwIcftWxbcKU2bojndqLczZU5tUHuiRuXKL+DNygmtrcvZpDP5B7iIr /CCKFwD8OkWdjvMk/F8wAsIn380MRgiUDUomFQIDAQABAoIBAQCWrOtBe6ViFh+K JhlZaeJ0NNbMQ2YI+gocgMUy+ZG97x+BtcnBR+QJdQZ9bBIGLkJF/lKVr3nychkY OmY8beyVeQhMZHFN5qyRZKf2IYgKoRzkW1ItE8FydsC8a72lp8vuWDstXuanF/bv lzAcs4zuBPlS6qbDgNxFKKA4EE9OzUHYfermGVVnq49THSpB9Qpsdpk+NWKeyVEo kxcIv/z4ayRQKMJWDtaHj8ENLFon1cKYSogz6T8Bx9RoFKX4aWGpPCEqH0JXpNKY uTkg24GmqFNaLkyZ9OhlAXSCoOAomINlO2Xv8xQMhPTdZUhDTiZSfxESgd6tkaAt 4ECqDMKBAoGBAM91FILuWlkgb+JElnaPByR214y3biAksx49dfd+t3Z+6+Li6lrU QVlVLlruBwz4AEdkyCQfNlyuGQET1eumJp9+PZpog5qXL5OBYpHZ76n3EDxOLM2I 8c4349qGeL0nV/Qn/5IXaYNZxO1vtyL+TNKs3wnqt+brS1UwIziyHKr1AoGBAMwN e04XeRNbCKM14CUPlkofrBKFko/lBajB3cCiUH6pdCDTNg3ziT3SbvHRVMTDVxGj JLwOoB2BgMFsfVztgvBgvOXwUDPMmGsLadAEPLatS8IPNooLIBu0/rn6nDmbTbYH ISj3fc8rhfdiIbRsMTbF6mNl8Qzie7tU6UtQNtqhAoGAXWN5Lk+aAFEnzJXPneNY 9cNB2SihvHqI324PcrBqaj9MdMBteyHdoRdFXM2WAvKJPZpStmAOmr4Mp32EaSZM cLPli2LNC4RPeHlgJAQVbU+40UznwkaJg6mJOtAZ/hx97X0sAVnkt6prie8mY+xS LOyBIve0fZEiQmD/GgCkAxkCgYAWc6lMl2KYEZ0qsCPgkA1+TGvXgeD1ekKcJfCr YHCw7x46+mJpOJGyPrQ8YUcNe1zaMPQ6yPUvKe+r2K8WiX+tyUcfmciJWoquxIu4 +q5ff0Plr1zV5ZF72vdoKT4FTKRJUhGA+3JZWDWeWarRulHT8ATxOOdD/quUmiwt QD844QKBgQCtwwjMs4EvN9uK5Dw/eshJMNVGCQOEdlWkNEV2zYEj98I/lqbAAuKb 86TaOZw02g1i7S5mu4X054oExp3A2LGs5jFqybDa0nsBmL9toYoSInm39HobK8Bn P8dZhE8klVnputveM/YXW6JpbvR7cY5ohSHisdgNGBlj78dO3u5Bsg== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIC1jCCAn2gAwIBAgIQEbwfBfZHo2SltYzoE2cNSjAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjc1M1oXDTIxMTIyMzIwMjc1M1ow LzEtMCsGA1UEAwwkb2tjZXJ0LWVjLXByaW1lMjU2djEtcnNhLTIwNDgtb2sucGVt MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVw5Nuoi5ORTmG+Tsaqu i5YpPGp6nXmM/mVtLEy4oCCjURm/wLLE0RWnIE3Y9MPppAO5NwfxKJEm6dj0/8YC 52eMe6vY3LkeS7P9oOFhJ4aX5AQgUygfiznfsvVHXqo4z3gGx7fB6tNPMJNDCJgA uhfkbSB6+WsDODNc4NuoSVlIBq6/gJg/7tkP4z7YfVdoRoinUF+f0kiTkBZx8p33 q+xFjhVGKtYabwxNgp+wzy9RlKAwkHoI1iQkKiwIcftWxbcKU2bojndqLczZU5tU HuiRuXKL+DNygmtrcvZpDP5B7iIr/CCKFwD8OkWdjvMk/F8wAsIn380MRgiUDUom FQIDAQABo4HMMIHJMAkGA1UdEwQCMAAwHQYDVR0OBBYEFCdLR91gY8xyey6bu3Qp FjFdpHKoMEoGA1UdIwRDMEGAFBcVc4+SK8I4z4yGi4Ompu9zFCyyoRakFDASMRAw DgYDVQQDDAd0ZXN0IENBghEAm7FIsMXrjsBHPPoNnQLikzATBgNVHSUEDDAKBggr BgEFBQcDATALBgNVHQ8EBAMCBaAwLwYDVR0RBCgwJoIkb2tjZXJ0LWVjLXByaW1l MjU2djEtcnNhLTIwNDgtb2sucGVtMAoGCCqGSM49BAMCA0cAMEQCIErqLYBPmMfO HBH6g+glTIfmJe5PJ7CIYmD5/OMphuH6AiA/mmvR6Ktn5zKbSVBgnRlveJbbQwbw IPDw61h/LriSqA== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-ec-prime256v1-rsa-3072-ok.pem000066400000000000000000000071371474542230700241720ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIG5AIBAAKCAYEAqmfdnkg2R0un8DtEJCa/fCPtOH8Z5zv2Y8ladggL195s9MRo r5wONjmYdGmexmMXuJziiQMPAQ5xqubESPfgeAf/oAXVA6tRM8LkhS3dvGvwdnTW yj/1XvKd33x5BK0DrhhkwTeyPtDh8bovpxUG7C2OthVnnktZTCJkRHHilyH5IEmQ qyVfGV6Rs9P0JuqatMklBoxY0CWXOzdgj5PLStjrBdWKJD++uJVdMzd53HqP6kdN nwEJRZUHt3kXv7P3nAohmNXdcHjm14e2OIUp0Vd9I6cDkVsSx49ytr1P4IXbA9ay W8q8Cp9PV3ceWDo8cu/UPj4aLgbjf4kELo2cKyhY5b7JlfOrb2X2tIYFnwLGKwbb pgQQ7/VbI7/RYnbVG4xFz3K3JKG9BPl+AZGSZiz36No5miAoU6hi5V5EzVtEzWY9 if7pYRkb2d33PgwyUBZMZiVYaCxTKL9cc13xaCagV6Ayt2hcytdsUcQ998BJ29Er IDcHSeEUsbxIR8UFAgMBAAECggGAS1zULoRRPQbApwYPBM3+MbDR4QKVOibSuR77 2ueEFVxRY47ZnZCu2FxwiEuN5L8+Zm874Mxxfk4dBzA37u1xYKRo8SSjKJRDvVic KCo4vnQeTMUvmRLgObWjDIvIGcFKt1wiczFmq1FGG9nz6TjrbthXHUAqK1+3hmxP W9XiGGT2AMmIKajFfjrMxXMfr3ZiJUIwFc1MGgIF+DJtihIa/mcgydu+1Hk8p/Wm 2lfWlSO/MiWGtqOGrjdSylnLnwS/7AJGQapc2+SHYsrXAXE9RhDFLCWkQ2hmbNBt DcNugv88MwJ8hdccHz+EWEEsSv74YaUOG+o96YQ+OfFSyGgMAh0xhMRoQ7kMrJ9m Tkr94aUIesOsq6giGZ7CWw4xBOPxDN0vfvRc808DS4hHZOQ8FI8aaBKl7GBXzt4/ ZCZ+qgn4UuyrE/nDRqQobdbgCQocGZIc0SnB57Ytyahq5GNz4WKEisQ/8Uo3ccsy 0PCMbuGfAEwCJ2SpCKGoo7iwYa0BAoHBAOFviEcmAmSfs1BMDTZBpJAAW8oah2hK rPe4UntvZxZ97zzAOskzRIN0c6j3uV2dXN1HrJB/FEluqSb1yP1JQXlO2usTJ625 q/J7jKVmbkdqJk4cBTzM9ZKQfwkm/+c5SsVT96FxgFSoySROKr1jsGp/09rU4BZY Kr5S1/i1mD/k2kTdjxBH3XHrE6LkYiEgOgPfhF2w+M1HeLnhIzgNKk/oJi+5axA9 5qT47fae8h3cb/GqzON+Z9+2pJJflB0D/QKBwQDBgle2TQQLV3DwAG52/cpv7B94 HpsHh7nHuYDEzcP9R3N+vm3jrUiNxvv5oXuftzMZUYdFzX37L8uRUZ4HsbJLK6Mg /H5LI3Q9ANuzQR4esH0ZpeDx+E9s7ng+6UN/uAMEMxvVXQmFvqu2K9RQ3azpIqgy FVYhuIy/Lo3M4XWlMtg5fgeSVR5xjUofYXiRNWkb0/FXCm1w/fWjdGflMi4AzJeT A7n3fKHZ0OLeQqSs5aLsqsNAH5HxUF75sFQen6kCgcEAntufZrOsIAhBraXJ8Z/U PP1jsUl8fcuRk4a56O2Z8UmRGnhDdKDB+PhIwJrAbu2DERN+0NwcCZsHa8LrfUDv +HHO5rQ607rxJhBWDf/eWki88XHhZvTvX/ae7m4jCmde/yqqZ4O58O53vzOt/oOP P50QRzaXKme6xx9NvZ8JyIyWGs0eEVTzAWGsFq9lTv6Mo0oQ1ozs5osk0aeKz+bH GEP5FMxOW8WjEEGyPoXHC6/Y2q2HcBAVVpo34kWj88ZpAoHAdJwcSTIt/rupxics ai5UAJA1AojG+YmzzYSe8Xnh4k5dbgJJbEsvDqjbjTnfqoaWl2pG7yx+/5B0xtR9 O7u8aooYWrdtT9BEqsJKosHZ6bqHGJ6aaJYvHsCx249r6pozzyMRYckYBO26wiO1 ZSnAmhkVbGDpL5br0gW208EFyRBTtomY/HioyNrQ0QpGwpKCDY/xvnb9LnsLvH1Y YoiTqk2gBarYNSh4zC6RmEhmvf3/6UiaMpkTtGyvXx4AAxhJAoHBAKl+69yH0WMX bNiAAF4nLQJHYzB2/SgVITGZMr8i4pAl1sJkq1myJQtdhjzDMBml6E99wz3FCw6J uOlM4jj5iuzkW59LtFyhoPCf2MgpP+oy0p3uHLlOKpUcsJJKxnKMaVvoBMxOpeF3 MTVt97ygsbCl184I3xoGRvSBDsURrKqw3GJYydnzBETzv865q7jFcu5LcKjFBeba F332vNIDmMYJVZ+qva8nqg8GzKKT5XMrdMHML9xF0N+ZAPGkRIexlw== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDWDCCAv6gAwIBAgIRAOolY+iSJRGLpfvjQZ2B++QwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI3NTRaFw0yMTEyMjMyMDI3NTRa MC8xLTArBgNVBAMMJG9rY2VydC1lYy1wcmltZTI1NnYxLXJzYS0zMDcyLW9rLnBl bTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKpn3Z5INkdLp/A7RCQm v3wj7Th/Gec79mPJWnYIC9febPTEaK+cDjY5mHRpnsZjF7ic4okDDwEOcarmxEj3 4HgH/6AF1QOrUTPC5IUt3bxr8HZ01so/9V7ynd98eQStA64YZME3sj7Q4fG6L6cV BuwtjrYVZ55LWUwiZERx4pch+SBJkKslXxlekbPT9CbqmrTJJQaMWNAllzs3YI+T y0rY6wXViiQ/vriVXTM3edx6j+pHTZ8BCUWVB7d5F7+z95wKIZjV3XB45teHtjiF KdFXfSOnA5FbEsePcra9T+CF2wPWslvKvAqfT1d3Hlg6PHLv1D4+Gi4G43+JBC6N nCsoWOW+yZXzq29l9rSGBZ8CxisG26YEEO/1WyO/0WJ21RuMRc9ytyShvQT5fgGR kmYs9+jaOZogKFOoYuVeRM1bRM1mPYn+6WEZG9nd9z4MMlAWTGYlWGgsUyi/XHNd 8WgmoFegMrdoXMrXbFHEPffASdvRKyA3B0nhFLG8SEfFBQIDAQABo4HMMIHJMAkG A1UdEwQCMAAwHQYDVR0OBBYEFIy9mnv26Q0t40o1zvpmQA0BF3edMEoGA1UdIwRD MEGAFBcVc4+SK8I4z4yGi4Ompu9zFCyyoRakFDASMRAwDgYDVQQDDAd0ZXN0IENB ghEAm7FIsMXrjsBHPPoNnQLikzATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8E BAMCBaAwLwYDVR0RBCgwJoIkb2tjZXJ0LWVjLXByaW1lMjU2djEtcnNhLTMwNzIt b2sucGVtMAoGCCqGSM49BAMCA0gAMEUCIFCbkDiXpn3ZjByShJZYxg+IwshzGBNS humr3QGF5L5HAiEAxk2Y347DVe4EaYBht+AVSFbvhuBy6MJfdC2iIxUiORA= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-ec-prime256v1-rsa-4096-ok.pem000066400000000000000000000110321474542230700241660ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIJKQIBAAKCAgEA15CEES4A4dZ2JQ/EEEB1Aw5BaJAlBYc/T++3VUEEE+emWi7C /DlUoc+NfTyEba+VrBV20xbZii1NfdDyeh6tu3eqvnKObwdK4SuYlKGeU75SZVTB l/3L+9RVSQ5rdSiCkSZnsQRbLeJwYIvextFd7DtpYJObPVPnW993D7pXqApHMKl1 FnhHtRgRvSt8B9SpLz5rDzFOnFGOOqRIZavwyJJccusOuSJpMN09v/Uosq+Wz/Ux Y3ZmphpqtMwnPqJwXPG87vAMKjHqYgc47IZXwfbA68GuUSmghiYX70SFivQJAq+0 4fLY7Yr/sgsFerKL3KocNVHHi+oIxxwiGFjF+DyhvBMVSa1I5BmKlEWFhCwFrNX3 403L55l1gMytYE+jMex+Rd5TUU+VNCEOje/a2AxUhQIxNdmiEGZuBeWyPGVtkTf0 rmcoX9Ea6nmjpNIcn3rIJTP48B/eagARxvCFgrkhUF3Ih1/erq/4l6Hg5KWCSM84 D1fcXQmddIwsGPKiqELB7gpxTPYl9jn1gbK/8mmgCyuHFJ7Ty54oNmNYdn8SSA33 0KCXYFUltyoqn877nMimGcbxVekRkF/eX3qw+yU/4l7+eZ9ux5QYA1SouGFdNL4E VU+o+ux1vLu5RvJoJfGwr+Er1mk63HkuV666199zBS0QzCAMlq6ZJjKRZtECAwEA AQKCAgEAro0rI+4ocLcEfAZEMRTAq3TDqjPuhod50PS/c51t++A8aBIteafCzDQQ 0jRK17ayb+IBkfSSurzsXtDvR8vHymGgNQ72Hxm8nJB8wP4OAqm+dqcnDDhLEORj GwE+KmRfNcHvfPuWCZWugb9A6aVndH63WaissABc+5v8ARRXHo8UDmdplIRZLF8N Hi00BfNB/CuC7Y5zpUi07u9QYGPWWdOKYNPN3EPtAdBkzCdsiSR97m8RSwT5Ic+K UFRwAtvuOJTW9HQUpaY9sJtAkOZH8Zwpo731tWsLvRTjlK/boyTwluhIhB3tYoyH eFhMW4pwjoKAzPwnpTghW3mAck6QHnIJnDnwyy8RMP4Cw8wQKRvnwPwof1CsVeWs C+ottY+RCCkRn3D16gHMCplayt9GzJ+SqOKHV9+n1jQc/5/N7X5ufq7drQ1MMZU4 dAEwVsGynD115hKTeUhkhjjvY2LzlNPDCLhuP1oRIj0/n6cSFPdazv2ONC5Yyae4 2rAuBH1z3RmFoqqpkpQzgJTJpvYItczS06kk1RCtbKqRmULFMvsWGUuqJQUV65Uu FmxLOOsmACIgIqpq6FUbIHH1yynx5AP6UBlPU7nMddE1qSzSkMP8VFAk6kj68MEh GiCN5cjwSlxkHBpFDWJEiBbohGJ5QdzxFY69FJva+Z0DCs4QFXECggEBAPDoPqyC 7XyDUzd+Nh5ZRn4nmGtdl4PMB3ruunLAgKCdEfibhi95pOW3zuD0YtUDZ970oTsj GynY3cZZHC1y/b873SP35d5xZBswC3FKL+TcLeypsaMSuZujbRbVjvvEuiasbAhD 7Jq1If1aFvuhpYhaEhVn3iVNg4AtJyPRVC9Dy3Zm9O/RufDghiS8KyCsB7HxlX77 ZK0Lxz+7h7GhNbAbzcOvAvqB19CFAS5QC02wBAhkKO+TyxSYfGtzU4ZQLY8x6iI0 Z+K5IMqC6LelrInQBBbaOXKA9n3RAZgQxrDxdLGPAhK5nFD+H8kmHBXX2kqB4Xlb nKpIig9M62IgfKsCggEBAOUR0OWI0o2GmlKVcBWr6rmxGLNXay2RjD/IjBX+2+BQ DJHByequPkELParmG0+M1yEWI2QG5S8Gby0omJ1hKSvHyEZAdG2AXJbIf8eXJXS9 27O8X0OrUn8R1hSa2DejUc7zQlPTLc3cyeSlCh7Rwsho/5hs5+icbyLjPKxK2J8N xLXN8A2AO0rcozJUs3t72I11dPq//PKPeSrkr14m/OKZ1fT6v2l7AfivZaSgw3DX TZyd2AOpUt8bj+NA0laII139C/W0pU64s78MoZOsg+2QHyFDfZu3ubyv1G2ogk6E W3n9A5+g59bQiHTAfmKyEtXb2AsROv6YgqzcFRDgMnMCggEAfFGdZjD6lTLAEvcS vn6bniaYxW867Uyw34Oqu+UTe88SoxS/HmjL66/7FqOHDR4A0FG1kmr/bYz4hY8e t2WMBM/Dwvf+q9ggLNeSUBhUtunY2TSI8vqKxgKEHTB/5PUUiziXV3yV8RBgRfnj ul8kqUSx6FH9lYp2vgKPHDC+HNYDfUqMQ+Ya6m8zSmnAZ8/e+LkOyMS6o4JchEsm L0heCE+Q09bQ1q2CzZyVi2zLKIAY1Ku7ZEcEmdBHBLwy8jEWEbtUc+pPYfTfMyJz LbJVY5jxQ0nCM5DRowPkqrCdmFpCOg7upvMZ88HwbUE5ZRxLDgAQdywLoORmOpcb MTxKmQKCAQAGy3h+1ogoWo3JVVV1zxuvVml9KGKtf1vBqJk/Lcgn5zf4Ot9absC5 /TNfFmRI/8yB1r5GAU5bDr3NgR7FzFQEUHDIZLEPbndQobHoobsis18I/dV1lGdm DYlkIxO20sliciTNh74cFSiH971NHLvCZhru0owugjVpu4PZOH8keKwVGH6+Z8da eSD+JTUNvKa3y3wk0/0U1NyrQQ1SpaVqs1V9ZtK2tkdgsRM6xuoFNt2+f5Agy60B oTerbgjPOEqURyVLrIgaxa/PQvioAL4JFfVWb0ISlGiWCEEs34q9+X8dJzwsSAGY hacGj48wLkgQv+ywp1owoyV9KyoUzhGxAoIBAQCoaxUCrFwVvaoL2MdUHJNCg23b B3nwkmMXiPLkv35aE6HuXRcDXi6IGfZa388Fm8lhQbhXoNyzJv5vsJIxt7Qlkvps uiJFy/7fQtitpcvZ8dPegVhLqlYYv7jkTmDzgt4qSxNgu8KyvUdR644Qt0WTc4Hs OdZaFb/XL6k+ToOdXt7g25Ka36zn/Rma7lqd5PPGrYwwvWJgvx0xtCGArxEQoAOt X6GVRe8nmfD3cJTfvmCRjhzhPVC5VTSBbFEb0ux4e1INLzwFFeCAupK8uvx6SsXH uIKrFhu5VgTBBb566VdfQ1jAOrRj3wp5kb8f9o/U3cJDrsr1pP/nxXYZTFQO -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIID1zCCA36gAwIBAgIRALd4GdbxXm24ooXT4fDlWmowCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MDJaFw0yMTEyMjMyMDI4MDJa MC8xLTArBgNVBAMMJG9rY2VydC1lYy1wcmltZTI1NnYxLXJzYS00MDk2LW9rLnBl bTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANeQhBEuAOHWdiUPxBBA dQMOQWiQJQWHP0/vt1VBBBPnplouwvw5VKHPjX08hG2vlawVdtMW2YotTX3Q8noe rbt3qr5yjm8HSuErmJShnlO+UmVUwZf9y/vUVUkOa3UogpEmZ7EEWy3icGCL3sbR Xew7aWCTmz1T51vfdw+6V6gKRzCpdRZ4R7UYEb0rfAfUqS8+aw8xTpxRjjqkSGWr 8MiSXHLrDrkiaTDdPb/1KLKvls/1MWN2ZqYaarTMJz6icFzxvO7wDCox6mIHOOyG V8H2wOvBrlEpoIYmF+9EhYr0CQKvtOHy2O2K/7ILBXqyi9yqHDVRx4vqCMccIhhY xfg8obwTFUmtSOQZipRFhYQsBazV9+NNy+eZdYDMrWBPozHsfkXeU1FPlTQhDo3v 2tgMVIUCMTXZohBmbgXlsjxlbZE39K5nKF/RGup5o6TSHJ96yCUz+PAf3moAEcbw hYK5IVBdyIdf3q6v+Jeh4OSlgkjPOA9X3F0JnXSMLBjyoqhCwe4KcUz2JfY59YGy v/JpoAsrhxSe08ueKDZjWHZ/EkgN99Cgl2BVJbcqKp/O+5zIphnG8VXpEZBf3l96 sPslP+Je/nmfbseUGANUqLhhXTS+BFVPqPrsdby7uUbyaCXxsK/hK9ZpOtx5Lleu utffcwUtEMwgDJaumSYykWbRAgMBAAGjgcwwgckwCQYDVR0TBAIwADAdBgNVHQ4E FgQUK95NNdP0Tr2ExJ3h/riogEzhOJ8wSgYDVR0jBEMwQYAUFxVzj5IrwjjPjIaL g6am73MULLKhFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GCEQCbsUiwxeuOwEc8+g2d AuKTMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAvBgNVHREEKDAm giRva2NlcnQtZWMtcHJpbWUyNTZ2MS1yc2EtNDA5Ni1vay5wZW0wCgYIKoZIzj0E AwIDRwAwRAIgP3tPSwJW0Y89lfvC9j9ur4lQ5jiAN8LXScTaZ0cOSsECIH70X8nH 08LvcyRpOpWvu8rxmFpl+5S7H1SsYvc6QCFy -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-ec-secp384r1-ec-prime256v1-ok.pem000066400000000000000000000021501474542230700250230ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BggqhkjOPQMBBw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MHcCAQEEIPb/Zqm+I6142HXjTmelWQnUlJnf2QFQa04VZ+5UdV9boAoGCCqGSM49 AwEHoUQDQgAEGxxr5HQWc8hcBRtSM44lBgRGO384Tb6CAcFtL4Lye6v6CgfWCn6F OhM2wtALy88HGHKGuhJAzR1+lLj06eSjrA== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICNTCCAbqgAwIBAgIQaYaxvGvWuaH82HbUs1pbPjAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgwMloXDTIxMTIyMzIwMjgwMlow MzExMC8GA1UEAwwob2tjZXJ0LWVjLXNlY3AzODRyMS1lYy1wcmltZTI1NnYxLW9r LnBlbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBsca+R0FnPIXAUbUjOOJQYE Rjt/OE2+ggHBbS+C8nur+goH1gp+hToTNsLQC8vPBxhyhroSQM0dfpS49Onko6yj gdAwgc0wCQYDVR0TBAIwADAdBgNVHQ4EFgQUB1psApzLF5t2y3iSi88eo99FE3Uw SgYDVR0jBEMwQYAUkiG/rS2yZkcXxE6Ex8i2a/gBMKWhFqQUMBIxEDAOBgNVBAMM B3Rlc3QgQ0GCEQDCaFOYeWmr2hJO5gov6O37MBMGA1UdJQQMMAoGCCsGAQUFBwMB MAsGA1UdDwQEAwIFoDAzBgNVHREELDAqgihva2NlcnQtZWMtc2VjcDM4NHIxLWVj LXByaW1lMjU2djEtb2sucGVtMAoGCCqGSM49BAMCA2kAMGYCMQCViKjVDVTzDE3l ZK3mjKoLU6NceZTWZ1sn7Oe4KAjcXGKnVa0HfoFvGIPjt9rnvD0CMQCtSGKbsfeF +Se6nt4tBp0mFMuYBj0GmfjsyvmvuTCcP0TxUzvPE7mHfrAx3UVk6J8= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-ec-secp384r1-ec-secp384r1-ok.pem000066400000000000000000000023021474542230700246360ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIg== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIGkAgEBBDDNeGNpTJ/2qt0L9GQhqu2eN3rbQDBEcblTN7taH8DWvFZzTZf+Uo6C FC+6P3mfpZmgBwYFK4EEACKhZANiAARtegM6m5VbhdK+m0u8DVdE2w2iUOAaiuHz RN7ORxI+dxOBUvHHDK8pLQ3CuYseVWgKtyzHm6uoUmJpGaJ5jCZrWmu6nCmbw4m2 zvYawHFCCgapudleqwJHDoGoLziEX6M= -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICTjCCAdWgAwIBAgIQS+yPZGUK4ucv4+I1Fstx9TAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgwMloXDTIxMTIyMzIwMjgwMlow MjEwMC4GA1UEAwwnb2tjZXJ0LWVjLXNlY3AzODRyMS1lYy1zZWNwMzg0cjEtb2su cGVtMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEbXoDOpuVW4XSvptLvA1XRNsNolDg Gorh80TezkcSPncTgVLxxwyvKS0NwrmLHlVoCrcsx5urqFJiaRmieYwma1prupwp m8OJts72GsBxQgoGqbnZXqsCRw6BqC84hF+jo4HPMIHMMAkGA1UdEwQCMAAwHQYD VR0OBBYEFJdR7M+8vQYwIhYS5eGQZJwcHBlgMEoGA1UdIwRDMEGAFJIhv60tsmZH F8ROhMfItmv4ATCloRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghEAwmhTmHlpq9oS TuYKL+jt+zATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwMgYDVR0R BCswKYInb2tjZXJ0LWVjLXNlY3AzODRyMS1lYy1zZWNwMzg0cjEtb2sucGVtMAoG CCqGSM49BAMCA2cAMGQCMF4SvC7HQmL/9CBmDuUGZ3p5QDDv7Cz0tWc2k1Zf3NKy c0nrw33vzzs2NkrOHFXNRAIwD4bICxEHTTV4eVSkI/UPockGChCCnlATjGQyIyi5 WVZBm+m1451rSt5w9MnIwhBE -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-ec-secp384r1-ec-secp521r1-ok.pem000066400000000000000000000025101474542230700246300ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIHcAgEBBEIAHg2pXSIgkA2F9U/ajFa2dJgt0WgZZsqEtUwXp/UlnnYyLo3gNfeG p5qEO4v/V8QssF0C4S6zCunbkNoPt3ompmmgBwYFK4EEACOhgYkDgYYABAEbmuYI lYCX87H+HwBh9oIwsh4uPoDSbKioEtt1MeK97aQvS2Fxu+TVVfumrwMR0pHgY/ZG npLgcUhVzqW7wkzGyAGpy9b+vVriz0aSiZGOgyPgbyzk9OlDN5tmkFqU20kIOBf9 kCf/10W51YyZQ4i16pFNpEOURdAQ10zm+u1Dc01emA== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICdjCCAfygAwIBAgIRAKc2QK9WkyTyu1hNLBO/lhkwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MDNaFw0yMTEyMjMyMDI4MDNa MDIxMDAuBgNVBAMMJ29rY2VydC1lYy1zZWNwMzg0cjEtZWMtc2VjcDUyMXIxLW9r LnBlbTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEARua5giVgJfzsf4fAGH2gjCy Hi4+gNJsqKgS23Ux4r3tpC9LYXG75NVV+6avAxHSkeBj9kaekuBxSFXOpbvCTMbI AanL1v69WuLPRpKJkY6DI+BvLOT06UM3m2aQWpTbSQg4F/2QJ//XRbnVjJlDiLXq kU2kQ5RF0BDXTOb67UNzTV6Yo4HPMIHMMAkGA1UdEwQCMAAwHQYDVR0OBBYEFPbk 7bek6zKj/thhEtoy/HZmoGxwMEoGA1UdIwRDMEGAFJIhv60tsmZHF8ROhMfItmv4 ATCloRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghEAwmhTmHlpq9oSTuYKL+jt+zAT BgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwMgYDVR0RBCswKYInb2tj ZXJ0LWVjLXNlY3AzODRyMS1lYy1zZWNwNTIxcjEtb2sucGVtMAoGCCqGSM49BAMC A2gAMGUCMCdWpfE62Ra2aVNF0venVPhSalUVr87qOak2FBpDRpjxTGzXnQ3kXPe0 gF577Zrv1gIxAIhcOdGVtxTt+nU8XJTOshidpv/jB8yHkOPMkiWw7LwZ2GchbKcr eZ+KTDPATyELXA== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-ec-secp384r1-rsa-2048-ok.pem000066400000000000000000000053151474542230700240040ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEA1L8uN8rGSPALnz1rCRAhPX4+rFN0bEXBvZgDXR+q02JnYFAa bfW4un68xiw5ZIzQwI/8OO7firDasvbuspMy5HLFldgPvvXpLBY/jP38MzvH885x /FcZZqJvXpHFrghDYRn9wM09NeUToiQSWRX74CxPFoJbjB3jJed+WcJgzzDn+Kup K0EEXfWYDWBlmyGWKoi4DnFUPb8khO2YlqWw9EGqu/mM7cSwxSOBMPFz7KALWQZ+ sH5cdWoSDsFbs1CcSQYLDhVXT1pYfsfyrd1tUGXUo3FLPb8+/O/ljqcTEbOvY9uj 2HEVdrWn+j0vv5NGtai+GJnB3dehDl/jCPRNAwIDAQABAoIBAQDF+6iKOUVvyRw3 s9NxGrakYGD4w61buUsEInw25Gp3z2K+yaze2cZwn9MTZUJ/5V+7ZANoBDy5971+ wLgALWY2HOztdqWoo3a8FXRMxGw4TZDVvjBrka7Myat0yZm6TGxP5/0yuI0XI7iy snj0uLWut+1d2DBT49hohNcbtv2asYkH24qBZDBdCxGKH1pJgPi48aybpglWAk4f MRUnt4kGNazlliFMeUolx2UF8RZS20cM9MDHWHI8drL2tAFnkj0stYxgKixm/srG 14GKqWZZKYfVzeEk3x5rd8mXZXeAmpn+5kPIg7lxUoURtroKAjOvj24KVENslod1 w8TJvc0JAoGBAPEJ70IbSGfI/kw62azl5u9i6mgGz2LckaYtHzvJNBYmVB8+3+8e bRnJex133YIbQeAvV5IQEI8U6x8uEtKDUVJQGti2ohq5J8CSCsrHWm/R8+08S19I O/qD4dxej8jg8GT6tnypfnPraO4F5HxAPwsyksg8FQGQTplzZKWUUbpPAoGBAOHz sNZGXQQv8YfVOcacTr5tv60R2/CDxUg9VxO99vsMqRVkOtpBWgFCOkpfe3YxproC qybjI3Q+be8/1aSyAdimJ24bQ69swDvvMop6Pf8IM9X4Ke9J5ubbtiP0U7ioz2+G 5D2KQwRhyFlPjenjsJHjhblgcr66vLAYWtxJOfkNAoGARG9Mpdk3KnhPcvc2fDdd 5NORt+1PDkOPer3O41uR1UQWmDRyweJCmZKxyMESe/EfN/ZZB5hWCzmmM9kR8QDl otgpdyQLTEkLd0o/lCkbjSnv9ogq4ieRF+Q/ySBz9FWhCxp/m09IHsNUrFex8nEP NS+rqvwb/rCpEDpJ9hTxS1MCgYEApQRrluJGloNJO3G/Q0zuuWa/wO81GL+zuiGK UdG/6fOCHSxZSwLFb/vlRGHdciGq6Vh/lOP4BbJ+aWfOaPzUGlymmWRyF1EuR9dW qwnB81sTOGaIgckQSHQX3sRWzJsE/Ceg000BytZ7ErbmJvXyA2oORKeqxZ7tpRH0 ccNNApUCgYEAhQLP5aerHmZX4fiCsNUt7+ip6rgPGU415nKNA22wAV+DMxVOQJBn bGnPKV065t34yRnOJLKJtw/1ghDNgwe9imdfVQY7YcnL8ucOWJyU50Ijwzo8/eVV y3cBbe2HCS7dOhjJ0MPKJ125jM+CdWQgGvL3ZpbDs2BZk2bGn6+2q4Y= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIC9jCCAnygAwIBAgIRAK4BGjn+1Ufq/4hsAYIKqaQwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MDNaFw0yMTEyMjMyMDI4MDNa MC4xLDAqBgNVBAMMI29rY2VydC1lYy1zZWNwMzg0cjEtcnNhLTIwNDgtb2sucGVt MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1L8uN8rGSPALnz1rCRAh PX4+rFN0bEXBvZgDXR+q02JnYFAabfW4un68xiw5ZIzQwI/8OO7firDasvbuspMy 5HLFldgPvvXpLBY/jP38MzvH885x/FcZZqJvXpHFrghDYRn9wM09NeUToiQSWRX7 4CxPFoJbjB3jJed+WcJgzzDn+KupK0EEXfWYDWBlmyGWKoi4DnFUPb8khO2YlqWw 9EGqu/mM7cSwxSOBMPFz7KALWQZ+sH5cdWoSDsFbs1CcSQYLDhVXT1pYfsfyrd1t UGXUo3FLPb8+/O/ljqcTEbOvY9uj2HEVdrWn+j0vv5NGtai+GJnB3dehDl/jCPRN AwIDAQABo4HLMIHIMAkGA1UdEwQCMAAwHQYDVR0OBBYEFFJeo7HBu86G08T5YIbo IZLxIBmQMEoGA1UdIwRDMEGAFJIhv60tsmZHF8ROhMfItmv4ATCloRakFDASMRAw DgYDVQQDDAd0ZXN0IENBghEAwmhTmHlpq9oSTuYKL+jt+zATBgNVHSUEDDAKBggr BgEFBQcDATALBgNVHQ8EBAMCBaAwLgYDVR0RBCcwJYIjb2tjZXJ0LWVjLXNlY3Az ODRyMS1yc2EtMjA0OC1vay5wZW0wCgYIKoZIzj0EAwIDaAAwZQIwMYToR55Xnk60 EXPajoxyQbiwG1mqsWGCmwfCixklJjIWrzeXAqIgLhIQEmju6e+KAjEA2ZrG3C/C shzL/hqj+PjaZV+H2AQ2VOMzG6xWymEuTP4OQTVBXDtUljHVAUt5XkFI -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-ec-secp384r1-rsa-3072-ok.pem000066400000000000000000000072101474542230700237760ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIG5QIBAAKCAYEA6jsC9JH4RLPMMPZqUpq7dhN4kbaJdhUvJ5TA4jt5NO95UdbB QOniLMUfSLOUNJfmD35ePv8F90Pk509ECWnth4NXOrDvQAMLQZ5cUXeAkoM/+o2V mBe6+3pJ0fnQP8ilfwjiB8kiMHX/97X6S6kcT+Uv6I2jtHUrKJ/oNX7IiFnk4rwJ cZY70HeAcB/RexlxJ6jPfvBddqSsDsQdrqcG8RZL4t7s58hf79ISj3KVkjvTogwt Dqf6x+EQljBcI8iFXWBQOkPKfNmTf1Fgcv11EFa/1RUyKIGBgaHVhBIM5t2T5CO/ /YYjMtI8xC7u2lF6Oya6+iqFwOeuWiiv2HKJiGCn4X1957DURR8ki93ma6yOHMeE 0d1oyPjDJgJ+rxNmaDZ4TzcP2uzfGRCCPpOurbIJh2KN6H2ws0zdyXDmN7U/U/vr ug0xhIeC/I7QJB2Eby91VFzntgiTKNTGGHG6k8rIQt4O322hMhxjUlEKCGtHXXew ViiYhzU0tv6iEjpVAgMBAAECggGBANlWDDX2w5Cr7El6O8mN/WdgRb2ezAmfOnPV mOvSF3NAySdgx0x+N/kmpxKEXn42e6fgr35wj46RlvHyIMVDXr0g5210A2s359fp IuwMoGZSFqlbenT3f+4b2CdXTx4ABV/MVD65KFojA3FLj4Vo0vZnSH7V/hJRrcwy I/qPO28ZSkIADBszNSkH2UswmuVIBDCyeGXmjjKqNWQ2IPyPyucksyE9jEC9MheK quIjhhl8HbD870nsH8wbT5KsKLKjOSWfPUknbruilMK1MVEBZ+GaQXloU1BuN64G Nbs+XzTNhu9+5cm9vfgoxWKjbAVp6Q84BcFuKK6BCjfA6DQv21vdV7wFSkSJkja3 ciXO9vSENksjHThlID1rZTHm13nbA04DxDv25zwfSkNl9zFDjvuSGRkMHVGKHRkV Q3P3iGxX4XPtRo27YT2c8Zc0X8doSKLRS3H6wH2a5v7CtiOw73aWFfzQ54zYjGba O50LtrgFAuXwkPewLFNq0Ot4zzxeeQKBwQD4+uvttdAYHVYejwG8FfsOhlNv7rAr OFeYia2difS1a7VdHsG31+bXcX8Eghzs3vRu92emSBu05fZ5L/90doggWvEnfv54 Ul7b2GFpFargTdPnOg4HE5PbROf8AqYahaukrvt9ArzhtyShrDVl1l0JO4quUppG k218a86nMqQAUs52IAm82lAPlkgfaSoFUV6gVF4412LhJZryq+9Vsg593RHj57xJ tliuJ0sqNWXVzUBXkY2toJqXkqICv/kbiecCgcEA8NWhbJaiTWyUYaKV6+Cx7SBf PrlRh/FfEkAKdZCDJKtIuGscKMlKFNfdVVkeCa3FFV9bCLJ44SsqTqIEY5R6quWT 3QYoke6xW6nKbjFDxcoIWtiGHA23hC4u0QDb5zLzxN8z385H9vOBjhCjzub2KHHt 4bRG3MM1nremIHzdnDnCBk3OqWPAtWK6/D21SyBx+eOX0EhW7znTCB88mEz3WeCO 9o33uq+xH7oc1SbdpW/8HZXzeTMQDGrGRfk4VCpjAoHAPUCl6D4xaq1U8YGnIJmb wRAE2OW0y30595nvb3FwFW3hGX6mk872yIvwfrBv40pagi41frAAuPlWMKxBQWqj xKn66AeTHRDOq3FJTav59OLQvfMHXnBPkMMb+2C/cojuGD7AOhoBU9pVlbyjCmG5 U7slPAuwTqqYZeKz3WhU9otopaDuJFrlFWCYb7nUj6hcCj+XSo6akd9JhmgMIl4C uK45Z4MsTEoi+P1LvZ+TZQzwxlpVq6B2R9HYL6sA4uiDAoHBAJ/gEaM2dFQVioMu HXxS04ro/JF1EIzATS6eWNMmtgh3tHTIlg71YTpo+sOXv3sJYlYH0TT61YgU0acV ovhALxaYBQqq9e+6lv6Uvo9cIPOCZP1507131aXnyqhwe4sFphHBYnxmQhvMFusq XLQTWsIKr7IvrQMMi+HrZFsYyTzWktkAefq0/87p1dtxU5Kl3UPYNIXOH/f7WP6B TgaEwYdmrUE7iYLi8yBuuok9ndIffyxcyR5iKXs0vp7hDOXCpQKBwQDvKDgaNs5y fVJYHDyxi6FajrV+KUulT7Hz6Gy6tuB7Ow1ICJ5HMANblkTycLUnoJkiONxx9bdj G4stXX7tU7bXTVSxx/A7nDwBGaRb44y8JUFiR78WJtdwrb1LgMbKYZGBgQs77kLl FSwHGr9eSqH9ZPrQNrSrn5QtipOzouvo+smoLQPMsnWTqT0d/UJQAVUYT/SFHcv2 cWZSRTnhL8Uv46O2rmMWnxsi+iiTb2GM6K2fgh/SM570D8Anqgffu6Q= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDdTCCAvugAwIBAgIQPCWncP1c8f49L7kPYJCJZTAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgwNFoXDTIxMTIyMzIwMjgwNFow LjEsMCoGA1UEAwwjb2tjZXJ0LWVjLXNlY3AzODRyMS1yc2EtMzA3Mi1vay5wZW0w ggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDqOwL0kfhEs8ww9mpSmrt2 E3iRtol2FS8nlMDiO3k073lR1sFA6eIsxR9Is5Q0l+YPfl4+/wX3Q+TnT0QJae2H g1c6sO9AAwtBnlxRd4CSgz/6jZWYF7r7eknR+dA/yKV/COIHySIwdf/3tfpLqRxP 5S/ojaO0dSson+g1fsiIWeTivAlxljvQd4BwH9F7GXEnqM9+8F12pKwOxB2upwbx Fkvi3uznyF/v0hKPcpWSO9OiDC0Op/rH4RCWMFwjyIVdYFA6Q8p82ZN/UWBy/XUQ Vr/VFTIogYGBodWEEgzm3ZPkI7/9hiMy0jzELu7aUXo7Jrr6KoXA565aKK/YcomI YKfhfX3nsNRFHySL3eZrrI4cx4TR3WjI+MMmAn6vE2ZoNnhPNw/a7N8ZEII+k66t sgmHYo3ofbCzTN3JcOY3tT9T++u6DTGEh4L8jtAkHYRvL3VUXOe2CJMo1MYYcbqT yshC3g7fbaEyHGNSUQoIa0ddd7BWKJiHNTS2/qISOlUCAwEAAaOByzCByDAJBgNV HRMEAjAAMB0GA1UdDgQWBBRPdj4xkRjwMJh9VqaurnX998YonDBKBgNVHSMEQzBB gBSSIb+tLbJmRxfEToTHyLZr+AEwpaEWpBQwEjEQMA4GA1UEAwwHdGVzdCBDQYIR AMJoU5h5aavaEk7mCi/o7fswEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQD AgWgMC4GA1UdEQQnMCWCI29rY2VydC1lYy1zZWNwMzg0cjEtcnNhLTMwNzItb2su cGVtMAoGCCqGSM49BAMCA2gAMGUCMQDxm45t5Xy8VQps1B3xQN8s19fTJ+z0EyjF CUjmUNBnxOwfB824fQdWLj/iw3KD92ECMDFJeFhi9C6ehD0bXzI6oLJy43IhdtPR FAxfcHNWpEUdlnOiD9SueII4iLtHCAilzg== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-ec-secp384r1-rsa-4096-ok.pem000066400000000000000000000111071474542230700240050ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIJKAIBAAKCAgEAw0lTJ5k+J4hdXB9OoDxq523vwE44/Sp5W0PF8ST/s59JTsUW Jg+pNRsThWjdmWf4gAqqfU6DunenbiaGiXZpV/TDijnLNQP2qaIxotMXya41d+Wc 2yYBlNWOjxBVCBtAMTdh1ZJTynI01SBz1H3KPTYe+BDM+OUP0Y9L+HB8nGhDrGRr 1GIl9tOY/8Y+km2c5x/JMzSALiloVdVF/xDI34zK7eHNyrjS3dIUhInLfKS3MxiO TCzlm0DYi4RqkXGaiohXZLIbUk64MrggpRQkCTrj+82nwaSsEqMgg/j5O4yU6Bsw +OGKflNB3vQcIrH5joiwIDnrtlLV04m2MTY5neliES1chXJtnljYEfsZKcTpSWKS whPGk9QdCVhKR4un/EKGP521vHkY+EhLp1jF3yGVsbWBpqjoii3JP1wNjEoMNYLY ZpmVRkDvxE3aG7bHuo9cKULD6XjXKCsP9J9iND6yKugMiL1ZQwksSNFxacdxJ3L3 63YeK2g3+TqmovDzj1kPSX4NfzjA+GrHeNLiXpeXXOa3Qtjneascg/Rf+XJ5a5ek WOMPnsgJZPTAmc5UqDiMWL5jIKdGUUE+nSM3CLcHwpafSWyjpjAzN1iMjh3zM363 /GRg3yfo8D3mQJoc4I9ScIebtr7teOBJTBr1JRasS/RtgQ30+YPCFL9x9oECAwEA AQKCAgBwWZcFiRxBEirj/P73IMtAKfds45PV0sHOx8bxXR/e7xz1vF1puEjYzKMG dbZHs5E72OcNAEa42G3y6SctnnosqBx3QZiu/4DBRxbXXiqpVRhdyjPbwJnYTqSd mf/Rkhv0NLCMdorORbYvh2QcM+JOJPzcKo5CA0Z+gbprTAvkz/dfDscagPzmbAXx 4NPO2lEShy7xzpqP9DKabwC+JaHrOszk3qvOnVZzV5GGTuBK7ViYhOAY4xuVnlD2 s0+8LWeDm7zrqaweRjuislvVnSi+RqszCrYgqeR1NHRYeLyqjc59WmdqSBetZajX 5AjrzQiOAAWUBL6fPjjWYrv2xAOQ3CSryHka9bDvMUDtg6jpYqRaFQF+K+qpXCV6 fJtC8TMijO7wgMSJo/CILnBAldRfOX0Ju8gJl0Mk7ju2ylkL6IyD4xyDAtpYPvI6 G5k2MUaBYbBMgKiFbFyyUdHbPeBG9ZqD1f5se65/DrDn/zDIN5YMS2GIAPMcgcOG wwBEFSB1/hGJG16qbUVAz+prbfjAlgyK2L3tVgH0it0v7PsczfFO0PqfcHVqqn45 vPPX/x3VfKaCCUbBbfcbALU5XZx44aO53i1XJ3MI6eN/TnZo64l8OCh4U332PhGL a3YcWCCRWsU2KaqSjQtrk2aqfYsFFeZsQq8Xi9kLqvkqePHeAQKCAQEA7R40ZYOe ujE26g48icoPRE4S5NYK/P5ke7IWA3/G0x8rYQPvt+YtaFLwdgFXn/Vigesuj/Mn EIg8R8TtIh/J2Q80Jcux9CVpyeYXkAgiHaC4vBgpdgGFqyjS+ASXNIum+1fctMX0 O6eSg7ZEKob0284xTmW9T2pGZ4lt1AjRwzYE7CVY2wFGJ9DccdJa+Sn+V1zo+OSC 9OGIEaqphBIBwSixoXPZiEBgnhmXYZaaHmN/q9Lm99z7yPHMufU8pJBv1I1MmJVP zUOmVyaTg0JH2Tq/OR5idttNVlgJGbyxFmvZf5OLauZHPTvA2vjj2BHwmHZ2V3oX 3utrAjSXJJPwCQKCAQEA0tZbr8BThsfAHnOV3A3jSpNOAGbRLdyEr9K09c3tiyNF OrBWM1epu3rToQVjgbPTtbCuwiSYsd+YyyALIyuxl40UmDL1Se3pcC1M1LhFPwHV 72QPHGjVL5oG4hUblf8z+px0b8U7hQqkwOKN27Ue4OS2zG2MDMWektnVENruT4yw E+Pcq0BUJN/vgWHIrWw7bnjpi6pniw4uyGr9g2dgTThp/YM4gNp3JNMmF2PeNRb8 lvadgLheoW+rh6pR+P0+kSIdxGnBbOYbkiJ3trmFiRchwH1MY6y4kv5J9zspMQps uMrkk5sCKtqPx3wzpyzXmm6HD91Xuk3kTQyAy52AuQKCAQEAv7qso2jJ78Pbo2Xf jYrUzWZT4LUyLV+F4H8fTbUED7IkYU3Nh+WW0cQ+qyxqrey8ulBwVfVGoReHpoCV PgJ2NA0XHXiXa9LUt2xVoSDydQKAXZcr7z9L1hosfF855EMHwjRJQeLOmW3mCppW hAyb8R/IvpuFd7F3PEDjjY+UDUSgtlF8h5mAILHBjkeJR++suPdnadlcCqZSX/af Gyt0P7un5eTHAGUNusj2nvInrGrH0Se3mrQU42ahI7woTOh9hGC8jqQs4szQs6d9 n6T4c64M8SKge3rYDfkhYq4wgvCx7XZgRQ/uipTGXEjj8tKOuLkQ96rBon65CA9+ JxV4AQKCAQBGkDOTeLz7yPLFvk2TnppJpU9f1wl/XeSSq+Sgt9Ee1ikfYVEYUeie tJcLty/8guECWCXFGFZ6gakzon/Xv5HqdO9FmRh7K8MLJj4mm52hXs3pFwXvri5b hiNzmzjmVMliwOY/WjV3a36Eh86Oj+nLvwBnHurWg3V1FK64u20y9pUfsw1xy0/e H4ybMszlLeoeKR2Q/vE0mwSRUy2RwxF6Br2CeV550aQ6kOiYv3XpMs5LADLql8ok Iam4+AoDWU6NaGuqBvMTrVfg6uRCJYlJvpIvSEA+w9nqaGz877HzldeZaV5jAGgT S57/VtQ6yUlHiGJvrtbjpZoZJ2wbuZURAoIBAFZz7rihFp4F1vyfuaYxKqgb+WZ6 CRzZMg/Q8hvAz00aHKP1QAflCnVKVJj0X7TZQZArgkN0tEQiEBTBt1ZgDlWQzSbo +Iy83WGoMjVhuPrWLoGoNc42dMnUkSnhc2k6RV7KU3iSzRTcHmly8yQtHjo24c0c dincek5KbnwJWXUVM8+vhG7wiu60JCLN4zPdtcOOTdxO1zVduKoCe3aPxbzj7wrv euD91j5ngohgJvA+Ahw/nVW0hMRC0dBEnDN8mtFme5uBfQtY9zyw7Wab8DZopR52 ts65FiVM+68STEUdqBxTjSlYEzd72BAR5QtFHpJo2YhFc8iiG4Fuly3pVBg= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIID9jCCA3ygAwIBAgIRAKO7eZ7MN3gZfUS95Ax9/tcwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MDVaFw0yMTEyMjMyMDI4MDVa MC4xLDAqBgNVBAMMI29rY2VydC1lYy1zZWNwMzg0cjEtcnNhLTQwOTYtb2sucGVt MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw0lTJ5k+J4hdXB9OoDxq 523vwE44/Sp5W0PF8ST/s59JTsUWJg+pNRsThWjdmWf4gAqqfU6DunenbiaGiXZp V/TDijnLNQP2qaIxotMXya41d+Wc2yYBlNWOjxBVCBtAMTdh1ZJTynI01SBz1H3K PTYe+BDM+OUP0Y9L+HB8nGhDrGRr1GIl9tOY/8Y+km2c5x/JMzSALiloVdVF/xDI 34zK7eHNyrjS3dIUhInLfKS3MxiOTCzlm0DYi4RqkXGaiohXZLIbUk64MrggpRQk CTrj+82nwaSsEqMgg/j5O4yU6Bsw+OGKflNB3vQcIrH5joiwIDnrtlLV04m2MTY5 neliES1chXJtnljYEfsZKcTpSWKSwhPGk9QdCVhKR4un/EKGP521vHkY+EhLp1jF 3yGVsbWBpqjoii3JP1wNjEoMNYLYZpmVRkDvxE3aG7bHuo9cKULD6XjXKCsP9J9i ND6yKugMiL1ZQwksSNFxacdxJ3L363YeK2g3+TqmovDzj1kPSX4NfzjA+GrHeNLi XpeXXOa3Qtjneascg/Rf+XJ5a5ekWOMPnsgJZPTAmc5UqDiMWL5jIKdGUUE+nSM3 CLcHwpafSWyjpjAzN1iMjh3zM363/GRg3yfo8D3mQJoc4I9ScIebtr7teOBJTBr1 JRasS/RtgQ30+YPCFL9x9oECAwEAAaOByzCByDAJBgNVHRMEAjAAMB0GA1UdDgQW BBROu+H2CDhlBJeRJYN20fO8PXBfYjBKBgNVHSMEQzBBgBSSIb+tLbJmRxfEToTH yLZr+AEwpaEWpBQwEjEQMA4GA1UEAwwHdGVzdCBDQYIRAMJoU5h5aavaEk7mCi/o 7fswEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMC4GA1UdEQQnMCWC I29rY2VydC1lYy1zZWNwMzg0cjEtcnNhLTQwOTYtb2sucGVtMAoGCCqGSM49BAMC A2gAMGUCMHCW71AEaNY24Jq2Q08G2BpW9UZWbCfK/B5vJqS66o8J7CvyofXvVKdS s24AIT5SDwIxAJmMEeeMnzNWQa+wIwgZ1hzXXQNl+oGO7ijVTkUbZDSlfSW/37jD s9ty6LvSxbgkvw== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-ec-secp521r1-ec-prime256v1-ok.pem000066400000000000000000000022311474542230700250140ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BggqhkjOPQMBBw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MHcCAQEEIJByj/uyrbjIGufw0E2z13ayL+tF/a9sKq9txyeb2gAioAoGCCqGSM49 AwEHoUQDQgAEhUUBS5RtZD5lsfyLa1fE3YNxts6nm0maDqqfYAVhLm7R0GAEzR6y +6GklEAMe5Hv0HtTu9Gjg/2PNRtvXpQOCQ== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICWDCCAbqgAwIBAgIQd56yrtk2X1xwMQ53h4tnhDAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgwNloXDTIxMTIyMzIwMjgwNlow MzExMC8GA1UEAwwob2tjZXJ0LWVjLXNlY3A1MjFyMS1lYy1wcmltZTI1NnYxLW9r LnBlbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIVFAUuUbWQ+ZbH8i2tXxN2D cbbOp5tJmg6qn2AFYS5u0dBgBM0esvuhpJRADHuR79B7U7vRo4P9jzUbb16UDgmj gdAwgc0wCQYDVR0TBAIwADAdBgNVHQ4EFgQUWkovL9JhOtJh9k/yfysy5EjO0qMw SgYDVR0jBEMwQYAUGUsTsHPvhQaORNBD7D2NcUAM2syhFqQUMBIxEDAOBgNVBAMM B3Rlc3QgQ0GCEQCRhJfPqHZ7FzFlCC5+cIAUMBMGA1UdJQQMMAoGCCsGAQUFBwMB MAsGA1UdDwQEAwIFoDAzBgNVHREELDAqgihva2NlcnQtZWMtc2VjcDUyMXIxLWVj LXByaW1lMjU2djEtb2sucGVtMAoGCCqGSM49BAMCA4GLADCBhwJCAPLEfzp4AhEf sUIAtW3P52kj7JYIWxlC9wgyx/s9DAIcMtBQNM6eGWi2LdhEuSmYn1P10iXuuu5X wQ53Co1Ah8LXAkE8HelZmbo5O4MkwVLFY09IVV5a6YtlaiqqtutVMd+Z34D8o5WV IcXLFAa36OQdVUtt4m+jfZvEt0dDqX3Nat6JeQ== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-ec-secp521r1-ec-secp384r1-ok.pem000066400000000000000000000023671474542230700246420ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIg== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIGkAgEBBDBleCUX3fWZm+yXmztIkgVLHfSQBKhhdip15DTJCSLbarGHA/9n/ArK VMOaYb3L8yKgBwYFK4EEACKhZANiAAS5BffGDHJBERd/Zc9aX80fE1ebY9zvpCxX OX2pR3fetmNNScdxpj1ePKYZ8n6HhWEP0xTl7PfNp5rySTy8rR56Gef4PACr4GUV +SJ78SvWy/SEJ+lkbVN85Ryy6hNkCXY= -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICczCCAdWgAwIBAgIQGNC0lQuyynvtFtRqGHyuFDAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgwNloXDTIxMTIyMzIwMjgwNlow MjEwMC4GA1UEAwwnb2tjZXJ0LWVjLXNlY3A1MjFyMS1lYy1zZWNwMzg0cjEtb2su cGVtMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEuQX3xgxyQREXf2XPWl/NHxNXm2Pc 76QsVzl9qUd33rZjTUnHcaY9XjymGfJ+h4VhD9MU5ez3zaea8kk8vK0eehnn+DwA q+BlFfkie/Er1sv0hCfpZG1TfOUcsuoTZAl2o4HPMIHMMAkGA1UdEwQCMAAwHQYD VR0OBBYEFJt1M3dI66rls5uhJyx6UuoR7dHpMEoGA1UdIwRDMEGAFBlLE7Bz74UG jkTQQ+w9jXFADNrMoRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghEAkYSXz6h2excx ZQgufnCAFDATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwMgYDVR0R BCswKYInb2tjZXJ0LWVjLXNlY3A1MjFyMS1lYy1zZWNwMzg0cjEtb2sucGVtMAoG CCqGSM49BAMCA4GLADCBhwJCASDiWIhfaj1Wwk6auxdylurRFoHV36/dMi90E8dN pcF9bV9Pu3JGH3McU5Mz72NDGzIiSDlbhM7+x6drYAXwFK03AkEQtxEXUXaAu7/R 55zWzDjQnC1T/cnJ+1VoA9ZlBpdXMPeGVYiboQBqqauRsyBoRtR/9OgpzknL3RVU JhtH3tSH0g== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-ec-secp521r1-ec-secp521r1-ok.pem000066400000000000000000000025701474542230700246270ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIHcAgEBBEIAPm14Apkjhvs6xHBPS3lol4yllb0CsCC7DfSHFGQq0ELyG7U85wJH f9p5D/OxXrvs7VNWRvROiP3CnnDps+ymmBmgBwYFK4EEACOhgYkDgYYABADBvNVz XRAH42WXrFreCLZ5Y/sOhCizGNqVGvJCdddEoB6jTuT6ssmC+vfbQHtIQeoSGMNw u09VzD3BbdD1pjYkMQAKoJqf0gRl0xndMGaphZE69EnFBMNcpNrbQytXRY9q0kr+ ay+K0oSp+zB80PvYBH6QUfBDvOXgepeuOfbAYXP7mg== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICmjCCAfugAwIBAgIQN7I/2fhiuLKPbvjNGpQhiTAKBggqhkjOPQQDAjASMRAw DgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgwNloXDTIxMTIyMzIwMjgwNlow MjEwMC4GA1UEAwwnb2tjZXJ0LWVjLXNlY3A1MjFyMS1lYy1zZWNwNTIxcjEtb2su cGVtMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAwbzVc10QB+Nll6xa3gi2eWP7 DoQosxjalRryQnXXRKAeo07k+rLJgvr320B7SEHqEhjDcLtPVcw9wW3Q9aY2JDEA CqCan9IEZdMZ3TBmqYWROvRJxQTDXKTa20MrV0WPatJK/msvitKEqfswfND72AR+ kFHwQ7zl4HqXrjn2wGFz+5qjgc8wgcwwCQYDVR0TBAIwADAdBgNVHQ4EFgQUpSSw YQl/Si2z+MnJm+uxr83VeZcwSgYDVR0jBEMwQYAUGUsTsHPvhQaORNBD7D2NcUAM 2syhFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GCEQCRhJfPqHZ7FzFlCC5+cIAUMBMG A1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAyBgNVHREEKzApgidva2Nl cnQtZWMtc2VjcDUyMXIxLWVjLXNlY3A1MjFyMS1vay5wZW0wCgYIKoZIzj0EAwID gYwAMIGIAkIBFpGaSW2uq8sJHNeYoHygT9lpqWtF4Mh5ntbZayum6V02J2voP26l A20Y+p38dEYHKFpI2BkTyGDtuvjJa01Q3u4CQgEyEDqAKqRYCrSqLiR0XZ1xeDPp 6D4NnCMaeys31+RM7wLfcaJ/rRwNxqIiz3G1tc/FYwbv6JMJvsfv1D2HO3Wb2g== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-ec-secp521r1-rsa-2048-ok.pem000066400000000000000000000053761474542230700240040ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAy2me4q33kTTbdxFK1LKc+AOoXF+WK9xzoQw4B3Gm+X5SnYkL UqCjbSMJuUboqDlwnD/CdNlh49sIpgOb6avVCCo9bZyoNbQcPb9I8FLD9wIp3wlq jy/i1/6dOhgxQoh1XSr8rI75dkJAXcCL9inqfQbblDn1q1QYNWmFPjrMyDyhU0+J shWIX85FtfiC8hDtX7agLTKaL3pTZbJ8By4maJhHP0Alr8MmBfMEv5tkQUj2NoU0 0zWVBjjDgoJdiLNe7Lc/Jtuk18hfYHvCAcLeYFszztoTgnPsOEgecHpWLspRv1vN MGnKmaYbA7y6s1PkDsptHWhs2ArnLrYplYIRiwIDAQABAoIBACOHbEgdqMtFFzxB 2fcyx3YOdX7E917r34p2rual9EtJxDZd9ItXIZRzdURWXVbcyY2RGW79dTquTGFq 6fWznL8TWa1mmn7e2bvzSFMpsa7YQuYBKAqgi5e8kkvOY/RCD3XZh07AnlQImGOH uSqjAaEa7ImEYiOtyZiyuKI49QHYPXeZ4TQpOWti/xQVYimhRB43sYrc480AaM/M f95iDxRFWl+GqCO8NA82FD0c862EEs6gzZuy8BEQMY8yQ6FIbdkTctmL6LTgbO1V qnEgtph8gfEJ3rf/NfVDD1iylbdsakVnBbUHxIndKljymbiDwwUhNC7vkkaqQJIZ rUcGl+kCgYEA64yZUGBUGN8jUDf9TMkFNiBhuaWvwYKfwvRO4wZrq47CKwMHzZC5 0xO+lwUKWosjXdA1jGoeeqF9htVHi8+u3VoQyiJHw7Zhf04Y5pS2LSzrrHN+rWyr le9NIQwrmZvTyUO38zPIMyw9mHwYMrtiSeR3e9Vuf3L4dXWshmTz8Z8CgYEA3RK9 z0TGYyqaIYCnlljq2LFqD+mcryuQKeCTWiP8CMmXKey3MzCKKtDhIqBaDLhdz591 sZGIzn2BO8BD8pXh7basAUjcMuAeWnma1s0fIFKnRcBP4wNVehREqlZrzOwDZjQA dUflye7yYPs+OTj3oOY4hhC4cOO1DBIhSkFDkJUCgYAdqKp1UGvGZfJQW3xterJJ SnKDqbUjrIrpRVHZjClqhKM2Pz9wRtTfGxFYeq3/EJ33ZgwYDhSgZE0l+Rz1IcVm 4bxTd1WJ8yD7op3ICtmVfp5+LFy7AX/pdSRFEP88bD6SjRBQcyi2KM/or1dsq+OI YlgZI5qyOYvHXnXGxldhCQKBgQDJ95JC5oEcHdKcIu54M5myCDtueC119yWIrKvR 4SgjWxBn8+PWt1SzEwtrV/WMw26o/PRIGj5S72P+k4M//2BdjNKNhePt8sSoQYqN DO6P2BMLbUtOiUAw/I1S1Qs9Nq1QVNfKTboIBu2WXlIVcw8ABvPCv0nRkKZZdcLG FOPGFQKBgETcCPvX5e6QG3WTmlXiEkOFWwvokd/G3XndjnUKm3C9Mfj9ohJo3Pnp ALzY3qaMu6b0G8LIjkMVJ8422PWnCCOq73eoUXkcvaNqOdqOy/vJPdVP15zmVw0t f/YEyIc7dcLI5+qP9Wx6HJFSlrG1h7imRXVZdeqQsPRLTqQyis+d -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDGzCCAnygAwIBAgIRANYTBdxtX4LBZQazmP9SZI8wCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MDZaFw0yMTEyMjMyMDI4MDZa MC4xLDAqBgNVBAMMI29rY2VydC1lYy1zZWNwNTIxcjEtcnNhLTIwNDgtb2sucGVt MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2me4q33kTTbdxFK1LKc +AOoXF+WK9xzoQw4B3Gm+X5SnYkLUqCjbSMJuUboqDlwnD/CdNlh49sIpgOb6avV CCo9bZyoNbQcPb9I8FLD9wIp3wlqjy/i1/6dOhgxQoh1XSr8rI75dkJAXcCL9inq fQbblDn1q1QYNWmFPjrMyDyhU0+JshWIX85FtfiC8hDtX7agLTKaL3pTZbJ8By4m aJhHP0Alr8MmBfMEv5tkQUj2NoU00zWVBjjDgoJdiLNe7Lc/Jtuk18hfYHvCAcLe YFszztoTgnPsOEgecHpWLspRv1vNMGnKmaYbA7y6s1PkDsptHWhs2ArnLrYplYIR iwIDAQABo4HLMIHIMAkGA1UdEwQCMAAwHQYDVR0OBBYEFKCqBl7Lu6pUBu4e1sJX z/kMYlfKMEoGA1UdIwRDMEGAFBlLE7Bz74UGjkTQQ+w9jXFADNrMoRakFDASMRAw DgYDVQQDDAd0ZXN0IENBghEAkYSXz6h2excxZQgufnCAFDATBgNVHSUEDDAKBggr BgEFBQcDATALBgNVHQ8EBAMCBaAwLgYDVR0RBCcwJYIjb2tjZXJ0LWVjLXNlY3A1 MjFyMS1yc2EtMjA0OC1vay5wZW0wCgYIKoZIzj0EAwIDgYwAMIGIAkIBcmp5tGf+ sD9Su57KOClfcy/+L6LvzizGexTmQY0gSjOnRvC/siB7GtCexqOa5vDeUaktKupw eLtTTeu6cl/oZzECQgFzeW7vA3zYIOm3rcihs23lacv5IfTR1tt7K3cJJRlUPael 8Nh0jwAIn+xDn7pfjZ6Ub//blEc2K7C9DsNF4Qu10g== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-ec-secp521r1-rsa-3072-ok.pem000066400000000000000000000072711474542230700237760ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIG5QIBAAKCAYEArJ380K+CaNknZafn6DGXUQmSRA6hnIbjmaD5Q9cVyC98eh0x mCpEHhONsjU+WuXBEgUIKkulYTyIz88tz4Hv7NULLsTCx6Joeyn2ckC3fmcBl3Rf zEwAiuONR3VV9UED0eVcUJ+bpVh+PicCMojNPu32hhSggjS2bht/gkB36Nj48Pp1 Q0WCj6fuHpRUhw/ddxmeAIQuVC5sV55uW4ofEPsZRrOk+FiyqPviDZJR3zC0lisa or0Xku5gZhXRGr252Ir5srfzJo9pXrOvPD52Ed/JML8W5CLMhKSn6qysD4eJCrFq 0TpVFPhgFXDx1lvV8g7q774H0WPYna1odu4DtYuKkpMMpENFwBrulHp/3MI2Q7Tl GJs83KMJLnkmI/d4lxs9+L+moM286iU5i40z4q5lavcfFH2u1/+bFRlU6mjyggtS nHgKI1v5KYzcGyPxYfn5g8LhzM5t+0D2oTIaIgOPjpCTcouYb4LQAMf+DlE6/Pcb aVa0SwYlmDerpRuNAgMBAAECggGBAKsIv39m56hLwiWPgNEoke3RtgOJG8ikPs/y GAmIDCUWKBg25PUIrAXBCh0RdH9MN0lLgxOlcHAwMr71YUbCUKAxV6s3emekHDIt GeuLBEVSetk+jc03YTI81beAI3Omv8oxoI6iFu52CGA89ohr1DIORr4DoiZhZIEk 7ep5RlaI5eCfyaCmNv9wPRg/kKFiruVblJqeXek7Nk56xI4fBTkmE51iUotgF2Yo bYtU95pWABjrDLFC+yCy4QFFjLMaWHIHOkjMTZt0Rc60OFHwz2Kjv5Z5IwSe42PF qhLa/QroxGBfFxU63/mH1ttFdp6Z3Rs3LytbuWMV87CnVoIYpp4AuiwLIn55El64 /3QhiZYvacZaOSO62UHty8EvzgXXpty8x0GEWhix9ebpQEAJ/VzY9vMy9DnlgiAl AkLCj4GSNv1GOzKe6RcbpctoUxhEal94ILAerFkslB1sLgvS2Jj/bLpTQFX8EnC6 bVoik4bh9PC5yAm1lv54vvehayvfAQKBwQDT7Y+ZxF+ivKxeCsJ4hqs58qFKr3Ue pRC5GTuGL8dlPlZzGBXUXfhHOsQ13TFPurJ48B4B5RjX6J6ARD08xv0mDyZad9ce 6FHOtESIH9AZTG4W7wUNWoGopLQBeiCyiCrJB7Gn8NkAwubTiLFsNB0eIJ6cndX/ wbKwFViyJNgTrerOsAfW6gCK4OrIqKPbIsikXWtGSgRGfcx+2SWMFrref48zeGpL IoFFkAuxqMDvPg+GoQcmSJFy6fh5MBOYS3kCgcEA0IOhWm51HM9r98IIlsVRN2nR 2isIgIImIh1EXikAJMqCYXb9Cmor9t4v10PzmkazzlIzAo6T9Vo19Q+SEcEvJ/pz fyRkgd85G7Z251r6u3H/WE/sGY5D768t+iRFigM7z4NGLiHs1CDbGXwc+vGGo+r1 Z2YXrBT4sicen11AHERI1IPJNQk2k+OOZeHMEd2CjDZGXMLWbdZVkHaIGg4TrobJ J/hb9T8cWUzhbtGZfhxtVgutHdE7ZZgJ/E3R1ve1AoHBAK4fY3r9Q25cAmsKABoy 24Ay/55zZpEVIhZSyvtHSla+zxylT1o7EwDDIe73m8pcJMME1kLMTosmzwOoDYBg JiIdFHAEQrVcP8rLhfsp2DrQ9yrUm5wLHrjHCjakdzT4d97P+YF4e3MKr8hhaRT0 BHB6cJdRf0Axj3TpNQS5DOeuX1wOeYJ0pJl2jrDrDiXAAIY7UyZfLgAU3+3gz963 1jV1LN0nNH4jDX9wCIuhkVN/9BWzPEKSIR7/aW14uMDKUQKBwQCYXjfAL0sg/Gl3 KLDCC/onNgqFFEEoNvLKpvxYmjliqSDRO/P4clEiGoZ3FU6jg9rMf8CKs8lm1r7r Dq+8jaB55EgVtnBDfuzqVVFaCl+CLfFbhTuQCSeXtDkyuuKd0XMZVmIoP94hvMie PNWogmnSylT9c9sEgmahOHjmF2xLu5JEyPB08wCQ3Q4nYPKQc398GgUcr7ulk6P+ 5r7Z20OCmzfPH2uDMNT0ZHuvUTaKsxcqc2nTihuPR6S0W+Fk5qkCgcAn0h4zIQVe 50GUv1c8XCVxD9hC4BvRg9fnjZ+uTqxocvmoMBfXk7g/aPo3adKZ8gdm/vPuFCh3 Y+sEqhyzHZz56uC8oGk6pRqBXM98RkpnRTRmD5898Tr/syx6JcEkk3DJyabcET5K 2TwJ66giEW0bYMJJLNCBKpIT9fO8p+1POM1VLEf4Th0+jNWzw7ybBGscfKmKnNEa 66If2mmYbPuAJrnwLk0Skx5FKPRXGVPOk4ptzBSa8NQJGsANxoHhevc= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDmjCCAvygAwIBAgIRAN4x3RRHdg/kM0HReLpD2FMwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MDdaFw0yMTEyMjMyMDI4MDda MC4xLDAqBgNVBAMMI29rY2VydC1lYy1zZWNwNTIxcjEtcnNhLTMwNzItb2sucGVt MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEArJ380K+CaNknZafn6DGX UQmSRA6hnIbjmaD5Q9cVyC98eh0xmCpEHhONsjU+WuXBEgUIKkulYTyIz88tz4Hv 7NULLsTCx6Joeyn2ckC3fmcBl3RfzEwAiuONR3VV9UED0eVcUJ+bpVh+PicCMojN Pu32hhSggjS2bht/gkB36Nj48Pp1Q0WCj6fuHpRUhw/ddxmeAIQuVC5sV55uW4of EPsZRrOk+FiyqPviDZJR3zC0lisaor0Xku5gZhXRGr252Ir5srfzJo9pXrOvPD52 Ed/JML8W5CLMhKSn6qysD4eJCrFq0TpVFPhgFXDx1lvV8g7q774H0WPYna1odu4D tYuKkpMMpENFwBrulHp/3MI2Q7TlGJs83KMJLnkmI/d4lxs9+L+moM286iU5i40z 4q5lavcfFH2u1/+bFRlU6mjyggtSnHgKI1v5KYzcGyPxYfn5g8LhzM5t+0D2oTIa IgOPjpCTcouYb4LQAMf+DlE6/PcbaVa0SwYlmDerpRuNAgMBAAGjgcswgcgwCQYD VR0TBAIwADAdBgNVHQ4EFgQUh6ABNy9ruD/Md1Rct0klLhsseMgwSgYDVR0jBEMw QYAUGUsTsHPvhQaORNBD7D2NcUAM2syhFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GC EQCRhJfPqHZ7FzFlCC5+cIAUMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQE AwIFoDAuBgNVHREEJzAlgiNva2NlcnQtZWMtc2VjcDUyMXIxLXJzYS0zMDcyLW9r LnBlbTAKBggqhkjOPQQDAgOBiwAwgYcCQgF+SLTz5RD7W8y0F+0zvoiHYW3qZl3q nbxeUkQSXNPfpucDhPnXG52+XOqWf/53nqdx5QD8UtmJZzjBC8+vxB/TWAJBbWZS IGomafvFwGlynAifuYqsCrWpoyRgZTJiZoTgkIbnZWLuO33XvCHm/ZkfZ6PtAjOv KlJUdHsgwip0WngiICY= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-ec-secp521r1-rsa-4096-ok.pem000066400000000000000000000111671474542230700240040ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIJKAIBAAKCAgEA0dz91Jeq69Thu+sTvCDJeOP0vyISujHaYdam77E3sgg9tn9Y nHPjd4yPSKIT/iPPExA2BC2QKfIIk6HC6VGuwq3jdjwkii9HgfofDbKzFJNukc+o 8zcmi4CqjutoTrNvOIIXuqMormaqKZqVOeB6MbxA6Gfl3w7nw5tlJqMCWTI3/qV/ +NzqLUEnS8iV7a5cGwy9Qucz0ooGjF/JFJwK5kxqnhHRBTIyNSjMxWTI9rOwGv9v UOi9HopfE9gFmNZyWmfknyv81wWrHAid4IH4Dovvtcy2bScFEWJxrZiqXJd7WTlW WTQTz9CjNOA4gIgQsfSr9mFE3AxLBQX5Bw4/Oci5TgZw3Gonm5mvQOOlCvdXtYGE UlK5NYilf9UpueFYPAA0c8bhEkMicvOJyUs2250Ej9n5g7n8QtSJHNYFd/WEPQii Z2hgvvKdNAlAjeyKeMNttF+SwjnkdbXFmnzfs0cn1NDNosz4KB+Key1ZXm20YlcH t3Apjz5a734V3ZRQkZiT0PCSpBTWXf3qGZH1fejc7U40WzAZ4SHE1bUZE2VoFFnP tAsCww1m3pF09QZEpyCfnLCtEwZm6XlSFFoKbXG0oJHzpe3+4ct3REYj3rtg1Fhs F7Ozo08NCoy6NwvgDGtRcsuIIUT6AXnEBdRSNaXl9Q5nzJZ+0dF4ufTjReUCAwEA AQKCAgB4DQUfQgvCkKr5BsbpTZAzGaP+Wo1/+djFMzeX0jbcHx6+cSbNiPXMg5nL oPvy26UvcIyV40Ke3BfP7C9FrTZdo3+FOW5lphov3lc5TMposNYFj1dEmn3wO5BV 5ZBrxPWQy8qrN36kFZKt7gIDc8gy/0/aIuU6rpoiKZi5e3Jyd+nUP/Ru9mD3tle2 YG5z4tRJnQX/aacZf1+zmW+73G/XwksTVXnOkSJrioVpPfhAOBY7u3eAP0NAX0N4 ZJD/F12fHeOIsm8WyeVSShOWRIMUPzTHOO36juG1Si1hcv2xre4f4k7lBId40A8s xj9MN4nlYuOkM4xinJ2lp/8G7D151X5uWyaVXCPD8ZdYDID56j2/yXA8rmg4K7Ig 4wRSEtYBIwu3bLAqR5mrnhmKNjOsmhjqSOW78DZgXcAxdk9OUcBG2JJ40LkXSbka X5NmGdMqv2A7MiAyQILDQGnyKJ72ZE2AylOPqft5Hx8/bWZX4s0KvdzrrNZyAEvf hcMancWuh+cDmq/3C31wFGN7FbzPLf5Plshis/WICvS9p/0smt/B0r27TLAlEdXX gO9bGMwD8aLD2XNjo/gGrEsqyHJRhTQZJStwJmpm517ov2AlrqToatEcA1SR4OJy joK2ogvm6mWsR2s90SagnOg1ejdDz09sZ5awQ5rZadjeBV5xAQKCAQEA7FBcpEUW QvbLksZ2YrMhwiOCpdBgBuJAp/XMH6J8iQ8fUH9e9SZ08hGk3Xw7yZgCxw5gs+oP bk6XXNCRQelnFcLvqjcAI1ikms6e4WlmVnvauJG7L35wBH3Q75rSRTVFyXgTUqN8 yCwYX+wT8s3FpNoZR3ahQqr6/rzrQr6fSX7599TOp5TY5JTwZMaGFI/NrJjG2YNe UnezAICSGFExZ5AahtamPUYAVeUh/cvXerbDLlfn6YQuqhjcWz5MmVKIAh33vIY8 uog8G3vOLW9xhwltgVhHmKXrJcjyJlF1PznsyIW2iLoRnVDDKPhtmC0/kEAnnN6S 9iIjRIwgX7b8RQKCAQEA41iKuhMUKCOUE8dxcpWgv8+S6cv34KdRLA6grVbp7w7d gIREoSrlQ2G223FlkzmhMuaSVy8zd2Dp5JAqu8ckfe0VGKaVUBSuT44z98v4xn1f G3yd0fkrIZPnjHVN5tYKiZwcESp58afq6V2Y3gxVFEKZufQW1bvhKNaZPtwqAXOP 3CS3Pfkf9ghYS2SPQvIy4t8Cb1aHB/D0IB028op6GkZmwyy+y5HWoPru4kApTYDG UCq+RKGuNw0KJticZQEVjXx6CUdogWno75kFYi/WYpR0bkNqW7OktCe7zJh+dyAS 5FTmxIWrteN99dWPx0NOkG3aEb0RZ5UXg2PFh3xNIQKCAQBVySqIW6gkMRFfu/oY BG1Z26g+53EkrpfIIVuzlDnfS4UTpNlk50wG4E7YNJRDr5I6jsaeKXbmlVMvV2uT 4NYSOUzlnsfHDRPcOuvEao3DEX0qCYVJTX3+s2nYwXxZsWgfJh7lngHbbN6AW+Q1 /WslWCNbJP6PhCBPv2csOKT8ekLmK/PFNCy0djj6bHMaHcYNRPzS03S3PUrXANWI TFlB/jcTAfMhRTsz81UunAQiQRyDw1emFt0V1KaR3QDTm/lRw20+nACJupEPbRdA uTceTVbaYKDFEl5VvifhryqABFgnxxqncdyZHktqoRyv5KUxiYiX0tjIz0W8SZ4r APN9AoIBAGhpmtUYvBIvPOvUlorso3ZUjAGqdr6LuaEFWtAhcbEkX6CNnsNyYvcO Yp/oNaFnP1yUPrOh7v4t2V3qxGWXcXAQObcnkr3DscbB5aYx3KC0pcCG/CiaSi/S sO52VX/l39MRimZr3rOYzi+9l96rRUvXxqh7rR0ee6t428rd7MDb5T9S8YGZ8A7c CEkf9xflCm/dwk2GLN/9zvEM2daMuMVmff23iC0QXsVyWdI5a3633NymtNnqc4u/ BmGO7E0LMW3YtGecjyeYj62y1qEgnVKLIeoeNjPFjqha80pk4vgtF+AcChxJ0/Hm eEw2eCEpDWURvqyU6/BprfHfGbI+6WECggEBAN2YNfULI7k4ycfOL/9Jr2uacPtZ 7wJVVzXmH9zdWu8OAAKE5K23whnhqL08Z/VLoe/5OVL/oRK4o/Ar2UrTyisGx5kf KcAm8Xla2cavL3lICMpCfgLhlhpJhVcKUfBVYzfw93c2YLyj9MK3FTwyHUwX9Zq6 eR+L1x9/SRssGzShrnmqUrCJLmoYbyDfP+NtmwX04VC8kL4inL9qOgYfkjwpoFxZ BH0dt62T1nE70uhRI/RtYokbZ8Lq8fpqo4PLqES30gX1rYopAI8w1YwpZlc8jW00 18OIHLdBkPtowZsmz9lwm4wmqJJ3oWcPGSaA/cVLNw+ddTkuYrPC5mvSDmg= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIEGzCCA3ygAwIBAgIRAIVJzcYfv2K3PzhyPISWm2gwCgYIKoZIzj0EAwIwEjEQ MA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MTdaFw0yMTEyMjMyMDI4MTda MC4xLDAqBgNVBAMMI29rY2VydC1lYy1zZWNwNTIxcjEtcnNhLTQwOTYtb2sucGVt MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0dz91Jeq69Thu+sTvCDJ eOP0vyISujHaYdam77E3sgg9tn9YnHPjd4yPSKIT/iPPExA2BC2QKfIIk6HC6VGu wq3jdjwkii9HgfofDbKzFJNukc+o8zcmi4CqjutoTrNvOIIXuqMormaqKZqVOeB6 MbxA6Gfl3w7nw5tlJqMCWTI3/qV/+NzqLUEnS8iV7a5cGwy9Qucz0ooGjF/JFJwK 5kxqnhHRBTIyNSjMxWTI9rOwGv9vUOi9HopfE9gFmNZyWmfknyv81wWrHAid4IH4 Dovvtcy2bScFEWJxrZiqXJd7WTlWWTQTz9CjNOA4gIgQsfSr9mFE3AxLBQX5Bw4/ Oci5TgZw3Gonm5mvQOOlCvdXtYGEUlK5NYilf9UpueFYPAA0c8bhEkMicvOJyUs2 250Ej9n5g7n8QtSJHNYFd/WEPQiiZ2hgvvKdNAlAjeyKeMNttF+SwjnkdbXFmnzf s0cn1NDNosz4KB+Key1ZXm20YlcHt3Apjz5a734V3ZRQkZiT0PCSpBTWXf3qGZH1 fejc7U40WzAZ4SHE1bUZE2VoFFnPtAsCww1m3pF09QZEpyCfnLCtEwZm6XlSFFoK bXG0oJHzpe3+4ct3REYj3rtg1FhsF7Ozo08NCoy6NwvgDGtRcsuIIUT6AXnEBdRS NaXl9Q5nzJZ+0dF4ufTjReUCAwEAAaOByzCByDAJBgNVHRMEAjAAMB0GA1UdDgQW BBTdCewn3G8tQUyXp1xYvZV234y00TBKBgNVHSMEQzBBgBQZSxOwc++FBo5E0EPs PY1xQAzazKEWpBQwEjEQMA4GA1UEAwwHdGVzdCBDQYIRAJGEl8+odnsXMWUILn5w gBQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMC4GA1UdEQQnMCWC I29rY2VydC1lYy1zZWNwNTIxcjEtcnNhLTQwOTYtb2sucGVtMAoGCCqGSM49BAMC A4GMADCBiAJCAU6iAC6rYgk0b/iCiJyZh/xWT4Gj2LuRJLCxlfC4GVAHS1NzJoDa MNR/ILlJORlNt5Jjyc0Rm/A8vFghmTPqjpGDAkIBlpNBA4U4svrJx9yq0jT5AFZu 2UGIJmjWls7iyYtu5FP6bCQYQsgr0p5Aqp87LnzqpF+2E27nQfeRiiiZYM3zhkc= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-rsa-2048-ec-prime256v1-ok.pem000066400000000000000000000024701474542230700241670ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BggqhkjOPQMBBw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MHcCAQEEILIIJGKDHzs+c3eICrzQDwIb+qwisN90V19PS+O/ME6loAoGCCqGSM49 AwEHoUQDQgAEsik8yEh59gB0emMk9lGDmcgF7s2VKEJYY/J0IusgQtBnaO83TW6M TtJKuP/SUJcapDGWI04MjIddfNIZabCtfw== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICzTCCAbWgAwIBAgIRALHEA5nqMBBKP9a5RXk0e04wDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MThaFw0yMTEyMjMyMDI4 MThaMC8xLTArBgNVBAMMJG9rY2VydC1yc2EtMjA0OC1lYy1wcmltZTI1NnYxLW9r LnBlbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLIpPMhIefYAdHpjJPZRg5nI Be7NlShCWGPydCLrIELQZ2jvN01ujE7SSrj/0lCXGqQxliNODIyHXXzSGWmwrX+j gcswgcgwCQYDVR0TBAIwADAdBgNVHQ4EFgQUtMTW16ktCJhaQWtp0sxFGctsDSkw SQYDVR0jBEIwQIAUFt5bjqQxDQge72iW/q6fPpoOpdmhFqQUMBIxEDAOBgNVBAMM B3Rlc3QgQ0GCEAiMt1AzxQpOzveutUW9yg0wEwYDVR0lBAwwCgYIKwYBBQUHAwEw CwYDVR0PBAQDAgWgMC8GA1UdEQQoMCaCJG9rY2VydC1yc2EtMjA0OC1lYy1wcmlt ZTI1NnYxLW9rLnBlbTANBgkqhkiG9w0BAQsFAAOCAQEARB7Nxhusu2lU25YWA6DU YgSJM4/IARnRvAWEFkhfGWIZ8aAIVTplXF3RIOBmgG0PSfTVJ+PNqfAZPQcVeo67 Pipmjom7hgrLvpAgDkuFhl9pVilsRXWZ3uBW55W2JvR1OhQj19r2Vo1VJdUaB3kr ORAPqdSs4dHofcqhEFN6Zn/yYteW8bDqRzcdtY4dJLSvaaBWjVwtXemAhzVZNlV2 6ZxqAa7i6URqe4y2bOjmotHb8fpxfj3zQloudECcGYvtfpsV2hytTq0g9swCkjbx s2y/lm5m9C7QHk1uonCUk8iFlgt+C9DAw6itVKwdJOIP5AKtGAqAs3RVbYIOJVOi 6w== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-rsa-2048-ec-secp384r1-ok.pem000066400000000000000000000026211474542230700240010ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIg== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIGkAgEBBDCCxiFsQd/OiWBffD60ziPI5ymb1EPn8DKnYD5S/4o2Iv88k23NWSmQ pqsS4HX5mc+gBwYFK4EEACKhZANiAATW7dehKbbMKnBktR+E1z/iD/TAKILBcXLS wr9WpC2XMYTCn61Ak0r54hETURdReaTdGVpR3YuBBKuiQTRYhtj61u6PQOhA3i1v TaEpD4vN+PB5bYNDQmtVGfMi8SoELoE= -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIC5zCCAc+gAwIBAgIQfuyr6K72nDhEQFLzarZkajANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgxOFoXDTIxMTIyMzIwMjgx OFowLjEsMCoGA1UEAwwjb2tjZXJ0LXJzYS0yMDQ4LWVjLXNlY3AzODRyMS1vay5w ZW0wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATW7dehKbbMKnBktR+E1z/iD/TAKILB cXLSwr9WpC2XMYTCn61Ak0r54hETURdReaTdGVpR3YuBBKuiQTRYhtj61u6PQOhA 3i1vTaEpD4vN+PB5bYNDQmtVGfMi8SoELoGjgcowgccwCQYDVR0TBAIwADAdBgNV HQ4EFgQUJz6V+Q+jtsTM1dqwH41UbgnIOq8wSQYDVR0jBEIwQIAUFt5bjqQxDQge 72iW/q6fPpoOpdmhFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GCEAiMt1AzxQpOzveu tUW9yg0wEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMC4GA1UdEQQn MCWCI29rY2VydC1yc2EtMjA0OC1lYy1zZWNwMzg0cjEtb2sucGVtMA0GCSqGSIb3 DQEBCwUAA4IBAQAaksYfMxpVsQsH6amDyFejG857np6ju0dY14atF7dGMIExE45O xeNxvB6u0EH8BQ1yAipw7js6Rq2gXkKRpmfCIOyx3lDv1uVQXwTtXdErVCl0dWU+ Ax9F6tMcnOr+IyOrswLCV2ArAgIsEetO39zIY6W2Nmx7ysqTbd40XdrqQuVGuAgY o2RgFmwC4vDjtZbEhfRiXe7ozphVJYDLNbguVqtI9GPGFd8yPCfUHJdn5t28Ekyu w1JLUP96LP/7sSneCPe5nvjkOyJ8bq7rVkifHc5qN/JapI7Ht0hhxrd5FW2jHc/6 0s/9FI1oLaeocrqYqJ8WMfqlN7MSEEaB1//X -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-rsa-2048-ec-secp521r1-ok.pem000066400000000000000000000030231474542230700237670ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIHcAgEBBEIByrS1GJmC/5r2EUJCrENFfFyreQCpknKvCPzM+4lXQvZDiot5r64f Zh+eg7oKNjn2SPndpgf7KkMzBd+U1lkhjqOgBwYFK4EEACOhgYkDgYYABAG+azaJ C+TIZLewfYM8k0nzl0UEf2HjMiZpTVQWmFFTTrLW58M2y68F3bc7RTnHX7iDdtnH ehROol8PHzVPwsJhogDp/wsUnNLdCthlihjadViJFt1xI6swg656hPtnnXf/3C9t Y8DKsTBEsdyt9mNe92VDCocpgt5yU7eLtPxMOuVopw== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDDjCCAfagAwIBAgIRAIArBZDYz3yGwi84Rv4vHI0wDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MThaFw0yMTEyMjMyMDI4 MThaMC4xLDAqBgNVBAMMI29rY2VydC1yc2EtMjA0OC1lYy1zZWNwNTIxcjEtb2su cGVtMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBvms2iQvkyGS3sH2DPJNJ85dF BH9h4zImaU1UFphRU06y1ufDNsuvBd23O0U5x1+4g3bZx3oUTqJfDx81T8LCYaIA 6f8LFJzS3QrYZYoY2nVYiRbdcSOrMIOueoT7Z513/9wvbWPAyrEwRLHcrfZjXvdl QwqHKYLeclO3i7T8TDrlaKejgcowgccwCQYDVR0TBAIwADAdBgNVHQ4EFgQUbL4V 0oy1mXTOb46Hl68rqGa0OHcwSQYDVR0jBEIwQIAUFt5bjqQxDQge72iW/q6fPpoO pdmhFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GCEAiMt1AzxQpOzveutUW9yg0wEwYD VR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMC4GA1UdEQQnMCWCI29rY2Vy dC1yc2EtMjA0OC1lYy1zZWNwNTIxcjEtb2sucGVtMA0GCSqGSIb3DQEBCwUAA4IB AQAWLxhTa2hslgxyvbA/PpWCnC5PBysK3FdcuwXCkwC0vBkGXEfn3rpL1AZ22cER aS3qP5ztJ2Ov6RLaTxhSJ4nTy4dgRgCl6Z/DzKCf8UYok7fcO473qBaisRtuNjCT e9zRoYwHjVZG0YKga9XU2uZLbPlVl371FFpXRq0KOD5GpUH9QHUVmhX01nG3DtTi Hsvi/dSjAa5QDNdMdsJe5wjNzZX/WwZxrYyyheMxepLcE/rKgobt+BdTx5ALsEKK /dCvxq/9TUjQmx9OpdZBBe/67dUwavUZEfrE4AD1oKdE1Zat44r9Rylj3TAArtGv GXi9UtiAXclM37U8mXQa7l5f -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-rsa-2048-rsa-2048-ok.pem000066400000000000000000000056311474542230700231440ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAts/NIN8oLL1b/jEFFwjfOtxkbR6B/jaVDH+wW6ioVDxKyQWW MkxAbwOt2YMVRVgTMYs7Ja/dDgExSPxOIlSo0CMyVmZ4I80cNUNb4Ah3kBeRONhL MZIP8+Efxt6/J1OObBt8AkDlTShXXtfGKVUxpB4J2n0UxhJ94M/toL1P/PbCcBM7 xrDf+oI50j0TUvuRArgrh7DgOaVC05K4Lg3p/ItGy5s/xnpm4WkWzFf8OicgCu5x yIIo10e9RoZClxMGnJHx0U4edVUyOZVeEpGFHr6RnRDeo+WtnM5EkYcnYYupkNsZ Qah9h9WOls9Uwp+RipBAM66rCWiV3LOaugMPpQIDAQABAoIBAEOtbl1LAA6AE7xo 3V+Hs0yRJsSW1L0N6+PyqZFlQNvebjk5Tj9Up03x6LxroMZJMuHWj5EGKCn1Gw/Q CAUBnnVfclU2Hify2QyG4U5xFAJOFz8aI8w4LJu2rhLrh4zBjCpNin0zFTCZTK8Z 5oyKs5P0YuV2BOjHE77Uez5Ul3YoK+H1JWDPsNNntgoWKlcoyMG161LENlZAu3er ZcxZFVSx16PH/3RLOl3+8ZzBWcCphc0TiPdGvOvKodaXeRrIUrJk+SI8ehXFpRWc 12mnMSGGQaW9HC/nVxP4f3Sqr9HXjsL5f1zemKCDVqSmeLjlmso0hd8+zOesK/4s OKCFxckCgYEA3LZp1MaApC3/AhdtKQCzvFqePiZqItdcUvZ6t6mX9V38KiEACQhr +FoBPTK9iHrMS3hJbu466cnKgwkdp4kr2hcB61SdobbhsxHjVOsU/Hol+eMgfeQN af3H5e9TgPrJF3QzC4P+7eXiCOvSa1biZqXldF4SW9q5c+lQD+IEgnsCgYEA1Aoj NzP2u1rN3V52pTH7L4VRBCSRaVjXMeljPVwlEkARloo8+eDeepY/kY7EcRE4iH2H C2QKovLR2rGhP81rHXe+X1bAGZ7ns5/2RZvntRltsvhlT2nFUw4Cg40uhFCGKu8X qeYd/cyp/LsetEpO8znC9VNFiEgvrJ1ZjV5ErF8CgYAoXoj+7QvMe8k/xa8mp8U4 N07oSThyhPeTCRgrDa8IpxcfUYfjHxI4i6XcXrKCCwvg5fBwhMxrxIfw7bLp2NIX gsvMEl7+nCeuDCCLgLAG+gSGLz/bJuI5N7zfVqXsWnJ7grpvacYwFzL/tLp4/ZxN cByG60nqWRhAljUZopp2jwKBgHKH00OzDrdeMco7huxt1dZyNTN+qQh1Ey+Dd7Yh +mgkMRvWKV9zJdijJUzzB4pnGdknrHTroY8oh0+QGKAEzbHKBwsqKXLtUQvGAFjT AFHinU1JPDer0wisjZEPBiwz7nRsVqTPhi2bicnYLJqHdKON9I9cXjdhflbHWyKv 43oTAoGAIX4H9BgsXZL7A7k7K9ZjfR1e1CW2kKPqmQQoiPtyrSNJPuEvvAQgKhLI tmU61cPI2TqxwUypo26cuollk3z/SYmP6u3sKYDsqhWFoYNfO0B5zckx0slTvq01 gkw8qff9v37IAkWYOToyj9AU4v3h5iRHLWKlS3Ohhmv68RIT66c= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIQcQRYVLFI9fFJHvYt3xZyLzANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgxOVoXDTIxMTIyMzIwMjgx OVowKjEoMCYGA1UEAwwfb2tjZXJ0LXJzYS0yMDQ4LXJzYS0yMDQ4LW9rLnBlbTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALbPzSDfKCy9W/4xBRcI3zrc ZG0egf42lQx/sFuoqFQ8SskFljJMQG8DrdmDFUVYEzGLOyWv3Q4BMUj8TiJUqNAj MlZmeCPNHDVDW+AId5AXkTjYSzGSD/PhH8bevydTjmwbfAJA5U0oV17XxilVMaQe Cdp9FMYSfeDP7aC9T/z2wnATO8aw3/qCOdI9E1L7kQK4K4ew4DmlQtOSuC4N6fyL RsubP8Z6ZuFpFsxX/DonIArucciCKNdHvUaGQpcTBpyR8dFOHnVVMjmVXhKRhR6+ kZ0Q3qPlrZzORJGHJ2GLqZDbGUGofYfVjpbPVMKfkYqQQDOuqwloldyzmroDD6UC AwEAAaOBxjCBwzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQSfVo0s6+gfu9UyKllW+1S woxAeDBJBgNVHSMEQjBAgBQW3luOpDENCB7vaJb+rp8+mg6l2aEWpBQwEjEQMA4G A1UEAwwHdGVzdCBDQYIQCIy3UDPFCk7O9661Rb3KDTATBgNVHSUEDDAKBggrBgEF BQcDATALBgNVHQ8EBAMCBaAwKgYDVR0RBCMwIYIfb2tjZXJ0LXJzYS0yMDQ4LXJz YS0yMDQ4LW9rLnBlbTANBgkqhkiG9w0BAQsFAAOCAQEACv1Ua6/EysnUV4/wv8ie CtZ5bTmczFEctPEdGY/N5WMzm/MZp4Xqq9Fi5fgoKJiU80B6wOxC+QbkNB9Cvtvl L+s7AGrnDkAilwMUmt+paxyfqHlQu0/nQdRSsjtq8ajCB4z4yiIYQK6naGbizT/y OtK82RgYXNqwRcalyH0AdAN0CI/yf5Qi47dz74GWIjgn8wnPPC3FHGr5ODIn+AAe i3ULHs89ol5uxyDcK1YNlyT/iec0gfeHImlmNYIIdaLiivO7BI79+wr9njILRNaQ 0UKe6yxr71NUXkY7NGDXcRIxoA5fM4eGisl5fjA9hyKphBf3ecl+8eAUPE0d8cKq hw== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-rsa-2048-rsa-3072-ok.pem000066400000000000000000000075231474542230700231440ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIG5AIBAAKCAYEAyf0yva3vCDVpwZ8a3jsN/C+cGwmsMucNI6f4Ddid4bfX19Vu UGtNFh3d+NOL9pLmfbStQhHsVLaPXsjy2DKuiKLRJQCfWHWY5RQhIonu7pCPk/W9 n8CFZiE/MKeJIyPxVzZ1HpkPAw0adKa2tP3/VSuYogDI+Ihgp0EUtOctKP2bAKM0 LnwsK999nAYR6ZlPVFgf3oZr2q99hbIzqShrIIWK0mTL1rzXdhrAt0EJEoEJBRqC ys78sh03Z4ztfj4dE8IM3PZwd0RMiKmByPPOFuaASAHCRBQDTjK2PKfYWd9zsGh8 QDp8gDCfYglKiPosMXTAVnQKWgWaeVyQRdwmQHQfw/UkyDbwLtpugg6mkRsMjDdF 40B0di7Rthc+qzYSbrQghU3ZyDFJz8fWwwLccc6Zh2MYmR8CykZmicyo57z5dkOI 0iuNw/z0Le1AkwvCUH5+0rk4HQSvoLY3pxH9zIHNFmLFjnsp/I6vkYOY6HCM9jtX naXlCXliYHypLR8PAgMBAAECggGAFQ9KKA6nenKfOSnOklcT6TRJkWQbyR7f9tS/ fyoTpAIYBg/htY7KdcDdcOEVmbrNP1QEMHxP6LE0F4zaDQKTwfk/1xzOgFmafF/x 6Hj7KXJ3FdUsVSisf+59eSQunzRTKGWsJmmM8COAm6L6L7q/0XB/NHzid084zJdz gj0ML1bpv1JE0YfuzxA5N3hGi9WJOOELSZc4TY+4haUDz+I/8R8bTz5lJlmAGXdG mpS0TnKXrymJc33LSQLU0P4XkO8Gx3xjspv/IMWQIyQKQ6PqC9+rERx3AN/wIJjZ /DEF4Tx0TsiR+cYmbItwXV6tji0cxOuOKleIGcIbR87er3cTKqn/fwqDTLgXYHCS hIq18zqOuPsBSqvOIjAXljIlaYTboejv19mC18vWMe2wC3qNypn+UgYh+KJdYOJm fNDNEVAmV/Qq3Zi15miNHgQMUylI6witY2BMMJeGAQVy/iPhv8gN5yKL7HE+aO/6 zd22gxz9s5HXvEI10p4hwpJWhgjZAoHBAPgatQawIzEOs9STLx4BRcatiHbtAXZQ E3jtgWkvqZOPaWGSIgIL3YV/L/z8v5bIE42uZrHFHjcBaOWL87zghUycZPkx8xZC Dz6YN+tpkTr+uGh0NOI0dPSAP9zFGEXVS4mhaSoyPAyn0rpFmyogxSOhZ413HUrY rTeLqeNC35GpmSPPNm9dTSYJBN1QLrzp3njIgow7rF2LW2E+Ali6O8bGW4UiT35u NScyLDf8QkYKz5xlbDFUYP9pt1AjY4YeXQKBwQDQasra+B8pyOnKEplDpicPwWsu MyIWmZneJoAhLAz4p0bEmFtHbmq6CIH8Ed2ZkLxJZX/TAG4hXDK0XdZBqHg80Z3n pdiYF0SmrccM1tGZ+oluvXlRx+TBs5k4AW1Ui8gHCGKUfcleORpBAqCPTp4jD+Z7 rzaVoik+EPfM0R/qBI2J69e7zS9NuQ6m7WHkTxHzTOrG7ttnN3FgH018isoqOw/j bwc9rVAquuXQbIleaqeQBwZuh+mKAbeNB4T0ZFsCgcEA1dQWvuvheK9mN8iebCrG m2QGYBEGGJUNI0T3KtPEQAPy2//ZRZA6XIrwrgabjPVlPM/ZfE8aKmgRovzKlbef yxZjRA5TppRKlTUVxNPYMlNEVeoJhgeV4QADil9n+w/IqZauj4p6DKI7UQUapOVX Ys0B9X96hH5YU64QPmjtTJox/RXioXp1Olm9kow/q9uYPNr7AKeRd5HasOWDmjrv t/JPAGBAyQNs1ho82AeWis1Yfz8+TwmdC6RuNCg752SVAoHAOdmaqwL6K3AALL3S 2uswpnfqly1MRfemtPn80LhYdWCBDSq5E2+7oh2gbuZKm0iIatsIivnwl8Pusw/k 2962WTNZ4CWxpC25OYa83Hx4O4RGR33CQgf5ICcI3XnP7grKn+Ec89iiX0v8VJU1 GfIZhOPx9tzgitIzHm45Shm2AQ/4dZMIE7HVcn5uabk0Vdn4wo7UEBnWvqSuDJ9D s9EWYnh4ZYm4+c60lNfB2IN38cQq9JhumZmSImNtnnC639dHAoHBAM+VfGw5jkzi 89GkVqbci8OntH9Ei4ahVCbTnRdjscuHuHho58GmzpFRCow1+X7/sSe9IXNdYH/X MZ87NElAasUrbHYm6+40WsLaLVoyc0/B6ZKWkiyUEq+FLgjcSxr4O7mGIvkSR5bp VHtIrqOfgSLUk+STfxba7Y4XsuimtcQv8MRW7wlhE8mGhoB72wYeALA38m7ffTPf 2USqDkRuC1UKPinungEX2Kj2pvdAMXWEw1bU3Ps72v7+4+DAtMED2g== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIEDTCCAvWgAwIBAgIQUdzCTF9A3lsbuI9k1zkilDANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgyMloXDTIxMTIyMzIwMjgy MlowKjEoMCYGA1UEAwwfb2tjZXJ0LXJzYS0yMDQ4LXJzYS0zMDcyLW9rLnBlbTCC AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMn9Mr2t7wg1acGfGt47Dfwv nBsJrDLnDSOn+A3YneG319fVblBrTRYd3fjTi/aS5n20rUIR7FS2j17I8tgyroii 0SUAn1h1mOUUISKJ7u6Qj5P1vZ/AhWYhPzCniSMj8Vc2dR6ZDwMNGnSmtrT9/1Ur mKIAyPiIYKdBFLTnLSj9mwCjNC58LCvffZwGEemZT1RYH96Ga9qvfYWyM6koayCF itJky9a813YawLdBCRKBCQUagsrO/LIdN2eM7X4+HRPCDNz2cHdETIipgcjzzhbm gEgBwkQUA04ytjyn2Fnfc7BofEA6fIAwn2IJSoj6LDF0wFZ0CloFmnlckEXcJkB0 H8P1JMg28C7aboIOppEbDIw3ReNAdHYu0bYXPqs2Em60IIVN2cgxSc/H1sMC3HHO mYdjGJkfAspGZonMqOe8+XZDiNIrjcP89C3tQJMLwlB+ftK5OB0Er6C2N6cR/cyB zRZixY57KfyOr5GDmOhwjPY7V52l5Ql5YmB8qS0fDwIDAQABo4HGMIHDMAkGA1Ud EwQCMAAwHQYDVR0OBBYEFKLEDaNqKHUuK2FaHZLJGQLfM7rZMEkGA1UdIwRCMECA FBbeW46kMQ0IHu9olv6unz6aDqXZoRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghAI jLdQM8UKTs73rrVFvcoNMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIF oDAqBgNVHREEIzAhgh9va2NlcnQtcnNhLTIwNDgtcnNhLTMwNzItb2sucGVtMA0G CSqGSIb3DQEBCwUAA4IBAQB+s1NWYn5bH/yTiXnm1tQ8Ma9q5U41qcEqfBQZy39j WO/MtdVRLYqxgWnjJClfIxY0OS9auAX6AmRQ6LOEZnrAE+3wVoErIRGUzGwgl/ds JMzeY9+gozQbHuHxQSISV5NVldcXAi8WMUmboQzOLb83VF0BQSz9LIGvygpXOfxd 04NiKN4nhjxxwDs2LHORfTlZQG0JzBzSHXcbLKB3B9pfgmH6EaouUPkMpe228JH1 R3DV2cBMTlYk9amLxL0cuEIdzAU7k9czmIsYTm116KDP9canW8IGqKNJEagfixvz 51TEcn5R7nsgWPCQ07hXLO99QF4y0fAX1R5BGUbfVPQF -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-rsa-2048-rsa-4096-ok.pem000066400000000000000000000114221474542230700231440ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIJKAIBAAKCAgEA6R/7tXdjIG8EqIl/I/hLzjjvRl7Z6kESzzGsw9v+pE/ccwhe lHEFAZ/VxH8sBjSKlLaeLsXxtkqrs6MdW/Rh1WlVFonAcx/FcIjTLh4LTNKski2M /bq2iVBHWraatZqyzQaw/94I3Bt3pSvZ6EFsDLBJeglDI4bbk9B/DyhuK9DY3wPt XeNvNDyNB73FMDXUILRrRq3aaQrGpELeDr9vZcXKzkAQIoOXRTiKiOAxmcrAP7Ts w1gtK0238N/mRI1TIK70vQUt6nbA5c/ninsIK6Var0z7ClYdvebZ1Hp7UgkvjujV zz9Hov8kwftYLhP2lJvgUPibToiJ3PEd8i4LlcfrxW3x0gqU5xCzSWSxLP/TW7wg 0AR7h66e3y+dMnedTNXQY59rhEe8CZetF+eYtNUaa92vpKvNt8j3Bq40ykgrj0fz 5WAaHO2FwhvTY8wmMjAzyV/fNdlLCljsqxPz1v7qbKDqRnnq2CQnOP+Aa45YC196 nuKHVwXBbFUp1sGRY1xDQpSp1KTjtwTidNjQYr9D64ZdIQyHAqBYfM3ptV0cg5r/ OHeL3yXXsKnO8A6zge5jB2B4iZumTlz1FavN5SpI/MLDX81h/uni3xYGxzdr9CTJ gDFbYCF8CYCgxOrT/28WnDpUJcZqgRgpCgCLQxuM/0d4mMz2SCRTE2IMb10CAwEA AQKCAgBiHerzulbHLNKaGJyhR/ynxAC47mzrEg5XlAGxwWLQRyhyZeBgu5yuzVXM SPX/epek9aNn7jnITm8rwQg3TojqqFV+keWkzodr0LqJG24IHFczguZnV/FBo78U Z+x/aKe+cQWH+yxhb1IQ+37QKNDQGlYifcl7J2Q9NzBy8cJEwLa2TlHWBUYlhyKY Un+uxckNJsJL0hotwbJPKjGJpXq+K9wqqH3h+N5u7NgpuapGnzYA2iYYJYGFS0WS pLmmupB1Hg21jHuBxg9z6ef6ucN7kzGyvESgWhRUe9fMfOxwX5tbm5V5j5mX+ai/ 2AiKBC7w5xYnHitHh2H20qiW6FhJGWKBxQp2zGf74Yami3eJccuGcdxce9H7D0J1 Rz3fN5PVgvTNU9EJichalTkUP9+Iv+aYflknTwzwq2jEmupffR0+7igFgJYu3Yqh 9dsa53rBkuNNVgmdMFmWYwOSEk3+gROsBEQBBz6b3WxZ1mUm4VKASGUsMkuEZmMI lg63cjJMvMdXpC1MSr46sKUCLQwPizLYvwhVeUe9dlXLxbTWx8GSQZNpCG12ECgi vnQQEdfKus9cmL1dkd5zpl1Ty1HBj42aX07Fr4WaglZeA8+BXUx6wlushDvhdcU8 zagxbtc179cRk6mAwxwAUyhmX719Ak+EsMQ6IHkwRhv6Pru+oQKCAQEA9VJN2Rpl RsVuEJr/x7cXCaCbJ5XtWoMdigYJi8e38WTjJCKABezlcPfIHJnyW23gPASB94uT 8mscIrXEDMkDt1E3+nqFj+uZmww2pdJGLdYJGDzGaXZ74ZDO2HLcIPiOilkduXqX P+d8+uFu6vqrPOCZoNf03kEt3IjKonV6hvSn+IiA+lc/gIQlOam/ZFiIii7tSMyk foo3fN5OBoB3yALNBOcd2HgFhT0Jb9wCjev5vogG7T9KirW9iS4bqMBN9yu1Bg6a XyCJbrFBwTLXBZNVeuc87VIqfdvazpgdynqyb8KsLPjTC0q632PLThAJsb7mjpb6 BsrJzdmD6MjtGQKCAQEA80XE12AZekmqKFLLeROxb22QceqnVm1UWUfoZlrJq06c xRCENlKpd6oWyq6GrwnP15AHyzqhfRCtX4BOd4RipCaVrVH9EPBOlvIqkjyecZJ7 jM44GlPLpgJ4Mcztz1UUSSYqpLlDG+idxW8dl/rR+cjhUqCUZY+dNAeXNahiDIsW 2pdwF3D+CVUrsaCJtBQYBrXJ0BMkEClyecn2PkSoyFtIsAwR75FYJCu8aNt4OAt9 9B8hYOASJMEuVpEBcwiSF5qOkjdM5QOB5l0TGOnnqs7T5GDiu+8+cNxrqfDT1T/o 6OU9CC1ZnKDxv6CK5x/5m5V5AsANMaHw5DHQfYYY5QKCAQEAqTW/5IPEX3BGXsXK r2KmTUmuOzu6n7fYZB+N7hAv3B0OXxo829lu2ODP8optFItRI5SoYKqxvYALxBVD yN3N5l/rEKX6Ai8roDpoZzAGoA8F7uXcpVnIUOmlAr8W/tby2pJlYk4gjT+KgTGF ZCbKfg8daEgM6lBi5b6kpjIJ9ZRDV7Yv4HzVnDuJwaBIF1rJsyZzHMeqnm2PoF1l zC5IcHkeGMehWnJOvHxBShqi2Glvte/1dyc0r0B0H27iPR+Hp3lKP4dLC1pR8Tvq cuwyS/I3/7IH4FnQXUeMQPvDcKn48gWA5PQr/ZnqE7Otw4ZkaWmXdbrFcnHliEsE JUiR4QKCAQAfgeHEo0WpePD42ABSZiKM8/vJRUL3BqHuDkojN473CO909napMnuQ bA8XoRMAiJzKpnTb9XQE5qwNumhvQk4kRHsOP5gvIXCMTEEHP6KlwvsNeYf6oO+3 SIqYqJoESFigQLk1LGlsq+wDLij/DhUz7LiCIxoVLUyG+JS09mH8jecf2I1D+/Zq 7wUBtHEhSZjzBYhl0pTRIw0YiPfDiNDzYh8/7dBE3uYziRaV3hbr61Ec1QtVqK+w 4vRFcfJmG64QMIxWk6L55kJku5lFmMXQcYkwAvxaqtnDdEjdcbt92xEnWMlWzcjV aGLnFrvmw1VouSs7F/SdgQPaCjmeiEehAoIBAEfHWx6NUMwGPlYNPYdTAY3jhvZx 8o4Iedqz7ToBuhaAmzCScRwUX0bNc2RXWonV91440dyZydj+9WGyj1bIbt8lXyF8 AA7j62AgmgdSLgIxVq8cVWt+XaOmDIKnPvDpDM0v5n3aYYeXKMRrzRn/gBNJ+wK5 qWhFoMu8hZ1SBUIt3raLeWjPLFKp+VJrUOevnE1JUDeynt61VMjE1L3aHkA+Cndz Kpo5leId3g5TGLGCmlne1dN6Do3Uet5AG6BTiMAwDEmfl2UIGtl5kugOnOWcRED+ 5xUqqqBd4A/+88i8KOnXA5uxQgDo5tOTEgv2Rw6zFMiNIfuls/aIObnTskQ= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIEjjCCA3agAwIBAgIRAPSDBF+PzAUYY7hO5+RGWOQwDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MjNaFw0yMTEyMjMyMDI4 MjNaMCoxKDAmBgNVBAMMH29rY2VydC1yc2EtMjA0OC1yc2EtNDA5Ni1vay5wZW0w ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDpH/u1d2MgbwSoiX8j+EvO OO9GXtnqQRLPMazD2/6kT9xzCF6UcQUBn9XEfywGNIqUtp4uxfG2Squzox1b9GHV aVUWicBzH8VwiNMuHgtM0qySLYz9uraJUEdatpq1mrLNBrD/3gjcG3elK9noQWwM sEl6CUMjhtuT0H8PKG4r0NjfA+1d4280PI0HvcUwNdQgtGtGrdppCsakQt4Ov29l xcrOQBAig5dFOIqI4DGZysA/tOzDWC0rTbfw3+ZEjVMgrvS9BS3qdsDlz+eKewgr pVqvTPsKVh295tnUentSCS+O6NXPP0ei/yTB+1guE/aUm+BQ+JtOiInc8R3yLguV x+vFbfHSCpTnELNJZLEs/9NbvCDQBHuHrp7fL50yd51M1dBjn2uER7wJl60X55i0 1Rpr3a+kq823yPcGrjTKSCuPR/PlYBoc7YXCG9NjzCYyMDPJX9812UsKWOyrE/PW /upsoOpGeerYJCc4/4BrjlgLX3qe4odXBcFsVSnWwZFjXENClKnUpOO3BOJ02NBi v0Prhl0hDIcCoFh8zem1XRyDmv84d4vfJdewqc7wDrOB7mMHYHiJm6ZOXPUVq83l Kkj8wsNfzWH+6eLfFgbHN2v0JMmAMVtgIXwJgKDE6tP/bxacOlQlxmqBGCkKAItD G4z/R3iYzPZIJFMTYgxvXQIDAQABo4HGMIHDMAkGA1UdEwQCMAAwHQYDVR0OBBYE FCiPNtyDV+DeOUNjQ3lhpFpeVl+VMEkGA1UdIwRCMECAFBbeW46kMQ0IHu9olv6u nz6aDqXZoRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghAIjLdQM8UKTs73rrVFvcoN MBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAqBgNVHREEIzAhgh9v a2NlcnQtcnNhLTIwNDgtcnNhLTQwOTYtb2sucGVtMA0GCSqGSIb3DQEBCwUAA4IB AQBpF9Ljx2mgQWACynjLqjRtzTzqGqbXzwZvqk+0dSMPtHEIlfVuapDwc2Hv3Tug U6Zx35UU2rls/N0Vz+9nPqSYwYZ5yMCVFdU2URV6jwAzSTYfw3DzZlam6AGvgHvF Sp0eV5Nk0df0U141grFMjqX2HY2rluG/FpksI68pHrd7CKHiFMImViQXUETXGFKM hI0clGR9xMI1B2ZsglFTG0OwjglzFADz2kCkG7AxqahBpQOvwLuknqzVgbE1Azwt 1oO7yH7cV8Q7lVc/CpF981LQQdXIm8UYb9qrgiWRVucwfw5vwz2iNeVSO1jx+dc2 15bCXXnP/mJ6RxHJduMloT21 -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-rsa-3072-ec-prime256v1-ok.pem000066400000000000000000000027421474542230700241670ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BggqhkjOPQMBBw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MHcCAQEEIGiYOWRBGlxBggAsMXmbTrp4xEbRVK5XEilXaYTpX/mcoAoGCCqGSM49 AwEHoUQDQgAELUWACVZUsPni1vtwD1DUjT9qY9stpsxsqVLlArwNObGHQf0NACGK HGK9emSncHfxuvL9JUt55IPpV3FLB39yJg== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDTDCCAbSgAwIBAgIQf+qas6zNGvCZvOl1yh/XDzANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgyNFoXDTIxMTIyMzIwMjgy NFowLzEtMCsGA1UEAwwkb2tjZXJ0LXJzYS0zMDcyLWVjLXByaW1lMjU2djEtb2su cGVtMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELUWACVZUsPni1vtwD1DUjT9q Y9stpsxsqVLlArwNObGHQf0NACGKHGK9emSncHfxuvL9JUt55IPpV3FLB39yJqOB yzCByDAJBgNVHRMEAjAAMB0GA1UdDgQWBBTbtLoDcdvqUQaRJT+ZT2MysFTu7zBJ BgNVHSMEQjBAgBT8aD2XTdlAU46ZNYD4EEuzVzqNPaEWpBQwEjEQMA4GA1UEAwwH dGVzdCBDQYIQORuVDK59VgtfUDXzQKwdWjATBgNVHSUEDDAKBggrBgEFBQcDATAL BgNVHQ8EBAMCBaAwLwYDVR0RBCgwJoIkb2tjZXJ0LXJzYS0zMDcyLWVjLXByaW1l MjU2djEtb2sucGVtMA0GCSqGSIb3DQEBCwUAA4IBgQCBBGqJyO3ux+72VSCe0HTP /D5ljJIOO6TZTrzh22EHfUPkOEXc7D+306PNpiokfee2el4E35o6qNZIHzhs011P XXPN/C6bpthMiJqPKO3Rlmeu3ULR4L+XbiRkeQzOFS1AtEsDyfvGve+WwHDvEvtb PVwwXAcOV7S5WT3txJLBcR0F74unB/kJ8eyCbJgR4RalfBzs9JD79eGSJ44y+VMv nCXcF5nzd/wp6xKoYGAmuXcNqLltArqA+zGeXQY1hMNV/zEGxVgo4SZa/SNmML84 Z2F3SToe5ff6ciYMDcx0utUNCELu58xUvqRqh1ctLWn4OVgeP2Kpu57Rx0Ty3kFA u/g5B2S3RBv0G0nNXc4cDuuRVCpax2O/2Xfp+smtv91oAdPP66D1oymIkzNHtNY+ wG+L/KIlt5sdaCIp7pjLMeC0dQr4tDr3G6gcWkHUQTKqy6NtCqqWRDxeAsUXK66v zUgq+Zkj919kEWhWPP+c7YMhJismKrvvxJlL7d4vGWw= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-rsa-3072-ec-secp384r1-ok.pem000066400000000000000000000031001474542230700237700ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIg== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIGkAgEBBDAcvNuqh0xdSBIWRqyLj88JwRwwZSi1Ab12/rQiBM9kzoBJfK2GwB9T IofrJLZlbpSgBwYFK4EEACKhZANiAASGjyljAzfw0gy3y8lHec951LtaJIfrQ17y svpMhWzHj1U3IguEl9uCdxGJvCHrlPzC3xrBU2qHsfWjkOaLkwM9Oi9N84Ydz0h6 j7Bn8tQ+jOkLuxceGt5O57uhETb0Psk= -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDaDCCAdCgAwIBAgIRALhkK1Vf/37gc1FeyH+Weu4wDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MjRaFw0yMTEyMjMyMDI4 MjRaMC4xLDAqBgNVBAMMI29rY2VydC1yc2EtMzA3Mi1lYy1zZWNwMzg0cjEtb2su cGVtMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEho8pYwM38NIMt8vJR3nPedS7WiSH 60Ne8rL6TIVsx49VNyILhJfbgncRibwh65T8wt8awVNqh7H1o5Dmi5MDPTovTfOG Hc9Ieo+wZ/LUPozpC7sXHhreTue7oRE29D7Jo4HKMIHHMAkGA1UdEwQCMAAwHQYD VR0OBBYEFPi3UZtfQGhOPh+xCKhgaPh5aA/JMEkGA1UdIwRCMECAFPxoPZdN2UBT jpk1gPgQS7NXOo09oRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghA5G5UMrn1WC19Q NfNArB1aMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAuBgNVHREE JzAlgiNva2NlcnQtcnNhLTMwNzItZWMtc2VjcDM4NHIxLW9rLnBlbTANBgkqhkiG 9w0BAQsFAAOCAYEAapy3GwRmzP9ZyuSy67xjZfM8Qrxljqo8fgSG48AZgOSyL8SD uHliR+iJylLDpp+VlSlYu3MyrwRbwo9H7MYRdRMURTfuBERKNyAnhkvFFAwYfxTI dJ+1P8BeiyiPaDHpV0NZYR/D+iQ/AAQrkc9HaHzzjtpxOEAazFzjtNcNBJLTIeyr SeW38H3ATXZs/t1GGvfj64uZvvf9A1/uimFznfeGGMHYnrfOiyY2EkYkGi+3SNLR ckOwUwdJRbHNTLNS25alNMzxPSrTnvA0wtXdPnx5r+5vlsP0D+4FQbXYQKt85WqN ovdU/nTqtTYFoNb0ApLMFrITzG+0B5uD2Ws8pu71NG4HRb5wrbSCGVJ5oYQ5ahcx TEMa2kMpyab0G+dtPfhYeosvgY0ReohH+EraQ8lLweMFmYoq3EHPe8/6DUiFbHCx i1ykDLXDHnOdo3khNDdyINuiR7BFSeiRFsGSo/iF+U6Vm+TXtyIq6Utu2sToW9FL WvfrnAQfQwvibQFZ -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-rsa-3072-ec-secp521r1-ok.pem000066400000000000000000000033021474542230700237650ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIHcAgEBBEIBkw6BtVhn9uAqTPywzxTP2yaHa9Jh691A+ymxUFKIu8k+4LVhY5q2 RVvQudYaEH+PPeDAEPUvFkDCIbeKujauApagBwYFK4EEACOhgYkDgYYABAEyA4Hp 9hQCy01B2q3+YNd4HDXdyPESfrC5jB7nKLdVMEMmMm8vU+VG9tvHvYLy1HLrUUkx 61HjrpeLnYqcI3knGgECMld19JBIV6lEPl+CJF8ESchF01vyI1AIaQwtSWhRmLod o57IKvv7rKLZcHpnXF+vqZXF0XPRktUS0y6WYhVu/g== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDjjCCAfagAwIBAgIRAIUoC1dHnTEUMP0xVa/+/aEwDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MjRaFw0yMTEyMjMyMDI4 MjRaMC4xLDAqBgNVBAMMI29rY2VydC1yc2EtMzA3Mi1lYy1zZWNwNTIxcjEtb2su cGVtMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBMgOB6fYUAstNQdqt/mDXeBw1 3cjxEn6wuYwe5yi3VTBDJjJvL1PlRvbbx72C8tRy61FJMetR466Xi52KnCN5JxoB AjJXdfSQSFepRD5fgiRfBEnIRdNb8iNQCGkMLUloUZi6HaOeyCr7+6yi2XB6Z1xf r6mVxdFz0ZLVEtMulmIVbv6jgcowgccwCQYDVR0TBAIwADAdBgNVHQ4EFgQUKqxQ kJogndnO9Z+jHHQ7OYa3gVswSQYDVR0jBEIwQIAU/Gg9l03ZQFOOmTWA+BBLs1c6 jT2hFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GCEDkblQyufVYLX1A180CsHVowEwYD VR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMC4GA1UdEQQnMCWCI29rY2Vy dC1yc2EtMzA3Mi1lYy1zZWNwNTIxcjEtb2sucGVtMA0GCSqGSIb3DQEBCwUAA4IB gQAGXtQO2pgz3aC0/a1aDQI02cenVIf4PT0P7XPfVOO3fbl58lMyfZpEs3BBEIaC Mc9rhaIf/g5zaiemgrPfr3/yduH2hQI5CljCIlc8UfBTL/PQN8MfSUZIUpDPAt3l NX2vCSh7bEAw04z1Gy/8dXGzjS20E0CZNnP9ID9TfMiTrLH3moAuLaNkjN1l5wpW k/2edc8TmXFvKBS58od729ejNx2Toob64sCu+IPL95GL/HyWFt/PNKNMJYtmm99G 1hNDQ2fCWn/MNBvdeRnvHOnPr7KUtmyh4xpB0ZSbC3M8bJY4QN4wo/CO0MV6uvMg qT3egqjbNXYJ1HeBQabolQwZlwwSDWa2CMY5Pbm5c1dM0T972H/Gsk07iRmy1a5f UOqnrkbXcDo9qcDa0gXt2UuqHLWNtjmKCUxGxj50FZi4aOS4TNY77nTjN7a1LaKO Oq56De5ko2dZOnhRpo6O2PaaiQiSQX9p8QzveBUE2CqOXpObBPoaORaZmZFRgv+q mqk= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-rsa-3072-rsa-2048-ok.pem000066400000000000000000000061071474542230700231410ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAlkJl9gRAf+fh9AAMhLx5Aoa7EX9NWszoopxjaHr7HVnTzSLo HRgAwgyq/RbJFttwDgITFfyp1ooGcw2s9+k50WorMy3Lph4ct/ApFq5HLIhtzxQQ S9ZsIPJUVz8+zrkvXCvjSdevHj1QVvCIeYp/ANPm/xRXvvsoK3eXyHNSu26fqFs7 n4H/DJQcy7SVaQ3hewhQ2RTbne8PzHPgld5eEmSX04Oi/q+/ndXx2tYe8D0YqKBy /3PQlZhPmsqzbevCppw3PDJ/ERn2EfWMnoUwOVPw9SIWMpbZLvoYOdk0ZumCOu5D QSfalNh6oqvUYXak86gx2plPVW6blNroG50WGQIDAQABAoIBABJ4ZwAu1Z7jaisM Nn26jUV6OlSUSXX36kDS6IVXWLbq69YzjETHRpCT7hDeVCmzH7sZFi+Ft3rfzJsn +zMeQDU1z8miv33UBcO2idZ35dfbjWP/G2G3IeOK5kMzSw0uRlwWKQJSuPwGnXGS b7RBCguYALUqUv7u8KknMkk5o9nWNx9qffJs45dYliPKFk+/9skoBKKR4qr9akLi mOnBjCLIm0DjCjaw0BP+O0FhAZ6ZJlBmp1jFobSZUNMIpWe4voUYSoXbZDHibL9I H3M3JZjwsGF6dAu9zj1RsEhXewKw3w3T0SPbp2bEtLrTWkV/TI6O/lw4q7IFIGVr yRXB/AECgYEAyFEsx8vJ5UPl7Y4ZJwYftIFg41ybQzFVoh18M7mQCsGQaQ5Fnx8w L9YcG/JnCiRKRmpbQ4L0noKOmY2hRiqtXs3iTxM/U95HEAbtvkyToyVCOcp/ZUHB ngpQFR4/Oih9cLd0to6Z1Uc6NAdVVAE5eb5y50gkXNGLEobOFEoXeBECgYEAwAcM +qltrVn2NXUFHsHPNRMdM7Ipmo6piBzj+sSV1BFgkyPd0j68GvC1iad45oqGnxh8 3idt1HNKnoZg1TomjJcs06B/8RGQly42Xltk8Pv5A543PA6ElIeO4wLzGjTkg3IY uXNbErMtCVrDZmse2ezlkGFsTnUeLvrZxs3dhYkCgYAA2YdNGaozlMQm69Fjfv0n cN0OWdg2wsDQPTvHpGPeB9ArAep9sE4uBcR8wdx6CIlgHxdgA/Axs/AS6qzidU/i 9RCesUA1hN3cTYs4oW6G5KORRzCfJ1ZA615HmKdAAef2UHDoTVaNtw2iJt3Py2mJ AKvQG1g8JI9odrXtFBthYQKBgAKtln7Acikiwg5IzYN6THt/Ar8/0ti2+KJPVNag ez5z55blvyg5e8IcbUu4LDV65Rm+667leeCmovnHAf63SuZXDWb+LAqepheVq2hx edzqhrSINlj+EtdHdLSxy9YnurAinTmo5DJEkXI589Ov1sRPS3xR/4Kwm3UoRnVB Vb+RAoGAJ42L0oEIW4t1J0pqbbYitXgC/C1QvZ9/xWx76WMeFBQrtXlf6gpbFvFs 0GWfjtpo5TP0wjfB2pXHUwimSFdEHaUFmRT7sABvsyXTnTnTyTKrj9hU/Hdbvmho us7OdbsIa48fgb1N9E+KYqkMNqRUVOuMJ8PGVpGHlpIy+iAy+6s= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIEDjCCAnagAwIBAgIRAOhffkuMVEqJHpZX9TNHygkwDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MjVaFw0yMTEyMjMyMDI4 MjVaMCoxKDAmBgNVBAMMH29rY2VydC1yc2EtMzA3Mi1yc2EtMjA0OC1vay5wZW0w ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWQmX2BEB/5+H0AAyEvHkC hrsRf01azOiinGNoevsdWdPNIugdGADCDKr9FskW23AOAhMV/KnWigZzDaz36TnR aiszLcumHhy38CkWrkcsiG3PFBBL1mwg8lRXPz7OuS9cK+NJ168ePVBW8Ih5in8A 0+b/FFe++ygrd5fIc1K7bp+oWzufgf8MlBzLtJVpDeF7CFDZFNud7w/Mc+CV3l4S ZJfTg6L+r7+d1fHa1h7wPRiooHL/c9CVmE+ayrNt68KmnDc8Mn8RGfYR9YyehTA5 U/D1IhYyltku+hg52TRm6YI67kNBJ9qU2Hqiq9RhdqTzqDHamU9VbpuU2ugbnRYZ AgMBAAGjgcYwgcMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUDP+gXQsCqIvAJzzf2wcd ZbCSC7EwSQYDVR0jBEIwQIAU/Gg9l03ZQFOOmTWA+BBLs1c6jT2hFqQUMBIxEDAO BgNVBAMMB3Rlc3QgQ0GCEDkblQyufVYLX1A180CsHVowEwYDVR0lBAwwCgYIKwYB BQUHAwEwCwYDVR0PBAQDAgWgMCoGA1UdEQQjMCGCH29rY2VydC1yc2EtMzA3Mi1y c2EtMjA0OC1vay5wZW0wDQYJKoZIhvcNAQELBQADggGBALJvbKvgJlHt3vXbOnOG qKAReTopZ9L4mJ0oogHCkfcU7anPJoY3RaOIW6qy2TzCfqYyXHHFrzCjnedENWZO qb7ZNtg8W6rlFd1YcVfEMSHtjgGDG1p8OTBrdAXXvco2bX/Lh6ydhnLGtd+DHuEp s6KSy/Jd/+g7tkSmMp8lLLPWkBsku4GbHq/heLOfgACnVaUjZ9hKmEInhT/UWLdI D+YfvXr8CEr5Iz4JPQPw5VdbFEKaqB1EixY6JZ0S1wxne7Hs5GIa6PUZH/n0T4Rs J1113DFczj3ggRFompvnkJdjUkGu5Z9iPLA7u5fPOVJIvw18gJcEJ28sskGp2Zme nljCKAhggoUn2fRt1lV7klO2OvTWWe/nJvLW8/O9UZWggmB/J/O9IPALOE0N7Jas 42+sOzgheKirfn8Shhuj3DDL5brvBnUfCq81wMWmdPethdmZeb/w89MZSk+BNF3g MDc3dpM0W0qVL0KeTQaDb79LwxdsaIFU+AtUsNE7fuhDcw== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-rsa-3072-rsa-3072-ok.pem000066400000000000000000000100021474542230700231240ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIG5AIBAAKCAYEAyUgS6I+wQASpgGrgi09w69+M3qWiJFOiFZjd55aXDshvxdcQ nIIQfDsKf5iwAeDkeahJtpHoZkIMkbUVKayBhVQMwF6tT/BKQvvYpXjBQaoLM4Ad SFkVE0FiLzVtzWRJBIHWmXCIhdyL+Xk7KilN7003xH1i/Xnf3g+CFOvcQ3kDUn4E 4kyWTiYkgp/m5ekQv7GnpLEWB00KJeiX/qCV51kNYOS6k81L+9xxKZ3ZH1NTE+Gs 3U7RtG3lJIrRzPSEvipjahfQaGYAEELVwEk/jEDL6L1h+EQwqgtHK4cHMVOeBJDF 7mvCALCScVcozi7PodtcpLdzUbQvUnJZCFLjkSK7CXV+0y14YCeCR0RZmKUPh2Wv JACAifxnhDZhj8B1g5MYG/W/PrNy6HvFs+tUGc0e3NquVvMdJ6m4iLq9qQ+Kgdhl svcKoTGoikgV2axh4kKezaHRURaRyutkypRvSMCdHYbNr6f3GZgoYXlZyAMuy5gt SiWo8RKY7sR3yiebAgMBAAECggGAMFz8Bhs4azlzjOKhT3foFxTg4UKFIhtiT7Qq ZZH+e9PXX38cg66QzXjWPfBvIhRqcXzpMU//ukpWgNA05I2JlYKribF2DUYcYdnn pWLNdLyp8lbvMkoNUVIdiGBbIMXe8ZFNAhNTCm8Cxw/FEo1YJ46zPqguF9+n1dB+ Hg7KHwA9tx2GiOWEHAT4Mta/ATEuEBFcyaqvM1Pkg1VO6CSnwC3alBSBbDAg+MRw AGLoH6nCxX0tLwPYSXU6YLxmSsvZh4/Zun4FX9QLgHvEWPnxCr2xKEuEXN8O5W8v gwEcaf8g+y2LANE+nwyBVi1JYTHJH1h92Dv2q4Kz0BM2vHJo2aNhW0rC+ItNSO6p lNSHCCee6iRNyPIK/aTpP6/6pt5XRmnJTsprDO6BNsjEWHVlHMXVv2+q2SeEJmYd vQsCghh92HNba7pN2ihNgMLI6coUkA/REasrXxln0+h57dJbuBUaYm22acQeuA67 0jc8iaJPGn6O7K06BOq/R48Eq72BAoHBAP8QWhMPc5Mkwvf+Bl1kgMLrWq0oj45m uIHLxoY7xnSx6Keu4FEAvzORJa4+oyyy622a0EyvRtq5iCld/222eD8GDy4mTIUU 3lGT4cFTP53cC+jXEpyCNJ3bL1DdBtV5b9kRWSlHMj1FSsQ4WYYwhQ/PnxkaPqAw HyHBhc7Xl8yQd17DpYoDO+Bqnwy2L6L/aGmiKNH1OPPLQPw1B6l6xqtKZV+cEwIg oNNV7Sxj1LBhyt3zhhqYWS3RhQAQAHCLQQKBwQDKBTCxWECEAu+riYPkhc2/hNEq d8rZAgC1Y/v3+8gTPZC246ZWKMXEeNDxe7rVFMix7O9ev8x92YxfWFs8NDC6wUYw uNjOETlOrduLay2TFkhoKEppKRP8pgZ14rBGWTH4dVzPmoIoDE2cB4uyibQANE83 dnZNCTvubXBWerxuuotHFlA6jAeD5GtKvuNLUn+KeIwy2Mf+RnjkbUZQ17HoLqFa +Y7n8qiEHAd2QfiA2UD+vB8YEwfndmXYyRvkR9sCgcEA/OVlqghj+70zY1gHT4pa 8OkSmyXgUL0gq/E0Adw6xXGw0LHfz/EBo0uDJOUOPT+Zlq8tYRtZEX1ruDhvDoUh bLvBSWzH6hvq4s/RwzGbnhWT6WV2GqAvM2Uj4PWF1Rv2/i7pTLg+4+lUXIHSoe5x wF+HzAftmD6eX4XV+mRhKn8DHH64H8NdFwIgeSYazW6YRER4XNTbhz48TNT3p98I JMY7BTVm03EuhNxpsN27ALe1waO3j58GrRtU198F0JEBAoHAJLgcyZ9I2rXN6lfs aTUI2K7DdfygGiGLD21E9yYEj7q4+wUVzsNKbxOmpr3ej6xfbjeqqoYiHR3Vrd7Z dm/mC4vlviVbAtmOmQZwyT6J4hpCvuvT2plk0J88vWCeuaqssoRigjmLPsw9rwaQ FbuBxCe93k7h4c6z3fp2WMGmTloJxrn/iyS4mPiDp+paVe6A0CJpGTTd5RHaF2rl RPxvkcwn9+k0WGR6zMhrcss65/CVJ7f5zt5mqWOTz3t+XlfRAoHBAMDw34EcxNb9 uzOBqaKvZmCWxtNtQX1fPQyOjd0LC3eXCMn14S4L9s92ZKDXT3E9a/fNY7Ssoh/m BTHCW3/rUkeT4PSi1vyPC3NvXU8L0o3NeGhLPUlFN7cGB5+dOCGZ3VkgJ7bD6sW5 QBLqgsUa7dRkcj6G+mAWCpeMAamEnjawWTUUccBShhk2wSuDixYAzA6Jk81IG2Qt zKxJGT52cyFcaCHomXLw6VWUx7p84dRTkcxNdaADqWc33KXJ+z7t4A== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIEjTCCAvWgAwIBAgIQMoh3rK2TanJ16RXfKvy3aTANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgyNloXDTIxMTIyMzIwMjgy NlowKjEoMCYGA1UEAwwfb2tjZXJ0LXJzYS0zMDcyLXJzYS0zMDcyLW9rLnBlbTCC AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMlIEuiPsEAEqYBq4ItPcOvf jN6loiRTohWY3eeWlw7Ib8XXEJyCEHw7Cn+YsAHg5HmoSbaR6GZCDJG1FSmsgYVU DMBerU/wSkL72KV4wUGqCzOAHUhZFRNBYi81bc1kSQSB1plwiIXci/l5OyopTe9N N8R9Yv15394PghTr3EN5A1J+BOJMlk4mJIKf5uXpEL+xp6SxFgdNCiXol/6gledZ DWDkupPNS/vccSmd2R9TUxPhrN1O0bRt5SSK0cz0hL4qY2oX0GhmABBC1cBJP4xA y+i9YfhEMKoLRyuHBzFTngSQxe5rwgCwknFXKM4uz6HbXKS3c1G0L1JyWQhS45Ei uwl1ftMteGAngkdEWZilD4dlryQAgIn8Z4Q2YY/AdYOTGBv1vz6zcuh7xbPrVBnN HtzarlbzHSepuIi6vakPioHYZbL3CqExqIpIFdmsYeJCns2h0VEWkcrrZMqUb0jA nR2Gza+n9xmYKGF5WcgDLsuYLUolqPESmO7Ed8onmwIDAQABo4HGMIHDMAkGA1Ud EwQCMAAwHQYDVR0OBBYEFGQaI6GMmq1jRgsRaWMcVUTEgVabMEkGA1UdIwRCMECA FPxoPZdN2UBTjpk1gPgQS7NXOo09oRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghA5 G5UMrn1WC19QNfNArB1aMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIF oDAqBgNVHREEIzAhgh9va2NlcnQtcnNhLTMwNzItcnNhLTMwNzItb2sucGVtMA0G CSqGSIb3DQEBCwUAA4IBgQCF/Hds+ku0AheERB0iW1jJQ2EVnWutJrayGZrjJ+iR QGAj0ZMih2DzfxYv+9CMvaOjFf8Ya/CopSDS7kQ3+YKRy0kRKf3DRmjIokNf7UiZ MH7TJWcUnwqBExbbfBluBsFUCHDqWnJsS9dk1SLit0X5aadPIiJIvPDn8rpLS8yZ +rX/PCBBWwcz1186uFa2g5JeqKOn9PUA3PQO8n6IZ8RGBKIMTuIaIMY/ioVeXBOE 1N/1cabQ0dd1f9wLkRd8MZ71w2gG08LfOeDfHb8bif3Ob27/8pm/jZz3ZQjFjAkZ k0CFHbXx4KcjjRICcOq64cYEH5EUCxT16ZrrBBUFtFje6wQ5Vg/cmAWRrRlCmVjK ZtR6jPl8cgIxyZPztMMuJyGkS/d2onEwCQVPE+Nc1uYHztEIkXEpw2a/qf5hp5P5 T+Tzuxpqpg2c9wsh+dQ6EJjtbFmEu6aLPRl1rQSnFNBfhyrdBZgVWgIYz++t9OA3 2UrHGBLU5SYaKTKBBx6TslQ= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-rsa-3072-rsa-4096-ok.pem000066400000000000000000000117051474542230700231460ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIJKgIBAAKCAgEAu4SqNUpXKz1YaGAEYVZx1or/y62d0F4tjxCODEXhIUKPDxUC pNf1UKtXmhuBQ5RMPZa9eN56RDGJlK4LB79UQWBY+oH+wPiGPy9iPlWuHlvySHDK ZufkbU8/B13FpL7y/9jo4EABVuwk0dpyAfFxpHqSFyh1RVDjySe0is6CXvT5o0P/ 5t1O91wX+xhfDAcqBBhKPk3+lrKhWyFW0tpdXNLaZrk8oSRZG2pY5jpNd+0GK/xJ dmz2SibB1IAI23ENhHs/N8MjHqKKgwuwyyseh9+6hD1qdPKfdqHlZAdZthm1c+AM 78ndgjXSccrikamW47vdlSg1nQagaVVNyETRW9nYLkIN+5z1ek+8wvG45hCUkWf0 uV7fRS8eqMjr/954FbGz4XngZXKOzevltaykqADvB5sl1swKzpslWfrzhc1WwlgJ xKtmRA7bDpa22Cm1EmylDHdlzipCqnyWnLGntmx8jOJ7rLYkE+GVfNDF5TAvIylm 6vMj7z3Qf8CLC12sqxPXs1tulagxQzpHvc49n5ahxCgxkl6sMf73ncgA+rj6lfH5 7N3NJTBe6MOt53dskFVzJkj+/ictQPpRVrfGSSuga2JxKvzMjT9FaWaNZmGC7zHC ywP54HEphuS/n9hh59O48Eg8Ctbm9YwtAVhL0Trh7r5jflxcZwmqdHwcKPMCAwEA AQKCAgA1D+BePhAWk0BeILV8mcqSzDh/+TwMB2pa7nNTs751+/Chcu+Rl+66ChI6 8IeOiPtd/jbVahctDtuAsBM8+P4tlcb39CsTjf/nB1CElRg1TQ1tREVyAzKXX/JU 8ksISGRY05dqRZJbd20f2PGj7R+cTHbkiLVOjQo4FL04/iDUH/w4H/jc6kj7JBtB GW9j5u8Tw4/Wu5lMKXYRZIi+F76NkrjskoQ+kRuJ73kChQMA6Zhyf+yFz2WOLBNz P1vCROZvU7Ta4aQhehs54+f+RdBY4I1V+E8Uksde+YcA3DedmP7IsGDYxcWhn/tR 6fhdAaFKBhI4r+0j5wkjZVkiT57yI9r5lVKfViAB9hfNjTKdNBP+LOdp7PBfE1VQ tXc3p+LT5YWmn4Oc8ppOVsNOoocLeYqdkHpE/1BzhoAc6MO5nfHLKI6MKByjMpfd oj/D5OlFNegfiurms0P/H8bNHgh+U7kfx3PK1VyOzeMC6LcsjyHe2ZQLyHd6drzV yGKxQ65acrQgGguGWWeXCbSSzRrpgN5wUDulYngK89vyQhEgzMusyB1p/+CanLSz 5BBQBH1iL+Qfip7nAKdQJ6zqUn/kEMz6tyKyY9sVI1QDl3zH9KZR9EBLLt0Cvy9U mml5xT3goN8qV6ahSxh86qKxklkl6oxCwld4qQ8TUQ4HN6RfeQKCAQEA3iq2C1Kd o9VYUiYQQVIoEp24bK+NcWk1s6yHM074vu5mDGEn7hBDQ7uMZc9Pql1zcTDtk+bE NXHZUqJNRmoAlOznJzbBWSd1XPWiSllHziLFHWsWaVElOgoScKfgZTMc/LND6Q51 X+i1rEbOOgEp8wh/1wNjnRQfqz9pUsm0+P0dXKdGFqdiDvbe5SA7FnTFrJNuucHr xkDCEex0B3wP4Wt8pZw89Q79kUC9q0h3uaW9u86uwKH92ap+POiQLs+hKqCbH2rL /IyIZPLMSSHAyPk0cDC6Rg9MgDR4EYb6+XFzSMNQZX9t2s4dd5coL8tLJZJF98gP Y0x2YgYAaw3rZwKCAQEA2BMo1c8x2CuFJSsyAXiyKoIExSK0Z8pZXd8oGmI/Y09h QqgTFAtDvPNL48uyuLEqsnkNIkN7wT8YOPWiFTMdQFFTGn43pOTv+Up7G9L+qIAX rW+VobYNAM3eKV1BAFSRiaKq6FfGMevaaa7qD7vrpWwg/VeYxxZh8y27LfWMzfZa lXUbD9uVwvkXd2h3aqoElhXh00NUn8V9ic5hniChmQFczdVazUcdJ1V80dqJcpRN s+hdNiOUpkSPtKgKXQkQN23I8agp3+LoyHjBiZXlRNpPebA4whwyHx4dXVFoBoxu blUQcrq5Ce6TQ7Rk7P7pc1Rcv1fK5uZGC9Q2XbrqlQKCAQEA0LjpzNtyNNCkKJGQ Jf5MnajF8n4/8XO5uzL01lR0R9Tr1OeWPwfSWhkifyf0nYcshQRFv/VHEzsBxKus 0+GU6FVlmabMobj7fzlanmUgm954t/m61Xkh81QxHNvrashJjHPS8mreBRw5SkA/ Ual0QtsSV+vcM2ALnLR3fAr61g3e/wQ8Sd45tvtiT3snaCKO8GKW3Tf+DYUbjwFJ xRpeRRbZxTFy53yM52EekIQFz0mSZpZ4AYxvVIbkEM8hXok8zjKTakHIoV1aaxTc rjxixa2zAVAWQOnwomYpA7Z/pchbWdn9d03v5GhOsOM3IyfoUsUIrRCsvErC0bb3 v5wVMwKCAQEAzuIBXj4k7mI0+HKUTX5fsH2OzaW98AZ5bHzHLAPXx2FwsV617aIf eGHGztPxSg8v33Qx1BWi/1NHAPqG9x9aqYN0O1CQPIyLDDh5CRoLhBApG4FUVmI1 rwht51MHcqaGNq8OTqoD9TZqiHfWWbxHErsmFwtxF2Xh4PFvX8DU0TtIXgOjJprL mMPg6Q6YEAO7omxPLXUxKEzyNyjopHt/3jzEu7vFVfj5+/hJK7C/m3pNr60S2kxU /qF0qreePJf58+hk1qR5e4kJ8zBTtkVUIImaQNwubASNJOgzm27fWC3Lak5+Eiug EddhHxkw7Q3hPfCPYRFRD6V5ecf1Sec2xQKCAQEAsfvJ1oD1mGPHksHUOjdRf6bX 2eos7saT7iFFW1T8M6uZkEMC/e5GYHp+Eb1moJPwqYq0va9rOkfd/L21JU5zCoCX 22bGQ95dAudB9Y8KU2vPm3PiOZIgnHg5AAlRf6U9j/8fBQiIkBkupA3MSrBGZp+A KB2uMRyrCoLS1KIP0/Hkp+FRqfhsKfP4YhGQKsMwQdSuJ7e85be+2Dmt4kDH/KIv zY8OD60O2ZKjcKZ+m7ppzngBCQpSxJn6eLx5q9lIEWdKZE12CtxC5joHv1nVyiSK 7Rtn/JCnq2uHRYmXFC2/W4voVfikPjhUzysAOVNDtMK2glPC9bkn5zzMN14Ytw== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIFDjCCA3agAwIBAgIRAJ+f/bVaR+FVXy79CtM6siIwDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MzFaFw0yMTEyMjMyMDI4 MzFaMCoxKDAmBgNVBAMMH29rY2VydC1yc2EtMzA3Mi1yc2EtNDA5Ni1vay5wZW0w ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC7hKo1SlcrPVhoYARhVnHW iv/LrZ3QXi2PEI4MReEhQo8PFQKk1/VQq1eaG4FDlEw9lr143npEMYmUrgsHv1RB YFj6gf7A+IY/L2I+Va4eW/JIcMpm5+RtTz8HXcWkvvL/2OjgQAFW7CTR2nIB8XGk epIXKHVFUOPJJ7SKzoJe9PmjQ//m3U73XBf7GF8MByoEGEo+Tf6WsqFbIVbS2l1c 0tpmuTyhJFkbaljmOk137QYr/El2bPZKJsHUgAjbcQ2Eez83wyMeooqDC7DLKx6H 37qEPWp08p92oeVkB1m2GbVz4Azvyd2CNdJxyuKRqZbju92VKDWdBqBpVU3IRNFb 2dguQg37nPV6T7zC8bjmEJSRZ/S5Xt9FLx6oyOv/3ngVsbPheeBlco7N6+W1rKSo AO8HmyXWzArOmyVZ+vOFzVbCWAnEq2ZEDtsOlrbYKbUSbKUMd2XOKkKqfJacsae2 bHyM4nustiQT4ZV80MXlMC8jKWbq8yPvPdB/wIsLXayrE9ezW26VqDFDOke9zj2f lqHEKDGSXqwx/vedyAD6uPqV8fns3c0lMF7ow63nd2yQVXMmSP7+Jy1A+lFWt8ZJ K6BrYnEq/MyNP0VpZo1mYYLvMcLLA/ngcSmG5L+f2GHn07jwSDwK1ub1jC0BWEvR OuHuvmN+XFxnCap0fBwo8wIDAQABo4HGMIHDMAkGA1UdEwQCMAAwHQYDVR0OBBYE FNKY4SRHFYoPe6Q3+n/H6Y6rkEPFMEkGA1UdIwRCMECAFPxoPZdN2UBTjpk1gPgQ S7NXOo09oRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghA5G5UMrn1WC19QNfNArB1a MBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAqBgNVHREEIzAhgh9v a2NlcnQtcnNhLTMwNzItcnNhLTQwOTYtb2sucGVtMA0GCSqGSIb3DQEBCwUAA4IB gQAWrHjCljFXnyXkJJHQcHl3YrhygiSxTkXQ2KctdD2rospmpUmRY1a/HcikMlMr AelFXULwKpAd6AO3d1mSb/N/puHOnMOJvc4YqPy208Eq4ecu9LzGHmbFxqVz/EeZ 31iotKmaOML1t6YMxJJw0Qiyqa3EPFqNeWVnj1D2OIPisjKL6u2jQpFeRMOT9DWK IOdWgJFNTqkMHO5Rj3fCoQwYd4R7ffMg806UNfRDncALaakdPRvVuIKdU28tXMbw NjrG+a8naVu/YKeEg9gXvVSCr+2IJnT58d729vx2Cf/6j4u4JoO2sbz20w3NP0EQ Q5BMMCVb8IU1lo/uu7Z7TLWZdeftZssGFoXFBI08IR3vtmNlcMhYeBZ0K5pYnhur BHl79Ikkn+ohh7GVWCV1SS529EDLM0JRFJu8PngjkrsxoW36sFnuLcBdPKIvdoA/ QB59ai/8TwStsp5TBJeMWSPKiHAnPUyWlkPRaoPOerTTRGDiomV2wSHkqzOChw7h wMI= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-rsa-4096-ec-prime256v1-ok.pem000066400000000000000000000032211474542230700241670ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BggqhkjOPQMBBw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MHcCAQEEIDataF3QZoFAUvuOxmjmvAHubLxLvnar78KMAUqsmUW9oAoGCCqGSM49 AwEHoUQDQgAEpXpdr7LAJa8ivFjzmBY7cAyFNawbM05Ie70KdBaA2P/2MadjGuds /gPRck7OFf7b8piiQStZx/JE5iFxD78XYA== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDzDCCAbSgAwIBAgIQV1/hF8XvROGnOr8M16NiHjANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgzM1oXDTIxMTIyMzIwMjgz M1owLzEtMCsGA1UEAwwkb2tjZXJ0LXJzYS00MDk2LWVjLXByaW1lMjU2djEtb2su cGVtMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpXpdr7LAJa8ivFjzmBY7cAyF NawbM05Ie70KdBaA2P/2MadjGuds/gPRck7OFf7b8piiQStZx/JE5iFxD78XYKOB yzCByDAJBgNVHRMEAjAAMB0GA1UdDgQWBBSQINIKTY3v3NAdSfZz3QwEjlIyJDBJ BgNVHSMEQjBAgBR+N15Yekve8QE+SnXQImffGmwWJ6EWpBQwEjEQMA4GA1UEAwwH dGVzdCBDQYIQQZhbd6vYQbkP/C1afKMF/jATBgNVHSUEDDAKBggrBgEFBQcDATAL BgNVHQ8EBAMCBaAwLwYDVR0RBCgwJoIkb2tjZXJ0LXJzYS00MDk2LWVjLXByaW1l MjU2djEtb2sucGVtMA0GCSqGSIb3DQEBCwUAA4ICAQC1VE/q3Jq0sMLgM6ONk8eE c0eqccKNYevoObsBeU9qZCDEaHEYE1hftF1ogQPUqq7nL7CyAtu0LHwsycyjir+E kmZEWpprF+mSUyxdVGRoTlSegdOJxkZ3te/veAqF4MsTHeQYFljDPIjkOFTy/JZS HZKe2e48VM2x4y2Xw81bizQA2urX2UuypXV9E/JxBNK9SCpuELv2YZwhoy5gN33P eQ4DeOkrgp5KIT/pqC0i2qc2zq91Pvt3gRJ50NJGescrx7okQY3Z3sj6aRVGWYh4 Sc4ep3qaGDhn7fWWYOSxDYxPrTYWFZKUhYH7/UClcYyp/WhfwLKHc9keRSHyGRDk 0w95fnh9eoRFkp88TIO4zowJo4VkE23qIV2cx6ioun2yIQhHNxJO1H2AhH6b21FT lL5XDlB5o8dPPy2stD/+MG/5CUZAk5QgBjMwsIXvWhUJgvUj0O8oko5bsBuokZfK ojPjBr6rMrvDoE7mgqzRHKcNQtpoc9KK4wzcEdxbz/qT7BNXMlk6QnD5AYHK4Izg HWoGVyLEnJwptWPP39UnzizU//rSAeQLIHyGh8Rb8YYpkfdqRa0bRqIDec8ZVNUG YELN8gJb4COtzjweO7hkIYzl3Edcc+ZJ7jUapSmXadpDGBUjwRATYGgOwraXFzSf Sr0nhKWTr1YfCMImjGQiHA== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-rsa-4096-ec-secp384r1-ok.pem000066400000000000000000000033561474542230700240140ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIg== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIGkAgEBBDCH/Gj9i4sF4VcPh4Wutau5g5la2pWw00FnATML1jYvLK4ovMacDmQM m8HkvE7rwbCgBwYFK4EEACKhZANiAARRP+qBxGEkhoNdErdmUIksISGtz0qs4zBO 0sx+oj65E1W8XZUG3AvaeETqfvsYBIoFKfSGIsfHWKnmm/ryYN5PdZnTApE8e1et PdtS8ltsvwz4WGJlOk/ZqyzxOjpXgdg= -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIID6DCCAdCgAwIBAgIRAOs5NaZQT8pwBvhbvV2Glr8wDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MzRaFw0yMTEyMjMyMDI4 MzRaMC4xLDAqBgNVBAMMI29rY2VydC1yc2EtNDA5Ni1lYy1zZWNwMzg0cjEtb2su cGVtMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEUT/qgcRhJIaDXRK3ZlCJLCEhrc9K rOMwTtLMfqI+uRNVvF2VBtwL2nhE6n77GASKBSn0hiLHx1ip5pv68mDeT3WZ0wKR PHtXrT3bUvJbbL8M+FhiZTpP2ass8To6V4HYo4HKMIHHMAkGA1UdEwQCMAAwHQYD VR0OBBYEFE0tNpamLgZEPKXvAeJJibrVW00zMEkGA1UdIwRCMECAFH43Xlh6S97x AT5KddAiZ98abBYnoRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghBBmFt3q9hBuQ/8 LVp8owX+MBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAuBgNVHREE JzAlgiNva2NlcnQtcnNhLTQwOTYtZWMtc2VjcDM4NHIxLW9rLnBlbTANBgkqhkiG 9w0BAQsFAAOCAgEAJ1r4BK//lksW275PFtLmlDLaFUOPczDIT0EqvAtiRdtAGOEX 6292Hb56aGC8o7eenslyvcc1wObUanJ21FQxIaF9KSRs0VTzX8vt8PVT49DhQcz9 Cv2hspGt68fukqp5lNh0GS6CVymm3SHpIJ2vOqCN6gh6OA9i6YCxyhKMjqM6G02o hbXE3LnWLXKi25TwaixEmKmgcUp9NfNCiEKdMFABnC4bdcteAI93uHgKtPVqONiP KdX7hKnbaWuX/h4ROBAOShsaR596OQdc5VasgXKdo3fHmJlnyLhrapFuLCywR11j 6G1o/7O+pixZ+85VeAFXE064UcRvbkuURqw/9eorR70lUCD+jjgLC/bUZGcT9PyV Faggdjuo4QWTerC/p2U/kRmazVezNlPUMneXDqUm0YYkp7Z5Nmd7TyTz1E/jnpXc JTXNjnhKHkMxbH6UBmFRGEtm3+AaZ9uskmRCKuiuiX33X0Dglgbfx/d2XKrzLppp U2gEI0wg15jYp5J0NiLtZv5xgAay4D1JpTASo22IKCDTeWXcsoqRKRxGMO/ZQ5/p WXI7UfO3//MSSt6FQVUfp2lgGdzAOHY/7V91DoKN9vEjn+RCIdEX1/KcrtJbWYYl QnmPM6mmBXnLYZieMbcdaIF4z0RT6HRZtI0dJ9johs8DiM6W8pWSmGjzB18= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-rsa-4096-ec-secp521r1-ok.pem000066400000000000000000000035601474542230700240020ustar00rootroot00000000000000-----BEGIN EC PARAMETERS----- BgUrgQQAIw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIHcAgEBBEIBvXvf9RiyiIFXXUgS0BZSDBNRvsXTuuBiUaYbgoTxvW1YomUreIoo 7+phCsZgs270O0pYsLCrvZoXz6VELoUvia6gBwYFK4EEACOhgYkDgYYABACHGb8A H89hVwgxgekFp6N50zu9Ad0uHrzp2Ipw+4AhTjWBqYE0nUDxSpnHXeoESji/z9yP 1Ffqa8quDqMPtJbXnQE+BepLc4xIgLrUgsuFuD6l+vku1V2CRlMXiKpLMoOwdR2w WvaZI5tXREnKWVGdLyZuWhRObR8zQhrrWqDu0cfWwQ== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIEDjCCAfagAwIBAgIRANU/yeVyvslycA10txN50KgwDQYJKoZIhvcNAQELBQAw EjEQMA4GA1UEAwwHdGVzdCBDQTAeFw0yMTEyMTkyMDI4MzRaFw0yMTEyMjMyMDI4 MzRaMC4xLDAqBgNVBAMMI29rY2VydC1yc2EtNDA5Ni1lYy1zZWNwNTIxcjEtb2su cGVtMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAhxm/AB/PYVcIMYHpBaejedM7 vQHdLh686diKcPuAIU41gamBNJ1A8UqZx13qBEo4v8/cj9RX6mvKrg6jD7SW150B PgXqS3OMSIC61ILLhbg+pfr5LtVdgkZTF4iqSzKDsHUdsFr2mSObV0RJyllRnS8m bloUTm0fM0Ia61qg7tHH1sGjgcowgccwCQYDVR0TBAIwADAdBgNVHQ4EFgQU5Me/ kwDq1VzB+JuvFkOZLuN6thwwSQYDVR0jBEIwQIAUfjdeWHpL3vEBPkp10CJn3xps FiehFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GCEEGYW3er2EG5D/wtWnyjBf4wEwYD VR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMC4GA1UdEQQnMCWCI29rY2Vy dC1yc2EtNDA5Ni1lYy1zZWNwNTIxcjEtb2sucGVtMA0GCSqGSIb3DQEBCwUAA4IC AQAnPAbkHX5yAIdp12aTEJioSNwK0onqzjbl0jL+iW6yr/00ULtbE3t14UF8oqxu hRI932pufW+EE2BvnWFEo0FEr31uneqkHdzcxBYppmrhEOQEW9ao/fztKLvkB96g JMoBg4Dk0fL3jfNf9Xs1NNTXWdITlkg1bGvQ35/35nCyh/pbuWloQlrtS1nOEPgO Q6Wlwyj76CsZG7zbOZXRt4E4zhy/fsSBcmgWghGFF882NuLvuCa/cHLhsGVfQ9pB BYTXPbtlQnWTDbDG/0w0M+W/E2NdsiLl9ROezbWvVGnXl+Jvg1b7EUy9X/hwerve IMD9gmhNYVzSuzOJCdbnC5cu6h4o/XWp62IXphQXNUjK2eaAe9sBEtPlmdfnAUni ihlx1O/VgaDTT37of1oAQaGSvI+eLxF8p6qyRqSi3ajo3f6jE0zaoS3afRked9Eq saBpsIp5klbnDTkHogYfhExRRvuvC85F/z7BrDZ9siakD6XdGp4WuVZIYcty3S6b eFPhX5AlxdfxGXlKW6CvlpPaMXSn40Dh3Y6G/CFgtGWRnDnGFg2lcKU9Jr+XFBR8 KS9dMMHUVkNbv4JbbeCiJNhva3zMbTBERIOfoFv6jgwQ1i3g5eN/j7Q672e9qkKg rOrwk6i0hnPaIcDH+Et4AFbQNhhlNB/617KcXJCWytkxoQ== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-rsa-4096-rsa-2048-ok.pem000066400000000000000000000063661474542230700231570ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAzgPqFCqmgAAnlWNOz5kAOzhU8dM7rZ0C9cFNL6BD1OZYzXPJ m6D0VYzYFCa5VuTW+2RXnUbxCx9uf/3p3arhKZIq3piCHcDN4Z7f8JYSgQsNJ0IW 46Is+fvRYh3vrT1Ferb+QX4xtS2WV5m9Q0yqNP1AlpjXTU8Rf6KHv6EozhNkkHDY XYlv3QE0Pyz39GRg5OD6Oj3Lngn8UbP4yriQCB/Fb0dPAnIm2BJ7Snf52u5WR4Oe tz3xl10MI8r3WWzOKN3cZjs7MGgRVnHUlT3Xa1OzvzWMNL6dZOs0cOAIbtt9OLYM Xsq4JYi19zxn0OAvpEz8CZ5VhQKF9juCXme4JQIDAQABAoIBAQCqJEd1AkhiHD6U vOCAyP6M6hgVY/u8hZjFODCz7as3sEmU3FSbyFEiOmDWO6kD35jBI/zL8qPuKLZM 1HoJzS+J8qKfFdsYEXy3IkwWWQrNMkBZtNZMh0qX5mXln42rSJgSIgFYO4138T9h 96F8bFuBycpG1dGykmOEQsnT9JhLn/K9yYvfmfHd+RSDY5LbZ8WMy9MAzWcEoSwS xshVdH+56UrUjIZLV9EOGnoSoZCfgrFMAc+xXpOw9DH95UQ5jEAZq8fgr5HakaU6 pugTK6PlQZeVIZ8e4gnlTxu9iXcpCOqgi76dDMNEopJlpNuw9PLihChESS6FCWHI YWLCnhFBAoGBAPEUhRt8W1CIir4Udn/iDrqjATwah5j1BLPHEbk1tjzAQ5i1AYa5 Mng+W0YByBXTSnX2OKVM6q3MN7EhOpdx9bKAkbljXsTYbyjMOw4S66PxO78O9oGQ zhzWy0bbbhM9mE7Gyr5dZj4mIUjcy13pbwGkDiZsrcfgboTC+Jg+zBWVAoGBANrD 2tqjhgEipOMNzJRjlHiDR9AwT7V40YRm63hCDwwvbQVmcKie7HbU9CtqxYwZEWQI wtB/PmzRNvvTxpAzcUEUdEHKW2I6KHZv3k5THn6jd62YpMTMQpuQvEyrICN3Ys5x NTsJA9+vssRTCXuoDOd0M2m6p6KPzPYx9IW1wFRRAoGAdYpMr679EpHQG4b8k7NS /RpWkshYjnH/3etUL9oJRSt0ibLO0LHg8pFsjQB3XnTLHCJ1UdrjnOMx0BHkcExm v6ZB5oKVhSIFaH3S2TTOYPtP5wJTm65PX+415BE+ZPEmHlp8JT6CiBCtL8o++UXE Eqe7Im7gd9Br8hzhedE8TdUCgYEA18R61FCat/3ygVu33tfEtYROTUGJLKTIiX11 W7xT2SHhtoTOMxHkimQJm9UImOCUrYSSmVAXQv6q64B6BPooBxdkfwtWTLCt/fri WYBTwHX8cUTvpocMXyFHB5t07GYxFwrDhMGkh3hkqox3+vXKHHMYznxiIM0SS/UD hum3k7ECgYBYaW5BK+XVLu6VZV8myT0YvKUpqbm/aEPxyzpMWgzpp2F6Fw3tNPk9 ssiYo8Vp9+F/y1gl//jzL24p8x78zS6aTjS0Z8YAGLgjisXawUgLyZyACATI3uoX argCXrcJBTWwhYu+Z7FjLi/opMp8um7CN0hTC8AEP4pAEglwd/UPxQ== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIEjTCCAnWgAwIBAgIQLfxAz8+0iTzRhO8ExbSQBzANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgzNFoXDTIxMTIyMzIwMjgz NFowKjEoMCYGA1UEAwwfb2tjZXJ0LXJzYS00MDk2LXJzYS0yMDQ4LW9rLnBlbTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM4D6hQqpoAAJ5VjTs+ZADs4 VPHTO62dAvXBTS+gQ9TmWM1zyZug9FWM2BQmuVbk1vtkV51G8Qsfbn/96d2q4SmS Kt6Ygh3AzeGe3/CWEoELDSdCFuOiLPn70WId7609RXq2/kF+MbUtlleZvUNMqjT9 QJaY101PEX+ih7+hKM4TZJBw2F2Jb90BND8s9/RkYOTg+jo9y54J/FGz+Mq4kAgf xW9HTwJyJtgSe0p3+druVkeDnrc98ZddDCPK91lszijd3GY7OzBoEVZx1JU912tT s781jDS+nWTrNHDgCG7bfTi2DF7KuCWItfc8Z9DgL6RM/AmeVYUChfY7gl5nuCUC AwEAAaOBxjCBwzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQ8n/SDLFKBtRAK4oIQtXNj ecyz4zBJBgNVHSMEQjBAgBR+N15Yekve8QE+SnXQImffGmwWJ6EWpBQwEjEQMA4G A1UEAwwHdGVzdCBDQYIQQZhbd6vYQbkP/C1afKMF/jATBgNVHSUEDDAKBggrBgEF BQcDATALBgNVHQ8EBAMCBaAwKgYDVR0RBCMwIYIfb2tjZXJ0LXJzYS00MDk2LXJz YS0yMDQ4LW9rLnBlbTANBgkqhkiG9w0BAQsFAAOCAgEATz5sOgzIs9yT5ZJZOfQw FU8n0npQBi35yvecoYFgl32g72X9X94CkEqxgZE9fBcOSqovI67Ef/d6g6JeGdnd UyoniaGhHZke1GPxkqa/c821HebNgSGvPGaKwuR8luRwgMV4PZMvWXJize85KbSG Enq9YW76n9amZIiVBoWpiuTN76TiJydrJieIcHBS0mnHVYuzYSSCGG3sax6p8QDQ urxsHhNTrSJqVEzOC6Wm/dQwtfMqYCf8sqRPVAS9JI64/WzpOllBJZhqdGkaz2YV /DcvvUugdY8soawEEQund3pbyRsYWT1/oSYfMfUXpuWuAxipTBiJsZF9ldW6NqCt JRD0b0Cl3FxthpXpuHDG+XQ4krBbHIqKdGOKDF0SP+ZWi9lPEoVhfXn71WXBb/N9 JwdfyWeuOUGiOJnvn31qpXVaywqpDH8MaXQfy3EtN63sU3Kv0gdvOYmG+IAmjioi ugiNT4xNi80E/No49VWU9zZKcLIbLRTCjjM0UhQkGNAZF+kpuZywWRs7NrhcqS7L oDNoDw3bqpVF+d6uqie+/dPmqtPR8yWaxGNGXN2YZKwHeViaXDRDygq9/CCpLBf0 gG1SouK6BXD2+itfsAVnvFvO1mC6i/3oHVl72EhMBamVBDXN/bmOGAfHi69X4AEL KA2wODSoQn/+MJA/LsGAWu4= -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-rsa-4096-rsa-3072-ok.pem000066400000000000000000000102551474542230700231450ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIG4wIBAAKCAYEAvXRTOw2SYwUsQ3HxCZJHgOIFQO4RK/Uaq1vFxxmUWQZKbVCn Egc1rANWX/KOvJ2gqPbWbIFmT4QQhLhDgFvz+vPN6pYuee/utlC/YlXAtTzMast0 4Gpn5JsAVayOOByhxDI8r9NsIPsHABtq7WbL/INATKUB7vV/v+Q0BeoHfT9POVgn EsjV67qw8BP2t1d8OVezfPfA9I9xfuIwp0Y5e1iVEbDEoRgbHFCj7ozh1pCK8CMA t5UjX45CbqnYUj7pEEujqH8/9jo+vZLM6dio+bDZPn1S+XrWN1yaqxTega/J5s8d f8oDhHyHq4KtIuerJaZDeZC7izx2qrNvhWUTLhA17H8MceM9VPxfho3DkRZxJpMK tRcv9oDyEDcVW3TylK/mvuMf4G63nRDfR7JmEqDIwvkOnwKce+VNfR5tVwT3Zs+w 9Zac4n5VLvmdnVShTo4UOn3wA4oUJaJqSuNTb54aWRImHfgqzd6XgcLgZI7PLdPJ H0moT1gqjdy1PBAPAgMBAAECggGAHT5Lap4Zrncp8e8wiY2uw9IfhXo55FMdHr43 tRfZsjQqYN1GLJ44RqjtODo0liCun+YaCv2eUT/NXO8kXDfVXTMs4bz0x5WlfzbP k9owuMj9tK5bCBjkmIDkeFT+TuL8hVBL1cgItL6KwhV5V9O6QOvxjOMbfUsfwPr0 nMUXCtou3GcjAN9HRe+3SBeMyZgTcLZ82hlUC2vo1PENGYTZcpSlzek/MK6L4L8B ztyoL3p4N8DvZ2b54tIOpw5IecmD4/rdYefxgRjfGTpyIEozbTRjILLtWNV+PPzr Aa2BACsKOzWYDjS6JU9JcxNdJVaxWpn6E1vD06wxTTvwi4CMI9smeodXtV/LS2yk vqEOqKK1FupqCmWIU9P+VvZuUO7jn5fH4XIs8FUTT+qp/pWOmC1S6nLsXdVY40/C vwAxEsAhyLiC4dm+HUTkM9aaZp2mfFtkHHCxuWyz/oFMa6QH9xjtLZOitLcZstIK t4Ijg7E1IzlPUIUfr4boYhg1/dBhAoHBAOyCHjkiLmeqw68JNOyVnYDxZTY/tntX 2DUl3s9scgvQvgMiCBdxEQaq+NcjVNXcYPanMSOzj6HhQlzd9TJhDEAcS6lm0N97 8OqmbuM7iYhwQvzoka41ulDc/MkGZoJFLlb+AO5cxZruW35cbrpr2vvLvJCG2DOh qYpkSjKEc39IUnrhsE+d0fENcaiaIUfpXMOSDsxAuQbTE8Siqr3Ovxdo/I74dlWP aaldi6wyov+0glJnnDYWNTsGf1Unj4B6fQKBwQDNEXVSE2Qheu1JnT9y4MMCUYN+ A/ZJOZbL+mdE0Y4Ga7CG20Lc8JMV0s3VXTatHIf/8X1/7WNlwyN25nBRKoB90AWm 23DMayDOjQCmaeGFBWPfYPVpsBf6j46PciTK4hzAMKVNfJMYz1Mv3Puav/wDZiCM l35fMDDGkVv/HSml5z8rCVfyR7/vPTn0B95j/oX8NWeFzemywjOegvbL7h+nPgRr bwNJBX37NeXV2HBDoeV+o0d8rQQ4fgIMQSP17nsCgcEArNw9cszE1gg9lgVIpVKF F+VXcFsI6QW/hLj1LO26PWCIQInzGA8PvqvfzH6KVvUH+b8hb1KiPFMDyhSATh4Y chM8SchYCb/wydBzY6n0T8CddXQWZhnm34tlRxhie/xMblCgJZew5hgozyaH18FV AIxcedXU14fk/r1mbZ3ZPMKDZkTmNIrJE0IcPHrKsGCj6F0sa6UylwZXgHTUDn65 tEaLsYNwGgED3UH+ABHSiMpKJiiMSAvbRBTvpDGR9PmRAoHAMfO6vE906KLlAjWH qxgM6JeqjBuy9otMrEtGtIDHM9EvounuE5uWeI5tDTgzhV+Z0UKl62+L8tHh5aik W2EbA4qUldyGUYUW7Ll0GxVXleuGNHeN0DzQ2nv1ogOP6svBbR9sZL+fpT97aAFQ WJXDcaCC9TxB0DYQ642k9zPHXV5DCNyxy5amrkQfxc3U4k6xnIn1uaY68wxTPp1w OKS8mSSGNxVHm5X25iZu4fRjBFZ/bKWhWEFc8dXf8dQ8Sj/ZAoHAHZotPnbUCtwl GAgxfcG/NmOA8x+p49iYa6q2JnflqnggKWmnX5zAxLCv3fnO5tL8wzulTOtNt/jg gFgOyXzDwT/oM4M9easfXzWqLBSRvHkaSX7eZX1C2h1ZxTutb4PpqHxAuw9pPVlj eKF7aCV6WA3vt2qdnL7ulNZGjih6RKzQznzuTk5VQpdWOuBt5xaqxn+nxL9eNR9A o1PN5/G8vTGMAbl3V/7eAiUJtpr9jRtnHX2JeCCsCmXMP2r1lja5 -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIFDTCCAvWgAwIBAgIQWfPVkxLxmMwW9SwmQySLdDANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjgzN1oXDTIxMTIyMzIwMjgz N1owKjEoMCYGA1UEAwwfb2tjZXJ0LXJzYS00MDk2LXJzYS0zMDcyLW9rLnBlbTCC AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAL10UzsNkmMFLENx8QmSR4Di BUDuESv1GqtbxccZlFkGSm1QpxIHNawDVl/yjrydoKj21myBZk+EEIS4Q4Bb8/rz zeqWLnnv7rZQv2JVwLU8zGrLdOBqZ+SbAFWsjjgcocQyPK/TbCD7BwAbau1my/yD QEylAe71f7/kNAXqB30/TzlYJxLI1eu6sPAT9rdXfDlXs3z3wPSPcX7iMKdGOXtY lRGwxKEYGxxQo+6M4daQivAjALeVI1+OQm6p2FI+6RBLo6h/P/Y6Pr2SzOnYqPmw 2T59Uvl61jdcmqsU3oGvyebPHX/KA4R8h6uCrSLnqyWmQ3mQu4s8dqqzb4VlEy4Q Nex/DHHjPVT8X4aNw5EWcSaTCrUXL/aA8hA3FVt08pSv5r7jH+But50Q30eyZhKg yML5Dp8CnHvlTX0ebVcE92bPsPWWnOJ+VS75nZ1UoU6OFDp98AOKFCWiakrjU2+e GlkSJh34Ks3el4HC4GSOzy3TyR9JqE9YKo3ctTwQDwIDAQABo4HGMIHDMAkGA1Ud EwQCMAAwHQYDVR0OBBYEFGOEwRZNu13M69hUv4CZCpgqS/uBMEkGA1UdIwRCMECA FH43Xlh6S97xAT5KddAiZ98abBYnoRakFDASMRAwDgYDVQQDDAd0ZXN0IENBghBB mFt3q9hBuQ/8LVp8owX+MBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIF oDAqBgNVHREEIzAhgh9va2NlcnQtcnNhLTQwOTYtcnNhLTMwNzItb2sucGVtMA0G CSqGSIb3DQEBCwUAA4ICAQBueIqjq4hM173+jW/urD0Q8+SIOCi3cBnmwv42TYW9 o+NUonP0XQ8APKLcaKaKY8OsccuV7Gwrv5a/hKy5cg5cfYcQvLWMqulWOZA3cXT4 48AgWC6WPz8m1dV/AIIjnltv2N9nWMqrvD3ag8MEKEn/XApOnE6YLpDMzym7Jmne biA9I70TOtWybyZ95RJVStOOVWou262FdwbjKLfrec0bu8jRAJxJRvImZUfKp1it Vmk0pkkbUl62kFIu4+xfhbCD8IUmv7NnRh/sOTWXt8N5A2p0epUAuBTYnup2Xcam 2Mdx+7sOlQ3bShpq6nL0MnbZM0tLVxNTPiSh5iwujE51eal6cwrGDrJw1yzel92J soXKI15F8HaTjC4cXS8xnnS+XHGyg5Q8e0nZwgS+UO5Cx62aRUFiDkHdTD4kRT9u OZfFcejfx7JNsOqs5YpUytuZinYRU68hUeJSpf04ZuzMHMenDlyn/JC3cncdkj1x wwwk+iOpMHhb426qiYDdJvNoHPruCQB2z9Rwe4vbNaGZjXK48nGCmzK4bEDMQoX5 fqj9nt5nONQMd4wxIWFDzx5CoKW1aEtpdhe4vAogkXVlvW18iM693F+y6WIGe4/B aIA3Sp4fL2X5As0vPTlYbyFWjv9AFuVnLfJJTr0clkKn5/lOuW3V/rtq5mCAUIHG qg== -----END CERTIFICATE----- tlswrapper-20250201/testcerts/okcert-rsa-4096-rsa-4096-ok.pem000066400000000000000000000121531474542230700231530ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIJJwIBAAKCAgEAvyGn5FCLgLFUp0//+NlaBWTGVr7DTpS85stVjRH9yjf9HR3B XXXqD9q6KN59VwhGmzxcE1mDdnzTpovsCTYB/ruvQy0pYKqVqnRDsvQ4pzXX1QBz HIKOTgW5+eVZpXfqINez/kjFQDJVLr6LbjEhOIjgXTrwWBKN7Yo43lhq1qDDistv NA/9Gi4qa0OS1ZMw8447nWnf0jewve2ZkNmpmt6GIb/x6KA99ponzUD3EBMwr9JH E6EYp+b/Z9ZRhNwdY4uKbeTnxVntNKx8LmHZQNbjNkltQ4a7NWRlt/A6mmQwDlHg 44yrcbVJHlnEvDiMheX4WpZygscaUuMWHGvrrmUJsarNiOC+9K2qBETPltA0E+1A dWBKBg38XFKJB5U3j77bYI1d/2uDrZMoSAk3kDOL/wqY2RVJtXykyTLSHSsR4w/r K9YbD99orR5QTHKO5s5sxLIAa1EWYyACtMyHssSUfC2VElWnHRseIXwTeKdrYxt+ VRH/8ZClSSYkBrNTarEO7J81ZVh+0Mi0q/MliYQPaqBbyT7tCSbOAoR0dfXNytAi OnGVA0aG7B5lUve8v53mPZE5vwrjqrgSoM4YyczOdKvlVJ/GKya6ZjMwgCFF10jX FF1Rxhp7ufGBuz2/YIBfbFCYAtSlwxJEezzB66hpc9rLNs/atatYB2NkQpkCAwEA AQKCAgBDVWgAVx/ORqq8BsL2uBuuqsH07V+A34VtCVUqTZxLEU5qY4Erm87JpxTO MROXBaNaLPmDF5XouDEYC1MsK4qoYxZrZA2fsHjpg+wVr1QGFEHlGDN1Z8kaU4oh L1tVn9krmNIgUyKqaxD3VsloGIbLk+z26zygymiVtowySJPa6Of6jZCvlrJj9r+a 6kNgWmp0Yzc9TX88X8I0JvBix0uo85vtZ+GhQlKR/dznwmtHjnsodbv0flxhSk/Q FQDC/Yic+RvbezjrnbKjS+CztmUDIrEI/vUvRNfPB3+OPWNn4MPNR6sifvwnIuaP erCEXqeixFGqGDZfPCVZ7gZsHNj6CkUmZb3/YVu14pbQhoLFvd5jHOUD/cSjV12g nZX/tDu82hMv3T0z0a0rjAHFVqtuAShcAlKTiKApUbDBduIjHmgQ5R4hpkFN0vIy 0hoToxhLfvtFzLDN2pjCkTXaveQnKoZBexYTtua91TGj4Pu6E8paR91hf1F42wVH 1WVkBEL6/ofHl7azwol2WAjTTB3R7fHiVXnc3k6sMb+kcp1OU8Goqh1s4oOksiYW dPgHvpJU4ypTb5yXnL1xDgSWnA9QGOtWAlQJrOD4LCTsgIXuMX3kRyzb7CFLkshH +K0wQCFBAaMEtSP2lU/tEkhuIIGvYkFjw1zC20zNmw/xNVb+wQKCAQEA+VM9jFYp hxqjrWbyoDZW4iWBh9iUWTk0h9JsPfiElFuqfHE/MBoejGWyqmsXibuhmFfkFmFQ dNrm+0ONoCV/DtZWxJNonbLxZvHXc1dqy0USYdp0u91ENaVULybiO7cYR6z/tkmZ nP2KEKcoo2wcELSw6VP0QdBDaJL/OQhdmunq8fIclkTm1MYHfHkNhxlX3KfnBQUT VUK+GqJiKaJ9l7BDj3n7nG1AYUOMtLVnKgmYXdqd3XtzGT/K5RSTv4tKRrDU7xk2 oiu2C5aKgpM98Hsso4EHyTfhFQtqJ0mV7k2pQ+KLXrSNTW0T9aE5y1SLugSxQ8oe Q/lqDFRuwQTdGwKCAQEAxD+VLG7M0XJiZ+erTt+46kkbDX+kUrkqoJY+5xMdPCnx b6c514grN89rSL8gQp/k4vu4jSiRBKCjBRUW8TFirCn+C08sBRped8EazzKnI9/B XFoyxzp0J0EwibDvQ6eQ7CryEp7d4KQFsQ6OMeT6Ie4RnfHbyy+W9HdhOcd29ZAB PN07jMXJ/Owi31A//HIMRIuzx7uhPikzcpTCvza6Q1OtcTMUE/OzZZZN53yCWZAq YfBoPZbU+hmFOA1vKAipenUZHE8WtOzlb/kvMFI6qDsUUy78KESQh50To09JiAVO iI0hQOqaU4YB796uzglRVw5LrHcA3JrD/nyhRMmeWwKCAQB0Hbpac35ft55nEb0J tIT+Sa1r0Qg2DZhTcUKMEgPc/FwIHM3q3x8/D9YH3FxX/xShWL2XVrcb1R8iAjIh VZU5GcXLQ0PDviUDZrqKszm/dWm8PPuEyuYLffYZB6jxWrJqHz3wbZKnNMVqQA+D HMRtW1nRMRJe3FmoiF1o+GZv0WVkTPfXXDuM+LVf2RjdxIXQ9Dl5cwWv/ad/zASf k1een663UX5HOfJz2fvb5WgogdN+UmSXU/kk1zrtOYod+QccqRpiSIHTQTxFZVUY vu5n41XEyEESC34+SNSle3XiSDT+srFp5/ivCI/1I6NA+R0iAzFzetxhl/U1zNTP /C3lAoIBABbf7mxicd9L/Optl4s3Cp/Ma6nUIfw+dxiGysg2cybrIKhKDrTvu1Hj DHdLR+BcMNrASo+xlc27R6U1AxqUDhNRRbpdvRzPKQm+aXiTR+Ynk6tHHDoatyVI NPcnt4vkQUE19Ed1WxlvJPaxYqOwM/O2gzks0tjJMEhIjf2lIVmYMny8sM9E0rl3 cM0k1oB/bqyiuA7k8POE6+lEK7sMDwQAAex67rEwq82Aio4b9jmoUzhdRFlBdou8 Y8nXzwgUkmSit42ULmpiXpABtJ1mSE4JrOHRTTUIYOxdw8c6W7DOJYxHHwQpFFn9 +cXS5/8+GMwT74An0uLj60qDjmytL5cCggEAQvXZYEIWC/OzY45HAQhVbtbufaME zO9kAUPOnVk6NvzWyfRcAP/5/LTxIWBuJ1EHjqfq2scstjYxmAOgesMdlUPVF9tS Csu6fEjOEe1W/VyPKR0D3TrJWTNxiBOg+QZbBtJbs+3KC7JBIzkOCfDUhWf/AF/Z oQ0T+wDCfyJArwAEANHYjR3OWlKo+Jrck3q8H3awrqd2QRCt3aLxsxPqWItD1CWT pcYDArq6Lx01gE56mEBgn+Vph7IZ3pJ5EUhVphjLGba5QRAx2rZ+qQ/Oqv4upWRH I8fzmhwf3DjZx3d8NtiiZ9+ywzgzUEPZgYAq/ztk/afAinlzOSIO9l4WoQ== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIFjTCCA3WgAwIBAgIQN8d/PjTRhhPs1n/mAZKuLDANBgkqhkiG9w0BAQsFADAS MRAwDgYDVQQDDAd0ZXN0IENBMB4XDTIxMTIxOTIwMjg0MFoXDTIxMTIyMzIwMjg0 MFowKjEoMCYGA1UEAwwfb2tjZXJ0LXJzYS00MDk2LXJzYS00MDk2LW9rLnBlbTCC AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL8hp+RQi4CxVKdP//jZWgVk xla+w06UvObLVY0R/co3/R0dwV116g/auijefVcIRps8XBNZg3Z806aL7Ak2Af67 r0MtKWCqlap0Q7L0OKc119UAcxyCjk4FufnlWaV36iDXs/5IxUAyVS6+i24xITiI 4F068FgSje2KON5Yatagw4rLbzQP/RouKmtDktWTMPOOO51p39I3sL3tmZDZqZre hiG/8eigPfaaJ81A9xATMK/SRxOhGKfm/2fWUYTcHWOLim3k58VZ7TSsfC5h2UDW 4zZJbUOGuzVkZbfwOppkMA5R4OOMq3G1SR5ZxLw4jIXl+FqWcoLHGlLjFhxr665l CbGqzYjgvvStqgREz5bQNBPtQHVgSgYN/FxSiQeVN4++22CNXf9rg62TKEgJN5Az i/8KmNkVSbV8pMky0h0rEeMP6yvWGw/faK0eUExyjubObMSyAGtRFmMgArTMh7LE lHwtlRJVpx0bHiF8E3ina2MbflUR//GQpUkmJAazU2qxDuyfNWVYftDItKvzJYmE D2qgW8k+7QkmzgKEdHX1zcrQIjpxlQNGhuweZVL3vL+d5j2ROb8K46q4EqDOGMnM znSr5VSfxismumYzMIAhRddI1xRdUcYae7nxgbs9v2CAX2xQmALUpcMSRHs8weuo aXPayzbP2rWrWAdjZEKZAgMBAAGjgcYwgcMwCQYDVR0TBAIwADAdBgNVHQ4EFgQU HQt6ijehAYSk6PN5vkEXpUcAdu4wSQYDVR0jBEIwQIAUfjdeWHpL3vEBPkp10CJn 3xpsFiehFqQUMBIxEDAOBgNVBAMMB3Rlc3QgQ0GCEEGYW3er2EG5D/wtWnyjBf4w EwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMCoGA1UdEQQjMCGCH29r Y2VydC1yc2EtNDA5Ni1yc2EtNDA5Ni1vay5wZW0wDQYJKoZIhvcNAQELBQADggIB AL61vfkuAUDJMYLUpPJ6SUbK/QIKoCS376tRSI3mcJpPvpWc+PhnZ1Ibp4ZP1AZ7 vow8Zhy7VuEDAco4krLRD9FqAcmi15aoMdghxLwsOn1f1wltIiDZ7c3OWyI7uTUk dLFDycdnEgiPs3k+q1cfOxzom7XFQ/g/p5zcbeUgmJ0AHXQWYDcyjvqLVxgDnNyB 7/mi26KSjz4lU+kPeAaIrywmjemwWkZcvgBIY/TiWe+X9X83nyURERALSWwBXOnu vkaY9ksNgxbVqprBe9uppCoW7IGlZ/MO2IrvJdfBIUU250IhXF1YojdTnPU2WZ/E QKfi6KtXGoUPSOZfCMqPrGHFTt8bmKdHrz0ao3tmxrM9DsvH83ZLEe9KSuxhyHkV FwO1D1dy+QsaakZpW8Cnfu7d6y4AsTpkbahP/6rPKPl0eR2MLfTVYTicbsD5L9MD A0moTy/P7elZoAyf5Jfu43VFH14lvQclAqBA2eYsdtn4cjIrGx98jGkUGF2cSkkE iBI6vfoxZVaTIN4WVE8yiK9QNevNqRjD98p9OwFdJsrXhA2/0IoQ38h0FAaAMs/L aTAICtXze6IrfLJ1P/2Jh5zHlAFqlc9KcG2cn8v1770G1geYl0KGbla32xk8LzW0 LzzjqExeYXcFT4vsWJJ30QHdb1xKohOtNbDWhWvtEX8B -----END CERTIFICATE----- tlswrapper-20250201/testcerts/server.sh000077500000000000000000000031601474542230700200470ustar00rootroot00000000000000#!/bin/sh set -e [ x"$1" = x ] && exit 1 ca=$1 shift [ x"$1" = x ] && exit 1 type=$1 shift [ x"$1" = x ] && exit 1 size=$1 shift [ x"$1" = x ] && exit 1 name=$1 domains=$@ umask 077 tmp=`mktemp -d` [ -d "${tmp}" ] || exit 111 cp -p "${ca}" "${tmp}/" cleanup() { ex=$? if [ ${ex} -ne 0 ]; then cat "${tmp}/${name}.log" >&2 fi rm -rf "${tmp}" exit "${ex}" } trap "cleanup" EXIT TERM INT ( cd "${tmp}" exec 2>"${name}.log" ( echo "[req]" echo "distinguished_name = req_distinguished_name" echo "req_extensions=v3_req" echo "[req_distinguished_name]" echo "[v3_req]" echo "basicConstraints=CA:FALSE" echo "subjectKeyIdentifier = hash" echo "#authorityKeyIdentifier = keyid,issuer:always" echo "extendedKeyUsage = serverAuth" echo "keyUsage = digitalSignature,keyEncipherment" echo "subjectAltName=@alt_names" echo "[alt_names]" i=1 for domain in $domains; do echo "DNS.${i} = ${domain}" i=`expr ${i} + 1` done ) > "${name}.conf" if [ x"${type}" = xrsa ]; then openssl genrsa -out "${name}.key" "${size}" fi if [ x"${type}" = xec ]; then openssl ecparam -out "${name}.key" -name "${size}" -genkey fi openssl req -new -sha256 -key "${name}.key" -out "${name}.csr" -config "${name}.conf" -subj "/CN=${name}" sed -i 's/^#authorityKeyIdentifier/authorityKeyIdentifier/' "${name}.conf" id=0x`sha512sum < "${name}.csr" | cut -b1-32` openssl x509 -sha256 -req -days 4 -extfile "${name}.conf" -in "${name}.csr" -CA "${ca}" -CAkey "${ca}" -set_serial "${id}" -out "${name}.crt" -extensions v3_req cat "${name}.key" "${name}.crt" ) tlswrapper-20250201/timeoutread.c000066400000000000000000000023241474542230700166510ustar00rootroot00000000000000#include #include #include #include #include "timeoutread.h" /* The function 'timeoutread()' attempts to read up to 'len' bytes from file descriptor 'fd' into the buffer starting at 'buf' and waits at most 't' seconds. In the timeoutread() function is used select(), because poll() doesn't work when RLIMIT_NOFILE is set to 0; */ long long timeoutread(long long t, int fd, char *buf, long long len) { struct timeval tv; long long deadline, tm; fd_set rfds; if (t < 0 || len < 0) { errno = EINVAL; return -1; } gettimeofday(&tv, (struct timezone *) 0); deadline = 1000000LL * (t + tv.tv_sec) + tv.tv_usec; for (;;) { FD_ZERO(&rfds); FD_SET(fd, &rfds); gettimeofday(&tv, (struct timezone *) 0); tm = deadline - (1000000LL * tv.tv_sec + tv.tv_usec); if (tm <= 0) { errno = ETIMEDOUT; return -1; } if (tm > 1000000000LL) tm = 1000000000LL; tv.tv_sec = tm / 1000000LL; tv.tv_usec = tm % 1000000LL; select(fd + 1, &rfds, (fd_set *) 0, (fd_set *) 0, &tv); if (FD_ISSET(fd, &rfds)) break; } return read(fd, buf, len); } tlswrapper-20250201/timeoutread.h000066400000000000000000000002001474542230700166450ustar00rootroot00000000000000#ifndef _TIMEOUTREAD_H____ #define _TIMEOUTREAD_H____ extern long long timeoutread(long long, int, char *, long long); #endif tlswrapper-20250201/timeoutwrite.c000066400000000000000000000023571474542230700170760ustar00rootroot00000000000000#include #include #include #include #include "timeoutwrite.h" /* The function 'timeoutwrite()' writes up to 'len' bytes from the buffer starting at 'buf' to the file referred to by the file descriptor 'fd' and waits at most 't' seconds. In the timeoutwrite() function is used select(), because poll() doesn't work when RLIMIT_NOFILE is set to 0; */ long long timeoutwrite(long long t, int fd, const char *buf, long long len) { struct timeval tv; long long deadline, tm; fd_set wfds; if (t < 0 || len < 0) { errno = EINVAL; return -1; } gettimeofday(&tv, (struct timezone *) 0); deadline = 1000000LL * (t + tv.tv_sec) + tv.tv_usec; for (;;) { FD_ZERO(&wfds); FD_SET(fd, &wfds); gettimeofday(&tv, (struct timezone *) 0); tm = deadline - (1000000LL * tv.tv_sec + tv.tv_usec); if (tm <= 0) { errno = ETIMEDOUT; return -1; } if (tm > 1000000000LL) tm = 1000000000LL; tv.tv_sec = tm / 1000000LL; tv.tv_usec = tm % 1000000LL; select(fd + 1, (fd_set *) 0, &wfds, (fd_set *) 0, &tv); if (FD_ISSET(fd, &wfds)) break; } return write(fd, buf, len); } tlswrapper-20250201/timeoutwrite.h000066400000000000000000000002111474542230700170660ustar00rootroot00000000000000#ifndef _TIMEOUTWRITE_H____ #define _TIMEOUTWRITE_H____ extern long long timeoutwrite(long long, int, const char *, long long); #endif tlswrapper-20250201/tls.h000066400000000000000000000161671474542230700151500ustar00rootroot00000000000000#ifndef _TLS_H____ #define _TLS_H____ #include #include #include #include #define tls_MAXCERTFILES 16 struct tls_pubcrt { /* crt */ char key_type; /* BR_KEYTYPE_RSA or BR_KEYTYPE_EC */ br_x509_certificate crt[tls_MAXCERTFILES]; size_t crtlen; /* ta */ br_x509_trust_anchor ta[tls_MAXCERTFILES]; size_t talen; }; struct tls_seccrt { const void *key; char key_type; /* BR_KEYTYPE_RSA or BR_KEYTYPE_EC */ br_skey_decoder_context keydc; }; struct tls_certfile { const char *name; mode_t filetype; }; #define tls_CERTFILES 4 struct tls_context { const br_ssl_server_policy_class *vtable; br_x509_certificate chain[tls_MAXCERTFILES]; size_t chain_len; char key_type; br_ssl_server_context cc; unsigned char iobuf[BR_SSL_BUFSIZE_BIDI]; uint32_t flags; /* anchor */ br_x509_minimal_context xc; char *anchorfn; const char *anchorpem; size_t anchorpemlen; struct tls_pubcrt anchorcrt; br_name_element clientcrt; char clientcrtbuf[256]; char certfn[1024]; struct tls_certfile certfiles[tls_CERTFILES]; size_t certfiles_len; struct tls_pubcrt crt; int flaghandshakedone; int flagdelayedenc; unsigned char tochildbuf[1024]; size_t tochildbuflen; unsigned char tonetbuf[1024]; size_t tonetbuflen; unsigned char tonet5buf[1024]; size_t tonet5buflen; int netclosed; int childclosed; int flagnojail; const char *jailaccount; const char *jaildir; unsigned int version_min; unsigned int version_max; uint32_t ecdhe_enabled; const br_ec_impl ecdhe_copy; size_t cipher_enabled_len; uint16_t cipher_enabled[16]; }; /* flags */ #define tls_flags_ENFORCE_SERVER_PREFERENCES (BR_OPT_ENFORCE_SERVER_PREFERENCES) #define tls_flags_NO_RENEGOTIATION (BR_OPT_NO_RENEGOTIATION) #define tls_flags_TOLERATE_NO_CLIENT_AUTH (BR_OPT_TOLERATE_NO_CLIENT_AUTH) /* tls_profile.c */ extern void tls_profile(struct tls_context *); /* tls_error.c */ extern const char *tls_error_str(int); /* tls_keytype.c */ extern const char *tls_keytype_str(int); /* tls_version.c */ typedef struct { const char *name; unsigned int version; const char *comment; } tls_version; extern const tls_version tls_versions[]; #define tls_version_TLS10 BR_TLS10 #define tls_version_TLS11 BR_TLS11 #define tls_version_TLS12 BR_TLS12 extern int tls_version_setmin(struct tls_context *, const char *); extern int tls_version_setmax(struct tls_context *, const char *); extern const char *tls_version_str(unsigned int); /* tls_ecdhe.c */ typedef struct { const char *name; uint32_t curve; } tls_ecdhe; extern const tls_ecdhe tls_ecdhes[]; #define tls_ecdhe_X25519 BR_EC_curve25519 #define tls_ecdhe_X448 BR_EC_curve448 #define tls_ecdhe_SECP256R1 BR_EC_secp256r1 #define tls_ecdhe_SECP384R1 BR_EC_secp384r1 #define tls_ecdhe_SECP521R1 BR_EC_secp521r1 extern const char *tls_ecdhe_str(unsigned char); extern const br_ec_impl *tls_ecdhe_get_default(struct tls_context *); extern int tls_ecdhe_add(struct tls_context *, const char *); /* tls_cipher.c */ typedef struct { const char *name; uint16_t ecsuite; uint16_t rsasuite; const char *eccomment; const char *rsacomment; } tls_cipher; extern const tls_cipher tls_ciphers[]; extern int tls_cipher_add(struct tls_context *, const char *); extern const char *tls_cipher_str(uint16_t); /* tls_crypto_scalarmult.c */ #define tls_crypto_scalarmult_MAXSCALARBYTES 66 #define tls_crypto_scalarmult_MAXBYTES 133 extern int tls_crypto_scalarmult_base(int, unsigned char *, size_t *, unsigned char *); extern int tls_crypto_scalarmult(int, unsigned char *, size_t *, unsigned char *); /* tls_keyjail.c */ extern void tls_keyjail(struct tls_context *); /* tls_pipe.c */ extern int tls_pipe_fromchild; extern int tls_pipe_tochild; extern br_ssl_engine_context *tls_pipe_eng; extern int tls_pipe_getcert(br_x509_certificate *, size_t *, char *, const char *); extern size_t tls_pipe_dosign(const br_ssl_server_policy_class **, unsigned int, unsigned char *, size_t, size_t); extern size_t tls_pipe_mulgen(unsigned char *, const unsigned char *, size_t, int); extern uint32_t tls_pipe_mul(unsigned char *, size_t, const unsigned char *, size_t, int); extern void tls_pipe_prf(void *, size_t, const void *, size_t, const char *, size_t, const br_tls_prf_seed_chunk *); #define tls_pipe_PRF 0 #define tls_pipe_DECRYPT 1 #define tls_pipe_ENCRYPT 2 extern const br_sslrec_in_chapol_class tls_pipe_chapol_in_vtable; extern const br_sslrec_out_chapol_class tls_pipe_chapol_out_vtable; extern const br_sslrec_in_gcm_class tls_pipe_gcm_in_vtable; extern const br_sslrec_out_gcm_class tls_pipe_gcm_out_vtable; extern const br_sslrec_in_cbc_class tls_pipe_cbc_in_vtable; extern const br_sslrec_out_cbc_class tls_pipe_cbc_out_vtable; /* tls_certfile.c */ extern int tls_certfile_add_dir(struct tls_context *, const char *); extern int tls_certfile_add_file(struct tls_context *, const char *); /* tls_pem.c */ struct tls_pem { unsigned long long alloc; /* public part - CERTIFICATE */ unsigned long long publen; char *pub; /* secret part - KEY */ unsigned long long seclen; char *sec; }; extern void tls_pem_free(struct tls_pem *); extern int tls_pem_load(struct tls_pem *, const char *, const unsigned char *); extern void tls_pem_encrypt(struct tls_pem *, const unsigned char *); #define tls_pem_decrypt tls_pem_encrypt /* tls_pubcrt.c */ extern int tls_pubcrt_parse(struct tls_pubcrt *, const char *, size_t, const char *); /* tls_seccrt.c */ extern int tls_seccrt_parse(struct tls_seccrt *, const char *, size_t, const char *); /* tls_ecdsa.c */ extern uint32_t tls_ecdsa_vrfy_asn1(const br_ec_impl *, const void *, size_t, const br_ec_public_key *, const void *, size_t); /* tls_anchor.c */ extern int tls_anchor_add(struct tls_context *, char *); /* tls_engine.c */ extern unsigned char *tls_engine_sendapp_buf(struct tls_context *, size_t *); extern unsigned char *tls_engine_recvapp_buf(struct tls_context *, size_t *); extern unsigned char *tls_engine_sendrec_buf(struct tls_context *, size_t *); extern unsigned char *tls_engine_recvrec_buf(struct tls_context *, size_t *); extern void tls_engine_sendapp_ack(struct tls_context *, size_t); extern void tls_engine_recvapp_ack(struct tls_context *, size_t); extern void tls_engine_sendrec_ack(struct tls_context *, size_t); extern void tls_engine_recvrec_ack(struct tls_context *, size_t); extern unsigned char *tls_engine_sendapp5_buf(struct tls_context *, size_t *); extern void tls_engine_sendapp5_ack(struct tls_context *, size_t); extern void tls_engine_flush(struct tls_context *, int); extern void tls_engine_close(struct tls_context *); extern unsigned int tls_engine_current_state(struct tls_context *); extern int tls_engine_handshakedone(struct tls_context *); #endif tlswrapper-20250201/tls_anchor.c000066400000000000000000000002221474542230700164560ustar00rootroot00000000000000#include "tls.h" int tls_anchor_add(struct tls_context *ctx, char *x) { if (ctx->anchorfn) return 0; ctx->anchorfn = x; return 1; } tlswrapper-20250201/tls_certfile.c000066400000000000000000000013401474542230700170030ustar00rootroot00000000000000/* 20211103 Jan Mojzis Public domain. */ #include "tls.h" int tls_certfile_add_dir(struct tls_context *ctx, const char *fn) { if ((sizeof ctx->certfiles / sizeof ctx->certfiles[0]) <= ctx->certfiles_len) { return 0; } ctx->certfiles[ctx->certfiles_len].name = fn; ctx->certfiles[ctx->certfiles_len].filetype = S_IFDIR; ++ctx->certfiles_len; return 1; } int tls_certfile_add_file(struct tls_context *ctx, const char *fn) { if ((sizeof ctx->certfiles / sizeof ctx->certfiles[0]) <= ctx->certfiles_len) { return 0; } ctx->certfiles[ctx->certfiles_len].name = fn; ctx->certfiles[ctx->certfiles_len].filetype = S_IFREG; ++ctx->certfiles_len; return 1; } tlswrapper-20250201/tls_cipher.c000066400000000000000000000065471474542230700164760ustar00rootroot00000000000000#include "str.h" #include "log.h" #include "tls.h" const tls_cipher tls_ciphers[] = { { "CHACHA20_POLY1305_SHA256", BR_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, BR_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, "ECDSA + ECDHE + ChaCha20+Poly1305 (TLS 1.2+)", "RSA + ECDHE + ChaCha20+Poly1305 (TLS 1.2+)", }, { "AES_256_GCM_SHA384", BR_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, BR_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "ECDSA + ECDHE + AES256/GCM (TLS 1.2+)", "RSA + ECDHE + AES256/GCM (TLS 1.2+)", }, { "AES_128_GCM_SHA256", BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, BR_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "ECDSA + ECDHE + AES128/GCM (TLS 1.2+)", "RSA + ECDHE + AES128/GCM (TLS 1.2+)", }, { "AES_256_CBC_SHA384", BR_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, BR_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "ECDSA + ECDHE + AES256/CBC + SHA384 (TLS 1.2+)", "RSA + ECDHE + AES256/CBC + SHA384 (TLS 1.2+)", }, { "AES_128_CBC_SHA256", BR_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, BR_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "ECDSA + ECDHE + AES128/CBC + SHA256 (TLS 1.2+)", "RSA + ECDHE + AES128/CBC + SHA256 (TLS 1.2+)", }, { "AES_256_CBC_SHA", BR_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, BR_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "ECDSA + ECDHE + AES256/CBC + SHA1", "RSA + ECDHE + AES256/CBC + SHA1", }, { "AES_128_CBC_SHA", BR_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, BR_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "ECDSA + ECDHE + AES128/CBC + SHA1", "RSA + ECDHE + AES128/CBC + SHA1", }, {0, 0, 0, 0, 0}}; const char *tls_cipher_str(uint16_t s) { long long i; for (i = 0; tls_ciphers[i].name; ++i) { if ((tls_ciphers[i].ecsuite) == s) return tls_ciphers[i].eccomment; if ((tls_ciphers[i].rsasuite) == s) return tls_ciphers[i].rsacomment; } return "unknown cipher"; } static int use_default = 1; int tls_cipher_add(struct tls_context *ctx, const char *x) { unsigned long long i; uint16_t ecsuite = 0; uint16_t rsasuite = 0; if (use_default == 1) { ctx->cipher_enabled_len = 0; use_default = 0; } for (i = 0; tls_ciphers[i].name; ++i) { if (str_diff(x, tls_ciphers[i].name)) continue; ecsuite = tls_ciphers[i].ecsuite; rsasuite = tls_ciphers[i].rsasuite; goto ok; } return 0; ok: if (ecsuite && rsasuite) { for (i = 0; i < ctx->cipher_enabled_len; ++i) { if (ctx->cipher_enabled[i] == ecsuite || ctx->cipher_enabled[i] == rsasuite) { log_w3("unable to add cipher '", x, "': cipher is already added"); ecsuite = 0; rsasuite = 0; } } } if (ecsuite && rsasuite) { if ((sizeof ctx->cipher_enabled / sizeof ctx->cipher_enabled[0]) < ctx->cipher_enabled_len + 2) { log_e3("unable to add cipher '", x, "': too many enabled ciphers"); return 0; } ctx->cipher_enabled[ctx->cipher_enabled_len++] = ecsuite; ctx->cipher_enabled[ctx->cipher_enabled_len++] = rsasuite; } return 1; } tlswrapper-20250201/tls_crypto_scalarmult.c000066400000000000000000000062061474542230700207630ustar00rootroot00000000000000#include "tls.h" #ifdef X448 #include "crypto_scalarmult_x448.h" #endif #include "haslib25519.h" #ifdef HASLIB25519 #include #endif /* secret key note: We need a non-zero random value which is lower than the curve order, in a "large enough" range. We force the top bit to 0 and (top - 1) bit to 1, which does the trick. */ int tls_crypto_scalarmult_base(int curve, unsigned char *p, size_t *plen, unsigned char *sk) { int ret = -1; *plen = 0; switch (curve) { #ifdef X448 case tls_ecdhe_X448: if (crypto_scalarmult_x448_base(p, sk) == 0) ret = 0; *plen = 56; break; #endif case tls_ecdhe_X25519: #ifdef HASLIB25519 lib25519_nG_montgomery25519(p, sk); ret = 0; *plen = 32; #else *plen = br_ec_get_default()->mulgen(p, sk, 32, curve); if (*plen == 32) ret = 0; #endif break; case tls_ecdhe_SECP256R1: /* secret key note */ sk[0] &= 127; sk[0] |= 64; *plen = br_ec_get_default()->mulgen(p, sk, 32, curve); if (*plen == 65) ret = 0; break; case tls_ecdhe_SECP384R1: /* secret key note */ sk[0] &= 127; sk[0] |= 64; *plen = br_ec_get_default()->mulgen(p, sk, 48, curve); if (*plen == 97) ret = 0; break; case tls_ecdhe_SECP521R1: /* secret key note */ sk[0] = 0; sk[1] |= 128; *plen = br_ec_get_default()->mulgen(p, sk, 66, curve); if (*plen == 133) ret = 0; break; } return ret; } int tls_crypto_scalarmult(int curve, unsigned char *p, size_t *plen, unsigned char *sk) { unsigned long long i; int ret = -1; *plen = 0; switch (curve) { #ifdef X448 case tls_ecdhe_X448: if (crypto_scalarmult_x448(p, sk, p) == 0) ret = 0; *plen = 56; break; #endif case tls_ecdhe_X25519: #ifdef HASLIB25519 lib25519_nP_montgomery25519(p, sk, p); ret = 0; #else if (br_ec_get_default()->mul(p, 32, sk, 32, curve)) ret = 0; #endif *plen = 32; break; case tls_ecdhe_SECP256R1: /* secret key note */ sk[0] &= 127; sk[0] |= 64; if (br_ec_get_default()->mul(p, 65, sk, 32, curve)) ret = 0; for (i = 0; i < 32; ++i) p[i] = p[i + 1]; *plen = 32; break; case tls_ecdhe_SECP384R1: /* secret key note */ sk[0] &= 127; sk[0] |= 64; if (br_ec_get_default()->mul(p, 97, sk, 48, curve)) ret = 0; for (i = 0; i < 48; ++i) p[i] = p[i + 1]; *plen = 48; break; case tls_ecdhe_SECP521R1: /* secret key note */ sk[0] = 0; sk[1] |= 128; if (br_ec_get_default()->mul(p, 133, sk, 66, curve)) ret = 0; for (i = 0; i < 66; ++i) p[i] = p[i + 1]; *plen = 66; break; } return ret; } tlswrapper-20250201/tls_ecdhe.c000066400000000000000000000041561474542230700162660ustar00rootroot00000000000000#include "str.h" #include "tls.h" /* clang-format off */ const tls_ecdhe tls_ecdhes[] = { { "x25519", tls_ecdhe_X25519 }, { "secp256r1", tls_ecdhe_SECP256R1 }, { "secp384r1", tls_ecdhe_SECP384R1 }, { "secp521r1", tls_ecdhe_SECP521R1 }, #ifdef X448 { "x448", tls_ecdhe_X448 }, #endif { 0, 0 } }; /* clang-format on */ const char *tls_ecdhe_str(unsigned char curve) { long long i; for (i = 0; tls_ecdhes[i].name; ++i) { if (tls_ecdhes[i].curve == curve) return tls_ecdhes[i].name; } return "unknown"; } static int use_default = 1; int tls_ecdhe_add(struct tls_context *ctx, const char *x) { size_t i; if (use_default == 1) { ctx->ecdhe_enabled = 0; use_default = 0; } for (i = 0; tls_ecdhes[i].name; ++i) { if (str_diff(x, tls_ecdhes[i].name)) continue; ctx->ecdhe_enabled |= (uint32_t) 1 << tls_ecdhes[i].curve; return 1; } return 0; } static const br_ec_impl *ecdhe_orig; static size_t xoff(int curve, size_t *len) { size_t ret = 0; switch (curve) { case BR_EC_curve448: *len = 56; ret = 0; break; default: ret = ecdhe_orig->xoff(curve, len); break; } return ret; } /* fake X448 order, not used */ static const unsigned char _o[56] = {0xff}; static const unsigned char *order(int curve, size_t *len) { const unsigned char *ret = 0; switch (curve) { case BR_EC_curve448: *len = sizeof _o; ret = _o; break; default: ret = ecdhe_orig->order(curve, len); break; } return ret; } const br_ec_impl *tls_ecdhe_get_default(struct tls_context *ctx) { br_ec_impl *ecdhe_copy_p = (br_ec_impl *) &ctx->ecdhe_copy; ecdhe_orig = br_ec_get_default(); memcpy(ecdhe_copy_p, br_ec_get_default(), sizeof(br_ec_impl)); ecdhe_copy_p->supported_curves = ctx->ecdhe_enabled; ecdhe_copy_p->mulgen = tls_pipe_mulgen; ecdhe_copy_p->mul = tls_pipe_mul; ecdhe_copy_p->xoff = xoff; ecdhe_copy_p->order = order; return &ctx->ecdhe_copy; } tlswrapper-20250201/tls_ecdsa.c000066400000000000000000000005721474542230700162730ustar00rootroot00000000000000#include "tls.h" uint32_t tls_ecdsa_vrfy_asn1(const br_ec_impl *impl, const void *hash, size_t hash_len, const br_ec_public_key *pk, const void *sig, size_t sig_len) { br_ecdsa_vrfy vrfy = br_ecdsa_vrfy_asn1_get_default(); (void) impl; return vrfy(br_ec_get_default(), hash, hash_len, pk, sig, sig_len); } tlswrapper-20250201/tls_engine.c000066400000000000000000000133751474542230700164660ustar00rootroot00000000000000#include "writeall.h" #include "log.h" #include "tls.h" /* sendapp */ unsigned char *tls_engine_sendapp_buf(struct tls_context *ctx, size_t *len) { if (ctx->flagdelayedenc) { if (ctx->childclosed) return 0; *len = sizeof ctx->tonetbuf - ctx->tonetbuflen; if (!*len) return 0; return ctx->tonetbuf + ctx->tonetbuflen; } return br_ssl_engine_sendapp_buf(&ctx->cc.eng, len); } void tls_engine_sendapp_ack(struct tls_context *ctx, size_t len) { if (ctx->flagdelayedenc) { ctx->tonetbuflen += len; return; } br_ssl_engine_sendapp_ack(&ctx->cc.eng, len); } /* recvapp */ unsigned char *tls_engine_recvapp_buf(struct tls_context *ctx, size_t *len) { if (ctx->flagdelayedenc) { if (ctx->childclosed) return 0; *len = ctx->tochildbuflen; if (!*len) return 0; return ctx->tochildbuf; } return br_ssl_engine_recvapp_buf(&ctx->cc.eng, len); } void tls_engine_recvapp_ack(struct tls_context *ctx, size_t len) { if (ctx->flagdelayedenc) { memmove(ctx->tochildbuf, ctx->tochildbuf + len, ctx->tochildbuflen - len); ctx->tochildbuflen -= len; return; } br_ssl_engine_recvapp_ack(&ctx->cc.eng, len); } /* sendrec */ unsigned char *tls_engine_sendrec_buf(struct tls_context *ctx, size_t *len) { if (ctx->flagdelayedenc) { if (ctx->netclosed) return 0; *len = ctx->tonetbuflen; if (!*len) return 0; return ctx->tonetbuf; } return br_ssl_engine_sendrec_buf(&ctx->cc.eng, len); } void tls_engine_sendrec_ack(struct tls_context *ctx, size_t len) { if (ctx->flagdelayedenc) { memmove(ctx->tonetbuf, ctx->tonetbuf + len, ctx->tonetbuflen - len); ctx->tonetbuflen -= len; return; } br_ssl_engine_sendrec_ack(&ctx->cc.eng, len); } /* recvrec */ unsigned char *tls_engine_recvrec_buf(struct tls_context *ctx, size_t *len) { if (ctx->flagdelayedenc) { if (ctx->netclosed) return 0; *len = sizeof ctx->tochildbuf - ctx->tochildbuflen; if (!*len) return 0; return ctx->tochildbuf + ctx->tochildbuflen; } return br_ssl_engine_recvrec_buf(&ctx->cc.eng, len); } void tls_engine_recvrec_ack(struct tls_context *ctx, size_t len) { if (ctx->flagdelayedenc) { ctx->tochildbuflen += len; return; } br_ssl_engine_recvrec_ack(&ctx->cc.eng, len); } /* sendapp5 */ unsigned char *tls_engine_sendapp5_buf(struct tls_context *ctx, size_t *len) { if (ctx->flagdelayedenc) { if (ctx->childclosed) return 0; *len = sizeof ctx->tonet5buf - ctx->tonet5buflen; if (!*len) return 0; return ctx->tonet5buf + ctx->tonet5buflen; } return 0; } void tls_engine_sendapp5_ack(struct tls_context *ctx, size_t len) { if (ctx->flagdelayedenc) { ctx->tonet5buflen += len; return; } return; } void tls_engine_flush(struct tls_context *ctx, int force) { if (ctx->flagdelayedenc) return; br_ssl_engine_flush(&ctx->cc.eng, force); } void tls_engine_close(struct tls_context *ctx) { if (ctx->flagdelayedenc) { ctx->childclosed = 1; return; } br_ssl_engine_close(&ctx->cc.eng); } int tls_engine_handshakedone(struct tls_context *ctx) { if (!ctx->flagdelayedenc && !ctx->flaghandshakedone) { unsigned int st = tls_engine_current_state(ctx); if (st & BR_SSL_SENDAPP) { ctx->flaghandshakedone = 1; return 1; } } return 0; } unsigned int tls_engine_current_state(struct tls_context *ctx) { unsigned int st = 0; size_t len; if (ctx->flagdelayedenc) { if (ctx->childclosed && !tls_engine_sendrec_buf(ctx, &len)) { st |= BR_SSL_CLOSED; log_d1("TCP closed normally, child closed the connection"); } if (ctx->netclosed && !tls_engine_recvapp_buf(ctx, &len)) { st |= BR_SSL_CLOSED; log_d1("TCP closed normally, remote closed the connection"); } if (tls_engine_sendrec_buf(ctx, &len) != 0) st |= BR_SSL_SENDREC; if (tls_engine_recvrec_buf(ctx, &len) != 0) st |= BR_SSL_RECVREC; if (tls_engine_sendapp_buf(ctx, &len) != 0) st |= BR_SSL_SENDAPP; if (tls_engine_recvapp_buf(ctx, &len) != 0) st |= BR_SSL_RECVAPP; goto ret; } else { st = br_ssl_engine_current_state(&ctx->cc.eng); } if (st & BR_SSL_CLOSED) { int err; err = br_ssl_engine_last_error(&ctx->cc.eng); if (err == BR_ERR_OK) { log_d1("SSL closed normally"); } else { if (err >= BR_ERR_SEND_FATAL_ALERT) { err -= BR_ERR_SEND_FATAL_ALERT; if (ctx->flaghandshakedone) { log_e2("SSL closed abnormally, sent alert: ", tls_error_str(err)); } else { log_d2("SSL closed abnormally, sent alert: ", tls_error_str(err)); } } else if (err >= BR_ERR_RECV_FATAL_ALERT) { err -= BR_ERR_RECV_FATAL_ALERT; if (ctx->flaghandshakedone) { log_e2("SSL closed abnormally, received alert: ", tls_error_str(err)); } else { log_d2("SSL closed abnormally, received alert: ", tls_error_str(err)); } } else { if (ctx->flaghandshakedone) { log_e2("SSL closed abnormally: ", tls_error_str(err)); } else { log_d2("SSL closed abnormally: ", tls_error_str(err)); } } } } ret: log_t2("br_ssl_engine_current_state(&ctx->cc.eng) = ", lognum(st)); return st; } tlswrapper-20250201/tls_error.c000066400000000000000000000156421474542230700163510ustar00rootroot00000000000000#include "tls.h" /* clang-format off */ static struct { int err; const char *comment; } errors[] = { { BR_ERR_BAD_PARAM, "Caller-provided parameter is incorrect." }, { BR_ERR_BAD_STATE, "Operation requested by the caller cannot be applied with" " the current context state (e.g. reading data while" " outgoing data is waiting to be sent)." }, { BR_ERR_UNSUPPORTED_VERSION, "Incoming protocol or record version is unsupported." }, { BR_ERR_BAD_VERSION, "Incoming record version does not match the expected version." }, { BR_ERR_BAD_LENGTH, "Incoming record length is invalid." }, { BR_ERR_TOO_LARGE, "Incoming record is too large to be processed, or buffer" " is too small for the handshake message to send." }, { BR_ERR_BAD_MAC, "Decryption found an invalid padding, or the record MAC is" " not correct." }, { BR_ERR_NO_RANDOM, "No initial entropy was provided, and none can be obtained" " from the OS." }, { BR_ERR_UNKNOWN_TYPE, "Incoming record type is unknown." }, { BR_ERR_UNEXPECTED, "Incoming record or message has wrong type with regards to" " the current engine state." }, { BR_ERR_BAD_CCS, "ChangeCipherSpec message from the peer has invalid contents." }, { BR_ERR_BAD_ALERT, "Alert message from the peer has invalid contents" " (odd length)." }, { BR_ERR_BAD_HANDSHAKE, "Incoming handshake message decoding failed." }, { BR_ERR_OVERSIZED_ID, "ServerHello contains a session ID which is larger than" " 32 bytes." }, { BR_ERR_BAD_CIPHER_SUITE, "Server wants to use a cipher suite that we did not claim" " to support. This is also reported if we tried to advertise" " a cipher suite that we do not support." }, { BR_ERR_BAD_COMPRESSION, "Server wants to use a compression that we did not claim" " to support." }, { BR_ERR_BAD_FRAGLEN, "Server's max fragment length does not match client's." }, { BR_ERR_BAD_SECRENEG, "Secure renegotiation failed." }, { BR_ERR_EXTRA_EXTENSION, "Server sent an extension type that we did not announce," " or used the same extension type several times in a" " single ServerHello." }, { BR_ERR_BAD_SNI, "Invalid Server Name Indication contents (when used by" " the server, this extension shall be empty)." }, { BR_ERR_BAD_HELLO_DONE, "Invalid ServerHelloDone from the server (length is not 0)." }, { BR_ERR_LIMIT_EXCEEDED, "Internal limit exceeded (e.g. server's public key is too" " large)." }, { BR_ERR_BAD_FINISHED, "Finished message from peer does not match the expected" " value." }, { BR_ERR_RESUME_MISMATCH, "Session resumption attempt with distinct version or cipher" " suite." }, { BR_ERR_INVALID_ALGORITHM, "Unsupported or invalid algorithm (ECDHE curve, signature" " algorithm, hash function)." }, { BR_ERR_BAD_SIGNATURE, "Invalid signature in ServerKeyExchange or" " CertificateVerify message." }, { BR_ERR_WRONG_KEY_USAGE, "Peer's public key does not have the proper type or is" " not allowed for the requested operation." }, { BR_ERR_NO_CLIENT_AUTH, "Client did not send a certificate upon request, or the" " client certificate could not be validated." }, { BR_ERR_IO, "I/O error or premature close on transport stream." }, { BR_ERR_X509_INVALID_VALUE, "Invalid value in an ASN.1 structure." }, { BR_ERR_X509_TRUNCATED, "Truncated certificate or other ASN.1 object." }, { BR_ERR_X509_EMPTY_CHAIN, "Empty certificate chain (no certificate at all)." }, { BR_ERR_X509_INNER_TRUNC, "Decoding error: inner element extends beyond outer element" " size." }, { BR_ERR_X509_BAD_TAG_CLASS, "Decoding error: unsupported tag class (application or" " private)." }, { BR_ERR_X509_BAD_TAG_VALUE, "Decoding error: unsupported tag value." }, { BR_ERR_X509_INDEFINITE_LENGTH, "Decoding error: indefinite length." }, { BR_ERR_X509_EXTRA_ELEMENT, "Decoding error: extraneous element." }, { BR_ERR_X509_UNEXPECTED, "Decoding error: unexpected element." }, { BR_ERR_X509_NOT_CONSTRUCTED, "Decoding error: expected constructed element, but is" " primitive." }, { BR_ERR_X509_NOT_PRIMITIVE, "Decoding error: expected primitive element, but is" " constructed." }, { BR_ERR_X509_PARTIAL_BYTE, "Decoding error: BIT STRING length is not multiple of 8." }, { BR_ERR_X509_BAD_BOOLEAN, "Decoding error: BOOLEAN value has invalid length." }, { BR_ERR_X509_OVERFLOW, "Decoding error: value is off-limits." }, { BR_ERR_X509_BAD_DN, "Invalid distinguished name." }, { BR_ERR_X509_BAD_TIME, "Invalid date/time representation." }, { BR_ERR_X509_UNSUPPORTED, "Certificate contains unsupported features that cannot be" " ignored." }, { BR_ERR_X509_LIMIT_EXCEEDED, "Key or signature size exceeds internal limits." }, { BR_ERR_X509_WRONG_KEY_TYPE, "Key type does not match that which was expected." }, { BR_ERR_X509_BAD_SIGNATURE, "Signature is invalid." }, { BR_ERR_X509_TIME_UNKNOWN, "Validation time is unknown." }, { BR_ERR_X509_EXPIRED, "Certificate is expired or not yet valid." }, { BR_ERR_X509_DN_MISMATCH, "Issuer/Subject DN mismatch in the chain." }, { BR_ERR_X509_BAD_SERVER_NAME, "Expected server name was not found in the chain." }, { BR_ERR_X509_CRITICAL_EXTENSION, "Unknown critical extension in certificate." }, { BR_ERR_X509_NOT_CA, "Not a CA, or path length constraint violation." }, { BR_ERR_X509_FORBIDDEN_KEY_USAGE, "Key Usage extension prohibits intended usage." }, { BR_ERR_X509_WEAK_PUBLIC_KEY, "Public key found in certificate is too small." }, { BR_ERR_X509_NOT_TRUSTED, "Chain could not be linked to a trust anchor." }, { 0, 0 } }; /* clang-format on */ const char *tls_error_str(int err) { size_t u; for (u = 0; errors[u].comment; ++u) { if (errors[u].err == err) return errors[u].comment; } return "unknown"; } tlswrapper-20250201/tls_keyjail.c000066400000000000000000000341001474542230700166360ustar00rootroot00000000000000#include #include #include #include "pipe.h" #include "randombytes.h" #include "log.h" #include "jail.h" #include "fixpath.h" #include "tls.h" extern void br_ssl_engine_switch_chapol_in(br_ssl_engine_context *cc, int is_client, int prf_id); extern void br_ssl_engine_switch_chapol_out(br_ssl_engine_context *cc, int is_client, int prf_id); extern void br_ssl_engine_switch_gcm_in(br_ssl_engine_context *cc, int is_client, int prf_id, const br_block_ctr_class *bc_impl, size_t cipher_key_len); extern void br_ssl_engine_switch_gcm_out(br_ssl_engine_context *cc, int is_client, int prf_id, const br_block_ctr_class *bc_impl, size_t cipher_key_len); extern void br_ssl_engine_compute_master(br_ssl_engine_context *cc, int prf_id, const void *pms, size_t pms_len); extern void br_ssl_engine_switch_cbc_in(br_ssl_engine_context *cc, int is_client, int prf_id, int mac_id, const br_block_cbcdec_class *bc_impl, size_t cipher_key_len); extern void br_ssl_engine_switch_cbc_out(br_ssl_engine_context *cc, int is_client, int prf_id, int mac_id, const br_block_cbcenc_class *bc_impl, size_t cipher_key_len); extern br_tls_prf_impl br_ssl_engine_get_PRF(br_ssl_engine_context *cc, int prf_id); static size_t sign(struct tls_context *ctx, struct tls_pem *pem, unsigned char *key, br_ssl_server_context *cc, unsigned char hash_id, unsigned char *data, size_t hv_len, size_t len) { const br_ssl_server_policy_class **vtable = 0; size_t ret = 0; struct tls_seccrt keycrt = {0}; /* decrypt pem */ tls_pem_decrypt(pem, key); /* parse secret key */ if (!tls_seccrt_parse(&keycrt, pem->sec, pem->seclen, ctx->certfn)) { log_f3("unable to obtain secret-key from the PEM file '", ctx->certfn, "'"); goto cleanup; } tls_pem_free(pem); /* sign */ br_ssl_server_zero(cc); if (keycrt.key_type == BR_KEYTYPE_EC) { br_ssl_server_init_full_ec(cc, 0, 0, 0, br_skey_decoder_get_ec(&keycrt.keydc)); vtable = &cc->chain_handler.single_ec.vtable; } if (keycrt.key_type == BR_KEYTYPE_RSA) { br_ssl_server_init_full_rsa(cc, 0, 0, br_skey_decoder_get_rsa(&keycrt.keydc)); vtable = &cc->chain_handler.single_rsa.vtable; } if (vtable) ret = (*vtable)->do_sign(vtable, hash_id, data, hv_len, len); cleanup: randombytes(&keycrt, sizeof keycrt); tls_pem_free(pem); return ret; } static void prf(struct tls_context *ctx, void *dst, size_t len, int prf_id, const char *label, unsigned char *seed_data, size_t seed_data_len) { br_tls_prf_impl iprf; br_tls_prf_seed_chunk seed; seed.data = seed_data; seed.len = seed_data_len; iprf = br_ssl_engine_get_PRF(&ctx->cc.eng, prf_id); iprf(dst, len, ctx->cc.eng.session.master_secret, sizeof ctx->cc.eng.session.master_secret, label, 1, &seed); } void tls_keyjail(struct tls_context *ctx) { pid_t ppid = getppid(); unsigned char curve_id; unsigned char sk[tls_crypto_scalarmult_MAXSCALARBYTES]; unsigned char pk[tls_crypto_scalarmult_MAXBYTES]; size_t pklen; unsigned char pemkey[32]; int prf_id; br_ssl_server_context *cc = &ctx->cc; struct tls_pem pem = {0}; log_t1("start keyjail"); for (;;) { size_t fn_len = sizeof ctx->certfn; /* read filename from the pipe */ if (pipe_readmax(0, ctx->certfn, &fn_len) == -1) goto cleanup; if (fn_len == 0) break; ctx->certfn[fn_len - 1] = 0; /* for security reasons replace '/.' -> '/:' in the filename */ fixpath(ctx->certfn); log_t2("file = ", ctx->certfn); /* load the file content to the memory */ randombytes(pemkey, sizeof pemkey); if (!tls_pem_load(&pem, ctx->certfn, pemkey)) { if (pipe_writeerrno(1) == -1) goto cleanup; continue; } /* write public-part to the pipe as is (without PEM parsing) */ if (pipe_write(1, pem.pub, pem.publen) == -1) { goto cleanup; } } /* drop privileges, chroot, set limits, ... KEYJAIL starts here */ if (!ctx->flagnojail) { if (jail(ctx->jailaccount, ctx->jaildir, 1) == -1) goto cleanup; } /* scalar multiplication - keygen */ if (pipe_readall(0, &curve_id, sizeof(curve_id)) == -1) goto cleanup; randombytes(sk, sizeof sk); if (tls_crypto_scalarmult_base((unsigned int) curve_id, pk, &pklen, sk) == -1) goto cleanup; if (pipe_write(1, pk, pklen) == -1) goto cleanup; /* signing */ { unsigned char data[2048]; size_t datalen; unsigned char hash_id; if (pipe_readall(0, &hash_id, sizeof(hash_id)) == -1) goto cleanup; if (pipe_readall(0, &datalen, sizeof(datalen)) == -1) goto cleanup; if (datalen > sizeof data) goto cleanup; if (pipe_readmax(0, data, &datalen) == -1) goto cleanup; datalen = sign(ctx, &pem, pemkey, cc, hash_id, data, datalen, sizeof data); if (pipe_write(1, data, datalen) == -1) goto cleanup; } br_ssl_engine_set_chacha20(&cc->eng, &br_chacha20_ct_run); /* scalar multiplication */ if (pipe_readall(0, pk, pklen) == -1) goto cleanup; if (pipe_readall(0, &cc->eng.session.session_id, sizeof cc->eng.session.session_id) == -1) goto cleanup; if (pipe_readall(0, &cc->eng.session.version, sizeof cc->eng.session.version) == -1) goto cleanup; if (pipe_readall(0, &cc->eng.session.cipher_suite, sizeof cc->eng.session.cipher_suite) == -1) goto cleanup; if (pipe_readall(0, cc->eng.client_random, sizeof cc->eng.client_random) == -1) goto cleanup; if (pipe_readall(0, cc->eng.server_random, sizeof cc->eng.server_random) == -1) goto cleanup; if (tls_crypto_scalarmult((unsigned int) curve_id, pk, &pklen, sk) == -1) goto cleanup; randombytes(sk, sizeof sk); /* remove secret scalar */ log_t2("SUITE: ", tls_cipher_str(cc->eng.session.cipher_suite)); prf_id = br_sha1_ID; switch (cc->eng.session.cipher_suite) { case BR_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: case BR_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: prf_id = br_sha256_ID; br_ssl_engine_compute_master(&cc->eng, prf_id, pk, pklen); br_ssl_engine_switch_chapol_in(&cc->eng, 0, prf_id); br_ssl_engine_switch_chapol_out(&cc->eng, 0, prf_id); break; case BR_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: case BR_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: prf_id = br_sha384_ID; br_ssl_engine_compute_master(&cc->eng, prf_id, pk, pklen); br_ssl_engine_switch_gcm_in(&cc->eng, 0, prf_id, cc->eng.iaes_ctr, 32); br_ssl_engine_switch_gcm_out(&cc->eng, 0, prf_id, cc->eng.iaes_ctr, 32); break; case BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: case BR_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: prf_id = br_sha256_ID; br_ssl_engine_compute_master(&cc->eng, prf_id, pk, pklen); br_ssl_engine_switch_gcm_in(&cc->eng, 0, prf_id, cc->eng.iaes_ctr, 16); br_ssl_engine_switch_gcm_out(&cc->eng, 0, prf_id, cc->eng.iaes_ctr, 16); break; case BR_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: case BR_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: prf_id = br_sha384_ID; br_ssl_engine_compute_master(&cc->eng, prf_id, pk, pklen); br_ssl_engine_switch_cbc_in(&cc->eng, 0, prf_id, prf_id, cc->eng.iaes_cbcdec, 32); br_ssl_engine_switch_cbc_out(&cc->eng, 0, prf_id, prf_id, cc->eng.iaes_cbcenc, 32); break; case BR_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: case BR_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: prf_id = br_sha256_ID; br_ssl_engine_compute_master(&cc->eng, prf_id, pk, pklen); br_ssl_engine_switch_cbc_in(&cc->eng, 0, prf_id, prf_id, cc->eng.iaes_cbcdec, 16); br_ssl_engine_switch_cbc_out(&cc->eng, 0, prf_id, prf_id, cc->eng.iaes_cbcenc, 16); break; case BR_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: case BR_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: prf_id = br_sha1_ID; br_ssl_engine_compute_master(&cc->eng, prf_id, pk, pklen); br_ssl_engine_switch_cbc_in(&cc->eng, 0, prf_id, prf_id, cc->eng.iaes_cbcdec, 32); br_ssl_engine_switch_cbc_out(&cc->eng, 0, prf_id, prf_id, cc->eng.iaes_cbcenc, 32); break; case BR_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: case BR_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: prf_id = br_sha1_ID; br_ssl_engine_compute_master(&cc->eng, prf_id, pk, pklen); br_ssl_engine_switch_cbc_in(&cc->eng, 0, prf_id, prf_id, cc->eng.iaes_cbcdec, 16); br_ssl_engine_switch_cbc_out(&cc->eng, 0, prf_id, prf_id, cc->eng.iaes_cbcenc, 16); break; default: break; } randombytes(pk, sizeof pk); /* remove shared secret */ while (ppid == getppid()) { /* type */ unsigned char ch; if (pipe_readall(0, &ch, sizeof ch) == -1) goto cleanup; switch (ch) { case tls_pipe_PRF: { char label[16]; unsigned char seed[48]; size_t seed_len = sizeof seed; unsigned char data[12]; if (pipe_readall(0, label, sizeof label) == -1) goto cleanup; if (pipe_readall(0, &seed_len, sizeof seed_len) == -1) goto cleanup; if (pipe_readmax(0, seed, &seed_len) == -1) goto cleanup; prf(ctx, data, sizeof data, prf_id, label, seed, seed_len); if (pipe_write(1, data, sizeof data) == -1) goto cleanup; } break; case tls_pipe_DECRYPT: /* decrypt */ { int record_type; unsigned int version; unsigned char data[BR_SSL_BUFSIZE_INPUT + 64]; size_t data_len; char offset; void *ret; if (pipe_readall(0, &record_type, sizeof record_type) == -1) goto cleanup; if (pipe_readall(0, &version, sizeof version) == -1) goto cleanup; data_len = sizeof data - 64; if (pipe_readmax(0, data + 64, &data_len) == -1) goto cleanup; ret = cc->eng.in.vtable->decrypt(&cc->eng.in.vtable, record_type, version, data + 64, &data_len); if (!ret) { data_len = 0; offset = 0; if (pipe_write(1, &offset, sizeof offset) == -1) goto cleanup; if (pipe_write(1, 0, 0) == -1) goto cleanup; log_d1("decrypt failed"); } else { offset = (char) (intptr_t) ((uintptr_t) ret - (uintptr_t) data - 64); if (pipe_write(1, &offset, sizeof offset) == -1) goto cleanup; if (pipe_write(1, ret, data_len) == -1) goto cleanup; } } break; case tls_pipe_ENCRYPT: /* encrypt */ { int record_type; unsigned int version; unsigned char data[BR_SSL_BUFSIZE_INPUT + 64]; size_t data_len; char offset; void *ret; if (pipe_readall(0, &record_type, sizeof record_type) == -1) goto cleanup; if (pipe_readall(0, &version, sizeof version) == -1) goto cleanup; data_len = sizeof data - 64; if (pipe_readmax(0, data + 64, &data_len) == -1) goto cleanup; ret = cc->eng.out.vtable->encrypt(&cc->eng.out.vtable, record_type, version, data + 64, &data_len); offset = (char) (intptr_t) ((uintptr_t) ret - (uintptr_t) data - 64); if (pipe_write(1, &offset, sizeof offset) == -1) goto cleanup; if (pipe_write(1, ret, data_len) == -1) goto cleanup; } break; default: goto cleanup; break; } } cleanup: log_t1("finished keyjail"); } tlswrapper-20250201/tls_keytype.c000066400000000000000000000003711474542230700167030ustar00rootroot00000000000000#include "tls.h" #define X(k, s) \ if ((i) == (k)) return s; const char *tls_keytype_str(int i) { X(BR_KEYTYPE_RSA, "RSA"); X(BR_KEYTYPE_EC, "EC"); return "UNKNOWN"; } tlswrapper-20250201/tls_pem.c000066400000000000000000000071351474542230700157770ustar00rootroot00000000000000/* 20201122 Jan Mojzis Public domain. */ #include #include #include #include #include "alloc.h" #include "readall.h" #include "randombytes.h" #include "log.h" #include "open.h" #include "tls.h" void tls_pem_free(struct tls_pem *ctx) { if (ctx->sec) alloc_free(ctx->sec); if (ctx->pub) alloc_free(ctx->pub); memset(ctx, 0, sizeof *ctx); } typedef unsigned long long ull; static ull lineparser(const char *buf, ull len, ull pos, char *out, ull *outlen, ull outmax) { ull i; *outlen = 0; for (i = pos; i < len; ++i) { if (buf[i] == '\r') return i + 1; if (buf[i] == '\n') return i + 1; if (*outlen >= outmax) { /* skip the rest */ *outlen = 0; return len; } out[(*outlen)++] = buf[i]; } return len; } static void pemparse(struct tls_pem *ctx) { unsigned long long pos = 0; int flagpub = 0; char line[65]; unsigned long long linelen; unsigned long long seclen = 0; unsigned long long publen = 0; while (ctx->seclen > pos) { pos = lineparser(ctx->sec, ctx->seclen, pos, line, &linelen, sizeof line - 1); if (linelen == 0) continue; line[linelen++] = '\n'; if (linelen == 28 && !memcmp(line, "-----BEGIN CERTIFICATE-----", linelen - 1)) flagpub = 1; if (linelen == 33 && !memcmp(line, "-----BEGIN X509 CERTIFICATE-----", linelen - 1)) flagpub = 1; if (flagpub) { memcpy(ctx->pub + publen, line, linelen); publen += linelen; } else { memcpy(ctx->sec + seclen, line, linelen); seclen += linelen; } if (linelen == 26 && !memcmp(line, "-----END CERTIFICATE-----", linelen - 1)) flagpub = 0; if (linelen == 31 && !memcmp(line, "-----END X509 CERTIFICATE-----", linelen - 1)) flagpub = 0; } randombytes(line, sizeof line); randombytes(ctx->sec + seclen, ctx->alloc - seclen); randombytes(ctx->pub + publen, ctx->alloc - publen); ctx->seclen = seclen; ctx->publen = publen; } static unsigned char nonce[12]; static int initialized = 0; void tls_pem_encrypt(struct tls_pem *ctx, const unsigned char *key) { if (!initialized) { randombytes(nonce, sizeof nonce); initialized = 1; } br_chacha20_ct_run(key, nonce, 0, ctx->sec, ctx->seclen); } /* The 'tls_pem_load' loads secret PEM part and public PEM part from the file fn to the memory and immediately encrypts secret part. */ int tls_pem_load(struct tls_pem *ctx, const char *fn, const unsigned char *key) { int fd = -1; int ret = 0; struct stat st; log_t3("tls_pem_load(fn = ", fn, ")"); tls_pem_free(ctx); fd = open_read(fn); if (fd == -1) goto cleanup; if (fstat(fd, &st) == -1) goto cleanup; if ((st.st_mode & S_IFMT) != S_IFREG) goto cleanup; ctx->alloc = ctx->seclen = st.st_size; ctx->alloc += 1; ctx->sec = alloc(ctx->alloc); if (!ctx->sec) goto cleanup; ctx->pub = alloc(ctx->alloc); if (!ctx->pub) goto cleanup; if (readall(fd, ctx->sec, ctx->seclen) == -1) goto cleanup; ctx->sec[ctx->seclen++] = '\n'; pemparse(ctx); tls_pem_encrypt(ctx, key); ret = 1; cleanup: if (fd != -1) close(fd); if (ret == 0) tls_pem_free(ctx); log_t2("publen = ", lognum(ctx->publen)); log_t2("seclen = ", lognum(ctx->seclen)); log_t4("tls_pem_load(fn = ", fn, ") = ", lognum(ret)); return ret; } tlswrapper-20250201/tls_pipe.c000066400000000000000000000331521474542230700161510ustar00rootroot00000000000000#include "tls.h" #include "pipe.h" #include "randombytes.h" #include "alloc.h" #include "str.h" #include "log.h" int tls_pipe_fromchild = -1; int tls_pipe_tochild = -1; br_ssl_engine_context *tls_pipe_eng; int tls_pipe_getcert(br_x509_certificate *chain, size_t *chain_len, char *key_type, const char *fn) { int ret = 0; size_t i; char *pubpem = 0; size_t pubpemlen; struct tls_pubcrt crt = {0}; /* write filename */ if (pipe_write(tls_pipe_tochild, fn, str_len(fn) + 1) == -1) goto cleanup; /* read PEM */ pubpem = pipe_readalloc(tls_pipe_fromchild, &pubpemlen); if (!pubpem) goto cleanup; /* parse PEM */ if (!tls_pubcrt_parse(&crt, pubpem, pubpemlen, fn)) goto cleanup; /* key type*/ *key_type = crt.key_type; /* chain */ for (i = 0; i < crt.crtlen; ++i) { chain[i].data_len = crt.crt[i].data_len; chain[i].data = crt.crt[i].data; } *chain_len = crt.crtlen; ret = 1; cleanup: if (pubpem) alloc_free(pubpem); return ret; } size_t tls_pipe_mulgen(unsigned char *R, const unsigned char *x, size_t xlen, int curve) { unsigned char curve_id = (unsigned int) curve; size_t Glen; (void) x; (void) xlen; log_t1("tls_pipe_mulgen begin"); /* finish certs */ if (pipe_write(tls_pipe_tochild, 0, 0) == -1) goto fail; /* write curve */ if (pipe_write(tls_pipe_tochild, &curve_id, sizeof curve_id) == -1) goto fail; /* read point */ Glen = 133; if (pipe_readmax(tls_pipe_fromchild, R, &Glen) == -1) goto fail; return Glen; fail: log_d1("tls_pipe_mulgen failed"); return 0; } size_t tls_pipe_dosign(const br_ssl_server_policy_class **pctx, unsigned int algo_id, unsigned char *data, size_t len, size_t max) { unsigned char hash_id = algo_id & 0xff; (void) pctx; log_t4("tls_pipe_dosign begin: algo_id=", lognum(algo_id), ", len=", lognum(len)); /* write hash_id */ if (pipe_write(tls_pipe_tochild, &hash_id, sizeof hash_id) == -1) goto fail; /* write max */ if (pipe_write(tls_pipe_tochild, &max, sizeof max) == -1) goto fail; /* write data */ if (pipe_write(tls_pipe_tochild, data, len) == -1) goto fail; /* read the signature */ if (pipe_readmax(tls_pipe_fromchild, data, &max) == -1) goto fail; log_t1("tls_pipe_dosign success"); return max; fail: log_d1("tls_pipe_dosign failed"); return 0; } uint32_t tls_pipe_mul(unsigned char *G, size_t Glen, const unsigned char *x, size_t xlen, int curve) { (void) curve; (void) x; (void) xlen; /* write pk */ if (pipe_write(tls_pipe_tochild, G, Glen) == -1) goto fail; /* write tls session_id, version, client_random, server_random */ if (pipe_write(tls_pipe_tochild, &tls_pipe_eng->session.session_id, sizeof tls_pipe_eng->session.session_id) == -1) goto fail; if (pipe_write(tls_pipe_tochild, &tls_pipe_eng->session.version, sizeof tls_pipe_eng->session.version) == -1) goto fail; if (pipe_write(tls_pipe_tochild, &tls_pipe_eng->session.cipher_suite, sizeof tls_pipe_eng->session.cipher_suite) == -1) goto fail; if (pipe_write(tls_pipe_tochild, tls_pipe_eng->client_random, sizeof tls_pipe_eng->client_random) == -1) goto fail; if (pipe_write(tls_pipe_tochild, tls_pipe_eng->server_random, sizeof tls_pipe_eng->server_random) == -1) goto fail; log_t1("tls_pipe_mul success"); return 1; fail: log_d1("tls_pipe_mul failed"); return 0; } void tls_pipe_prf(void *dst, size_t len, const void *secret, size_t secret_len, const char *label, size_t seed_num, const br_tls_prf_seed_chunk *seed) { unsigned char ch = tls_pipe_PRF; (void) secret; (void) secret_len; if (str_diff(label, "client finished") && str_diff(label, "server finished")) goto randomoutput; if (seed_num != 1) goto randomoutput; if (pipe_write(tls_pipe_tochild, &ch, sizeof ch) == -1) goto randomoutput; if (pipe_write(tls_pipe_tochild, label, str_len(label) + 1) == -1) goto randomoutput; if (pipe_write(tls_pipe_tochild, &seed->len, sizeof seed->len) == -1) goto randomoutput; if (pipe_write(tls_pipe_tochild, seed->data, seed->len) == -1) goto randomoutput; if (pipe_readall(tls_pipe_fromchild, dst, len) == -1) goto randomoutput; log_t3("tls_pipe_prf(", label, ") finished"); return; randomoutput: log_t3("tls_pipe_prf(", label, ") finished with random output"); randombytes(dst, len); } static int chapol_check_length(const br_sslrec_in_class *const *cc, size_t rlen) { return br_sslrec_in_chapol_vtable.inner.check_length(cc, rlen); } static int gcm_check_length(const br_sslrec_in_class *const *cc, size_t rlen) { return br_sslrec_in_gcm_vtable.inner.check_length(cc, rlen); } static int cbc_check_length(const br_sslrec_in_class *const *cc, size_t rlen) { return br_sslrec_in_cbc_vtable.inner.check_length(cc, rlen); } static void in_chapol_init(const br_sslrec_in_chapol_class **cc, br_chacha20_run ichacha, br_poly1305_run ipoly, const void *key, const void *iv) { br_sslrec_chapol_context *ctx = (br_sslrec_chapol_context *) cc; (void) ichacha; (void) ipoly; (void) key; (void) iv; ctx->vtable.in = &tls_pipe_chapol_in_vtable; } static void in_gcm_init(br_sslrec_gcm_context *cc, const br_block_ctr_class *bc_impl, const void *key, size_t key_len, br_ghash gh_impl, const void *iv) { (void) bc_impl; (void) key; (void) key_len; (void) gh_impl; (void) iv; cc->vtable.in = &tls_pipe_gcm_in_vtable; } static void in_cbc_init(br_sslrec_in_cbc_context *cc, const br_block_cbcdec_class *bc_impl, const void *bc_key, size_t bc_key_len, const br_hash_class *dig_impl, const void *mac_key, size_t mac_key_len, size_t mac_out_len, const void *iv) { cc->vtable = &tls_pipe_cbc_in_vtable; cc->seq = 0; bc_impl->init(&cc->bc.vtable, bc_key, bc_key_len); br_hmac_key_init(&cc->mac, dig_impl, mac_key, mac_key_len); cc->mac_len = mac_out_len; if (iv == NULL) { memset(cc->iv, 0, sizeof cc->iv); cc->explicit_IV = 1; } else { memcpy(cc->iv, iv, bc_impl->block_size); cc->explicit_IV = 0; } } static unsigned char *decrypt(const br_sslrec_in_class **cc, int record_type, unsigned version, void *datav, size_t *data_len) { unsigned char ch = tls_pipe_DECRYPT; unsigned char *data = datav; char offset = 0; (void) cc; log_t1("decrypt begin"); if (pipe_write(tls_pipe_tochild, &ch, sizeof ch) == -1) goto fail; if (pipe_write(tls_pipe_tochild, &record_type, sizeof record_type) == -1) goto fail; if (pipe_write(tls_pipe_tochild, &version, sizeof version) == -1) goto fail; if (pipe_write(tls_pipe_tochild, data, *data_len) == -1) goto fail; if (pipe_readall(tls_pipe_fromchild, &offset, sizeof offset) == -1) goto fail; if (pipe_readmax(tls_pipe_fromchild, data + offset, data_len) == -1) goto fail; if (!*data_len) goto fail; log_t1("decrypt finished"); return data + offset; fail: log_d1("decrypt failed"); return 0; } const br_sslrec_in_chapol_class tls_pipe_chapol_in_vtable = { {sizeof(br_sslrec_chapol_context), (int (*)(const br_sslrec_in_class *const *, size_t)) & chapol_check_length, (unsigned char *(*) (const br_sslrec_in_class **, int, unsigned, void *, size_t *) ) & decrypt}, (void (*)(const br_sslrec_in_chapol_class **, br_chacha20_run, br_poly1305_run, const void *, const void *)) & in_chapol_init}; const br_sslrec_in_gcm_class tls_pipe_gcm_in_vtable = { {sizeof(br_sslrec_gcm_context), (int (*)(const br_sslrec_in_class *const *, size_t)) & gcm_check_length, (unsigned char *(*) (const br_sslrec_in_class **, int, unsigned, void *, size_t *) ) & decrypt}, (void (*)(const br_sslrec_in_gcm_class **, const br_block_ctr_class *, const void *, size_t, br_ghash, const void *)) & in_gcm_init}; const br_sslrec_in_cbc_class tls_pipe_cbc_in_vtable = { {sizeof(br_sslrec_in_cbc_context), (int (*)(const br_sslrec_in_class *const *, size_t)) & cbc_check_length, (unsigned char *(*) (const br_sslrec_in_class **, int, unsigned, void *, size_t *) ) & decrypt}, (void (*)(const br_sslrec_in_cbc_class **, const br_block_cbcdec_class *, const void *, size_t, const br_hash_class *, const void *, size_t, size_t, const void *)) & in_cbc_init}; static void chapol_max_plaintext(const br_sslrec_out_class *const *cc, size_t *start, size_t *end) { br_sslrec_out_chapol_vtable.inner.max_plaintext(cc, start, end); } static void gcm_max_plaintext(const br_sslrec_out_class *const *cc, size_t *start, size_t *end) { br_sslrec_out_gcm_vtable.inner.max_plaintext(cc, start, end); } static void cbc_max_plaintext(const br_sslrec_out_class *const *cc, size_t *start, size_t *end) { br_sslrec_out_cbc_vtable.inner.max_plaintext(cc, start, end); } static unsigned char *encrypt(const br_sslrec_out_class **cc, int record_type, unsigned version, void *datav, size_t *data_len) { unsigned char ch = tls_pipe_ENCRYPT; unsigned char *data = datav; char offset; (void) cc; if (pipe_write(tls_pipe_tochild, &ch, sizeof ch) == -1) goto cleanup; if (pipe_write(tls_pipe_tochild, &record_type, sizeof record_type) == -1) goto cleanup; if (pipe_write(tls_pipe_tochild, &version, sizeof version) == -1) goto cleanup; if (pipe_write(tls_pipe_tochild, data, *data_len) == -1) goto cleanup; /* max overhead for TLS-1.1+, CBC AES256+SHA-384 is 85 */ *data_len += 85; if (pipe_readall(tls_pipe_fromchild, &offset, sizeof offset) == -1) goto cleanup; if (pipe_readmax(tls_pipe_fromchild, data + offset, data_len) == -1) goto cleanup; return data + offset; cleanup: log_d1("encrypt failed"); randombytes(datav, *data_len); return datav; } static void out_chapol_init(const br_sslrec_out_class **cc, br_chacha20_run ichacha, br_poly1305_run ipoly, const void *key, const void *iv) { br_sslrec_chapol_context *ctx = (br_sslrec_chapol_context *) cc; (void) ichacha; (void) ipoly; (void) key; (void) iv; log_t1("out_chapol_init"); ctx->vtable.out = &tls_pipe_chapol_out_vtable; } static void out_gcm_init(br_sslrec_gcm_context *cc, const br_block_ctr_class *bc_impl, const void *key, size_t key_len, br_ghash gh_impl, const void *iv) { (void) bc_impl; (void) key; (void) key_len; (void) gh_impl; (void) iv; cc->vtable.out = &tls_pipe_gcm_out_vtable; } static void out_cbc_init(br_sslrec_out_cbc_context *cc, const br_block_cbcenc_class *bc_impl, const void *bc_key, size_t bc_key_len, const br_hash_class *dig_impl, const void *mac_key, size_t mac_key_len, size_t mac_out_len, const void *iv) { log_d1("out_cbc_init"); cc->vtable = &tls_pipe_cbc_out_vtable; cc->seq = 0; bc_impl->init(&cc->bc.vtable, bc_key, bc_key_len); br_hmac_key_init(&cc->mac, dig_impl, mac_key, mac_key_len); cc->mac_len = mac_out_len; if (iv == NULL) { memset(cc->iv, 0, sizeof cc->iv); cc->explicit_IV = 1; } else { memcpy(cc->iv, iv, bc_impl->block_size); cc->explicit_IV = 0; } } const br_sslrec_out_chapol_class tls_pipe_chapol_out_vtable = { {sizeof(br_sslrec_chapol_context), (void (*)(const br_sslrec_out_class *const *, size_t *, size_t *)) & chapol_max_plaintext, (unsigned char *(*) (const br_sslrec_out_class **, int, unsigned, void *, size_t *) ) & encrypt}, (void (*)(const br_sslrec_out_chapol_class **, br_chacha20_run, br_poly1305_run, const void *, const void *)) & out_chapol_init}; const br_sslrec_out_gcm_class tls_pipe_gcm_out_vtable = { {sizeof(br_sslrec_gcm_context), (void (*)(const br_sslrec_out_class *const *, size_t *, size_t *)) & gcm_max_plaintext, (unsigned char *(*) (const br_sslrec_out_class **, int, unsigned, void *, size_t *) ) & encrypt}, (void (*)(const br_sslrec_out_gcm_class **, const br_block_ctr_class *, const void *, size_t, br_ghash, const void *)) & out_gcm_init}; const br_sslrec_out_cbc_class tls_pipe_cbc_out_vtable = { {sizeof(br_sslrec_out_cbc_context), (void (*)(const br_sslrec_out_class *const *, size_t *, size_t *)) & cbc_max_plaintext, (unsigned char *(*) (const br_sslrec_out_class **, int, unsigned, void *, size_t *) ) & encrypt}, (void (*)(const br_sslrec_out_cbc_class **, const br_block_cbcenc_class *, const void *, size_t, const br_hash_class *, const void *, size_t, size_t, const void *)) & out_cbc_init}; tlswrapper-20250201/tls_profile.c000066400000000000000000000221061474542230700166510ustar00rootroot00000000000000#include "log.h" #include "randombytes.h" #include "e.h" #include "str.h" #include "stralloc.h" #include "fixpath.h" #include "tls.h" static int hash_choose(unsigned int bf) { const unsigned char pref[] = {br_sha512_ID, br_sha384_ID, br_sha256_ID, br_sha1_ID}; size_t u; for (u = 0; u < sizeof pref; u++) { int x; x = pref[u]; if ((bf >> x) & 1) { return x; } } return 0; } static int copyfn(char *buf, long long buflen, const char *a, const char *b) { stralloc sa = {0}; int ret = 0; if (!buf || !a || !b || buflen < 0) goto cleanup; /* add a */ if (!stralloc_copys(&sa, a)) goto cleanup; if (b && str_len(b) > 0) { /* add '/' */ if (!stralloc_cats(&sa, "/")) goto cleanup; /* add b */ if (!stralloc_cats(&sa, b)) goto cleanup; } if (!stralloc_0(&sa)) goto cleanup; fixpath(sa.s); if (buflen >= sa.len) { memcpy(buf, sa.s, sa.len); ret = 1; } cleanup: stralloc_free(&sa); return ret; } static int tls_choose(const br_ssl_server_policy_class **pctx, const br_ssl_server_context *cc, br_ssl_server_choices *choices) { const br_suite_translated *st; size_t i, u, st_num; unsigned int chashes; struct tls_context *ctx = (struct tls_context *) pctx; const char *server_name; uint32_t curves; log_t1("tls_choose()"); st = br_ssl_server_get_client_suites(cc, &st_num); chashes = br_ssl_server_get_client_hashes(cc); server_name = br_ssl_engine_get_server_name(&cc->eng); curves = br_ssl_server_get_client_curves(cc); for (u = 0; u < st_num; ++u) { log_d2("clients cipher ", tls_cipher_str(st[u][0])); } for (u = 0; u < 32; ++u) { if (curves & 1 << u) log_d2("clients ECDHE ", tls_ecdhe_str(u)); } log_d2("clients tls_version=", tls_version_str(br_ssl_engine_get_version(&cc->eng))); log_d3("clients server_name='", br_ssl_engine_get_server_name(&cc->eng), "'"); for (i = 0; i < ctx->certfiles_len; ++i) { if (ctx->certfiles[i].filetype == S_IFDIR) { /* certificate directory, but server didn't send SNI server_name */ if (str_len(server_name) == 0) continue; /* create filename */ if (!copyfn(ctx->certfn, sizeof ctx->certfn, ctx->certfiles[i].name, server_name)) { log_w4("no buffer space for large name ", ctx->certfiles[i].name, "/", server_name); continue; } if (!tls_pipe_getcert(ctx->chain, &ctx->chain_len, &ctx->key_type, ctx->certfn)) { if (errno != ENOENT || ctx->certfiles_len == i + 1) { log_f3( "unable to obtain certificate(s) from the PEM file '", ctx->certfn, "'"); goto bad; } log_w3("unable to obtain certificate(s) from the PEM file '", ctx->certfn, "', trying next"); continue; } } if (ctx->certfiles[i].filetype == S_IFREG) { /* certificate file -> ignore SNI server_name */ if (!copyfn(ctx->certfn, sizeof ctx->certfn, ctx->certfiles[i].name, "")) { /* unreachable: name buffer is allways larger than certfn buffer */ log_w2("no buffer space for large name ", ctx->certfiles[i].name); continue; } if (!tls_pipe_getcert(ctx->chain, &ctx->chain_len, &ctx->key_type, ctx->certfn)) { log_f3("unable to obtain certificate(s) from the PEM file '", ctx->certfn, "'"); goto bad; } } for (u = 0; u < st_num; ++u) { unsigned int tt; tt = st[u][1]; if ((tt >> 12) == BR_SSLKEYX_ECDHE_ECDSA && ctx->key_type == BR_KEYTYPE_EC) { log_t1("BR_SSLKEYX_ECDHE_ECDSA"); choices->chain = ctx->chain; choices->chain_len = ctx->chain_len; choices->cipher_suite = st[u][0]; if (br_ssl_engine_get_version(&cc->eng) < BR_TLS12) { choices->algo_id = 0xFF00 + br_sha1_ID; } else { choices->algo_id = 0xFF00 + hash_choose(chashes >> 8); } goto ok; } if ((tt >> 12) == BR_SSLKEYX_ECDHE_RSA && ctx->key_type == BR_KEYTYPE_RSA) { log_t1("BR_SSLKEYX_ECDHE_RSA"); choices->chain = ctx->chain; choices->chain_len = ctx->chain_len; choices->cipher_suite = st[u][0]; if (br_ssl_engine_get_version(&cc->eng) < BR_TLS12) { choices->algo_id = 0xFF00; } else { choices->algo_id = 0xFF00 + hash_choose(chashes); } goto ok; } } } log_e1("no usable PEM certificate"); bad: log_t1("tls_choose() = 0"); return 0; ok: log_t1("tls_choose() = 1"); return 1; } static const br_ssl_server_policy_class tls_policy_vtable = { sizeof(struct tls_context), tls_choose, 0, /* keyx */ tls_pipe_dosign}; void tls_profile(struct tls_context *ctx) { const char *name; unsigned char seed[32]; br_ssl_server_context *cc = &ctx->cc; log_t1("tls_profile() begin"); /* * Reset server context and set supported versions. */ br_ssl_server_zero(cc); br_ssl_engine_set_versions(&cc->eng, ctx->version_min, ctx->version_max); /* * Set flags */ br_ssl_engine_set_all_flags(&cc->eng, ctx->flags); /* * Set cipher suites implementation */ br_ssl_engine_set_suites(&cc->eng, ctx->cipher_enabled, ctx->cipher_enabled_len); /* * Set ECDHE ciphers */ br_ssl_engine_set_ec(&cc->eng, tls_ecdhe_get_default(ctx)); /* * Set the "server policy" */ ctx->vtable = &tls_policy_vtable; br_ssl_server_set_policy(cc, &ctx->vtable); /* * Set supported hash functions. */ br_ssl_engine_set_hash(&cc->eng, br_md5_ID, &br_md5_vtable); br_ssl_engine_set_hash(&cc->eng, br_sha1_ID, &br_sha1_vtable); br_ssl_engine_set_hash(&cc->eng, br_sha256_ID, &br_sha256_vtable); br_ssl_engine_set_hash(&cc->eng, br_sha384_ID, &br_sha384_vtable); br_ssl_engine_set_hash(&cc->eng, br_sha512_ID, &br_sha512_vtable); /* * Set the PRF implementations. */ br_ssl_engine_set_prf10(&cc->eng, &tls_pipe_prf); br_ssl_engine_set_prf_sha256(&cc->eng, &tls_pipe_prf); br_ssl_engine_set_prf_sha384(&cc->eng, &tls_pipe_prf); /* * Symmetric encryption. */ br_ssl_engine_set_chapol(&cc->eng, &tls_pipe_chapol_in_vtable, &tls_pipe_chapol_out_vtable); br_ssl_engine_set_gcm(&cc->eng, &tls_pipe_gcm_in_vtable, &tls_pipe_gcm_out_vtable); br_ssl_engine_set_default_aes_cbc(&cc->eng); br_ssl_engine_set_cbc(&cc->eng, &tls_pipe_cbc_in_vtable, &tls_pipe_cbc_out_vtable); /* * If trust anchors have been configured, then set an X.509 * validation engine and activate client certificate * authentication. */ if (ctx->anchorcrt.talen > 0) { br_x509_minimal_init(&ctx->xc, &br_sha256_vtable, ctx->anchorcrt.ta, ctx->anchorcrt.talen); br_x509_minimal_set_hash(&ctx->xc, br_sha256_ID, &br_sha256_vtable); br_x509_minimal_set_hash(&ctx->xc, br_sha384_ID, &br_sha384_vtable); br_x509_minimal_set_hash(&ctx->xc, br_sha512_ID, &br_sha512_vtable); br_ssl_engine_set_default_rsavrfy(&cc->eng); br_ssl_engine_set_ecdsa(&cc->eng, &tls_ecdsa_vrfy_asn1); br_x509_minimal_set_rsa(&ctx->xc, br_rsa_pkcs1_vrfy_get_default()); br_x509_minimal_set_ecdsa(&ctx->xc, br_ec_get_default(), br_ecdsa_vrfy_asn1_get_default()); br_ssl_engine_set_x509(&cc->eng, &ctx->xc.vtable); br_ssl_server_set_trust_anchor_names_alt(cc, ctx->anchorcrt.ta, ctx->anchorcrt.talen); /* parse ASN.1 object */ if (ctx->clientcrt.oid) { ctx->clientcrt.buf = ctx->clientcrtbuf; ctx->clientcrt.len = sizeof(ctx->clientcrtbuf); br_x509_minimal_set_name_elements(&ctx->xc, &ctx->clientcrt, 1); } } /* * IO buffer */ br_ssl_engine_set_buffer(&cc->eng, ctx->iobuf, sizeof ctx->iobuf, 1); /* * Inject entropy from randombytes() */ randombytes(seed, sizeof seed); br_ssl_engine_inject_entropy(&cc->eng, seed, sizeof seed); randombytes(seed, sizeof seed); br_prng_seeder_system(&name); log_t2("system seeder: ", name); /* * Reset */ br_ssl_server_reset(cc); errno = 0; log_t1("tls_profile() end"); } tlswrapper-20250201/tls_pubcrt.c000066400000000000000000000175771474542230700165300ustar00rootroot00000000000000/* 20201122 Jan Mojzis Public domain. */ #include #include "randombytes.h" #include "alloc.h" #include "log.h" #include "stralloc.h" #include "str.h" #include "tls.h" static void parsedummy(void *yv, const void *x, size_t xlen) { (void) yv; (void) x; (void) xlen; } static void *xmemdup(const unsigned char *src, size_t len) { size_t i; unsigned char *buf = alloc(len); if (buf) { for (i = 0; i < len; ++i) buf[i] = src[i]; } return buf; } struct sa { unsigned char *s; long long len; long long alloc; int error; }; static void append(void *xv, const void *buf, size_t buflen) { stralloc s; struct sa *x = (struct sa *) xv; s.s = (char *) x->s; s.len = x->len; s.alloc = x->alloc; if (!stralloc_catb(&s, buf, buflen)) { x->error = errno; } x->s = (unsigned char *) s.s; x->len = s.len; x->alloc = s.alloc; } #define XMEMDUP(dst, src, len) \ { \ dst = xmemdup(src, len); \ if (!dst) goto cleanup; \ } int tls_pubcrt_parse(struct tls_pubcrt *crt, const char *buf, size_t buflen, const char *fn) { long long tlen; int inobj = 0; int ret = 0; struct sa sa = {0}; br_pem_decoder_context pc; br_x509_decoder_context dc5; br_x509_pkey *pk; int err; size_t buflenorig = buflen; log_t3("tls_pubcrt_parse(buflen = ", lognum(buflen), ")"); memset(crt, 0, sizeof *crt); br_pem_decoder_init(&pc); while (buflen > 0) { tlen = br_pem_decoder_push(&pc, buf, buflen); if (sa.error) { log_e5("br_pem_decoder_push(len = ", lognum(buflen), "), failed in '", fn, "'"); goto cleanup; } log_t4("br_pem_decoder_push(len = ", lognum(buflen), ") = ", lognum(tlen)); buf += tlen; buflen -= tlen; switch (br_pem_decoder_event(&pc)) { case BR_PEM_BEGIN_OBJ: log_t2("PEM public-object begin: ", br_pem_decoder_name(&pc)); if (inobj) { log_e3("malformed PEM public-object in '", fn, "', extra BEGIN line"); goto cleanup; } inobj = 1; br_pem_decoder_setdest(&pc, parsedummy, 0); if (str_equal(br_pem_decoder_name(&pc), "CERTIFICATE") || str_equal(br_pem_decoder_name(&pc), "X509 CERTIFICATE")) { if (crt->crtlen >= sizeof crt->crt / sizeof crt->crt[0]) { log_e3("too many public PEM certificates in '", fn, "'"); goto cleanup; } sa.len = 0; br_pem_decoder_setdest(&pc, append, &sa); } break; case BR_PEM_END_OBJ: log_t2("PEM public-object end: ", br_pem_decoder_name(&pc)); if (!inobj) { log_e3("malformed PEM public-object in '", fn, "', extra END line"); goto cleanup; } inobj = 0; if (str_equal(br_pem_decoder_name(&pc), "CERTIFICATE") || str_equal(br_pem_decoder_name(&pc), "X509 CERTIFICATE")) { XMEMDUP(crt->crt[crt->crtlen].data, sa.s, sa.len); crt->crt[crt->crtlen].data_len = sa.len; sa.len = 0; br_x509_decoder_init(&dc5, append, &sa); br_x509_decoder_push(&dc5, crt->crt[crt->crtlen].data, crt->crt[crt->crtlen].data_len); if (sa.error) { log_e3("br_x509_decoder_push(len = ", lognum(crt->crt[crt->crtlen].data_len), "), failed"); goto cleanup; } err = br_x509_decoder_last_error(&dc5); if (err != 0) { log_e2("unable to decode public-key, err=", tls_error_str(err)); goto cleanup; } pk = br_x509_decoder_get_pkey(&dc5); if (!pk) { log_e1("br_x509_decoder_get_pkey no public-key in PEM " "public-object"); goto cleanup; } XMEMDUP(crt->ta[crt->talen].dn.data, sa.s, sa.len); crt->ta[crt->talen].dn.len = sa.len; crt->ta[crt->talen].flags = 0; if (br_x509_decoder_isCA(&dc5)) { crt->ta[crt->talen].flags |= BR_X509_TA_CA; } switch (pk->key_type) { case BR_KEYTYPE_EC: crt->ta[crt->talen].pkey.key_type = BR_KEYTYPE_EC; crt->ta[crt->talen].pkey.key.ec.curve = pk->key.ec.curve; XMEMDUP(crt->ta[crt->talen].pkey.key.ec.q, pk->key.ec.q, pk->key.ec.qlen); crt->ta[crt->talen].pkey.key.ec.qlen = pk->key.ec.qlen; if (crt->crtlen == 0) crt->key_type = BR_KEYTYPE_EC; break; case BR_KEYTYPE_RSA: crt->ta[crt->talen].pkey.key_type = BR_KEYTYPE_RSA; XMEMDUP(crt->ta[crt->talen].pkey.key.rsa.n, pk->key.rsa.n, pk->key.rsa.nlen); crt->ta[crt->talen].pkey.key.rsa.nlen = pk->key.rsa.nlen; XMEMDUP(crt->ta[crt->talen].pkey.key.rsa.e, pk->key.rsa.e, pk->key.rsa.elen); crt->ta[crt->talen].pkey.key.rsa.elen = pk->key.rsa.elen; if (crt->crtlen == 0) crt->key_type = BR_KEYTYPE_RSA; break; default: log_e5("br_x509_decoder_get_pkey unsupported " "public-key type id=", lognum(pk->key_type), " in '", fn, "'"); goto cleanup; } { const char *sigtype = tls_keytype_str( br_x509_decoder_get_signer_key_type(&dc5)); const char *pktype = tls_keytype_str(pk->key_type); const char *strca = "0"; if (br_x509_decoder_isCA(&dc5)) strca = "1"; log_t8("crt=", lognum(crt->crtlen), ", pk=", pktype, ", sig=", sigtype, ", ca=", strca); } crt->crtlen += 1; crt->talen += 1; } break; case BR_PEM_ERROR: log_e3("malformed PEM public-object in '", fn, "'"); goto cleanup; } } if (inobj) { log_e3("unfinished PEM public-object in '", fn, "'"); goto cleanup; } if (crt->crtlen == 0) { log_e3("no PEM public-object in '", fn, "'"); goto cleanup; } ret = 1; cleanup: randombytes(&pc, sizeof pc); randombytes(&dc5, sizeof dc5); log_t4("tls_pubcrt_parse(buflen = ", lognum(buflenorig), ") = ", lognum(ret)); return ret; } tlswrapper-20250201/tls_seccrt.c000066400000000000000000000104421474542230700164740ustar00rootroot00000000000000/* 20201122 Jan Mojzis Public domain. */ #include "log.h" #include "randombytes.h" #include "str.h" #include "tls.h" static void parsedummy(void *yv, const void *x, size_t xlen) { (void) yv; (void) x; (void) xlen; } static void parsekey(void *ctx, const void *x, size_t xlen) { br_skey_decoder_push((br_skey_decoder_context *) ctx, x, xlen); } int tls_seccrt_parse(struct tls_seccrt *crt, const char *buf, size_t buflen, const char *fn) { br_pem_decoder_context pc; long long tlen; int inobj = 0; int ret = 0; int err; size_t buflenorig = buflen; log_t3("tls_seccrt_parse(buflen = ", lognum(buflen), ")"); memset(crt, 0, sizeof *crt); br_pem_decoder_init(&pc); while (buflen > 0) { tlen = br_pem_decoder_push(&pc, buf, buflen); log_t4("br_pem_decoder_push(len = ", lognum(buflen), ") = ", lognum(tlen)); buf += tlen; buflen -= tlen; switch (br_pem_decoder_event(&pc)) { case BR_PEM_BEGIN_OBJ: log_t2("PEM secret-object begin: ", br_pem_decoder_name(&pc)); if (inobj) { log_e3("malformed PEM secret-object in '", fn, "'"); goto cleanup; } inobj = 1; br_pem_decoder_setdest(&pc, parsedummy, &crt->keydc); if (str_equal(br_pem_decoder_name(&pc), "EC PRIVATE KEY") || str_equal(br_pem_decoder_name(&pc), "RSA PRIVATE KEY") || str_equal(br_pem_decoder_name(&pc), "PRIVATE KEY")) { if (br_skey_decoder_key_type(&crt->keydc)) { log_e3("too many secret-keys in '", fn, "'"); goto cleanup; } br_skey_decoder_init(&crt->keydc); br_pem_decoder_setdest(&pc, parsekey, &crt->keydc); } break; case BR_PEM_END_OBJ: log_t2("PEM secret-object end: ", br_pem_decoder_name(&pc)); if (!inobj) { log_e3("malformed PEM secret-object in '", fn, "'"); goto cleanup; } inobj = 0; if (str_equal(br_pem_decoder_name(&pc), "EC PRIVATE KEY") || str_equal(br_pem_decoder_name(&pc), "RSA PRIVATE KEY") || str_equal(br_pem_decoder_name(&pc), "PRIVATE KEY")) { const br_rsa_private_key *rsakey; const br_ec_private_key *eckey; err = br_skey_decoder_last_error(&crt->keydc); if (err != 0) { log_e5("unable to decode secret-key, err=", tls_error_str(err), " in '", fn, "'"); goto cleanup; } crt->key_type = br_skey_decoder_key_type(&crt->keydc); switch (crt->key_type) { case BR_KEYTYPE_RSA: crt->key = br_skey_decoder_get_rsa(&crt->keydc); rsakey = crt->key; log_t2("key=0, sk=RSA, bits=", lognum(rsakey->n_bitlen)); break; case BR_KEYTYPE_EC: crt->key = br_skey_decoder_get_ec(&crt->keydc); eckey = crt->key; log_t2("key=0, sk=EC, id=", lognum(eckey->curve)); break; default: log_e5("unknown secret-key type ", lognum(crt->key_type), " in '", fn, "'"); } } break; case BR_PEM_ERROR: log_e3("malformed PEM secret-object in '", fn, "'"); goto cleanup; } } if (inobj) { log_e3("unfinished PEM secret-object in '", fn, "'"); goto cleanup; } if (!crt->key) { log_e3("no PEM secret-object in '", fn, "'"); goto cleanup; } ret = 1; cleanup: randombytes(&pc, sizeof pc); log_t4("tls_seccrt_parse(buflen = ", lognum(buflenorig), ") = ", lognum(ret)); return ret; } tlswrapper-20250201/tls_version.c000066400000000000000000000021731474542230700167000ustar00rootroot00000000000000#include "str.h" #include "tls.h" /* clang-format off */ const tls_version tls_versions[] = { { "tls10", BR_TLS10, "TLS 1.0" }, { "tls11", BR_TLS11, "TLS 1.1" }, { "tls12", BR_TLS12, "TLS 1.2" }, { 0, 0, 0 } }; /* clang-format on */ const char *tls_version_str(unsigned int version) { long long i; for (i = 0; tls_versions[i].name; ++i) { if (tls_versions[i].version == version) return tls_versions[i].comment; } return "unknown version"; } unsigned int tls_version_min = BR_TLS12; int tls_version_setmin(struct tls_context *ctx, const char *x) { long long i; for (i = 0; tls_versions[i].name; ++i) { if (str_equal(x, tls_versions[i].name)) { ctx->version_min = tls_versions[i].version; return 1; } } return 0; } unsigned int tls_version_max = BR_TLS12; int tls_version_setmax(struct tls_context *ctx, const char *x) { long long i; for (i = 0; tls_versions[i].name; ++i) { if (str_equal(x, tls_versions[i].name)) { ctx->version_max = tls_versions[i].version; return 1; } } return 0; } tlswrapper-20250201/tlswrapper-test.c000066400000000000000000000012571474542230700175130ustar00rootroot00000000000000/* 20181206 Jan Mojzis Public domain. */ /* Multi-call binary wrapper */ #include #include "str.h" #include "main.h" static char *basename(char *str) { char *s; char *ret = str; if (!str) return str; for (s = str; *s; ++s) { if (*s == '/') ret = s + 1; } return ret; } static char *x; int main(int argc, char **argv) { if (argc < 1) _exit(100); if (!argv[0]) _exit(100); x = basename(argv[0]); if (!x) _exit(100); if (str_equal(x, "tlswrappernojail")) { return main_tlswrapper(argc, argv, 1); } return main_tlswrapper_test(argc, argv); _exit(111); return 111; /* make compiler happy */ } tlswrapper-20250201/tlswrapper.c000066400000000000000000000014161474542230700165330ustar00rootroot00000000000000/* 20181206 Jan Mojzis Public domain. */ /* Multi-call binary wrapper */ #include #include "str.h" #include "main.h" static char *basename(char *str) { char *s; char *ret = str; if (!str) return str; for (s = str; *s; ++s) { if (*s == '/') ret = s + 1; } return ret; } static char *x; int main(int argc, char **argv) { if (argc < 1) _exit(100); if (!argv[0]) _exit(100); x = basename(argv[0]); if (!x) _exit(100); if (str_equal(x, "tlswrapper-tcp")) { return main_tlswrapper_tcp(argc, argv); } if (str_equal(x, "tlswrapper-smtp")) { return main_tlswrapper_smtp(argc, argv); } return main_tlswrapper(argc, argv, 0); _exit(111); return 111; /* make compiler happy */ } tlswrapper-20250201/tryfeature.sh000077500000000000000000000014751474542230700167220ustar00rootroot00000000000000#!/bin/sh # version 20241107 scriptname="`basename $0`" if [ x"${CC}" = x ]; then echo "usage: env CC= ${scriptname} feature.c" echo '$CC not set' exit 1 fi if [ x"$1" = x ]; then echo "usage: env CC= ${scriptname} feature.c" echo 'missing feature.c argument' exit 1 fi # input tryname="$1" # output headermacro=`echo ${tryname} | sed 's/\.c//' | sed 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` # temporary binname="${tryname}.tmp.bin" logname="${tryname}.tmp.log" cleanup() { ex=$? rm -f "${binname}" "${logname}" exit "${ex}" } trap "cleanup" EXIT TERM INT "${CC}" ${CFLAGS} -O0 -o "${binname}" "${tryname}" ${LDFLAGS} 1>"${logname}" 2>&1 if [ $? -eq 0 ]; then echo "#define ${headermacro} 1" else echo "#undef ${headermacro}" cat "${logname}" >&2 fi exit 0 tlswrapper-20250201/trylibs.sh000077500000000000000000000017301474542230700162120ustar00rootroot00000000000000#!/bin/sh # version 20241109 scriptname="`basename $0`" if [ x"${CC}" = x ]; then echo "usage: env CC= ${scriptname} -l -l ..." echo '$CC not set' exit 1 fi if [ x"$1" = x ]; then echo "usage: env CC= ${scriptname} -l -l ..." echo 'missing -l argument' exit 1 fi # temporary name="${scriptname}" tryname="${name}.tmp.C" binname="${tryname}.tmp.bin" logname="${tryname}.tmp.log" cleanup() { ex=$? rm -f "${binname}" "${tryname}" "${logname}" exit "${ex}" } trap "cleanup" EXIT TERM INT cat < "${tryname}" int main(int argc, char **argv) { (void) argc; (void) argv; return 0; } EOF while true; do [ x"$1" = x ] && break "${CC}" -O0 -o "${binname}" "${tryname}" "$1" 1>"${logname}" 2>&1 if [ $? -eq 0 ]; then echo "${scriptname}: '$1' detected" >&2 echo "$1" else echo "${scriptname}: '$1' not detected" >&2 cat "${logname}" >&2 fi shift done exit 0 tlswrapper-20250201/writeall.c000066400000000000000000000012261474542230700161520ustar00rootroot00000000000000#include #include "e.h" #include "jail.h" #include "writeall.h" int writeall(int fd, const void *xv, long long xlen) { const unsigned char *x = xv; long long w; while (xlen > 0) { w = xlen; if (w > 1048576) w = 1048576; w = write(fd, x, w); if (w < 0) { if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK) { struct pollfd p; p.fd = fd; p.events = POLLOUT | POLLERR; jail_poll(&p, 1, -1); continue; } return -1; } x += w; xlen -= w; } return 0; } tlswrapper-20250201/writeall.h000066400000000000000000000001421474542230700161530ustar00rootroot00000000000000#ifndef WRITEALL_H #define WRITEALL_H extern int writeall(int, const void *, long long); #endif