rpms / certmonger

Clone
Source Code
GIT

Blame SOURCES/0008-Use-implicit-empty-FALSE-for-extensions.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   41734fee311df0344141e00b4c2ca855d591d220
  2.   SOURCES
  3.   0008-Use-implicit-empty-FALSE-for-extensions.patch
Blob History Raw
41734f 
From e3e4679693efc60bc7a25983909ddfa6883ab2ec Mon Sep 17 00:00:00 2001
41734f 
From: Christian Heimes <cheimes@redhat.com>
41734f 
Date: Mon, 4 Oct 2021 18:52:53 +0200
41734f 
Subject: [PATCH] Use implicit, empty FALSE for extensions
41734f
41734f 
Cemplate had a bug that caused certmonger to create CSRs with invalid DER.
41734f 
It was encoding extension's critical element even for default value FALSE.
41734f
41734f 
Fixes: https://pagure.io/certmonger/issue/223
41734f 
Signed-off-by: Christian Heimes <cheimes@redhat.com>
41734f 
---
41734f 
 src/certext.c                     |   7 +-
41734f 
 tests/003-csrgen-rsa/expected.out |  82 ++++++++++------------
41734f 
 tests/003-csrgen/expected.out     | 110 +++++++++++++-----------------
41734f 
 3 files changed, 91 insertions(+), 108 deletions(-)
41734f
41734f 
diff --git a/src/certext.c b/src/certext.c
41734f 
index 0d66971e..e5e0b4dc 100644
41734f 
--- a/src/certext.c
41734f 
+++ b/src/certext.c
41734f 
@@ -1706,9 +1706,12 @@ cm_certext_build_csr_extensions(struct cm_store_entry *entry,
41734f 
 	CERTCertExtension ext[13], *exts[14], **exts_ptr;
41734f 
 	SECOidData *oid;
41734f 
 	SECItem *item, encoded;
41734f 
+	/* X509v3 extension's critical element has an implicit default,
41734f 
+	 * see https://pagure.io/certmonger/issue/223
41734f 
+	 */
41734f 
 	SECItem der_false = {
41734f 
-		.len = 1,
41734f 
-		.data = (unsigned char *) "\000",
41734f 
+		.len = 0,
41734f 
+		.data = NULL,
41734f 
 	};
41734f 
 	SECItem der_true = {
41734f 
 		.len = 1,
41734f 
diff --git a/tests/003-csrgen-rsa/expected.out b/tests/003-csrgen-rsa/expected.out
41734f 
index def53fe4..0fb88323 100644
41734f 
--- a/tests/003-csrgen-rsa/expected.out
41734f 
+++ b/tests/003-csrgen-rsa/expected.out
41734f 
@@ -8,8 +8,8 @@ pk12util: PKCS12 EXPORT SUCCESSFUL
41734f 
 4096 OK.
41734f 
 Signature OK
41734f 
 The last CSR (the one with everything) was:
41734f 
-    0:d=0  hl=4 l=1413 cons: SEQUENCE
41734f 
-    4:d=1  hl=4 l=1133 cons: SEQUENCE
41734f 
+    0:d=0  hl=4 l=1389 cons: SEQUENCE
41734f 
+    4:d=1  hl=4 l=1109 cons: SEQUENCE
41734f 
     8:d=2  hl=2 l=   1 prim: INTEGER           :00
41734f 
    11:d=2  hl=2 l=  22 cons: SEQUENCE
41734f 
    13:d=3  hl=2 l=  20 cons: SET
41734f 
@@ -21,7 +21,7 @@ The last CSR (the one with everything) was:
41734f 
    41:d=4  hl=2 l=   9 prim: OBJECT            :rsaEncryption
41734f 
    52:d=4  hl=2 l=   0 prim: NULL
41734f 
    54:d=3  hl=4 l= 271 prim: BIT STRING
41734f 
-  329:d=2  hl=4 l= 808 cons: cont [ 0 ]
41734f 
+  329:d=2  hl=4 l= 784 cons: cont [ 0 ]
41734f 
   333:d=3  hl=2 l=  52 cons: SEQUENCE
41734f 
   335:d=4  hl=2 l=   9 prim: OBJECT            :challengePassword
41734f 
   346:d=4  hl=2 l=  39 cons: SET
41734f 
@@ -30,48 +30,40 @@ The last CSR (the one with everything) was:
41734f 
   389:d=4  hl=2 l=   9 prim: OBJECT            :friendlyName
41734f 
   400:d=4  hl=2 l=  48 cons: SET
41734f 
   402:d=5  hl=2 l=  46 prim: BMPSTRING
41734f 
-  450:d=3  hl=4 l= 687 cons: SEQUENCE
41734f 
+  450:d=3  hl=4 l= 663 cons: SEQUENCE
41734f 
   454:d=4  hl=2 l=   9 prim: OBJECT            :Extension Request
41734f 
-  465:d=4  hl=4 l= 672 cons: SET
41734f 
-  469:d=5  hl=4 l= 668 cons: SEQUENCE
41734f 
-  473:d=6  hl=2 l=  14 cons: SEQUENCE
41734f 
+  465:d=4  hl=4 l= 648 cons: SET
41734f 
+  469:d=5  hl=4 l= 644 cons: SEQUENCE
41734f 
+  473:d=6  hl=2 l=  11 cons: SEQUENCE
41734f 
   475:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
41734f 
-  480:d=7  hl=2 l=   1 prim: BOOLEAN           :0
41734f 
-  483:d=7  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205E0
41734f 
-  489:d=6  hl=4 l= 264 cons: SEQUENCE
41734f 
-  493:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Alternative Name
41734f 
-  498:d=7  hl=2 l=   1 prim: BOOLEAN           :0
41734f 
-  501:d=7  hl=3 l= 253 prim: OCTET STRING      [HEX DUMP]:3081FA82096C6F63616C686F737482156C6F63616C686F73742E6C6F63616C646F6D61696E810E726F6F74406C6F63616C686F7374811A726F6F74406C6F63616C686F73742E6C6F63616C646F6D61696EA020060A2B060104018237140203A0120C10726F6F74404558414D504C452E434F4DA02E06062B0601050202A0243022A00D1B0B4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74A024060A2B060104018237140203A0160C14726F6F7440464F4F2E4558414D504C452E434F4DA03206062B0601050202A0283026A0111B0F464F4F2E4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74
41734f 
-  757:d=6  hl=2 l=  32 cons: SEQUENCE
41734f 
-  759:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key Usage
41734f 
-  764:d=7  hl=2 l=   1 prim: BOOLEAN           :0
41734f 
-  767:d=7  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:301406082B0601050507030206082B06010505070304
41734f 
-  791:d=6  hl=2 l=  18 cons: SEQUENCE
41734f 
-  793:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
41734f 
-  798:d=7  hl=2 l=   1 prim: BOOLEAN           :255
41734f 
-  801:d=7  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:30060101FF020103
41734f 
-  811:d=6  hl=2 l=  34 cons: SEQUENCE
41734f 
-  813:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
41734f 
-  818:d=7  hl=2 l=   1 prim: BOOLEAN           :0
41734f 
-  821:d=7  hl=2 l=  24 prim: OCTET STRING      [HEX DUMP]:30168014A9993E364706816ABA3E25717850C26C9CD0D89D
41734f 
-  847:d=6  hl=2 l=  32 cons: SEQUENCE
41734f 
-  849:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
41734f 
-  854:d=7  hl=2 l=   1 prim: BOOLEAN           :0
41734f 
-  857:d=7  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:0414A9993E364706816ABA3E25717850C26C9CD0D89D
41734f 
-  881:d=6  hl=2 l= 107 cons: SEQUENCE
41734f 
-  883:d=7  hl=2 l=   8 prim: OBJECT            :Authority Information Access
41734f 
-  893:d=7  hl=2 l=   1 prim: BOOLEAN           :0
41734f 
-  896:d=7  hl=2 l=  92 prim: OCTET STRING      [HEX DUMP]:305A302B06082B06010505073001861F687474703A2F2F6F6373702D312E6578616D706C652E636F6D3A3132333435302B06082B06010505073001861F687474703A2F2F6F6373702D322E6578616D706C652E636F6D3A3132333435
41734f 
-  990:d=6  hl=2 l=  96 cons: SEQUENCE
41734f 
-  992:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution Points
41734f 
-  997:d=7  hl=2 l=   1 prim: BOOLEAN           :0
41734f 
- 1000:d=7  hl=2 l=  86 prim: OCTET STRING      [HEX DUMP]:30543028A026A0248622687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F6765743028A026A0248622687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F676574
41734f 
- 1088:d=6  hl=2 l=  51 cons: SEQUENCE
41734f 
- 1090:d=7  hl=2 l=   9 prim: OBJECT            :Netscape Comment
41734f 
- 1101:d=7  hl=2 l=   1 prim: BOOLEAN           :0
41734f 
- 1104:d=7  hl=2 l=  35 prim: OCTET STRING      [HEX DUMP]:1621636572746D6F6E6765722067656E65726174656420746869732072657175657374
41734f 
- 1141:d=1  hl=2 l=  13 cons: SEQUENCE
41734f 
- 1143:d=2  hl=2 l=   9 prim: OBJECT            :sha256WithRSAEncryption
41734f 
- 1154:d=2  hl=2 l=   0 prim: NULL
41734f 
- 1156:d=1  hl=4 l= 257 prim: BIT STRING
41734f 
+  480:d=7  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205E0
41734f 
+  486:d=6  hl=4 l= 261 cons: SEQUENCE
41734f 
+  490:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Alternative Name
41734f 
+  495:d=7  hl=3 l= 253 prim: OCTET STRING      [HEX DUMP]:3081FA82096C6F63616C686F737482156C6F63616C686F73742E6C6F63616C646F6D61696E810E726F6F74406C6F63616C686F7374811A726F6F74406C6F63616C686F73742E6C6F63616C646F6D61696EA020060A2B060104018237140203A0120C10726F6F74404558414D504C452E434F4DA02E06062B0601050202A0243022A00D1B0B4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74A024060A2B060104018237140203A0160C14726F6F7440464F4F2E4558414D504C452E434F4DA03206062B0601050202A0283026A0111B0F464F4F2E4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74
41734f 
+  751:d=6  hl=2 l=  29 cons: SEQUENCE
41734f 
+  753:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key Usage
41734f 
+  758:d=7  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:301406082B0601050507030206082B06010505070304
41734f 
+  782:d=6  hl=2 l=  18 cons: SEQUENCE
41734f 
+  784:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
41734f 
+  789:d=7  hl=2 l=   1 prim: BOOLEAN           :255
41734f 
+  792:d=7  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:30060101FF020103
41734f 
+  802:d=6  hl=2 l=  31 cons: SEQUENCE
41734f 
+  804:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
41734f 
+  809:d=7  hl=2 l=  24 prim: OCTET STRING      [HEX DUMP]:30168014A9993E364706816ABA3E25717850C26C9CD0D89D
41734f 
+  835:d=6  hl=2 l=  29 cons: SEQUENCE
41734f 
+  837:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
41734f 
+  842:d=7  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:0414A9993E364706816ABA3E25717850C26C9CD0D89D
41734f 
+  866:d=6  hl=2 l= 104 cons: SEQUENCE
41734f 
+  868:d=7  hl=2 l=   8 prim: OBJECT            :Authority Information Access
41734f 
+  878:d=7  hl=2 l=  92 prim: OCTET STRING      [HEX DUMP]:305A302B06082B06010505073001861F687474703A2F2F6F6373702D312E6578616D706C652E636F6D3A3132333435302B06082B06010505073001861F687474703A2F2F6F6373702D322E6578616D706C652E636F6D3A3132333435
41734f 
+  972:d=6  hl=2 l=  93 cons: SEQUENCE
41734f 
+  974:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution Points
41734f 
+  979:d=7  hl=2 l=  86 prim: OCTET STRING      [HEX DUMP]:30543028A026A0248622687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F6765743028A026A0248622687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F676574
41734f 
+ 1067:d=6  hl=2 l=  48 cons: SEQUENCE
41734f 
+ 1069:d=7  hl=2 l=   9 prim: OBJECT            :Netscape Comment
41734f 
+ 1080:d=7  hl=2 l=  35 prim: OCTET STRING      [HEX DUMP]:1621636572746D6F6E6765722067656E65726174656420746869732072657175657374
41734f 
+ 1117:d=1  hl=2 l=  13 cons: SEQUENCE
41734f 
+ 1119:d=2  hl=2 l=   9 prim: OBJECT            :sha256WithRSAEncryption
41734f 
+ 1130:d=2  hl=2 l=   0 prim: NULL
41734f 
+ 1132:d=1  hl=4 l= 257 prim: BIT STRING
41734f 
 Test complete (32 combinations).
41734f 
diff --git a/tests/003-csrgen/expected.out b/tests/003-csrgen/expected.out
41734f 
index 46e010cf..1081a678 100644
41734f 
--- a/tests/003-csrgen/expected.out
41734f 
+++ b/tests/003-csrgen/expected.out
41734f 
@@ -11,8 +11,8 @@ Signature OK
41734f 
 minicert.openssl.4096.pem: OK
41734f 
 4096 OK.
41734f 
 The last CSR (the one with everything) was:
41734f 
-    0:d=0  hl=4 l=1635 cons: SEQUENCE
41734f 
-    4:d=1  hl=4 l=1355 cons: SEQUENCE
41734f 
+    0:d=0  hl=4 l=1599 cons: SEQUENCE
41734f 
+    4:d=1  hl=4 l=1319 cons: SEQUENCE
41734f 
     8:d=2  hl=2 l=   1 prim: INTEGER           :00
41734f 
    11:d=2  hl=2 l=  22 cons: SEQUENCE
41734f 
    13:d=3  hl=2 l=  20 cons: SET
41734f 
@@ -24,7 +24,7 @@ The last CSR (the one with everything) was:
41734f 
    41:d=4  hl=2 l=   9 prim: OBJECT            :rsaEncryption
41734f 
    52:d=4  hl=2 l=   0 prim: NULL
41734f 
    54:d=3  hl=4 l= 271 prim: BIT STRING
41734f 
-  329:d=2  hl=4 l=1030 cons: cont [ 0 ]
41734f 
+  329:d=2  hl=4 l= 994 cons: cont [ 0 ]
41734f 
   333:d=3  hl=2 l=  52 cons: SEQUENCE
41734f 
   335:d=4  hl=2 l=   9 prim: OBJECT            :challengePassword
41734f 
   346:d=4  hl=2 l=  39 cons: SET
41734f 
@@ -33,64 +33,52 @@ The last CSR (the one with everything) was:
41734f 
   389:d=4  hl=2 l=   9 prim: OBJECT            :friendlyName
41734f 
   400:d=4  hl=2 l=  48 cons: SET
41734f 
   402:d=5  hl=2 l=  46 prim: BMPSTRING
41734f 
-  450:d=3  hl=4 l= 909 cons: SEQUENCE
41734f 
+  450:d=3  hl=4 l= 873 cons: SEQUENCE
41734f 
   454:d=4  hl=2 l=   9 prim: OBJECT            :Extension Request
41734f 
-  465:d=4  hl=4 l= 894 cons: SET
41734f 
-  469:d=5  hl=4 l= 890 cons: SEQUENCE
41734f 
-  473:d=6  hl=2 l=  14 cons: SEQUENCE
41734f 
+  465:d=4  hl=4 l= 858 cons: SET
41734f 
+  469:d=5  hl=4 l= 854 cons: SEQUENCE
41734f 
+  473:d=6  hl=2 l=  11 cons: SEQUENCE
41734f 
   475:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
41734f 
-  480:d=7  hl=2 l=   1 prim: BOOLEAN           :0
41734f 
-  483:d=7  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205E0
41734f 
-  489:d=6  hl=4 l= 290 cons: SEQUENCE
41734f 
-  493:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Alternative Name
41734f 
-  498:d=7  hl=2 l=   1 prim: BOOLEAN           :0
41734f 
-  501:d=7  hl=4 l= 278 prim: OCTET STRING      [HEX DUMP]:3082011282096C6F63616C686F737482156C6F63616C686F73742E6C6F63616C646F6D61696E810E726F6F74406C6F63616C686F7374811A726F6F74406C6F63616C686F73742E6C6F63616C646F6D61696EA020060A2B060104018237140203A0120C10726F6F74404558414D504C452E434F4DA02E06062B0601050202A0243022A00D1B0B4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74A024060A2B060104018237140203A0160C14726F6F7440464F4F2E4558414D504C452E434F4DA03206062B0601050202A0283026A0111B0F464F4F2E4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F7487047F000001871000000000000000000000000000000001
41734f 
-  783:d=6  hl=2 l=  32 cons: SEQUENCE
41734f 
-  785:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key Usage
41734f 
-  790:d=7  hl=2 l=   1 prim: BOOLEAN           :0
41734f 
-  793:d=7  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:301406082B0601050507030206082B06010505070304
41734f 
-  817:d=6  hl=2 l=  18 cons: SEQUENCE
41734f 
-  819:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
41734f 
-  824:d=7  hl=2 l=   1 prim: BOOLEAN           :255
41734f 
-  827:d=7  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:30060101FF020103
41734f 
-  837:d=6  hl=2 l=  34 cons: SEQUENCE
41734f 
-  839:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
41734f 
-  844:d=7  hl=2 l=   1 prim: BOOLEAN           :0
41734f 
-  847:d=7  hl=2 l=  24 prim: OCTET STRING      [HEX DUMP]:30168014A9993E364706816ABA3E25717850C26C9CD0D89D
41734f 
-  873:d=6  hl=2 l=  32 cons: SEQUENCE
41734f 
-  875:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
41734f 
-  880:d=7  hl=2 l=   1 prim: BOOLEAN           :0
41734f 
-  883:d=7  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:0414A9993E364706816ABA3E25717850C26C9CD0D89D
41734f 
-  907:d=6  hl=2 l= 107 cons: SEQUENCE
41734f 
-  909:d=7  hl=2 l=   8 prim: OBJECT            :Authority Information Access
41734f 
-  919:d=7  hl=2 l=   1 prim: BOOLEAN           :0
41734f 
-  922:d=7  hl=2 l=  92 prim: OCTET STRING      [HEX DUMP]:305A302B06082B06010505073001861F687474703A2F2F6F6373702D312E6578616D706C652E636F6D3A3132333435302B06082B06010505073001861F687474703A2F2F6F6373702D322E6578616D706C652E636F6D3A3132333435
41734f 
- 1016:d=6  hl=2 l=  96 cons: SEQUENCE
41734f 
- 1018:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution Points
41734f 
- 1023:d=7  hl=2 l=   1 prim: BOOLEAN           :0
41734f 
- 1026:d=7  hl=2 l=  86 prim: OCTET STRING      [HEX DUMP]:30543028A026A0248622687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F6765743028A026A0248622687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F676574
41734f 
- 1114:d=6  hl=2 l= 106 cons: SEQUENCE
41734f 
- 1116:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Freshest CRL
41734f 
- 1121:d=7  hl=2 l=   1 prim: BOOLEAN           :0
41734f 
- 1124:d=7  hl=2 l=  96 prim: OCTET STRING      [HEX DUMP]:305E302DA02BA0298627687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F67657464656C7461302DA02BA0298627687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F67657464656C7461
41734f 
- 1222:d=6  hl=2 l=  51 cons: SEQUENCE
41734f 
- 1224:d=7  hl=2 l=   9 prim: OBJECT            :Netscape Comment
41734f 
- 1235:d=7  hl=2 l=   1 prim: BOOLEAN           :0
41734f 
- 1238:d=7  hl=2 l=  35 prim: OCTET STRING      [HEX DUMP]:1621636572746D6F6E6765722067656E65726174656420746869732072657175657374
41734f 
- 1275:d=6  hl=2 l=  18 cons: SEQUENCE
41734f 
- 1277:d=7  hl=2 l=   9 prim: OBJECT            :OCSP No Check
41734f 
- 1288:d=7  hl=2 l=   1 prim: BOOLEAN           :0
41734f 
- 1291:d=7  hl=2 l=   2 prim: OCTET STRING      [HEX DUMP]:0500
41734f 
- 1295:d=6  hl=2 l=  44 cons: SEQUENCE
41734f 
- 1297:d=7  hl=2 l=   9 prim: OBJECT            :1.3.6.1.4.1.311.20.2
41734f 
- 1308:d=7  hl=2 l=   1 prim: BOOLEAN           :0
41734f 
- 1311:d=7  hl=2 l=  28 prim: OCTET STRING      [HEX DUMP]:1E1A006300610041007700650073006F006D00650043006500720074
41734f 
- 1341:d=6  hl=2 l=  20 cons: SEQUENCE
41734f 
- 1343:d=7  hl=2 l=   9 prim: OBJECT            :Netscape Cert Type
41734f 
- 1354:d=7  hl=2 l=   1 prim: BOOLEAN           :0
41734f 
- 1357:d=7  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
41734f 
- 1363:d=1  hl=2 l=  13 cons: SEQUENCE
41734f 
- 1365:d=2  hl=2 l=   9 prim: OBJECT            :sha256WithRSAEncryption
41734f 
- 1376:d=2  hl=2 l=   0 prim: NULL
41734f 
- 1378:d=1  hl=4 l= 257 prim: BIT STRING
41734f 
+  480:d=7  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205E0
41734f 
+  486:d=6  hl=4 l= 287 cons: SEQUENCE
41734f 
+  490:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Alternative Name
41734f 
+  495:d=7  hl=4 l= 278 prim: OCTET STRING      [HEX DUMP]:3082011282096C6F63616C686F737482156C6F63616C686F73742E6C6F63616C646F6D61696E810E726F6F74406C6F63616C686F7374811A726F6F74406C6F63616C686F73742E6C6F63616C646F6D61696EA020060A2B060104018237140203A0120C10726F6F74404558414D504C452E434F4DA02E06062B0601050202A0243022A00D1B0B4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74A024060A2B060104018237140203A0160C14726F6F7440464F4F2E4558414D504C452E434F4DA03206062B0601050202A0283026A0111B0F464F4F2E4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F7487047F000001871000000000000000000000000000000001
41734f 
+  777:d=6  hl=2 l=  29 cons: SEQUENCE
41734f 
+  779:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key Usage
41734f 
+  784:d=7  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:301406082B0601050507030206082B06010505070304
41734f 
+  808:d=6  hl=2 l=  18 cons: SEQUENCE
41734f 
+  810:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
41734f 
+  815:d=7  hl=2 l=   1 prim: BOOLEAN           :255
41734f 
+  818:d=7  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:30060101FF020103
41734f 
+  828:d=6  hl=2 l=  31 cons: SEQUENCE
41734f 
+  830:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
41734f 
+  835:d=7  hl=2 l=  24 prim: OCTET STRING      [HEX DUMP]:30168014A9993E364706816ABA3E25717850C26C9CD0D89D
41734f 
+  861:d=6  hl=2 l=  29 cons: SEQUENCE
41734f 
+  863:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
41734f 
+  868:d=7  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:0414A9993E364706816ABA3E25717850C26C9CD0D89D
41734f 
+  892:d=6  hl=2 l= 104 cons: SEQUENCE
41734f 
+  894:d=7  hl=2 l=   8 prim: OBJECT            :Authority Information Access
41734f 
+  904:d=7  hl=2 l=  92 prim: OCTET STRING      [HEX DUMP]:305A302B06082B06010505073001861F687474703A2F2F6F6373702D312E6578616D706C652E636F6D3A3132333435302B06082B06010505073001861F687474703A2F2F6F6373702D322E6578616D706C652E636F6D3A3132333435
41734f 
+  998:d=6  hl=2 l=  93 cons: SEQUENCE
41734f 
+ 1000:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution Points
41734f 
+ 1005:d=7  hl=2 l=  86 prim: OCTET STRING      [HEX DUMP]:30543028A026A0248622687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F6765743028A026A0248622687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F676574
41734f 
+ 1093:d=6  hl=2 l= 103 cons: SEQUENCE
41734f 
+ 1095:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Freshest CRL
41734f 
+ 1100:d=7  hl=2 l=  96 prim: OCTET STRING      [HEX DUMP]:305E302DA02BA0298627687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F67657464656C7461302DA02BA0298627687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F67657464656C7461
41734f 
+ 1198:d=6  hl=2 l=  48 cons: SEQUENCE
41734f 
+ 1200:d=7  hl=2 l=   9 prim: OBJECT            :Netscape Comment
41734f 
+ 1211:d=7  hl=2 l=  35 prim: OCTET STRING      [HEX DUMP]:1621636572746D6F6E6765722067656E65726174656420746869732072657175657374
41734f 
+ 1248:d=6  hl=2 l=  15 cons: SEQUENCE
41734f 
+ 1250:d=7  hl=2 l=   9 prim: OBJECT            :OCSP No Check
41734f 
+ 1261:d=7  hl=2 l=   2 prim: OCTET STRING      [HEX DUMP]:0500
41734f 
+ 1265:d=6  hl=2 l=  41 cons: SEQUENCE
41734f 
+ 1267:d=7  hl=2 l=   9 prim: OBJECT            :1.3.6.1.4.1.311.20.2
41734f 
+ 1278:d=7  hl=2 l=  28 prim: OCTET STRING      [HEX DUMP]:1E1A006300610041007700650073006F006D00650043006500720074
41734f 
+ 1308:d=6  hl=2 l=  17 cons: SEQUENCE
41734f 
+ 1310:d=7  hl=2 l=   9 prim: OBJECT            :Netscape Cert Type
41734f 
+ 1321:d=7  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
41734f 
+ 1327:d=1  hl=2 l=  13 cons: SEQUENCE
41734f 
+ 1329:d=2  hl=2 l=   9 prim: OBJECT            :sha256WithRSAEncryption
41734f 
+ 1340:d=2  hl=2 l=   0 prim: NULL
41734f 
+ 1342:d=1  hl=4 l= 257 prim: BIT STRING
41734f 
 Test complete (69 combinations).
41734f 
--
41734f 
2.31.1
41734f

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation