rpms / grub2

Clone
Source Code
GIT

Blame SOURCES/0201-appendedsig-x509-Also-handle-the-Extended-Key-Usage-.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c7-i686 c8 c8-beta c8s c9 c9-beta
  1.   1c6ba0eaef694cf6ef05e961377b4b134fad9cb9
  2.   SOURCES
  3.   0201-appendedsig-x509-Also-handle-the-Extended-Key-Usage-.patch
Blob History Raw
5593c8 
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
5593c8 
From: Javier Martinez Canillas <javierm@redhat.com>
5593c8 
Date: Sat, 8 May 2021 02:27:58 +0200
5593c8 
Subject: [PATCH] appendedsig/x509: Also handle the Extended Key Usage
5593c8 
 extension
5593c8
5593c8 
Red Hat certificates have both Key Usage and Extended Key Usage extensions
5593c8 
present, but the appended signatures x509 parser doesn't handle the latter
5593c8 
and so buils due finding an unrecognised critical extension:
5593c8
5593c8 
Error loading initial key:
5593c8 
../../grub-core/commands/appendedsig/x509.c:780:Unhandled critical x509 extension with OID 2.5.29.37
5593c8
5593c8 
Fix this by also parsing the Extended Key Usage extension and handle it by
5593c8 
verifying that the certificate has a single purpose, that is code signing.
5593c8
5593c8 
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
5593c8 
Signed-off-by: Daniel Axtens <dja@axtens.net>
5593c8 
---
5593c8 
 grub-core/commands/appendedsig/x509.c     | 94 ++++++++++++++++++++++++++++++-
5593c8 
 grub-core/tests/appended_signature_test.c | 29 +++++++++-
5593c8 
 grub-core/tests/appended_signatures.h     | 81 ++++++++++++++++++++++++++
5593c8 
 3 files changed, 201 insertions(+), 3 deletions(-)
5593c8
5593c8 
diff --git a/grub-core/commands/appendedsig/x509.c b/grub-core/commands/appendedsig/x509.c
1c6ba0 
index 2b38b3670a..42ec65c54a 100644
5593c8 
--- a/grub-core/commands/appendedsig/x509.c
5593c8 
+++ b/grub-core/commands/appendedsig/x509.c
5593c8 
@@ -47,6 +47,12 @@ const char *keyUsage_oid = "2.5.29.15";
5593c8 
  */
5593c8 
 const char *basicConstraints_oid = "2.5.29.19";
5593c8
5593c8 
+/*
5593c8 
+ * RFC 5280 4.2.1.12 Extended Key Usage
5593c8 
+ */
5593c8 
+const char *extendedKeyUsage_oid = "2.5.29.37";
5593c8 
+const char *codeSigningUsage_oid = "1.3.6.1.5.5.7.3.3";
5593c8 
+
5593c8 
 /*
5593c8 
  * RFC 3279 2.3.1
5593c8 
  *
5593c8 
@@ -637,6 +643,77 @@ cleanup:
5593c8 
   return err;
5593c8 
 }
5593c8
5593c8 
+/*
5593c8 
+ * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
5593c8 
+ *
5593c8 
+ * KeyPurposeId ::= OBJECT IDENTIFIER
5593c8 
+ */
5593c8 
+static grub_err_t
5593c8 
+verify_extended_key_usage (grub_uint8_t * value, int value_size)
5593c8 
+{
5593c8 
+  asn1_node extendedasn;
5593c8 
+  int result, count;
5593c8 
+  grub_err_t err = GRUB_ERR_NONE;
5593c8 
+  char usage[MAX_OID_LEN];
5593c8 
+  int usage_size = sizeof (usage);
5593c8 
+
5593c8 
+  result =
5593c8 
+    asn1_create_element (_gnutls_pkix_asn, "PKIX1.ExtKeyUsageSyntax",
5593c8 
+			 &extendedasn);
5593c8 
+  if (result != ASN1_SUCCESS)
5593c8 
+    {
5593c8 
+      return grub_error (GRUB_ERR_OUT_OF_MEMORY,
5593c8 
+			 "Could not create ASN.1 structure for Extended Key Usage");
5593c8 
+    }
5593c8 
+
5593c8 
+  result = asn1_der_decoding2 (&extendedasn, value, &value_size,
5593c8 
+			       ASN1_DECODE_FLAG_STRICT_DER, asn1_error);
5593c8 
+  if (result != ASN1_SUCCESS)
5593c8 
+    {
5593c8 
+      err =
5593c8 
+	grub_error (GRUB_ERR_BAD_FILE_TYPE,
5593c8 
+		    "Error parsing DER for Extended Key Usage: %s",
5593c8 
+		    asn1_error);
5593c8 
+      goto cleanup;
5593c8 
+    }
5593c8 
+
5593c8 
+  /*
5593c8 
+   * If EKUs are present, there must be exactly 1 and it must be a
5593c8 
+   * codeSigning usage.
5593c8 
+   */
5593c8 
+  result = asn1_number_of_elements(extendedasn, "", &count);
5593c8 
+  if (result != ASN1_SUCCESS)
5593c8 
+    {
5593c8 
+      err =
5593c8 
+	grub_error (GRUB_ERR_BAD_FILE_TYPE,
5593c8 
+		    "Error counting number of Extended Key Usages: %s",
5593c8 
+		    asn1_strerror (result));
5593c8 
+      goto cleanup;
5593c8 
+    }
5593c8 
+
5593c8 
+  result = asn1_read_value (extendedasn, "?1", usage, &usage_size);
5593c8 
+  if (result != ASN1_SUCCESS)
5593c8 
+    {
5593c8 
+      err =
5593c8 
+	grub_error (GRUB_ERR_BAD_FILE_TYPE,
5593c8 
+		    "Error reading Extended Key Usage: %s",
5593c8 
+		    asn1_strerror (result));
5593c8 
+      goto cleanup;
5593c8 
+    }
5593c8 
+
5593c8 
+  if (grub_strncmp (codeSigningUsage_oid, usage, usage_size) != 0)
5593c8 
+    {
5593c8 
+      err =
5593c8 
+	grub_error (GRUB_ERR_BAD_FILE_TYPE,
5593c8 
+		    "Unexpected Extended Key Usage OID, got: %s",
5593c8 
+		    usage);
5593c8 
+      goto cleanup;
5593c8 
+    }
5593c8 
+
5593c8 
+cleanup:
5593c8 
+  asn1_delete_structure (&extendedasn);
5593c8 
+  return err;
5593c8 
+}
5593c8
5593c8 
 /*
5593c8 
  * Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
5593c8 
@@ -660,7 +737,7 @@ verify_extensions (asn1_node cert)
5593c8 
 {
5593c8 
   int result;
5593c8 
   int ext, num_extensions = 0;
5593c8 
-  int usage_present = 0, constraints_present = 0;
5593c8 
+  int usage_present = 0, constraints_present = 0, extended_usage_present = 0;
5593c8 
   char *oid_path, *critical_path, *value_path;
5593c8 
   char extnID[MAX_OID_LEN];
5593c8 
   int extnID_size;
5593c8 
@@ -754,6 +831,15 @@ verify_extensions (asn1_node cert)
5593c8 
 	    }
5593c8 
 	  constraints_present++;
5593c8 
 	}
5593c8 
+      else if (grub_strncmp (extendedKeyUsage_oid, extnID, extnID_size) == 0)
5593c8 
+	{
5593c8 
+	  err = verify_extended_key_usage (value, value_size);
5593c8 
+	  if (err != GRUB_ERR_NONE)
5593c8 
+	    {
5593c8 
+	      goto cleanup_value;
5593c8 
+	    }
5593c8 
+	  extended_usage_present++;
5593c8 
+	}
5593c8 
       else if (grub_strncmp ("TRUE", critical, critical_size) == 0)
5593c8 
 	{
5593c8 
 	  /*
5593c8 
@@ -785,6 +871,12 @@ verify_extensions (asn1_node cert)
5593c8 
 			 "Unexpected number of basic constraints extensions - expected 1, got %d",
5593c8 
 			 constraints_present);
5593c8 
     }
5593c8 
+  if (extended_usage_present > 1)
5593c8 
+    {
5593c8 
+      return grub_error (GRUB_ERR_BAD_FILE_TYPE,
5593c8 
+			 "Unexpected number of Extended Key Usage extensions - expected 0 or 1, got %d",
5593c8 
+			 extended_usage_present);
5593c8 
+    }
5593c8 
   return GRUB_ERR_NONE;
5593c8
5593c8 
 cleanup_value:
5593c8 
diff --git a/grub-core/tests/appended_signature_test.c b/grub-core/tests/appended_signature_test.c
1c6ba0 
index 88a485200d..dbba061662 100644
5593c8 
--- a/grub-core/tests/appended_signature_test.c
5593c8 
+++ b/grub-core/tests/appended_signature_test.c
5593c8 
@@ -111,6 +111,22 @@ static struct grub_procfs_entry certificate_printable_der_entry = {
5593c8 
   .get_contents = get_certificate_printable_der
5593c8 
 };
5593c8
5593c8 
+static char *
5593c8 
+get_certificate_eku_der (grub_size_t * sz)
5593c8 
+{
5593c8 
+  char *ret;
5593c8 
+  *sz = certificate_eku_der_len;
5593c8 
+  ret = grub_malloc (*sz);
5593c8 
+  if (ret)
5593c8 
+    grub_memcpy (ret, certificate_eku_der, *sz);
5593c8 
+  return ret;
5593c8 
+}
5593c8 
+
5593c8 
+static struct grub_procfs_entry certificate_eku_der_entry = {
5593c8 
+  .name = "certificate_eku.der",
5593c8 
+  .get_contents = get_certificate_eku_der
5593c8 
+};
5593c8 
+
5593c8
5593c8 
 static void
5593c8 
 do_verify (const char *f, int is_valid)
5593c8 
@@ -149,6 +165,7 @@ appended_signature_test (void)
5593c8 
   char *trust_args2[] = { (char *) "(proc)/certificate2.der", NULL };
5593c8 
   char *trust_args_printable[] = { (char *) "(proc)/certificate_printable.der",
5593c8 
 				   NULL };
5593c8 
+  char *trust_args_eku[] = { (char *) "(proc)/certificate_eku.der", NULL };
5593c8 
   char *distrust_args[] = { (char *) "1", NULL };
5593c8 
   char *distrust2_args[] = { (char *) "2", NULL };
5593c8 
   grub_err_t err;
5593c8 
@@ -157,6 +174,7 @@ appended_signature_test (void)
5593c8 
   grub_procfs_register ("certificate2.der", &certificate2_der_entry);
5593c8 
   grub_procfs_register ("certificate_printable.der",
5593c8 
 			&certificate_printable_der_entry);
5593c8 
+  grub_procfs_register ("certificate_eku.der", &certificate_eku_der_entry);
5593c8
5593c8 
   cmd_trust = grub_command_find ("trust_certificate");
5593c8 
   if (!cmd_trust)
5593c8 
@@ -266,16 +284,23 @@ appended_signature_test (void)
5593c8
5593c8 
   /*
5593c8 
    * Lastly, check a certificate that uses printableString rather than
5593c8 
-   * utf8String loads properly.
5593c8 
+   * utf8String loads properly, and that a certificate with an appropriate
5593c8 
+   * extended key usage loads.
5593c8 
    */
5593c8 
   err = (cmd_trust->func) (cmd_trust, 1, trust_args_printable);
5593c8 
   grub_test_assert (err == GRUB_ERR_NONE,
5593c8 
-		    "distrusting printable certificate failed: %d: %s",
5593c8 
+		    "trusting printable certificate failed: %d: %s",
5593c8 
+		    grub_errno, grub_errmsg);
5593c8 
+
5593c8 
+  err = (cmd_trust->func) (cmd_trust, 1, trust_args_eku);
5593c8 
+  grub_test_assert (err == GRUB_ERR_NONE,
5593c8 
+		    "trusting certificate with extended key usage failed: %d: %s",
5593c8 
 		    grub_errno, grub_errmsg);
5593c8
5593c8 
   grub_procfs_unregister (&certificate_der_entry);
5593c8 
   grub_procfs_unregister (&certificate2_der_entry);
5593c8 
   grub_procfs_unregister (&certificate_printable_der_entry);
5593c8 
+  grub_procfs_unregister (&certificate_eku_der_entry);
5593c8 
 }
5593c8
5593c8 
 GRUB_FUNCTIONAL_TEST (appended_signature_test, appended_signature_test);
5593c8 
diff --git a/grub-core/tests/appended_signatures.h b/grub-core/tests/appended_signatures.h
1c6ba0 
index aa3dc6278e..2e5ebd7d8b 100644
5593c8 
--- a/grub-core/tests/appended_signatures.h
5593c8 
+++ b/grub-core/tests/appended_signatures.h
5593c8 
@@ -555,3 +555,84 @@ unsigned char certificate_printable_der[] = {
5593c8 
   0xd2
5593c8 
 };
5593c8 
 unsigned int certificate_printable_der_len = 829;
5593c8 
+
5593c8 
+unsigned char certificate_eku_der[] = {
5593c8 
+  0x30, 0x82, 0x03, 0x90, 0x30, 0x82, 0x02, 0x78, 0xa0, 0x03, 0x02, 0x01,
5593c8 
+  0x02, 0x02, 0x09, 0x00, 0xd3, 0x9c, 0x41, 0x33, 0xdd, 0x6b, 0x5f, 0x45,
5593c8 
+  0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
5593c8 
+  0x0b, 0x05, 0x00, 0x30, 0x47, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55,
5593c8 
+  0x04, 0x03, 0x0c, 0x18, 0x52, 0x65, 0x64, 0x20, 0x48, 0x61, 0x74, 0x20,
5593c8 
+  0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x42, 0x6f, 0x6f, 0x74, 0x20,
5593c8 
+  0x43, 0x41, 0x20, 0x36, 0x31, 0x22, 0x30, 0x20, 0x06, 0x09, 0x2a, 0x86,
5593c8 
+  0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x13, 0x73, 0x65, 0x63,
5593c8 
+  0x61, 0x6c, 0x65, 0x72, 0x74, 0x40, 0x72, 0x65, 0x64, 0x68, 0x61, 0x74,
5593c8 
+  0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32,
5593c8 
+  0x31, 0x35, 0x31, 0x34, 0x30, 0x30, 0x34, 0x34, 0x5a, 0x17, 0x0d, 0x33,
5593c8 
+  0x38, 0x30, 0x31, 0x31, 0x37, 0x31, 0x34, 0x30, 0x30, 0x34, 0x34, 0x5a,
5593c8 
+  0x30, 0x4e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
5593c8 
+  0x1f, 0x52, 0x65, 0x64, 0x20, 0x48, 0x61, 0x74, 0x20, 0x53, 0x65, 0x63,
5593c8 
+  0x75, 0x72, 0x65, 0x20, 0x42, 0x6f, 0x6f, 0x74, 0x20, 0x53, 0x69, 0x67,
5593c8 
+  0x6e, 0x69, 0x6e, 0x67, 0x20, 0x36, 0x30, 0x32, 0x31, 0x22, 0x30, 0x20,
5593c8 
+  0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16,
5593c8 
+  0x13, 0x73, 0x65, 0x63, 0x61, 0x6c, 0x65, 0x72, 0x74, 0x40, 0x72, 0x65,
5593c8 
+  0x64, 0x68, 0x61, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22,
5593c8 
+  0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
5593c8 
+  0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a,
5593c8 
+  0x02, 0x82, 0x01, 0x01, 0x00, 0xaa, 0x6f, 0xbb, 0x92, 0x77, 0xd7, 0x15,
5593c8 
+  0xef, 0x88, 0x80, 0x88, 0xc0, 0xe7, 0x89, 0xeb, 0x35, 0x76, 0xf4, 0x85,
5593c8 
+  0x05, 0x0f, 0x19, 0xe4, 0x5f, 0x25, 0xdd, 0xc1, 0xa2, 0xe5, 0x5c, 0x06,
5593c8 
+  0xfb, 0xf1, 0x06, 0xb5, 0x65, 0x45, 0xcb, 0xbd, 0x19, 0x33, 0x54, 0xb5,
5593c8 
+  0x1a, 0xcd, 0xe4, 0xa8, 0x35, 0x2a, 0xfe, 0x9c, 0x53, 0xf4, 0xc6, 0x76,
5593c8 
+  0xdb, 0x1f, 0x8a, 0xd4, 0x7b, 0x18, 0x11, 0xaf, 0xa3, 0x90, 0xd4, 0xdd,
5593c8 
+  0x4d, 0xd5, 0x42, 0xcc, 0x14, 0x9a, 0x64, 0x6b, 0xc0, 0x7f, 0xaa, 0x1c,
5593c8 
+  0x94, 0x47, 0x4d, 0x79, 0xbd, 0x57, 0x9a, 0xbf, 0x99, 0x4e, 0x96, 0xa9,
5593c8 
+  0x31, 0x2c, 0xa9, 0xe7, 0x14, 0x65, 0x86, 0xc8, 0xac, 0x79, 0x5e, 0x78,
5593c8 
+  0xa4, 0x3c, 0x00, 0x24, 0xd3, 0xf7, 0xe1, 0xf5, 0x12, 0xad, 0xa0, 0x29,
5593c8 
+  0xe5, 0xfe, 0x80, 0xae, 0xf8, 0xaa, 0x60, 0x36, 0xe7, 0xe8, 0x94, 0xcb,
5593c8 
+  0xe9, 0xd1, 0xcc, 0x0b, 0x4d, 0xf7, 0xde, 0xeb, 0x52, 0xd2, 0x73, 0x09,
5593c8 
+  0x28, 0xdf, 0x48, 0x99, 0x53, 0x9f, 0xc5, 0x9a, 0xd4, 0x36, 0xa3, 0xc6,
5593c8 
+  0x5e, 0x8d, 0xbe, 0xd5, 0xdc, 0x76, 0xb4, 0x74, 0xb8, 0x26, 0x18, 0x27,
5593c8 
+  0xfb, 0xf2, 0xfb, 0xd0, 0x9b, 0x3d, 0x7f, 0x10, 0xe2, 0xab, 0x44, 0xc7,
5593c8 
+  0x88, 0x7f, 0xb4, 0x3d, 0x3e, 0xa3, 0xff, 0x6d, 0x06, 0x4b, 0x3e, 0x55,
5593c8 
+  0xb2, 0x84, 0xf4, 0xad, 0x54, 0x88, 0x81, 0xc3, 0x9c, 0xf8, 0xb6, 0x68,
5593c8 
+  0x96, 0x38, 0x8b, 0xcd, 0x90, 0x6d, 0x25, 0x4b, 0xbf, 0x0c, 0x44, 0x90,
5593c8 
+  0xa5, 0x5b, 0x98, 0xd0, 0x40, 0x2f, 0xbb, 0x0d, 0xa8, 0x4b, 0x8a, 0x62,
5593c8 
+  0x82, 0x46, 0x46, 0x18, 0x38, 0xae, 0x82, 0x07, 0xd0, 0xb4, 0x2f, 0x16,
5593c8 
+  0x79, 0x55, 0x9f, 0x1b, 0xc5, 0x08, 0x6d, 0x85, 0xdf, 0x3f, 0xa9, 0x9b,
5593c8 
+  0x4b, 0xc6, 0x28, 0xd3, 0x58, 0x72, 0x3d, 0x37, 0x11, 0x02, 0x03, 0x01,
5593c8 
+  0x00, 0x01, 0xa3, 0x78, 0x30, 0x76, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d,
5593c8 
+  0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0e, 0x06, 0x03,
5593c8 
+  0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x07, 0x80,
5593c8 
+  0x30, 0x16, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x0c,
5593c8 
+  0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03,
5593c8 
+  0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x6c,
5593c8 
+  0xe4, 0x6c, 0x27, 0xaa, 0xcd, 0x0d, 0x4b, 0x74, 0x21, 0xa4, 0xf6, 0x5f,
5593c8 
+  0x87, 0xb5, 0x31, 0xfe, 0x10, 0xbb, 0xa7, 0x30, 0x1f, 0x06, 0x03, 0x55,
5593c8 
+  0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xe8, 0x6a, 0x1c, 0xab,
5593c8 
+  0x2c, 0x48, 0xf9, 0x60, 0x36, 0xa2, 0xf0, 0x7b, 0x8e, 0xd2, 0x9d, 0xb4,
5593c8 
+  0x2a, 0x28, 0x98, 0xc8, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
5593c8 
+  0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
5593c8 
+  0x55, 0x34, 0xe2, 0xfa, 0xf6, 0x89, 0x86, 0xad, 0x92, 0x21, 0xec, 0xb9,
5593c8 
+  0x54, 0x0e, 0x18, 0x47, 0x0d, 0x1b, 0xa7, 0x58, 0xad, 0x69, 0xe4, 0xef,
5593c8 
+  0x3b, 0xe6, 0x8d, 0xdd, 0xda, 0x0c, 0x45, 0xf6, 0xe8, 0x96, 0xa4, 0x29,
5593c8 
+  0x0f, 0xbb, 0xcf, 0x16, 0xae, 0x93, 0xd0, 0xcb, 0x2a, 0x26, 0x1a, 0x7b,
5593c8 
+  0xfc, 0x51, 0x22, 0x76, 0x98, 0x31, 0xa7, 0x0f, 0x29, 0x35, 0x79, 0xbf,
5593c8 
+  0xe2, 0x4f, 0x0f, 0x14, 0xf5, 0x1f, 0xcb, 0xbf, 0x87, 0x65, 0x13, 0x32,
5593c8 
+  0xa3, 0x19, 0x4a, 0xd1, 0x3f, 0x45, 0xd4, 0x4b, 0xe2, 0x00, 0x26, 0xa9,
5593c8 
+  0x3e, 0xd7, 0xa5, 0x37, 0x9f, 0xf5, 0xad, 0x61, 0xe2, 0x40, 0xa9, 0x74,
5593c8 
+  0x24, 0x53, 0xf2, 0x78, 0xeb, 0x10, 0x9b, 0x2c, 0x27, 0x88, 0x46, 0xcb,
5593c8 
+  0xe4, 0x60, 0xca, 0xf5, 0x06, 0x24, 0x40, 0x2a, 0x97, 0x3a, 0xcc, 0xd0,
5593c8 
+  0x81, 0xb1, 0x15, 0xa3, 0x4f, 0xd0, 0x2b, 0x4f, 0xca, 0x6e, 0xaa, 0x24,
5593c8 
+  0x31, 0xb3, 0xac, 0xa6, 0x75, 0x05, 0xfe, 0x8a, 0xf4, 0x41, 0xc4, 0x06,
5593c8 
+  0x8a, 0xc7, 0x0a, 0x83, 0x4e, 0x49, 0xd4, 0x3f, 0x83, 0x50, 0xec, 0x57,
5593c8 
+  0x04, 0x97, 0x14, 0x49, 0xf5, 0xe1, 0xb1, 0x7a, 0x9c, 0x09, 0x4f, 0x61,
5593c8 
+  0x87, 0xc3, 0x97, 0x22, 0x17, 0xc2, 0xeb, 0xcc, 0x32, 0x81, 0x31, 0x21,
5593c8 
+  0x3f, 0x10, 0x57, 0x5b, 0x43, 0xbe, 0xcd, 0x68, 0x82, 0xbe, 0xe5, 0xc1,
5593c8 
+  0x65, 0x94, 0x7e, 0xc2, 0x34, 0x76, 0x2b, 0xcf, 0x89, 0x3c, 0x2b, 0x81,
5593c8 
+  0x23, 0x72, 0x95, 0xcf, 0xc9, 0x67, 0x19, 0x2a, 0xd5, 0x5c, 0xca, 0xa3,
5593c8 
+  0x46, 0xbd, 0x48, 0x06, 0x0b, 0xa6, 0xa3, 0x96, 0x50, 0x28, 0xc7, 0x7e,
5593c8 
+  0xcf, 0x62, 0xf2, 0xfa, 0xc4, 0xf2, 0x53, 0xe3, 0xc9, 0xe8, 0x2e, 0xdd,
5593c8 
+  0x29, 0x37, 0x07, 0x47, 0xff, 0xff, 0x8a, 0x32, 0xbd, 0xa2, 0xb7, 0x21,
5593c8 
+  0x89, 0xa0, 0x55, 0xf7
5593c8 
+};
5593c8 
+unsigned int certificate_eku_der_len = 916;

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation