Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OCSP nextupdate #296

Merged
merged 5 commits into from
Mar 10, 2024
Merged

OCSP nextupdate #296

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
8e5a8f3
validate_ocsp_response should return nextUpdate if available
ElvinEfendi Apr 18, 2020
ac9044b
add test
ElvinEfendi Apr 18, 2020
7a584e0
add two new OCSP tests and their required fixtures
ElvinEfendi Apr 18, 2020
c11d28d
temporary: switch to patched fork for demo
ElvinEfendi Apr 21, 2020
8a5ac6e
more fixes.
zhuizhuhaomeng Mar 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .travis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ install:
- git clone /~https://github.com/openresty/openresty.git ../openresty
- git clone /~https://github.com/openresty/openresty-devel-utils.git
- git clone /~https://github.com/simpl/ngx_devel_kit.git ../ndk-nginx-module
- git clone /~https://github.com/openresty/lua-nginx-module.git ../lua-nginx-module
- git clone -b ocsp-nextupdate /~https://github.com/ElvinEfendi/lua-nginx-module.git ../lua-nginx-module
- git clone /~https://github.com/openresty/no-pool-nginx.git ../no-pool-nginx
- git clone /~https://github.com/openresty/echo-nginx-module.git ../echo-nginx-module
- git clone /~https://github.com/openresty/lua-resty-lrucache.git
Expand Down
18 changes: 13 additions & 5 deletions lib/ngx/ocsp.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ base.allows_subsystem('http')

local ffi = require "ffi"
local C = ffi.C
local ffi_new = ffi.new
local ffi_str = ffi.string
local get_request = base.get_request
local error = error
Expand All @@ -30,7 +31,7 @@ int ngx_http_lua_ffi_ssl_create_ocsp_request(const char *chain_data,

int ngx_http_lua_ffi_ssl_validate_ocsp_response(const unsigned char *resp,
size_t resp_len, const char *chain_data, size_t chain_len,
unsigned char *errbuf, size_t *errbuf_size);
unsigned char *errbuf, size_t *errbuf_size, long *valid);

int ngx_http_lua_ffi_ssl_set_ocsp_status_resp(ngx_http_request_t *r,
const unsigned char *resp, size_t resp_len, char **err);
Expand Down Expand Up @@ -98,8 +99,9 @@ function _M.create_ocsp_request(certs, maxlen)
end


function _M.validate_ocsp_response(resp, chain, max_errmsg_len)
local next_update_p = ffi_new("long[1]")

function _M.validate_ocsp_response(resp, chain, max_errmsg_len)
local errbuf_size = max_errmsg_len
if not errbuf_size then
errbuf_size = get_string_buf_size()
Expand All @@ -109,11 +111,17 @@ function _M.validate_ocsp_response(resp, chain, max_errmsg_len)
local sizep = get_size_ptr()
sizep[0] = errbuf_size

local rc = C.ngx_http_lua_ffi_ssl_validate_ocsp_response(
resp, #resp, chain, #chain, errbuf, sizep)
local rc = C.ngx_http_lua_ffi_ssl_validate_ocsp_response(resp, #resp,
chain, #chain,
errbuf, sizep,
next_update_p)

if rc == FFI_OK then
return true
local next_update = tonumber(next_update_p[0])
if next_update == 0 then
next_update = nil
end
return true, next_update
end

-- rc == FFI_ERROR
Expand Down
43 changes: 43 additions & 0 deletions t/cert/ocsp/cfssl/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
Following steps require /~https://github.com/cloudflare/cfssl

Initiate CA by creating root certificate pair:

```
cfssl gencert -initca ca_csr.json | cfssljson -bare ca
```

Continue with intermediate certificate pair for signing:

```
cfssl gencert -ca ca.pem -ca-key ca-key.pem -config=cfssl_config.json -profile=intermediate intermediate_ca_csr.json | cfssljson -bare intermediate_ca
```

Also create OCSP certificate pair to sign OCSP responses:

```
cfssl gencert -ca intermediate_ca.pem -ca-key intermediate_ca-key.pem -config=cfssl_config.json -profile=ocsp ocsp_csr.json | cfssljson -bare ocsp
```

Create a leaf certificate:

```
cfssl gencert -ca intermediate_ca.pem -ca-key intermediate_ca-key.pem -config cfssl_config.json -profile server leaf_csr.json | cfssljson -bare leaf
```

Create an OCSP response for the certificate:

```
cfssl ocspsign -ca intermediate_ca.pem -responder ocsp.pem -responder-key ocsp-key.pem -cert leaf.pem -status good | cfssljson -bare ocsp-response-good
```

Bundle certificate to be installed at Nginx:

```
cat leaf.pem intermediate_ca.pem ca.pem > leaf-bundle.pem
```

Inspect OCSP response to see what is the Next Update:

```
openssl ocsp -text -no_cert_verify -respin t/cert/ocsp/cfssl/ocsp-response-good-response.der | grep "Next Update"
```
27 changes: 27 additions & 0 deletions t/cert/ocsp/cfssl/ca-key.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA4U+dsu8CAV+Tyhn+z1UFSJ6H7CUQuq7AeGH5df3D8nEyW83N
8NjImED3SJkns8vzwHLP/7/UqPPDWZLu/KlIaI2740W3Zin4Eq4b9Tfbu+HTI+Cf
Vo461WlKMnKGG7nzmElSRA04cQm/M/LhajQS7EwM0Hto+GEGGLjJSVMOPY3zvnqu
bRMWfzGn5cMON9bVclZHnVwhwNeR9EMYwCpN/mgXjFlC2O5vHPjM7etRn2c3EIXP
370YQ0iC2UkUB4ttX9d13obwqqprTyZH9Fl1X1XuyJLIMB5ahawyck7Jf9NB2dAJ
9udilGEO1uLiY6StbYF/9IxvW47QtFN5z+ukFwIDAQABAoIBAQDZ5TlJlsOFuH0g
8sruj/awKECjK6VmJSKWSYoLhgM+MCLXjc0go0Y7mHiNiTBQPWnaMC7f0xFC45uE
wQjG6J/SHWAbh4y6DNSQnDkFiaPDq72Z8N2nw506Tr0m1ILFxavDFwWsMmznRNnY
z4cYQowaYeHyrabyrkJLHknr05ruAs2hflAbRqVXICdF7NoubPmKEb+LCd0jyzPo
hITUtkIEssBW1zXacnAoMG+IWZOWJsbW8QtGsEfuABeHdKq1VX07XSe5tO/9KnYw
E2QZq0bncytKiiN6OzTCFROnzc8F4YYxxlOm5klNsRKFBNh6wm7KwEMT/eA6gcbo
WkT/EpMhAoGBAOwL3YqD6fxTOnEXhKgEo+dKzAUutsdRPvV1a+OSgfn/KDCaPm90
UbUARyz+x+DNBmS7muClCALCoQNkb5IRgSzVAckuRpanadtT5TLSSxQFP8LCoHSQ
evPgwtPFHUWdgudEh5Oz20sblGyml0jtkDbmh0bRDz5xdQudr9q8IPBFAoGBAPRb
bvmCeYsEke9zN6lZceBP6wfQLVeJhqV+63JG/qAMzUR4KD+/gfH0XWLDLA1pbp2C
VYrZl6LhBx9DKuU8HCzsxA0uBvTx+JJUfxcuPZ6fX5/kD4Npvta7nsjJ+nmDR29l
Q4dJMe3u/abNDGOc+RqPQN5F+rXM3Yx/7SkQj+6rAoGAeB8Fq8K7pUuZdwnX2UUb
P83hi1WdcEsZNgJ+V/4rpNRDWJB163QPTIQKtIwnnW/YrBSImX+CVx1CoR5QZM4B
pZX0ZbPl+i7SAOptvfIkgNi2/N7cltUbrNYZb3llDxM8FYLbV7/0fgFYA/63CEbU
2Atylgg3sLg+Lx4c6rxIKt0CgYEAjCA6vV5y8KOIRHYf/z9JrEZoEyzwM3ir/A+S
WRAZSBLPS2pUOmpJzERDoTUm9/Hz+uMYxu0MpdzBRs4vtREJX0HPE3fHiYOQ9ej6
kIJ115axMXGI6+UiCOXCooYg2rnLpze8x8HTngwk7Rg8+Iq11uM7YbtjkAmRKtbZ
W2kiAM0CgYBsDwsSIHT6FsogaxHMejv88UKmqIiAIKudtU3jdfRVGE938WPpfyuL
1+iYI3eWyHzBvco4Ghv2icnWOC+DS5XBP3s9D3ueVEh8j/49bd/4mUeyiZMB5Pdr
/tAqEyeNU5iYf5XwQwPUm6QMRkCCVwM3kSLkhyWF2wPE/XhVsIKxZQ==
-----END RSA PRIVATE KEY-----
17 changes: 17 additions & 0 deletions t/cert/ocsp/cfssl/ca.csr
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICwTCCAakCAQAwfDELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDzAN
BgNVBAcTBk90dGF3YTESMBAGA1UEChMJTHVhIE5naW54MRowGAYDVQQLExFMdWEg
TmdpbnggUm9vdCBDQTEaMBgGA1UEAxMRTHVhIE5naW54IFJvb3QgQ0EwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhT52y7wIBX5PKGf7PVQVInofsJRC6
rsB4Yfl1/cPycTJbzc3w2MiYQPdImSezy/PAcs//v9So88NZku78qUhojbvjRbdm
KfgSrhv1N9u74dMj4J9WjjrVaUoycoYbufOYSVJEDThxCb8z8uFqNBLsTAzQe2j4
YQYYuMlJUw49jfO+eq5tExZ/Maflww431tVyVkedXCHA15H0QxjAKk3+aBeMWULY
7m8c+Mzt61GfZzcQhc/fvRhDSILZSRQHi21f13XehvCqqmtPJkf0WXVfVe7Iksgw
HlqFrDJyTsl/00HZ0An252KUYQ7W4uJjpK1tgX/0jG9bjtC0U3nP66QXAgMBAAGg
ADANBgkqhkiG9w0BAQsFAAOCAQEACSfvzpO2ENkOEPDznNPHLXIPpNwdxBXoJPNs
61vIMK4t5qBraAqUTrw2hCs/7CEez0TDCCiZkHNzwpSzKmFBh98D4rdaGTdrN3XG
NaZd7yacQ2ZB+vY45GbM5LNqXfKA4uwISqEKL8nFWkwQceTF52L9rIJTwcBjUcQg
23iU1fjsDFXuSP+RxL4hsO2imcrQHuouIW0/iQW3ZB7gYLqN+OqOm0Fj369UeFUo
I0NAGt1u3p+oxQ22FfoZJ2F9jDVvzRJe9TE+KrZv7QhRNQftSOu86m6EqjZKP88k
zGIuY6NB4N1K1fua6Rh/or68ERvT4aPIvzLklzCSbzS1qsR0Bw==
-----END CERTIFICATE REQUEST-----
23 changes: 23 additions & 0 deletions t/cert/ocsp/cfssl/ca.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIIDyDCCArCgAwIBAgIUUw9rlqc2DnJNFZ9gw/zRLPRQ4zMwDQYJKoZIhvcNAQEL
BQAwfDELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDzANBgNVBAcTBk90
dGF3YTESMBAGA1UEChMJTHVhIE5naW54MRowGAYDVQQLExFMdWEgTmdpbnggUm9v
dCBDQTEaMBgGA1UEAxMRTHVhIE5naW54IFJvb3QgQ0EwHhcNMjQwMzEwMTQxODAw
WhcNMjkwMzA5MTQxODAwWjB8MQswCQYDVQQGEwJDQTEQMA4GA1UECBMHT250YXJp
bzEPMA0GA1UEBxMGT3R0YXdhMRIwEAYDVQQKEwlMdWEgTmdpbngxGjAYBgNVBAsT
EUx1YSBOZ2lueCBSb290IENBMRowGAYDVQQDExFMdWEgTmdpbnggUm9vdCBDQTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOFPnbLvAgFfk8oZ/s9VBUie
h+wlELquwHhh+XX9w/JxMlvNzfDYyJhA90iZJ7PL88Byz/+/1Kjzw1mS7vypSGiN
u+NFt2Yp+BKuG/U327vh0yPgn1aOOtVpSjJyhhu585hJUkQNOHEJvzPy4Wo0EuxM
DNB7aPhhBhi4yUlTDj2N8756rm0TFn8xp+XDDjfW1XJWR51cIcDXkfRDGMAqTf5o
F4xZQtjubxz4zO3rUZ9nNxCFz9+9GENIgtlJFAeLbV/Xdd6G8Kqqa08mR/RZdV9V
7siSyDAeWoWsMnJOyX/TQdnQCfbnYpRhDtbi4mOkrW2Bf/SMb1uO0LRTec/rpBcC
AwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
BBYEFOnsOYUW8U3ak+h1LUisz1czYQo+MA0GCSqGSIb3DQEBCwUAA4IBAQDHySN4
lWLHa12vYPvRVLNeWq3RaHQfKc2F2PhHriGCegY4lyZJqfC0XGI4LBnJ5GK//D0B
Hb8jcbGyortGBEwGuqjuOMdv0HOWibqZ7LPZ98GegtAjAJWMp/sQXkIYiRM8hlNC
pl9Vp9vsnUjfCrMaLVkZCC2Nwixc5mhSeH0aYHxxFwqh88oWbXzW7xobcTaYx/1P
kPdCy+jiBMCZII7J1u/e1B0J1VFad+IVJpQW+DzVIzJz9ClNAsJZjx1BBwIJGGEZ
fS1XXw+HgGeH2cVFnThMy0PIvx70b//GxEoXwuJhL2+z/tNhRRBN2eMa2zrZS94k
z+yCDRXP/rDxf+b7
-----END CERTIFICATE-----
16 changes: 16 additions & 0 deletions t/cert/ocsp/cfssl/ca_csr.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{
"CN": "Lua Nginx Root CA",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CA",
"L": "Ottawa",
"O": "Lua Nginx",
"OU": "Lua Nginx Root CA",
"ST": "Ontario"
}
]
}
Binary file added t/cert/ocsp/cfssl/cert-response.der
View file
Open in desktop
Binary file not shown.
32 changes: 32 additions & 0 deletions t/cert/ocsp/cfssl/cfssl_config.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
{
"signing": {
"default": {
"ocsp_url": "https://ocsp-responder.test",
"expiry": "2190000h",
"usages": [
"signing",
"key encipherment",
"client auth"
]
},
"profiles": {
"ocsp": {
"usages": ["digital signature", "ocsp signing"],
"expiry": "876000h"
},
"intermediate": {
"usages": ["cert sign", "crl sign"],
"expiry": "2190000h",
"ca_constraint": {"is_ca": true}
},
"server": {
"usages": ["signing", "key encipherment", "server auth"],
"expiry": "876000h"
},
"client": {
"usages": ["signing", "key encipherment", "client auth"],
"expiry": "876000h"
}
}
}
}
27 changes: 27 additions & 0 deletions t/cert/ocsp/cfssl/intermediate_ca-key.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAncpy3Iqw4E71BI2Bt5P1+70lHHt2sBvFu9UM0+6z/mwSqi1B
/APeSDAEpUptQTPk2gdaJB2G1IpH5pcYU6I+YOzQ02XPmtlRlFxizP3lx8f6JJnM
w194YD3JOayz9n+njKfonS2/EwpetopCKrHwh0FsQd0qHx78RuojTKMr2LNzBfyt
UujVyM/AR1nPMh85g+Tvr9FRzEaVSpD8r2x3erJ3AtdSbYCsIEqEGPWX82IvFQjQ
zm26bQoZjYl1sNa36+c5Sah9RtV3fkkiGM/fsXPcMJo97zd8Jg4ZkqAaM6zscRTB
v13neSYEIMt9835jJxh8aWja4pYF/5bW6EsfQwIDAQABAoIBAH5z5PMbbr6EaFV6
tg8R05soLNqTkz11NFTgW4RokvT9VUPuOyglTXkaik6Qw9fyJ6AXLkUtKIWiQBbq
1cMIjecNQhl4SRT2visgkslnXENr3uqAGxojo4u1WFMRNbQA/5x4X7G/HJa8w8SU
Loyax4ENjB2IiZ4hLdoC/8EGLzhc7VP6BhlYekeU35188VEyVk4Ls/6QTlqgFz/X
4DXOPNVeTtRap/6YtzTjmgrzP5aIqZA++qZMmRGVHoasb/f8qAXS3gyMXae1xpMA
XFv6DGwd2P3V9LGPuy9MppB6MNSB3pJFGHtoodY7wI39t+omQmHhJQTIDWBMJGE1
Ml4gO7ECgYEAyx8kC01gT5uBh/grI3isgqWOYlAm7F2kpyupK8XMlnD6m1BmTQh7
rjlwbPQDDwTOsfcJY0UDnyRKKmUJvcZsJzEQfysl8tJO5/15SxXg44hBE0c2eqBb
WsBIR0TKtocp+BdSClJu++QTUYSdPmaLqi9F7lnIeNcf+iLRR4CqdnkCgYEAxt5G
jTEy5TH0b3vkGIqJBDOLbsRccCGmx9f4WCejJsQRyXbSgRKGPjWlG5UCeJW1LxN+
+j64bJDudBRqzgcuVZVdu/+k6vl6at1VxIRWd9MRuOk9JYf+YMvxR+i6dml0BPna
D3npryH0iXQHu4IO6F1PtNiCG7ouPZeyL+g3hJsCgYBuolePkGWU9q5m0NUuTNwp
jOMwyVdqBtdX9n/+R45XotHdJr2R170F+GMz9PR1ibjLVjLWzxBZ7fo3fTEBHMJr
1l2V5nqU99fipD0cmJ4VUHGhfng98nnPxEuaBe4j3RsO9iTJWnz41hFvpTvAcTpB
R95fJKf8qa/RHoW+3GX8gQKBgFLa/xgKfIMDei0MuC8FYSrP8vL2evD5BEzVDZJl
CVO4cxS2HeRK/IVkwmKohbwJ29A+VjQa96m8BK12aD1ovoRH1CLk0yhXQwrNJtPW
s1P/K64X9zLw4yofLmrgave03fLIynKSP6uJASJXpnUYLe/gGLpnTmYQ/v0Ie+P7
402rAoGBAKdrA+ZpL0gY1D/RZ34OokkcA+xiR5jyUODM4L95gJVuKz+N1IZN9DiV
6oPBnSg24nxBHAdAKco0qQUOZtsvfiZCkZbMxcKaz7kI/ovttREZ4BQY74pga6Hk
oCUHskJ9jhaei57irMB4VU68ZY33+NqXS+yPIR1XoKpmeipjaLQH
-----END RSA PRIVATE KEY-----
18 changes: 18 additions & 0 deletions t/cert/ocsp/cfssl/intermediate_ca.csr
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIC0jCCAboCAQAwgYwxCzAJBgNVBAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlvMQ8w
DQYDVQQHEwZPdHRhd2ExEjAQBgNVBAoTCUx1YSBOZ2lueDEiMCAGA1UECxMZTHVh
IE5naW54IEludGVybWVkaWF0ZSBDQTEiMCAGA1UEAxMZTHVhIE5naW54IEludGVy
bWVkaWF0ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ3KctyK
sOBO9QSNgbeT9fu9JRx7drAbxbvVDNPus/5sEqotQfwD3kgwBKVKbUEz5NoHWiQd
htSKR+aXGFOiPmDs0NNlz5rZUZRcYsz95cfH+iSZzMNfeGA9yTmss/Z/p4yn6J0t
vxMKXraKQiqx8IdBbEHdKh8e/EbqI0yjK9izcwX8rVLo1cjPwEdZzzIfOYPk76/R
UcxGlUqQ/K9sd3qydwLXUm2ArCBKhBj1l/NiLxUI0M5tum0KGY2JdbDWt+vnOUmo
fUbVd35JIhjP37Fz3DCaPe83fCYOGZKgGjOs7HEUwb9d53kmBCDLffN+YycYfGlo
2uKWBf+W1uhLH0MCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBWJcqNaqgqKDdy
xsGJpK3oriWE+caQnM51OGLjSBqyUfGf9ObgvKIQWbsPL6uMtgldf3Ctb1tjrKcz
0Fe6I8Ea8zrHrwg+gpx5M+O8ZVQmdM6kCYvX0/fMLM3p8NKBG1ZInf5N/Q6ACIVw
hkmjmgGIJ4Wqlgvc+qOr4P0AmNJytNh1fn9evRGeZ3cskdgLXqqV5fC8a+3EwcgU
X6Wb5eNDRDnA6cOqnwBY6ovxoGAHhinOtMkcD1X4I5zfvkBNfUZiimewQHS/xjW3
4Pst9Cj7aOSfblKo5+4LJ8fZFvgap9Yyf+JwmvpZYXidwGQQkU3YuXxPSsEaNYYA
HKk+W7eh
-----END CERTIFICATE REQUEST-----
25 changes: 25 additions & 0 deletions t/cert/ocsp/cfssl/intermediate_ca.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
-----BEGIN CERTIFICATE-----
MIIENTCCAx2gAwIBAgIUQDB0IZF7HnvGlF2VrPKOW/M04mYwDQYJKoZIhvcNAQEL
BQAwfDELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDzANBgNVBAcTBk90
dGF3YTESMBAGA1UEChMJTHVhIE5naW54MRowGAYDVQQLExFMdWEgTmdpbnggUm9v
dCBDQTEaMBgGA1UEAxMRTHVhIE5naW54IFJvb3QgQ0EwHhcNMjQwMzEwMTQxODAw
WhcNNDkwMzA0MTQxODAwWjCBjDELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFy
aW8xDzANBgNVBAcTBk90dGF3YTESMBAGA1UEChMJTHVhIE5naW54MSIwIAYDVQQL
ExlMdWEgTmdpbnggSW50ZXJtZWRpYXRlIENBMSIwIAYDVQQDExlMdWEgTmdpbngg
SW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
ncpy3Iqw4E71BI2Bt5P1+70lHHt2sBvFu9UM0+6z/mwSqi1B/APeSDAEpUptQTPk
2gdaJB2G1IpH5pcYU6I+YOzQ02XPmtlRlFxizP3lx8f6JJnMw194YD3JOayz9n+n
jKfonS2/EwpetopCKrHwh0FsQd0qHx78RuojTKMr2LNzBfytUujVyM/AR1nPMh85
g+Tvr9FRzEaVSpD8r2x3erJ3AtdSbYCsIEqEGPWX82IvFQjQzm26bQoZjYl1sNa3
6+c5Sah9RtV3fkkiGM/fsXPcMJo97zd8Jg4ZkqAaM6zscRTBv13neSYEIMt9835j
Jxh8aWja4pYF/5bW6EsfQwIDAQABo4GdMIGaMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBTyYaPSfXE2gAY8vzZpIIYNOonSdDAfBgNV
HSMEGDAWgBTp7DmFFvFN2pPodS1IrM9XM2EKPjA3BggrBgEFBQcBAQQrMCkwJwYI
KwYBBQUHMAGGG2h0dHBzOi8vb2NzcC1yZXNwb25kZXIudGVzdDANBgkqhkiG9w0B
AQsFAAOCAQEAxiW331eII3W71aedBZPTH1c1axyHoN+hkWb8hL3Whg0K2ftm6SKJ
uIi4dIYc9qbjfvIpbC/jkMGdy5tWu4m0RNBESIKc//kce0NBOQDUXH3Qp8G7qhUx
J+MvAsDey4Iv/Jh1olwgiB7lVIm7gwdQSzY0XcFfxKJ+lvckv3sh8oI5/zprkJ0n
y1QIrsJ1fB0maOtxF/DF2u4s2h2REPqvAIrxXZmnog+DOwG7vwjWcosEsX9qQJC7
Ho8X6+vHUENW9tpvlCmG+Nrci7T+p5s2DLUrq5gcmZkNGhCdjk3gMyeBjYgRTXUI
5KutV99z9qVO2wNB7HQz1/Q5Y5cB4Nr4Jw==
-----END CERTIFICATE-----
16 changes: 16 additions & 0 deletions t/cert/ocsp/cfssl/intermediate_ca_csr.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{
"CN": "Lua Nginx Intermediate CA",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CA",
"L": "Ottawa",
"O": "Lua Nginx",
"OU": "Lua Nginx Intermediate CA",
"ST": "Ontario"
}
]
}
74 changes: 74 additions & 0 deletions t/cert/ocsp/cfssl/leaf-bundle.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
-----BEGIN CERTIFICATE-----
MIIEYjCCA0qgAwIBAgIUAoYyuXu96S6RvXoSk2udnewBcmMwDQYJKoZIhvcNAQEL
BQAwgYwxCzAJBgNVBAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlvMQ8wDQYDVQQHEwZP
dHRhd2ExEjAQBgNVBAoTCUx1YSBOZ2lueDEiMCAGA1UECxMZTHVhIE5naW54IElu
dGVybWVkaWF0ZSBDQTEiMCAGA1UEAxMZTHVhIE5naW54IEludGVybWVkaWF0ZSBD
QTAgFw0yNDAzMTAxNDI3MDBaGA8yMTI0MDIxNTE0MjcwMFowcjELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28x
ETAPBgNVBAoTCEN1c3RvbWVyMRAwDgYDVQQLEwdXZWJzaXRlMREwDwYDVQQDEwh0
ZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPbhwznauUQ4
K7smP0GUX7a4toKxMboTr0NNMMDlA+98dKMMWhSe3/eJUqUr0zFF59rFqwA1bWUK
i67zHbIZnlWvfFV8lq2QuXt5CBeUBAT00YHdPb6pdYdWHZ32tSuqJpAVEqtbuya6
K85hBMT37yfxu58LreGSkKvwVOBoKFQzHZVDvYRs+hX8mHBqhAy0AiNfrf3AbdqD
sI1p8YPr2k8varTE6lpUlhcO+dYnZHhyC8mDk5AD0kAgsnH0VvmRZwZPZmcmkeM0
aZJFdi++wmetlSv9DpEDzSVNHRuQaHEyq70jq/WKFJUlGtu6i/GhsGciSHnGfmXD
qWGabXGX3L0CAwEAAaOB0jCBzzAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYI
KwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUmZFUgNg7zMS9YorjH6KC
hHmgmE0wHwYDVR0jBBgwFoAU8mGj0n1xNoAGPL82aSCGDTqJ0nQwNwYIKwYBBQUH
AQEEKzApMCcGCCsGAQUFBzABhhtodHRwczovL29jc3AtcmVzcG9uZGVyLnRlc3Qw
IQYDVR0RBBowGIIIdGVzdC5jb22CDHd3dy50ZXN0LmNvbTANBgkqhkiG9w0BAQsF
AAOCAQEAfCbc7XXaLVMt0JCOcON4yzY+0GZ9RG6O/QBTFd25YfUxruvIHaDTcuAK
tO8Q/iO/jybOHau9mwzwBe2aHhlKGYMJyvXlsQrGspcFsoyX8m5oXH3mBQhw1YhK
cjNZGDNq4c8m+2EU2nFmHAQd+/inGg3N4dtBLdiE8jlhb+Cfdaa1l7YRHgD4KafY
Oj5udG6FuOypcRoRerkUmizpgGofErHXmfTo14uo4FNxOhjJ57JPEBpf1Xq61k2L
QTptCbpSij4ElgWMAhNhBRpp11nfg37vP/wbxOInZK4oCzf3s0OAlKvCc01QBvIr
K59xzh9DRxpLjHsXphp9/XcFIlXfwQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIENTCCAx2gAwIBAgIUQDB0IZF7HnvGlF2VrPKOW/M04mYwDQYJKoZIhvcNAQEL
BQAwfDELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDzANBgNVBAcTBk90
dGF3YTESMBAGA1UEChMJTHVhIE5naW54MRowGAYDVQQLExFMdWEgTmdpbnggUm9v
dCBDQTEaMBgGA1UEAxMRTHVhIE5naW54IFJvb3QgQ0EwHhcNMjQwMzEwMTQxODAw
WhcNNDkwMzA0MTQxODAwWjCBjDELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFy
aW8xDzANBgNVBAcTBk90dGF3YTESMBAGA1UEChMJTHVhIE5naW54MSIwIAYDVQQL
ExlMdWEgTmdpbnggSW50ZXJtZWRpYXRlIENBMSIwIAYDVQQDExlMdWEgTmdpbngg
SW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
ncpy3Iqw4E71BI2Bt5P1+70lHHt2sBvFu9UM0+6z/mwSqi1B/APeSDAEpUptQTPk
2gdaJB2G1IpH5pcYU6I+YOzQ02XPmtlRlFxizP3lx8f6JJnMw194YD3JOayz9n+n
jKfonS2/EwpetopCKrHwh0FsQd0qHx78RuojTKMr2LNzBfytUujVyM/AR1nPMh85
g+Tvr9FRzEaVSpD8r2x3erJ3AtdSbYCsIEqEGPWX82IvFQjQzm26bQoZjYl1sNa3
6+c5Sah9RtV3fkkiGM/fsXPcMJo97zd8Jg4ZkqAaM6zscRTBv13neSYEIMt9835j
Jxh8aWja4pYF/5bW6EsfQwIDAQABo4GdMIGaMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBTyYaPSfXE2gAY8vzZpIIYNOonSdDAfBgNV
HSMEGDAWgBTp7DmFFvFN2pPodS1IrM9XM2EKPjA3BggrBgEFBQcBAQQrMCkwJwYI
KwYBBQUHMAGGG2h0dHBzOi8vb2NzcC1yZXNwb25kZXIudGVzdDANBgkqhkiG9w0B
AQsFAAOCAQEAxiW331eII3W71aedBZPTH1c1axyHoN+hkWb8hL3Whg0K2ftm6SKJ
uIi4dIYc9qbjfvIpbC/jkMGdy5tWu4m0RNBESIKc//kce0NBOQDUXH3Qp8G7qhUx
J+MvAsDey4Iv/Jh1olwgiB7lVIm7gwdQSzY0XcFfxKJ+lvckv3sh8oI5/zprkJ0n
y1QIrsJ1fB0maOtxF/DF2u4s2h2REPqvAIrxXZmnog+DOwG7vwjWcosEsX9qQJC7
Ho8X6+vHUENW9tpvlCmG+Nrci7T+p5s2DLUrq5gcmZkNGhCdjk3gMyeBjYgRTXUI
5KutV99z9qVO2wNB7HQz1/Q5Y5cB4Nr4Jw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDyDCCArCgAwIBAgIUUw9rlqc2DnJNFZ9gw/zRLPRQ4zMwDQYJKoZIhvcNAQEL
BQAwfDELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDzANBgNVBAcTBk90
dGF3YTESMBAGA1UEChMJTHVhIE5naW54MRowGAYDVQQLExFMdWEgTmdpbnggUm9v
dCBDQTEaMBgGA1UEAxMRTHVhIE5naW54IFJvb3QgQ0EwHhcNMjQwMzEwMTQxODAw
WhcNMjkwMzA5MTQxODAwWjB8MQswCQYDVQQGEwJDQTEQMA4GA1UECBMHT250YXJp
bzEPMA0GA1UEBxMGT3R0YXdhMRIwEAYDVQQKEwlMdWEgTmdpbngxGjAYBgNVBAsT
EUx1YSBOZ2lueCBSb290IENBMRowGAYDVQQDExFMdWEgTmdpbnggUm9vdCBDQTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOFPnbLvAgFfk8oZ/s9VBUie
h+wlELquwHhh+XX9w/JxMlvNzfDYyJhA90iZJ7PL88Byz/+/1Kjzw1mS7vypSGiN
u+NFt2Yp+BKuG/U327vh0yPgn1aOOtVpSjJyhhu585hJUkQNOHEJvzPy4Wo0EuxM
DNB7aPhhBhi4yUlTDj2N8756rm0TFn8xp+XDDjfW1XJWR51cIcDXkfRDGMAqTf5o
F4xZQtjubxz4zO3rUZ9nNxCFz9+9GENIgtlJFAeLbV/Xdd6G8Kqqa08mR/RZdV9V
7siSyDAeWoWsMnJOyX/TQdnQCfbnYpRhDtbi4mOkrW2Bf/SMb1uO0LRTec/rpBcC
AwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
BBYEFOnsOYUW8U3ak+h1LUisz1czYQo+MA0GCSqGSIb3DQEBCwUAA4IBAQDHySN4
lWLHa12vYPvRVLNeWq3RaHQfKc2F2PhHriGCegY4lyZJqfC0XGI4LBnJ5GK//D0B
Hb8jcbGyortGBEwGuqjuOMdv0HOWibqZ7LPZ98GegtAjAJWMp/sQXkIYiRM8hlNC
pl9Vp9vsnUjfCrMaLVkZCC2Nwixc5mhSeH0aYHxxFwqh88oWbXzW7xobcTaYx/1P
kPdCy+jiBMCZII7J1u/e1B0J1VFad+IVJpQW+DzVIzJz9ClNAsJZjx1BBwIJGGEZ
fS1XXw+HgGeH2cVFnThMy0PIvx70b//GxEoXwuJhL2+z/tNhRRBN2eMa2zrZS94k
z+yCDRXP/rDxf+b7
-----END CERTIFICATE-----
Loading
Loading