-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 2a:01:e0:a5:fb:80:10:00:00:00:02
- Signature Algorithm: ecdsa-with-SHA384
- Issuer: C=CA, L=Montreal, ST=Quebec, O=SAFE Inc., OU=Digital Certificate Signing, CN=SAFE Root CA 1
- Validity
- Not Before: Jan 20 17:19:55 2024 GMT
- Not After : Jun 7 17:19:55 2051 GMT
- Subject: C=CA, O=SAFE Inc., OU=Digital Certificate Signing, CN=SAFE Midle Ground CA (2024) - SHA384 - 3
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (4096 bit)
- Modulus:
- 00:d1:52:9b:dc:10:57:6d:9a:0e:09:5b:1b:aa:fb:
- 76:8c:65:b3:f2:ca:75:36:8f:c0:cb:82:d8:2f:5b:
- 0e:25:0c:5f:fc:18:94:41:87:5d:75:eb:92:ec:2a:
- 87:14:ec:5f:cc:f6:8f:bf:db:4e:a3:07:aa:ec:90:
- 3a:48:43:b9:01:84:42:fb:34:0b:06:5f:d8:e4:6d:
- e7:55:8f:f6:ad:98:c4:7d:6f:a8:39:de:f8:70:94:
- 71:f3:2f:24:1b:3b:ab:42:70:d8:6c:06:ef:81:af:
- fa:f7:68:77:66:0e:60:12:df:80:bb:b4:92:4a:1f:
- 3e:52:2d:f5:9a:e3:ba:26:d3:88:68:aa:11:88:0f:
- b8:be:7e:e3:d7:88:ce:86:09:1a:a3:2c:ce:74:c1:
- d7:d6:7a:c4:b5:04:1e:25:ef:b7:15:6a:16:27:4d:
- 0f:ed:af:46:fc:a0:57:a2:6d:fe:91:c3:c7:1f:87:
- 06:fe:5a:e2:a8:de:33:67:ae:6d:06:84:f2:15:1d:
- 9d:ff:11:cf:be:6f:a9:a5:13:13:0b:ef:67:19:1f:
- ea:a8:ed:f0:db:f2:1f:ba:8c:a5:1e:b3:54:b7:68:
- c3:37:85:db:01:2e:83:4d:e0:06:be:93:54:b0:dc:
- 31:23:98:15:b7:ec:b5:82:57:7a:7c:34:6c:3b:2b:
- 3b:fa:b3:12:9a:63:63:d9:54:fd:bf:a1:ee:3c:a4:
- 47:83:04:60:b9:9b:74:8f:f7:92:93:1d:f5:ea:98:
- 87:c4:c9:de:d6:b8:5f:bf:fc:2e:41:e0:55:38:65:
- 80:54:02:c6:d9:bd:7d:51:96:ba:55:ad:bf:01:ce:
- 31:21:54:1e:56:16:79:7b:97:1a:53:92:86:80:54:
- ef:e9:75:ad:21:45:37:82:54:52:ed:c3:37:8c:11:
- ab:63:dd:64:ae:15:b4:f5:cc:02:2f:61:ab:42:d6:
- c5:a1:c0:dd:19:ef:70:f1:7f:6d:31:af:4e:60:bb:
- 83:a1:f7:49:a5:de:94:dd:31:c1:74:4b:11:73:da:
- 4d:f4:4e:90:9e:ae:dd:c0:61:d6:6b:54:3f:3a:78:
- c3:8b:e4:0e:ba:c6:9c:f3:3f:fb:6c:34:7c:ff:3d:
- 65:d7:0b:ec:4c:19:37:51:37:c5:3b:34:7e:55:85:
- 10:82:33:30:7f:ff:95:63:5b:45:3c:45:90:34:fb:
- 1c:5e:ef:64:a3:a7:a8:58:0f:d0:97:6a:de:5a:8f:
- 29:51:6b:14:01:b1:ec:59:74:47:0e:d9:d0:1a:78:
- df:16:e5:fe:5b:8b:95:48:0f:26:20:58:ef:14:6a:
- 97:ca:c0:b3:7d:ac:7f:8a:6c:59:be:1b:fc:a0:47:
- e7:57:b1
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Key Usage: critical
- Certificate Sign, CRL Sign
- Authority Information Access:
- CA Issuers - URI:http://certificates.safe.ca/cacert/safeMDL.pem
- OCSP - URI:http://certificates/safe.ca/chkcertstats
- X509v3 Certificate Policies:
- Policy: 1.3.6.1.4.1.7438.1.1
- CPS: http://certificates.safe.ca/repository/
- Policy: 2.23.140.1.2.1
- X509v3 Basic Constraints: critical
- CA:TRUE, pathlen:0
- X509v3 CRL Distribution Points:
- Full Name:
- URI:http://certificates.safe.ca/repository/revoklist.pem
- X509v3 Subject Alternative Name:
- DNS:certificates.safe.ca, IP Address:192.219.254.53
- X509v3 Authority Key Identifier:
- 87:DD:FB:32:49:26:5E:13:F8:B7:F2:DF:EF:9C:F6:85:34:37:7A:D9
- X509v3 Subject Key Identifier:
- 9C:BE:0B:C0:22:76:F5:CF:BC:FD:78:9A:92:77:20:FE:BF:96:1E:D8
- Signature Algorithm: ecdsa-with-SHA384
- Signature Value:
- 30:46:02:21:00:ff:21:78:ff:d7:43:e7:9d:7d:dd:e6:f1:89:
- f9:39:8a:14:e0:46:ca:b2:f2:59:a1:09:70:a0:2d:8b:66:a1:
- 65:02:21:00:d6:cf:8e:54:06:f0:d3:4c:23:f6:9d:a7:d5:b7:
- 23:6d:b9:c8:18:15:63:a3:92:98:3c:dc:25:18:71:1c:74:68
+-----BEGIN CERTIFICATE-----
+MIIHYjCCBUqgAwIBAgILKgHgpfuAgAAAACgwDQYJKoZIhvcNAQEMBQAwejELMAkG
+A1UEBhMCQ0ExEjAQBgNVBAoMCVNBRkUgSW5jLjEkMCIGA1UECwwbRGlnaXRhbCBD
+ZXJ0aWZpY2F0ZSBTaWduaW5nMTEwLwYDVQQDDChTQUZFIE1pZGxlIEdyb3VuZCBD
+QSAoMjAyNCkgLSBTSEEzODQgLSAzMCAXDTI1MDQwNjExNTQ0NVoYDzIwNTAwNDA2
+MTE1NDQ1WjCBkDELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBlF1ZWJlYzERMA8GA1UE
+BwwITW9udHJlYWwxEjAQBgNVBAoMCVNBRkUgSW5jLjEqMCgGA1UECwwhTWFpbGxl
+dXIgZW1haWwgZGV2ZWxvcHBlbWVudCB0ZXN0MR0wGwYDVQQDDBRtYWlsbGV1ci5l
+eGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALJuNfeM
+6wcNofgQ/d2N2Z7Pn0s5Te6BXrNeomeBnrfsuLsIEl0HASO8PSSCp7CmsVZXbua5
+lY/7fxL97JFLgW3oj10zw+bbJGb18s0eho8jtjguRsmUzUy2N0FEX48INveQd5f2
+HYGoRJQjMKgZQby41FLZTFdF6h4uqGCbxzRtgWZdaPilZzFaSRQTfGiv0Ktu5Sza
+XLEgeP9LPB5agaCRZn+pbC3ftk+JU9tiQAHqq9ifHUtc3C2Vg3Oid8g/zv45ES6y
+OBc9vFBzUNAaW3aeRHZtyRRTYQUxpmYduqmIUrsoqbvePgU/EWvuFAsP8nlqPFbJ
+9ngP1S+Le60jdfNT57SrgsSN8YT4gj6XpoWEGPyJ5xKVye0oxWzYhN731f2oweYt
+VXUUnBtfiZEKWA7/kmcu8J7ESDAavh1kNbqHkq7XJF8IKDey7MlaNoRmHvKUc7x+
+gz4M2v+P6hwTlFPWcY+hUifFDzELfTqWI/XMv0qbjghaFexKa9slFiEsm1JNcdNs
+b1VjzCg3I1jPY904eSSrRvmWIGuxd7S48c8efq71i1uJmOXfcdG1Zs1vtsKPDnVZ
+4V/Pq7OHzm3BukRoeXCuCwcf1XozCxP9OZhbRhnkor/0BkgSAcf8yMwVgdYugj9+
+V7ioBthwgffDQkyvSHomOJbib/yz5p+4bysNAgMBAAGjggHOMIIByjAOBgNVHQ8B
+Af8EBAMCBaAwgYAGCCsGAQUFBwEBBHQwcjA6BggrBgEFBQcwAoYuaHR0cDovL2Nl
+cnRpZmljYXRlcy5zYWZlLmNhL2NhY2VydC9zYWZlTURMLnBlbTA0BggrBgEFBQcw
+AYYoaHR0cDovL2NlcnRpZmljYXRlcy9zYWZlLmNhL2Noa2NlcnRzdGF0czBTBgNV
+HSAETDBKMD8GCSsGAQQBug4BAjAyMDAGCCsGAQUFBwIBFiRodHRwOi8vY2VydGlm
+aWNhdGVzLnNhZmUuY2EvcG9saWNpZXMwBwYFZ4EMAQEwCQYDVR0TBAIwADBFBgNV
+HR8EPjA8MDqgOKA2hjRodHRwOi8vY2VydGlmaWNhdGVzLnNhZmUuY2EvcmVwb3Np
+dG9yeS9yZXZva2xpc3QucGVtMCUGA1UdEQQeMByCFG1haWxsZXVyLmV4YW1wbGUu
+Y29thwR/fwoZMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUH
+AwQwHQYDVR0OBBYEFIn8+ieFGnVwdLZHnCq2H5BYv8XBMB8GA1UdIwQYMBaAFJy+
+C8AidvXPvP14mpJ3IP6/lh7YMA0GCSqGSIb3DQEBDAUAA4ICAQBoIbYRYKbqMa+a
+MWS+iPlgF9dL1ZWozb0EECo9+WEl4USHXVOBR6XURjKo7/O+HDZxGXdK+BVDOMVh
+Ygl8HtYMcrmcl+vCzrbQFAt8AYwdBb9+KQmfE+LlHdiJeA74r4crlNzDJ5zN2zP3
+YHyaD6sJed1ftLJgVKWInHY/bsyRs6YTY2S+sC43nIDb4ZUREugKW72wuUnuzWw0
+ZO+FVznXL42ltk2Yj8UuLdWXi8xJhLopqelAtypW9A/LAtIv7F1MLGuI4bYByyxu
+yEmmLEjTgZwNbwfFVn5H9H0UgWLhKbYokX/b/Ed8f+H+nAirZCL4z7uPnnUeB6zd
+VoiVyoRCH7CQyjp7JABDRFc6g2f3FWUUv5aFOdlTbOPy3A/iu9cPgXEAFr0fgiuv
+9ytJBJ8c/ju72iapuotfcPRoo/yIS880R1TrOmVNJMdmYGFVA4EQpLMwPkDK6Azo
+JJ8OIFwf6mW9WyPNlfgcdO8lLFV62IXrM/6Yjs280W75OHFfi8sJLj14tDdLcGBg
+hfA0eOdMBUenukZYe0oujANfSeqoxIFOCMdQ4kOyItLLauZpcU6l9Uml/QMHJehD
+Lv36HfWcJJB9KedA+OWw6gKkxeU6+NCniDEaPY06/azNAmpKCNTdqaN2RSrRQzoX
+vnVQM0NmexymzA4NkFyFfWzMsFZERQ==
+-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFejCCBR+gAwIBAgILKgHgpfuAEAAAAAIwCgYIKoZIzj0EAwMwgYQxCzAJBgNV
BAYTAkNBMREwDwYDVQQHDAhNb250cmVhbDEPMA0GA1UECAwGUXVlYmVjMRIwEAYD
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 2a:01:e0:a5:fb:80:10:00:00:00:02
+ Signature Algorithm: ecdsa-with-SHA384
+ Issuer: C=CA, L=Montreal, ST=Quebec, O=SAFE Inc., OU=Digital Certificate Signing, CN=SAFE Root CA 1
+ Validity
+ Not Before: Jan 20 17:19:55 2024 GMT
+ Not After : Jun 7 17:19:55 2051 GMT
+ Subject: C=CA, O=SAFE Inc., OU=Digital Certificate Signing, CN=SAFE Midle Ground CA (2024) - SHA384 - 3
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (4096 bit)
+ Modulus:
+ 00:d1:52:9b:dc:10:57:6d:9a:0e:09:5b:1b:aa:fb:
+ 76:8c:65:b3:f2:ca:75:36:8f:c0:cb:82:d8:2f:5b:
+ 0e:25:0c:5f:fc:18:94:41:87:5d:75:eb:92:ec:2a:
+ 87:14:ec:5f:cc:f6:8f:bf:db:4e:a3:07:aa:ec:90:
+ 3a:48:43:b9:01:84:42:fb:34:0b:06:5f:d8:e4:6d:
+ e7:55:8f:f6:ad:98:c4:7d:6f:a8:39:de:f8:70:94:
+ 71:f3:2f:24:1b:3b:ab:42:70:d8:6c:06:ef:81:af:
+ fa:f7:68:77:66:0e:60:12:df:80:bb:b4:92:4a:1f:
+ 3e:52:2d:f5:9a:e3:ba:26:d3:88:68:aa:11:88:0f:
+ b8:be:7e:e3:d7:88:ce:86:09:1a:a3:2c:ce:74:c1:
+ d7:d6:7a:c4:b5:04:1e:25:ef:b7:15:6a:16:27:4d:
+ 0f:ed:af:46:fc:a0:57:a2:6d:fe:91:c3:c7:1f:87:
+ 06:fe:5a:e2:a8:de:33:67:ae:6d:06:84:f2:15:1d:
+ 9d:ff:11:cf:be:6f:a9:a5:13:13:0b:ef:67:19:1f:
+ ea:a8:ed:f0:db:f2:1f:ba:8c:a5:1e:b3:54:b7:68:
+ c3:37:85:db:01:2e:83:4d:e0:06:be:93:54:b0:dc:
+ 31:23:98:15:b7:ec:b5:82:57:7a:7c:34:6c:3b:2b:
+ 3b:fa:b3:12:9a:63:63:d9:54:fd:bf:a1:ee:3c:a4:
+ 47:83:04:60:b9:9b:74:8f:f7:92:93:1d:f5:ea:98:
+ 87:c4:c9:de:d6:b8:5f:bf:fc:2e:41:e0:55:38:65:
+ 80:54:02:c6:d9:bd:7d:51:96:ba:55:ad:bf:01:ce:
+ 31:21:54:1e:56:16:79:7b:97:1a:53:92:86:80:54:
+ ef:e9:75:ad:21:45:37:82:54:52:ed:c3:37:8c:11:
+ ab:63:dd:64:ae:15:b4:f5:cc:02:2f:61:ab:42:d6:
+ c5:a1:c0:dd:19:ef:70:f1:7f:6d:31:af:4e:60:bb:
+ 83:a1:f7:49:a5:de:94:dd:31:c1:74:4b:11:73:da:
+ 4d:f4:4e:90:9e:ae:dd:c0:61:d6:6b:54:3f:3a:78:
+ c3:8b:e4:0e:ba:c6:9c:f3:3f:fb:6c:34:7c:ff:3d:
+ 65:d7:0b:ec:4c:19:37:51:37:c5:3b:34:7e:55:85:
+ 10:82:33:30:7f:ff:95:63:5b:45:3c:45:90:34:fb:
+ 1c:5e:ef:64:a3:a7:a8:58:0f:d0:97:6a:de:5a:8f:
+ 29:51:6b:14:01:b1:ec:59:74:47:0e:d9:d0:1a:78:
+ df:16:e5:fe:5b:8b:95:48:0f:26:20:58:ef:14:6a:
+ 97:ca:c0:b3:7d:ac:7f:8a:6c:59:be:1b:fc:a0:47:
+ e7:57:b1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ Authority Information Access:
+ CA Issuers - URI:http://certificates.safe.ca/cacert/safeMDL.pem
+ OCSP - URI:http://certificates/safe.ca/chkcertstats
+ X509v3 Certificate Policies:
+ Policy: 1.3.6.1.4.1.7438.1.1
+ CPS: http://certificates.safe.ca/repository/
+ Policy: 2.23.140.1.2.1
+ X509v3 Basic Constraints: critical
+ CA:TRUE, pathlen:0
+ X509v3 CRL Distribution Points:
+ Full Name:
+ URI:http://certificates.safe.ca/repository/revoklist.pem
+ X509v3 Subject Alternative Name:
+ DNS:certificates.safe.ca, IP Address:192.219.254.53
+ X509v3 Authority Key Identifier:
+ 87:DD:FB:32:49:26:5E:13:F8:B7:F2:DF:EF:9C:F6:85:34:37:7A:D9
+ X509v3 Subject Key Identifier:
+ 9C:BE:0B:C0:22:76:F5:CF:BC:FD:78:9A:92:77:20:FE:BF:96:1E:D8
+ Signature Algorithm: ecdsa-with-SHA384
+ Signature Value:
+ 30:46:02:21:00:ff:21:78:ff:d7:43:e7:9d:7d:dd:e6:f1:89:
+ f9:39:8a:14:e0:46:ca:b2:f2:59:a1:09:70:a0:2d:8b:66:a1:
+ 65:02:21:00:d6:cf:8e:54:06:f0:d3:4c:23:f6:9d:a7:d5:b7:
+ 23:6d:b9:c8:18:15:63:a3:92:98:3c:dc:25:18:71:1c:74:68
+-----BEGIN CERTIFICATE-----
+MIIFejCCBR+gAwIBAgILKgHgpfuAEAAAAAIwCgYIKoZIzj0EAwMwgYQxCzAJBgNV
+BAYTAkNBMREwDwYDVQQHDAhNb250cmVhbDEPMA0GA1UECAwGUXVlYmVjMRIwEAYD
+VQQKDAlTQUZFIEluYy4xJDAiBgNVBAsMG0RpZ2l0YWwgQ2VydGlmaWNhdGUgU2ln
+bmluZzEXMBUGA1UEAwwOU0FGRSBSb290IENBIDEwIBcNMjQwMTIwMTcxOTU1WhgP
+MjA1MTA2MDcxNzE5NTVaMHoxCzAJBgNVBAYTAkNBMRIwEAYDVQQKDAlTQUZFIElu
+Yy4xJDAiBgNVBAsMG0RpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzExMC8GA1UE
+AwwoU0FGRSBNaWRsZSBHcm91bmQgQ0EgKDIwMjQpIC0gU0hBMzg0IC0gMzCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANFSm9wQV22aDglbG6r7doxls/LK
+dTaPwMuC2C9bDiUMX/wYlEGHXXXrkuwqhxTsX8z2j7/bTqMHquyQOkhDuQGEQvs0
+CwZf2ORt51WP9q2YxH1vqDne+HCUcfMvJBs7q0Jw2GwG74Gv+vdod2YOYBLfgLu0
+kkofPlIt9ZrjuibTiGiqEYgPuL5+49eIzoYJGqMsznTB19Z6xLUEHiXvtxVqFidN
+D+2vRvygV6Jt/pHDxx+HBv5a4qjeM2eubQaE8hUdnf8Rz75vqaUTEwvvZxkf6qjt
+8NvyH7qMpR6zVLdowzeF2wEug03gBr6TVLDcMSOYFbfstYJXenw0bDsrO/qzEppj
+Y9lU/b+h7jykR4MEYLmbdI/3kpMd9eqYh8TJ3ta4X7/8LkHgVThlgFQCxtm9fVGW
+ulWtvwHOMSFUHlYWeXuXGlOShoBU7+l1rSFFN4JUUu3DN4wRq2PdZK4VtPXMAi9h
+q0LWxaHA3RnvcPF/bTGvTmC7g6H3SaXelN0xwXRLEXPaTfROkJ6u3cBh1mtUPzp4
+w4vkDrrGnPM/+2w0fP89ZdcL7EwZN1E3xTs0flWFEIIzMH//lWNbRTxFkDT7HF7v
+ZKOnqFgP0Jdq3lqPKVFrFAGx7Fl0Rw7Z0Bp43xbl/luLlUgPJiBY7xRql8rAs32s
+f4psWb4b/KBH51exAgMBAAGjggGyMIIBrjAOBgNVHQ8BAf8EBAMCAQYwgYAGCCsG
+AQUFBwEBBHQwcjA6BggrBgEFBQcwAoYuaHR0cDovL2NlcnRpZmljYXRlcy5zYWZl
+LmNhL2NhY2VydC9zYWZlTURMLnBlbTA0BggrBgEFBQcwAYYoaHR0cDovL2NlcnRp
+ZmljYXRlcy9zYWZlLmNhL2Noa2NlcnRzdGF0czBXBgNVHSAEUDBOMEIGCSsGAQQB
+ug4BATA1MDMGCCsGAQUFBwIBFidodHRwOi8vY2VydGlmaWNhdGVzLnNhZmUuY2Ev
+cmVwb3NpdG9yeS8wCAYGZ4EMAQIBMBIGA1UdEwEB/wQIMAYBAf8CAQAwRQYDVR0f
+BD4wPDA6oDigNoY0aHR0cDovL2NlcnRpZmljYXRlcy5zYWZlLmNhL3JlcG9zaXRv
+cnkvcmV2b2tsaXN0LnBlbTAlBgNVHREEHjAcghRjZXJ0aWZpY2F0ZXMuc2FmZS5j
+YYcEwNv+NTAfBgNVHSMEGDAWgBSH3fsySSZeE/i38t/vnPaFNDd62TAdBgNVHQ4E
+FgQUnL4LwCJ29c+8/Xiakncg/r+WHtgwCgYIKoZIzj0EAwMDSQAwRgIhAP8heP/X
+Q+edfd3m8Yn5OYoU4EbKsvJZoQlwoC2LZqFlAiEA1s+OVAbw00wj9p2n1bcjbbnI
+GBVjo5KYPNwlGHEcdGg=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICyjCCAnCgAwIBAgIUAtMkWFCaY2IBnHeZJh0H1JpvuDEwCgYIKoZIzj0EAwMw
+gYQxCzAJBgNVBAYTAkNBMREwDwYDVQQHDAhNb250cmVhbDEPMA0GA1UECAwGUXVl
+YmVjMRIwEAYDVQQKDAlTQUZFIEluYy4xJDAiBgNVBAsMG0RpZ2l0YWwgQ2VydGlm
+aWNhdGUgU2lnbmluZzEXMBUGA1UEAwwOU0FGRSBSb290IENBIDEwHhcNMjEwNDI1
+MTMyNjU1WhcNNDEwNDI1MTMyNjU1WjCBhDELMAkGA1UEBhMCQ0ExETAPBgNVBAcM
+CE1vbnRyZWFsMQ8wDQYDVQQIDAZRdWViZWMxEjAQBgNVBAoMCVNBRkUgSW5jLjEk
+MCIGA1UECwwbRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMRcwFQYDVQQDDA5T
+QUZFIFJvb3QgQ0EgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCu6gm4DFOju
+mx0L44Do7x9o/bVNJFCdegQHudHDcNuqyRDDPX8moIgiIVE5/VEQjmcxnlyyvmCU
+AXV+w++zrGyjgb0wgbowDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
+HQYDVR0OBBYEFIfd+zJJJl4T+Lfy3++c9oU0N3rZMB8GA1UdIwQYMBaAFIfd+zJJ
+Jl4T+Lfy3++c9oU0N3rZMFcGA1UdIARQME4wQgYJKwYBBAG6DgEBMDUwMwYIKwYB
+BQUHAgEWJ2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuc2FmZS5jYS9yZXBvc2l0b3J5LzAI
+BgZngQwBAgEwCgYIKoZIzj0EAwMDSAAwRQIgUEMNNezsU248dE57Uz/fLdRdiioL
+eiHEbpMEcLW1dCoCIQCmbpV3cp0OvPAVX7cCzOGssT31ppkBIzA6dgNr7qyS+g==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICyjCCAnCgAwIBAgIUAtMkWFCaY2IBnHeZJh0H1JpvuDEwCgYIKoZIzj0EAwMw
+gYQxCzAJBgNVBAYTAkNBMREwDwYDVQQHDAhNb250cmVhbDEPMA0GA1UECAwGUXVl
+YmVjMRIwEAYDVQQKDAlTQUZFIEluYy4xJDAiBgNVBAsMG0RpZ2l0YWwgQ2VydGlm
+aWNhdGUgU2lnbmluZzEXMBUGA1UEAwwOU0FGRSBSb290IENBIDEwHhcNMjEwNDI1
+MTMyNjU1WhcNNDEwNDI1MTMyNjU1WjCBhDELMAkGA1UEBhMCQ0ExETAPBgNVBAcM
+CE1vbnRyZWFsMQ8wDQYDVQQIDAZRdWViZWMxEjAQBgNVBAoMCVNBRkUgSW5jLjEk
+MCIGA1UECwwbRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMRcwFQYDVQQDDA5T
+QUZFIFJvb3QgQ0EgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCu6gm4DFOju
+mx0L44Do7x9o/bVNJFCdegQHudHDcNuqyRDDPX8moIgiIVE5/VEQjmcxnlyyvmCU
+AXV+w++zrGyjgb0wgbowDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
+HQYDVR0OBBYEFIfd+zJJJl4T+Lfy3++c9oU0N3rZMB8GA1UdIwQYMBaAFIfd+zJJ
+Jl4T+Lfy3++c9oU0N3rZMFcGA1UdIARQME4wQgYJKwYBBAG6DgEBMDUwMwYIKwYB
+BQUHAgEWJ2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuc2FmZS5jYS9yZXBvc2l0b3J5LzAI
+BgZngQwBAgEwCgYIKoZIzj0EAwMDSAAwRQIgUEMNNezsU248dE57Uz/fLdRdiioL
+eiHEbpMEcLW1dCoCIQCmbpV3cp0OvPAVX7cCzOGssT31ppkBIzA6dgNr7qyS+g==
+-----END CERTIFICATE-----
case false :
break;
}
+ (void) tls_verify(soc->tls);
}
peerip=rou_freestr(peerip);
}
*/
/********************************************************/
/* */
-/* Procedure to verify remote certificate */
-/* */
-/********************************************************/
-static int verify(TLSTYP *tls)
-
-{
-#define OPEP "unitls.c:verify"
-X509 *peer;
-int ok;
-int phase;
-_Bool proceed;
-
-peer=(X509 *)0;
-ok=false;
-phase=0;
-proceed=true;
-while (proceed==true) {
- switch (phase) {
- case 0 : //get remote certificate
- if ((peer=SSL_get_peer_certificate(tls->ssl))==(X509 *)0) {
- char msg[200];
-
- (void) snprintf(msg,sizeof(msg),"%s, Unable to get certificate "
- "from remote [%s]",
- OPEP,tls->peerip);
- (void) showtlserror(tls,0,msg);
- phase=999; //no need to go furter
- }
- break;
- case 1 : //displaying certificate
- if (peer!=(X509 *)0) { //always
- char *line;
-
- line=X509_NAME_oneline(X509_get_subject_name(peer),0,0);
- (void) rou_alert(2,"Certificate subject=<%s>",line);
- (void) free(line);
- line=X509_NAME_oneline(X509_get_issuer_name(peer),0,0);
- (void) rou_alert(2,"Certificate issuer=<%s>",line);
- (void) free(line);
- }
- break;
- case 3 : { //verifying certificate
- int verif;
-
- verif=SSL_get_verify_result(tls->ssl);
- switch (verif) {
- default :
- (void) rou_alert(0,"%s, Remote certificate status='%d'",OPEP,verif);
- break;
- }
- }
- break;
- case 2 : //everything is fine
- (void) X509_free(peer);
- ok=true;
- break;
- default : //SAFE Guard
- proceed=false;
- break;
- }
- phase++;
- }
-return ok;
-#undef OPEP
-}
-/*
-^L
-*/
-/********************************************************/
-/* */
/* Procedure to open an SSL channel */
/* */
/********************************************************/
static int set_certificate(TLSTYP *tls)
{
-#define OPEP "unitls.c:set_link_certificate"
+#define OPEP "unitls.c:set_certificate"
int done;
int mode;
const char *certpub[3];
done=false;
mode=SSL_VERIFY_NONE;
+//mode=SSL_VERIFY_PEER;
certpub[0]="./certs/safe_CA.pem"; //default and debugging certificats
//Default debugging server certificate
certpub[1]="./certs/mailleur_server_cert_x509.pem";
}
break;
case 1 : //loading default CA verify dir
+ phase++;
if (SSL_CTX_set_default_verify_paths(tls->ctx)==0) {
(void) showtlserror(tls,0,"Unable to verify default path");
phase=999; //no need to go furter
*/
/********************************************************/
/* */
+/* Procedure to verify remote certificate */
+/* */
+/********************************************************/
+PUBLIC _Bool tls_verify(TLSTYP *tls)
+
+{
+#define OPEP "unitls.c:tls_verify,"
+X509 *peer;
+_Bool ok;
+int phase;
+_Bool proceed;
+
+peer=(X509 *)0;
+ok=false;
+phase=0;
+proceed=true;
+while (proceed==true) {
+ switch (phase) {
+ case 0 : //get remote certificate
+ if ((peer=SSL_get_peer_certificate(tls->ssl))==(X509 *)0) {
+ char msg[200];
+
+ (void) snprintf(msg,sizeof(msg),"%s, Unable to get certificate "
+ "from remote [%s]",
+ OPEP,tls->peerip);
+ (void) showtlserror(tls,0,msg);
+ phase=999; //no need to go furter
+ }
+ break;
+ case 1 : //displaying certificate
+ if (peer!=(X509 *)0) { //always
+ char *line;
+
+ line=X509_NAME_oneline(X509_get_subject_name(peer),0,0);
+ (void) rou_alert(2,"Certificate subject=<%s>",line);
+ (void) free(line);
+ line=X509_NAME_oneline(X509_get_issuer_name(peer),0,0);
+ (void) rou_alert(2,"Certificate issuer=<%s>",line);
+ (void) free(line);
+ }
+ break;
+ case 3 : { //verifying certificate
+ int verif;
+
+ verif=SSL_get_verify_result(tls->ssl);
+ switch (verif) {
+ default :
+ (void) rou_alert(0,"%s, Remote certificate status='%d'",OPEP,verif);
+ break;
+ }
+ }
+ break;
+ case 2 : //everything is fine
+ (void) X509_free(peer);
+ ok=true;
+ break;
+ default : //SAFE Guard
+ proceed=false;
+ break;
+ }
+ phase++;
+ }
+return ok;
+#undef OPEP
+}
+/*
+^L
+*/
+/********************************************************/
+/* */
/* Procedure to open an SSL channel */
/* */
/********************************************************/
}
break;
case 4 : //Setting the TLS channel actif
- (void) verify(tls);
proceed=false;
break;
default : //SAFE guard
SSL *ssl; //SSL link
}TLSTYP;
+//procedure to verify certificate linked to TLS channel
+extern _Bool tls_verify(TLSTYP *tls);
+
//procedure to open an tls channel
extern TLSTYP *tls_opentls(int handle,_Bool server);
vps2: / jmp / mailleur / commitdiff