From 0bcc81bb64b51f91a98d41e925d8c33b5136132a Mon Sep 17 00:00:00 2001 From: "Jean-Marc Pigeon (Delson)" Date: Sun, 4 May 2025 07:43:50 -0400 Subject: [PATCH] Improving certificate exchange --- app/feeder.c | 9 +- ...{localhost_cert.pem => localhost-cert.pem} | 0 certs/localhost-chain-cert.pem | 257 ++++++++++++++++++ .../{localhost_key.pem => localhost-key.pem} | 0 ...x509.pem => mailleur_server-cert_x509.pem} | 0 certs/mailleur_server-chain-cert_x509.pem | 257 ++++++++++++++++++ ...server_key.pem => mailleur_server-key.pem} | 0 certs/root-safe_CA.pem | 58 ++++ certs/{safe_CA.pem.ref => safeMDL.pem} | 17 -- certs/safe_CA.pem | 91 ------- certs/xx | 17 -- lib/devsoc.c | 15 +- lib/devsoc.h | 5 +- lib/lvleml.c | 3 +- lib/unitls.c | 46 ++-- lib/unitls.h | 2 +- 16 files changed, 613 insertions(+), 164 deletions(-) rename certs/{localhost_cert.pem => localhost-cert.pem} (100%) create mode 100644 certs/localhost-chain-cert.pem rename certs/{localhost_key.pem => localhost-key.pem} (100%) rename certs/{mailleur_server_cert_x509.pem => mailleur_server-cert_x509.pem} (100%) create mode 100644 certs/mailleur_server-chain-cert_x509.pem rename certs/{mailleur_server_key.pem => mailleur_server-key.pem} (100%) create mode 100644 certs/root-safe_CA.pem rename certs/{safe_CA.pem.ref => safeMDL.pem} (85%) delete mode 100644 certs/safe_CA.pem delete mode 100644 certs/xx diff --git a/app/feeder.c b/app/feeder.c index 2ae80a2..32239fe 100644 --- a/app/feeder.c +++ b/app/feeder.c @@ -26,6 +26,13 @@ static char titre[100]; //test title static char testname[100]; //dest description + +//default and debugging certificate for client/feeder mode +static const char *fdr_certs[3]={ + "./certs/localhost-key.pem", + "./certs/localhost-chain-cert.pem", + "./certs/root-safe_CA.pem" //safe root certificate + }; /* */ @@ -124,7 +131,7 @@ while (proceed==true) { } break; case 3 : //initiating TLS-Crypted in client mode - if (soc_starttls(socptr,false)==false) + if (soc_starttls(socptr,false,fdr_certs)==false) phase=999; break; case 4 : //eveythin is fine SOC in crypted mode diff --git a/certs/localhost_cert.pem b/certs/localhost-cert.pem similarity index 100% rename from certs/localhost_cert.pem rename to certs/localhost-cert.pem diff --git a/certs/localhost-chain-cert.pem b/certs/localhost-chain-cert.pem new file mode 100644 index 0000000..89ac0c5 --- /dev/null +++ b/certs/localhost-chain-cert.pem @@ -0,0 +1,257 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2a:01:e0:a5:fb:80:80:00:00:00:29 + Signature Algorithm: sha384WithRSAEncryption + Issuer: C=CA, O=SAFE Inc., OU=Digital Certificate Signing, CN=SAFE Midle Ground CA (2024) - SHA384 - 3 + Validity + Not Before: Apr 6 13:59:06 2025 GMT + Not After : Apr 6 13:59:06 2050 GMT + Subject: C=CA, ST=Quebec, L=Montreal, O=SAFE Inc., OU=Mailleur email developpement test, CN=localhost.localdomain + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:ba:5f:35:d2:04:d5:f4:da:f0:b1:99:6f:f3:42: + 42:0e:59:8d:7b:6c:24:97:6d:24:df:e8:fa:83:7c: + ae:92:fd:d1:58:1c:14:7e:20:71:5e:44:5a:b0:e8: + 7a:ce:45:33:95:aa:27:ef:52:fe:bd:5a:23:7b:4f: + 8b:24:4d:0b:f7:9c:99:25:b8:b9:af:8c:46:f7:a9: + 6c:18:ff:39:7c:a9:ff:9a:f5:f0:d7:d7:ca:dc:6c: + 5d:c7:09:02:83:87:37:1a:2f:f7:05:b8:39:af:9f: + ab:24:3b:24:48:e6:72:af:36:10:0d:c6:dc:bd:c2: + de:05:4f:4a:fd:d8:5b:35:24:b9:bc:ce:ab:37:3a: + f9:ff:2d:44:c2:33:f2:52:4a:36:5c:5f:80:a7:cd: + f7:1b:6d:55:b7:d6:13:25:72:d5:55:4d:54:ff:a1: + 1e:7d:85:8b:e0:e2:16:d1:d1:22:21:07:99:ad:9a: + 51:25:02:71:7b:56:e5:77:16:07:18:c6:fd:de:c4: + e0:e5:55:01:78:f6:3c:53:ab:35:1d:44:f8:26:af: + c3:11:a2:2d:63:73:29:c5:bd:b4:17:f7:83:7e:0d: + d9:0a:d9:a1:27:f2:7c:bc:ee:95:76:68:ec:c4:7f: + 35:64:44:d4:6d:43:46:99:40:52:cd:b4:c0:11:3a: + d7:ab:7c:cf:87:b5:41:32:a4:23:2d:3f:cc:fa:b2: + 6b:5b:dd:a5:58:14:7a:24:cb:3a:26:04:49:8f:07: + 8b:5b:d0:be:c2:ee:24:de:d1:74:cb:04:48:be:f9: + 74:5a:17:52:1e:0e:c0:ea:02:d1:7a:1e:e7:a2:95: + b4:77:1a:96:6d:34:80:78:85:0f:84:e6:3b:60:27: + 75:5d:33:60:6d:6b:d9:da:b9:af:a9:cf:bc:ae:c3: + 29:ca:a3:1b:4f:3b:7f:fa:ba:d6:01:f0:07:3f:7d: + 00:45:e6:6e:7f:aa:67:ad:90:db:1d:2a:eb:e4:be: + 43:13:5e:2e:dc:de:a1:36:fd:20:90:1f:ac:8c:3c: + c9:0e:32:96:ef:a8:19:1d:30:87:d1:f2:42:c7:55: + e7:46:24:9c:d2:4a:1f:42:01:f7:eb:68:5f:d6:b5: + 9a:3a:e2:51:90:94:59:9d:bc:83:dd:d8:89:e9:34: + af:d6:43:66:8f:87:85:2b:c6:b1:43:b6:09:92:ba: + f4:e3:d6:3b:c1:5b:2d:76:cd:56:ac:7f:bb:fb:60: + 30:a5:13:76:73:35:5e:67:df:dd:c5:fe:ab:e5:4f: + dd:80:56:19:a6:e0:d8:53:b2:20:5c:5c:34:2f:a1: + 31:0b:12:27:71:b6:ea:5b:2e:fa:a3:88:2f:f7:24: + 5b:93:0d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + Authority Information Access: + CA Issuers - URI:http://certificates.safe.ca/cacert/safeMDL.pem + OCSP - URI:http://certificates/safe.ca/chkcertstats + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.7438.1.2 + CPS: http://certificates.safe.ca/policies + Policy: 2.23.140.1.1 + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + Full Name: + URI:http://certificates.safe.ca/repository/revoklist.pem + X509v3 Subject Alternative Name: + DNS:localhost.localdomain, IP Address:127.127.0.1 + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication, E-mail Protection + X509v3 Subject Key Identifier: + 2D:BD:65:E1:4E:2B:7D:E0:80:3E:D2:66:6E:ED:81:87:4A:52:CD:6C + X509v3 Authority Key Identifier: + 9C:BE:0B:C0:22:76:F5:CF:BC:FD:78:9A:92:77:20:FE:BF:96:1E:D8 + Signature Algorithm: sha384WithRSAEncryption + Signature Value: + ac:e8:1e:50:ec:0e:b8:02:c6:ac:70:19:ee:37:7f:53:24:69: + cc:ca:6e:34:6b:9b:14:cf:71:67:bb:7d:f9:60:a7:92:59:9b: + de:56:8b:86:9a:8e:59:da:ad:4a:90:a4:2e:2d:c4:a0:17:01: + 18:84:c4:dd:5c:93:97:dd:d9:ad:d4:0d:63:33:3b:4e:3f:24: + 0e:6c:13:6c:3f:3b:5e:ca:27:a1:5a:1c:30:e4:eb:da:d0:e5: + b1:4f:ce:fb:c4:8c:76:da:e6:f6:00:a5:03:58:9b:6d:79:84: + 92:2c:10:66:96:b9:7f:73:57:97:7e:6a:f2:74:d3:ac:0a:3e: + b2:11:c4:f5:1e:4d:87:1f:8e:6d:29:ed:ef:97:8f:70:f7:37: + 61:3e:ae:4a:d6:6d:6e:80:c5:bb:de:9b:bd:06:bb:a8:94:28: + ed:f6:c9:4a:7f:e2:9a:44:e1:96:07:25:60:74:19:d1:fb:86: + 32:16:1c:c4:99:dd:de:ab:fe:7a:88:af:8e:3a:fa:36:c3:92: + b3:82:ba:50:18:02:42:2c:b4:6a:d2:ba:a3:8e:fb:72:6a:d1: + 8a:b4:3f:b3:9e:27:90:18:b8:50:04:b8:1e:14:d6:e1:98:ff: + ed:78:5d:5e:76:b0:6e:8d:e0:ea:e3:00:5e:c7:f3:eb:ed:71: + c6:c0:de:f1:e2:bb:03:14:f1:27:0f:a6:2e:6c:38:0a:ca:3e: + ef:e1:4c:d8:a4:dc:7d:6a:ec:e5:3e:b5:a7:53:7b:2a:32:76: + da:a8:e1:1b:8c:76:6b:8b:b8:75:51:65:25:e0:c2:31:c7:0b: + b1:a6:a2:10:b7:45:4d:fc:69:67:84:c6:81:c8:e7:5e:b8:fc: + fb:8d:64:e3:28:dc:b3:41:be:8e:58:7a:8e:9e:89:ee:51:f1: + bf:5e:82:a6:29:a8:98:fe:ef:fb:7c:70:f7:8c:ee:4e:07:47: + 10:4e:75:ad:21:a2:ad:9a:4e:e7:3a:01:2e:bc:81:63:b7:7c: + 4c:ea:32:4c:12:78:20:81:9d:f2:8d:5f:1f:4b:82:67:55:1f: + 95:ff:d8:7f:5b:50:74:fd:18:4c:74:3e:4e:cf:5b:26:d6:73: + 29:ea:dd:9b:a0:a5:0b:5d:5e:0d:36:fd:f5:d1:d0:91:9a:6e: + 81:b9:4a:93:d7:94:bb:75:e5:fa:ff:9f:5f:1e:f4:d3:63:9e: + 09:03:00:b5:aa:77:0d:9f:2f:25:41:99:f3:52:04:08:3d:f4: + d5:ab:37:3a:0c:1b:fe:db:66:45:8b:b3:88:7e:1d:9c:98:98: + a7:f7:00:30:06:78:f6:0e:ea:aa:e6:24:3d:3f:31:39:80:3e: + a8:74:a2:1e:42:51:d7:13 +-----BEGIN CERTIFICATE----- +MIIHZDCCBUygAwIBAgILKgHgpfuAgAAAACkwDQYJKoZIhvcNAQEMBQAwejELMAkG +A1UEBhMCQ0ExEjAQBgNVBAoMCVNBRkUgSW5jLjEkMCIGA1UECwwbRGlnaXRhbCBD +ZXJ0aWZpY2F0ZSBTaWduaW5nMTEwLwYDVQQDDChTQUZFIE1pZGxlIEdyb3VuZCBD +QSAoMjAyNCkgLSBTSEEzODQgLSAzMCAXDTI1MDQwNjEzNTkwNloYDzIwNTAwNDA2 +MTM1OTA2WjCBkTELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBlF1ZWJlYzERMA8GA1UE +BwwITW9udHJlYWwxEjAQBgNVBAoMCVNBRkUgSW5jLjEqMCgGA1UECwwhTWFpbGxl +dXIgZW1haWwgZGV2ZWxvcHBlbWVudCB0ZXN0MR4wHAYDVQQDDBVsb2NhbGhvc3Qu +bG9jYWxkb21haW4wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6XzXS +BNX02vCxmW/zQkIOWY17bCSXbSTf6PqDfK6S/dFYHBR+IHFeRFqw6HrORTOVqifv +Uv69WiN7T4skTQv3nJkluLmvjEb3qWwY/zl8qf+a9fDX18rcbF3HCQKDhzcaL/cF +uDmvn6skOyRI5nKvNhANxty9wt4FT0r92Fs1JLm8zqs3Ovn/LUTCM/JSSjZcX4Cn +zfcbbVW31hMlctVVTVT/oR59hYvg4hbR0SIhB5mtmlElAnF7VuV3FgcYxv3exODl +VQF49jxTqzUdRPgmr8MRoi1jcynFvbQX94N+DdkK2aEn8ny87pV2aOzEfzVkRNRt +Q0aZQFLNtMAROterfM+HtUEypCMtP8z6smtb3aVYFHokyzomBEmPB4tb0L7C7iTe +0XTLBEi++XRaF1IeDsDqAtF6HueilbR3GpZtNIB4hQ+E5jtgJ3VdM2Bta9naua+p +z7yuwynKoxtPO3/6utYB8Ac/fQBF5m5/qmetkNsdKuvkvkMTXi7c3qE2/SCQH6yM +PMkOMpbvqBkdMIfR8kLHVedGJJzSSh9CAffraF/WtZo64lGQlFmdvIPd2InpNK/W +Q2aPh4UrxrFDtgmSuvTj1jvBWy12zVasf7v7YDClE3ZzNV5n393F/qvlT92AVhmm +4NhTsiBcXDQvoTELEidxtupbLvqjiC/3JFuTDQIDAQABo4IBzzCCAcswDgYDVR0P +AQH/BAQDAgWgMIGABggrBgEFBQcBAQR0MHIwOgYIKwYBBQUHMAKGLmh0dHA6Ly9j +ZXJ0aWZpY2F0ZXMuc2FmZS5jYS9jYWNlcnQvc2FmZU1ETC5wZW0wNAYIKwYBBQUH +MAGGKGh0dHA6Ly9jZXJ0aWZpY2F0ZXMvc2FmZS5jYS9jaGtjZXJ0c3RhdHMwUwYD +VR0gBEwwSjA/BgkrBgEEAboOAQIwMjAwBggrBgEFBQcCARYkaHR0cDovL2NlcnRp +ZmljYXRlcy5zYWZlLmNhL3BvbGljaWVzMAcGBWeBDAEBMAkGA1UdEwQCMAAwRQYD +VR0fBD4wPDA6oDigNoY0aHR0cDovL2NlcnRpZmljYXRlcy5zYWZlLmNhL3JlcG9z +aXRvcnkvcmV2b2tsaXN0LnBlbTAmBgNVHREEHzAdghVsb2NhbGhvc3QubG9jYWxk +b21haW6HBH9/AAEwJwYDVR0lBCAwHgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEF +BQcDBDAdBgNVHQ4EFgQULb1l4U4rfeCAPtJmbu2Bh0pSzWwwHwYDVR0jBBgwFoAU +nL4LwCJ29c+8/Xiakncg/r+WHtgwDQYJKoZIhvcNAQEMBQADggIBAKzoHlDsDrgC +xqxwGe43f1MkaczKbjRrmxTPcWe7fflgp5JZm95Wi4aajlnarUqQpC4txKAXARiE +xN1ck5fd2a3UDWMzO04/JA5sE2w/O17KJ6FaHDDk69rQ5bFPzvvEjHba5vYApQNY +m215hJIsEGaWuX9zV5d+avJ006wKPrIRxPUeTYcfjm0p7e+Xj3D3N2E+rkrWbW6A +xbvem70Gu6iUKO32yUp/4ppE4ZYHJWB0GdH7hjIWHMSZ3d6r/nqIr446+jbDkrOC +ulAYAkIstGrSuqOO+3Jq0Yq0P7OeJ5AYuFAEuB4U1uGY/+14XV52sG6N4OrjAF7H +8+vtccbA3vHiuwMU8ScPpi5sOArKPu/hTNik3H1q7OU+tadTeyoydtqo4RuMdmuL +uHVRZSXgwjHHC7GmohC3RU38aWeExoHI5164/PuNZOMo3LNBvo5Yeo6eie5R8b9e +gqYpqJj+7/t8cPeM7k4HRxBOda0hoq2aTuc6AS68gWO3fEzqMkwSeCCBnfKNXx9L +gmdVH5X/2H9bUHT9GEx0Pk7PWybWcynq3ZugpQtdXg02/fXR0JGaboG5SpPXlLt1 +5fr/n18e9NNjngkDALWqdw2fLyVBmfNSBAg99NWrNzoMG/7bZkWLs4h+HZyYmKf3 +ADAGePYO6qrmJD0/MTmAPqh0oh5CUdcT +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2a:01:e0:a5:fb:80:10:00:00:00:02 + Signature Algorithm: ecdsa-with-SHA384 + Issuer: C=CA, L=Montreal, ST=Quebec, O=SAFE Inc., OU=Digital Certificate Signing, CN=SAFE Root CA 1 + Validity + Not Before: Jan 20 17:19:55 2024 GMT + Not After : Jun 7 17:19:55 2051 GMT + Subject: C=CA, O=SAFE Inc., OU=Digital Certificate Signing, CN=SAFE Midle Ground CA (2024) - SHA384 - 3 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:d1:52:9b:dc:10:57:6d:9a:0e:09:5b:1b:aa:fb: + 76:8c:65:b3:f2:ca:75:36:8f:c0:cb:82:d8:2f:5b: + 0e:25:0c:5f:fc:18:94:41:87:5d:75:eb:92:ec:2a: + 87:14:ec:5f:cc:f6:8f:bf:db:4e:a3:07:aa:ec:90: + 3a:48:43:b9:01:84:42:fb:34:0b:06:5f:d8:e4:6d: + e7:55:8f:f6:ad:98:c4:7d:6f:a8:39:de:f8:70:94: + 71:f3:2f:24:1b:3b:ab:42:70:d8:6c:06:ef:81:af: + fa:f7:68:77:66:0e:60:12:df:80:bb:b4:92:4a:1f: + 3e:52:2d:f5:9a:e3:ba:26:d3:88:68:aa:11:88:0f: + b8:be:7e:e3:d7:88:ce:86:09:1a:a3:2c:ce:74:c1: + d7:d6:7a:c4:b5:04:1e:25:ef:b7:15:6a:16:27:4d: + 0f:ed:af:46:fc:a0:57:a2:6d:fe:91:c3:c7:1f:87: + 06:fe:5a:e2:a8:de:33:67:ae:6d:06:84:f2:15:1d: + 9d:ff:11:cf:be:6f:a9:a5:13:13:0b:ef:67:19:1f: + ea:a8:ed:f0:db:f2:1f:ba:8c:a5:1e:b3:54:b7:68: + c3:37:85:db:01:2e:83:4d:e0:06:be:93:54:b0:dc: + 31:23:98:15:b7:ec:b5:82:57:7a:7c:34:6c:3b:2b: + 3b:fa:b3:12:9a:63:63:d9:54:fd:bf:a1:ee:3c:a4: + 47:83:04:60:b9:9b:74:8f:f7:92:93:1d:f5:ea:98: + 87:c4:c9:de:d6:b8:5f:bf:fc:2e:41:e0:55:38:65: + 80:54:02:c6:d9:bd:7d:51:96:ba:55:ad:bf:01:ce: + 31:21:54:1e:56:16:79:7b:97:1a:53:92:86:80:54: + ef:e9:75:ad:21:45:37:82:54:52:ed:c3:37:8c:11: + ab:63:dd:64:ae:15:b4:f5:cc:02:2f:61:ab:42:d6: + c5:a1:c0:dd:19:ef:70:f1:7f:6d:31:af:4e:60:bb: + 83:a1:f7:49:a5:de:94:dd:31:c1:74:4b:11:73:da: + 4d:f4:4e:90:9e:ae:dd:c0:61:d6:6b:54:3f:3a:78: + c3:8b:e4:0e:ba:c6:9c:f3:3f:fb:6c:34:7c:ff:3d: + 65:d7:0b:ec:4c:19:37:51:37:c5:3b:34:7e:55:85: + 10:82:33:30:7f:ff:95:63:5b:45:3c:45:90:34:fb: + 1c:5e:ef:64:a3:a7:a8:58:0f:d0:97:6a:de:5a:8f: + 29:51:6b:14:01:b1:ec:59:74:47:0e:d9:d0:1a:78: + df:16:e5:fe:5b:8b:95:48:0f:26:20:58:ef:14:6a: + 97:ca:c0:b3:7d:ac:7f:8a:6c:59:be:1b:fc:a0:47: + e7:57:b1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Authority Information Access: + CA Issuers - URI:http://certificates.safe.ca/cacert/safeMDL.pem + OCSP - URI:http://certificates/safe.ca/chkcertstats + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.7438.1.1 + CPS: http://certificates.safe.ca/repository/ + Policy: 2.23.140.1.2.1 + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 CRL Distribution Points: + Full Name: + URI:http://certificates.safe.ca/repository/revoklist.pem + X509v3 Subject Alternative Name: + DNS:certificates.safe.ca, IP Address:192.219.254.53 + X509v3 Authority Key Identifier: + 87:DD:FB:32:49:26:5E:13:F8:B7:F2:DF:EF:9C:F6:85:34:37:7A:D9 + X509v3 Subject Key Identifier: + 9C:BE:0B:C0:22:76:F5:CF:BC:FD:78:9A:92:77:20:FE:BF:96:1E:D8 + Signature Algorithm: ecdsa-with-SHA384 + Signature Value: + 30:46:02:21:00:ff:21:78:ff:d7:43:e7:9d:7d:dd:e6:f1:89: + f9:39:8a:14:e0:46:ca:b2:f2:59:a1:09:70:a0:2d:8b:66:a1: + 65:02:21:00:d6:cf:8e:54:06:f0:d3:4c:23:f6:9d:a7:d5:b7: + 23:6d:b9:c8:18:15:63:a3:92:98:3c:dc:25:18:71:1c:74:68 +-----BEGIN CERTIFICATE----- +MIIFejCCBR+gAwIBAgILKgHgpfuAEAAAAAIwCgYIKoZIzj0EAwMwgYQxCzAJBgNV +BAYTAkNBMREwDwYDVQQHDAhNb250cmVhbDEPMA0GA1UECAwGUXVlYmVjMRIwEAYD +VQQKDAlTQUZFIEluYy4xJDAiBgNVBAsMG0RpZ2l0YWwgQ2VydGlmaWNhdGUgU2ln +bmluZzEXMBUGA1UEAwwOU0FGRSBSb290IENBIDEwIBcNMjQwMTIwMTcxOTU1WhgP +MjA1MTA2MDcxNzE5NTVaMHoxCzAJBgNVBAYTAkNBMRIwEAYDVQQKDAlTQUZFIElu +Yy4xJDAiBgNVBAsMG0RpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzExMC8GA1UE +AwwoU0FGRSBNaWRsZSBHcm91bmQgQ0EgKDIwMjQpIC0gU0hBMzg0IC0gMzCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANFSm9wQV22aDglbG6r7doxls/LK +dTaPwMuC2C9bDiUMX/wYlEGHXXXrkuwqhxTsX8z2j7/bTqMHquyQOkhDuQGEQvs0 +CwZf2ORt51WP9q2YxH1vqDne+HCUcfMvJBs7q0Jw2GwG74Gv+vdod2YOYBLfgLu0 +kkofPlIt9ZrjuibTiGiqEYgPuL5+49eIzoYJGqMsznTB19Z6xLUEHiXvtxVqFidN +D+2vRvygV6Jt/pHDxx+HBv5a4qjeM2eubQaE8hUdnf8Rz75vqaUTEwvvZxkf6qjt +8NvyH7qMpR6zVLdowzeF2wEug03gBr6TVLDcMSOYFbfstYJXenw0bDsrO/qzEppj +Y9lU/b+h7jykR4MEYLmbdI/3kpMd9eqYh8TJ3ta4X7/8LkHgVThlgFQCxtm9fVGW +ulWtvwHOMSFUHlYWeXuXGlOShoBU7+l1rSFFN4JUUu3DN4wRq2PdZK4VtPXMAi9h +q0LWxaHA3RnvcPF/bTGvTmC7g6H3SaXelN0xwXRLEXPaTfROkJ6u3cBh1mtUPzp4 +w4vkDrrGnPM/+2w0fP89ZdcL7EwZN1E3xTs0flWFEIIzMH//lWNbRTxFkDT7HF7v +ZKOnqFgP0Jdq3lqPKVFrFAGx7Fl0Rw7Z0Bp43xbl/luLlUgPJiBY7xRql8rAs32s +f4psWb4b/KBH51exAgMBAAGjggGyMIIBrjAOBgNVHQ8BAf8EBAMCAQYwgYAGCCsG +AQUFBwEBBHQwcjA6BggrBgEFBQcwAoYuaHR0cDovL2NlcnRpZmljYXRlcy5zYWZl +LmNhL2NhY2VydC9zYWZlTURMLnBlbTA0BggrBgEFBQcwAYYoaHR0cDovL2NlcnRp +ZmljYXRlcy9zYWZlLmNhL2Noa2NlcnRzdGF0czBXBgNVHSAEUDBOMEIGCSsGAQQB +ug4BATA1MDMGCCsGAQUFBwIBFidodHRwOi8vY2VydGlmaWNhdGVzLnNhZmUuY2Ev +cmVwb3NpdG9yeS8wCAYGZ4EMAQIBMBIGA1UdEwEB/wQIMAYBAf8CAQAwRQYDVR0f +BD4wPDA6oDigNoY0aHR0cDovL2NlcnRpZmljYXRlcy5zYWZlLmNhL3JlcG9zaXRv +cnkvcmV2b2tsaXN0LnBlbTAlBgNVHREEHjAcghRjZXJ0aWZpY2F0ZXMuc2FmZS5j +YYcEwNv+NTAfBgNVHSMEGDAWgBSH3fsySSZeE/i38t/vnPaFNDd62TAdBgNVHQ4E +FgQUnL4LwCJ29c+8/Xiakncg/r+WHtgwCgYIKoZIzj0EAwMDSQAwRgIhAP8heP/X +Q+edfd3m8Yn5OYoU4EbKsvJZoQlwoC2LZqFlAiEA1s+OVAbw00wj9p2n1bcjbbnI +GBVjo5KYPNwlGHEcdGg= +-----END CERTIFICATE----- diff --git a/certs/localhost_key.pem b/certs/localhost-key.pem similarity index 100% rename from certs/localhost_key.pem rename to certs/localhost-key.pem diff --git a/certs/mailleur_server_cert_x509.pem b/certs/mailleur_server-cert_x509.pem similarity index 100% rename from certs/mailleur_server_cert_x509.pem rename to certs/mailleur_server-cert_x509.pem diff --git a/certs/mailleur_server-chain-cert_x509.pem b/certs/mailleur_server-chain-cert_x509.pem new file mode 100644 index 0000000..ddd18fa --- /dev/null +++ b/certs/mailleur_server-chain-cert_x509.pem @@ -0,0 +1,257 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2a:01:e0:a5:fb:80:80:00:00:00:28 + Signature Algorithm: sha384WithRSAEncryption + Issuer: C=CA, O=SAFE Inc., OU=Digital Certificate Signing, CN=SAFE Midle Ground CA (2024) - SHA384 - 3 + Validity + Not Before: Apr 6 11:54:45 2025 GMT + Not After : Apr 6 11:54:45 2050 GMT + Subject: C=CA, ST=Quebec, L=Montreal, O=SAFE Inc., OU=Mailleur email developpement test, CN=mailleur.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:b2:6e:35:f7:8c:eb:07:0d:a1:f8:10:fd:dd:8d: + d9:9e:cf:9f:4b:39:4d:ee:81:5e:b3:5e:a2:67:81: + 9e:b7:ec:b8:bb:08:12:5d:07:01:23:bc:3d:24:82: + a7:b0:a6:b1:56:57:6e:e6:b9:95:8f:fb:7f:12:fd: + ec:91:4b:81:6d:e8:8f:5d:33:c3:e6:db:24:66:f5: + f2:cd:1e:86:8f:23:b6:38:2e:46:c9:94:cd:4c:b6: + 37:41:44:5f:8f:08:36:f7:90:77:97:f6:1d:81:a8: + 44:94:23:30:a8:19:41:bc:b8:d4:52:d9:4c:57:45: + ea:1e:2e:a8:60:9b:c7:34:6d:81:66:5d:68:f8:a5: + 67:31:5a:49:14:13:7c:68:af:d0:ab:6e:e5:2c:da: + 5c:b1:20:78:ff:4b:3c:1e:5a:81:a0:91:66:7f:a9: + 6c:2d:df:b6:4f:89:53:db:62:40:01:ea:ab:d8:9f: + 1d:4b:5c:dc:2d:95:83:73:a2:77:c8:3f:ce:fe:39: + 11:2e:b2:38:17:3d:bc:50:73:50:d0:1a:5b:76:9e: + 44:76:6d:c9:14:53:61:05:31:a6:66:1d:ba:a9:88: + 52:bb:28:a9:bb:de:3e:05:3f:11:6b:ee:14:0b:0f: + f2:79:6a:3c:56:c9:f6:78:0f:d5:2f:8b:7b:ad:23: + 75:f3:53:e7:b4:ab:82:c4:8d:f1:84:f8:82:3e:97: + a6:85:84:18:fc:89:e7:12:95:c9:ed:28:c5:6c:d8: + 84:de:f7:d5:fd:a8:c1:e6:2d:55:75:14:9c:1b:5f: + 89:91:0a:58:0e:ff:92:67:2e:f0:9e:c4:48:30:1a: + be:1d:64:35:ba:87:92:ae:d7:24:5f:08:28:37:b2: + ec:c9:5a:36:84:66:1e:f2:94:73:bc:7e:83:3e:0c: + da:ff:8f:ea:1c:13:94:53:d6:71:8f:a1:52:27:c5: + 0f:31:0b:7d:3a:96:23:f5:cc:bf:4a:9b:8e:08:5a: + 15:ec:4a:6b:db:25:16:21:2c:9b:52:4d:71:d3:6c: + 6f:55:63:cc:28:37:23:58:cf:63:dd:38:79:24:ab: + 46:f9:96:20:6b:b1:77:b4:b8:f1:cf:1e:7e:ae:f5: + 8b:5b:89:98:e5:df:71:d1:b5:66:cd:6f:b6:c2:8f: + 0e:75:59:e1:5f:cf:ab:b3:87:ce:6d:c1:ba:44:68: + 79:70:ae:0b:07:1f:d5:7a:33:0b:13:fd:39:98:5b: + 46:19:e4:a2:bf:f4:06:48:12:01:c7:fc:c8:cc:15: + 81:d6:2e:82:3f:7e:57:b8:a8:06:d8:70:81:f7:c3: + 42:4c:af:48:7a:26:38:96:e2:6f:fc:b3:e6:9f:b8: + 6f:2b:0d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + Authority Information Access: + CA Issuers - URI:http://certificates.safe.ca/cacert/safeMDL.pem + OCSP - URI:http://certificates/safe.ca/chkcertstats + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.7438.1.2 + CPS: http://certificates.safe.ca/policies + Policy: 2.23.140.1.1 + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + Full Name: + URI:http://certificates.safe.ca/repository/revoklist.pem + X509v3 Subject Alternative Name: + DNS:mailleur.example.com, IP Address:127.127.10.25 + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication, E-mail Protection + X509v3 Subject Key Identifier: + 89:FC:FA:27:85:1A:75:70:74:B6:47:9C:2A:B6:1F:90:58:BF:C5:C1 + X509v3 Authority Key Identifier: + 9C:BE:0B:C0:22:76:F5:CF:BC:FD:78:9A:92:77:20:FE:BF:96:1E:D8 + Signature Algorithm: sha384WithRSAEncryption + Signature Value: + 68:21:b6:11:60:a6:ea:31:af:9a:31:64:be:88:f9:60:17:d7: + 4b:d5:95:a8:cd:bd:04:10:2a:3d:f9:61:25:e1:44:87:5d:53: + 81:47:a5:d4:46:32:a8:ef:f3:be:1c:36:71:19:77:4a:f8:15: + 43:38:c5:61:62:09:7c:1e:d6:0c:72:b9:9c:97:eb:c2:ce:b6: + d0:14:0b:7c:01:8c:1d:05:bf:7e:29:09:9f:13:e2:e5:1d:d8: + 89:78:0e:f8:af:87:2b:94:dc:c3:27:9c:cd:db:33:f7:60:7c: + 9a:0f:ab:09:79:dd:5f:b4:b2:60:54:a5:88:9c:76:3f:6e:cc: + 91:b3:a6:13:63:64:be:b0:2e:37:9c:80:db:e1:95:11:12:e8: + 0a:5b:bd:b0:b9:49:ee:cd:6c:34:64:ef:85:57:39:d7:2f:8d: + a5:b6:4d:98:8f:c5:2e:2d:d5:97:8b:cc:49:84:ba:29:a9:e9: + 40:b7:2a:56:f4:0f:cb:02:d2:2f:ec:5d:4c:2c:6b:88:e1:b6: + 01:cb:2c:6e:c8:49:a6:2c:48:d3:81:9c:0d:6f:07:c5:56:7e: + 47:f4:7d:14:81:62:e1:29:b6:28:91:7f:db:fc:47:7c:7f:e1: + fe:9c:08:ab:64:22:f8:cf:bb:8f:9e:75:1e:07:ac:dd:56:88: + 95:ca:84:42:1f:b0:90:ca:3a:7b:24:00:43:44:57:3a:83:67: + f7:15:65:14:bf:96:85:39:d9:53:6c:e3:f2:dc:0f:e2:bb:d7: + 0f:81:71:00:16:bd:1f:82:2b:af:f7:2b:49:04:9f:1c:fe:3b: + bb:da:26:a9:ba:8b:5f:70:f4:68:a3:fc:88:4b:cf:34:47:54: + eb:3a:65:4d:24:c7:66:60:61:55:03:81:10:a4:b3:30:3e:40: + ca:e8:0c:e8:24:9f:0e:20:5c:1f:ea:65:bd:5b:23:cd:95:f8: + 1c:74:ef:25:2c:55:7a:d8:85:eb:33:fe:98:8e:cd:bc:d1:6e: + f9:38:71:5f:8b:cb:09:2e:3d:78:b4:37:4b:70:60:60:85:f0: + 34:78:e7:4c:05:47:a7:ba:46:58:7b:4a:2e:8c:03:5f:49:ea: + a8:c4:81:4e:08:c7:50:e2:43:b2:22:d2:cb:6a:e6:69:71:4e: + a5:f5:49:a5:fd:03:07:25:e8:43:2e:fd:fa:1d:f5:9c:24:90: + 7d:29:e7:40:f8:e5:b0:ea:02:a4:c5:e5:3a:f8:d0:a7:88:31: + 1a:3d:8d:3a:fd:ac:cd:02:6a:4a:08:d4:dd:a9:a3:76:45:2a: + d1:43:3a:17:be:75:50:33:43:66:7b:1c:a6:cc:0e:0d:90:5c: + 85:7d:6c:cc:b0:56:44:45 +-----BEGIN CERTIFICATE----- +MIIHYjCCBUqgAwIBAgILKgHgpfuAgAAAACgwDQYJKoZIhvcNAQEMBQAwejELMAkG +A1UEBhMCQ0ExEjAQBgNVBAoMCVNBRkUgSW5jLjEkMCIGA1UECwwbRGlnaXRhbCBD +ZXJ0aWZpY2F0ZSBTaWduaW5nMTEwLwYDVQQDDChTQUZFIE1pZGxlIEdyb3VuZCBD +QSAoMjAyNCkgLSBTSEEzODQgLSAzMCAXDTI1MDQwNjExNTQ0NVoYDzIwNTAwNDA2 +MTE1NDQ1WjCBkDELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBlF1ZWJlYzERMA8GA1UE +BwwITW9udHJlYWwxEjAQBgNVBAoMCVNBRkUgSW5jLjEqMCgGA1UECwwhTWFpbGxl +dXIgZW1haWwgZGV2ZWxvcHBlbWVudCB0ZXN0MR0wGwYDVQQDDBRtYWlsbGV1ci5l +eGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALJuNfeM +6wcNofgQ/d2N2Z7Pn0s5Te6BXrNeomeBnrfsuLsIEl0HASO8PSSCp7CmsVZXbua5 +lY/7fxL97JFLgW3oj10zw+bbJGb18s0eho8jtjguRsmUzUy2N0FEX48INveQd5f2 +HYGoRJQjMKgZQby41FLZTFdF6h4uqGCbxzRtgWZdaPilZzFaSRQTfGiv0Ktu5Sza +XLEgeP9LPB5agaCRZn+pbC3ftk+JU9tiQAHqq9ifHUtc3C2Vg3Oid8g/zv45ES6y +OBc9vFBzUNAaW3aeRHZtyRRTYQUxpmYduqmIUrsoqbvePgU/EWvuFAsP8nlqPFbJ +9ngP1S+Le60jdfNT57SrgsSN8YT4gj6XpoWEGPyJ5xKVye0oxWzYhN731f2oweYt +VXUUnBtfiZEKWA7/kmcu8J7ESDAavh1kNbqHkq7XJF8IKDey7MlaNoRmHvKUc7x+ +gz4M2v+P6hwTlFPWcY+hUifFDzELfTqWI/XMv0qbjghaFexKa9slFiEsm1JNcdNs +b1VjzCg3I1jPY904eSSrRvmWIGuxd7S48c8efq71i1uJmOXfcdG1Zs1vtsKPDnVZ +4V/Pq7OHzm3BukRoeXCuCwcf1XozCxP9OZhbRhnkor/0BkgSAcf8yMwVgdYugj9+ +V7ioBthwgffDQkyvSHomOJbib/yz5p+4bysNAgMBAAGjggHOMIIByjAOBgNVHQ8B +Af8EBAMCBaAwgYAGCCsGAQUFBwEBBHQwcjA6BggrBgEFBQcwAoYuaHR0cDovL2Nl +cnRpZmljYXRlcy5zYWZlLmNhL2NhY2VydC9zYWZlTURMLnBlbTA0BggrBgEFBQcw +AYYoaHR0cDovL2NlcnRpZmljYXRlcy9zYWZlLmNhL2Noa2NlcnRzdGF0czBTBgNV +HSAETDBKMD8GCSsGAQQBug4BAjAyMDAGCCsGAQUFBwIBFiRodHRwOi8vY2VydGlm +aWNhdGVzLnNhZmUuY2EvcG9saWNpZXMwBwYFZ4EMAQEwCQYDVR0TBAIwADBFBgNV +HR8EPjA8MDqgOKA2hjRodHRwOi8vY2VydGlmaWNhdGVzLnNhZmUuY2EvcmVwb3Np +dG9yeS9yZXZva2xpc3QucGVtMCUGA1UdEQQeMByCFG1haWxsZXVyLmV4YW1wbGUu +Y29thwR/fwoZMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUH +AwQwHQYDVR0OBBYEFIn8+ieFGnVwdLZHnCq2H5BYv8XBMB8GA1UdIwQYMBaAFJy+ +C8AidvXPvP14mpJ3IP6/lh7YMA0GCSqGSIb3DQEBDAUAA4ICAQBoIbYRYKbqMa+a +MWS+iPlgF9dL1ZWozb0EECo9+WEl4USHXVOBR6XURjKo7/O+HDZxGXdK+BVDOMVh +Ygl8HtYMcrmcl+vCzrbQFAt8AYwdBb9+KQmfE+LlHdiJeA74r4crlNzDJ5zN2zP3 +YHyaD6sJed1ftLJgVKWInHY/bsyRs6YTY2S+sC43nIDb4ZUREugKW72wuUnuzWw0 +ZO+FVznXL42ltk2Yj8UuLdWXi8xJhLopqelAtypW9A/LAtIv7F1MLGuI4bYByyxu +yEmmLEjTgZwNbwfFVn5H9H0UgWLhKbYokX/b/Ed8f+H+nAirZCL4z7uPnnUeB6zd +VoiVyoRCH7CQyjp7JABDRFc6g2f3FWUUv5aFOdlTbOPy3A/iu9cPgXEAFr0fgiuv +9ytJBJ8c/ju72iapuotfcPRoo/yIS880R1TrOmVNJMdmYGFVA4EQpLMwPkDK6Azo +JJ8OIFwf6mW9WyPNlfgcdO8lLFV62IXrM/6Yjs280W75OHFfi8sJLj14tDdLcGBg +hfA0eOdMBUenukZYe0oujANfSeqoxIFOCMdQ4kOyItLLauZpcU6l9Uml/QMHJehD +Lv36HfWcJJB9KedA+OWw6gKkxeU6+NCniDEaPY06/azNAmpKCNTdqaN2RSrRQzoX +vnVQM0NmexymzA4NkFyFfWzMsFZERQ== +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2a:01:e0:a5:fb:80:10:00:00:00:02 + Signature Algorithm: ecdsa-with-SHA384 + Issuer: C=CA, L=Montreal, ST=Quebec, O=SAFE Inc., OU=Digital Certificate Signing, CN=SAFE Root CA 1 + Validity + Not Before: Jan 20 17:19:55 2024 GMT + Not After : Jun 7 17:19:55 2051 GMT + Subject: C=CA, O=SAFE Inc., OU=Digital Certificate Signing, CN=SAFE Midle Ground CA (2024) - SHA384 - 3 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:d1:52:9b:dc:10:57:6d:9a:0e:09:5b:1b:aa:fb: + 76:8c:65:b3:f2:ca:75:36:8f:c0:cb:82:d8:2f:5b: + 0e:25:0c:5f:fc:18:94:41:87:5d:75:eb:92:ec:2a: + 87:14:ec:5f:cc:f6:8f:bf:db:4e:a3:07:aa:ec:90: + 3a:48:43:b9:01:84:42:fb:34:0b:06:5f:d8:e4:6d: + e7:55:8f:f6:ad:98:c4:7d:6f:a8:39:de:f8:70:94: + 71:f3:2f:24:1b:3b:ab:42:70:d8:6c:06:ef:81:af: + fa:f7:68:77:66:0e:60:12:df:80:bb:b4:92:4a:1f: + 3e:52:2d:f5:9a:e3:ba:26:d3:88:68:aa:11:88:0f: + b8:be:7e:e3:d7:88:ce:86:09:1a:a3:2c:ce:74:c1: + d7:d6:7a:c4:b5:04:1e:25:ef:b7:15:6a:16:27:4d: + 0f:ed:af:46:fc:a0:57:a2:6d:fe:91:c3:c7:1f:87: + 06:fe:5a:e2:a8:de:33:67:ae:6d:06:84:f2:15:1d: + 9d:ff:11:cf:be:6f:a9:a5:13:13:0b:ef:67:19:1f: + ea:a8:ed:f0:db:f2:1f:ba:8c:a5:1e:b3:54:b7:68: + c3:37:85:db:01:2e:83:4d:e0:06:be:93:54:b0:dc: + 31:23:98:15:b7:ec:b5:82:57:7a:7c:34:6c:3b:2b: + 3b:fa:b3:12:9a:63:63:d9:54:fd:bf:a1:ee:3c:a4: + 47:83:04:60:b9:9b:74:8f:f7:92:93:1d:f5:ea:98: + 87:c4:c9:de:d6:b8:5f:bf:fc:2e:41:e0:55:38:65: + 80:54:02:c6:d9:bd:7d:51:96:ba:55:ad:bf:01:ce: + 31:21:54:1e:56:16:79:7b:97:1a:53:92:86:80:54: + ef:e9:75:ad:21:45:37:82:54:52:ed:c3:37:8c:11: + ab:63:dd:64:ae:15:b4:f5:cc:02:2f:61:ab:42:d6: + c5:a1:c0:dd:19:ef:70:f1:7f:6d:31:af:4e:60:bb: + 83:a1:f7:49:a5:de:94:dd:31:c1:74:4b:11:73:da: + 4d:f4:4e:90:9e:ae:dd:c0:61:d6:6b:54:3f:3a:78: + c3:8b:e4:0e:ba:c6:9c:f3:3f:fb:6c:34:7c:ff:3d: + 65:d7:0b:ec:4c:19:37:51:37:c5:3b:34:7e:55:85: + 10:82:33:30:7f:ff:95:63:5b:45:3c:45:90:34:fb: + 1c:5e:ef:64:a3:a7:a8:58:0f:d0:97:6a:de:5a:8f: + 29:51:6b:14:01:b1:ec:59:74:47:0e:d9:d0:1a:78: + df:16:e5:fe:5b:8b:95:48:0f:26:20:58:ef:14:6a: + 97:ca:c0:b3:7d:ac:7f:8a:6c:59:be:1b:fc:a0:47: + e7:57:b1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Authority Information Access: + CA Issuers - URI:http://certificates.safe.ca/cacert/safeMDL.pem + OCSP - URI:http://certificates/safe.ca/chkcertstats + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.7438.1.1 + CPS: http://certificates.safe.ca/repository/ + Policy: 2.23.140.1.2.1 + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 CRL Distribution Points: + Full Name: + URI:http://certificates.safe.ca/repository/revoklist.pem + X509v3 Subject Alternative Name: + DNS:certificates.safe.ca, IP Address:192.219.254.53 + X509v3 Authority Key Identifier: + 87:DD:FB:32:49:26:5E:13:F8:B7:F2:DF:EF:9C:F6:85:34:37:7A:D9 + X509v3 Subject Key Identifier: + 9C:BE:0B:C0:22:76:F5:CF:BC:FD:78:9A:92:77:20:FE:BF:96:1E:D8 + Signature Algorithm: ecdsa-with-SHA384 + Signature Value: + 30:46:02:21:00:ff:21:78:ff:d7:43:e7:9d:7d:dd:e6:f1:89: + f9:39:8a:14:e0:46:ca:b2:f2:59:a1:09:70:a0:2d:8b:66:a1: + 65:02:21:00:d6:cf:8e:54:06:f0:d3:4c:23:f6:9d:a7:d5:b7: + 23:6d:b9:c8:18:15:63:a3:92:98:3c:dc:25:18:71:1c:74:68 +-----BEGIN CERTIFICATE----- +MIIFejCCBR+gAwIBAgILKgHgpfuAEAAAAAIwCgYIKoZIzj0EAwMwgYQxCzAJBgNV +BAYTAkNBMREwDwYDVQQHDAhNb250cmVhbDEPMA0GA1UECAwGUXVlYmVjMRIwEAYD +VQQKDAlTQUZFIEluYy4xJDAiBgNVBAsMG0RpZ2l0YWwgQ2VydGlmaWNhdGUgU2ln +bmluZzEXMBUGA1UEAwwOU0FGRSBSb290IENBIDEwIBcNMjQwMTIwMTcxOTU1WhgP +MjA1MTA2MDcxNzE5NTVaMHoxCzAJBgNVBAYTAkNBMRIwEAYDVQQKDAlTQUZFIElu +Yy4xJDAiBgNVBAsMG0RpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzExMC8GA1UE +AwwoU0FGRSBNaWRsZSBHcm91bmQgQ0EgKDIwMjQpIC0gU0hBMzg0IC0gMzCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANFSm9wQV22aDglbG6r7doxls/LK +dTaPwMuC2C9bDiUMX/wYlEGHXXXrkuwqhxTsX8z2j7/bTqMHquyQOkhDuQGEQvs0 +CwZf2ORt51WP9q2YxH1vqDne+HCUcfMvJBs7q0Jw2GwG74Gv+vdod2YOYBLfgLu0 +kkofPlIt9ZrjuibTiGiqEYgPuL5+49eIzoYJGqMsznTB19Z6xLUEHiXvtxVqFidN +D+2vRvygV6Jt/pHDxx+HBv5a4qjeM2eubQaE8hUdnf8Rz75vqaUTEwvvZxkf6qjt +8NvyH7qMpR6zVLdowzeF2wEug03gBr6TVLDcMSOYFbfstYJXenw0bDsrO/qzEppj +Y9lU/b+h7jykR4MEYLmbdI/3kpMd9eqYh8TJ3ta4X7/8LkHgVThlgFQCxtm9fVGW +ulWtvwHOMSFUHlYWeXuXGlOShoBU7+l1rSFFN4JUUu3DN4wRq2PdZK4VtPXMAi9h +q0LWxaHA3RnvcPF/bTGvTmC7g6H3SaXelN0xwXRLEXPaTfROkJ6u3cBh1mtUPzp4 +w4vkDrrGnPM/+2w0fP89ZdcL7EwZN1E3xTs0flWFEIIzMH//lWNbRTxFkDT7HF7v +ZKOnqFgP0Jdq3lqPKVFrFAGx7Fl0Rw7Z0Bp43xbl/luLlUgPJiBY7xRql8rAs32s +f4psWb4b/KBH51exAgMBAAGjggGyMIIBrjAOBgNVHQ8BAf8EBAMCAQYwgYAGCCsG +AQUFBwEBBHQwcjA6BggrBgEFBQcwAoYuaHR0cDovL2NlcnRpZmljYXRlcy5zYWZl +LmNhL2NhY2VydC9zYWZlTURMLnBlbTA0BggrBgEFBQcwAYYoaHR0cDovL2NlcnRp +ZmljYXRlcy9zYWZlLmNhL2Noa2NlcnRzdGF0czBXBgNVHSAEUDBOMEIGCSsGAQQB +ug4BATA1MDMGCCsGAQUFBwIBFidodHRwOi8vY2VydGlmaWNhdGVzLnNhZmUuY2Ev +cmVwb3NpdG9yeS8wCAYGZ4EMAQIBMBIGA1UdEwEB/wQIMAYBAf8CAQAwRQYDVR0f +BD4wPDA6oDigNoY0aHR0cDovL2NlcnRpZmljYXRlcy5zYWZlLmNhL3JlcG9zaXRv +cnkvcmV2b2tsaXN0LnBlbTAlBgNVHREEHjAcghRjZXJ0aWZpY2F0ZXMuc2FmZS5j +YYcEwNv+NTAfBgNVHSMEGDAWgBSH3fsySSZeE/i38t/vnPaFNDd62TAdBgNVHQ4E +FgQUnL4LwCJ29c+8/Xiakncg/r+WHtgwCgYIKoZIzj0EAwMDSQAwRgIhAP8heP/X +Q+edfd3m8Yn5OYoU4EbKsvJZoQlwoC2LZqFlAiEA1s+OVAbw00wj9p2n1bcjbbnI +GBVjo5KYPNwlGHEcdGg= +-----END CERTIFICATE----- diff --git a/certs/mailleur_server_key.pem b/certs/mailleur_server-key.pem similarity index 100% rename from certs/mailleur_server_key.pem rename to certs/mailleur_server-key.pem diff --git a/certs/root-safe_CA.pem b/certs/root-safe_CA.pem new file mode 100644 index 0000000..5f503cb --- /dev/null +++ b/certs/root-safe_CA.pem @@ -0,0 +1,58 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 02:d3:24:58:50:9a:63:62:01:9c:77:99:26:1d:07:d4:9a:6f:b8:31 + Signature Algorithm: ecdsa-with-SHA384 + Issuer: C=CA, L=Montreal, ST=Quebec, O=SAFE Inc., OU=Digital Certificate Signing, CN=SAFE Root CA 1 + Validity + Not Before: Apr 25 13:26:55 2021 GMT + Not After : Apr 25 13:26:55 2041 GMT + Subject: C=CA, L=Montreal, ST=Quebec, O=SAFE Inc., OU=Digital Certificate Signing, CN=SAFE Root CA 1 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:2b:ba:82:6e:03:14:e8:ee:9b:1d:0b:e3:80:e8: + ef:1f:68:fd:b5:4d:24:50:9d:7a:04:07:b9:d1:c3: + 70:db:aa:c9:10:c3:3d:7f:26:a0:88:22:21:51:39: + fd:51:10:8e:67:31:9e:5c:b2:be:60:94:01:75:7e: + c3:ef:b3:ac:6c + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 87:DD:FB:32:49:26:5E:13:F8:B7:F2:DF:EF:9C:F6:85:34:37:7A:D9 + X509v3 Authority Key Identifier: + 87:DD:FB:32:49:26:5E:13:F8:B7:F2:DF:EF:9C:F6:85:34:37:7A:D9 + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.7438.1.1 + CPS: http://certificates.safe.ca/repository/ + Policy: 2.23.140.1.2.1 + Signature Algorithm: ecdsa-with-SHA384 + Signature Value: + 30:45:02:20:50:43:0d:35:ec:ec:53:6e:3c:74:4e:7b:53:3f: + df:2d:d4:5d:8a:2a:0b:7a:21:c4:6e:93:04:70:b5:b5:74:2a: + 02:21:00:a6:6e:95:77:72:9d:0e:bc:f0:15:5f:b7:02:cc:e1: + ac:b1:3d:f5:a6:99:01:23:30:3a:76:03:6b:ee:ac:92:fa +-----BEGIN CERTIFICATE----- +MIICyjCCAnCgAwIBAgIUAtMkWFCaY2IBnHeZJh0H1JpvuDEwCgYIKoZIzj0EAwMw +gYQxCzAJBgNVBAYTAkNBMREwDwYDVQQHDAhNb250cmVhbDEPMA0GA1UECAwGUXVl +YmVjMRIwEAYDVQQKDAlTQUZFIEluYy4xJDAiBgNVBAsMG0RpZ2l0YWwgQ2VydGlm +aWNhdGUgU2lnbmluZzEXMBUGA1UEAwwOU0FGRSBSb290IENBIDEwHhcNMjEwNDI1 +MTMyNjU1WhcNNDEwNDI1MTMyNjU1WjCBhDELMAkGA1UEBhMCQ0ExETAPBgNVBAcM +CE1vbnRyZWFsMQ8wDQYDVQQIDAZRdWViZWMxEjAQBgNVBAoMCVNBRkUgSW5jLjEk +MCIGA1UECwwbRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMRcwFQYDVQQDDA5T +QUZFIFJvb3QgQ0EgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCu6gm4DFOju +mx0L44Do7x9o/bVNJFCdegQHudHDcNuqyRDDPX8moIgiIVE5/VEQjmcxnlyyvmCU +AXV+w++zrGyjgb0wgbowDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w +HQYDVR0OBBYEFIfd+zJJJl4T+Lfy3++c9oU0N3rZMB8GA1UdIwQYMBaAFIfd+zJJ +Jl4T+Lfy3++c9oU0N3rZMFcGA1UdIARQME4wQgYJKwYBBAG6DgEBMDUwMwYIKwYB +BQUHAgEWJ2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuc2FmZS5jYS9yZXBvc2l0b3J5LzAI +BgZngQwBAgEwCgYIKoZIzj0EAwMDSAAwRQIgUEMNNezsU248dE57Uz/fLdRdiioL +eiHEbpMEcLW1dCoCIQCmbpV3cp0OvPAVX7cCzOGssT31ppkBIzA6dgNr7qyS+g== +-----END CERTIFICATE----- diff --git a/certs/safe_CA.pem.ref b/certs/safeMDL.pem similarity index 85% rename from certs/safe_CA.pem.ref rename to certs/safeMDL.pem index 0a10181..331cd2c 100644 --- a/certs/safe_CA.pem.ref +++ b/certs/safeMDL.pem @@ -108,20 +108,3 @@ FgQUnL4LwCJ29c+8/Xiakncg/r+WHtgwCgYIKoZIzj0EAwMDSQAwRgIhAP8heP/X Q+edfd3m8Yn5OYoU4EbKsvJZoQlwoC2LZqFlAiEA1s+OVAbw00wj9p2n1bcjbbnI GBVjo5KYPNwlGHEcdGg= -----END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICyjCCAnCgAwIBAgIUAtMkWFCaY2IBnHeZJh0H1JpvuDEwCgYIKoZIzj0EAwMw -gYQxCzAJBgNVBAYTAkNBMREwDwYDVQQHDAhNb250cmVhbDEPMA0GA1UECAwGUXVl -YmVjMRIwEAYDVQQKDAlTQUZFIEluYy4xJDAiBgNVBAsMG0RpZ2l0YWwgQ2VydGlm -aWNhdGUgU2lnbmluZzEXMBUGA1UEAwwOU0FGRSBSb290IENBIDEwHhcNMjEwNDI1 -MTMyNjU1WhcNNDEwNDI1MTMyNjU1WjCBhDELMAkGA1UEBhMCQ0ExETAPBgNVBAcM -CE1vbnRyZWFsMQ8wDQYDVQQIDAZRdWViZWMxEjAQBgNVBAoMCVNBRkUgSW5jLjEk -MCIGA1UECwwbRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMRcwFQYDVQQDDA5T -QUZFIFJvb3QgQ0EgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCu6gm4DFOju -mx0L44Do7x9o/bVNJFCdegQHudHDcNuqyRDDPX8moIgiIVE5/VEQjmcxnlyyvmCU -AXV+w++zrGyjgb0wgbowDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w -HQYDVR0OBBYEFIfd+zJJJl4T+Lfy3++c9oU0N3rZMB8GA1UdIwQYMBaAFIfd+zJJ -Jl4T+Lfy3++c9oU0N3rZMFcGA1UdIARQME4wQgYJKwYBBAG6DgEBMDUwMwYIKwYB -BQUHAgEWJ2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuc2FmZS5jYS9yZXBvc2l0b3J5LzAI -BgZngQwBAgEwCgYIKoZIzj0EAwMDSAAwRQIgUEMNNezsU248dE57Uz/fLdRdiioL -eiHEbpMEcLW1dCoCIQCmbpV3cp0OvPAVX7cCzOGssT31ppkBIzA6dgNr7qyS+g== ------END CERTIFICATE----- diff --git a/certs/safe_CA.pem b/certs/safe_CA.pem deleted file mode 100644 index 21f4d69..0000000 --- a/certs/safe_CA.pem +++ /dev/null @@ -1,91 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIHYjCCBUqgAwIBAgILKgHgpfuAgAAAACgwDQYJKoZIhvcNAQEMBQAwejELMAkG -A1UEBhMCQ0ExEjAQBgNVBAoMCVNBRkUgSW5jLjEkMCIGA1UECwwbRGlnaXRhbCBD -ZXJ0aWZpY2F0ZSBTaWduaW5nMTEwLwYDVQQDDChTQUZFIE1pZGxlIEdyb3VuZCBD -QSAoMjAyNCkgLSBTSEEzODQgLSAzMCAXDTI1MDQwNjExNTQ0NVoYDzIwNTAwNDA2 -MTE1NDQ1WjCBkDELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBlF1ZWJlYzERMA8GA1UE -BwwITW9udHJlYWwxEjAQBgNVBAoMCVNBRkUgSW5jLjEqMCgGA1UECwwhTWFpbGxl -dXIgZW1haWwgZGV2ZWxvcHBlbWVudCB0ZXN0MR0wGwYDVQQDDBRtYWlsbGV1ci5l -eGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALJuNfeM -6wcNofgQ/d2N2Z7Pn0s5Te6BXrNeomeBnrfsuLsIEl0HASO8PSSCp7CmsVZXbua5 -lY/7fxL97JFLgW3oj10zw+bbJGb18s0eho8jtjguRsmUzUy2N0FEX48INveQd5f2 -HYGoRJQjMKgZQby41FLZTFdF6h4uqGCbxzRtgWZdaPilZzFaSRQTfGiv0Ktu5Sza -XLEgeP9LPB5agaCRZn+pbC3ftk+JU9tiQAHqq9ifHUtc3C2Vg3Oid8g/zv45ES6y -OBc9vFBzUNAaW3aeRHZtyRRTYQUxpmYduqmIUrsoqbvePgU/EWvuFAsP8nlqPFbJ -9ngP1S+Le60jdfNT57SrgsSN8YT4gj6XpoWEGPyJ5xKVye0oxWzYhN731f2oweYt -VXUUnBtfiZEKWA7/kmcu8J7ESDAavh1kNbqHkq7XJF8IKDey7MlaNoRmHvKUc7x+ -gz4M2v+P6hwTlFPWcY+hUifFDzELfTqWI/XMv0qbjghaFexKa9slFiEsm1JNcdNs -b1VjzCg3I1jPY904eSSrRvmWIGuxd7S48c8efq71i1uJmOXfcdG1Zs1vtsKPDnVZ -4V/Pq7OHzm3BukRoeXCuCwcf1XozCxP9OZhbRhnkor/0BkgSAcf8yMwVgdYugj9+ -V7ioBthwgffDQkyvSHomOJbib/yz5p+4bysNAgMBAAGjggHOMIIByjAOBgNVHQ8B -Af8EBAMCBaAwgYAGCCsGAQUFBwEBBHQwcjA6BggrBgEFBQcwAoYuaHR0cDovL2Nl -cnRpZmljYXRlcy5zYWZlLmNhL2NhY2VydC9zYWZlTURMLnBlbTA0BggrBgEFBQcw -AYYoaHR0cDovL2NlcnRpZmljYXRlcy9zYWZlLmNhL2Noa2NlcnRzdGF0czBTBgNV -HSAETDBKMD8GCSsGAQQBug4BAjAyMDAGCCsGAQUFBwIBFiRodHRwOi8vY2VydGlm -aWNhdGVzLnNhZmUuY2EvcG9saWNpZXMwBwYFZ4EMAQEwCQYDVR0TBAIwADBFBgNV -HR8EPjA8MDqgOKA2hjRodHRwOi8vY2VydGlmaWNhdGVzLnNhZmUuY2EvcmVwb3Np -dG9yeS9yZXZva2xpc3QucGVtMCUGA1UdEQQeMByCFG1haWxsZXVyLmV4YW1wbGUu -Y29thwR/fwoZMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUH -AwQwHQYDVR0OBBYEFIn8+ieFGnVwdLZHnCq2H5BYv8XBMB8GA1UdIwQYMBaAFJy+ -C8AidvXPvP14mpJ3IP6/lh7YMA0GCSqGSIb3DQEBDAUAA4ICAQBoIbYRYKbqMa+a -MWS+iPlgF9dL1ZWozb0EECo9+WEl4USHXVOBR6XURjKo7/O+HDZxGXdK+BVDOMVh -Ygl8HtYMcrmcl+vCzrbQFAt8AYwdBb9+KQmfE+LlHdiJeA74r4crlNzDJ5zN2zP3 -YHyaD6sJed1ftLJgVKWInHY/bsyRs6YTY2S+sC43nIDb4ZUREugKW72wuUnuzWw0 -ZO+FVznXL42ltk2Yj8UuLdWXi8xJhLopqelAtypW9A/LAtIv7F1MLGuI4bYByyxu -yEmmLEjTgZwNbwfFVn5H9H0UgWLhKbYokX/b/Ed8f+H+nAirZCL4z7uPnnUeB6zd -VoiVyoRCH7CQyjp7JABDRFc6g2f3FWUUv5aFOdlTbOPy3A/iu9cPgXEAFr0fgiuv -9ytJBJ8c/ju72iapuotfcPRoo/yIS880R1TrOmVNJMdmYGFVA4EQpLMwPkDK6Azo -JJ8OIFwf6mW9WyPNlfgcdO8lLFV62IXrM/6Yjs280W75OHFfi8sJLj14tDdLcGBg -hfA0eOdMBUenukZYe0oujANfSeqoxIFOCMdQ4kOyItLLauZpcU6l9Uml/QMHJehD -Lv36HfWcJJB9KedA+OWw6gKkxeU6+NCniDEaPY06/azNAmpKCNTdqaN2RSrRQzoX -vnVQM0NmexymzA4NkFyFfWzMsFZERQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFejCCBR+gAwIBAgILKgHgpfuAEAAAAAIwCgYIKoZIzj0EAwMwgYQxCzAJBgNV -BAYTAkNBMREwDwYDVQQHDAhNb250cmVhbDEPMA0GA1UECAwGUXVlYmVjMRIwEAYD -VQQKDAlTQUZFIEluYy4xJDAiBgNVBAsMG0RpZ2l0YWwgQ2VydGlmaWNhdGUgU2ln -bmluZzEXMBUGA1UEAwwOU0FGRSBSb290IENBIDEwIBcNMjQwMTIwMTcxOTU1WhgP -MjA1MTA2MDcxNzE5NTVaMHoxCzAJBgNVBAYTAkNBMRIwEAYDVQQKDAlTQUZFIElu -Yy4xJDAiBgNVBAsMG0RpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzExMC8GA1UE -AwwoU0FGRSBNaWRsZSBHcm91bmQgQ0EgKDIwMjQpIC0gU0hBMzg0IC0gMzCCAiIw -DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANFSm9wQV22aDglbG6r7doxls/LK -dTaPwMuC2C9bDiUMX/wYlEGHXXXrkuwqhxTsX8z2j7/bTqMHquyQOkhDuQGEQvs0 -CwZf2ORt51WP9q2YxH1vqDne+HCUcfMvJBs7q0Jw2GwG74Gv+vdod2YOYBLfgLu0 -kkofPlIt9ZrjuibTiGiqEYgPuL5+49eIzoYJGqMsznTB19Z6xLUEHiXvtxVqFidN -D+2vRvygV6Jt/pHDxx+HBv5a4qjeM2eubQaE8hUdnf8Rz75vqaUTEwvvZxkf6qjt -8NvyH7qMpR6zVLdowzeF2wEug03gBr6TVLDcMSOYFbfstYJXenw0bDsrO/qzEppj -Y9lU/b+h7jykR4MEYLmbdI/3kpMd9eqYh8TJ3ta4X7/8LkHgVThlgFQCxtm9fVGW -ulWtvwHOMSFUHlYWeXuXGlOShoBU7+l1rSFFN4JUUu3DN4wRq2PdZK4VtPXMAi9h -q0LWxaHA3RnvcPF/bTGvTmC7g6H3SaXelN0xwXRLEXPaTfROkJ6u3cBh1mtUPzp4 -w4vkDrrGnPM/+2w0fP89ZdcL7EwZN1E3xTs0flWFEIIzMH//lWNbRTxFkDT7HF7v -ZKOnqFgP0Jdq3lqPKVFrFAGx7Fl0Rw7Z0Bp43xbl/luLlUgPJiBY7xRql8rAs32s -f4psWb4b/KBH51exAgMBAAGjggGyMIIBrjAOBgNVHQ8BAf8EBAMCAQYwgYAGCCsG -AQUFBwEBBHQwcjA6BggrBgEFBQcwAoYuaHR0cDovL2NlcnRpZmljYXRlcy5zYWZl -LmNhL2NhY2VydC9zYWZlTURMLnBlbTA0BggrBgEFBQcwAYYoaHR0cDovL2NlcnRp -ZmljYXRlcy9zYWZlLmNhL2Noa2NlcnRzdGF0czBXBgNVHSAEUDBOMEIGCSsGAQQB -ug4BATA1MDMGCCsGAQUFBwIBFidodHRwOi8vY2VydGlmaWNhdGVzLnNhZmUuY2Ev -cmVwb3NpdG9yeS8wCAYGZ4EMAQIBMBIGA1UdEwEB/wQIMAYBAf8CAQAwRQYDVR0f -BD4wPDA6oDigNoY0aHR0cDovL2NlcnRpZmljYXRlcy5zYWZlLmNhL3JlcG9zaXRv -cnkvcmV2b2tsaXN0LnBlbTAlBgNVHREEHjAcghRjZXJ0aWZpY2F0ZXMuc2FmZS5j -YYcEwNv+NTAfBgNVHSMEGDAWgBSH3fsySSZeE/i38t/vnPaFNDd62TAdBgNVHQ4E -FgQUnL4LwCJ29c+8/Xiakncg/r+WHtgwCgYIKoZIzj0EAwMDSQAwRgIhAP8heP/X -Q+edfd3m8Yn5OYoU4EbKsvJZoQlwoC2LZqFlAiEA1s+OVAbw00wj9p2n1bcjbbnI -GBVjo5KYPNwlGHEcdGg= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICyjCCAnCgAwIBAgIUAtMkWFCaY2IBnHeZJh0H1JpvuDEwCgYIKoZIzj0EAwMw -gYQxCzAJBgNVBAYTAkNBMREwDwYDVQQHDAhNb250cmVhbDEPMA0GA1UECAwGUXVl -YmVjMRIwEAYDVQQKDAlTQUZFIEluYy4xJDAiBgNVBAsMG0RpZ2l0YWwgQ2VydGlm -aWNhdGUgU2lnbmluZzEXMBUGA1UEAwwOU0FGRSBSb290IENBIDEwHhcNMjEwNDI1 -MTMyNjU1WhcNNDEwNDI1MTMyNjU1WjCBhDELMAkGA1UEBhMCQ0ExETAPBgNVBAcM -CE1vbnRyZWFsMQ8wDQYDVQQIDAZRdWViZWMxEjAQBgNVBAoMCVNBRkUgSW5jLjEk -MCIGA1UECwwbRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMRcwFQYDVQQDDA5T -QUZFIFJvb3QgQ0EgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCu6gm4DFOju -mx0L44Do7x9o/bVNJFCdegQHudHDcNuqyRDDPX8moIgiIVE5/VEQjmcxnlyyvmCU -AXV+w++zrGyjgb0wgbowDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w -HQYDVR0OBBYEFIfd+zJJJl4T+Lfy3++c9oU0N3rZMB8GA1UdIwQYMBaAFIfd+zJJ -Jl4T+Lfy3++c9oU0N3rZMFcGA1UdIARQME4wQgYJKwYBBAG6DgEBMDUwMwYIKwYB -BQUHAgEWJ2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuc2FmZS5jYS9yZXBvc2l0b3J5LzAI -BgZngQwBAgEwCgYIKoZIzj0EAwMDSAAwRQIgUEMNNezsU248dE57Uz/fLdRdiioL -eiHEbpMEcLW1dCoCIQCmbpV3cp0OvPAVX7cCzOGssT31ppkBIzA6dgNr7qyS+g== ------END CERTIFICATE----- diff --git a/certs/xx b/certs/xx deleted file mode 100644 index ff10572..0000000 --- a/certs/xx +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICyjCCAnCgAwIBAgIUAtMkWFCaY2IBnHeZJh0H1JpvuDEwCgYIKoZIzj0EAwMw -gYQxCzAJBgNVBAYTAkNBMREwDwYDVQQHDAhNb250cmVhbDEPMA0GA1UECAwGUXVl -YmVjMRIwEAYDVQQKDAlTQUZFIEluYy4xJDAiBgNVBAsMG0RpZ2l0YWwgQ2VydGlm -aWNhdGUgU2lnbmluZzEXMBUGA1UEAwwOU0FGRSBSb290IENBIDEwHhcNMjEwNDI1 -MTMyNjU1WhcNNDEwNDI1MTMyNjU1WjCBhDELMAkGA1UEBhMCQ0ExETAPBgNVBAcM -CE1vbnRyZWFsMQ8wDQYDVQQIDAZRdWViZWMxEjAQBgNVBAoMCVNBRkUgSW5jLjEk -MCIGA1UECwwbRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMRcwFQYDVQQDDA5T -QUZFIFJvb3QgQ0EgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCu6gm4DFOju -mx0L44Do7x9o/bVNJFCdegQHudHDcNuqyRDDPX8moIgiIVE5/VEQjmcxnlyyvmCU -AXV+w++zrGyjgb0wgbowDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w -HQYDVR0OBBYEFIfd+zJJJl4T+Lfy3++c9oU0N3rZMB8GA1UdIwQYMBaAFIfd+zJJ -Jl4T+Lfy3++c9oU0N3rZMFcGA1UdIARQME4wQgYJKwYBBAG6DgEBMDUwMwYIKwYB -BQUHAgEWJ2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuc2FmZS5jYS9yZXBvc2l0b3J5LzAI -BgZngQwBAgEwCgYIKoZIzj0EAwMDSAAwRQIgUEMNNezsU248dE57Uz/fLdRdiioL -eiHEbpMEcLW1dCoCIQCmbpV3cp0OvPAVX7cCzOGssT31ppkBIzA6dgNr7qyS+g== ------END CERTIFICATE----- diff --git a/lib/devsoc.c b/lib/devsoc.c index de86e89..a4dd9d5 100644 --- a/lib/devsoc.c +++ b/lib/devsoc.c @@ -49,6 +49,12 @@ typedef struct { int iteration; //number of soc slot used on the IP }SOCTYP; +//default and debugging certificate for server mode +PUBLIC const char *srvr_certs[3]={ + "./certs/mailleur_server-key.pem", + "./certs/mailleur_server-chain-cert_x509.pem", + "./certs/root-safe_CA.pem" //safe root certificate + }; /* */ @@ -371,7 +377,8 @@ while (proceed==true) { break; case pro_smtps : //set secure socket newsoc->modtls=true; - if ((newsoc->tls=tls_opentls(newsoc->handle,true))==(TLSTYP *)0) { + newsoc->tls=tls_opentls(newsoc->handle,true,srvr_certs); + if (newsoc->tls==(TLSTYP *)0) { (void) rou_alert(0,"%s Unable to get a TLS channel",OPEP); newsoc->modtls=false; phase=999; //trouble trouble @@ -1370,7 +1377,7 @@ return socptr; /* crypted channel, return true is successful. */ /* */ /********************************************************/ -PUBLIC _Bool soc_starttls(SOCPTR *socptr,_Bool server) +PUBLIC _Bool soc_starttls(SOCPTR *socptr,_Bool server,const char *certs[3]) { #define OPEP "devsoc.c:soc_starttls," @@ -1391,13 +1398,11 @@ if ((soc!=(SOCTYP *)0)&&(soc->modtls==false)) { tosend=snprintf(buffer,sizeof(buffer),"%d 2.0.0 Ready to start TLS%s", SIGNON,CRLF); (void) soc_writebuffer(soc,buffer,tosend); - soc->tls=tls_opentls(soc->handle,true); break; case false : - soc->tls=tls_opentls(soc->handle,false); - (void) rou_alert(0,"%s JMPDBG starting client mode",OPEP); break; } + soc->tls=tls_opentls(soc->handle,server,certs); if (soc->tls!=(TLSTYP *)0) { soc->proto=pro_smtps; soc->modtls=true; diff --git a/lib/devsoc.h b/lib/devsoc.h index 1f9cee2..5090b30 100644 --- a/lib/devsoc.h +++ b/lib/devsoc.h @@ -23,6 +23,9 @@ typedef enum { pro_unknwn //Protcole undefined }PROTYP; +//default and debugging certificate for server mode +extern const char *srvr_certs[3]; + //reference to a socket definition typedef void SOCPTR; @@ -76,7 +79,7 @@ extern char *soc_getaddrinfo(SOCPTR *socptr,_Bool local,_Bool getname); extern SOCPTR *soc_release(SOCPTR *socptr); //procedure to initiate crypted mode on plain channel -extern _Bool soc_starttls(SOCPTR *socptr,_Bool server); +extern _Bool soc_starttls(SOCPTR *socptr,_Bool server,const char *certs[3]); //return flag true if socet is in crypted mode extern _Bool soc_iscrypted(SOCPTR *socptr); diff --git a/lib/lvleml.c b/lib/lvleml.c index 6c7c6b9..e67ced1 100644 --- a/lib/lvleml.c +++ b/lib/lvleml.c @@ -16,7 +16,6 @@ #include "devlog.h" #include "lvleml.h" - /* ^L */ @@ -417,7 +416,7 @@ while (proceed==true) { proceed=doreset(contact,line); break; case c_starttls : //EHLO start encrypted link in server mode - switch (soc_starttls(contact->socptr,true)) { + switch (soc_starttls(contact->socptr,true,srvr_certs)) { case true : //link now in TLS crypted mode (void) transmit(contact,"%d Link now encrypted",CMDOK); (void) rou_alert(0,"%s, CMDOK sent",OPEP); diff --git a/lib/unitls.c b/lib/unitls.c index 87094bc..153c4fa 100644 --- a/lib/unitls.c +++ b/lib/unitls.c @@ -154,65 +154,53 @@ return tls; /* Procedure to set the link certificate */ /* */ /********************************************************/ -static int set_certificate(TLSTYP *tls) +static int set_certificate(TLSTYP *tls,const char *certs[3]) { #define OPEP "unitls.c:set_certificate" int done; int mode; -const char *certpub[3]; int phase; _Bool proceed; done=false; mode=SSL_VERIFY_NONE; //mode=SSL_VERIFY_PEER; -certpub[0]="./certs/safe_CA.pem"; //default and debugging certificats -//Default debugging server certificate -certpub[1]="./certs/mailleur_server_cert_x509.pem"; -certpub[2]="./certs/mailleur_server_key.pem"; phase=0; proceed=true; while (proceed==true) { switch (phase) { - case 0 : //load CA trusted file - if (SSL_CTX_use_certificate_chain_file(tls->ctx,certpub[0])!=1) { + case 0 : //first load certificate key + if (SSL_CTX_use_PrivateKey_file(tls->ctx,certs[0],SSL_FILETYPE_PEM)!=1) { char msg[200]; (void) snprintf(msg,sizeof(msg),"%s, file <%s> missing?", - "No chain Certificate",certpub[0]); + "Probleme with Certificate key",certs[0]); (void) showtlserror(tls,0,msg); - phase=999; //no need to go furter - } - break; - case 1 : //loading default CA verify dir - phase++; - if (SSL_CTX_set_default_verify_paths(tls->ctx)==0) { - (void) showtlserror(tls,0,"Unable to verify default path"); - phase=999; //no need to go furter + phase=999; } break; - case 2 : //set certificate - if (SSL_CTX_use_certificate_file(tls->ctx,certpub[1],SSL_FILETYPE_PEM)!=1) { + case 1 : //load certificate + chain file + if (SSL_CTX_use_certificate_chain_file(tls->ctx,certs[1])!=1) { char msg[200]; (void) snprintf(msg,sizeof(msg),"%s, file <%s> missing?", - "Problem with certificate",certpub[1]); + "No chain Certificate",certs[1]); (void) showtlserror(tls,0,msg); phase=999; //no need to go furter } break; - case 3 : //set key - if (SSL_CTX_use_PrivateKey_file(tls->ctx,certpub[2],SSL_FILETYPE_PEM)!=1) { + case 2 : //loading root certificate + if (SSL_CTX_load_verify_locations(tls->ctx,certs[2],(const char *)0)!=1) { char msg[200]; (void) snprintf(msg,sizeof(msg),"%s, file <%s> missing?", - "Probleme with Certificate key",certpub[2]); + "No root Certificate",certs[2]); (void) showtlserror(tls,0,msg); - phase=999; + phase=999; //no need to go furter } break; - case 4 : //verify management + case 3 : //verify management (void) SSL_CTX_set_purpose(tls->ctx,X509_PURPOSE_ANY); (void) SSL_CTX_set_verify(tls->ctx,mode,(int(*)())0); (void) SSL_CTX_set_verify_depth(tls->ctx,5); @@ -222,10 +210,10 @@ while (proceed==true) { phase=999; } break; - case 5 : //allowing partial write + case 4 : //allowing partial write (void) SSL_CTX_set_mode(tls->ctx,SSL_MODE_ENABLE_PARTIAL_WRITE); break; - case 6 : //everything fine + case 5 : //everything fine done=true; break; default : //SAFE Guard @@ -394,7 +382,7 @@ return ok; /* Procedure to open an SSL channel */ /* */ /********************************************************/ -PUBLIC TLSTYP *tls_opentls(int handle,_Bool server) +PUBLIC TLSTYP *tls_opentls(int handle,_Bool server,const char *certs[3]) { #define OPEP "unitls.c:tls_opentls" @@ -427,7 +415,7 @@ while (proceed==true) { } break; case 1 : //set certificate - if (set_certificate(tls)==false) + if (set_certificate(tls,certs)==false) phase=999; //trouble, trouble no need to go furter break; case 2 : //Setting the TLS channel diff --git a/lib/unitls.h b/lib/unitls.h index 6c183c0..681d107 100644 --- a/lib/unitls.h +++ b/lib/unitls.h @@ -28,7 +28,7 @@ typedef struct { extern _Bool tls_verify(TLSTYP *tls); //procedure to open an tls channel -extern TLSTYP *tls_opentls(int handle,_Bool server); +extern TLSTYP *tls_opentls(int handle,_Bool server,const char *certs[3]); //procedure to close an tls channel extern TLSTYP *tls_closetls(TLSTYP *tls); -- 2.47.3