Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Squashed 'src/deps/src/lua-resty-openssl/' changes from 58c6ce688..79b9c2f78

Browse source 
79b9c2f78 release: 1.3.0
48c510774 feat(aux/nginx) use lua-kong-nginx-module's get_socket_ssl when available (#3)
e08f7f06c chore(tests) put commentary text before PEM certs fixtures
9ac51f328 chore(tests) swap a expired sub cert fixture
c155a3a9a chore(ci) update openssl versions

git-subtree-dir: src/deps/src/lua-resty-openssl
git-subtree-split: 79b9c2f787febd03b9741ef9fad084a39a888d7c
This commit is contained in:
Théophile Diot 2024-04-17 17:58:01 +02:00
parent cee7d02246
commit c0515d7989
12 changed files with 282 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
.github/workflows/tests.yml vendored
View file

@ -29,14 +29,14 @@ jobs:
# TODO: arm64
# latest and one version older for valgrind and perf test
- nginx: "1.19.9"
openssl: "3.1.4"
openssl: "3.1.5"
openssl_fips: "3.0.8"
extras: "valgrind"
lua_nginx_module: "v0.10.20"
lua_resty_core: "v0.1.22"
nginx_cc_opts: "-Wno-error"
- nginx: "1.21.4"
openssl: "3.1.4"
openssl: "3.1.5"
openssl_fips: "3.0.8"
extras: "valgrind"
lua_nginx_module: "v0.10.25"
@ -48,23 +48,23 @@ jobs:
lua_nginx_module: "v0.10.26"
lua_resty_core: "v0.1.28"
- nginx: "1.25.3"
openssl: "3.0.12"
openssl: "3.0.13"
openssl_fips: "3.0.8"
extras: "valgrind perf"
lua_nginx_module: "v0.10.26"
lua_resty_core: "v0.1.28"
nginx_cc_opts: "-Wno-error"
- nginx: "1.25.3"
openssl: "3.1.4"
openssl: "3.1.5"
openssl_fips: "3.0.8"
extras: "valgrind perf"
lua_nginx_module: "v0.10.26"
lua_resty_core: "v0.1.28"
nginx_cc_opts: "-Wno-error"
- nginx: "1.25.3"
openssl: "3.2.0"
openssl: "3.2.1"
openssl_fips: "3.0.8"
extras: "valgrind perf"
extras: "valgrind perf lua-kong-nginx-module"
lua_nginx_module: "v0.10.26"
lua_resty_core: "v0.1.28"
nginx_cc_opts: "-Wno-error"
@ -115,6 +115,7 @@ jobs:
git clone https://github.com/openresty/lua-nginx-module.git ./lua-nginx-module -b ${{ matrix.lua_nginx_module }}
git clone https://github.com/openresty/no-pool-nginx.git ./no-pool-nginx
git clone https://github.com/fffonion/lua-resty-openssl-aux-module ./lua-resty-openssl-aux-module
git clone https://github.com/Kong/lua-kong-nginx-module.git ./lua-kong-nginx-module
# lua libraries at parent directory of current repository
popd
git clone https://github.com/openresty/lua-resty-core.git ../lua-resty-core -b ${{ matrix.lua_resty_core }}
@ -170,15 +171,17 @@ jobs:
- name: Build Nginx
env:
NGINX_CC_OPTS: ${{ matrix.nginx_cc_opts }}
NGINX_MODULES: ""
run: |
if [[ "${{ matrix.extras }}" == *valgrind* ]]; then NGINX_CC_OPTS="$NGINX_CC_OPTS -O0"; fi
if [[ "${{ matrix.extras }}" == *lua-kong-nginx-module* ]]; then NGINX_MODULES="$NGINX_MODULES --add-module=../lua-kong-nginx-module"; fi
export PATH=$BASE_PATH/work/nginx/sbin:$BASE_PATH/../nginx-devel-utils:$PATH
export LD_LIBRARY_PATH=$LUAJIT_LIB:$LD_LIBRARY_PATH
export NGX_LUA_LOC=$BASE_PATH/../lua-nginx-module
export NGX_STREAM_LUA_LOC=$BASE_PATH/../stream-lua-nginx-module
export
cd $BASE_PATH
if [ ! -e work ]; then ngx-build ${{ matrix.nginx }} --add-module=../ndk-nginx-module --add-module=../lua-nginx-module --add-module=../lua-resty-openssl-aux-module --with-http_ssl_module --with-cc-opt="-I$OPENSSL_INC $NGINX_CC_OPTS" --with-ld-opt="-L$OPENSSL_LIB -Wl,-rpath,$OPENSSL_LIB" --with-debug > build.log 2>&1 || (cat build.log && exit 1); fi
if [ ! -e work ]; then ngx-build ${{ matrix.nginx }} --add-module=../ndk-nginx-module --add-module=../lua-nginx-module --add-module=../lua-resty-openssl-aux-module $NGINX_MODULES --with-http_ssl_module --with-cc-opt="-I$OPENSSL_INC $NGINX_CC_OPTS" --with-ld-opt="-L$OPENSSL_LIB -Wl,-rpath,$OPENSSL_LIB" --with-debug > build.log 2>&1 || (cat build.log && exit 1); fi
nginx -V
ldd `which nginx`|grep -E 'luajit|ssl|pcre'
@ -191,6 +194,8 @@ jobs:
echo "Nginx SSL plain FFI"
export CI_SKIP_NGINX_C=1
TEST_NGINX_TIMEOUT=10 prove -j$JOBS t/openssl/ssl/ 2>&1
export CI_SKIP_KONG_SSL_FUNCS=1
TEST_NGINX_TIMEOUT=10 prove -j$JOBS t/openssl/ssl/ 2>&1
- name: Run Valgrind
if: contains(matrix.extras, 'valgrind')
@ -205,6 +210,9 @@ jobs:
export CI_SKIP_NGINX_C=1
stdbuf -o 0 -e 0 prove -j$JOBS t/openssl/ssl/ 2>&1 | grep -v "Connection refused" | grep -v "Retry connecting after" | tee output.log
if grep -q 'insert_a_suppression_name_here' output.log; then echo "Valgrind found problems"; exit 1; fi
export CI_SKIP_KONG_SSL_FUNCS=1
stdbuf -o 0 -e 0 prove -j$JOBS t/openssl/ssl/ 2>&1 | grep -v "Connection refused" | grep -v "Retry connecting after" | tee output.log
if grep -q 'insert_a_suppression_name_here' output.log; then echo "Valgrind found problems"; exit 1; fi
- name: Run FIPS Test
run: |

11
CHANGELOG.md
View file

@ -2,6 +2,12 @@
## [Unreleased]
<a name="1.3.0"></a>
## [1.3.0] - 2024-04-15
### features
- **aux/nginx:** use lua-kong-nginx-module's get_socket_ssl when available ([#3](https://github.com/fffonion/lua-resty-openssl/issues/3)) [48c5107](https://github.com/fffonion/lua-resty-openssl/commit/48c51077444e375b2cdd5155693b49d92a82d4a1)
<a name="1.2.1"></a>
## [1.2.1] - 2024-02-27
### bug fixes
@ -488,8 +494,8 @@
- **autogen:** generate tests for x509, csr and crl [1392428](https://github.com/fffonion/lua-resty-openssl/commit/1392428352164d2a1a6e0c03075ff65b55aecdee)
- **objects:** add helper function for ASN1_OBJECT [d037706](https://github.com/fffonion/lua-resty-openssl/commit/d037706c11d716afe3616bdaf4658afc1763081d)
- **pkey:** asymmetric encryption and decryption [6d60451](https://github.com/fffonion/lua-resty-openssl/commit/6d60451157edbf9cefb634f888dfa3e6d9be302f)
- **x509:** getter/setters for extensions [243f40d](https://github.com/fffonion/lua-resty-openssl/commit/243f40d35562a516f404188a5c7eb8f5134d9b30)
- **x509:** add get_ocsp_url and get_crl_url [6141b6f](https://github.com/fffonion/lua-resty-openssl/commit/6141b6f5aed38706b477a71d8c4383bf55da7eee)
- **x509:** getter/setters for extensions [243f40d](https://github.com/fffonion/lua-resty-openssl/commit/243f40d35562a516f404188a5c7eb8f5134d9b30)
- **x509.altname:** support iterate and decode over the stack [083a201](https://github.com/fffonion/lua-resty-openssl/commit/083a201746e02d51f6c5c640ad9bf8c6730ebe0b)
- **x509.crl:** add crl module [242f8cb](https://github.com/fffonion/lua-resty-openssl/commit/242f8cb45d6c2df5918f26540c92a430d42feb5d)
- **x509.csr:** autogen some csr functions as well [9800e36](https://github.com/fffonion/lua-resty-openssl/commit/9800e36c2ff8a299b88f24091cc722940a8652bb)
@ -577,7 +583,8 @@
- **x509:** export pubkey [ede4f81](https://github.com/fffonion/lua-resty-openssl/commit/ede4f817cb0fe092ad6f9ab5d6ecdcde864a9fd8)
[Unreleased]: https://github.com/fffonion/lua-resty-openssl/compare/1.2.1...HEAD
[Unreleased]: https://github.com/fffonion/lua-resty-openssl/compare/1.3.0...HEAD
[1.3.0]: https://github.com/fffonion/lua-resty-openssl/compare/1.2.1...1.3.0
[1.2.1]: https://github.com/fffonion/lua-resty-openssl/compare/1.2.0...1.2.1
[1.2.0]: https://github.com/fffonion/lua-resty-openssl/compare/1.1.0...1.2.0
[1.1.0]: https://github.com/fffonion/lua-resty-openssl/compare/1.0.2...1.1.0

2
lib/resty/openssl.lua
View file

@ -24,7 +24,7 @@ try_require_modules()
local _M = {
_VERSION = '1.2.1',
_VERSION = '1.3.0',
}
function _M.load_modules()

33
lib/resty/openssl/auxiliary/nginx_c.lua
View file

@ -1,5 +1,6 @@
local ffi = require "ffi"
local C = ffi.C
local os = os
local SOCKET_CTX_INDEX = 1
local NGX_OK = ngx.OK
@ -30,6 +31,8 @@ end
local stream_subsystem = false
local get_sock_ssl
if ngx.config.subsystem == "stream" then
stream_subsystem = true
@ -48,10 +51,21 @@ if ngx.config.subsystem == "stream" then
int ngx_stream_lua_resty_openssl_aux_get_socket_ssl_ctx(ngx_stream_lua_socket_tcp_upstream_t *u,
void **_sess);
int ngx_stream_lua_kong_get_socket_ssl(ngx_stream_lua_socket_tcp_upstream_t *u,
void **ssl_conn);
]]
-- sanity test
local _ = C.ngx_stream_lua_resty_openssl_aux_get_request_ssl
local success
if not os.getenv("CI_SKIP_KONG_SSL_FUNCS") then
success, get_sock_ssl = pcall(function() return C.ngx_stream_lua_kong_get_socket_ssl end)
end
if not success or get_sock_ssl == nil then
get_sock_ssl = C.ngx_stream_lua_resty_openssl_aux_get_socket_ssl_ctx
end
else
ffi.cdef [[
typedef struct ngx_http_request_s ngx_http_request_t;
@ -68,10 +82,20 @@ else
int ngx_http_lua_resty_openssl_aux_get_socket_ssl_ctx(ngx_http_lua_socket_tcp_upstream_t *u,
void **_sess);
int ngx_http_lua_kong_ffi_get_socket_ssl(ngx_http_lua_socket_tcp_upstream_t *u,
void **ssl_conn);
]]
-- sanity test
local _ = C.ngx_http_lua_resty_openssl_aux_get_request_ssl
local success
if not os.getenv("CI_SKIP_KONG_SSL_FUNCS") then
success, get_sock_ssl = pcall(function() return C.ngx_http_lua_kong_ffi_get_socket_ssl end)
end
if not success or get_sock_ssl == nil then
get_sock_ssl = C.ngx_http_lua_resty_openssl_aux_get_socket_ssl
end
end
local void_pp = ffi.new("void *[1]")
@ -115,12 +139,7 @@ end
get_socket_ssl = function(sock)
local u = sock[SOCKET_CTX_INDEX]
local ret
if stream_subsystem then
ret = C.ngx_stream_lua_resty_openssl_aux_get_socket_ssl(u, void_pp)
else
ret = C.ngx_http_lua_resty_openssl_aux_get_socket_ssl(u, void_pp)
end
local ret = get_sock_ssl(u, void_pp)
if ret ~= NGX_OK then
return nil, "cannot read u->peer.connection->ssl->connection"
@ -151,4 +170,4 @@ return {
get_req_ssl_ctx = get_req_ssl_ctx,
get_socket_ssl = get_socket_ssl,
get_socket_ssl_ctx = get_socket_ssl_ctx,
}
}

4
lua-resty-openssl-1.2.1-1.rockspec → lua-resty-openssl-1.3.0-1.rockspec
View file

@ -1,8 +1,8 @@
package = "lua-resty-openssl"
version = "1.2.1-1"
version = "1.3.0-1"
source = {
url = "git+https://github.com/fffonion/lua-resty-openssl.git",
tag = "1.2.1"
tag = "1.3.0"
}
description = {
detailed = "FFI-based OpenSSL binding for LuaJIT.",

77
t/fixtures/Github.pem
View file

@ -1,3 +1,80 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0e:8b:f3:77:0d:92:d1:96:f0:bb:61:f9:3c:41:66:be
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = US, O = "DigiCert, Inc.", CN = DigiCert High Assurance TLS Hybrid ECC SHA256 2020 CA1
Validity
Not Before: Mar 25 00:00:00 2021 GMT
Not After : Mar 30 23:59:59 2022 GMT
Subject: C = US, ST = California, L = San Francisco, O = "GitHub, Inc.", CN = github.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:ad:f6:f7:75:b1:d3:49:54:0a:5d:10:71:bd:dc:
25:06:4b:22:1c:a2:23:4e:9f:a1:fe:b9:d0:8c:bd:
39:bc:0c:23:c7:cf:91:a6:90:5a:d8:45:ab:03:13:
be:c1:23:7a:b9:c4:c8:9d:47:f6:96:e0:b9:76:6b:
50:36:66:f7:0d
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Authority Key Identifier:
50:61:A6:A0:D2:35:C4:11:2A:20:8D:1F:0F:AC:42:F0:CD:29:CF:4B
X509v3 Subject Key Identifier:
27:B1:7E:9F:BB:26:99:50:D8:F3:C3:53:5B:FE:31:16:B0:BB:1E:72
X509v3 Subject Alternative Name:
DNS:github.com, DNS:www.github.com
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/DigiCertHighAssuranceTLSHybridECCSHA2562020CA1.crl
Full Name:
URI:http://crl4.digicert.com/DigiCertHighAssuranceTLSHybridECCSHA2562020CA1.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertHighAssuranceTLSHybridECCSHA2562020CA1.crt
X509v3 Basic Constraints: critical
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 29:79:BE:F0:9E:39:39:21:F0:56:73:9F:63:A5:77:E5:
BE:57:7D:9C:60:0A:F8:F9:4D:5D:26:5C:25:5D:C7:84
Timestamp : Mar 25 18:57:33.978 2021 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:9E:E6:88:44:7F:FC:34:45:9C:32:4D:
9F:AB:94:86:06:AE:DD:63:2D:E2:F5:5F:63:97:46:8A:
0B:A5:39:D8:D7:02:20:48:54:27:D1:C6:32:B5:BF:81:
77:D7:EB:15:68:AC:F2:C8:EE:C9:01:AD:1F:CC:34:0C:
EE:C9:10:72:44:98:59
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 22:45:45:07:59:55:24:56:96:3F:A1:2F:F1:F7:6D:86:
E0:23:26:63:AD:C0:4B:7F:5D:C6:83:5C:6E:E2:0F:02
Timestamp : Mar 25 18:57:34.009 2021 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:98:00:12:4A:09:41:18:AF:06:5C:28:
EF:1E:BB:DE:85:6C:7F:58:A9:D3:DE:96:B2:16:6A:99:
10:AE:2F:F2:69:02:21:00:DD:C5:F8:AD:BD:F0:68:B0:
CB:AB:80:B8:F0:D4:A8:52:67:30:E7:A3:F0:3B:F9:B6:
BB:09:D0:A6:B6:FE:CA:1D
Signature Algorithm: ecdsa-with-SHA256
Signature Value:
30:44:02:20:2b:e2:af:ec:6f:bf:2a:45:a4:35:98:37:3d:c4:
05:a7:ce:ba:67:b1:ba:b2:8c:68:6b:87:ad:49:9f:92:46:56:
02:20:14:a2:5d:2d:b4:59:cf:b2:8c:3d:75:d6:73:f3:bd:05:
02:7e:c3:f8:f8:32:99:dc:af:b6:18:ab:04:44:3e:9d
-----BEGIN CERTIFICATE-----
MIIFBjCCBK2gAwIBAgIQDovzdw2S0Zbwu2H5PEFmvjAKBggqhkjOPQQDAjBnMQsw
CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xPzA9BgNVBAMTNkRp

58
t/fixtures/GlobalSign.pem
View file

@ -1,3 +1,61 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:00:00:00:00:01:15:4b:5a:c3:94
Signature Algorithm: sha1WithRSAEncryption
Issuer: C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
Validity
Not Before: Sep 1 12:00:00 1998 GMT
Not After : Jan 28 12:00:00 2028 GMT
Subject: C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:da:0e:e6:99:8d:ce:a3:e3:4f:8a:7e:fb:f1:8b:
83:25:6b:ea:48:1f:f1:2a:b0:b9:95:11:04:bd:f0:
63:d1:e2:67:66:cf:1c:dd:cf:1b:48:2b:ee:8d:89:
8e:9a:af:29:80:65:ab:e9:c7:2d:12:cb:ab:1c:4c:
70:07:a1:3d:0a:30:cd:15:8d:4f:f8:dd:d4:8c:50:
15:1c:ef:50:ee:c4:2e:f7:fc:e9:52:f2:91:7d:e0:
6d:d5:35:30:8e:5e:43:73:f2:41:e9:d5:6a:e3:b2:
89:3a:56:39:38:6f:06:3c:88:69:5b:2a:4d:c5:a7:
54:b8:6c:89:cc:9b:f9:3c:ca:e5:fd:89:f5:12:3c:
92:78:96:d6:dc:74:6e:93:44:61:d1:8d:c7:46:b2:
75:0e:86:e8:19:8a:d5:6d:6c:d5:78:16:95:a2:e9:
c8:0a:38:eb:f2:24:13:4f:73:54:93:13:85:3a:1b:
bc:1e:34:b5:8b:05:8c:b9:77:8b:b1:db:1f:20:91:
ab:09:53:6e:90:ce:7b:37:74:b9:70:47:91:22:51:
63:16:79:ae:b1:ae:41:26:08:c8:19:2b:d1:46:aa:
48:d6:64:2a:d7:83:34:ff:2c:2a:c1:6c:19:43:4a:
07:85:e7:d3:7c:f6:21:68:ef:ea:f2:52:9f:7f:93:
90:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B
Signature Algorithm: sha1WithRSAEncryption
Signature Value:
d6:73:e7:7c:4f:76:d0:8d:bf:ec:ba:a2:be:34:c5:28:32:b5:
7c:fc:6c:9c:2c:2b:bd:09:9e:53:bf:6b:5e:aa:11:48:b6:e5:
08:a3:b3:ca:3d:61:4d:d3:46:09:b3:3e:c3:a0:e3:63:55:1b:
f2:ba:ef:ad:39:e1:43:b9:38:a3:e6:2f:8a:26:3b:ef:a0:50:
56:f9:c6:0a:fd:38:cd:c4:0b:70:51:94:97:98:04:df:c3:5f:
94:d5:15:c9:14:41:9c:c4:5d:75:64:15:0d:ff:55:30:ec:86:
8f:ff:0d:ef:2c:b9:63:46:f6:aa:fc:df:bc:69:fd:2e:12:48:
64:9a:e0:95:f0:a6:ef:29:8f:01:b1:15:b5:0c:1d:a5:fe:69:
2c:69:24:78:1e:b3:a7:1c:71:62:ee:ca:c8:97:ac:17:5d:8a:
c2:f8:47:86:6e:2a:c4:56:31:95:d0:67:89:85:2b:f9:6c:a6:
5d:46:9d:0c:aa:82:e4:99:51:dd:70:b7:db:56:3d:61:e4:6a:
e1:5c:d6:f6:fe:3d:de:41:cc:07:ae:63:52:bf:53:53:f4:2b:
e9:c7:fd:b6:f7:82:5f:85:d2:41:18:db:81:b3:04:1c:c5:1f:
a4:80:6f:15:20:c9:de:0c:88:0a:1d:d6:66:55:e2:fc:48:c9:
29:26:69:e0
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv

113
t/fixtures/GlobalSign_sub.pem
View file

@ -1,26 +1,91 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:00:00:00:00:01:2f:4e:e1:3d:6b
Signature Algorithm: sha1WithRSAEncryption
Issuer: C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
Validity
Not Before: Apr 13 10:00:00 2011 GMT
Not After : Jan 28 12:00:00 2028 GMT
Subject: C = BE, O = GlobalSign nv-sa, CN = GlobalSign PersonalSign Partners CA - G2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:9f:e7:7d:d4:0d:99:89:d7:1d:b6:25:1f:45:8e:
4d:70:e4:71:ed:68:35:43:17:67:53:c3:eb:c4:49:
aa:9b:2f:dd:5c:24:1a:84:5a:82:c8:62:fd:99:16:
e6:48:61:9b:c1:6a:c9:7a:df:ce:f6:5c:00:33:48:
0c:77:a1:e5:d8:09:e4:33:b7:a8:bf:85:b2:b1:ae:
af:df:db:1e:df:2b:c3:ac:b1:2f:27:72:9c:d7:7c:
e5:1d:5c:01:a0:2d:72:d0:8f:c9:94:13:be:3c:93:
c4:20:0d:72:90:52:da:2e:1d:a7:8a:ee:9a:7a:b4:
34:61:43:81:d3:55:6c:2c:18:4b:97:7b:c9:1e:cc:
be:b8:b0:a9:b3:b2:89:4a:bb:12:38:57:7e:ee:44:
7a:4c:bd:e8:ae:48:88:36:1a:05:32:9c:92:f3:eb:
50:f9:7d:b1:2b:17:af:ae:9b:68:b8:17:a0:fc:58:
c3:ea:0a:06:f2:a6:99:12:95:9f:c8:c8:a3:da:a4:
75:59:58:f6:cf:1d:3b:bc:f9:ee:3c:f4:44:27:76:
1a:b0:33:6f:0f:49:04:83:cb:34:5f:a1:1b:d4:02:
28:0c:0a:3b:fd:fc:57:de:f0:b2:d2:22:c4:dd:a9:
05:31:37:a4:ae:a4:68:3b:89:66:b4:40:7c:e2:61:
ea:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:1
X509v3 Subject Key Identifier:
C5:7D:DA:83:E5:47:57:AA:C5:77:12:A7:CE:D9:0A:07:41:67:DF:39
X509v3 Certificate Policies:
Policy: X509v3 Any Policy
CPS: https://www.globalsign.com/repository/
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.globalsign.net/root.crl
X509v3 Authority Key Identifier:
60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B
Signature Algorithm: sha1WithRSAEncryption
Signature Value:
43:4c:1b:01:22:79:fb:d9:79:00:cb:a7:31:19:b9:11:cb:3d:
d2:1d:0a:cb:d2:06:ac:e3:df:a6:05:1d:61:79:6a:9b:7f:a2:
ee:c2:05:20:dd:d0:9c:c5:e5:0a:57:d4:28:91:eb:0e:4d:6f:
da:60:3f:6b:6b:0d:18:92:b2:23:52:b4:4a:37:b7:ad:11:e3:
de:89:4c:8b:b0:b4:be:5c:5b:80:71:c3:dc:2a:77:ea:37:c7:
03:95:19:59:26:e5:0a:46:f6:7c:03:9a:a5:42:96:11:16:99:
06:ac:85:a9:55:b9:7c:0b:80:94:bd:59:19:15:16:6b:62:b7:
6e:1b:32:da:64:74:7a:5e:a1:95:80:3f:e2:78:82:09:b2:09:
fd:d1:d0:b9:b7:39:f6:dc:be:d8:e1:40:57:73:9a:d2:48:b5:
fd:25:b1:3a:46:42:2a:52:22:01:1b:93:27:32:93:e8:b6:bc:
8f:c8:2d:e9:31:c6:ff:bd:47:85:cb:53:9e:dc:be:a3:e8:ea:
86:ba:c2:1a:8c:f7:c3:c1:db:c2:69:9f:d7:a6:48:a9:7a:51:
84:5f:8a:03:93:29:da:71:25:4b:65:eb:5a:3d:e4:3c:3d:50:
5b:ac:3a:71:cb:61:6a:e3:81:82:de:69:7c:0a:5f:94:dd:6b:
8a:88:a6:39
-----BEGIN CERTIFICATE-----
MIIEWjCCA0KgAwIBAgIOR8MQAMBL+oomVLdB7CswDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNjAzMTYw
MDAwMDBaFw0yNDAzMTYwMDAwMDBaMFQxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMSowKAYDVQQDEyFHbG9iYWxTaWduIFBlcnNvbmFsU2ln
biAzIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm4HxK
0o9gvqhlIWVajpj75hIkZariW6PUj+njWoA5YRqmopnzUc99nUzj9Lj7Go8eqe9F
9tT76IeS2MdOAn1bata0FTGQXUZYO72E4YL18SE5ERRLlOjt1TenE4JbRFodris3
+NUh9qNOFhyii7zf/nNQMTWDQ3hH5z4qcAemahgS26Ep8VihD70pPleC9Jcy/RVM
k+RjqBEzur3dWHPD21wRk3gS29Gs2499Tj59DlLH+RoXSsRjHcJk+fDHzC2zyY4M
jNJHgw/RWfhmJqxPDrNvF3jiDchMDrkY/o7oywpJCfVaTZ3ScEd4GnhIsBJi26ci
OYfjXmq+vPGumJBTAgMBAAGjggElMIIBITAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0T
AQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU4ir34VYTni+RxwhiCZ7AIV++blMwHwYD
VR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswPQYIKwYBBQUHAQEEMTAvMC0G
CCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9yb290cjEwMwYD
VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9yb290LmNy
bDBHBgNVHSAEQDA+MDwGBFUdIAAwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cu
Z2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQEFBQADggEBAAMt
Z5FskwVr28wgh70YcB0TepVojuiDQwDHilW0dfFnM+tkzwyHKcU7Q36EojXCrMz1
SXw2TD8n+BC3dkJdmYf7zPKen5HguBaraPUzcxgZuJCfZmA1fW1+hrJ9sVLp9nBX
J3H2g4XDIl1yj/MozwfWfKE04fJZyk7yuAknoFgwK+EGOXnXnjMWldAoPLS0AyFE
aM1HU57OUMWPRwJ5Ts/CKf50Nz9ntgGTGVHvyfDvexHEEMGF1Vc9KAs+Z0jPXFom
H6wJlHvDM0nVtIbvdkGxVzxEQASkXUdh7qPxR4WpGJn5vMpIi74NglkCp5pPuDJ6
i7GsIy4xEeMwq4nuOh8=
MIIEHTCCAwWgAwIBAgILBAAAAAABL07hPWswDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xMTA0MTMxMDAw
MDBaFw0yODAxMjgxMjAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIFBlcnNvbmFsU2lnbiBQ
YXJ0bmVycyBDQSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
n+d91A2ZidcdtiUfRY5NcORx7Wg1QxdnU8PrxEmqmy/dXCQahFqCyGL9mRbmSGGb
wWrJet/O9lwAM0gMd6Hl2AnkM7eov4Wysa6v39se3yvDrLEvJ3Kc13zlHVwBoC1y
0I/JlBO+PJPEIA1ykFLaLh2niu6aerQ0YUOB01VsLBhLl3vJHsy+uLCps7KJSrsS
OFd+7kR6TL3orkiINhoFMpyS8+tQ+X2xKxevrptouBeg/FjD6goG8qaZEpWfyMij
2qR1WVj2zx07vPnuPPREJ3YasDNvD0kEg8s0X6Eb1AIoDAo7/fxX3vCy0iLE3akF
MTekrqRoO4lmtEB84mHqIwIDAQABo4HlMIHiMA4GA1UdDwEB/wQEAwIBBjASBgNV
HRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBTFfdqD5UdXqsV3EqfO2QoHQWffOTBH
BgNVHSAEQDA+MDwGBFUdIAAwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xv
YmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wMwYDVR0fBCwwKjAooCagJIYiaHR0cDov
L2NybC5nbG9iYWxzaWduLm5ldC9yb290LmNybDAfBgNVHSMEGDAWgBRge2YaRQ2X
yolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUFAAOCAQEAQ0wbASJ5+9l5AMunMRm5
Ecs90h0Ky9IGrOPfpgUdYXlqm3+i7sIFIN3QnMXlClfUKJHrDk1v2mA/a2sNGJKy
I1K0Sje3rRHj3olMi7C0vlxbgHHD3Cp36jfHA5UZWSblCkb2fAOapUKWERaZBqyF
qVW5fAuAlL1ZGRUWa2K3bhsy2mR0el6hlYA/4niCCbIJ/dHQubc59ty+2OFAV3Oa
0ki1/SWxOkZCKlIiARuTJzKT6La8j8gt6THG/71HhctTnty+o+jqhrrCGoz3w8Hb
wmmf16ZIqXpRhF+KA5Mp2nElS2XrWj3kPD1QW6w6ccthauOBgt5pfApflN1rioim
OQ==
-----END CERTIFICATE-----

1
t/openssl/ssl/ssl_client.t
View file

@ -53,6 +53,7 @@ our $ClientContentBy = qq{
no_long_string();
env_to_nginx("CI_SKIP_NGINX_C");
env_to_nginx("CI_SKIP_KONG_SSL_FUNCS");
run_tests();

1
t/openssl/ssl/ssl_ctx_server.t
View file

@ -53,6 +53,7 @@ our $ClientContentBy = qq{
no_long_string();
env_to_nginx("CI_SKIP_NGINX_C");
env_to_nginx("CI_SKIP_KONG_SSL_FUNCS");
run_tests();

1
t/openssl/ssl/ssl_server.t
View file

@ -53,6 +53,7 @@ our $ClientContentBy = qq{
no_long_string();
env_to_nginx("CI_SKIP_NGINX_C");
env_to_nginx("CI_SKIP_KONG_SSL_FUNCS");
run_tests();

4
t/openssl/x509/store.t
View file

@ -242,8 +242,8 @@ true
GET /t
--- response_body eval
"B1BC968BD4F49D622AA89A81F2150152A41D829C
C187B85714202A2941E8EAFB846C39EB1F9C609A
C187B85714202A2941E8EAFB846C39EB1F9C609A
9EB54DF0722B3D50AFC50AE8CC74AA3696D33218
9EB54DF0722B3D50AFC50AE8CC74AA3696D33218
B1BC968BD4F49D622AA89A81F2150152A41D829C
"
--- no_error_log