diff options
author | Shreyas Kalyan <shreyas.kalyan@10gen.com> | 2021-04-07 14:26:02 -0400 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2021-04-07 21:12:31 +0000 |
commit | 6eaf9b51d0f710e0088799f72b0812a18efc1b02 (patch) | |
tree | 71d83581142e98c8c906182137783d857459969f | |
parent | ae83ae0fa283efabb93c0fc55bf640cedd4916d7 (diff) | |
download | mongo-6eaf9b51d0f710e0088799f72b0812a18efc1b02.tar.gz |
SERVER-55122 Fix OCSP to allow intermediate certificates in tlsCertificateKeyFile
(cherry picked from commit 17c516775aa4f5848671340f21545b7dffdc2d74)
20 files changed, 560 insertions, 101 deletions
diff --git a/jstests/libs/ocsp/intermediate_ca_ocsp.crt b/jstests/libs/ocsp/intermediate_ca_ocsp.crt index d7600f9148d..a4193f87c93 100644 --- a/jstests/libs/ocsp/intermediate_ca_ocsp.crt +++ b/jstests/libs/ocsp/intermediate_ca_ocsp.crt @@ -1,22 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIDojCCAoqgAwIBAgIEF39OgDANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJV +MIIDojCCAoqgAwIBAgIEYLGF9TANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJV UzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAO BgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEXMBUGA1UEAwwOS2VybmVs -IFRlc3QgQ0EwHhcNMjAwNDIxMTkxNDUyWhcNNDAwNDIzMTkxNDUyWjB+MQswCQYD +IFRlc3QgQ0EwHhcNMjEwMzA5MTY0MDMxWhcNNDEwMzExMTY0MDMxWjB+MQswCQYD VQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENp dHkxEDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEhMB8GA1UEAwwY SW50ZXJtZWRpYXRlIENBIGZvciBPQ1NQMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAptgUN3L3jVBEbkqNL9d1tdTqgbg1dIYaRdt6dHBdl24mfyW5M/Tg -oHJbsXOfjJrw8Beq5YNPbCZRsZN5u6cedElgUz1+hiTvaHuiUXVejtI0Qsx3p6Fm -xykeu4BW1505KlV5JVNfDd/KTKBu2m3w+jRdBSaCxzyQx7V9MFyg6Xk9oWB5AVHm -D5G71Qta6e5GiT58X50br2Xa5AHpnHjrjseNmIeSYVkIKDTYsh6MSogxT26sJ7aM -3wwbYOK0BXmmyHuscS/B9cHmYTntcDTXfj6dZFwQd0Dr8Pa3TMk/dbm5DBwMRXvx -lot90K46hflTvBfC+zHKwAHRjKcuaW2jOwIDAQABozIwMDAPBgNVHRMBAf8EBTAD -AQH/MB0GA1UdDgQWBBT/JWQaaKfjeSROC1wPOpepb+D8YTANBgkqhkiG9w0BAQsF -AAOCAQEAcRPq5CjP8bXEMOX83/ZiGx0ueZGQKP7d+0Q2/hZyZIVk+kxjmQXuUsIK -vpMlfxcUkcoPeO75bKWq2OxOaem0PcTeGf9XYDEfjoOrCQVQAnM+5oFbSjLgdW2n -Otqe8A7i5IjXHMZMT0XmYu5LWCAM+wJAKDU0pEx4PyZjZIhmSHKl1uyB5ox/vjMU -RjnPj58fawLKOCFbqnLZ24FdwrELqbqwcn/5pCoYxmOfjzMIAqTqgcewOQDoWV6c -IXeG8yIqTdnxuFjEXe9lWrqsPVwhPlU9druF5plSSuHoJ6gDvSWDw5FuYU9afp5U -xdj+V3ksSRqr2ad6DSqEPOohTy9Vvg== +MIIBCgKCAQEApP3UQTlZVYFjzvRREJbdqYBw1zF+NWayd+AFUqWzrW35TECxnmR0 +PEr+ILEucOfiPB/AwRoTCMF0IJk1y6l2ljxGs9vuGD/MdBtnxzJ3cVbzPTtVm5Q4 +kAmVJz7O+2cw70XGD3hruDMKGkAixRwLXp16ENl0jyJ6V44JBRfOQcZLG3geJgve +cbp1KwkTASaRcYv+93tr9z5s92a/2UVXRuSK/Rf1+x+U4+GRVJh4/k8i9nP/ieYg +92OGqhWr1ETdSv66SZ+sHd+4OftMbETqBdiTGj7GM+EszAEUTPYDabTvQlOBtdZH +NYOLHGMxKxdEj5EyzE4y8WO7yk4W+TZItwIDAQABozIwMDAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBRRg4ZhgrLm0lO4jGm+fmVnaczaPzANBgkqhkiG9w0BAQsF +AAOCAQEAZK3kybfwQ05q6BQevqkun9CKC3Vwhv6BLez5wOXW3gQ8BQdypKbSMEB8 +4RPEcy1zBU+6LPa8S+WE88EN85/0n/oS7N7MAgEpSWT8vflBm76nEfG4jG+l8h+Q +yIp0e5/ITq/MtRx9EiRk+vU6l3Mkvqq+2a3T7pKhvE4jOIOyFtg5jr+p2n46WEw4 +g3N/BzbZLpz147KO7tYrelhIAAcbmeVUKlQOjtcljeGbZimRgt8kzJWBVNAS6tEj +J8FTRLMX6HSTbVMx8tjq+MxF9hn1Ztc/3GIIuTvlGeTkLTS8atR4318YfMcZLlwm +pt3Zd7lPfbW/gmFewm7GB5TL9rDfbA== -----END CERTIFICATE----- diff --git a/jstests/libs/ocsp/intermediate_ca_ocsp.key b/jstests/libs/ocsp/intermediate_ca_ocsp.key index efe6f04e3c8..8d2c2725ee8 100644 --- a/jstests/libs/ocsp/intermediate_ca_ocsp.key +++ b/jstests/libs/ocsp/intermediate_ca_ocsp.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCm2BQ3cveNUERu -So0v13W11OqBuDV0hhpF23p0cF2XbiZ/Jbkz9OCgcluxc5+MmvDwF6rlg09sJlGx -k3m7px50SWBTPX6GJO9oe6JRdV6O0jRCzHenoWbHKR67gFbXnTkqVXklU18N38pM -oG7abfD6NF0FJoLHPJDHtX0wXKDpeT2hYHkBUeYPkbvVC1rp7kaJPnxfnRuvZdrk -AemceOuOx42Yh5JhWQgoNNiyHoxKiDFPbqwntozfDBtg4rQFeabIe6xxL8H1weZh -Oe1wNNd+Pp1kXBB3QOvw9rdMyT91ubkMHAxFe/GWi33QrjqF+VO8F8L7McrAAdGM -py5pbaM7AgMBAAECggEAaw76If52lMntryvNXuaNlKjT9XsDagrm7u5/rBmyJIo8 -z5egOJOoU6wt5DcCKRH/CsDVG0LgAtCv2Rd9pIj/BLVUxvUNq/wlV1EF/eknTNPb -TwWuvfTWY3OiUcRvdRlg5iZEf0v5EYkJYZQMrcKgP5y8F6L3her6J/vwIck+Q7FM -LlFZfW+ztVK8d2H64wmpO0ErV1UTJkC0DMwGyhT2zfxfhiDD9riHZ9WU/RPmJe91 -6BfL8Vu9L8fH/hS/YLgThBRrP00ZOjETDDGlb94PRSLHU+AQD+nQ0X9PuuxZX+6U -pNe1QkOAszU0ansfwCBlKwjTU6t8nloFWdWZUXgW+QKBgQDS/Wjff7O2MdowiNj9 -RVES62IsdLI4uIMQjLR3c2U78FsWfhIzzKXlmtROzaFPccwkW10i1YWosEv+dkzp -o7Kiafb6pWxfucvts8hbw7dmUT22+N7zUqBK+Tpj6E//5JxmT9aZPPxbxMITlcpc -7NHYtBFOizTEcU9TMXk4jCdY1QKBgQDKb8Z8hMhDZqEmOBlYI8efyXUNKh9BQKfi -ptRzwsVbrYadQdGgNTUURMVZgr3z/3KeDAM+G71e3KqA5jKUMAufVUWQh3b+bU4C -F+R64PxvC0D5kT3KnT2u6yI0qTtqSaDuwcW1G5J4E9M+GOApuLxOr92B+rA6deKR -njpqJHETzwKBgDclJojrzqO7CeUPj28688K3JNSrt30dtJvZur1Rus7ctmH9l3JU -dbO6MO1bz2J9Qrbp7kDRf/qkAWjDsLyMHX9XpMbD/7xRSlyZVa+uSrwCVdgB2fvM -x7pww3MjX+1o6fvPuC4bA3ZUycjmqJp7BynVfoSB28vQNcRvtNgzwYD1AoGAa/D3 -1DN1GUNjEB7/nJjPe6sPB+r66W9RVbCBPgyP8ZdwXO/Yl+VnHRyiYl0tbio6cn2T -SQ2/hxKAs+SK+as4t0ffpPYmg/nCi6kzwjWvRIKqrag9W4lGd7uW7J+EN+N0tXqL -Mku2aOKhU84t0PFZL1fk88a5KyLqoZzOJwSxas8CgYEArqFmKddOAjdC+Y8n8nWT -WrEPFts/YAp0KJGW0nDqN7ROKXyBuqrrKpOgXpxZTHRoFQ+RCsWHZOtZYD68Nmod -yr/aGaixsHqIqSC8xu78DwXuOIIVuvEU06pAmCh2ALskKQZhA5sBL6qkw1PlgSDh -WBzMfq3dw8n/557/q+IVnlE= +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCk/dRBOVlVgWPO +9FEQlt2pgHDXMX41ZrJ34AVSpbOtbflMQLGeZHQ8Sv4gsS5w5+I8H8DBGhMIwXQg +mTXLqXaWPEaz2+4YP8x0G2fHMndxVvM9O1WblDiQCZUnPs77ZzDvRcYPeGu4Mwoa +QCLFHAtenXoQ2XSPInpXjgkFF85BxksbeB4mC95xunUrCRMBJpFxi/73e2v3Pmz3 +Zr/ZRVdG5Ir9F/X7H5Tj4ZFUmHj+TyL2c/+J5iD3Y4aqFavURN1K/rpJn6wd37g5 ++0xsROoF2JMaPsYz4SzMARRM9gNptO9CU4G11kc1g4scYzErF0SPkTLMTjLxY7vK +Thb5Nki3AgMBAAECggEAASkb7h2GKFjRp+oGC/TTuFaD9K+PcLa5OKilwPATdHva +jhPCbBfOzYHFidtVNUwcRkn+5BzX127s7zHEtBsMD4B7CtbYNOl1+bcbosYTGwP+ +kAaz0nVXdIPsvarub8xJBtXZz9AMCe6p+odK91H8Ln0zF50/+aXHcIg6PgPt2n6U +smChi15o1F6kdr+hwrqUpjW7NDN3Fs5lCH4dNw8I5PvpqPwl3IkwYG8e76A/9dJa +Fe1mzrUcmXi57JwSePE+Q7/ncIfXYB964AkTMLabylaPsB5EKP587jfpEfXXfyXn +Y+MLFCfP8dUXwu2nAr6vSWs3Ne4TGwWLLKGSP1UQuQKBgQDRBrQj75aN4hPulr9j +MTLIXxNRBOEkKXv11mvZFEV1ljyyw3qCivIndJBLNLRDsY+cr6yOYVwvfF5sx6Si +sF4N789yusRQr3iARJ67+fIJ04gOaIMW8iYzB9kr9eaLdpWSbbBkVG44aF28CiDb +dgeEFFjXYY5u4T+V+YJPLuDrLQKBgQDKEc6SXndtATpU8Gq5DWcUthPwEVQmVYsF +6EGWtU/fdVgTs1XmkFuRLy4VZcICK8+uGqN+bOMtr5gKJjEhAr2aDMqpm3keXdLz +Xlf/El2zzQ1Pj+Jm69odeCqGHwXGQTMOF5bqvIngWi1A5ijS/N3BiNLwtzlcKm+P +yJuJF+dh8wKBgQC7Nd7XpLlaIFcrxLZrl9/c2FKLqOwgoEsW9tGnHmHLnCCHF089 +ZkbWEa8+vFiLnJd8hVbuOsL/AMvtb63DzGSg5N0O67nybgZmE4972rPuGxfrl615 +Oq393JSkq9utoyr5d+aZJYmGWetCBGxDQuYeZL7hQM35/yIdJ9iPJPRrjQKBgCac +rndjm7h1kprmcc44lGjtvfOSrBzDHdScI+RTcxbFCnaBPznWfdjJRioKjr7xdjbT +mkgvMF3rfsb5s0uWhXppVVSBg+xci1G7xl7UOJmB5jg8y0tVaBFXg/Cq/uR6UvIv +acQjEMmREbKkCEsAzLMNnRkoOcq1xSmZcLcKnUknAoGBAJjGDcvr/RsrP/fehxxs +jqtxALg26wAUbfvgjrJxZ3sSmXvP++t8KcXHoAi9vbUXwHjdcq1GCiynmuJG/D4z +u7oBsQnducfSTULsmdMIjnBTy6cdcilfgfX+3h/eUEDzF2R0vx3ugmJMUW4+iMm8 +CVLNHOr0uNpdrz5tOf6SpRhd -----END PRIVATE KEY----- diff --git a/jstests/libs/ocsp/intermediate_ca_ocsp.pem b/jstests/libs/ocsp/intermediate_ca_ocsp.pem index c6abc40d1d1..5c77a6e454a 100644 --- a/jstests/libs/ocsp/intermediate_ca_ocsp.pem +++ b/jstests/libs/ocsp/intermediate_ca_ocsp.pem @@ -1,53 +1,26 @@ + -----BEGIN CERTIFICATE----- -MIIDojCCAoqgAwIBAgIEF39OgDANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJV +MIIDojCCAoqgAwIBAgIEYLGF9TANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJV UzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAO BgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEXMBUGA1UEAwwOS2VybmVs -IFRlc3QgQ0EwHhcNMjAwNDIxMTkxNDUyWhcNNDAwNDIzMTkxNDUyWjB+MQswCQYD +IFRlc3QgQ0EwHhcNMjEwMzA5MTY0MDMxWhcNNDEwMzExMTY0MDMxWjB+MQswCQYD VQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENp dHkxEDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEhMB8GA1UEAwwY SW50ZXJtZWRpYXRlIENBIGZvciBPQ1NQMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAptgUN3L3jVBEbkqNL9d1tdTqgbg1dIYaRdt6dHBdl24mfyW5M/Tg -oHJbsXOfjJrw8Beq5YNPbCZRsZN5u6cedElgUz1+hiTvaHuiUXVejtI0Qsx3p6Fm -xykeu4BW1505KlV5JVNfDd/KTKBu2m3w+jRdBSaCxzyQx7V9MFyg6Xk9oWB5AVHm -D5G71Qta6e5GiT58X50br2Xa5AHpnHjrjseNmIeSYVkIKDTYsh6MSogxT26sJ7aM -3wwbYOK0BXmmyHuscS/B9cHmYTntcDTXfj6dZFwQd0Dr8Pa3TMk/dbm5DBwMRXvx -lot90K46hflTvBfC+zHKwAHRjKcuaW2jOwIDAQABozIwMDAPBgNVHRMBAf8EBTAD -AQH/MB0GA1UdDgQWBBT/JWQaaKfjeSROC1wPOpepb+D8YTANBgkqhkiG9w0BAQsF -AAOCAQEAcRPq5CjP8bXEMOX83/ZiGx0ueZGQKP7d+0Q2/hZyZIVk+kxjmQXuUsIK -vpMlfxcUkcoPeO75bKWq2OxOaem0PcTeGf9XYDEfjoOrCQVQAnM+5oFbSjLgdW2n -Otqe8A7i5IjXHMZMT0XmYu5LWCAM+wJAKDU0pEx4PyZjZIhmSHKl1uyB5ox/vjMU -RjnPj58fawLKOCFbqnLZ24FdwrELqbqwcn/5pCoYxmOfjzMIAqTqgcewOQDoWV6c -IXeG8yIqTdnxuFjEXe9lWrqsPVwhPlU9druF5plSSuHoJ6gDvSWDw5FuYU9afp5U -xdj+V3ksSRqr2ad6DSqEPOohTy9Vvg== +MIIBCgKCAQEApP3UQTlZVYFjzvRREJbdqYBw1zF+NWayd+AFUqWzrW35TECxnmR0 +PEr+ILEucOfiPB/AwRoTCMF0IJk1y6l2ljxGs9vuGD/MdBtnxzJ3cVbzPTtVm5Q4 +kAmVJz7O+2cw70XGD3hruDMKGkAixRwLXp16ENl0jyJ6V44JBRfOQcZLG3geJgve +cbp1KwkTASaRcYv+93tr9z5s92a/2UVXRuSK/Rf1+x+U4+GRVJh4/k8i9nP/ieYg +92OGqhWr1ETdSv66SZ+sHd+4OftMbETqBdiTGj7GM+EszAEUTPYDabTvQlOBtdZH +NYOLHGMxKxdEj5EyzE4y8WO7yk4W+TZItwIDAQABozIwMDAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBRRg4ZhgrLm0lO4jGm+fmVnaczaPzANBgkqhkiG9w0BAQsF +AAOCAQEAZK3kybfwQ05q6BQevqkun9CKC3Vwhv6BLez5wOXW3gQ8BQdypKbSMEB8 +4RPEcy1zBU+6LPa8S+WE88EN85/0n/oS7N7MAgEpSWT8vflBm76nEfG4jG+l8h+Q +yIp0e5/ITq/MtRx9EiRk+vU6l3Mkvqq+2a3T7pKhvE4jOIOyFtg5jr+p2n46WEw4 +g3N/BzbZLpz147KO7tYrelhIAAcbmeVUKlQOjtcljeGbZimRgt8kzJWBVNAS6tEj +J8FTRLMX6HSTbVMx8tjq+MxF9hn1Ztc/3GIIuTvlGeTkLTS8atR4318YfMcZLlwm +pt3Zd7lPfbW/gmFewm7GB5TL9rDfbA== -----END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCm2BQ3cveNUERu -So0v13W11OqBuDV0hhpF23p0cF2XbiZ/Jbkz9OCgcluxc5+MmvDwF6rlg09sJlGx -k3m7px50SWBTPX6GJO9oe6JRdV6O0jRCzHenoWbHKR67gFbXnTkqVXklU18N38pM -oG7abfD6NF0FJoLHPJDHtX0wXKDpeT2hYHkBUeYPkbvVC1rp7kaJPnxfnRuvZdrk -AemceOuOx42Yh5JhWQgoNNiyHoxKiDFPbqwntozfDBtg4rQFeabIe6xxL8H1weZh -Oe1wNNd+Pp1kXBB3QOvw9rdMyT91ubkMHAxFe/GWi33QrjqF+VO8F8L7McrAAdGM -py5pbaM7AgMBAAECggEAaw76If52lMntryvNXuaNlKjT9XsDagrm7u5/rBmyJIo8 -z5egOJOoU6wt5DcCKRH/CsDVG0LgAtCv2Rd9pIj/BLVUxvUNq/wlV1EF/eknTNPb -TwWuvfTWY3OiUcRvdRlg5iZEf0v5EYkJYZQMrcKgP5y8F6L3her6J/vwIck+Q7FM -LlFZfW+ztVK8d2H64wmpO0ErV1UTJkC0DMwGyhT2zfxfhiDD9riHZ9WU/RPmJe91 -6BfL8Vu9L8fH/hS/YLgThBRrP00ZOjETDDGlb94PRSLHU+AQD+nQ0X9PuuxZX+6U -pNe1QkOAszU0ansfwCBlKwjTU6t8nloFWdWZUXgW+QKBgQDS/Wjff7O2MdowiNj9 -RVES62IsdLI4uIMQjLR3c2U78FsWfhIzzKXlmtROzaFPccwkW10i1YWosEv+dkzp -o7Kiafb6pWxfucvts8hbw7dmUT22+N7zUqBK+Tpj6E//5JxmT9aZPPxbxMITlcpc -7NHYtBFOizTEcU9TMXk4jCdY1QKBgQDKb8Z8hMhDZqEmOBlYI8efyXUNKh9BQKfi -ptRzwsVbrYadQdGgNTUURMVZgr3z/3KeDAM+G71e3KqA5jKUMAufVUWQh3b+bU4C -F+R64PxvC0D5kT3KnT2u6yI0qTtqSaDuwcW1G5J4E9M+GOApuLxOr92B+rA6deKR -njpqJHETzwKBgDclJojrzqO7CeUPj28688K3JNSrt30dtJvZur1Rus7ctmH9l3JU -dbO6MO1bz2J9Qrbp7kDRf/qkAWjDsLyMHX9XpMbD/7xRSlyZVa+uSrwCVdgB2fvM -x7pww3MjX+1o6fvPuC4bA3ZUycjmqJp7BynVfoSB28vQNcRvtNgzwYD1AoGAa/D3 -1DN1GUNjEB7/nJjPe6sPB+r66W9RVbCBPgyP8ZdwXO/Yl+VnHRyiYl0tbio6cn2T -SQ2/hxKAs+SK+as4t0ffpPYmg/nCi6kzwjWvRIKqrag9W4lGd7uW7J+EN+N0tXqL -Mku2aOKhU84t0PFZL1fk88a5KyLqoZzOJwSxas8CgYEArqFmKddOAjdC+Y8n8nWT -WrEPFts/YAp0KJGW0nDqN7ROKXyBuqrrKpOgXpxZTHRoFQ+RCsWHZOtZYD68Nmod -yr/aGaixsHqIqSC8xu78DwXuOIIVuvEU06pAmCh2ALskKQZhA5sBL6qkw1PlgSDh -WBzMfq3dw8n/557/q+IVnlE= ------END PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDeTCCAmGgAwIBAgIEBdhiWzANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJV UzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAO diff --git a/jstests/libs/ocsp/intermediate_ca_only_ocsp.crt b/jstests/libs/ocsp/intermediate_ca_only_ocsp.crt new file mode 100644 index 00000000000..618a550c2b4 --- /dev/null +++ b/jstests/libs/ocsp/intermediate_ca_only_ocsp.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDoTCCAomgAwIBAgIDJSA5MA0GCSqGSIb3DQEBCwUAMHQxCzAJBgNVBAYTAlVT +MREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTEQMA4G +A1UECgwHTW9uZ29EQjEPMA0GA1UECwwGS2VybmVsMRcwFQYDVQQDDA5LZXJuZWwg +VGVzdCBDQTAeFw0yMTAzMDkxODAxNDVaFw00MTAzMTExODAxNDVaMH4xCzAJBgNV +BAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0 +eTEQMA4GA1UECgwHTW9uZ29EQjEPMA0GA1UECwwGS2VybmVsMSEwHwYDVQQDDBhJ +bnRlcm1lZGlhdGUgQ0EgZm9yIE9DU1AwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDejgY18iv98kFHs+qDEpUEYmzlgKaH6Z9XiURRLihURcjkwaQsVQmN +9tUbSzr2rsKjjXhKMlFFxxb3dhiHKy/RvFwy0Jv2gHcUGWZmboTvAPpm8K2aMNep +Tm570UyXWMGCxhw8vtO/fkT/UzJGqk4UVnv+uBepl3Lx+7Qrc4XvgLPkcx6NTNIu +8+ex950c54fUrwHHuE8ZmqGYSZhozH8+lK0RiiC0VvbLfQhLZwSi2JeilsutBmNv +9vUtnqz7Ij64risEqDTK9mdieEX1QwooZwDb7KZC26kh4AsnLR9U13a929K+O5R0 +5hUrWFR45EOgTWOkS4Pwi1he433fRDnvAgMBAAGjMjAwMA8GA1UdEwEB/wQFMAMB +Af8wHQYDVR0OBBYEFG4AQc6znEV5v5AOokM27F+YNpEPMA0GCSqGSIb3DQEBCwUA +A4IBAQA6fK8F68vqZ8WjX+G3lubpui/k1ke9ueozYnjxmwdwbWgJ9kH02h9f4uND +4i8ZElpzaraRXHqrWf1PQvwAXwscDkQic2QaEgumei2j63UkwWd9DRWmrlVXKSzW +LCwUtHU9NHZRKjMR3FjSWih5w1l3TWf24422awVkW3pVKiC3xchMCsUrK+mqzivj +hZZ3sgdmCLO2/WYpiBPPsAupniRj5zZk3Kqrw4GmPb8IfFA7HYUEYuhmID9BcnSM +J8Rfx7ZUvQREih92lALmQbN81x27WvxULhgOVoMMU1UlPqDZzL+eLoo+EuC5k38q +cLpYeqs+gWeNrh1kzk0GeHmzvE+g +-----END CERTIFICATE----- diff --git a/jstests/libs/ocsp/intermediate_ca_only_ocsp.key b/jstests/libs/ocsp/intermediate_ca_only_ocsp.key new file mode 100644 index 00000000000..d92a0c06b3c --- /dev/null +++ b/jstests/libs/ocsp/intermediate_ca_only_ocsp.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDejgY18iv98kFH +s+qDEpUEYmzlgKaH6Z9XiURRLihURcjkwaQsVQmN9tUbSzr2rsKjjXhKMlFFxxb3 +dhiHKy/RvFwy0Jv2gHcUGWZmboTvAPpm8K2aMNepTm570UyXWMGCxhw8vtO/fkT/ +UzJGqk4UVnv+uBepl3Lx+7Qrc4XvgLPkcx6NTNIu8+ex950c54fUrwHHuE8ZmqGY +SZhozH8+lK0RiiC0VvbLfQhLZwSi2JeilsutBmNv9vUtnqz7Ij64risEqDTK9mdi +eEX1QwooZwDb7KZC26kh4AsnLR9U13a929K+O5R05hUrWFR45EOgTWOkS4Pwi1he +433fRDnvAgMBAAECggEAeWwrX0tdTRPbIe+7Rv/gZZ/9oclrEkQYN34g09nHDxNz +47ryg21x5Q6Cfn2xEd2PPAR3WKPTS6qvkRvRjg217UxDUUYXkYnNbh3djI1H4c46 +z+cIEFQNlcXA6bTrgLdf/KVxyoKirJuLsXIGwB8ysk3tIK/32QNUJ0oYpoxEysH8 +5QUukx5U/hkJt+RIuiFMqy5H/Ty7W9/5ShSI6wQswx0PSmOeHAIhx0Es99x6XN2n +cKJ9ACxTfG9HzTy+PvNBoa+zWWFQVAKH7qT5nqGC2j8NRiBNydeIBTD2xYjayz51 +G2gWrCBsfqGWPLxFjvim+jO7fkhPQfIuG2U9OvlyYQKBgQDyy+i1JjjC/6ygyEeW +jCH8CdcenCw21i+VRx6AssOJdLKCD7FUih6CBHDx/OY9RamXLow5jjK/Wz450EkW +cJX52haJ0SasDpxWsteVczZ4lcPD8mwpm1zL/+v0SK36hXnPDQNi8kCupITPvrY9 +oJPXuy4AqsNtn33r3kVKihWRwwKBgQDqqFHpKDXSyGxALRaiFY3aSYTmGD1c9n/y +J8XGz3VNJCrzMdMCS2HazoeEh20WkZA6OsAZTdAmRC88jKQtCfqNSiYvWu/AbaHy +x2t6J6S28qYpme7GTBm6TZAcx4f9obxU4icI3klc5lwGLH5U96hT7sh03AG0PfgH +zEkjuSPoZQKBgQDGot5avc94cVZZICG5YCI5og9V4q0lm+vH9CxXXGkvHsMgNxh8 +MpetBVcmEyKGhGSv5Awi1lxcQ5jQEcCJ1EhO5gbEb9F0uGtdXumTQnQRCW3k9INb +MtkjqNfwvjlgGS1DoMDhhZI3jy99Cujr2GC8AU4si4hhOjf57ZnA1uG4owKBgQCj +P1AkzZWMO2SbzQJW5nnWJ5luXeSqvM5MEAFWi1NGxGeg4sOyb/D2wQGkYHay4bed +2utzbx/kz0CxdgJtVujYzIH+JdxvWZX2CWgrBlNf9zVD8dQcXirz4ivk6acg+xjD +UMXpNIODPrs8jE2jHNwc8BzCt5/z3byk6Cjl0lI5xQKBgQDvpObhRYwho2J0H9pk +L3c0GohnYcVZjdXMtPYE+ZzrJi3vHqmrAplGVTO8qZT/Vy8c09KocgwSjBGXMGJa +6PVQULt2ox/c4XinKuB942Fl2YgA/nynh32BHFmAHUYaAMOE/2qbnVe506vBYqug +bDx68eBArePbMhiDlOw8f2IRbQ== +-----END PRIVATE KEY----- diff --git a/jstests/libs/ocsp/intermediate_ca_only_ocsp.pem b/jstests/libs/ocsp/intermediate_ca_only_ocsp.pem new file mode 100644 index 00000000000..daa003806ce --- /dev/null +++ b/jstests/libs/ocsp/intermediate_ca_only_ocsp.pem @@ -0,0 +1,50 @@ +-----BEGIN CERTIFICATE----- +MIIDoTCCAomgAwIBAgIDJSA5MA0GCSqGSIb3DQEBCwUAMHQxCzAJBgNVBAYTAlVT +MREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTEQMA4G +A1UECgwHTW9uZ29EQjEPMA0GA1UECwwGS2VybmVsMRcwFQYDVQQDDA5LZXJuZWwg +VGVzdCBDQTAeFw0yMTAzMDkxODAxNDVaFw00MTAzMTExODAxNDVaMH4xCzAJBgNV +BAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0 +eTEQMA4GA1UECgwHTW9uZ29EQjEPMA0GA1UECwwGS2VybmVsMSEwHwYDVQQDDBhJ +bnRlcm1lZGlhdGUgQ0EgZm9yIE9DU1AwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDejgY18iv98kFHs+qDEpUEYmzlgKaH6Z9XiURRLihURcjkwaQsVQmN +9tUbSzr2rsKjjXhKMlFFxxb3dhiHKy/RvFwy0Jv2gHcUGWZmboTvAPpm8K2aMNep +Tm570UyXWMGCxhw8vtO/fkT/UzJGqk4UVnv+uBepl3Lx+7Qrc4XvgLPkcx6NTNIu +8+ex950c54fUrwHHuE8ZmqGYSZhozH8+lK0RiiC0VvbLfQhLZwSi2JeilsutBmNv +9vUtnqz7Ij64risEqDTK9mdieEX1QwooZwDb7KZC26kh4AsnLR9U13a929K+O5R0 +5hUrWFR45EOgTWOkS4Pwi1he433fRDnvAgMBAAGjMjAwMA8GA1UdEwEB/wQFMAMB +Af8wHQYDVR0OBBYEFG4AQc6znEV5v5AOokM27F+YNpEPMA0GCSqGSIb3DQEBCwUA +A4IBAQA6fK8F68vqZ8WjX+G3lubpui/k1ke9ueozYnjxmwdwbWgJ9kH02h9f4uND +4i8ZElpzaraRXHqrWf1PQvwAXwscDkQic2QaEgumei2j63UkwWd9DRWmrlVXKSzW +LCwUtHU9NHZRKjMR3FjSWih5w1l3TWf24422awVkW3pVKiC3xchMCsUrK+mqzivj +hZZ3sgdmCLO2/WYpiBPPsAupniRj5zZk3Kqrw4GmPb8IfFA7HYUEYuhmID9BcnSM +J8Rfx7ZUvQREih92lALmQbN81x27WvxULhgOVoMMU1UlPqDZzL+eLoo+EuC5k38q +cLpYeqs+gWeNrh1kzk0GeHmzvE+g +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDejgY18iv98kFH +s+qDEpUEYmzlgKaH6Z9XiURRLihURcjkwaQsVQmN9tUbSzr2rsKjjXhKMlFFxxb3 +dhiHKy/RvFwy0Jv2gHcUGWZmboTvAPpm8K2aMNepTm570UyXWMGCxhw8vtO/fkT/ +UzJGqk4UVnv+uBepl3Lx+7Qrc4XvgLPkcx6NTNIu8+ex950c54fUrwHHuE8ZmqGY +SZhozH8+lK0RiiC0VvbLfQhLZwSi2JeilsutBmNv9vUtnqz7Ij64risEqDTK9mdi +eEX1QwooZwDb7KZC26kh4AsnLR9U13a929K+O5R05hUrWFR45EOgTWOkS4Pwi1he +433fRDnvAgMBAAECggEAeWwrX0tdTRPbIe+7Rv/gZZ/9oclrEkQYN34g09nHDxNz +47ryg21x5Q6Cfn2xEd2PPAR3WKPTS6qvkRvRjg217UxDUUYXkYnNbh3djI1H4c46 +z+cIEFQNlcXA6bTrgLdf/KVxyoKirJuLsXIGwB8ysk3tIK/32QNUJ0oYpoxEysH8 +5QUukx5U/hkJt+RIuiFMqy5H/Ty7W9/5ShSI6wQswx0PSmOeHAIhx0Es99x6XN2n +cKJ9ACxTfG9HzTy+PvNBoa+zWWFQVAKH7qT5nqGC2j8NRiBNydeIBTD2xYjayz51 +G2gWrCBsfqGWPLxFjvim+jO7fkhPQfIuG2U9OvlyYQKBgQDyy+i1JjjC/6ygyEeW +jCH8CdcenCw21i+VRx6AssOJdLKCD7FUih6CBHDx/OY9RamXLow5jjK/Wz450EkW +cJX52haJ0SasDpxWsteVczZ4lcPD8mwpm1zL/+v0SK36hXnPDQNi8kCupITPvrY9 +oJPXuy4AqsNtn33r3kVKihWRwwKBgQDqqFHpKDXSyGxALRaiFY3aSYTmGD1c9n/y +J8XGz3VNJCrzMdMCS2HazoeEh20WkZA6OsAZTdAmRC88jKQtCfqNSiYvWu/AbaHy +x2t6J6S28qYpme7GTBm6TZAcx4f9obxU4icI3klc5lwGLH5U96hT7sh03AG0PfgH +zEkjuSPoZQKBgQDGot5avc94cVZZICG5YCI5og9V4q0lm+vH9CxXXGkvHsMgNxh8 +MpetBVcmEyKGhGSv5Awi1lxcQ5jQEcCJ1EhO5gbEb9F0uGtdXumTQnQRCW3k9INb +MtkjqNfwvjlgGS1DoMDhhZI3jy99Cujr2GC8AU4si4hhOjf57ZnA1uG4owKBgQCj +P1AkzZWMO2SbzQJW5nnWJ5luXeSqvM5MEAFWi1NGxGeg4sOyb/D2wQGkYHay4bed +2utzbx/kz0CxdgJtVujYzIH+JdxvWZX2CWgrBlNf9zVD8dQcXirz4ivk6acg+xjD +UMXpNIODPrs8jE2jHNwc8BzCt5/z3byk6Cjl0lI5xQKBgQDvpObhRYwho2J0H9pk +L3c0GohnYcVZjdXMtPYE+ZzrJi3vHqmrAplGVTO8qZT/Vy8c09KocgwSjBGXMGJa +6PVQULt2ox/c4XinKuB942Fl2YgA/nynh32BHFmAHUYaAMOE/2qbnVe506vBYqug +bDx68eBArePbMhiDlOw8f2IRbQ== +-----END PRIVATE KEY----- diff --git a/jstests/libs/ocsp/intermediate_ca_with_root_ocsp.pem b/jstests/libs/ocsp/intermediate_ca_with_root_ocsp.pem new file mode 100644 index 00000000000..6a5bb185080 --- /dev/null +++ b/jstests/libs/ocsp/intermediate_ca_with_root_ocsp.pem @@ -0,0 +1,44 @@ + +-----BEGIN CERTIFICATE----- +MIIDoTCCAomgAwIBAgIDJSA5MA0GCSqGSIb3DQEBCwUAMHQxCzAJBgNVBAYTAlVT +MREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTEQMA4G +A1UECgwHTW9uZ29EQjEPMA0GA1UECwwGS2VybmVsMRcwFQYDVQQDDA5LZXJuZWwg +VGVzdCBDQTAeFw0yMTAzMDkxODAxNDVaFw00MTAzMTExODAxNDVaMH4xCzAJBgNV +BAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0 +eTEQMA4GA1UECgwHTW9uZ29EQjEPMA0GA1UECwwGS2VybmVsMSEwHwYDVQQDDBhJ +bnRlcm1lZGlhdGUgQ0EgZm9yIE9DU1AwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDejgY18iv98kFHs+qDEpUEYmzlgKaH6Z9XiURRLihURcjkwaQsVQmN +9tUbSzr2rsKjjXhKMlFFxxb3dhiHKy/RvFwy0Jv2gHcUGWZmboTvAPpm8K2aMNep +Tm570UyXWMGCxhw8vtO/fkT/UzJGqk4UVnv+uBepl3Lx+7Qrc4XvgLPkcx6NTNIu +8+ex950c54fUrwHHuE8ZmqGYSZhozH8+lK0RiiC0VvbLfQhLZwSi2JeilsutBmNv +9vUtnqz7Ij64risEqDTK9mdieEX1QwooZwDb7KZC26kh4AsnLR9U13a929K+O5R0 +5hUrWFR45EOgTWOkS4Pwi1he433fRDnvAgMBAAGjMjAwMA8GA1UdEwEB/wQFMAMB +Af8wHQYDVR0OBBYEFG4AQc6znEV5v5AOokM27F+YNpEPMA0GCSqGSIb3DQEBCwUA +A4IBAQA6fK8F68vqZ8WjX+G3lubpui/k1ke9ueozYnjxmwdwbWgJ9kH02h9f4uND +4i8ZElpzaraRXHqrWf1PQvwAXwscDkQic2QaEgumei2j63UkwWd9DRWmrlVXKSzW +LCwUtHU9NHZRKjMR3FjSWih5w1l3TWf24422awVkW3pVKiC3xchMCsUrK+mqzivj +hZZ3sgdmCLO2/WYpiBPPsAupniRj5zZk3Kqrw4GmPb8IfFA7HYUEYuhmID9BcnSM +J8Rfx7ZUvQREih92lALmQbN81x27WvxULhgOVoMMU1UlPqDZzL+eLoo+EuC5k38q +cLpYeqs+gWeNrh1kzk0GeHmzvE+g +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDeTCCAmGgAwIBAgIEBdhiWzANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJV +UzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAO +BgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEXMBUGA1UEAwwOS2VybmVs +IFRlc3QgQ0EwHhcNMjAwMzIzMjIxMzA5WhcNNDAwMzI1MjIxMzA5WjB0MQswCQYD +VQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENp +dHkxEDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEXMBUGA1UEAwwO +S2VybmVsIFRlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg +H42hLFFnWFETIDs4Q3rjzJLB4mxqn7BiFDbhzivKGN8SMrIaoyg8CkNJWpJVYEBN +BjaQHMzivBiQEjDbx2bWz7+rMjont9zJbNmMMuEZcqQw42SBlQ/xXBnIbvICGoXy +7EkEH/kYzX7NjUhAHOJUdfyTW0okChPxOQr8CI07HVYmeelBZh6FPnzdQ5mgsbmk +vsdesE1gvcfFtm/7Q6+GXp+1GDVGRUmPmHTYPIkjouJWQM++WU2KofSe5k9Rn1Oz +ZE3jJAaB9gGA83/xcLkVLBe4dyE5foVbbXL7t37yB8R06/7ffV62B7sn0M5X/rfA +UY5sJ6WOWdQz8k+WjXlXAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAAsY/vktUSwXC1MCC8cYtcrlI0EgGcvkcRxEjRv7t5YVZii6 +eqKSfaX5HDxKl8dH7Z95Z3sDqr7iwPFtzmzQHEwvSSKbiqeS9Be0yf6mJv10LC5d +M9qoMvbp90ob3Jhib5IGzeijcQFfzbZa+MGnWiCGX04U/hUrayMdmna83exKbeNW +S0LT1F82rG2QklFOFSZSInXsBiR4olRWqXrYpNjP4B5gueQ2+XUlMZdphvkOksCo +/UBdqKotBFgyYXdMygl4hscxo+O4FRpX6RKVyobJXKax+mzbc9YUKTFtKu6KlZls +jvqjtuXgmZvXOgduG5D8Sqoqp/q1nYzYpcgEss4= +-----END CERTIFICATE----- diff --git a/jstests/libs/ocsp/intermediate_only_ca_ocsp.pem b/jstests/libs/ocsp/intermediate_only_ca_ocsp.pem new file mode 100644 index 00000000000..6baeb772242 --- /dev/null +++ b/jstests/libs/ocsp/intermediate_only_ca_ocsp.pem @@ -0,0 +1,50 @@ +-----BEGIN CERTIFICATE----- +MIIDojCCAoqgAwIBAgIEYLGF9TANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJV +UzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAO +BgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEXMBUGA1UEAwwOS2VybmVs +IFRlc3QgQ0EwHhcNMjEwMzA5MTY0MDMxWhcNNDEwMzExMTY0MDMxWjB+MQswCQYD +VQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENp +dHkxEDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEhMB8GA1UEAwwY +SW50ZXJtZWRpYXRlIENBIGZvciBPQ1NQMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEApP3UQTlZVYFjzvRREJbdqYBw1zF+NWayd+AFUqWzrW35TECxnmR0 +PEr+ILEucOfiPB/AwRoTCMF0IJk1y6l2ljxGs9vuGD/MdBtnxzJ3cVbzPTtVm5Q4 +kAmVJz7O+2cw70XGD3hruDMKGkAixRwLXp16ENl0jyJ6V44JBRfOQcZLG3geJgve +cbp1KwkTASaRcYv+93tr9z5s92a/2UVXRuSK/Rf1+x+U4+GRVJh4/k8i9nP/ieYg +92OGqhWr1ETdSv66SZ+sHd+4OftMbETqBdiTGj7GM+EszAEUTPYDabTvQlOBtdZH +NYOLHGMxKxdEj5EyzE4y8WO7yk4W+TZItwIDAQABozIwMDAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBRRg4ZhgrLm0lO4jGm+fmVnaczaPzANBgkqhkiG9w0BAQsF +AAOCAQEAZK3kybfwQ05q6BQevqkun9CKC3Vwhv6BLez5wOXW3gQ8BQdypKbSMEB8 +4RPEcy1zBU+6LPa8S+WE88EN85/0n/oS7N7MAgEpSWT8vflBm76nEfG4jG+l8h+Q +yIp0e5/ITq/MtRx9EiRk+vU6l3Mkvqq+2a3T7pKhvE4jOIOyFtg5jr+p2n46WEw4 +g3N/BzbZLpz147KO7tYrelhIAAcbmeVUKlQOjtcljeGbZimRgt8kzJWBVNAS6tEj +J8FTRLMX6HSTbVMx8tjq+MxF9hn1Ztc/3GIIuTvlGeTkLTS8atR4318YfMcZLlwm +pt3Zd7lPfbW/gmFewm7GB5TL9rDfbA== +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCk/dRBOVlVgWPO +9FEQlt2pgHDXMX41ZrJ34AVSpbOtbflMQLGeZHQ8Sv4gsS5w5+I8H8DBGhMIwXQg +mTXLqXaWPEaz2+4YP8x0G2fHMndxVvM9O1WblDiQCZUnPs77ZzDvRcYPeGu4Mwoa +QCLFHAtenXoQ2XSPInpXjgkFF85BxksbeB4mC95xunUrCRMBJpFxi/73e2v3Pmz3 +Zr/ZRVdG5Ir9F/X7H5Tj4ZFUmHj+TyL2c/+J5iD3Y4aqFavURN1K/rpJn6wd37g5 ++0xsROoF2JMaPsYz4SzMARRM9gNptO9CU4G11kc1g4scYzErF0SPkTLMTjLxY7vK +Thb5Nki3AgMBAAECggEAASkb7h2GKFjRp+oGC/TTuFaD9K+PcLa5OKilwPATdHva +jhPCbBfOzYHFidtVNUwcRkn+5BzX127s7zHEtBsMD4B7CtbYNOl1+bcbosYTGwP+ +kAaz0nVXdIPsvarub8xJBtXZz9AMCe6p+odK91H8Ln0zF50/+aXHcIg6PgPt2n6U +smChi15o1F6kdr+hwrqUpjW7NDN3Fs5lCH4dNw8I5PvpqPwl3IkwYG8e76A/9dJa +Fe1mzrUcmXi57JwSePE+Q7/ncIfXYB964AkTMLabylaPsB5EKP587jfpEfXXfyXn +Y+MLFCfP8dUXwu2nAr6vSWs3Ne4TGwWLLKGSP1UQuQKBgQDRBrQj75aN4hPulr9j +MTLIXxNRBOEkKXv11mvZFEV1ljyyw3qCivIndJBLNLRDsY+cr6yOYVwvfF5sx6Si +sF4N789yusRQr3iARJ67+fIJ04gOaIMW8iYzB9kr9eaLdpWSbbBkVG44aF28CiDb +dgeEFFjXYY5u4T+V+YJPLuDrLQKBgQDKEc6SXndtATpU8Gq5DWcUthPwEVQmVYsF +6EGWtU/fdVgTs1XmkFuRLy4VZcICK8+uGqN+bOMtr5gKJjEhAr2aDMqpm3keXdLz +Xlf/El2zzQ1Pj+Jm69odeCqGHwXGQTMOF5bqvIngWi1A5ijS/N3BiNLwtzlcKm+P +yJuJF+dh8wKBgQC7Nd7XpLlaIFcrxLZrl9/c2FKLqOwgoEsW9tGnHmHLnCCHF089 +ZkbWEa8+vFiLnJd8hVbuOsL/AMvtb63DzGSg5N0O67nybgZmE4972rPuGxfrl615 +Oq393JSkq9utoyr5d+aZJYmGWetCBGxDQuYeZL7hQM35/yIdJ9iPJPRrjQKBgCac +rndjm7h1kprmcc44lGjtvfOSrBzDHdScI+RTcxbFCnaBPznWfdjJRioKjr7xdjbT +mkgvMF3rfsb5s0uWhXppVVSBg+xci1G7xl7UOJmB5jg8y0tVaBFXg/Cq/uR6UvIv +acQjEMmREbKkCEsAzLMNnRkoOcq1xSmZcLcKnUknAoGBAJjGDcvr/RsrP/fehxxs +jqtxALg26wAUbfvgjrJxZ3sSmXvP++t8KcXHoAi9vbUXwHjdcq1GCiynmuJG/D4z +u7oBsQnducfSTULsmdMIjnBTy6cdcilfgfX+3h/eUEDzF2R0vx3ugmJMUW4+iMm8 +CVLNHOr0uNpdrz5tOf6SpRhd +-----END PRIVATE KEY----- diff --git a/jstests/libs/ocsp/ocsp_server_intermediate_appended.pem b/jstests/libs/ocsp/ocsp_server_intermediate_appended.pem new file mode 100644 index 00000000000..e3065485238 --- /dev/null +++ b/jstests/libs/ocsp/ocsp_server_intermediate_appended.pem @@ -0,0 +1,48 @@ + +-----BEGIN CERTIFICATE----- +MIIELzCCAxegAwIBAgIEc3NuKDANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJV +UzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAO +BgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEhMB8GA1UEAwwYSW50ZXJt +ZWRpYXRlIENBIGZvciBPQ1NQMB4XDTIwMDQyMTE5MTQ1MloXDTQwMDQyMzE5MTQ1 +MlowgYIxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwN +TmV3IFlvcmsgQ2l0eTEQMA4GA1UECgwHTW9uZ29EQjEPMA0GA1UECwwGS2VybmVs +MSUwIwYDVQQDDBxTZXJ2ZXIgT0NTUCBWaWEgSW50ZXJtZWRpYXRlMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8o7m7QpIMUZ2r6HOmhuqNF25x0odb9Bg +rSLm7Hvb3WBu6jwWPrrnPerR/nODVEY4Qo7mOclgCsooJx3HaPYPgRYffRQMJ+I5 +lpvsRsBjW7CnS0amz9QcbGnIhMeFU45gCn51CTLPoBJ7hB9F4Z02bOJEMkkXkhtm +kkiVysUs6po+t2+w8tojOScZdeDUtwfStKJ7Xb9B79Ko3BCcITXJUxDBcqUEJF+E +v3YQuQg/QKNTO+L39aFFo8WNfuP09txdjT/+T8PZq826ccohRdSrJ5lq1hXmmKXp +3p6Ut35aE4tjj6KSjDonMkYcvdNHQ0aL2p8x4JjwgwAuNwawTUbYIwIDAQABo4Gv +MIGsMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAdBgNVHQ4EFgQUyC6Gv0rfoato44VsaVig1SmminYwOAYIKwYB +BQUHAQEELDAqMCgGCCsGAQUFBzABhhxodHRwOi8vbG9jYWxob3N0OjgxMDAvc3Rh +dHVzMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEAogdunlFL04lqVbZyqPvN/5TtrEtM87invrzTYZ8UmT5Q4Kr8mHRsumBuVwDu +bE+umrPtQVvu0XYqsjmjmOk7hTIK6PFuF6rLQCUBHVXBZggTNKFFBWphQ8odUbPG +FmOqSlkZAkcNo3dLpxRbfDru2ARxeE2+sRCPWwUZc7utqpLoZ0deuKdDSlA/VcGJ +5wf0sjmcjvJRRUSYeJcUox4ySL+4WtFu33LhYZKgnrMNegaJ6UyIlwB4ihMyi9sV +yDlsY+vGqivqqMUw8V6tdUekCYPUlHWXeICqsRIBII+xMzqTv1rXPzNyAvyVYrBi +hG10rdLfnQWn2vpYKU5b3Vo1yg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDojCCAoqgAwIBAgIEYLGF9TANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJV +UzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAO +BgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEXMBUGA1UEAwwOS2VybmVs +IFRlc3QgQ0EwHhcNMjEwMzA5MTY0MDMxWhcNNDEwMzExMTY0MDMxWjB+MQswCQYD +VQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENp +dHkxEDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEhMB8GA1UEAwwY +SW50ZXJtZWRpYXRlIENBIGZvciBPQ1NQMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEApP3UQTlZVYFjzvRREJbdqYBw1zF+NWayd+AFUqWzrW35TECxnmR0 +PEr+ILEucOfiPB/AwRoTCMF0IJk1y6l2ljxGs9vuGD/MdBtnxzJ3cVbzPTtVm5Q4 +kAmVJz7O+2cw70XGD3hruDMKGkAixRwLXp16ENl0jyJ6V44JBRfOQcZLG3geJgve +cbp1KwkTASaRcYv+93tr9z5s92a/2UVXRuSK/Rf1+x+U4+GRVJh4/k8i9nP/ieYg +92OGqhWr1ETdSv66SZ+sHd+4OftMbETqBdiTGj7GM+EszAEUTPYDabTvQlOBtdZH +NYOLHGMxKxdEj5EyzE4y8WO7yk4W+TZItwIDAQABozIwMDAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBRRg4ZhgrLm0lO4jGm+fmVnaczaPzANBgkqhkiG9w0BAQsF +AAOCAQEAZK3kybfwQ05q6BQevqkun9CKC3Vwhv6BLez5wOXW3gQ8BQdypKbSMEB8 +4RPEcy1zBU+6LPa8S+WE88EN85/0n/oS7N7MAgEpSWT8vflBm76nEfG4jG+l8h+Q +yIp0e5/ITq/MtRx9EiRk+vU6l3Mkvqq+2a3T7pKhvE4jOIOyFtg5jr+p2n46WEw4 +g3N/BzbZLpz147KO7tYrelhIAAcbmeVUKlQOjtcljeGbZimRgt8kzJWBVNAS6tEj +J8FTRLMX6HSTbVMx8tjq+MxF9hn1Ztc/3GIIuTvlGeTkLTS8atR4318YfMcZLlwm +pt3Zd7lPfbW/gmFewm7GB5TL9rDfbA== +-----END CERTIFICATE----- diff --git a/jstests/libs/ocsp/server_and_intermediate_ca_appended_ocsp.pem b/jstests/libs/ocsp/server_and_intermediate_ca_appended_ocsp.pem new file mode 100644 index 00000000000..40e51eabb81 --- /dev/null +++ b/jstests/libs/ocsp/server_and_intermediate_ca_appended_ocsp.pem @@ -0,0 +1,75 @@ +-----BEGIN CERTIFICATE----- +MIIELzCCAxegAwIBAgIEePoaqDANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJV +UzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAO +BgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEhMB8GA1UEAwwYSW50ZXJt +ZWRpYXRlIENBIGZvciBPQ1NQMB4XDTIxMDMwOTE5NTcyM1oXDTQxMDMxMTE5NTcy +M1owgYIxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwN +TmV3IFlvcmsgQ2l0eTEQMA4GA1UECgwHTW9uZ29EQjEPMA0GA1UECwwGS2VybmVs +MSUwIwYDVQQDDBxTZXJ2ZXIgT0NTUCBWaWEgSW50ZXJtZWRpYXRlMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHG+UhzjMVQ7ldegRTCPzNi+1L2U4BnC +oYVd9ygLDYO9m6Kj+znX6qOLcMuPtHv6AUcUgpf+h311kxeERx/kzxHMm1DPqG74 +nimcqnTI2wPZJOshVC3MMR3EKosUzqPtKAEiDsjrnyjZzlfrL08ditesI0jNxm2j +8p8I26pfkkiUDiGpa890Ee2y7Iwwfykxe4dTwu2pPD/ilPeOL2hUi4POJQp67vJ9 +l3Qf41ArfsQoMdw3P8SEBxHvQXLCMZCSrW238cjC4ANPNppPoeCJYhLVUGb4JVhW +jcJjNN78nPmxkdbmKtkzNdk+P2AgBFEKkw9PWd/qTMik5rzatYY8ZwIDAQABo4Gv +MIGsMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAdBgNVHQ4EFgQUYv47XOLpssfaLd513A2Vc5qMBFwwOAYIKwYB +BQUHAQEELDAqMCgGCCsGAQUFBzABhhxodHRwOi8vbG9jYWxob3N0OjgxMDAvc3Rh +dHVzMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEAuUVDwq9a0Y7JwJc8mLYHKYiPGOa37wqRvsvTy6IHeboIrwtEYyd1m8KEKv2t +rXypehm0orCO+Bkc/7hdVH/xm9u5iZ417CdIUI+siGBN8V6X47FyuIpRJCPNBLPb +Ecgklfrn8ceYPT991wp6QigNozPAIP5Xaol7X3rL6Ne2rx1OD3/MS3xeeHduuKOL +kd9/rrccvcu+MkICwhuSzIIZvOFClG5pXGyvG4ZMo8mggWyQVoSHMc3/e8K+KvcL +3Zojni2vXLNgFv0n4P8gRFwzxztq+/PgS6H4YYA6BomrIqm0PwaZdbTEeUetiYG9 +Qc9+kwTSRF6cIYg4h7Xq/luNRw== +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCscb5SHOMxVDuV +16BFMI/M2L7UvZTgGcKhhV33KAsNg72boqP7Odfqo4twy4+0e/oBRxSCl/6HfXWT +F4RHH+TPEcybUM+obvieKZyqdMjbA9kk6yFULcwxHcQqixTOo+0oASIOyOufKNnO +V+svTx2K16wjSM3GbaPynwjbql+SSJQOIalrz3QR7bLsjDB/KTF7h1PC7ak8P+KU +944vaFSLg84lCnru8n2XdB/jUCt+xCgx3Dc/xIQHEe9BcsIxkJKtbbfxyMLgA082 +mk+h4IliEtVQZvglWFaNwmM03vyc+bGR1uYq2TM12T4/YCAEUQqTD09Z3+pMyKTm +vNq1hjxnAgMBAAECggEAAMVdaXaRmXXb8laNc+G8stjBOahDUyEqWpiDDAjUy9Gr +9lcqzoO6sGTcybtPQCpRutG7iL3vOGHaNbckM0E0P6y/sm4RD5q3Z9WdyrFM+JWy +0dRvSLYPtKSCbQJELIxVEhm3MkO5sfN3zdFcztBWvHksXtgDe4Cf/AS0AG9pj/jb +Ncd1AvrPJbh1IyOHBUdli/Dc8rNjAU3VwQgND4OJWzUSS0zyKOQjy/FE6LQo2jbf +XRxUtSFnSSDRxg8UFhCsdySlnpcM88Ve18vx7YAUX5lQMxxHiNijkMeByASd9yCl ++XuDEt0IT5FnNOfEHXmbuwAnyDZNyYpqubpfYramyQKBgQDlc0bxj8zz+ZluTChM +n/dtp5JHZCWYSwPZbQY1Nj3btkjqNZk4F4LQ0qpA4goRJ2VoscfKcJOYR+/VsjTX +UmDGuaHcVHNJS9j7vzOxfIJ+fUhWdpfZdL47O2mKNQT5lfeaeglrn+EyGrozuyRB ++OR84/Ty/MdJAZAm9tI/Toey2wKBgQDAZdknUF8A8Vthz90yrQca57HecbX5nz6b +LxpU/COYgroD8Bs7/n3tWiMez2lwg0vlFcC07Mz0BPBiL0MIc+3N3BuS44UORF/1 +1RL7PrLnWiSqKqV90McuLZZkVgB4VDuqoyw6buq/DWRDCe/V+HGdwK1V7S9Y6S+F +rI3kuDfEZQKBgHCXW6WnmbvSrB56kn/fM0wEoXwUwXn0vYPQwu4TmtEYprj+6huj +NdcAuPizspruSQ3RxycojNR54E9tbg6G5uQ9LRbv/c5mwKfwEA60+VfWZEvBUAwu +BDcOlWBzWeibVW/hGIROZPPwN5Sw7T7OQliih41Ayw2hDbqA/XSBNYdnAoGBAKIY +bOcJeLFDp3j19ufODXFmiV3fMbDYsJdwDOBS+e5xHSVaMqfOFuxVB8faeXwYsmWU +eSI1a8ufKaOfK/vAKDdLXVPZKm3Fv49PcEmLHpF6Se+wNHOW5WkLcWyhZI38cbSm ++wlUD6TdNH6irZT5V0fQYHlHdp+S/r3Bjl6HsjxdAoGBAIZZ/lOi4FReDDDoYddu +j52Fs9eVon4ie7SpVhvR2HIc7jFJ8nHEuSwMJzXnAGFL/s90Xn2sgejE4upqRoAa +VhYBi3W9dq3eiZxz/2tWDMipg1z75eyKGWZUZG0I2513GOIM9PXXjT4A/w2FeVgF +taWKxpF9r6U/mvqKi2scJeuj +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDoTCCAomgAwIBAgIDJSA5MA0GCSqGSIb3DQEBCwUAMHQxCzAJBgNVBAYTAlVT +MREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTEQMA4G +A1UECgwHTW9uZ29EQjEPMA0GA1UECwwGS2VybmVsMRcwFQYDVQQDDA5LZXJuZWwg +VGVzdCBDQTAeFw0yMTAzMDkxODAxNDVaFw00MTAzMTExODAxNDVaMH4xCzAJBgNV +BAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0 +eTEQMA4GA1UECgwHTW9uZ29EQjEPMA0GA1UECwwGS2VybmVsMSEwHwYDVQQDDBhJ +bnRlcm1lZGlhdGUgQ0EgZm9yIE9DU1AwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDejgY18iv98kFHs+qDEpUEYmzlgKaH6Z9XiURRLihURcjkwaQsVQmN +9tUbSzr2rsKjjXhKMlFFxxb3dhiHKy/RvFwy0Jv2gHcUGWZmboTvAPpm8K2aMNep +Tm570UyXWMGCxhw8vtO/fkT/UzJGqk4UVnv+uBepl3Lx+7Qrc4XvgLPkcx6NTNIu +8+ex950c54fUrwHHuE8ZmqGYSZhozH8+lK0RiiC0VvbLfQhLZwSi2JeilsutBmNv +9vUtnqz7Ij64risEqDTK9mdieEX1QwooZwDb7KZC26kh4AsnLR9U13a929K+O5R0 +5hUrWFR45EOgTWOkS4Pwi1he433fRDnvAgMBAAGjMjAwMA8GA1UdEwEB/wQFMAMB +Af8wHQYDVR0OBBYEFG4AQc6znEV5v5AOokM27F+YNpEPMA0GCSqGSIb3DQEBCwUA +A4IBAQA6fK8F68vqZ8WjX+G3lubpui/k1ke9ueozYnjxmwdwbWgJ9kH02h9f4uND +4i8ZElpzaraRXHqrWf1PQvwAXwscDkQic2QaEgumei2j63UkwWd9DRWmrlVXKSzW +LCwUtHU9NHZRKjMR3FjSWih5w1l3TWf24422awVkW3pVKiC3xchMCsUrK+mqzivj +hZZ3sgdmCLO2/WYpiBPPsAupniRj5zZk3Kqrw4GmPb8IfFA7HYUEYuhmID9BcnSM +J8Rfx7ZUvQREih92lALmQbN81x27WvxULhgOVoMMU1UlPqDZzL+eLoo+EuC5k38q +cLpYeqs+gWeNrh1kzk0GeHmzvE+g +-----END CERTIFICATE----- diff --git a/jstests/libs/ocsp/server_signed_by_intermediate_ca_ocsp.pem b/jstests/libs/ocsp/server_signed_by_intermediate_ca_ocsp.pem new file mode 100644 index 00000000000..2ddad25ca14 --- /dev/null +++ b/jstests/libs/ocsp/server_signed_by_intermediate_ca_ocsp.pem @@ -0,0 +1,53 @@ +-----BEGIN CERTIFICATE----- +MIIELzCCAxegAwIBAgIEd1zJgjANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJV +UzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAO +BgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEhMB8GA1UEAwwYSW50ZXJt +ZWRpYXRlIENBIGZvciBPQ1NQMB4XDTIxMDMwOTE4MDE0NVoXDTQxMDMxMTE4MDE0 +NVowgYIxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwN +TmV3IFlvcmsgQ2l0eTEQMA4GA1UECgwHTW9uZ29EQjEPMA0GA1UECwwGS2VybmVs +MSUwIwYDVQQDDBxTZXJ2ZXIgT0NTUCBWaWEgSW50ZXJtZWRpYXRlMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxtTLSb8bXzIg1CAgzzjG2/m5GIson1h4 +/A1ajETjZ9dpAOx2rZQ/9KCVXSJDGTqJs4cB0Nsif4NUmnmy5vfI4pPFtIkDZrPJ +ZBP9GGSE6DFbGnA+/8/aZJQbHmzKVC8XaiObI/ta1o590YL0kEsOSfJGNluGJP3i +O1ZFCiZWGTikQcHpd/w1ESV5q6gqOyKc3eK36k2q+I9EHXw1upDI/x+p0oawsvz6 +oJSqiQQtl88OiDxP5hwgF0EDOFSWb1nrCX3VpZd4HLAU64NCkml+dPcwcbYdnS+h +ieeyRD3zXTFKYXNIDRhw4Aes9nC9e3fSw2fVx61DSQzTP7BUs3K+YQIDAQABo4Gv +MIGsMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAdBgNVHQ4EFgQUg+27wcaFAnJpnN0/eotQun72AycwOAYIKwYB +BQUHAQEELDAqMCgGCCsGAQUFBzABhhxodHRwOi8vbG9jYWxob3N0OjgxMDAvc3Rh +dHVzMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEAQpSUJQXV+p+9FuOPEyF6xL/GRpoeqImRCwPr6lKInq1JxL7egxtguBch7hzg +kkk4JADfXfl2bnyZEExN9oAYNeaZoPxW9dM755xuDfPXT1xgknNg06MTPytkCzAL +U5PXfcIMnIOktNtA/CntaP3NNh8P+B5KwLhTcPbGAsGW9noMVKrgRgDaDm0F+lpE +jvwOqM1UhxB5YeVzfTmGynqCMBDI6QE0z4xysIhIg8NUm75cPIjPpSfWDzc9wBu8 +NnL48Bh9uMkFe9UZUTE82bvCa9Xco8/isPy1909kDdWpQzckkCEqSffkzVlbvAqk +M+4fGvEtyzoRpDDbCuWrvZ1Xgg== +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDG1MtJvxtfMiDU +ICDPOMbb+bkYiyifWHj8DVqMRONn12kA7HatlD/0oJVdIkMZOomzhwHQ2yJ/g1Sa +ebLm98jik8W0iQNms8lkE/0YZIToMVsacD7/z9pklBsebMpULxdqI5sj+1rWjn3R +gvSQSw5J8kY2W4Yk/eI7VkUKJlYZOKRBwel3/DURJXmrqCo7Ipzd4rfqTar4j0Qd +fDW6kMj/H6nShrCy/PqglKqJBC2Xzw6IPE/mHCAXQQM4VJZvWesJfdWll3gcsBTr +g0KSaX509zBxth2dL6GJ57JEPfNdMUphc0gNGHDgB6z2cL17d9LDZ9XHrUNJDNM/ +sFSzcr5hAgMBAAECggEBAJLo0ZeYu7m3ySfS4UsbMVuBhTDMSWSLM0FRAJFZqQil +0bDcBsg0HJk8OYBJ+3fdl7btTvspnrDGsbE9sGEVvfkjpFXDUp8Ewg3O8xed1dHV +/fFn9DSBOGVORUdSrKBM9yj2S//nDXQwbmhqMReYTWN3vkcVkuUsLYcYNATO1Jjm +wnIMLo5Ks6YTXP1XFL68T4aYHB1Pw4TpEPt5EaHCp8NUb8jgVMIi82LZGMQFTsGw +wiJ+47lkC1eG/rW9jC6LxRnVjQzZEMXMSxt0u1DewkrY0gjhCZ45zxAQs6y/pwkg +1VugHsN1mZgtmDP+fwwRJoIOkcW6imvWirNd6QEqVNECgYEA6IGqlRojAIpggZ/b +MzCjYnB3ovoLhPBZbRrZf9qKBRlHjohel64EGXGBRvO/oLoLGgV86dgxdjpam8g1 +x0a1a57mE8nepV/KsLuaBeXC0Xtmjj5mkLqcqpJePLvpvDpkhqi+Ma8vye1YRDJ3 ++D2h/OBEvDcVQUOR7TkOmhShpQUCgYEA2uwJWSSv036mHtTKrOaSwY6dnTEIP8D5 +P8OngqBV45+oAzJCi0C+4vYXuIu0I4RwGl4lu6Uv/sv0R88MOgpVe+GzHz8bWq/t +ZV9pz9Pnnf/l3KA2RZN4uEROl7Qjc5tcBavU5Ulz1KcvJ/Z46meFLYpV07sLcBg+ +MCF0Fijycq0CgYAl0noSWTcabmg2je+VizL433zGuVBIZuTVN8nr33wWSj92sz5Y +BEnMbcdu6FXi6oDF0eC5FZ8uMV3t+4qsCReYEzgwPeWHF2ccitgKX47qjt1nBEWh +A4pawQatcJAcO4+AzFBsOqhWe9Kg/WjArB3+yejEiV1eyYQih+aVMAf/lQKBgFU0 +VrMWP0R+X2NSiItgti+VNSzv33kIvzmdCb4ibytHgVm1HwcZrPGivDq8TOEh84uf +punwccymTq4AHI8eZITxpAh+REQ4gpnY19Lmc5gf97O1u0m7CtoU483Rc5bUGa2v +Yg3XV7ilVQoluIvqvH+r/pmIi/wVw2ZyLr9NMoeFAoGAT1fUe5aUUsp7tDubEdLo +CnI9VrMBMM5pgzXLt1nnLUNAvNF260XOTkDb/1H1Q5op7LM13EK0sTnh37hXPEhq +dZmln20VKN5jzhAbJC6JTT8of3cOXIS3McAkf291rC4EMEuDSAev95GSdhHzGF5s +e+wYduYG/HT4/5UyP3Cs8yA= +-----END PRIVATE KEY----- diff --git a/jstests/libs/ocsp_server_intermediate_appended.pem b/jstests/libs/ocsp_server_intermediate_appended.pem new file mode 100644 index 00000000000..317bb9ecb14 --- /dev/null +++ b/jstests/libs/ocsp_server_intermediate_appended.pem @@ -0,0 +1,26 @@ + +-----BEGIN CERTIFICATE----- +MIIELzCCAxegAwIBAgIEc3NuKDANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJV +UzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAO +BgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEhMB8GA1UEAwwYSW50ZXJt +ZWRpYXRlIENBIGZvciBPQ1NQMB4XDTIwMDQyMTE5MTQ1MloXDTQwMDQyMzE5MTQ1 +MlowgYIxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwN +TmV3IFlvcmsgQ2l0eTEQMA4GA1UECgwHTW9uZ29EQjEPMA0GA1UECwwGS2VybmVs +MSUwIwYDVQQDDBxTZXJ2ZXIgT0NTUCBWaWEgSW50ZXJtZWRpYXRlMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8o7m7QpIMUZ2r6HOmhuqNF25x0odb9Bg +rSLm7Hvb3WBu6jwWPrrnPerR/nODVEY4Qo7mOclgCsooJx3HaPYPgRYffRQMJ+I5 +lpvsRsBjW7CnS0amz9QcbGnIhMeFU45gCn51CTLPoBJ7hB9F4Z02bOJEMkkXkhtm +kkiVysUs6po+t2+w8tojOScZdeDUtwfStKJ7Xb9B79Ko3BCcITXJUxDBcqUEJF+E +v3YQuQg/QKNTO+L39aFFo8WNfuP09txdjT/+T8PZq826ccohRdSrJ5lq1hXmmKXp +3p6Ut35aE4tjj6KSjDonMkYcvdNHQ0aL2p8x4JjwgwAuNwawTUbYIwIDAQABo4Gv +MIGsMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAdBgNVHQ4EFgQUyC6Gv0rfoato44VsaVig1SmminYwOAYIKwYB +BQUHAQEELDAqMCgGCCsGAQUFBzABhhxodHRwOi8vbG9jYWxob3N0OjgxMDAvc3Rh +dHVzMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEAogdunlFL04lqVbZyqPvN/5TtrEtM87invrzTYZ8UmT5Q4Kr8mHRsumBuVwDu +bE+umrPtQVvu0XYqsjmjmOk7hTIK6PFuF6rLQCUBHVXBZggTNKFFBWphQ8odUbPG +FmOqSlkZAkcNo3dLpxRbfDru2ARxeE2+sRCPWwUZc7utqpLoZ0deuKdDSlA/VcGJ +5wf0sjmcjvJRRUSYeJcUox4ySL+4WtFu33LhYZKgnrMNegaJ6UyIlwB4ihMyi9sV +yDlsY+vGqivqqMUw8V6tdUekCYPUlHWXeICqsRIBII+xMzqTv1rXPzNyAvyVYrBi +hG10rdLfnQWn2vpYKU5b3Vo1yg== +-----END CERTIFICATE----- diff --git a/jstests/ocsp/lib/mock_ocsp.js b/jstests/ocsp/lib/mock_ocsp.js index 2827ece5e4c..1896b2943c0 100644 --- a/jstests/ocsp/lib/mock_ocsp.js +++ b/jstests/ocsp/lib/mock_ocsp.js @@ -28,8 +28,9 @@ class ResponderCertSet { const OCSP_DELEGATE_RESPONDER = new ResponderCertSet(OCSP_CA_PEM, OCSP_RESPONDER_CERT, OCSP_RESPONDER_KEY); const OCSP_CA_RESPONDER = new ResponderCertSet(OCSP_CA_PEM, OCSP_CA_CERT, OCSP_CA_KEY); -const OCSP_INTERMEDIATE_RESPONDER = new ResponderCertSet( - OCSP_INTERMEDIATE_CA_PEM, OCSP_INTERMEDIATE_CA_CERT, OCSP_INTERMEDIATE_CA_KEY); +const OCSP_INTERMEDIATE_RESPONDER = new ResponderCertSet(OCSP_INTERMEDIATE_CA_WITH_ROOT_PEM, + OCSP_INTERMEDIATE_CA_ONLY_CERT, + OCSP_INTERMEDIATE_CA_ONLY_KEY); class MockOCSPServer { /** diff --git a/jstests/ocsp/lib/ocsp_helpers.js b/jstests/ocsp/lib/ocsp_helpers.js index 6725a0ae62b..150fa7b4442 100644 --- a/jstests/ocsp/lib/ocsp_helpers.js +++ b/jstests/ocsp/lib/ocsp_helpers.js @@ -13,10 +13,13 @@ const OCSP_SERVER_MUSTSTAPLE_CERT = "jstests/libs/ocsp/server_ocsp_mustStaple.pe const OCSP_SERVER_CERT_REVOKED = "jstests/libs/ocsp/server_ocsp_revoked.pem"; const OCSP_RESPONDER_CERT = "jstests/libs/ocsp/ocsp_responder.crt"; const OCSP_RESPONDER_KEY = "jstests/libs/ocsp/ocsp_responder.key"; -const OCSP_INTERMEDIATE_CA_PEM = "jstests/libs/ocsp/intermediate_ca_ocsp.pem"; -const OCSP_INTERMEDIATE_CA_CERT = "jstests/libs/ocsp/intermediate_ca_ocsp.crt"; -const OCSP_INTERMEDIATE_CA_KEY = "jstests/libs/ocsp/intermediate_ca_ocsp.key"; -const OCSP_SERVER_INTERMEDIATE_CA_CERT = "jstests/libs/ocsp/server_intermediate_ca_ocsp.pem"; +const OCSP_INTERMEDIATE_CA_WITH_ROOT_PEM = "jstests/libs/ocsp/intermediate_ca_with_root_ocsp.pem"; +const OCSP_INTERMEDIATE_CA_ONLY_CERT = "jstests/libs/ocsp/intermediate_ca_only_ocsp.crt"; +const OCSP_INTERMEDIATE_CA_ONLY_KEY = "jstests/libs/ocsp/intermediate_ca_only_ocsp.key"; +const OCSP_SERVER_SIGNED_BY_INTERMEDIATE_CA_PEM = + "jstests/libs/ocsp/server_signed_by_intermediate_ca_ocsp.pem"; +const OCSP_SERVER_AND_INTERMEDIATE_APPENDED_PEM = + "jstests/libs/ocsp/server_and_intermediate_ca_appended_ocsp.pem"; var clearOCSPCache = function() { let provider = determineSSLProvider(); diff --git a/jstests/ocsp/ocsp_basic_ca_responder.js b/jstests/ocsp/ocsp_basic_ca_responder.js index f3a7ca3d9fe..8a250ba914d 100644 --- a/jstests/ocsp/ocsp_basic_ca_responder.js +++ b/jstests/ocsp/ocsp_basic_ca_responder.js @@ -53,10 +53,12 @@ function test(serverCert, caCert, responderCertPair) { test(OCSP_SERVER_CERT, OCSP_CA_PEM, OCSP_CA_RESPONDER); -// TODO: SERVER-47963 - remove this platform check. if (determineSSLProvider() === "windows") { return; } -test(OCSP_SERVER_INTERMEDIATE_CA_CERT, OCSP_INTERMEDIATE_CA_PEM, OCSP_INTERMEDIATE_RESPONDER); +test(OCSP_SERVER_SIGNED_BY_INTERMEDIATE_CA_PEM, + OCSP_INTERMEDIATE_CA_WITH_ROOT_PEM, + OCSP_INTERMEDIATE_RESPONDER); +test(OCSP_SERVER_AND_INTERMEDIATE_APPENDED_PEM, OCSP_CA_PEM, OCSP_INTERMEDIATE_RESPONDER); }());
\ No newline at end of file diff --git a/jstests/ocsp/ocsp_stapling.js b/jstests/ocsp/ocsp_stapling.js index 69ac0866a02..e2735f758d9 100644 --- a/jstests/ocsp/ocsp_stapling.js +++ b/jstests/ocsp/ocsp_stapling.js @@ -1,4 +1,4 @@ -// Check that OCSP verification works +// Check that OCSP stapling works // @tags: [requires_http_client, requires_ocsp_stapling] load("jstests/ocsp/lib/mock_ocsp.js"); @@ -85,5 +85,8 @@ function test(serverCert, caCert, responderCertPair) { test(OCSP_SERVER_CERT, OCSP_CA_PEM, OCSP_DELEGATE_RESPONDER); test(OCSP_SERVER_CERT, OCSP_CA_PEM, OCSP_CA_RESPONDER); -test(OCSP_SERVER_INTERMEDIATE_CA_CERT, OCSP_INTERMEDIATE_CA_PEM, OCSP_INTERMEDIATE_RESPONDER); +test(OCSP_SERVER_SIGNED_BY_INTERMEDIATE_CA_PEM, + OCSP_INTERMEDIATE_CA_WITH_ROOT_PEM, + OCSP_INTERMEDIATE_RESPONDER); +test(OCSP_SERVER_AND_INTERMEDIATE_APPENDED_PEM, OCSP_CA_PEM, OCSP_INTERMEDIATE_RESPONDER); }()); diff --git a/jstests/ocsp/ocsp_unable_to_staple_log.js b/jstests/ocsp/ocsp_unable_to_staple_log.js new file mode 100644 index 00000000000..f09d892ae80 --- /dev/null +++ b/jstests/ocsp/ocsp_unable_to_staple_log.js @@ -0,0 +1,35 @@ +// Check that log messages for OCSP stapling work +// @tags: [requires_http_client, requires_ocsp_stapling] + +load("jstests/ocsp/lib/mock_ocsp.js"); + +(function() { +"use strict"; + +if (!supportsStapling()) { + return; +} + +const logPath = MongoRunner.dataPath + "mongod.log"; + +const ocsp_options = { + logpath: logPath, + sslMode: "requireSSL", + sslPEMKeyFile: OCSP_SERVER_SIGNED_BY_INTERMEDIATE_CA_PEM, + sslCAFile: OCSP_CA_PEM, + sslAllowInvalidHostnames: "", + waitForConnect: false, +}; + +// Because waitForConnect is off, we need to wait for the process to create the +// mongod logfile, hence the sleep. +const conn = MongoRunner.runMongod(ocsp_options); +sleep(5000); + +const failedToStapleID = 5512202; +assert.soon(() => { + return cat(logPath).trim().split("\n").some((line) => JSON.parse(line).id === failedToStapleID); +}); + +MongoRunner.stopMongod(conn); +})();
\ No newline at end of file diff --git a/jstests/ssl/x509/certs.yml b/jstests/ssl/x509/certs.yml index ba303ffb5c6..b567c228939 100644 --- a/jstests/ssl/x509/certs.yml +++ b/jstests/ssl/x509/certs.yml @@ -428,27 +428,49 @@ certs: extendedKeyUsage: [clientAuth] # Intermediate OCSP tree -- name: 'intermediate_ca_ocsp.pem' +- name: 'intermediate_ca_only_ocsp.pem' description: CA issued by the primary OCSP CA, which then issues its own server OCSP cert. Subject: {CN: 'Intermediate CA for OCSP'} Issuer: 'ca_ocsp.pem' include_header: false - append_cert: 'ca_ocsp.pem' output_path: 'jstests/libs/ocsp/' - keyfile: 'intermediate_ca_ocsp.key' - crtfile: 'intermediate_ca_ocsp.crt' + keyfile: 'intermediate_ca_only_ocsp.key' + crtfile: 'intermediate_ca_only_ocsp.crt' extensions: subjectKeyIdentifier: hash basicConstraints: critical: true CA: true -- name: 'server_intermediate_ca_ocsp.pem' +- name: 'intermediate_ca_with_root_ocsp.pem' + description: OCSP CA and OCSP Intermediate appended together + output_path: 'jstests/libs/ocsp/' + include_header: false + append_cert: ['intermediate_ca_only_ocsp.pem', 'ca_ocsp.pem'] + +- name: 'server_signed_by_intermediate_ca_ocsp.pem' + description: Server OCSP certificate signed by intermediate CA. + Subject: {CN: 'Server OCSP Via Intermediate'} + Issuer: 'intermediate_ca_only_ocsp.pem' + include_header: false + output_path: 'jstests/libs/ocsp/' + extensions: + basicConstraints: {CA: false} + subjectAltName: + DNS: localhost + IP: 127.0.0.1 + authorityInfoAccess: 'OCSP;URI:http://localhost:8100/status' + subjectKeyIdentifier: hash + keyUsage: [digitalSignature, keyEncipherment] + extendedKeyUsage: [serverAuth, clientAuth] + +- name: 'server_and_intermediate_ca_appended_ocsp.pem' description: Server OCSP certificate signed by intermediate CA. Subject: {CN: 'Server OCSP Via Intermediate'} - Issuer: 'intermediate_ca_ocsp.pem' + Issuer: 'intermediate_ca_only_ocsp.pem' include_header: false output_path: 'jstests/libs/ocsp/' + append_cert: 'intermediate_ca_only_ocsp.pem' extensions: basicConstraints: {CA: false} subjectAltName: diff --git a/jstests/ssl/x509/mkcert.py b/jstests/ssl/x509/mkcert.py index 10dcda73afd..150be632ac5 100755 --- a/jstests/ssl/x509/mkcert.py +++ b/jstests/ssl/x509/mkcert.py @@ -777,7 +777,7 @@ def main(): global CONFIG items_to_process = parse_command_line() - CONFIG = yaml.load(open(CONFIGFILE, 'r')) + CONFIG = yaml.load(open(CONFIGFILE, 'r'), Loader=yaml.FullLoader) validate_config() items = select_items(items_to_process) items = sort_items(items) diff --git a/src/mongo/util/net/ssl_manager_openssl.cpp b/src/mongo/util/net/ssl_manager_openssl.cpp index 5f4a50bba83..9e09884315b 100644 --- a/src/mongo/util/net/ssl_manager_openssl.cpp +++ b/src/mongo/util/net/ssl_manager_openssl.cpp @@ -1872,6 +1872,11 @@ Status OCSPFetcher::start(SSL_CTX* context, bool asyncOCSPStaple) { fetchAndStaple(promisePtr) .getAsync([this, sm = _manager->shared_from_this()]( StatusWith<Milliseconds> swDurationInitial) mutable { + if (!swDurationInitial.isOK()) { + LOGV2_WARNING(5512202, + "Server was unable to staple OCSP Response", + "reason"_attr = swDurationInitial.getStatus()); + } startPeriodicJob(swDurationInitial); }); @@ -1922,6 +1927,12 @@ void OCSPFetcher::startPeriodicJob(StatusWith<Milliseconds> swDurationInitial) { void OCSPFetcher::doPeriodicJob() { fetchAndStaple(nullptr).getAsync( [this, sm = _manager->shared_from_this()](StatusWith<Milliseconds> swDuration) { + if (!swDuration.isOK()) { + LOGV2_WARNING(5512201, + "Server was unable to staple OCSP Response", + "reason"_attr = swDuration.getStatus()); + } + stdx::lock_guard<Latch> lock(this->_staplingMutex); if (_shutdown) { @@ -1931,6 +1942,15 @@ void OCSPFetcher::doPeriodicJob() { this->_ocspStaplingAnchor.setPeriod(getPeriodForStapleJob(swDuration)); }); } +#if OPENSSL_VERSION_NUMBER < 0x10100000L +void sslContextGetOtherCerts(SSL_CTX* ctx, STACK_OF(X509) * *sk) { + SSL_CTX_get_extra_chain_certs(ctx, sk); +} +#else +void sslContextGetOtherCerts(SSL_CTX* ctx, STACK_OF(X509) * *sk) { + SSL_CTX_get0_chain_certs(ctx, sk); +} +#endif Future<Milliseconds> OCSPFetcher::fetchAndStaple(Promise<void>* promise) { // Generate a new verified X509StoreContext to get our own certificate chain @@ -1944,6 +1964,10 @@ Future<Milliseconds> OCSPFetcher::fetchAndStaple(Promise<void>* promise) { } X509_STORE_CTX_set_cert(storeCtx.get(), _cert); + STACK_OF(X509) * sk; + + sslContextGetOtherCerts(_context, &sk); + X509_STORE_CTX_set_chain(storeCtx.get(), sk); if (X509_verify_cert(storeCtx.get()) <= 0) { return getSSLFailure("Could not verify X509 certificate store for OCSP Stapling."); |