diff --git a/collects/tests/openssl/cacert.pem b/collects/tests/openssl/cacert.pem new file mode 100644 index 0000000000..156dd16fce --- /dev/null +++ b/collects/tests/openssl/cacert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDnTCCAoWgAwIBAgIJAI1o0DxhqPigMA0GCSqGSIb3DQEBBAUAMIGEMRQwEgYD +VQQDEwtva2NvbXBzLmNvbTELMAkGA1UECBMCT0gxCzAJBgNVBAYTAlVTMR8wHQYJ +KoZIhvcNAQkBFhByb290QG9rY29tcHMuY29tMRkwFwYDVQQKExBPSyBDb21wdXRl +cnMgTExDMRYwFAYDVQQLEw1JVCBEZXBhcnRtZW50MB4XDTExMDEyMTEzMTEwNloX +DTE2MDEyMDEzMTEwNlowgYQxFDASBgNVBAMTC29rY29tcHMuY29tMQswCQYDVQQI +EwJPSDELMAkGA1UEBhMCVVMxHzAdBgkqhkiG9w0BCQEWEHJvb3RAb2tjb21wcy5j +b20xGTAXBgNVBAoTEE9LIENvbXB1dGVycyBMTEMxFjAUBgNVBAsTDUlUIERlcGFy +dG1lbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTouNqzEoG/eof +H75hyNEd7VFRjbBddbu1194eCzfqmiNYacTx8Xhphf9fRNkR5Bznz5dfIrzFqvBJ +dv4H5BZrZ4cGqDLOdYQtxPdgq5DzfsjIxtck9XKEyZSfV/K2gm1mnqtJ/fYiL2Wm +Oawrjgtvm3rS/3p0kk/vlS74VfuUX68/S+DgfUX3dvrKXqJn4skcxy1cEt+8GBsH +CsfwZC3oh+Oi2HO9bmMatp0OgxvuEyc3cwTbdR9JWOs/7eQeGIp6zYwChJqpajSM +WfwBfY+oQazZrZGbVY+MDPHGD7QTdHn8P0RPCqZpz3f7RnL3Emc1XXGuZBnRa7sv +KWUsCiP9AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADggEB +AF6ifcd9/uawOKBAvhMrAS7gTFHXSdc+KoVlPp4SM6+6rllrmxGoGrvXv2NQKjiG +4Vz0AENCk5vd/i8U2+wkBXnDQFE2ckZwiao33Z4FBq1BYtOP3+mxcg9DDuz2fywn +LCRBVVVeTXEdoAs3kzMjArPGCP4nXzyGD8zQDv9pcSHJfafPf45Sf1QHhPIm8DdL +Z2uQQ9aZwMPQwWjVEhPIbB2eXLnRMEMH9JE9mKEhN+epKljyLDADXs+bSkg3QMaT +d3Bqv9wjBrH2tztqVkq0os0tRFUlVPB6g0ave0Dgp99LolbQJbYlGas6CISS6ueD +plEJK3Mrw7v832Wqnjx8vhE= +-----END CERTIFICATE----- diff --git a/collects/tests/openssl/client_crt.pem b/collects/tests/openssl/client_crt.pem new file mode 100644 index 0000000000..00445e9105 --- /dev/null +++ b/collects/tests/openssl/client_crt.pem @@ -0,0 +1,67 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: md5WithRSAEncryption + Issuer: CN=okcomps.com, ST=OH, C=US/emailAddress=root@okcomps.com, O=OK Computers LLC, OU=IT Department + Validity + Not Before: Jan 22 16:49:23 2011 GMT + Not After : Jan 21 16:49:23 2016 GMT + Subject: CN=testclient.okcomps.com, ST=OH, C=US/emailAddress=root@okcomps.com, O=OK Computers LLC, OU=IT + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:e3:a1:8c:40:df:26:a5:52:31:f2:65:94:fa:f3: + 32:1a:a1:d1:06:e3:32:f4:ae:17:27:38:49:c4:8f: + f0:6a:61:4a:b1:12:a8:ff:22:5e:a8:b8:d2:be:24: + 83:1d:48:e4:62:8d:b8:a3:a0:b7:68:d2:dc:53:11: + fd:cd:87:67:7e:30:76:41:18:d4:97:7d:4f:75:8c: + b3:17:6a:d4:5f:e2:fa:4c:c3:e0:a5:2b:d5:b2:f0: + 9a:fc:8c:ec:fb:99:8c:51:b0:62:54:91:c2:64:d1: + 79:41:da:8f:88:40:76:81:29:d0:0a:f7:63:51:76: + 7a:23:f1:ca:57:d1:0e:1b:b5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:alt.tradeshowhell.com + X509v3 Basic Constraints: + CA:FALSE + Netscape Cert Type: + SSL Client + Signature Algorithm: md5WithRSAEncryption + d0:1c:c8:74:87:06:0b:96:3d:05:4e:19:e4:19:9e:0a:12:76: + 57:c7:a3:24:34:dd:af:e9:67:cd:99:2a:43:d7:e6:b6:18:eb: + b4:b0:63:be:e6:d8:ff:99:95:81:a7:88:b9:68:b9:0e:2f:cb: + 2b:2b:7c:0e:c4:66:d3:f4:89:91:ba:03:0a:35:e1:6b:19:0e: + 41:c8:f3:3c:bf:47:c1:60:ee:88:74:0a:41:08:4e:82:be:ae: + 46:b0:31:8d:f8:10:84:1a:af:03:52:39:87:b7:46:2f:7f:2e: + f1:a6:03:4e:3c:bb:ea:0c:08:8f:77:17:b7:c8:d2:a5:a7:a0: + 56:9b:c8:5b:53:d1:36:01:96:85:46:c9:73:e5:cf:40:8c:fa: + b2:c1:be:3e:8f:24:97:c3:35:ec:45:59:b3:f4:9b:3f:b0:50: + 5d:2b:d3:19:11:c6:5d:c1:61:26:db:34:4a:69:46:5a:c1:f2: + 43:f9:5a:4d:71:44:2a:62:28:c0:ac:51:63:35:88:cc:6d:9a: + db:7b:d1:a1:a2:e4:86:96:83:48:73:7f:c9:a3:05:e6:46:82: + 1c:b4:99:9e:7a:b6:1e:87:08:e6:1d:b1:04:0f:ed:19:a6:b1: + ce:71:47:ce:73:de:8c:d8:13:aa:a8:6f:b0:04:0c:9b:b7:d1: + 61:da:90:e3 +-----BEGIN CERTIFICATE----- +MIIDQzCCAiugAwIBAgIBBDANBgkqhkiG9w0BAQQFADCBhDEUMBIGA1UEAxMLb2tj +b21wcy5jb20xCzAJBgNVBAgTAk9IMQswCQYDVQQGEwJVUzEfMB0GCSqGSIb3DQEJ +ARYQcm9vdEBva2NvbXBzLmNvbTEZMBcGA1UEChMQT0sgQ29tcHV0ZXJzIExMQzEW +MBQGA1UECxMNSVQgRGVwYXJ0bWVudDAeFw0xMTAxMjIxNjQ5MjNaFw0xNjAxMjEx +NjQ5MjNaMIGEMR8wHQYDVQQDExZ0ZXN0Y2xpZW50Lm9rY29tcHMuY29tMQswCQYD +VQQIEwJPSDELMAkGA1UEBhMCVVMxHzAdBgkqhkiG9w0BCQEWEHJvb3RAb2tjb21w +cy5jb20xGTAXBgNVBAoTEE9LIENvbXB1dGVycyBMTEMxCzAJBgNVBAsTAklUMIGf +MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjoYxA3yalUjHyZZT68zIaodEG4zL0 +rhcnOEnEj/BqYUqxEqj/Il6ouNK+JIMdSORijbijoLdo0txTEf3Nh2d+MHZBGNSX +fU91jLMXatRf4vpMw+ClK9Wy8Jr8jOz7mYxRsGJUkcJk0XlB2o+IQHaBKdAK92NR +dnoj8cpX0Q4btQIDAQABo0IwQDAgBgNVHREEGTAXghVhbHQudHJhZGVzaG93aGVs +bC5jb20wCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQEE +BQADggEBANAcyHSHBguWPQVOGeQZngoSdlfHoyQ03a/pZ82ZKkPX5rYY67SwY77m +2P+ZlYGniLlouQ4vyysrfA7EZtP0iZG6Awo14WsZDkHI8zy/R8Fg7oh0CkEIToK+ +rkawMY34EIQarwNSOYe3Ri9/LvGmA048u+oMCI93F7fI0qWnoFabyFtT0TYBloVG +yXPlz0CM+rLBvj6PJJfDNexFWbP0mz+wUF0r0xkRxl3BYSbbNEppRlrB8kP5Wk1x +RCpiKMCsUWM1iMxtmtt70aGi5IaWg0hzf8mjBeZGghy0mZ56th6HCOYdsQQP7Rmm +sc5xR85z3ozYE6qob7AEDJu30WHakOM= +-----END CERTIFICATE----- diff --git a/collects/tests/openssl/client_key.pem b/collects/tests/openssl/client_key.pem new file mode 100644 index 0000000000..97a1657ee5 --- /dev/null +++ b/collects/tests/openssl/client_key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDjoYxA3yalUjHyZZT68zIaodEG4zL0rhcnOEnEj/BqYUqxEqj/ +Il6ouNK+JIMdSORijbijoLdo0txTEf3Nh2d+MHZBGNSXfU91jLMXatRf4vpMw+Cl +K9Wy8Jr8jOz7mYxRsGJUkcJk0XlB2o+IQHaBKdAK92NRdnoj8cpX0Q4btQIDAQAB +AoGAPgUF8abbILAEa8bBkJ4ySI9OJFJCz+ee51CuyJ9vIYzgjN5IrTrwD4hL4wKP +tqrljvSOGgbv8d+BqCB+xkDeMT/mFBOyCKrrOX7TSSvVfu9ihRtiy7v2vjodwTNq +L82JKscJXTwgR3QrJv6JPb/iZItbweFE4/UWMFDEd7J+dQECQQD5WzSmGTxWdvjx +l+jhdVQmA6O87txBPAJP+hAfq/ViAIwVxEeDTBDYKHXBAzIjSpigerG6WkW8AeCQ +2aDJOnRHAkEA6bIo+1xwwhZb42kPWiLKhW4bwKM7K7Y3uetQMehu8BOubr6QMHKb +QCjz3/e+ldQ3tV9AgcFmp0juZ4YoBTcaIwJAPVZjIAyLHBXN7NfaUENlPKieiWYU +RfO1+ehgOPo6tS2/R8dtc+2tIw7o0F6x4Z6C5s7nkxiLmNC5Zcgy1e0MFwJBAIwP +WPx9RJ8uI1hCKQ9Odq5NdZiYu+fQx8lHvMKMmaCNSyfYUjaXGXD0mmUK6FCH5fNv +6QtbTBjKXwfwoZ+ujJ0CQHAOCJY1vtycRYFh7B+A6Emp/w5aJAqJqS4A79FjCf3N +w8MwJrAPTXvKILEnvhuW5uxg5VXqndK/gz+6z/eZyS4= +-----END RSA PRIVATE KEY----- diff --git a/collects/tests/openssl/peer-verif.rkt b/collects/tests/openssl/peer-verif.rkt new file mode 100644 index 0000000000..a40f986507 --- /dev/null +++ b/collects/tests/openssl/peer-verif.rkt @@ -0,0 +1,72 @@ +#lang racket + +(require openssl + ffi/unsafe + racket/tcp) + +(define (check fmt got expect) + (unless (equal? got expect) + (error 'check fmt got))) + +(define ssl-server-context (ssl-make-server-context 'sslv3)) + + +(ssl-load-private-key! ssl-server-context "server_key.pem") +(ssl-load-certificate-chain! ssl-server-context "server_crt.pem") +(ssl-load-verify-root-certificates! ssl-server-context "cacert.pem") +(ssl-try-verify! ssl-server-context #t) + +(define ssl-listener (ssl-listen 55000 + 4 + #f + "127.0.0.1" + ssl-server-context)) + +(define listener-main + (thread + (lambda() + (let-values ([(in out) (ssl-accept ssl-listener)]) + (check "Server: Accepted connection.~n" #t #t) + (check "Server: Verified ~v~n" (ssl-peer-verified? in) #t) + (check "Server: Verified ~v~n" (ssl-peer-verified? out) #t) + (check "Server: Verified Peer Subject Name ~v~n" (ssl-peer-subject-name in) + #"/CN=testclient.okcomps.com/ST=OH/C=US/emailAddress=root@okcomps.com/O=OK Computers LLC/OU=IT") + (check "Server: Verified Peer Issuer Name ~v~n" (ssl-peer-issuer-name in) + #"/CN=okcomps.com/ST=OH/C=US/emailAddress=root@okcomps.com/O=OK Computers LLC/OU=IT Department") + (ssl-close ssl-listener) + (check "Server: From Client: ~a~n" (read-line in) "yay the connection was made") + (close-input-port in) + (close-output-port out))))) + + +(define ssl-client-context (ssl-make-client-context 'sslv3)) + +(ssl-load-private-key! ssl-client-context "client_key.pem") + +;connection will still proceed if these methods aren't called +;change to #f to try it +(when #t + (ssl-load-certificate-chain! ssl-client-context "client_crt.pem") + (ssl-load-verify-root-certificates! ssl-client-context "cacert.pem") + (ssl-set-verify! ssl-client-context #t)) + + +(let-values ([(in out) (ssl-connect "127.0.0.1" + 55000 + ssl-client-context)]) + (check "Client: Made connection.~n" #t #t) + (check "Client: Verified ~v~n" (ssl-peer-verified? in) #t) + (check "Client: Verified ~v~n" (ssl-peer-verified? out) #t) + (check "Client: Verified Peer Subject Name ~v~n" (ssl-peer-subject-name in) + #"/CN=test.okcomps.com/ST=OH/C=US/emailAddress=root@okcomps.com/O=OK Computers LLC/OU=IT") + (check "Client: Verified Peer Issuer Name ~v~n" (ssl-peer-issuer-name in) + #"/CN=okcomps.com/ST=OH/C=US/emailAddress=root@okcomps.com/O=OK Computers LLC/OU=IT Department") + (write-string (format "yay the connection was made~n") out) + (close-input-port in) + (close-output-port out)) + + +(thread-wait listener-main) + +;certificate revocation list +;enables denial of connections that provide a certificate on the given certificate revocation list diff --git a/collects/tests/openssl/server_crt.pem b/collects/tests/openssl/server_crt.pem new file mode 100644 index 0000000000..ca7f43cf20 --- /dev/null +++ b/collects/tests/openssl/server_crt.pem @@ -0,0 +1,67 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: md5WithRSAEncryption + Issuer: CN=okcomps.com, ST=OH, C=US/emailAddress=root@okcomps.com, O=OK Computers LLC, OU=IT Department + Validity + Not Before: Jan 21 13:19:20 2011 GMT + Not After : Jan 20 13:19:20 2016 GMT + Subject: CN=test.okcomps.com, ST=OH, C=US/emailAddress=root@okcomps.com, O=OK Computers LLC, OU=IT + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:ca:d0:a2:7c:5d:0c:bc:df:3b:1c:d2:b7:d4:b3: + 68:12:1b:3a:df:5e:75:f6:9f:71:1a:b2:29:76:e7: + 55:eb:2d:d2:cf:c1:a7:2f:54:91:68:cc:f0:ce:10: + 42:d4:d2:82:0d:56:f0:16:aa:a8:a4:f3:4f:c3:f7: + 55:3c:a0:90:c3:a9:04:63:86:90:7f:64:49:77:0d: + 9b:7b:02:e2:04:ec:52:08:c4:01:72:e4:e6:89:18: + f6:fc:cc:8d:b6:9b:24:f4:c6:a9:78:67:e4:15:d4: + 68:1e:da:67:4f:d9:40:48:44:f0:9a:ae:5a:87:24: + 2a:b5:2e:83:d6:ad:f4:e5:9b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:alt.tradeshowhell.com + X509v3 Basic Constraints: + CA:FALSE + Netscape Cert Type: + SSL Server + Signature Algorithm: md5WithRSAEncryption + ab:c9:75:73:f9:79:31:34:b9:3b:83:2f:3f:9e:4e:33:01:98: + 37:9b:bd:08:d6:14:ea:d9:a1:fa:7a:0d:ae:dc:00:fd:a6:01: + ba:3e:d6:ed:8b:8d:43:ba:41:51:08:c6:c5:db:84:34:34:07: + 17:19:35:5d:8c:7f:37:b8:c1:02:c3:22:d9:dc:f4:85:4d:1c: + 6e:44:43:0d:7a:5a:de:4c:ba:a3:4b:a3:9b:07:3a:dd:f0:69: + 3d:89:65:e4:0d:f6:0d:04:58:00:74:b6:11:5e:e2:a7:1c:8d: + d4:83:e3:9b:93:85:f7:d1:7c:5f:67:0c:38:02:1f:d6:44:0d: + 73:22:5f:d2:ff:e1:ef:be:11:e4:e7:1c:b7:d6:8b:b6:78:bb: + 09:e1:46:94:48:24:98:88:b2:6d:27:2a:85:5a:cd:34:b5:c4: + 74:1b:58:97:f8:4a:aa:13:e1:13:4d:86:80:36:b2:9a:31:3a: + be:3f:c7:1b:76:71:e9:b5:7d:4b:61:9b:59:ad:c7:1b:2e:b8: + 7c:bd:6f:f8:06:44:eb:7b:fd:53:45:b0:fa:a4:37:b4:56:e2: + 87:ba:d4:5c:49:db:7d:31:a4:42:d3:d7:47:a3:6f:cb:e3:9d: + 5c:be:2e:eb:1b:0a:06:e2:ce:d6:c4:81:c2:c1:85:36:dc:4c: + 03:5b:b3:14 +-----BEGIN CERTIFICATE----- +MIIDPDCCAiSgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBhDEUMBIGA1UEAxMLb2tj +b21wcy5jb20xCzAJBgNVBAgTAk9IMQswCQYDVQQGEwJVUzEfMB0GCSqGSIb3DQEJ +ARYQcm9vdEBva2NvbXBzLmNvbTEZMBcGA1UEChMQT0sgQ29tcHV0ZXJzIExMQzEW +MBQGA1UECxMNSVQgRGVwYXJ0bWVudDAeFw0xMTAxMjExMzE5MjBaFw0xNjAxMjAx +MzE5MjBaMH4xGTAXBgNVBAMTEHRlc3Qub2tjb21wcy5jb20xCzAJBgNVBAgTAk9I +MQswCQYDVQQGEwJVUzEfMB0GCSqGSIb3DQEJARYQcm9vdEBva2NvbXBzLmNvbTEZ +MBcGA1UEChMQT0sgQ29tcHV0ZXJzIExMQzELMAkGA1UECxMCSVQwgZ8wDQYJKoZI +hvcNAQEBBQADgY0AMIGJAoGBAMrQonxdDLzfOxzSt9SzaBIbOt9edfafcRqyKXbn +Vest0s/Bpy9UkWjM8M4QQtTSgg1W8BaqqKTzT8P3VTygkMOpBGOGkH9kSXcNm3sC +4gTsUgjEAXLk5okY9vzMjbabJPTGqXhn5BXUaB7aZ0/ZQEhE8JquWockKrUug9at +9OWbAgMBAAGjQjBAMCAGA1UdEQQZMBeCFWFsdC50cmFkZXNob3doZWxsLmNvbTAJ +BgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDANBgkqhkiG9w0BAQQFAAOCAQEA +q8l1c/l5MTS5O4MvP55OMwGYN5u9CNYU6tmh+noNrtwA/aYBuj7W7YuNQ7pBUQjG +xduENDQHFxk1XYx/N7jBAsMi2dz0hU0cbkRDDXpa3ky6o0ujmwc63fBpPYll5A32 +DQRYAHS2EV7ipxyN1IPjm5OF99F8X2cMOAIf1kQNcyJf0v/h774R5Occt9aLtni7 +CeFGlEgkmIiybScqhVrNNLXEdBtYl/hKqhPhE02GgDaymjE6vj/HG3Zx6bV9S2Gb +Wa3HGy64fL1v+AZE63v9U0Ww+qQ3tFbih7rUXEnbfTGkQtPXR6Nvy+OdXL4u6xsK +BuLO1sSBwsGFNtxMA1uzFA== +-----END CERTIFICATE----- diff --git a/collects/tests/openssl/server_key.pem b/collects/tests/openssl/server_key.pem new file mode 100644 index 0000000000..32685e27d0 --- /dev/null +++ b/collects/tests/openssl/server_key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDK0KJ8XQy83zsc0rfUs2gSGzrfXnX2n3Easil251XrLdLPwacv +VJFozPDOEELU0oINVvAWqqik80/D91U8oJDDqQRjhpB/ZEl3DZt7AuIE7FIIxAFy +5OaJGPb8zI22myT0xql4Z+QV1Gge2mdP2UBIRPCarlqHJCq1LoPWrfTlmwIDAQAB +AoGAN2HRfPRLzieHFM/Vsxdqi8czxFsfC0FuuUN9XyK8q4PP1TukU6BcNKoB98Mo +/MSfDtV2qjnf42stlO2tMOkHnmkx6Kz/aoiG7rfPjVqRVOy+LZ6HZj5bxaIC0WkF +2RbuHB2pLmrZGfQI0F/aFQpUQCqM4S4e1SDBxAyygtzkaUECQQD7pqWpXQ+VjejK +/Gd8hNPQk71vziJsXn3fVVa0aYxh8WapbvQODC6aMvow4ows6oJgMJdsfjBfBDbd +KNtcTCbHAkEAzlHtfH+o6dVuAaURUfhDj4Ld25/ZQepKMsI3CJaS3eP5+efVbjhr +yedC+p7moN9oTLPxee+EqoB8921MWa4mjQJAI/upNnVrFAxtnBDJT2HC09E8Ri9o +dqxwPS37ruJkw2B8OH/3/8Y4J65gXfsW5hlGOTDZhhbpHb0Bh1AfRaxR4wJBALn+ +EWFSlCt4RBsne12xuPX+u5HpoClT1F+9xW7wjqWJhyhKXpVmN4Vj/XWBGdecjqHW +9bE+wxIRkpZa6aFO5WECQQChsZbIQ3Oa5D5cjmImzmhWS7pYB/hTt3RZODiB35Ec +0tDEkEYz3kx2WmVQdXnlP3/JS8F9FrDJX+y2YxLhvQ75 +-----END RSA PRIVATE KEY-----