summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libcrypto/asn1/a_strex.c30
-rw-r--r--src/lib/libcrypto/cert.pem394
-rw-r--r--src/lib/libcrypto/man/d2i_X509_CRL.312
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_doit.c8
-rw-r--r--src/lib/libcrypto/x509/x509_vpm.c61
-rw-r--r--src/regress/lib/libcrypto/x509/Makefile3
-rw-r--r--src/regress/lib/libcrypto/x509/x509_name_test.c299
-rw-r--r--src/usr.bin/openssl/apps.c30
8 files changed, 543 insertions, 294 deletions
diff --git a/src/lib/libcrypto/asn1/a_strex.c b/src/lib/libcrypto/asn1/a_strex.c
index 5523c22cc4..52e1b7db5d 100644
--- a/src/lib/libcrypto/asn1/a_strex.c
+++ b/src/lib/libcrypto/asn1/a_strex.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: a_strex.c,v 1.37 2025/03/09 15:17:22 tb Exp $ */ 1/* $OpenBSD: a_strex.c,v 1.38 2025/03/19 11:18:38 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -565,31 +565,6 @@ do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n, int indent,
565 return outlen; 565 return outlen;
566} 566}
567 567
568/* NID with SN of 1-2 letters, which X509_NAME_print() historically included. */
569static int
570x509_name_entry_include(const X509_NAME_ENTRY *ne)
571{
572 int nid;
573
574 if ((nid = OBJ_obj2nid(ne->object)) == NID_undef)
575 return 0;
576
577 switch (nid) {
578 case NID_commonName:
579 case NID_surname:
580 case NID_countryName:
581 case NID_localityName:
582 case NID_stateOrProvinceName:
583 case NID_organizationName:
584 case NID_organizationalUnitName:
585 case NID_givenName:
586 case NID_domainComponent: /* XXX - doesn't really belong here */
587 return 1;
588 }
589
590 return 0;
591}
592
593static int 568static int
594X509_NAME_print(BIO *bio, const X509_NAME *name, int obase) 569X509_NAME_print(BIO *bio, const X509_NAME *name, int obase)
595{ 570{
@@ -607,9 +582,6 @@ X509_NAME_print(BIO *bio, const X509_NAME *name, int obase)
607 for (i = 0; i < sk_X509_NAME_ENTRY_num(name->entries); i++) { 582 for (i = 0; i < sk_X509_NAME_ENTRY_num(name->entries); i++) {
608 ne = sk_X509_NAME_ENTRY_value(name->entries, i); 583 ne = sk_X509_NAME_ENTRY_value(name->entries, i);
609 584
610 if (!x509_name_entry_include(ne))
611 continue;
612
613 if (started) { 585 if (started) {
614 if (!CBB_add_u8(&cbb, ',')) 586 if (!CBB_add_u8(&cbb, ','))
615 goto err; 587 goto err;
diff --git a/src/lib/libcrypto/cert.pem b/src/lib/libcrypto/cert.pem
index 4d4d9f82b3..a7fd3519fb 100644
--- a/src/lib/libcrypto/cert.pem
+++ b/src/lib/libcrypto/cert.pem
@@ -1,4 +1,4 @@
1# $OpenBSD: cert.pem,v 1.30 2024/11/01 11:30:12 tb Exp $ 1# $OpenBSD: cert.pem,v 1.31 2025/03/16 07:44:35 tb Exp $
2### /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 2### /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
3 3
4=== /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 4=== /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
@@ -1961,6 +1961,64 @@ PQQDAwNpADBmAjEAlJAtE/rhY/hhY+ithXhUkZy4kzg+GkHaQBZTQgjKL47xPoFW
1961wKrY7RjEsK70PvomAjEA8yjixtsrmfu3Ubgko6SUeho/5jbiA1czijDLgsfWFBHV 1961wKrY7RjEsK70PvomAjEA8yjixtsrmfu3Ubgko6SUeho/5jbiA1czijDLgsfWFBHV
1962dWNbFJWcHwHP2NVypw87 1962dWNbFJWcHwHP2NVypw87
1963-----END CERTIFICATE----- 1963-----END CERTIFICATE-----
1964=== /C=DE/O=D-Trust GmbH/CN=D-TRUST BR Root CA 2 2023
1965Certificate:
1966 Data:
1967 Version: 3 (0x2)
1968 Serial Number:
1969 73:3b:30:04:48:5b:d9:4d:78:2e:73:4b:c9:a1:dc:66
1970 Signature Algorithm: sha512WithRSAEncryption
1971 Validity
1972 Not Before: May 9 08:56:31 2023 GMT
1973 Not After : May 9 08:56:30 2038 GMT
1974 Subject: C=DE, O=D-Trust GmbH, CN=D-TRUST BR Root CA 2 2023
1975 X509v3 extensions:
1976 X509v3 Basic Constraints: critical
1977 CA:TRUE
1978 X509v3 Subject Key Identifier:
1979 67:90:F0:D6:DE:B5:18:D5:46:29:7E:5C:AB:F8:9E:08:BC:64:95:10
1980 X509v3 Key Usage: critical
1981 Certificate Sign, CRL Sign
1982 X509v3 CRL Distribution Points:
1983
1984 Full Name:
1985 URI:http://crl.d-trust.net/crl/d-trust_br_root_ca_2_2023.crl
1986
1987SHA1 Fingerprint=2D:B0:70:EE:71:94:AF:69:68:17:DB:79:CE:58:9F:A0:6B:96:F7:87
1988SHA256 Fingerprint=05:52:E6:F8:3F:DF:65:E8:FA:96:70:E6:66:DF:28:A4:E2:13:40:B5:10:CB:E5:25:66:F9:7C:4F:B9:4B:2B:D1
1989-----BEGIN CERTIFICATE-----
1990MIIFqTCCA5GgAwIBAgIQczswBEhb2U14LnNLyaHcZjANBgkqhkiG9w0BAQ0FADBI
1991MQswCQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlE
1992LVRSVVNUIEJSIFJvb3QgQ0EgMiAyMDIzMB4XDTIzMDUwOTA4NTYzMVoXDTM4MDUw
1993OTA4NTYzMFowSDELMAkGA1UEBhMCREUxFTATBgNVBAoTDEQtVHJ1c3QgR21iSDEi
1994MCAGA1UEAxMZRC1UUlVTVCBCUiBSb290IENBIDIgMjAyMzCCAiIwDQYJKoZIhvcN
1995AQEBBQADggIPADCCAgoCggIBAK7/CVmRgApKaOYkP7in5Mg6CjoWzckjYaCTcfKr
1996i3OPoGdlYNJUa2NRb0kz4HIHE304zQaSBylSa053bATTlfrdTIzZXcFhfUvnKLNE
1997gXtRr90zsWh81k5M/itoucpmacTsXld/9w3HnDY25QdgrMBM6ghs7wZ8T1soegj8
1998k12b9py0i4a6Ibn08OhZWiihNIQaJZG2tY/vsvmA+vk9PBFy2OMvhnbFeSzBqZCT
1999Rphny4NqoFAjpzv2gTng7fC5v2Xx2Mt6++9zA84A9H3X4F07ZrjcjrqDy4d2A/wl
20002ecjbwb9Z/Pg/4S8R7+1FhhGaRTMBffb00msa8yr5LULQyReS2tNZ9/WtT5PeB+U
2001cSTq3nD88ZP+npNa5JRal1QMNXtfbO4AHyTsA7oC9Xb0n9Sa7YUsOCIvx9gvdhFP
2002/Wxc6PWOJ4d/GUohR5AdeY0cW/jPSoXk7bNbjb7EZChdQcRurDhaTyN0dKkSw/bS
2003uREVMweR2Ds3OmMwBtHFIjYoYiMQ4EbMl6zWK11kJNXuHA7e+whadSr2Y23OC0K+
20040bpwHJwh5Q8xaRfX/Aq03u2AnMuStIv13lmiWAmlY0cL4UEyNEHZmrHZqLAbWt4N
2005DfTisl01gLmB1IRpkQLLddCNxbU9CZEJjxShFHR5PtbJFR2kWVki3PaKRT08EtY+
2006XTIvAgMBAAGjgY4wgYswDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUZ5Dw1t61
2007GNVGKX5cq/ieCLxklRAwDgYDVR0PAQH/BAQDAgEGMEkGA1UdHwRCMEAwPqA8oDqG
2008OGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfYnJfcm9vdF9jYV8y
2009XzIwMjMuY3JsMA0GCSqGSIb3DQEBDQUAA4ICAQA097N3U9swFrktpSHxQCF16+tI
2010FoE9c+CeJyrrd6kTpGoKWloUMz1oH4Guaf2Mn2VsNELZLdB/eBaxOqwjMa1ef67n
2011riv6uvw8l5VAk1/DLQOj7aRvU9f6QA4w9QAgLABMjDu0ox+2v5Eyq6+SmNMW5tTR
2012VFxDWy6u71cqqLRvpO8NVhTaIasgdp4D/Ca4nj8+AybmTNudX0KEPUUDAxxZiMrc
2013LmEkWqTqJwtzEr5SswrPMhfiHocaFpVIbVrg0M8JkiZmkdijYQ6qgYF/6FKC0ULn
20144B0Y+qSFNueG4A3rvNTJ1jxD8V1Jbn6Bm2m1iWKPiFLY1/4nwSPFyysCu7Ff/vtD
2015hQNGvl3GyiEm/9cCnnRK3PgTFbGBVzbLZVzRHTF36SXDw7IyN9XxmAnkbWOACKsG
2016koHU6XCPpz+y7YaMgmo1yEJagtFSGkUPFaUA8JR7ZSdXOUPPfH/mvTWze/EZTN46
2017ls/pdu4D58JDUjxqgejBWoC9EV2Ta/vH5mQ/u2kc6d0li690yVRAysuTEwrt+2aS
2018Ecr1wPrYg1UDfNPFIkZ1cGt5SAYqgpq/5usWDiJFAbzdNpQ0qTUmiteXue4Icr80
2019knCDgKs4qllo3UCkGJCy89UDyibK79XH4I9TjvAA46jtn/mtd+ArY0+ew+43u3gJ
2020hJ65bvspmZDogNOfJA==
2021-----END CERTIFICATE-----
1964=== /C=DE/O=D-Trust GmbH/CN=D-TRUST EV Root CA 1 2020 2022=== /C=DE/O=D-Trust GmbH/CN=D-TRUST EV Root CA 1 2020
1965Certificate: 2023Certificate:
1966 Data: 2024 Data:
@@ -2007,6 +2065,64 @@ PQQDAwNpADBmAjEAyjzGKnXCXnViOTYAYFqLwZOZzNnbQTs7h5kXO9XMT8oi96CA
2007y/m0sRtW9XLS/BnRAjEAkfcwkz8QRitxpNA7RJvAKQIFskF3UfN5Wp6OFKBOQtJb 2065y/m0sRtW9XLS/BnRAjEAkfcwkz8QRitxpNA7RJvAKQIFskF3UfN5Wp6OFKBOQtJb
2008gfM0agPnIjhQW+0ZT0MW 2066gfM0agPnIjhQW+0ZT0MW
2009-----END CERTIFICATE----- 2067-----END CERTIFICATE-----
2068=== /C=DE/O=D-Trust GmbH/CN=D-TRUST EV Root CA 2 2023
2069Certificate:
2070 Data:
2071 Version: 3 (0x2)
2072 Serial Number:
2073 69:26:09:7e:80:4b:4c:a0:a7:8c:78:62:53:5f:5a:6f
2074 Signature Algorithm: sha512WithRSAEncryption
2075 Validity
2076 Not Before: May 9 09:10:33 2023 GMT
2077 Not After : May 9 09:10:32 2038 GMT
2078 Subject: C=DE, O=D-Trust GmbH, CN=D-TRUST EV Root CA 2 2023
2079 X509v3 extensions:
2080 X509v3 Basic Constraints: critical
2081 CA:TRUE
2082 X509v3 Subject Key Identifier:
2083 AA:FC:91:10:1B:87:91:5F:16:B9:BF:4F:4B:91:5E:00:1C:B1:32:80
2084 X509v3 Key Usage: critical
2085 Certificate Sign, CRL Sign
2086 X509v3 CRL Distribution Points:
2087
2088 Full Name:
2089 URI:http://crl.d-trust.net/crl/d-trust_ev_root_ca_2_2023.crl
2090
2091SHA1 Fingerprint=A5:5B:D8:47:6C:8F:19:F7:4C:F4:6D:6B:B6:C2:79:82:22:DF:54:8B
2092SHA256 Fingerprint=8E:82:21:B2:E7:D4:00:78:36:A1:67:2F:0D:CC:29:9C:33:BC:07:D3:16:F1:32:FA:1A:20:6D:58:71:50:F1:CE
2093-----BEGIN CERTIFICATE-----
2094MIIFqTCCA5GgAwIBAgIQaSYJfoBLTKCnjHhiU19abzANBgkqhkiG9w0BAQ0FADBI
2095MQswCQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlE
2096LVRSVVNUIEVWIFJvb3QgQ0EgMiAyMDIzMB4XDTIzMDUwOTA5MTAzM1oXDTM4MDUw
2097OTA5MTAzMlowSDELMAkGA1UEBhMCREUxFTATBgNVBAoTDEQtVHJ1c3QgR21iSDEi
2098MCAGA1UEAxMZRC1UUlVTVCBFViBSb290IENBIDIgMjAyMzCCAiIwDQYJKoZIhvcN
2099AQEBBQADggIPADCCAgoCggIBANiOo4mAC7JXUtypU0w3uX9jFxPvp1sjW2l1sJkK
2100F8GLxNuo4MwxusLyzV3pt/gdr2rElYfXR8mV2IIEUD2BCP/kPbOx1sWy/YgJ25yE
21017CUXFId/MHibaljJtnMoPDT3mfd/06b4HEV8rSyMlD/YZxBTfiLNTiVR8CUkNRFe
2102EMbsh2aJgWi6zCudR3Mfvc2RpHJqnKIbGKBv7FD0fUDCqDDPvXPIEysQEx6Lmqg6
2103lHPTGGkKSv/BAQP/eX+1SH977ugpbzZMlWGG2Pmic4ruri+W7mjNPU0oQvlFKzIb
2104RlUWaqZLKfm7lVa/Rh3sHZMdwGWyH6FDrlaeoLGPaxK3YG14C8qKXO0elg6DpkiV
2105jTujIcSuWMYAsoS0I6SWhjW42J7YrDRJmGOVxcttSEfi8i4YHtAxq9107PncjLgc
2106jmgjutDzUNzPZY9zOjLHfP7KgiJPvo5iR2blzYfi6NUPGJ/lBHJLRjwQ8kTCZFZx
2107TnXonMkmdMV9WdEKWw9t/p51HBjGGjp82A0EzM23RWV6sY+4roRIPrN6TagD4uJ+
2108ARZZaBhDM7DS3LAaQzXupdqpRlyuhoFBAUp0JuyfBr/CBTdkdXgpaP3F9ev+R/nk
2109hbDhezGdpn9yo7nELC7MmVcOIQxFAZRl62UJxmMiCzNJkkg8/M3OsD6Onov4/knF
2110NXJHAgMBAAGjgY4wgYswDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUqvyREBuH
2111kV8Wub9PS5FeAByxMoAwDgYDVR0PAQH/BAQDAgEGMEkGA1UdHwRCMEAwPqA8oDqG
2112OGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfZXZfcm9vdF9jYV8y
2113XzIwMjMuY3JsMA0GCSqGSIb3DQEBDQUAA4ICAQCTy6UfmRHsmg1fLBWTxj++EI14
2114QvBukEdHjqOSMo1wj/Zbjb6JzkcBahsgIIlbyIIQbODnmaprxiqgYzWRaoUlrRc4
2115pZt+UPJ26oUFKidBK7GB0aL2QHWpDsvxVUjY7NHss+jOFKE17MJeNRqrphYBBo7q
21163C+jisosketSjl8MmxfPy3MHGcRqwnNU73xDUmPBEcrCRbH0O1P1aa4846XerOhU
2117t7KR/aypH/KH5BfGSah82ApB9PI+53c0BFLd6IHyTS9URZ0V4U/M5d40VxDJI3IX
2118cI1QcB9WbMy5/zpaT2N6w25lBx2Eof+pDGOJbbJAiDnXH3dotfyc1dZnaVuodNv8
2119ifYbMvekJKZ2t0dT741Jj6m2g1qllpBFYfXeA08mD6iL8AOWsKwV0HFaanuU5nCT
21202vFp4LJiTZ6P/4mdm13NRemUAiKN4DV/6PEEeXFsVIP4M7kFMhtYVRFP0OUnR3Hs
21217dpn1mKmS00PaaLJvOwiS5THaJQXfuKOKD62xur1NGyfN4gHONuGcfrNlUhDbqNP
2122gofXNJhuS5N5YHVpD/Aa1VP6IQzCP+k/HxiMkl14p3ZnGbuy6n/pcAlWVqOwDAst
2123Nl7F6cTVg8uGF5csbBNvh1qvSaYd2804BC5f4ko1Di1L+KIkBI3Y4WNeApI02phh
2124XBxvWHZks/wCuPWdCg==
2125-----END CERTIFICATE-----
2010=== /C=DE/O=D-Trust GmbH/CN=D-TRUST Root Class 3 CA 2 2009 2126=== /C=DE/O=D-Trust GmbH/CN=D-TRUST Root Class 3 CA 2 2009
2011Certificate: 2127Certificate:
2012 Data: 2128 Data:
@@ -2900,62 +3016,6 @@ BBYEFLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVC
2900R98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nX 3016R98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nX
2901hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G 3017hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G
2902-----END CERTIFICATE----- 3018-----END CERTIFICATE-----
2903=== /C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2015 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G4
2904Certificate:
2905 Data:
2906 Version: 3 (0x2)
2907 Serial Number:
2908 d9:b5:43:7f:af:a9:39:0f:00:00:00:00:55:65:ad:58
2909 Signature Algorithm: sha256WithRSAEncryption
2910 Validity
2911 Not Before: May 27 11:11:16 2015 GMT
2912 Not After : Dec 27 11:41:16 2037 GMT
2913 Subject: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2015 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G4
2914 X509v3 extensions:
2915 X509v3 Basic Constraints: critical
2916 CA:TRUE
2917 X509v3 Key Usage: critical
2918 Certificate Sign, CRL Sign
2919 X509v3 Subject Key Identifier:
2920 9F:38:C4:56:23:C3:39:E8:A0:71:6C:E8:54:4C:E4:E8:3A:B1:BF:67
2921SHA1 Fingerprint=14:88:4E:86:26:37:B0:26:AF:59:62:5C:40:77:EC:35:29:BA:96:01
2922SHA256 Fingerprint=DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88
2923-----BEGIN CERTIFICATE-----
2924MIIGSzCCBDOgAwIBAgIRANm1Q3+vqTkPAAAAAFVlrVgwDQYJKoZIhvcNAQELBQAw
2925gb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL
2926Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg
2927MjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAw
2928BgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0
2929MB4XDTE1MDUyNzExMTExNloXDTM3MTIyNzExNDExNlowgb4xCzAJBgNVBAYTAlVT
2930MRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1
2931c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJ
2932bmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVudHJ1c3Qg
2933Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0MIICIjANBgkqhkiG9w0B
2934AQEFAAOCAg8AMIICCgKCAgEAsewsQu7i0TD/pZJH4i3DumSXbcr3DbVZwbPLqGgZ
29352K+EbTBwXX7zLtJTmeH+H17ZSK9dE43b/2MzTdMAArzE+NEGCJR5WIoV3imz/f3E
2936T+iq4qA7ec2/a0My3dl0ELn39GjUu9CH1apLiipvKgS1sqbHoHrmSKvS0VnM1n4j
29375pds8ELl3FFLFUHtSUrJ3hCX1nbB76W1NhSXNdh4IjVS70O92yfbYVaCNNzLiGAM
2938C1rlLAHGVK/XqsEQe9IFWrhAnoanw5CGAlZSCXqc0ieCU0plUmr1POeo8pyvi73T
2939DtTUXm6Hnmo9RR3RXRv06QqsYJn7ibT/mCzPfB3pAqoEmh643IhuJbNsZvc8kPNX
2940wbMv9W3y+8qh+CmdRouzavbmZwe+LGcKKh9asj5XxNMhIWNlUpEbsZmOeX7m640A
29412Vqq6nPopIICR5b+W45UYaPrL0swsIsjdXJ8ITzI9vF01Bx7owVV7rtNOzK+mndm
2942nqxpkCIHH2E6lr7lmk/MBTwoWdPBDFSoWWG9yHJM6Nyfh3+9nEg2XpWjDrk4JFX8
2943dWbrAuMINClKxuMrLzOg2qOGpRKX/YAr2hRC45K9PvJdXmd0LhyIRyk0X+IyqJwl
2944N4y6mACXi0mWHv0liqzc2thddG5msP9E36EYxr5ILzeUePiVSj9/E15dWf10hkNj
2945c0kCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD
2946VR0OBBYEFJ84xFYjwznooHFs6FRM5Og6sb9nMA0GCSqGSIb3DQEBCwUAA4ICAQAS
29475UKme4sPDORGpbZgQIeMJX6tuGguW8ZAdjwD+MlZ9POrYs4QjbRaZIxowLByQzTS
2948Gwv2LFPSypBLhmb8qoMi9IsabyZIrHZ3CL/FmFz0Jomee8O5ZDIBf9PD3Vht7LGr
2949hFV0d4QEJ1JrhkzO3bll/9bGXp+aEJlLdWr+aumXIOTkdnrG0CSqkM0gkLpHZPt/
2950B7NTeLUKYvJzQ85BK4FqLoUWlFPUa19yIqtRLULVAJyZv967lDtX/Zr1hstWO1uI
2951AeV8KEsD+UmDfLJ/fOPtjqF/YFOOVZ1QNBIPt5d7bIdKROf1beyAN/BYGW5KaHbw
2952H5Lk6rWS02FREAutp9lfx1/cH6NcjKF+m7ee01ZvZl4HliDtC3T7Zk6LERXpgUl+
2953b7DUUH8i119lAg2m9IUe2K4GS0qn0jFmwvjO5QimpAKWRGhXxNUzzxkvFMSUHHuk
29542fCfDrGA4tGeEWSpiBE6doLlYsKA2KSD7ZPvfC+QsDJMlhVoSFLUmQjAJOgc47Ol
2955IQ6SwJAfzyBfyjs4x7dtOvPmRLgOMWuIjnDrnBdSqEGULoe256YSxXXfW8AKbnuk
29565F6G+TaU33fD6Q3AOfF5u0aOq0NZJ7cguyPpVkAh7DE9ZapD8j3fcEThuk0mEDuY
2957n/PIjhs4ViFqUZPTkcpG2om3PVODLAgfi49T3f+sHw==
2958-----END CERTIFICATE-----
2959=== /C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority 3019=== /C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority
2960Certificate: 3020Certificate:
2961 Data: 3021 Data:
@@ -3125,7 +3185,7 @@ Certificate:
3125 Validity 3185 Validity
3126 Not Before: Dec 20 09:37:33 2018 GMT 3186 Not Before: Dec 20 09:37:33 2018 GMT
3127 Not After : Dec 20 09:37:33 2043 GMT 3187 Not After : Dec 20 09:37:33 2043 GMT
3128 Subject: C=ES, O=FNMT-RCM, OU=Ceres/2.5.4.97=VATES-Q2826004J, CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS 3188 Subject: C=ES, O=FNMT-RCM, OU=Ceres, 2.5.4.97=VATES-Q2826004J, CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS
3129 X509v3 extensions: 3189 X509v3 extensions:
3130 X509v3 Basic Constraints: critical 3190 X509v3 Basic Constraints: critical
3131 CA:TRUE 3191 CA:TRUE
@@ -3164,7 +3224,7 @@ Certificate:
3164 Validity 3224 Validity
3165 Not Before: Apr 6 09:01:36 2022 GMT 3225 Not Before: Apr 6 09:01:36 2022 GMT
3166 Not After : Mar 31 09:01:36 2047 GMT 3226 Not After : Mar 31 09:01:36 2047 GMT
3167 Subject: C=ES, O=Firmaprofesional SA/2.5.4.97=VATES-A62634068, CN=FIRMAPROFESIONAL CA ROOT-A WEB 3227 Subject: C=ES, O=Firmaprofesional SA, 2.5.4.97=VATES-A62634068, CN=FIRMAPROFESIONAL CA ROOT-A WEB
3168 X509v3 extensions: 3228 X509v3 extensions:
3169 X509v3 Basic Constraints: critical 3229 X509v3 Basic Constraints: critical
3170 CA:TRUE 3230 CA:TRUE
@@ -4253,49 +4313,6 @@ tL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5U6VR5CmD1/iQMVtCnwr1
4253/q4AaOeMSQ+2b1tbFfLn 4313/q4AaOeMSQ+2b1tbFfLn
4254-----END CERTIFICATE----- 4314-----END CERTIFICATE-----
4255 4315
4256### Japan Certification Services, Inc.
4257
4258=== /C=JP/O=Japan Certification Services, Inc./CN=SecureSign RootCA11
4259Certificate:
4260 Data:
4261 Version: 3 (0x2)
4262 Serial Number: 1 (0x1)
4263 Signature Algorithm: sha1WithRSAEncryption
4264 Validity
4265 Not Before: Apr 8 04:56:47 2009 GMT
4266 Not After : Apr 8 04:56:47 2029 GMT
4267 Subject: C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11
4268 X509v3 extensions:
4269 X509v3 Subject Key Identifier:
4270 5B:F8:4D:4F:B2:A5:86:D4:3A:D2:F1:63:9A:A0:BE:09:F6:57:B7:DE
4271 X509v3 Key Usage: critical
4272 Certificate Sign, CRL Sign
4273 X509v3 Basic Constraints: critical
4274 CA:TRUE
4275SHA1 Fingerprint=3B:C4:9F:48:F8:F3:73:A0:9C:1E:BD:F8:5B:B1:C3:65:C7:D8:11:B3
4276SHA256 Fingerprint=BF:0F:EE:FB:9E:3A:58:1A:D5:F9:E9:DB:75:89:98:57:43:D2:61:08:5C:4D:31:4F:6F:5D:72:59:AA:42:16:12
4277-----BEGIN CERTIFICATE-----
4278MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDEr
4279MCkGA1UEChMiSmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoG
4280A1UEAxMTU2VjdXJlU2lnbiBSb290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0
4281MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSswKQYDVQQKEyJKYXBhbiBDZXJ0aWZp
4282Y2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1cmVTaWduIFJvb3RD
4283QTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvLTJsz
4284i1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8
4285h9uuywGOwvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOV
4286MdrAG/LuYpmGYz+/3ZMqg6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9
4287UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rPO7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni
42888McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitAbpSACW22s293bzUIUPsC
4289h8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZXt94wDgYD
4290VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB
4291AKChOBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xm
4292KbabfSVSSUOrTC4rbnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQ
4293X5Ucv+2rIrVls4W6ng+4reV6G4pQOh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWr
4294QbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01y8hSyn+B/tlr0/cR7SXf+Of5
4295pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061lgeLKBObjBmN
4296QSdJQO7e5iNEOdyhIta6A/I=
4297-----END CERTIFICATE-----
4298
4299### Krajowa Izba Rozliczeniowa S.A. 4316### Krajowa Izba Rozliczeniowa S.A.
4300 4317
4301=== /C=PL/O=Krajowa Izba Rozliczeniowa S.A./CN=SZAFIR ROOT CA2 4318=== /C=PL/O=Krajowa Izba Rozliczeniowa S.A./CN=SZAFIR ROOT CA2
@@ -4352,7 +4369,7 @@ Certificate:
4352 Validity 4369 Validity
4353 Not Before: Aug 22 12:07:06 2017 GMT 4370 Not Before: Aug 22 12:07:06 2017 GMT
4354 Not After : Aug 22 12:07:06 2042 GMT 4371 Not After : Aug 22 12:07:06 2042 GMT
4355 Subject: C=HU, L=Budapest, O=Microsec Ltd./2.5.4.97=VATHU-23584497, CN=e-Szigno Root CA 2017 4372 Subject: C=HU, L=Budapest, O=Microsec Ltd., 2.5.4.97=VATHU-23584497, CN=e-Szigno Root CA 2017
4356 X509v3 extensions: 4373 X509v3 extensions:
4357 X509v3 Basic Constraints: critical 4374 X509v3 Basic Constraints: critical
4358 CA:TRUE 4375 CA:TRUE
@@ -4390,7 +4407,7 @@ Certificate:
4390 Validity 4407 Validity
4391 Not Before: Jun 16 11:30:18 2009 GMT 4408 Not Before: Jun 16 11:30:18 2009 GMT
4392 Not After : Dec 30 11:30:18 2029 GMT 4409 Not After : Dec 30 11:30:18 2029 GMT
4393 Subject: C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009/emailAddress=info@e-szigno.hu 4410 Subject: C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009, emailAddress=info@e-szigno.hu
4394 X509v3 extensions: 4411 X509v3 extensions:
4395 X509v3 Basic Constraints: critical 4412 X509v3 Basic Constraints: critical
4396 CA:TRUE 4413 CA:TRUE
@@ -4944,58 +4961,6 @@ BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjAVXUI9/Lbu
49449zuxNuie9sRGKEkz0FhDKmMpzE2xtHqiuQ04pV1IKv3LsnNdo4gIxwwCMQDAqy0O 49619zuxNuie9sRGKEkz0FhDKmMpzE2xtHqiuQ04pV1IKv3LsnNdo4gIxwwCMQDAqy0O
4945be0YottT6SXbVQjgUMzfRGEWgqtJsLKB7HOHeLRMsmIbEvoWTSVLY70eN9k= 4962be0YottT6SXbVQjgUMzfRGEWgqtJsLKB7HOHeLRMsmIbEvoWTSVLY70eN9k=
4946-----END CERTIFICATE----- 4963-----END CERTIFICATE-----
4947=== /C=JP/O=SECOM Trust Systems CO.,LTD./CN=Security Communication RootCA3
4948Certificate:
4949 Data:
4950 Version: 3 (0x2)
4951 Serial Number:
4952 e1:7c:37:40:fd:1b:fe:67
4953 Signature Algorithm: sha384WithRSAEncryption
4954 Validity
4955 Not Before: Jun 16 06:17:16 2016 GMT
4956 Not After : Jan 18 06:17:16 2038 GMT
4957 Subject: C=JP, O=SECOM Trust Systems CO.,LTD., CN=Security Communication RootCA3
4958 X509v3 extensions:
4959 X509v3 Subject Key Identifier:
4960 64:14:7C:FC:58:72:16:A6:0A:29:34:15:6F:2A:CB:BC:FC:AF:A8:AB
4961 X509v3 Key Usage: critical
4962 Certificate Sign, CRL Sign
4963 X509v3 Basic Constraints: critical
4964 CA:TRUE
4965SHA1 Fingerprint=C3:03:C8:22:74:92:E5:61:A2:9C:5F:79:91:2B:1E:44:13:91:30:3A
4966SHA256 Fingerprint=24:A5:5C:2A:B0:51:44:2D:06:17:76:65:41:23:9A:4A:D0:32:D7:C5:51:75:AA:34:FF:DE:2F:BC:4F:5C:52:94
4967-----BEGIN CERTIFICATE-----
4968MIIFfzCCA2egAwIBAgIJAOF8N0D9G/5nMA0GCSqGSIb3DQEBDAUAMF0xCzAJBgNV
4969BAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScw
4970JQYDVQQDEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTMwHhcNMTYwNjE2
4971MDYxNzE2WhcNMzgwMTE4MDYxNzE2WjBdMQswCQYDVQQGEwJKUDElMCMGA1UEChMc
4972U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UEAxMeU2VjdXJpdHkg
4973Q29tbXVuaWNhdGlvbiBSb290Q0EzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
4974CgKCAgEA48lySfcw3gl8qUCBWNO0Ot26YQ+TUG5pPDXC7ltzkBtnTCHsXzW7OT4r
4975CmDvu20rhvtxosis5FaU+cmvsXLUIKx00rgVrVH+hXShuRD+BYD5UpOzQD11EKzA
4976lrenfna84xtSGc4RHwsENPXY9Wk8d/Nk9A2qhd7gCVAEF5aEt8iKvE1y/By7z/MG
4977TfmfZPd+pmaGNXHIEYBMwXFAWB6+oHP2/D5Q4eAvJj1+XCO1eXDe+uDRpdYMQXF7
49789+qMHIjH7Iv10S9VlkZ8WjtYO/u62C21Jdp6Ts9EriGmnpjKIG58u4iFW/vAEGK7
49798vknR+/RiTlDxN/e4UG/VHMgly1s2vPUB6PmudhvrvyMGS7TZ2crldtYXLVqAvO4
4980g160a75BflcJdURQVc1aEWEhCmHCqYj9E7wtiS/NYeCVvsq1e+F7NGcLH7YMx3we
4981GVPKp7FKFSBWFHA9K4IsD50VHUeAR/94mQ4xr28+j+2GaR57GIgUssL8gjMunEst
4982+3A7caoreyYn8xrC3PsXuKHqy6C0rtOUfnrQq8PsOC0RLoi/1D+tEjtCrI8Cbn3M
49830V9hvqG8OmpI6iZVIhZdXw3/JzOfGAN0iltSIEdrRU0id4xVJ/CvHozJgyJUt5rQ
4984T9nO/NkuHJYosQLTA70lUhw0Zk8jq/R3gpYd0VcwCBEF/VfR2ccCAwEAAaNCMEAw
4985HQYDVR0OBBYEFGQUfPxYchamCik0FW8qy7z8r6irMA4GA1UdDwEB/wQEAwIBBjAP
4986BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4ICAQDcAiMI4u8hOscNtybS
4987YpOnpSNyByCCYN8Y11StaSWSntkUz5m5UoHPrmyKO1o5yGwBQ8IibQLwYs1OY0PA
4988FNr0Y/Dq9HHuTofjcan0yVflLl8cebsjqodEV+m9NU1Bu0soo5iyG9kLFwfl9+qd
49899XbXv8S2gVj/yP9kaWJ5rW4OH3/uHWnlt3Jxs/6lATWUVCvAUm2PVcTJ0rjLyjQI
4990UYWg9by0F1jqClx6vWPGOi//lkkZhOpn2ASxYfQAW0q3nHE3GYV5v4GwxxMOdnE+
4991OoAGrgYWp421wsTL/0ClXI2lyTrtcoHKXJg80jQDdwj98ClZXSEIx2C/pHF7uNke
4992gr4Jr2VvKKu/S7XuPghHJ6APbw+LP6yVGPO5DtxnVW5inkYO0QR4ynKudtml+LLf
4993iAlhi+8kTtFZP1rUPcmTPCtk9YENFpb3ksP+MW/oKjJ0DvRMmEoYDjBU1cXrvMUV
4994nuiZIesnKwkK2/HmcBhWuwzkvvnoEKQTkrgc4NtnHVMDpCKn3F2SEDzq//wbEBrD
49952NCcnWXL0CsnMQMeNuE9dnUM/0Umud1RvCPHX9jYhxBAEg09ODfnRDwYwFMJZI//
49961ZqmfHAuc1Uh6N//g7kdPjIe1qZ9LPFm6Vwdp6POXiUyK+OVrCoHzrQoeIY8Laad
4997TdJ0MN1kURXbg4NR16/9M51NZg==
4998-----END CERTIFICATE-----
4999=== /C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2 4964=== /C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2
5000Certificate: 4965Certificate:
5001 Data: 4966 Data:
@@ -5710,65 +5675,6 @@ Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w
5710ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt 5675ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt
5711Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ 5676Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ
5712-----END CERTIFICATE----- 5677-----END CERTIFICATE-----
5713=== /C=CH/O=SwissSign AG/CN=SwissSign Silver CA - G2
5714Certificate:
5715 Data:
5716 Version: 3 (0x2)
5717 Serial Number: 5700383053117599563 (0x4f1bd42f54bb2f4b)
5718 Signature Algorithm: sha1WithRSAEncryption
5719 Validity
5720 Not Before: Oct 25 08:32:46 2006 GMT
5721 Not After : Oct 25 08:32:46 2036 GMT
5722 Subject: C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
5723 X509v3 extensions:
5724 X509v3 Key Usage: critical
5725 Certificate Sign, CRL Sign
5726 X509v3 Basic Constraints: critical
5727 CA:TRUE
5728 X509v3 Subject Key Identifier:
5729 17:A0:CD:C1:E4:41:B6:3A:5B:3B:CB:45:9D:BD:1C:C2:98:FA:86:58
5730 X509v3 Authority Key Identifier:
5731 keyid:17:A0:CD:C1:E4:41:B6:3A:5B:3B:CB:45:9D:BD:1C:C2:98:FA:86:58
5732
5733 X509v3 Certificate Policies:
5734 Policy: 2.16.756.1.89.1.3.1.1
5735 CPS: http://repository.swisssign.com/
5736
5737SHA1 Fingerprint=9B:AA:E5:9F:56:EE:21:CB:43:5A:BE:25:93:DF:A7:F0:40:D1:1D:CB
5738SHA256 Fingerprint=BE:6C:4D:A2:BB:B9:BA:59:B6:F3:93:97:68:37:42:46:C3:C0:05:99:3F:A9:8F:02:0D:1D:ED:BE:D4:8A:81:D5
5739-----BEGIN CERTIFICATE-----
5740MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE
5741BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu
5742IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow
5743RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY
5744U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
5745MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv
5746Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br
5747YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF
5748nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH
57496ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt
5750eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/
5751c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ
5752MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH
5753HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf
5754jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6
57555i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB
5756rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
5757F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c
5758wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0
5759cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB
5760AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp
5761WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9
5762xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ
57632K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ
5764IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8
5765aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X
5766em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR
5767dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/
5768OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+
5769hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy
5770tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u
5771-----END CERTIFICATE-----
5772 5678
5773### T-Systems Enterprise Services GmbH 5679### T-Systems Enterprise Services GmbH
5774 5680
@@ -6862,6 +6768,64 @@ i/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5VaZVDADlN
68629u6wWk5JRFRYX0KD 67689u6wWk5JRFRYX0KD
6863-----END CERTIFICATE----- 6769-----END CERTIFICATE-----
6864 6770
6771### e-commerce monitoring GmbH
6772
6773=== /C=AT/O=e-commerce monitoring GmbH/CN=GLOBALTRUST 2020
6774Certificate:
6775 Data:
6776 Version: 3 (0x2)
6777 Serial Number:
6778 5a:4b:bd:5a:fb:4f:8a:5b:fa:65:e5
6779 Signature Algorithm: sha256WithRSAEncryption
6780 Validity
6781 Not Before: Feb 10 00:00:00 2020 GMT
6782 Not After : Jun 10 00:00:00 2040 GMT
6783 Subject: C=AT, O=e-commerce monitoring GmbH, CN=GLOBALTRUST 2020
6784 X509v3 extensions:
6785 X509v3 Basic Constraints: critical
6786 CA:TRUE
6787 X509v3 Key Usage: critical
6788 Certificate Sign, CRL Sign
6789 X509v3 Subject Key Identifier:
6790 DC:2E:1F:D1:61:37:79:E4:AB:D5:D5:B3:12:71:68:3D:6A:68:9C:22
6791 X509v3 Authority Key Identifier:
6792 keyid:DC:2E:1F:D1:61:37:79:E4:AB:D5:D5:B3:12:71:68:3D:6A:68:9C:22
6793
6794SHA1 Fingerprint=D0:67:C1:13:51:01:0C:AA:D0:C7:6A:65:37:31:16:26:4F:53:71:A2
6795SHA256 Fingerprint=9A:29:6A:51:82:D1:D4:51:A2:E3:7F:43:9B:74:DA:AF:A2:67:52:33:29:F9:0F:9A:0D:20:07:C3:34:E2:3C:9A
6796-----BEGIN CERTIFICATE-----
6797MIIFgjCCA2qgAwIBAgILWku9WvtPilv6ZeUwDQYJKoZIhvcNAQELBQAwTTELMAkG
6798A1UEBhMCQVQxIzAhBgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkw
6799FwYDVQQDExBHTE9CQUxUUlVTVCAyMDIwMB4XDTIwMDIxMDAwMDAwMFoXDTQwMDYx
6800MDAwMDAwMFowTTELMAkGA1UEBhMCQVQxIzAhBgNVBAoTGmUtY29tbWVyY2UgbW9u
6801aXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVTVCAyMDIwMIICIjANBgkq
6802hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAri5WrRsc7/aVj6B3GyvTY4+ETUWiD59b
6803RatZe1E0+eyLinjF3WuvvcTfk0Uev5E4C64OFudBc/jbu9G4UeDLgztzOG53ig9Z
6804YybNpyrOVPu44sB8R85gfD+yc/LAGbaKkoc1DZAoouQVBGM+uq/ufF7MpotQsjj3
6805QWPKzv9pj2gOlTblzLmMCcpL3TGQlsjMH/1WljTbjhzqLL6FLmPdqqmV0/0plRPw
6806yJiT2S0WR5ARg6I6IqIoV6Lr/sCMKKCmfecqQjuCgGOlYx8ZzHyyZqjC0203b+J+
6807BlHZRYQfEs4kUmSFC0iAToexIiIwquuuvuAC4EDosEKAA1GqtH6qRNdDYfOiaxaJ
6808SaSjpCuKAsR49GiKweR6NrFvG5Ybd0mN1MkGco/PU+PcF4UgStyYJ9ORJitHHmkH
6809r96i5OTUawuzXnzUJIBHKWk7buis/UDr2O1xcSvy6Fgd60GXIsUf1DnQJ4+H4xj0
68104KlGDfV0OoIu0G4skaMxXDtG6nsEEFZegB31pWXogvziB4xiRfUg3kZwhqG8k9Me
6811dKZssCz3AwyIDMvUclOGvGBG85hqwvG/Q/lwIHfKN0F5VVJjjVsSn8VoxIidrPIw
6812q7ejMZdnrY8XD2zHc+0klGvIg5rQmjdJBKuxFshsSUktq6HQjJLyQUp5ISXbY9e2
6813nKd+Qmn7OmMCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
6814AQYwHQYDVR0OBBYEFNwuH9FhN3nkq9XVsxJxaD1qaJwiMB8GA1UdIwQYMBaAFNwu
6815H9FhN3nkq9XVsxJxaD1qaJwiMA0GCSqGSIb3DQEBCwUAA4ICAQCR8EICaEDuw2jA
6816VC/f7GLDw56KoDEoqoOOpFaWEhCGVrqXctJUMHytGdUdaG/7FELYjQ7ztdGl4wJC
6817XtzoRlgHNQIw4Lx0SsFDKv/bGtCwr2zD/cuz9X9tAy5ZVp0tLTWMstZDFyySCstd
68186IwPS3BD0IL/qMy/pJTAvoe9iuOTe8aPmxadJ2W8esVCgmxcB9CpwYhgROmYhRZf
6819+I/KARDOJcP5YBugxZfD0yyIMaK9MOzQ0MAS8cE54+X1+NZK3TTN+2/BT+MAi1bi
6820kvcoskJ3ciNnxz8RFbLEAwW+uxF7Cr+obuf/WEPPm2eggAe2HcqtbepBEX4tdJP7
6821wry+UUTF72glJ4DjyKDUEuzZpTcdN3y0kcra1LGWge9oXHYQSa9+pTeAsRxSvTOB
6822TI/53WXZFM2KJVj04sWDpQmQ1GwUY7VA3+vA/MRYfg0UFodUJ25W5HCEuGwyEn6C
6823MUO+1918oa2u1qsgEu8KwxCMSZY13At1XrFP1U80DhEgB3VDRemjEdqso5nCtnkn
68244rnvyOL2NSl6dPrFf4IFYqYK6miyeUcGbvJXqBUzxvd4Sj1Ce2t+/vdG6tHrju+I
6825aFvowdlxfv1k7/9nR4hYJS8+hge9+6jlgqispdNpQ80xiEmEU5LAsTkbOYMBMMTy
6826qfrQA71yN2BWHzZ8vTmR9W0Nv3vXkg==
6827-----END CERTIFICATE-----
6828
6865### eMudhra Inc 6829### eMudhra Inc
6866 6830
6867=== /C=US/OU=emSign PKI/O=eMudhra Inc/CN=emSign ECC Root CA - C3 6831=== /C=US/OU=emSign PKI/O=eMudhra Inc/CN=emSign ECC Root CA - C3
diff --git a/src/lib/libcrypto/man/d2i_X509_CRL.3 b/src/lib/libcrypto/man/d2i_X509_CRL.3
index 948c283b51..79c1ed9f8c 100644
--- a/src/lib/libcrypto/man/d2i_X509_CRL.3
+++ b/src/lib/libcrypto/man/d2i_X509_CRL.3
@@ -1,4 +1,4 @@
1.\" $OpenBSD: d2i_X509_CRL.3,v 1.9 2024/03/06 02:34:14 tb Exp $ 1.\" $OpenBSD: d2i_X509_CRL.3,v 1.10 2025/03/15 15:17:41 tb Exp $
2.\" 2.\"
3.\" Copyright (c) 2016, 2021 Ingo Schwarze <schwarze@openbsd.org> 3.\" Copyright (c) 2016, 2021 Ingo Schwarze <schwarze@openbsd.org>
4.\" 4.\"
@@ -14,7 +14,7 @@
14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16.\" 16.\"
17.Dd $Mdocdate: March 6 2024 $ 17.Dd $Mdocdate: March 15 2025 $
18.Dt D2I_X509_CRL 3 18.Dt D2I_X509_CRL 3
19.Os 19.Os
20.Sh NAME 20.Sh NAME
@@ -45,22 +45,22 @@
45.Ft X509_CRL * 45.Ft X509_CRL *
46.Fo d2i_X509_CRL_bio 46.Fo d2i_X509_CRL_bio
47.Fa "BIO *in_bio" 47.Fa "BIO *in_bio"
48.Fa "X509_CRL **der_out" 48.Fa "X509_CRL **val_out"
49.Fc 49.Fc
50.Ft X509_CRL * 50.Ft X509_CRL *
51.Fo d2i_X509_CRL_fp 51.Fo d2i_X509_CRL_fp
52.Fa "FILE *in_fp" 52.Fa "FILE *in_fp"
53.Fa "X509_CRL **der_out" 53.Fa "X509_CRL **val_out"
54.Fc 54.Fc
55.Ft int 55.Ft int
56.Fo i2d_X509_CRL_bio 56.Fo i2d_X509_CRL_bio
57.Fa "BIO *out_bio" 57.Fa "BIO *out_bio"
58.Fa "X509_CRL *der_in" 58.Fa "X509_CRL *val_in"
59.Fc 59.Fc
60.Ft int 60.Ft int
61.Fo i2d_X509_CRL_fp 61.Fo i2d_X509_CRL_fp
62.Fa "FILE *out_fp" 62.Fa "FILE *out_fp"
63.Fa "X509_CRL *der_in" 63.Fa "X509_CRL *val_in"
64.Fc 64.Fc
65.Ft X509_CRL_INFO * 65.Ft X509_CRL_INFO *
66.Fo d2i_X509_CRL_INFO 66.Fo d2i_X509_CRL_INFO
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c
index e1c075f15a..020de71fef 100644
--- a/src/lib/libcrypto/pkcs7/pk7_doit.c
+++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pk7_doit.c,v 1.57 2024/11/30 10:01:31 tb Exp $ */ 1/* $OpenBSD: pk7_doit.c,v 1.59 2025/03/18 12:53:25 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -981,8 +981,8 @@ PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
981 X509_STORE_CTX_cleanup(ctx); 981 X509_STORE_CTX_cleanup(ctx);
982 982
983 return PKCS7_signatureVerify(bio, p7, si, x509); 983 return PKCS7_signatureVerify(bio, p7, si, x509);
984
984err: 985err:
985
986 return ret; 986 return ret;
987} 987}
988LCRYPTO_ALIAS(PKCS7_dataVerify); 988LCRYPTO_ALIAS(PKCS7_dataVerify);
@@ -1067,8 +1067,10 @@ PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509)
1067 ret = -1; 1067 ret = -1;
1068 goto err; 1068 goto err;
1069 } 1069 }
1070 if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen)) 1070 if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen)) {
1071 free(abuf);
1071 goto err; 1072 goto err;
1073 }
1072 1074
1073 free(abuf); 1075 free(abuf);
1074 } 1076 }
diff --git a/src/lib/libcrypto/x509/x509_vpm.c b/src/lib/libcrypto/x509/x509_vpm.c
index 4b333e2a2d..9efe473fc3 100644
--- a/src/lib/libcrypto/x509/x509_vpm.c
+++ b/src/lib/libcrypto/x509/x509_vpm.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_vpm.c,v 1.47 2025/03/12 04:58:04 tb Exp $ */ 1/* $OpenBSD: x509_vpm.c,v 1.55 2025/03/19 17:11:21 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2004. 3 * project 2004.
4 */ 4 */
@@ -113,7 +113,7 @@ sk_OPENSSL_STRING_deep_copy(const STACK_OF(OPENSSL_STRING) *sk)
113} 113}
114 114
115static int 115static int
116x509_param_set_hosts_internal(X509_VERIFY_PARAM *vpm, int mode, 116x509_param_set_hosts_internal(X509_VERIFY_PARAM *param, int mode,
117 const char *name, size_t namelen) 117 const char *name, size_t namelen)
118{ 118{
119 char *copy; 119 char *copy;
@@ -126,9 +126,9 @@ x509_param_set_hosts_internal(X509_VERIFY_PARAM *vpm, int mode,
126 if (name && memchr(name, '\0', namelen)) 126 if (name && memchr(name, '\0', namelen))
127 return 0; 127 return 0;
128 128
129 if (mode == SET_HOST && vpm->hosts) { 129 if (mode == SET_HOST && param->hosts) {
130 sk_OPENSSL_STRING_pop_free(vpm->hosts, str_free); 130 sk_OPENSSL_STRING_pop_free(param->hosts, str_free);
131 vpm->hosts = NULL; 131 param->hosts = NULL;
132 } 132 }
133 if (name == NULL || namelen == 0) 133 if (name == NULL || namelen == 0)
134 return 1; 134 return 1;
@@ -136,17 +136,17 @@ x509_param_set_hosts_internal(X509_VERIFY_PARAM *vpm, int mode,
136 if (copy == NULL) 136 if (copy == NULL)
137 return 0; 137 return 0;
138 138
139 if (vpm->hosts == NULL && 139 if (param->hosts == NULL &&
140 (vpm->hosts = sk_OPENSSL_STRING_new_null()) == NULL) { 140 (param->hosts = sk_OPENSSL_STRING_new_null()) == NULL) {
141 free(copy); 141 free(copy);
142 return 0; 142 return 0;
143 } 143 }
144 144
145 if (!sk_OPENSSL_STRING_push(vpm->hosts, copy)) { 145 if (!sk_OPENSSL_STRING_push(param->hosts, copy)) {
146 free(copy); 146 free(copy);
147 if (sk_OPENSSL_STRING_num(vpm->hosts) == 0) { 147 if (sk_OPENSSL_STRING_num(param->hosts) == 0) {
148 sk_OPENSSL_STRING_free(vpm->hosts); 148 sk_OPENSSL_STRING_free(param->hosts);
149 vpm->hosts = NULL; 149 param->hosts = NULL;
150 } 150 }
151 return 0; 151 return 0;
152 } 152 }
@@ -654,6 +654,8 @@ static const X509_VERIFY_PARAM default_table[] = {
654 } 654 }
655}; 655};
656 656
657#define N_DEFAULT_VERIFY_PARAMS (sizeof(default_table) / sizeof(default_table[0]))
658
657static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL; 659static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;
658 660
659static int 661static int
@@ -687,9 +689,11 @@ LCRYPTO_ALIAS(X509_VERIFY_PARAM_add0_table);
687int 689int
688X509_VERIFY_PARAM_get_count(void) 690X509_VERIFY_PARAM_get_count(void)
689{ 691{
690 int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM); 692 int num = N_DEFAULT_VERIFY_PARAMS;
691 if (param_table) 693
694 if (param_table != NULL)
692 num += sk_X509_VERIFY_PARAM_num(param_table); 695 num += sk_X509_VERIFY_PARAM_num(param_table);
696
693 return num; 697 return num;
694} 698}
695LCRYPTO_ALIAS(X509_VERIFY_PARAM_get_count); 699LCRYPTO_ALIAS(X509_VERIFY_PARAM_get_count);
@@ -697,9 +701,14 @@ LCRYPTO_ALIAS(X509_VERIFY_PARAM_get_count);
697const X509_VERIFY_PARAM * 701const X509_VERIFY_PARAM *
698X509_VERIFY_PARAM_get0(int id) 702X509_VERIFY_PARAM_get0(int id)
699{ 703{
700 int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM); 704 int num = N_DEFAULT_VERIFY_PARAMS;
705
706 if (id < 0)
707 return NULL;
708
701 if (id < num) 709 if (id < num)
702 return default_table + id; 710 return &default_table[id];
711
703 return sk_X509_VERIFY_PARAM_value(param_table, id - num); 712 return sk_X509_VERIFY_PARAM_value(param_table, id - num);
704} 713}
705LCRYPTO_ALIAS(X509_VERIFY_PARAM_get0); 714LCRYPTO_ALIAS(X509_VERIFY_PARAM_get0);
@@ -707,22 +716,20 @@ LCRYPTO_ALIAS(X509_VERIFY_PARAM_get0);
707const X509_VERIFY_PARAM * 716const X509_VERIFY_PARAM *
708X509_VERIFY_PARAM_lookup(const char *name) 717X509_VERIFY_PARAM_lookup(const char *name)
709{ 718{
710 X509_VERIFY_PARAM pm; 719 X509_VERIFY_PARAM param;
711 unsigned int i, limit; 720 size_t i;
721 int idx;
712 722
713 pm.name = (char *)name; 723 memset(&param, 0, sizeof(param));
714 if (param_table) { 724 param.name = (char *)name;
715 size_t idx; 725 if ((idx = sk_X509_VERIFY_PARAM_find(param_table, &param)) != -1)
716 if ((idx = sk_X509_VERIFY_PARAM_find(param_table, &pm)) != -1) 726 return sk_X509_VERIFY_PARAM_value(param_table, idx);
717 return sk_X509_VERIFY_PARAM_value(param_table, idx);
718 }
719 727
720 limit = sizeof(default_table) / sizeof(X509_VERIFY_PARAM); 728 for (i = 0; i < N_DEFAULT_VERIFY_PARAMS; i++) {
721 for (i = 0; i < limit; i++) { 729 if (strcmp(default_table[i].name, name) == 0)
722 if (strcmp(default_table[i].name, name) == 0) {
723 return &default_table[i]; 730 return &default_table[i];
724 }
725 } 731 }
732
726 return NULL; 733 return NULL;
727} 734}
728LCRYPTO_ALIAS(X509_VERIFY_PARAM_lookup); 735LCRYPTO_ALIAS(X509_VERIFY_PARAM_lookup);
diff --git a/src/regress/lib/libcrypto/x509/Makefile b/src/regress/lib/libcrypto/x509/Makefile
index 80879f6e3c..19e65efddd 100644
--- a/src/regress/lib/libcrypto/x509/Makefile
+++ b/src/regress/lib/libcrypto/x509/Makefile
@@ -1,7 +1,8 @@
1# $OpenBSD: Makefile,v 1.23 2024/06/16 17:57:08 tb Exp $ 1# $OpenBSD: Makefile,v 1.24 2025/03/15 06:37:49 tb Exp $
2 2
3PROGS = constraints verify x509attribute x509name x509req_ext callback 3PROGS = constraints verify x509attribute x509name x509req_ext callback
4PROGS += expirecallback callbackfailures x509_asn1 x509_extensions_test 4PROGS += expirecallback callbackfailures x509_asn1 x509_extensions_test
5PROGS += x509_name_test
5LDADD = -lcrypto 6LDADD = -lcrypto
6DPADD = ${LIBCRYPTO} 7DPADD = ${LIBCRYPTO}
7 8
diff --git a/src/regress/lib/libcrypto/x509/x509_name_test.c b/src/regress/lib/libcrypto/x509/x509_name_test.c
new file mode 100644
index 0000000000..eaf7076d74
--- /dev/null
+++ b/src/regress/lib/libcrypto/x509/x509_name_test.c
@@ -0,0 +1,299 @@
1/* $OpenBSD: x509_name_test.c,v 1.2 2025/03/19 11:19:17 tb Exp $ */
2
3/*
4 * Copyright (c) 2025 Theo Buehler <tb@openbsd.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <err.h>
20#include <stdio.h>
21#include <string.h>
22
23#include <openssl/x509.h>
24
25static const struct x509_name_legacy {
26 const char *compat;
27 const char *oneline;
28 const uint8_t der[255];
29 size_t der_len;
30} x509_name_legacy_test[] = {
31 {
32 .compat =
33 "C=HU, "
34 "L=Budapest, "
35 "O=Microsec Ltd., "
36 "CN=Microsec e-Szigno Root CA 2009, "
37 "emailAddress=info@e-szigno.hu",
38 .oneline =
39 "/C=HU"
40 "/L=Budapest"
41 "/O=Microsec Ltd."
42 "/CN=Microsec e-Szigno Root CA 2009"
43 "/emailAddress=info@e-szigno.hu",
44 .der = {
45 0x30, 0x81, 0x82, 0x31, 0x0b, 0x30, 0x09, 0x06,
46 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x48, 0x55,
47 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04,
48 0x07, 0x0c, 0x08, 0x42, 0x75, 0x64, 0x61, 0x70,
49 0x65, 0x73, 0x74, 0x31, 0x16, 0x30, 0x14, 0x06,
50 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0d, 0x4d, 0x69,
51 0x63, 0x72, 0x6f, 0x73, 0x65, 0x63, 0x20, 0x4c,
52 0x74, 0x64, 0x2e, 0x31, 0x27, 0x30, 0x25, 0x06,
53 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1e, 0x4d, 0x69,
54 0x63, 0x72, 0x6f, 0x73, 0x65, 0x63, 0x20, 0x65,
55 0x2d, 0x53, 0x7a, 0x69, 0x67, 0x6e, 0x6f, 0x20,
56 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x20,
57 0x32, 0x30, 0x30, 0x39, 0x31, 0x1f, 0x30, 0x1d,
58 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
59 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66,
60 0x6f, 0x40, 0x65, 0x2d, 0x73, 0x7a, 0x69, 0x67,
61 0x6e, 0x6f, 0x2e, 0x68, 0x75,
62 },
63 .der_len = 133,
64 },
65
66 {
67 .compat =
68 "serialNumber=G63287510, "
69 "C=ES, "
70 "O=ANF Autoridad de Certificacion, "
71 "OU=ANF CA Raiz, "
72 "CN=ANF Secure Server Root CA",
73 .oneline =
74 "/serialNumber=G63287510"
75 "/C=ES"
76 "/O=ANF Autoridad de Certificacion"
77 "/OU=ANF CA Raiz"
78 "/CN=ANF Secure Server Root CA",
79 .der = {
80 0x30, 0x81, 0x84, 0x31, 0x12, 0x30, 0x10, 0x06,
81 0x03, 0x55, 0x04, 0x05, 0x13, 0x09, 0x47, 0x36,
82 0x33, 0x32, 0x38, 0x37, 0x35, 0x31, 0x30, 0x31,
83 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
84 0x13, 0x02, 0x45, 0x53, 0x31, 0x27, 0x30, 0x25,
85 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x1e, 0x41,
86 0x4e, 0x46, 0x20, 0x41, 0x75, 0x74, 0x6f, 0x72,
87 0x69, 0x64, 0x61, 0x64, 0x20, 0x64, 0x65, 0x20,
88 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
89 0x61, 0x63, 0x69, 0x6f, 0x6e, 0x31, 0x14, 0x30,
90 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x0b,
91 0x41, 0x4e, 0x46, 0x20, 0x43, 0x41, 0x20, 0x52,
92 0x61, 0x69, 0x7a, 0x31, 0x22, 0x30, 0x20, 0x06,
93 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x41, 0x4e,
94 0x46, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65,
95 0x20, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20,
96 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41,
97 },
98 .der_len = 135,
99 },
100
101 {
102 .compat =
103 "C=GB, "
104 "ST=Greater Manchester, "
105 "L=Salford, "
106 "O=COMODO CA Limited, "
107 "CN=COMODO Certification Authority",
108 .oneline =
109 "/C=GB"
110 "/ST=Greater Manchester"
111 "/L=Salford"
112 "/O=COMODO CA Limited"
113 "/CN=COMODO Certification Authority",
114 .der = {
115 0x30, 0x81, 0x81, 0x31, 0x0b, 0x30, 0x09, 0x06,
116 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42,
117 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04,
118 0x08, 0x13, 0x12, 0x47, 0x72, 0x65, 0x61, 0x74,
119 0x65, 0x72, 0x20, 0x4d, 0x61, 0x6e, 0x63, 0x68,
120 0x65, 0x73, 0x74, 0x65, 0x72, 0x31, 0x10, 0x30,
121 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07,
122 0x53, 0x61, 0x6c, 0x66, 0x6f, 0x72, 0x64, 0x31,
123 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0a,
124 0x13, 0x11, 0x43, 0x4f, 0x4d, 0x4f, 0x44, 0x4f,
125 0x20, 0x43, 0x41, 0x20, 0x4c, 0x69, 0x6d, 0x69,
126 0x74, 0x65, 0x64, 0x31, 0x27, 0x30, 0x25, 0x06,
127 0x03, 0x55, 0x04, 0x03, 0x13, 0x1e, 0x43, 0x4f,
128 0x4d, 0x4f, 0x44, 0x4f, 0x20, 0x43, 0x65, 0x72,
129 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69,
130 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f,
131 0x72, 0x69, 0x74, 0x79,
132 },
133 .der_len = 132,
134 },
135
136 {
137 .compat =
138 "C=HU, "
139 "L=Budapest, "
140 "O=Microsec Ltd., "
141 "2.5.4.97=VATHU-23584497, "
142 "CN=e-Szigno Root CA 2017",
143 .oneline =
144 "/C=HU"
145 "/L=Budapest"
146 "/O=Microsec Ltd."
147 "/2.5.4.97=VATHU-23584497"
148 "/CN=e-Szigno Root CA 2017",
149 .der = {
150 0x30, 0x71, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
151 0x55, 0x04, 0x06, 0x13, 0x02, 0x48, 0x55, 0x31,
152 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07,
153 0x0c, 0x08, 0x42, 0x75, 0x64, 0x61, 0x70, 0x65,
154 0x73, 0x74, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03,
155 0x55, 0x04, 0x0a, 0x0c, 0x0d, 0x4d, 0x69, 0x63,
156 0x72, 0x6f, 0x73, 0x65, 0x63, 0x20, 0x4c, 0x74,
157 0x64, 0x2e, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03,
158 0x55, 0x04, 0x61, 0x0c, 0x0e, 0x56, 0x41, 0x54,
159 0x48, 0x55, 0x2d, 0x32, 0x33, 0x35, 0x38, 0x34,
160 0x34, 0x39, 0x37, 0x31, 0x1e, 0x30, 0x1c, 0x06,
161 0x03, 0x55, 0x04, 0x03, 0x0c, 0x15, 0x65, 0x2d,
162 0x53, 0x7a, 0x69, 0x67, 0x6e, 0x6f, 0x20, 0x52,
163 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x20, 0x32,
164 0x30, 0x31, 0x37,
165 },
166 .der_len = 115,
167 },
168
169 {
170
171 .compat =
172 "C=ES, "
173 "O=FNMT-RCM, "
174 "OU=Ceres, "
175 "2.5.4.97=VATES-Q2826004J, "
176 "CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS",
177 .oneline =
178 "/C=ES"
179 "/O=FNMT-RCM"
180 "/OU=Ceres"
181 "/2.5.4.97=VATES-Q2826004J"
182 "/CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS",
183 .der = {
184 0x30, 0x78, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
185 0x55, 0x04, 0x06, 0x13, 0x02, 0x45, 0x53, 0x31,
186 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a,
187 0x0c, 0x08, 0x46, 0x4e, 0x4d, 0x54, 0x2d, 0x52,
188 0x43, 0x4d, 0x31, 0x0e, 0x30, 0x0c, 0x06, 0x03,
189 0x55, 0x04, 0x0b, 0x0c, 0x05, 0x43, 0x65, 0x72,
190 0x65, 0x73, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
191 0x55, 0x04, 0x61, 0x0c, 0x0f, 0x56, 0x41, 0x54,
192 0x45, 0x53, 0x2d, 0x51, 0x32, 0x38, 0x32, 0x36,
193 0x30, 0x30, 0x34, 0x4a, 0x31, 0x2c, 0x30, 0x2a,
194 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x23, 0x41,
195 0x43, 0x20, 0x52, 0x41, 0x49, 0x5a, 0x20, 0x46,
196 0x4e, 0x4d, 0x54, 0x2d, 0x52, 0x43, 0x4d, 0x20,
197 0x53, 0x45, 0x52, 0x56, 0x49, 0x44, 0x4f, 0x52,
198 0x45, 0x53, 0x20, 0x53, 0x45, 0x47, 0x55, 0x52,
199 0x4f, 0x53
200 },
201 .der_len = 122,
202 },
203};
204
205#define N_X509_NAME_COMPAT \
206 (sizeof(x509_name_legacy_test) / sizeof(x509_name_legacy_test[0]))
207
208static int
209x509_name_compat_testcase(const struct x509_name_legacy *test)
210{
211 const uint8_t *p;
212 X509_NAME *name = NULL;
213 unsigned char *der = NULL;
214 int der_len = 0;
215 BIO *bio = NULL;
216 char *got;
217 int got_len;
218 char *buf = NULL;
219 int failed = 1;
220
221 p = test->der;
222 if ((name = d2i_X509_NAME(NULL, &p, test->der_len)) == NULL)
223 errx(1, "d2i_X509_NAME");
224
225 if ((der_len = i2d_X509_NAME(name, &der)) <= 0) {
226 fprintf(stderr, "FAIL: %s: i2d_X509_NAME", __func__);
227 der_len = 0;
228 goto err;
229 }
230
231 if (test->der_len != (size_t)der_len) {
232 fprintf(stderr, "FAIL: %s: der len: want %zu, got %d\n",
233 __func__, test->der_len, der_len);
234 goto err;
235 }
236
237 if (memcmp(test->der, der, test->der_len) != 0) {
238 fprintf(stderr, "FAIL: %s: DER mismatch\n", __func__);
239 goto err;
240 }
241
242 if ((bio = BIO_new(BIO_s_mem())) == NULL)
243 errx(1, "BIO_new");
244
245 if (!X509_NAME_print_ex(bio, name, 0, XN_FLAG_COMPAT)) {
246 fprintf(stderr, "FAIL: %s: X509_NAME_print_ex", __func__);
247 goto err;
248 }
249
250 if ((got_len = BIO_get_mem_data(bio, &got)) < 0)
251 errx(1, "BIO_get_mem_data");
252
253 if (strcmp(test->compat, got) != 0) {
254 fprintf(stderr, "FAIL: %s compat:\nwant: \"%s\",\ngot: \"%s\"\n",
255 __func__, test->compat, got);
256 goto err;
257 }
258
259 if ((buf = X509_NAME_oneline(name, NULL, 0)) == NULL)
260 errx(1, "X509_NAME_oneline");
261
262 if (strcmp(test->oneline, buf) != 0) {
263 fprintf(stderr, "FAIL: %s oneline:\nwant: \"%s\",\ngot: \"%s\"\n",
264 __func__, test->compat, got);
265 goto err;
266 }
267
268 failed = 0;
269
270 err:
271 BIO_free(bio);
272 free(buf);
273 X509_NAME_free(name);
274 freezero(der, der_len);
275
276 return failed;
277}
278
279static int
280x509_name_compat_test(void)
281{
282 size_t i;
283 int failed = 0;
284
285 for (i = 0; i < N_X509_NAME_COMPAT; i++)
286 failed |= x509_name_compat_testcase(&x509_name_legacy_test[i]);
287
288 return failed;
289}
290
291int
292main(void)
293{
294 int failed = 0;
295
296 failed |= x509_name_compat_test();
297
298 return failed;
299}
diff --git a/src/usr.bin/openssl/apps.c b/src/usr.bin/openssl/apps.c
index 7c98f1e70c..46197dfd49 100644
--- a/src/usr.bin/openssl/apps.c
+++ b/src/usr.bin/openssl/apps.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: apps.c,v 1.70 2025/01/03 09:14:42 tb Exp $ */ 1/* $OpenBSD: apps.c,v 1.72 2025/03/18 13:03:08 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -1377,10 +1377,10 @@ int
1377save_index(const char *file, const char *suffix, CA_DB *db) 1377save_index(const char *file, const char *suffix, CA_DB *db)
1378{ 1378{
1379 char attrpath[PATH_MAX], dbfile[PATH_MAX]; 1379 char attrpath[PATH_MAX], dbfile[PATH_MAX];
1380 BIO *out = BIO_new(BIO_s_file()); 1380 BIO *out;
1381 int j; 1381 int ret = 0;
1382 1382
1383 if (out == NULL) { 1383 if ((out = BIO_new(BIO_s_file())) == NULL) {
1384 ERR_print_errors(bio_err); 1384 ERR_print_errors(bio_err);
1385 goto err; 1385 goto err;
1386 } 1386 }
@@ -1400,27 +1400,31 @@ save_index(const char *file, const char *suffix, CA_DB *db)
1400 BIO_printf(bio_err, "unable to open '%s'\n", dbfile); 1400 BIO_printf(bio_err, "unable to open '%s'\n", dbfile);
1401 goto err; 1401 goto err;
1402 } 1402 }
1403 j = TXT_DB_write(out, db->db); 1403
1404 if (j <= 0) 1404 if (TXT_DB_write(out, db->db) <= 0)
1405 goto err; 1405 goto err;
1406 1406
1407 BIO_free(out); 1407 BIO_free(out);
1408 1408 if ((out = BIO_new(BIO_s_file())) == NULL) {
1409 out = BIO_new(BIO_s_file()); 1409 ERR_print_errors(bio_err);
1410 goto err;
1411 }
1410 1412
1411 if (BIO_write_filename(out, attrpath) <= 0) { 1413 if (BIO_write_filename(out, attrpath) <= 0) {
1412 perror(attrpath); 1414 perror(attrpath);
1413 BIO_printf(bio_err, "unable to open '%s'\n", attrpath); 1415 BIO_printf(bio_err, "unable to open '%s'\n", attrpath);
1414 goto err; 1416 goto err;
1415 } 1417 }
1416 BIO_printf(out, "unique_subject = %s\n", 1418 if (BIO_printf(out, "unique_subject = %s\n",
1417 db->attributes.unique_subject ? "yes" : "no"); 1419 db->attributes.unique_subject ? "yes" : "no") <= 0)
1418 BIO_free(out); 1420 goto err;
1419 1421
1420 return 1; 1422 ret = 1;
1421 1423
1422 err: 1424 err:
1423 return 0; 1425 BIO_free(out);
1426
1427 return ret;
1424} 1428}
1425 1429
1426int 1430int
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 10:32:45 +0000