diff --git a/ChangeLog b/ChangeLog index 76fb13f16..a71b4a738 100644 --- a/ChangeLog +++ b/ChangeLog @@ -62,6 +62,8 @@ Changes Security Features + * Add support for bit strings in X.509 names (request by Fredrik Axelsson). + * Add support for id-at-uniqueIdentifier in X.509 names. * Add support for overriding snprintf() (except on Windows) and exit() in the platform layer. * Add an option to use macros instead of function pointers in the platform @@ -80,6 +82,7 @@ Features errors on use of deprecated functions. Bugfix + * Fix thread safety bug in RSA operations (found by Fredrik Axelsson). * Fix hardclock() (only used in the benchmarking program) with some versions of mingw64 (found by kxjhlele). * Fix warnings from mingw64 in timing.c (found by kxjklele). @@ -90,6 +93,8 @@ Bugfix POLARSSL_SSL_SSESSION_TICKETS where both enabled in config.h (introduced in 1.3.10). * Add missing extern "C" guard in aesni.h (reported by amir zamani). + * Add missing dependency on SHA-256 in some x509 programs (reported by + Gergely Budai). Changes * Adjusting/overriding CFLAGS and LDFLAGS with the make build syste is now diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 6b04893b3..31a7d2be1 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -122,6 +122,7 @@ #define OID_AT_GIVEN_NAME OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */ #define OID_AT_INITIALS OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */ #define OID_AT_GENERATION_QUALIFIER OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */ +#define OID_AT_UNIQUE_IDENTIFIER OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */ #define OID_AT_DN_QUALIFIER OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */ #define OID_AT_PSEUDONYM OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */ diff --git a/library/oid.c b/library/oid.c index 2979d6a95..ad6d184f7 100644 --- a/library/oid.c +++ b/library/oid.c @@ -235,6 +235,10 @@ static const oid_x520_attr_t oid_x520_attr_type[] = { ADD_LEN( OID_DOMAIN_COMPONENT ), "id-domainComponent", "Domain component" }, "DC", }, + { + { ADD_LEN( OID_AT_UNIQUE_IDENTIFIER ), "id-at-uniqueIdentifier", "Unique Identifier" }, + "uniqueIdentifier", + }, { { NULL, 0, NULL, NULL }, NULL, diff --git a/library/rsa.c b/library/rsa.c index 72f65a2fe..afe5fc37e 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -282,11 +282,18 @@ int rsa_public( rsa_context *ctx, return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); } +#if defined(POLARSSL_THREADING_C) + polarssl_mutex_lock( &ctx->mutex ); +#endif + olen = ctx->len; MPI_CHK( mpi_exp_mod( &T, &T, &ctx->E, &ctx->N, &ctx->RN ) ); MPI_CHK( mpi_write_binary( &T, output, olen ) ); cleanup: +#if defined(POLARSSL_THREADING_C) + polarssl_mutex_unlock( &ctx->mutex ); +#endif mpi_free( &T ); @@ -400,6 +407,10 @@ int rsa_private( rsa_context *ctx, MPI_CHK( mpi_mod_mpi( &T, &T, &ctx->N ) ); } +#if defined(POLARSSL_THREADING_C) + polarssl_mutex_lock( &ctx->mutex ); +#endif + #if defined(POLARSSL_RSA_NO_CRT) MPI_CHK( mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) ); #else @@ -440,10 +451,11 @@ int rsa_private( rsa_context *ctx, MPI_CHK( mpi_write_binary( &T, output, olen ) ); cleanup: - mpi_free( &T ); mpi_free( &T1 ); mpi_free( &T2 ); #if defined(POLARSSL_THREADING_C) + polarssl_mutex_unlock( &ctx->mutex ); mpi_free( &Vi_copy ); mpi_free( &Vf_copy ); #endif + mpi_free( &T ); mpi_free( &T1 ); mpi_free( &T2 ); if( ret != 0 ) return( POLARSSL_ERR_RSA_PRIVATE_FAILED + ret ); diff --git a/library/x509.c b/library/x509.c index 67359a5d8..1095b8392 100644 --- a/library/x509.c +++ b/library/x509.c @@ -380,7 +380,8 @@ static int x509_get_attr_type_value( unsigned char **p, if( **p != ASN1_BMP_STRING && **p != ASN1_UTF8_STRING && **p != ASN1_T61_STRING && **p != ASN1_PRINTABLE_STRING && - **p != ASN1_IA5_STRING && **p != ASN1_UNIVERSAL_STRING ) + **p != ASN1_IA5_STRING && **p != ASN1_UNIVERSAL_STRING && + **p != ASN1_BIT_STRING ) return( POLARSSL_ERR_X509_INVALID_NAME + POLARSSL_ERR_ASN1_UNEXPECTED_TAG ); diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 5836c1f3f..46e80de21 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -34,11 +34,22 @@ #define polarssl_printf printf #endif -#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_ENTROPY_C) && \ - defined(POLARSSL_SSL_TLS_C) && defined(POLARSSL_SSL_CLI_C) && \ - defined(POLARSSL_NET_C) && defined(POLARSSL_RSA_C) && \ - defined(POLARSSL_X509_CRT_PARSE_C) && defined(POLARSSL_FS_IO) && \ - defined(POLARSSL_CTR_DRBG_C) +#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \ + !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \ + !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \ + !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_FS_IO) || \ + !defined(POLARSSL_CTR_DRBG_C) +int main( void ) +{ + polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or " + "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or " + "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " + "POLARSSL_X509_CRT_PARSE_C and/or POLARSSL_FS_IO and/or " + "POLARSSL_CTR_DRBG_C not defined.\n"); + return( 0 ); +} +#else + #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" #include "mbedtls/net.h" @@ -48,7 +59,6 @@ #include #include #include -#endif #define MODE_NONE 0 #define MODE_FILE 1 @@ -84,21 +94,6 @@ " permissive=%%d default: 0 (disabled)\n" \ "\n" -#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \ - !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \ - !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \ - !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_FS_IO) || \ - !defined(POLARSSL_CTR_DRBG_C) -int main( void ) -{ - polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or " - "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or " - "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " - "POLARSSL_X509_CRT_PARSE_C and/or POLARSSL_FS_IO and/or " - "POLARSSL_CTR_DRBG_C not defined.\n"); - return( 0 ); -} -#else /* * global options */ diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index e78f87cec..d1bc9767d 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -33,9 +33,19 @@ #define polarssl_printf printf #endif -#if defined(POLARSSL_X509_CSR_WRITE_C) && defined(POLARSSL_FS_IO) && \ - defined(POLARSSL_PK_PARSE_C) && \ - defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_CTR_DRBG_C) +#if !defined(POLARSSL_X509_CSR_WRITE_C) || !defined(POLARSSL_FS_IO) || \ + !defined(POLARSSL_PK_PARSE_C) || !defined(POLARSSL_SHA256_C) || \ + !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_CTR_DRBG_C) +int main( void ) +{ + polarssl_printf( "POLARSSL_X509_CSR_WRITE_C and/or POLARSSL_FS_IO and/or " + "POLARSSL_PK_PARSE_C and/or POLARSSL_SHA256_c and/or " + "POLARSSL_ENTROPY_C and/or POLARSSL_CTR_DRBG_C " + "not defined.\n"); + return( 0 ); +} +#else + #include "mbedtls/x509_csr.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" @@ -44,7 +54,6 @@ #include #include #include -#endif #define DFL_FILENAME "keyfile.key" #define DFL_DEBUG_LEVEL 0 @@ -80,18 +89,6 @@ " object_signing_ca\n" \ "\n" -#if !defined(POLARSSL_X509_CSR_WRITE_C) || !defined(POLARSSL_FS_IO) || \ - !defined(POLARSSL_PK_PARSE_C) || \ - !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_CTR_DRBG_C) -int main( void ) -{ - polarssl_printf( "POLARSSL_X509_CSR_WRITE_C and/or POLARSSL_FS_IO and/or " - "POLARSSL_PK_PARSE_C and/or " - "POLARSSL_ENTROPY_C and/or POLARSSL_CTR_DRBG_C " - "not defined.\n"); - return( 0 ); -} -#else /* * global options */ diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 8436b92e5..dcd96a385 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -33,10 +33,20 @@ #define polarssl_printf printf #endif -#if defined(POLARSSL_X509_CRT_WRITE_C) && \ - defined(POLARSSL_X509_CRT_PARSE_C) && defined(POLARSSL_FS_IO) && \ - defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_CTR_DRBG_C) && \ - defined(POLARSSL_ERROR_C) +#if !defined(POLARSSL_X509_CRT_WRITE_C) || \ + !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_FS_IO) || \ + !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_CTR_DRBG_C) || \ + !defined(POLARSSL_ERROR_C) || !defined(POLARSSL_SHA256_C) +int main( void ) +{ + polarssl_printf( "POLARSSL_X509_CRT_WRITE_C and/or POLARSSL_X509_CRT_PARSE_C and/or " + "POLARSSL_FS_IO and/or POLARSSL_SHA256_C and_or " + "POLARSSL_ENTROPY_C and/or POLARSSL_CTR_DRBG_C and/or " + "POLARSSL_ERROR_C not defined.\n"); + return( 0 ); +} +#else + #include "mbedtls/x509_crt.h" #include "mbedtls/x509_csr.h" #include "mbedtls/entropy.h" @@ -46,7 +56,6 @@ #include #include #include -#endif #if defined(POLARSSL_X509_CSR_PARSE_C) #define USAGE_CSR \ @@ -120,19 +129,6 @@ " object_signing_ca\n" \ "\n" -#if !defined(POLARSSL_X509_CRT_WRITE_C) || \ - !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_FS_IO) || \ - !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_CTR_DRBG_C) || \ - !defined(POLARSSL_ERROR_C) -int main( void ) -{ - polarssl_printf( "POLARSSL_X509_CRT_WRITE_C and/or POLARSSL_X509_CRT_PARSE_C and/or " - "POLARSSL_FS_IO and/or " - "POLARSSL_ENTROPY_C and/or POLARSSL_CTR_DRBG_C and/or " - "POLARSSL_ERROR_C not defined.\n"); - return( 0 ); -} -#else /* * global options */ diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index 64eeb8338..b115019fa 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -33,14 +33,21 @@ #define polarssl_printf printf #endif -#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_RSA_C) && \ - defined(POLARSSL_X509_CRL_PARSE_C) && defined(POLARSSL_FS_IO) +#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \ + !defined(POLARSSL_X509_CRL_PARSE_C) || !defined(POLARSSL_FS_IO) +int main( void ) +{ + polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or " + "POLARSSL_X509_CRL_PARSE_C and/or POLARSSL_FS_IO not defined.\n"); + return( 0 ); +} +#else + #include "mbedtls/x509_crl.h" #include #include #include -#endif #define DFL_FILENAME "crl.pem" #define DFL_DEBUG_LEVEL 0 @@ -51,15 +58,6 @@ " filename=%%s default: crl.pem\n" \ "\n" -#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \ - !defined(POLARSSL_X509_CRL_PARSE_C) || !defined(POLARSSL_FS_IO) -int main( void ) -{ - polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or " - "POLARSSL_X509_CRL_PARSE_C and/or POLARSSL_FS_IO not defined.\n"); - return( 0 ); -} -#else /* * global options */ diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index 644b8efed..aa9131ddb 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -33,14 +33,21 @@ #define polarssl_printf printf #endif -#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_RSA_C) && \ - defined(POLARSSL_X509_CSR_PARSE_C) && defined(POLARSSL_FS_IO) +#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \ + !defined(POLARSSL_X509_CSR_PARSE_C) || !defined(POLARSSL_FS_IO) +int main( void ) +{ + polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or " + "POLARSSL_X509_CSR_PARSE_C and/or POLARSSL_FS_IO not defined.\n"); + return( 0 ); +} +#else + #include "mbedtls/x509_csr.h" #include #include #include -#endif #define DFL_FILENAME "cert.req" #define DFL_DEBUG_LEVEL 0 @@ -51,15 +58,6 @@ " filename=%%s default: cert.req\n" \ "\n" -#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \ - !defined(POLARSSL_X509_CSR_PARSE_C) || !defined(POLARSSL_FS_IO) -int main( void ) -{ - polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or " - "POLARSSL_X509_CSR_PARSE_C and/or POLARSSL_FS_IO not defined.\n"); - return( 0 ); -} -#else /* * global options */ diff --git a/tests/data_files/bitstring-in-dn.pem b/tests/data_files/bitstring-in-dn.pem new file mode 100644 index 000000000..1a98aa3ac --- /dev/null +++ b/tests/data_files/bitstring-in-dn.pem @@ -0,0 +1,51 @@ +-----BEGIN CERTIFICATE----- +MIIEATCCAumgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBxMRMwEQYDVQQDDApUZXN0 +IENBIDAxMREwDwYDVQQIDAhFY25pdm9ycDELMAkGA1UEBhMCWFgxHjAcBgkqhkiG +9w0BCQEWD3RjYUBleGFtcGxlLmNvbTEaMBgGA1UECgwRVGVzdCBDQSBBdXRob3Jp +dHkwHhcNMTUwMzExMTIwNjUxWhcNMjUwMzA4MTIwNjUxWjCBmzELMAkGA1UEBhMC +WFgxDDAKBgNVBAoMA3RjYTERMA8GA1UECAwIRWNuaXZvcnAxDDAKBgNVBAsMA1RD +QTEPMA0GA1UEAwwGQ2xpZW50MSEwHwYJKoZIhvcNAQkBFhJjbGllbnRAZXhhbXBs +ZS5jb20xEzARBgNVBAUTCjcxMDEwMTIyNTUxFDASBgNVBC0DCwA3MTAxMDEyMjU1 +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQS0JLb8Dqy8V2mszkWk +V8c/NPQcG3ivueXZHqOT9JTiPqrigGcLHtlmlaJ0aUUxix7q60aOds041TFyeknT +SUFYY4ppOhiP+fOpWKPv4ZMwhSI2XzcgYhQSNHV0lIG1we9RAAfumomDMq7oMJhb +EGf0ihibbwZXPUwBlm10GaB4K93PNY8Bz4ekBxzQ1WJkQ5LGsQnVZSuLnvp5dWSe +J2axxyY4hPXR30jzEyZvy4kv4nzAu5lqZ5XKLrRO4TKwZrtr+CCPVkPJRE36rWYt +tQaJEEpNOo0ZPpTtG6F8/tGh5r8jFx/f6wG+nyANJJ98kEP8i6TPjRrg+697mLcd +iQIDAQABo3kwdzAJBgNVHRMEAjAAMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9j +cmwuZXhhbXBsZS5jb20vdGVzdF9jYV8wMS5jcmwwEwYDVR0lBAwwCgYIKwYBBQUH +AwIwHQYDVR0RBBYwFIESY2xpZW50QGV4YW1wbGUuY29tMA0GCSqGSIb3DQEBBQUA +A4IBAQBySELCnU8/PtGIG3dwhJENOSU5R7w8jpRXxHCuSBR+W6nuUCISz+z+EdF/ +A7AOJDASuS+4gkrSSmQhGFpf7E5VbF8trVZhLAZrXqKMcUreKH6v0I8MAUXmIs3G +tqiBGf7pSYJN9DvVOOgANjdy6THuUzYv5qSvBZ4pNYEfHSlMNrV7niynd8dgPOML +pA7GUfv5k2mMkMbSD15pTMgcavrBKYgyqcvF1C3qghfoL5+i38H8sKzF8hy7wHtE +ESHtBq20RYA3m0UcA0e64GcanO2Ps/AQVBc7qMeHbqnqj3uUhtTkQcMUWnMgy1NR +5RbzoLMOxq7hoOCyIaQeM/wgxeGE +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAnQS0JLb8Dqy8V2mszkWkV8c/NPQcG3ivueXZHqOT9JTiPqri +gGcLHtlmlaJ0aUUxix7q60aOds041TFyeknTSUFYY4ppOhiP+fOpWKPv4ZMwhSI2 +XzcgYhQSNHV0lIG1we9RAAfumomDMq7oMJhbEGf0ihibbwZXPUwBlm10GaB4K93P +NY8Bz4ekBxzQ1WJkQ5LGsQnVZSuLnvp5dWSeJ2axxyY4hPXR30jzEyZvy4kv4nzA +u5lqZ5XKLrRO4TKwZrtr+CCPVkPJRE36rWYttQaJEEpNOo0ZPpTtG6F8/tGh5r8j +Fx/f6wG+nyANJJ98kEP8i6TPjRrg+697mLcdiQIDAQABAoIBAF7i3MnjGmbz080v +OxJb23iAG54wdlvTjr3UPGTbjSmcXyxnsADQRFQcJHYAekCzY8EiqewL80OvuMx8 +2SU1P81hA70Dg5tsBHWT3Z6HUwsKG6QYjKr1cUhTwLyazhyAVgogSN6v7GzO9M3I +DOBw8Xb0mz5oqGVre4S7TapN8n8ZG5oWm0XKGACXy0KbzY0KvWdkUzumFQ8X/ARE +FsWyu+O69EbMqZRUKu45SrcubsdVGjOwseZHkmp5V6pc6Q/OrTHZqXJtDva5UIRq ++Lof5scy9jiwwRnM/klvh23mz0ySU4YA3645m5KqyWR4YJCR1MnMANmXUSeYWfYz +19+R1gECgYEAzm83lI7eIhTH38H0/jFpf3R7vNjPX3TR5waa4EXsCxhTOpoL89mR +iNmzH0aOC4OR8rz/9PCnwmtH1lyQ4r/RokBmCp3pBxeWSlenFfV3rLCeEDo0Q/OL +SX5DL4IbZD0VmNDt606WS7AEv93GhpN03Anw6kgHQUm1l030PR9DYZECgYEAwrgO +/RyB/Ehw7smlysZb2sn1lvd6z8fg+pcu8ZNRKODaYCCOb8p1lnHrnIQdEmjhlmVp +HAEuJ5jxCb+lyruV+dlx+0W/p6lHtKr0iBHG8EFkHnjN6Y+59Qu0HfSm0pZw7Ftr +QcUDPuDJkTVUAvrZqciWlwzTWCC9KYXtasT+AHkCgYEAnP80dAUbpyvKvr/RxShr +JYW/PWZegChmIp+BViOXWvDLC3xwrqm+5yc59QVBrjwH2WYn+26zB0dzwPFxNyHP +GuiDMnvZ54zmve9foXGn7Gv+KjU53pvwSJqAGjeHAXr7W9c5uoVwBGv/kLPn8h1e ++KGO2X6iFeMq+cFNiNan9iECgYBj+oGnsKWFVeS2ls8LyMGNGzmAZF2opiZ8RHgU +DeIULS+zP8Qi3j92GdQyLxuGQlfiEvvfJzP9nOfWa5LC/4JIIUAHFo8LlT1+JHEe +FJKi9dBkXP7NN8DxcyruXpnxctFUarQttuytslmMt2cFiKuOI7I+qJUzoMu/sEZx +FeidcQKBgQCuralmtbl4nxjn3aR/ZgFTAKCL9WaJPh5hFJ9q4UuWxJdBX5z3Ey3/ +70ehLKYPumjmZtXynzz4BTWj1W9X+tgj/499uzV6LdQERGjT6WVy8xR9RELWW0an +N9N1IAc4qTSjbI4EIMwMBSAoFfCux/jfDkG4g+RDnpV92sqxz2CtKg== +-----END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index a65ac2bad..491f14ed6 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -110,6 +110,10 @@ X509 Certificate information EC signed by RSA depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED x509_cert_info:"data_files/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\nbasic constraints \: CA=false\n" +X509 Certificate information Bitstring in subject name +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C +x509_cert_info:"data_files/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \: \next key usage \: TLS Web Client Authentication\n" + X509 certificate v1 with extension depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C:POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nsubject alt name \: identity-check.org, www.identity-check.org\n"