mbedtls

mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-01 09:07:05 +00:00

History

Manuel Pégourié-Gonnard 179c227203 Fix CA encoding issue with gnutls-cli In the 2.7 branch, test-ca.crt has all the components of its Subject name encoded as PrintableString, because it's generated with our cert_write program, and our code writes all components that way until Mbed TLS 2.14. But the default RSA SHA-256 certificate, server2-sha256.crt, has the O and CN components of its Issuer name encoded as UTF8String, because it was generated with OpenSSL and that's what OpenSSL does, regardless of how those components were encoded in the CA's Subject name. This triggers some overly strict behaviour in some libraries, most notably NSS and GnuTLS (of interest to us in ssl-opt.sh) which won't recognize the trusted root as a possible parent for the presented certificate, see for example: https://github.com/ARMmbed/mbedtls/issues/1033 Fortunately, we have at our disposal a version of test-ca.crt with encodings matching the ones in server2-sha256.crt, in the file test-ca_utf8.crt. So let's append that to gnutls-cli's list of trusted roots, so that it recognizes certs signed by this CA but with the O and CN components as UTF8String. Note: Since https://github.com/ARMmbed/mbedtls/pull/1641 was merged (in Mbed TLS 2.14), we changed how we encode those components, so in the 2.16 branch, cert_write generates test-ca.crt with encodings that matches the ones used by openssl when generating server2-sha256.crt, so the issue of gnutls-cli rejecting server2-sha256.crt is specific to the 2.7 branch.		2020-02-03 15:55:43 +01:00
..
dir-maxpath
dir1
dir2
dir3
dir4
.gitignore
bitstring-in-dn.pem
cert_example_multi.crt
cert_example_multi_nocn.crt
cert_example_wildcard.crt
cert_md2.crt
cert_md4.crt
cert_md5.crt
cert_sha1.crt
cert_sha224.crt
cert_sha256.crt
cert_sha384.crt
cert_sha512.crt
cert_v1_with_ext.crt
cli-rsa-sha1.crt
cli-rsa-sha256.crt
cli-rsa.key
cli.opensslconf
cli2.crt
cli2.key
crl-ec-sha1.pem
crl-ec-sha224.pem
crl-ec-sha256.pem
crl-ec-sha384.pem
crl-ec-sha512.pem
crl-future.pem
crl-idp.pem
crl-idpnc.pem
crl-malformed-trailing-spaces.pem
crl-rsa-pss-sha1-badsign.pem
crl-rsa-pss-sha1.pem
crl-rsa-pss-sha224.pem
crl-rsa-pss-sha256.pem
crl-rsa-pss-sha384.pem
crl-rsa-pss-sha512.pem
crl.pem
crl_cat_ec-rsa.pem
crl_cat_ecfut-rsa.pem
crl_cat_rsa-ec.pem
crl_cat_rsabadpem-ec.pem
crl_expired.pem
crl_md2.pem
crl_md4.pem
crl_md5.pem
crl_sha1.pem
crl_sha224.pem
crl_sha256.pem
crl_sha384.pem
crl_sha512.pem
crt_cat_rsaexp-ec.pem
dh.1000.pem
dh.optlen.pem
dhparams.pem
ec_224_prv.pem
ec_224_pub.pem
ec_256_long_prv.pem
ec_256_prv.pem
ec_256_pub.pem
ec_384_prv.pem
ec_384_pub.pem
ec_521_prv.pem
ec_521_pub.pem
ec_521_short_prv.pem
ec_bp256_prv.pem
ec_bp256_pub.pem
ec_bp384_prv.pem
ec_bp384_pub.pem
ec_bp512_prv.pem
ec_bp512_pub.pem
ec_prv.pk8.der
ec_prv.pk8.pem
ec_prv.pk8.pw.der
ec_prv.pk8.pw.pem
ec_prv.pk8nopub.der
ec_prv.pk8nopub.pem
ec_prv.pk8nopubparam.der
ec_prv.pk8nopubparam.pem
ec_prv.pk8param.der
ec_prv.pk8param.pem
ec_prv.sec1.der
ec_prv.sec1.pem
ec_prv.sec1.pw.pem
ec_prv.specdom.der
ec_pub.der
ec_pub.pem
enco-ca-prstr.pem
enco-cert-utf8str.pem
format_gen.key
format_gen.pub
format_pkcs12.fmt
format_rsa.key
hash_file_1
hash_file_2
hash_file_3
hash_file_4
hash_file_5
keyUsage.decipherOnly.crt
Makefile
mpi_10
mpi_too_big
passwd.psk
print_c.pl
Readme-x509.txt
rsa512.key
rsa521.key
rsa522.key
rsa528.key
rsa4096_prv.pem
rsa4096_pub.pem
rsa_pkcs1_1024_3des.pem
rsa_pkcs1_1024_aes128.pem
rsa_pkcs1_1024_aes192.pem
rsa_pkcs1_1024_aes256.pem
rsa_pkcs1_1024_clear.pem
rsa_pkcs1_1024_des.pem
rsa_pkcs1_2048_3des.pem
rsa_pkcs1_2048_aes128.pem
rsa_pkcs1_2048_aes192.pem
rsa_pkcs1_2048_aes256.pem
rsa_pkcs1_2048_clear.pem
rsa_pkcs1_2048_des.pem
rsa_pkcs1_4096_3des.pem
rsa_pkcs1_4096_aes128.pem
rsa_pkcs1_4096_aes192.pem
rsa_pkcs1_4096_aes256.pem
rsa_pkcs1_4096_clear.pem
rsa_pkcs1_4096_des.pem
rsa_pkcs8_pbe_sha1_1024_2des.der
rsa_pkcs8_pbe_sha1_1024_2des.pem
rsa_pkcs8_pbe_sha1_1024_3des.der
rsa_pkcs8_pbe_sha1_1024_3des.pem
rsa_pkcs8_pbe_sha1_1024_rc4_128.der
rsa_pkcs8_pbe_sha1_1024_rc4_128.pem
rsa_pkcs8_pbe_sha1_2048_2des.der
rsa_pkcs8_pbe_sha1_2048_2des.pem
rsa_pkcs8_pbe_sha1_2048_3des.der
rsa_pkcs8_pbe_sha1_2048_3des.pem
rsa_pkcs8_pbe_sha1_2048_rc4_128.der
rsa_pkcs8_pbe_sha1_2048_rc4_128.pem
rsa_pkcs8_pbe_sha1_4096_2des.der
rsa_pkcs8_pbe_sha1_4096_2des.pem
rsa_pkcs8_pbe_sha1_4096_3des.der
rsa_pkcs8_pbe_sha1_4096_3des.pem
rsa_pkcs8_pbe_sha1_4096_rc4_128.der
rsa_pkcs8_pbe_sha1_4096_rc4_128.pem
rsa_pkcs8_pbes2_pbkdf2_1024_3des.der
rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem
rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der
rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem
rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der
rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem
rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der
rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem
rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der
rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem
rsa_pkcs8_pbes2_pbkdf2_1024_des.der
rsa_pkcs8_pbes2_pbkdf2_1024_des.pem
rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der
rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem
rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der
rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem
rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der
rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem
rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der
rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem
rsa_pkcs8_pbes2_pbkdf2_2048_3des.der
rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem
rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der
rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem
rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der
rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem
rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der
rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem
rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der
rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem
rsa_pkcs8_pbes2_pbkdf2_2048_des.der
rsa_pkcs8_pbes2_pbkdf2_2048_des.pem
rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der
rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem
rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der
rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem
rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der
rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem
rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der
rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem
rsa_pkcs8_pbes2_pbkdf2_4096_3des.der
rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem
rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der
rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem
rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der
rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem
rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der
rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem
rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der
rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem
rsa_pkcs8_pbes2_pbkdf2_4096_des.der
rsa_pkcs8_pbes2_pbkdf2_4096_des.pem
rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der
rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem
rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der
rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem
rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der
rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem
rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der
rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem
secp521r1_prv.der
server1-ms.req.sha256
server1-nospace.crt
server1-v1.crt
server1.cert_type.crt
server1.cert_type.crt.openssl.v3_ext
server1.cert_type_noauthid.crt
server1.crt
server1.crt.openssl.v3_ext
server1.csr
server1.ext_ku.crt
server1.key
server1.key_usage.crt
server1.key_usage.crt.openssl.v3_ext
server1.key_usage_noauthid.crt
server1.noauthid.crt
server1.pubkey
server1.req.cert_type
server1.req.cert_type_empty
server1.req.key_usage
server1.req.key_usage_empty
server1.req.ku-ct
server1.req.md4
server1.req.md5
server1.req.sha1
server1.req.sha224
server1.req.sha256
server1.req.sha384
server1.req.sha512
server1.v1.crt
server1_ca.crt
server1_csr.opensslconf
server2-badsign.crt
server2-sha256.crt
server2-v1-chain.crt
server2-v1.crt
server2.crt
server2.key
server2.ku-ds.crt
server2.ku-ds_ke.crt
server2.ku-ka.crt
server2.ku-ke.crt
server3.crt
server3.key
server4.crt
server4.key
server5-badsign.crt
server5-der0.crt
server5-der1a.crt
server5-der1b.crt
server5-der2.crt
server5-der4.crt
server5-der8.crt
server5-der9.crt
server5-expired.crt
server5-future.crt
server5-selfsigned.crt
server5-sha1.crt
server5-sha224.crt
server5-sha384.crt
server5-sha512.crt
server5-ss-expired.crt
server5-ss-forgeca.crt
server5.crt
server5.eku-cli.crt
server5.eku-cs.crt
server5.eku-cs_any.crt
server5.eku-srv.crt
server5.eku-srv_cli.crt
server5.key
server5.ku-ds.crt
server5.ku-ka.crt
server5.ku-ke.crt
server5.req.ku.sha1
server5.req.sha1
server5.req.sha224
server5.req.sha256
server5.req.sha384
server5.req.sha512
server6-ss-child.crt
server6.crt
server6.key
server7-badsign.crt
server7-expired.crt
server7-future.crt
server7.crt
server7.key
server7_all_space.crt
server7_int-ca-exp.crt
server7_int-ca.crt
server7_int-ca_ca2.crt
server7_pem_space.crt
server7_spurious_int-ca.crt
server7_trailing_space.crt
server8.crt
server8.key
server8_int-ca2.crt
server9-bad-mgfhash.crt
server9-bad-saltlen.crt
server9-badsign.crt
server9-defaults.crt
server9-sha224.crt
server9-sha256.crt
server9-sha384.crt
server9-sha512.crt
server9-with-ca.crt
server9.crt
server9.key
server9.req.sha1
server9.req.sha224
server9.req.sha256
server9.req.sha384
server9.req.sha512
server10.key
server10_int3_int-ca2.crt
server10_int3_int-ca2_ca.crt
server10_int3_spurious_int-ca2.crt
test-ca-alt-good.crt
test-ca-alt.crt
test-ca-alt.csr
test-ca-alt.key
test-ca-good-alt.crt
test-ca-sha1.crt
test-ca-sha256.crt
test-ca-v1.crt
test-ca.crt
test-ca.key
test-ca.opensslconf
test-ca.server1.db
test-ca.server1.opensslconf
test-ca2-expired.crt
test-ca2.crt
test-ca2.key
test-ca2.ku-crl.crt
test-ca2.ku-crt.crt
test-ca2.ku-crt_crl.crt
test-ca2.ku-ds.crt
test-ca2_cat-future-invalid.crt
test-ca2_cat-future-present.crt
test-ca2_cat-past-invalid.crt
test-ca2_cat-past-present.crt
test-ca2_cat-present-future.crt
test-ca2_cat-present-past.crt
test-ca_cat12.crt
test-ca_cat12u.crt
test-ca_cat21.crt
test-ca_printable.crt
test-ca_uppercase.crt
test-ca_utf8.crt
test-int-ca-exp.crt
test-int-ca.crt
test-int-ca.key
test-int-ca2.crt
test-int-ca2.key
test-int-ca3.crt
test-int-ca3.key