From 0a1795aef409e3fa9a028e599d607774075e856d Mon Sep 17 00:00:00 2001 From: Jon Gentle Date: Wed, 25 Jan 2023 00:19:53 -0500 Subject: [PATCH 1/5] Add Net::SSLeay to the Perl core --- AUTHORS | 1 + MANIFEST | 196 + Makefile.SH | 24 +- Porting/Maintainers.pl | 19 + cpan/Net-SSLeay/Makefile.PL | 486 + cpan/Net-SSLeay/SSLeay.xs | 7949 ++++++++++++ cpan/Net-SSLeay/constants.c | 7454 +++++++++++ cpan/Net-SSLeay/helper_script/constants.txt | 618 + .../helper_script/generate-test-pki | 2092 ++++ cpan/Net-SSLeay/helper_script/pki.cfg | 412 + .../helper_script/update-exported-constants | 808 ++ cpan/Net-SSLeay/inc/Test/Net/SSLeay.pm | 867 ++ cpan/Net-SSLeay/inc/Test/Net/SSLeay/Socket.pm | 326 + cpan/Net-SSLeay/lib/Net/SSLeay.pm | 1905 +++ cpan/Net-SSLeay/lib/Net/SSLeay.pod | 10434 ++++++++++++++++ cpan/Net-SSLeay/lib/Net/SSLeay/Handle.pm | 409 + cpan/Net-SSLeay/t/data/binary-test.file | Bin 0 -> 5000 bytes cpan/Net-SSLeay/t/data/extended-cert.cert.der | Bin 0 -> 1913 bytes .../Net-SSLeay/t/data/extended-cert.cert.dump | 350 + cpan/Net-SSLeay/t/data/extended-cert.cert.pem | 42 + .../t/data/extended-cert.certchain.der | Bin 0 -> 3615 bytes .../t/data/extended-cert.certchain.enc.p12 | Bin 0 -> 5517 bytes .../t/data/extended-cert.certchain.p12 | Bin 0 -> 5418 bytes .../t/data/extended-cert.certchain.pem | 82 + cpan/Net-SSLeay/t/data/extended-cert.csr.der | Bin 0 -> 877 bytes cpan/Net-SSLeay/t/data/extended-cert.csr.pem | 21 + cpan/Net-SSLeay/t/data/extended-cert.enc.p12 | Bin 0 -> 3731 bytes cpan/Net-SSLeay/t/data/extended-cert.key.der | Bin 0 -> 1218 bytes .../t/data/extended-cert.key.enc.der | Bin 0 -> 1218 bytes .../t/data/extended-cert.key.enc.pem | 30 + cpan/Net-SSLeay/t/data/extended-cert.key.pem | 27 + cpan/Net-SSLeay/t/data/extended-cert.p12 | Bin 0 -> 3638 bytes .../t/data/intermediate-ca.cert.der | Bin 0 -> 855 bytes .../t/data/intermediate-ca.cert.dump | 144 + .../t/data/intermediate-ca.cert.pem | 20 + .../t/data/intermediate-ca.certchain.der | Bin 0 -> 1702 bytes .../t/data/intermediate-ca.certchain.enc.p12 | Bin 0 -> 3561 bytes .../t/data/intermediate-ca.certchain.p12 | Bin 0 -> 3466 bytes .../t/data/intermediate-ca.certchain.pem | 40 + .../Net-SSLeay/t/data/intermediate-ca.crl.der | Bin 0 -> 462 bytes .../Net-SSLeay/t/data/intermediate-ca.crl.pem | 12 + .../Net-SSLeay/t/data/intermediate-ca.csr.der | Bin 0 -> 664 bytes .../Net-SSLeay/t/data/intermediate-ca.csr.pem | 16 + .../Net-SSLeay/t/data/intermediate-ca.enc.p12 | Bin 0 -> 2687 bytes .../Net-SSLeay/t/data/intermediate-ca.key.der | Bin 0 -> 1216 bytes .../t/data/intermediate-ca.key.enc.der | Bin 0 -> 1216 bytes .../t/data/intermediate-ca.key.enc.pem | 30 + .../Net-SSLeay/t/data/intermediate-ca.key.pem | 27 + cpan/Net-SSLeay/t/data/intermediate-ca.p12 | Bin 0 -> 2586 bytes cpan/Net-SSLeay/t/data/revoked-cert.cert.der | Bin 0 -> 893 bytes cpan/Net-SSLeay/t/data/revoked-cert.cert.dump | 152 + cpan/Net-SSLeay/t/data/revoked-cert.cert.pem | 21 + .../t/data/revoked-cert.certchain.der | Bin 0 -> 2595 bytes .../t/data/revoked-cert.certchain.enc.p12 | Bin 0 -> 4491 bytes .../t/data/revoked-cert.certchain.p12 | Bin 0 -> 4394 bytes .../t/data/revoked-cert.certchain.pem | 61 + cpan/Net-SSLeay/t/data/revoked-cert.csr.der | Bin 0 -> 680 bytes cpan/Net-SSLeay/t/data/revoked-cert.csr.pem | 17 + cpan/Net-SSLeay/t/data/revoked-cert.enc.p12 | Bin 0 -> 2713 bytes cpan/Net-SSLeay/t/data/revoked-cert.key.der | Bin 0 -> 1218 bytes .../t/data/revoked-cert.key.enc.der | Bin 0 -> 1218 bytes .../t/data/revoked-cert.key.enc.pem | 30 + cpan/Net-SSLeay/t/data/revoked-cert.key.pem | 27 + cpan/Net-SSLeay/t/data/revoked-cert.p12 | Bin 0 -> 2614 bytes cpan/Net-SSLeay/t/data/root-ca.cert.der | Bin 0 -> 847 bytes cpan/Net-SSLeay/t/data/root-ca.cert.dump | 144 + cpan/Net-SSLeay/t/data/root-ca.cert.pem | 20 + cpan/Net-SSLeay/t/data/root-ca.certchain.der | Bin 0 -> 847 bytes .../t/data/root-ca.certchain.enc.p12 | Bin 0 -> 2633 bytes cpan/Net-SSLeay/t/data/root-ca.certchain.p12 | Bin 0 -> 2537 bytes cpan/Net-SSLeay/t/data/root-ca.certchain.pem | 20 + cpan/Net-SSLeay/t/data/root-ca.csr.der | Bin 0 -> 656 bytes cpan/Net-SSLeay/t/data/root-ca.csr.pem | 16 + cpan/Net-SSLeay/t/data/root-ca.enc.p12 | Bin 0 -> 2647 bytes cpan/Net-SSLeay/t/data/root-ca.key.der | Bin 0 -> 1219 bytes cpan/Net-SSLeay/t/data/root-ca.key.enc.der | Bin 0 -> 1219 bytes cpan/Net-SSLeay/t/data/root-ca.key.enc.pem | 30 + cpan/Net-SSLeay/t/data/root-ca.key.pem | 27 + cpan/Net-SSLeay/t/data/root-ca.p12 | Bin 0 -> 2549 bytes cpan/Net-SSLeay/t/data/simple-cert.cert.der | Bin 0 -> 892 bytes cpan/Net-SSLeay/t/data/simple-cert.cert.dump | 152 + cpan/Net-SSLeay/t/data/simple-cert.cert.pem | 21 + .../t/data/simple-cert.certchain.der | Bin 0 -> 2594 bytes .../t/data/simple-cert.certchain.enc.p12 | Bin 0 -> 4489 bytes .../t/data/simple-cert.certchain.p12 | Bin 0 -> 4389 bytes .../t/data/simple-cert.certchain.pem | 61 + cpan/Net-SSLeay/t/data/simple-cert.csr.der | Bin 0 -> 679 bytes cpan/Net-SSLeay/t/data/simple-cert.csr.pem | 17 + cpan/Net-SSLeay/t/data/simple-cert.enc.p12 | Bin 0 -> 2703 bytes cpan/Net-SSLeay/t/data/simple-cert.key.der | Bin 0 -> 1218 bytes .../Net-SSLeay/t/data/simple-cert.key.enc.der | Bin 0 -> 1218 bytes .../Net-SSLeay/t/data/simple-cert.key.enc.pem | 30 + cpan/Net-SSLeay/t/data/simple-cert.key.pem | 27 + cpan/Net-SSLeay/t/data/simple-cert.p12 | Bin 0 -> 2609 bytes cpan/Net-SSLeay/t/data/strange-cert.cert.der | Bin 0 -> 985 bytes cpan/Net-SSLeay/t/data/strange-cert.cert.dump | 160 + cpan/Net-SSLeay/t/data/strange-cert.cert.pem | 23 + .../t/data/strange-cert.certchain.der | Bin 0 -> 2687 bytes .../t/data/strange-cert.certchain.enc.p12 | Bin 0 -> 4579 bytes .../t/data/strange-cert.certchain.p12 | Bin 0 -> 4485 bytes .../t/data/strange-cert.certchain.pem | 63 + cpan/Net-SSLeay/t/data/strange-cert.csr.der | Bin 0 -> 772 bytes cpan/Net-SSLeay/t/data/strange-cert.csr.pem | 19 + cpan/Net-SSLeay/t/data/strange-cert.enc.p12 | Bin 0 -> 2801 bytes cpan/Net-SSLeay/t/data/strange-cert.key.der | Bin 0 -> 1217 bytes .../t/data/strange-cert.key.enc.der | Bin 0 -> 1217 bytes .../t/data/strange-cert.key.enc.pem | 30 + cpan/Net-SSLeay/t/data/strange-cert.key.pem | 27 + cpan/Net-SSLeay/t/data/strange-cert.p12 | Bin 0 -> 2705 bytes cpan/Net-SSLeay/t/data/verify-ca.cert.der | Bin 0 -> 874 bytes cpan/Net-SSLeay/t/data/verify-ca.cert.dump | 152 + cpan/Net-SSLeay/t/data/verify-ca.cert.pem | 21 + .../Net-SSLeay/t/data/verify-ca.certchain.der | Bin 0 -> 1721 bytes .../t/data/verify-ca.certchain.enc.p12 | Bin 0 -> 3557 bytes .../Net-SSLeay/t/data/verify-ca.certchain.p12 | Bin 0 -> 3462 bytes .../Net-SSLeay/t/data/verify-ca.certchain.pem | 41 + cpan/Net-SSLeay/t/data/verify-ca.csr.der | Bin 0 -> 664 bytes cpan/Net-SSLeay/t/data/verify-ca.csr.pem | 16 + cpan/Net-SSLeay/t/data/verify-ca.enc.p12 | Bin 0 -> 2683 bytes cpan/Net-SSLeay/t/data/verify-ca.key.der | Bin 0 -> 1217 bytes cpan/Net-SSLeay/t/data/verify-ca.key.enc.der | Bin 0 -> 1217 bytes cpan/Net-SSLeay/t/data/verify-ca.key.enc.pem | 30 + cpan/Net-SSLeay/t/data/verify-ca.key.pem | 27 + cpan/Net-SSLeay/t/data/verify-ca.p12 | Bin 0 -> 2582 bytes cpan/Net-SSLeay/t/data/verify-cert.cert.der | Bin 0 -> 1032 bytes cpan/Net-SSLeay/t/data/verify-cert.cert.dump | 183 + cpan/Net-SSLeay/t/data/verify-cert.cert.pem | 24 + .../t/data/verify-cert.certchain.der | Bin 0 -> 2753 bytes .../t/data/verify-cert.certchain.enc.p12 | Bin 0 -> 4641 bytes .../t/data/verify-cert.certchain.p12 | Bin 0 -> 4547 bytes .../t/data/verify-cert.certchain.pem | 65 + cpan/Net-SSLeay/t/data/verify-cert.csr.der | Bin 0 -> 722 bytes cpan/Net-SSLeay/t/data/verify-cert.csr.pem | 18 + cpan/Net-SSLeay/t/data/verify-cert.enc.p12 | Bin 0 -> 2847 bytes cpan/Net-SSLeay/t/data/verify-cert.key.der | Bin 0 -> 1217 bytes .../Net-SSLeay/t/data/verify-cert.key.enc.der | Bin 0 -> 1217 bytes .../Net-SSLeay/t/data/verify-cert.key.enc.pem | 30 + cpan/Net-SSLeay/t/data/verify-cert.key.pem | 27 + cpan/Net-SSLeay/t/data/verify-cert.p12 | Bin 0 -> 2748 bytes cpan/Net-SSLeay/t/data/wildcard-cert.cert.der | Bin 0 -> 915 bytes .../Net-SSLeay/t/data/wildcard-cert.cert.dump | 160 + cpan/Net-SSLeay/t/data/wildcard-cert.cert.pem | 22 + .../t/data/wildcard-cert.certchain.der | Bin 0 -> 2617 bytes .../t/data/wildcard-cert.certchain.enc.p12 | Bin 0 -> 4517 bytes .../t/data/wildcard-cert.certchain.p12 | Bin 0 -> 4419 bytes .../t/data/wildcard-cert.certchain.pem | 62 + cpan/Net-SSLeay/t/data/wildcard-cert.csr.der | Bin 0 -> 669 bytes cpan/Net-SSLeay/t/data/wildcard-cert.csr.pem | 16 + cpan/Net-SSLeay/t/data/wildcard-cert.enc.p12 | Bin 0 -> 2739 bytes cpan/Net-SSLeay/t/data/wildcard-cert.key.der | Bin 0 -> 1217 bytes .../t/data/wildcard-cert.key.enc.der | Bin 0 -> 1217 bytes .../t/data/wildcard-cert.key.enc.pem | 30 + cpan/Net-SSLeay/t/data/wildcard-cert.key.pem | 27 + cpan/Net-SSLeay/t/data/wildcard-cert.p12 | Bin 0 -> 2639 bytes cpan/Net-SSLeay/t/external/ocsp.t | 263 + .../Net-SSLeay/t/handle/external/10_destroy.t | 55 + .../t/handle/external/50_external.t | 78 + cpan/Net-SSLeay/t/handle/local/05_use.t | 9 + cpan/Net-SSLeay/t/local/03_use.t | 74 + cpan/Net-SSLeay/t/local/04_basic.t | 72 + cpan/Net-SSLeay/t/local/05_passwd_cb.t | 181 + cpan/Net-SSLeay/t/local/06_tcpecho.t | 55 + cpan/Net-SSLeay/t/local/07_sslecho.t | 349 + cpan/Net-SSLeay/t/local/08_pipe.t | 96 + cpan/Net-SSLeay/t/local/09_ctx_new.t | 183 + cpan/Net-SSLeay/t/local/10_rand.t | 147 + cpan/Net-SSLeay/t/local/11_read.t | 318 + cpan/Net-SSLeay/t/local/15_bio.t | 23 + cpan/Net-SSLeay/t/local/20_functions.t | 53 + cpan/Net-SSLeay/t/local/21_constants.t | 646 + cpan/Net-SSLeay/t/local/22_provider.t | 106 + .../Net-SSLeay/t/local/22_provider_try_load.t | 32 + .../local/22_provider_try_load_zero_retain.t | 32 + cpan/Net-SSLeay/t/local/30_error.t | 103 + cpan/Net-SSLeay/t/local/31_rsa_generate_key.t | 65 + .../t/local/32_x509_get_cert_info.t | 407 + cpan/Net-SSLeay/t/local/33_x509_create_cert.t | 331 + cpan/Net-SSLeay/t/local/34_x509_crl.t | 139 + cpan/Net-SSLeay/t/local/35_ephemeral.t | 16 + cpan/Net-SSLeay/t/local/36_verify.t | 372 + cpan/Net-SSLeay/t/local/37_asn1_time.t | 42 + cpan/Net-SSLeay/t/local/38_priv-key.t | 37 + cpan/Net-SSLeay/t/local/39_pkcs12.t | 74 + cpan/Net-SSLeay/t/local/40_npn_support.t | 96 + cpan/Net-SSLeay/t/local/41_alpn_support.t | 100 + cpan/Net-SSLeay/t/local/42_info_callback.t | 110 + cpan/Net-SSLeay/t/local/43_misc_functions.t | 368 + cpan/Net-SSLeay/t/local/44_sess.t | 369 + cpan/Net-SSLeay/t/local/45_exporter.t | 171 + cpan/Net-SSLeay/t/local/46_msg_callback.t | 114 + cpan/Net-SSLeay/t/local/47_keylog.t | 208 + cpan/Net-SSLeay/t/local/50_digest.t | 300 + cpan/Net-SSLeay/t/local/61_threads-cb-crash.t | 67 + .../t/local/62_threads-ctx_new-deadlock.t | 53 + .../t/local/63_ec_key_generate_key.t | 29 + cpan/Net-SSLeay/t/local/64_ticket_sharing.t | 303 + cpan/Net-SSLeay/t/local/65_security_level.t | 44 + cpan/Net-SSLeay/t/local/65_ticket_sharing_2.t | 217 + cpan/Net-SSLeay/t/local/66_curves.t | 197 + cpan/Net-SSLeay/typemap | 104 + lib/.gitignore | 3 + t/porting/customized.dat | 2 + win32/GNUmakefile | 1 + win32/Makefile | 1 + 204 files changed, 44191 insertions(+), 11 deletions(-) create mode 100644 cpan/Net-SSLeay/Makefile.PL create mode 100644 cpan/Net-SSLeay/SSLeay.xs create mode 100644 cpan/Net-SSLeay/constants.c create mode 100644 cpan/Net-SSLeay/helper_script/constants.txt create mode 100644 cpan/Net-SSLeay/helper_script/generate-test-pki create mode 100644 cpan/Net-SSLeay/helper_script/pki.cfg create mode 100644 cpan/Net-SSLeay/helper_script/update-exported-constants create mode 100644 cpan/Net-SSLeay/inc/Test/Net/SSLeay.pm create mode 100644 cpan/Net-SSLeay/inc/Test/Net/SSLeay/Socket.pm create mode 100644 cpan/Net-SSLeay/lib/Net/SSLeay.pm create mode 100644 cpan/Net-SSLeay/lib/Net/SSLeay.pod create mode 100644 cpan/Net-SSLeay/lib/Net/SSLeay/Handle.pm create mode 100644 cpan/Net-SSLeay/t/data/binary-test.file create mode 100644 cpan/Net-SSLeay/t/data/extended-cert.cert.der create mode 100644 cpan/Net-SSLeay/t/data/extended-cert.cert.dump create mode 100644 cpan/Net-SSLeay/t/data/extended-cert.cert.pem create mode 100644 cpan/Net-SSLeay/t/data/extended-cert.certchain.der create mode 100644 cpan/Net-SSLeay/t/data/extended-cert.certchain.enc.p12 create mode 100644 cpan/Net-SSLeay/t/data/extended-cert.certchain.p12 create mode 100644 cpan/Net-SSLeay/t/data/extended-cert.certchain.pem create mode 100644 cpan/Net-SSLeay/t/data/extended-cert.csr.der create mode 100644 cpan/Net-SSLeay/t/data/extended-cert.csr.pem create mode 100644 cpan/Net-SSLeay/t/data/extended-cert.enc.p12 create mode 100644 cpan/Net-SSLeay/t/data/extended-cert.key.der create mode 100644 cpan/Net-SSLeay/t/data/extended-cert.key.enc.der create mode 100644 cpan/Net-SSLeay/t/data/extended-cert.key.enc.pem create mode 100644 cpan/Net-SSLeay/t/data/extended-cert.key.pem create mode 100644 cpan/Net-SSLeay/t/data/extended-cert.p12 create mode 100644 cpan/Net-SSLeay/t/data/intermediate-ca.cert.der create mode 100644 cpan/Net-SSLeay/t/data/intermediate-ca.cert.dump create mode 100644 cpan/Net-SSLeay/t/data/intermediate-ca.cert.pem create mode 100644 cpan/Net-SSLeay/t/data/intermediate-ca.certchain.der create mode 100644 cpan/Net-SSLeay/t/data/intermediate-ca.certchain.enc.p12 create mode 100644 cpan/Net-SSLeay/t/data/intermediate-ca.certchain.p12 create mode 100644 cpan/Net-SSLeay/t/data/intermediate-ca.certchain.pem create mode 100644 cpan/Net-SSLeay/t/data/intermediate-ca.crl.der create mode 100644 cpan/Net-SSLeay/t/data/intermediate-ca.crl.pem create mode 100644 cpan/Net-SSLeay/t/data/intermediate-ca.csr.der create mode 100644 cpan/Net-SSLeay/t/data/intermediate-ca.csr.pem create mode 100644 cpan/Net-SSLeay/t/data/intermediate-ca.enc.p12 create mode 100644 cpan/Net-SSLeay/t/data/intermediate-ca.key.der create mode 100644 cpan/Net-SSLeay/t/data/intermediate-ca.key.enc.der create mode 100644 cpan/Net-SSLeay/t/data/intermediate-ca.key.enc.pem create mode 100644 cpan/Net-SSLeay/t/data/intermediate-ca.key.pem create mode 100644 cpan/Net-SSLeay/t/data/intermediate-ca.p12 create mode 100644 cpan/Net-SSLeay/t/data/revoked-cert.cert.der create mode 100644 cpan/Net-SSLeay/t/data/revoked-cert.cert.dump create mode 100644 cpan/Net-SSLeay/t/data/revoked-cert.cert.pem create mode 100644 cpan/Net-SSLeay/t/data/revoked-cert.certchain.der create mode 100644 cpan/Net-SSLeay/t/data/revoked-cert.certchain.enc.p12 create mode 100644 cpan/Net-SSLeay/t/data/revoked-cert.certchain.p12 create mode 100644 cpan/Net-SSLeay/t/data/revoked-cert.certchain.pem create mode 100644 cpan/Net-SSLeay/t/data/revoked-cert.csr.der create mode 100644 cpan/Net-SSLeay/t/data/revoked-cert.csr.pem create mode 100644 cpan/Net-SSLeay/t/data/revoked-cert.enc.p12 create mode 100644 cpan/Net-SSLeay/t/data/revoked-cert.key.der create mode 100644 cpan/Net-SSLeay/t/data/revoked-cert.key.enc.der create mode 100644 cpan/Net-SSLeay/t/data/revoked-cert.key.enc.pem create mode 100644 cpan/Net-SSLeay/t/data/revoked-cert.key.pem create mode 100644 cpan/Net-SSLeay/t/data/revoked-cert.p12 create mode 100644 cpan/Net-SSLeay/t/data/root-ca.cert.der create mode 100644 cpan/Net-SSLeay/t/data/root-ca.cert.dump create mode 100644 cpan/Net-SSLeay/t/data/root-ca.cert.pem create mode 100644 cpan/Net-SSLeay/t/data/root-ca.certchain.der create mode 100644 cpan/Net-SSLeay/t/data/root-ca.certchain.enc.p12 create mode 100644 cpan/Net-SSLeay/t/data/root-ca.certchain.p12 create mode 100644 cpan/Net-SSLeay/t/data/root-ca.certchain.pem create mode 100644 cpan/Net-SSLeay/t/data/root-ca.csr.der create mode 100644 cpan/Net-SSLeay/t/data/root-ca.csr.pem create mode 100644 cpan/Net-SSLeay/t/data/root-ca.enc.p12 create mode 100644 cpan/Net-SSLeay/t/data/root-ca.key.der create mode 100644 cpan/Net-SSLeay/t/data/root-ca.key.enc.der create mode 100644 cpan/Net-SSLeay/t/data/root-ca.key.enc.pem create mode 100644 cpan/Net-SSLeay/t/data/root-ca.key.pem create mode 100644 cpan/Net-SSLeay/t/data/root-ca.p12 create mode 100644 cpan/Net-SSLeay/t/data/simple-cert.cert.der create mode 100644 cpan/Net-SSLeay/t/data/simple-cert.cert.dump create mode 100644 cpan/Net-SSLeay/t/data/simple-cert.cert.pem create mode 100644 cpan/Net-SSLeay/t/data/simple-cert.certchain.der create mode 100644 cpan/Net-SSLeay/t/data/simple-cert.certchain.enc.p12 create mode 100644 cpan/Net-SSLeay/t/data/simple-cert.certchain.p12 create mode 100644 cpan/Net-SSLeay/t/data/simple-cert.certchain.pem create mode 100644 cpan/Net-SSLeay/t/data/simple-cert.csr.der create mode 100644 cpan/Net-SSLeay/t/data/simple-cert.csr.pem create mode 100644 cpan/Net-SSLeay/t/data/simple-cert.enc.p12 create mode 100644 cpan/Net-SSLeay/t/data/simple-cert.key.der create mode 100644 cpan/Net-SSLeay/t/data/simple-cert.key.enc.der create mode 100644 cpan/Net-SSLeay/t/data/simple-cert.key.enc.pem create mode 100644 cpan/Net-SSLeay/t/data/simple-cert.key.pem create mode 100644 cpan/Net-SSLeay/t/data/simple-cert.p12 create mode 100644 cpan/Net-SSLeay/t/data/strange-cert.cert.der create mode 100644 cpan/Net-SSLeay/t/data/strange-cert.cert.dump create mode 100644 cpan/Net-SSLeay/t/data/strange-cert.cert.pem create mode 100644 cpan/Net-SSLeay/t/data/strange-cert.certchain.der create mode 100644 cpan/Net-SSLeay/t/data/strange-cert.certchain.enc.p12 create mode 100644 cpan/Net-SSLeay/t/data/strange-cert.certchain.p12 create mode 100644 cpan/Net-SSLeay/t/data/strange-cert.certchain.pem create mode 100644 cpan/Net-SSLeay/t/data/strange-cert.csr.der create mode 100644 cpan/Net-SSLeay/t/data/strange-cert.csr.pem create mode 100644 cpan/Net-SSLeay/t/data/strange-cert.enc.p12 create mode 100644 cpan/Net-SSLeay/t/data/strange-cert.key.der create mode 100644 cpan/Net-SSLeay/t/data/strange-cert.key.enc.der create mode 100644 cpan/Net-SSLeay/t/data/strange-cert.key.enc.pem create mode 100644 cpan/Net-SSLeay/t/data/strange-cert.key.pem create mode 100644 cpan/Net-SSLeay/t/data/strange-cert.p12 create mode 100644 cpan/Net-SSLeay/t/data/verify-ca.cert.der create mode 100644 cpan/Net-SSLeay/t/data/verify-ca.cert.dump create mode 100644 cpan/Net-SSLeay/t/data/verify-ca.cert.pem create mode 100644 cpan/Net-SSLeay/t/data/verify-ca.certchain.der create mode 100644 cpan/Net-SSLeay/t/data/verify-ca.certchain.enc.p12 create mode 100644 cpan/Net-SSLeay/t/data/verify-ca.certchain.p12 create mode 100644 cpan/Net-SSLeay/t/data/verify-ca.certchain.pem create mode 100644 cpan/Net-SSLeay/t/data/verify-ca.csr.der create mode 100644 cpan/Net-SSLeay/t/data/verify-ca.csr.pem create mode 100644 cpan/Net-SSLeay/t/data/verify-ca.enc.p12 create mode 100644 cpan/Net-SSLeay/t/data/verify-ca.key.der create mode 100644 cpan/Net-SSLeay/t/data/verify-ca.key.enc.der create mode 100644 cpan/Net-SSLeay/t/data/verify-ca.key.enc.pem create mode 100644 cpan/Net-SSLeay/t/data/verify-ca.key.pem create mode 100644 cpan/Net-SSLeay/t/data/verify-ca.p12 create mode 100644 cpan/Net-SSLeay/t/data/verify-cert.cert.der create mode 100644 cpan/Net-SSLeay/t/data/verify-cert.cert.dump create mode 100644 cpan/Net-SSLeay/t/data/verify-cert.cert.pem create mode 100644 cpan/Net-SSLeay/t/data/verify-cert.certchain.der create mode 100644 cpan/Net-SSLeay/t/data/verify-cert.certchain.enc.p12 create mode 100644 cpan/Net-SSLeay/t/data/verify-cert.certchain.p12 create mode 100644 cpan/Net-SSLeay/t/data/verify-cert.certchain.pem create mode 100644 cpan/Net-SSLeay/t/data/verify-cert.csr.der create mode 100644 cpan/Net-SSLeay/t/data/verify-cert.csr.pem create mode 100644 cpan/Net-SSLeay/t/data/verify-cert.enc.p12 create mode 100644 cpan/Net-SSLeay/t/data/verify-cert.key.der create mode 100644 cpan/Net-SSLeay/t/data/verify-cert.key.enc.der create mode 100644 cpan/Net-SSLeay/t/data/verify-cert.key.enc.pem create mode 100644 cpan/Net-SSLeay/t/data/verify-cert.key.pem create mode 100644 cpan/Net-SSLeay/t/data/verify-cert.p12 create mode 100644 cpan/Net-SSLeay/t/data/wildcard-cert.cert.der create mode 100644 cpan/Net-SSLeay/t/data/wildcard-cert.cert.dump create mode 100644 cpan/Net-SSLeay/t/data/wildcard-cert.cert.pem create mode 100644 cpan/Net-SSLeay/t/data/wildcard-cert.certchain.der create mode 100644 cpan/Net-SSLeay/t/data/wildcard-cert.certchain.enc.p12 create mode 100644 cpan/Net-SSLeay/t/data/wildcard-cert.certchain.p12 create mode 100644 cpan/Net-SSLeay/t/data/wildcard-cert.certchain.pem create mode 100644 cpan/Net-SSLeay/t/data/wildcard-cert.csr.der create mode 100644 cpan/Net-SSLeay/t/data/wildcard-cert.csr.pem create mode 100644 cpan/Net-SSLeay/t/data/wildcard-cert.enc.p12 create mode 100644 cpan/Net-SSLeay/t/data/wildcard-cert.key.der create mode 100644 cpan/Net-SSLeay/t/data/wildcard-cert.key.enc.der create mode 100644 cpan/Net-SSLeay/t/data/wildcard-cert.key.enc.pem create mode 100644 cpan/Net-SSLeay/t/data/wildcard-cert.key.pem create mode 100644 cpan/Net-SSLeay/t/data/wildcard-cert.p12 create mode 100644 cpan/Net-SSLeay/t/external/ocsp.t create mode 100644 cpan/Net-SSLeay/t/handle/external/10_destroy.t create mode 100644 cpan/Net-SSLeay/t/handle/external/50_external.t create mode 100644 cpan/Net-SSLeay/t/handle/local/05_use.t create mode 100644 cpan/Net-SSLeay/t/local/03_use.t create mode 100644 cpan/Net-SSLeay/t/local/04_basic.t create mode 100644 cpan/Net-SSLeay/t/local/05_passwd_cb.t create mode 100644 cpan/Net-SSLeay/t/local/06_tcpecho.t create mode 100644 cpan/Net-SSLeay/t/local/07_sslecho.t create mode 100644 cpan/Net-SSLeay/t/local/08_pipe.t create mode 100644 cpan/Net-SSLeay/t/local/09_ctx_new.t create mode 100644 cpan/Net-SSLeay/t/local/10_rand.t create mode 100644 cpan/Net-SSLeay/t/local/11_read.t create mode 100644 cpan/Net-SSLeay/t/local/15_bio.t create mode 100644 cpan/Net-SSLeay/t/local/20_functions.t create mode 100644 cpan/Net-SSLeay/t/local/21_constants.t create mode 100644 cpan/Net-SSLeay/t/local/22_provider.t create mode 100644 cpan/Net-SSLeay/t/local/22_provider_try_load.t create mode 100644 cpan/Net-SSLeay/t/local/22_provider_try_load_zero_retain.t create mode 100644 cpan/Net-SSLeay/t/local/30_error.t create mode 100644 cpan/Net-SSLeay/t/local/31_rsa_generate_key.t create mode 100644 cpan/Net-SSLeay/t/local/32_x509_get_cert_info.t create mode 100644 cpan/Net-SSLeay/t/local/33_x509_create_cert.t create mode 100644 cpan/Net-SSLeay/t/local/34_x509_crl.t create mode 100644 cpan/Net-SSLeay/t/local/35_ephemeral.t create mode 100644 cpan/Net-SSLeay/t/local/36_verify.t create mode 100644 cpan/Net-SSLeay/t/local/37_asn1_time.t create mode 100644 cpan/Net-SSLeay/t/local/38_priv-key.t create mode 100644 cpan/Net-SSLeay/t/local/39_pkcs12.t create mode 100644 cpan/Net-SSLeay/t/local/40_npn_support.t create mode 100644 cpan/Net-SSLeay/t/local/41_alpn_support.t create mode 100644 cpan/Net-SSLeay/t/local/42_info_callback.t create mode 100644 cpan/Net-SSLeay/t/local/43_misc_functions.t create mode 100644 cpan/Net-SSLeay/t/local/44_sess.t create mode 100644 cpan/Net-SSLeay/t/local/45_exporter.t create mode 100644 cpan/Net-SSLeay/t/local/46_msg_callback.t create mode 100644 cpan/Net-SSLeay/t/local/47_keylog.t create mode 100644 cpan/Net-SSLeay/t/local/50_digest.t create mode 100644 cpan/Net-SSLeay/t/local/61_threads-cb-crash.t create mode 100644 cpan/Net-SSLeay/t/local/62_threads-ctx_new-deadlock.t create mode 100644 cpan/Net-SSLeay/t/local/63_ec_key_generate_key.t create mode 100644 cpan/Net-SSLeay/t/local/64_ticket_sharing.t create mode 100644 cpan/Net-SSLeay/t/local/65_security_level.t create mode 100644 cpan/Net-SSLeay/t/local/65_ticket_sharing_2.t create mode 100644 cpan/Net-SSLeay/t/local/66_curves.t create mode 100644 cpan/Net-SSLeay/typemap diff --git a/AUTHORS b/AUTHORS index fcb43a7b32ca..d8a6b6081441 100644 --- a/AUTHORS +++ b/AUTHORS @@ -730,6 +730,7 @@ John W. Krahn John Wright Johnny Lam Jon Eveland +Jon Gentle Jon Gunnip Jon Orwant Jonathan Biggar diff --git a/MANIFEST b/MANIFEST index f370602ab857..07efa841e5e3 100644 --- a/MANIFEST +++ b/MANIFEST @@ -1543,6 +1543,202 @@ cpan/Module-Metadata/t/lib/GeneratePackage.pm cpan/Module-Metadata/t/metadata.t cpan/Module-Metadata/t/taint.t cpan/Module-Metadata/t/version.t +cpan/Net-SSLeay/constants.c +cpan/Net-SSLeay/helper_script/constants.txt +cpan/Net-SSLeay/helper_script/generate-test-pki +cpan/Net-SSLeay/helper_script/pki.cfg +cpan/Net-SSLeay/helper_script/update-exported-constants +cpan/Net-SSLeay/inc/Test/Net/SSLeay.pm +cpan/Net-SSLeay/inc/Test/Net/SSLeay/Socket.pm +cpan/Net-SSLeay/lib/Net/SSLeay.pm +cpan/Net-SSLeay/lib/Net/SSLeay.pod +cpan/Net-SSLeay/lib/Net/SSLeay/Handle.pm +cpan/Net-SSLeay/Makefile.PL +cpan/Net-SSLeay/SSLeay.xs +cpan/Net-SSLeay/t/data/binary-test.file +cpan/Net-SSLeay/t/data/extended-cert.p12 +cpan/Net-SSLeay/t/data/extended-cert.cert.der +cpan/Net-SSLeay/t/data/extended-cert.cert.dump +cpan/Net-SSLeay/t/data/extended-cert.cert.pem +cpan/Net-SSLeay/t/data/extended-cert.certchain.der +cpan/Net-SSLeay/t/data/extended-cert.certchain.p12 +cpan/Net-SSLeay/t/data/extended-cert.certchain.pem +cpan/Net-SSLeay/t/data/extended-cert.certchain.enc.p12 +cpan/Net-SSLeay/t/data/extended-cert.csr.der +cpan/Net-SSLeay/t/data/extended-cert.csr.pem +cpan/Net-SSLeay/t/data/extended-cert.enc.p12 +cpan/Net-SSLeay/t/data/extended-cert.key.der +cpan/Net-SSLeay/t/data/extended-cert.key.pem +cpan/Net-SSLeay/t/data/extended-cert.key.enc.der +cpan/Net-SSLeay/t/data/extended-cert.key.enc.pem +cpan/Net-SSLeay/t/data/intermediate-ca.p12 +cpan/Net-SSLeay/t/data/intermediate-ca.cert.der +cpan/Net-SSLeay/t/data/intermediate-ca.cert.dump +cpan/Net-SSLeay/t/data/intermediate-ca.cert.pem +cpan/Net-SSLeay/t/data/intermediate-ca.certchain.der +cpan/Net-SSLeay/t/data/intermediate-ca.certchain.p12 +cpan/Net-SSLeay/t/data/intermediate-ca.certchain.pem +cpan/Net-SSLeay/t/data/intermediate-ca.certchain.enc.p12 +cpan/Net-SSLeay/t/data/intermediate-ca.crl.der +cpan/Net-SSLeay/t/data/intermediate-ca.crl.pem +cpan/Net-SSLeay/t/data/intermediate-ca.csr.der +cpan/Net-SSLeay/t/data/intermediate-ca.csr.pem +cpan/Net-SSLeay/t/data/intermediate-ca.enc.p12 +cpan/Net-SSLeay/t/data/intermediate-ca.key.der +cpan/Net-SSLeay/t/data/intermediate-ca.key.pem +cpan/Net-SSLeay/t/data/intermediate-ca.key.enc.der +cpan/Net-SSLeay/t/data/intermediate-ca.key.enc.pem +cpan/Net-SSLeay/t/data/revoked-cert.p12 +cpan/Net-SSLeay/t/data/revoked-cert.cert.der +cpan/Net-SSLeay/t/data/revoked-cert.cert.dump +cpan/Net-SSLeay/t/data/revoked-cert.cert.pem +cpan/Net-SSLeay/t/data/revoked-cert.certchain.der +cpan/Net-SSLeay/t/data/revoked-cert.certchain.p12 +cpan/Net-SSLeay/t/data/revoked-cert.certchain.pem +cpan/Net-SSLeay/t/data/revoked-cert.certchain.enc.p12 +cpan/Net-SSLeay/t/data/revoked-cert.csr.der +cpan/Net-SSLeay/t/data/revoked-cert.csr.pem +cpan/Net-SSLeay/t/data/revoked-cert.enc.p12 +cpan/Net-SSLeay/t/data/revoked-cert.key.der +cpan/Net-SSLeay/t/data/revoked-cert.key.pem +cpan/Net-SSLeay/t/data/revoked-cert.key.enc.der +cpan/Net-SSLeay/t/data/revoked-cert.key.enc.pem +cpan/Net-SSLeay/t/data/root-ca.p12 +cpan/Net-SSLeay/t/data/root-ca.cert.der +cpan/Net-SSLeay/t/data/root-ca.cert.dump +cpan/Net-SSLeay/t/data/root-ca.cert.pem +cpan/Net-SSLeay/t/data/root-ca.certchain.der +cpan/Net-SSLeay/t/data/root-ca.certchain.p12 +cpan/Net-SSLeay/t/data/root-ca.certchain.pem +cpan/Net-SSLeay/t/data/root-ca.certchain.enc.p12 +cpan/Net-SSLeay/t/data/root-ca.csr.der +cpan/Net-SSLeay/t/data/root-ca.csr.pem +cpan/Net-SSLeay/t/data/root-ca.enc.p12 +cpan/Net-SSLeay/t/data/root-ca.key.der +cpan/Net-SSLeay/t/data/root-ca.key.pem +cpan/Net-SSLeay/t/data/root-ca.key.enc.der +cpan/Net-SSLeay/t/data/root-ca.key.enc.pem +cpan/Net-SSLeay/t/data/simple-cert.p12 +cpan/Net-SSLeay/t/data/simple-cert.cert.der +cpan/Net-SSLeay/t/data/simple-cert.cert.dump +cpan/Net-SSLeay/t/data/simple-cert.cert.pem +cpan/Net-SSLeay/t/data/simple-cert.certchain.der +cpan/Net-SSLeay/t/data/simple-cert.certchain.p12 +cpan/Net-SSLeay/t/data/simple-cert.certchain.pem +cpan/Net-SSLeay/t/data/simple-cert.certchain.enc.p12 +cpan/Net-SSLeay/t/data/simple-cert.csr.der +cpan/Net-SSLeay/t/data/simple-cert.csr.pem +cpan/Net-SSLeay/t/data/simple-cert.enc.p12 +cpan/Net-SSLeay/t/data/simple-cert.key.der +cpan/Net-SSLeay/t/data/simple-cert.key.pem +cpan/Net-SSLeay/t/data/simple-cert.key.enc.der +cpan/Net-SSLeay/t/data/simple-cert.key.enc.pem +cpan/Net-SSLeay/t/data/strange-cert.p12 +cpan/Net-SSLeay/t/data/strange-cert.cert.der +cpan/Net-SSLeay/t/data/strange-cert.cert.dump +cpan/Net-SSLeay/t/data/strange-cert.cert.pem +cpan/Net-SSLeay/t/data/strange-cert.certchain.der +cpan/Net-SSLeay/t/data/strange-cert.certchain.p12 +cpan/Net-SSLeay/t/data/strange-cert.certchain.pem +cpan/Net-SSLeay/t/data/strange-cert.certchain.enc.p12 +cpan/Net-SSLeay/t/data/strange-cert.csr.der +cpan/Net-SSLeay/t/data/strange-cert.csr.pem +cpan/Net-SSLeay/t/data/strange-cert.enc.p12 +cpan/Net-SSLeay/t/data/strange-cert.key.der +cpan/Net-SSLeay/t/data/strange-cert.key.pem +cpan/Net-SSLeay/t/data/strange-cert.key.enc.der +cpan/Net-SSLeay/t/data/strange-cert.key.enc.pem +cpan/Net-SSLeay/t/data/verify-ca.p12 +cpan/Net-SSLeay/t/data/verify-ca.cert.der +cpan/Net-SSLeay/t/data/verify-ca.cert.dump +cpan/Net-SSLeay/t/data/verify-ca.cert.pem +cpan/Net-SSLeay/t/data/verify-ca.certchain.der +cpan/Net-SSLeay/t/data/verify-ca.certchain.p12 +cpan/Net-SSLeay/t/data/verify-ca.certchain.pem +cpan/Net-SSLeay/t/data/verify-ca.certchain.enc.p12 +cpan/Net-SSLeay/t/data/verify-ca.csr.der +cpan/Net-SSLeay/t/data/verify-ca.csr.pem +cpan/Net-SSLeay/t/data/verify-ca.enc.p12 +cpan/Net-SSLeay/t/data/verify-ca.key.der +cpan/Net-SSLeay/t/data/verify-ca.key.pem +cpan/Net-SSLeay/t/data/verify-ca.key.enc.der +cpan/Net-SSLeay/t/data/verify-ca.key.enc.pem +cpan/Net-SSLeay/t/data/verify-cert.p12 +cpan/Net-SSLeay/t/data/verify-cert.cert.der +cpan/Net-SSLeay/t/data/verify-cert.cert.dump +cpan/Net-SSLeay/t/data/verify-cert.cert.pem +cpan/Net-SSLeay/t/data/verify-cert.certchain.der +cpan/Net-SSLeay/t/data/verify-cert.certchain.p12 +cpan/Net-SSLeay/t/data/verify-cert.certchain.pem +cpan/Net-SSLeay/t/data/verify-cert.certchain.enc.p12 +cpan/Net-SSLeay/t/data/verify-cert.csr.der +cpan/Net-SSLeay/t/data/verify-cert.csr.pem +cpan/Net-SSLeay/t/data/verify-cert.enc.p12 +cpan/Net-SSLeay/t/data/verify-cert.key.der +cpan/Net-SSLeay/t/data/verify-cert.key.pem +cpan/Net-SSLeay/t/data/verify-cert.key.enc.der +cpan/Net-SSLeay/t/data/verify-cert.key.enc.pem +cpan/Net-SSLeay/t/data/wildcard-cert.p12 +cpan/Net-SSLeay/t/data/wildcard-cert.cert.der +cpan/Net-SSLeay/t/data/wildcard-cert.cert.dump +cpan/Net-SSLeay/t/data/wildcard-cert.cert.pem +cpan/Net-SSLeay/t/data/wildcard-cert.certchain.der +cpan/Net-SSLeay/t/data/wildcard-cert.certchain.p12 +cpan/Net-SSLeay/t/data/wildcard-cert.certchain.pem +cpan/Net-SSLeay/t/data/wildcard-cert.certchain.enc.p12 +cpan/Net-SSLeay/t/data/wildcard-cert.csr.der +cpan/Net-SSLeay/t/data/wildcard-cert.csr.pem +cpan/Net-SSLeay/t/data/wildcard-cert.enc.p12 +cpan/Net-SSLeay/t/data/wildcard-cert.key.der +cpan/Net-SSLeay/t/data/wildcard-cert.key.pem +cpan/Net-SSLeay/t/data/wildcard-cert.key.enc.der +cpan/Net-SSLeay/t/data/wildcard-cert.key.enc.pem +cpan/Net-SSLeay/t/external/ocsp.t +cpan/Net-SSLeay/t/handle/external/10_destroy.t +cpan/Net-SSLeay/t/handle/external/50_external.t +cpan/Net-SSLeay/t/handle/local/05_use.t +cpan/Net-SSLeay/t/local/03_use.t +cpan/Net-SSLeay/t/local/04_basic.t +cpan/Net-SSLeay/t/local/05_passwd_cb.t +cpan/Net-SSLeay/t/local/06_tcpecho.t +cpan/Net-SSLeay/t/local/07_sslecho.t +cpan/Net-SSLeay/t/local/08_pipe.t +cpan/Net-SSLeay/t/local/09_ctx_new.t +cpan/Net-SSLeay/t/local/10_rand.t +cpan/Net-SSLeay/t/local/11_read.t +cpan/Net-SSLeay/t/local/15_bio.t +cpan/Net-SSLeay/t/local/20_functions.t +cpan/Net-SSLeay/t/local/21_constants.t +cpan/Net-SSLeay/t/local/22_provider.t +cpan/Net-SSLeay/t/local/22_provider_try_load.t +cpan/Net-SSLeay/t/local/22_provider_try_load_zero_retain.t +cpan/Net-SSLeay/t/local/30_error.t +cpan/Net-SSLeay/t/local/31_rsa_generate_key.t +cpan/Net-SSLeay/t/local/32_x509_get_cert_info.t +cpan/Net-SSLeay/t/local/33_x509_create_cert.t +cpan/Net-SSLeay/t/local/34_x509_crl.t +cpan/Net-SSLeay/t/local/35_ephemeral.t +cpan/Net-SSLeay/t/local/36_verify.t +cpan/Net-SSLeay/t/local/37_asn1_time.t +cpan/Net-SSLeay/t/local/38_priv-key.t +cpan/Net-SSLeay/t/local/39_pkcs12.t +cpan/Net-SSLeay/t/local/40_npn_support.t +cpan/Net-SSLeay/t/local/41_alpn_support.t +cpan/Net-SSLeay/t/local/42_info_callback.t +cpan/Net-SSLeay/t/local/43_misc_functions.t +cpan/Net-SSLeay/t/local/44_sess.t +cpan/Net-SSLeay/t/local/45_exporter.t +cpan/Net-SSLeay/t/local/46_msg_callback.t +cpan/Net-SSLeay/t/local/47_keylog.t +cpan/Net-SSLeay/t/local/50_digest.t +cpan/Net-SSLeay/t/local/61_threads-cb-crash.t +cpan/Net-SSLeay/t/local/62_threads-ctx_new-deadlock.t +cpan/Net-SSLeay/t/local/63_ec_key_generate_key.t +cpan/Net-SSLeay/t/local/64_ticket_sharing.t +cpan/Net-SSLeay/t/local/65_security_level.t +cpan/Net-SSLeay/t/local/65_ticket_sharing_2.t +cpan/Net-SSLeay/t/local/66_curves.t +cpan/Net-SSLeay/typemap cpan/NEXT/lib/NEXT.pm Pseudo-class NEXT for method redispatch cpan/NEXT/t/actual.t NEXT cpan/NEXT/t/actuns.t NEXT diff --git a/Makefile.SH b/Makefile.SH index ac05dee12044..39f2b04098f2 100755 --- a/Makefile.SH +++ b/Makefile.SH @@ -1418,13 +1418,15 @@ _cleaner2: -rmdir ext/B/lib -rm -f dist/Time-HiRes/xdefine rm -f so_locations $(LIBPERL_NONSHR) - -rmdir lib/version lib/threads lib/inc/ExtUtils lib/inc lib/encoding - -rmdir lib/autodie/exception lib/autodie/Scope lib/autodie lib/XS - -rmdir lib/Win32API lib/VMS lib/Unicode/Collate/Locale - -rmdir lib/Unicode/Collate/CJK lib/Unicode/Collate lib/Tie/Hash - -rmdir lib/Thread lib/Text lib/Test2/Util lib/Test2/Tools - -rmdir lib/Test2/IPC/Driver lib/Test2/IPC lib/Test2/Hub/Interceptor - -rmdir lib/Test2/Hub lib/Test2/Formatter lib/Test2/EventFacet/Info + -rmdir lib/version lib/threads lib/inc/Test/Net/SSLeay + -rmdir lib/inc/Test/Net lib/inc/Test lib/inc/ExtUtils lib/inc + -rmdir lib/encoding lib/autodie/exception lib/autodie/Scope + -rmdir lib/autodie lib/XS lib/Win32API lib/VMS + -rmdir lib/Unicode/Collate/Locale lib/Unicode/Collate/CJK + -rmdir lib/Unicode/Collate lib/Tie/Hash lib/Thread lib/Text + -rmdir lib/Test2/Util lib/Test2/Tools lib/Test2/IPC/Driver + -rmdir lib/Test2/IPC lib/Test2/Hub/Interceptor lib/Test2/Hub + -rmdir lib/Test2/Formatter lib/Test2/EventFacet/Info -rmdir lib/Test2/EventFacet lib/Test2/Event/TAP lib/Test2/Event -rmdir lib/Test2/API/InterceptResult lib/Test2/API lib/Test2 -rmdir lib/Test/use lib/Test/Tester lib/Test/Builder/Tester @@ -1436,10 +1438,10 @@ _cleaner2: -rmdir lib/TAP/Formatter lib/TAP lib/Sys/Syslog lib/Sys lib/Sub -rmdir lib/Search lib/Scalar lib/Pod/Text lib/Pod/Simple -rmdir lib/Pod/Perldoc lib/Pod/Html lib/PerlIO/via lib/PerlIO lib/Perl - -rmdir lib/Parse/CPAN lib/Parse lib/Params lib/Net/FTP lib/Module/Load - -rmdir lib/Module/CoreList lib/Module lib/Memoize lib/Math/BigRat - -rmdir lib/Math/BigInt lib/Math/BigFloat lib/Math lib/MIME - -rmdir lib/Locale/Maketext lib/Locale lib/List/Util lib/List + -rmdir lib/Parse/CPAN lib/Parse lib/Params lib/Net/SSLeay lib/Net/FTP + -rmdir lib/Module/Load lib/Module/CoreList lib/Module lib/Memoize + -rmdir lib/Math/BigRat lib/Math/BigInt lib/Math/BigFloat lib/Math + -rmdir lib/MIME lib/Locale/Maketext lib/Locale lib/List/Util lib/List -rmdir lib/JSON/PP lib/JSON lib/IPC lib/IO/Uncompress/Adapter -rmdir lib/IO/Uncompress lib/IO/Socket lib/IO/Compress/Zlib -rmdir lib/IO/Compress/Zip lib/IO/Compress/Gzip lib/IO/Compress/Base diff --git a/Porting/Maintainers.pl b/Porting/Maintainers.pl index f38ae1ddd2af..ed9485068aae 100755 --- a/Porting/Maintainers.pl +++ b/Porting/Maintainers.pl @@ -884,6 +884,25 @@ package Maintainers; ], }, + 'Net::SSLeay' => { + 'DISTRIBUTION' => 'CHRISN/Net-SSLeay-1.92.tar.gz', + 'FILES' => q[cpan/Net-SSLeay], + 'EXCLUDED' => [ + qr[^README], + q[Credits], + q[QuickRef], + q[t/local/01_pod.t], + q[t/local/02_pod_coverage.t], + q[t/local/kwalitee.t], + ], + 'CUSTOMIZED' => [ + qw[ + SSLeay.xs + Makefile.PL + ], + ], + }, + 'NEXT' => { 'DISTRIBUTION' => 'NEILB/NEXT-0.69.tar.gz', 'FILES' => q[cpan/NEXT], diff --git a/cpan/Net-SSLeay/Makefile.PL b/cpan/Net-SSLeay/Makefile.PL new file mode 100644 index 000000000000..f157035a02de --- /dev/null +++ b/cpan/Net-SSLeay/Makefile.PL @@ -0,0 +1,486 @@ +use 5.008001; +use utf8; +use strict; +use warnings; + +use Config; +use English qw( $OSNAME -no_match_vars ); +use ExtUtils::MakeMaker; +use File::Basename (); +use File::Spec; +use File::Spec::Functions qw(catfile); +use Symbol qw(gensym); +use Text::Wrap; + +# According to http://cpanwiki.grango.org/wiki/CPANAuthorNotes, the ideal +# behaviour to exhibit when a prerequisite does not exist is to use exit code 0 +# to ensure smoke testers stop immediately without reporting a FAIL; in all +# other environments, we want to fail more loudly +use constant { + MISSING_PREREQ => ( $ENV{AUTOMATED_TESTING} ? 0 : 1 ), + UNSUPPORTED_LIBSSL => ( $ENV{AUTOMATED_TESTING} ? 0 : 1 ), +}; + +# Error messages displayed with alert() will be this many columns wide +use constant ALERT_WIDTH => 78; + +# Define this to one if you want to link the openssl libraries statically into +# the Net-SSLeay loadable object on Windows +my $win_link_statically = 0; + +my $tests = prompt( + "Do you want to run external tests?\n". + "These tests *will* *fail* if you do not have network connectivity.", + 'n', +) =~ /^y/i ? 't/*/*.t t/*/*/*.t' : 't/local/*.t t/handle/local/*.t'; + +my %eumm_args = ( + NAME => 'Net::SSLeay', + ABSTRACT => 'Perl bindings for OpenSSL and LibreSSL', + LICENSE => 'artistic_2', + AUTHOR => [ + 'Sampo Kellomäki ', + 'Florian Ragwitz ', + 'Mike McCauley ', + 'Chris Novakovic ', + 'Tuure Vartiainen ', + 'Heikki Vatiainen ' + ], + VERSION_FROM => 'lib/Net/SSLeay.pm', + MIN_PERL_VERSION => '5.8.1', + CONFIGURE_REQUIRES => { + 'English' => '0', + 'ExtUtils::MakeMaker' => '0', + 'File::Spec::Functions' => '0', + 'Text::Wrap' => '0', + 'constant' => '0', + }, + TEST_REQUIRES => { + 'Carp' => '0', + 'Config' => '0', + 'Cwd' => '0', + 'English' => '0', + 'File::Basename' => '0', + 'File::Spec::Functions' => '0', + 'Scalar::Util' => '0', + 'SelectSaver' => '0', + 'Socket' => '0', + 'Storable' => '0', + 'Test::Builder' => '0', + 'Test::More' => '0.60_01', + 'base' => '0', + }, + PREREQ_PM => { + 'MIME::Base64' => '0', + }, + test => { TESTS => $tests }, + clean => { FILES => join ' ', map fixpath($_), qw( + makecert.out + makecert.err + sslecho.log + tcpecho.log + t/local/ptr_cast_test + examples/cert.pem + examples/key.pem + examples/key.pem.e + examples/*.0 + ) }, + META_MERGE => { + "meta-spec" => { version => 2 }, + dynamic_config => 0, + resources => { + repository => { + type => 'git', + url => 'git://github.com/radiator-software/p5-net-ssleay.git', + web => 'https://github.com/radiator-software/p5-net-ssleay', + }, + bugtracker => { + web => 'https://github.com/radiator-software/p5-net-ssleay/issues', + }, + }, + no_index => { directory => [ qw(helper_script examples) ] }, + prereqs => { + develop => { + requires => { + 'Test::Pod::Coverage' => '1.00', + 'Test::Kwalitee' => '1.00', + }, + }, + }, + }, + ssleay(), +); + +# See if integers are only 32 bits long. If they are, add a flag to +# CCFLAGS. Since OpenSSL 1.1.0, a growing number of APIs are using 64 +# bit integers. This causes a problem if Perl is compiled without 64 +# bit integers. DEFINE is not used because Makefile.PL command line +# DEFINE argument is used for enabling compile time PR1 +# etc. debugging. +# +# Note: 32bit integers are treated as the non-default case. When you +# use this define, do it so that 64bit case is the default whenever +# possible. This is safer for future library and Net::SSLeay releases. +$eumm_args{CCFLAGS} = "-DNET_SSLEAY_32BIT_INT_PERL $Config{ccflags}" if !defined $Config{use64bitint} || $Config{use64bitint} ne 'define'; + +# This can go when EU::MM older than 6.58 are gone +$eumm_args{AUTHOR} = join(', ', @{$eumm_args{AUTHOR}}) unless eval { ExtUtils::MakeMaker->VERSION(6.58); }; + +# This can go when EU::MM older than 6.64 are gone +delete $eumm_args{TEST_REQUIRES} unless eval { ExtUtils::MakeMaker->VERSION(6.64); }; + +$eumm_args{DEFINE} = '-DUSE_PPPORT_H' unless $ENV{PERL_CORE}; + +WriteMakefile(%eumm_args); + +sub MY::postamble { +<<"MAKE"; +SSLeay$Config{'obj_ext'} : constants.c + +MAKE +} + +sub ssleay { + my $prefix = find_openssl_prefix(); + my $exec = find_openssl_exec($prefix); + unless (defined $exec && -x $exec) { + print <{inc_path} ) { + my $detail = + 'The libssl header files are required to build Net-SSLeay, but ' + . 'they are missing from ' . $prefix . '. They would typically ' + . 'reside in ' . catfile( $prefix, 'include', 'openssl' ) . '.'; + + if ( $OSNAME eq 'linux' ) { + $detail .= + "\n\n" + . 'If you are using the version of OpenSSL/LibreSSL packaged ' + . 'by your Linux distribution, you may need to install the ' + . 'corresponding "development" package via your package ' + . 'manager (e.g. libssl-dev for OpenSSL on Debian and Ubuntu, ' + . 'or openssl-devel for OpenSSL on Red Hat Enterprise Linux ' + . 'and Fedora).'; + } + + alert( 'Could not find libssl headers', $detail ); + + exit MISSING_PREREQ; + } + + check_openssl_version($prefix, $exec); + my %args = ( + CCCDLFLAGS => $opts->{cccdlflags}, + OPTIMIZE => $opts->{optimize}, + INC => qq{-I"$opts->{inc_path}"}, + LIBS => join(' ', (map '-L'.maybe_quote($_), @{$opts->{lib_paths}}), (map {"-l$_"} @{$opts->{lib_links}})), + ); + # From HMBRAND to handle multple version of OPENSSL installed + if (my $lp = join " " => map '-L'.maybe_quote($_), @{$opts->{lib_paths} || []}) + { + ($args{uc $_} = $Config{$_}) =~ s/-L/$lp -L/ for qw(lddlflags ldflags); + } + %args; +} + +sub maybe_quote { $_[0] =~ / / ? qq{"$_[0]"} : $_[0] } + +sub ssleay_get_build_opts { + my ($prefix) = @_; + + my $opts = { + lib_links => [], + cccdlflags => '', + }; + + my @try_includes = ( + 'include' => sub { 1 }, + 'inc32' => sub { $OSNAME eq 'MSWin32' }, + ); + + while ( + !defined $opts->{inc_path} + && defined( my $dir = shift @try_includes ) + && defined( my $cond = shift @try_includes ) + ) { + if ( $cond->() && (-f "$prefix/$dir/openssl/ssl.h" + || -f "$prefix/$dir/ssl.h")) { + $opts->{inc_path} = "$prefix/$dir"; + } + } + + # Directory order matters. With macOS Monterey a poisoned dylib is + # returned if the directory exists without the desired + # library. See GH-329 for more information. With Strawberry Perl + # 5.26 and later the paths must be in different order or the link + # phase fails. + my @try_lib_paths = ( + ["$prefix/lib64", "$prefix/lib", "$prefix/out32dll", $prefix] => sub {$OSNAME eq 'darwin' }, + [$prefix, "$prefix/lib64", "$prefix/lib", "$prefix/out32dll"] => sub { 1 }, + ); + + while ( + !defined $opts->{lib_paths} + && defined( my $dirs = shift @try_lib_paths ) + && defined( my $cond = shift @try_lib_paths ) + ) { + if ( $cond->() ) { + foreach my $dir (@{$dirs}) { + push @{$opts->{lib_paths}}, $dir if -d $dir; + } + } + } + + print <{lib_paths} }, "$prefix/lib/VC/static" if -d "$prefix/lib/VC/static"; + } + else { + push @{ $opts->{lib_paths} }, "$prefix/lib/VC" if -d "$prefix/lib/VC"; + } + + my $found = 0; + my @pairs = (); + # Library names depend on the compiler + @pairs = (['eay32','ssl32'],['crypto.dll','ssl.dll'],['crypto','ssl']) if $Config{cc} =~ /gcc/; + @pairs = (['libeay32','ssleay32'],['libeay32MD','ssleay32MD'],['libeay32MT','ssleay32MT'],['libcrypto','libssl'],['crypto','ssl']) if $Config{cc} =~ /cl/; + for my $dir (@{$opts->{lib_paths}}) { + for my $p (@pairs) { + $found = 1 if ($Config{cc} =~ /gcc/ && -f "$dir/lib$p->[0].a" && -f "$dir/lib$p->[1].a"); + $found = 1 if ($Config{cc} =~ /cl/ && -f "$dir/$p->[0].lib" && -f "$dir/$p->[1].lib"); + if ($found) { + $opts->{lib_links} = [$p->[0], $p->[1], 'crypt32']; # Some systems need this system lib crypt32 too + $opts->{lib_paths} = [$dir]; + last; + } + } + } + if (!$found) { + #fallback to the old behaviour + push @{ $opts->{lib_links} }, qw( libeay32MD ssleay32MD libeay32 ssleay32 libssl32 crypt32); + } + } + elsif ($^O eq 'VMS') { + if (-r 'sslroot:[000000]openssl.cnf') { # openssl.org source install + @{ $opts->{lib_paths} } = 'SSLLIB'; + @{ $opts->{lib_links} } = qw( ssl_libssl32.olb ssl_libcrypto32.olb ); + } + elsif (-r 'ssl111$root:[000000]openssl.cnf') { # VSI SSL111 install + @{ $opts->{lib_paths} } = 'SYS$SHARE'; + @{ $opts->{lib_links} } = qw( SSL111$LIBSSL_SHR32 SSL111$LIBCRYPTO_SHR32 ); + } + elsif (-r 'ssl1$root:[000000]openssl.cnf') { # VSI or HPE SSL1 install + @{ $opts->{lib_paths} } = 'SYS$SHARE'; + @{ $opts->{lib_links} } = qw( SSL1$LIBSSL_SHR32 SSL1$LIBCRYPTO_SHR32 ); + } + elsif (-r 'ssl$root:[000000]openssl.cnf') { # HP install + @{ $opts->{lib_paths} } = 'SYS$SHARE'; + @{ $opts->{lib_links} } = qw( SSL$LIBSSL_SHR32 SSL$LIBCRYPTO_SHR32 ); + } + @{ $opts->{lib_links} } = map { $_ =~ s/32\b//g } @{ $opts->{lib_links} } if $Config{use64bitall}; + } + else { + push @{ $opts->{lib_links} }, qw( ssl crypto z ); + + if (($Config{cc} =~ /aCC/i) && $^O eq 'hpux') { + print "*** Enabling HPUX aCC options (+e)\n"; + $opts->{optimize} = '+e -O2 -g'; + } + + if ( (($Config{ccname} || $Config{cc}) eq 'gcc') && ($Config{cccdlflags} =~ /-fpic/) ) { + print "*** Enabling gcc -fPIC optimization\n"; + $opts->{cccdlflags} .= '-fPIC'; + } + } + return $opts; +} + +my $other_try = 0; +my @nopath; +sub check_no_path { # On OS/2 it would be typically on default paths + my $p; + if (not($other_try++) and $] >= 5.008001) { + use ExtUtils::MM; + my $mm = MM->new(); + my ($list) = $mm->ext("-lssl"); + return unless $list =~ /-lssl\b/; + for $p (split /\Q$Config{path_sep}/, $ENV{PATH}) { + @nopath = ("$p/openssl$Config{_exe}", # exe name + '.') # dummy lib path + if -x "$p/openssl$Config{_exe}" + } + } + @nopath; +} + +sub find_openssl_prefix { + my ($dir) = @_; + + if (defined $ENV{OPENSSL_PREFIX}) { + return $ENV{OPENSSL_PREFIX}; + } + + my @guesses = ( + '/home/linuxbrew/.linuxbrew/opt/openssl/bin/openssl' => '/home/linuxbrew/.linuxbrew/opt/openssl', # LinuxBrew openssl + '/opt/homebrew/opt/openssl/bin/openssl' => '/opt/homebrew/opt/openssl', # macOS ARM homebrew + '/usr/local/opt/openssl/bin/openssl' => '/usr/local/opt/openssl', # OSX homebrew openssl + '/usr/local/bin/openssl' => '/usr/local', # OSX homebrew openssl + '/opt/local/bin/openssl' => '/opt/local', # Macports openssl + '/usr/bin/openssl' => '/usr', + '/usr/sbin/openssl' => '/usr', + '/opt/ssl/bin/openssl' => '/opt/ssl', + '/opt/ssl/sbin/openssl' => '/opt/ssl', + '/usr/local/ssl/bin/openssl' => '/usr/local/ssl', + '/usr/local/openssl/bin/openssl' => '/usr/local/openssl', + '/apps/openssl/std/bin/openssl' => '/apps/openssl/std', + '/usr/sfw/bin/openssl' => '/usr/sfw', # Open Solaris + 'C:\OpenSSL\bin\openssl.exe' => 'C:\OpenSSL', + 'C:\OpenSSL-Win32\bin\openssl.exe' => 'C:\OpenSSL-Win32', + $Config{prefix} . '\bin\openssl.exe' => $Config{prefix}, # strawberry perl + $Config{prefix} . '\..\c\bin\openssl.exe' => $Config{prefix} . '\..\c', # strawberry perl + '/sslexe/openssl.exe' => '/sslroot', # VMS, openssl.org + '/ssl111$exe/openssl.exe' => '/ssl111$root',# VMS, VSI install + '/ssl1$exe/openssl.exe' => '/ssl1$root',# VMS, VSI or HPE install + '/ssl$exe/openssl.exe' => '/ssl$root', # VMS, HP install + ); + + while (my $k = shift @guesses + and my $v = shift @guesses) { + if ( -x $k ) { + return $v; + } + } + (undef, $dir) = check_no_path() + and return $dir; + + return; +} + +sub find_openssl_exec { + my ($prefix) = @_; + + my $exe_path; + for my $subdir (qw( bin sbin out32dll x86_64_exe ia64_exe alpha_exe )) { + my $path = File::Spec->catfile($prefix, $subdir, "openssl$Config{_exe}"); + if ( -x $path ) { + return $path; + } + } + ($prefix) = check_no_path() + and return $prefix; + return; +} + +sub check_openssl_version { + my ($prefix, $exec) = @_; + my ( $output, $libssl, $major, $minor, $letter ); + + { + my $pipe = gensym(); + open($pipe, qq{"$exec" version |}) + or die "Could not execute $exec"; + $output = <$pipe>; + chomp $output; + close $pipe; + + if ( ($major, $minor, $letter) = $output =~ /^OpenSSL\s+(\d+\.\d+)\.(\d+)([a-z]?)/ ) { + print "*** Found OpenSSL-${major}.${minor}${letter} installed in $prefix\n"; + $libssl = 'openssl'; + } elsif ( ($major, $minor) = $output =~ /^LibreSSL\s+(\d+\.\d+)(?:\.(\d+))?/ ) { + # LibreSSL 2.0.x releases only identify themselves as "LibreSSL 2.0", + # with no patch release number + if ( !defined $minor ) { + $minor = "x"; + } + print "*** Found LibreSSL-${major}.${minor} installed in $prefix\n"; + $libssl = 'libressl'; + } else { + die < 1) { + print <catdir(''); + $text =~ s{\b/}{$sep}g; + return $text; +} + +sub alert { + my ( $err, $detail ) = @_; + + local $Text::Wrap::columns = ALERT_WIDTH - 4; + + print "\n"; + + print '*' x ALERT_WIDTH, "\n"; + print '* ', uc($err), ' ' x ( ALERT_WIDTH - length($err) - 4 ), ' *', "\n"; + print '*', ' ' x ( ALERT_WIDTH - 2 ), '*', "\n"; + + for ( split /\n/, Text::Wrap::wrap( '', '', $detail ) ) { + print '* ', $_, ' ' x ( ALERT_WIDTH - length($_) - 4 ), ' *', "\n"; + } + + print '*' x ALERT_WIDTH, "\n"; +} diff --git a/cpan/Net-SSLeay/SSLeay.xs b/cpan/Net-SSLeay/SSLeay.xs new file mode 100644 index 000000000000..1cbeebadf1e9 --- /dev/null +++ b/cpan/Net-SSLeay/SSLeay.xs @@ -0,0 +1,7949 @@ +/* SSLeay.xs - Perl module for using Eric Young's implementation of SSL + * + * Copyright (c) 1996-2003 Sampo Kellomäki + * Copyright (c) 2005-2010 Florian Ragwitz + * Copyright (c) 2005-2018 Mike McCauley + * Copyright (c) 2018- Chris Novakovic + * Copyright (c) 2018- Tuure Vartiainen + * Copyright (c) 2018- Heikki Vatiainen + * + * All rights reserved. + * + * Change data removed. See Changes + * + * This module is released under the terms of the Artistic License 2.0. For + * details, see the LICENSE file. + */ + +/* #### + * #### PLEASE READ THE FOLLOWING RULES BEFORE YOU START EDITING THIS FILE! #### + * #### + * + * Function naming conventions: + * + * 1/ never change the already existing function names (all calling convention) in a way + * that may cause backward incompatibility (e.g. add ALIAS with old name if necessary) + * + * 2/ it is recommended to keep the original openssl function names for functions that are: + * + * 1:1 wrappers to the original openssl functions + * see for example: X509_get_issuer_name(cert) >> Net::SSLeay::X509_get_issuer_name($cert) + * + * nearly 1:1 wrappers implementing only necessary "glue" e.g. buffer handling + * see for example: RAND_seed(buf,len) >> Net::SSLeay::RAND_seed($buf) + * + * 3/ OpenSSL functions starting with "SSL_" are added into SSLeay.xs with "SLL_" prefix + * (e.g. SSL_CTX_new) but keep in mind that they will be available in Net::SSLeay without + * "SSL_" prefix (e.g. Net::SSLeay::CTX_new) - keep this for all new functions + * + * 4/ The names of functions which do not fit rule 2/ (which means they implement some non + * trivial code around original openssl function or do more complex tasks) should be + * prefixed with "P_" - see for example: P_ASN1_TIME_set_isotime + * + * 5/ Exceptions from rules above: + * functions that are part or wider set of already existing function not following this rule + * for example: there already exists: PEM_get_string_X509_CRL + PEM_get_string_X509_REQ and you want + * to add PEM_get_string_SOMETHING - then no need to follow 3/ (do not prefix with "P_") + * + * Support for different Perl versions, libssl implementations, platforms, and compilers: + * + * 1/ Net-SSLeay has a version support policy for Perl and OpenSSL/LibreSSL (described in the + * "Prerequisites" section in the README file). The test suite must pass when run on any + * of those version combinations. + * + * 2/ Fix all compiler warnings - we expect 100% clean build + * + * 3/ If you add a function which is available since certain openssl version + * use proper #ifdefs to assure that SSLeay.xs will compile also with older versions + * which are missing this function + * + * 4/ Even warnings arising from different use of "const" in different openssl versions + * needs to be hanled with #ifdefs - see for example: X509_NAME_add_entry_by_txt + * + * 5/ avoid using global C variables (it is very likely to break thread-safetyness) + * use rather global MY_CXT structure + * + * 6/ avoid using any UNIX/POSIX specific functions, keep in mind that SSLeay.xs must + * compile also on non-UNIX platforms like MS Windows and others + * + * 7/ avoid using c++ comments "//" (or other c++ features accepted by some c compiler) + * even if your compiler can handle them without warnings + * + * Passing test suite: + * + * 1/ any changes to SSLeay.xs must not introduce a failure of existing test suite + * + * 2/ it is strongly recommended to create test(s) for newly added function(s), especially + * when the new function is not only a 1:1 wrapper but contains a complex code + * + * 3/ it is mandatory to add a documentation for all newly added functions into SSLeay.pod + * otherwise t/local/02_pod_coverage.t fail (and you will be asked to add some doc into + * your patch) + * + * Preferred code layout: + * + * 1/ for simple 1:1 XS wrappers use: + * + * a/ functions with short "signature" (short list of args): + * + * long + * SSL_set_tmp_dh(SSL *ssl,DH *dh) + * + * b/ functions with long "signature" (long list of args): + * simply when approach a/ does not fit to 120 columns + * + * void + * SSL_any_functions(library_flag,function_name,reason,file_name,line) + * int library_flag + * int function_name + * int reason + * char *file_name + * int line + * + * 2/ for XS functions with full implementation use identation like this: + * + * int + * RAND_bytes(buf, num) + * SV *buf + * int num + * PREINIT: + * int rc; + * unsigned char *random; + * CODE: + * / * some code here * / + * RETVAL = rc; + * OUTPUT: + * RETVAL + * + * + * Runtime debugging: + * + * with TRACE(level,fmt,...) you can output debug messages. + * it behaves the same as + * warn sprintf($msg,...) if $Net::SSLeay::trace>=$level + * would do in Perl (e.g. it is using also the $Net::SSLeay::trace variable) + * + * + * THE LAST RULE: + * + * The fact that some parts of SSLeay.xs do not follow the rules above is not + * a reason why any new code can also break these rules in the same way + * + */ + +/* Prevent warnings about strncpy from Windows compilers */ +#define _CRT_SECURE_NO_DEPRECATE + +#ifdef __cplusplus +extern "C" { +#endif +#include "EXTERN.h" +#include "perl.h" +#include "XSUB.h" +#include +#ifdef USE_PPPORT_H +# define NEED_newRV_noinc +# define NEED_sv_2pv_flags +# define NEED_my_snprintf +# include "ppport.h" +#endif +#ifdef __cplusplus +} +#endif + +/* OpenSSL-0.9.3a has some strange warning about this in + * openssl/des.h + */ +#undef _ + +/* Sigh: openssl 1.0 has + typedef void *BLOCK; +which conflicts with perls + typedef struct block BLOCK; +*/ +#define BLOCK OPENSSL_BLOCK +#include +#include +#include +#include +#include +#include +#ifndef OPENSSL_NO_COMP +#include /* openssl-0.9.6a forgets to include this */ +#endif +#ifndef OPENSSL_NO_MD2 +#include +#endif +#ifndef OPENSSL_NO_MD4 +#include +#endif +#ifndef OPENSSL_NO_MD5 +#include /* openssl-SNAP-20020227 does not automatically include this */ +#endif +#if OPENSSL_VERSION_NUMBER >= 0x00905000L +#include +#endif +#include +#include +#if OPENSSL_VERSION_NUMBER >= 0x0090700fL +/* requires 0.9.7+ */ +#ifndef OPENSSL_NO_ENGINE +#include +#endif +#endif +#ifdef OPENSSL_FIPS +#include +#endif +#if OPENSSL_VERSION_NUMBER >= 0x10000000L +#include +#endif +#if OPENSSL_VERSION_NUMBER >= 0x30000000L +#include +#endif +#undef BLOCK + +/* Beginning with OpenSSL 3.0.0-alpha17, SSL_CTX_get_options() and + * related functions return uint64_t instead of long. For this reason + * constant() in constant.c and Net::SSLeay must also be able to + * return 64bit constants. However, this creates a problem with Perls + * that have only 32 bit integers. The define below helps with + * handling this API change. + */ +#if (OPENSSL_VERSION_NUMBER < 0x30000000L) || defined(NET_SSLEAY_32BIT_INT_PERL) +#define NET_SSLEAY_32BIT_CONSTANTS +#endif + +/* Debugging output - to enable use: + * + * perl Makefile.PL DEFINE=-DSHOW_XS_DEBUG + * make + * + */ + +#ifdef SHOW_XS_DEBUG +#define PR1(s) fprintf(stderr,s); +#define PR2(s,t) fprintf(stderr,s,t); +#define PR3(s,t,u) fprintf(stderr,s,t,u); +#define PR4(s,t,u,v) fprintf(stderr,s,t,u,v); +#else +#define PR1(s) +#define PR2(s,t) +#define PR3(s,t,u) +#define PR4(s,t,u,v) +#endif + +static void TRACE(int level,char *msg,...) { + va_list args; + SV *trace = get_sv("Net::SSLeay::trace",0); + if (trace && SvIOK(trace) && SvIV(trace)>=level) { + char buf[4096]; + va_start(args,msg); + vsnprintf(buf,4095,msg,args); + warn("%s",buf); + va_end(args); + } +} + +#include "constants.c" + +/* ============= thread-safety related stuff ============== */ + +#define MY_CXT_KEY "Net::SSLeay::_guts" XS_VERSION + +typedef struct { + HV* global_cb_data; + UV tid; +} my_cxt_t; +START_MY_CXT + +#ifdef USE_ITHREADS +static perl_mutex LIB_init_mutex; +#if OPENSSL_VERSION_NUMBER < 0x10100000L +static perl_mutex *GLOBAL_openssl_mutex = NULL; +#endif +#endif +static int LIB_initialized; + +UV get_my_thread_id(void) /* returns threads->tid() value */ +{ + dSP; + UV tid = 0; +#ifdef USE_ITHREADS + int count = 0; + + ENTER; + SAVETMPS; + PUSHMARK(SP); + XPUSHs(sv_2mortal(newSVpv("threads", 0))); + PUTBACK; + count = call_method("tid", G_SCALAR|G_EVAL); + SPAGAIN; + /* Caution: recent perls do not appear support threads->tid() */ + if (SvTRUE(ERRSV) || count != 1) + { + /* if compatible threads not loaded or an error occurs return 0 */ + tid = 0; + } + else + tid = (UV)POPi; + PUTBACK; + FREETMPS; + LEAVE; +#endif + + return tid; +} + +/* IMPORTANT NOTE: + * openssl locking was implemented according to http://www.openssl.org/docs/crypto/threads.html + * we implement both static and dynamic locking as described on URL above + * locking is supported when OPENSSL_THREADS macro is defined which means openssl-0.9.7 or newer + * we intentionally do not implement cleanup of openssl's threading as it causes troubles + * with apache-mpm-worker+mod_perl+mod_ssl+net-ssleay + */ +#if defined(USE_ITHREADS) && defined(OPENSSL_THREADS) + + +#if OPENSSL_VERSION_NUMBER < 0x10100000L +static void openssl_locking_function(int mode, int type, const char *file, int line) +{ + PR3("openssl_locking_function %d %d\n", mode, type); + + if (!GLOBAL_openssl_mutex) return; + if (mode & CRYPTO_LOCK) + MUTEX_LOCK(&GLOBAL_openssl_mutex[type]); + else + MUTEX_UNLOCK(&GLOBAL_openssl_mutex[type]); +} + +#if OPENSSL_VERSION_NUMBER < 0x10000000L +static unsigned long openssl_threadid_func(void) +{ + dMY_CXT; + return (unsigned long)(MY_CXT.tid); +} +#else +void openssl_threadid_func(CRYPTO_THREADID *id) +{ + dMY_CXT; + CRYPTO_THREADID_set_numeric(id, (unsigned long)(MY_CXT.tid)); +} +#endif + +struct CRYPTO_dynlock_value +{ + perl_mutex mutex; +}; + +struct CRYPTO_dynlock_value * openssl_dynlocking_create_function (const char *file, int line) +{ + struct CRYPTO_dynlock_value *retval; + New(0, retval, 1, struct CRYPTO_dynlock_value); + if (!retval) return NULL; + MUTEX_INIT(&retval->mutex); + return retval; +} + +void openssl_dynlocking_lock_function (int mode, struct CRYPTO_dynlock_value *l, const char *file, int line) +{ + if (!l) return; + if (mode & CRYPTO_LOCK) + MUTEX_LOCK(&l->mutex); + else + MUTEX_UNLOCK(&l->mutex); +} + +void openssl_dynlocking_destroy_function (struct CRYPTO_dynlock_value *l, const char *file, int line) +{ + if (!l) return; + MUTEX_DESTROY(&l->mutex); + Safefree(l); +} +#endif + +void openssl_threads_init(void) +{ + int i; + + PR1("STARTED: openssl_threads_init\n"); + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + /* initialize static locking */ + if ( !CRYPTO_get_locking_callback() ) { +#if OPENSSL_VERSION_NUMBER < 0x10000000L + if ( !CRYPTO_get_id_callback() ) { +#else + if ( !CRYPTO_THREADID_get_callback() ) { +#endif + PR2("openssl_threads_init static locking %d\n", CRYPTO_num_locks()); + New(0, GLOBAL_openssl_mutex, CRYPTO_num_locks(), perl_mutex); + if (!GLOBAL_openssl_mutex) return; + for (i=0; i= 0x1000000fL +static void handler_list_md_fn(const EVP_MD *m, const char *from, const char *to, void *arg) +{ + /* taken from apps/dgst.c */ + const char *mname; + if (!m) return; /* Skip aliases */ + mname = OBJ_nid2ln(EVP_MD_type(m)); + if (strcmp(from, mname)) return; /* Skip shortnames */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST) return; /* Skip clones */ +#endif + if (strchr(mname, ' ')) mname= EVP_MD_name(m); + av_push(arg, newSVpv(mname,0)); +} +#endif + +/* ============= callbacks - basic info ============= + * + * PLEASE READ THIS BEFORE YOU ADD ANY NEW CALLBACK!! + * + * There are basically 2 types of callbacks used in SSLeay: + * + * 1/ "one-time" callbacks - these are created+used+destroyed within one perl function implemented in XS. + * These callbacks use a special C structure simple_cb_data_t to pass necessary data. + * There are 2 related helper functions: simple_cb_data_new() + simple_cb_data_free() + * For example see implementation of these functions: + * - RSA_generate_key + * - PEM_read_bio_PrivateKey + * + * 2/ "advanced" callbacks - these are setup/destroyed by one function but used by another function. These + * callbacks use global hash MY_CXT.global_cb_data to store perl functions + data to be uset at callback time. + * There are 2 related helper functions: cb_data_advanced_put() + cb_data_advanced_get() for manipulating + * global hash MY_CXT.global_cb_data which work like this: + * cb_data_advanced_put(, "data_name", dataSV) + * >>> + * global_cb_data->{"ptr_"}->{"data_name"} = dataSV) + * or + * data = cb_data_advanced_get(, "data_name") + * >>> + * my $data = global_cb_data->{"ptr_"}->{"data_name"} + * For example see implementation of these functions: + * - SSL_CTX_set_verify + * - SSL_set_verify + * - SSL_CTX_set_cert_verify_callback + * - SSL_CTX_set_default_passwd_cb + * - SSL_CTX_set_default_passwd_cb_userdata + * - SSL_set_session_secret_cb + * + * If you want to add a new callback: + * - you very likely need a new function "your_callback_name_invoke()" + * - decide whether your case fits case 1/ or 2/ (and implement likewise existing functions) + * - try to avoid adding a new style of callback implementation (or ask Net::SSLeay maintainers before) + * + */ + +/* ============= callback stuff - generic functions============== */ + +struct _ssleay_cb_t { + SV* func; + SV* data; +}; +typedef struct _ssleay_cb_t simple_cb_data_t; + +simple_cb_data_t* simple_cb_data_new(SV* func, SV* data) +{ + simple_cb_data_t* cb; + New(0, cb, 1, simple_cb_data_t); + if (cb) { + SvREFCNT_inc(func); + SvREFCNT_inc(data); + cb->func = func; + cb->data = (data == &PL_sv_undef) ? NULL : data; + } + return cb; +} + +void simple_cb_data_free(simple_cb_data_t* cb) +{ + if (cb) { + if (cb->func) { + SvREFCNT_dec(cb->func); + cb->func = NULL; + } + if (cb->data) { + SvREFCNT_dec(cb->data); + cb->data = NULL; + } + } + Safefree(cb); +} + +int cb_data_advanced_put(const void *ptr, const char* data_name, SV* data) +{ + HV * L2HV; + SV ** svtmp; + int len; + char key_name[500]; + dMY_CXT; + + len = my_snprintf(key_name, sizeof(key_name), "ptr_%p", ptr); + if (len == sizeof(key_name)) return 0; /* error - key_name too short*/ + + /* get or create level-2 hash */ + svtmp = hv_fetch(MY_CXT.global_cb_data, key_name, strlen(key_name), 0); + if (svtmp == NULL) { + L2HV = newHV(); + hv_store(MY_CXT.global_cb_data, key_name, strlen(key_name), newRV_noinc((SV*)L2HV), 0); + } + else { + if (!SvOK(*svtmp) || !SvROK(*svtmp)) return 0; +#if defined(MUTABLE_PTR) + L2HV = (HV*)MUTABLE_PTR(SvRV(*svtmp)); +#else + L2HV = (HV*)(SvRV(*svtmp)); +#endif + } + + /* first delete already stored value */ + hv_delete(L2HV, data_name, strlen(data_name), G_DISCARD); + if (data!=NULL) { + if (SvOK(data)) + hv_store(L2HV, data_name, strlen(data_name), data, 0); + else + /* we're not storing data so discard it */ + SvREFCNT_dec(data); + } + + return 1; +} + +SV* cb_data_advanced_get(const void *ptr, const char* data_name) +{ + HV * L2HV; + SV ** svtmp; + int len; + char key_name[500]; + dMY_CXT; + + len = my_snprintf(key_name, sizeof(key_name), "ptr_%p", ptr); + if (len == sizeof(key_name)) return &PL_sv_undef; /* return undef on error - key_name too short*/ + + /* get level-2 hash */ + svtmp = hv_fetch(MY_CXT.global_cb_data, key_name, strlen(key_name), 0); + if (svtmp == NULL) return &PL_sv_undef; + if (!SvOK(*svtmp)) return &PL_sv_undef; + if (!SvROK(*svtmp)) return &PL_sv_undef; +#if defined(MUTABLE_PTR) + L2HV = (HV*)MUTABLE_PTR(SvRV(*svtmp)); +#else + L2HV = (HV*)(SvRV(*svtmp)); +#endif + + /* get stored data */ + svtmp = hv_fetch(L2HV, data_name, strlen(data_name), 0); + if (svtmp == NULL) return &PL_sv_undef; + if (!SvOK(*svtmp)) return &PL_sv_undef; + + return *svtmp; +} + +int cb_data_advanced_drop(const void *ptr) +{ + int len; + char key_name[500]; + dMY_CXT; + + len = my_snprintf(key_name, sizeof(key_name), "ptr_%p", ptr); + if (len == sizeof(key_name)) return 0; /* error - key_name too short*/ + + hv_delete(MY_CXT.global_cb_data, key_name, strlen(key_name), G_DISCARD); + return 1; +} + +/* ============= callback stuff - invoke functions ============== */ + +static int ssleay_verify_callback_invoke (int ok, X509_STORE_CTX* x509_store) +{ + dSP; + SSL* ssl; + int count = -1, res; + SV *cb_func; + + PR1("STARTED: ssleay_verify_callback_invoke\n"); + ssl = X509_STORE_CTX_get_ex_data(x509_store, SSL_get_ex_data_X509_STORE_CTX_idx()); + cb_func = cb_data_advanced_get(ssl, "ssleay_verify_callback!!func"); + + if (!SvOK(cb_func)) { + SSL_CTX* ssl_ctx = SSL_get_SSL_CTX(ssl); + cb_func = cb_data_advanced_get(ssl_ctx, "ssleay_verify_callback!!func"); + } + + if (!SvOK(cb_func)) + croak("Net::SSLeay: verify_callback called, but not set to point to any perl function.\n"); + + ENTER; + SAVETMPS; + + PR2("verify callback glue ok=%d\n", ok); + + PUSHMARK(sp); + EXTEND( sp, 2 ); + PUSHs( sv_2mortal(newSViv(ok)) ); + PUSHs( sv_2mortal(newSViv(PTR2IV(x509_store))) ); + PUTBACK; + + PR1("About to call verify callback.\n"); + count = call_sv(cb_func, G_SCALAR); + PR1("Returned from verify callback.\n"); + + SPAGAIN; + + if (count != 1) + croak ( "Net::SSLeay: verify_callback perl function did not return a scalar.\n"); + + res = POPi; + + PUTBACK; + FREETMPS; + LEAVE; + + return res; +} + +static int ssleay_ctx_passwd_cb_invoke(char *buf, int size, int rwflag, void *userdata) +{ + dSP; + int count = -1; + char *res; + SV *cb_func, *cb_data; + + PR1("STARTED: ssleay_ctx_passwd_cb_invoke\n"); + cb_func = cb_data_advanced_get(userdata, "ssleay_ctx_passwd_cb!!func"); + cb_data = cb_data_advanced_get(userdata, "ssleay_ctx_passwd_cb!!data"); + + if(!SvOK(cb_func)) + croak ("Net::SSLeay: ssleay_ctx_passwd_cb_invoke called, but not set to point to any perl function.\n"); + + ENTER; + SAVETMPS; + + PUSHMARK(sp); + XPUSHs(sv_2mortal(newSViv(rwflag))); + XPUSHs(sv_2mortal(newSVsv(cb_data))); + PUTBACK; + + count = call_sv( cb_func, G_SCALAR ); + + SPAGAIN; + + if (count != 1) + croak("Net::SSLeay: ssleay_ctx_passwd_cb_invoke perl function did not return a scalar.\n"); + + res = POPp; + + if (res == NULL) { + *buf = '\0'; + } else { + strncpy(buf, res, size); + buf[size - 1] = '\0'; + } + + PUTBACK; + FREETMPS; + LEAVE; + + return strlen(buf); +} + +#if OPENSSL_VERSION_NUMBER >= 0x1010006fL /* In OpenSSL 1.1.0 but actually called for $ssl from 1.1.0f */ +#ifndef LIBRESSL_VERSION_NUMBER +#ifndef OPENSSL_IS_BORINGSSL +static int ssleay_ssl_passwd_cb_invoke(char *buf, int size, int rwflag, void *userdata) +{ + dSP; + int count = -1; + char *res; + SV *cb_func, *cb_data; + + PR1("STARTED: ssleay_ssl_passwd_cb_invoke\n"); + cb_func = cb_data_advanced_get(userdata, "ssleay_ssl_passwd_cb!!func"); + cb_data = cb_data_advanced_get(userdata, "ssleay_ssl_passwd_cb!!data"); + + if(!SvOK(cb_func)) + croak ("Net::SSLeay: ssleay_ssl_passwd_cb_invoke called, but not set to point to any perl function.\n"); + + ENTER; + SAVETMPS; + + PUSHMARK(sp); + XPUSHs(sv_2mortal(newSViv(rwflag))); + XPUSHs(sv_2mortal(newSVsv(cb_data))); + PUTBACK; + + count = call_sv( cb_func, G_SCALAR ); + + SPAGAIN; + + if (count != 1) + croak("Net::SSLeay: ssleay_ssl_passwd_cb_invoke perl function did not return a scalar.\n"); + + res = POPp; + + if (res == NULL) { + *buf = '\0'; + } else { + strncpy(buf, res, size); + buf[size - 1] = '\0'; + } + + PUTBACK; + FREETMPS; + LEAVE; + + return strlen(buf); +} +#endif /* !BoringSSL */ +#endif /* !LibreSSL */ +#endif /* >= 1.1.0f */ + +int ssleay_ctx_cert_verify_cb_invoke(X509_STORE_CTX* x509_store_ctx, void* data) +{ + dSP; + int count = -1; + int res; + SV * cb_func, *cb_data; + void *ptr; + SSL *ssl; + + PR1("STARTED: ssleay_ctx_cert_verify_cb_invoke\n"); +#if OPENSSL_VERSION_NUMBER < 0x0090700fL + ssl = X509_STORE_CTX_get_ex_data(x509_store_ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); + ptr = (void*) SSL_get_SSL_CTX(ssl); +#else + ssl = NULL; + ptr = (void*) data; +#endif + + cb_func = cb_data_advanced_get(ptr, "ssleay_ctx_cert_verify_cb!!func"); + cb_data = cb_data_advanced_get(ptr, "ssleay_ctx_cert_verify_cb!!data"); + + if(!SvOK(cb_func)) + croak ("Net::SSLeay: ssleay_ctx_cert_verify_cb_invoke called, but not set to point to any perl function.\n"); + + ENTER; + SAVETMPS; + + PUSHMARK(SP); + XPUSHs(sv_2mortal(newSViv(PTR2IV(x509_store_ctx)))); + XPUSHs(sv_2mortal(newSVsv(cb_data))); + PUTBACK; + + count = call_sv(cb_func, G_SCALAR); + + SPAGAIN; + + if (count != 1) + croak("Net::SSLeay: ssleay_ctx_cert_verify_cb_invoke perl function did not return a scalar.\n"); + + res = POPi; + + PUTBACK; + FREETMPS; + LEAVE; + + return res; +} + +#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) + +int tlsext_servername_callback_invoke(SSL *ssl, int *ad, void *arg) +{ + dSP; + int count = -1; + int res; + SV * cb_func, *cb_data; + + PR1("STARTED: tlsext_servername_callback_invoke\n"); + + cb_func = cb_data_advanced_get(arg, "tlsext_servername_callback!!func"); + cb_data = cb_data_advanced_get(arg, "tlsext_servername_callback!!data"); + + if(!SvOK(cb_func)) + croak ("Net::SSLeay: tlsext_servername_callback_invoke called, but not set to point to any perl function.\n"); + + ENTER; + SAVETMPS; + + PUSHMARK(SP); + XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl)))); + XPUSHs(sv_2mortal(newSVsv(cb_data))); + PUTBACK; + + count = call_sv(cb_func, G_SCALAR); + + SPAGAIN; + + if (count != 1) + croak("Net::SSLeay: tlsext_servername_callback_invoke perl function did not return a scalar.\n"); + + res = POPi; + + PUTBACK; + FREETMPS; + LEAVE; + + return res; +} + +#endif + +#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_TLSEXT) + +int tlsext_status_cb_invoke(SSL *ssl, void *arg) +{ + dSP; + SV *cb_func, *cb_data; + SSL_CTX *ctx = SSL_get_SSL_CTX(ssl); + int len,res,nres = -1; + const unsigned char *p = NULL; + OCSP_RESPONSE *ocsp_response = NULL; + + cb_func = cb_data_advanced_get(ctx, "tlsext_status_cb!!func"); + cb_data = cb_data_advanced_get(ctx, "tlsext_status_cb!!data"); + + if ( ! SvROK(cb_func) || (SvTYPE(SvRV(cb_func)) != SVt_PVCV)) + croak ("Net::SSLeay: tlsext_status_cb_invoke called, but not set to point to any perl function.\n"); + + len = SSL_get_tlsext_status_ocsp_resp(ssl, &p); + if (p) ocsp_response = d2i_OCSP_RESPONSE(NULL, &p, len); + + ENTER; + SAVETMPS; + + PUSHMARK(SP); + XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl)))); + PUSHs( sv_2mortal(newSViv(PTR2IV(ocsp_response))) ); + XPUSHs(sv_2mortal(newSVsv(cb_data))); + PUTBACK; + + nres = call_sv(cb_func, G_SCALAR); + if (ocsp_response) OCSP_RESPONSE_free(ocsp_response); + + SPAGAIN; + + if (nres != 1) + croak("Net::SSLeay: tlsext_status_cb_invoke perl function did not return a scalar.\n"); + + res = POPi; + + PUTBACK; + FREETMPS; + LEAVE; + + return res; +} + +int session_ticket_ext_cb_invoke(SSL *ssl, const unsigned char *data, int len, void *arg) +{ + dSP; + SV *cb_func, *cb_data; + int res,nres = -1; + + cb_func = cb_data_advanced_get(arg, "session_ticket_ext_cb!!func"); + cb_data = cb_data_advanced_get(arg, "session_ticket_ext_cb!!data"); + + if ( ! SvROK(cb_func) || (SvTYPE(SvRV(cb_func)) != SVt_PVCV)) + croak ("Net::SSLeay: session_ticket_ext_cb_invoke called, but not set to point to any perl function.\n"); + + ENTER; + SAVETMPS; + + PUSHMARK(SP); + XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl)))); + XPUSHs(sv_2mortal(newSVpvn((const char *)data, len))); + XPUSHs(sv_2mortal(newSVsv(cb_data))); + PUTBACK; + + nres = call_sv(cb_func, G_SCALAR); + + SPAGAIN; + + if (nres != 1) + croak("Net::SSLeay: session_ticket_ext_cb_invoke perl function did not return a scalar.\n"); + + res = POPi; + + PUTBACK; + FREETMPS; + LEAVE; + + return res; +} + +#endif + +#if defined(SSL_F_SSL_SET_HELLO_EXTENSION) || defined(SSL_F_SSL_SET_SESSION_TICKET_EXT) + +int ssleay_session_secret_cb_invoke(SSL* s, void* secret, int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, + const SSL_CIPHER **cipher, void *arg) +{ + dSP; + int count = -1, res, i; + AV *ciphers = newAV(); + SV *pref_cipher = sv_newmortal(); + SV * cb_func, *cb_data; + SV * secretsv; + + PR1("STARTED: ssleay_session_secret_cb_invoke\n"); + cb_func = cb_data_advanced_get(arg, "ssleay_session_secret_cb!!func"); + cb_data = cb_data_advanced_get(arg, "ssleay_session_secret_cb!!data"); + + if(!SvOK(cb_func)) + croak ("Net::SSLeay: ssleay_ctx_passwd_cb_invoke called, but not set to point to any perl function.\n"); + + ENTER; + SAVETMPS; + + PUSHMARK(SP); + secretsv = sv_2mortal( newSVpv(secret, *secret_len)); + XPUSHs(secretsv); + for (i=0; i= 0x10100000L + { + /* Use any new master secret set by the callback function in secret */ + STRLEN newsecretlen; + char* newsecretdata = SvPV(secretsv, newsecretlen); + memcpy(secret, newsecretdata, newsecretlen); + } +#endif + } + + PUTBACK; + FREETMPS; + LEAVE; + + return res; +} + +#endif + +#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_PSK) +#define NET_SSLEAY_CAN_PSK_CLIENT_CALLBACK + +unsigned int ssleay_set_psk_client_callback_invoke(SSL *ssl, const char *hint, + char *identity, unsigned int max_identity_len, + unsigned char *psk, unsigned int max_psk_len) +{ + dSP; + int count = -1; + char *identity_val, *psk_val; + unsigned int psk_len = 0; + BIGNUM *psk_bn = NULL; + SV * cb_func; + SV * hintsv; + /* this n_a is required for building with old perls: */ + STRLEN n_a; + + PR1("STARTED: ssleay_set_psk_client_callback_invoke\n"); + cb_func = cb_data_advanced_get(ssl, "ssleay_set_psk_client_callback!!func"); + + if(!SvOK(cb_func)) + croak ("Net::SSLeay: ssleay_set_psk_client_callback_invoke called, but not set to point to any perl function.\n"); + + ENTER; + SAVETMPS; + + PUSHMARK(SP); + if (hint != NULL) { + hintsv = sv_2mortal( newSVpv(hint, strlen(hint))); + XPUSHs(hintsv); + } + + PUTBACK; + + count = call_sv( cb_func, G_ARRAY ); + + SPAGAIN; + + if (count != 2) + croak ("Net::SSLeay: ssleay_set_psk_client_callback_invoke perl function did not return 2 values.\n"); + + psk_val = POPpx; + identity_val = POPpx; + + my_snprintf(identity, max_identity_len, "%s", identity_val); + + if (BN_hex2bn(&psk_bn, psk_val) > 0) { + if (BN_num_bytes(psk_bn) <= max_psk_len) { + psk_len = BN_bn2bin(psk_bn, psk); + } + BN_free(psk_bn); + } + + PUTBACK; + FREETMPS; + LEAVE; + + return psk_len; +} + +unsigned int ssleay_ctx_set_psk_client_callback_invoke(SSL *ssl, const char *hint, + char *identity, unsigned int max_identity_len, + unsigned char *psk, unsigned int max_psk_len) +{ + dSP; + SSL_CTX *ctx; + int count = -1; + char *identity_val, *psk_val; + unsigned int psk_len = 0; + BIGNUM *psk_bn = NULL; + SV * cb_func; + SV * hintsv; + /* this n_a is required for building with old perls: */ + STRLEN n_a; + + ctx = SSL_get_SSL_CTX(ssl); + + PR1("STARTED: ssleay_ctx_set_psk_client_callback_invoke\n"); + cb_func = cb_data_advanced_get(ctx, "ssleay_ctx_set_psk_client_callback!!func"); + + if(!SvOK(cb_func)) + croak ("Net::SSLeay: ssleay_ctx_set_psk_client_callback_invoke called, but not set to point to any perl function.\n"); + + ENTER; + SAVETMPS; + + PUSHMARK(SP); + if (hint != NULL) { + hintsv = sv_2mortal( newSVpv(hint, strlen(hint))); + XPUSHs(hintsv); + } + + PUTBACK; + + count = call_sv( cb_func, G_ARRAY ); + + SPAGAIN; + + if (count != 2) + croak ("Net::SSLeay: ssleay_ctx_set_psk_client_callback_invoke perl function did not return 2 values.\n"); + + psk_val = POPpx; + identity_val = POPpx; + + my_snprintf(identity, max_identity_len, "%s", identity_val); + + if (BN_hex2bn(&psk_bn, psk_val) > 0) { + if (BN_num_bytes(psk_bn) <= max_psk_len) { + psk_len = BN_bn2bin(psk_bn, psk); + } + BN_free(psk_bn); + } + + PUTBACK; + FREETMPS; + LEAVE; + + return psk_len; +} + +#endif + +#if (OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG)) || (OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT)) + +int next_proto_helper_AV2protodata(AV * list, unsigned char *out) +{ + int i, last_index, ptr = 0; + last_index = av_len(list); + if (last_index<0) return 0; + for(i=0; i<=last_index; i++) { + char *p = SvPV_nolen(*av_fetch(list, i, 0)); + size_t len = strlen(p); + if (len>255) return 0; + if (out) { + /* if out == NULL we only calculate the length of output */ + out[ptr] = (unsigned char)len; + strncpy((char*)out+ptr+1, p, len); + } + ptr += strlen(p) + 1; + } + return ptr; +} + +int next_proto_helper_protodata2AV(AV * list, const unsigned char *in, unsigned int inlen) +{ + unsigned int i = 0; + unsigned char il; + if (!list || inlen<2) return 0; + while (i inlen) return 0; + av_push(list, newSVpv((const char*)in+i, il)); + i += il; + } + return 1; +} + +#endif + +#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) && !defined(LIBRESSL_VERSION_NUMBER) + +int next_proto_select_cb_invoke(SSL *ssl, unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, void *arg) +{ + SV *cb_func, *cb_data; + unsigned char *next_proto_data; + size_t next_proto_len; + int next_proto_status; + SSL_CTX *ctx = SSL_get_SSL_CTX(ssl); + /* this n_a is required for building with old perls: */ + STRLEN n_a; + + PR1("STARTED: next_proto_select_cb_invoke\n"); + cb_func = cb_data_advanced_get(ctx, "next_proto_select_cb!!func"); + cb_data = cb_data_advanced_get(ctx, "next_proto_select_cb!!data"); + /* clear last_status value = store undef */ + cb_data_advanced_put(ssl, "next_proto_select_cb!!last_status", NULL); + cb_data_advanced_put(ssl, "next_proto_select_cb!!last_negotiated", NULL); + + if (SvROK(cb_func) && (SvTYPE(SvRV(cb_func)) == SVt_PVCV)) { + int count = -1; + AV *list = newAV(); + SV *tmpsv; + dSP; + + if (!next_proto_helper_protodata2AV(list, in, inlen)) return SSL_TLSEXT_ERR_ALERT_FATAL; + + ENTER; + SAVETMPS; + PUSHMARK(SP); + XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl)))); + XPUSHs(sv_2mortal(newRV_inc((SV*)list))); + XPUSHs(sv_2mortal(newSVsv(cb_data))); + PUTBACK; + count = call_sv( cb_func, G_ARRAY ); + SPAGAIN; + if (count != 2) + croak ("Net::SSLeay: next_proto_select_cb_invoke perl function did not return 2 values.\n"); + next_proto_data = (unsigned char*)POPpx; + next_proto_status = POPi; + + next_proto_len = strlen((const char*)next_proto_data); + if (next_proto_len<=255) { + /* store last_status + last_negotiated into global hash */ + cb_data_advanced_put(ssl, "next_proto_select_cb!!last_status", newSViv(next_proto_status)); + tmpsv = newSVpv((const char*)next_proto_data, next_proto_len); + cb_data_advanced_put(ssl, "next_proto_select_cb!!last_negotiated", tmpsv); + *out = (unsigned char *)SvPVX(tmpsv); + *outlen = next_proto_len; + } + + PUTBACK; + FREETMPS; + LEAVE; + + return next_proto_len>255 ? SSL_TLSEXT_ERR_ALERT_FATAL : SSL_TLSEXT_ERR_OK; + } + else if (SvROK(cb_data) && (SvTYPE(SvRV(cb_data)) == SVt_PVAV)) { + next_proto_len = next_proto_helper_AV2protodata((AV*)SvRV(cb_data), NULL); + Newx(next_proto_data, next_proto_len, unsigned char); + if (!next_proto_data) return SSL_TLSEXT_ERR_ALERT_FATAL; + next_proto_len = next_proto_helper_AV2protodata((AV*)SvRV(cb_data), next_proto_data); + + next_proto_status = SSL_select_next_proto(out, outlen, in, inlen, next_proto_data, next_proto_len); + Safefree(next_proto_data); + if (next_proto_status != OPENSSL_NPN_NEGOTIATED) { + *outlen = *in; + *out = (unsigned char *)in+1; + } + + /* store last_status + last_negotiated into global hash */ + cb_data_advanced_put(ssl, "next_proto_select_cb!!last_status", newSViv(next_proto_status)); + cb_data_advanced_put(ssl, "next_proto_select_cb!!last_negotiated", newSVpv((const char*)*out, *outlen)); + return SSL_TLSEXT_ERR_OK; + } + return SSL_TLSEXT_ERR_ALERT_FATAL; +} + +int next_protos_advertised_cb_invoke(SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg_unused) +{ + SV *cb_func, *cb_data; + unsigned char *protodata = NULL; + unsigned short protodata_len = 0; + SV *tmpsv; + AV *tmpav; + SSL_CTX *ctx = SSL_get_SSL_CTX(ssl); + + PR1("STARTED: next_protos_advertised_cb_invoke"); + cb_func = cb_data_advanced_get(ctx, "next_protos_advertised_cb!!func"); + cb_data = cb_data_advanced_get(ctx, "next_protos_advertised_cb!!data"); + + if (SvROK(cb_func) && (SvTYPE(SvRV(cb_func)) == SVt_PVCV)) { + int count = -1; + dSP; + ENTER; + SAVETMPS; + PUSHMARK(SP); + XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl)))); + XPUSHs(sv_2mortal(newSVsv(cb_data))); + PUTBACK; + count = call_sv( cb_func, G_SCALAR ); + SPAGAIN; + if (count != 1) + croak ("Net::SSLeay: next_protos_advertised_cb_invoke perl function did not return scalar value.\n"); + tmpsv = POPs; + if (SvOK(tmpsv) && SvROK(tmpsv) && (SvTYPE(SvRV(tmpsv)) == SVt_PVAV)) { + tmpav = (AV*)SvRV(tmpsv); + protodata_len = next_proto_helper_AV2protodata(tmpav, NULL); + Newx(protodata, protodata_len, unsigned char); + if (protodata) next_proto_helper_AV2protodata(tmpav, protodata); + } + PUTBACK; + FREETMPS; + LEAVE; + } + else if (SvROK(cb_data) && (SvTYPE(SvRV(cb_data)) == SVt_PVAV)) { + tmpav = (AV*)SvRV(cb_data); + protodata_len = next_proto_helper_AV2protodata(tmpav, NULL); + Newx(protodata, protodata_len, unsigned char); + if (protodata) next_proto_helper_AV2protodata(tmpav, protodata); + } + if (protodata) { + tmpsv = newSVpv((const char*)protodata, protodata_len); + Safefree(protodata); + cb_data_advanced_put(ssl, "next_protos_advertised_cb!!last_advertised", tmpsv); + *out = (unsigned char *)SvPVX(tmpsv); + *outlen = protodata_len; + return SSL_TLSEXT_ERR_OK; + } + return SSL_TLSEXT_ERR_ALERT_FATAL; +} + +#endif + +#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT) + +int alpn_select_cb_invoke(SSL *ssl, const unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, void *arg) +{ + SV *cb_func, *cb_data; + unsigned char *alpn_data; + size_t alpn_len; + SSL_CTX *ctx = SSL_get_SSL_CTX(ssl); + + PR1("STARTED: alpn_select_cb_invoke\n"); + cb_func = cb_data_advanced_get(ctx, "alpn_select_cb!!func"); + cb_data = cb_data_advanced_get(ctx, "alpn_select_cb!!data"); + + if (SvROK(cb_func) && (SvTYPE(SvRV(cb_func)) == SVt_PVCV)) { + int count = -1; + AV *list = newAV(); + SV *tmpsv; + SV *alpn_data_sv; + dSP; + + if (!next_proto_helper_protodata2AV(list, in, inlen)) return SSL_TLSEXT_ERR_ALERT_FATAL; + + ENTER; + SAVETMPS; + PUSHMARK(SP); + XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl)))); + XPUSHs(sv_2mortal(newRV_inc((SV*)list))); + XPUSHs(sv_2mortal(newSVsv(cb_data))); + PUTBACK; + count = call_sv( cb_func, G_ARRAY ); + SPAGAIN; + if (count != 1) + croak ("Net::SSLeay: alpn_select_cb perl function did not return exactly 1 value.\n"); + alpn_data_sv = POPs; + if (SvOK(alpn_data_sv)) { + alpn_data = (unsigned char*)SvPV_nolen(alpn_data_sv); + alpn_len = strlen((const char*)alpn_data); + if (alpn_len <= 255) { + tmpsv = newSVpv((const char*)alpn_data, alpn_len); + *out = (unsigned char *)SvPVX(tmpsv); + *outlen = alpn_len; + } + } else { + alpn_data = NULL; + alpn_len = 0; + } + PUTBACK; + FREETMPS; + LEAVE; + + if (alpn_len>255) return SSL_TLSEXT_ERR_ALERT_FATAL; + return alpn_data ? SSL_TLSEXT_ERR_OK : SSL_TLSEXT_ERR_NOACK; + } + else if (SvROK(cb_data) && (SvTYPE(SvRV(cb_data)) == SVt_PVAV)) { + int status; + + alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(cb_data), NULL); + Newx(alpn_data, alpn_len, unsigned char); + if (!alpn_data) return SSL_TLSEXT_ERR_ALERT_FATAL; + alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(cb_data), alpn_data); + + /* This is the same function that is used for NPN. */ + status = SSL_select_next_proto((unsigned char **)out, outlen, in, inlen, alpn_data, alpn_len); + Safefree(alpn_data); + if (status != OPENSSL_NPN_NEGOTIATED) { + *outlen = *in; + *out = in+1; + } + return status == OPENSSL_NPN_NEGOTIATED ? SSL_TLSEXT_ERR_OK : SSL_TLSEXT_ERR_NOACK; + } + return SSL_TLSEXT_ERR_ALERT_FATAL; +} + +#endif + +int pem_password_cb_invoke(char *buf, int bufsize, int rwflag, void *data) { + dSP; + char *str; + int count = -1; + size_t str_len = 0; + simple_cb_data_t* cb = (simple_cb_data_t*)data; + /* this n_a is required for building with old perls: */ + STRLEN n_a; + + PR1("STARTED: pem_password_cb_invoke\n"); + if (cb->func && SvOK(cb->func)) { + ENTER; + SAVETMPS; + + PUSHMARK(sp); + + XPUSHs(sv_2mortal( newSViv(bufsize-1) )); + XPUSHs(sv_2mortal( newSViv(rwflag) )); + if (cb->data) XPUSHs( cb->data ); + + PUTBACK; + + count = call_sv( cb->func, G_SCALAR ); + + SPAGAIN; + + buf[0] = 0; /* start with an empty password */ + if (count != 1) { + croak("Net::SSLeay: pem_password_cb_invoke perl function did not return a scalar.\n"); + } + else { + str = POPpx; + str_len = strlen(str); + if (str_len+1 < bufsize) { + strcpy(buf, str); + } + else { + str_len = 0; + warn("Net::SSLeay: pem_password_cb_invoke password too long\n"); + } + } + + PUTBACK; + FREETMPS; + LEAVE; + } + return str_len; +} + +void ssleay_RSA_generate_key_cb_invoke(int i, int n, void* data) +{ + dSP; + int count = -1; + simple_cb_data_t* cb = (simple_cb_data_t*)data; + + /* PR1("STARTED: ssleay_RSA_generate_key_cb_invoke\n"); / * too noisy */ + if (cb->func && SvOK(cb->func)) { + ENTER; + SAVETMPS; + + PUSHMARK(sp); + + XPUSHs(sv_2mortal( newSViv(i) )); + XPUSHs(sv_2mortal( newSViv(n) )); + if (cb->data) XPUSHs( cb->data ); + + PUTBACK; + + count = call_sv( cb->func, G_VOID|G_DISCARD ); + + if (count != 0) + croak ("Net::SSLeay: ssleay_RSA_generate_key_cb_invoke " + "perl function did return something in void context.\n"); + + SPAGAIN; + FREETMPS; + LEAVE; + } +} + +void ssleay_info_cb_invoke(const SSL *ssl, int where, int ret) +{ + dSP; + SV *cb_func, *cb_data; + + cb_func = cb_data_advanced_get((void*)ssl, "ssleay_info_cb!!func"); + cb_data = cb_data_advanced_get((void*)ssl, "ssleay_info_cb!!data"); + + if ( ! SvROK(cb_func) || (SvTYPE(SvRV(cb_func)) != SVt_PVCV)) + croak ("Net::SSLeay: ssleay_info_cb_invoke called, but not set to point to any perl function.\n"); + + ENTER; + SAVETMPS; + + PUSHMARK(SP); + XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl)))); + XPUSHs(sv_2mortal(newSViv(where)) ); + XPUSHs(sv_2mortal(newSViv(ret)) ); + XPUSHs(sv_2mortal(newSVsv(cb_data))); + PUTBACK; + + call_sv(cb_func, G_VOID); + + SPAGAIN; + PUTBACK; + FREETMPS; + LEAVE; +} + +void ssleay_ctx_info_cb_invoke(const SSL *ssl, int where, int ret) +{ + dSP; + SV *cb_func, *cb_data; + SSL_CTX *ctx = SSL_get_SSL_CTX(ssl); + + cb_func = cb_data_advanced_get(ctx, "ssleay_ctx_info_cb!!func"); + cb_data = cb_data_advanced_get(ctx, "ssleay_ctx_info_cb!!data"); + + if ( ! SvROK(cb_func) || (SvTYPE(SvRV(cb_func)) != SVt_PVCV)) + croak ("Net::SSLeay: ssleay_ctx_info_cb_invoke called, but not set to point to any perl function.\n"); + + ENTER; + SAVETMPS; + + PUSHMARK(SP); + XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl)))); + XPUSHs(sv_2mortal(newSViv(where)) ); + XPUSHs(sv_2mortal(newSViv(ret)) ); + XPUSHs(sv_2mortal(newSVsv(cb_data))); + PUTBACK; + + call_sv(cb_func, G_VOID); + + SPAGAIN; + PUTBACK; + FREETMPS; + LEAVE; +} + +void ssleay_msg_cb_invoke(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) +{ + dSP; + SV *cb_func, *cb_data; + + cb_func = cb_data_advanced_get(ssl, "ssleay_msg_cb!!func"); + cb_data = cb_data_advanced_get(ssl, "ssleay_msg_cb!!data"); + + if ( ! SvROK(cb_func) || (SvTYPE(SvRV(cb_func)) != SVt_PVCV)) + croak ("Net::SSLeay: ssleay_msg_cb_invoke called, but not set to point to any perl function.\n"); + + ENTER; + SAVETMPS; + + PUSHMARK(SP); + XPUSHs(sv_2mortal(newSViv(write_p))); + XPUSHs(sv_2mortal(newSViv(version))); + XPUSHs(sv_2mortal(newSViv(content_type))); + XPUSHs(sv_2mortal(newSVpv((const char*)buf, len))); + XPUSHs(sv_2mortal(newSViv(len))); + XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl)))); + XPUSHs(sv_2mortal(newSVsv(cb_data))); + PUTBACK; + + call_sv(cb_func, G_VOID); + + SPAGAIN; + PUTBACK; + FREETMPS; + LEAVE; +} + +void ssleay_ctx_msg_cb_invoke(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) +{ + dSP; + SV *cb_func, *cb_data; + SSL_CTX *ctx = SSL_get_SSL_CTX(ssl); + + cb_func = cb_data_advanced_get(ctx, "ssleay_ctx_msg_cb!!func"); + cb_data = cb_data_advanced_get(ctx, "ssleay_ctx_msg_cb!!data"); + + if ( ! SvROK(cb_func) || (SvTYPE(SvRV(cb_func)) != SVt_PVCV)) + croak ("Net::SSLeay: ssleay_ctx_msg_cb_invoke called, but not set to point to any perl function.\n"); + + ENTER; + SAVETMPS; + + PUSHMARK(SP); + XPUSHs(sv_2mortal(newSViv(write_p))); + XPUSHs(sv_2mortal(newSViv(version))); + XPUSHs(sv_2mortal(newSViv(content_type))); + XPUSHs(sv_2mortal(newSVpv((const char*)buf, len))); + XPUSHs(sv_2mortal(newSViv(len))); + XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl)))); + XPUSHs(sv_2mortal(newSVsv(cb_data))); + PUTBACK; + + call_sv(cb_func, G_VOID); + + SPAGAIN; + PUTBACK; + FREETMPS; + LEAVE; +} + +/* + * Support for tlsext_ticket_key_cb_invoke was already in 0.9.8 but it was + * broken in various ways during the various 1.0.0* versions. + * Better enable it only starting with 1.0.1. +*/ +#if defined(SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB) && OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_TLSEXT) +#define NET_SSLEAY_CAN_TICKET_KEY_CB + +int tlsext_ticket_key_cb_invoke( + SSL *ssl, + unsigned char *key_name, + unsigned char *iv, + EVP_CIPHER_CTX *ectx, + HMAC_CTX *hctx, + int enc +){ + + dSP; + int count,usable_rv_count,hmac_key_len = 0; + SV *cb_func, *cb_data; + STRLEN svlen; + unsigned char key[48]; /* key[0..15] aes, key[16..32] or key[16..48] hmac */ + unsigned char name[16]; + SSL_CTX *ctx = SSL_get_SSL_CTX(ssl); + + PR1("STARTED: tlsext_ticket_key_cb_invoke\n"); + cb_func = cb_data_advanced_get(ctx, "tlsext_ticket_key_cb!!func"); + cb_data = cb_data_advanced_get(ctx, "tlsext_ticket_key_cb!!data"); + + if (!SvROK(cb_func) || (SvTYPE(SvRV(cb_func)) != SVt_PVCV)) + croak("callback must be a code reference"); + + ENTER; + SAVETMPS; + PUSHMARK(SP); + + XPUSHs(sv_2mortal(newSVsv(cb_data))); + + if (!enc) { + /* call as getkey(data,this_name) -> (key,current_name) */ + XPUSHs(sv_2mortal(newSVpv((const char *)key_name,16))); + } else { + /* call as getkey(data) -> (key,current_name) */ + } + + PUTBACK; + + count = call_sv( cb_func, G_ARRAY ); + + SPAGAIN; + + if (count>2) + croak("too much return values - only (name,key) should be returned"); + + usable_rv_count = 0; + if (count>0) { + SV *sname = POPs; + if (SvOK(sname)) { + unsigned char *pname = (unsigned char *)SvPV(sname,svlen); + if (svlen > 16) + croak("name must be at at most 16 bytes, got %d",(int)svlen); + if (svlen == 0) + croak("name should not be empty"); + OPENSSL_cleanse(name, 16); + memcpy(name,pname,svlen); + usable_rv_count++; + } + } + if (count>1) { + SV *skey = POPs; + if (SvOK(skey)) { + unsigned char *pkey = (unsigned char *)SvPV(skey,svlen); + if (svlen != 32 && svlen != 48) + croak("key must be 32 or 48 random bytes, got %d",(int)svlen); + hmac_key_len = (int)svlen - 16; + memcpy(key,pkey,(int)svlen); + usable_rv_count++; + } + } + + PUTBACK; + FREETMPS; + LEAVE; + + if (!enc && usable_rv_count == 0) { + TRACE(2,"no key returned for ticket"); + return 0; + } + if (usable_rv_count != 2) + croak("key functions needs to return (key,name)"); + + if (enc) { + /* encrypt ticket information with given key */ + RAND_bytes(iv, 16); + EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key, iv); + HMAC_Init_ex(hctx,key+16,hmac_key_len,EVP_sha256(),NULL); + memcpy(key_name,name,16); + return 1; + + } else { + HMAC_Init_ex(hctx,key+16,hmac_key_len,EVP_sha256(),NULL); + EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key, iv); + + if (memcmp(name,key_name,16) == 0) + return 1; /* current key was used */ + else + return 2; /* different key was used, need to be renewed */ + } +} + +#endif + +int ssleay_ssl_ctx_sess_new_cb_invoke(struct ssl_st *ssl, SSL_SESSION *sess) +{ + dSP; + int count, remove; + SSL_CTX *ctx; + SV *cb_func; + + PR1("STARTED: ssleay_ssl_ctx_sess_new_cb_invoke\n"); + ctx = SSL_get_SSL_CTX(ssl); + cb_func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_sess_new_cb!!func"); + + if(!SvOK(cb_func)) + croak ("Net::SSLeay: ssleay_ssl_ctx_sess_new_cb_invoke called, but not set to point to any perl function.\n"); + + ENTER; + SAVETMPS; + + PUSHMARK(sp); + XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl)))); + XPUSHs(sv_2mortal(newSViv(PTR2IV(sess)))); + PUTBACK; + + count = call_sv(cb_func, G_SCALAR); + + SPAGAIN; + + if (count != 1) + croak("Net::SSLeay: ssleay_ssl_ctx_sess_new_cb_invoke perl function did not return a scalar\n"); + + remove = POPi; + + PUTBACK; + FREETMPS; + LEAVE; + + return remove; +} + +void ssleay_ssl_ctx_sess_remove_cb_invoke(SSL_CTX *ctx, SSL_SESSION *sess) +{ + dSP; + SV *cb_func; + + PR1("STARTED: ssleay_ssl_ctx_sess_remove_cb_invoke\n"); + cb_func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_sess_remove_cb!!func"); + + if(!SvOK(cb_func)) + croak ("Net::SSLeay: ssleay_ssl_ctx_sess_remove_cb_invoke called, but not set to point to any perl function.\n"); + + ENTER; + SAVETMPS; + + PUSHMARK(sp); + XPUSHs(sv_2mortal(newSViv(PTR2IV(ctx)))); + XPUSHs(sv_2mortal(newSViv(PTR2IV(sess)))); + PUTBACK; + + call_sv(cb_func, G_VOID); + + SPAGAIN; + + PUTBACK; + FREETMPS; + LEAVE; +} + +#if OPENSSL_VERSION_NUMBER >= 0x30000000L +int ossl_provider_do_all_cb_invoke(OSSL_PROVIDER *provider, void *cbdata) { + dSP; + int ret = 1; + int count = -1; + simple_cb_data_t *cb = cbdata; + + PR1("STARTED: ossl_provider_do_all_cb_invoke\n"); + if (cb->func && SvOK(cb->func)) { + ENTER; + SAVETMPS; + + PUSHMARK(SP); + XPUSHs(sv_2mortal(newSViv(PTR2IV(provider)))); + if (cb->data) XPUSHs(cb->data); + + PUTBACK; + + count = call_sv(cb->func, G_SCALAR); + + SPAGAIN; + + if (count != 1) + croak("Net::SSLeay: ossl_provider_do_all_cb_invoke perl function did not return a scalar\n"); + + ret = POPi; + + PUTBACK; + FREETMPS; + LEAVE; + } + + return ret; +} +#endif + +#if OPENSSL_VERSION_NUMBER >= 0x10101001 && !defined(LIBRESSL_VERSION_NUMBER) +void ssl_ctx_keylog_cb_func_invoke(const SSL *ssl, const char *line) +{ + dSP; + SV *cb_func, *cb_data; + SSL_CTX *ctx = SSL_get_SSL_CTX(ssl); + + PR1("STARTED: ssl_ctx_keylog_cb_func_invoke\n"); + cb_func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_keylog_callback!!func"); + + if(!SvOK(cb_func)) + croak ("Net::SSLeay: ssl_ctx_keylog_cb_func_invoke called, but not set to point to any perl function.\n"); + + ENTER; + SAVETMPS; + + PUSHMARK(SP); + XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl)))); + XPUSHs(sv_2mortal(newSVpv(line, 0))); + + PUTBACK; + + call_sv(cb_func, G_VOID); + + SPAGAIN; + PUTBACK; + FREETMPS; + LEAVE; + + return; +} +#endif + +/* ============= end of callback stuff, begin helper functions ============== */ + +time_t ASN1_TIME_timet(ASN1_TIME *asn1t, time_t *gmtoff) { + struct tm t; + const char *p = (const char*) asn1t->data; + size_t msec = 0, tz = 0, i, l; + time_t result; + int adj = 0; + + if (asn1t->type == V_ASN1_UTCTIME) { + if (asn1t->length<12 || asn1t->length>17) return 0; + if (asn1t->length>12) tz = 12; + } else { + if (asn1t->length<14) return 0; + if (asn1t->length>14) { + if (p[14] == '.') { + msec = 14; + for(i=msec+1;ilength && p[i]>='0' && p[i]<='9';i++) ; + if (ilength) tz = i; + } else { + tz = 14; + } + } + } + + l = msec ? msec : tz ? tz : asn1t->length; + for(i=0;i'9') return 0; + } + + /* extract data and time */ + OPENSSL_cleanse(&t, sizeof(t)); + if (asn1t->type == V_ASN1_UTCTIME) { /* YY - two digit year */ + t.tm_year = (p[0]-'0')*10 + (p[1]-'0'); + if (t.tm_year < 70) t.tm_year += 100; + i=2; + } else { /* YYYY */ + t.tm_year = (p[0]-'0')*1000 + (p[1]-'0')*100 + (p[2]-'0')*10 + p[3]-'0'; + t.tm_year -= 1900; + i=4; + } + t.tm_mon = (p[i+0]-'0')*10 + (p[i+1]-'0') -1; /* MM, starts with 0 in tm */ + t.tm_mday = (p[i+2]-'0')*10 + (p[i+3]-'0'); /* DD */ + t.tm_hour = (p[i+4]-'0')*10 + (p[i+5]-'0'); /* hh */ + t.tm_min = (p[i+6]-'0')*10 + (p[i+7]-'0'); /* mm */ + t.tm_sec = (p[i+8]-'0')*10 + (p[i+9]-'0'); /* ss */ + + /* skip msec, because time_t does not support it */ + + if (tz) { + /* TZ is 'Z' or [+-]DDDD and after TZ the string must stop*/ + if (p[tz] == 'Z') { + if (asn1t->length>tz+1 ) return 0; + } else if (asn1t->lengthlength>tz+5 ) return 0; + for(i=tz+1;i'9') return 0; + } + adj = ((p[tz+1]-'0')*10 + (p[tz+2]-'0'))*3600 + + ((p[tz+3]-'0')*10 + (p[tz+4]-'0'))*60; + if (p[tz]=='+') adj*= -1; /* +0500: subtract 5 hours to get UTC */ + } + } + + result = mktime(&t); + if (result == -1) return 0; /* broken time */ + result += adj; + if (gmtoff && *gmtoff == -1) { + *gmtoff = result - mktime(gmtime(&result)); + result += *gmtoff; + } else { + result += result - mktime(gmtime(&result)); + } + return result; +} + +X509 * find_issuer(X509 *cert,X509_STORE *store, STACK_OF(X509) *chain) { + int i; + X509 *issuer = NULL; + + /* search first in the chain */ + if (chain) { + for(i=0;i= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) + +unsigned long +OpenSSL_version_num() + +const char * +OpenSSL_version(t=OPENSSL_VERSION) + int t + +#endif /* OpenSSL 1.1.0 */ + +#if (OPENSSL_VERSION_MAJOR >= 3) + +unsigned int +OPENSSL_version_major() + +unsigned int +OPENSSL_version_minor() + +unsigned int +OPENSSL_version_patch() + +const char * +OPENSSL_version_pre_release() + +const char * +OPENSSL_version_build_metadata() + +const char * +OPENSSL_info(int t) + +#endif + +#define REM1 "============= SSL CONTEXT functions ==============" + +SSL_CTX * +SSL_CTX_new() + CODE: + RETVAL = SSL_CTX_new (SSLv23_method()); + OUTPUT: + RETVAL + + +#if OPENSSL_VERSION_NUMBER < 0x10100000L +#ifndef OPENSSL_NO_SSL2 + +SSL_CTX * +SSL_CTX_v2_new() + CODE: + RETVAL = SSL_CTX_new (SSLv2_method()); + OUTPUT: + RETVAL + +#endif +#endif +#ifndef OPENSSL_NO_SSL3 + +SSL_CTX * +SSL_CTX_v3_new() + CODE: + RETVAL = SSL_CTX_new (SSLv3_method()); + OUTPUT: + RETVAL + +#endif + +SSL_CTX * +SSL_CTX_v23_new() + CODE: + RETVAL = SSL_CTX_new (SSLv23_method()); + OUTPUT: + RETVAL + +SSL_CTX * +SSL_CTX_tlsv1_new() + CODE: + RETVAL = SSL_CTX_new (TLSv1_method()); + OUTPUT: + RETVAL + +#ifdef SSL_TXT_TLSV1_1 + +SSL_CTX * +SSL_CTX_tlsv1_1_new() + CODE: + RETVAL = SSL_CTX_new (TLSv1_1_method()); + OUTPUT: + RETVAL + +#endif + +#ifdef SSL_TXT_TLSV1_2 + +SSL_CTX * +SSL_CTX_tlsv1_2_new() + CODE: + RETVAL = SSL_CTX_new (TLSv1_2_method()); + OUTPUT: + RETVAL + +#endif + +SSL_CTX * +SSL_CTX_new_with_method(meth) + SSL_METHOD * meth + CODE: + RETVAL = SSL_CTX_new (meth); + OUTPUT: + RETVAL + +void +SSL_CTX_free(ctx) + SSL_CTX * ctx + CODE: + SSL_CTX_free(ctx); + cb_data_advanced_drop(ctx); /* clean callback related data from global hash */ + +int +SSL_CTX_add_session(ctx,ses) + SSL_CTX * ctx + SSL_SESSION * ses + +int +SSL_CTX_remove_session(ctx,ses) + SSL_CTX * ctx + SSL_SESSION * ses + +void +SSL_CTX_flush_sessions(ctx,tm) + SSL_CTX * ctx + long tm + +int +SSL_CTX_set_default_verify_paths(ctx) + SSL_CTX * ctx + +int +SSL_CTX_load_verify_locations(ctx,CAfile,CApath) + SSL_CTX * ctx + char * CAfile + char * CApath + CODE: + RETVAL = SSL_CTX_load_verify_locations (ctx, + CAfile?(*CAfile?CAfile:NULL):NULL, + CApath?(*CApath?CApath:NULL):NULL + ); + OUTPUT: + RETVAL + +void +SSL_CTX_set_verify(ctx,mode,callback=&PL_sv_undef) + SSL_CTX * ctx + int mode + SV * callback + CODE: + + /* Former versions of SSLeay checked if the callback was a true boolean value + * and didn't call it if it was false. Therefor some people set the callback + * to '0' if they don't want to use it (IO::Socket::SSL for example). Therefor + * we don't execute the callback if it's value isn't something true to retain + * backwards compatibility. + */ + + if (callback==NULL || !SvOK(callback) || !SvTRUE(callback)) { + SSL_CTX_set_verify(ctx, mode, NULL); + cb_data_advanced_put(ctx, "ssleay_verify_callback!!func", NULL); + } else { + cb_data_advanced_put(ctx, "ssleay_verify_callback!!func", newSVsv(callback)); + SSL_CTX_set_verify(ctx, mode, &ssleay_verify_callback_invoke); + } + +#if OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER) + +void +SSL_CTX_set_security_level(SSL_CTX * ctx, int level) + +int +SSL_CTX_get_security_level(SSL_CTX * ctx) + +#endif + +#if OPENSSL_VERSION_NUMBER >= 0x10101007L && !defined(LIBRESSL_VERSION_NUMBER) + +int +SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets) + +size_t +SSL_CTX_get_num_tickets(SSL_CTX *ctx) + +#endif + +#if OPENSSL_VERSION_NUMBER >= 0x10101003L && !defined(LIBRESSL_VERSION_NUMBER) + +int +SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str) + +#endif + +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.1 */ + +void +SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val) + +#endif + +void +SSL_CTX_sess_set_new_cb(ctx, callback) + SSL_CTX * ctx + SV * callback + CODE: + if (callback==NULL || !SvOK(callback)) { + SSL_CTX_sess_set_new_cb(ctx, NULL); + cb_data_advanced_put(ctx, "ssleay_ssl_ctx_sess_new_cb!!func", NULL); + } + else { + cb_data_advanced_put(ctx, "ssleay_ssl_ctx_sess_new_cb!!func", newSVsv(callback)); + SSL_CTX_sess_set_new_cb(ctx, &ssleay_ssl_ctx_sess_new_cb_invoke); + } + +void +SSL_CTX_sess_set_remove_cb(ctx, callback) + SSL_CTX * ctx + SV * callback + CODE: + if (callback==NULL || !SvOK(callback)) { + SSL_CTX_sess_set_remove_cb(ctx, NULL); + cb_data_advanced_put(ctx, "ssleay_ssl_ctx_sess_remove_cb!!func", NULL); + } + else { + cb_data_advanced_put(ctx, "ssleay_ssl_ctx_sess_remove_cb!!func", newSVsv(callback)); + SSL_CTX_sess_set_remove_cb(ctx, &ssleay_ssl_ctx_sess_remove_cb_invoke); + } + +int +SSL_get_error(s,ret) + SSL * s + int ret + +#define REM10 "============= SSL functions ==============" + +SSL * +SSL_new(ctx) + SSL_CTX * ctx + +void +SSL_free(s) + SSL * s + CODE: + SSL_free(s); + cb_data_advanced_drop(s); /* clean callback related data from global hash */ + +#if 0 /* this seems to be gone in 0.9.0 */ +void +SSL_debug(file) + char * file + +#endif + +int +SSL_accept(s) + SSL * s + +void +SSL_clear(s) + SSL * s + +int +SSL_connect(s) + SSL * s + + +#if defined(WIN32) + +int +SSL_set_fd(s,fd) + SSL * s + perl_filehandle_t fd + CODE: + RETVAL = SSL_set_fd(s,_get_osfhandle(fd)); + OUTPUT: + RETVAL + +int +SSL_set_rfd(s,fd) + SSL * s + perl_filehandle_t fd + CODE: + RETVAL = SSL_set_rfd(s,_get_osfhandle(fd)); + OUTPUT: + RETVAL + +int +SSL_set_wfd(s,fd) + SSL * s + perl_filehandle_t fd + CODE: + RETVAL = SSL_set_wfd(s,_get_osfhandle(fd)); + OUTPUT: + RETVAL + +#else + +int +SSL_set_fd(s,fd) + SSL * s + perl_filehandle_t fd + +int +SSL_set_rfd(s,fd) + SSL * s + perl_filehandle_t fd + +int +SSL_set_wfd(s,fd) + SSL * s + perl_filehandle_t fd + +#endif + +int +SSL_get_fd(s) + SSL * s + +void +SSL_read(s,max=32768) + SSL * s + int max + PREINIT: + char *buf; + int got; + int succeeded = 1; + PPCODE: + New(0, buf, max, char); + + got = SSL_read(s, buf, max); + if (got <= 0 && SSL_ERROR_ZERO_RETURN != SSL_get_error(s, got)) + succeeded = 0; + + /* If in list context, return 2-item list: + * first return value: data gotten, or undef on error (got<0) + * second return value: result from SSL_read() + */ + if (GIMME_V==G_ARRAY) { + EXTEND(SP, 2); + PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0))); + PUSHs(sv_2mortal(newSViv(got))); + + /* If in scalar or void context, return data gotten, or undef on error. */ + } else { + EXTEND(SP, 1); + PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0))); + } + + Safefree(buf); + +void +SSL_peek(s,max=32768) + SSL * s + int max + PREINIT: + char *buf; + int got; + int succeeded = 1; + PPCODE: + New(0, buf, max, char); + + got = SSL_peek(s, buf, max); + if (got <= 0 && SSL_ERROR_ZERO_RETURN != SSL_get_error(s, got)) + succeeded = 0; + + /* If in list context, return 2-item list: + * first return value: data gotten, or undef on error (got<0) + * second return value: result from SSL_peek() + */ + if (GIMME_V==G_ARRAY) { + EXTEND(SP, 2); + PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0))); + PUSHs(sv_2mortal(newSViv(got))); + + /* If in scalar or void context, return data gotten, or undef on error. */ + } else { + EXTEND(SP, 1); + PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0))); + } + Safefree(buf); + +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.1 */ + +void +SSL_read_ex(s,max=32768) + SSL * s + int max + PREINIT: + char *buf; + size_t readbytes; + int succeeded; + PPCODE: + Newx(buf, max, char); + + succeeded = SSL_read_ex(s, buf, max, &readbytes); + + /* Return 2-item list: + * first return value: data gotten, or undef on error + * second return value: result from SSL_read_ex() + */ + EXTEND(SP, 2); + PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, readbytes) : newSV(0))); + PUSHs(sv_2mortal(newSViv(succeeded))); + + Safefree(buf); + + +void +SSL_peek_ex(s,max=32768) + SSL * s + int max + PREINIT: + char *buf; + size_t readbytes; + int succeeded; + PPCODE: + Newx(buf, max, char); + + succeeded = SSL_peek_ex(s, buf, max, &readbytes); + + /* Return 2-item list: + * first return value: data gotten, or undef on error + * second return value: result from SSL_peek_ex() + */ + EXTEND(SP, 2); + PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, readbytes) : newSV(0))); + PUSHs(sv_2mortal(newSViv(succeeded))); + + Safefree(buf); + +void +SSL_write_ex(s,buf) + SSL * s + PREINIT: + STRLEN len; + size_t written; + int succeeded; + INPUT: + char * buf = SvPV( ST(1), len); + PPCODE: + succeeded = SSL_write_ex(s, buf, len, &written); + + /* Return 2-item list: + * first return value: data gotten, or undef on error + * second return value: result from SSL_read_ex() + */ + EXTEND(SP, 2); + PUSHs(sv_2mortal(newSVuv(written))); + PUSHs(sv_2mortal(newSViv(succeeded))); + +#endif + +int +SSL_write(s,buf) + SSL * s + PREINIT: + STRLEN len; + INPUT: + char * buf = SvPV( ST(1), len); + CODE: + RETVAL = SSL_write (s, buf, (int)len); + OUTPUT: + RETVAL + +int +SSL_write_partial(s,from,count,buf) + SSL * s + int from + int count + PREINIT: + STRLEN ulen; + IV len; + INPUT: + char * buf = SvPV( ST(3), ulen); + CODE: + /* + if (SvROK( ST(3) )) { + SV* t = SvRV( ST(3) ); + buf = SvPV( t, len); + } else + buf = SvPV( ST(3), len); + */ + PR4("write_partial from=%d count=%d len=%lu\n",from,count,ulen); + /*PR2("buf='%s'\n",&buf[from]); / * too noisy */ + len = (IV)ulen; + len -= from; + if (len < 0) { + croak("from beyound end of buffer"); + RETVAL = -1; + } else + RETVAL = SSL_write (s, &(buf[from]), (count<=len)?count:len); + OUTPUT: + RETVAL + +int +SSL_use_RSAPrivateKey(s,rsa) + SSL * s + RSA * rsa + +int +SSL_use_RSAPrivateKey_ASN1(s,d,len) + SSL * s + unsigned char * d + long len + +int +SSL_use_RSAPrivateKey_file(s,file,type) + SSL * s + char * file + int type + +int +SSL_CTX_use_RSAPrivateKey_file(ctx,file,type) + SSL_CTX * ctx + char * file + int type + +int +SSL_use_PrivateKey(s,pkey) + SSL * s + EVP_PKEY * pkey + +int +SSL_use_PrivateKey_ASN1(pk,s,d,len) + int pk + SSL * s + unsigned char * d + long len + +int +SSL_use_PrivateKey_file(s,file,type) + SSL * s + char * file + int type + +int +SSL_CTX_use_PrivateKey_file(ctx,file,type) + SSL_CTX * ctx + char * file + int type + +int +SSL_use_certificate(s,x) + SSL * s + X509 * x + +int +SSL_use_certificate_ASN1(s,d,len) + SSL * s + unsigned char * d + long len + +int +SSL_use_certificate_file(s,file,type) + SSL * s + char * file + int type + +int +SSL_CTX_use_certificate_file(ctx,file,type) + SSL_CTX * ctx + char * file + int type + +const char * +SSL_state_string(s) + SSL * s + +const char * +SSL_rstate_string(s) + SSL * s + +const char * +SSL_state_string_long(s) + SSL * s + +const char * +SSL_rstate_string_long(s) + SSL * s + + +long +SSL_get_time(ses) + SSL_SESSION * ses + +long +SSL_set_time(ses,t) + SSL_SESSION * ses + long t + +long +SSL_get_timeout(ses) + SSL_SESSION * ses + +long +SSL_set_timeout(ses,t) + SSL_SESSION * ses + long t + +void +SSL_copy_session_id(to,from) + SSL * to + SSL * from + +void +SSL_set_read_ahead(s,yes=1) + SSL * s + int yes + +int +SSL_get_read_ahead(s) + SSL * s + +int +SSL_pending(s) + SSL * s + +#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.0 */ + +int +SSL_has_pending(s) + SSL * s + +#endif + +int +SSL_CTX_set_cipher_list(s,str) + SSL_CTX * s + char * str + +void +SSL_get_ciphers(s) + SSL * s + PREINIT: + STACK_OF(SSL_CIPHER) *sk = NULL; + const SSL_CIPHER *c; + int i; + PPCODE: + sk = SSL_get_ciphers(s); + if( sk == NULL ) { + XSRETURN_EMPTY; + } + for (i=0; i= 0x10101001L && !defined(LIBRESSL_VERSION_NUMBER) + +int +SSL_SESSION_is_resumable(ses) + SSL_SESSION * ses + +SSL_SESSION * +SSL_SESSION_dup(sess) + SSL_SESSION * sess + +#endif +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.1 */ + +void +SSL_set_post_handshake_auth(SSL *ssl, int val) + +int +SSL_verify_client_post_handshake(SSL *ssl) + +#endif + +void +i2d_SSL_SESSION(sess) + SSL_SESSION * sess + PPCODE: + STRLEN len; + unsigned char *pc,*pi; + if (!(len = i2d_SSL_SESSION(sess,NULL))) croak("invalid SSL_SESSION"); + Newx(pc,len,unsigned char); + if (!pc) croak("out of memory"); + pi = pc; + i2d_SSL_SESSION(sess,&pi); + XPUSHs(sv_2mortal(newSVpv((char*)pc,len))); + Safefree(pc); + + +SSL_SESSION * +d2i_SSL_SESSION(pv) + SV *pv + CODE: + RETVAL = NULL; + if (SvPOK(pv)) { + const unsigned char *p; + STRLEN len; + p = (unsigned char*)SvPV(pv,len); + RETVAL = d2i_SSL_SESSION(NULL,&p,len); + } + OUTPUT: + RETVAL + +#if (OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) + +int +SSL_SESSION_up_ref(sess) + SSL_SESSION * sess + +#endif + +int +SSL_set_session(to,ses) + SSL * to + SSL_SESSION * ses + +#define REM30 "SSLeay-0.9.0 defines these as macros. I expand them here for safety's sake" + +SSL_SESSION * +SSL_get_session(s) + SSL * s + ALIAS: + SSL_get0_session = 1 + +SSL_SESSION * +SSL_get1_session(s) + SSL * s + +X509 * +SSL_get_certificate(s) + SSL * s + +SSL_CTX * +SSL_get_SSL_CTX(s) + SSL * s + +#if OPENSSL_VERSION_NUMBER >= 0x0090806fL + +SSL_CTX * +SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) + +#endif + +long +SSL_ctrl(ssl,cmd,larg,parg) + SSL * ssl + int cmd + long larg + char * parg + +long +SSL_CTX_ctrl(ctx,cmd,larg,parg) + SSL_CTX * ctx + int cmd + long larg + char * parg + +#ifdef NET_SSLEAY_32BIT_CONSTANTS + +long +SSL_get_options(ssl) + SSL * ssl + +long +SSL_set_options(ssl,op) + SSL * ssl + long op + +long +SSL_CTX_get_options(ctx) + SSL_CTX * ctx + +long +SSL_CTX_set_options(ctx,op) + SSL_CTX * ctx + long op + +#else + +uint64_t +SSL_get_options(ssl) + SSL * ssl + +uint64_t +SSL_set_options(ssl,op) + SSL * ssl + uint64_t op + +uint64_t +SSL_CTX_get_options(ctx) + SSL_CTX * ctx + +uint64_t +SSL_CTX_set_options(ctx,op) + SSL_CTX * ctx + uint64_t op + +#endif + +#if OPENSSL_VERSION_NUMBER >= 0x10000000L + +struct lhash_st_SSL_SESSION * +SSL_CTX_sessions(ctx) + SSL_CTX * ctx + +#else + +LHASH * +SSL_CTX_sessions(ctx) + SSL_CTX * ctx + CODE: + /* NOTE: This should be deprecated. Corresponding macro was removed from ssl.h as of 0.9.2 */ + if (ctx == NULL) croak("NULL SSL context passed as argument."); + RETVAL = ctx -> sessions; + OUTPUT: + RETVAL + +#endif + +unsigned long +SSL_CTX_sess_number(ctx) + SSL_CTX * ctx + +int +SSL_CTX_sess_connect(ctx) + SSL_CTX * ctx + +int +SSL_CTX_sess_connect_good(ctx) + SSL_CTX * ctx + +int +SSL_CTX_sess_connect_renegotiate(ctx) + SSL_CTX * ctx + +int +SSL_CTX_sess_accept(ctx) + SSL_CTX * ctx + +int +SSL_CTX_sess_accept_renegotiate(ctx) + SSL_CTX * ctx + +int +SSL_CTX_sess_accept_good(ctx) + SSL_CTX * ctx + +int +SSL_CTX_sess_hits(ctx) + SSL_CTX * ctx + +int +SSL_CTX_sess_cb_hits(ctx) + SSL_CTX * ctx + +int +SSL_CTX_sess_misses(ctx) + SSL_CTX * ctx + +int +SSL_CTX_sess_timeouts(ctx) + SSL_CTX * ctx + +int +SSL_CTX_sess_cache_full(ctx) + SSL_CTX * ctx + +int +SSL_CTX_sess_get_cache_size(ctx) + SSL_CTX * ctx + +long +SSL_CTX_sess_set_cache_size(ctx,size) + SSL_CTX * ctx + int size + +int +SSL_want(s) + SSL * s + + # OpenSSL 1.1.1 documents SSL_in_init and the related functions as + # returning 0 or 1. However, older versions and e.g. LibreSSL may + # return other values than 1 which we fold to 1. +int +SSL_in_before(s) + SSL * s + CODE: + RETVAL = SSL_in_before(s) == 0 ? 0 : 1; + OUTPUT: + RETVAL + +int +SSL_is_init_finished(s) + SSL * s + CODE: + RETVAL = SSL_is_init_finished(s) == 0 ? 0 : 1; + OUTPUT: + RETVAL + +int +SSL_in_init(s) + SSL * s + CODE: + RETVAL = SSL_in_init(s) == 0 ? 0 : 1; + OUTPUT: + RETVAL + +int +SSL_in_connect_init(s) + SSL * s + CODE: + RETVAL = SSL_in_connect_init(s) == 0 ? 0 : 1; + OUTPUT: + RETVAL + +int +SSL_in_accept_init(s) + SSL * s + CODE: + RETVAL = SSL_in_accept_init(s) == 0 ? 0 : 1; + OUTPUT: + RETVAL + +#if OPENSSL_VERSION_NUMBER < 0x10100000L +int +SSL_state(s) + SSL * s + +int +SSL_get_state(ssl) + SSL * ssl + CODE: + RETVAL = SSL_state(ssl); + OUTPUT: + RETVAL + + +#else +int +SSL_state(s) + SSL * s + CODE: + RETVAL = SSL_get_state(s); + OUTPUT: + RETVAL + + +int +SSL_get_state(s) + SSL * s + +#endif +#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) + +long +SSL_set_tlsext_host_name(SSL *ssl, const char *name) + +const char * +SSL_get_servername(const SSL *s, int type=TLSEXT_NAMETYPE_host_name) + +int +SSL_get_servername_type(const SSL *s) + +void +SSL_CTX_set_tlsext_servername_callback(ctx,callback=&PL_sv_undef,data=&PL_sv_undef) + SSL_CTX * ctx + SV * callback + SV * data + CODE: + if (callback==NULL || !SvOK(callback)) { + SSL_CTX_set_tlsext_servername_callback(ctx, NULL); + SSL_CTX_set_tlsext_servername_arg(ctx, NULL); + cb_data_advanced_put(ctx, "tlsext_servername_callback!!data", NULL); + cb_data_advanced_put(ctx, "tlsext_servername_callback!!func", NULL); + } else { + cb_data_advanced_put(ctx, "tlsext_servername_callback!!data", newSVsv(data)); + cb_data_advanced_put(ctx, "tlsext_servername_callback!!func", newSVsv(callback)); + SSL_CTX_set_tlsext_servername_callback(ctx, &tlsext_servername_callback_invoke); + SSL_CTX_set_tlsext_servername_arg(ctx, (void*)ctx); + } + +#endif + +#if OPENSSL_VERSION_NUMBER >= 0x1010006fL /* In OpenSSL 1.1.0 but actually called for $ssl starting from 1.1.0f */ +#ifndef LIBRESSL_VERSION_NUMBER +#ifndef OPENSSL_IS_BORINGSSL +void +SSL_set_default_passwd_cb(ssl,callback=&PL_sv_undef) + SSL * ssl + SV * callback + CODE: + if (callback==NULL || !SvOK(callback)) { + SSL_set_default_passwd_cb(ssl, NULL); + SSL_set_default_passwd_cb_userdata(ssl, NULL); + cb_data_advanced_put(ssl, "ssleay_ssl_passwd_cb!!func", NULL); + } + else { + cb_data_advanced_put(ssl, "ssleay_ssl_passwd_cb!!func", newSVsv(callback)); + SSL_set_default_passwd_cb_userdata(ssl, (void*)ssl); + SSL_set_default_passwd_cb(ssl, &ssleay_ssl_passwd_cb_invoke); + } + +void +SSL_set_default_passwd_cb_userdata(ssl,data=&PL_sv_undef) + SSL * ssl + SV * data + CODE: + /* SSL_set_default_passwd_cb_userdata is set in SSL_set_default_passwd_cb */ + if (data==NULL || !SvOK(data)) { + cb_data_advanced_put(ssl, "ssleay_ssl_passwd_cb!!data", NULL); + } + else { + cb_data_advanced_put(ssl, "ssleay_ssl_passwd_cb!!data", newSVsv(data)); + } + +#endif /* !BoringSSL */ +#endif /* !LibreSSL */ +#endif /* >= 1.1.0f */ + +#if OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER) + +void +SSL_set_security_level(SSL * ssl, int level) + +int +SSL_get_security_level(SSL * ssl) + +#endif + +#if OPENSSL_VERSION_NUMBER >= 0x10101007L && !defined(LIBRESSL_VERSION_NUMBER) + +int +SSL_set_num_tickets(SSL *ssl, size_t num_tickets) + +size_t +SSL_get_num_tickets(SSL *ssl) + +#endif + +#if OPENSSL_VERSION_NUMBER >= 0x10101003L && !defined(LIBRESSL_VERSION_NUMBER) + +int +SSL_set_ciphersuites(SSL *ssl, const char *str) + +#endif + +const BIO_METHOD * +BIO_f_ssl() + +const BIO_METHOD * +BIO_s_mem() + +unsigned long +ERR_get_error() + +unsigned long +ERR_peek_error() + +void +ERR_put_error(lib,func,reason,file,line) + int lib + int func + int reason + char * file + int line + +void +ERR_clear_error() + +char * +ERR_error_string(error,buf=NULL) + unsigned long error + char * buf + CODE: + RETVAL = ERR_error_string(error,buf); + OUTPUT: + RETVAL + +void +SSL_load_error_strings() + +void +ERR_load_crypto_strings() + +int +SSL_FIPS_mode_set(int onoff) + CODE: +#ifdef USE_ITHREADS + MUTEX_LOCK(&LIB_init_mutex); +#endif +#ifdef OPENSSL_FIPS + RETVAL = FIPS_mode_set(onoff); + if (!RETVAL) + { + ERR_load_crypto_strings(); + ERR_print_errors_fp(stderr); + } +#else + RETVAL = 1; + fprintf(stderr, "SSL_FIPS_mode_set not available: OpenSSL not compiled with FIPS support\n"); +#endif +#ifdef USE_ITHREADS + MUTEX_UNLOCK(&LIB_init_mutex); +#endif + OUTPUT: + RETVAL + + +int +SSL_library_init() + ALIAS: + SSLeay_add_ssl_algorithms = 1 + OpenSSL_add_ssl_algorithms = 2 + add_ssl_algorithms = 3 + CODE: +#ifdef USE_ITHREADS + MUTEX_LOCK(&LIB_init_mutex); +#endif + RETVAL = 0; + if (!LIB_initialized) { + RETVAL = SSL_library_init(); + LIB_initialized = 1; + } +#ifdef USE_ITHREADS + MUTEX_UNLOCK(&LIB_init_mutex); +#endif + OUTPUT: + RETVAL + +#if OPENSSL_VERSION_NUMBER >= 0x0090700fL +#define REM5 "NOTE: requires 0.9.7+" +#ifndef OPENSSL_NO_ENGINE + +void +ENGINE_load_builtin_engines() + +void +ENGINE_register_all_complete() + +ENGINE* +ENGINE_by_id(id) + char * id + +int +ENGINE_set_default(e, flags) + ENGINE * e + int flags + +#endif /* OPENSSL_NO_ENGINE */ +#endif + +void +ERR_load_SSL_strings() + +void +ERR_load_RAND_strings() + +int +RAND_bytes(buf, num) + SV *buf + int num + PREINIT: + int rc; + unsigned char *random; + CODE: + New(0, random, num, unsigned char); + rc = RAND_bytes(random, num); + sv_setpvn(buf, (const char*)random, num); + Safefree(random); + RETVAL = rc; + OUTPUT: + RETVAL + +#if OPENSSL_VERSION_NUMBER >= 0x10101001L && !defined(LIBRESSL_VERSION_NUMBER) + +int +RAND_priv_bytes(buf, num) + SV *buf + int num + PREINIT: + int rc; + unsigned char *random; + CODE: + New(0, random, num, unsigned char); + rc = RAND_priv_bytes(random, num); + sv_setpvn(buf, (const char*)random, num); + Safefree(random); + RETVAL = rc; + OUTPUT: + RETVAL + +#endif + +int +RAND_pseudo_bytes(buf, num) + SV *buf + int num + PREINIT: + int rc; + unsigned char *random; + CODE: + New(0, random, num, unsigned char); + rc = RAND_pseudo_bytes(random, num); + sv_setpvn(buf, (const char*)random, num); + Safefree(random); + RETVAL = rc; + OUTPUT: + RETVAL + +void +RAND_add(buf, num, entropy) + SV *buf + int num + double entropy + PREINIT: + STRLEN len; + CODE: + RAND_add((const void *)SvPV(buf, len), num, entropy); + +int +RAND_poll() + +int +RAND_status() + +SV * +RAND_file_name(num) + size_t num + PREINIT: + char *buf; + CODE: + Newxz(buf, num, char); + if (!RAND_file_name(buf, num)) { + Safefree(buf); + XSRETURN_UNDEF; + } + RETVAL = newSVpv(buf, 0); + Safefree(buf); + OUTPUT: + RETVAL + +void +RAND_seed(buf) + PREINIT: + STRLEN len; + INPUT: + char * buf = SvPV( ST(1), len); + CODE: + RAND_seed (buf, (int)len); + +void +RAND_cleanup() + +int +RAND_load_file(file_name, how_much) + char * file_name + int how_much + +int +RAND_write_file(file_name) + char * file_name + +#define REM40 "Minimal X509 stuff..., this is a bit ugly and should be put in its own modules Net::SSLeay::X509.pm" + +#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2050000fL) + +int +X509_check_host(X509 *cert, const char *name, unsigned int flags = 0, SV *peername = &PL_sv_undef) + PREINIT: + char *c_peername = NULL; + CODE: + RETVAL = X509_check_host(cert, name, 0, flags, (items == 4) ? &c_peername : NULL); + if (items == 4) + sv_setpv(peername, c_peername); + OUTPUT: + RETVAL + CLEANUP: + if (c_peername) + OPENSSL_free(c_peername); + +int +X509_check_email(X509 *cert, const char *address, unsigned int flags = 0) + CODE: + RETVAL = X509_check_email(cert, address, 0, flags); + OUTPUT: + RETVAL + +int +X509_check_ip(X509 *cert, SV *address, unsigned int flags = 0) + PREINIT: + unsigned char *c_address; + size_t addresslen; + CODE: + c_address = (unsigned char *)SvPV(address, addresslen); + RETVAL = X509_check_ip(cert, c_address, addresslen, flags); + OUTPUT: + RETVAL + +int +X509_check_ip_asc(X509 *cert, const char *address, unsigned int flags = 0) + +#endif + +X509_NAME* +X509_get_issuer_name(cert) + X509 * cert + +X509_NAME* +X509_get_subject_name(cert) + X509 * cert + +void * +X509_get_ex_data(cert,idx) + X509 * cert + int idx + +int +X509_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL) + long argl + void * argp + CRYPTO_EX_new * new_func + CRYPTO_EX_dup * dup_func + CRYPTO_EX_free * free_func + +void * +X509_get_app_data(cert) + X509 * cert + CODE: + RETVAL = X509_get_ex_data(cert,0); + OUTPUT: + RETVAL + +int +X509_set_ex_data(cert,idx,data) + X509 * cert + int idx + void * data + +int +X509_set_app_data(cert,arg) + X509 * cert + char * arg + CODE: + RETVAL = X509_set_ex_data(cert,0,arg); + OUTPUT: + RETVAL + +int +X509_set_issuer_name(X509 *x, X509_NAME *name) + +int +X509_set_subject_name(X509 *x, X509_NAME *name) + +int +X509_set_version(X509 *x, long version) + +int +X509_set_pubkey(X509 *x, EVP_PKEY *pkey) + +long +X509_get_version(X509 *x) + +EVP_PKEY * +X509_get_pubkey(X509 *x) + +ASN1_INTEGER * +X509_get_serialNumber(X509 *x) + +#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2080100fL) + +const ASN1_INTEGER * +X509_get0_serialNumber(const X509 *x) + +#endif + +int +X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial) + +int +X509_certificate_type(X509 *x, EVP_PKEY *pubkey=NULL); + +int +X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) + +int +X509_verify(X509 *x, EVP_PKEY *r) + +X509_NAME * +X509_NAME_new() + +unsigned long +X509_NAME_hash(X509_NAME *name) + +void +X509_NAME_oneline(name) + X509_NAME * name + PREINIT: + char * buf; + CODE: + ST(0) = sv_newmortal(); /* Undefined to start with */ + if ((buf = X509_NAME_oneline(name, NULL, 0))) { + sv_setpvn( ST(0), buf, strlen(buf)); + OPENSSL_free(buf); /* mem was allocated by openssl */ + } + +void +X509_NAME_print_ex(name,flags=XN_FLAG_RFC2253,utf8_decode=0) + X509_NAME * name + unsigned long flags + int utf8_decode + PREINIT: + char * buf; + BIO * bp; + int n, i, ident=0; + CODE: + ST(0) = sv_newmortal(); /* undef to start with */ + bp = BIO_new(BIO_s_mem()); + if (bp) { + if (X509_NAME_print_ex(bp, name, ident, flags)) { + n = BIO_ctrl_pending(bp); + New(0, buf, n, char); + if (buf) { + i = BIO_read(bp,buf,n); + if (i>=0 && i<=n) { + sv_setpvn(ST(0), buf, i); + if (utf8_decode) sv_utf8_decode(ST(0)); + } + Safefree(buf); + } + } + BIO_free(bp); + } + +void +X509_NAME_get_text_by_NID(name,nid) + X509_NAME * name + int nid + PREINIT: + char* buf; + int length; + CODE: + ST(0) = sv_newmortal(); /* Undefined to start with */ + length = X509_NAME_get_text_by_NID(name, nid, NULL, 0); + + if (length>=0) { + New(0, buf, length+1, char); + if (X509_NAME_get_text_by_NID(name, nid, buf, length + 1)>=0) + sv_setpvn( ST(0), buf, length); + Safefree(buf); + } + +#if OPENSSL_VERSION_NUMBER >= 0x0090500fL +#define REM17 "requires 0.9.5+" + +int +X509_NAME_add_entry_by_NID(name,nid,type,bytes,loc=-1,set=0) + X509_NAME *name + int nid + int type + int loc + int set + PREINIT: + STRLEN len; + INPUT: + unsigned char *bytes = (unsigned char *)SvPV(ST(3), len); + CODE: + RETVAL = X509_NAME_add_entry_by_NID(name,nid,type,bytes,len,loc,set); + OUTPUT: + RETVAL + +int +X509_NAME_add_entry_by_OBJ(name,obj,type,bytes,loc=-1,set=0) + X509_NAME *name + ASN1_OBJECT *obj + int type + int loc + int set + PREINIT: + STRLEN len; + INPUT: + unsigned char *bytes = (unsigned char *)SvPV(ST(3), len); + CODE: + RETVAL = X509_NAME_add_entry_by_OBJ(name,obj,type,bytes,len,loc,set); + OUTPUT: + RETVAL + +int +X509_NAME_add_entry_by_txt(name,field,type,bytes,loc=-1,set=0) + X509_NAME *name + char *field + int type + int loc + int set + PREINIT: + STRLEN len; + INPUT: + unsigned char *bytes = (unsigned char *)SvPV(ST(3), len); + CODE: + RETVAL = X509_NAME_add_entry_by_txt(name,field,type,bytes,len,loc,set); + OUTPUT: + RETVAL + +#endif + +int +X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) + +int +X509_NAME_entry_count(X509_NAME *name) + +X509_NAME_ENTRY * +X509_NAME_get_entry(X509_NAME *name, int loc) + +ASN1_STRING * +X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne) + +ASN1_OBJECT * +X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne) + +void +X509_CRL_free(X509_CRL *x) + +X509_CRL * +X509_CRL_new() + +#if OPENSSL_VERSION_NUMBER >= 0x0090700fL +#define REM19 "requires 0.9.7+" + +int +X509_CRL_set_version(X509_CRL *x, long version) + +int +X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name) + +int +X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm) + +int +X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm) + +int +X509_CRL_sort(X509_CRL *x) + +#endif + +long +X509_CRL_get_version(X509_CRL *x) + +X509_NAME * +X509_CRL_get_issuer(X509_CRL *x) + +ASN1_TIME * +X509_CRL_get_lastUpdate(X509_CRL *x) + +ASN1_TIME * +X509_CRL_get_nextUpdate(X509_CRL *x) + +int +X509_CRL_verify(X509_CRL *a, EVP_PKEY *r) + +int +X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) + +#if OPENSSL_VERSION_NUMBER >= 0x0090700fL +#define REM20 "requires 0.9.7+" + +int +P_X509_CRL_set_serial(crl,crl_number) + X509_CRL *crl + ASN1_INTEGER * crl_number; + CODE: + RETVAL = 0; + if (crl && crl_number) + if (X509_CRL_add1_ext_i2d(crl, NID_crl_number, crl_number, 0, 0)) RETVAL = 1; + OUTPUT: + RETVAL + +ASN1_INTEGER * +P_X509_CRL_get_serial(crl) + X509_CRL *crl + INIT: + int i; + CODE: + RETVAL = (ASN1_INTEGER *)X509_CRL_get_ext_d2i(crl, NID_crl_number, &i, NULL); + if (!RETVAL || i==-1) XSRETURN_UNDEF; + OUTPUT: + RETVAL + +void +P_X509_CRL_add_revoked_serial_hex(crl,serial_hex,rev_time,reason_code=0,comp_time=NULL) + X509_CRL *crl + char * serial_hex + ASN1_TIME *rev_time + long reason_code + ASN1_TIME *comp_time + PREINIT: + BIGNUM *bn = NULL; + ASN1_INTEGER *sn; + X509_REVOKED *rev; + ASN1_ENUMERATED *rsn = NULL; + int rv; + PPCODE: + rv=0; + rev = X509_REVOKED_new(); + if (rev) { + if (BN_hex2bn(&bn, serial_hex)) { + sn = BN_to_ASN1_INTEGER(bn, NULL); + if (sn) { + X509_REVOKED_set_serialNumber(rev, sn); + ASN1_INTEGER_free(sn); + rv = 1; + } + BN_free(bn); + } + } + if (!rv) XSRETURN_IV(0); + + if (!rev_time) XSRETURN_IV(0); + if (!X509_REVOKED_set_revocationDate(rev, rev_time)) XSRETURN_IV(0); + + if(reason_code) { + rv = 0; + rsn = ASN1_ENUMERATED_new(); + if (rsn) { + if (ASN1_ENUMERATED_set(rsn, reason_code)) + if (X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rsn, 0, 0)) + rv=1; + ASN1_ENUMERATED_free(rsn); + } + if (!rv) XSRETURN_IV(0); + } + + if(comp_time) { + X509_REVOKED_add1_ext_i2d(rev, NID_invalidity_date, comp_time, 0, 0); + } + + if(!X509_CRL_add0_revoked(crl, rev)) XSRETURN_IV(0); + XSRETURN_IV(1); + +#endif + +X509_REQ * +X509_REQ_new() + +void +X509_REQ_free(X509_REQ *x) + +X509_NAME * +X509_REQ_get_subject_name(X509_REQ *x) + +int +X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name) + +int +X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey) + +EVP_PKEY * +X509_REQ_get_pubkey(X509_REQ *x) + +int +X509_REQ_sign(X509_REQ *x, EVP_PKEY *pk, const EVP_MD *md) + +int +X509_REQ_verify(X509_REQ *x, EVP_PKEY *r) + +int +X509_REQ_set_version(X509_REQ *x, long version) + +long +X509_REQ_get_version(X509_REQ *x) + +int +X509_REQ_get_attr_count(const X509_REQ *req); + +int +X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos=-1) + +int +X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, int lastpos=-1) + +int +X509_REQ_add1_attr_by_NID(req,nid,type,bytes) + X509_REQ *req + int nid + int type + PREINIT: + STRLEN len; + INPUT: + unsigned char *bytes = (unsigned char *)SvPV(ST(3), len); + CODE: + RETVAL = X509_REQ_add1_attr_by_NID(req,nid,type,bytes,len); + OUTPUT: + RETVAL + +#if OPENSSL_VERSION_NUMBER >= 0x0090700fL +#define REM21 "requires 0.9.7+" + +void +P_X509_REQ_get_attr(req,n) + X509_REQ *req + int n + INIT: + X509_ATTRIBUTE * att; + int count, i; + ASN1_STRING * s; + ASN1_TYPE * t; + PPCODE: + att = X509_REQ_get_attr(req,n); + count = X509_ATTRIBUTE_count(att); + for (i=0; ivalue.asn1_string; + XPUSHs(sv_2mortal(newSViv(PTR2IV(s)))); + } + +#endif + +int +P_X509_REQ_add_extensions(x,...) + X509_REQ *x + PREINIT: + int i=1; + int nid; + char *data; + X509_EXTENSION *ex; + STACK_OF(X509_EXTENSION) *stack; + CODE: + if (items>1) { + RETVAL = 1; + stack = sk_X509_EXTENSION_new_null(); + while(i+11) { + RETVAL = 1; + while(i+11) { + RETVAL = 1; + while(i+1= 0x10100005L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) /* OpenSSL 1.1.0-pre5, LibreSSL 2.7.0 */ + +X509 * +X509_STORE_CTX_get0_cert(x509_store_ctx) + X509_STORE_CTX *x509_store_ctx + +#endif + +STACK_OF(X509) * +X509_STORE_CTX_get1_chain(x509_store_ctx) + X509_STORE_CTX *x509_store_ctx + + +int +X509_STORE_CTX_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL) + long argl + void * argp + CRYPTO_EX_new * new_func + CRYPTO_EX_dup * dup_func + CRYPTO_EX_free * free_func + +void * +X509_STORE_CTX_get_ex_data(x509_store_ctx,idx) + X509_STORE_CTX * x509_store_ctx + int idx + +void * +X509_STORE_CTX_get_app_data(x509_store_ctx) + X509_STORE_CTX * x509_store_ctx + CODE: + RETVAL = X509_STORE_CTX_get_ex_data(x509_store_ctx,0); + OUTPUT: + RETVAL + +void +X509_get_fingerprint(cert,type) + X509 * cert + char * type + PREINIT: + const EVP_MD *digest_tp = NULL; + unsigned char digest[EVP_MAX_MD_SIZE]; + unsigned int dsz, k = 0; + char text[EVP_MAX_MD_SIZE * 3 + 1]; + CODE: +#ifndef OPENSSL_NO_MD5 + if (!k && !strcmp(type,"md5")) { + k = 1; digest_tp = EVP_md5(); + } +#endif + if (!k && !strcmp(type,"sha1")) { + k = 1; digest_tp = EVP_sha1(); + } +#if OPENSSL_VERSION_NUMBER >= 0x0090800fL +#ifndef OPENSSL_NO_SHA256 + if (!k && !strcmp(type,"sha256")) { + k = 1; digest_tp = EVP_sha256(); + } +#endif +#endif + if (!k && !strcmp(type,"ripemd160")) { + k = 1; digest_tp = EVP_ripemd160(); + } + if (!k) /* Default digest */ + digest_tp = EVP_sha1(); + if ( digest_tp == NULL ) { + /* Out of memory */ + XSRETURN_UNDEF; + } + if (!X509_digest(cert, digest_tp, digest, &dsz)) { + /* Out of memory */ + XSRETURN_UNDEF; + } + text[0] = '\0'; + for(k=0; k= 0 + && (subjAltNameExt = X509_get_ext(cert, i)) + && (subjAltNameDNs = X509V3_EXT_d2i(subjAltNameExt))) + { + num_gnames = sk_GENERAL_NAME_num(subjAltNameDNs); + + for (j = 0; j < num_gnames; j++) + { + subjAltNameDN = sk_GENERAL_NAME_value(subjAltNameDNs, j); + + switch (subjAltNameDN->type) + { + case GEN_OTHERNAME: + EXTEND(SP, 2); + count++; + PUSHs(sv_2mortal(newSViv(subjAltNameDN->type))); + PUSHs(sv_2mortal(newSVpv((const char*)ASN1_STRING_data(subjAltNameDN->d.otherName->value->value.utf8string), ASN1_STRING_length(subjAltNameDN->d.otherName->value->value.utf8string)))); + break; + + case GEN_EMAIL: + case GEN_DNS: + case GEN_URI: + EXTEND(SP, 2); + count++; + PUSHs(sv_2mortal(newSViv(subjAltNameDN->type))); + PUSHs(sv_2mortal(newSVpv((const char*)ASN1_STRING_data(subjAltNameDN->d.ia5), ASN1_STRING_length(subjAltNameDN->d.ia5)))); + break; + + case GEN_DIRNAME: + { + char * buf = X509_NAME_oneline(subjAltNameDN->d.dirn, NULL, 0); + EXTEND(SP, 2); + count++; + PUSHs(sv_2mortal(newSViv(subjAltNameDN->type))); + PUSHs(sv_2mortal(newSVpv((buf), strlen((buf))))); + } + break; + + case GEN_RID: + { + char buf[2501]; /* Much more than what's suggested on OBJ_obj2txt manual page */ + int len = OBJ_obj2txt(buf, sizeof(buf), subjAltNameDN->d.rid, 1); + if (len < 0 || len > (int)((sizeof(buf) - 1))) + break; /* Skip bad or overly long RID */ + EXTEND(SP, 2); + count++; + PUSHs(sv_2mortal(newSViv(subjAltNameDN->type))); + PUSHs(sv_2mortal(newSVpv(buf, 0))); + } + break; + + case GEN_IPADD: + EXTEND(SP, 2); + count++; + PUSHs(sv_2mortal(newSViv(subjAltNameDN->type))); + PUSHs(sv_2mortal(newSVpv((const char*)subjAltNameDN->d.ip->data, subjAltNameDN->d.ip->length))); + break; + + } + } + sk_GENERAL_NAME_pop_free(subjAltNameDNs, GENERAL_NAME_free); + } + XSRETURN(count * 2); + +#if OPENSSL_VERSION_NUMBER >= 0x0090700fL + +void +P_X509_get_crl_distribution_points(cert) + X509 * cert + INIT: + GENERAL_NAMES *gnames; + GENERAL_NAME *gn; + STACK_OF(DIST_POINT) *points; + DIST_POINT *p; + int i, j; + PPCODE: + points = X509_get_ext_d2i(cert, NID_crl_distribution_points, NULL, NULL); + if (points) + for (i = 0; i < sk_DIST_POINT_num(points); i++) { + p = sk_DIST_POINT_value(points, i); + if (!p->distpoint) + continue; + if (p->distpoint->type == 0) { + /* full name */ + gnames = p->distpoint->name.fullname; + for (j = 0; j < sk_GENERAL_NAME_num(gnames); j++) { + gn = sk_GENERAL_NAME_value(gnames, j); + + if (gn->type == GEN_URI) { + XPUSHs(sv_2mortal(newSVpv((char*)ASN1_STRING_data(gn->d.ia5),ASN1_STRING_length(gn->d.ia5)))); + } + } + } + else { + /* relative name - not supported */ + /* XXX-TODO: the code below is just an idea; do not enable it without proper test case + BIO *bp; + char *buf; + int n; + X509_NAME ntmp; + ntmp.entries = p->distpoint->name.relativename; + bp = BIO_new(BIO_s_mem()); + if (bp) { + X509_NAME_print_ex(bp, &ntmp, 0, XN_FLAG_RFC2253); + n = BIO_ctrl_pending(bp); + New(0, buf, n, char); + if (buf) { + j = BIO_read(bp,buf,n); + if (j>=0 && j<=n) XPUSHs(sv_2mortal(newSVpvn(buf,j))); + Safefree(buf); + } + BIO_free(bp); + } + */ + } + } + +void +P_X509_get_ocsp_uri(cert) + X509 * cert + PPCODE: + AUTHORITY_INFO_ACCESS *info; + int i; + info = X509_get_ext_d2i(cert, NID_info_access, NULL, NULL); + if (!info) XSRETURN_UNDEF; + + for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) { + ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i); + if (OBJ_obj2nid(ad->method) == NID_ad_OCSP + && ad->location->type == GEN_URI) { + XPUSHs(sv_2mortal(newSVpv( + (char*)ASN1_STRING_data(ad->location->d.uniformResourceIdentifier), + ASN1_STRING_length(ad->location->d.uniformResourceIdentifier) + ))); + if (GIMME == G_SCALAR) break; /* get only first */ + } + } + + +void +P_X509_get_ext_key_usage(cert,format=0) + X509 * cert + int format + PREINIT: + EXTENDED_KEY_USAGE *extusage; + int i, nid; + char buffer[100]; /* openssl doc: a buffer length of 80 should be more than enough to handle any OID encountered in practice */ + ASN1_OBJECT *o; + PPCODE: + extusage = X509_get_ext_d2i(cert, NID_ext_key_usage, NULL, NULL); + for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) { + o = sk_ASN1_OBJECT_value(extusage,i); + nid = OBJ_obj2nid(o); + OBJ_obj2txt(buffer, sizeof(buffer)-1, o, 1); + if(format==0) + XPUSHs(sv_2mortal(newSVpv(buffer,0))); /* format 0: oid */ + else if(format==1 && nid>0) + XPUSHs(sv_2mortal(newSViv(nid))); /* format 1: nid */ + else if(format==2 && nid>0) + XPUSHs(sv_2mortal(newSVpv(OBJ_nid2sn(nid),0))); /* format 2: shortname */ + else if(format==3 && nid>0) + XPUSHs(sv_2mortal(newSVpv(OBJ_nid2ln(nid),0))); /* format 3: longname */ + } + +#endif + +void +P_X509_get_key_usage(cert) + X509 * cert + INIT: + ASN1_BIT_STRING * u; + PPCODE: + u = X509_get_ext_d2i(cert, NID_key_usage, NULL, NULL); + if (u) { + if (ASN1_BIT_STRING_get_bit(u,0)) XPUSHs(sv_2mortal(newSVpv("digitalSignature",0))); + if (ASN1_BIT_STRING_get_bit(u,1)) XPUSHs(sv_2mortal(newSVpv("nonRepudiation",0))); + if (ASN1_BIT_STRING_get_bit(u,2)) XPUSHs(sv_2mortal(newSVpv("keyEncipherment",0))); + if (ASN1_BIT_STRING_get_bit(u,3)) XPUSHs(sv_2mortal(newSVpv("dataEncipherment",0))); + if (ASN1_BIT_STRING_get_bit(u,4)) XPUSHs(sv_2mortal(newSVpv("keyAgreement",0))); + if (ASN1_BIT_STRING_get_bit(u,5)) XPUSHs(sv_2mortal(newSVpv("keyCertSign",0))); + if (ASN1_BIT_STRING_get_bit(u,6)) XPUSHs(sv_2mortal(newSVpv("cRLSign",0))); + if (ASN1_BIT_STRING_get_bit(u,7)) XPUSHs(sv_2mortal(newSVpv("encipherOnly",0))); + if (ASN1_BIT_STRING_get_bit(u,8)) XPUSHs(sv_2mortal(newSVpv("decipherOnly",0))); + } + +void +P_X509_get_netscape_cert_type(cert) + X509 * cert + INIT: + ASN1_BIT_STRING * u; + PPCODE: + u = X509_get_ext_d2i(cert, NID_netscape_cert_type, NULL, NULL); + if (u) { + if (ASN1_BIT_STRING_get_bit(u,0)) XPUSHs(sv_2mortal(newSVpv("client",0))); + if (ASN1_BIT_STRING_get_bit(u,1)) XPUSHs(sv_2mortal(newSVpv("server",0))); + if (ASN1_BIT_STRING_get_bit(u,2)) XPUSHs(sv_2mortal(newSVpv("email",0))); + if (ASN1_BIT_STRING_get_bit(u,3)) XPUSHs(sv_2mortal(newSVpv("objsign",0))); + if (ASN1_BIT_STRING_get_bit(u,4)) XPUSHs(sv_2mortal(newSVpv("reserved",0))); + if (ASN1_BIT_STRING_get_bit(u,5)) XPUSHs(sv_2mortal(newSVpv("sslCA",0))); + if (ASN1_BIT_STRING_get_bit(u,6)) XPUSHs(sv_2mortal(newSVpv("emailCA",0))); + if (ASN1_BIT_STRING_get_bit(u,7)) XPUSHs(sv_2mortal(newSVpv("objCA",0))); + } + +int +X509_get_ext_by_NID(x,nid,loc=-1) + X509* x + int nid + int loc + +X509_EXTENSION * +X509_get_ext(x,loc) + X509* x + int loc + +int +X509_EXTENSION_get_critical(X509_EXTENSION *ex) + +ASN1_OCTET_STRING * +X509_EXTENSION_get_data(X509_EXTENSION *ne) + +ASN1_OBJECT * +X509_EXTENSION_get_object(X509_EXTENSION *ex) + +int +X509_get_ext_count(X509 *x) + +int +X509_CRL_get_ext_count(X509_CRL *x) + +int +X509_CRL_get_ext_by_NID(x,ni,loc=-1) + X509_CRL* x + int ni + int loc + +X509_EXTENSION * +X509_CRL_get_ext(x,loc) + X509_CRL* x + int loc + +void +X509V3_EXT_print(ext,flags=0,utf8_decode=0) + X509_EXTENSION * ext + unsigned long flags + int utf8_decode + PREINIT: + BIO * bp; + char * buf; + int i, n; + int indent=0; + CODE: + ST(0) = sv_newmortal(); /* undef to start with */ + bp = BIO_new(BIO_s_mem()); + if (bp) { + if(X509V3_EXT_print(bp,ext,flags,indent)) { + n = BIO_ctrl_pending(bp); + New(0, buf, n, char); + if (buf) { + i = BIO_read(bp,buf,n); + if (i>=0 && i<=n) { + sv_setpvn(ST(0), buf, i); + if (utf8_decode) sv_utf8_decode(ST(0)); + } + Safefree(buf); + } + } + BIO_free(bp); + } + +void * +X509V3_EXT_d2i(ext) + X509_EXTENSION *ext + +X509_STORE_CTX * +X509_STORE_CTX_new() + +int +X509_STORE_CTX_init(ctx, store=NULL, x509=NULL, chain=NULL) + X509_STORE_CTX * ctx + X509_STORE * store + X509 * x509 + STACK_OF(X509) * chain + +void +X509_STORE_CTX_free(ctx) + X509_STORE_CTX * ctx + +int +X509_verify_cert(x509_store_ctx) + X509_STORE_CTX * x509_store_ctx + +int +X509_STORE_CTX_get_error(x509_store_ctx) + X509_STORE_CTX * x509_store_ctx + +int +X509_STORE_CTX_get_error_depth(x509_store_ctx) + X509_STORE_CTX * x509_store_ctx + +int +X509_STORE_CTX_set_ex_data(x509_store_ctx,idx,data) + X509_STORE_CTX * x509_store_ctx + int idx + void * data + +int +X509_STORE_CTX_set_app_data(x509_store_ctx,arg) + X509_STORE_CTX * x509_store_ctx + char * arg + CODE: + RETVAL = X509_STORE_CTX_set_ex_data(x509_store_ctx,0,arg); + OUTPUT: + RETVAL + +void +X509_STORE_CTX_set_error(x509_store_ctx,s) + X509_STORE_CTX * x509_store_ctx + int s + +void +X509_STORE_CTX_set_cert(x509_store_ctx,x) + X509_STORE_CTX * x509_store_ctx + X509 * x + +X509_STORE * +X509_STORE_new() + +void +X509_STORE_free(store) + X509_STORE * store + +X509_LOOKUP * +X509_STORE_add_lookup(store, method) + X509_STORE * store + X509_LOOKUP_METHOD * method + +int +X509_STORE_add_cert(ctx, x) + X509_STORE *ctx + X509 *x + +int +X509_STORE_add_crl(ctx, x) + X509_STORE *ctx + X509_CRL *x + +#if OPENSSL_VERSION_NUMBER >= 0x0090800fL + +void +X509_STORE_set_flags(ctx, flags) + X509_STORE *ctx + long flags + +void +X509_STORE_set_purpose(ctx, purpose) + X509_STORE *ctx + int purpose + +void +X509_STORE_set_trust(ctx, trust) + X509_STORE *ctx + int trust + +int +X509_STORE_set1_param(ctx, pm) + X509_STORE *ctx + X509_VERIFY_PARAM *pm + +#endif + +X509_LOOKUP_METHOD * +X509_LOOKUP_hash_dir() + +void +X509_LOOKUP_add_dir(lookup, dir, type) + X509_LOOKUP * lookup + char * dir + int type + +int +X509_load_cert_file(ctx, file, type) + X509_LOOKUP *ctx + char *file + int type + +int +X509_load_crl_file(ctx, file, type) + X509_LOOKUP *ctx + char *file + int type + +int +X509_load_cert_crl_file(ctx, file, type) + X509_LOOKUP *ctx + char *file + int type + +const char * +X509_verify_cert_error_string(n) + long n + +ASN1_INTEGER * +ASN1_INTEGER_new() + +void +ASN1_INTEGER_free(ASN1_INTEGER *i) + +int +ASN1_INTEGER_set(ASN1_INTEGER *i, long val) + +long +ASN1_INTEGER_get(ASN1_INTEGER *a) + +void +P_ASN1_INTEGER_set_hex(i,str) + ASN1_INTEGER * i + char * str + INIT: + BIGNUM *bn; + int rv = 1; + PPCODE: + bn = BN_new(); + if (!BN_hex2bn(&bn, str)) XSRETURN_IV(0); + if (!BN_to_ASN1_INTEGER(bn, i)) rv = 0; + BN_free(bn); + XSRETURN_IV(rv); + +void +P_ASN1_INTEGER_set_dec(i,str) + ASN1_INTEGER * i + char * str + INIT: + BIGNUM *bn; + int rv = 1; + PPCODE: + bn = BN_new(); + if (!BN_dec2bn(&bn, str)) XSRETURN_IV(0); + if (!BN_to_ASN1_INTEGER(bn, i)) rv = 0; + BN_free(bn); + XSRETURN_IV(rv); + +void +P_ASN1_INTEGER_get_hex(i) + ASN1_INTEGER * i + INIT: + BIGNUM *bn; + char *result; + PPCODE: + bn = BN_new(); + if (!bn) XSRETURN_UNDEF; + ASN1_INTEGER_to_BN(i, bn); + result = BN_bn2hex(bn); + BN_free(bn); + if (!result) XSRETURN_UNDEF; + XPUSHs(sv_2mortal(newSVpv((const char*)result, strlen(result)))); + OPENSSL_free(result); + +void +P_ASN1_INTEGER_get_dec(i) + ASN1_INTEGER * i + INIT: + BIGNUM *bn; + char *result; + PPCODE: + bn = BN_new(); + if (!bn) XSRETURN_UNDEF; + ASN1_INTEGER_to_BN(i, bn); + result = BN_bn2dec(bn); + BN_free(bn); + if (!result) XSRETURN_UNDEF; + XPUSHs(sv_2mortal(newSVpv((const char*)result, strlen(result)))); + OPENSSL_free(result); + +void +P_ASN1_STRING_get(s,utf8_decode=0) + ASN1_STRING * s + int utf8_decode + PREINIT: + SV * u8; + PPCODE: + u8 = newSVpv((const char*)ASN1_STRING_data(s), ASN1_STRING_length(s)); + if (utf8_decode) sv_utf8_decode(u8); + XPUSHs(sv_2mortal(u8)); + +ASN1_TIME * +X509_get_notBefore(cert) + X509 * cert + +ASN1_TIME * +X509_get_notAfter(cert) + X509 * cert + +ASN1_TIME * +X509_gmtime_adj(s, adj) + ASN1_TIME * s + long adj + +ASN1_TIME * +ASN1_TIME_set(s,t) + ASN1_TIME *s + time_t t + +void +ASN1_TIME_free(s) + ASN1_TIME *s + +time_t +ASN1_TIME_timet(s) + ASN1_TIME *s + CODE: + RETVAL = ASN1_TIME_timet(s,NULL); + OUTPUT: + RETVAL + +ASN1_TIME * +ASN1_TIME_new() + +void +P_ASN1_TIME_put2string(tm) + ASN1_TIME * tm + PREINIT: + BIO *bp=NULL; + int i=0; + char buffer[256]; + ALIAS: + P_ASN1_UTCTIME_put2string = 1 + CODE: + ST(0) = sv_newmortal(); /* undef retval to start with */ + if (tm) { + bp = BIO_new(BIO_s_mem()); + if (bp) { + ASN1_TIME_print(bp,tm); + i = BIO_read(bp,buffer,255); + buffer[i] = '\0'; + if (i>0) + sv_setpvn(ST(0), buffer, i); + BIO_free(bp); + } + } + +#if OPENSSL_VERSION_NUMBER >= 0x0090705f +#define REM15 "NOTE: requires 0.9.7e+" + +void +P_ASN1_TIME_get_isotime(tm) + ASN1_TIME *tm + PREINIT: + ASN1_GENERALIZEDTIME *tmp = NULL; + char buf[256]; + CODE: + buf[0] = '\0'; + /* ASN1_TIME_to_generalizedtime is buggy on pre-0.9.7e */ + ASN1_TIME_to_generalizedtime(tm,&tmp); + if (tmp) { + if (ASN1_GENERALIZEDTIME_check(tmp)) { + if (strlen((char*)tmp->data)>=14 && strlen((char*)tmp->data)<200) { + strcpy (buf,"yyyy-mm-ddThh:mm:ss"); + strncpy(buf, (char*)tmp->data, 4); + strncpy(buf+5, (char*)tmp->data+4, 2); + strncpy(buf+8, (char*)tmp->data+6, 2); + strncpy(buf+11,(char*)tmp->data+8, 2); + strncpy(buf+14,(char*)tmp->data+10,2); + strncpy(buf+17,(char*)tmp->data+12,2); + if (strlen((char*)tmp->data)>14) strcat(buf+19,(char*)tmp->data+14); + } + } + ASN1_GENERALIZEDTIME_free(tmp); + } + ST(0) = sv_newmortal(); + sv_setpv(ST(0), buf); + +void +P_ASN1_TIME_set_isotime(tm,str) + ASN1_TIME *tm + const char *str + PREINIT: + ASN1_TIME t; + char buf[256]; + int i,rv; + CODE: + if (!tm) XSRETURN_UNDEF; + /* we support only "2012-03-22T23:55:33" or "2012-03-22T23:55:33Z" or "2012-03-22T23:55:33" */ + if (strlen(str) < 19) XSRETURN_UNDEF; + for (i=0; i<4; i++) if ((str[i] > '9') || (str[i] < '0')) XSRETURN_UNDEF; + for (i=5; i<7; i++) if ((str[i] > '9') || (str[i] < '0')) XSRETURN_UNDEF; + for (i=8; i<10; i++) if ((str[i] > '9') || (str[i] < '0')) XSRETURN_UNDEF; + for (i=11; i<13; i++) if ((str[i] > '9') || (str[i] < '0')) XSRETURN_UNDEF; + for (i=14; i<16; i++) if ((str[i] > '9') || (str[i] < '0')) XSRETURN_UNDEF; + for (i=17; i<19; i++) if ((str[i] > '9') || (str[i] < '0')) XSRETURN_UNDEF; + strncpy(buf, str, 4); + strncpy(buf+4, str+5, 2); + strncpy(buf+6, str+8, 2); + strncpy(buf+8, str+11, 2); + strncpy(buf+10, str+14, 2); + strncpy(buf+12, str+17, 2); + buf[14] = '\0'; + if (strlen(str)>19 && strlen(str)<200) strcat(buf,str+19); + + /* WORKAROUND: ASN1_TIME_set_string() not available in 0.9.8 !!!*/ + /* in 1.0.0 we would simply: rv = ASN1_TIME_set_string(tm,buf); */ + t.length = strlen(buf); + t.data = (unsigned char *)buf; + t.flags = 0; + t.type = V_ASN1_UTCTIME; + if (!ASN1_TIME_check(&t)) { + t.type = V_ASN1_GENERALIZEDTIME; + if (!ASN1_TIME_check(&t)) XSRETURN_UNDEF; + } + tm->type = t.type; + tm->flags = t.flags; + if (!ASN1_STRING_set(tm,t.data,t.length)) XSRETURN_UNDEF; + rv = 1; + + /* end of ASN1_TIME_set_string() reimplementation */ + + ST(0) = sv_newmortal(); + sv_setiv(ST(0), rv); /* 1 = success, undef = failure */ + +#endif + +int +EVP_PKEY_copy_parameters(to,from) + EVP_PKEY * to + EVP_PKEY * from + +EVP_PKEY * +EVP_PKEY_new() + +void +EVP_PKEY_free(EVP_PKEY *pkey) + +int +EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key) + +int +EVP_PKEY_bits(EVP_PKEY *pkey) + +int +EVP_PKEY_size(EVP_PKEY *pkey) + +#if OPENSSL_VERSION_NUMBER >= 0x1000000fL + +int +EVP_PKEY_id(const EVP_PKEY *pkey) + +#endif + +void +PEM_get_string_X509(x509) + X509 * x509 + PREINIT: + BIO *bp; + int i, n; + char *buf; + CODE: + ST(0) = sv_newmortal(); /* undef to start with */ + bp = BIO_new(BIO_s_mem()); + if (bp && x509) { + PEM_write_bio_X509(bp,x509); + n = BIO_ctrl_pending(bp); + New(0, buf, n, char); + if (buf) { + i = BIO_read(bp,buf,n); + if (i>=0 && i<=n) sv_setpvn(ST(0), buf, i); + Safefree(buf); + } + BIO_free(bp); + } + +void +PEM_get_string_X509_REQ(x509_req) + X509_REQ * x509_req + PREINIT: + BIO *bp; + int i, n; + char *buf; + CODE: + ST(0) = sv_newmortal(); /* undef to start with */ + bp = BIO_new(BIO_s_mem()); + if (bp && x509_req) { + PEM_write_bio_X509_REQ(bp,x509_req); + n = BIO_ctrl_pending(bp); + New(0, buf, n, char); + if (buf) { + i = BIO_read(bp,buf,n); + if (i>=0 && i<=n) sv_setpvn(ST(0), buf, i); + Safefree(buf); + } + BIO_free(bp); + } + +void +PEM_get_string_X509_CRL(x509_crl) + X509_CRL * x509_crl + PREINIT: + BIO *bp; + int i, n; + char *buf; + CODE: + ST(0) = sv_newmortal(); /* undef to start with */ + bp = BIO_new(BIO_s_mem()); + if (bp && x509_crl) { + PEM_write_bio_X509_CRL(bp,x509_crl); + n = BIO_ctrl_pending(bp); + New(0, buf, n, char); + if (buf) { + i = BIO_read(bp,buf,n); + if (i>=0 && i<=n) sv_setpvn(ST(0), buf, i); + Safefree(buf); + } + BIO_free(bp); + } + +void +PEM_get_string_PrivateKey(pk,passwd=NULL,enc_alg=NULL) + EVP_PKEY * pk + char * passwd + const EVP_CIPHER * enc_alg + PREINIT: + BIO *bp; + int i, n; + char *buf; + size_t passwd_len = 0; + pem_password_cb * cb = NULL; + void * u = NULL; + CODE: + ST(0) = sv_newmortal(); /* undef to start with */ + bp = BIO_new(BIO_s_mem()); + if (bp && pk) { + if (passwd) passwd_len = strlen(passwd); + if (passwd_len>0) { + /* encrypted key */ + if (!enc_alg) + PEM_write_bio_PrivateKey(bp,pk,EVP_des_cbc(),(unsigned char *)passwd,passwd_len,cb,u); + else + PEM_write_bio_PrivateKey(bp,pk,enc_alg,(unsigned char *)passwd,passwd_len,cb,u); + } + else { + /* unencrypted key */ + PEM_write_bio_PrivateKey(bp,pk,NULL,(unsigned char *)passwd,passwd_len,cb,u); + } + n = BIO_ctrl_pending(bp); + New(0, buf, n, char); + if (buf) { + i = BIO_read(bp,buf,n); + if (i>=0 && i<=n) sv_setpvn(ST(0), buf, i); + Safefree(buf); + } + BIO_free(bp); + } + +int +CTX_use_PKCS12_file(ctx, file, password=NULL) + SSL_CTX *ctx + char *file + char *password + PREINIT: + PKCS12 *p12; + EVP_PKEY *private_key; + X509 *certificate; + FILE *fp; + CODE: + RETVAL = 0; + if ((fp = fopen (file, "rb"))) { +#if OPENSSL_VERSION_NUMBER >= 0x0090700fL + OPENSSL_add_all_algorithms_noconf(); +#else + OpenSSL_add_all_algorithms(); +#endif + if ((p12 = d2i_PKCS12_fp(fp, NULL))) { + if (PKCS12_parse(p12, password, &private_key, &certificate, NULL)) { + if (private_key) { + if (SSL_CTX_use_PrivateKey(ctx, private_key)) RETVAL = 1; + EVP_PKEY_free(private_key); + } + if (certificate) { + if (SSL_CTX_use_certificate(ctx, certificate)) RETVAL = 1; + X509_free(certificate); + } + } + PKCS12_free(p12); + } + if (!RETVAL) ERR_print_errors_fp(stderr); + fclose(fp); + } + OUTPUT: + RETVAL + +void +P_PKCS12_load_file(file, load_chain=0, password=NULL) + char *file + int load_chain + char *password + PREINIT: + PKCS12 *p12; + EVP_PKEY *private_key = NULL; + X509 *certificate = NULL; + STACK_OF(X509) *cachain = NULL; + X509 *x; + FILE *fp; + int i, result; + PPCODE: + if ((fp = fopen (file, "rb"))) { +#if OPENSSL_VERSION_NUMBER >= 0x0090700fL + OPENSSL_add_all_algorithms_noconf(); +#else + OpenSSL_add_all_algorithms(); +#endif + if ((p12 = d2i_PKCS12_fp(fp, NULL))) { + if(load_chain) + result= PKCS12_parse(p12, password, &private_key, &certificate, &cachain); + else + result= PKCS12_parse(p12, password, &private_key, &certificate, NULL); + if (result) { + if (private_key) + XPUSHs(sv_2mortal(newSViv(PTR2IV(private_key)))); + else + XPUSHs(sv_2mortal(newSVpv(NULL,0))); /* undef */ + if (certificate) + XPUSHs(sv_2mortal(newSViv(PTR2IV(certificate)))); + else + XPUSHs(sv_2mortal(newSVpv(NULL,0))); /* undef */ + if (cachain) { + for (i=0; i= 0x00905000L + +void +RIPEMD160(data) + PREINIT: + STRLEN len; + unsigned char md[RIPEMD160_DIGEST_LENGTH]; + INPUT: + unsigned char * data = (unsigned char *) SvPV( ST(0), len); + CODE: + if (RIPEMD160(data,len,md)) { + XSRETURN_PVN((char *) md, RIPEMD160_DIGEST_LENGTH); + } else { + XSRETURN_UNDEF; + } + +#endif + +#if !defined(OPENSSL_NO_SHA) + +void +SHA1(data) + PREINIT: + STRLEN len; + unsigned char md[SHA_DIGEST_LENGTH]; + INPUT: + unsigned char * data = (unsigned char *) SvPV( ST(0), len); + CODE: + if (SHA1(data,len,md)) { + XSRETURN_PVN((char *) md, SHA_DIGEST_LENGTH); + } else { + XSRETURN_UNDEF; + } + +#endif +#if !defined(OPENSSL_NO_SHA256) && OPENSSL_VERSION_NUMBER >= 0x0090800fL + +void +SHA256(data) + PREINIT: + STRLEN len; + unsigned char md[SHA256_DIGEST_LENGTH]; + INPUT: + unsigned char * data = (unsigned char *) SvPV( ST(0), len); + CODE: + if (SHA256(data,len,md)) { + XSRETURN_PVN((char *) md, SHA256_DIGEST_LENGTH); + } else { + XSRETURN_UNDEF; + } + +#endif +#if !defined(OPENSSL_NO_SHA512) && OPENSSL_VERSION_NUMBER >= 0x0090800fL + +void +SHA512(data) + PREINIT: + STRLEN len; + unsigned char md[SHA512_DIGEST_LENGTH]; + INPUT: + unsigned char * data = (unsigned char *) SvPV( ST(0), len); + CODE: + if (SHA512(data,len,md)) { + XSRETURN_PVN((char *) md, SHA512_DIGEST_LENGTH); + } else { + XSRETURN_UNDEF; + } + +#endif + +#ifndef OPENSSL_NO_SSL2 +#if OPENSSL_VERSION_NUMBER < 0x10000000L + +const SSL_METHOD * +SSLv2_method() + +#endif +#endif + +#ifndef OPENSSL_NO_SSL3 + +const SSL_METHOD * +SSLv3_method() + +#endif + +const SSL_METHOD * +SSLv23_method() + +const SSL_METHOD * +SSLv23_server_method() + +const SSL_METHOD * +SSLv23_client_method() + +const SSL_METHOD * +TLSv1_method() + +const SSL_METHOD * +TLSv1_server_method() + +const SSL_METHOD * +TLSv1_client_method() + +#ifdef SSL_TXT_TLSV1_1 + +const SSL_METHOD * +TLSv1_1_method() + +const SSL_METHOD * +TLSv1_1_server_method() + +const SSL_METHOD * +TLSv1_1_client_method() + +#endif + +#ifdef SSL_TXT_TLSV1_2 + +const SSL_METHOD * +TLSv1_2_method() + +const SSL_METHOD * +TLSv1_2_server_method() + +const SSL_METHOD * +TLSv1_2_client_method() + +#endif + + +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x20020002L) + +const SSL_METHOD * +TLS_method() + +const SSL_METHOD * +TLS_server_method() + +const SSL_METHOD * +TLS_client_method() + +#endif /* OpenSSL 1.1.0 or LibreSSL 2.2.2 */ + + +#if (OPENSSL_VERSION_NUMBER >= 0x10100002L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2060000fL) + +int +SSL_CTX_set_min_proto_version(ctx, version) + SSL_CTX * ctx + int version + +int +SSL_CTX_set_max_proto_version(ctx, version) + SSL_CTX * ctx + int version + +int +SSL_set_min_proto_version(ssl, version) + SSL * ssl + int version + +int +SSL_set_max_proto_version(ssl, version) + SSL * ssl + int version + +#endif /* OpenSSL 1.1.0-pre2 or LibreSSL 2.6.0 */ + + +#if OPENSSL_VERSION_NUMBER >= 0x1010007fL && !defined(LIBRESSL_VERSION_NUMBER) + +int +SSL_CTX_get_min_proto_version(ctx) + SSL_CTX * ctx + +int +SSL_CTX_get_max_proto_version(ctx) + SSL_CTX * ctx + +int +SSL_get_min_proto_version(ssl) + SSL * ssl + +int +SSL_get_max_proto_version(ssl) + SSL * ssl + +#endif /* OpenSSL 1.1.0g */ + + +#if OPENSSL_VERSION_NUMBER < 0x10000000L + +int +SSL_set_ssl_method(ssl, method) + SSL * ssl + SSL_METHOD * method + +#else + +int +SSL_set_ssl_method(ssl, method) + SSL * ssl + const SSL_METHOD * method + +#endif + +const SSL_METHOD * +SSL_get_ssl_method(ssl) + SSL * ssl + +#define REM_AUTOMATICALLY_GENERATED_1_09 + +BIO * +BIO_new_buffer_ssl_connect(ctx) + SSL_CTX * ctx + +BIO * +BIO_new_file(filename,mode) + char * filename + char * mode + +BIO * +BIO_new_ssl(ctx,client) + SSL_CTX * ctx + int client + +BIO * +BIO_new_ssl_connect(ctx) + SSL_CTX * ctx + +BIO * +BIO_new(type) + BIO_METHOD * type; + +int +BIO_free(bio) + BIO * bio; + +void +BIO_read(s,max=32768) + BIO * s + int max + PREINIT: + char *buf = NULL; + int got; + CODE: + New(0, buf, max, char); + ST(0) = sv_newmortal(); /* Undefined to start with */ + if ((got = BIO_read(s, buf, max)) >= 0) + sv_setpvn( ST(0), buf, got); + Safefree(buf); + +int +BIO_write(s,buf) + BIO * s + PREINIT: + STRLEN len; + INPUT: + char * buf = SvPV( ST(1), len); + CODE: + RETVAL = BIO_write (s, buf, (int)len); + OUTPUT: + RETVAL + +int +BIO_eof(s) + BIO * s + +int +BIO_pending(s) + BIO * s + +int +BIO_wpending(s) + BIO * s + +int +BIO_ssl_copy_session_id(to,from) + BIO * to + BIO * from + +void +BIO_ssl_shutdown(ssl_bio) + BIO * ssl_bio + +int +SSL_add_client_CA(ssl,x) + SSL * ssl + X509 * x + +const char * +SSL_alert_desc_string(value) + int value + +const char * +SSL_alert_desc_string_long(value) + int value + +const char * +SSL_alert_type_string(value) + int value + +const char * +SSL_alert_type_string_long(value) + int value + +long +SSL_callback_ctrl(ssl,i,fp) + SSL * ssl + int i + callback_no_ret * fp + +int +SSL_check_private_key(ctx) + SSL * ctx + +# /* buf and size were required with Net::SSLeay 1.88 and earlier. */ +# /* With OpenSSL 0.9.8l and older compile can warn about discarded const. */ +void +SSL_CIPHER_description(const SSL_CIPHER *cipher, char *unused_buf=NULL, int unused_size=0) + PREINIT: + char *description; + char buf[512]; + PPCODE: + description = SSL_CIPHER_description(cipher, buf, sizeof(buf)); + if(description == NULL) { + XSRETURN_EMPTY; + } + XPUSHs(sv_2mortal(newSVpv(description, 0))); + +const char * +SSL_CIPHER_get_name(const SSL_CIPHER *c) + +int +SSL_CIPHER_get_bits(c, ...) + const SSL_CIPHER * c + CODE: + int alg_bits; + RETVAL = SSL_CIPHER_get_bits(c, &alg_bits); + if (items > 2) croak("SSL_CIPHER_get_bits: Need to call with one or two parameters"); + if (items > 1) sv_setsv(ST(1), sv_2mortal(newSViv(alg_bits))); + OUTPUT: + RETVAL + +const char * +SSL_CIPHER_get_version(const SSL_CIPHER *cipher) + +#ifndef OPENSSL_NO_COMP + +int +SSL_COMP_add_compression_method(id,cm) + int id + COMP_METHOD * cm + +#endif + +int +SSL_CTX_add_client_CA(ctx,x) + SSL_CTX * ctx + X509 * x + +long +SSL_CTX_callback_ctrl(ctx,i,fp) + SSL_CTX * ctx + int i + callback_no_ret * fp + +int +SSL_CTX_check_private_key(ctx) + SSL_CTX * ctx + +void * +SSL_CTX_get_ex_data(ssl,idx) + SSL_CTX * ssl + int idx + +int +SSL_CTX_get_quiet_shutdown(ctx) + SSL_CTX * ctx + +long +SSL_CTX_get_timeout(ctx) + SSL_CTX * ctx + +int +SSL_CTX_get_verify_depth(ctx) + SSL_CTX * ctx + +int +SSL_CTX_get_verify_mode(ctx) + SSL_CTX * ctx + +void +SSL_CTX_set_cert_store(ctx,store) + SSL_CTX * ctx + X509_STORE * store + +X509_STORE * +SSL_CTX_get_cert_store(ctx) + SSL_CTX * ctx + +void +SSL_CTX_set_cert_verify_callback(ctx,callback,data=&PL_sv_undef) + SSL_CTX * ctx + SV * callback + SV * data + CODE: + if (callback==NULL || !SvOK(callback)) { + SSL_CTX_set_cert_verify_callback(ctx, NULL, NULL); + cb_data_advanced_put(ctx, "ssleay_ctx_cert_verify_cb!!func", NULL); + cb_data_advanced_put(ctx, "ssleay_ctx_cert_verify_cb!!data", NULL); + } + else { + cb_data_advanced_put(ctx, "ssleay_ctx_cert_verify_cb!!func", newSVsv(callback)); + cb_data_advanced_put(ctx, "ssleay_ctx_cert_verify_cb!!data", newSVsv(data)); +#if OPENSSL_VERSION_NUMBER >= 0x0090700fL + SSL_CTX_set_cert_verify_callback(ctx, ssleay_ctx_cert_verify_cb_invoke, ctx); +#else + SSL_CTX_set_cert_verify_callback(ctx, ssleay_ctx_cert_verify_cb_invoke, (char*)ctx); +#endif + } + +X509_NAME_STACK * +SSL_CTX_get_client_CA_list(ctx) + SSL_CTX *ctx + +void +SSL_CTX_set_client_CA_list(ctx,list) + SSL_CTX * ctx + X509_NAME_STACK * list + +void +SSL_CTX_set_default_passwd_cb(ctx,callback=&PL_sv_undef) + SSL_CTX * ctx + SV * callback + CODE: + if (callback==NULL || !SvOK(callback)) { + SSL_CTX_set_default_passwd_cb(ctx, NULL); + SSL_CTX_set_default_passwd_cb_userdata(ctx, NULL); + cb_data_advanced_put(ctx, "ssleay_ctx_passwd_cb!!func", NULL); + } + else { + cb_data_advanced_put(ctx, "ssleay_ctx_passwd_cb!!func", newSVsv(callback)); + SSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)ctx); + SSL_CTX_set_default_passwd_cb(ctx, &ssleay_ctx_passwd_cb_invoke); + } + +void +SSL_CTX_set_default_passwd_cb_userdata(ctx,data=&PL_sv_undef) + SSL_CTX * ctx + SV * data + CODE: + /* SSL_CTX_set_default_passwd_cb_userdata is set in SSL_CTX_set_default_passwd_cb */ + if (data==NULL || !SvOK(data)) { + cb_data_advanced_put(ctx, "ssleay_ctx_passwd_cb!!data", NULL); + } + else { + cb_data_advanced_put(ctx, "ssleay_ctx_passwd_cb!!data", newSVsv(data)); + } + +int +SSL_CTX_set_ex_data(ssl,idx,data) + SSL_CTX * ssl + int idx + void * data + +int +SSL_CTX_set_purpose(s,purpose) + SSL_CTX * s + int purpose + +void +SSL_CTX_set_quiet_shutdown(ctx,mode) + SSL_CTX * ctx + int mode + +#if OPENSSL_VERSION_NUMBER < 0x10000000L + +int +SSL_CTX_set_ssl_version(ctx,meth) + SSL_CTX * ctx + SSL_METHOD * meth + +#else + +int +SSL_CTX_set_ssl_version(ctx,meth) + SSL_CTX * ctx + const SSL_METHOD * meth + +#endif + +long +SSL_CTX_set_timeout(ctx,t) + SSL_CTX * ctx + long t + +int +SSL_CTX_set_trust(s,trust) + SSL_CTX * s + int trust + +void +SSL_CTX_set_verify_depth(ctx,depth) + SSL_CTX * ctx + int depth + +int +SSL_CTX_use_certificate(ctx,x) + SSL_CTX * ctx + X509 * x + +int +SSL_CTX_use_certificate_chain_file(ctx,file) + SSL_CTX * ctx + const char * file + + +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + +int +SSL_use_certificate_chain_file(ssl,file) + SSL * ssl + const char * file + +#endif /* OpenSSL 1.1.0 */ + +int +SSL_CTX_use_PrivateKey(ctx,pkey) + SSL_CTX * ctx + EVP_PKEY * pkey + +int +SSL_CTX_use_RSAPrivateKey(ctx,rsa) + SSL_CTX * ctx + RSA * rsa + +int +SSL_do_handshake(s) + SSL * s + +SSL * +SSL_dup(ssl) + SSL * ssl + +const SSL_CIPHER * +SSL_get_current_cipher(s) + SSL * s + +long +SSL_get_default_timeout(s) + SSL * s + +void * +SSL_get_ex_data(ssl,idx) + SSL * ssl + int idx + +size_t +SSL_get_finished(ssl,buf,count=2*EVP_MAX_MD_SIZE) + SSL *ssl + SV *buf + size_t count + PREINIT: + unsigned char *finished; + size_t finished_len; + CODE: + Newx(finished, count, unsigned char); + finished_len = SSL_get_finished(ssl, finished, count); + if (count > finished_len) + count = finished_len; + sv_setpvn(buf, (const char *)finished, count); + Safefree(finished); + RETVAL = finished_len; + OUTPUT: + RETVAL + +size_t +SSL_get_peer_finished(ssl,buf,count=2*EVP_MAX_MD_SIZE) + SSL *ssl + SV *buf + size_t count + PREINIT: + unsigned char *finished; + size_t finished_len; + CODE: + Newx(finished, count, unsigned char); + finished_len = SSL_get_peer_finished(ssl, finished, count); + if (count > finished_len) + count = finished_len; + sv_setpvn(buf, (const char *)finished, count); + Safefree(finished); + RETVAL = finished_len; + OUTPUT: + RETVAL + +int +SSL_get_quiet_shutdown(ssl) + SSL * ssl + +int +SSL_get_shutdown(ssl) + SSL * ssl + +int +SSL_get_verify_depth(s) + SSL * s + +int +SSL_get_verify_mode(s) + SSL * s + +long +SSL_get_verify_result(ssl) + SSL * ssl + +int +SSL_renegotiate(s) + SSL * s + +#if OPENSSL_VERSION_NUMBER < 0x10000000L + +int +SSL_SESSION_cmp(a,b) + SSL_SESSION * a + SSL_SESSION * b + +#endif + +void * +SSL_SESSION_get_ex_data(ss,idx) + SSL_SESSION * ss + int idx + +long +SSL_SESSION_get_time(s) + SSL_SESSION * s + +long +SSL_SESSION_get_timeout(s) + SSL_SESSION * s + +int +SSL_SESSION_print_fp(fp,ses) + FILE * fp + SSL_SESSION * ses + +int +SSL_SESSION_set_ex_data(ss,idx,data) + SSL_SESSION * ss + int idx + void * data + +long +SSL_SESSION_set_time(s,t) + SSL_SESSION * s + long t + +long +SSL_SESSION_set_timeout(s,t) + SSL_SESSION * s + long t + +void +SSL_set_accept_state(s) + SSL * s + +void +sk_X509_NAME_free(sk) + X509_NAME_STACK *sk + +int +sk_X509_NAME_num(sk) + X509_NAME_STACK *sk + +X509_NAME * +sk_X509_NAME_value(sk,i) + X509_NAME_STACK *sk + int i + +X509_NAME_STACK * +SSL_get_client_CA_list(s) + SSL * s + +void +SSL_set_client_CA_list(s,list) + SSL * s + X509_NAME_STACK * list + +void +SSL_set_connect_state(s) + SSL * s + +int +SSL_set_ex_data(ssl,idx,data) + SSL * ssl + int idx + void * data + + +void +SSL_set_info_callback(ssl,callback,data=&PL_sv_undef) + SSL * ssl + SV * callback + SV * data + CODE: + if (callback==NULL || !SvOK(callback)) { + SSL_set_info_callback(ssl, NULL); + cb_data_advanced_put(ssl, "ssleay_info_cb!!func", NULL); + cb_data_advanced_put(ssl, "ssleay_info_cb!!data", NULL); + } else { + cb_data_advanced_put(ssl, "ssleay_info_cb!!func", newSVsv(callback)); + cb_data_advanced_put(ssl, "ssleay_info_cb!!data", newSVsv(data)); + SSL_set_info_callback(ssl, ssleay_info_cb_invoke); + } + +void +SSL_CTX_set_info_callback(ctx,callback,data=&PL_sv_undef) + SSL_CTX * ctx + SV * callback + SV * data + CODE: + if (callback==NULL || !SvOK(callback)) { + SSL_CTX_set_info_callback(ctx, NULL); + cb_data_advanced_put(ctx, "ssleay_ctx_info_cb!!func", NULL); + cb_data_advanced_put(ctx, "ssleay_ctx_info_cb!!data", NULL); + } else { + cb_data_advanced_put(ctx, "ssleay_ctx_info_cb!!func", newSVsv(callback)); + cb_data_advanced_put(ctx, "ssleay_ctx_info_cb!!data", newSVsv(data)); + SSL_CTX_set_info_callback(ctx, ssleay_ctx_info_cb_invoke); + } + +void +SSL_set_msg_callback(ssl,callback,data=&PL_sv_undef) + SSL * ssl + SV * callback + SV * data + CODE: + if (callback==NULL || !SvOK(callback)) { + SSL_set_msg_callback(ssl, NULL); + cb_data_advanced_put(ssl, "ssleay_msg_cb!!func", NULL); + cb_data_advanced_put(ssl, "ssleay_msg_cb!!data", NULL); + } else { + cb_data_advanced_put(ssl, "ssleay_msg_cb!!func", newSVsv(callback)); + cb_data_advanced_put(ssl, "ssleay_msg_cb!!data", newSVsv(data)); + SSL_set_msg_callback(ssl, ssleay_msg_cb_invoke); + } + +void +SSL_CTX_set_msg_callback(ctx,callback,data=&PL_sv_undef) + SSL_CTX * ctx + SV * callback + SV * data + CODE: + if (callback==NULL || !SvOK(callback)) { + SSL_CTX_set_msg_callback(ctx, NULL); + cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!func", NULL); + cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!data", NULL); + } else { + cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!func", newSVsv(callback)); + cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!data", newSVsv(data)); + SSL_CTX_set_msg_callback(ctx, ssleay_ctx_msg_cb_invoke); + } + + +#if OPENSSL_VERSION_NUMBER >= 0x10101001 && !defined(LIBRESSL_VERSION_NUMBER) + +void +SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SV *callback) + CODE: + if (callback==NULL || !SvOK(callback)) { + SSL_CTX_set_keylog_callback(ctx, NULL); + cb_data_advanced_put(ctx, "ssleay_ssl_ctx_keylog_callback!!func", NULL); + } else { + cb_data_advanced_put(ctx, "ssleay_ssl_ctx_keylog_callback!!func", newSVsv(callback)); + SSL_CTX_set_keylog_callback(ctx, ssl_ctx_keylog_cb_func_invoke); + } + +SV * +SSL_CTX_get_keylog_callback(const SSL_CTX *ctx) + CODE: + SV *func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_keylog_callback!!func"); + /* without increment the reference will go away and ssl_ctx_keylog_cb_func_invoke croaks */ + SvREFCNT_inc(func); + RETVAL = func; + OUTPUT: + RETVAL + +#endif + + +int +SSL_set_purpose(s,purpose) + SSL * s + int purpose + +void +SSL_set_quiet_shutdown(ssl,mode) + SSL * ssl + int mode + +void +SSL_set_shutdown(ssl,mode) + SSL * ssl + int mode + +int +SSL_set_trust(s,trust) + SSL * s + int trust + +void +SSL_set_verify_depth(s,depth) + SSL * s + int depth + +void +SSL_set_verify_result(ssl,v) + SSL * ssl + long v + +int +SSL_shutdown(s) + SSL * s + +const char * +SSL_get_version(ssl) + const SSL * ssl + +int +SSL_version(ssl) + SSL * ssl + +#if OPENSSL_VERSION_NUMBER >= 0x10100006L && !defined(LIBRESSL_VERSION_NUMBER) /* 1.1.0-pre6 */ + +int +SSL_client_version(ssl) + const SSL * ssl + +int +SSL_is_dtls(ssl) + const SSL * ssl + +#endif + +#define REM_MANUALLY_ADDED_1_09 + +X509_NAME_STACK * +SSL_load_client_CA_file(file) + const char * file + +int +SSL_add_file_cert_subjects_to_stack(stackCAs,file) + X509_NAME_STACK * stackCAs + const char * file + +#ifndef WIN32 +#ifndef VMS +#ifndef MAC_OS_pre_X + +int +SSL_add_dir_cert_subjects_to_stack(stackCAs,dir) + X509_NAME_STACK * stackCAs + const char * dir + +#endif +#endif +#endif + +int +SSL_CTX_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL) + long argl + void * argp + CRYPTO_EX_new * new_func + CRYPTO_EX_dup * dup_func + CRYPTO_EX_free * free_func + +int +SSL_CTX_set_session_id_context(ctx,sid_ctx,sid_ctx_len) + SSL_CTX * ctx + const unsigned char * sid_ctx + unsigned int sid_ctx_len + +int +SSL_set_session_id_context(ssl,sid_ctx,sid_ctx_len) + SSL * ssl + const unsigned char * sid_ctx + unsigned int sid_ctx_len + +#if OPENSSL_VERSION_NUMBER < 0x10100000L +void +SSL_CTX_set_tmp_rsa_callback(ctx, cb) + SSL_CTX * ctx + cb_ssl_int_int_ret_RSA * cb + +void +SSL_set_tmp_rsa_callback(ssl, cb) + SSL * ssl + cb_ssl_int_int_ret_RSA * cb + +#endif + +void +SSL_CTX_set_tmp_dh_callback(ctx, dh) + SSL_CTX * ctx + cb_ssl_int_int_ret_DH * dh + +void +SSL_set_tmp_dh_callback(ssl,dh) + SSL * ssl + cb_ssl_int_int_ret_DH * dh + +int +SSL_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL) + long argl + void * argp + CRYPTO_EX_new * new_func + CRYPTO_EX_dup * dup_func + CRYPTO_EX_free * free_func + +int +SSL_SESSION_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL) + long argl + void * argp + CRYPTO_EX_new * new_func + CRYPTO_EX_dup * dup_func + CRYPTO_EX_free * free_func + +#define REM_SEMIAUTOMATIC_MACRO_GEN_1_09 + +long +SSL_clear_num_renegotiations(ssl) + SSL * ssl + CODE: + RETVAL = SSL_ctrl(ssl,SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL); + OUTPUT: + RETVAL + +long +SSL_CTX_add_extra_chain_cert(ctx,x509) + SSL_CTX * ctx + X509 * x509 + CODE: + RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char*)x509); + OUTPUT: + RETVAL + +void * +SSL_CTX_get_app_data(ctx) + SSL_CTX * ctx + CODE: + RETVAL = SSL_CTX_get_ex_data(ctx,0); + OUTPUT: + RETVAL + +long +SSL_CTX_get_mode(ctx) + SSL_CTX * ctx + CODE: + RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,0,NULL); + OUTPUT: + RETVAL + +long +SSL_CTX_get_read_ahead(ctx) + SSL_CTX * ctx + CODE: + RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL); + OUTPUT: + RETVAL + +long +SSL_CTX_get_session_cache_mode(ctx) + SSL_CTX * ctx + CODE: + RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL); + OUTPUT: + RETVAL + +#if OPENSSL_VERSION_NUMBER < 0x10100000L +long +SSL_CTX_need_tmp_RSA(ctx) + SSL_CTX * ctx + CODE: + RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL); + OUTPUT: + RETVAL + +#endif + +int +SSL_CTX_set_app_data(ctx,arg) + SSL_CTX * ctx + char * arg + CODE: + RETVAL = SSL_CTX_set_ex_data(ctx,0,arg); + OUTPUT: + RETVAL + +long +SSL_CTX_set_mode(ctx,op) + SSL_CTX * ctx + long op + CODE: + RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,op,NULL); + OUTPUT: + RETVAL + +long +SSL_CTX_set_read_ahead(ctx,m) + SSL_CTX * ctx + long m + CODE: + RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL); + OUTPUT: + RETVAL + +long +SSL_CTX_set_session_cache_mode(ctx,m) + SSL_CTX * ctx + long m + CODE: + RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL); + OUTPUT: + RETVAL + +long +SSL_CTX_set_tmp_dh(ctx,dh) + SSL_CTX * ctx + DH * dh + +#if OPENSSL_VERSION_NUMBER < 0x10100000L +long +SSL_CTX_set_tmp_rsa(ctx,rsa) + SSL_CTX * ctx + RSA * rsa + +#endif + +#if OPENSSL_VERSION_NUMBER > 0x10000000L && !defined OPENSSL_NO_EC + +EC_KEY * +EC_KEY_new_by_curve_name(nid) + int nid + +void +EC_KEY_free(key) + EC_KEY * key + +long +SSL_CTX_set_tmp_ecdh(ctx,ecdh) + SSL_CTX * ctx + EC_KEY * ecdh + +int +EVP_PKEY_assign_EC_KEY(pkey,key) + EVP_PKEY * pkey + EC_KEY * key + + +EC_KEY * +EC_KEY_generate_key(curve) + SV *curve; + CODE: + EC_GROUP *group = NULL; + EC_KEY *eckey = NULL; + int nid; + + RETVAL = 0; + if (SvIOK(curve)) { + nid = SvIV(curve); + } else { + nid = OBJ_sn2nid(SvPV_nolen(curve)); +#if OPENSSL_VERSION_NUMBER > 0x10002000L + if (!nid) nid = EC_curve_nist2nid(SvPV_nolen(curve)); +#endif + if (!nid) croak("unknown curve %s",SvPV_nolen(curve)); + } + + group = EC_GROUP_new_by_curve_name(nid); + if (!group) croak("unknown curve nid=%d",nid); + EC_GROUP_set_asn1_flag(group,OPENSSL_EC_NAMED_CURVE); + + eckey = EC_KEY_new(); + if ( eckey + && EC_KEY_set_group(eckey, group) + && EC_KEY_generate_key(eckey)) { + RETVAL = eckey; + } else { + if (eckey) EC_KEY_free(eckey); + } + if (group) EC_GROUP_free(group); + + OUTPUT: + RETVAL + + +#ifdef SSL_CTRL_SET_ECDH_AUTO + +long +SSL_CTX_set_ecdh_auto(ctx,onoff) + SSL_CTX * ctx + int onoff + +long +SSL_set_ecdh_auto(ssl,onoff) + SSL * ssl + int onoff + +#endif + +#ifdef SSL_CTRL_SET_CURVES_LIST + +long +SSL_CTX_set1_curves_list(ctx,list) + SSL_CTX * ctx + char * list + +long +SSL_set1_curves_list(ssl,list) + SSL * ssl + char * list + +#endif + +#if SSL_CTRL_SET_GROUPS_LIST + +long +SSL_CTX_set1_groups_list(ctx,list) + SSL_CTX * ctx + char * list + +long +SSL_set1_groups_list(ssl,list) + SSL * ssl + char * list + +#endif + + + +#endif + +void * +SSL_get_app_data(s) + SSL * s + CODE: + RETVAL = SSL_get_ex_data(s,0); + OUTPUT: + RETVAL + +int +SSL_get_cipher_bits(s,np=NULL) + SSL * s + int * np + CODE: + RETVAL = SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np); + OUTPUT: + RETVAL + +long +SSL_get_mode(ssl) + SSL * ssl + CODE: + RETVAL = SSL_ctrl(ssl,SSL_CTRL_MODE,0,NULL); + OUTPUT: + RETVAL + +void +SSL_set_state(ssl,state) + SSL * ssl + int state + CODE: +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + /* not available */ +#elif defined(OPENSSL_NO_SSL_INTERN) + SSL_set_state(ssl,state); +#else + ssl->state = state; +#endif + +#if OPENSSL_VERSION_NUMBER < 0x10100000L +long +SSL_need_tmp_RSA(ssl) + SSL * ssl + CODE: + RETVAL = SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL); + OUTPUT: + RETVAL + + +#endif + +long +SSL_num_renegotiations(ssl) + SSL * ssl + CODE: + RETVAL = SSL_ctrl(ssl,SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL); + OUTPUT: + RETVAL + +void * +SSL_SESSION_get_app_data(ses) + SSL_SESSION * ses + CODE: + RETVAL = SSL_SESSION_get_ex_data(ses,0); + OUTPUT: + RETVAL + +long +SSL_session_reused(ssl) + SSL * ssl + +int +SSL_SESSION_set_app_data(s,a) + SSL_SESSION * s + void * a + CODE: + RETVAL = SSL_SESSION_set_ex_data(s,0,(char *)a); + OUTPUT: + RETVAL + +int +SSL_set_app_data(s,arg) + SSL * s + void * arg + CODE: + RETVAL = SSL_set_ex_data(s,0,(char *)arg); + OUTPUT: + RETVAL + +long +SSL_set_mode(ssl,op) + SSL * ssl + long op + CODE: + RETVAL = SSL_ctrl(ssl,SSL_CTRL_MODE,op,NULL); + OUTPUT: + RETVAL + +int +SSL_set_pref_cipher(s,n) + SSL * s + const char * n + CODE: + RETVAL = SSL_set_cipher_list(s,n); + OUTPUT: + RETVAL + +long +SSL_set_tmp_dh(ssl,dh) + SSL * ssl + DH * dh + +#if OPENSSL_VERSION_NUMBER < 0x10100000L +long +SSL_set_tmp_rsa(ssl,rsa) + SSL * ssl + char * rsa + CODE: + RETVAL = SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa); + OUTPUT: + RETVAL + +#endif + +#if OPENSSL_VERSION_NUMBER >= 0x0090800fL + +RSA * +RSA_generate_key(bits,ee,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef) + int bits + unsigned long ee + SV* perl_cb + SV* perl_data + PREINIT: + simple_cb_data_t* cb_data = NULL; + CODE: + /* openssl 0.9.8 deprecated RSA_generate_key. */ + /* This equivalent was contributed by Brian Fraser for Android, */ + /* but was not portable to old OpenSSLs where RSA_generate_key_ex is not available. */ + /* It should now be more versatile. */ + /* as of openssl 1.1.0-pre1 it is not possible anymore to generate the BN_GENCB structure directly. */ + /* instead BN_EGNCB_new() has to be used. */ + int rc; + RSA * ret; + BIGNUM *e; + e = BN_new(); + if(!e) + croak("Net::SSLeay: RSA_generate_key perl function could not create BN structure.\n"); + BN_set_word(e, ee); + cb_data = simple_cb_data_new(perl_cb, perl_data); + + ret = RSA_new(); + if(!ret) { + simple_cb_data_free(cb_data); + BN_free(e); + croak("Net::SSLeay: RSA_generate_key perl function could not create RSA structure.\n"); + } +#if (OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) + BN_GENCB *new_cb; + new_cb = BN_GENCB_new(); + if(!new_cb) { + simple_cb_data_free(cb_data); + BN_free(e); + RSA_free(ret); + croak("Net::SSLeay: RSA_generate_key perl function could not create BN_GENCB structure.\n"); + } + BN_GENCB_set_old(new_cb, ssleay_RSA_generate_key_cb_invoke, cb_data); + rc = RSA_generate_key_ex(ret, bits, e, new_cb); + BN_GENCB_free(new_cb); +#else + BN_GENCB new_cb; + BN_GENCB_set_old(&new_cb, ssleay_RSA_generate_key_cb_invoke, cb_data); + rc = RSA_generate_key_ex(ret, bits, e, &new_cb); +#endif + simple_cb_data_free(cb_data); + BN_free(e); + if (rc == -1 || ret == NULL) { + if (ret) RSA_free(ret); + croak("Net::SSLeay: Couldn't generate RSA key"); + } + e = NULL; + RETVAL = ret; + OUTPUT: + RETVAL + +#else + +RSA * +RSA_generate_key(bits,e,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef) + int bits + unsigned long e + SV* perl_cb + SV* perl_data + PREINIT: + simple_cb_data_t* cb = NULL; + CODE: + cb = simple_cb_data_new(perl_cb, perl_data); + RETVAL = RSA_generate_key(bits, e, ssleay_RSA_generate_key_cb_invoke, cb); + simple_cb_data_free(cb); + OUTPUT: + RETVAL + +#endif + +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + +void +RSA_get_key_parameters(rsa) + RSA * rsa +PPCODE: +{ + /* Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use */ + XPUSHs(bn2sv(rsa->n)); + XPUSHs(bn2sv(rsa->e)); + XPUSHs(bn2sv(rsa->d)); + XPUSHs(bn2sv(rsa->p)); + XPUSHs(bn2sv(rsa->q)); + XPUSHs(bn2sv(rsa->dmp1)); + XPUSHs(bn2sv(rsa->dmq1)); + XPUSHs(bn2sv(rsa->iqmp)); +} + +#endif + +void +RSA_free(r) + RSA * r + +X509 * +X509_new() + +void +X509_free(a) + X509 * a + +X509_CRL * +d2i_X509_CRL_bio(BIO *bp,void *unused=NULL) + +X509_REQ * +d2i_X509_REQ_bio(BIO *bp,void *unused=NULL) + +X509 * +d2i_X509_bio(BIO *bp,void *unused=NULL) + +DH * +PEM_read_bio_DHparams(bio,x=NULL,cb=NULL,u=NULL) + BIO * bio + void * x + pem_password_cb * cb + void * u + +X509_CRL * +PEM_read_bio_X509_CRL(bio,x=NULL,cb=NULL,u=NULL) + BIO * bio + void * x + pem_password_cb * cb + void * u + +X509 * +PEM_read_bio_X509(BIO *bio,void *x=NULL,void *cb=NULL,void *u=NULL) + +STACK_OF(X509_INFO) * +PEM_X509_INFO_read_bio(bio, stack=NULL, cb=NULL, u=NULL) + BIO * bio + STACK_OF(X509_INFO) * stack + pem_password_cb * cb + void * u + +int +sk_X509_INFO_num(stack) + STACK_OF(X509_INFO) * stack + +X509_INFO * +sk_X509_INFO_value(stack, index) + const STACK_OF(X509_INFO) * stack + int index + +void +sk_X509_INFO_free(stack) + STACK_OF(X509_INFO) * stack + +STACK_OF(X509) * +sk_X509_new_null() + +void +sk_X509_free(stack) + STACK_OF(X509) * stack + +int +sk_X509_push(stack, data) + STACK_OF(X509) * stack + X509 * data + +X509 * +sk_X509_pop(stack) + STACK_OF(X509) * stack + +X509 * +sk_X509_shift(stack) + STACK_OF(X509) * stack + +int +sk_X509_unshift(stack,x509) + STACK_OF(X509) * stack + X509 * x509 + +int +sk_X509_insert(stack,x509,index) + STACK_OF(X509) * stack + X509 * x509 + int index + +X509 * +sk_X509_delete(stack,index) + STACK_OF(X509) * stack + int index + +X509 * +sk_X509_value(stack,index) + STACK_OF(X509) * stack + int index + +int +sk_X509_num(stack) + STACK_OF(X509) * stack + +X509 * +P_X509_INFO_get_x509(info) + X509_INFO * info + CODE: + RETVAL = info->x509; + OUTPUT: + RETVAL + +X509_REQ * +PEM_read_bio_X509_REQ(BIO *bio,void *x=NULL,pem_password_cb *cb=NULL,void *u=NULL) + +EVP_PKEY * +PEM_read_bio_PrivateKey(bio,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef) + BIO *bio + SV* perl_cb + SV* perl_data + PREINIT: + simple_cb_data_t* cb = NULL; + CODE: + RETVAL = 0; + if (SvOK(perl_cb)) { + /* setup our callback */ + cb = simple_cb_data_new(perl_cb, perl_data); + RETVAL = PEM_read_bio_PrivateKey(bio, NULL, pem_password_cb_invoke, (void*)cb); + simple_cb_data_free(cb); + } + else if (!SvOK(perl_cb) && SvOK(perl_data) && SvPOK(perl_data)) { + /* use perl_data as the password */ + RETVAL = PEM_read_bio_PrivateKey(bio, NULL, NULL, SvPVX(perl_data)); + } + else if (!SvOK(perl_cb) && !SvOK(perl_data)) { + /* will trigger default password callback */ + RETVAL = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL); + } + OUTPUT: + RETVAL + +void +DH_free(dh) + DH * dh + +long +SSL_total_renegotiations(ssl) + SSL * ssl + CODE: + RETVAL = SSL_ctrl(ssl,SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL); + OUTPUT: + RETVAL + +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) +void +SSL_SESSION_get_master_key(s) + SSL_SESSION * s + PREINIT: + size_t master_key_length; + unsigned char* master_key; + CODE: + ST(0) = sv_newmortal(); /* Undefined to start with */ + master_key_length = SSL_SESSION_get_master_key(s, 0, 0); /* get the length */ + New(0, master_key, master_key_length, unsigned char); + SSL_SESSION_get_master_key(s, master_key, master_key_length); + sv_setpvn(ST(0), (const char*)master_key, master_key_length); + Safefree(master_key); + +#else +void +SSL_SESSION_get_master_key(s) + SSL_SESSION * s + CODE: + ST(0) = sv_newmortal(); /* Undefined to start with */ + sv_setpvn(ST(0), (const char*)s->master_key, s->master_key_length); + +#endif + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + +void +SSL_SESSION_set_master_key(s,key) + SSL_SESSION * s + PREINIT: + STRLEN len; + INPUT: + char * key = SvPV(ST(1), len); + CODE: + memcpy(s->master_key, key, len); + s->master_key_length = len; + +#endif + +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) + +void +SSL_get_client_random(s) + SSL * s + PREINIT: + size_t random_length; + unsigned char* random_data; + CODE: + ST(0) = sv_newmortal(); /* Undefined to start with */ + random_length = SSL_get_client_random(s, 0, 0); /* get the length */ + New(0, random_data, random_length, unsigned char); + SSL_get_client_random(s, random_data, random_length); + sv_setpvn(ST(0), (const char*)random_data, random_length); + Safefree(random_data); + +#else + +void +SSL_get_client_random(s) + SSL * s + CODE: + ST(0) = sv_newmortal(); /* Undefined to start with */ + sv_setpvn(ST(0), (const char*)s->s3->client_random, SSL3_RANDOM_SIZE); + +#endif + +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) + +void +SSL_get_server_random(s) + SSL * s + PREINIT: + size_t random_length; + unsigned char* random_data; + CODE: + ST(0) = sv_newmortal(); /* Undefined to start with */ + random_length = SSL_get_server_random(s, 0, 0); /* get the length */ + New(0, random_data, random_length, unsigned char); + SSL_get_server_random(s, random_data, random_length); + sv_setpvn(ST(0), (const char*)random_data, random_length); + Safefree(random_data); + +#else + +void +SSL_get_server_random(s) + SSL * s + CODE: + ST(0) = sv_newmortal(); /* Undefined to start with */ + sv_setpvn(ST(0), (const char*)s->s3->server_random, SSL3_RANDOM_SIZE); + +#endif + +int +SSL_get_keyblock_size(s) + SSL * s + CODE: +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) + const SSL_CIPHER *ssl_cipher; + int cipher = NID_undef, digest = NID_undef, mac_secret_size = 0; + const EVP_CIPHER *c = NULL; + const EVP_MD *h = NULL; + + ssl_cipher = SSL_get_current_cipher(s); + if (ssl_cipher) + cipher = SSL_CIPHER_get_cipher_nid(ssl_cipher); + if (cipher != NID_undef) + c = EVP_get_cipherbynid(cipher); + + if (ssl_cipher) + digest = SSL_CIPHER_get_digest_nid(ssl_cipher); + if (digest != NID_undef) /* No digest if e.g., AEAD cipher */ + h = EVP_get_digestbynid(digest); + if (h) + mac_secret_size = EVP_MD_size(h); + + RETVAL = -1; + if (c) + RETVAL = 2 * (EVP_CIPHER_key_length(c) + mac_secret_size + + EVP_CIPHER_iv_length(c)); +#else + if (s == NULL || + s->enc_read_ctx == NULL || + s->enc_read_ctx->cipher == NULL || + s->read_hash == NULL) + { + RETVAL = -1; + } + else + { + const EVP_CIPHER *c; + const EVP_MD *h; + int md_size = -1; + c = s->enc_read_ctx->cipher; +#if OPENSSL_VERSION_NUMBER >= 0x10001000L + h = NULL; + if (s->s3) + md_size = s->s3->tmp.new_mac_secret_size; +#elif OPENSSL_VERSION_NUMBER >= 0x00909000L + h = EVP_MD_CTX_md(s->read_hash); + md_size = EVP_MD_size(h); +#else + h = s->read_hash; + md_size = EVP_MD_size(h); +#endif + /* No digest if e.g., AEAD cipher */ + RETVAL = (md_size >= 0) ? (2 * (EVP_CIPHER_key_length(c) + + md_size + + EVP_CIPHER_iv_length(c))) + : -1; + } +#endif + + OUTPUT: + RETVAL + + + +#if defined(SSL_F_SSL_SET_HELLO_EXTENSION) +int +SSL_set_hello_extension(s, type, data) + SSL * s + int type + PREINIT: + STRLEN len; + INPUT: + char * data = SvPV( ST(2), len); + CODE: + RETVAL = SSL_set_hello_extension(s, type, data, len); + OUTPUT: + RETVAL + +#endif + +#if defined(SSL_F_SSL_SET_HELLO_EXTENSION) || defined(SSL_F_SSL_SET_SESSION_TICKET_EXT) + +void +SSL_set_session_secret_cb(s,callback=&PL_sv_undef,data=&PL_sv_undef) + SSL * s + SV * callback + SV * data + CODE: + if (callback==NULL || !SvOK(callback)) { + SSL_set_session_secret_cb(s, NULL, NULL); + cb_data_advanced_put(s, "ssleay_session_secret_cb!!func", NULL); + cb_data_advanced_put(s, "ssleay_session_secret_cb!!data", NULL); + } + else { + cb_data_advanced_put(s, "ssleay_session_secret_cb!!func", newSVsv(callback)); + cb_data_advanced_put(s, "ssleay_session_secret_cb!!data", newSVsv(data)); + SSL_set_session_secret_cb(s, (tls_session_secret_cb_fn)&ssleay_session_secret_cb_invoke, s); + } + +#endif + +#ifdef NET_SSLEAY_CAN_PSK_CLIENT_CALLBACK + +void +SSL_set_psk_client_callback(s,callback=&PL_sv_undef) + SSL * s + SV * callback + CODE: + if (callback==NULL || !SvOK(callback)) { + SSL_set_psk_client_callback(s, NULL); + cb_data_advanced_put(s, "ssleay_set_psk_client_callback!!func", NULL); + } + else { + cb_data_advanced_put(s, "ssleay_set_psk_client_callback!!func", newSVsv(callback)); + SSL_set_psk_client_callback(s, ssleay_set_psk_client_callback_invoke); + } + +void +SSL_CTX_set_psk_client_callback(ctx,callback=&PL_sv_undef) + SSL_CTX * ctx + SV * callback + CODE: + if (callback==NULL || !SvOK(callback)) { + SSL_CTX_set_psk_client_callback(ctx, NULL); + cb_data_advanced_put(ctx, "ssleay_ctx_set_psk_client_callback!!func", NULL); + } + else { + cb_data_advanced_put(ctx, "ssleay_ctx_set_psk_client_callback!!func", newSVsv(callback)); + SSL_CTX_set_psk_client_callback(ctx, ssleay_ctx_set_psk_client_callback_invoke); + } + +#endif + +#ifdef NET_SSLEAY_CAN_TICKET_KEY_CB + +void +SSL_CTX_set_tlsext_ticket_getkey_cb(ctx,callback=&PL_sv_undef,data=&PL_sv_undef) + SSL_CTX * ctx + SV * callback + SV * data + CODE: + if (callback==NULL || !SvOK(callback)) { + SSL_CTX_set_tlsext_ticket_key_cb(ctx, NULL); + cb_data_advanced_put(ctx, "tlsext_ticket_key_cb!!func", NULL); + cb_data_advanced_put(ctx, "tlsext_ticket_key_cb!!data", NULL); + } + else { + cb_data_advanced_put(ctx, "tlsext_ticket_key_cb!!func", newSVsv(callback)); + cb_data_advanced_put(ctx, "tlsext_ticket_key_cb!!data", newSVsv(data)); + SSL_CTX_set_tlsext_ticket_key_cb(ctx, &tlsext_ticket_key_cb_invoke); + } + + +#endif + + +#if OPENSSL_VERSION_NUMBER < 0x0090700fL +#define REM11 "NOTE: before 0.9.7" + +int EVP_add_digest(EVP_MD *digest) + +#else + +int EVP_add_digest(const EVP_MD *digest) + +#endif + +#ifndef OPENSSL_NO_SHA + +const EVP_MD *EVP_sha1() + +#endif +#if !defined(OPENSSL_NO_SHA256) && OPENSSL_VERSION_NUMBER >= 0x0090800fL + +const EVP_MD *EVP_sha256() + +#endif +#if !defined(OPENSSL_NO_SHA512) && OPENSSL_VERSION_NUMBER >= 0x0090800fL + +const EVP_MD *EVP_sha512() + +#endif +void OpenSSL_add_all_digests() + +const EVP_MD * EVP_get_digestbyname(const char *name) + +int EVP_MD_type(const EVP_MD *md) + +int EVP_MD_size(const EVP_MD *md) + +#if OPENSSL_VERSION_NUMBER >= 0x1000000fL + +SV* +P_EVP_MD_list_all() + INIT: + AV * results; + CODE: + results = (AV *)sv_2mortal((SV *)newAV()); + EVP_MD_do_all_sorted(handler_list_md_fn, results); + RETVAL = newRV((SV *)results); + OUTPUT: + RETVAL + +#endif + +#if OPENSSL_VERSION_NUMBER >= 0x0090700fL +#define REM16 "NOTE: requires 0.9.7+" + +const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx) + +EVP_MD_CTX *EVP_MD_CTX_create() + +int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) + +int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) + +void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) + +void +EVP_DigestUpdate(ctx,data) + PREINIT: + STRLEN len; + INPUT: + EVP_MD_CTX *ctx = INT2PTR(EVP_MD_CTX *, SvIV(ST(0))); + unsigned char *data = (unsigned char *) SvPV(ST(1), len); + CODE: + XSRETURN_IV(EVP_DigestUpdate(ctx,data,len)); + +void +EVP_DigestFinal(ctx) + EVP_MD_CTX *ctx + INIT: + unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int md_size; + CODE: + if (EVP_DigestFinal(ctx,md,&md_size)) + XSRETURN_PVN((char *)md, md_size); + else + XSRETURN_UNDEF; + +void +EVP_DigestFinal_ex(ctx) + EVP_MD_CTX *ctx + INIT: + unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int md_size; + CODE: + if (EVP_DigestFinal_ex(ctx,md,&md_size)) + XSRETURN_PVN((char *)md, md_size); + else + XSRETURN_UNDEF; + +void +EVP_Digest(...) + PREINIT: + STRLEN len; + unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int md_size; + INPUT: + unsigned char *data = (unsigned char *) SvPV(ST(0), len); + EVP_MD *type = INT2PTR(EVP_MD *, SvIV(ST(1))); + ENGINE *impl = (items>2 && SvOK(ST(2))) ? INT2PTR(ENGINE *, SvIV(ST(2))) : NULL; + CODE: + if (EVP_Digest(data,len,md,&md_size,type,impl)) + XSRETURN_PVN((char *)md, md_size); + else + XSRETURN_UNDEF; + +#endif + +const EVP_CIPHER * +EVP_get_cipherbyname(const char *name) + +void +OpenSSL_add_all_algorithms() + +#if OPENSSL_VERSION_NUMBER >= 0x0090700fL + +void +OPENSSL_add_all_algorithms_noconf() + +void +OPENSSL_add_all_algorithms_conf() + +#endif + +#if OPENSSL_VERSION_NUMBER >= 0x10000003L + +int +SSL_CTX_set1_param(ctx, vpm) + SSL_CTX * ctx + X509_VERIFY_PARAM *vpm + +int +SSL_set1_param(ctx, vpm) + SSL * ctx + X509_VERIFY_PARAM *vpm + +#endif + +#if OPENSSL_VERSION_NUMBER >= 0x0090800fL + +X509_VERIFY_PARAM * +X509_VERIFY_PARAM_new() + +void +X509_VERIFY_PARAM_free(param) + X509_VERIFY_PARAM *param + +int +X509_VERIFY_PARAM_inherit(to, from) + X509_VERIFY_PARAM *to + X509_VERIFY_PARAM *from + +int +X509_VERIFY_PARAM_set1(to, from) + X509_VERIFY_PARAM *to + X509_VERIFY_PARAM *from + +int +X509_VERIFY_PARAM_set1_name(param, name) + X509_VERIFY_PARAM *param + const char *name + +int +X509_VERIFY_PARAM_set_flags(param, flags) + X509_VERIFY_PARAM *param + unsigned long flags + +#if OPENSSL_VERSION_NUMBER >= 0x0090801fL +#define REM13 "NOTE: requires 0.9.8a+" + +int +X509_VERIFY_PARAM_clear_flags(param, flags) + X509_VERIFY_PARAM *param + unsigned long flags + +unsigned long +X509_VERIFY_PARAM_get_flags(param) + X509_VERIFY_PARAM *param + +#endif + +int +X509_VERIFY_PARAM_set_purpose(param, purpose) + X509_VERIFY_PARAM *param + int purpose + +int +X509_VERIFY_PARAM_set_trust(param, trust) + X509_VERIFY_PARAM *param + int trust + +void +X509_VERIFY_PARAM_set_depth(param, depth) + X509_VERIFY_PARAM *param + int depth + +void +X509_VERIFY_PARAM_set_time(param, t) + X509_VERIFY_PARAM *param + time_t t + +int +X509_VERIFY_PARAM_add0_policy(param, policy) + X509_VERIFY_PARAM *param + ASN1_OBJECT *policy + +int +X509_VERIFY_PARAM_set1_policies(param, policies) + X509_VERIFY_PARAM *param + STACK_OF(ASN1_OBJECT) *policies + +int +X509_VERIFY_PARAM_get_depth(param) + X509_VERIFY_PARAM *param + +int +X509_VERIFY_PARAM_add0_table(param) + X509_VERIFY_PARAM *param + +const X509_VERIFY_PARAM * +X509_VERIFY_PARAM_lookup(name) + const char *name + +void +X509_VERIFY_PARAM_table_cleanup() + +#if (OPENSSL_VERSION_NUMBER >= 0x10002001L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) /* OpenSSL 1.0.2-beta1, LibreSSL 2.7.0 */ + +X509_VERIFY_PARAM * +SSL_CTX_get0_param(ctx) + SSL_CTX * ctx + +X509_VERIFY_PARAM * +SSL_get0_param(ssl) + SSL * ssl + +int +X509_VERIFY_PARAM_set1_host(param, name) + X509_VERIFY_PARAM *param + PREINIT: + STRLEN namelen; + INPUT: + const char * name = SvPV(ST(1), namelen); + CODE: + RETVAL = X509_VERIFY_PARAM_set1_host(param, name, namelen); + OUTPUT: + RETVAL + +int +X509_VERIFY_PARAM_set1_email(param, email) + X509_VERIFY_PARAM *param + PREINIT: + STRLEN emaillen; + INPUT: + const char * email = SvPV(ST(1), emaillen); + CODE: + RETVAL = X509_VERIFY_PARAM_set1_email(param, email, emaillen); + OUTPUT: + RETVAL + +int +X509_VERIFY_PARAM_set1_ip(param, ip) + X509_VERIFY_PARAM *param + PREINIT: + STRLEN iplen; + INPUT: + const unsigned char * ip = (const unsigned char *)SvPV(ST(1), iplen); + CODE: + RETVAL = X509_VERIFY_PARAM_set1_ip(param, ip, iplen); + OUTPUT: + RETVAL + +int +X509_VERIFY_PARAM_set1_ip_asc(param, ipasc) + X509_VERIFY_PARAM *param + const char *ipasc + +#endif /* OpenSSL 1.0.2-beta1, LibreSSL 2.7.0 */ + +#if (OPENSSL_VERSION_NUMBER >= 0x10002002L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) /* OpenSSL 1.0.2-beta2, LibreSSL 2.7.0 */ + +int +X509_VERIFY_PARAM_add1_host(param, name) + X509_VERIFY_PARAM *param + PREINIT: + STRLEN namelen; + INPUT: + const char * name = SvPV(ST(1), namelen); + CODE: + RETVAL = X509_VERIFY_PARAM_add1_host(param, name, namelen); + OUTPUT: + RETVAL + +void +X509_VERIFY_PARAM_set_hostflags(param, flags) + X509_VERIFY_PARAM *param + unsigned int flags + +char * +X509_VERIFY_PARAM_get0_peername(param) + X509_VERIFY_PARAM *param + +#endif /* OpenSSL 1.0.2-beta2, LibreSSL 2.7.0 */ + +void +X509_policy_tree_free(tree) + X509_POLICY_TREE *tree + +int +X509_policy_tree_level_count(tree) + X509_POLICY_TREE *tree + +X509_POLICY_LEVEL * +X509_policy_tree_get0_level(tree, i) + X509_POLICY_TREE *tree + int i + +STACK_OF(X509_POLICY_NODE) * +X509_policy_tree_get0_policies(tree) + X509_POLICY_TREE *tree + +STACK_OF(X509_POLICY_NODE) * +X509_policy_tree_get0_user_policies(tree) + X509_POLICY_TREE *tree + +int +X509_policy_level_node_count(level) + X509_POLICY_LEVEL *level + +X509_POLICY_NODE * +X509_policy_level_get0_node(level, i) + X509_POLICY_LEVEL *level + int i + +const ASN1_OBJECT * +X509_policy_node_get0_policy(node) + const X509_POLICY_NODE *node + +STACK_OF(POLICYQUALINFO) * +X509_policy_node_get0_qualifiers(node) + X509_POLICY_NODE *node + +const X509_POLICY_NODE * +X509_policy_node_get0_parent(node) + const X509_POLICY_NODE *node + +#endif + +ASN1_OBJECT * +OBJ_dup(o) + ASN1_OBJECT *o + +ASN1_OBJECT * +OBJ_nid2obj(n) + int n + +const char * +OBJ_nid2ln(n) + int n + +const char * +OBJ_nid2sn(n) + int n + +int +OBJ_obj2nid(o) + ASN1_OBJECT *o + +ASN1_OBJECT * +OBJ_txt2obj(s, no_name=0) + const char *s + int no_name + +void +OBJ_obj2txt(a, no_name=0) + ASN1_OBJECT *a + int no_name + PREINIT: + char buf[100]; /* openssl doc: a buffer length of 80 should be more than enough to handle any OID encountered in practice */ + int len; + CODE: + len = OBJ_obj2txt(buf, sizeof(buf), a, no_name); + ST(0) = sv_newmortal(); + sv_setpvn(ST(0), buf, len); + +#if OPENSSL_VERSION_NUMBER < 0x0090700fL +#define REM14 "NOTE: before 0.9.7" + +int +OBJ_txt2nid(s) + char *s + +#else + +int +OBJ_txt2nid(s) + const char *s + +#endif + +int +OBJ_ln2nid(s) + const char *s + +int +OBJ_sn2nid(s) + const char *s + +int +OBJ_cmp(a, b) + ASN1_OBJECT *a + ASN1_OBJECT *b + +#if OPENSSL_VERSION_NUMBER >= 0x0090700fL + +void +X509_pubkey_digest(data,type) + const X509 *data + const EVP_MD *type + PREINIT: + unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int md_size; + PPCODE: + if (X509_pubkey_digest(data,type,md,&md_size)) + XSRETURN_PVN((char *)md, md_size); + else + XSRETURN_UNDEF; + +#endif + +void +X509_digest(data,type) + const X509 *data + const EVP_MD *type + PREINIT: + unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int md_size; + PPCODE: + if (X509_digest(data,type,md,&md_size)) + XSRETURN_PVN((char *)md, md_size); + XSRETURN_UNDEF; + +void +X509_CRL_digest(data,type) + const X509_CRL *data + const EVP_MD *type + PREINIT: + unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int md_size; + PPCODE: + if (X509_CRL_digest(data,type,md,&md_size)) + XSRETURN_PVN((char *)md, md_size); + XSRETURN_UNDEF; + +void +X509_REQ_digest(data,type) + const X509_REQ *data + const EVP_MD *type + PREINIT: + unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int md_size; + PPCODE: + if (X509_REQ_digest(data,type,md,&md_size)) + XSRETURN_PVN((char *)md, md_size); + XSRETURN_UNDEF; + +void +X509_NAME_digest(data,type) + const X509_NAME *data + const EVP_MD *type + PREINIT: + unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int md_size; + PPCODE: + if (X509_NAME_digest(data,type,md,&md_size)) + XSRETURN_PVN((char *)md, md_size); + XSRETURN_UNDEF; + +unsigned long +X509_subject_name_hash(X509 *x) + +unsigned long +X509_issuer_name_hash(X509 *a) + +unsigned long +X509_issuer_and_serial_hash(X509 *a) + +ASN1_OBJECT * +P_X509_get_signature_alg(x) + X509 * x + CODE: +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + RETVAL = (X509_get0_tbs_sigalg(x)->algorithm); +#else + RETVAL = (x->cert_info->signature->algorithm); +#endif + OUTPUT: + RETVAL + +ASN1_OBJECT * +P_X509_get_pubkey_alg(x) + X509 * x + PREINIT: + CODE: +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + { + X509_ALGOR * algor; + X509_PUBKEY_get0_param(0, 0, 0, &algor, X509_get_X509_PUBKEY(x)); + RETVAL = (algor->algorithm); + } +#else + RETVAL = (x->cert_info->key->algor->algorithm); +#endif + OUTPUT: + RETVAL + +void +X509_get_X509_PUBKEY(x) + const X509 *x + PPCODE: + X509_PUBKEY *pkey; + STRLEN len; + unsigned char *pc, *pi; + if (!(pkey = X509_get_X509_PUBKEY(x))) croak("invalid certificate"); + if (!(len = i2d_X509_PUBKEY(pkey, NULL))) croak("invalid certificate public key"); + Newx(pc,len,unsigned char); + if (!pc) croak("out of memory"); + pi = pc; + i2d_X509_PUBKEY(pkey, &pi); + if (pi-pc != len) croak("invalid encoded length"); + XPUSHs(sv_2mortal(newSVpv((char*)pc,len))); + Safefree(pc); + +#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) && !defined(LIBRESSL_VERSION_NUMBER) + +int +SSL_CTX_set_next_protos_advertised_cb(ctx,callback,data=&PL_sv_undef) + SSL_CTX * ctx + SV * callback + SV * data + CODE: + RETVAL = 1; + if (callback==NULL || !SvOK(callback)) { + SSL_CTX_set_next_protos_advertised_cb(ctx, NULL, NULL); + cb_data_advanced_put(ctx, "next_protos_advertised_cb!!func", NULL); + cb_data_advanced_put(ctx, "next_protos_advertised_cb!!data", NULL); + PR1("SSL_CTX_set_next_protos_advertised_cb - undef\n"); + } + else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVAV)) { + /* callback param array ref like ['proto1','proto2'] */ + cb_data_advanced_put(ctx, "next_protos_advertised_cb!!func", NULL); + cb_data_advanced_put(ctx, "next_protos_advertised_cb!!data", newSVsv(callback)); + SSL_CTX_set_next_protos_advertised_cb(ctx, next_protos_advertised_cb_invoke, ctx); + PR2("SSL_CTX_set_next_protos_advertised_cb - simple ctx=%p\n",ctx); + } + else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) { + cb_data_advanced_put(ctx, "next_protos_advertised_cb!!func", newSVsv(callback)); + cb_data_advanced_put(ctx, "next_protos_advertised_cb!!data", newSVsv(data)); + SSL_CTX_set_next_protos_advertised_cb(ctx, next_protos_advertised_cb_invoke, ctx); + PR2("SSL_CTX_set_next_protos_advertised_cb - advanced ctx=%p\n",ctx); + } + else { + RETVAL = 0; + } + OUTPUT: + RETVAL + +int +SSL_CTX_set_next_proto_select_cb(ctx,callback,data=&PL_sv_undef) + SSL_CTX * ctx + SV * callback + SV * data + CODE: + RETVAL = 1; + if (callback==NULL || !SvOK(callback)) { + SSL_CTX_set_next_proto_select_cb(ctx, NULL, NULL); + cb_data_advanced_put(ctx, "next_proto_select_cb!!func", NULL); + cb_data_advanced_put(ctx, "next_proto_select_cb!!data", NULL); + PR1("SSL_CTX_set_next_proto_select_cb - undef\n"); + } + else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVAV)) { + /* callback param array ref like ['proto1','proto2'] */ + cb_data_advanced_put(ctx, "next_proto_select_cb!!func", NULL); + cb_data_advanced_put(ctx, "next_proto_select_cb!!data", newSVsv(callback)); + SSL_CTX_set_next_proto_select_cb(ctx, next_proto_select_cb_invoke, ctx); + PR2("SSL_CTX_set_next_proto_select_cb - simple ctx=%p\n",ctx); + } + else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) { + cb_data_advanced_put(ctx, "next_proto_select_cb!!func", newSVsv(callback)); + cb_data_advanced_put(ctx, "next_proto_select_cb!!data", newSVsv(data)); + SSL_CTX_set_next_proto_select_cb(ctx, next_proto_select_cb_invoke, ctx); + PR2("SSL_CTX_set_next_proto_select_cb - advanced ctx=%p\n",ctx); + } + else { + RETVAL = 0; + } + OUTPUT: + RETVAL + +void +P_next_proto_negotiated(s) + const SSL *s + PREINIT: + const unsigned char *data; + unsigned int len; + PPCODE: + SSL_get0_next_proto_negotiated(s, &data, &len); + XPUSHs(sv_2mortal(newSVpv((char *)data, len))); + +void +P_next_proto_last_status(s) + const SSL *s + PPCODE: + XPUSHs(sv_2mortal(newSVsv(cb_data_advanced_get((void*)s, "next_proto_select_cb!!last_status")))); + +#endif + +#if OPENSSL_VERSION_NUMBER >= 0x10000000L + +#if !defined(OPENSSL_NO_TLSEXT) + +int +SSL_set_tlsext_status_type(SSL *ssl,int cmd) + +long +SSL_set_tlsext_status_ocsp_resp(ssl,staple) + SSL * ssl + PREINIT: + char * p; + STRLEN staplelen; + INPUT: + char * staple = SvPV( ST(1), staplelen); + CODE: + /* OpenSSL will free the memory */ + New(0, p, staplelen, char); + memcpy(p, staple, staplelen); + RETVAL = SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,staplelen,(void *)p); + OUTPUT: + RETVAL + +int +SSL_CTX_set_tlsext_status_cb(ctx,callback,data=&PL_sv_undef) + SSL_CTX * ctx + SV * callback + SV * data + CODE: + RETVAL = 1; + if (callback==NULL || !SvOK(callback)) { + cb_data_advanced_put(ctx, "tlsext_status_cb!!func", NULL); + cb_data_advanced_put(ctx, "tlsext_status_cb!!data", NULL); + SSL_CTX_set_tlsext_status_cb(ctx, NULL); + } else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) { + cb_data_advanced_put(ctx, "tlsext_status_cb!!func", newSVsv(callback)); + cb_data_advanced_put(ctx, "tlsext_status_cb!!data", newSVsv(data)); + SSL_CTX_set_tlsext_status_cb(ctx, tlsext_status_cb_invoke); + } else { + croak("argument must be code reference"); + } + OUTPUT: + RETVAL + +int +SSL_set_session_ticket_ext_cb(ssl,callback,data=&PL_sv_undef) + SSL * ssl + SV * callback + SV * data + CODE: + RETVAL = 1; + if (callback==NULL || !SvOK(callback)) { + cb_data_advanced_put(ssl, "session_ticket_ext_cb!!func", NULL); + cb_data_advanced_put(ssl, "session_ticket_ext_cb!!data", NULL); + SSL_set_session_ticket_ext_cb(ssl, NULL, NULL); + } else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) { + cb_data_advanced_put(ssl, "session_ticket_ext_cb!!func", newSVsv(callback)); + cb_data_advanced_put(ssl, "session_ticket_ext_cb!!data", newSVsv(data)); + SSL_set_session_ticket_ext_cb(ssl, (tls_session_ticket_ext_cb_fn)&session_ticket_ext_cb_invoke, ssl); + } else { + croak("argument must be code reference"); + } + OUTPUT: + RETVAL + +int +SSL_set_session_ticket_ext(ssl,ticket) + SSL *ssl + PREINIT: + unsigned char * p; + STRLEN ticketlen; + INPUT: + unsigned char * ticket = (unsigned char *)SvPV( ST(1), ticketlen); + CODE: + RETVAL = 0; + if (ticketlen > 0) { + Newx(p, ticketlen, unsigned char); + if (!p) + croak("Net::SSLeay: set_session_ticket_ext could not allocate memory.\n"); + memcpy(p, ticket, ticketlen); + RETVAL = SSL_set_session_ticket_ext(ssl, p, ticketlen); + Safefree(p); + } + OUTPUT: + RETVAL + +#endif + +OCSP_RESPONSE * +d2i_OCSP_RESPONSE(pv) + SV *pv + CODE: + RETVAL = NULL; + if (SvPOK(pv)) { + const unsigned char *p; + STRLEN len; + p = (unsigned char*)SvPV(pv,len); + RETVAL = d2i_OCSP_RESPONSE(NULL,&p,len); + } + OUTPUT: + RETVAL + +void +i2d_OCSP_RESPONSE(r) + OCSP_RESPONSE * r + PPCODE: + STRLEN len; + unsigned char *pc,*pi; + if (!(len = i2d_OCSP_RESPONSE(r,NULL))) croak("invalid OCSP response"); + Newx(pc,len,unsigned char); + if (!pc) croak("out of memory"); + pi = pc; + i2d_OCSP_RESPONSE(r,&pi); + XPUSHs(sv_2mortal(newSVpv((char*)pc,len))); + Safefree(pc); + +void +OCSP_RESPONSE_free(r) + OCSP_RESPONSE * r + + +OCSP_REQUEST * +d2i_OCSP_REQUEST(pv) + SV *pv + CODE: + RETVAL = NULL; + if (SvPOK(pv)) { + const unsigned char *p; + STRLEN len; + p = (unsigned char*)SvPV(pv,len); + RETVAL = d2i_OCSP_REQUEST(NULL,&p,len); + } + OUTPUT: + RETVAL + +void +i2d_OCSP_REQUEST(r) + OCSP_REQUEST * r + PPCODE: + STRLEN len; + unsigned char *pc,*pi; + if (!(len = i2d_OCSP_REQUEST(r,NULL))) croak("invalid OCSP request"); + Newx(pc,len,unsigned char); + if (!pc) croak("out of memory"); + pi = pc; + i2d_OCSP_REQUEST(r,&pi); + XPUSHs(sv_2mortal(newSVpv((char*)pc,len))); + Safefree(pc); + + +void +OCSP_REQUEST_free(r) + OCSP_REQUEST * r + + +const char * +OCSP_response_status_str(long status) + +long +OCSP_response_status(OCSP_RESPONSE *r) + +void +SSL_OCSP_cert2ids(ssl,...) + SSL *ssl + PPCODE: + SSL_CTX *ctx; + X509_STORE *store; + STACK_OF(X509) *chain; + X509 *cert,*issuer; + OCSP_CERTID *id; + int i; + STRLEN len; + unsigned char *pi; + + if (!ssl) croak("not a SSL object"); + ctx = SSL_get_SSL_CTX(ssl); + if (!ctx) croak("invalid SSL object - no context"); + store = SSL_CTX_get_cert_store(ctx); + chain = SSL_get_peer_cert_chain(ssl); + + for(i=0;i= 0) + sir = OCSP_resp_get0(bsr,first); + } + + if (sir) + { +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + status = OCSP_single_get0_status(sir, &revocationReason, &revocationTime, &thisupdate, &nextupdate); +#else + status = sir->certStatus->type; + if (status == V_OCSP_CERTSTATUS_REVOKED) + revocationTime = sir->certStatus->value.revoked->revocationTime; + thisupdate = sir->thisUpdate; + nextupdate = sir->nextUpdate; +#endif + if (status == V_OCSP_CERTSTATUS_REVOKED) { + error = "certificate status is revoked"; + } else if (status != V_OCSP_CERTSTATUS_GOOD) { + error = "certificate status is unknown"; + } + else if (!OCSP_check_validity(thisupdate, nextupdate, 0, -1)) { + error = "response not yet valid or expired"; + } + } else { + error = "cannot find entry for certificate in OCSP response"; + } + + end: + if (want_array) { + AV *idav = newAV(); + if (!idsv) { + /* getall: create new SV with OCSP_CERTID */ + unsigned char *pi,*pc; +#if OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER) + int len = i2d_OCSP_CERTID((OCSP_CERTID *)OCSP_SINGLERESP_get0_id(sir),NULL); +#else + int len = i2d_OCSP_CERTID(sir->certId,NULL); +#endif + if(!len) continue; + Newx(pc,len,unsigned char); + if (!pc) croak("out of memory"); + pi = pc; +#if OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER) + i2d_OCSP_CERTID((OCSP_CERTID *)OCSP_SINGLERESP_get0_id(sir),&pi); +#else + i2d_OCSP_CERTID(sir->certId,&pi); +#endif + idsv = newSVpv((char*)pc,len); + Safefree(pc); + } else { + /* reuse idsv from ST(..), but increment refcount */ + idsv = SvREFCNT_inc(idsv); + } + av_push(idav, idsv); + av_push(idav, error ? newSVpv(error,0) : newSV(0)); + if (sir) { + HV *details = newHV(); + av_push(idav,newRV_noinc((SV*)details)); + hv_store(details,"statusType",10, + newSViv(status),0); + if (nextupdate) hv_store(details,"nextUpdate",10, + newSViv(ASN1_TIME_timet(nextupdate, &gmtoff)),0); + if (thisupdate) hv_store(details,"thisUpdate",10, + newSViv(ASN1_TIME_timet(thisupdate, &gmtoff)),0); + if (status == V_OCSP_CERTSTATUS_REVOKED) { +#if OPENSSL_VERSION_NUMBER < 0x10100000L + OCSP_REVOKEDINFO *rev = sir->certStatus->value.revoked; + revocationReason = ASN1_ENUMERATED_get(rev->revocationReason); +#endif + hv_store(details,"revocationTime",14,newSViv(ASN1_TIME_timet(revocationTime, &gmtoff)),0); + hv_store(details,"revocationReason",16,newSViv(revocationReason),0); + hv_store(details,"revocationReason_str",20,newSVpv( + OCSP_crl_reason_str(revocationReason),0),0); + } + } + XPUSHs(sv_2mortal(newRV_noinc((SV*)idav))); + } else if (!error) { + /* compute lowest nextUpdate */ + time_t nu = ASN1_TIME_timet(nextupdate, &gmtoff); + if (!nextupd || nextupd>nu) nextupd = nu; + } + + if (certid) OCSP_CERTID_free(certid); + if (error && !want_array) { + OCSP_BASICRESP_free(bsr); + croak("%s", error); + } + } + OCSP_BASICRESP_free(bsr); + if (!want_array) + XPUSHs(sv_2mortal(newSViv(nextupd))); + + + +#endif + +#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT) + +int +SSL_CTX_set_alpn_select_cb(ctx,callback,data=&PL_sv_undef) + SSL_CTX * ctx + SV * callback + SV * data + CODE: + RETVAL = 1; + if (callback==NULL || !SvOK(callback)) { + SSL_CTX_set_alpn_select_cb(ctx, NULL, NULL); + cb_data_advanced_put(ctx, "alpn_select_cb!!func", NULL); + cb_data_advanced_put(ctx, "alpn_select_cb!!data", NULL); + PR1("SSL_CTX_set_alpn_select_cb - undef\n"); + } + else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVAV)) { + /* callback param array ref like ['proto1','proto2'] */ + cb_data_advanced_put(ctx, "alpn_select_cb!!func", NULL); + cb_data_advanced_put(ctx, "alpn_select_cb!!data", newSVsv(callback)); + SSL_CTX_set_alpn_select_cb(ctx, alpn_select_cb_invoke, ctx); + PR2("SSL_CTX_set_alpn_select_cb - simple ctx=%p\n",ctx); + } + else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) { + cb_data_advanced_put(ctx, "alpn_select_cb!!func", newSVsv(callback)); + cb_data_advanced_put(ctx, "alpn_select_cb!!data", newSVsv(data)); + SSL_CTX_set_alpn_select_cb(ctx, alpn_select_cb_invoke, ctx); + PR2("SSL_CTX_set_alpn_select_cb - advanced ctx=%p\n",ctx); + } + else { + RETVAL = 0; + } + OUTPUT: + RETVAL + +int +SSL_CTX_set_alpn_protos(ctx,data=&PL_sv_undef) + SSL_CTX * ctx + SV * data + PREINIT: + unsigned char *alpn_data; + unsigned char alpn_len; + + CODE: + RETVAL = -1; + + if (!SvROK(data) || (SvTYPE(SvRV(data)) != SVt_PVAV)) + croak("Net::SSLeay: CTX_set_alpn_protos needs a single array reference.\n"); + alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(data), NULL); + Newx(alpn_data, alpn_len, unsigned char); + if (!alpn_data) + croak("Net::SSLeay: CTX_set_alpn_protos could not allocate memory.\n"); + alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(data), alpn_data); + RETVAL = SSL_CTX_set_alpn_protos(ctx, alpn_data, alpn_len); + Safefree(alpn_data); + + OUTPUT: + RETVAL + +int +SSL_set_alpn_protos(ssl,data=&PL_sv_undef) + SSL * ssl + SV * data + PREINIT: + unsigned char *alpn_data; + unsigned char alpn_len; + + CODE: + RETVAL = -1; + + if (!SvROK(data) || (SvTYPE(SvRV(data)) != SVt_PVAV)) + croak("Net::SSLeay: set_alpn_protos needs a single array reference.\n"); + alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(data), NULL); + Newx(alpn_data, alpn_len, unsigned char); + if (!alpn_data) + croak("Net::SSLeay: set_alpn_protos could not allocate memory.\n"); + alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(data), alpn_data); + RETVAL = SSL_set_alpn_protos(ssl, alpn_data, alpn_len); + Safefree(alpn_data); + + OUTPUT: + RETVAL + +void +P_alpn_selected(s) + const SSL *s + PREINIT: + const unsigned char *data; + unsigned int len; + PPCODE: + SSL_get0_alpn_selected(s, &data, &len); + XPUSHs(sv_2mortal(newSVpv((char *)data, len))); + +#endif + +#if OPENSSL_VERSION_NUMBER >= 0x10001000L + +void +SSL_export_keying_material(ssl, outlen, label, context=&PL_sv_undef) + SSL * ssl + int outlen + SV * context + PREINIT: + unsigned char * out; + STRLEN llen; + STRLEN contextlen = 0; + char *context_arg = NULL; + int use_context = 0; + int ret; + INPUT: + char * label = SvPV( ST(2), llen); + PPCODE: + Newx(out, outlen, unsigned char); + + if (context != &PL_sv_undef) { + use_context = 1; + context_arg = SvPV( ST(3), contextlen); + } + ret = SSL_export_keying_material(ssl, out, outlen, label, llen, (unsigned char*)context_arg, contextlen, use_context); + PUSHs(sv_2mortal(ret>0 ? newSVpvn((const char *)out, outlen) : newSV(0))); + EXTEND(SP, 1); + Safefree(out); + +#endif + +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + +OSSL_LIB_CTX * +OSSL_LIB_CTX_get0_global_default() + + +OSSL_PROVIDER * +OSSL_PROVIDER_load(SV *libctx, const char *name) + CODE: + OSSL_LIB_CTX *ctx = NULL; + if (libctx != &PL_sv_undef) + ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx)); + RETVAL = OSSL_PROVIDER_load(ctx, name); + if (RETVAL == NULL) + XSRETURN_UNDEF; + OUTPUT: + RETVAL + +OSSL_PROVIDER * +OSSL_PROVIDER_try_load(SV *libctx, const char *name, int retain_fallbacks) + CODE: + OSSL_LIB_CTX *ctx = NULL; + if (libctx != &PL_sv_undef) + ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx)); + RETVAL = OSSL_PROVIDER_try_load(ctx, name, retain_fallbacks); + if (RETVAL == NULL) + XSRETURN_UNDEF; + OUTPUT: + RETVAL + +int +OSSL_PROVIDER_unload(OSSL_PROVIDER *prov) + +int +OSSL_PROVIDER_available(SV *libctx, const char *name) + CODE: + OSSL_LIB_CTX *ctx = NULL; + if (libctx != &PL_sv_undef) + ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx)); + RETVAL = OSSL_PROVIDER_available(ctx, name); + OUTPUT: + RETVAL + +int +OSSL_PROVIDER_do_all(SV *libctx, SV *perl_cb, SV *perl_cbdata = &PL_sv_undef) + PREINIT: + simple_cb_data_t* cbdata = NULL; + CODE: + OSSL_LIB_CTX *ctx = NULL; + if (libctx != &PL_sv_undef) + ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx)); + + /* setup our callback */ + cbdata = simple_cb_data_new(perl_cb, perl_cbdata); + RETVAL = OSSL_PROVIDER_do_all(ctx, ossl_provider_do_all_cb_invoke, cbdata); + simple_cb_data_free(cbdata); + OUTPUT: + RETVAL + +const char * +OSSL_PROVIDER_get0_name(const OSSL_PROVIDER *prov) + +int +OSSL_PROVIDER_self_test(const OSSL_PROVIDER *prov) + +#endif + +#define REM_EOF "/* EOF - SSLeay.xs */" diff --git a/cpan/Net-SSLeay/constants.c b/cpan/Net-SSLeay/constants.c new file mode 100644 index 000000000000..23e8e9146c34 --- /dev/null +++ b/cpan/Net-SSLeay/constants.c @@ -0,0 +1,7454 @@ +/* + * This file is automatically generated - do not manually modify it. + * + * To add or remove a constant, edit helper_script/constants.txt, then run + * helper_script/update-exported-constants. + */ + +#ifdef NET_SSLEAY_32BIT_CONSTANTS +static double +#else +static uint64_t +#endif +constant (const char *name, size_t len) { + /* Initially switch on the length of the name. */ + switch (len) { + case 5: + /* Names all of length 5. */ + /* RSA_3 ST_OK */ + /* Offset 0 gives the best switch position. */ + switch (*name++) { + case 'R': + if (!memcmp(name, "SA_3", 4)) { + /* R */ + +#ifdef RSA_3 + return RSA_3; +#else + goto not_there; +#endif + + } + break; + case 'S': + if (!memcmp(name, "T_OK", 4)) { + /* S */ + +#ifdef SSL_ST_OK + return SSL_ST_OK; +#else + goto not_there; +#endif + + } + break; + } + break; + case 6: + /* Names all of length 6. */ + /* OP_ALL RSA_F4 */ + /* Offset 0 gives the best switch position. */ + switch (*name++) { + case 'O': + if (!memcmp(name, "P_ALL", 5)) { + /* O */ + +#ifdef SSL_OP_ALL + return SSL_OP_ALL; +#else + goto not_there; +#endif + + } + break; + case 'R': + if (!memcmp(name, "SA_F4", 5)) { + /* R */ + +#ifdef RSA_F4 + return RSA_F4; +#else + goto not_there; +#endif + + } + break; + } + break; + case 7: + /* Names all of length 7. */ + /* CB_EXIT CB_LOOP CB_READ GEN_DNS GEN_RID GEN_URI NID_dsa NID_md2 NID_md5 + NID_rc4 NID_rsa NID_sha NOTHING READING ST_INIT WRITING */ + /* Offset 4 gives the best switch position. */ + switch (name[4]) { + case 'D': + if (!memcmp(name, "GEN_DNS", 7)) { + /* ^ */ + +#ifdef GEN_DNS + return GEN_DNS; +#else + goto not_there; +#endif + + } + break; + case 'E': + if (!memcmp(name, "CB_READ", 7)) { + /* ^ */ + +#ifdef SSL_CB_READ + return SSL_CB_READ; +#else + goto not_there; +#endif + + } + break; + case 'I': + if (!memcmp(name, "NOTHING", 7)) { + /* ^ */ + +#ifdef SSL_NOTHING + return SSL_NOTHING; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "READING", 7)) { + /* ^ */ + +#ifdef SSL_READING + return SSL_READING; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "WRITING", 7)) { + /* ^ */ + +#ifdef SSL_WRITING + return SSL_WRITING; +#else + goto not_there; +#endif + + } + break; + case 'N': + if (!memcmp(name, "ST_INIT", 7)) { + /* ^ */ + +#ifdef SSL_ST_INIT + return SSL_ST_INIT; +#else + goto not_there; +#endif + + } + break; + case 'O': + if (!memcmp(name, "CB_LOOP", 7)) { + /* ^ */ + +#ifdef SSL_CB_LOOP + return SSL_CB_LOOP; +#else + goto not_there; +#endif + + } + break; + case 'R': + if (!memcmp(name, "GEN_RID", 7)) { + /* ^ */ + +#ifdef GEN_RID + return GEN_RID; +#else + goto not_there; +#endif + + } + break; + case 'U': + if (!memcmp(name, "GEN_URI", 7)) { + /* ^ */ + +#ifdef GEN_URI + return GEN_URI; +#else + goto not_there; +#endif + + } + break; + case 'X': + if (!memcmp(name, "CB_EXIT", 7)) { + /* ^ */ + +#ifdef SSL_CB_EXIT + return SSL_CB_EXIT; +#else + goto not_there; +#endif + + } + break; + case 'd': + if (!memcmp(name, "NID_dsa", 7)) { + /* ^ */ + +#ifdef NID_dsa + return NID_dsa; +#else + goto not_there; +#endif + + } + break; + case 'm': + if (!memcmp(name, "NID_md2", 7)) { + /* ^ */ + +#ifdef NID_md2 + return NID_md2; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_md5", 7)) { + /* ^ */ + +#ifdef NID_md5 + return NID_md5; +#else + goto not_there; +#endif + + } + break; + case 'r': + if (!memcmp(name, "NID_rc4", 7)) { + /* ^ */ + +#ifdef NID_rc4 + return NID_rc4; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_rsa", 7)) { + /* ^ */ + +#ifdef NID_rsa + return NID_rsa; +#else + goto not_there; +#endif + + } + break; + case 's': + if (!memcmp(name, "NID_sha", 7)) { + /* ^ */ + +#ifdef NID_sha + return NID_sha; +#else + goto not_there; +#endif + + } + break; + } + break; + case 8: + /* Names all of length 8. */ + /* CB_ALERT CB_WRITE F_READ_N GEN_X400 NID_X500 NID_X509 NID_mdc2 NID_name + NID_pkcs NID_sha1 */ + /* Offset 5 gives the best switch position. */ + switch (name[5]) { + case '4': + if (!memcmp(name, "GEN_X400", 8)) { + /* ^ */ + +#ifdef GEN_X400 + return GEN_X400; +#else + goto not_there; +#endif + + } + break; + case '5': + if (!memcmp(name, "NID_X500", 8)) { + /* ^ */ + +#ifdef NID_X500 + return NID_X500; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_X509", 8)) { + /* ^ */ + +#ifdef NID_X509 + return NID_X509; +#else + goto not_there; +#endif + + } + break; + case 'D': + if (!memcmp(name, "F_READ_N", 8)) { + /* ^ */ + +#ifdef SSL_F_READ_N + return SSL_F_READ_N; +#else + goto not_there; +#endif + + } + break; + case 'E': + if (!memcmp(name, "CB_ALERT", 8)) { + /* ^ */ + +#ifdef SSL_CB_ALERT + return SSL_CB_ALERT; +#else + goto not_there; +#endif + + } + break; + case 'I': + if (!memcmp(name, "CB_WRITE", 8)) { + /* ^ */ + +#ifdef SSL_CB_WRITE + return SSL_CB_WRITE; +#else + goto not_there; +#endif + + } + break; + case 'a': + if (!memcmp(name, "NID_name", 8)) { + /* ^ */ + +#ifdef NID_name + return NID_name; +#else + goto not_there; +#endif + + } + break; + case 'd': + if (!memcmp(name, "NID_mdc2", 8)) { + /* ^ */ + +#ifdef NID_mdc2 + return NID_mdc2; +#else + goto not_there; +#endif + + } + break; + case 'h': + if (!memcmp(name, "NID_sha1", 8)) { + /* ^ */ + +#ifdef NID_sha1 + return NID_sha1; +#else + goto not_there; +#endif + + } + break; + case 'k': + if (!memcmp(name, "NID_pkcs", 8)) { + /* ^ */ + +#ifdef NID_pkcs + return NID_pkcs; +#else + goto not_there; +#endif + + } + break; + } + break; + case 9: + /* Names all of length 9. */ + /* ERROR_SSL EVP_PK_DH EVP_PK_EC F_SSL_NEW GEN_EMAIL GEN_IPADD NID_dsa_2 + NID_id_ad NID_id_ce NID_id_kp NID_id_pe NID_pbes2 NID_pkcs3 NID_pkcs7 + NID_pkcs9 NID_sxnet NID_title NID_undef ST_ACCEPT ST_BEFORE X509_V_OK */ + /* Offset 8 gives the best switch position. */ + switch (name[8]) { + case '2': + if (!memcmp(name, "NID_dsa_", 8)) { + /* 2 */ + +#ifdef NID_dsa_2 + return NID_dsa_2; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_pbes", 8)) { + /* 2 */ + +#ifdef NID_pbes2 + return NID_pbes2; +#else + goto not_there; +#endif + + } + break; + case '3': + if (!memcmp(name, "NID_pkcs", 8)) { + /* 3 */ + +#ifdef NID_pkcs3 + return NID_pkcs3; +#else + goto not_there; +#endif + + } + break; + case '7': + if (!memcmp(name, "NID_pkcs", 8)) { + /* 7 */ + +#ifdef NID_pkcs7 + return NID_pkcs7; +#else + goto not_there; +#endif + + } + break; + case '9': + if (!memcmp(name, "NID_pkcs", 8)) { + /* 9 */ + +#ifdef NID_pkcs9 + return NID_pkcs9; +#else + goto not_there; +#endif + + } + break; + case 'C': + if (!memcmp(name, "EVP_PK_E", 8)) { + /* C */ + +#ifdef EVP_PK_EC + return EVP_PK_EC; +#else + goto not_there; +#endif + + } + break; + case 'D': + if (!memcmp(name, "GEN_IPAD", 8)) { + /* D */ + +#ifdef GEN_IPADD + return GEN_IPADD; +#else + goto not_there; +#endif + + } + break; + case 'E': + if (!memcmp(name, "ST_BEFOR", 8)) { + /* E */ + +#ifdef SSL_ST_BEFORE + return SSL_ST_BEFORE; +#else + goto not_there; +#endif + + } + break; + case 'H': + if (!memcmp(name, "EVP_PK_D", 8)) { + /* H */ + +#ifdef EVP_PK_DH + return EVP_PK_DH; +#else + goto not_there; +#endif + + } + break; + case 'K': + if (!memcmp(name, "X509_V_O", 8)) { + /* K */ + +#ifdef X509_V_OK + return X509_V_OK; +#else + goto not_there; +#endif + + } + break; + case 'L': + if (!memcmp(name, "ERROR_SS", 8)) { + /* L */ + +#ifdef SSL_ERROR_SSL + return SSL_ERROR_SSL; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "GEN_EMAI", 8)) { + /* L */ + +#ifdef GEN_EMAIL + return GEN_EMAIL; +#else + goto not_there; +#endif + + } + break; + case 'T': + if (!memcmp(name, "ST_ACCEP", 8)) { + /* T */ + +#ifdef SSL_ST_ACCEPT + return SSL_ST_ACCEPT; +#else + goto not_there; +#endif + + } + break; + case 'W': + if (!memcmp(name, "F_SSL_NE", 8)) { + /* W */ + +#ifdef SSL_F_SSL_NEW + return SSL_F_SSL_NEW; +#else + goto not_there; +#endif + + } + break; + case 'd': + if (!memcmp(name, "NID_id_a", 8)) { + /* d */ + +#ifdef NID_id_ad + return NID_id_ad; +#else + goto not_there; +#endif + + } + break; + case 'e': + if (!memcmp(name, "NID_id_c", 8)) { + /* e */ + +#ifdef NID_id_ce + return NID_id_ce; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_id_p", 8)) { + /* e */ + +#ifdef NID_id_pe + return NID_id_pe; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_titl", 8)) { + /* e */ + +#ifdef NID_title + return NID_title; +#else + goto not_there; +#endif + + } + break; + case 'f': + if (!memcmp(name, "NID_unde", 8)) { + /* f */ + +#ifdef NID_undef + return NID_undef; +#else + goto not_there; +#endif + + } + break; + case 'p': + if (!memcmp(name, "NID_id_k", 8)) { + /* p */ + +#ifdef NID_id_kp + return NID_id_kp; +#else + goto not_there; +#endif + + } + break; + case 't': + if (!memcmp(name, "NID_sxne", 8)) { + /* t */ + +#ifdef NID_sxnet + return NID_sxnet; +#else + goto not_there; +#endif + + } + break; + } + break; + case 10: + /* Names all of length 10. */ + /* ERROR_NONE EVP_PKS_EC EVP_PK_DSA EVP_PK_RSA F_SSL_READ NID_bf_cbc + NID_bf_ecb NID_crlBag NID_keyBag NID_ms_efs NID_ms_sgc NID_ns_sgc + NID_pbmac1 NID_rc4_40 NID_rsadsi R_X509_LIB SSLEAY_DIR ST_CONNECT */ + /* Offset 9 gives the best switch position. */ + switch (name[9]) { + case '0': + if (!memcmp(name, "NID_rc4_4", 9)) { + /* 0 */ + +#ifdef NID_rc4_40 + return NID_rc4_40; +#else + goto not_there; +#endif + + } + break; + case '1': + if (!memcmp(name, "NID_pbmac", 9)) { + /* 1 */ + +#ifdef NID_pbmac1 + return NID_pbmac1; +#else + goto not_there; +#endif + + } + break; + case 'A': + if (!memcmp(name, "EVP_PK_DS", 9)) { + /* A */ + +#ifdef EVP_PK_DSA + return EVP_PK_DSA; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "EVP_PK_RS", 9)) { + /* A */ + +#ifdef EVP_PK_RSA + return EVP_PK_RSA; +#else + goto not_there; +#endif + + } + break; + case 'B': + if (!memcmp(name, "R_X509_LI", 9)) { + /* B */ + +#ifdef SSL_R_X509_LIB + return SSL_R_X509_LIB; +#else + goto not_there; +#endif + + } + break; + case 'C': + if (!memcmp(name, "EVP_PKS_E", 9)) { + /* C */ + +#ifdef EVP_PKS_EC + return EVP_PKS_EC; +#else + goto not_there; +#endif + + } + break; + case 'D': + if (!memcmp(name, "F_SSL_REA", 9)) { + /* D */ + +#ifdef SSL_F_SSL_READ + return SSL_F_SSL_READ; +#else + goto not_there; +#endif + + } + break; + case 'E': + if (!memcmp(name, "ERROR_NON", 9)) { + /* E */ + +#ifdef SSL_ERROR_NONE + return SSL_ERROR_NONE; +#else + goto not_there; +#endif + + } + break; + case 'R': + if (!memcmp(name, "SSLEAY_DI", 9)) { + /* R */ + +#ifdef SSLEAY_DIR + return SSLEAY_DIR; +#else + goto not_there; +#endif + + } + break; + case 'T': + if (!memcmp(name, "ST_CONNEC", 9)) { + /* T */ + +#ifdef SSL_ST_CONNECT + return SSL_ST_CONNECT; +#else + goto not_there; +#endif + + } + break; + case 'b': + if (!memcmp(name, "NID_bf_ec", 9)) { + /* b */ + +#ifdef NID_bf_ecb + return NID_bf_ecb; +#else + goto not_there; +#endif + + } + break; + case 'c': + if (!memcmp(name, "NID_bf_cb", 9)) { + /* c */ + +#ifdef NID_bf_cbc + return NID_bf_cbc; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_ms_sg", 9)) { + /* c */ + +#ifdef NID_ms_sgc + return NID_ms_sgc; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_ns_sg", 9)) { + /* c */ + +#ifdef NID_ns_sgc + return NID_ns_sgc; +#else + goto not_there; +#endif + + } + break; + case 'g': + if (!memcmp(name, "NID_crlBa", 9)) { + /* g */ + +#ifdef NID_crlBag + return NID_crlBag; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_keyBa", 9)) { + /* g */ + +#ifdef NID_keyBag + return NID_keyBag; +#else + goto not_there; +#endif + + } + break; + case 'i': + if (!memcmp(name, "NID_rsads", 9)) { + /* i */ + +#ifdef NID_rsadsi + return NID_rsadsi; +#else + goto not_there; +#endif + + } + break; + case 's': + if (!memcmp(name, "NID_ms_ef", 9)) { + /* s */ + +#ifdef NID_ms_efs + return NID_ms_efs; +#else + goto not_there; +#endif + + } + break; + } + break; + case 11: + /* Names all of length 11. */ + /* EVP_PKS_DSA EVP_PKS_RSA EVP_PKT_ENC EVP_PKT_EXP GEN_DIRNAME NID_ad_OCSP + NID_certBag NID_des_cbc NID_des_ecb NID_des_ede NID_ext_req NID_id_pkix + NID_rc2_cbc NID_rc2_ecb NID_rc5_cbc NID_rc5_ecb NID_surname NID_x509Crl + OPENSSL_DIR OP_NO_SSLv2 OP_NO_SSLv3 OP_NO_TLSv1 R_BAD_STATE SSL3_MT_CCS + VERIFY_NONE VERIFY_PEER X509_LOOKUP */ + /* Offset 9 gives the best switch position. */ + switch (name[9]) { + case 'C': + if (!memcmp(name, "SSL3_MT_CCS", 11)) { + /* ^ */ + +#ifdef SSL3_MT_CCS + return SSL3_MT_CCS; +#else + goto not_there; +#endif + + } + break; + case 'E': + if (!memcmp(name, "VERIFY_PEER", 11)) { + /* ^ */ + +#ifdef SSL_VERIFY_PEER + return SSL_VERIFY_PEER; +#else + goto not_there; +#endif + + } + break; + case 'I': + if (!memcmp(name, "OPENSSL_DIR", 11)) { + /* ^ */ + +#ifdef OPENSSL_DIR + return OPENSSL_DIR; +#else + goto not_there; +#endif + + } + break; + case 'M': + if (!memcmp(name, "GEN_DIRNAME", 11)) { + /* ^ */ + +#ifdef GEN_DIRNAME + return GEN_DIRNAME; +#else + goto not_there; +#endif + + } + break; + case 'N': + if (!memcmp(name, "EVP_PKT_ENC", 11)) { + /* ^ */ + +#ifdef EVP_PKT_ENC + return EVP_PKT_ENC; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "VERIFY_NONE", 11)) { + /* ^ */ + +#ifdef SSL_VERIFY_NONE + return SSL_VERIFY_NONE; +#else + goto not_there; +#endif + + } + break; + case 'S': + if (!memcmp(name, "EVP_PKS_DSA", 11)) { + /* ^ */ + +#ifdef EVP_PKS_DSA + return EVP_PKS_DSA; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "EVP_PKS_RSA", 11)) { + /* ^ */ + +#ifdef EVP_PKS_RSA + return EVP_PKS_RSA; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_ad_OCSP", 11)) { + /* ^ */ + +#ifdef NID_ad_OCSP + return NID_ad_OCSP; +#else + goto not_there; +#endif + + } + break; + case 'T': + if (!memcmp(name, "R_BAD_STATE", 11)) { + /* ^ */ + +#ifdef SSL_R_BAD_STATE + return SSL_R_BAD_STATE; +#else + goto not_there; +#endif + + } + break; + case 'U': + if (!memcmp(name, "X509_LOOKUP", 11)) { + /* ^ */ + +#ifdef SSL_X509_LOOKUP + return SSL_X509_LOOKUP; +#else + goto not_there; +#endif + + } + break; + case 'X': + if (!memcmp(name, "EVP_PKT_EXP", 11)) { + /* ^ */ + +#ifdef EVP_PKT_EXP + return EVP_PKT_EXP; +#else + goto not_there; +#endif + + } + break; + case 'a': + if (!memcmp(name, "NID_certBag", 11)) { + /* ^ */ + +#ifdef NID_certBag + return NID_certBag; +#else + goto not_there; +#endif + + } + break; + case 'b': + if (!memcmp(name, "NID_des_cbc", 11)) { + /* ^ */ + +#ifdef NID_des_cbc + return NID_des_cbc; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_rc2_cbc", 11)) { + /* ^ */ + +#ifdef NID_rc2_cbc + return NID_rc2_cbc; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_rc5_cbc", 11)) { + /* ^ */ + +#ifdef NID_rc5_cbc + return NID_rc5_cbc; +#else + goto not_there; +#endif + + } + break; + case 'c': + if (!memcmp(name, "NID_des_ecb", 11)) { + /* ^ */ + +#ifdef NID_des_ecb + return NID_des_ecb; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_rc2_ecb", 11)) { + /* ^ */ + +#ifdef NID_rc2_ecb + return NID_rc2_ecb; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_rc5_ecb", 11)) { + /* ^ */ + +#ifdef NID_rc5_ecb + return NID_rc5_ecb; +#else + goto not_there; +#endif + + } + break; + case 'd': + if (!memcmp(name, "NID_des_ede", 11)) { + /* ^ */ + +#ifdef NID_des_ede + return NID_des_ede; +#else + goto not_there; +#endif + + } + break; + case 'e': + if (!memcmp(name, "NID_ext_req", 11)) { + /* ^ */ + +#ifdef NID_ext_req + return NID_ext_req; +#else + goto not_there; +#endif + + } + break; + case 'i': + if (!memcmp(name, "NID_id_pkix", 11)) { + /* ^ */ + +#ifdef NID_id_pkix + return NID_id_pkix; +#else + goto not_there; +#endif + + } + break; + case 'm': + if (!memcmp(name, "NID_surname", 11)) { + /* ^ */ + +#ifdef NID_surname + return NID_surname; +#else + goto not_there; +#endif + + } + break; + case 'r': + if (!memcmp(name, "NID_x509Crl", 11)) { + /* ^ */ + +#ifdef NID_x509Crl + return NID_x509Crl; +#else + goto not_there; +#endif + + } + break; + case 'v': + if (!memcmp(name, "OP_NO_SSLv2", 11)) { + /* ^ */ + +#ifdef SSL_OP_NO_SSLv2 + return SSL_OP_NO_SSLv2; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "OP_NO_SSLv3", 11)) { + /* ^ */ + +#ifdef SSL_OP_NO_SSLv3 + return SSL_OP_NO_SSLv3; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "OP_NO_TLSv1", 11)) { + /* ^ */ + +#ifdef SSL_OP_NO_TLSv1 + return SSL_OP_NO_TLSv1; +#else + goto not_there; +#endif + + } + break; + } + break; + case 12: + /* Names all of length 12. */ + /* EVP_PKT_EXCH EVP_PKT_SIGN FILETYPE_PEM F_SSL_SET_FD GEN_EDIPARTY + MBSTRING_ASC MBSTRING_BMP NID_bf_cfb64 NID_bf_ofb64 NID_des_ede3 + NID_desx_cbc NID_idea_cbc NID_idea_ecb NID_initials NID_md5_sha1 + NID_netscape OP_NO_TICKET R_PEER_ERROR R_SHORT_READ SSL2_VERSION + SSL3_VERSION ST_READ_BODY TLS1_VERSION */ + /* Offset 10 gives the best switch position. */ + switch (name[10]) { + case '6': + if (!memcmp(name, "NID_bf_cfb64", 12)) { + /* ^ */ + +#ifdef NID_bf_cfb64 + return NID_bf_cfb64; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_bf_ofb64", 12)) { + /* ^ */ + +#ifdef NID_bf_ofb64 + return NID_bf_ofb64; +#else + goto not_there; +#endif + + } + break; + case 'A': + if (!memcmp(name, "R_SHORT_READ", 12)) { + /* ^ */ + +#ifdef SSL_R_SHORT_READ + return SSL_R_SHORT_READ; +#else + goto not_there; +#endif + + } + break; + case 'C': + if (!memcmp(name, "EVP_PKT_EXCH", 12)) { + /* ^ */ + +#ifdef EVP_PKT_EXCH + return EVP_PKT_EXCH; +#else + goto not_there; +#endif + + } + break; + case 'D': + if (!memcmp(name, "ST_READ_BODY", 12)) { + /* ^ */ + +#ifdef SSL_ST_READ_BODY + return SSL_ST_READ_BODY; +#else + goto not_there; +#endif + + } + break; + case 'E': + if (!memcmp(name, "FILETYPE_PEM", 12)) { + /* ^ */ + +#ifdef SSL_FILETYPE_PEM + return SSL_FILETYPE_PEM; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "OP_NO_TICKET", 12)) { + /* ^ */ + +#ifdef SSL_OP_NO_TICKET + return SSL_OP_NO_TICKET; +#else + goto not_there; +#endif + + } + break; + case 'F': + if (!memcmp(name, "F_SSL_SET_FD", 12)) { + /* ^ */ + +#ifdef SSL_F_SSL_SET_FD + return SSL_F_SSL_SET_FD; +#else + goto not_there; +#endif + + } + break; + case 'G': + if (!memcmp(name, "EVP_PKT_SIGN", 12)) { + /* ^ */ + +#ifdef EVP_PKT_SIGN + return EVP_PKT_SIGN; +#else + goto not_there; +#endif + + } + break; + case 'M': + if (!memcmp(name, "MBSTRING_BMP", 12)) { + /* ^ */ + +#ifdef MBSTRING_BMP + return MBSTRING_BMP; +#else + goto not_there; +#endif + + } + break; + case 'O': + if (!memcmp(name, "R_PEER_ERROR", 12)) { + /* ^ */ + +#ifdef SSL_R_PEER_ERROR + return SSL_R_PEER_ERROR; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "SSL2_VERSION", 12)) { + /* ^ */ + +#ifdef SSL2_VERSION + return SSL2_VERSION; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "SSL3_VERSION", 12)) { + /* ^ */ + +#ifdef SSL3_VERSION + return SSL3_VERSION; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "TLS1_VERSION", 12)) { + /* ^ */ + +#ifdef TLS1_VERSION + return TLS1_VERSION; +#else + goto not_there; +#endif + + } + break; + case 'S': + if (!memcmp(name, "MBSTRING_ASC", 12)) { + /* ^ */ + +#ifdef MBSTRING_ASC + return MBSTRING_ASC; +#else + goto not_there; +#endif + + } + break; + case 'T': + if (!memcmp(name, "GEN_EDIPARTY", 12)) { + /* ^ */ + +#ifdef GEN_EDIPARTY + return GEN_EDIPARTY; +#else + goto not_there; +#endif + + } + break; + case 'a': + if (!memcmp(name, "NID_md5_sha1", 12)) { + /* ^ */ + +#ifdef NID_md5_sha1 + return NID_md5_sha1; +#else + goto not_there; +#endif + + } + break; + case 'b': + if (!memcmp(name, "NID_desx_cbc", 12)) { + /* ^ */ + +#ifdef NID_desx_cbc + return NID_desx_cbc; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_idea_cbc", 12)) { + /* ^ */ + +#ifdef NID_idea_cbc + return NID_idea_cbc; +#else + goto not_there; +#endif + + } + break; + case 'c': + if (!memcmp(name, "NID_idea_ecb", 12)) { + /* ^ */ + +#ifdef NID_idea_ecb + return NID_idea_ecb; +#else + goto not_there; +#endif + + } + break; + case 'e': + if (!memcmp(name, "NID_des_ede3", 12)) { + /* ^ */ + +#ifdef NID_des_ede3 + return NID_des_ede3; +#else + goto not_there; +#endif + + } + break; + case 'l': + if (!memcmp(name, "NID_initials", 12)) { + /* ^ */ + +#ifdef NID_initials + return NID_initials; +#else + goto not_there; +#endif + + } + break; + case 'p': + if (!memcmp(name, "NID_netscape", 12)) { + /* ^ */ + +#ifdef NID_netscape + return NID_netscape; +#else + goto not_there; +#endif + + } + break; + } + break; + case 13: + /* Names all of length 13. */ + /* CB_READ_ALERT ERROR_SYSCALL FILETYPE_ASN1 F_SSL_SET_RFD F_SSL_SET_WFD + GEN_OTHERNAME MBSTRING_FLAG MBSTRING_UNIV MBSTRING_UTF8 NID_OCSP_sign + NID_algorithm NID_cast5_cbc NID_cast5_ecb NID_code_sign NID_delta_crl + NID_des_cfb64 NID_des_ofb64 NID_givenName NID_id_pbkdf2 NID_id_qt_cps + NID_key_usage NID_rc2_cfb64 NID_rc2_ofb64 NID_rc5_cfb64 NID_rc5_ofb64 + NID_ripemd160 NID_secretBag OP_NO_TLSv1_1 OP_NO_TLSv1_2 OP_NO_TLSv1_3 + OP_TLS_D5_BUG SENT_SHUTDOWN SSL2_MT_ERROR SSL3_RT_ALERT SSLEAY_CFLAGS + XN_FLAG_FN_LN XN_FLAG_FN_SN */ + /* Offset 12 gives the best switch position. */ + switch (name[12]) { + case '0': + if (!memcmp(name, "NID_ripemd16", 12)) { + /* 0 */ + +#ifdef NID_ripemd160 + return NID_ripemd160; +#else + goto not_there; +#endif + + } + break; + case '1': + if (!memcmp(name, "FILETYPE_ASN", 12)) { + /* 1 */ + +#ifdef SSL_FILETYPE_ASN1 + return SSL_FILETYPE_ASN1; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "OP_NO_TLSv1_", 12)) { + /* 1 */ + +#ifdef SSL_OP_NO_TLSv1_1 + return SSL_OP_NO_TLSv1_1; +#else + goto not_there; +#endif + + } + break; + case '2': + if (!memcmp(name, "NID_id_pbkdf", 12)) { + /* 2 */ + +#ifdef NID_id_pbkdf2 + return NID_id_pbkdf2; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "OP_NO_TLSv1_", 12)) { + /* 2 */ + +#ifdef SSL_OP_NO_TLSv1_2 + return SSL_OP_NO_TLSv1_2; +#else + goto not_there; +#endif + + } + break; + case '3': + if (!memcmp(name, "OP_NO_TLSv1_", 12)) { + /* 3 */ + +#ifdef SSL_OP_NO_TLSv1_3 + return SSL_OP_NO_TLSv1_3; +#else + goto not_there; +#endif + + } + break; + case '4': + if (!memcmp(name, "NID_des_cfb6", 12)) { + /* 4 */ + +#ifdef NID_des_cfb64 + return NID_des_cfb64; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_des_ofb6", 12)) { + /* 4 */ + +#ifdef NID_des_ofb64 + return NID_des_ofb64; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_rc2_cfb6", 12)) { + /* 4 */ + +#ifdef NID_rc2_cfb64 + return NID_rc2_cfb64; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_rc2_ofb6", 12)) { + /* 4 */ + +#ifdef NID_rc2_ofb64 + return NID_rc2_ofb64; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_rc5_cfb6", 12)) { + /* 4 */ + +#ifdef NID_rc5_cfb64 + return NID_rc5_cfb64; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_rc5_ofb6", 12)) { + /* 4 */ + +#ifdef NID_rc5_ofb64 + return NID_rc5_ofb64; +#else + goto not_there; +#endif + + } + break; + case '8': + if (!memcmp(name, "MBSTRING_UTF", 12)) { + /* 8 */ + +#ifdef MBSTRING_UTF8 + return MBSTRING_UTF8; +#else + goto not_there; +#endif + + } + break; + case 'D': + if (!memcmp(name, "F_SSL_SET_RF", 12)) { + /* D */ + +#ifdef SSL_F_SSL_SET_RFD + return SSL_F_SSL_SET_RFD; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "F_SSL_SET_WF", 12)) { + /* D */ + +#ifdef SSL_F_SSL_SET_WFD + return SSL_F_SSL_SET_WFD; +#else + goto not_there; +#endif + + } + break; + case 'E': + if (!memcmp(name, "GEN_OTHERNAM", 12)) { + /* E */ + +#ifdef GEN_OTHERNAME + return GEN_OTHERNAME; +#else + goto not_there; +#endif + + } + break; + case 'G': + if (!memcmp(name, "MBSTRING_FLA", 12)) { + /* G */ + +#ifdef MBSTRING_FLAG + return MBSTRING_FLAG; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "OP_TLS_D5_BU", 12)) { + /* G */ + +#ifdef SSL_OP_TLS_D5_BUG + return SSL_OP_TLS_D5_BUG; +#else + goto not_there; +#endif + + } + break; + case 'L': + if (!memcmp(name, "ERROR_SYSCAL", 12)) { + /* L */ + +#ifdef SSL_ERROR_SYSCALL + return SSL_ERROR_SYSCALL; +#else + goto not_there; +#endif + + } + break; + case 'N': + if (!memcmp(name, "SENT_SHUTDOW", 12)) { + /* N */ + +#ifdef SSL_SENT_SHUTDOWN + return SSL_SENT_SHUTDOWN; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "XN_FLAG_FN_L", 12)) { + /* N */ + +#ifdef XN_FLAG_FN_LN + return XN_FLAG_FN_LN; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "XN_FLAG_FN_S", 12)) { + /* N */ + +#ifdef XN_FLAG_FN_SN + return XN_FLAG_FN_SN; +#else + goto not_there; +#endif + + } + break; + case 'R': + if (!memcmp(name, "SSL2_MT_ERRO", 12)) { + /* R */ + +#ifdef SSL2_MT_ERROR + return SSL2_MT_ERROR; +#else + goto not_there; +#endif + + } + break; + case 'S': + if (!memcmp(name, "SSLEAY_CFLAG", 12)) { + /* S */ + +#ifdef SSLEAY_CFLAGS + return SSLEAY_CFLAGS; +#else + goto not_there; +#endif + + } + break; + case 'T': + if (!memcmp(name, "CB_READ_ALER", 12)) { + /* T */ + +#ifdef SSL_CB_READ_ALERT + return SSL_CB_READ_ALERT; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "SSL3_RT_ALER", 12)) { + /* T */ + +#ifdef SSL3_RT_ALERT + return SSL3_RT_ALERT; +#else + goto not_there; +#endif + + } + break; + case 'V': + if (!memcmp(name, "MBSTRING_UNI", 12)) { + /* V */ + +#ifdef MBSTRING_UNIV + return MBSTRING_UNIV; +#else + goto not_there; +#endif + + } + break; + case 'b': + if (!memcmp(name, "NID_cast5_ec", 12)) { + /* b */ + +#ifdef NID_cast5_ecb + return NID_cast5_ecb; +#else + goto not_there; +#endif + + } + break; + case 'c': + if (!memcmp(name, "NID_cast5_cb", 12)) { + /* c */ + +#ifdef NID_cast5_cbc + return NID_cast5_cbc; +#else + goto not_there; +#endif + + } + break; + case 'e': + if (!memcmp(name, "NID_givenNam", 12)) { + /* e */ + +#ifdef NID_givenName + return NID_givenName; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_key_usag", 12)) { + /* e */ + +#ifdef NID_key_usage + return NID_key_usage; +#else + goto not_there; +#endif + + } + break; + case 'g': + if (!memcmp(name, "NID_secretBa", 12)) { + /* g */ + +#ifdef NID_secretBag + return NID_secretBag; +#else + goto not_there; +#endif + + } + break; + case 'l': + if (!memcmp(name, "NID_delta_cr", 12)) { + /* l */ + +#ifdef NID_delta_crl + return NID_delta_crl; +#else + goto not_there; +#endif + + } + break; + case 'm': + if (!memcmp(name, "NID_algorith", 12)) { + /* m */ + +#ifdef NID_algorithm + return NID_algorithm; +#else + goto not_there; +#endif + + } + break; + case 'n': + if (!memcmp(name, "NID_OCSP_sig", 12)) { + /* n */ + +#ifdef NID_OCSP_sign + return NID_OCSP_sign; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_code_sig", 12)) { + /* n */ + +#ifdef NID_code_sign + return NID_code_sign; +#else + goto not_there; +#endif + + } + break; + case 's': + if (!memcmp(name, "NID_id_qt_cp", 12)) { + /* s */ + +#ifdef NID_id_qt_cps + return NID_id_qt_cps; +#else + goto not_there; +#endif + + } + break; + } + break; + case 14: + /* Names all of length 14. */ + /* CB_ACCEPT_EXIT CB_ACCEPT_LOOP CB_WRITE_ALERT F_CLIENT_HELLO + F_SERVER_HELLO F_SSL_CERT_NEW NID_commonName NID_crl_number + NID_crl_reason NID_dsaWithSHA NID_idea_cfb64 NID_idea_ofb64 + NID_localKeyID NID_md5WithRSA NID_ms_ext_req NID_pkcs7_data + NID_rc2_40_cbc NID_rc2_64_cbc NID_time_stamp OPENSSL_CFLAGS + OP_NO_SSL_MASK R_BAD_CHECKSUM R_NO_PUBLICKEY R_NULL_SSL_CTX + SESS_CACHE_OFF SSL3_RT_HEADER SSLEAY_VERSION ST_READ_HEADER + TLS1_1_VERSION TLS1_2_VERSION TLS1_3_VERSION X509_TRUST_TSA + XN_FLAG_COMPAT XN_FLAG_DN_REV XN_FLAG_FN_OID XN_FLAG_SPC_EQ */ + /* Offset 13 gives the best switch position. */ + switch (name[13]) { + case '4': + if (!memcmp(name, "NID_idea_cfb6", 13)) { + /* 4 */ + +#ifdef NID_idea_cfb64 + return NID_idea_cfb64; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_idea_ofb6", 13)) { + /* 4 */ + +#ifdef NID_idea_ofb64 + return NID_idea_ofb64; +#else + goto not_there; +#endif + + } + break; + case 'A': + if (!memcmp(name, "NID_dsaWithSH", 13)) { + /* A */ + +#ifdef NID_dsaWithSHA + return NID_dsaWithSHA; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_md5WithRS", 13)) { + /* A */ + +#ifdef NID_md5WithRSA + return NID_md5WithRSA; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_TRUST_TS", 13)) { + /* A */ + +#ifdef X509_TRUST_TSA + return X509_TRUST_TSA; +#else + goto not_there; +#endif + + } + break; + case 'D': + if (!memcmp(name, "NID_localKeyI", 13)) { + /* D */ + +#ifdef NID_localKeyID + return NID_localKeyID; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "XN_FLAG_FN_OI", 13)) { + /* D */ + +#ifdef XN_FLAG_FN_OID + return XN_FLAG_FN_OID; +#else + goto not_there; +#endif + + } + break; + case 'F': + if (!memcmp(name, "SESS_CACHE_OF", 13)) { + /* F */ + +#ifdef SSL_SESS_CACHE_OFF + return SSL_SESS_CACHE_OFF; +#else + goto not_there; +#endif + + } + break; + case 'K': + if (!memcmp(name, "OP_NO_SSL_MAS", 13)) { + /* K */ + +#ifdef SSL_OP_NO_SSL_MASK + return SSL_OP_NO_SSL_MASK; +#else + goto not_there; +#endif + + } + break; + case 'M': + if (!memcmp(name, "R_BAD_CHECKSU", 13)) { + /* M */ + +#ifdef SSL_R_BAD_CHECKSUM + return SSL_R_BAD_CHECKSUM; +#else + goto not_there; +#endif + + } + break; + case 'N': + if (!memcmp(name, "SSLEAY_VERSIO", 13)) { + /* N */ + +#ifdef SSLEAY_VERSION + return SSLEAY_VERSION; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "TLS1_1_VERSIO", 13)) { + /* N */ + +#ifdef TLS1_1_VERSION + return TLS1_1_VERSION; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "TLS1_2_VERSIO", 13)) { + /* N */ + +#ifdef TLS1_2_VERSION + return TLS1_2_VERSION; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "TLS1_3_VERSIO", 13)) { + /* N */ + +#ifdef TLS1_3_VERSION + return TLS1_3_VERSION; +#else + goto not_there; +#endif + + } + break; + case 'O': + if (!memcmp(name, "F_CLIENT_HELL", 13)) { + /* O */ + +#ifdef SSL_F_CLIENT_HELLO + return SSL_F_CLIENT_HELLO; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "F_SERVER_HELL", 13)) { + /* O */ + +#ifdef SSL_F_SERVER_HELLO + return SSL_F_SERVER_HELLO; +#else + goto not_there; +#endif + + } + break; + case 'P': + if (!memcmp(name, "CB_ACCEPT_LOO", 13)) { + /* P */ + +#ifdef SSL_CB_ACCEPT_LOOP + return SSL_CB_ACCEPT_LOOP; +#else + goto not_there; +#endif + + } + break; + case 'Q': + if (!memcmp(name, "XN_FLAG_SPC_E", 13)) { + /* Q */ + +#ifdef XN_FLAG_SPC_EQ + return XN_FLAG_SPC_EQ; +#else + goto not_there; +#endif + + } + break; + case 'R': + if (!memcmp(name, "SSL3_RT_HEADE", 13)) { + /* R */ + +#ifdef SSL3_RT_HEADER + return SSL3_RT_HEADER; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "ST_READ_HEADE", 13)) { + /* R */ + +#ifdef SSL_ST_READ_HEADER + return SSL_ST_READ_HEADER; +#else + goto not_there; +#endif + + } + break; + case 'S': + if (!memcmp(name, "OPENSSL_CFLAG", 13)) { + /* S */ + +#ifdef OPENSSL_CFLAGS + return OPENSSL_CFLAGS; +#else + goto not_there; +#endif + + } + break; + case 'T': + if (!memcmp(name, "CB_ACCEPT_EXI", 13)) { + /* T */ + +#ifdef SSL_CB_ACCEPT_EXIT + return SSL_CB_ACCEPT_EXIT; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "CB_WRITE_ALER", 13)) { + /* T */ + +#ifdef SSL_CB_WRITE_ALERT + return SSL_CB_WRITE_ALERT; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "XN_FLAG_COMPA", 13)) { + /* T */ + +#ifdef XN_FLAG_COMPAT + return XN_FLAG_COMPAT; +#else + goto not_there; +#endif + + } + break; + case 'V': + if (!memcmp(name, "XN_FLAG_DN_RE", 13)) { + /* V */ + +#ifdef XN_FLAG_DN_REV + return XN_FLAG_DN_REV; +#else + goto not_there; +#endif + + } + break; + case 'W': + if (!memcmp(name, "F_SSL_CERT_NE", 13)) { + /* W */ + +#ifdef SSL_F_SSL_CERT_NEW + return SSL_F_SSL_CERT_NEW; +#else + goto not_there; +#endif + + } + break; + case 'X': + if (!memcmp(name, "R_NULL_SSL_CT", 13)) { + /* X */ + +#ifdef SSL_R_NULL_SSL_CTX + return SSL_R_NULL_SSL_CTX; +#else + goto not_there; +#endif + + } + break; + case 'Y': + if (!memcmp(name, "R_NO_PUBLICKE", 13)) { + /* Y */ + +#ifdef SSL_R_NO_PUBLICKEY + return SSL_R_NO_PUBLICKEY; +#else + goto not_there; +#endif + + } + break; + case 'a': + if (!memcmp(name, "NID_pkcs7_dat", 13)) { + /* a */ + +#ifdef NID_pkcs7_data + return NID_pkcs7_data; +#else + goto not_there; +#endif + + } + break; + case 'c': + if (!memcmp(name, "NID_rc2_40_cb", 13)) { + /* c */ + +#ifdef NID_rc2_40_cbc + return NID_rc2_40_cbc; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_rc2_64_cb", 13)) { + /* c */ + +#ifdef NID_rc2_64_cbc + return NID_rc2_64_cbc; +#else + goto not_there; +#endif + + } + break; + case 'e': + if (!memcmp(name, "NID_commonNam", 13)) { + /* e */ + +#ifdef NID_commonName + return NID_commonName; +#else + goto not_there; +#endif + + } + break; + case 'n': + if (!memcmp(name, "NID_crl_reaso", 13)) { + /* n */ + +#ifdef NID_crl_reason + return NID_crl_reason; +#else + goto not_there; +#endif + + } + break; + case 'p': + if (!memcmp(name, "NID_time_stam", 13)) { + /* p */ + +#ifdef NID_time_stamp + return NID_time_stamp; +#else + goto not_there; +#endif + + } + break; + case 'q': + if (!memcmp(name, "NID_ms_ext_re", 13)) { + /* q */ + +#ifdef NID_ms_ext_req + return NID_ms_ext_req; +#else + goto not_there; +#endif + + } + break; + case 'r': + if (!memcmp(name, "NID_crl_numbe", 13)) { + /* r */ + +#ifdef NID_crl_number + return NID_crl_number; +#else + goto not_there; +#endif + + } + break; + } + break; + case 15: + /* Names all of length 15. */ + /* CB_CONNECT_EXIT CB_CONNECT_LOOP ERROR_WANT_READ F_WRITE_PENDING + MODE_AUTO_RETRY NID_cast5_cfb64 NID_cast5_ofb64 NID_client_auth + NID_countryName NID_des_ede_cbc NID_description NID_dnQualifier + NID_dsaWithSHA1 NID_info_access NID_mdc2WithRSA NID_ms_code_com + NID_ms_code_ind NID_ms_ctl_sign NID_server_auth NID_sha1WithRSA + OPENSSL_VERSION OP_NO_QUERY_MTU R_NO_PRIVATEKEY R_UNKNOWN_STATE + SESS_CACHE_BOTH SSLEAY_BUILT_ON SSLEAY_PLATFORM XN_FLAG_FN_MASK + XN_FLAG_FN_NONE XN_FLAG_ONELINE XN_FLAG_RFC2253 */ + /* Offset 14 gives the best switch position. */ + switch (name[14]) { + case '1': + if (!memcmp(name, "NID_dsaWithSHA", 14)) { + /* 1 */ + +#ifdef NID_dsaWithSHA1 + return NID_dsaWithSHA1; +#else + goto not_there; +#endif + + } + break; + case '3': + if (!memcmp(name, "XN_FLAG_RFC225", 14)) { + /* 3 */ + +#ifdef XN_FLAG_RFC2253 + return XN_FLAG_RFC2253; +#else + goto not_there; +#endif + + } + break; + case '4': + if (!memcmp(name, "NID_cast5_cfb6", 14)) { + /* 4 */ + +#ifdef NID_cast5_cfb64 + return NID_cast5_cfb64; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_cast5_ofb6", 14)) { + /* 4 */ + +#ifdef NID_cast5_ofb64 + return NID_cast5_ofb64; +#else + goto not_there; +#endif + + } + break; + case 'A': + if (!memcmp(name, "NID_mdc2WithRS", 14)) { + /* A */ + +#ifdef NID_mdc2WithRSA + return NID_mdc2WithRSA; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_sha1WithRS", 14)) { + /* A */ + +#ifdef NID_sha1WithRSA + return NID_sha1WithRSA; +#else + goto not_there; +#endif + + } + break; + case 'D': + if (!memcmp(name, "ERROR_WANT_REA", 14)) { + /* D */ + +#ifdef SSL_ERROR_WANT_READ + return SSL_ERROR_WANT_READ; +#else + goto not_there; +#endif + + } + break; + case 'E': + if (!memcmp(name, "R_UNKNOWN_STAT", 14)) { + /* E */ + +#ifdef SSL_R_UNKNOWN_STATE + return SSL_R_UNKNOWN_STATE; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "XN_FLAG_FN_NON", 14)) { + /* E */ + +#ifdef XN_FLAG_FN_NONE + return XN_FLAG_FN_NONE; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "XN_FLAG_ONELIN", 14)) { + /* E */ + +#ifdef XN_FLAG_ONELINE + return XN_FLAG_ONELINE; +#else + goto not_there; +#endif + + } + break; + case 'G': + if (!memcmp(name, "F_WRITE_PENDIN", 14)) { + /* G */ + +#ifdef SSL_F_WRITE_PENDING + return SSL_F_WRITE_PENDING; +#else + goto not_there; +#endif + + } + break; + case 'H': + if (!memcmp(name, "SESS_CACHE_BOT", 14)) { + /* H */ + +#ifdef SSL_SESS_CACHE_BOTH + return SSL_SESS_CACHE_BOTH; +#else + goto not_there; +#endif + + } + break; + case 'K': + if (!memcmp(name, "XN_FLAG_FN_MAS", 14)) { + /* K */ + +#ifdef XN_FLAG_FN_MASK + return XN_FLAG_FN_MASK; +#else + goto not_there; +#endif + + } + break; + case 'M': + if (!memcmp(name, "SSLEAY_PLATFOR", 14)) { + /* M */ + +#ifdef SSLEAY_PLATFORM + return SSLEAY_PLATFORM; +#else + goto not_there; +#endif + + } + break; + case 'N': + if (!memcmp(name, "OPENSSL_VERSIO", 14)) { + /* N */ + +#ifdef OPENSSL_VERSION + return OPENSSL_VERSION; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "SSLEAY_BUILT_O", 14)) { + /* N */ + +#ifdef SSLEAY_BUILT_ON + return SSLEAY_BUILT_ON; +#else + goto not_there; +#endif + + } + break; + case 'P': + if (!memcmp(name, "CB_CONNECT_LOO", 14)) { + /* P */ + +#ifdef SSL_CB_CONNECT_LOOP + return SSL_CB_CONNECT_LOOP; +#else + goto not_there; +#endif + + } + break; + case 'T': + if (!memcmp(name, "CB_CONNECT_EXI", 14)) { + /* T */ + +#ifdef SSL_CB_CONNECT_EXIT + return SSL_CB_CONNECT_EXIT; +#else + goto not_there; +#endif + + } + break; + case 'U': + if (!memcmp(name, "OP_NO_QUERY_MT", 14)) { + /* U */ + +#ifdef SSL_OP_NO_QUERY_MTU + return SSL_OP_NO_QUERY_MTU; +#else + goto not_there; +#endif + + } + break; + case 'Y': + if (!memcmp(name, "MODE_AUTO_RETR", 14)) { + /* Y */ + +#ifdef SSL_MODE_AUTO_RETRY + return SSL_MODE_AUTO_RETRY; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "R_NO_PRIVATEKE", 14)) { + /* Y */ + +#ifdef SSL_R_NO_PRIVATEKEY + return SSL_R_NO_PRIVATEKEY; +#else + goto not_there; +#endif + + } + break; + case 'c': + if (!memcmp(name, "NID_des_ede_cb", 14)) { + /* c */ + +#ifdef NID_des_ede_cbc + return NID_des_ede_cbc; +#else + goto not_there; +#endif + + } + break; + case 'd': + if (!memcmp(name, "NID_ms_code_in", 14)) { + /* d */ + +#ifdef NID_ms_code_ind + return NID_ms_code_ind; +#else + goto not_there; +#endif + + } + break; + case 'e': + if (!memcmp(name, "NID_countryNam", 14)) { + /* e */ + +#ifdef NID_countryName + return NID_countryName; +#else + goto not_there; +#endif + + } + break; + case 'h': + if (!memcmp(name, "NID_client_aut", 14)) { + /* h */ + +#ifdef NID_client_auth + return NID_client_auth; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_server_aut", 14)) { + /* h */ + +#ifdef NID_server_auth + return NID_server_auth; +#else + goto not_there; +#endif + + } + break; + case 'm': + if (!memcmp(name, "NID_ms_code_co", 14)) { + /* m */ + +#ifdef NID_ms_code_com + return NID_ms_code_com; +#else + goto not_there; +#endif + + } + break; + case 'n': + if (!memcmp(name, "NID_descriptio", 14)) { + /* n */ + +#ifdef NID_description + return NID_description; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_ms_ctl_sig", 14)) { + /* n */ + +#ifdef NID_ms_ctl_sign + return NID_ms_ctl_sign; +#else + goto not_there; +#endif + + } + break; + case 'r': + if (!memcmp(name, "NID_dnQualifie", 14)) { + /* r */ + +#ifdef NID_dnQualifier + return NID_dnQualifier; +#else + goto not_there; +#endif + + } + break; + case 's': + if (!memcmp(name, "NID_info_acces", 14)) { + /* s */ + +#ifdef NID_info_access + return NID_info_access; +#else + goto not_there; +#endif + + } + break; + } + break; + case 16: + /* Names all of length 16. */ + /* ERROR_WANT_WRITE NID_des_ede3_cbc NID_friendlyName NID_hmacWithSHA1 + NID_localityName NID_pkcs7_digest NID_pkcs7_signed NID_serialNumber + OPENSSL_BUILT_ON OPENSSL_CPU_INFO OPENSSL_PLATFORM OP_EPHEMERAL_RSA + OP_PKCS1_CHECK_1 OP_PKCS1_CHECK_2 OP_SINGLE_DH_USE R_BAD_MAC_DECODE + R_NO_CIPHER_LIST SSL3_MT_FINISHED X509_PURPOSE_ANY X509_TRUST_EMAIL + XN_FLAG_FN_ALIGN XN_FLAG_SEP_MASK */ + /* Offset 15 gives the best switch position. */ + switch (name[15]) { + case '1': + if (!memcmp(name, "NID_hmacWithSHA", 15)) { + /* 1 */ + +#ifdef NID_hmacWithSHA1 + return NID_hmacWithSHA1; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "OP_PKCS1_CHECK_", 15)) { + /* 1 */ + +#ifdef SSL_OP_PKCS1_CHECK_1 + return SSL_OP_PKCS1_CHECK_1; +#else + goto not_there; +#endif + + } + break; + case '2': + if (!memcmp(name, "OP_PKCS1_CHECK_", 15)) { + /* 2 */ + +#ifdef SSL_OP_PKCS1_CHECK_2 + return SSL_OP_PKCS1_CHECK_2; +#else + goto not_there; +#endif + + } + break; + case 'A': + if (!memcmp(name, "OP_EPHEMERAL_RS", 15)) { + /* A */ + +#ifdef SSL_OP_EPHEMERAL_RSA + return SSL_OP_EPHEMERAL_RSA; +#else + goto not_there; +#endif + + } + break; + case 'D': + if (!memcmp(name, "SSL3_MT_FINISHE", 15)) { + /* D */ + +#ifdef SSL3_MT_FINISHED + return SSL3_MT_FINISHED; +#else + goto not_there; +#endif + + } + break; + case 'E': + if (!memcmp(name, "ERROR_WANT_WRIT", 15)) { + /* E */ + +#ifdef SSL_ERROR_WANT_WRITE + return SSL_ERROR_WANT_WRITE; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "OP_SINGLE_DH_US", 15)) { + /* E */ + +#ifdef SSL_OP_SINGLE_DH_USE + return SSL_OP_SINGLE_DH_USE; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "R_BAD_MAC_DECOD", 15)) { + /* E */ + +#ifdef SSL_R_BAD_MAC_DECODE + return SSL_R_BAD_MAC_DECODE; +#else + goto not_there; +#endif + + } + break; + case 'K': + if (!memcmp(name, "XN_FLAG_SEP_MAS", 15)) { + /* K */ + +#ifdef XN_FLAG_SEP_MASK + return XN_FLAG_SEP_MASK; +#else + goto not_there; +#endif + + } + break; + case 'L': + if (!memcmp(name, "X509_TRUST_EMAI", 15)) { + /* L */ + +#ifdef X509_TRUST_EMAIL + return X509_TRUST_EMAIL; +#else + goto not_there; +#endif + + } + break; + case 'M': + if (!memcmp(name, "OPENSSL_PLATFOR", 15)) { + /* M */ + +#ifdef OPENSSL_PLATFORM + return OPENSSL_PLATFORM; +#else + goto not_there; +#endif + + } + break; + case 'N': + if (!memcmp(name, "OPENSSL_BUILT_O", 15)) { + /* N */ + +#ifdef OPENSSL_BUILT_ON + return OPENSSL_BUILT_ON; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "XN_FLAG_FN_ALIG", 15)) { + /* N */ + +#ifdef XN_FLAG_FN_ALIGN + return XN_FLAG_FN_ALIGN; +#else + goto not_there; +#endif + + } + break; + case 'O': + if (!memcmp(name, "OPENSSL_CPU_INF", 15)) { + /* O */ + +#ifdef OPENSSL_CPU_INFO + return OPENSSL_CPU_INFO; +#else + goto not_there; +#endif + + } + break; + case 'T': + if (!memcmp(name, "R_NO_CIPHER_LIS", 15)) { + /* T */ + +#ifdef SSL_R_NO_CIPHER_LIST + return SSL_R_NO_CIPHER_LIST; +#else + goto not_there; +#endif + + } + break; + case 'Y': + if (!memcmp(name, "X509_PURPOSE_AN", 15)) { + /* Y */ + +#ifdef X509_PURPOSE_ANY + return X509_PURPOSE_ANY; +#else + goto not_there; +#endif + + } + break; + case 'c': + if (!memcmp(name, "NID_des_ede3_cb", 15)) { + /* c */ + +#ifdef NID_des_ede3_cbc + return NID_des_ede3_cbc; +#else + goto not_there; +#endif + + } + break; + case 'd': + if (!memcmp(name, "NID_pkcs7_signe", 15)) { + /* d */ + +#ifdef NID_pkcs7_signed + return NID_pkcs7_signed; +#else + goto not_there; +#endif + + } + break; + case 'e': + if (!memcmp(name, "NID_friendlyNam", 15)) { + /* e */ + +#ifdef NID_friendlyName + return NID_friendlyName; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_localityNam", 15)) { + /* e */ + +#ifdef NID_localityName + return NID_localityName; +#else + goto not_there; +#endif + + } + break; + case 'r': + if (!memcmp(name, "NID_serialNumbe", 15)) { + /* r */ + +#ifdef NID_serialNumber + return NID_serialNumber; +#else + goto not_there; +#endif + + } + break; + case 't': + if (!memcmp(name, "NID_pkcs7_diges", 15)) { + /* t */ + +#ifdef NID_pkcs7_digest + return NID_pkcs7_digest; +#else + goto not_there; +#endif + + } + break; + } + break; + case 17: + /* Names all of length 17. */ + /* CB_HANDSHAKE_DONE ERROR_WANT_ACCEPT ERROR_ZERO_RETURN F_D2I_SSL_SESSION + F_I2D_SSL_SESSION F_SSL_SESSION_NEW NID_ad_ca_issuers NID_des_ede_cfb64 + NID_des_ede_ofb64 NID_dsaWithSHA1_2 NID_email_protect NID_ext_key_usage + NID_id_qt_unotice NID_rsaEncryption OP_NO_ANTI_REPLAY OP_NO_COMPRESSION + OP_TLSEXT_PADDING RECEIVED_SHUTDOWN R_BAD_WRITE_RETRY R_NO_CIPHER_MATCH + SESS_CACHE_CLIENT SESS_CACHE_SERVER SSL3_RT_HANDSHAKE X509_FILETYPE_PEM + X509_TRUST_COMPAT XN_FLAG_MULTILINE */ + /* Offset 13 gives the best switch position. */ + switch (name[13]) { + case 'A': + if (!memcmp(name, "NID_dsaWithSHA1_2", 17)) { + /* ^ */ + +#ifdef NID_dsaWithSHA1_2 + return NID_dsaWithSHA1_2; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "R_NO_CIPHER_MATCH", 17)) { + /* ^ */ + +#ifdef SSL_R_NO_CIPHER_MATCH + return SSL_R_NO_CIPHER_MATCH; +#else + goto not_there; +#endif + + } + break; + case 'C': + if (!memcmp(name, "ERROR_WANT_ACCEPT", 17)) { + /* ^ */ + +#ifdef SSL_ERROR_WANT_ACCEPT + return SSL_ERROR_WANT_ACCEPT; +#else + goto not_there; +#endif + + } + break; + case 'D': + if (!memcmp(name, "CB_HANDSHAKE_DONE", 17)) { + /* ^ */ + +#ifdef SSL_CB_HANDSHAKE_DONE + return SSL_CB_HANDSHAKE_DONE; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "OP_TLSEXT_PADDING", 17)) { + /* ^ */ + +#ifdef SSL_OP_TLSEXT_PADDING + return SSL_OP_TLSEXT_PADDING; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "RECEIVED_SHUTDOWN", 17)) { + /* ^ */ + +#ifdef SSL_RECEIVED_SHUTDOWN + return SSL_RECEIVED_SHUTDOWN; +#else + goto not_there; +#endif + + } + break; + case 'E': + if (!memcmp(name, "R_BAD_WRITE_RETRY", 17)) { + /* ^ */ + +#ifdef SSL_R_BAD_WRITE_RETRY + return SSL_R_BAD_WRITE_RETRY; +#else + goto not_there; +#endif + + } + break; + case 'H': + if (!memcmp(name, "SSL3_RT_HANDSHAKE", 17)) { + /* ^ */ + +#ifdef SSL3_RT_HANDSHAKE + return SSL3_RT_HANDSHAKE; +#else + goto not_there; +#endif + + } + break; + case 'I': + if (!memcmp(name, "SESS_CACHE_CLIENT", 17)) { + /* ^ */ + +#ifdef SSL_SESS_CACHE_CLIENT + return SSL_SESS_CACHE_CLIENT; +#else + goto not_there; +#endif + + } + break; + case 'L': + if (!memcmp(name, "XN_FLAG_MULTILINE", 17)) { + /* ^ */ + +#ifdef XN_FLAG_MULTILINE + return XN_FLAG_MULTILINE; +#else + goto not_there; +#endif + + } + break; + case 'M': + if (!memcmp(name, "X509_TRUST_COMPAT", 17)) { + /* ^ */ + +#ifdef X509_TRUST_COMPAT + return X509_TRUST_COMPAT; +#else + goto not_there; +#endif + + } + break; + case 'P': + if (!memcmp(name, "OP_NO_ANTI_REPLAY", 17)) { + /* ^ */ + +#ifdef SSL_OP_NO_ANTI_REPLAY + return SSL_OP_NO_ANTI_REPLAY; +#else + goto not_there; +#endif + + } + break; + case 'R': + if (!memcmp(name, "SESS_CACHE_SERVER", 17)) { + /* ^ */ + +#ifdef SSL_SESS_CACHE_SERVER + return SSL_SESS_CACHE_SERVER; +#else + goto not_there; +#endif + + } + break; + case 'S': + if (!memcmp(name, "F_D2I_SSL_SESSION", 17)) { + /* ^ */ + +#ifdef SSL_F_D2I_SSL_SESSION + return SSL_F_D2I_SSL_SESSION; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "F_I2D_SSL_SESSION", 17)) { + /* ^ */ + +#ifdef SSL_F_I2D_SSL_SESSION + return SSL_F_I2D_SSL_SESSION; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "OP_NO_COMPRESSION", 17)) { + /* ^ */ + +#ifdef SSL_OP_NO_COMPRESSION + return SSL_OP_NO_COMPRESSION; +#else + goto not_there; +#endif + + } + break; + case 'T': + if (!memcmp(name, "ERROR_ZERO_RETURN", 17)) { + /* ^ */ + +#ifdef SSL_ERROR_ZERO_RETURN + return SSL_ERROR_ZERO_RETURN; +#else + goto not_there; +#endif + + } + break; + case '_': + if (!memcmp(name, "F_SSL_SESSION_NEW", 17)) { + /* ^ */ + +#ifdef SSL_F_SSL_SESSION_NEW + return SSL_F_SSL_SESSION_NEW; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_FILETYPE_PEM", 17)) { + /* ^ */ + +#ifdef X509_FILETYPE_PEM + return X509_FILETYPE_PEM; +#else + goto not_there; +#endif + + } + break; + case 'f': + if (!memcmp(name, "NID_des_ede_cfb64", 17)) { + /* ^ */ + +#ifdef NID_des_ede_cfb64 + return NID_des_ede_cfb64; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_des_ede_ofb64", 17)) { + /* ^ */ + +#ifdef NID_des_ede_ofb64 + return NID_des_ede_ofb64; +#else + goto not_there; +#endif + + } + break; + case 's': + if (!memcmp(name, "NID_ext_key_usage", 17)) { + /* ^ */ + +#ifdef NID_ext_key_usage + return NID_ext_key_usage; +#else + goto not_there; +#endif + + } + break; + case 't': + if (!memcmp(name, "NID_email_protect", 17)) { + /* ^ */ + +#ifdef NID_email_protect + return NID_email_protect; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_id_qt_unotice", 17)) { + /* ^ */ + +#ifdef NID_id_qt_unotice + return NID_id_qt_unotice; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_rsaEncryption", 17)) { + /* ^ */ + +#ifdef NID_rsaEncryption + return NID_rsaEncryption; +#else + goto not_there; +#endif + + } + break; + case 'u': + if (!memcmp(name, "NID_ad_ca_issuers", 17)) { + /* ^ */ + +#ifdef NID_ad_ca_issuers + return NID_ad_ca_issuers; +#else + goto not_there; +#endif + + } + break; + } + break; + case 18: + /* Names all of length 18. */ + /* CB_HANDSHAKE_START ERROR_WANT_CONNECT F_GET_CLIENT_HELLO + F_GET_SERVER_HELLO NID_des_ede3_cfb64 NID_des_ede3_ofb64 + NID_dhKeyAgreement OP_COOKIE_EXCHANGE OP_SINGLE_ECDH_USE + R_BAD_SSL_FILETYPE SSL3_MT_KEY_UPDATE SSL3_MT_NEXT_PROTO + VERIFY_CLIENT_ONCE X509_FILETYPE_ASN1 */ + /* Offset 11 gives the best switch position. */ + switch (name[11]) { + case '3': + if (!memcmp(name, "NID_des_ede3_cfb64", 18)) { + /* ^ */ + +#ifdef NID_des_ede3_cfb64 + return NID_des_ede3_cfb64; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_des_ede3_ofb64", 18)) { + /* ^ */ + +#ifdef NID_des_ede3_ofb64 + return NID_des_ede3_ofb64; +#else + goto not_there; +#endif + + } + break; + case 'C': + if (!memcmp(name, "ERROR_WANT_CONNECT", 18)) { + /* ^ */ + +#ifdef SSL_ERROR_WANT_CONNECT + return SSL_ERROR_WANT_CONNECT; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "OP_SINGLE_ECDH_USE", 18)) { + /* ^ */ + +#ifdef SSL_OP_SINGLE_ECDH_USE + return SSL_OP_SINGLE_ECDH_USE; +#else + goto not_there; +#endif + + } + break; + case 'E': + if (!memcmp(name, "CB_HANDSHAKE_START", 18)) { + /* ^ */ + +#ifdef SSL_CB_HANDSHAKE_START + return SSL_CB_HANDSHAKE_START; +#else + goto not_there; +#endif + + } + break; + case 'I': + if (!memcmp(name, "R_BAD_SSL_FILETYPE", 18)) { + /* ^ */ + +#ifdef SSL_R_BAD_SSL_FILETYPE + return SSL_R_BAD_SSL_FILETYPE; +#else + goto not_there; +#endif + + } + break; + case 'N': + if (!memcmp(name, "VERIFY_CLIENT_ONCE", 18)) { + /* ^ */ + +#ifdef SSL_VERIFY_CLIENT_ONCE + return SSL_VERIFY_CLIENT_ONCE; +#else + goto not_there; +#endif + + } + break; + case 'P': + if (!memcmp(name, "X509_FILETYPE_ASN1", 18)) { + /* ^ */ + +#ifdef X509_FILETYPE_ASN1 + return X509_FILETYPE_ASN1; +#else + goto not_there; +#endif + + } + break; + case 'R': + if (!memcmp(name, "F_GET_SERVER_HELLO", 18)) { + /* ^ */ + +#ifdef SSL_F_GET_SERVER_HELLO + return SSL_F_GET_SERVER_HELLO; +#else + goto not_there; +#endif + + } + break; + case 'T': + if (!memcmp(name, "F_GET_CLIENT_HELLO", 18)) { + /* ^ */ + +#ifdef SSL_F_GET_CLIENT_HELLO + return SSL_F_GET_CLIENT_HELLO; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "SSL3_MT_NEXT_PROTO", 18)) { + /* ^ */ + +#ifdef SSL3_MT_NEXT_PROTO + return SSL3_MT_NEXT_PROTO; +#else + goto not_there; +#endif + + } + break; + case 'X': + if (!memcmp(name, "OP_COOKIE_EXCHANGE", 18)) { + /* ^ */ + +#ifdef SSL_OP_COOKIE_EXCHANGE + return SSL_OP_COOKIE_EXCHANGE; +#else + goto not_there; +#endif + + } + break; + case '_': + if (!memcmp(name, "SSL3_MT_KEY_UPDATE", 18)) { + /* ^ */ + +#ifdef SSL3_MT_KEY_UPDATE + return SSL3_MT_KEY_UPDATE; +#else + goto not_there; +#endif + + } + break; + case 'r': + if (!memcmp(name, "NID_dhKeyAgreement", 18)) { + /* ^ */ + +#ifdef NID_dhKeyAgreement + return NID_dhKeyAgreement; +#else + goto not_there; +#endif + + } + break; + } + break; + case 19: + /* Names all of length 19. */ + /* F_CLIENT_MASTER_KEY F_GET_SERVER_VERIFY NID_invalidity_date + NID_issuer_alt_name NID_pkcs7_encrypted NID_pkcs7_enveloped + NID_rle_compression NID_safeContentsBag NID_sdsiCertificate + NID_x509Certificate OPENSSL_ENGINES_DIR OPENSSL_MODULES_DIR + OP_ALLOW_NO_DHE_KEX OP_CISCO_ANYCONNECT OP_NON_EXPORT_FIRST + OP_NO_RENEGOTIATION OP_TLS_ROLLBACK_BUG SSL3_MT_CERTIFICATE + SSL3_MT_SERVER_DONE */ + /* Offset 12 gives the best switch position. */ + switch (name[12]) { + case 'A': + if (!memcmp(name, "OP_TLS_ROLLBACK_BUG", 19)) { + /* ^ */ + +#ifdef SSL_OP_TLS_ROLLBACK_BUG + return SSL_OP_TLS_ROLLBACK_BUG; +#else + goto not_there; +#endif + + } + break; + case 'C': + if (!memcmp(name, "OP_CISCO_ANYCONNECT", 19)) { + /* ^ */ + +#ifdef SSL_OP_CISCO_ANYCONNECT + return SSL_OP_CISCO_ANYCONNECT; +#else + goto not_there; +#endif + + } + break; + case 'D': + if (!memcmp(name, "OP_ALLOW_NO_DHE_KEX", 19)) { + /* ^ */ + +#ifdef SSL_OP_ALLOW_NO_DHE_KEX + return SSL_OP_ALLOW_NO_DHE_KEX; +#else + goto not_there; +#endif + + } + break; + case 'E': + if (!memcmp(name, "SSL3_MT_SERVER_DONE", 19)) { + /* ^ */ + +#ifdef SSL3_MT_SERVER_DONE + return SSL3_MT_SERVER_DONE; +#else + goto not_there; +#endif + + } + break; + case 'I': + if (!memcmp(name, "SSL3_MT_CERTIFICATE", 19)) { + /* ^ */ + +#ifdef SSL3_MT_CERTIFICATE + return SSL3_MT_CERTIFICATE; +#else + goto not_there; +#endif + + } + break; + case 'L': + if (!memcmp(name, "OPENSSL_MODULES_DIR", 19)) { + /* ^ */ + +#ifdef OPENSSL_MODULES_DIR + return OPENSSL_MODULES_DIR; +#else + goto not_there; +#endif + + } + break; + case 'N': + if (!memcmp(name, "OPENSSL_ENGINES_DIR", 19)) { + /* ^ */ + +#ifdef OPENSSL_ENGINES_DIR + return OPENSSL_ENGINES_DIR; +#else + goto not_there; +#endif + + } + break; + case 'T': + if (!memcmp(name, "F_CLIENT_MASTER_KEY", 19)) { + /* ^ */ + +#ifdef SSL_F_CLIENT_MASTER_KEY + return SSL_F_CLIENT_MASTER_KEY; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "OP_NON_EXPORT_FIRST", 19)) { + /* ^ */ + +#ifdef SSL_OP_NON_EXPORT_FIRST + return SSL_OP_NON_EXPORT_FIRST; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "OP_NO_RENEGOTIATION", 19)) { + /* ^ */ + +#ifdef SSL_OP_NO_RENEGOTIATION + return SSL_OP_NO_RENEGOTIATION; +#else + goto not_there; +#endif + + } + break; + case '_': + if (!memcmp(name, "F_GET_SERVER_VERIFY", 19)) { + /* ^ */ + +#ifdef SSL_F_GET_SERVER_VERIFY + return SSL_F_GET_SERVER_VERIFY; +#else + goto not_there; +#endif + + } + break; + case 'c': + if (!memcmp(name, "NID_pkcs7_encrypted", 19)) { + /* ^ */ + +#ifdef NID_pkcs7_encrypted + return NID_pkcs7_encrypted; +#else + goto not_there; +#endif + + } + break; + case 'e': + if (!memcmp(name, "NID_safeContentsBag", 19)) { + /* ^ */ + +#ifdef NID_safeContentsBag + return NID_safeContentsBag; +#else + goto not_there; +#endif + + } + break; + case 'i': + if (!memcmp(name, "NID_sdsiCertificate", 19)) { + /* ^ */ + +#ifdef NID_sdsiCertificate + return NID_sdsiCertificate; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_x509Certificate", 19)) { + /* ^ */ + +#ifdef NID_x509Certificate + return NID_x509Certificate; +#else + goto not_there; +#endif + + } + break; + case 'l': + if (!memcmp(name, "NID_issuer_alt_name", 19)) { + /* ^ */ + +#ifdef NID_issuer_alt_name + return NID_issuer_alt_name; +#else + goto not_there; +#endif + + } + break; + case 'r': + if (!memcmp(name, "NID_rle_compression", 19)) { + /* ^ */ + +#ifdef NID_rle_compression + return NID_rle_compression; +#else + goto not_there; +#endif + + } + break; + case 't': + if (!memcmp(name, "NID_invalidity_date", 19)) { + /* ^ */ + +#ifdef NID_invalidity_date + return NID_invalidity_date; +#else + goto not_there; +#endif + + } + break; + case 'v': + if (!memcmp(name, "NID_pkcs7_enveloped", 19)) { + /* ^ */ + +#ifdef NID_pkcs7_enveloped + return NID_pkcs7_enveloped; +#else + goto not_there; +#endif + + } + break; + } + break; + case 20: + /* Names all of length 20. */ + /* ASN1_STRFLGS_ESC_MSB ASN1_STRFLGS_RFC2253 F_CLIENT_CERTIFICATE + F_SSL_USE_PRIVATEKEY MODE_RELEASE_BUFFERS NID_netscape_comment + NID_organizationName NID_ripemd160WithRSA NID_subject_alt_name + NID_uniqueIdentifier NID_zlib_compression OP_PRIORITIZE_CHACHA + R_NO_CERTIFICATE_SET SESSION_ASN1_VERSION SSL2_MT_CLIENT_HELLO + SSL2_MT_SERVER_HELLO SSL3_MT_CLIENT_HELLO SSL3_MT_MESSAGE_HASH + SSL3_MT_SERVER_HELLO X509_TRUST_OCSP_SIGN X509_V_ERR_PATH_LOOP */ + /* Offset 13 gives the best switch position. */ + switch (name[13]) { + case 'A': + if (!memcmp(name, "R_NO_CERTIFICATE_SET", 20)) { + /* ^ */ + +#ifdef SSL_R_NO_CERTIFICATE_SET + return SSL_R_NO_CERTIFICATE_SET; +#else + goto not_there; +#endif + + } + break; + case 'B': + if (!memcmp(name, "MODE_RELEASE_BUFFERS", 20)) { + /* ^ */ + +#ifdef SSL_MODE_RELEASE_BUFFERS + return SSL_MODE_RELEASE_BUFFERS; +#else + goto not_there; +#endif + + } + break; + case 'E': + if (!memcmp(name, "ASN1_STRFLGS_ESC_MSB", 20)) { + /* ^ */ + +#ifdef ASN1_STRFLGS_ESC_MSB + return ASN1_STRFLGS_ESC_MSB; +#else + goto not_there; +#endif + + } + break; + case 'G': + if (!memcmp(name, "SSL3_MT_MESSAGE_HASH", 20)) { + /* ^ */ + +#ifdef SSL3_MT_MESSAGE_HASH + return SSL3_MT_MESSAGE_HASH; +#else + goto not_there; +#endif + + } + break; + case 'I': + if (!memcmp(name, "F_CLIENT_CERTIFICATE", 20)) { + /* ^ */ + +#ifdef SSL_F_CLIENT_CERTIFICATE + return SSL_F_CLIENT_CERTIFICATE; +#else + goto not_there; +#endif + + } + break; + case 'R': + if (!memcmp(name, "ASN1_STRFLGS_RFC2253", 20)) { + /* ^ */ + +#ifdef ASN1_STRFLGS_RFC2253 + return ASN1_STRFLGS_RFC2253; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "SSL2_MT_SERVER_HELLO", 20)) { + /* ^ */ + +#ifdef SSL2_MT_SERVER_HELLO + return SSL2_MT_SERVER_HELLO; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "SSL3_MT_SERVER_HELLO", 20)) { + /* ^ */ + +#ifdef SSL3_MT_SERVER_HELLO + return SSL3_MT_SERVER_HELLO; +#else + goto not_there; +#endif + + } + break; + case 'S': + if (!memcmp(name, "X509_TRUST_OCSP_SIGN", 20)) { + /* ^ */ + +#ifdef X509_TRUST_OCSP_SIGN + return X509_TRUST_OCSP_SIGN; +#else + goto not_there; +#endif + + } + break; + case 'T': + if (!memcmp(name, "SSL2_MT_CLIENT_HELLO", 20)) { + /* ^ */ + +#ifdef SSL2_MT_CLIENT_HELLO + return SSL2_MT_CLIENT_HELLO; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "SSL3_MT_CLIENT_HELLO", 20)) { + /* ^ */ + +#ifdef SSL3_MT_CLIENT_HELLO + return SSL3_MT_CLIENT_HELLO; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_V_ERR_PATH_LOOP", 20)) { + /* ^ */ + +#ifdef X509_V_ERR_PATH_LOOP + return X509_V_ERR_PATH_LOOP; +#else + goto not_there; +#endif + + } + break; + case 'V': + if (!memcmp(name, "F_SSL_USE_PRIVATEKEY", 20)) { + /* ^ */ + +#ifdef SSL_F_SSL_USE_PRIVATEKEY + return SSL_F_SSL_USE_PRIVATEKEY; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "SESSION_ASN1_VERSION", 20)) { + /* ^ */ + +#ifdef SSL_SESSION_ASN1_VERSION + return SSL_SESSION_ASN1_VERSION; +#else + goto not_there; +#endif + + } + break; + case 'W': + if (!memcmp(name, "NID_ripemd160WithRSA", 20)) { + /* ^ */ + +#ifdef NID_ripemd160WithRSA + return NID_ripemd160WithRSA; +#else + goto not_there; +#endif + + } + break; + case '_': + if (!memcmp(name, "OP_PRIORITIZE_CHACHA", 20)) { + /* ^ */ + +#ifdef SSL_OP_PRIORITIZE_CHACHA + return SSL_OP_PRIORITIZE_CHACHA; +#else + goto not_there; +#endif + + } + break; + case 'c': + if (!memcmp(name, "NID_netscape_comment", 20)) { + /* ^ */ + +#ifdef NID_netscape_comment + return NID_netscape_comment; +#else + goto not_there; +#endif + + } + break; + case 'i': + if (!memcmp(name, "NID_organizationName", 20)) { + /* ^ */ + +#ifdef NID_organizationName + return NID_organizationName; +#else + goto not_there; +#endif + + } + break; + case 'l': + if (!memcmp(name, "NID_subject_alt_name", 20)) { + /* ^ */ + +#ifdef NID_subject_alt_name + return NID_subject_alt_name; +#else + goto not_there; +#endif + + } + break; + case 'n': + if (!memcmp(name, "NID_uniqueIdentifier", 20)) { + /* ^ */ + +#ifdef NID_uniqueIdentifier + return NID_uniqueIdentifier; +#else + goto not_there; +#endif + + } + break; + case 'r': + if (!memcmp(name, "NID_zlib_compression", 20)) { + /* ^ */ + +#ifdef NID_zlib_compression + return NID_zlib_compression; +#else + goto not_there; +#endif + + } + break; + } + break; + case 21: + /* Names all of length 21. */ + /* ASN1_STRFLGS_ESC_CTRL F_GET_CLIENT_FINISHED F_GET_SERVER_FINISHED + F_REQUEST_CERTIFICATE F_SSL_GET_NEW_SESSION F_SSL_USE_CERTIFICATE + NID_SMIMECapabilities NID_basic_constraints NID_netscape_base_url + NID_pkcs9_contentType NID_pkcs9_signingTime OPENSSL_VERSION_MAJOR + OPENSSL_VERSION_MINOR OPENSSL_VERSION_PATCH OP_NETSCAPE_CA_DN_BUG + SSL2_MT_SERVER_VERIFY SSL3_MT_HELLO_REQUEST VERIFY_POST_HANDSHAKE + X509_FILETYPE_DEFAULT X509_PURPOSE_CRL_SIGN X509_TRUST_SSL_CLIENT + X509_TRUST_SSL_SERVER X509_V_ERR_INVALID_CA X509_V_ERR_OUT_OF_MEM + X509_V_FLAG_CRL_CHECK XN_FLAG_SEP_CPLUS_SPC XN_FLAG_SEP_MULTILINE + XN_FLAG_SEP_SPLUS_SPC */ + /* Offset 19 gives the best switch position. */ + switch (name[19]) { + case 'C': + if (!memcmp(name, "OPENSSL_VERSION_PATCH", 21)) { + /* ^ */ + +#ifdef OPENSSL_VERSION_PATCH + return OPENSSL_VERSION_PATCH; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_V_ERR_INVALID_CA", 21)) { + /* ^ */ + +#ifdef X509_V_ERR_INVALID_CA + return X509_V_ERR_INVALID_CA; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_V_FLAG_CRL_CHECK", 21)) { + /* ^ */ + +#ifdef X509_V_FLAG_CRL_CHECK + return X509_V_FLAG_CRL_CHECK; +#else + goto not_there; +#endif + + } + break; + case 'E': + if (!memcmp(name, "F_GET_CLIENT_FINISHED", 21)) { + /* ^ */ + +#ifdef SSL_F_GET_CLIENT_FINISHED + return SSL_F_GET_CLIENT_FINISHED; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "F_GET_SERVER_FINISHED", 21)) { + /* ^ */ + +#ifdef SSL_F_GET_SERVER_FINISHED + return SSL_F_GET_SERVER_FINISHED; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_TRUST_SSL_SERVER", 21)) { + /* ^ */ + +#ifdef X509_TRUST_SSL_SERVER + return X509_TRUST_SSL_SERVER; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_V_ERR_OUT_OF_MEM", 21)) { + /* ^ */ + +#ifdef X509_V_ERR_OUT_OF_MEM + return X509_V_ERR_OUT_OF_MEM; +#else + goto not_there; +#endif + + } + break; + case 'F': + if (!memcmp(name, "SSL2_MT_SERVER_VERIFY", 21)) { + /* ^ */ + +#ifdef SSL2_MT_SERVER_VERIFY + return SSL2_MT_SERVER_VERIFY; +#else + goto not_there; +#endif + + } + break; + case 'G': + if (!memcmp(name, "X509_PURPOSE_CRL_SIGN", 21)) { + /* ^ */ + +#ifdef X509_PURPOSE_CRL_SIGN + return X509_PURPOSE_CRL_SIGN; +#else + goto not_there; +#endif + + } + break; + case 'K': + if (!memcmp(name, "VERIFY_POST_HANDSHAKE", 21)) { + /* ^ */ + +#ifdef SSL_VERIFY_POST_HANDSHAKE + return SSL_VERIFY_POST_HANDSHAKE; +#else + goto not_there; +#endif + + } + break; + case 'L': + if (!memcmp(name, "X509_FILETYPE_DEFAULT", 21)) { + /* ^ */ + +#ifdef X509_FILETYPE_DEFAULT + return X509_FILETYPE_DEFAULT; +#else + goto not_there; +#endif + + } + break; + case 'N': + if (!memcmp(name, "X509_TRUST_SSL_CLIENT", 21)) { + /* ^ */ + +#ifdef X509_TRUST_SSL_CLIENT + return X509_TRUST_SSL_CLIENT; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "XN_FLAG_SEP_MULTILINE", 21)) { + /* ^ */ + +#ifdef XN_FLAG_SEP_MULTILINE + return XN_FLAG_SEP_MULTILINE; +#else + goto not_there; +#endif + + } + break; + case 'O': + if (!memcmp(name, "F_SSL_GET_NEW_SESSION", 21)) { + /* ^ */ + +#ifdef SSL_F_SSL_GET_NEW_SESSION + return SSL_F_SSL_GET_NEW_SESSION; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "OPENSSL_VERSION_MAJOR", 21)) { + /* ^ */ + +#ifdef OPENSSL_VERSION_MAJOR + return OPENSSL_VERSION_MAJOR; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "OPENSSL_VERSION_MINOR", 21)) { + /* ^ */ + +#ifdef OPENSSL_VERSION_MINOR + return OPENSSL_VERSION_MINOR; +#else + goto not_there; +#endif + + } + break; + case 'P': + if (!memcmp(name, "XN_FLAG_SEP_CPLUS_SPC", 21)) { + /* ^ */ + +#ifdef XN_FLAG_SEP_CPLUS_SPC + return XN_FLAG_SEP_CPLUS_SPC; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "XN_FLAG_SEP_SPLUS_SPC", 21)) { + /* ^ */ + +#ifdef XN_FLAG_SEP_SPLUS_SPC + return XN_FLAG_SEP_SPLUS_SPC; +#else + goto not_there; +#endif + + } + break; + case 'R': + if (!memcmp(name, "ASN1_STRFLGS_ESC_CTRL", 21)) { + /* ^ */ + +#ifdef ASN1_STRFLGS_ESC_CTRL + return ASN1_STRFLGS_ESC_CTRL; +#else + goto not_there; +#endif + + } + break; + case 'S': + if (!memcmp(name, "SSL3_MT_HELLO_REQUEST", 21)) { + /* ^ */ + +#ifdef SSL3_MT_HELLO_REQUEST + return SSL3_MT_HELLO_REQUEST; +#else + goto not_there; +#endif + + } + break; + case 'T': + if (!memcmp(name, "F_REQUEST_CERTIFICATE", 21)) { + /* ^ */ + +#ifdef SSL_F_REQUEST_CERTIFICATE + return SSL_F_REQUEST_CERTIFICATE; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "F_SSL_USE_CERTIFICATE", 21)) { + /* ^ */ + +#ifdef SSL_F_SSL_USE_CERTIFICATE + return SSL_F_SSL_USE_CERTIFICATE; +#else + goto not_there; +#endif + + } + break; + case 'U': + if (!memcmp(name, "OP_NETSCAPE_CA_DN_BUG", 21)) { + /* ^ */ + +#ifdef SSL_OP_NETSCAPE_CA_DN_BUG + return SSL_OP_NETSCAPE_CA_DN_BUG; +#else + goto not_there; +#endif + + } + break; + case 'e': + if (!memcmp(name, "NID_SMIMECapabilities", 21)) { + /* ^ */ + +#ifdef NID_SMIMECapabilities + return NID_SMIMECapabilities; +#else + goto not_there; +#endif + + } + break; + case 'm': + if (!memcmp(name, "NID_pkcs9_signingTime", 21)) { + /* ^ */ + +#ifdef NID_pkcs9_signingTime + return NID_pkcs9_signingTime; +#else + goto not_there; +#endif + + } + break; + case 'p': + if (!memcmp(name, "NID_pkcs9_contentType", 21)) { + /* ^ */ + +#ifdef NID_pkcs9_contentType + return NID_pkcs9_contentType; +#else + goto not_there; +#endif + + } + break; + case 'r': + if (!memcmp(name, "NID_netscape_base_url", 21)) { + /* ^ */ + +#ifdef NID_netscape_base_url + return NID_netscape_base_url; +#else + goto not_there; +#endif + + } + break; + case 't': + if (!memcmp(name, "NID_basic_constraints", 21)) { + /* ^ */ + +#ifdef NID_basic_constraints + return NID_basic_constraints; +#else + goto not_there; +#endif + + } + break; + } + break; + case 22: + /* Names all of length 22. */ + /* ASN1_STRFLGS_ESC_QUOTE ERROR_WANT_X509_LOOKUP F_SSL_SESSION_PRINT_FP + NID_netscape_cert_type NID_netscape_data_type NID_pkcs9_emailAddress + OPENSSL_VERSION_NUMBER OPENSSL_VERSION_STRING OP_NO_ENCRYPT_THEN_MAC + R_PEER_ERROR_NO_CIPHER SESS_CACHE_NO_INTERNAL TLSEXT_STATUSTYPE_ocsp + V_OCSP_CERTSTATUS_GOOD X509_TRUST_OBJECT_SIGN X509_V_ERR_UNSPECIFIED + X509_V_FLAG_USE_DELTAS XN_FLAG_SEP_COMMA_PLUS */ + /* Offset 18 gives the best switch position. */ + switch (name[18]) { + case 'F': + if (!memcmp(name, "X509_V_ERR_UNSPECIFIED", 22)) { + /* ^ */ + +#ifdef X509_V_ERR_UNSPECIFIED + return X509_V_ERR_UNSPECIFIED; +#else + goto not_there; +#endif + + } + break; + case 'G': + if (!memcmp(name, "V_OCSP_CERTSTATUS_GOOD", 22)) { + /* ^ */ + +#ifdef V_OCSP_CERTSTATUS_GOOD + return V_OCSP_CERTSTATUS_GOOD; +#else + goto not_there; +#endif + + } + break; + case 'L': + if (!memcmp(name, "X509_V_FLAG_USE_DELTAS", 22)) { + /* ^ */ + +#ifdef X509_V_FLAG_USE_DELTAS + return X509_V_FLAG_USE_DELTAS; +#else + goto not_there; +#endif + + } + break; + case 'M': + if (!memcmp(name, "OPENSSL_VERSION_NUMBER", 22)) { + /* ^ */ + +#ifdef OPENSSL_VERSION_NUMBER + return OPENSSL_VERSION_NUMBER; +#else + goto not_there; +#endif + + } + break; + case 'O': + if (!memcmp(name, "ERROR_WANT_X509_LOOKUP", 22)) { + /* ^ */ + +#ifdef SSL_ERROR_WANT_X509_LOOKUP + return SSL_ERROR_WANT_X509_LOOKUP; +#else + goto not_there; +#endif + + } + break; + case 'P': + if (!memcmp(name, "R_PEER_ERROR_NO_CIPHER", 22)) { + /* ^ */ + +#ifdef SSL_R_PEER_ERROR_NO_CIPHER + return SSL_R_PEER_ERROR_NO_CIPHER; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "XN_FLAG_SEP_COMMA_PLUS", 22)) { + /* ^ */ + +#ifdef XN_FLAG_SEP_COMMA_PLUS + return XN_FLAG_SEP_COMMA_PLUS; +#else + goto not_there; +#endif + + } + break; + case 'R': + if (!memcmp(name, "OPENSSL_VERSION_STRING", 22)) { + /* ^ */ + +#ifdef OPENSSL_VERSION_STRING + return OPENSSL_VERSION_STRING; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "SESS_CACHE_NO_INTERNAL", 22)) { + /* ^ */ + +#ifdef SSL_SESS_CACHE_NO_INTERNAL + return SSL_SESS_CACHE_NO_INTERNAL; +#else + goto not_there; +#endif + + } + break; + case 'S': + if (!memcmp(name, "X509_TRUST_OBJECT_SIGN", 22)) { + /* ^ */ + +#ifdef X509_TRUST_OBJECT_SIGN + return X509_TRUST_OBJECT_SIGN; +#else + goto not_there; +#endif + + } + break; + case 'T': + if (!memcmp(name, "F_SSL_SESSION_PRINT_FP", 22)) { + /* ^ */ + +#ifdef SSL_F_SSL_SESSION_PRINT_FP + return SSL_F_SSL_SESSION_PRINT_FP; +#else + goto not_there; +#endif + + } + break; + case 'U': + if (!memcmp(name, "ASN1_STRFLGS_ESC_QUOTE", 22)) { + /* ^ */ + +#ifdef ASN1_STRFLGS_ESC_QUOTE + return ASN1_STRFLGS_ESC_QUOTE; +#else + goto not_there; +#endif + + } + break; + case '_': + if (!memcmp(name, "OP_NO_ENCRYPT_THEN_MAC", 22)) { + /* ^ */ + +#ifdef SSL_OP_NO_ENCRYPT_THEN_MAC + return SSL_OP_NO_ENCRYPT_THEN_MAC; +#else + goto not_there; +#endif + + } + break; + case 'o': + if (!memcmp(name, "TLSEXT_STATUSTYPE_ocsp", 22)) { + /* ^ */ + +#ifdef TLSEXT_STATUSTYPE_ocsp + return TLSEXT_STATUSTYPE_ocsp; +#else + goto not_there; +#endif + + } + break; + case 'r': + if (!memcmp(name, "NID_pkcs9_emailAddress", 22)) { + /* ^ */ + +#ifdef NID_pkcs9_emailAddress + return NID_pkcs9_emailAddress; +#else + goto not_there; +#endif + + } + break; + case 't': + if (!memcmp(name, "NID_netscape_cert_type", 22)) { + /* ^ */ + +#ifdef NID_netscape_cert_type + return NID_netscape_cert_type; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_netscape_data_type", 22)) { + /* ^ */ + +#ifdef NID_netscape_data_type + return NID_netscape_data_type; +#else + goto not_there; +#endif + + } + break; + } + break; + case 23: + /* Names all of length 23. */ + /* F_GET_CLIENT_MASTER_KEY F_SSL_USE_RSAPRIVATEKEY LIBRESSL_VERSION_NUMBER + NID_pkcs8ShroudedKeyBag NID_pkcs9_messageDigest NID_stateOrProvinceName + OPENSSL_INFO_CONFIG_DIR OP_CRYPTOPRO_TLSEXT_BUG R_BAD_RESPONSE_ARGUMENT + R_PUBLIC_KEY_IS_NOT_RSA SSL2_MT_CLIENT_FINISHED SSL2_MT_SERVER_FINISHED + SSL3_MT_CERTIFICATE_URL X509_PURPOSE_SMIME_SIGN X509_PURPOSE_SSL_CLIENT + X509_PURPOSE_SSL_SERVER X509_TRUST_OCSP_REQUEST X509_V_ERR_CERT_REVOKED + X509_V_ERR_INVALID_CALL X509_V_ERR_STORE_LOOKUP X509_V_FLAG_INHIBIT_ANY + X509_V_FLAG_INHIBIT_MAP X509_V_FLAG_POLICY_MASK X509_V_FLAG_X509_STRICT + */ + /* Offset 13 gives the best switch position. */ + switch (name[13]) { + case '5': + if (!memcmp(name, "X509_V_FLAG_X509_STRICT", 23)) { + /* ^ */ + +#ifdef X509_V_FLAG_X509_STRICT + return X509_V_FLAG_X509_STRICT; +#else + goto not_there; +#endif + + } + break; + case 'C': + if (!memcmp(name, "OPENSSL_INFO_CONFIG_DIR", 23)) { + /* ^ */ + +#ifdef OPENSSL_INFO_CONFIG_DIR + return OPENSSL_INFO_CONFIG_DIR; +#else + goto not_there; +#endif + + } + break; + case 'E': + if (!memcmp(name, "R_BAD_RESPONSE_ARGUMENT", 23)) { + /* ^ */ + +#ifdef SSL_R_BAD_RESPONSE_ARGUMENT + return SSL_R_BAD_RESPONSE_ARGUMENT; +#else + goto not_there; +#endif + + } + break; + case 'F': + if (!memcmp(name, "SSL3_MT_CERTIFICATE_URL", 23)) { + /* ^ */ + +#ifdef SSL3_MT_CERTIFICATE_URL + return SSL3_MT_CERTIFICATE_URL; +#else + goto not_there; +#endif + + } + break; + case 'I': + if (!memcmp(name, "LIBRESSL_VERSION_NUMBER", 23)) { + /* ^ */ + +#ifdef LIBRESSL_VERSION_NUMBER + return LIBRESSL_VERSION_NUMBER; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "R_PUBLIC_KEY_IS_NOT_RSA", 23)) { + /* ^ */ + +#ifdef SSL_R_PUBLIC_KEY_IS_NOT_RSA + return SSL_R_PUBLIC_KEY_IS_NOT_RSA; +#else + goto not_there; +#endif + + } + break; + case 'M': + if (!memcmp(name, "F_GET_CLIENT_MASTER_KEY", 23)) { + /* ^ */ + +#ifdef SSL_F_GET_CLIENT_MASTER_KEY + return SSL_F_GET_CLIENT_MASTER_KEY; +#else + goto not_there; +#endif + + } + break; + case 'N': + if (!memcmp(name, "X509_V_FLAG_INHIBIT_ANY", 23)) { + /* ^ */ + +#ifdef X509_V_FLAG_INHIBIT_ANY + return X509_V_FLAG_INHIBIT_ANY; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_V_FLAG_INHIBIT_MAP", 23)) { + /* ^ */ + +#ifdef X509_V_FLAG_INHIBIT_MAP + return X509_V_FLAG_INHIBIT_MAP; +#else + goto not_there; +#endif + + } + break; + case 'O': + if (!memcmp(name, "X509_V_ERR_STORE_LOOKUP", 23)) { + /* ^ */ + +#ifdef X509_V_ERR_STORE_LOOKUP + return X509_V_ERR_STORE_LOOKUP; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_V_FLAG_POLICY_MASK", 23)) { + /* ^ */ + +#ifdef X509_V_FLAG_POLICY_MASK + return X509_V_FLAG_POLICY_MASK; +#else + goto not_there; +#endif + + } + break; + case 'P': + if (!memcmp(name, "F_SSL_USE_RSAPRIVATEKEY", 23)) { + /* ^ */ + +#ifdef SSL_F_SSL_USE_RSAPRIVATEKEY + return SSL_F_SSL_USE_RSAPRIVATEKEY; +#else + goto not_there; +#endif + + } + break; + case 'R': + if (!memcmp(name, "SSL2_MT_SERVER_FINISHED", 23)) { + /* ^ */ + +#ifdef SSL2_MT_SERVER_FINISHED + return SSL2_MT_SERVER_FINISHED; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_V_ERR_CERT_REVOKED", 23)) { + /* ^ */ + +#ifdef X509_V_ERR_CERT_REVOKED + return X509_V_ERR_CERT_REVOKED; +#else + goto not_there; +#endif + + } + break; + case 'S': + if (!memcmp(name, "X509_PURPOSE_SMIME_SIGN", 23)) { + /* ^ */ + +#ifdef X509_PURPOSE_SMIME_SIGN + return X509_PURPOSE_SMIME_SIGN; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_PURPOSE_SSL_CLIENT", 23)) { + /* ^ */ + +#ifdef X509_PURPOSE_SSL_CLIENT + return X509_PURPOSE_SSL_CLIENT; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_PURPOSE_SSL_SERVER", 23)) { + /* ^ */ + +#ifdef X509_PURPOSE_SSL_SERVER + return X509_PURPOSE_SSL_SERVER; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_TRUST_OCSP_REQUEST", 23)) { + /* ^ */ + +#ifdef X509_TRUST_OCSP_REQUEST + return X509_TRUST_OCSP_REQUEST; +#else + goto not_there; +#endif + + } + break; + case 'T': + if (!memcmp(name, "OP_CRYPTOPRO_TLSEXT_BUG", 23)) { + /* ^ */ + +#ifdef SSL_OP_CRYPTOPRO_TLSEXT_BUG + return SSL_OP_CRYPTOPRO_TLSEXT_BUG; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "SSL2_MT_CLIENT_FINISHED", 23)) { + /* ^ */ + +#ifdef SSL2_MT_CLIENT_FINISHED + return SSL2_MT_CLIENT_FINISHED; +#else + goto not_there; +#endif + + } + break; + case 'V': + if (!memcmp(name, "X509_V_ERR_INVALID_CALL", 23)) { + /* ^ */ + +#ifdef X509_V_ERR_INVALID_CALL + return X509_V_ERR_INVALID_CALL; +#else + goto not_there; +#endif + + } + break; + case 'o': + if (!memcmp(name, "NID_stateOrProvinceName", 23)) { + /* ^ */ + +#ifdef NID_stateOrProvinceName + return NID_stateOrProvinceName; +#else + goto not_there; +#endif + + } + break; + case 's': + if (!memcmp(name, "NID_pkcs9_messageDigest", 23)) { + /* ^ */ + +#ifdef NID_pkcs9_messageDigest + return NID_pkcs9_messageDigest; +#else + goto not_there; +#endif + + } + break; + case 'u': + if (!memcmp(name, "NID_pkcs8ShroudedKeyBag", 23)) { + /* ^ */ + +#ifdef NID_pkcs8ShroudedKeyBag + return NID_pkcs8ShroudedKeyBag; +#else + goto not_there; +#endif + + } + break; + } + break; + case 24: + /* Names all of length 24. */ + /* F_SSL_RSA_PUBLIC_ENCRYPT NID_certificate_policies + NID_md2WithRSAEncryption NID_md5WithRSAEncryption + NID_netscape_renewal_url NID_pbeWithMD2AndDES_CBC + NID_pbeWithMD2AndRC2_CBC NID_pbeWithMD5AndDES_CBC + NID_pbeWithMD5AndRC2_CBC NID_shaWithRSAEncryption + OPENSSL_INFO_ENGINES_DIR OPENSSL_INFO_MODULES_DIR + OPENSSL_INFO_SEED_SOURCE OP_LEGACY_SERVER_CONNECT + OP_MICROSOFT_SESS_ID_BUG OP_TLS_BLOCK_PADDING_BUG + R_CHALLENGE_IS_DIFFERENT R_CIPHER_TABLE_SRC_ERROR + R_PEER_ERROR_CERTIFICATE R_READ_WRONG_PACKET_TYPE + SESS_CACHE_NO_AUTO_CLEAR SSL3_RT_APPLICATION_DATA + X509_PURPOSE_OCSP_HELPER X509_V_ERR_CERT_REJECTED + X509_V_ERR_DANE_NO_MATCH X509_V_ERR_NO_VALID_SCTS + X509_V_FLAG_POLICY_CHECK */ + /* Offset 13 gives the best switch position. */ + switch (name[13]) { + case '2': + if (!memcmp(name, "NID_pbeWithMD2AndDES_CBC", 24)) { + /* ^ */ + +#ifdef NID_pbeWithMD2AndDES_CBC + return NID_pbeWithMD2AndDES_CBC; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_pbeWithMD2AndRC2_CBC", 24)) { + /* ^ */ + +#ifdef NID_pbeWithMD2AndRC2_CBC + return NID_pbeWithMD2AndRC2_CBC; +#else + goto not_there; +#endif + + } + break; + case '5': + if (!memcmp(name, "NID_pbeWithMD5AndDES_CBC", 24)) { + /* ^ */ + +#ifdef NID_pbeWithMD5AndDES_CBC + return NID_pbeWithMD5AndDES_CBC; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_pbeWithMD5AndRC2_CBC", 24)) { + /* ^ */ + +#ifdef NID_pbeWithMD5AndRC2_CBC + return NID_pbeWithMD5AndRC2_CBC; +#else + goto not_there; +#endif + + } + break; + case 'A': + if (!memcmp(name, "NID_md2WithRSAEncryption", 24)) { + /* ^ */ + +#ifdef NID_md2WithRSAEncryption + return NID_md2WithRSAEncryption; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_md5WithRSAEncryption", 24)) { + /* ^ */ + +#ifdef NID_md5WithRSAEncryption + return NID_md5WithRSAEncryption; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_shaWithRSAEncryption", 24)) { + /* ^ */ + +#ifdef NID_shaWithRSAEncryption + return NID_shaWithRSAEncryption; +#else + goto not_there; +#endif + + } + break; + case 'C': + if (!memcmp(name, "R_PEER_ERROR_CERTIFICATE", 24)) { + /* ^ */ + +#ifdef SSL_R_PEER_ERROR_CERTIFICATE + return SSL_R_PEER_ERROR_CERTIFICATE; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "SSL3_RT_APPLICATION_DATA", 24)) { + /* ^ */ + +#ifdef SSL3_RT_APPLICATION_DATA + return SSL3_RT_APPLICATION_DATA; +#else + goto not_there; +#endif + + } + break; + case 'E': + if (!memcmp(name, "OPENSSL_INFO_ENGINES_DIR", 24)) { + /* ^ */ + +#ifdef OPENSSL_INFO_ENGINES_DIR + return OPENSSL_INFO_ENGINES_DIR; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "R_CIPHER_TABLE_SRC_ERROR", 24)) { + /* ^ */ + +#ifdef SSL_R_CIPHER_TABLE_SRC_ERROR + return SSL_R_CIPHER_TABLE_SRC_ERROR; +#else + goto not_there; +#endif + + } + break; + case 'L': + if (!memcmp(name, "F_SSL_RSA_PUBLIC_ENCRYPT", 24)) { + /* ^ */ + +#ifdef SSL_F_SSL_RSA_PUBLIC_ENCRYPT + return SSL_F_SSL_RSA_PUBLIC_ENCRYPT; +#else + goto not_there; +#endif + + } + break; + case 'M': + if (!memcmp(name, "OPENSSL_INFO_MODULES_DIR", 24)) { + /* ^ */ + +#ifdef OPENSSL_INFO_MODULES_DIR + return OPENSSL_INFO_MODULES_DIR; +#else + goto not_there; +#endif + + } + break; + case 'N': + if (!memcmp(name, "X509_V_ERR_DANE_NO_MATCH", 24)) { + /* ^ */ + +#ifdef X509_V_ERR_DANE_NO_MATCH + return X509_V_ERR_DANE_NO_MATCH; +#else + goto not_there; +#endif + + } + break; + case 'O': + if (!memcmp(name, "X509_PURPOSE_OCSP_HELPER", 24)) { + /* ^ */ + +#ifdef X509_PURPOSE_OCSP_HELPER + return X509_PURPOSE_OCSP_HELPER; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_V_FLAG_POLICY_CHECK", 24)) { + /* ^ */ + +#ifdef X509_V_FLAG_POLICY_CHECK + return X509_V_FLAG_POLICY_CHECK; +#else + goto not_there; +#endif + + } + break; + case 'P': + if (!memcmp(name, "OP_TLS_BLOCK_PADDING_BUG", 24)) { + /* ^ */ + +#ifdef SSL_OP_TLS_BLOCK_PADDING_BUG + return SSL_OP_TLS_BLOCK_PADDING_BUG; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "R_READ_WRONG_PACKET_TYPE", 24)) { + /* ^ */ + +#ifdef SSL_R_READ_WRONG_PACKET_TYPE + return SSL_R_READ_WRONG_PACKET_TYPE; +#else + goto not_there; +#endif + + } + break; + case 'R': + if (!memcmp(name, "X509_V_ERR_CERT_REJECTED", 24)) { + /* ^ */ + +#ifdef X509_V_ERR_CERT_REJECTED + return X509_V_ERR_CERT_REJECTED; +#else + goto not_there; +#endif + + } + break; + case 'S': + if (!memcmp(name, "OPENSSL_INFO_SEED_SOURCE", 24)) { + /* ^ */ + +#ifdef OPENSSL_INFO_SEED_SOURCE + return OPENSSL_INFO_SEED_SOURCE; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "OP_MICROSOFT_SESS_ID_BUG", 24)) { + /* ^ */ + +#ifdef SSL_OP_MICROSOFT_SESS_ID_BUG + return SSL_OP_MICROSOFT_SESS_ID_BUG; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "R_CHALLENGE_IS_DIFFERENT", 24)) { + /* ^ */ + +#ifdef SSL_R_CHALLENGE_IS_DIFFERENT + return SSL_R_CHALLENGE_IS_DIFFERENT; +#else + goto not_there; +#endif + + } + break; + case 'V': + if (!memcmp(name, "OP_LEGACY_SERVER_CONNECT", 24)) { + /* ^ */ + +#ifdef SSL_OP_LEGACY_SERVER_CONNECT + return SSL_OP_LEGACY_SERVER_CONNECT; +#else + goto not_there; +#endif + + } + break; + case '_': + if (!memcmp(name, "SESS_CACHE_NO_AUTO_CLEAR", 24)) { + /* ^ */ + +#ifdef SSL_SESS_CACHE_NO_AUTO_CLEAR + return SSL_SESS_CACHE_NO_AUTO_CLEAR; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_V_ERR_NO_VALID_SCTS", 24)) { + /* ^ */ + +#ifdef X509_V_ERR_NO_VALID_SCTS + return X509_V_ERR_NO_VALID_SCTS; +#else + goto not_there; +#endif + + } + break; + case 'r': + if (!memcmp(name, "NID_netscape_renewal_url", 24)) { + /* ^ */ + +#ifdef NID_netscape_renewal_url + return NID_netscape_renewal_url; +#else + goto not_there; +#endif + + } + break; + case 't': + if (!memcmp(name, "NID_certificate_policies", 24)) { + /* ^ */ + +#ifdef NID_certificate_policies + return NID_certificate_policies; +#else + goto not_there; +#endif + + } + break; + } + break; + case 25: + /* Names all of length 25. */ + /* F_SSL_RSA_PRIVATE_DECRYPT F_SSL_USE_PRIVATEKEY_ASN1 + F_SSL_USE_PRIVATEKEY_FILE MODE_ENABLE_PARTIAL_WRITE + NID_pbeWithSHA1AndDES_CBC NID_pbeWithSHA1AndRC2_CBC + NID_sha1WithRSAEncryption OPENSSL_INFO_CPU_SETTINGS + OP_MSIE_SSLV2_RSA_PADDING OP_NETSCAPE_CHALLENGE_BUG + OP_SAFARI_ECDHE_ECDSA_BUG R_BAD_AUTHENTICATION_TYPE + SSL2_MT_CLIENT_MASTER_KEY SSL3_MT_END_OF_EARLY_DATA + SSL3_MT_NEWSESSION_TICKET SSL3_MT_SUPPLEMENTAL_DATA + V_OCSP_CERTSTATUS_REVOKED V_OCSP_CERTSTATUS_UNKNOWN + X509_V_ERR_CA_MD_TOO_WEAK X509_V_ERR_CERT_UNTRUSTED + X509_V_ERR_EMAIL_MISMATCH X509_V_ERR_INVALID_NON_CA + X509_V_ERR_SUBTREE_MINMAX X509_V_FLAG_CRL_CHECK_ALL + X509_V_FLAG_LEGACY_VERIFY X509_V_FLAG_NOTIFY_POLICY + X509_V_FLAG_NO_ALT_CHAINS X509_V_FLAG_NO_CHECK_TIME + X509_V_FLAG_PARTIAL_CHAIN X509_V_FLAG_TRUSTED_FIRST */ + /* Offset 19 gives the best switch position. */ + switch (name[19]) { + case 'A': + if (!memcmp(name, "OP_MSIE_SSLV2_RSA_PADDING", 25)) { + /* ^ */ + +#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING + return SSL_OP_MSIE_SSLV2_RSA_PADDING; +#else + goto not_there; +#endif + + } + break; + case 'C': + if (!memcmp(name, "NID_pbeWithSHA1AndRC2_CBC", 25)) { + /* ^ */ + +#ifdef NID_pbeWithSHA1AndRC2_CBC + return NID_pbeWithSHA1AndRC2_CBC; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_V_FLAG_CRL_CHECK_ALL", 25)) { + /* ^ */ + +#ifdef X509_V_FLAG_CRL_CHECK_ALL + return X509_V_FLAG_CRL_CHECK_ALL; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_V_FLAG_NO_ALT_CHAINS", 25)) { + /* ^ */ + +#ifdef X509_V_FLAG_NO_ALT_CHAINS + return X509_V_FLAG_NO_ALT_CHAINS; +#else + goto not_there; +#endif + + } + break; + case 'E': + if (!memcmp(name, "F_SSL_RSA_PRIVATE_DECRYPT", 25)) { + /* ^ */ + +#ifdef SSL_F_SSL_RSA_PRIVATE_DECRYPT + return SSL_F_SSL_RSA_PRIVATE_DECRYPT; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_pbeWithSHA1AndDES_CBC", 25)) { + /* ^ */ + +#ifdef NID_pbeWithSHA1AndDES_CBC + return NID_pbeWithSHA1AndDES_CBC; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "SSL2_MT_CLIENT_MASTER_KEY", 25)) { + /* ^ */ + +#ifdef SSL2_MT_CLIENT_MASTER_KEY + return SSL2_MT_CLIENT_MASTER_KEY; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "V_OCSP_CERTSTATUS_REVOKED", 25)) { + /* ^ */ + +#ifdef V_OCSP_CERTSTATUS_REVOKED + return V_OCSP_CERTSTATUS_REVOKED; +#else + goto not_there; +#endif + + } + break; + case 'G': + if (!memcmp(name, "OP_NETSCAPE_CHALLENGE_BUG", 25)) { + /* ^ */ + +#ifdef SSL_OP_NETSCAPE_CHALLENGE_BUG + return SSL_OP_NETSCAPE_CHALLENGE_BUG; +#else + goto not_there; +#endif + + } + break; + case 'K': + if (!memcmp(name, "X509_V_FLAG_NO_CHECK_TIME", 25)) { + /* ^ */ + +#ifdef X509_V_FLAG_NO_CHECK_TIME + return X509_V_FLAG_NO_CHECK_TIME; +#else + goto not_there; +#endif + + } + break; + case 'L': + if (!memcmp(name, "SSL3_MT_SUPPLEMENTAL_DATA", 25)) { + /* ^ */ + +#ifdef SSL3_MT_SUPPLEMENTAL_DATA + return SSL3_MT_SUPPLEMENTAL_DATA; +#else + goto not_there; +#endif + + } + break; + case 'M': + if (!memcmp(name, "X509_V_ERR_SUBTREE_MINMAX", 25)) { + /* ^ */ + +#ifdef X509_V_ERR_SUBTREE_MINMAX + return X509_V_ERR_SUBTREE_MINMAX; +#else + goto not_there; +#endif + + } + break; + case 'N': + if (!memcmp(name, "R_BAD_AUTHENTICATION_TYPE", 25)) { + /* ^ */ + +#ifdef SSL_R_BAD_AUTHENTICATION_TYPE + return SSL_R_BAD_AUTHENTICATION_TYPE; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "V_OCSP_CERTSTATUS_UNKNOWN", 25)) { + /* ^ */ + +#ifdef V_OCSP_CERTSTATUS_UNKNOWN + return V_OCSP_CERTSTATUS_UNKNOWN; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_V_ERR_INVALID_NON_CA", 25)) { + /* ^ */ + +#ifdef X509_V_ERR_INVALID_NON_CA + return X509_V_ERR_INVALID_NON_CA; +#else + goto not_there; +#endif + + } + break; + case 'O': + if (!memcmp(name, "X509_V_ERR_CA_MD_TOO_WEAK", 25)) { + /* ^ */ + +#ifdef X509_V_ERR_CA_MD_TOO_WEAK + return X509_V_ERR_CA_MD_TOO_WEAK; +#else + goto not_there; +#endif + + } + break; + case 'P': + if (!memcmp(name, "X509_V_FLAG_NOTIFY_POLICY", 25)) { + /* ^ */ + +#ifdef X509_V_FLAG_NOTIFY_POLICY + return X509_V_FLAG_NOTIFY_POLICY; +#else + goto not_there; +#endif + + } + break; + case 'R': + if (!memcmp(name, "X509_V_ERR_CERT_UNTRUSTED", 25)) { + /* ^ */ + +#ifdef X509_V_ERR_CERT_UNTRUSTED + return X509_V_ERR_CERT_UNTRUSTED; +#else + goto not_there; +#endif + + } + break; + case 'S': + if (!memcmp(name, "OP_SAFARI_ECDHE_ECDSA_BUG", 25)) { + /* ^ */ + +#ifdef SSL_OP_SAFARI_ECDHE_ECDSA_BUG + return SSL_OP_SAFARI_ECDHE_ECDSA_BUG; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_V_ERR_EMAIL_MISMATCH", 25)) { + /* ^ */ + +#ifdef X509_V_ERR_EMAIL_MISMATCH + return X509_V_ERR_EMAIL_MISMATCH; +#else + goto not_there; +#endif + + } + break; + case 'T': + if (!memcmp(name, "OPENSSL_INFO_CPU_SETTINGS", 25)) { + /* ^ */ + +#ifdef OPENSSL_INFO_CPU_SETTINGS + return OPENSSL_INFO_CPU_SETTINGS; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "SSL3_MT_NEWSESSION_TICKET", 25)) { + /* ^ */ + +#ifdef SSL3_MT_NEWSESSION_TICKET + return SSL3_MT_NEWSESSION_TICKET; +#else + goto not_there; +#endif + + } + break; + case 'V': + if (!memcmp(name, "X509_V_FLAG_LEGACY_VERIFY", 25)) { + /* ^ */ + +#ifdef X509_V_FLAG_LEGACY_VERIFY + return X509_V_FLAG_LEGACY_VERIFY; +#else + goto not_there; +#endif + + } + break; + case 'Y': + if (!memcmp(name, "F_SSL_USE_PRIVATEKEY_ASN1", 25)) { + /* ^ */ + +#ifdef SSL_F_SSL_USE_PRIVATEKEY_ASN1 + return SSL_F_SSL_USE_PRIVATEKEY_ASN1; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "F_SSL_USE_PRIVATEKEY_FILE", 25)) { + /* ^ */ + +#ifdef SSL_F_SSL_USE_PRIVATEKEY_FILE + return SSL_F_SSL_USE_PRIVATEKEY_FILE; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "SSL3_MT_END_OF_EARLY_DATA", 25)) { + /* ^ */ + +#ifdef SSL3_MT_END_OF_EARLY_DATA + return SSL3_MT_END_OF_EARLY_DATA; +#else + goto not_there; +#endif + + } + break; + case '_': + if (!memcmp(name, "MODE_ENABLE_PARTIAL_WRITE", 25)) { + /* ^ */ + +#ifdef SSL_MODE_ENABLE_PARTIAL_WRITE + return SSL_MODE_ENABLE_PARTIAL_WRITE; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_V_FLAG_PARTIAL_CHAIN", 25)) { + /* ^ */ + +#ifdef X509_V_FLAG_PARTIAL_CHAIN + return X509_V_FLAG_PARTIAL_CHAIN; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_V_FLAG_TRUSTED_FIRST", 25)) { + /* ^ */ + +#ifdef X509_V_FLAG_TRUSTED_FIRST + return X509_V_FLAG_TRUSTED_FIRST; +#else + goto not_there; +#endif + + } + break; + case 'y': + if (!memcmp(name, "NID_sha1WithRSAEncryption", 25)) { + /* ^ */ + +#ifdef NID_sha1WithRSAEncryption + return NID_sha1WithRSAEncryption; +#else + goto not_there; +#endif + + } + break; + } + break; + case 26: + /* Names all of length 26. */ + /* F_SSL_USE_CERTIFICATE_ASN1 F_SSL_USE_CERTIFICATE_FILE + NID_netscape_ca_policy_url NID_netscape_cert_sequence + NID_organizationalUnitName NID_pbeWithMD5AndCast5_CBC + NID_pkcs9_countersignature NID_pkcs9_unstructuredName + NID_subject_key_identifier OPENSSL_INFO_DSO_EXTENSION + OP_ENABLE_MIDDLEBOX_COMPAT OP_NO_CLIENT_RENEGOTIATION + R_INVALID_CHALLENGE_LENGTH R_NO_CERTIFICATE_SPECIFIED + R_PUBLIC_KEY_ENCRYPT_ERROR SSL2_MT_CLIENT_CERTIFICATE + SSL3_MT_CERTIFICATE_STATUS SSL3_MT_CERTIFICATE_VERIFY + SSL3_MT_CHANGE_CIPHER_SPEC SSL3_RT_CHANGE_CIPHER_SPEC + SSL3_RT_INNER_CONTENT_TYPE X509_PURPOSE_NS_SSL_SERVER + X509_PURPOSE_SMIME_ENCRYPT X509_V_ERR_CRL_HAS_EXPIRED + X509_V_ERR_INVALID_PURPOSE X509_V_FLAG_SUITEB_128_LOS + X509_V_FLAG_SUITEB_192_LOS X509_V_FLAG_USE_CHECK_TIME */ + /* Offset 20 gives the best switch position. */ + switch (name[20]) { + case '2': + if (!memcmp(name, "X509_V_FLAG_SUITEB_128_LOS", 26)) { + /* ^ */ + +#ifdef X509_V_FLAG_SUITEB_128_LOS + return X509_V_FLAG_SUITEB_128_LOS; +#else + goto not_there; +#endif + + } + break; + case '9': + if (!memcmp(name, "X509_V_FLAG_SUITEB_192_LOS", 26)) { + /* ^ */ + +#ifdef X509_V_FLAG_SUITEB_192_LOS + return X509_V_FLAG_SUITEB_192_LOS; +#else + goto not_there; +#endif + + } + break; + case 'C': + if (!memcmp(name, "OP_ENABLE_MIDDLEBOX_COMPAT", 26)) { + /* ^ */ + +#ifdef SSL_OP_ENABLE_MIDDLEBOX_COMPAT + return SSL_OP_ENABLE_MIDDLEBOX_COMPAT; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "R_NO_CERTIFICATE_SPECIFIED", 26)) { + /* ^ */ + +#ifdef SSL_R_NO_CERTIFICATE_SPECIFIED + return SSL_R_NO_CERTIFICATE_SPECIFIED; +#else + goto not_there; +#endif + + } + break; + case 'E': + if (!memcmp(name, "F_SSL_USE_CERTIFICATE_ASN1", 26)) { + /* ^ */ + +#ifdef SSL_F_SSL_USE_CERTIFICATE_ASN1 + return SSL_F_SSL_USE_CERTIFICATE_ASN1; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "F_SSL_USE_CERTIFICATE_FILE", 26)) { + /* ^ */ + +#ifdef SSL_F_SSL_USE_CERTIFICATE_FILE + return SSL_F_SSL_USE_CERTIFICATE_FILE; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "OPENSSL_INFO_DSO_EXTENSION", 26)) { + /* ^ */ + +#ifdef OPENSSL_INFO_DSO_EXTENSION + return OPENSSL_INFO_DSO_EXTENSION; +#else + goto not_there; +#endif + + } + break; + case 'F': + if (!memcmp(name, "SSL2_MT_CLIENT_CERTIFICATE", 26)) { + /* ^ */ + +#ifdef SSL2_MT_CLIENT_CERTIFICATE + return SSL2_MT_CLIENT_CERTIFICATE; +#else + goto not_there; +#endif + + } + break; + case 'I': + if (!memcmp(name, "OP_NO_CLIENT_RENEGOTIATION", 26)) { + /* ^ */ + +#ifdef SSL_OP_NO_CLIENT_RENEGOTIATION + return SSL_OP_NO_CLIENT_RENEGOTIATION; +#else + goto not_there; +#endif + + } + break; + case 'K': + if (!memcmp(name, "X509_V_FLAG_USE_CHECK_TIME", 26)) { + /* ^ */ + +#ifdef X509_V_FLAG_USE_CHECK_TIME + return X509_V_FLAG_USE_CHECK_TIME; +#else + goto not_there; +#endif + + } + break; + case 'L': + if (!memcmp(name, "R_INVALID_CHALLENGE_LENGTH", 26)) { + /* ^ */ + +#ifdef SSL_R_INVALID_CHALLENGE_LENGTH + return SSL_R_INVALID_CHALLENGE_LENGTH; +#else + goto not_there; +#endif + + } + break; + case 'N': + if (!memcmp(name, "X509_PURPOSE_SMIME_ENCRYPT", 26)) { + /* ^ */ + +#ifdef X509_PURPOSE_SMIME_ENCRYPT + return X509_PURPOSE_SMIME_ENCRYPT; +#else + goto not_there; +#endif + + } + break; + case 'R': + if (!memcmp(name, "SSL3_MT_CHANGE_CIPHER_SPEC", 26)) { + /* ^ */ + +#ifdef SSL3_MT_CHANGE_CIPHER_SPEC + return SSL3_MT_CHANGE_CIPHER_SPEC; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "SSL3_RT_CHANGE_CIPHER_SPEC", 26)) { + /* ^ */ + +#ifdef SSL3_RT_CHANGE_CIPHER_SPEC + return SSL3_RT_CHANGE_CIPHER_SPEC; +#else + goto not_there; +#endif + + } + break; + case 'S': + if (!memcmp(name, "SSL3_MT_CERTIFICATE_STATUS", 26)) { + /* ^ */ + +#ifdef SSL3_MT_CERTIFICATE_STATUS + return SSL3_MT_CERTIFICATE_STATUS; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_PURPOSE_NS_SSL_SERVER", 26)) { + /* ^ */ + +#ifdef X509_PURPOSE_NS_SSL_SERVER + return X509_PURPOSE_NS_SSL_SERVER; +#else + goto not_there; +#endif + + } + break; + case 'T': + if (!memcmp(name, "SSL3_RT_INNER_CONTENT_TYPE", 26)) { + /* ^ */ + +#ifdef SSL3_RT_INNER_CONTENT_TYPE + return SSL3_RT_INNER_CONTENT_TYPE; +#else + goto not_there; +#endif + + } + break; + case 'U': + if (!memcmp(name, "X509_V_ERR_INVALID_PURPOSE", 26)) { + /* ^ */ + +#ifdef X509_V_ERR_INVALID_PURPOSE + return X509_V_ERR_INVALID_PURPOSE; +#else + goto not_there; +#endif + + } + break; + case 'V': + if (!memcmp(name, "SSL3_MT_CERTIFICATE_VERIFY", 26)) { + /* ^ */ + +#ifdef SSL3_MT_CERTIFICATE_VERIFY + return SSL3_MT_CERTIFICATE_VERIFY; +#else + goto not_there; +#endif + + } + break; + case 'X': + if (!memcmp(name, "X509_V_ERR_CRL_HAS_EXPIRED", 26)) { + /* ^ */ + +#ifdef X509_V_ERR_CRL_HAS_EXPIRED + return X509_V_ERR_CRL_HAS_EXPIRED; +#else + goto not_there; +#endif + + } + break; + case '_': + if (!memcmp(name, "R_PUBLIC_KEY_ENCRYPT_ERROR", 26)) { + /* ^ */ + +#ifdef SSL_R_PUBLIC_KEY_ENCRYPT_ERROR + return SSL_R_PUBLIC_KEY_ENCRYPT_ERROR; +#else + goto not_there; +#endif + + } + break; + case 'c': + if (!memcmp(name, "NID_netscape_ca_policy_url", 26)) { + /* ^ */ + +#ifdef NID_netscape_ca_policy_url + return NID_netscape_ca_policy_url; +#else + goto not_there; +#endif + + } + break; + case 'e': + if (!memcmp(name, "NID_pkcs9_unstructuredName", 26)) { + /* ^ */ + +#ifdef NID_pkcs9_unstructuredName + return NID_pkcs9_unstructuredName; +#else + goto not_there; +#endif + + } + break; + case 'i': + if (!memcmp(name, "NID_organizationalUnitName", 26)) { + /* ^ */ + +#ifdef NID_organizationalUnitName + return NID_organizationalUnitName; +#else + goto not_there; +#endif + + } + break; + case 'n': + if (!memcmp(name, "NID_pkcs9_countersignature", 26)) { + /* ^ */ + +#ifdef NID_pkcs9_countersignature + return NID_pkcs9_countersignature; +#else + goto not_there; +#endif + + } + break; + case 'q': + if (!memcmp(name, "NID_netscape_cert_sequence", 26)) { + /* ^ */ + +#ifdef NID_netscape_cert_sequence + return NID_netscape_cert_sequence; +#else + goto not_there; +#endif + + } + break; + case 't': + if (!memcmp(name, "NID_pbeWithMD5AndCast5_CBC", 26)) { + /* ^ */ + +#ifdef NID_pbeWithMD5AndCast5_CBC + return NID_pbeWithMD5AndCast5_CBC; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "NID_subject_key_identifier", 26)) { + /* ^ */ + +#ifdef NID_subject_key_identifier + return NID_subject_key_identifier; +#else + goto not_there; +#endif + + } + break; + } + break; + case 27: + /* Names all of length 27. */ + /* NID_crl_distribution_points NID_netscape_cert_extension + NID_netscape_revocation_url NID_pbe_WithSHA1And40BitRC4 + NID_pkcs9_challengePassword NID_pkcs9_extCertAttributes + OPENSSL_FULL_VERSION_STRING OPENSSL_INFO_LIST_SEPARATOR + OP_CIPHER_SERVER_PREFERENCE OP_SSLEAY_080_CLIENT_DH_BUG + R_BAD_SSL_SESSION_ID_LENGTH R_UNKNOWN_REMOTE_ERROR_TYPE + SSL2_MT_REQUEST_CERTIFICATE SSL3_MT_CERTIFICATE_REQUEST + SSL3_MT_CLIENT_KEY_EXCHANGE SSL3_MT_SERVER_KEY_EXCHANGE + VERIFY_FAIL_IF_NO_PEER_CERT X509_PURPOSE_TIMESTAMP_SIGN + X509_V_ERR_CA_KEY_TOO_SMALL X509_V_ERR_CERT_HAS_EXPIRED + X509_V_ERR_EE_KEY_TOO_SMALL X509_V_FLAG_CB_ISSUER_CHECK + X509_V_FLAG_EXPLICIT_POLICY X509_V_FLAG_IGNORE_CRITICAL + XN_FLAG_DUMP_UNKNOWN_FIELDS */ + /* Offset 13 gives the best switch position. */ + switch (name[13]) { + case 'B': + if (!memcmp(name, "X509_V_FLAG_CB_ISSUER_CHECK", 27)) { + /* ^ */ + +#ifdef X509_V_FLAG_CB_ISSUER_CHECK + return X509_V_FLAG_CB_ISSUER_CHECK; +#else + goto not_there; +#endif + + } + break; + case 'C': + if (!memcmp(name, "NID_pkcs9_extCertAttributes", 27)) { + /* ^ */ + +#ifdef NID_pkcs9_extCertAttributes + return NID_pkcs9_extCertAttributes; +#else + goto not_there; +#endif + + } + break; + case 'F': + if (!memcmp(name, "SSL3_MT_CERTIFICATE_REQUEST", 27)) { + /* ^ */ + +#ifdef SSL3_MT_CERTIFICATE_REQUEST + return SSL3_MT_CERTIFICATE_REQUEST; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "VERIFY_FAIL_IF_NO_PEER_CERT", 27)) { + /* ^ */ + +#ifdef SSL_VERIFY_FAIL_IF_NO_PEER_CERT + return SSL_VERIFY_FAIL_IF_NO_PEER_CERT; +#else + goto not_there; +#endif + + } + break; + case 'G': + if (!memcmp(name, "X509_V_FLAG_IGNORE_CRITICAL", 27)) { + /* ^ */ + +#ifdef X509_V_FLAG_IGNORE_CRITICAL + return X509_V_FLAG_IGNORE_CRITICAL; +#else + goto not_there; +#endif + + } + break; + case 'H': + if (!memcmp(name, "NID_pbe_WithSHA1And40BitRC4", 27)) { + /* ^ */ + +#ifdef NID_pbe_WithSHA1And40BitRC4 + return NID_pbe_WithSHA1And40BitRC4; +#else + goto not_there; +#endif + + } + break; + case 'L': + if (!memcmp(name, "OPENSSL_INFO_LIST_SEPARATOR", 27)) { + /* ^ */ + +#ifdef OPENSSL_INFO_LIST_SEPARATOR + return OPENSSL_INFO_LIST_SEPARATOR; +#else + goto not_there; +#endif + + } + break; + case 'O': + if (!memcmp(name, "R_UNKNOWN_REMOTE_ERROR_TYPE", 27)) { + /* ^ */ + +#ifdef SSL_R_UNKNOWN_REMOTE_ERROR_TYPE + return SSL_R_UNKNOWN_REMOTE_ERROR_TYPE; +#else + goto not_there; +#endif + + } + break; + case 'R': + if (!memcmp(name, "SSL3_MT_SERVER_KEY_EXCHANGE", 27)) { + /* ^ */ + +#ifdef SSL3_MT_SERVER_KEY_EXCHANGE + return SSL3_MT_SERVER_KEY_EXCHANGE; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_V_ERR_CERT_HAS_EXPIRED", 27)) { + /* ^ */ + +#ifdef X509_V_ERR_CERT_HAS_EXPIRED + return X509_V_ERR_CERT_HAS_EXPIRED; +#else + goto not_there; +#endif + + } + break; + case 'S': + if (!memcmp(name, "R_BAD_SSL_SESSION_ID_LENGTH", 27)) { + /* ^ */ + +#ifdef SSL_R_BAD_SSL_SESSION_ID_LENGTH + return SSL_R_BAD_SSL_SESSION_ID_LENGTH; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "SSL2_MT_REQUEST_CERTIFICATE", 27)) { + /* ^ */ + +#ifdef SSL2_MT_REQUEST_CERTIFICATE + return SSL2_MT_REQUEST_CERTIFICATE; +#else + goto not_there; +#endif + + } + break; + case 'T': + if (!memcmp(name, "SSL3_MT_CLIENT_KEY_EXCHANGE", 27)) { + /* ^ */ + +#ifdef SSL3_MT_CLIENT_KEY_EXCHANGE + return SSL3_MT_CLIENT_KEY_EXCHANGE; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_PURPOSE_TIMESTAMP_SIGN", 27)) { + /* ^ */ + +#ifdef X509_PURPOSE_TIMESTAMP_SIGN + return X509_PURPOSE_TIMESTAMP_SIGN; +#else + goto not_there; +#endif + + } + break; + case 'U': + if (!memcmp(name, "XN_FLAG_DUMP_UNKNOWN_FIELDS", 27)) { + /* ^ */ + +#ifdef XN_FLAG_DUMP_UNKNOWN_FIELDS + return XN_FLAG_DUMP_UNKNOWN_FIELDS; +#else + goto not_there; +#endif + + } + break; + case 'V': + if (!memcmp(name, "OPENSSL_FULL_VERSION_STRING", 27)) { + /* ^ */ + +#ifdef OPENSSL_FULL_VERSION_STRING + return OPENSSL_FULL_VERSION_STRING; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "OP_CIPHER_SERVER_PREFERENCE", 27)) { + /* ^ */ + +#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE + return SSL_OP_CIPHER_SERVER_PREFERENCE; +#else + goto not_there; +#endif + + } + break; + case 'X': + if (!memcmp(name, "X509_V_FLAG_EXPLICIT_POLICY", 27)) { + /* ^ */ + +#ifdef X509_V_FLAG_EXPLICIT_POLICY + return X509_V_FLAG_EXPLICIT_POLICY; +#else + goto not_there; +#endif + + } + break; + case '_': + if (!memcmp(name, "OP_SSLEAY_080_CLIENT_DH_BUG", 27)) { + /* ^ */ + +#ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG + return SSL_OP_SSLEAY_080_CLIENT_DH_BUG; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_V_ERR_CA_KEY_TOO_SMALL", 27)) { + /* ^ */ + +#ifdef X509_V_ERR_CA_KEY_TOO_SMALL + return X509_V_ERR_CA_KEY_TOO_SMALL; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_V_ERR_EE_KEY_TOO_SMALL", 27)) { + /* ^ */ + +#ifdef X509_V_ERR_EE_KEY_TOO_SMALL + return X509_V_ERR_EE_KEY_TOO_SMALL; +#else + goto not_there; +#endif + + } + break; + case 'c': + if (!memcmp(name, "NID_netscape_cert_extension", 27)) { + /* ^ */ + +#ifdef NID_netscape_cert_extension + return NID_netscape_cert_extension; +#else + goto not_there; +#endif + + } + break; + case 'i': + if (!memcmp(name, "NID_crl_distribution_points", 27)) { + /* ^ */ + +#ifdef NID_crl_distribution_points + return NID_crl_distribution_points; +#else + goto not_there; +#endif + + } + break; + case 'l': + if (!memcmp(name, "NID_pkcs9_challengePassword", 27)) { + /* ^ */ + +#ifdef NID_pkcs9_challengePassword + return NID_pkcs9_challengePassword; +#else + goto not_there; +#endif + + } + break; + case 'r': + if (!memcmp(name, "NID_netscape_revocation_url", 27)) { + /* ^ */ + +#ifdef NID_netscape_revocation_url + return NID_netscape_revocation_url; +#else + goto not_there; +#endif + + } + break; + } + break; + case 28: + /* Names all of length 28. */ + /* F_SSL_USE_RSAPRIVATEKEY_ASN1 F_SSL_USE_RSAPRIVATEKEY_FILE + NID_authority_key_identifier NID_netscape_ssl_server_name + NID_pbe_WithSHA1And128BitRC4 NID_pkcs7_signedAndEnveloped + NID_private_key_usage_period SESS_CACHE_NO_INTERNAL_STORE + SSL3_MT_ENCRYPTED_EXTENSIONS X509_CHECK_FLAG_NO_WILDCARDS + X509_V_ERR_CRL_NOT_YET_VALID X509_V_ERR_HOSTNAME_MISMATCH + X509_V_ERR_INVALID_EXTENSION X509_V_ERR_OCSP_CERT_UNKNOWN + X509_V_ERR_UNABLE_TO_GET_CRL X509_V_ERR_UNNESTED_RESOURCE */ + /* Offset 11 gives the best switch position. */ + switch (name[11]) { + case 'C': + if (!memcmp(name, "X509_V_ERR_CRL_NOT_YET_VALID", 28)) { + /* ^ */ + +#ifdef X509_V_ERR_CRL_NOT_YET_VALID + return X509_V_ERR_CRL_NOT_YET_VALID; +#else + goto not_there; +#endif + + } + break; + case 'F': + if (!memcmp(name, "X509_CHECK_FLAG_NO_WILDCARDS", 28)) { + /* ^ */ + +#ifdef X509_CHECK_FLAG_NO_WILDCARDS + return X509_CHECK_FLAG_NO_WILDCARDS; +#else + goto not_there; +#endif + + } + break; + case 'H': + if (!memcmp(name, "X509_V_ERR_HOSTNAME_MISMATCH", 28)) { + /* ^ */ + +#ifdef X509_V_ERR_HOSTNAME_MISMATCH + return X509_V_ERR_HOSTNAME_MISMATCH; +#else + goto not_there; +#endif + + } + break; + case 'I': + if (!memcmp(name, "X509_V_ERR_INVALID_EXTENSION", 28)) { + /* ^ */ + +#ifdef X509_V_ERR_INVALID_EXTENSION + return X509_V_ERR_INVALID_EXTENSION; +#else + goto not_there; +#endif + + } + break; + case 'N': + if (!memcmp(name, "SESS_CACHE_NO_INTERNAL_STORE", 28)) { + /* ^ */ + +#ifdef SSL_SESS_CACHE_NO_INTERNAL_STORE + return SSL_SESS_CACHE_NO_INTERNAL_STORE; +#else + goto not_there; +#endif + + } + break; + case 'O': + if (!memcmp(name, "X509_V_ERR_OCSP_CERT_UNKNOWN", 28)) { + /* ^ */ + +#ifdef X509_V_ERR_OCSP_CERT_UNKNOWN + return X509_V_ERR_OCSP_CERT_UNKNOWN; +#else + goto not_there; +#endif + + } + break; + case 'R': + if (!memcmp(name, "SSL3_MT_ENCRYPTED_EXTENSIONS", 28)) { + /* ^ */ + +#ifdef SSL3_MT_ENCRYPTED_EXTENSIONS + return SSL3_MT_ENCRYPTED_EXTENSIONS; +#else + goto not_there; +#endif + + } + break; + case 'S': + if (!memcmp(name, "F_SSL_USE_RSAPRIVATEKEY_ASN1", 28)) { + /* ^ */ + +#ifdef SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 + return SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "F_SSL_USE_RSAPRIVATEKEY_FILE", 28)) { + /* ^ */ + +#ifdef SSL_F_SSL_USE_RSAPRIVATEKEY_FILE + return SSL_F_SSL_USE_RSAPRIVATEKEY_FILE; +#else + goto not_there; +#endif + + } + break; + case 'U': + if (!memcmp(name, "X509_V_ERR_UNABLE_TO_GET_CRL", 28)) { + /* ^ */ + +#ifdef X509_V_ERR_UNABLE_TO_GET_CRL + return X509_V_ERR_UNABLE_TO_GET_CRL; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_V_ERR_UNNESTED_RESOURCE", 28)) { + /* ^ */ + +#ifdef X509_V_ERR_UNNESTED_RESOURCE + return X509_V_ERR_UNNESTED_RESOURCE; +#else + goto not_there; +#endif + + } + break; + case '_': + if (!memcmp(name, "NID_private_key_usage_period", 28)) { + /* ^ */ + +#ifdef NID_private_key_usage_period + return NID_private_key_usage_period; +#else + goto not_there; +#endif + + } + break; + case 'e': + if (!memcmp(name, "NID_netscape_ssl_server_name", 28)) { + /* ^ */ + +#ifdef NID_netscape_ssl_server_name + return NID_netscape_ssl_server_name; +#else + goto not_there; +#endif + + } + break; + case 'h': + if (!memcmp(name, "NID_pbe_WithSHA1And128BitRC4", 28)) { + /* ^ */ + +#ifdef NID_pbe_WithSHA1And128BitRC4 + return NID_pbe_WithSHA1And128BitRC4; +#else + goto not_there; +#endif + + } + break; + case 'i': + if (!memcmp(name, "NID_pkcs7_signedAndEnveloped", 28)) { + /* ^ */ + +#ifdef NID_pkcs7_signedAndEnveloped + return NID_pkcs7_signedAndEnveloped; +#else + goto not_there; +#endif + + } + break; + case 't': + if (!memcmp(name, "NID_authority_key_identifier", 28)) { + /* ^ */ + +#ifdef NID_authority_key_identifier + return NID_authority_key_identifier; +#else + goto not_there; +#endif + + } + break; + } + break; + case 29: + /* Names all of length 29. */ + /* NID_pkcs9_unstructuredAddress OCSP_RESPONSE_STATUS_TRYLATER + OP_MICROSOFT_BIG_SSLV3_BUFFER R_SSL_SESSION_ID_IS_DIFFERENT + SESS_CACHE_NO_INTERNAL_LOOKUP X509_V_ERR_AKID_SKID_MISMATCH + X509_V_ERR_CERT_NOT_YET_VALID X509_V_ERR_EXCLUDED_VIOLATION + X509_V_ERR_NO_EXPLICIT_POLICY X509_V_ERR_OCSP_VERIFY_FAILED + X509_V_ERR_OCSP_VERIFY_NEEDED X509_V_FLAG_ALLOW_PROXY_CERTS */ + /* Offset 16 gives the best switch position. */ + switch (name[16]) { + case 'A': + if (!memcmp(name, "OCSP_RESPONSE_STATUS_TRYLATER", 29)) { + /* ^ */ + +#ifdef OCSP_RESPONSE_STATUS_TRYLATER + return OCSP_RESPONSE_STATUS_TRYLATER; +#else + goto not_there; +#endif + + } + break; + case 'D': + if (!memcmp(name, "X509_V_ERR_EXCLUDED_VIOLATION", 29)) { + /* ^ */ + +#ifdef X509_V_ERR_EXCLUDED_VIOLATION + return X509_V_ERR_EXCLUDED_VIOLATION; +#else + goto not_there; +#endif + + } + break; + case 'N': + if (!memcmp(name, "X509_V_ERR_CERT_NOT_YET_VALID", 29)) { + /* ^ */ + +#ifdef X509_V_ERR_CERT_NOT_YET_VALID + return X509_V_ERR_CERT_NOT_YET_VALID; +#else + goto not_there; +#endif + + } + break; + case 'P': + if (!memcmp(name, "X509_V_ERR_NO_EXPLICIT_POLICY", 29)) { + /* ^ */ + +#ifdef X509_V_ERR_NO_EXPLICIT_POLICY + return X509_V_ERR_NO_EXPLICIT_POLICY; +#else + goto not_there; +#endif + + } + break; + case 'S': + if (!memcmp(name, "X509_V_ERR_AKID_SKID_MISMATCH", 29)) { + /* ^ */ + +#ifdef X509_V_ERR_AKID_SKID_MISMATCH + return X509_V_ERR_AKID_SKID_MISMATCH; +#else + goto not_there; +#endif + + } + break; + case 'T': + if (!memcmp(name, "SESS_CACHE_NO_INTERNAL_LOOKUP", 29)) { + /* ^ */ + +#ifdef SSL_SESS_CACHE_NO_INTERNAL_LOOKUP + return SSL_SESS_CACHE_NO_INTERNAL_LOOKUP; +#else + goto not_there; +#endif + + } + break; + case 'V': + if (!memcmp(name, "X509_V_ERR_OCSP_VERIFY_FAILED", 29)) { + /* ^ */ + +#ifdef X509_V_ERR_OCSP_VERIFY_FAILED + return X509_V_ERR_OCSP_VERIFY_FAILED; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_V_ERR_OCSP_VERIFY_NEEDED", 29)) { + /* ^ */ + +#ifdef X509_V_ERR_OCSP_VERIFY_NEEDED + return X509_V_ERR_OCSP_VERIFY_NEEDED; +#else + goto not_there; +#endif + + } + break; + case 'W': + if (!memcmp(name, "X509_V_FLAG_ALLOW_PROXY_CERTS", 29)) { + /* ^ */ + +#ifdef X509_V_FLAG_ALLOW_PROXY_CERTS + return X509_V_FLAG_ALLOW_PROXY_CERTS; +#else + goto not_there; +#endif + + } + break; + case '_': + if (!memcmp(name, "OP_MICROSOFT_BIG_SSLV3_BUFFER", 29)) { + /* ^ */ + +#ifdef SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER + return SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "R_SSL_SESSION_ID_IS_DIFFERENT", 29)) { + /* ^ */ + +#ifdef SSL_R_SSL_SESSION_ID_IS_DIFFERENT + return SSL_R_SSL_SESSION_ID_IS_DIFFERENT; +#else + goto not_there; +#endif + + } + break; + case 'c': + if (!memcmp(name, "NID_pkcs9_unstructuredAddress", 29)) { + /* ^ */ + +#ifdef NID_pkcs9_unstructuredAddress + return NID_pkcs9_unstructuredAddress; +#else + goto not_there; +#endif + + } + break; + } + break; + case 30: + /* Names all of length 30. */ + /* NID_netscape_ca_revocation_url OP_DONT_INSERT_EMPTY_FRAGMENTS + OP_SSLREF2_REUSE_CERT_TYPE_BUG R_UNABLE_TO_EXTRACT_PUBLIC_KEY + X509_V_ERR_CERT_CHAIN_TOO_LONG X509_V_ERR_DIFFERENT_CRL_SCOPE + X509_V_ERR_IP_ADDRESS_MISMATCH X509_V_ERR_PERMITTED_VIOLATION + X509_V_FLAG_CHECK_SS_SIGNATURE */ + /* Offset 24 gives the best switch position. */ + switch (name[24]) { + case 'G': + if (!memcmp(name, "OP_DONT_INSERT_EMPTY_FRAGMENTS", 30)) { + /* ^ */ + +#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS + return SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; +#else + goto not_there; +#endif + + } + break; + case 'I': + if (!memcmp(name, "R_UNABLE_TO_EXTRACT_PUBLIC_KEY", 30)) { + /* ^ */ + +#ifdef SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY + return SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY; +#else + goto not_there; +#endif + + } + break; + case 'L': + if (!memcmp(name, "X509_V_ERR_PERMITTED_VIOLATION", 30)) { + /* ^ */ + +#ifdef X509_V_ERR_PERMITTED_VIOLATION + return X509_V_ERR_PERMITTED_VIOLATION; +#else + goto not_there; +#endif + + } + break; + case 'N': + if (!memcmp(name, "X509_V_FLAG_CHECK_SS_SIGNATURE", 30)) { + /* ^ */ + +#ifdef X509_V_FLAG_CHECK_SS_SIGNATURE + return X509_V_FLAG_CHECK_SS_SIGNATURE; +#else + goto not_there; +#endif + + } + break; + case 'O': + if (!memcmp(name, "X509_V_ERR_CERT_CHAIN_TOO_LONG", 30)) { + /* ^ */ + +#ifdef X509_V_ERR_CERT_CHAIN_TOO_LONG + return X509_V_ERR_CERT_CHAIN_TOO_LONG; +#else + goto not_there; +#endif + + } + break; + case 'P': + if (!memcmp(name, "OP_SSLREF2_REUSE_CERT_TYPE_BUG", 30)) { + /* ^ */ + +#ifdef SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG + return SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG; +#else + goto not_there; +#endif + + } + break; + case 'S': + if (!memcmp(name, "X509_V_ERR_IP_ADDRESS_MISMATCH", 30)) { + /* ^ */ + +#ifdef X509_V_ERR_IP_ADDRESS_MISMATCH + return X509_V_ERR_IP_ADDRESS_MISMATCH; +#else + goto not_there; +#endif + + } + break; + case '_': + if (!memcmp(name, "X509_V_ERR_DIFFERENT_CRL_SCOPE", 30)) { + /* ^ */ + +#ifdef X509_V_ERR_DIFFERENT_CRL_SCOPE + return X509_V_ERR_DIFFERENT_CRL_SCOPE; +#else + goto not_there; +#endif + + } + break; + case 'o': + if (!memcmp(name, "NID_netscape_ca_revocation_url", 30)) { + /* ^ */ + +#ifdef NID_netscape_ca_revocation_url + return NID_netscape_ca_revocation_url; +#else + goto not_there; +#endif + + } + break; + } + break; + case 31: + /* Names all of length 31. */ + /* MIN_RSA_MODULUS_LENGTH_IN_BYTES MODE_ACCEPT_MOVING_WRITE_BUFFER + NID_pbe_WithSHA1And40BitRC2_CBC OCSP_RESPONSE_STATUS_SUCCESSFUL + X509_V_ERR_KEYUSAGE_NO_CERTSIGN X509_V_ERR_KEYUSAGE_NO_CRL_SIGN + X509_V_ERR_PATH_LENGTH_EXCEEDED X509_V_FLAG_SUITEB_128_LOS_ONLY */ + /* Offset 30 gives the best switch position. */ + switch (name[30]) { + case 'C': + if (!memcmp(name, "NID_pbe_WithSHA1And40BitRC2_CB", 30)) { + /* C */ + +#ifdef NID_pbe_WithSHA1And40BitRC2_CBC + return NID_pbe_WithSHA1And40BitRC2_CBC; +#else + goto not_there; +#endif + + } + break; + case 'D': + if (!memcmp(name, "X509_V_ERR_PATH_LENGTH_EXCEEDE", 30)) { + /* D */ + +#ifdef X509_V_ERR_PATH_LENGTH_EXCEEDED + return X509_V_ERR_PATH_LENGTH_EXCEEDED; +#else + goto not_there; +#endif + + } + break; + case 'L': + if (!memcmp(name, "OCSP_RESPONSE_STATUS_SUCCESSFU", 30)) { + /* L */ + +#ifdef OCSP_RESPONSE_STATUS_SUCCESSFUL + return OCSP_RESPONSE_STATUS_SUCCESSFUL; +#else + goto not_there; +#endif + + } + break; + case 'N': + if (!memcmp(name, "X509_V_ERR_KEYUSAGE_NO_CERTSIG", 30)) { + /* N */ + +#ifdef X509_V_ERR_KEYUSAGE_NO_CERTSIGN + return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; +#else + goto not_there; +#endif + + } + if (!memcmp(name, "X509_V_ERR_KEYUSAGE_NO_CRL_SIG", 30)) { + /* N */ + +#ifdef X509_V_ERR_KEYUSAGE_NO_CRL_SIGN + return X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; +#else + goto not_there; +#endif + + } + break; + case 'R': + if (!memcmp(name, "MODE_ACCEPT_MOVING_WRITE_BUFFE", 30)) { + /* R */ + +#ifdef SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER + return SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER; +#else + goto not_there; +#endif + + } + break; + case 'S': + if (!memcmp(name, "MIN_RSA_MODULUS_LENGTH_IN_BYTE", 30)) { + /* S */ + +#ifdef SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES + return SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES; +#else + goto not_there; +#endif + + } + break; + case 'Y': + if (!memcmp(name, "X509_V_FLAG_SUITEB_128_LOS_ONL", 30)) { + /* Y */ + +#ifdef X509_V_FLAG_SUITEB_128_LOS_ONLY + return X509_V_FLAG_SUITEB_128_LOS_ONLY; +#else + goto not_there; +#endif + + } + break; + } + break; + case 32: + /* Names all of length 32. */ + /* NID_pbe_WithSHA1And128BitRC2_CBC OCSP_RESPONSE_STATUS_SIGREQUIRED + X509_V_ERR_CRL_SIGNATURE_FAILURE X509_V_ERR_SUITE_B_INVALID_CURVE + X509_V_FLAG_EXTENDED_CRL_SUPPORT */ + /* Offset 25 gives the best switch position. */ + switch (name[25]) { + case 'D': + if (!memcmp(name, "X509_V_ERR_SUITE_B_INVALID_CURVE", 32)) { + /* ^ */ + +#ifdef X509_V_ERR_SUITE_B_INVALID_CURVE + return X509_V_ERR_SUITE_B_INVALID_CURVE; +#else + goto not_there; +#endif + + } + break; + case 'E': + if (!memcmp(name, "OCSP_RESPONSE_STATUS_SIGREQUIRED", 32)) { + /* ^ */ + +#ifdef OCSP_RESPONSE_STATUS_SIGREQUIRED + return OCSP_RESPONSE_STATUS_SIGREQUIRED; +#else + goto not_there; +#endif + + } + break; + case 'F': + if (!memcmp(name, "X509_V_ERR_CRL_SIGNATURE_FAILURE", 32)) { + /* ^ */ + +#ifdef X509_V_ERR_CRL_SIGNATURE_FAILURE + return X509_V_ERR_CRL_SIGNATURE_FAILURE; +#else + goto not_there; +#endif + + } + break; + case 'R': + if (!memcmp(name, "NID_pbe_WithSHA1And128BitRC2_CBC", 32)) { + /* ^ */ + +#ifdef NID_pbe_WithSHA1And128BitRC2_CBC + return NID_pbe_WithSHA1And128BitRC2_CBC; +#else + goto not_there; +#endif + + } + break; + case 'S': + if (!memcmp(name, "X509_V_FLAG_EXTENDED_CRL_SUPPORT", 32)) { + /* ^ */ + +#ifdef X509_V_FLAG_EXTENDED_CRL_SUPPORT + return X509_V_FLAG_EXTENDED_CRL_SUPPORT; +#else + goto not_there; +#endif + + } + break; + } + break; + case 33: + /* Names all of length 33. */ + /* OCSP_RESPONSE_STATUS_UNAUTHORIZED X509_V_ERR_CERT_SIGNATURE_FAILURE */ + /* Offset 32 gives the best switch position. */ + switch (name[32]) { + case 'D': + if (!memcmp(name, "OCSP_RESPONSE_STATUS_UNAUTHORIZE", 32)) { + /* D */ + +#ifdef OCSP_RESPONSE_STATUS_UNAUTHORIZED + return OCSP_RESPONSE_STATUS_UNAUTHORIZED; +#else + goto not_there; +#endif + + } + break; + case 'E': + if (!memcmp(name, "X509_V_ERR_CERT_SIGNATURE_FAILUR", 32)) { + /* E */ + +#ifdef X509_V_ERR_CERT_SIGNATURE_FAILURE + return X509_V_ERR_CERT_SIGNATURE_FAILURE; +#else + goto not_there; +#endif + + } + break; + } + break; + case 34: + /* Names all of length 34. */ + /* OCSP_RESPONSE_STATUS_INTERNALERROR OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG + X509_V_ERR_SUBJECT_ISSUER_MISMATCH X509_V_ERR_SUITE_B_INVALID_VERSION + X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED X509_V_ERR_UNSUPPORTED_NAME_SYNTAX */ + /* Offset 24 gives the best switch position. */ + switch (name[24]) { + case 'A': + if (!memcmp(name, "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX", 34)) { + /* ^ */ + +#ifdef X509_V_ERR_UNSUPPORTED_NAME_SYNTAX + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; +#else + goto not_there; +#endif + + } + break; + case 'C': + if (!memcmp(name, "OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG", 34)) { + /* ^ */ + +#ifdef SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG + return SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG; +#else + goto not_there; +#endif + + } + break; + case 'E': + if (!memcmp(name, "OCSP_RESPONSE_STATUS_INTERNALERROR", 34)) { + /* ^ */ + +#ifdef OCSP_RESPONSE_STATUS_INTERNALERROR + return OCSP_RESPONSE_STATUS_INTERNALERROR; +#else + goto not_there; +#endif + + } + break; + case 'I': + if (!memcmp(name, "X509_V_ERR_SUITE_B_INVALID_VERSION", 34)) { + /* ^ */ + +#ifdef X509_V_ERR_SUITE_B_INVALID_VERSION + return X509_V_ERR_SUITE_B_INVALID_VERSION; +#else + goto not_there; +#endif + + } + break; + case 'O': + if (!memcmp(name, "X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED", 34)) { + /* ^ */ + +#ifdef X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED + return X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED; +#else + goto not_there; +#endif + + } + break; + case 'R': + if (!memcmp(name, "X509_V_ERR_SUBJECT_ISSUER_MISMATCH", 34)) { + /* ^ */ + +#ifdef X509_V_ERR_SUBJECT_ISSUER_MISMATCH + return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; +#else + goto not_there; +#endif + + } + break; + } + break; + case 35: + /* Names all of length 35. */ + /* OPENSSL_INFO_DIR_FILENAME_SEPARATOR OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG + R_PEER_DID_NOT_RETURN_A_CERTIFICATE X509_CHECK_FLAG_NEVER_CHECK_SUBJECT + X509_V_ERR_APPLICATION_VERIFICATION X509_V_ERR_INVALID_POLICY_EXTENSION + X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER _NET_SSLEAY_TEST_UNDEFINED_CONSTANT + */ + /* Offset 29 gives the best switch position. */ + switch (name[29]) { + case 'A': + if (!memcmp(name, "OPENSSL_INFO_DIR_FILENAME_SEPARATOR", 35)) { + /* ^ */ + +#ifdef OPENSSL_INFO_DIR_FILENAME_SEPARATOR + return OPENSSL_INFO_DIR_FILENAME_SEPARATOR; +#else + goto not_there; +#endif + + } + break; + case 'C': + if (!memcmp(name, "X509_V_ERR_APPLICATION_VERIFICATION", 35)) { + /* ^ */ + +#ifdef X509_V_ERR_APPLICATION_VERIFICATION + return X509_V_ERR_APPLICATION_VERIFICATION; +#else + goto not_there; +#endif + + } + break; + case 'E': + if (!memcmp(name, "X509_V_ERR_INVALID_POLICY_EXTENSION", 35)) { + /* ^ */ + +#ifdef X509_V_ERR_INVALID_POLICY_EXTENSION + return X509_V_ERR_INVALID_POLICY_EXTENSION; +#else + goto not_there; +#endif + + } + break; + case 'F': + if (!memcmp(name, "R_PEER_DID_NOT_RETURN_A_CERTIFICATE", 35)) { + /* ^ */ + +#ifdef SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE + return SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE; +#else + goto not_there; +#endif + + } + break; + case 'G': + if (!memcmp(name, "OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG", 35)) { + /* ^ */ + +#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG + return SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG; +#else + goto not_there; +#endif + + } + break; + case 'I': + if (!memcmp(name, "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER", 35)) { + /* ^ */ + +#ifdef X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER + return X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER; +#else + goto not_there; +#endif + + } + break; + case 'N': + if (!memcmp(name, "_NET_SSLEAY_TEST_UNDEFINED_CONSTANT", 35)) { + /* ^ */ + +#ifdef _NET_SSLEAY_TEST_UNDEFINED_CONSTANT + return _NET_SSLEAY_TEST_UNDEFINED_CONSTANT; +#else + goto not_there; +#endif + + } + break; + case 'U': + if (!memcmp(name, "X509_CHECK_FLAG_NEVER_CHECK_SUBJECT", 35)) { + /* ^ */ + +#ifdef X509_CHECK_FLAG_NEVER_CHECK_SUBJECT + return X509_CHECK_FLAG_NEVER_CHECK_SUBJECT; +#else + goto not_there; +#endif + + } + break; + } + break; + case 36: + /* Names all of length 36. */ + /* OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION + X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT + X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS + X509_V_ERR_CRL_PATH_VALIDATION_ERROR + X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN + X509_V_ERR_SUITE_B_INVALID_ALGORITHM + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT */ + /* Offset 25 gives the best switch position. */ + switch (name[25]) { + case 'A': + if (!memcmp(name, "X509_V_ERR_CRL_PATH_VALIDATION_ERROR", 36)) { + /* ^ */ + +#ifdef X509_V_ERR_CRL_PATH_VALIDATION_ERROR + return X509_V_ERR_CRL_PATH_VALIDATION_ERROR; +#else + goto not_there; +#endif + + } + break; + case 'D': + if (!memcmp(name, "X509_V_ERR_SUITE_B_INVALID_ALGORITHM", 36)) { + /* ^ */ + +#ifdef X509_V_ERR_SUITE_B_INVALID_ALGORITHM + return X509_V_ERR_SUITE_B_INVALID_ALGORITHM; +#else + goto not_there; +#endif + + } + break; + case 'E': + if (!memcmp(name, "X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT", 36)) { + /* ^ */ + +#ifdef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT + return X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT; +#else + goto not_there; +#endif + + } + break; + case 'I': + if (!memcmp(name, "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT", 36)) { + /* ^ */ + +#ifdef X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT + return X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; +#else + goto not_there; +#endif + + } + break; + case 'L': + if (!memcmp(name, "X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS", 36)) { + /* ^ */ + +#ifdef X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS + return X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS; +#else + goto not_there; +#endif + + } + break; + case 'N': + if (!memcmp(name, "OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION", 36)) { + /* ^ */ + +#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION + return SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; +#else + goto not_there; +#endif + + } + break; + case 'R': + if (!memcmp(name, "X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN", 36)) { + /* ^ */ + +#ifdef X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN + return X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; +#else + goto not_there; +#endif + + } + break; + } + break; + case 37: + /* Names all of length 37. */ + /* OCSP_RESPONSE_STATUS_MALFORMEDREQUEST + X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS + X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED */ + /* Offset 31 gives the best switch position. */ + switch (name[31]) { + case 'C': + if (!memcmp(name, "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED", 37)) { + /* ^ */ + +#ifdef X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED + return X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; +#else + goto not_there; +#endif + + } + break; + case 'D': + if (!memcmp(name, "X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS", 37)) { + /* ^ */ + +#ifdef X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS + return X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS; +#else + goto not_there; +#endif + + } + break; + case 'E': + if (!memcmp(name, "OCSP_RESPONSE_STATUS_MALFORMEDREQUEST", 37)) { + /* ^ */ + +#ifdef OCSP_RESPONSE_STATUS_MALFORMEDREQUEST + return OCSP_RESPONSE_STATUS_MALFORMEDREQUEST; +#else + goto not_there; +#endif + + } + break; + } + break; + case 38: + /* Names all of length 38. */ + /* NID_pbe_WithSHA1And2_Key_TripleDES_CBC + NID_pbe_WithSHA1And3_Key_TripleDES_CBC + X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH + X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT + X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE */ + /* Offset 19 gives the best switch position. */ + switch (name[19]) { + case '2': + if (!memcmp(name, "NID_pbe_WithSHA1And2_Key_TripleDES_CBC", 38)) { + /* ^ */ + +#ifdef NID_pbe_WithSHA1And2_Key_TripleDES_CBC + return NID_pbe_WithSHA1And2_Key_TripleDES_CBC; +#else + goto not_there; +#endif + + } + break; + case '3': + if (!memcmp(name, "NID_pbe_WithSHA1And3_Key_TripleDES_CBC", 38)) { + /* ^ */ + +#ifdef NID_pbe_WithSHA1And3_Key_TripleDES_CBC + return NID_pbe_WithSHA1And3_Key_TripleDES_CBC; +#else + goto not_there; +#endif + + } + break; + case 'R': + if (!memcmp(name, "X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT", 38)) { + /* ^ */ + +#ifdef X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT + return X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; +#else + goto not_there; +#endif + + } + break; + case 'T': + if (!memcmp(name, "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE", 38)) { + /* ^ */ + +#ifdef X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE + return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE; +#else + goto not_there; +#endif + + } + break; + case 'U': + if (!memcmp(name, "X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH", 38)) { + /* ^ */ + +#ifdef X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH + return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; +#else + goto not_there; +#endif + + } + break; + } + break; + case 39: + /* Names all of length 39. */ + /* X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS + X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION + X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION */ + /* Offset 26 gives the best switch position. */ + switch (name[26]) { + case 'A': + if (!memcmp(name, "X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION", 39)) { + /* ^ */ + +#ifdef X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION + return X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION; +#else + goto not_there; +#endif + + } + break; + case 'C': + if (!memcmp(name, "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION", 39)) { + /* ^ */ + +#ifdef X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION + return X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; +#else + goto not_there; +#endif + + } + break; + case 'E': + if (!memcmp(name, "X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS", 39)) { + /* ^ */ + +#ifdef X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS + return X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS; +#else + goto not_there; +#endif + + } + break; + } + break; + case 40: + /* Names all of length 40. */ + /* X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD + X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE + X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX + X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE */ + /* Offset 26 gives the best switch position. */ + switch (name[26]) { + case 'E': + if (!memcmp(name, "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE", 40)) { + /* ^ */ + +#ifdef X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE + return X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE; +#else + goto not_there; +#endif + + } + break; + case 'I': + if (!memcmp(name, "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE", 40)) { + /* ^ */ + +#ifdef X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE + return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE; +#else + goto not_there; +#endif + + } + break; + case 'O': + if (!memcmp(name, "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD", 40)) { + /* ^ */ + +#ifdef X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD + return X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; +#else + goto not_there; +#endif + + } + break; + case 'S': + if (!memcmp(name, "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX", 40)) { + /* ^ */ + +#ifdef X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX + return X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX; +#else + goto not_there; +#endif + + } + break; + } + break; + case 41: + /* Names all of length 41. */ + /* OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION + R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE + X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD + X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD + X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD + X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED */ + /* Offset 26 gives the best switch position. */ + switch (name[26]) { + case 'E': + if (!memcmp(name, "R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE", 41)) { + /* ^ */ + +#ifdef SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE + return SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE; +#else + goto not_there; +#endif + + } + break; + case 'N': + if (!memcmp(name, "OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION", 41)) { + /* ^ */ + +#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION + return SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION; +#else + goto not_there; +#endif + + } + break; + case 'O': + if (!memcmp(name, "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD", 41)) { + /* ^ */ + +#ifdef X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD + return X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; +#else + goto not_there; +#endif + + } + break; + case 'S': + if (!memcmp(name, "X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD", 41)) { + /* ^ */ + +#ifdef X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD + return X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; +#else + goto not_there; +#endif + + } + break; + case 'T': + if (!memcmp(name, "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED", 41)) { + /* ^ */ + +#ifdef X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED + return X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; +#else + goto not_there; +#endif + + } + break; + case 'X': + if (!memcmp(name, "X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD", 41)) { + /* ^ */ + +#ifdef X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD + return X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; +#else + goto not_there; +#endif + + } + break; + } + break; + case 42: + /* Names all of length 42. */ + /* X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE + X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE */ + /* Offset 29 gives the best switch position. */ + switch (name[29]) { + case 'C': + if (!memcmp(name, "X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE", 42)) { + /* ^ */ + +#ifdef X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE + return X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE; +#else + goto not_there; +#endif + + } + break; + case 'E': + if (!memcmp(name, "X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE", 42)) { + /* ^ */ + +#ifdef X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE + return X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; +#else + goto not_there; +#endif + + } + break; + } + break; + case 43: + /* Names all of length 43. */ + /* X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE + X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION */ + /* Offset 14 gives the best switch position. */ + switch (name[14]) { + case 'A': + if (!memcmp(name, "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION", 43)) { + /* ^ */ + +#ifdef X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION + return X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; +#else + goto not_there; +#endif + + } + break; + case 'B': + if (!memcmp(name, "X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE", 43)) { + /* ^ */ + +#ifdef X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE + return X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE; +#else + goto not_there; +#endif + + } + break; + } + break; + case 44: + if (!memcmp(name, "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY", 44)) { + +#ifdef X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY + return X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; +#else + goto not_there; +#endif + + } + break; + case 45: + if (!memcmp(name, "X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY", 45)) { + +#ifdef X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY + return X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; +#else + goto not_there; +#endif + + } + break; + case 46: + if (!memcmp(name, "X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM", 46)) { + +#ifdef X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM + return X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM; +#else + goto not_there; +#endif + + } + break; + case 47: + if (!memcmp(name, "X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256", 47)) { + +#ifdef X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 + return X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256; +#else + goto not_there; +#endif + + } + break; + } + + errno = EINVAL; + return 0; + +not_there: + errno = ENOENT; + return 0; + +} diff --git a/cpan/Net-SSLeay/helper_script/constants.txt b/cpan/Net-SSLeay/helper_script/constants.txt new file mode 100644 index 000000000000..d44c20a5d7ef --- /dev/null +++ b/cpan/Net-SSLeay/helper_script/constants.txt @@ -0,0 +1,618 @@ +# These libssl/libcrypto constants will be exported by Net::SSLeay. Constants +# whose names begin with "SSL_" will have this prefix removed when they are +# exported; for example, SSL_CB_EXIT will become Net::SSLeay::CB_EXIT(). +# +# Constants should be listed on separate lines and in lexicographical order. +# +# After changing the list below, run helper_script/update-exported-constants. +# This script will: +# - generate a new version of constants.c; +# - generate a new test file at t/local/21_constants.t; +# - update the list of exported constants in lib/Net/SSLeay.pm; +# - update the constants list in the "Constants" section of lib/Net/SSLeay.pod. + +ASN1_STRFLGS_ESC_CTRL +ASN1_STRFLGS_ESC_MSB +ASN1_STRFLGS_ESC_QUOTE +ASN1_STRFLGS_RFC2253 +EVP_PKS_DSA +EVP_PKS_EC +EVP_PKS_RSA +EVP_PKT_ENC +EVP_PKT_EXCH +EVP_PKT_EXP +EVP_PKT_SIGN +EVP_PK_DH +EVP_PK_DSA +EVP_PK_EC +EVP_PK_RSA +GEN_DIRNAME +GEN_DNS +GEN_EDIPARTY +GEN_EMAIL +GEN_IPADD +GEN_OTHERNAME +GEN_RID +GEN_URI +GEN_X400 +LIBRESSL_VERSION_NUMBER +MBSTRING_ASC +MBSTRING_BMP +MBSTRING_FLAG +MBSTRING_UNIV +MBSTRING_UTF8 +NID_OCSP_sign +NID_SMIMECapabilities +NID_X500 +NID_X509 +NID_ad_OCSP +NID_ad_ca_issuers +NID_algorithm +NID_authority_key_identifier +NID_basic_constraints +NID_bf_cbc +NID_bf_cfb64 +NID_bf_ecb +NID_bf_ofb64 +NID_cast5_cbc +NID_cast5_cfb64 +NID_cast5_ecb +NID_cast5_ofb64 +NID_certBag +NID_certificate_policies +NID_client_auth +NID_code_sign +NID_commonName +NID_countryName +NID_crlBag +NID_crl_distribution_points +NID_crl_number +NID_crl_reason +NID_delta_crl +NID_des_cbc +NID_des_cfb64 +NID_des_ecb +NID_des_ede +NID_des_ede3 +NID_des_ede3_cbc +NID_des_ede3_cfb64 +NID_des_ede3_ofb64 +NID_des_ede_cbc +NID_des_ede_cfb64 +NID_des_ede_ofb64 +NID_des_ofb64 +NID_description +NID_desx_cbc +NID_dhKeyAgreement +NID_dnQualifier +NID_dsa +NID_dsaWithSHA +NID_dsaWithSHA1 +NID_dsaWithSHA1_2 +NID_dsa_2 +NID_email_protect +NID_ext_key_usage +NID_ext_req +NID_friendlyName +NID_givenName +NID_hmacWithSHA1 +NID_id_ad +NID_id_ce +NID_id_kp +NID_id_pbkdf2 +NID_id_pe +NID_id_pkix +NID_id_qt_cps +NID_id_qt_unotice +NID_idea_cbc +NID_idea_cfb64 +NID_idea_ecb +NID_idea_ofb64 +NID_info_access +NID_initials +NID_invalidity_date +NID_issuer_alt_name +NID_keyBag +NID_key_usage +NID_localKeyID +NID_localityName +NID_md2 +NID_md2WithRSAEncryption +NID_md5 +NID_md5WithRSA +NID_md5WithRSAEncryption +NID_md5_sha1 +NID_mdc2 +NID_mdc2WithRSA +NID_ms_code_com +NID_ms_code_ind +NID_ms_ctl_sign +NID_ms_efs +NID_ms_ext_req +NID_ms_sgc +NID_name +NID_netscape +NID_netscape_base_url +NID_netscape_ca_policy_url +NID_netscape_ca_revocation_url +NID_netscape_cert_extension +NID_netscape_cert_sequence +NID_netscape_cert_type +NID_netscape_comment +NID_netscape_data_type +NID_netscape_renewal_url +NID_netscape_revocation_url +NID_netscape_ssl_server_name +NID_ns_sgc +NID_organizationName +NID_organizationalUnitName +NID_pbeWithMD2AndDES_CBC +NID_pbeWithMD2AndRC2_CBC +NID_pbeWithMD5AndCast5_CBC +NID_pbeWithMD5AndDES_CBC +NID_pbeWithMD5AndRC2_CBC +NID_pbeWithSHA1AndDES_CBC +NID_pbeWithSHA1AndRC2_CBC +NID_pbe_WithSHA1And128BitRC2_CBC +NID_pbe_WithSHA1And128BitRC4 +NID_pbe_WithSHA1And2_Key_TripleDES_CBC +NID_pbe_WithSHA1And3_Key_TripleDES_CBC +NID_pbe_WithSHA1And40BitRC2_CBC +NID_pbe_WithSHA1And40BitRC4 +NID_pbes2 +NID_pbmac1 +NID_pkcs +NID_pkcs3 +NID_pkcs7 +NID_pkcs7_data +NID_pkcs7_digest +NID_pkcs7_encrypted +NID_pkcs7_enveloped +NID_pkcs7_signed +NID_pkcs7_signedAndEnveloped +NID_pkcs8ShroudedKeyBag +NID_pkcs9 +NID_pkcs9_challengePassword +NID_pkcs9_contentType +NID_pkcs9_countersignature +NID_pkcs9_emailAddress +NID_pkcs9_extCertAttributes +NID_pkcs9_messageDigest +NID_pkcs9_signingTime +NID_pkcs9_unstructuredAddress +NID_pkcs9_unstructuredName +NID_private_key_usage_period +NID_rc2_40_cbc +NID_rc2_64_cbc +NID_rc2_cbc +NID_rc2_cfb64 +NID_rc2_ecb +NID_rc2_ofb64 +NID_rc4 +NID_rc4_40 +NID_rc5_cbc +NID_rc5_cfb64 +NID_rc5_ecb +NID_rc5_ofb64 +NID_ripemd160 +NID_ripemd160WithRSA +NID_rle_compression +NID_rsa +NID_rsaEncryption +NID_rsadsi +NID_safeContentsBag +NID_sdsiCertificate +NID_secretBag +NID_serialNumber +NID_server_auth +NID_sha +NID_sha1 +NID_sha1WithRSA +NID_sha1WithRSAEncryption +NID_shaWithRSAEncryption +NID_stateOrProvinceName +NID_subject_alt_name +NID_subject_key_identifier +NID_surname +NID_sxnet +NID_time_stamp +NID_title +NID_undef +NID_uniqueIdentifier +NID_x509Certificate +NID_x509Crl +NID_zlib_compression +OCSP_RESPONSE_STATUS_INTERNALERROR +OCSP_RESPONSE_STATUS_MALFORMEDREQUEST +OCSP_RESPONSE_STATUS_SIGREQUIRED +OCSP_RESPONSE_STATUS_SUCCESSFUL +OCSP_RESPONSE_STATUS_TRYLATER +OCSP_RESPONSE_STATUS_UNAUTHORIZED +OPENSSL_BUILT_ON +OPENSSL_CFLAGS +OPENSSL_CPU_INFO +OPENSSL_DIR +OPENSSL_ENGINES_DIR +OPENSSL_FULL_VERSION_STRING +OPENSSL_INFO_CONFIG_DIR +OPENSSL_INFO_CPU_SETTINGS +OPENSSL_INFO_DIR_FILENAME_SEPARATOR +OPENSSL_INFO_DSO_EXTENSION +OPENSSL_INFO_ENGINES_DIR +OPENSSL_INFO_LIST_SEPARATOR +OPENSSL_INFO_MODULES_DIR +OPENSSL_INFO_SEED_SOURCE +OPENSSL_MODULES_DIR +OPENSSL_PLATFORM +OPENSSL_VERSION +OPENSSL_VERSION_MAJOR +OPENSSL_VERSION_MINOR +OPENSSL_VERSION_NUMBER +OPENSSL_VERSION_PATCH +OPENSSL_VERSION_STRING +RSA_3 +RSA_F4 +SSL2_MT_CLIENT_CERTIFICATE +SSL2_MT_CLIENT_FINISHED +SSL2_MT_CLIENT_HELLO +SSL2_MT_CLIENT_MASTER_KEY +SSL2_MT_ERROR +SSL2_MT_REQUEST_CERTIFICATE +SSL2_MT_SERVER_FINISHED +SSL2_MT_SERVER_HELLO +SSL2_MT_SERVER_VERIFY +SSL2_VERSION +SSL3_MT_CCS +SSL3_MT_CERTIFICATE +SSL3_MT_CERTIFICATE_REQUEST +SSL3_MT_CERTIFICATE_STATUS +SSL3_MT_CERTIFICATE_URL +SSL3_MT_CERTIFICATE_VERIFY +SSL3_MT_CHANGE_CIPHER_SPEC +SSL3_MT_CLIENT_HELLO +SSL3_MT_CLIENT_KEY_EXCHANGE +SSL3_MT_ENCRYPTED_EXTENSIONS +SSL3_MT_END_OF_EARLY_DATA +SSL3_MT_FINISHED +SSL3_MT_HELLO_REQUEST +SSL3_MT_KEY_UPDATE +SSL3_MT_MESSAGE_HASH +SSL3_MT_NEWSESSION_TICKET +SSL3_MT_NEXT_PROTO +SSL3_MT_SERVER_DONE +SSL3_MT_SERVER_HELLO +SSL3_MT_SERVER_KEY_EXCHANGE +SSL3_MT_SUPPLEMENTAL_DATA +SSL3_RT_ALERT +SSL3_RT_APPLICATION_DATA +SSL3_RT_CHANGE_CIPHER_SPEC +SSL3_RT_HANDSHAKE +SSL3_RT_HEADER +SSL3_RT_INNER_CONTENT_TYPE +SSL3_VERSION +SSLEAY_BUILT_ON +SSLEAY_CFLAGS +SSLEAY_DIR +SSLEAY_PLATFORM +SSLEAY_VERSION +SSL_CB_ACCEPT_EXIT +SSL_CB_ACCEPT_LOOP +SSL_CB_ALERT +SSL_CB_CONNECT_EXIT +SSL_CB_CONNECT_LOOP +SSL_CB_EXIT +SSL_CB_HANDSHAKE_DONE +SSL_CB_HANDSHAKE_START +SSL_CB_LOOP +SSL_CB_READ +SSL_CB_READ_ALERT +SSL_CB_WRITE +SSL_CB_WRITE_ALERT +SSL_ERROR_NONE +SSL_ERROR_SSL +SSL_ERROR_SYSCALL +SSL_ERROR_WANT_ACCEPT +SSL_ERROR_WANT_CONNECT +SSL_ERROR_WANT_READ +SSL_ERROR_WANT_WRITE +SSL_ERROR_WANT_X509_LOOKUP +SSL_ERROR_ZERO_RETURN +SSL_FILETYPE_ASN1 +SSL_FILETYPE_PEM +SSL_F_CLIENT_CERTIFICATE +SSL_F_CLIENT_HELLO +SSL_F_CLIENT_MASTER_KEY +SSL_F_D2I_SSL_SESSION +SSL_F_GET_CLIENT_FINISHED +SSL_F_GET_CLIENT_HELLO +SSL_F_GET_CLIENT_MASTER_KEY +SSL_F_GET_SERVER_FINISHED +SSL_F_GET_SERVER_HELLO +SSL_F_GET_SERVER_VERIFY +SSL_F_I2D_SSL_SESSION +SSL_F_READ_N +SSL_F_REQUEST_CERTIFICATE +SSL_F_SERVER_HELLO +SSL_F_SSL_CERT_NEW +SSL_F_SSL_GET_NEW_SESSION +SSL_F_SSL_NEW +SSL_F_SSL_READ +SSL_F_SSL_RSA_PRIVATE_DECRYPT +SSL_F_SSL_RSA_PUBLIC_ENCRYPT +SSL_F_SSL_SESSION_NEW +SSL_F_SSL_SESSION_PRINT_FP +SSL_F_SSL_SET_FD +SSL_F_SSL_SET_RFD +SSL_F_SSL_SET_WFD +SSL_F_SSL_USE_CERTIFICATE +SSL_F_SSL_USE_CERTIFICATE_ASN1 +SSL_F_SSL_USE_CERTIFICATE_FILE +SSL_F_SSL_USE_PRIVATEKEY +SSL_F_SSL_USE_PRIVATEKEY_ASN1 +SSL_F_SSL_USE_PRIVATEKEY_FILE +SSL_F_SSL_USE_RSAPRIVATEKEY +SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 +SSL_F_SSL_USE_RSAPRIVATEKEY_FILE +SSL_F_WRITE_PENDING +SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES +SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER +SSL_MODE_AUTO_RETRY +SSL_MODE_ENABLE_PARTIAL_WRITE +SSL_MODE_RELEASE_BUFFERS +SSL_NOTHING +SSL_OP_ALL +SSL_OP_ALLOW_NO_DHE_KEX +SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION +SSL_OP_CIPHER_SERVER_PREFERENCE +SSL_OP_CISCO_ANYCONNECT +SSL_OP_COOKIE_EXCHANGE +SSL_OP_CRYPTOPRO_TLSEXT_BUG +SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS +SSL_OP_ENABLE_MIDDLEBOX_COMPAT +SSL_OP_EPHEMERAL_RSA +SSL_OP_LEGACY_SERVER_CONNECT +SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER +SSL_OP_MICROSOFT_SESS_ID_BUG +SSL_OP_MSIE_SSLV2_RSA_PADDING +SSL_OP_NETSCAPE_CA_DN_BUG +SSL_OP_NETSCAPE_CHALLENGE_BUG +SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG +SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG +SSL_OP_NON_EXPORT_FIRST +SSL_OP_NO_ANTI_REPLAY +SSL_OP_NO_CLIENT_RENEGOTIATION +SSL_OP_NO_COMPRESSION +SSL_OP_NO_ENCRYPT_THEN_MAC +SSL_OP_NO_QUERY_MTU +SSL_OP_NO_RENEGOTIATION +SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION +SSL_OP_NO_SSL_MASK +SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 +SSL_OP_NO_TICKET +SSL_OP_NO_TLSv1 +SSL_OP_NO_TLSv1_1 +SSL_OP_NO_TLSv1_2 +SSL_OP_NO_TLSv1_3 +SSL_OP_PKCS1_CHECK_1 +SSL_OP_PKCS1_CHECK_2 +SSL_OP_PRIORITIZE_CHACHA +SSL_OP_SAFARI_ECDHE_ECDSA_BUG +SSL_OP_SINGLE_DH_USE +SSL_OP_SINGLE_ECDH_USE +SSL_OP_SSLEAY_080_CLIENT_DH_BUG +SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG +SSL_OP_TLSEXT_PADDING +SSL_OP_TLS_BLOCK_PADDING_BUG +SSL_OP_TLS_D5_BUG +SSL_OP_TLS_ROLLBACK_BUG +SSL_READING +SSL_RECEIVED_SHUTDOWN +SSL_R_BAD_AUTHENTICATION_TYPE +SSL_R_BAD_CHECKSUM +SSL_R_BAD_MAC_DECODE +SSL_R_BAD_RESPONSE_ARGUMENT +SSL_R_BAD_SSL_FILETYPE +SSL_R_BAD_SSL_SESSION_ID_LENGTH +SSL_R_BAD_STATE +SSL_R_BAD_WRITE_RETRY +SSL_R_CHALLENGE_IS_DIFFERENT +SSL_R_CIPHER_TABLE_SRC_ERROR +SSL_R_INVALID_CHALLENGE_LENGTH +SSL_R_NO_CERTIFICATE_SET +SSL_R_NO_CERTIFICATE_SPECIFIED +SSL_R_NO_CIPHER_LIST +SSL_R_NO_CIPHER_MATCH +SSL_R_NO_PRIVATEKEY +SSL_R_NO_PUBLICKEY +SSL_R_NULL_SSL_CTX +SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE +SSL_R_PEER_ERROR +SSL_R_PEER_ERROR_CERTIFICATE +SSL_R_PEER_ERROR_NO_CIPHER +SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE +SSL_R_PUBLIC_KEY_ENCRYPT_ERROR +SSL_R_PUBLIC_KEY_IS_NOT_RSA +SSL_R_READ_WRONG_PACKET_TYPE +SSL_R_SHORT_READ +SSL_R_SSL_SESSION_ID_IS_DIFFERENT +SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY +SSL_R_UNKNOWN_REMOTE_ERROR_TYPE +SSL_R_UNKNOWN_STATE +SSL_R_X509_LIB +SSL_SENT_SHUTDOWN +SSL_SESSION_ASN1_VERSION +SSL_SESS_CACHE_BOTH +SSL_SESS_CACHE_CLIENT +SSL_SESS_CACHE_NO_AUTO_CLEAR +SSL_SESS_CACHE_NO_INTERNAL +SSL_SESS_CACHE_NO_INTERNAL_LOOKUP +SSL_SESS_CACHE_NO_INTERNAL_STORE +SSL_SESS_CACHE_OFF +SSL_SESS_CACHE_SERVER +SSL_ST_ACCEPT +SSL_ST_BEFORE +SSL_ST_CONNECT +SSL_ST_INIT +SSL_ST_OK +SSL_ST_READ_BODY +SSL_ST_READ_HEADER +SSL_VERIFY_CLIENT_ONCE +SSL_VERIFY_FAIL_IF_NO_PEER_CERT +SSL_VERIFY_NONE +SSL_VERIFY_PEER +SSL_VERIFY_POST_HANDSHAKE +SSL_WRITING +SSL_X509_LOOKUP +TLS1_1_VERSION +TLS1_2_VERSION +TLS1_3_VERSION +TLS1_VERSION +TLSEXT_STATUSTYPE_ocsp +V_OCSP_CERTSTATUS_GOOD +V_OCSP_CERTSTATUS_REVOKED +V_OCSP_CERTSTATUS_UNKNOWN +X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT +X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS +X509_CHECK_FLAG_NEVER_CHECK_SUBJECT +X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS +X509_CHECK_FLAG_NO_WILDCARDS +X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS +X509_FILETYPE_ASN1 +X509_FILETYPE_DEFAULT +X509_FILETYPE_PEM +X509_PURPOSE_ANY +X509_PURPOSE_CRL_SIGN +X509_PURPOSE_NS_SSL_SERVER +X509_PURPOSE_OCSP_HELPER +X509_PURPOSE_SMIME_ENCRYPT +X509_PURPOSE_SMIME_SIGN +X509_PURPOSE_SSL_CLIENT +X509_PURPOSE_SSL_SERVER +X509_PURPOSE_TIMESTAMP_SIGN +X509_TRUST_COMPAT +X509_TRUST_EMAIL +X509_TRUST_OBJECT_SIGN +X509_TRUST_OCSP_REQUEST +X509_TRUST_OCSP_SIGN +X509_TRUST_SSL_CLIENT +X509_TRUST_SSL_SERVER +X509_TRUST_TSA +X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH +X509_V_ERR_AKID_SKID_MISMATCH +X509_V_ERR_APPLICATION_VERIFICATION +X509_V_ERR_CA_KEY_TOO_SMALL +X509_V_ERR_CA_MD_TOO_WEAK +X509_V_ERR_CERT_CHAIN_TOO_LONG +X509_V_ERR_CERT_HAS_EXPIRED +X509_V_ERR_CERT_NOT_YET_VALID +X509_V_ERR_CERT_REJECTED +X509_V_ERR_CERT_REVOKED +X509_V_ERR_CERT_SIGNATURE_FAILURE +X509_V_ERR_CERT_UNTRUSTED +X509_V_ERR_CRL_HAS_EXPIRED +X509_V_ERR_CRL_NOT_YET_VALID +X509_V_ERR_CRL_PATH_VALIDATION_ERROR +X509_V_ERR_CRL_SIGNATURE_FAILURE +X509_V_ERR_DANE_NO_MATCH +X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT +X509_V_ERR_DIFFERENT_CRL_SCOPE +X509_V_ERR_EE_KEY_TOO_SMALL +X509_V_ERR_EMAIL_MISMATCH +X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD +X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD +X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD +X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD +X509_V_ERR_EXCLUDED_VIOLATION +X509_V_ERR_HOSTNAME_MISMATCH +X509_V_ERR_INVALID_CA +X509_V_ERR_INVALID_CALL +X509_V_ERR_INVALID_EXTENSION +X509_V_ERR_INVALID_NON_CA +X509_V_ERR_INVALID_POLICY_EXTENSION +X509_V_ERR_INVALID_PURPOSE +X509_V_ERR_IP_ADDRESS_MISMATCH +X509_V_ERR_KEYUSAGE_NO_CERTSIGN +X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +X509_V_ERR_NO_EXPLICIT_POLICY +X509_V_ERR_NO_VALID_SCTS +X509_V_ERR_OCSP_CERT_UNKNOWN +X509_V_ERR_OCSP_VERIFY_FAILED +X509_V_ERR_OCSP_VERIFY_NEEDED +X509_V_ERR_OUT_OF_MEM +X509_V_ERR_PATH_LENGTH_EXCEEDED +X509_V_ERR_PATH_LOOP +X509_V_ERR_PERMITTED_VIOLATION +X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION +X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN +X509_V_ERR_STORE_LOOKUP +X509_V_ERR_SUBJECT_ISSUER_MISMATCH +X509_V_ERR_SUBTREE_MINMAX +X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 +X509_V_ERR_SUITE_B_INVALID_ALGORITHM +X509_V_ERR_SUITE_B_INVALID_CURVE +X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM +X509_V_ERR_SUITE_B_INVALID_VERSION +X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED +X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY +X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE +X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE +X509_V_ERR_UNABLE_TO_GET_CRL +X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT +X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY +X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE +X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +X509_V_ERR_UNNESTED_RESOURCE +X509_V_ERR_UNSPECIFIED +X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +X509_V_FLAG_ALLOW_PROXY_CERTS +X509_V_FLAG_CB_ISSUER_CHECK +X509_V_FLAG_CHECK_SS_SIGNATURE +X509_V_FLAG_CRL_CHECK +X509_V_FLAG_CRL_CHECK_ALL +X509_V_FLAG_EXPLICIT_POLICY +X509_V_FLAG_EXTENDED_CRL_SUPPORT +X509_V_FLAG_IGNORE_CRITICAL +X509_V_FLAG_INHIBIT_ANY +X509_V_FLAG_INHIBIT_MAP +X509_V_FLAG_LEGACY_VERIFY +X509_V_FLAG_NOTIFY_POLICY +X509_V_FLAG_NO_ALT_CHAINS +X509_V_FLAG_NO_CHECK_TIME +X509_V_FLAG_PARTIAL_CHAIN +X509_V_FLAG_POLICY_CHECK +X509_V_FLAG_POLICY_MASK +X509_V_FLAG_SUITEB_128_LOS +X509_V_FLAG_SUITEB_128_LOS_ONLY +X509_V_FLAG_SUITEB_192_LOS +X509_V_FLAG_TRUSTED_FIRST +X509_V_FLAG_USE_CHECK_TIME +X509_V_FLAG_USE_DELTAS +X509_V_FLAG_X509_STRICT +X509_V_OK +XN_FLAG_COMPAT +XN_FLAG_DN_REV +XN_FLAG_DUMP_UNKNOWN_FIELDS +XN_FLAG_FN_ALIGN +XN_FLAG_FN_LN +XN_FLAG_FN_MASK +XN_FLAG_FN_NONE +XN_FLAG_FN_OID +XN_FLAG_FN_SN +XN_FLAG_MULTILINE +XN_FLAG_ONELINE +XN_FLAG_RFC2253 +XN_FLAG_SEP_COMMA_PLUS +XN_FLAG_SEP_CPLUS_SPC +XN_FLAG_SEP_MASK +XN_FLAG_SEP_MULTILINE +XN_FLAG_SEP_SPLUS_SPC +XN_FLAG_SPC_EQ diff --git a/cpan/Net-SSLeay/helper_script/generate-test-pki b/cpan/Net-SSLeay/helper_script/generate-test-pki new file mode 100644 index 000000000000..b7213a999beb --- /dev/null +++ b/cpan/Net-SSLeay/helper_script/generate-test-pki @@ -0,0 +1,2092 @@ +#!/usr/bin/env perl + +use 5.008001; +use strict; +use warnings; + +use English qw( + $EVAL_ERROR $EXCEPTIONS_BEING_CAUGHT $EXECUTABLE_NAME $OS_ERROR $RS + -no_match_vars +); +use File::Basename qw(dirname); +use File::Spec::Functions qw( catfile splitpath ); +use File::Temp; +use Getopt::Long qw(GetOptionsFromArray); +use IPC::Run qw( start finish timeout ); + +our $VERSION = '1.92'; + +local $SIG{__DIE__} = sub { + my ($cause) = @_; + + if ($EXCEPTIONS_BEING_CAUGHT) { + return; + } + + print STDERR $cause, "\n"; + + exit 1; +}; + +my ( $args, $entities ) = eval { parse_options( \@ARGV ) } + or fatal( 'Error while parsing command line options', $EVAL_ERROR ); + +eval { + check_openssl_version( + { + min_version => '3.0.0-alpha7', + min_version_match => qr{^3\.(?!0\.0-alpha[1-6])}, + } + ); +} or fatal( 'OpenSSL minimum version check failed', $EVAL_ERROR ); + +my $tmp = eval { + File::Temp->newdir( + TEMPLATE => 'test-pki-XXXXXXXX', + TMPDIR => 1, + CLEANUP => 1, + ); +} or fatal( 'Could not create temporary working directory', $EVAL_ERROR ); + +my $pki_config = eval { pki_config() } + or fatal( 'Could not load PKI configuration file', $EVAL_ERROR ); + +my $pki_tree = eval { pki_tree() } + or fatal( 'Error while building PKI tree', $EVAL_ERROR ); + +generate_tree( + $pki_tree, + @{ $entities } + ? { map { $_ => 1 } @{ $entities } } + : undef +); + + +sub parse_options { + my ($argv) = @_; + + my $opts = { + 'config' => catfile( dirname(__FILE__), 'pki.cfg' ), + 'openssl-binary' => 'openssl', + 'output' => undef, + 'verbose' => 0, + }; + + GetOptionsFromArray( + $argv, + $opts, + 'config|c=s', + 'openssl-binary|b=s', + 'output|o=s', + 'verbose|v', + ); + + if ( !-e $opts->{config} ) { + fatal("PKI configuration file $opts->{config} does not exist"); + } + + if ( !defined $opts->{output} ) { + fatal("an output directory must be given"); + } + + if ( !-d $opts->{output} ) { + fatal("output directory $opts->{output} does not exist"); + } + + return wantarray + ? ( $opts, $argv ) + : $opts; +} + +sub pki_config { + open my $fh, '<:encoding(UTF-8)', $args->{config} + or fatal( $args->{config}, $OS_ERROR ); + + my $config = do { + local $RS = undef; + eval <$fh> + or do { + ( my $error = $EVAL_ERROR ) + =~ s{ at \(eval .+?\) }{ at $args->{config} }g; + + fatal( 'syntax error', $error ); + }; + }; + + close $fh; + + return $config; +} + +sub pki_tree { + my $children = {}; + my $tree = {}; + + for my $entity ( keys %{$pki_config} ) { + my $issuer = $pki_config->{$entity}->{cert}->{issuer}; + + if ( !exists $children->{$entity} ) { + $children->{$entity} = {}; + } + + if ( defined $issuer ) { + if ( !exists $pki_config->{$issuer} ) { + fatal("entity '$entity': issuer '$issuer' is not defined"); + } + + $children->{$issuer}->{$entity} = $children->{$entity}; + } + else { + $tree->{$entity} = $children->{$entity}; + } + } + + return $tree; +} + +sub openssl_config { + my (%tmpl) = @_; + + my $start = tell DATA; + + my $config = do { local $RS = undef; }; + + $config =~ s/\{\{ \s* (\w+) \s* \}\}/defined $tmpl{$1} ? $tmpl{$1} : ''/xeg; + + seek DATA, $start, 0; + + return $config; +} + +sub subject_string { + my (@rdns) = @_; + + my $string = q{}; + + while (@rdns) { + my ( $key, $value ) = ( shift @rdns, shift @rdns ); + + if ( !defined $key + || !defined $value ) + { + fatal('invalid key/value pair given in subject'); + } + + # Certain characters in an RDN value must be escaped + $value =~ s{([,\#+<>;"=/])}{\\$1}g; + + # Any leading space in an RDN value must be escaped + $value =~ s{^ }{\\ }; + + $string .= "/$key=$value"; + } + + return $string; +} + +sub time_string { + my ($time) = @_; + + if ( $time !~ m{^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$} ) { + fatal('invalid timestamp'); + } + + $time =~ s/[^\d]//g; + $time =~ s/Z$//; + + return $time . 'Z'; +} + +sub short_time_string { + my ($time) = @_; + + ( $time = time_string($time) ) =~ s/^\d{2}//; + + return $time; +} + +sub extensions_section { + my ($exts) = @_; + + my @section; + + for my $ext ( sort keys %{$exts} ) { + push @section, + sprintf '%s = %s', + $ext, + ref $exts->{$ext} eq 'ARRAY' + ? join ',', @{ $exts->{$ext} } + : $exts->{$ext}; + } + + return join "\n", @section; +} + +sub issuer_chain { + my ( $entity, $opts ) = @_; + + my @chain = ($entity); + + while ( defined $pki_config->{$entity}->{cert}->{issuer} ) { + push @chain, $pki_config->{$entity}->{cert}->{issuer}; + + $entity = $pki_config->{$entity}->{cert}->{issuer}; + } + + return \@chain; +} + +sub generate_tree { + my ( $tree, $entities ) = @_; + + for my $root ( sort keys %{$tree} ) { + if ( defined $entities ) { + if ( exists $entities->{$root} ) { + for my $child ( keys %{ $tree->{$root} } ) { + $entities->{$child} = 1; + } + + generate_entity( $root, $entities ) + or return 0; + } + + generate_tree( $tree->{$root}, $entities ) + or return 0; + } + else { + generate_entity($root) + or return 0; + + generate_tree( $tree->{$root} ) + or return 0; + } + } + + return 1; +} + +sub generate_entity { + my ($entity) = @_; + + print "Generating PKI for entity '$entity'\n"; + + my $entity_cfg = $pki_config->{$entity}; + my $entity_root = catfile( $args->{output}, $entity ); + + if ( !-e "$entity_root.key.pem" ) { + print "\tPEM key: $entity_root.key.pem\n"; + + eval { + generate_key( + "$entity_root.key.pem", + { + algorithm => $entity_cfg->{key}->{algorithm}, + size => $entity_cfg->{key}->{size}, + } + ) + } or fatal( "Could not generate '$entity_root.key.pem'", $EVAL_ERROR ); + + print "\tEncrypted PEM key: $entity_root.key.enc.pem\n"; + + eval { + convert_key( + "$entity_root.key.pem", + "$entity_root.key.enc.pem", + { + ( + exists $entity_cfg->{key}->{passphrase} + ? ( passphrase => $entity_cfg->{key}->{passphrase} ) + : () + ) + } + ) + } or fatal( "Could not generate '$entity_root.key.enc.pem'", + $EVAL_ERROR ); + + print "\tDER key: $entity_root.key.der\n"; + + eval { + convert_key( + "$entity_root.key.pem", + "$entity_root.key.der", + { + format => 'der', + } + ); + } or fatal( "Could not generate '$entity_root.key.der'", $EVAL_ERROR ); + + print "\tEncrypted DER key: $entity_root.key.enc.der\n"; + + eval { + convert_key( + "$entity_root.key.pem", + "$entity_root.key.enc.der", + { + format => 'der', + passphrase => 'test', + } + ); + } or fatal( "Could not generate '$entity_root.key.enc.der'", + $EVAL_ERROR ); + } + + print "\tPEM CSR: $entity_root.csr.pem\n"; + + eval { + generate_csr( + "$entity_root.key.pem", + "$entity_root.csr.pem", + { + md_algorithm => $entity_cfg->{csr}->{md_algorithm}, + subject => $entity_cfg->{cert}->{subject}, + } + ); + } or fatal( "Could not generate '$entity_root.csr.pem'", $EVAL_ERROR ); + + print "\tDER CSR: $entity_root.csr.der\n"; + + eval { + convert_csr( + "$entity_root.csr.pem", + "$entity_root.csr.der", + { + format => 'der', + } + ); + } or fatal( "Could not generate '$entity_root.csr.der'", $EVAL_ERROR ); + + print "\tPEM certificate: $entity_root.cert.pem\n"; + + my $issuer_root = defined $entity_cfg->{cert}->{issuer} + ? catfile( $args->{output}, $entity_cfg->{cert}->{issuer} ) + : $entity_root; + + my $issuer_cfg = defined $entity_cfg->{cert}->{issuer} + ? $pki_config->{ $entity_cfg->{cert}->{issuer} } + : undef; + + my @issuer_opts = defined $entity_cfg->{cert}->{issuer} + ? ( + issuer_cert_path => "$issuer_root.cert.pem", + ) + : (); + + eval { + my $valid_from = time_string( $entity_cfg->{cert}->{valid_from} ) + or fatal( 'valid_from', $EVAL_ERROR ); + + my $valid_until = time_string( $entity_cfg->{cert}->{valid_until} ) + or fatal( 'valid_until', $EVAL_ERROR ); + + generate_cert( + "$entity_root.csr.pem", + "$issuer_root.key.pem", + "$entity_root.cert.pem", + { + extensions => $entity_cfg->{cert}->{extensions}, + md_algorithm => $entity_cfg->{cert}->{md_algorithm}, + purpose => $entity_cfg->{cert}->{purpose}, + serial => $entity_cfg->{cert}->{serial}, + valid_from => $valid_from, + valid_until => $valid_until, + @issuer_opts, + } + ); + } or fatal( "Could not generate '$entity_root.cert.pem'", $EVAL_ERROR ); + + print "\tDER certificate: $entity_root.cert.der\n"; + + eval { + convert_cert( + "$entity_root.cert.pem", + "$entity_root.cert.der", + { + format => 'der', + } + ); + } or fatal( "Could not generate '$entity_root.cert.der'", $EVAL_ERROR ); + + print "\tCertificate info: $entity_root.cert.dump\n"; + + eval { + dump_cert_info( + "$entity_root.cert.pem", + "$entity_root.cert.dump" + ); + } or fatal( "Could not generate '$entity_root.cert.dump'", $EVAL_ERROR ); + + print "\tPEM certificate chain: $entity_root.certchain.pem\n"; + + eval { + generate_cert_chain( + [ + map + { catfile( $args->{output}, "$_.cert.pem" ) } + @{ issuer_chain( $entity ) } + ], + "$entity_root.certchain.pem" + ); + } or fatal( "Could not generate '$entity_root.certchain.pem'", + $EVAL_ERROR ); + + print "\tDER certificate chain: $entity_root.certchain.der\n"; + + eval { + generate_cert_chain( + [ + map + { catfile( $args->{output}, "$_.cert.der" ) } + @{ issuer_chain( $entity ) } + ], + "$entity_root.certchain.der" + ) + } or fatal( "Could not generate '$entity_root.certchain.der'", + $EVAL_ERROR ); + + if ( exists $entity_cfg->{cert}->{revoke_reason} ) { + print "\tPEM CRL for signing entity: $issuer_root.crl.pem\n"; + + eval { + revoke_cert( + "$entity_root.cert.pem", + "$issuer_root.key.pem", + "$issuer_root.cert.pem", + "$issuer_root.crl.pem", + { + crl_last_update => $issuer_cfg->{crl}->{last_update}, + crl_md_algorithm => $issuer_cfg->{crl}->{md_algorithm}, + crl_next_update => $issuer_cfg->{crl}->{next_update}, + crl_number => $issuer_cfg->{crl}->{number}, + reason => $entity_cfg->{cert}->{revoke_reason}, + time => $entity_cfg->{cert}->{revoke_time}, + } + ); + } or fatal( "Could not generate '$issuer_root.crl.pem'", $EVAL_ERROR ); + + print "\tDER CRL for signing entity: $issuer_root.crl.der\n"; + + eval { + convert_crl( + "$issuer_root.crl.pem", + "$issuer_root.crl.der", + { + format => 'der', + } + ); + } or fatal( "Could not generate '$issuer_root.crl.der'", $EVAL_ERROR ); + } + + my @extra_certs = map + { catfile( $args->{output}, "$_.cert.pem" ) } + @{ issuer_chain( $entity ) }; + + # The certificate for this entity is at the start of the chain, but we just + # want the certificates in the issuer chain + shift @extra_certs; + + my @extra_certs_opts = @extra_certs + ? ( + extra_certs => \@extra_certs, + ) + : (); + + print "\tPKCS#12 archive: $entity_root.p12\n"; + + eval { + generate_pkcs12( + "$entity_root.key.pem", + "$entity_root.cert.pem", + "$entity_root.p12", + { + name => "$entity: unencrypted, no certificate chain", + } + ); + } or fatal( "Could not generate '$entity_root.p12'", $EVAL_ERROR ); + + print "\tPKCS#12 archive with certificate chain: ", + "$entity_root.certchain.p12\n"; + + eval { + generate_pkcs12( + "$entity_root.key.pem", + "$entity_root.cert.pem", + "$entity_root.certchain.p12", + { + name => "$entity: unencrypted, certificate chain", + @extra_certs_opts, + } + ); + } or fatal( "Could not generate '$entity_root.certchain.p12'", + $EVAL_ERROR ); + + print "\tEncrypted PKCS#12 archive: $entity_root.enc.p12\n"; + + eval { + generate_pkcs12( + "$entity_root.key.pem", + "$entity_root.cert.pem", + "$entity_root.enc.p12", + { + name => "$entity: encrypted, no certificate chain", + passphrase => $entity_cfg->{pkcs12}->{passphrase}, + } + ); + } or fatal( "Could not generate '$entity_root.enc.p12'", $EVAL_ERROR ); + + print "\tEncrypted PKCS#12 archive with certificate chain: ", + "$entity_root.certchain.enc.p12\n"; + + eval { + generate_pkcs12( + "$entity_root.key.pem", + "$entity_root.cert.pem", + "$entity_root.certchain.enc.p12", + { + name => "$entity: encrypted, certificate chain", + passphrase => $entity_cfg->{pkcs12}->{passphrase}, + @extra_certs_opts, + } + ); + } or fatal( "Could not generate '$entity_root.certchain.enc.p12'", + $EVAL_ERROR ); + + return 1; +} + +sub generate_key { + my ( $out_key_path, $params ) = @_; + + my $algorithms = { + 'ec' => { + openssl_name => 'EC', + }, + 'ed25519' => { + openssl_name => 'ED25519', + }, + 'ed448' => { + openssl_name => 'ED448', + }, + 'rsa' => { + openssl_name => 'RSA', + size_param => 'rsa_keygen_bits', + }, + 'rsa-pss' => { + openssl_name => 'RSA-PSS', + size_param => 'rsa_keygen_bits', + }, + 'x25519' => { + openssl_name => 'X25519', + }, + 'x448' => { + openssl_name => 'X448', + }, + }; + + if ( !exists $params->{algorithm} ) { + fatal('missing key algorithm'); + } + + if ( !exists $algorithms->{ $params->{algorithm} } ) { + fatal("unknown key algorithm '$params->{algorithm}'"); + } + + my $algorithm = $algorithms->{ $params->{algorithm} }; + my @genpkey_opts; + + if ( exists $algorithm->{size_param} ) { + if ( !exists $params->{size} ) { + fatal("key algorithm '$params->{algorithm}' requires a key size"); + } + + @genpkey_opts = ( + '-pkeyopt', "$algorithm->{size_param}:$params->{size}" + ); + } + + # "openssl genpkey" exports keys in PKCS#8 format (which isn't recognised by + # OpenSSL 0.9.8), and there's no way to export in traditional SSLeay format + # directly - write the PKCS#8-formatted key to a temporary file, and then + # use "openssl pkey" to convert it to SSLeay format + my $out_key_name = ( splitpath($out_key_path) )[2]; + my $tmp_key_path = catfile( $tmp->dirname(), $out_key_name ); + + openssl_cmd( + [ + 'genpkey', + '-out', $tmp_key_path, + '-algorithm', $algorithm->{openssl_name}, + @genpkey_opts, + ] + ); + + return openssl_cmd( + [ + 'pkey', + '-in', $tmp_key_path, + '-out', $out_key_path, + '-traditional', + ] + ); +} + +sub convert_key { + my ( $in_key_path, $out_key_path, $params ) = @_; + + my $formats = { + pem => 'PEM', + der => 'DER', + }; + + ( my $in_format = $in_key_path ) =~ s{.*\.}{}; + + my $out_format = delete $params->{format} || 'pem'; + + if ( !exists $formats->{$in_format} ) { + fatal("unknown key input format '$in_format'"); + } + + if ( !exists $formats->{$out_format} ) { + fatal("unknown key output format '$out_format'"); + } + + my @encrypt_opts = exists $params->{passphrase} + ? ( + '-aes128', + '-passout', 'stdin', + ) + : (); + + return openssl_cmd( + [ + 'pkey', + '-in', $in_key_path, + '-inform', $formats->{$in_format}, + '-out', $out_key_path, + '-outform', $formats->{$out_format}, + '-traditional', + @encrypt_opts, + ], + $params->{passphrase} + ); +} + +sub generate_csr { + my ( $in_key_path, $out_csr_path, $params ) = @_; + + my $formats = { + pem => 'PEM', + der => 'DER', + }; + + my $format = delete $params->{format} || 'pem'; + + if ( !exists $formats->{$format} ) { + fatal("unknown CSR output format '$format'"); + } + + if ( !exists $params->{md_algorithm} ) { + fatal('missing message digest algorithm'); + } + + my $digest_opt = '-' . $params->{md_algorithm}; + + return openssl_cmd( + [ + 'req', + '-config', '-', + '-new', + '-key', $in_key_path, + '-out', $out_csr_path, + '-outform', $formats->{$format}, + '-subj', subject_string( @{ $params->{subject} } ), + '-multivalue-rdn', + $digest_opt, + ], + openssl_config() + ); +} + +sub convert_csr { + my ( $in_csr_path, $out_csr_path, $params ) = @_; + + my $formats = { + pem => 'PEM', + der => 'DER', + }; + + ( my $in_format = $in_csr_path ) =~ s{.*\.}{}; + + my $out_format = delete $params->{format} || 'pem'; + + if ( !exists $formats->{$in_format} ) { + fatal("unknown CSR input format '$in_format'"); + } + + if ( !exists $formats->{$out_format} ) { + fatal("unknown CSR output format '$out_format'"); + } + + return openssl_cmd( + [ + 'req', + '-in', $in_csr_path, + '-inform', $formats->{$in_format}, + '-out', $out_csr_path, + '-outform', $formats->{$out_format}, + ] + ); +} + +sub generate_cert { + my ( $in_csr_path, $issuer_key_path, $out_cert_path, $params ) = @_; + + if ( !exists $params->{md_algorithm} ) { + fatal('missing message digest algorithm'); + } + + my @signing_opts = exists $params->{issuer_cert_path} + ? ( + '-cert', $params->{issuer_cert_path}, + ) + : ( + '-selfsign', + '-cert', 'ignored', + ); + + my $tmp_root = do { + my $file = ( splitpath($issuer_key_path) )[2]; + + $file =~ s/(?:\.key)?\.(?:pem|der)$//; + + my $dir = catfile( $tmp->dirname(), $file ); + + if ( !-d $dir ) { + mkdir $dir + or fatal( "could not create directory $dir", $OS_ERROR ); + } + + $dir; + }; + + my $serial_file = catfile( $tmp_root, 'serial' ); + open my $serial_fh, '>', $serial_file + or fatal( "could not write serial file $serial_file", $OS_ERROR ); + printf {$serial_fh} '%02x', $params->{serial}; + close $serial_fh; + + my $db_file = catfile( $tmp_root, 'db' ); + open my $db_fh, '>>', $db_file + or fatal( "could not touch database file $db_file", $OS_ERROR ); + close $db_fh; + + return openssl_cmd( + [ + 'ca', + '-verbose', + '-batch', + '-config', '-', + '-name', 'ca_conf', + '-in', $in_csr_path, + '-out', $out_cert_path, + '-keyfile', $issuer_key_path, + '-startdate', $params->{valid_from}, + '-enddate', $params->{valid_until}, + '-md', $params->{md_algorithm}, + '-extensions', 'exts_' . $params->{purpose}, + '-notext', + '-utf8', + '-multivalue-rdn', + @signing_opts, + ], + openssl_config( + extensions => ( + exists $params->{extensions} + ? extensions_section( $params->{extensions} ) + : q{} + ), + certs_path => $tmp_root, + database_path => $db_file, + serial_path => $serial_file, + ) + ); +} + +sub convert_cert { + my ( $in_cert_path, $out_cert_path, $params ) = @_; + + my $formats = { + pem => 'PEM', + der => 'DER', + }; + + ( my $in_format = $in_cert_path ) =~ s{.*\.}{}; + + my $out_format = delete $params->{format} || 'pem'; + + if ( !exists $formats->{$in_format} ) { + fatal("unknown certificate input format '$in_format'"); + } + + if ( !exists $formats->{$out_format} ) { + fatal("unknown certificate output format '$out_format'"); + } + + return openssl_cmd( + [ + 'x509', + '-in', $in_cert_path, + '-inform', $formats->{$in_format}, + '-out', $out_cert_path, + '-outform', $formats->{$out_format}, + ] + ); +} + +sub dump_cert_info { + my ( $in_cert_path, $out_dump_path ) = @_; + + my $cwd = dirname(__FILE__); + + open my $out_fh, '>', $out_dump_path + or fatal( "could not write $out_dump_path", $OS_ERROR ); + + my $run = eval { + start( + [ + $EXECUTABLE_NAME, + catfile( $cwd, '..', 'examples', 'x509_cert_details.pl' ), + '-dump', + '-pem', $in_cert_path + ], + '>', + sub { + print {$out_fh} $_[0]; + }, + '2>', + sub { + if ( $args->{verbose} ) { + printf "[x509_cert_details.pl stderr] %s\n", $_[0]; + } + } + ); + } or fatal( 'could not run examples/x509_cert_details.pl', $EVAL_ERROR ); + + $run->finish(); + + close $out_fh; + + if ( $run->result() != 0 ) { + fatal( 'examples/x509_cert_details.pl exited with exit code ' + . $run->result() ); + } + + return 1; +} + +sub generate_cert_chain { + my ( $in_cert_paths, $out_cert_path ) = @_; + + open my $out_fh, '>', $out_cert_path + or fatal( "could not write certificate chain file $out_cert_path", + $OS_ERROR ); + + for my $in ( @{$in_cert_paths} ) { + open my $in_fh, '<', $in + or fatal( "could not read certificate file $in", $OS_ERROR ); + + my $cert = do { local $RS = undef; <$in_fh> }; + + print {$out_fh} $cert; + + close $in_fh; + } + + close $out_fh; + + return 1; +} + +sub revoke_cert { + my ( $in_cert_path, $issuer_key_path, $issuer_cert_path, $out_crl_path, + $params ) = @_; + + my $tmp_root = do { + my ( undef, undef, $file ) = splitpath($issuer_key_path); + + $file =~ s/(?:\.key)?\.(?:pem|der)$//; + + my $dir = catfile( $tmp->dirname(), $file ); + + if ( !-d $dir ) { + mkdir $dir + or fatal( "could not create directory $dir", $OS_ERROR ); + } + + $dir; + }; + + my $serial_file = catfile( $tmp_root, 'serial' ); + + my ( $stdout, $stderr ) = openssl_cmd( + [ + 'x509', + '-in', $in_cert_path, + '-noout', + '-serial', + ] + ); + + ( my $in_cert_serial = join "\n", @{$stdout} ) =~ s/^serial=//; + + if ( $in_cert_serial !~ /^[\da-f]+$/i ) { + fatal('could not get serial number for revoked certificate'); + } + + my $db_file = catfile( $tmp_root, 'db' ); + open my $db_fh, '<', $db_file + or fatal( "could not read database file $db_file", $OS_ERROR ); + + my @entries; + + while ( defined( my $entry = <$db_fh> ) ) { + chomp $entry; + my @fields = split /\t/, $entry; + + if ( $fields[3] eq $in_cert_serial ) { + $fields[0] = 'R'; + $fields[2] = short_time_string( $params->{time} ); + + if ( defined $params->{reason} ) { + $fields[2] .= ',' . $params->{reason}; + } + } + + push @entries, join "\t", @fields; + } + + close $db_fh; + + open $db_fh, '>', $db_file + or fatal( "could not write database file $db_file", $OS_ERROR ); + + for my $entry (@entries) { + print {$db_fh} $entry, "\n"; + } + + close $db_fh; + + my $crl_number_file = catfile( $tmp_root, 'crl_number' ); + open my $crl_number_fh, '>', $crl_number_file + or fatal( "could not write CRL number file $crl_number_file", $OS_ERROR ); + printf {$crl_number_fh} '%02x', $params->{crl_number}; + close $crl_number_fh; + + return openssl_cmd( + [ + 'ca', + '-verbose', + '-batch', + '-gencrl', + '-config', '-', + '-name', 'ca_conf', + '-keyfile', $issuer_key_path, + '-cert', $issuer_cert_path, + '-out', $out_crl_path, + '-crl_lastupdate', time_string( $params->{crl_last_update} ), + '-crl_nextupdate', time_string( $params->{crl_next_update} ), + '-md', $params->{crl_md_algorithm}, + ], + openssl_config( + certs_path => $tmp_root, + crl_number_path => $crl_number_file, + database_path => $db_file, + serial_path => $serial_file, + ) + ); +} + +sub convert_crl { + my ( $in_crl_path, $out_crl_path, $params ) = @_; + + my $formats = { + pem => 'PEM', + der => 'DER', + }; + + ( my $in_format = $in_crl_path ) =~ s{.*\.}{}; + + my $out_format = delete $params->{format} || 'pem'; + + if ( !exists $formats->{$in_format} ) { + fatal("unknown CRL input format '$in_format'"); + } + + if ( !exists $formats->{$out_format} ) { + fatal("unknown CRL output format '$out_format'"); + } + + return openssl_cmd( + [ + 'crl', + '-in', $in_crl_path, + '-inform', $formats->{$in_format}, + '-out', $out_crl_path, + '-outform', $formats->{$out_format}, + ] + ); +} + +sub generate_pkcs12 { + my ( $in_key_path, $in_cert_path, $out_p12_path, $params ) = @_; + + my $cert_chain_path; + + if ( exists $params->{extra_certs} ) { + my ( undef, undef, $file ) = splitpath($in_key_path); + + $file =~ s/(?:\.key)?\.(?:pem|der)$//; + + my $dir = catfile( $tmp->dirname(), $file ); + + if ( !-d $dir ) { + mkdir $dir + or fatal( 'could not create directory $dir', $OS_ERROR ); + } + + $cert_chain_path = catfile( $dir, 'pkcs12_cert_chain.pem' ); + + generate_cert_chain( + $params->{extra_certs}, + $cert_chain_path + ); + } + + my @name_opt = exists $params->{name} + ? ( + '-name', $params->{name}, + ) + : (); + + my @cert_opt = exists $params->{extra_certs} + ? ( + '-certfile', $cert_chain_path, + ) + : (); + + my @encrypt_opts = exists $params->{passphrase} + ? ( + '-passout', 'stdin', + '-keypbe', 'pbeWithSHA1And3-KeyTripleDES-CBC', + '-certpbe', 'pbeWithSHA1And3-KeyTripleDES-CBC', + ) + : ( + '-passout', 'pass:', + '-keypbe', 'NONE', + '-certpbe', 'NONE', + '-nomaciter', + ); + + return openssl_cmd( + [ + 'pkcs12', + '-export', + '-inkey', $in_key_path, + '-in', $in_cert_path, + '-out', $out_p12_path, + '-rand', $in_key_path, + '-no-CAfile', + '-no-CApath', + @name_opt, + @cert_opt, + @encrypt_opts, + ], + $params->{passphrase} + ); +} + +sub check_openssl_version { + my ($params) = @_; + + my $min_version = delete $params->{min_version} + or fatal('missing minimum OpenSSL version'); + + my $min_version_match = delete $params->{min_version_match} + or fatal('missing minimum OpenSSL version regex'); + + my ( $stdout, $stderr ); + + my $run = eval { + start( + [ 'openssl', 'version' ], + \undef, + \$stdout, + \$stderr, + timeout( 3 ) + ); + } or fatal( "could not run `openssl version`", $EVAL_ERROR ); + + $run->finish(); + + if ( $run->result() != 0 ) { + fatal( "`openssl version` exited with exit code " . $run->result() ); + } + + my ($openssl_version) = $stdout =~ m{^OpenSSL (.+?) } + or fatal("`openssl` is not the OpenSSL command line utility"); + + if ( $openssl_version !~ $min_version_match ) { + fatal( "OpenSSL >= $min_version required, but `openssl` is version " + . $openssl_version ); + } + + my $net_ssleay_version = eval { + use Net::SSLeay; + Net::SSLeay::SSLeay_version( Net::SSLeay::SSLEAY_VERSION() ); + } or fatal( 'could not load Net::SSLeay', $EVAL_ERROR ); + + ($net_ssleay_version) = $net_ssleay_version =~ m{^OpenSSL (.+?) } + or fatal('Net::SSLeay was not built against OpenSSL'); + + if ( $net_ssleay_version !~ $min_version_match ) { + fatal( "Net::SSLeay must be built against OpenSSL >= $min_version, but " + . "it is built against version $net_ssleay_version" ); + } + + return 1; +} + +sub openssl_cmd { + my ( $opts, $stdin ) = @_; + + my $wantarray = wantarray; + + my $stdout = []; + my $stderr = []; + + my $print = sub { + my ( $prefix, $data ) = @_; + + for my $line ( split /\r?\n/, $data ) { + printf "[OpenSSL %s] %s\n", $prefix, $line; + } + }; + + if ( $args->{verbose} ) { + print "Running `openssl ", join( q{ }, @{$opts} ), "`\n"; + } + + my $cmd = [ 'openssl', @{$opts} ]; + my $cmd_string = join ' ', @{$cmd}; + + my $run = eval { + start( + $cmd, + \$stdin, + sub { + if ($wantarray) { + chomp $_[0]; + push @{$stdout}, $_[0]; + } + elsif ( $args->{verbose} ) { + $print->( 'stdout', $_[0] ); + } + }, + sub { + if ($wantarray) { + chomp $_[0]; + push @{$stderr}, $_[0]; + } + elsif ( $args->{verbose} ) { + $print->( 'stderr', $_[0] ); + } + } + ); + } or fatal( "failed to run `$cmd_string`", $EVAL_ERROR ); + + $run->finish(); + + if ( $run->result() != 0 ) { + fatal( "`$cmd_string` exited with exit code " . $run->result() ); + } + + return $wantarray + ? ( $stdout, $stderr ) + : 1; +} + +sub fatal { + my ( $message, $cause ) = @_; + + die Error->new( $message, $cause ); +} + +package Error; + +use overload ( + q{""} => sub { + my ($self) = @_; + + return defined $self->{cause} + ? "$self->{message}: $self->{cause}" + : $self->{message}; + }, + fallback => 1, +); + +sub new { + my ( $class, $message, $cause ) = @_; + + return bless { + message => $message, + cause => $cause, + }, $class; +} + +package main; + +=pod + +=encoding utf-8 + +=head1 NAME + +C - Generate a PKI for the Net-SSLeay test suite + +=head1 VERSION + +This document describes version 1.92 of C. + +=head1 USAGE + + # With openssl >= 3.0.0-alpha7 in PATH, and a version of Net::SSLeay built + # against OpenSSL >= 3.0.0-alpha7 in PERL5LIB: + generate-test-pki \ + -c pki.cfg \ + -o pki-output-dir + +=head1 DESCRIPTION + +The Net-SSLeay test suite relies on a dummy X.509 public key infrastructure +(PKI). Occasionally, this PKI needs to be modified - for example, to add a +certificate with certain properties when writing a new test - but maintaining it +by hand is time-consuming, difficult, and error-prone. + +C simplifies maintenance of the PKI by generating it from +scratch using the OpenSSL command line utility, based on the structure defined +in a simple configuration file. The files it generates can then be used in +Net-SSLeay test scripts. + +=head1 DEPENDENCIES + +C requires at least version 3.0.0-alpha7 of the OpenSSL +command line utility to be present either in I as C or at the +path given by the B<-b> option (see L). Additionally, the first +occurrance of Net::SSLeay in I must be built against at least version +3.0.0-alpha7 of OpenSSL. + +LibreSSL is not supported, since its command line utility lacks some of the +functionality relied on by this program. + +=head1 OPTIONS + +C accepts the following command line options: + +=over 4 + +=item * + +B<-b I>, B<--openssl-binary=I>: the path to the OpenSSL binary to +invoke when performing PKI generation operations. Defaults to C (i.e. +the first occurrence of C in I). + +=item * + +B<-c I>, B<--config=I>: the path to the configuration file defining +the PKI to generate. See L for a description of the expected +format. + +=item * + +B<-o I>, B<--output=I>: the path to the directory to which the PKI's +files (see L) will be written. The directory must already exist. +Existing files whose names collide with files written by this program will be +overwritten without warning; other existing files will be left alone. + +=item * + +B<-v>, B<--verbose>: show the output of C and +C when they are invoked. + +=back + +=head1 CONFIGURATION + +The configuration file is an anonymous Perl hash whose keys define the names of +the PKI's entities and whose values define each entity's properties: + + { + 'entity-name' => { + 'key' => { ... }, # Private key properties + 'csr' => { ... }, # Certificate signing request (CSR) properties + 'cert' => { ... }, # Certificate properties + 'pkcs12' => { ... }, # PKCS#12 archive properties + 'crl' => { ... }, # Certificate revocation list (CRL) properties + # (optional; for CA entities only) + }, + ... + } + +=head2 key + +An anonymous hash defining properties relating to the entity's private key. + +Valid keys: + +=over 4 + +=item * + +B: the public key algorithm to use when generating the private key. +Must be one of C, C, C, C, C, C, or +C. + +=item * + +B: the passphrase under which to encrypt the private key. Used only +when generating encrypted forms of the key. + +=item * + +B: the size of the public key to generate, in bits. Used only when +B is C, C, or C. + +=back + +=head2 csr + +An anonymous hash defining properties relating to the entity's PKCS#10 +certificate signing request (CSR). The value of the B key in L +will be used to generate a subject name for the CSR. + +Valid keys: + +=over 4 + +=item * + +B: the message digest algorithm used to sign the CSR. May be any +value supported by C; commonly-supported values include C, +C, and C. + +=back + +=head2 cert + +An anonymous hash defining properties relating to the entity's X.509 v3 +certificate. + +Valid keys: + +=over 4 + +=item * + +B: optional; an anonymous hash defining the X.509 v3 extensions that +should be specified in the certificate. Keys are expected to be extension field +names as they appear in L, and values are expected to be +either strings or anonymous arrays of strings (whose elements will be +concatenated and delimited with commas), e.g.: + + { + basicConstraints => 'critical,CA:false', + certificatePolicies => [ '1.2.3', '4.5.6' ], # Becomes '1.2.3,4.5.6' + } + +=item * + +B: a top-level key denoting the entity that should sign this +certificate. If undefined, the entity's certificate will be self-signed. + +=item * + +B: the message digest algorithm used to sign the certificate. May +be any value supported by C; commonly-supported values include +C, C, and C. + +=item * + +B: a string describing the purpose of the certificate. The value given +here will define reasonable values for the I, I, +I, and/or I X.509 v3 extension fields. +Must be one of C, C, C, C, or C (in which +case no default values will be defined for any of the aforementioned fields, +allowing for complete control of the fields that appear in the certificate via +the B key). + +=item * + +B: optional; the reason for revoking the certificate. Must be one +of C, C, C, +C, C, C, or C. + +=item * + +B: optional; a timestamp string in I format +denoting the time at which the certificate was revoked, in the UTC time zone. +Must be specified if B is specified. + +=item * + +B: a decimal integer denoting the certificate's serial number. Must be +unique among the serial numbers of all certificates issued by the entity given +in B. + +=item * + +B: an anonymous array denoting the certificate's subject name; elements +are expected to alternate between field names in either short or long format and +values for those fields, e.g.: + + [ + C => 'PL', + O => 'Net-SSLeay', + OU => 'Test Suite', + commonName => 'test.net-ssleay.example', + ] + +The order of the fields is preserved when generating the Distinguished Name +string. + +=item * + +B: a timestamp string in I format denoting the +time from which the certificate is valid, in the UTC time zone. + +=item * + +B: a timestamp string in I format denoting the +time until which the certificate is valid, in the UTC time zone. + +=back + +=head2 pkcs12 + +An anonymous hash defining properties relating to the entity's PKCS#12 archives. + +Valid keys: + +=over 4 + +=item * + +B: the passphrase under which to encrypt the private key stored in +the archive. Used only when generating archives that contain encrypted forms of +the private key. + +=back + +=head2 crl + +An anonymous hash defining properties relating to the entity's certificate +revocation list (CRL). Only used when the entity is a certificate authority and +at least one of the certificates it issues requires revocation. + +Valid keys: + +=over 4 + +=item * + +B: a timestamp string in I format denoting the +time at which the CRL was last updated, in the UTC time zone. + +=item * + +B: the message digest algorithm used to sign the CRL. May be any +value supported by C; commonly-supported values include C, +C, and C. + +=item * + +B: a timestamp string in I format denoting the +time at which the CRL is next expected to be updated, in the UTC time zone. + +=item * + +B: a decimal integer denoting the CRL number. + +=back + +=head1 OUTPUT + +For each entity I declared in the configuration file, C +ensures the following set of files exists: + +=over 4 + +=item * + +B: a private key in PEM format. Will not be generated if it already +exists; the key in the existing file will be used instead. + +=item * + +B: the file above, encrypted with AES-128 using the passphrase +given in the configuration file (see L). + +=item * + +B: B in DER format. + +=item * + +B: the file above, encrypted with AES-128 using the passphrase +given in the configuration file (see L). + +=item * + +B: a certificate signing request in PEM format. + +=item * + +B: the file above in DER format. + +=item * + +B: a certificate in PEM format, signed by the entity given in the +configuration file (see L). + +=item * + +B: the file above in DER format. + +=item * + +B: the output of +C. C +is a Net-SSLeay example script whose output is used by the test suite to verify +the correct operation of various libssl certificate information functions. + +=item * + +B: the certificate chain in PEM format, starting with +I's certificate and ending with the root CA certificate. + +=item * + +B: the file above, with certificates in DER format. + +=item * + +B: a PKCS#12 archive containing a private key and a certificate. + +=item * + +B: the file above, with the private key encrypted with AES-128 using +the passphrase given in the configuration file (see L). + +=item * + +B: a PKCS#12 archive containing a private key and a certificate +chain starting with I's certificate and ending with the root CA certificate. + +=item * + +B: the file above, with the private key encrypted with +AES-128 using the passphrase given in the configuration file (see +L). + +=back + +Additionally, for entities that sign and then revoke at least one certificate, +C outputs the following files: + +=over 4 + +=item * + +B: a certificate revocation list (version 2) in PEM format. + +=item * + +B: the file above in DER format. + +=back + +=head1 DIAGNOSTICS + +C outputs a diagnostic message to stderr and immediately +exits with exit code 1 if an error occurs. Error messages listed below indicate +invalid input or a problem with the state of the system that can usually be +fixed. Error messages not listed below are internal and should never be +encountered under normal operation; please report any occurrences of such errors +as bugs (see L). + +=over + +=item B +does not exist> + +The PKI configuration file at I, as specified by the B<-c> command line +option (or C in the same directory as C if a value +for B<-c> was not specified), does not exist. Ensure C exists, or +speicify an alternative path with B<-c I>. + +=item B + +The B<-o> option is compulsory, and has no default value. Pass the path to a +directory in which the output files described in L should be written +with B<-o I>. + +=item B does +not exist> + +C does not attempt to create the directory at the path given +by the B<-o> option; it must already exist and be writable. + +=item B: I> + +The configuration file at I could not be loaded because of I, +which is probably an OS-level error. Ensure the file at I is readable. + +=item B> + +The configuration file could not be parsed because of I, which is likely +a Perl syntax error. Ensure the configuration file is valid Perl and meets the +specification given in L. + +=item B> + +C attempted to check the version of the OpenSSL command line +utility currently in use by invoking C, and expected it to exit +with exit code 0 (indicating success) but it actually exited with exit code I +(indicating failure). Check that the first occurrence of C in I +is in fact the OpenSSL command line utility, then run C with +the B<-v> option to see the full output from C, which may help +diagnose the problem further. + +=item B + +C attempted to check the version of the OpenSSL command line +utility currently in use by invoking C, but its output was +inconsistent with the output format known to be used by OpenSSL. Check that the +first occurrence of C in I is in fact the OpenSSL command line +utility (and not the LibreSSL command line utility), then run +C with the B<-v> option to see the full output from +C, which may help diagnose the problem further. + +=item B= I required, +but `openssl` is version I> + +C relies on features of the OpenSSL command line utility that +were added in version I, but the first occurrence of C in +I is version I, which is insufficient. It may be necessary to compile +a newer version of OpenSSL from the source code and prepend the directory +containing the command line utility to I in order to solve this problem. + +=item B> + +C attempted to check the version of OpenSSL that Net::SSLeay +is built against, but was unable to import Net::SSLeay because of I. +Ensure the first occurrence of Net::SSLeay in I can be imported by +Perl. + +=item B + +C relies on features of Net::SSLeay that are only available +when it is built against OpenSSL, but the first occurrence of Net::SSLeay in +I is built against LibreSSL. Rebuild Net::SSLeay against OpenSSL and +ensure the rebuilt version is the first occurrence of Net::SSLeay in +I. + +=item B= I, but it is built against version I> + +C relies on features of Net::SSLeay that are only available +when it is built against OpenSSL version I, but the first occurrence of +Net::SSLeay in I is built against OpenSSL I. Rebuild Net::SSLeay +against a newer version OpenSSL - ideally the same version as the OpenSSL +command line utility - and ensure the rebuilt version is the first occurrence of +Net::SSLeay in I. + +=item B> + +C attempted to create a directory to store some temporary +files that are necessary to generate the output files, but was unable to create +the directory because of I (which is probably an OS-level error). Ensure +the system's temporary directory is writable. + +=item B': issuer 'I' is not +defined> + +The configuration file defines an entity I whose issuer (per the the value of +its C<{cert}-E{issuer}> key) does not exist. Check that I is not +misnamed and that the value of C<{cert}-E{issuer}> for I is correct. + +=item B.key.pem': missing key algorithm> + +The configuration file defines an entity I with no value for +C<{key}-E{algorithm}>. See L for a list of acceptable values. + +=item B.key.pem': unknown key algorithm 'I'> + +The configuration file defines an entity I with the value I for +C<{key}-E{algorithm}>, but this is not a known public key algorithm. See +L for a list of acceptable values. + +=item B.key.pem': key algorithm 'I' requires +a key size> + +The configuration file defines an entity I with the value I for +C<{key}-E{algorithm}>, but I requires a key size to be defined +in C<{key}-E{size}>. Define a valid key size for this entity's private key. +See L for more information. + +=item B.csr.pem': invalid key/value pair given in +subject> + +The configuration file defines an entity I with at least one undefined +element in its value for C<{cert}-E{subject}>. Undefined elements cannot be +stringified, so the subject could not be transformed into a Distinguished Name +string. See L for more information of the expected format for +C<{cert}-E{subject}>. + +=item B.csr.pem': missing message digest algorithm> + +The configuration file defines an entity I with no value for +C<{csr}-E{md_algorithm}>. See L for possible values. + +=item B.cert.pem': valid_from: invalid timestamp> + +The configuration file defines an entity I with an invalid timestamp for its +value of C<{cert}-E{valid_from}>. See L for more information on the +expected timestamp format. + +=item B.cert.pem': valid_until: invalid timestamp> + +The configuration file defines an entity I with an invalid timestamp for its +value of C<{cert}-E{valid_to}>. See L for more information on the +expected timestamp format. + +=item B.cert.pem': missing message digest algorithm> + +The configuration file defines an entity I with no value for +C<{cert}-E{md_algorithm}>. See L for possible values. + +=item B.cert.pem': could not create directory I: +I> + +C attempted to create a temporary directory at I to +store intermediate files that are necessary to generate I's certificate, but +was unable to do so because of I, which is probably an OS-level error. +Ensure the system's temporary directory is writable. + +=item B.cert.pem': could not write serial file I: +I> + +C attempted to write an intermediate file to I (a +subdirectory of a temporary directory it created earlier) that is necessary to +generate I's certificate, but was unable to do so because of I, which +is probably an OS-level error. Ensure the system's temporary directory is +writable. + +=item B.cert.dump': could not write I: I> + +C attempted to write information about I's certificate to +the file at I, but was unable to do so because of I, which is +probably an OS-level error. Ensure the file at I is writable. + +=item B.cert.dump': could not run +examples/x509_cert_details.pl: I> + +C attempted to invoke the Perl script +C (part of the Net-SSLeay source distribution) to +produce an output file containing information about I's certificate, but was +unable to invoke the script because of I. Ensure that the script is +located at C<../examples/x509_cert_details.pl> relative to the path to +C, that it can be executed given the values of I and +I that are inherited by C, and that a suitable +version of Net::SSLeay is present in I (see L for more +information). + +=item B.cert.dump': examples/x509_cert_details.pl +exited with exit code I> + +C invoked the Perl script C +(part of the Net-SSLeay source distribution) to produce an output file +containing information about I's certificate, and expected it to exit +with exit code 0 (indicating success) but it actually exited with exit code I +(indicating failure). Run C with the B<-v> option to see the +full output from C, which may help diagnose the +problem further. + +=item B.certchain.pem': could not write certificate +chain file I: I> + +=item B.certchain.der': could not write certificate +chain file I: I> + +C attempted to concatenate the certificates in I's issuer +chain (in either format) and write them to I, but was unable to do so +because of I, which is probably an OS-level error. Ensure the file at +I is writable. + +=item B.certchain.pem': could not read certificate file +I: I> + +=item B.certchain.der': could not read certificate file +I: I> + +C attempted to read a certificate in I's issuer chain (in +either format) at I, but was unable to do so because of I, which +is probably an OS-level error. Ensure the file at I is readable. + +=item B.crl.pem': could not create directory I: +I> + +C attempted to create a temporary directory at I to +store intermediate files that are necessary to generate I's CRL, but was +unable to do so because of I, which is probably an OS-level error. +Ensure the system's temporary directory is writable. + +=item B.crl.pem': could not read database file I: +I> + +When revoking a certificate, C looks up the certificate's +serial number in its issuing entity's database file, which is created by OpenSSL +in a temporary directory created earlier by C. It was unable +to read this file on this occasion because of I, which is probably an +OS-level error. Ensure the system's temporary directory is readable. + +=item B.crl.pem': could not write database file +I: I> + +To revoke a certificate, C updates the certificate's entry in +its issuing entity's database file, which is created by OpenSSL in a temporary +directory created earlier by C. It was unable to update the +file on this occasion because of I, which is probably an OS-level error. +Ensure the system's temporary directory is writable. + +=item B.crl.pem': could not write CRL number file +I: I> + +When revoking a certificate, C stores the CRL number for the +CRL it outputs in a file in a temporary directory it created earlier. It was +unable to write this file on this occasion because of I, which is +probably an OS-level error. Ensure the system's temporary directory is writable. + +=item B.certchain.p12': could not create directory +I: I> + +=item B.certchain.enc.p12': could not create directory +I: I> + +When generating a PKCS#12 archive containing multiple certificates, +C concatenates the certificates and writes them to a file in +a temporary directory it creates before passing the path to that file in a +command line option to C. It was unable to create the temporary +directory on this occasion because of I, which is probably an OS-level +error. Ensure the system's temporary directory is writable. + +=item B> + +=item B': failed to run `openssl I`: +I> + +C attempted to invoke the OpenSSL command line utility, but +failed to spawn a new process because of I, which is probably an +OS-level error. + +=item B': `openssl I` failed with exit code +I> + +C attempted to generate an output file by invoking the +OpenSSL command line utility, and expected it to exit with exit code 0 +(indicating success) but it actually exited with exit code I (indicating +failure). Check that the PKI defined in the configuration file is sensible, then +run C with the B<-v> option to see the full output from +C. + +=back + +=head1 LIMITATIONS + +Although its interface is almost identical to the OpenSSL command line utility, +C is incompatible with the LibreSSL command line utility, +since it relies on features currently only found in the OpenSSL command line +utility. + +Only limited error checking is performed on the configuration file; in +particular, C will not always complain if required keys are +missing. It is recommended to run the program with the B<-v> option after +editing the configuration file to ensure C is being invoked as +expected. + +Entities can have their certificates issued by one and only one entity; +cross-signed certificates cannot currently be generated. + +The uniqueness of serial numbers among the certificates signed by any given +issuer is not enforced, and duplication will likely cause odd output from +C and breakage when certificates are revoked. Care should be +taken when editing serial numbers in the configuration file. + +While as much effort as possible has been put into generating output files +deterministically, C will still generate different private +keys and PKCS#12 archives on every invocation, even when the PKI configuration +file has not changed between invocations. C will avoid +overwriting the private key for an entity if one already exists, but cannot +recreate a private key that has been deleted. PKCS#12 archives cannot be +generated deterministically because the PKCS#12 file format uses salts and IVs +that the OpenSSL command line utiltity randomly generates on each invocation. + +=head1 SEE ALSO + +The man pages for the OpenSSL command line utility subcommands invoked by +C: L, L, +L, L, L, and +L. + +=head1 BUGS + +If you encounter a problem with this program that you believe is a bug, please +L +in the Net-SSLeay GitHub repository. Please make sure your bug report includes +the following information: + +=over + +=item * + +the list of command line options passed to C; + +=item * + +the full configuration file given by the C<-c> command line option; + +=item * + +the full output of C; + +=item * + +your operating system name and version; + +=item * + +the output of C; + +=item * + +the version of Net-SSLeay you are using; + +=item * + +the version of OpenSSL you are using. + +=back + +=head1 AUTHORS + +Originally written by Chris Novakovic. + +Maintained by Chris Novakovic, Tuure Vartiainen and Heikki Vatiainen. + +=head1 COPYRIGHT AND LICENSE + +Copyright 2020- Chris Novakovic . + +Copyright 2020- Tuure Vartiainen . + +Copyright 2020- Heikki Vatiainen . + +This module is released under the terms of the Artistic License 2.0. For +details, see the C file distributed with Net-SSLeay's source code. + +=cut + +__DATA__ +#----------------------------------------------------------------------- +# openssl req +#----------------------------------------------------------------------- + +[ req ] +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn + +[ req_dn ] +# This section is intentionally left blank - distinguished_name must be +# defined in the [ req ] section, but the distinguished name is actually +# specified in the -subj option to `openssl req` + +#----------------------------------------------------------------------- +# openssl ca +#----------------------------------------------------------------------- + +[ ca_conf ] +database = {{ database_path }} +serial = {{ serial_path }} +new_certs_dir = {{ certs_path }} +unique_subject = no +email_in_dn = yes +default_days = 3650 +policy = ca_policy +crlnumber = {{ crl_number_path }} +crl_extensions = crlexts + +[ ca_policy ] +domainComponent = optional +countryName = optional +organizationName = optional +organizationalUnitName = optional +dnQualifier = optional +stateOrProvinceName = optional +commonName = optional +serialNumber = optional +localityName = optional +title = optional +name = optional +givenName = optional +initials = optional +pseudonym = optional +generationQualifier = optional +emailAddress = optional + +[ exts_ca ] +keyUsage = critical,keyCertSign,cRLSign +basicConstraints = critical,CA:true +subjectKeyIdentifier = hash +{{ extensions }} + +[ exts_server ] +keyUsage = critical,digitalSignature,keyEncipherment +extendedKeyUsage = serverAuth,clientAuth +subjectKeyIdentifier = hash +{{ extensions }} + +[ exts_client ] +keyUsage = critical,digitalSignature +extendedKeyUsage = clientAuth +subjectKeyIdentifier = hash +{{ extensions }} + +[ exts_email ] +keyUsage = critical,digitalSignature,keyEncipherment +extendedKeyUsage = emailProtection,clientAuth +subjectKeyIdentifier = hash +{{ extensions }} + +[ exts_custom ] +{{ extensions }} + +[ crlexts ] +# This section is intentionally left blank - if crl_extensions is +# defined in the [ ca_conf ] section (even if it is empty), OpenSSL +# writes a V2 CRL instead of a V1 CRL diff --git a/cpan/Net-SSLeay/helper_script/pki.cfg b/cpan/Net-SSLeay/helper_script/pki.cfg new file mode 100644 index 000000000000..dd6e9be7d918 --- /dev/null +++ b/cpan/Net-SSLeay/helper_script/pki.cfg @@ -0,0 +1,412 @@ +{ + 'extended-cert' => { + key => { + algorithm => 'rsa', + passphrase => 'test', + size => 2048, + }, + + csr => { + md_algorithm => 'sha256', + }, + + cert => { + issuer => 'intermediate-ca', + md_algorithm => 'sha256', + purpose => 'custom', + serial => 2, + valid_from => '2020-01-01 00:00:00', + valid_until => '2038-01-01 00:00:00', + + subject => [ + # RFC 5280 section 4.1.2.4 "MUST recognise" RDN attribute types: + C => 'PL', + O => 'Net-SSLeay', + OU => 'Test Suite', + dnQualifier => 'net-ssleay.example', + ST => 'State', + CN => 'John Doe', + serialNumber => 1234, + # RFC 5280 section 4.1.2.4 "SHOULD recognise" RDN attribute types: + L => 'Locality', + title => 'Mr.', + SN => 'Doe', + GN => 'John', + initials => 'JD', + pseudonym => 'John Q. Public', + generationQualifier => 'Sr.', + # Recommended by RFC 2985 section 3; deprecated, but still used + emailAddress => 'john.doe@net-ssleay.example', + ], + + extensions => { + authorityInfoAccess => [ + 'OCSP;URI:http://ocsp.intermediate-ca.net-ssleay.example', + 'caIssuers;URI:http://issuers.intermediate-ca.net-ssleay.example', + ], + authorityKeyIdentifier => 'keyid,issuer', + basicConstraints => 'critical,CA:false', + certificatePolicies => [ + # These OIDs are deliberately invalid + '1.2.3.4.5', + '2.3.4.5.6', + ], + crlDistributionPoints => [ + 'URI:http://intermediate-ca.net-ssleay.example/crl1.crl', + 'URI:http://intermediate-ca.net-ssleay.example/crl2.crl', + ], + extendedKeyUsage => [ + 'critical', + 'serverAuth', + 'clientAuth', + 'codeSigning', + 'emailProtection', + 'timeStamping', + 'OCSPSigning', + 'ipsecIKE', + 'msCodeInd', + 'msCodeCom', + 'msCTLSign', + 'msEFS', + # 1.3.6.1.5.5.7.3.13 = id-kp-eapOverPPP + '1.3.6.1.5.5.7.3.13', + # 1.3.6.1.5.5.7.3.14 = id-kp-eapOverLAN + '1.3.6.1.5.5.7.3.14', + ], + issuerAltName => [ + 'email:intermediate-ca@net-ssleay.example', + 'URI:http://intermediate-ca.net-ssleay.example', + 'DNS:intermediate-ca.net-ssleay.example', + 'RID:1.2.0.0', + 'IP:192.168.0.1', + 'IP:fd25:f814:afb5:9873::1', + # 1.2.840.113549.1.9.1 = emailAddress + 'otherName:1.2.840.113549.1.9.1;UTF8:ica@net-ssleay.example', + ], + keyUsage => [ + 'digitalSignature', + 'nonRepudiation', + 'keyEncipherment', + 'dataEncipherment', + 'keyAgreement', + 'keyCertSign', + 'cRLSign', + 'decipherOnly', + ], + subjectAltName => [ + 'email:john.doe@net-ssleay.example', + 'URI:http://johndoe.net-ssleay.example', + 'DNS:johndoe.net-ssleay.example', + 'RID:1.2.3.4', + 'IP:192.168.0.2', + 'IP:fd25:f814:afb5:9873::2', + # 1.2.840.113549.1.9.1 = emailAddress + 'otherName:1.2.840.113549.1.9.1;UTF8:jd@net-ssleay.example', + ], + subjectKeyIdentifier => 'hash', + }, + }, + + pkcs12 => { + passphrase => 'test', + }, + }, + + 'intermediate-ca' => { + key => { + algorithm => 'rsa', + passphrase => 'test', + size => 2048, + }, + + csr => { + md_algorithm => 'sha256', + }, + + cert => { + issuer => 'root-ca', + md_algorithm => 'sha256', + purpose => 'ca', + serial => 2, + valid_from => '2020-01-01 00:00:00', + valid_until => '2038-01-01 00:00:00', + + subject => [ + C => 'PL', + O => 'Net-SSLeay', + OU => 'Test Suite', + CN => 'Intermediate CA', + ], + }, + + pkcs12 => { + passphrase => 'test', + }, + + crl => { + last_update => '2020-07-01 00:00:00', + md_algorithm => 'sha256', + next_update => '2020-07-08 00:00:00', + number => 1, + }, + }, + + 'revoked-cert' => { + key => { + algorithm => 'rsa', + passphrase => 'test', + size => 2048, + }, + + csr => { + md_algorithm => 'sha256', + }, + + cert => { + issuer => 'intermediate-ca', + md_algorithm => 'sha256', + purpose => 'server', + revoke_reason => 'keyCompromise', + revoke_time => '2020-06-06 06:06:06', + serial => 5, + valid_from => '2020-01-01 00:00:00', + valid_until => '2038-01-01 00:00:00', + + subject => [ + C => 'PL', + O => 'Net-SSLeay', + OU => 'Test Suite', + CN => 'revoked-cert.net-ssleay.example', + ], + }, + + pkcs12 => { + passphrase => 'test', + }, + }, + + 'root-ca' => { + key => { + algorithm => 'rsa', + passphrase => 'test', + size => 2048, + }, + + csr => { + md_algorithm => 'sha256', + }, + + cert => { + md_algorithm => 'sha256', + purpose => 'ca', + serial => 1, + valid_from => '2020-01-01 00:00:00', + valid_until => '2038-01-01 00:00:00', + + subject => [ + C => 'PL', + O => 'Net-SSLeay', + OU => 'Test Suite', + CN => 'Root CA', + ], + }, + + pkcs12 => { + passphrase => 'test', + }, + }, + + 'simple-cert' => { + key => { + algorithm => 'rsa', + passphrase => 'test', + size => 2048, + }, + + csr => { + md_algorithm => 'sha256', + }, + + cert => { + issuer => 'intermediate-ca', + md_algorithm => 'sha256', + purpose => 'server', + serial => 1, + valid_from => '2020-01-01 00:00:00', + valid_until => '2038-01-01 00:00:00', + + subject => [ + C => 'PL', + O => 'Net-SSLeay', + OU => 'Test Suite', + CN => 'simple-cert.net-ssleay.example', + ], + }, + + pkcs12 => { + passphrase => 'test', + }, + }, + + 'strange-cert' => { + key => { + algorithm => 'rsa', + passphrase => 'test', + size => 2048, + }, + + csr => { + md_algorithm => 'sha256', + }, + + cert => { + issuer => 'intermediate-ca', + md_algorithm => 'sha256', + purpose => 'server', + serial => 4, + valid_from => '2020-01-01 00:00:00', + valid_until => '2038-01-01 00:00:00', + + subject => [ + C => 'UA', + ST => 'ЛьвівÑька облаÑÑ‚ÑŒ', + O => 'abc D.E.F', + OU => q{START ! @ # $ % ^ & * ( ) , . - ? : _ / [ ] " ' | \ = + END}, + CN => 'strange-cert.net-ssleay.example', + ], + }, + + pkcs12 => { + passphrase => 'test', + }, + }, + + 'verify-ca' => { + key => { + algorithm => 'rsa', + passphrase => 'test', + size => 2048, + }, + + csr => { + md_algorithm => 'sha256', + }, + + cert => { + issuer => 'root-ca', + md_algorithm => 'sha256', + purpose => 'ca', + serial => 3, + valid_from => '2020-01-01 00:00:00', + valid_until => '2038-01-01 00:00:00', + + subject => [ + C => 'PL', + O => 'Net-SSLeay', + OU => 'Test Suite', + CN => 'Verification CA', + ], + + extensions => { + certificatePolicies => [ + # This OID is deliberately invalid + '1.2.3.4.5', + ], + }, + }, + + pkcs12 => { + passphrase => 'test', + }, + + crl => { + last_update => '2020-07-01 00:00:00', + md_algorithm => 'sha256', + next_update => '2020-07-08 00:00:00', + number => 1, + }, + }, + + 'verify-cert' => { + key => { + algorithm => 'rsa', + passphrase => 'test', + size => 2048, + }, + + csr => { + md_algorithm => 'sha256', + }, + + cert => { + issuer => 'verify-ca', + md_algorithm => 'sha256', + purpose => 'server', + serial => 1, + valid_from => '2020-01-01 00:00:00', + valid_until => '2038-01-01 00:00:00', + + subject => [ + C => 'PL', + O => 'Net-SSLeay', + OU => 'Test Suite', + CN => '*.johndoe.net-ssleay.example', + emailAddress => 'john.doe@net-ssleay.example', + ], + + extensions => { + certificatePolicies => [ + # This OID is deliberately invalid + '1.2.3.4.5', + ], + subjectAltName => [ + 'email:john.doe@net-ssleay.example', + 'DNS:*.johndoe.net-ssleay.example', + 'IP:192.168.0.3', + ], + }, + }, + + pkcs12 => { + passphrase => 'test', + }, + }, + + 'wildcard-cert' => { + key => { + algorithm => 'rsa', + passphrase => 'test', + size => 2048, + }, + + csr => { + md_algorithm => 'sha256', + }, + + cert => { + issuer => 'intermediate-ca', + md_algorithm => 'sha256', + purpose => 'server', + serial => 3, + valid_from => '2020-01-01 00:00:00', + valid_until => '2038-01-01 00:00:00', + + subject => [ + C => 'PL', + O => 'Net-SSLeay', + OU => 'Test Suite', + CN => '*.net-ssleay.example', + ], + + extensions => { + subjectAltName => [ + 'DNS:*.net-ssleay.example', + ], + }, + }, + + pkcs12 => { + passphrase => 'test', + }, + }, +} diff --git a/cpan/Net-SSLeay/helper_script/update-exported-constants b/cpan/Net-SSLeay/helper_script/update-exported-constants new file mode 100644 index 000000000000..004f5bbd6dc0 --- /dev/null +++ b/cpan/Net-SSLeay/helper_script/update-exported-constants @@ -0,0 +1,808 @@ +#!/usr/bin/env perl + +use 5.008001; +use strict; +use warnings; + +use Cwd qw(abs_path); +use English qw( + $EVAL_ERROR $EXCEPTIONS_BEING_CAUGHT $OS_ERROR $RS -no_match_vars +); +use Fcntl qw(SEEK_SET); +use File::Basename qw(dirname); +use File::Spec::Functions qw(catfile); +use Getopt::Long qw(GetOptionsFromArray); +use POSIX qw(ceil); + +our $VERSION = '1.92'; + +local $SIG{__DIE__} = sub { + my ($cause) = @_; + + if ($EXCEPTIONS_BEING_CAUGHT) { + return; + } + + print STDERR $cause, "\n"; + + exit 1; +}; + +my ($args) = eval { parse_options(\@ARGV) } + or fatal( 'Failed to parse command line options', $EVAL_ERROR ); + +my @constants = eval { load_config( $args->{config} ) } + or fatal( 'Failed to load configuration file', $EVAL_ERROR ); + +my @perl_constants = sort map { $_->{exported_name} } @constants; + +eval { generate_constants_c( $args->{'constants-file'}, @constants ) } + or fatal( 'Failed to generate constants file', $EVAL_ERROR ); + +eval { generate_constants_test( $args->{'test-file'}, @perl_constants ) } + or fatal( 'Failed to generate constants test script', $EVAL_ERROR ); + +eval { update_module( $args->{'module-file'}, @perl_constants ) } + or fatal( 'Failed to update Net::SSLeay module file', $EVAL_ERROR ); + +eval { update_pod( $args->{'pod-file'}, @perl_constants ) } + or fatal( 'Failed to update Pod file', $EVAL_ERROR ); + + +sub dist_file { + my @path = @_; + + return abs_path( catfile( dirname(__FILE__), '..', @path ) ); +} + +sub parse_options { + my ($argv) = @_; + + my $opts = { + 'config' => dist_file( qw( helper_script constants.txt ) ), + 'constants-file' => dist_file( qw( constants.c ) ), + 'module-file' => dist_file( qw( lib Net SSLeay.pm ) ), + 'pod-file' => dist_file( qw( lib Net SSLeay.pod ) ), + 'test-file' => dist_file( qw( t local 21_constants.t ) ), + }; + + GetOptionsFromArray( + $argv, + $opts, + 'config|C=s', + 'constants-file|c=s', + 'module-file|m=s', + 'pod-file|p=s', + 'test-file|t=s', + ); + + if ( !-e $opts->{'config'} ) { + fatal("configuration file $opts->{config} does not exist"); + } + + if ( !-e $opts->{'module-file'} ) { + fatal("Net::SSLeay module file $opts->{'module-file'} does not exist"); + } + + if ( !-e $opts->{'pod-file'} ) { + fatal("Pod file $opts->{'pod-file'} does not exist"); + } + + return wantarray + ? ( $opts, $argv ) + : $opts; +} + +sub load_config { + my ($config_file) = @_; + + open my $fh, '<', $config_file + or fatal( $config_file, $OS_ERROR ); + + my @constants; + my $line_number = 0; + + while (<$fh>) { + $line_number++; + + # Trim leading and trailing space + s{^\s+|\s+$}{}g; + + # Skip empty lines and comments + next if m{^(?:\#.*)?$}; + + # Check whether the given constant name is likely to be a valid + # OpenSSL/LibreSSL constant name + if ( $_ !~ m{^[A-Za-z_][A-Za-z0-9_]*$} ) { + printf STDERR "%s:%d: badly-formatted constant name; skipping\n", + $config_file, $line_number; + + next; + } + + # Remove "SSL_" prefix from constant name, if present + ( my $exported_name = $_ ) =~ s{^SSL_}{}; + + push @constants, { + exported_name => $exported_name, + name => $_, + }; + } + + close $fh; + + return @constants; +} + +sub generate_constants_c { + my ( $file, @constants ) = @_; + + open my $fh, '>', $file + or fatal($OS_ERROR); + + print $fh data_section('constants_c_header'); + print $fh Net::SSLeay::ConstantsGenerator->C_constant( + { + breakout => ~0, + indent => 20, + }, + map { + { + name => $_->{exported_name}, + value => $_->{name}, + } + } + ( + # This constant name isn't defined by any libssl implementation - it + # is only intended to be used by the test script generated by this + # script to ensure that Net::SSLeay behaves as expected when a + # caller attempts to refer to an undefined constant + { + exported_name => '_NET_SSLEAY_TEST_UNDEFINED_CONSTANT', + name => '_NET_SSLEAY_TEST_UNDEFINED_CONSTANT', + }, + @constants, + ) + ); + + close $fh; + + printf "%s: generated\n", $file; + + return 1; +} + +sub generate_constants_test { + my ( $file, @constants ) = @_; + + open my $fh, '>', $file + or fatal($OS_ERROR); + + print $fh data_section( + 'constants_test', + { + constants => join( "\n", map { q{ } x 4 . $_ } @constants ), + # 1 dies_like() test for each constant + # 1 is() test for @EXPORT_OK + # 1 dies_like() test for undefined constant + tests => @constants + 2, + } + ); + + close $fh; + + printf "%s: generated\n", $file; + + return 1; +} + +sub update_content { + my ( $file, $start_match, $end_match, @replacement ) = @_; + + open my $fh, '<', $file + or fatal($OS_ERROR); + + my ( @file, $start, $end ); + + my $pos = 0; + while (<$fh>) { + push @file, $_; + + if ( !defined $start && $_ =~ $start_match ) { + $start = $pos; + } + elsif ( defined $start && !defined $end && $_ =~ $end_match ) { + $end = $pos; + } + + $pos++; + } + + close $fh; + + if ( !defined $start || !defined $end ) { + fatal('could not find start/end markers'); + } + + splice @file, $start + 1, max( 0, $end - $start - 1 ), @replacement; + + open $fh, '>', $file + or fatal($OS_ERROR); + + for (@file) { + print $fh $_; + } + + close $fh; + + return 1; +} + +sub update_module { + my ( $file, @constants ) = @_; + + eval { + update_content( + $file, + qr{^my \@constants = qw\(}, + qr{^\);}, + map { q{ } x 4 . "$_\n" } @constants + ) + } or do { + ( my $err = $EVAL_ERROR ) =~ s{start/end markers$}{\@constants declaration}; + fatal( $file, $err ); + }; + + printf "%s: updated\n", $file; + + return 1; +} + +sub format_constants { + my ( $list, $indent, $columns, $separator ) = @_; + + my $per_column = ceil( @$list / $columns ); + + my @columns = map + { [ splice @$list, 0, $per_column ] } + ( 0 .. $columns - 1 ); + + my @max_length = map + { max( map { length } @$_ ) } + @columns; + + my @formatted; + for my $row ( 0 .. $per_column - 1 ) { + my @row; + for ( 0 .. $columns - 1 ) { + my $this = $columns[$_]->[$row]; + my $left = $columns[ $_ - 1 ]->[$row]; + + next if !defined $this; + + my $gap = $_ == 0 + ? $indent + : $max_length[ $_ - 1 ] - length($left) + $separator; + + push @row, q{ } x $gap . $this; + } + push @formatted, join( '', @row ) . "\n"; + } + + return @formatted; +} + +sub update_pod { + my ( $file, @constants ) = @_; + + eval { + update_content( + $file, + qr{^=for start_constants$}, + qr{^=for end_constants$}, + ( "\n", format_constants( \@constants, 4, 2, 2 ), "\n" ) + ) + } or do { + ( my $err = $EVAL_ERROR ) =~ s{start/end markers$}{constants block}; + fatal( $file, $err ); + }; + + printf "%s: updated\n", $file; + + return 1; +} + +sub max { + my @numbers = @_; + + my $max = shift @numbers; + while ( defined( my $number = shift @numbers ) ) { + $max = $number if $number > $max; + } + + return $max; +} + +sub data_section { + my ( $section, $tmpl ) = @_; + + seek DATA, 0, SEEK_SET; + + my @content = (); + my $in_section; + + for () { + if ( my ($name) = $_ =~ m{^\[section:(\w+)\]\n} ) { + if ( $name eq $section ) { + $in_section = 1; + next; + } + elsif ($in_section) { + # Reached the section following the requested section + last; + } + } + + if ($in_section) { + s/\{\{\s*(\w+)\s*\}\}/defined $tmpl->{$1} ? $tmpl->{$1} : ''/eg; + push @content, $_; + } + } + + fatal("__DATA__ section '$section' not found") + if !$in_section; + + return join '', @content; +} + +sub fatal { + my ( $message, $cause ) = @_; + + die Error->new( $message, $cause ); +} + +package Net::SSLeay::ConstantsGenerator; + +use base 'ExtUtils::Constant::Base'; + +sub assignment_clause_for_type { + my ( $self, $args, $value ) = @_; + + return main::data_section( + 'assignment_clause_for_type', + { + value => $value, + } + ); +} + +sub C_constant_return_type { + my $ret = <<'END'; +#ifdef NET_SSLEAY_32BIT_CONSTANTS +static double +#else +static uint64_t +#endif +END + # Newline is automatically added, remove ours. + chomp($ret); + return $ret; +} + +sub return_statement_for_notfound { + return main::data_section('return_statement_for_notfound'); +} + +package Error; + +use overload ( + q{""} => sub { + my ($self) = @_; + + return defined $self->{cause} + ? "$self->{message}: $self->{cause}" + : $self->{message}; + }, + fallback => 1, +); + +sub new { + my ( $class, $message, $cause ) = @_; + + return bless { + message => $message, + cause => $cause, + }, $class; +} + +package main; + +=pod + +=encoding utf-8 + +=head1 NAME + +C - Manage constants exported by Net::SSLeay + +=head1 VERSION + +This document describes version 1.92 of C. + +=head1 USAGE + + # Edit constants.txt to add or remove a libssl/libcrypto constant + + # Export the new list of constants in Net::SSLeay, document them, and test + # for their availability in the test suite: + update-exported-constants + +=head1 DESCRIPTION + +Net::SSLeay exports a number of constants defined by libssl and libcrypto. +Several time-consuming and error-prone steps must be performed whenever this set +of constants changes: each one must be recognised as a valid constant name by +Net::SSLeay's XS code, defined as an exportable symbol in Net::SSLeay's Perl +code, documented in Net::SSLeay's user documentation, and tested in the +Net::SSLeay test suite to ensure that referencing it either returns a defined +value or raises an exception depending on whether it is defined in the version +of OpenSSL or LibreSSL being used. + +C simplifies the process of changing the set of +exportable constants by automating it: it consumes a configuration file +containing a list of constants, and performs each of the steps above for each of +the constants listed in the file. + +=head1 DEPENDENCIES + +C requires Perl 5.8.1 or higher. + +=head1 OPTIONS + +C accepts the following command line options: + +=over 4 + +=item * + +B<-C I>, B<--config=I>: the path to a file defining the libssl and +libcrypto constants that Net::SSLeay should attempt to export. See +L for a description of the expected format. Defaults to +C, relative to the path to C. + +=item * + +B<-c I>, B<--constants-file=I>: the path at which to write the C +source file defining the C function; this file should be included by +C. If a file exists at the given path, it will be overwritten. +Defaults to C<../constants.c>, relative to the path to +C. + +=item * + +B<-m I>, B<--module-file=I>: the path to Net::SSLeay's source code; +the value of the C<@constants> array defined in this file will be overwritten. +Defaults to C<../lib/Net/SSLeay.pm>, relative to the path to +C. + +=item * + +B<-p I>, B<--pod-file=I>: the path to et::SSLeay's documentation; +the list of constants given in the L section of this file +will be overwritten. Defaults to C<../lib/Net/SSLeay.pod>, relative to the path +to C. + +=item * + +B<-t I>, B<--test-file=I>: the path at which to write the constant +autoloading test script. If a file exists at the given path, it will be +overwritten. Defaults to C<../t/local/21_constants.t>, relative to the path to +C. + +=back + +The above defaults ensure that C can be executed +from a directory containing the Net-SSLeay source code without needing to +specify any options. + +=head1 CONFIGURATION + +The configuration file is a plain text file containing libssl and libcrypto +constant names, one per line. Empty lines and lines beginning with C<#> are +ignored. + +libssl and libcrypto constants are C preprocessor macro names. +C checks that constant names given in the +configuration file appear to be valid macro names, and will output a +I warning on stderr whenever it +encounters a line in the configuration file that does not appear to be a valid +macro name. Since the set of valid constant names differs between versions of +OpenSSL and LibreSSL, it is not possible to validate that constant names listed +in the configuration file are in fact valid constant names for a particular +libssl or libcrypto version. + +=head1 OUTPUT + +C generates the following files (overwriting any file +that already exists at that path): + +=over 4 + +=item * + +A C source file defining a function with the prototype +C. For a given constant name and length, +this function returns the value of the constant with the given name if it is +recognised as exportable by Net::SSLeay and exists in libssl/libcrypto, returns +C<0> and sets L to C if the constant is exportable but does not +exist in libssl/libcrypto, or returns C<0> and sets L to C if the +constant is not recognised as exportable by Net::SSLeay. This file is expected +to be Cd by C. + +=item * + +A Net::SSLeay test script that ensures each constant is exportable if it is +defined, or raises a specific exception if it is not. This test script is +expected to run as part of the standard Net::SSLeay test suite. + +=back + +C updates the following files (which therefore must +already exist and be writable): + +=over 4 + +=item * + +The source file for the Net::SSLeay module - the value of the C<@constants> +array defined in this file is overwritten with the new list of constants that +the module can export. + +=item * + +The Pod file documenting the Net::SSLeay module - the list of exportable +constants given in the L section of this file is +overwritten with the new list of constants that the module can export. + +=back + +=head1 DIAGNOSTICS + +C outputs a diagnostic message to stderr and +immediately exits with exit code 1 if an error occurs. Error messages listed +below indicate invalid input or a problem with the state of the system that can +usually be fixed. Error messages not listed below are internal and should never +be encountered under normal operation; please report any occurrences of such +errors as bugs (see L). + +=over + +=item B does +not exist> + +The configuration file listing the constants to export, as specified by the +B<-C> command line option (or C in the same directory as +C if a value for B<-C> was not specified), does not +exist. Ensure C exists, or specify an alternative path with +B<-C I>. + +=item B +does not exist> + +C updates and overwrites the Net::SSLeay module file +specified by the B<-m> command line option (or C<../lib/Net/SSLeay.pm> relative +to the path to C if a value for B<-m> was not +specified), but a file could not be found at this path. Ensure +C<../lib/Net/SSLeay.pm> exists, or specify an alternative path with +B<-m I>. + +=item B does not exist> + +C updates and overwrites the Pod file containing the +Net::SSLeay documentation at the path specified by the B<-p> command line option +(or C<../lib/Net/SSLeay.pod> relative to the path to +C if a value for B<-p> was not specified), but a file +could not be found at this path. Ensure C<../lib/Net/SSLeay.pod> exists, or +specify an alternative path with B<-p I>. + +=item B> + +The configuration file could not be loaded because of I, which is +probably an OS-level error. Ensure the path given by the B<-C> option, or the +default path if B<-C> was not specified, is readable. + +=item B> + +The constants C source file could not be written because of I, which is +probably an OS-level error. Ensure that the path given by the B<-c> option, or +the default path if B<-c> was not specified, is writable. + +=item B> + +The constants test script could not be written because of I, which is +probably an OS-level error. Ensure that the path given by the B<-t> option, or +the default path if B<-t> was not specified, is writable. + +=item B + +The Net::SSLeay module file was read, but an updated constants list could not be +written to it because the definition of the C<@constants> array could not be +found. C expects this array to be defined with the +following syntax: + + my @constants = qw( + # + ); + +Ensure the C<@constants> array is defined in this way in the Net::SSLeay module. + +=item B> + +The Net::SSLeay module file could not be either read or written because of +I, which is probably an OS-level error. Ensure that the path given by +the B<-m> option, or the default path if B<-m> was not specified, is both +readable and writable. + +=item B + +The Net::SSLeay documentation file was read, but an updated constants list could +not be written to it because the Pod code block listing the constants could not +be found. C expects this block to be surrounded by +the following Pod commands: + + =for start_constants + + + + =for end_constants + +Ensure the constants list is defined in this way in the documentation. + +=item B> + +The Net::SSLeay documentation file could not be either read or written because +of I, which is probably an OS-level error. Ensure that the path given by +the B<-p> option, or the default path if B<-p> was not specified, is both +readable and writable. + +=back + +=head1 LIMITATIONS + +Net::SSLeay currently returns the values of libssl and libcrypto constants as +double-precision floating-point numbers, regardless of the data type of the +underlying constant as it is defined by OpenSSL and/or LibreSSL; the C source +file generated by C therefore defines a function +C with the return type C. While all constants currently +exported by Net::SSLeay can be stored in this way without loss of precision, +this may not necessarily be the case for all constants defined by libssl and +libcrypto, either now or in the future. + +=head1 SEE ALSO + +The man pages for OpenSSL and LibreSSL, which describe the constants they define +(and therefore the constants that may be exported by Net::SSLeay). + +=head1 BUGS + +If you encounter a problem with this program that you believe is a bug, please +L +in the Net-SSLeay GitHub repository. Please make sure your bug report includes +the following information: + +=over + +=item * + +the list of command line options passed to C; + +=item * + +the full configuration file given by the B<-C> command line option (or the +default configuration file if B<-C> was not specified); + +=item * + +the full output of C; + +=item * + +your operating system name and version; + +=item * + +the output of C; + +=item * + +the version of Net-SSLeay you are using. + +=back + +=head1 AUTHORS + +Originally written by Chris Novakovic. + +Maintained by Chris Novakovic, Tuure Vartiainen and Heikki Vatiainen. + +=head1 COPYRIGHT AND LICENSE + +Copyright 2021- Chris Novakovic . + +Copyright 2021- Tuure Vartiainen . + +Copyright 2021- Heikki Vatiainen . + +This module is released under the terms of the Artistic License 2.0. For +details, see the C file distributed with Net-SSLeay's source code. + +=cut + +__DATA__ +[section:constants_c_header] +/* + * This file is automatically generated - do not manually modify it. + * + * To add or remove a constant, edit helper_script/constants.txt, then run + * helper_script/update-exported-constants. + */ + +[section:assignment_clause_for_type] + +#ifdef {{ value }} + return {{ value }}; +#else + goto not_there; +#endif +[section:return_statement_for_notfound] + + errno = EINVAL; + return 0; + +not_there: + errno = ENOENT; + return 0; +[section:constants_test] +# This file is automatically generated - do not manually modify it. +# +# To add or remove a constant, edit helper_script/constants.txt, then run +# helper_script/update-exported-constants. + +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw(dies_like); + +# We rely on symbolic references in the dies_like() tests: +no strict 'refs'; + +plan tests => {{ tests }}; + +my @constants = qw( +{{ constants }} +); + +my %exported = map { $_ => 1 } @Net::SSLeay::EXPORT_OK; +my @missing; + +for my $c (@constants) { + dies_like( + sub { "Net::SSLeay::$c"->(); die "ok\n"; }, + qr/^(?:ok\n$|Your vendor has not defined SSLeay macro )/, + "constant is exported or not defined: $c" + ); + push @missing, $c if !exists $exported{$c}; +} + +is( + join( q{,}, sort @missing ), + '', + 'no constants missing from @EXPORT_OK (total missing: ' . scalar(@missing) . ')' +); + +dies_like( + sub { Net::SSLeay::_NET_SSLEAY_TEST_UNDEFINED_CONSTANT() }, + qr/^Your vendor has not defined SSLeay macro _NET_SSLEAY_TEST_UNDEFINED_CONSTANT/, + 'referencing an undefined constant raises an exception' +); diff --git a/cpan/Net-SSLeay/inc/Test/Net/SSLeay.pm b/cpan/Net-SSLeay/inc/Test/Net/SSLeay.pm new file mode 100644 index 000000000000..529384efa011 --- /dev/null +++ b/cpan/Net-SSLeay/inc/Test/Net/SSLeay.pm @@ -0,0 +1,867 @@ +package Test::Net::SSLeay; + +use 5.008001; +use strict; +use warnings; +use base qw(Exporter); + +use Carp qw(croak); +use Config; +use Cwd qw(abs_path); +use English qw( $EVAL_ERROR $OSNAME $PERL_VERSION -no_match_vars ); +use File::Basename qw(dirname); +use File::Spec::Functions qw( abs2rel catfile ); +use Test::Builder; +use Test::Net::SSLeay::Socket; + +our $VERSION = '1.92'; + +our @EXPORT_OK = qw( + can_fork can_really_fork can_thread + data_file_path + dies_like + dies_ok + doesnt_warn + initialise_libssl + is_libressl is_openssl + is_protocol_usable + lives_ok + new_ctx + protocols + tcp_socket + warns_like +); + +my $tester = Test::Builder->new(); + +my $data_path = catfile( dirname(__FILE__), '..', '..', '..', 't', 'data' ); + +my $initialised = 0; + +my %protos = ( + 'TLSv1.3' => { + constant => \&Net::SSLeay::TLS1_3_VERSION, + constant_type => 'version', + priority => 6, + }, + 'TLSv1.2' => { + constant => \&Net::SSLeay::TLSv1_2_method, + constant_type => 'method', + priority => 5, + }, + 'TLSv1.1' => { + constant => \&Net::SSLeay::TLSv1_1_method, + constant_type => 'method', + priority => 4, + }, + 'TLSv1' => { + constant => \&Net::SSLeay::TLSv1_method, + constant_type => 'method', + priority => 3, + }, + 'SSLv3' => { + constant => \&Net::SSLeay::SSLv3_method, + constant_type => 'method', + priority => 2, + }, + 'SSLv2' => { + constant => \&Net::SSLeay::SSLv2_method, + constant_type => 'method', + priority => 1, + }, +); + +my ( $test_no_warnings, $test_no_warnings_name, @warnings ); + +END { + _test_no_warnings() if $test_no_warnings; +} + +sub _all { + my ( $sub, @list ) = @_; + + for (@list) { + $sub->() or return 0; + } + + return 1; +} + +sub _diag { + my (%args) = @_; + + $tester->diag( ' ' x 9, 'got: ', $args{got} ); + $tester->diag( ' ' x 4, 'expected: ', $args{expected} ); +} + +sub _libssl_fatal { + my ($context) = @_; + + croak "$context: " + . Net::SSLeay::ERR_error_string( Net::SSLeay::ERR_get_error() ); +} + +sub _load_net_ssleay { + eval { require Net::SSLeay; 1; } or croak $EVAL_ERROR; + + return 1; +} + +sub _test_no_warnings { + my $got_str = join q{, }, map { qq{'$_'} } @warnings; + my $got_type = @warnings == 1 ? 'warning' : 'warnings'; + + $tester->ok( @warnings == 0, $test_no_warnings_name ) + or _diag( + got => "$got_type $got_str", + expected => 'no warnings', + ); +} + +sub import { + my ( $class, @imports ) = @_; + + # Enable strict and warnings in the caller + strict->import; + warnings->import; + + # Import common modules into the caller's namespace + my $caller = caller; + for (qw(Test::More)) { + eval "package $caller; use $_; 1;" or croak $EVAL_ERROR; + } + + # Import requested Test::Net::SSLeay symbols into the caller's namespace + __PACKAGE__->export_to_level( 1, $class, @imports ); + + return 1; +} + +sub can_fork { + return 1 if can_really_fork(); + + # Some platforms provide fork emulation using ithreads + return 1 if $Config{d_pseudofork}; + + # d_pseudofork was added in Perl 5.10.0 - this is an approximation for + # older Perls + if ( ( $OSNAME eq 'Win32' or $OSNAME eq 'NetWare' ) + and $Config{useithreads} + and $Config{ccflags} =~ /-DPERL_IMPLICIT_SYS/ ) + { + return 1; + } + + return can_thread(); +} + +sub can_really_fork { + return 1 if $Config{d_fork}; + + return 0; +} + +sub can_thread { + return 0 if not $Config{useithreads}; + + # Threads are broken in Perl 5.10.0 when compiled with GCC 4.8 or above + # (see GH #175) + if ( $PERL_VERSION == 5.010000 + and $Config{ccname} eq 'gcc' + and defined $Config{gccversion} + # gccversion is sometimes defined for non-GCC compilers (see GH-350); + # compilers that are truly GCC are identified with a version number in + # gccversion + and $Config{gccversion} =~ /^\d+\.\d+/ ) + { + my ( $gcc_major, $gcc_minor ) = split /[.\s]+/, $Config{gccversion}; + + return 0 + if ( $gcc_major > 4 or ( $gcc_major == 4 and $gcc_minor >= 8 ) ); + } + + # Devel::Cover doesn't (currently) work with threads + return 0 if $INC{'Devel/Cover.pm'}; + + return 1; +} + +sub data_file_path { + my ($data_file) = @_; + + my $abs_path = catfile( abs_path($data_path), $data_file ); + my $rel_path = abs2rel($abs_path); + + croak "$rel_path: data file does not exist" + if not -e $abs_path; + + return $rel_path; +} + +sub dies_like { + my ( $sub, $expected, $name ) = @_; + + my ( $got, $ok ); + + if ( eval { $sub->(); 1 } ) { + $ok = $tester->ok ( 0, $name ); + + _diag( + got => 'subroutine lived', + expected => "subroutine died with exception matching $expected", + ); + } + else { + $got = $EVAL_ERROR; + + my $test = $got =~ $expected; + + $ok = $tester->ok( $test, $name ) + or _diag( + got => qq{subroutine died with exception '$got'}, + expected => "subroutine died with exception matching $expected", + ); + } + + $EVAL_ERROR = $got; + + return $ok; +} + +sub dies_ok { + my ( $sub, $name ) = @_; + + my ( $got, $ok ); + + if ( eval { $sub->(); 1 } ) { + $got = $EVAL_ERROR; + + $ok = $tester->ok ( 0, $name ); + + _diag( + got => 'subroutine lived', + expected => 'subroutine died', + ); + } + else { + $got = $EVAL_ERROR; + + $ok = $tester->ok( 1, $name ); + } + + $EVAL_ERROR = $got; + + return $ok; +} + +sub doesnt_warn { + $test_no_warnings = 1; + $test_no_warnings_name = shift; + + $SIG{__WARN__} = sub { push @warnings, shift }; +} + +sub initialise_libssl { + return 1 if $initialised; + + _load_net_ssleay(); + + Net::SSLeay::randomize(); + + # Error strings aren't loaded by default until OpenSSL 1.1.0, but it's safe + # to load them unconditionally because these functions are simply no-ops in + # later OpenSSL versions + Net::SSLeay::load_error_strings(); + Net::SSLeay::ERR_load_crypto_strings(); + + Net::SSLeay::library_init(); + + # The test suite makes heavy use of SHA-256, but SHA-256 isn't registered by + # default in all OpenSSL versions - register it manually when Net::SSLeay is + # built against the following OpenSSL versions: + + # OpenSSL 0.9.8 series < 0.9.8o + Net::SSLeay::OpenSSL_add_all_digests() + if Net::SSLeay::constant('OPENSSL_VERSION_NUMBER') < 0x009080ff; + + # OpenSSL 1.0.0 series < 1.0.0a + Net::SSLeay::OpenSSL_add_all_digests() + if Net::SSLeay::constant('OPENSSL_VERSION_NUMBER') >= 0x10000000 + && Net::SSLeay::constant('OPENSSL_VERSION_NUMBER') < 0x1000001f; + + $initialised = 1; + + return 1; +} + +sub is_libressl { + _load_net_ssleay(); + + # The most foolproof method of checking whether libssl is provided by + # LibreSSL is by checking OPENSSL_VERSION_NUMBER: every version of + # LibreSSL identifies itself as OpenSSL 2.0.0, which is a version number + # that OpenSSL itself will never use (version 3.0.0 follows 1.1.1) + return 0 + if Net::SSLeay::constant('OPENSSL_VERSION_NUMBER') != 0x20000000; + + return 1; +} + +sub is_openssl { + _load_net_ssleay(); + + # "OpenSSL 2.0.0" is actually LibreSSL + return 0 + if Net::SSLeay::constant('OPENSSL_VERSION_NUMBER') == 0x20000000; + + return 1; +} + +sub is_protocol_usable { + my ($proto) = @_; + + _load_net_ssleay(); + initialise_libssl(); + + my $proto_data = $protos{$proto}; + + # If libssl does not support this protocol version, or if it was disabled at + # compile-time, the appropriate method for that version will be missing + if ( + $proto_data->{constant_type} eq 'version' + ? !eval { &{ $proto_data->{constant} }; 1 } + : !defined &{ $proto_data->{constant} } + ) { + return 0; + } + + # If libssl was built with support for this protocol version, the only + # reliable way to test whether its use is permitted by the security policy + # is to attempt to create a connection that uses it - if it is permitted, + # the state machine enters the following states: + # + # SSL_CB_HANDSHAKE_START (ret=1) + # SSL_CB_CONNECT_LOOP (ret=1) + # SSL_CB_CONNECT_EXIT (ret=-1) + # + # If it is not permitted, the state machine instead enters the following + # states: + # + # SSL_CB_HANDSHAKE_START (ret=1) + # SSL_CB_CONNECT_EXIT (ret=-1) + # + # Additionally, ERR_get_error() returns the error code 0x14161044, although + # this might not necessarily be guaranteed for all libssl versions, so + # testing for it may be unreliable + + my $constant = $proto_data->{constant}->(); + my $ctx; + + if ( $proto_data->{constant_type} eq 'version' ) { + $ctx = Net::SSLeay::CTX_new_with_method( Net::SSLeay::TLS_method() ) + or _libssl_fatal('Failed to create libssl SSL_CTX object'); + + Net::SSLeay::CTX_set_min_proto_version( $ctx, $constant ); + Net::SSLeay::CTX_set_max_proto_version( $ctx, $constant ); + } + else { + $ctx = Net::SSLeay::CTX_new_with_method($constant) + or _libssl_fatal('Failed to create SSL_CTX object'); + } + + my $ssl = Net::SSLeay::new($ctx) + or _libssl_fatal('Failed to create SSL structure'); + + # For the purposes of this test, it isn't necessary to link the SSL + # structure to a file descriptor, since no data actually needs to be sent or + # received + Net::SSLeay::set_fd( $ssl, -1 ) + or _libssl_fatal('Failed to set file descriptor for SSL structure'); + + my @states; + + Net::SSLeay::CTX_set_info_callback( + $ctx, + sub { + my ( $ssl, $where, $ret, $data ) = @_; + + push @states, $where; + } + ); + + Net::SSLeay::connect($ssl) + or _libssl_fatal('Failed to initiate connection'); + + my $disabled = Net::SSLeay::CB_HANDSHAKE_START() + + Net::SSLeay::CB_CONNECT_EXIT(); + + my $enabled = Net::SSLeay::CB_HANDSHAKE_START() + + Net::SSLeay::CB_CONNECT_LOOP() + + Net::SSLeay::CB_CONNECT_EXIT(); + + Net::SSLeay::free($ssl); + Net::SSLeay::CTX_free($ctx); + + my $observed = 0; + for my $state (@states) { + $observed += $state; + } + + return 0 if $observed == $disabled; + return 1 if $observed == $enabled; + + croak 'Unexpected TLS state machine sequence: ' . join( ', ', @states ); +} + +sub lives_ok { + my ( $sub, $name ) = @_; + + my ( $got, $ok ); + + if ( !eval { $sub->(); 1 } ) { + $got = $EVAL_ERROR; + + $ok = $tester->ok ( 0, $name ); + + _diag( + got => qq{subroutine died with exception '$got'}, + expected => 'subroutine lived', + ); + } + else { + $got = $EVAL_ERROR; + + $ok = $tester->ok( 1, $name ); + } + + $EVAL_ERROR = $got; + + return $ok; +} + +sub new_ctx { + my ( $min_proto, $max_proto ) = @_; + + my @usable_protos = + # Exclude protocol versions not supported by this libssl: + grep { + is_protocol_usable($_) + } + # Exclude protocol versions outside the desired range: + grep { + ( + defined $min_proto + ? $protos{$_}->{priority} >= $protos{$min_proto}->{priority} + : 1 + ) + && ( + defined $max_proto + ? $protos{$_}->{priority} <= $protos{$max_proto}->{priority} + : 1 + ) + } + protocols(); + + croak 'Failed to create libssl SSL_CTX object: no usable protocol versions' + if !@usable_protos; + + my $proto = shift @usable_protos; + my $constant = $protos{$proto}->{constant}->(); + my $ctx; + + if ( $protos{$proto}->{constant_type} eq 'version' ) { + $ctx = Net::SSLeay::CTX_new_with_method( Net::SSLeay::TLS_method() ) + or _libssl_fatal('Failed to create libssl SSL_CTX object'); + + Net::SSLeay::CTX_set_min_proto_version( $ctx, $constant ); + Net::SSLeay::CTX_set_max_proto_version( $ctx, $constant ); + } + else { + $ctx = Net::SSLeay::CTX_new_with_method($constant) + or _libssl_fatal('Failed to create SSL_CTX object'); + } + + return wantarray ? ( $ctx, $proto ) + : $ctx; +} + +sub protocols { + return + sort { + $protos{$b}->{priority} <=> $protos{$a}->{priority} + } + keys %protos; +} + +sub tcp_socket { + return Test::Net::SSLeay::Socket->new( proto => 'tcp' ); +} + +sub warns_like { + my ( $sub, $expected, $name ) = @_; + + my @expected = ref $expected eq 'ARRAY' + ? @$expected + : ($expected); + + my @got; + + local $SIG{__WARN__} = sub { push @got, shift }; + + $sub->(); + + $SIG{__WARN__} = 'DEFAULT'; + + my $test = scalar @got == scalar @expected + && _all( sub { $got[$_] =~ $expected[$_] }, 0 .. $#got ); + + my $ok = $tester->ok( $test, $name ) + or do { + my $got_str = join q{, }, map { qq{'$_'} } @got; + my $expected_str = join q{, }, map { qq{'$_'} } @expected; + + my $got_plural = @got == 1 ? '' : 's'; + my $expected_plural = @expected == 1 ? '' : 's'; + + _diag( + got => "warning$got_plural $got_str", + expected => "warning$expected_plural matching $expected_str", + ); + }; + + return $ok; +} + +1; + +__END__ + +=head1 NAME + +Test::Net::SSLeay - Helper module for the Net-SSLeay test suite + +=head1 VERSION + +This document describes version 1.92 of Test::Net::SSLeay. + +=head1 SYNOPSIS + +In a Net-SSLeay test script: + + # Optional summary of the purpose of the tests in this script + + use lib 'inc'; + + use Net::SSLeay; # if required by the tests + use Test::Net::SSLeay qw(initialise_libssl); # import other helper + # functions if required + + # Imports of other modules specific to this test script + + # Plan tests, or skip them altogether if certain preconditions aren't met + if (disqualifying_condition) { + plan skip_all => ...; + } else { + plan tests => ...; + } + + # If this script tests Net::SSLeay functionality: + initialise_libssl(); + + # Perform one or more Test::More-based tests + +=head1 DESCRIPTION + +This is a helper module that makes it easier (or, at least, less repetitive) +to write test scripts for the Net-SSLeay test suite. For consistency, all test +scripts should import this module and follow the preamble structure given in +L. + +Importing this module has the following effects on the caller, regardless of +whether any exports are requested: + +=over 4 + +=item * + +C and C are enabled; + +=item * + +L, the test framework used by the Net-SSLeay test +suite, is imported. + +=back + +No symbols are exported by default. If desired, individual helper functions +may be imported into the caller's namespace by specifying their name in the +import list; see L for a list of available helper +functions. + +=head1 HELPER FUNCTIONS + +=head2 can_fork + + if (can_fork()) { + # Run tests that rely on a working fork() implementation + } + +Returns true if this system natively supports the C system call, or if +Perl can emulate C on this system using interpreter-level threads. +Otherwise, returns false. + +=head2 can_really_fork + + if (can_really_fork()) { + # Run tests that rely on a native fork() implementation + } + +Returns true if this system natively supports the C system call, or +false if not. + +=head2 can_thread + + if (can_thread()) { + # Run tests that rely on working threads support + } + +Returns true if reliable interpreter-level threads support is available in +this Perl, or false if not. + +=head2 data_file_path + + my $cert_path = data_file_path('wildcard-cert.cert.pem'); + my $key_path = data_file_path('wildcard-cert.key.pem'); + +Returns the relative path to a given file in the test suite data directory +(C). Dies if the file does not exist. + +=head2 dies_like + + dies_like( + sub { die 'This subroutine always dies' }, + qr/always/, + 'A test that always passes' + ); + +Similar to L in Test::Exception|Test::Exception/throws_ok>: +performs a L test that passes if a given subroutine dies with an +exception string that matches a given pattern, or fails if the subroutine does +not die or dies with an exception string that does not match the given pattern. + +This function preserves the value of C<$@> set by the given subroutine, so (for +example) other tests can be performed on the value of C<$@> afterwards. + +=head2 dies_ok + + dies_ok( + sub { my $x = 1 }, + 'A test that always fails' + ); + +Similar to L in Test::Exception|Test::Exception/dies_ok>: performs a +L test that passes if a given subroutine dies, or fails if it +does not. + +This function preserves the value of C<$@> set by the given subroutine, so (for +example) other tests can be performed on the value of C<$@> afterwards. + +=head2 doesnt_warn + + doesnt_warn('Test script outputs no unexpected warnings'); + +Offers similar functionality to L: performs a L +test at the end of the test script that passes if the test script executes from +this point onwards without emitting any unexpected warnings, or fails if +warnings are emitted before the test script ends. + +Warnings omitted by subroutines that are executed as part of a L +test are not considered to be unexpected (even if the L test +fails), and will therefore not cause this test to fail. + +=head2 initialise_libssl + + initialise_libssl(); + + # Run tests that call Net::SSLeay functions + +Initialises libssl (and libcrypto) by seeding the pseudorandom number generator, +loading error strings, and registering the default TLS ciphers and digest +functions. All digest functions are explicitly registered when Net::SSLeay is +built against a libssl version that does not register SHA-256 by default, since +SHA-256 is used heavily in the test suite PKI. + +libssl will only be initialised the first time this function is called, so it is +safe for it to be called multiple times in the same test script. + +=head2 is_libressl + + if (is_libressl()) { + # Run LibreSSL-specific tests + } + +Returns true if libssl is provided by LibreSSL, or false if not. + +=head2 is_openssl + + if (is_openssl()) { + # Run OpenSSL-specific tests + } + +Returns true if libssl is provided by OpenSSL, or false if not. + +=head2 is_protocol_usable + + if ( is_protocol_usable('TLSv1.1') ) { + # Run TLSv1.1 tests + } + +Returns true if libssl can communicate using the given SSL/TLS protocol version +(represented as a string of the format returned by L), or false if +not. + +Note that the availability of a particular SSL/TLS protocol version may vary +based on the version of OpenSSL or LibreSSL in use, the options chosen when it +was compiled (e.g., OpenSSL will not support SSLv3 if it was built with +C), or run-time configuration (e.g., the use of TLSv1.0 will be +forbidden if the OpenSSL configuration sets the default security level to 3 or +higher; see L). + +=head2 lives_ok + + lives_ok( + sub { die 'Whoops' }, + 'A test that always fails' + ); + +Similar to L in Test::Exception|Test::Exception/lives_ok>: performs +a L test that passes if a given subroutine executes without +dying, or fails if it dies during execution. + +This function preserves the value of C<$@> set by the given subroutine, so (for +example) other tests can be performed on the value of C<$@> afterwards. + +=head2 new_ctx + + my $ctx = new_ctx(); + # $ctx is an SSL_CTX that uses the highest available protocol version + + my ( $ctx, $version ) = new_ctx( 'TLSv1', 'TLSv1.2' ); + # $ctx is an SSL_CTX that uses the highest available protocol version + # between TLSv1 and TLSv1.2 inclusive; $version contains the protocol + # version chosen + +Creates a libssl SSL_CTX object that uses the most recent SSL/TLS protocol +version supported by libssl, optionally bounded by the given minimum and maximum +protocol versions (represented as strings of the format returned by +L). + +If called in scalar context, returns the SSL_CTX object that was created. If +called in array context, returns the SSL_CTX object and a string containing the +protocol version used by the SSL_CTX object. Dies if libssl does not support any +of the protocol versions in the given range, or if an SSL_CTX object that uses +the chosen protocol version could not be created. + +=head2 protocols + + my @protos = protocols(); + +Returns an array containing strings that describe the SSL/TLS protocol versions +supported by L: C<'TLSv1.3'>, C<'TLSv1.2'>, C<'TLSv1.1'>, +C<'TLSv1'>, C<'SSLv3'>, and C<'SSLv2'>. The protocol versions are sorted in +reverse order of age (i.e. in the order shown here). + +Note that it may not be possible to communicate using some of these protocol +versions, depending on how libssl was compiled and is configured. These strings +can be given as parameters to L to discover whether the +protocol version is actually usable by libssl. + +=head2 tcp_socket + + my $server = tcp_socket(); + + # Accept connection from client: + my $sock_in = $server->accept(); + + # Create connection to server: + my $sock_out = $server->connect(); + +Creates a TCP server socket that listens on localhost on an arbitrarily-chosen +free port. Convenience methods are provided for accepting, establishing and +closing connections. + +Returns a L object. Dies +on failure. + +=head2 warns_like + + warns_like( + sub { + warn 'First warning'; + warn 'Second warning'; + }, + [ + qr/First/, + qr/Second/, + ], + 'A test that always passes' + ); + +Similar to L in Test::Warn|Test::Warn/warnings_like>: performs +a L test that passes if a given subroutine emits a series of +warnings that match the given sequence of patterns, or fails if the subroutine +emits any other sequence of warnings (or no warnings at all). If a pattern is +given instead of an array reference, the subroutine will be expected to emit a +single warning matching the pattern. + +=head1 BUGS + +If you encounter a problem with this module that you believe is a bug, please +L +in the Net-SSLeay GitHub repository. Please make sure your bug report includes +the following information: + +=over + +=item * + +the code you are trying to run (ideally a minimum working example that +reproduces the problem), or the full output of the Net-SSLeay test suite if +the problem relates to a test failure; + +=item * + +your operating system name and version; + +=item * + +the output of C; + +=item * + +the version of Net-SSLeay you are using; + +=item * + +the version of OpenSSL or LibreSSL you are using. + +=back + +=head1 AUTHORS + +Originally written by Chris Novakovic. + +Maintained by Chris Novakovic, Tuure Vartiainen and Heikki Vatiainen. + +=head1 COPYRIGHT AND LICENSE + +Copyright 2020- Chris Novakovic . + +Copyright 2020- Tuure Vartiainen . + +Copyright 2020- Heikki Vatiainen . + +This module is released under the terms of the Artistic License 2.0. For +details, see the C file distributed with Net-SSLeay's source code. + +=cut diff --git a/cpan/Net-SSLeay/inc/Test/Net/SSLeay/Socket.pm b/cpan/Net-SSLeay/inc/Test/Net/SSLeay/Socket.pm new file mode 100644 index 000000000000..2ddbe8475947 --- /dev/null +++ b/cpan/Net-SSLeay/inc/Test/Net/SSLeay/Socket.pm @@ -0,0 +1,326 @@ +package Test::Net::SSLeay::Socket; + +use 5.008001; +use strict; +use warnings; + +use Carp qw(croak); +use English qw( $EVAL_ERROR $OS_ERROR $OUTPUT_AUTOFLUSH -no_match_vars ); +use Scalar::Util qw(refaddr reftype); +use SelectSaver; +use Socket qw( + AF_INET SOCK_DGRAM SOCK_STREAM + inet_aton inet_ntoa pack_sockaddr_in unpack_sockaddr_in +); + +our $VERSION = '1.92'; + +my %PROTOS = ( + tcp => SOCK_STREAM, + udp => SOCK_DGRAM, +); + +sub new { + my ( $class, %args ) = @_; + + my $self = bless { + addr => delete $args{addr} || '127.0.0.1', + port => delete $args{port} || 0, + proto => delete $args{proto} || 'tcp', + queue => delete $args{queue} || 5, + }, $class; + + if ( !exists $PROTOS{ $self->{proto} } ) { + croak "Unknown protocol '$self->{proto}'"; + } + + $self->_init_server(); + + return $self; +} + +sub _init_server { + my ($self) = @_; + + my $addr = eval { inet_aton( $self->{addr} ) } + or croak 'Could not pack IP address' + . ( $EVAL_ERROR ? ": $EVAL_ERROR" : q{} ); + + my $sockaddr = eval { pack_sockaddr_in( $self->{port}, $addr ) } + or croak 'Could not create sockaddr_in structure' + . ( $EVAL_ERROR ? ": $EVAL_ERROR" : q{} ); + + socket $self->{sock}, AF_INET, $PROTOS{ $self->{proto} }, 0 + or croak "Could not open server socket: $OS_ERROR"; + + if ( $self->{proto} eq 'tcp' ) { + bind $self->{sock}, $sockaddr + or croak "Could not bind server socket: $OS_ERROR"; + + listen $self->{sock}, $self->{queue} + or croak "Could not listen on server socket: $OS_ERROR"; + } + + my $sockname = getsockname $self->{sock}; + ( $self->{sport}, $self->{saddr} ) = unpack_sockaddr_in($sockname); + $self->{saddr} = inet_ntoa( $self->{saddr} ); + + return 1; +} + +sub get_addr { + my ($self) = @_; + + return $self->{saddr}; +} + +sub get_port { + my ($self) = @_; + + return $self->{sport}; +} + +sub accept { + my ( $self, $sock ) = @_; + + if ( defined $sock && reftype($sock) ne 'GLOB' ) { + croak 'Argument #1 to accept() must be a typeglob reference'; + } + + accept $sock, $self->{sock} + or croak "Could not accept connection: $OS_ERROR"; + + my $saver = SelectSaver->new($sock); + local $OUTPUT_AUTOFLUSH = 1; + + return $sock; +} + +sub connect { + my ($self) = @_; + + my $addr = eval { inet_aton( $self->{saddr} ) } + or croak 'Could not pack IP address' + . ( $EVAL_ERROR ? ": $EVAL_ERROR" : q{} ); + + my $sockaddr = eval { pack_sockaddr_in( $self->{sport}, $addr ) } + or croak 'Could not create sockaddr_in structure' + . ( $EVAL_ERROR ? ": $EVAL_ERROR" : q{} ); + + socket my $sock, AF_INET, $PROTOS{ $self->{proto} }, 0 + or croak "Could not open server socket: $OS_ERROR"; + connect $sock, $sockaddr + or croak "Could not connect to server socket: $OS_ERROR"; + + my $saver = SelectSaver->new($sock); + local $OUTPUT_AUTOFLUSH = 1; + + return $sock; +} + +sub close { + my ($self) = @_; + + return close $self->{sock}; +} + +1; + +__END__ + +=head1 NAME + +Test::Net::SSLeay::Socket - Socket class for the Net-SSLeay test suite + +=head1 VERSION + +This document describes version 1.92 of Test::Net::SSLeay::Socket. + +=head1 SYNOPSIS + + use Test::Net::SSLeay::Socket; + + # Create TCP server socket listening on localhost on a random unused port + my $server = Test::Net::SSLeay::Socket->new( protocol => 'tcp' ); + + # To wait for a connection to the server socket: + my $sock = $server->accept(); + + # Open a connection to the server socket: + my $client_sock = $server->connect(); + + # Or do so using Net::SSLeay's high-level API: + use Net::SSLeay qw(tcpcat); + my ( $response, $err ) = + tcpcat( $server->get_addr(), $server->get_port(), 'request' ); + +=head1 DESCRIPTION + +Test scripts in the Net-SSLeay test suite commonly need to establish server +and client sockets over which TLS communication can be tested. This module +simplifies the process of creating server sockets and client sockets that know +how to connect to them. + +This module is not intended to be used directly by test scripts; use the +helper functions in L +instead. + +=head1 CONSTRUCTOR + +=head2 new + + # TCP server socket listening on localhost on a random unused port: + my $server = Test::Net::SSLeay::Socket->new(); + + # TCP server socket listening on a private IP address on the standard HTTP + # port: + my $server = Test::Net::SSLeay::Socket->new( + addr => '10.0.0.1', + port => 80, + proto => 'tcp', + ); + +Creates a new C object. A server socket is created +that binds to a given (or the default) address and port number. + +Supported options: + +=over 4 + +=item * + +C (optional): the IPv4 address that the server socket should bind to. +Defaults to C<'127.0.0.1'>. + +=item * + +C (optional): the port number that the server socket should bind to. +Defaults to the number of a random unused port chosen by the operating system. + +=item * + +C (optional): the transport protocol that the server socket should use; +C<'tcp'> for TCP, C<'udp'> for UDP. Defaults to C<'tcp'>. + +=item * + +C (optional): the maximum number of pending connections to allow for +the server socket. Defaults to 5. + +=back + +Dies on failure. + +=head1 METHODS + +=head2 get_addr + + my $address = $server->get_addr(); + +Returns the address on which the server socket is listening. Useful when +manually creating a connection to the server socket (e.g. via one of +Net::SSLeay's high-level API functions) and an address was not specified in +the constructor. + +=head2 get_port + + my $port = $server->get_port(); + +Returns the port number on which the server socket is listening. Useful when +manually creating a client socket to connect to the server socket (e.g. via +one of Net::SSLeay's high-level API functions) and a port number was not +specified in the constructor. + +=head2 accept + + # Communicate with the client, creating a new file handle: + my $sock = $server->accept(); + + # Communicate with the client using an existing typeglob as the file + # handle: + $server->accept(*Net::SSLeay::SSLCAT_S); + +Accepts an incoming connection request to the server socket, and enables +autoflush on the resulting file handle. + +If a typeglob is passed as the first argument, it becomes the socket's file +handle. This is useful when creating sockets for testing Net::SSLeay's +high-level API functions, which perform their operations on the +C typeglob. + +Returns the file handle for the new socket. Dies on failure. + +=head2 connect + + my $sock = $server->connect(); + +Creates a new connection to the server socket, and enables autoflush on the +resulting file handle. + +Returns the file handle for the new socket. Dies on failure. + +=head2 close + + $server->close(); + +Closes the file handle for the server socket. + +Returns true on success, or false on failure (just like Perl's +L builtin). + +=head1 SEE ALSO + +L, for an easier way to use this module +from Net-SSLeay test scripts. + +=head1 BUGS + +If you encounter a problem with this module that you believe is a bug, please +L +in the Net-SSLeay GitHub repository. Please make sure your bug report includes +the following information: + +=over + +=item * + +the code you are trying to run (ideally a minimum working example that +reproduces the problem), or the full output of the Net-SSLeay test suite if +the problem relates to a test failure; + +=item * + +your operating system name and version; + +=item * + +the output of C; + +=item * + +the version of Net-SSLeay you are using; + +=item * + +the version of OpenSSL or LibreSSL you are using. + +=back + +=head1 AUTHORS + +Originally written by Chris Novakovic. + +Maintained by Chris Novakovic, Tuure Vartiainen and Heikki Vatiainen. + +=head1 COPYRIGHT AND LICENSE + +Copyright 2020- Chris Novakovic . + +Copyright 2020- Tuure Vartiainen . + +Copyright 2020- Heikki Vatiainen . + +This module is released under the terms of the Artistic License 2.0. For +details, see the C file distributed with Net-SSLeay's source code. + +=cut diff --git a/cpan/Net-SSLeay/lib/Net/SSLeay.pm b/cpan/Net-SSLeay/lib/Net/SSLeay.pm new file mode 100644 index 000000000000..3838b594c945 --- /dev/null +++ b/cpan/Net-SSLeay/lib/Net/SSLeay.pm @@ -0,0 +1,1905 @@ +# Net::SSLeay.pm - Perl module for using Eric Young's implementation of SSL +# +# Copyright (c) 1996-2003 Sampo Kellomäki +# Copyright (c) 2005-2010 Florian Ragwitz +# Copyright (c) 2005-2018 Mike McCauley +# Copyright (c) 2018- Chris Novakovic +# Copyright (c) 2018- Tuure Vartiainen +# Copyright (c) 2018- Heikki Vatiainen +# +# All rights reserved. +# +# This module is released under the terms of the Artistic License 2.0. For +# details, see the LICENSE file distributed with Net-SSLeay's source code. + +package Net::SSLeay; + +use 5.8.1; + +use strict; +use Carp; +use vars qw($VERSION @ISA @EXPORT @EXPORT_OK $AUTOLOAD $CRLF); +use Socket; +use Errno; + +require Exporter; +use AutoLoader; + +# 0=no warns, 1=only errors, 2=ciphers, 3=progress, 4=dump data +$Net::SSLeay::trace = 0; # Do not change here, use + # $Net::SSLeay::trace = [1-4] in caller + +# 2 = insist on v2 SSL protocol +# 3 = insist on v3 SSL +# 10 = insist on TLSv1 +# 11 = insist on TLSv1.1 +# 12 = insist on TLSv1.2 +# 13 = insist on TLSv1.3 +# 0 or undef = guess (v23) +# +$Net::SSLeay::ssl_version = 0; # don't change here, use + # Net::SSLeay::version=[2,3,0] in caller + +#define to enable the "cat /proc/$$/stat" stuff +$Net::SSLeay::linux_debug = 0; + +# Number of seconds to sleep after sending message and before half +# closing connection. Useful with antiquated broken servers. +$Net::SSLeay::slowly = 0; + +# RANDOM NUMBER INITIALIZATION +# +# Edit to your taste. Using /dev/random would be more secure, but may +# block if randomness is not available, thus the default is +# /dev/urandom. $how_random determines how many bits of randomness to take +# from the device. You should take enough (read SSLeay/doc/rand), but +# beware that randomness is limited resource so you should not waste +# it either or you may end up with randomness depletion (situation where +# /dev/random would block and /dev/urandom starts to return predictable +# numbers). +# +# N.B. /dev/urandom does not exist on all systems, such as Solaris 2.6. In that +# case you should get a third party package that emulates /dev/urandom +# (e.g. via named pipe) or supply a random number file. Some such +# packages are documented in Caveat section of the POD documentation. + +$Net::SSLeay::random_device = '/dev/urandom'; +$Net::SSLeay::how_random = 512; + +# When updating this, also update $VERSION in the following files: +# inc/Test/Net/SSLeay.pm +# inc/Test/Net/SSLeay/Socket.pm +# lib/Net/SSLeay/Handle.pm +$VERSION = '1.92'; + +@ISA = qw(Exporter); + +# This array is automatically generated - do not manually modify it. +# To add or remove a constant, edit helper_script/constants.txt, then run +# helper_script/update-exported-constants. +my @constants = qw( + ASN1_STRFLGS_ESC_CTRL + ASN1_STRFLGS_ESC_MSB + ASN1_STRFLGS_ESC_QUOTE + ASN1_STRFLGS_RFC2253 + CB_ACCEPT_EXIT + CB_ACCEPT_LOOP + CB_ALERT + CB_CONNECT_EXIT + CB_CONNECT_LOOP + CB_EXIT + CB_HANDSHAKE_DONE + CB_HANDSHAKE_START + CB_LOOP + CB_READ + CB_READ_ALERT + CB_WRITE + CB_WRITE_ALERT + ERROR_NONE + ERROR_SSL + ERROR_SYSCALL + ERROR_WANT_ACCEPT + ERROR_WANT_CONNECT + ERROR_WANT_READ + ERROR_WANT_WRITE + ERROR_WANT_X509_LOOKUP + ERROR_ZERO_RETURN + EVP_PKS_DSA + EVP_PKS_EC + EVP_PKS_RSA + EVP_PKT_ENC + EVP_PKT_EXCH + EVP_PKT_EXP + EVP_PKT_SIGN + EVP_PK_DH + EVP_PK_DSA + EVP_PK_EC + EVP_PK_RSA + FILETYPE_ASN1 + FILETYPE_PEM + F_CLIENT_CERTIFICATE + F_CLIENT_HELLO + F_CLIENT_MASTER_KEY + F_D2I_SSL_SESSION + F_GET_CLIENT_FINISHED + F_GET_CLIENT_HELLO + F_GET_CLIENT_MASTER_KEY + F_GET_SERVER_FINISHED + F_GET_SERVER_HELLO + F_GET_SERVER_VERIFY + F_I2D_SSL_SESSION + F_READ_N + F_REQUEST_CERTIFICATE + F_SERVER_HELLO + F_SSL_CERT_NEW + F_SSL_GET_NEW_SESSION + F_SSL_NEW + F_SSL_READ + F_SSL_RSA_PRIVATE_DECRYPT + F_SSL_RSA_PUBLIC_ENCRYPT + F_SSL_SESSION_NEW + F_SSL_SESSION_PRINT_FP + F_SSL_SET_FD + F_SSL_SET_RFD + F_SSL_SET_WFD + F_SSL_USE_CERTIFICATE + F_SSL_USE_CERTIFICATE_ASN1 + F_SSL_USE_CERTIFICATE_FILE + F_SSL_USE_PRIVATEKEY + F_SSL_USE_PRIVATEKEY_ASN1 + F_SSL_USE_PRIVATEKEY_FILE + F_SSL_USE_RSAPRIVATEKEY + F_SSL_USE_RSAPRIVATEKEY_ASN1 + F_SSL_USE_RSAPRIVATEKEY_FILE + F_WRITE_PENDING + GEN_DIRNAME + GEN_DNS + GEN_EDIPARTY + GEN_EMAIL + GEN_IPADD + GEN_OTHERNAME + GEN_RID + GEN_URI + GEN_X400 + LIBRESSL_VERSION_NUMBER + MBSTRING_ASC + MBSTRING_BMP + MBSTRING_FLAG + MBSTRING_UNIV + MBSTRING_UTF8 + MIN_RSA_MODULUS_LENGTH_IN_BYTES + MODE_ACCEPT_MOVING_WRITE_BUFFER + MODE_AUTO_RETRY + MODE_ENABLE_PARTIAL_WRITE + MODE_RELEASE_BUFFERS + NID_OCSP_sign + NID_SMIMECapabilities + NID_X500 + NID_X509 + NID_ad_OCSP + NID_ad_ca_issuers + NID_algorithm + NID_authority_key_identifier + NID_basic_constraints + NID_bf_cbc + NID_bf_cfb64 + NID_bf_ecb + NID_bf_ofb64 + NID_cast5_cbc + NID_cast5_cfb64 + NID_cast5_ecb + NID_cast5_ofb64 + NID_certBag + NID_certificate_policies + NID_client_auth + NID_code_sign + NID_commonName + NID_countryName + NID_crlBag + NID_crl_distribution_points + NID_crl_number + NID_crl_reason + NID_delta_crl + NID_des_cbc + NID_des_cfb64 + NID_des_ecb + NID_des_ede + NID_des_ede3 + NID_des_ede3_cbc + NID_des_ede3_cfb64 + NID_des_ede3_ofb64 + NID_des_ede_cbc + NID_des_ede_cfb64 + NID_des_ede_ofb64 + NID_des_ofb64 + NID_description + NID_desx_cbc + NID_dhKeyAgreement + NID_dnQualifier + NID_dsa + NID_dsaWithSHA + NID_dsaWithSHA1 + NID_dsaWithSHA1_2 + NID_dsa_2 + NID_email_protect + NID_ext_key_usage + NID_ext_req + NID_friendlyName + NID_givenName + NID_hmacWithSHA1 + NID_id_ad + NID_id_ce + NID_id_kp + NID_id_pbkdf2 + NID_id_pe + NID_id_pkix + NID_id_qt_cps + NID_id_qt_unotice + NID_idea_cbc + NID_idea_cfb64 + NID_idea_ecb + NID_idea_ofb64 + NID_info_access + NID_initials + NID_invalidity_date + NID_issuer_alt_name + NID_keyBag + NID_key_usage + NID_localKeyID + NID_localityName + NID_md2 + NID_md2WithRSAEncryption + NID_md5 + NID_md5WithRSA + NID_md5WithRSAEncryption + NID_md5_sha1 + NID_mdc2 + NID_mdc2WithRSA + NID_ms_code_com + NID_ms_code_ind + NID_ms_ctl_sign + NID_ms_efs + NID_ms_ext_req + NID_ms_sgc + NID_name + NID_netscape + NID_netscape_base_url + NID_netscape_ca_policy_url + NID_netscape_ca_revocation_url + NID_netscape_cert_extension + NID_netscape_cert_sequence + NID_netscape_cert_type + NID_netscape_comment + NID_netscape_data_type + NID_netscape_renewal_url + NID_netscape_revocation_url + NID_netscape_ssl_server_name + NID_ns_sgc + NID_organizationName + NID_organizationalUnitName + NID_pbeWithMD2AndDES_CBC + NID_pbeWithMD2AndRC2_CBC + NID_pbeWithMD5AndCast5_CBC + NID_pbeWithMD5AndDES_CBC + NID_pbeWithMD5AndRC2_CBC + NID_pbeWithSHA1AndDES_CBC + NID_pbeWithSHA1AndRC2_CBC + NID_pbe_WithSHA1And128BitRC2_CBC + NID_pbe_WithSHA1And128BitRC4 + NID_pbe_WithSHA1And2_Key_TripleDES_CBC + NID_pbe_WithSHA1And3_Key_TripleDES_CBC + NID_pbe_WithSHA1And40BitRC2_CBC + NID_pbe_WithSHA1And40BitRC4 + NID_pbes2 + NID_pbmac1 + NID_pkcs + NID_pkcs3 + NID_pkcs7 + NID_pkcs7_data + NID_pkcs7_digest + NID_pkcs7_encrypted + NID_pkcs7_enveloped + NID_pkcs7_signed + NID_pkcs7_signedAndEnveloped + NID_pkcs8ShroudedKeyBag + NID_pkcs9 + NID_pkcs9_challengePassword + NID_pkcs9_contentType + NID_pkcs9_countersignature + NID_pkcs9_emailAddress + NID_pkcs9_extCertAttributes + NID_pkcs9_messageDigest + NID_pkcs9_signingTime + NID_pkcs9_unstructuredAddress + NID_pkcs9_unstructuredName + NID_private_key_usage_period + NID_rc2_40_cbc + NID_rc2_64_cbc + NID_rc2_cbc + NID_rc2_cfb64 + NID_rc2_ecb + NID_rc2_ofb64 + NID_rc4 + NID_rc4_40 + NID_rc5_cbc + NID_rc5_cfb64 + NID_rc5_ecb + NID_rc5_ofb64 + NID_ripemd160 + NID_ripemd160WithRSA + NID_rle_compression + NID_rsa + NID_rsaEncryption + NID_rsadsi + NID_safeContentsBag + NID_sdsiCertificate + NID_secretBag + NID_serialNumber + NID_server_auth + NID_sha + NID_sha1 + NID_sha1WithRSA + NID_sha1WithRSAEncryption + NID_shaWithRSAEncryption + NID_stateOrProvinceName + NID_subject_alt_name + NID_subject_key_identifier + NID_surname + NID_sxnet + NID_time_stamp + NID_title + NID_undef + NID_uniqueIdentifier + NID_x509Certificate + NID_x509Crl + NID_zlib_compression + NOTHING + OCSP_RESPONSE_STATUS_INTERNALERROR + OCSP_RESPONSE_STATUS_MALFORMEDREQUEST + OCSP_RESPONSE_STATUS_SIGREQUIRED + OCSP_RESPONSE_STATUS_SUCCESSFUL + OCSP_RESPONSE_STATUS_TRYLATER + OCSP_RESPONSE_STATUS_UNAUTHORIZED + OPENSSL_BUILT_ON + OPENSSL_CFLAGS + OPENSSL_CPU_INFO + OPENSSL_DIR + OPENSSL_ENGINES_DIR + OPENSSL_FULL_VERSION_STRING + OPENSSL_INFO_CONFIG_DIR + OPENSSL_INFO_CPU_SETTINGS + OPENSSL_INFO_DIR_FILENAME_SEPARATOR + OPENSSL_INFO_DSO_EXTENSION + OPENSSL_INFO_ENGINES_DIR + OPENSSL_INFO_LIST_SEPARATOR + OPENSSL_INFO_MODULES_DIR + OPENSSL_INFO_SEED_SOURCE + OPENSSL_MODULES_DIR + OPENSSL_PLATFORM + OPENSSL_VERSION + OPENSSL_VERSION_MAJOR + OPENSSL_VERSION_MINOR + OPENSSL_VERSION_NUMBER + OPENSSL_VERSION_PATCH + OPENSSL_VERSION_STRING + OP_ALL + OP_ALLOW_NO_DHE_KEX + OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION + OP_CIPHER_SERVER_PREFERENCE + OP_CISCO_ANYCONNECT + OP_COOKIE_EXCHANGE + OP_CRYPTOPRO_TLSEXT_BUG + OP_DONT_INSERT_EMPTY_FRAGMENTS + OP_ENABLE_MIDDLEBOX_COMPAT + OP_EPHEMERAL_RSA + OP_LEGACY_SERVER_CONNECT + OP_MICROSOFT_BIG_SSLV3_BUFFER + OP_MICROSOFT_SESS_ID_BUG + OP_MSIE_SSLV2_RSA_PADDING + OP_NETSCAPE_CA_DN_BUG + OP_NETSCAPE_CHALLENGE_BUG + OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG + OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG + OP_NON_EXPORT_FIRST + OP_NO_ANTI_REPLAY + OP_NO_CLIENT_RENEGOTIATION + OP_NO_COMPRESSION + OP_NO_ENCRYPT_THEN_MAC + OP_NO_QUERY_MTU + OP_NO_RENEGOTIATION + OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION + OP_NO_SSL_MASK + OP_NO_SSLv2 + OP_NO_SSLv3 + OP_NO_TICKET + OP_NO_TLSv1 + OP_NO_TLSv1_1 + OP_NO_TLSv1_2 + OP_NO_TLSv1_3 + OP_PKCS1_CHECK_1 + OP_PKCS1_CHECK_2 + OP_PRIORITIZE_CHACHA + OP_SAFARI_ECDHE_ECDSA_BUG + OP_SINGLE_DH_USE + OP_SINGLE_ECDH_USE + OP_SSLEAY_080_CLIENT_DH_BUG + OP_SSLREF2_REUSE_CERT_TYPE_BUG + OP_TLSEXT_PADDING + OP_TLS_BLOCK_PADDING_BUG + OP_TLS_D5_BUG + OP_TLS_ROLLBACK_BUG + READING + RECEIVED_SHUTDOWN + RSA_3 + RSA_F4 + R_BAD_AUTHENTICATION_TYPE + R_BAD_CHECKSUM + R_BAD_MAC_DECODE + R_BAD_RESPONSE_ARGUMENT + R_BAD_SSL_FILETYPE + R_BAD_SSL_SESSION_ID_LENGTH + R_BAD_STATE + R_BAD_WRITE_RETRY + R_CHALLENGE_IS_DIFFERENT + R_CIPHER_TABLE_SRC_ERROR + R_INVALID_CHALLENGE_LENGTH + R_NO_CERTIFICATE_SET + R_NO_CERTIFICATE_SPECIFIED + R_NO_CIPHER_LIST + R_NO_CIPHER_MATCH + R_NO_PRIVATEKEY + R_NO_PUBLICKEY + R_NULL_SSL_CTX + R_PEER_DID_NOT_RETURN_A_CERTIFICATE + R_PEER_ERROR + R_PEER_ERROR_CERTIFICATE + R_PEER_ERROR_NO_CIPHER + R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE + R_PUBLIC_KEY_ENCRYPT_ERROR + R_PUBLIC_KEY_IS_NOT_RSA + R_READ_WRONG_PACKET_TYPE + R_SHORT_READ + R_SSL_SESSION_ID_IS_DIFFERENT + R_UNABLE_TO_EXTRACT_PUBLIC_KEY + R_UNKNOWN_REMOTE_ERROR_TYPE + R_UNKNOWN_STATE + R_X509_LIB + SENT_SHUTDOWN + SESSION_ASN1_VERSION + SESS_CACHE_BOTH + SESS_CACHE_CLIENT + SESS_CACHE_NO_AUTO_CLEAR + SESS_CACHE_NO_INTERNAL + SESS_CACHE_NO_INTERNAL_LOOKUP + SESS_CACHE_NO_INTERNAL_STORE + SESS_CACHE_OFF + SESS_CACHE_SERVER + SSL2_MT_CLIENT_CERTIFICATE + SSL2_MT_CLIENT_FINISHED + SSL2_MT_CLIENT_HELLO + SSL2_MT_CLIENT_MASTER_KEY + SSL2_MT_ERROR + SSL2_MT_REQUEST_CERTIFICATE + SSL2_MT_SERVER_FINISHED + SSL2_MT_SERVER_HELLO + SSL2_MT_SERVER_VERIFY + SSL2_VERSION + SSL3_MT_CCS + SSL3_MT_CERTIFICATE + SSL3_MT_CERTIFICATE_REQUEST + SSL3_MT_CERTIFICATE_STATUS + SSL3_MT_CERTIFICATE_URL + SSL3_MT_CERTIFICATE_VERIFY + SSL3_MT_CHANGE_CIPHER_SPEC + SSL3_MT_CLIENT_HELLO + SSL3_MT_CLIENT_KEY_EXCHANGE + SSL3_MT_ENCRYPTED_EXTENSIONS + SSL3_MT_END_OF_EARLY_DATA + SSL3_MT_FINISHED + SSL3_MT_HELLO_REQUEST + SSL3_MT_KEY_UPDATE + SSL3_MT_MESSAGE_HASH + SSL3_MT_NEWSESSION_TICKET + SSL3_MT_NEXT_PROTO + SSL3_MT_SERVER_DONE + SSL3_MT_SERVER_HELLO + SSL3_MT_SERVER_KEY_EXCHANGE + SSL3_MT_SUPPLEMENTAL_DATA + SSL3_RT_ALERT + SSL3_RT_APPLICATION_DATA + SSL3_RT_CHANGE_CIPHER_SPEC + SSL3_RT_HANDSHAKE + SSL3_RT_HEADER + SSL3_RT_INNER_CONTENT_TYPE + SSL3_VERSION + SSLEAY_BUILT_ON + SSLEAY_CFLAGS + SSLEAY_DIR + SSLEAY_PLATFORM + SSLEAY_VERSION + ST_ACCEPT + ST_BEFORE + ST_CONNECT + ST_INIT + ST_OK + ST_READ_BODY + ST_READ_HEADER + TLS1_1_VERSION + TLS1_2_VERSION + TLS1_3_VERSION + TLS1_VERSION + TLSEXT_STATUSTYPE_ocsp + VERIFY_CLIENT_ONCE + VERIFY_FAIL_IF_NO_PEER_CERT + VERIFY_NONE + VERIFY_PEER + VERIFY_POST_HANDSHAKE + V_OCSP_CERTSTATUS_GOOD + V_OCSP_CERTSTATUS_REVOKED + V_OCSP_CERTSTATUS_UNKNOWN + WRITING + X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT + X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS + X509_CHECK_FLAG_NEVER_CHECK_SUBJECT + X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS + X509_CHECK_FLAG_NO_WILDCARDS + X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS + X509_FILETYPE_ASN1 + X509_FILETYPE_DEFAULT + X509_FILETYPE_PEM + X509_LOOKUP + X509_PURPOSE_ANY + X509_PURPOSE_CRL_SIGN + X509_PURPOSE_NS_SSL_SERVER + X509_PURPOSE_OCSP_HELPER + X509_PURPOSE_SMIME_ENCRYPT + X509_PURPOSE_SMIME_SIGN + X509_PURPOSE_SSL_CLIENT + X509_PURPOSE_SSL_SERVER + X509_PURPOSE_TIMESTAMP_SIGN + X509_TRUST_COMPAT + X509_TRUST_EMAIL + X509_TRUST_OBJECT_SIGN + X509_TRUST_OCSP_REQUEST + X509_TRUST_OCSP_SIGN + X509_TRUST_SSL_CLIENT + X509_TRUST_SSL_SERVER + X509_TRUST_TSA + X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH + X509_V_ERR_AKID_SKID_MISMATCH + X509_V_ERR_APPLICATION_VERIFICATION + X509_V_ERR_CA_KEY_TOO_SMALL + X509_V_ERR_CA_MD_TOO_WEAK + X509_V_ERR_CERT_CHAIN_TOO_LONG + X509_V_ERR_CERT_HAS_EXPIRED + X509_V_ERR_CERT_NOT_YET_VALID + X509_V_ERR_CERT_REJECTED + X509_V_ERR_CERT_REVOKED + X509_V_ERR_CERT_SIGNATURE_FAILURE + X509_V_ERR_CERT_UNTRUSTED + X509_V_ERR_CRL_HAS_EXPIRED + X509_V_ERR_CRL_NOT_YET_VALID + X509_V_ERR_CRL_PATH_VALIDATION_ERROR + X509_V_ERR_CRL_SIGNATURE_FAILURE + X509_V_ERR_DANE_NO_MATCH + X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT + X509_V_ERR_DIFFERENT_CRL_SCOPE + X509_V_ERR_EE_KEY_TOO_SMALL + X509_V_ERR_EMAIL_MISMATCH + X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD + X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD + X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD + X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD + X509_V_ERR_EXCLUDED_VIOLATION + X509_V_ERR_HOSTNAME_MISMATCH + X509_V_ERR_INVALID_CA + X509_V_ERR_INVALID_CALL + X509_V_ERR_INVALID_EXTENSION + X509_V_ERR_INVALID_NON_CA + X509_V_ERR_INVALID_POLICY_EXTENSION + X509_V_ERR_INVALID_PURPOSE + X509_V_ERR_IP_ADDRESS_MISMATCH + X509_V_ERR_KEYUSAGE_NO_CERTSIGN + X509_V_ERR_KEYUSAGE_NO_CRL_SIGN + X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE + X509_V_ERR_NO_EXPLICIT_POLICY + X509_V_ERR_NO_VALID_SCTS + X509_V_ERR_OCSP_CERT_UNKNOWN + X509_V_ERR_OCSP_VERIFY_FAILED + X509_V_ERR_OCSP_VERIFY_NEEDED + X509_V_ERR_OUT_OF_MEM + X509_V_ERR_PATH_LENGTH_EXCEEDED + X509_V_ERR_PATH_LOOP + X509_V_ERR_PERMITTED_VIOLATION + X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED + X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED + X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION + X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN + X509_V_ERR_STORE_LOOKUP + X509_V_ERR_SUBJECT_ISSUER_MISMATCH + X509_V_ERR_SUBTREE_MINMAX + X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 + X509_V_ERR_SUITE_B_INVALID_ALGORITHM + X509_V_ERR_SUITE_B_INVALID_CURVE + X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM + X509_V_ERR_SUITE_B_INVALID_VERSION + X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED + X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY + X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE + X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE + X509_V_ERR_UNABLE_TO_GET_CRL + X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY + X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE + X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION + X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION + X509_V_ERR_UNNESTED_RESOURCE + X509_V_ERR_UNSPECIFIED + X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX + X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE + X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE + X509_V_ERR_UNSUPPORTED_NAME_SYNTAX + X509_V_FLAG_ALLOW_PROXY_CERTS + X509_V_FLAG_CB_ISSUER_CHECK + X509_V_FLAG_CHECK_SS_SIGNATURE + X509_V_FLAG_CRL_CHECK + X509_V_FLAG_CRL_CHECK_ALL + X509_V_FLAG_EXPLICIT_POLICY + X509_V_FLAG_EXTENDED_CRL_SUPPORT + X509_V_FLAG_IGNORE_CRITICAL + X509_V_FLAG_INHIBIT_ANY + X509_V_FLAG_INHIBIT_MAP + X509_V_FLAG_LEGACY_VERIFY + X509_V_FLAG_NOTIFY_POLICY + X509_V_FLAG_NO_ALT_CHAINS + X509_V_FLAG_NO_CHECK_TIME + X509_V_FLAG_PARTIAL_CHAIN + X509_V_FLAG_POLICY_CHECK + X509_V_FLAG_POLICY_MASK + X509_V_FLAG_SUITEB_128_LOS + X509_V_FLAG_SUITEB_128_LOS_ONLY + X509_V_FLAG_SUITEB_192_LOS + X509_V_FLAG_TRUSTED_FIRST + X509_V_FLAG_USE_CHECK_TIME + X509_V_FLAG_USE_DELTAS + X509_V_FLAG_X509_STRICT + X509_V_OK + XN_FLAG_COMPAT + XN_FLAG_DN_REV + XN_FLAG_DUMP_UNKNOWN_FIELDS + XN_FLAG_FN_ALIGN + XN_FLAG_FN_LN + XN_FLAG_FN_MASK + XN_FLAG_FN_NONE + XN_FLAG_FN_OID + XN_FLAG_FN_SN + XN_FLAG_MULTILINE + XN_FLAG_ONELINE + XN_FLAG_RFC2253 + XN_FLAG_SEP_COMMA_PLUS + XN_FLAG_SEP_CPLUS_SPC + XN_FLAG_SEP_MASK + XN_FLAG_SEP_MULTILINE + XN_FLAG_SEP_SPLUS_SPC + XN_FLAG_SPC_EQ +); + +my @functions = qw( + BIO_eof + BIO_f_ssl + BIO_free + BIO_new + BIO_new_file + BIO_pending + BIO_read + BIO_s_mem + BIO_wpending + BIO_write + CTX_free + CTX_get_cert_store + CTX_new + CTX_use_RSAPrivateKey_file + CTX_use_certificate_file + CTX_v23_new + CTX_v2_new + CTX_v3_new + ERR_error_string + ERR_get_error + ERR_load_RAND_strings + ERR_load_SSL_strings + PEM_read_bio_X509_CRL + RSA_free + RSA_generate_key + SESSION_free + SESSION_get_master_key + SESSION_new + SESSION_print + X509_NAME_get_text_by_NID + X509_NAME_oneline + X509_STORE_add_cert + X509_STORE_add_crl + X509_check_email + X509_check_host + X509_check_ip + X509_check_ip_asc + X509_free + X509_get_issuer_name + X509_get_subject_name + X509_load_cert_crl_file + X509_load_cert_file + X509_load_crl_file + accept + clear + connect + copy_session_id + d2i_SSL_SESSION + die_if_ssl_error + die_now + do_https + dump_peer_certificate + free + get_cipher + get_cipher_list + get_client_random + get_fd + get_http + get_http4 + get_https + get_https3 + get_https4 + get_httpx + get_httpx4 + get_peer_certificate + get_peer_cert_chain + get_rbio + get_read_ahead + get_server_random + get_shared_ciphers + get_time + get_timeout + get_wbio + i2d_SSL_SESSION + load_error_strings + make_form + make_headers + new + peek + pending + post_http + post_http4 + post_https + post_https3 + post_https4 + post_httpx + post_httpx4 + print_errs + read + rstate_string + rstate_string_long + set_bio + set_cert_and_key + set_cipher_list + set_fd + set_read_ahead + set_rfd + set_server_cert_and_key + set_session + set_time + set_timeout + set_verify + set_wfd + ssl_read_CRLF + ssl_read_all + ssl_read_until + ssl_write_CRLF + ssl_write_all + sslcat + state_string + state_string_long + tcp_read_CRLF + tcp_read_all + tcp_read_until + tcp_write_CRLF + tcp_write_all + tcpcat + tcpxcat + use_PrivateKey + use_PrivateKey_ASN1 + use_PrivateKey_file + use_RSAPrivateKey + use_RSAPrivateKey_ASN1 + use_RSAPrivateKey_file + use_certificate + use_certificate_ASN1 + use_certificate_file + write + d2i_OCSP_RESPONSE + i2d_OCSP_RESPONSE + OCSP_RESPONSE_free + d2i_OCSP_REQUEST + i2d_OCSP_REQUEST + OCSP_REQUEST_free + OCSP_cert2ids + OCSP_ids2req + OCSP_response_status + OCSP_response_status_str + OCSP_response_verify + OCSP_response_results +); + +@EXPORT_OK = ( @constants, @functions ); + +sub AUTOLOAD { + # This AUTOLOAD is used to 'autoload' constants from the constant() + # XS function. If a constant is not found then control is passed + # to the AUTOLOAD in AutoLoader. + + my $constname; + ($constname = $AUTOLOAD) =~ s/.*:://; + my $val = constant($constname); + if ($! != 0) { + if ($! =~ /((Invalid)|(not valid))/i || $!{EINVAL}) { + $AutoLoader::AUTOLOAD = $AUTOLOAD; + goto &AutoLoader::AUTOLOAD; + } + else { + croak "Your vendor has not defined SSLeay macro $constname"; + } + } + eval "sub $AUTOLOAD { $val }"; + goto &$AUTOLOAD; +} + +eval { + require XSLoader; + XSLoader::load('Net::SSLeay', $VERSION); + 1; +} or do { + require DynaLoader; + push @ISA, 'DynaLoader'; + bootstrap Net::SSLeay $VERSION; +}; + +# Preloaded methods go here. + +$CRLF = "\x0d\x0a"; # because \r\n is not fully portable + +### Print SSLeay error stack + +sub print_errs { + my ($msg) = @_; + my ($count, $err, $errs, $e) = (0,0,''); + while ($err = ERR_get_error()) { + $count ++; + $e = "$msg $$: $count - " . ERR_error_string($err) . "\n"; + $errs .= $e; + warn $e if $Net::SSLeay::trace; + } + return $errs; +} + +# Death is conditional to SSLeay errors existing, i.e. this function checks +# for errors and only dies in affirmative. +# usage: Net::SSLeay::write($ssl, "foo") or die_if_ssl_error("SSL write ($!)"); + +sub die_if_ssl_error { + my ($msg) = @_; + die "$$: $msg\n" if print_errs($msg); +} + +# Unconditional death. Used to print SSLeay errors before dying. +# usage: Net::SSLeay::connect($ssl) or die_now("Failed SSL connect ($!)"); + +sub die_now { + my ($msg) = @_; + print_errs($msg); + die "$$: $msg\n"; +} + +# Perl 5.6.* unicode support causes that length() no longer reliably +# reflects the byte length of a string. This eval is to fix that. +# Thanks to Sean Burke for the snippet. + +BEGIN{ +eval 'use bytes; sub blength ($) { defined $_[0] ? length $_[0] : 0 }'; +$@ and eval ' sub blength ($) { defined $_[0] ? length $_[0] : 0 }' ; +} + +# Autoload methods go after __END__, and are processed by the autosplit program. + + +1; +__END__ + +### Some methods that are macros in C + +sub want_nothing { want(shift) == 1 } +sub want_read { want(shift) == 2 } +sub want_write { want(shift) == 3 } +sub want_X509_lookup { want(shift) == 4 } + +### +### Open TCP stream to given host and port, looking up the details +### from system databases or DNS. +### + +sub open_tcp_connection { + my ($dest_serv, $port) = @_; + my ($errs); + + $port = getservbyname($port, 'tcp') unless $port =~ /^\d+$/; + my $dest_serv_ip = gethostbyname($dest_serv); + unless (defined($dest_serv_ip)) { + $errs = "$0 $$: open_tcp_connection: destination host not found:" + . " `$dest_serv' (port $port) ($!)\n"; + warn $errs if $trace; + return wantarray ? (0, $errs) : 0; + } + my $sin = sockaddr_in($port, $dest_serv_ip); + + warn "Opening connection to $dest_serv:$port (" . + inet_ntoa($dest_serv_ip) . ")" if $trace>2; + + my $proto = &Socket::IPPROTO_TCP; # getprotobyname('tcp') not available on android + if (socket (SSLCAT_S, &PF_INET(), &SOCK_STREAM(), $proto)) { + warn "next connect" if $trace>3; + if (CORE::connect (SSLCAT_S, $sin)) { + my $old_out = select (SSLCAT_S); $| = 1; select ($old_out); + warn "connected to $dest_serv, $port" if $trace>3; + return wantarray ? (1, undef) : 1; # Success + } + } + $errs = "$0 $$: open_tcp_connection: failed `$dest_serv', $port ($!)\n"; + warn $errs if $trace; + close SSLCAT_S; + return wantarray ? (0, $errs) : 0; # Fail +} + +### Open connection via standard web proxy, if one was defined +### using set_proxy(). + +sub open_proxy_tcp_connection { + my ($dest_serv, $port) = @_; + return open_tcp_connection($dest_serv, $port) if !$proxyhost; + + warn "Connect via proxy: $proxyhost:$proxyport" if $trace>2; + my ($ret, $errs) = open_tcp_connection($proxyhost, $proxyport); + return wantarray ? (0, $errs) : 0 if !$ret; # Connection fail + + warn "Asking proxy to connect to $dest_serv:$port" if $trace>2; + #print SSLCAT_S "CONNECT $dest_serv:$port HTTP/1.0$proxyauth$CRLF$CRLF"; + #my $line = ; # *** bug? Mixing stdio with syscall read? + ($ret, $errs) = + tcp_write_all("CONNECT $dest_serv:$port HTTP/1.0$proxyauth$CRLF$CRLF"); + return wantarray ? (0,$errs) : 0 if $errs; + ($line, $errs) = tcp_read_until($CRLF . $CRLF, 1024); + warn "Proxy response: $line" if $trace>2; + return wantarray ? (0,$errs) : 0 if $errs; + return wantarray ? (1,'') : 1; # Success +} + +### +### read and write helpers that block +### + +sub debug_read { + my ($replyr, $gotr) = @_; + my $vm = $trace>2 && $linux_debug ? + (split ' ', `cat /proc/$$/stat`)[22] : 'vm_unknown'; + warn " got " . blength($$gotr) . ':' + . blength($$replyr) . " bytes (VM=$vm).\n" if $trace == 3; + warn " got `$$gotr' (" . blength($$gotr) . ':' + . blength($$replyr) . " bytes, VM=$vm)\n" if $trace>3; +} + +sub ssl_read_all { + my ($ssl,$how_much) = @_; + $how_much = 2000000000 unless $how_much; + my ($got, $rv, $errs); + my $reply = ''; + + while ($how_much > 0) { + ($got, $rv) = Net::SSLeay::read($ssl, + ($how_much > 32768) ? 32768 : $how_much + ); + if (! defined $got) { + my $err = Net::SSLeay::get_error($ssl, $rv); + if ($err != Net::SSLeay::ERROR_WANT_READ() and + $err != Net::SSLeay::ERROR_WANT_WRITE()) { + $errs = print_errs('SSL_read'); + last; + } + next; + } + $how_much -= blength($got); + debug_read(\$reply, \$got) if $trace>1; + last if $got eq ''; # EOF + $reply .= $got; + } + + return wantarray ? ($reply, $errs) : $reply; +} + +sub tcp_read_all { + my ($how_much) = @_; + $how_much = 2000000000 unless $how_much; + my ($n, $got, $errs); + my $reply = ''; + + my $bsize = 0x10000; + while ($how_much > 0) { + $n = sysread(SSLCAT_S,$got, (($bsize < $how_much) ? $bsize : $how_much)); + warn "Read error: $! ($n,$how_much)" unless defined $n; + last if !$n; # EOF + $how_much -= $n; + debug_read(\$reply, \$got) if $trace>1; + $reply .= $got; + } + return wantarray ? ($reply, $errs) : $reply; +} + +sub ssl_write_all { + my $ssl = $_[0]; + my ($data_ref, $errs); + if (ref $_[1]) { + $data_ref = $_[1]; + } else { + $data_ref = \$_[1]; + } + my ($wrote, $written, $to_write) = (0,0, blength($$data_ref)); + my $vm = $trace>2 && $linux_debug ? + (split ' ', `cat /proc/$$/stat`)[22] : 'vm_unknown'; + warn " write_all VM at entry=$vm\n" if $trace>2; + while ($to_write) { + #sleep 1; # *** DEBUG + warn "partial `$$data_ref'\n" if $trace>3; + $wrote = write_partial($ssl, $written, $to_write, $$data_ref); + if (defined $wrote && ($wrote > 0)) { # write_partial can return -1 + $written += $wrote; + $to_write -= $wrote; + } else { + if (defined $wrote) { + # check error conditions via SSL_get_error per man page + if ( my $sslerr = get_error($ssl, $wrote) ) { + my $errstr = ERR_error_string($sslerr); + my $errname = ''; + SWITCH: { + $sslerr == constant("ERROR_NONE") && do { + # according to map page SSL_get_error(3ssl): + # The TLS/SSL I/O operation completed. + # This result code is returned if and only if ret > 0 + # so if we received it here complain... + warn "ERROR_NONE unexpected with invalid return value!" + if $trace; + $errname = "SSL_ERROR_NONE"; + }; + $sslerr == constant("ERROR_WANT_READ") && do { + # operation did not complete, call again later, so do not + # set errname and empty err_que since this is a known + # error that is expected but, we should continue to try + # writing the rest of our data with same io call and params. + warn "ERROR_WANT_READ (TLS/SSL Handshake, will continue)\n" + if $trace; + print_errs('SSL_write(want read)'); + last SWITCH; + }; + $sslerr == constant("ERROR_WANT_WRITE") && do { + # operation did not complete, call again later, so do not + # set errname and empty err_que since this is a known + # error that is expected but, we should continue to try + # writing the rest of our data with same io call and params. + warn "ERROR_WANT_WRITE (TLS/SSL Handshake, will continue)\n" + if $trace; + print_errs('SSL_write(want write)'); + last SWITCH; + }; + $sslerr == constant("ERROR_ZERO_RETURN") && do { + # valid protocol closure from other side, no longer able to + # write, since there is no longer a session... + warn "ERROR_ZERO_RETURN($wrote): TLS/SSLv3 Closure alert\n" + if $trace; + $errname = "SSL_ERROR_ZERO_RETURN"; + last SWITCH; + }; + $sslerr == constant("ERROR_SSL") && do { + # library/protocol error + warn "ERROR_SSL($wrote): Library/Protocol error occured\n" + if $trace; + $errname = "SSL_ERROR_SSL"; + last SWITCH; + }; + $sslerr == constant("ERROR_WANT_CONNECT") && do { + # according to man page, should never happen on call to + # SSL_write, so complain, but handle as known error type + warn "ERROR_WANT_CONNECT: Unexpected error for SSL_write\n" + if $trace; + $errname = "SSL_ERROR_WANT_CONNECT"; + last SWITCH; + }; + $sslerr == constant("ERROR_WANT_ACCEPT") && do { + # according to man page, should never happen on call to + # SSL_write, so complain, but handle as known error type + warn "ERROR_WANT_ACCEPT: Unexpected error for SSL_write\n" + if $trace; + $errname = "SSL_ERROR_WANT_ACCEPT"; + last SWITCH; + }; + $sslerr == constant("ERROR_WANT_X509_LOOKUP") && do { + # operation did not complete: waiting on call back, + # call again later, so do not set errname and empty err_que + # since this is a known error that is expected but, we should + # continue to try writing the rest of our data with same io + # call parameter. + warn "ERROR_WANT_X509_LOOKUP: (Cert Callback asked for in ". + "SSL_write will contine)\n" if $trace; + print_errs('SSL_write(want x509'); + last SWITCH; + }; + $sslerr == constant("ERROR_SYSCALL") && do { + # some IO error occured. According to man page: + # Check retval, ERR, fallback to errno + if ($wrote==0) { # EOF + warn "ERROR_SYSCALL($wrote): EOF violates protocol.\n" + if $trace; + $errname = "SSL_ERROR_SYSCALL(EOF)"; + } else { # -1 underlying BIO error reported. + # check error que for details, don't set errname since we + # are directly appending to errs + my $chkerrs = print_errs('SSL_write (syscall)'); + if ($chkerrs) { + warn "ERROR_SYSCALL($wrote): Have errors\n" if $trace; + $errs .= "ssl_write_all $$: 1 - ERROR_SYSCALL($wrote,". + "$sslerr,$errstr,$!)\n$chkerrs"; + } else { # que was empty, use errno + warn "ERROR_SYSCALL($wrote): errno($!)\n" if $trace; + $errs .= "ssl_write_all $$: 1 - ERROR_SYSCALL($wrote,". + "$sslerr) : $!\n"; + } + } + last SWITCH; + }; + warn "Unhandled val $sslerr from SSL_get_error(SSL,$wrote)\n" + if $trace; + $errname = "SSL_ERROR_?($sslerr)"; + } # end of SWITCH block + if ($errname) { # if we had an errname set add the error + $errs .= "ssl_write_all $$: 1 - $errname($wrote,$sslerr,". + "$errstr,$!)\n"; + } + } # endif on have SSL_get_error val + } # endif on $wrote defined + } # endelse on $wrote > 0 + $vm = $trace>2 && $linux_debug ? + (split ' ', `cat /proc/$$/stat`)[22] : 'vm_unknown'; + warn " written so far $wrote:$written bytes (VM=$vm)\n" if $trace>2; + # append remaining errors in que and report if errs exist + $errs .= print_errs('SSL_write'); + return (wantarray ? (undef, $errs) : undef) if $errs; + } + return wantarray ? ($written, $errs) : $written; +} + +sub tcp_write_all { + my ($data_ref, $errs); + if (ref $_[0]) { + $data_ref = $_[0]; + } else { + $data_ref = \$_[0]; + } + my ($wrote, $written, $to_write) = (0,0, blength($$data_ref)); + my $vm = $trace>2 && $linux_debug ? + (split ' ', `cat /proc/$$/stat`)[22] : 'vm_unknown'; + warn " write_all VM at entry=$vm to_write=$to_write\n" if $trace>2; + while ($to_write) { + warn "partial `$$data_ref'\n" if $trace>3; + $wrote = syswrite(SSLCAT_S, $$data_ref, $to_write, $written); + if (defined $wrote && ($wrote > 0)) { # write_partial can return -1 + $written += $wrote; + $to_write -= $wrote; + } elsif (!defined($wrote)) { + warn "tcp_write_all: $!"; + return (wantarray ? (undef, "$!") : undef); + } + $vm = $trace>2 && $linux_debug ? + (split ' ', `cat /proc/$$/stat`)[22] : 'vm_unknown'; + warn " written so far $wrote:$written bytes (VM=$vm)\n" if $trace>2; + } + return wantarray ? ($written, '') : $written; +} + +### from patch by Clinton Wong + +# ssl_read_until($ssl [, $delimit [, $max_length]]) +# if $delimit missing, use $/ if it exists, otherwise use \n +# read until delimiter reached, up to $max_length chars if defined + +sub ssl_read_until ($;$$) { + my ($ssl,$delim, $max_length) = @_; + + # guess the delim string if missing + if ( ! defined $delim ) { + if ( defined $/ && length $/ ) { $delim = $/ } + else { $delim = "\n" } # Note: \n,$/ value depends on the platform + } + my $len_delim = length $delim; + + my ($got); + my $reply = ''; + + # If we have OpenSSL 0.9.6a or later, we can use SSL_peek to + # speed things up. + # N.B. 0.9.6a has security problems, so the support for + # anything earlier than 0.9.6e will be dropped soon. + if (&Net::SSLeay::OPENSSL_VERSION_NUMBER >= 0x0090601f) { + $max_length = 2000000000 unless (defined $max_length); + my ($pending, $peek_length, $found, $done); + while (blength($reply) < $max_length and !$done) { + #Block if necessary until we get some data + $got = Net::SSLeay::peek($ssl,1); + last if print_errs('SSL_peek'); + + $pending = Net::SSLeay::pending($ssl) + blength($reply); + $peek_length = ($pending > $max_length) ? $max_length : $pending; + $peek_length -= blength($reply); + $got = Net::SSLeay::peek($ssl, $peek_length); + last if print_errs('SSL_peek'); + $peek_length = blength($got); + + #$found = index($got, $delim); # Old and broken + + # the delimiter may be split across two gets, so we prepend + # a little from the last get onto this one before we check + # for a match + my $match; + if(blength($reply) >= blength($delim) - 1) { + #if what we've read so far is greater or equal + #in length of what we need to prepatch + $match = substr $reply, blength($reply) - blength($delim) + 1; + } else { + $match = $reply; + } + + $match .= $got; + $found = index($match, $delim); + + if ($found > -1) { + #$got = Net::SSLeay::ssl_read_all($ssl, $found+$len_delim); + #read up to the end of the delimiter + $got = Net::SSLeay::ssl_read_all($ssl, + $found + $len_delim + - ((blength($match)) - (blength($got)))); + $done = 1; + } else { + $got = Net::SSLeay::ssl_read_all($ssl, $peek_length); + $done = 1 if ($peek_length == $max_length - blength($reply)); + } + + last if print_errs('SSL_read'); + debug_read(\$reply, \$got) if $trace>1; + last if $got eq ''; + $reply .= $got; + } + } else { + while (!defined $max_length || length $reply < $max_length) { + $got = Net::SSLeay::ssl_read_all($ssl,1); # one by one + last if print_errs('SSL_read'); + debug_read(\$reply, \$got) if $trace>1; + last if $got eq ''; + $reply .= $got; + last if $len_delim + && substr($reply, blength($reply)-$len_delim) eq $delim; + } + } + return $reply; +} + +sub tcp_read_until { + my ($delim, $max_length) = @_; + + # guess the delim string if missing + if ( ! defined $delim ) { + if ( defined $/ && length $/ ) { $delim = $/ } + else { $delim = "\n" } # Note: \n,$/ value depends on the platform + } + my $len_delim = length $delim; + + my ($n,$got); + my $reply = ''; + + while (!defined $max_length || length $reply < $max_length) { + $n = sysread(SSLCAT_S, $got, 1); # one by one + warn "tcp_read_until: $!" if !defined $n; + debug_read(\$reply, \$got) if $trace>1; + last if !$n; # EOF + $reply .= $got; + last if $len_delim + && substr($reply, blength($reply)-$len_delim) eq $delim; + } + return $reply; +} + +# ssl_read_CRLF($ssl [, $max_length]) +sub ssl_read_CRLF ($;$) { ssl_read_until($_[0], $CRLF, $_[1]) } +sub tcp_read_CRLF { tcp_read_until($CRLF, $_[0]) } + +# ssl_write_CRLF($ssl, $message) writes $message and appends CRLF +sub ssl_write_CRLF ($$) { + # the next line uses less memory but might use more network packets + return ssl_write_all($_[0], $_[1]) + ssl_write_all($_[0], $CRLF); + + # the next few lines do the same thing at the expense of memory, with + # the chance that it will use less packets, since CRLF is in the original + # message and won't be sent separately. + + #my $data_ref; + #if (ref $_[1]) { $data_ref = $_[1] } + # else { $data_ref = \$_[1] } + #my $message = $$data_ref . $CRLF; + #return ssl_write_all($_[0], \$message); +} + +sub tcp_write_CRLF { + # the next line uses less memory but might use more network packets + return tcp_write_all($_[0]) + tcp_write_all($CRLF); + + # the next few lines do the same thing at the expense of memory, with + # the chance that it will use less packets, since CRLF is in the original + # message and won't be sent separately. + + #my $data_ref; + #if (ref $_[1]) { $data_ref = $_[1] } + # else { $data_ref = \$_[1] } + #my $message = $$data_ref . $CRLF; + #return tcp_write_all($_[0], \$message); +} + +### Quickly print out with whom we're talking + +sub dump_peer_certificate ($) { + my ($ssl) = @_; + my $cert = get_peer_certificate($ssl); + return if print_errs('get_peer_certificate'); + print "no cert defined\n" if !defined($cert); + # Cipher=NONE with empty cert fix + if (!defined($cert) || ($cert == 0)) { + warn "cert = `$cert'\n" if $trace; + return "Subject Name: undefined\nIssuer Name: undefined\n"; + } else { + my $x = 'Subject Name: ' + . X509_NAME_oneline(X509_get_subject_name($cert)) . "\n" + . 'Issuer Name: ' + . X509_NAME_oneline(X509_get_issuer_name($cert)) . "\n"; + Net::SSLeay::X509_free($cert); + return $x; + } +} + +### Arrange some randomness for eay PRNG + +sub randomize (;$$$) { + my ($rn_seed_file, $seed, $egd_path) = @_; + my $rnsf = defined($rn_seed_file) && -r $rn_seed_file; + + $egd_path = ''; + $egd_path = $ENV{'EGD_PATH'} if $ENV{'EGD_PATH'}; + + RAND_seed(rand() + $$); # Stir it with time and pid + + unless ($rnsf || -r $Net::SSLeay::random_device || $seed || -S $egd_path) { + my $poll_retval = Net::SSLeay::RAND_poll(); + warn "Random number generator not seeded!!!" if $trace && !$poll_retval; + } + + RAND_load_file($rn_seed_file, -s _) if $rnsf; + RAND_seed($seed) if $seed; + RAND_seed($ENV{RND_SEED}) if $ENV{RND_SEED}; + RAND_load_file($Net::SSLeay::random_device, $Net::SSLeay::how_random/8) + if -r $Net::SSLeay::random_device; +} + +sub new_x_ctx { + if ($ssl_version == 2) { + unless (exists &Net::SSLeay::CTX_v2_new) { + warn "ssl_version has been set to 2, but this version of OpenSSL has been compiled without SSLv2 support"; + return undef; + } + $ctx = CTX_v2_new(); + } + elsif ($ssl_version == 3) { $ctx = CTX_v3_new(); } + elsif ($ssl_version == 10) { $ctx = CTX_tlsv1_new(); } + elsif ($ssl_version == 11) { + unless (exists &Net::SSLeay::CTX_tlsv1_1_new) { + warn "ssl_version has been set to 11, but this version of OpenSSL has been compiled without TLSv1.1 support"; + return undef; + } + $ctx = CTX_tlsv1_1_new; + } + elsif ($ssl_version == 12) { + unless (exists &Net::SSLeay::CTX_tlsv1_2_new) { + warn "ssl_version has been set to 12, but this version of OpenSSL has been compiled without TLSv1.2 support"; + return undef; + } + $ctx = CTX_tlsv1_2_new; + } + elsif ($ssl_version == 13) { + unless (eval { Net::SSLeay::TLS1_3_VERSION(); } ) { + warn "ssl_version has been set to 13, but this version of OpenSSL has been compiled without TLSv1.3 support"; + return undef; + } + $ctx = CTX_new(); + unless(Net::SSLeay::CTX_set_min_proto_version($ctx, Net::SSLeay::TLS1_3_VERSION())) { + warn "CTX_set_min_proto failed for TLSv1.3"; + return undef; + } + unless(Net::SSLeay::CTX_set_max_proto_version($ctx, Net::SSLeay::TLS1_3_VERSION())) { + warn "CTX_set_max_proto failed for TLSv1.3"; + return undef; + } + } + else { $ctx = CTX_new(); } + return $ctx; +} + +### +### Standard initialisation. Initialise the ssl library in the usual way +### at most once. Override this if you need differnet initialisation +### SSLeay_add_ssl_algorithms is also protected against multiple runs in SSLeay.xs +### and is also mutex protected in threading perls +### + +my $library_initialised; +sub initialize +{ + if (!$library_initialised) + { + load_error_strings(); # Some bloat, but I'm after ease of use + SSLeay_add_ssl_algorithms(); # and debuggability. + randomize(); + $library_initialised++; + } +} + +### +### Basic request - response primitive (don't use for https) +### + +sub sslcat { # address, port, message, $crt, $key --> reply / (reply,errs,cert) + my ($dest_serv, $port, $out_message, $crt_path, $key_path) = @_; + my ($ctx, $ssl, $got, $errs, $written); + + ($got, $errs) = open_proxy_tcp_connection($dest_serv, $port); + return (wantarray ? (undef, $errs) : undef) unless $got; + + ### Do SSL negotiation stuff + + warn "Creating SSL $ssl_version context...\n" if $trace>2; + initialize(); # Will init at most once + + $ctx = new_x_ctx(); + goto cleanup2 if $errs = print_errs('CTX_new') or !$ctx; + + CTX_set_options($ctx, &OP_ALL); + goto cleanup2 if $errs = print_errs('CTX_set_options'); + + warn "Cert `$crt_path' given without key" if $crt_path && !$key_path; + set_cert_and_key($ctx, $crt_path, $key_path) if $crt_path; + + warn "Creating SSL connection (context was '$ctx')...\n" if $trace>2; + $ssl = new($ctx); + goto cleanup if $errs = print_errs('SSL_new') or !$ssl; + + warn "Setting fd (ctx $ctx, con $ssl)...\n" if $trace>2; + set_fd($ssl, fileno(SSLCAT_S)); + goto cleanup if $errs = print_errs('set_fd'); + + warn "Entering SSL negotiation phase...\n" if $trace>2; + + if ($trace>2) { + my $i = 0; + my $p = ''; + my $cipher_list = 'Cipher list: '; + $p=Net::SSLeay::get_cipher_list($ssl,$i); + $cipher_list .= $p if $p; + do { + $i++; + $cipher_list .= ', ' . $p if $p; + $p=Net::SSLeay::get_cipher_list($ssl,$i); + } while $p; + $cipher_list .= '\n'; + warn $cipher_list; + } + + $got = Net::SSLeay::connect($ssl); + warn "SSLeay connect returned $got\n" if $trace>2; + goto cleanup if $errs = print_errs('SSL_connect'); + + my $server_cert = get_peer_certificate($ssl); + print_errs('get_peer_certificate'); + if ($trace>1) { + warn "Cipher `" . get_cipher($ssl) . "'\n"; + print_errs('get_ciper'); + warn dump_peer_certificate($ssl); + } + + ### Connected. Exchange some data (doing repeated tries if necessary). + + warn "sslcat $$: sending " . blength($out_message) . " bytes...\n" + if $trace==3; + warn "sslcat $$: sending `$out_message' (" . blength($out_message) + . " bytes)...\n" if $trace>3; + ($written, $errs) = ssl_write_all($ssl, $out_message); + goto cleanup unless $written; + + sleep $slowly if $slowly; # Closing too soon can abort broken servers + Net::SSLeay::shutdown($ssl); # Useful starting with OpenSSL 1.1.1e + CORE::shutdown SSLCAT_S, 1; # Half close --> No more output, send EOF to server + + warn "waiting for reply...\n" if $trace>2; + ($got, $errs) = ssl_read_all($ssl); + warn "Got " . blength($got) . " bytes.\n" if $trace==3; + warn "Got `$got' (" . blength($got) . " bytes)\n" if $trace>3; + +cleanup: + free ($ssl); + $errs .= print_errs('SSL_free'); +cleanup2: + CTX_free ($ctx); + $errs .= print_errs('CTX_free'); + close SSLCAT_S; + return wantarray ? ($got, $errs, $server_cert) : $got; +} + +sub tcpcat { # address, port, message, $crt, $key --> reply / (reply,errs,cert) + my ($dest_serv, $port, $out_message) = @_; + my ($got, $errs, $written); + + ($got, $errs) = open_proxy_tcp_connection($dest_serv, $port); + return (wantarray ? (undef, $errs) : undef) unless $got; + + ### Connected. Exchange some data (doing repeated tries if necessary). + + warn "tcpcat $$: sending " . blength($out_message) . " bytes...\n" + if $trace==3; + warn "tcpcat $$: sending `$out_message' (" . blength($out_message) + . " bytes)...\n" if $trace>3; + ($written, $errs) = tcp_write_all($out_message); + goto cleanup unless $written; + + sleep $slowly if $slowly; # Closing too soon can abort broken servers + CORE::shutdown SSLCAT_S, 1; # Half close --> No more output, send EOF to server + + warn "waiting for reply...\n" if $trace>2; + ($got, $errs) = tcp_read_all(); + warn "Got " . blength($got) . " bytes.\n" if $trace==3; + warn "Got `$got' (" . blength($got) . " bytes)\n" if $trace>3; + +cleanup: + close SSLCAT_S; + return wantarray ? ($got, $errs) : $got; +} + +sub tcpxcat { + my ($usessl, $site, $port, $req, $crt_path, $key_path) = @_; + if ($usessl) { + return sslcat($site, $port, $req, $crt_path, $key_path); + } else { + return tcpcat($site, $port, $req); + } +} + +### +### Basic request - response primitive, this is different from sslcat +### because this does not shutdown the connection. +### + +sub https_cat { # address, port, message --> returns reply / (reply,errs,cert) + my ($dest_serv, $port, $out_message, $crt_path, $key_path) = @_; + my ($ctx, $ssl, $got, $errs, $written); + + ($got, $errs) = open_proxy_tcp_connection($dest_serv, $port); + return (wantarray ? (undef, $errs) : undef) unless $got; + + ### Do SSL negotiation stuff + + warn "Creating SSL $ssl_version context...\n" if $trace>2; + initialize(); + + $ctx = new_x_ctx(); + goto cleanup2 if $errs = print_errs('CTX_new') or !$ctx; + + CTX_set_options($ctx, &OP_ALL); + goto cleanup2 if $errs = print_errs('CTX_set_options'); + + warn "Cert `$crt_path' given without key" if $crt_path && !$key_path; + set_cert_and_key($ctx, $crt_path, $key_path) if $crt_path; + + warn "Creating SSL connection (context was '$ctx')...\n" if $trace>2; + $ssl = new($ctx); + goto cleanup if $errs = print_errs('SSL_new') or !$ssl; + + warn "Setting fd (ctx $ctx, con $ssl)...\n" if $trace>2; + set_fd($ssl, fileno(SSLCAT_S)); + goto cleanup if $errs = print_errs('set_fd'); + + warn "Entering SSL negotiation phase...\n" if $trace>2; + + if ($trace>2) { + my $i = 0; + my $p = ''; + my $cipher_list = 'Cipher list: '; + $p=Net::SSLeay::get_cipher_list($ssl,$i); + $cipher_list .= $p if $p; + do { + $i++; + $cipher_list .= ', ' . $p if $p; + $p=Net::SSLeay::get_cipher_list($ssl,$i); + } while $p; + $cipher_list .= '\n'; + warn $cipher_list; + } + + $got = Net::SSLeay::connect($ssl); + warn "SSLeay connect failed" if $trace>2 && $got==0; + goto cleanup if $errs = print_errs('SSL_connect'); + + my $server_cert = get_peer_certificate($ssl); + print_errs('get_peer_certificate'); + if ($trace>1) { + warn "Cipher `" . get_cipher($ssl) . "'\n"; + print_errs('get_ciper'); + warn dump_peer_certificate($ssl); + } + + ### Connected. Exchange some data (doing repeated tries if necessary). + + warn "https_cat $$: sending " . blength($out_message) . " bytes...\n" + if $trace==3; + warn "https_cat $$: sending `$out_message' (" . blength($out_message) + . " bytes)...\n" if $trace>3; + ($written, $errs) = ssl_write_all($ssl, $out_message); + goto cleanup unless $written; + + warn "waiting for reply...\n" if $trace>2; + ($got, $errs) = ssl_read_all($ssl); + warn "Got " . blength($got) . " bytes.\n" if $trace==3; + warn "Got `$got' (" . blength($got) . " bytes)\n" if $trace>3; + +cleanup: + free ($ssl); + $errs .= print_errs('SSL_free'); +cleanup2: + CTX_free ($ctx); + $errs .= print_errs('CTX_free'); + close SSLCAT_S; + return wantarray ? ($got, $errs, $server_cert) : $got; +} + +sub http_cat { # address, port, message --> returns reply / (reply,errs,cert) + my ($dest_serv, $port, $out_message) = @_; + my ($got, $errs, $written); + + ($got, $errs) = open_proxy_tcp_connection($dest_serv, $port); + return (wantarray ? (undef, $errs) : undef) unless $got; + + ### Connected. Exchange some data (doing repeated tries if necessary). + + warn "http_cat $$: sending " . blength($out_message) . " bytes...\n" + if $trace==3; + warn "http_cat $$: sending `$out_message' (" . blength($out_message) + . " bytes)...\n" if $trace>3; + ($written, $errs) = tcp_write_all($out_message); + goto cleanup unless $written; + + warn "waiting for reply...\n" if $trace>2; + ($got, $errs) = tcp_read_all(); + warn "Got " . blength($got) . " bytes.\n" if $trace==3; + warn "Got `$got' (" . blength($got) . " bytes)\n" if $trace>3; + +cleanup: + close SSLCAT_S; + return wantarray ? ($got, $errs) : $got; +} + +sub httpx_cat { + my ($usessl, $site, $port, $req, $crt_path, $key_path) = @_; + warn "httpx_cat: usessl=$usessl ($site:$port)" if $trace; + if ($usessl) { + return https_cat($site, $port, $req, $crt_path, $key_path); + } else { + return http_cat($site, $port, $req); + } +} + +### +### Easy set up of private key and certificate +### + +sub set_cert_and_key ($$$) { + my ($ctx, $cert_path, $key_path) = @_; + my $errs = ''; + # Following will ask password unless private key is not encrypted + CTX_use_PrivateKey_file( $ctx, $key_path, &FILETYPE_PEM ) == 1 + or $errs .= print_errs("private key `$key_path' ($!)"); + CTX_use_certificate_file ($ctx, $cert_path, &FILETYPE_PEM) == 1 + or $errs .= print_errs("certificate `$cert_path' ($!)"); + return wantarray ? (undef, $errs) : ($errs eq ''); +} + +### Old deprecated API + +sub set_server_cert_and_key ($$$) { &set_cert_and_key } + +### Set up to use web proxy + +sub set_proxy ($$;**) { + ($proxyhost, $proxyport, $proxyuser, $proxypass) = @_; + require MIME::Base64 if $proxyuser; + $proxyauth = $proxyuser + ? $CRLF . 'Proxy-authorization: Basic ' + . MIME::Base64::encode("$proxyuser:$proxypass", '') + : ''; +} + +### +### Easy https manipulation routines +### + +sub make_form { + my (@fields) = @_; + my $form; + while (@fields) { + my ($name, $data) = (shift(@fields), shift(@fields)); + $data =~ s/([^\w\-.\@\$ ])/sprintf("%%%2.2x",ord($1))/gse; + $data =~ tr[ ][+]; + $form .= "$name=$data&"; + } + chop $form; + return $form; +} + +sub make_headers { + my (@headers) = @_; + my $headers; + while (@headers) { + my $header = shift(@headers); + my $value = shift(@headers); + $header =~ s/:$//; + $value =~ s/\x0d?\x0a$//; # because we add it soon, see below + $headers .= "$header: $value$CRLF"; + } + return $headers; +} + +sub do_httpx3 { + my ($method, $usessl, $site, $port, $path, $headers, + $content, $mime_type, $crt_path, $key_path) = @_; + my ($response, $page, $h,$v); + + my $len = blength($content); + if ($len) { + $mime_type = "application/x-www-form-urlencoded" unless $mime_type; + $content = "Content-Type: $mime_type$CRLF" + . "Content-Length: $len$CRLF$CRLF$content"; + } else { + $content = "$CRLF$CRLF"; + } + my $req = "$method $path HTTP/1.0$CRLF"; + unless (defined $headers && $headers =~ /^Host:/m) { + $req .= "Host: $site"; + unless (($port == 80 && !$usessl) || ($port == 443 && $usessl)) { + $req .= ":$port"; + } + $req .= $CRLF; + } + $req .= (defined $headers ? $headers : '') . "Accept: */*$CRLF$content"; + + warn "do_httpx3($method,$usessl,$site:$port)" if $trace; + my ($http, $errs, $server_cert) + = httpx_cat($usessl, $site, $port, $req, $crt_path, $key_path); + return (undef, "HTTP/1.0 900 NET OR SSL ERROR$CRLF$CRLF$errs") if $errs; + + $http = '' if !defined $http; + ($headers, $page) = split /\s?\n\s?\n/, $http, 2; + warn "headers >$headers< page >>$page<< http >>>$http<<<" if $trace>1; + ($response, $headers) = split /\s?\n/, $headers, 2; + return ($page, $response, $headers, $server_cert); +} + +sub do_https3 { splice(@_,1,0) = 1; do_httpx3; } # Legacy undocumented + +### do_https2() is a legacy version in the sense that it is unable +### to return all instances of duplicate headers. + +sub do_httpx2 { + my ($page, $response, $headers, $server_cert) = &do_httpx3; + X509_free($server_cert) if defined $server_cert; + return ($page, $response, defined $headers ? + map( { ($h,$v)=/^(\S+)\:\s*(.*)$/; (uc($h),$v); } + split(/\s?\n/, $headers) + ) : () + ); +} + +sub do_https2 { splice(@_,1,0) = 1; do_httpx2; } # Legacy undocumented + +### Returns headers as a hash where multiple instances of same header +### are handled correctly. + +sub do_httpx4 { + my ($page, $response, $headers, $server_cert) = &do_httpx3; + my %hr = (); + for my $hh (split /\s?\n/, $headers) { + my ($h,$v) = ($hh =~ /^(\S+)\:\s*(.*)$/); + push @{$hr{uc($h)}}, $v; + } + return ($page, $response, \%hr, $server_cert); +} + +sub do_https4 { splice(@_,1,0) = 1; do_httpx4; } # Legacy undocumented + +# https + +sub get_https { do_httpx2(GET => 1, @_) } +sub post_https { do_httpx2(POST => 1, @_) } +sub put_https { do_httpx2(PUT => 1, @_) } +sub head_https { do_httpx2(HEAD => 1, @_) } + +sub get_https3 { do_httpx3(GET => 1, @_) } +sub post_https3 { do_httpx3(POST => 1, @_) } +sub put_https3 { do_httpx3(PUT => 1, @_) } +sub head_https3 { do_httpx3(HEAD => 1, @_) } + +sub get_https4 { do_httpx4(GET => 1, @_) } +sub post_https4 { do_httpx4(POST => 1, @_) } +sub put_https4 { do_httpx4(PUT => 1, @_) } +sub head_https4 { do_httpx4(HEAD => 1, @_) } + +# http + +sub get_http { do_httpx2(GET => 0, @_) } +sub post_http { do_httpx2(POST => 0, @_) } +sub put_http { do_httpx2(PUT => 0, @_) } +sub head_http { do_httpx2(HEAD => 0, @_) } + +sub get_http3 { do_httpx3(GET => 0, @_) } +sub post_http3 { do_httpx3(POST => 0, @_) } +sub put_http3 { do_httpx3(PUT => 0, @_) } +sub head_http3 { do_httpx3(HEAD => 0, @_) } + +sub get_http4 { do_httpx4(GET => 0, @_) } +sub post_http4 { do_httpx4(POST => 0, @_) } +sub put_http4 { do_httpx4(PUT => 0, @_) } +sub head_http4 { do_httpx4(HEAD => 0, @_) } + +# Either https or http + +sub get_httpx { do_httpx2(GET => @_) } +sub post_httpx { do_httpx2(POST => @_) } +sub put_httpx { do_httpx2(PUT => @_) } +sub head_httpx { do_httpx2(HEAD => @_) } + +sub get_httpx3 { do_httpx3(GET => @_) } +sub post_httpx3 { do_httpx3(POST => @_) } +sub put_httpx3 { do_httpx3(PUT => @_) } +sub head_httpx3 { do_httpx3(HEAD => @_) } + +sub get_httpx4 { do_httpx4(GET => @_) } +sub post_httpx4 { do_httpx4(POST => @_) } +sub put_httpx4 { do_httpx4(PUT => @_) } +sub head_httpx4 { do_httpx4(HEAD => @_) } + +### Legacy, don't use +# ($page, $respone_or_err, %headers) = do_https(...); + +sub do_https { + my ($site, $port, $path, $method, $headers, + $content, $mime_type, $crt_path, $key_path) = @_; + + do_https2($method, $site, $port, $path, $headers, + $content, $mime_type, $crt_path, $key_path); +} + +1; +__END__ + diff --git a/cpan/Net-SSLeay/lib/Net/SSLeay.pod b/cpan/Net-SSLeay/lib/Net/SSLeay.pod new file mode 100644 index 000000000000..820a1743f8d6 --- /dev/null +++ b/cpan/Net-SSLeay/lib/Net/SSLeay.pod @@ -0,0 +1,10434 @@ +=encoding utf-8 + +=head1 NAME + +Net::SSLeay - Perl bindings for OpenSSL and LibreSSL + +=head1 SYNOPSIS + + use Net::SSLeay qw(get_https post_https sslcat make_headers make_form); + + ($page) = get_https('www.bacus.pt', 443, '/'); # Case 1 + + ($page, $response, %reply_headers) + = get_https('www.bacus.pt', 443, '/', # Case 2 + make_headers(User-Agent => 'Cryptozilla/5.0b1', + Referer => 'https://www.bacus.pt' + )); + + ($page, $result, %headers) = # Case 2b + = get_https('www.bacus.pt', 443, '/protected.html', + make_headers(Authorization => + 'Basic ' . MIME::Base64::encode("$user:$pass",'')) + ); + + ($page, $response, %reply_headers) + = post_https('www.bacus.pt', 443, '/foo.cgi', '', # Case 3 + make_form(OK => '1', + name => 'Sampo' + )); + + $reply = sslcat($host, $port, $request); # Case 4 + + ($reply, $err, $server_cert) = sslcat($host, $port, $request); # Case 5 + + $Net::SSLeay::trace = 2; # 0=no debugging, 1=ciphers, 2=trace, 3=dump data + + Net::SSLeay::initialize(); # Initialize ssl library once + +=head1 DESCRIPTION + +This module provides Perl bindings for libssl (an SSL/TLS API) and libcrypto (a +cryptography API). + +=head1 COMPATIBILITY + +Net::SSLeay supports the following libssl implementations: + +=over + +=item * + +Any stable release of L in the 0.9.8 - 3.0 +branches, except for OpenSSL 0.9.8 - 0.9.8b. + +=item * + +Any stable release of L in the 2.0 - 3.4 +series, except for LibreSSL 3.2.2 and 3.2.3. + +=back + +Net::SSLeay may not function as expected with releases other than the ones +listed above due to libssl API incompatibilities, or, in the case of LibreSSL, +because of deviations from the libssl API. + +Net::SSLeay is only as secure as the underlying libssl implementation you use. +Although Net::SSLeay maintains compatibility with old versions of OpenSSL and +LibreSSL, it is B that you use a version of OpenSSL or +LibreSSL that is supported by the OpenSSL/LibreSSL developers and/or your +operating system vendor. Many unsupported versions of OpenSSL and LibreSSL are +known to contain severe security vulnerabilities. Refer to the +L +and L for +information on which versions are currently supported. + +The libssl API has changed significantly since OpenSSL 0.9.8: hundreds of +functions have been added, deprecated or removed in the intervening versions. +Although this documentation lists all of the functions and constants that +Net::SSLeay may expose, they will not be available for use if they are missing +from the underlying libssl implementation. Refer to the compatibility notes in +this documentation, as well as the OpenSSL/LibreSSL manual pages, for +information on which OpenSSL/LibreSSL versions support each function or +constant. At run-time, you can check whether a function or constant is exposed +before calling it using the following convention: + + if ( defined &Net::SSLeay::libssl_function ) { + # libssl_function() (or SSL_libssl_function()) is available + Net::SSLeay::libssl_function(...); + } + +=head1 OVERVIEW + +L module basically comprise of: + +=over + +=item * High level functions for accessing web servers (by using HTTP/HTTPS) + +=item * Low level API (mostly mapped 1:1 to openssl's C functions) + +=item * Convenience functions (related to low level API but with more perl friendly interface) + +=back + +There is also a related module called L included in this +distribution that you might want to use instead. It has its own pod +documentation. + +=head2 High level functions for accessing web servers + +This module offers some high level convenience functions for accessing +web pages on SSL servers (for symmetry, the same API is offered for +accessing http servers, too), an C function for writing your own +clients, and finally access to the SSL api of the SSLeay/OpenSSL package +so you can write servers or clients for more complicated applications. + +For high level functions it is most convenient to import them into your +main namespace as indicated in the synopsis. + +=head3 Basic set of functions + +=over + +=item * get_https + +=item * post_https + +=item * put_https + +=item * head_https + +=item * do_https + +=item * sslcat + +=item * https_cat + +=item * make_form + +=item * make_headers + +=back + +B demonstrates the typical invocation of get_https() to fetch an HTML +page from secure server. The first argument provides the hostname or IP +in dotted decimal notation of the remote server to contact. The second +argument is the TCP port at the remote end (your own port is picked +arbitrarily from high numbered ports as usual for TCP). The third +argument is the URL of the page without the host name part. If in +doubt consult the HTTP specifications at L. + +B demonstrates full fledged use of C. As can be seen, +C parses the response and response headers and returns them as +a list, which can be captured in a hash for later reference. Also a +fourth argument to C is used to insert some additional headers +in the request. C is a function that will convert a list or +hash to such headers. By default C supplies C (to make +virtual hosting easy) and C (reportedly needed by IIS) headers. + +B demonstrates how to get a password protected page. Refer to +the HTTP protocol specifications for further details (e.g. RFC-2617). + +B invokes C to submit a HTML/CGI form to a secure +server. The first four arguments are equal to C (note that +the empty string (C<''>) is passed as header argument). +The fifth argument is the +contents of the form formatted according to CGI specification. +Do not post UTF-8 data as content: use utf8::downgrade first. In this +case the helper function C is used to do the formatting, +but you could pass any string. C automatically adds +C and C headers to the request. + +B shows the fundamental C function (inspired in spirit by +the C utility :-). It's your swiss army knife that allows you to +easily contact servers, send some data, and then get the response. You +are responsible for formatting the data and parsing the response - +C is just a transport. + +B is a full invocation of C which allows the return of errors +as well as the server (peer) certificate. + +The C<$trace> global variable can be used to control the verbosity of the +high level functions. Level 0 guarantees silence, level 1 (the default) +only emits error messages. + +=head3 Alternate versions of high-level API + +=over + +=item * get_https3 + +=item * post_https3 + +=item * put_https3 + +=item * get_https4 + +=item * post_https4 + +=item * put_https4 + +=back + +The above mentioned functions actually return the response headers as +a list, which only gets converted to hash upon assignment (this +assignment looses information if the same header occurs twice, as may +be the case with cookies). There are also other variants of the +functions that return unprocessed headers and that return a reference +to a hash. + + ($page, $response, @headers) = get_https('www.bacus.pt', 443, '/'); + for ($i = 0; $i < $#headers; $i+=2) { + print "$headers[$i] = " . $headers[$i+1] . "\n"; + } + + ($page, $response, $headers, $server_cert) + = get_https3('www.bacus.pt', 443, '/'); + print "$headers\n"; + + ($page, $response, $headers_ref) + = get_https4('www.bacus.pt', 443, '/'); + for $k (sort keys %{$headers_ref}) { + for $v (@{$$headers_ref{$k}}) { + print "$k = $v\n"; + } + } + +All of the above code fragments accomplish the same thing: display all +values of all headers. The API functions ending in "3" return the +headers simply as a scalar string and it is up to the application to +split them up. The functions ending in "4" return a reference to +a hash of arrays (see L and L if you are +not familiar with complex perl data structures). To access a single value +of such a header hash you would do something like + + print $$headers_ref{COOKIE}[0]; + +Variants 3 and 4 also allow you to discover the server certificate +in case you would like to store or display it, e.g. + + ($p, $resp, $hdrs, $server_cert) = get_https3('www.bacus.pt', 443, '/'); + if (!defined($server_cert) || ($server_cert == 0)) { + warn "Subject Name: undefined, Issuer Name: undefined"; + } else { + warn 'Subject Name: ' + . Net::SSLeay::X509_NAME_oneline( + Net::SSLeay::X509_get_subject_name($server_cert)) + . 'Issuer Name: ' + . Net::SSLeay::X509_NAME_oneline( + Net::SSLeay::X509_get_issuer_name($server_cert)); + } + +Beware that this method only allows after the fact verification of +the certificate: by the time C has returned the https +request has already been sent to the server, whether you decide to +trust it or not. To do the verification correctly you must either +employ the OpenSSL certificate verification framework or use +the lower level API to first connect and verify the certificate +and only then send the http data. See the implementation of C +for guidance on how to do this. + +=head3 Using client certificates + +Secure web communications are encrypted using symmetric crypto keys +exchanged using encryption based on the certificate of the +server. Therefore in all SSL connections the server must have a +certificate. This serves both to authenticate the server to the +clients and to perform the key exchange. + +Sometimes it is necessary to authenticate the client as well. Two +options are available: HTTP basic authentication and a client side +certificate. The basic authentication over HTTPS is actually quite +safe because HTTPS guarantees that the password will not travel in +the clear. Never-the-less, problems like easily guessable passwords +remain. The client certificate method involves authentication of the +client at the SSL level using a certificate. For this to work, both the +client and the server have certificates (which typically are +different) and private keys. + +The API functions outlined above accept additional arguments that +allow one to supply the client side certificate and key files. The +format of these files is the same as used for server certificates and +the caveat about encrypting private keys applies. + + ($page, $result, %headers) = # 2c + = get_https('www.bacus.pt', 443, '/protected.html', + make_headers(Authorization => + 'Basic ' . MIME::Base64::encode("$user:$pass",'')), + '', $mime_type6, $path_to_crt7, $path_to_key8); + + ($page, $response, %reply_headers) + = post_https('www.bacus.pt', 443, '/foo.cgi', # 3b + make_headers('Authorization' => + 'Basic ' . MIME::Base64::encode("$user:$pass",'')), + make_form(OK => '1', name => 'Sampo'), + $mime_type6, $path_to_crt7, $path_to_key8); + +B demonstrates getting a password protected page that also requires +a client certificate, i.e. it is possible to use both authentication +methods simultaneously. + +B is a full blown POST to a secure server that requires both password +authentication and a client certificate, just like in case 2c. + +Note: The client will not send a certificate unless the server requests one. +This is typically achieved by setting the verify mode to C on the +server: + + Net::SSLeay::set_verify(ssl, Net::SSLeay::VERIFY_PEER, 0); + +See C for a full description. + +=head3 Working through a web proxy + +=over + +=item * set_proxy + +=back + +C can use a web proxy to make its connections. You need to +first set the proxy host and port using C and then just +use the normal API functions, e.g: + + Net::SSLeay::set_proxy('gateway.myorg.com', 8080); + ($page) = get_https('www.bacus.pt', 443, '/'); + +If your proxy requires authentication, you can supply a username and +password as well + + Net::SSLeay::set_proxy('gateway.myorg.com', 8080, 'joe', 'salainen'); + ($page, $result, %headers) = + = get_https('www.bacus.pt', 443, '/protected.html', + make_headers(Authorization => + 'Basic ' . MIME::Base64::encode("susie:pass",'')) + ); + +This example demonstrates the case where we authenticate to the proxy as +C<"joe"> and to the final web server as C<"susie">. Proxy authentication +requires the C module to work. + +=head3 HTTP (without S) API + +=over + +=item * get_http + +=item * post_http + +=item * tcpcat + +=item * get_httpx + +=item * post_httpx + +=item * tcpxcat + +=back + +Over the years it has become clear that it would be convenient to use +the light-weight flavour API of C for normal HTTP as well (see +C for the heavy-weight object-oriented approach). In fact it would be +nice to be able to flip https on and off on the fly. Thus regular HTTP +support was evolved. + + use Net::SSLeay qw(get_http post_http tcpcat + get_httpx post_httpx tcpxcat + make_headers make_form); + + ($page, $result, %headers) + = get_http('www.bacus.pt', 443, '/protected.html', + make_headers(Authorization => + 'Basic ' . MIME::Base64::encode("$user:$pass",'')) + ); + + ($page, $response, %reply_headers) + = post_http('www.bacus.pt', 443, '/foo.cgi', '', + make_form(OK => '1', + name => 'Sampo' + )); + + ($reply, $err) = tcpcat($host, $port, $request); + + ($page, $result, %headers) + = get_httpx($usessl, 'www.bacus.pt', 443, '/protected.html', + make_headers(Authorization => + 'Basic ' . MIME::Base64::encode("$user:$pass",'')) + ); + + ($page, $response, %reply_headers) + = post_httpx($usessl, 'www.bacus.pt', 443, '/foo.cgi', '', + make_form(OK => '1', name => 'Sampo' )); + + ($reply, $err, $server_cert) = tcpxcat($usessl, $host, $port, $request); + +As can be seen, the C<"x"> family of APIs takes as the first argument a flag +which indicates whether SSL is used or not. + +=head2 Certificate verification and Certificate Revocation Lists (CRLs) + +OpenSSL supports the ability to verify peer certificates. It can also +optionally check the peer certificate against a Certificate Revocation +List (CRL) from the certificates issuer. A CRL is a file, created by +the certificate issuer that lists all the certificates that it +previously signed, but which it now revokes. CRLs are in PEM format. + +You can enable C checking like this: + + &Net::SSLeay::X509_STORE_set_flags + (&Net::SSLeay::CTX_get_cert_store($ssl), + &Net::SSLeay::X509_V_FLAG_CRL_CHECK); + +After setting this flag, if OpenSSL checks a peer's certificate, then +it will attempt to find a CRL for the issuer. It does this by looking +for a specially named file in the search directory specified by +CTX_load_verify_locations. CRL files are named with the hash of the +issuer's subject name, followed by C<.r0>, C<.r1> etc. For example +C, C. It will read all the .r files for the +issuer, and then check for a revocation of the peer certificate in all +of them. (You can also force it to look in a specific named CRL +file., see below). You can find out the hash of the issuer subject +name in a CRL with + + openssl crl -in crl.pem -hash -noout + +If the peer certificate does not pass the revocation list, or if no +CRL is found, then the handshaking fails with an error. + +You can also force OpenSSL to look for CRLs in one or more arbitrarily +named files. + + my $bio = Net::SSLeay::BIO_new_file($crlfilename, 'r'); + my $crl = Net::SSLeay::PEM_read_bio_X509_CRL($bio); + if ($crl) { + Net::SSLeay::X509_STORE_add_crl( + Net::SSLeay::CTX_get_cert_store($ssl, $crl) + ); + } else { + error reading CRL.... + } + +Usually the URLs where you can download the CRLs is contained in the certificate +itself and you can extract them with + + my @url = Net::SSLeay::P_X509_get_crl_distribution_points($cert) + +But there is no automatic downloading of the CRLs and often these CRLs are too +huge to just download them to verify a single certificate. +Also, these CRLs are often in DER format which you need to convert to PEM before +you can use it: + + openssl crl -in crl.der -inform der -out crl.pem + +So as an alternative for faster and timely revocation checks you better use +the Online Status Revocation Protocol (OCSP). + +=head2 Certificate verification and Online Status Revocation Protocol (OCSP) + +While checking for revoked certificates is possible and fast with Certificate +Revocation Lists, you need to download the complete and often huge list before +you can verify a single certificate. + +A faster way is to ask the CA to check the revocation of just a single or a few +certificates using OCSP. Basically you generate for each certificate an +OCSP_CERTID based on the certificate itself and its issuer, put the ids +togetether into an OCSP_REQUEST and send the request to the URL given in the +certificate. + +As a result you get back an OCSP_RESPONSE and need to check the status of the +response, check that it is valid (e.g. signed by the CA) and finally extract the +information about each OCSP_CERTID to find out if the certificate is still valid +or got revoked. + +With Net::SSLeay this can be done like this: + + # get id(s) for given certs, like from get_peer_certificate + # or get_peer_cert_chain. This will croak if + # - one tries to make an OCSP_CERTID for a self-signed certificate + # - the issuer of the certificate cannot be found in the SSL objects + # store, nor in the current certificate chain + my $cert = Net::SSLeay::get_peer_certificate($ssl); + my $id = eval { Net::SSLeay::OCSP_cert2ids($ssl,$cert) }; + die "failed to make OCSP_CERTID: $@" if $@; + + # create OCSP_REQUEST from id(s) + # Multiple can be put into the same request, if the same OCSP responder + # is responsible for them. + my $req = Net::SSLeay::OCSP_ids2req($id); + + # determine URI of OCSP responder + my $uri = Net::SSLeay::P_X509_get_ocsp_uri($cert); + + # Send stringified OCSP_REQUEST with POST to $uri. + # We can ignore certificate verification for https, because the OCSP + # response itself is signed. + my $ua = HTTP::Tiny->new(verify_SSL => 0); + my $res = $ua->request( 'POST',$uri, { + headers => { 'Content-type' => 'application/ocsp-request' }, + content => Net::SSLeay::i2d_OCSP_REQUEST($req) + }); + my $content = $res && $res->{success} && $res->{content} + or die "query failed"; + + # Extract OCSP_RESPONSE. + # this will croak if the string is not an OCSP_RESPONSE + my $resp = eval { Net::SSLeay::d2i_OCSP_RESPONSE($content) }; + + # Check status of response. + my $status = Net::SSLeay::OCSP_response_status($resp); + if ($status != Net::SSLeay::OCSP_RESPONSE_STATUS_SUCCESSFUL()) + die "OCSP response failed: ". + Net::SSLeay::OCSP_response_status_str($status); + } + + # Verify signature of response and if nonce matches request. + # This will croak if there is a nonce in the response, but it does not match + # the request. It will return false if the signature could not be verified, + # in which case details can be retrieved with Net::SSLeay::ERR_get_error. + # It will not complain if the response does not contain a nonce, which is + # usually the case with pre-signed responses. + if ( ! eval { Net::SSLeay::OCSP_response_verify($ssl,$resp,$req) }) { + die "OCSP response verification failed"; + } + + # Extract information from OCSP_RESPONSE for each of the ids. + + # If called in scalar context it will return the time (as time_t), when the + # next update is due (minimum of all successful responses inside $resp). It + # will croak on the following problems: + # - response is expired or not yet valid + # - no response for given OCSP_CERTID + # - certificate status is not good (e.g. revoked or unknown) + if ( my $nextupd = eval { Net::SSLeay::OCSP_response_results($resp,$id) }) { + warn "certificate is valid, next update in ". + ($nextupd-time())." seconds\n"; + } else { + die "certificate is not valid: $@"; + } + + # But in array context it will return detailed information about each given + # OCSP_CERTID instead croaking on errors: + # if no @ids are given it will return information about all single responses + # in the OCSP_RESPONSE + my @results = Net::SSLeay::OCSP_response_results($resp,@ids); + for my $r (@results) { + print Dumper($r); + # @results are in the same order as the @ids and contain: + # $r->[0] - OCSP_CERTID + # $r->[1] - undef if no error (certificate good) OR error message as string + # $r->[2] - hash with details: + # thisUpdate - time_t of this single response + # nextUpdate - time_t when update is expected + # statusType - integer: + # V_OCSP_CERTSTATUS_GOOD(0) + # V_OCSP_CERTSTATUS_REVOKED(1) + # V_OCSP_CERTSTATUS_UNKNOWN(2) + # revocationTime - time_t (only if revoked) + # revocationReason - integer (only if revoked) + # revocationReason_str - reason as string (only if revoked) + } + +To further speed up certificate revocation checking one can use a TLS extension +to instruct the server to staple the OCSP response: + + # set TLS extension before doing SSL_connect + Net::SSLeay::set_tlsext_status_type($ssl, + Net::SSLeay::TLSEXT_STATUSTYPE_ocsp()); + + # setup callback to verify OCSP response + my $cert_valid = undef; + Net::SSLeay::CTX_set_tlsext_status_cb($context,sub { + my ($ssl,$resp) = @_; + if (!$resp) { + # Lots of servers don't return an OCSP response. + # In this case we must check the OCSP status outside the SSL + # handshake. + warn "server did not return stapled OCSP response\n"; + return 1; + } + # verify status + my $status = Net::SSLeay::OCSP_response_status($resp); + if ($status != Net::SSLeay::OCSP_RESPONSE_STATUS_SUCCESSFUL()) { + warn "OCSP response failure: $status\n"; + return 1; + } + # verify signature - we have no OCSP_REQUEST here to check nonce + if (!eval { Net::SSLeay::OCSP_response_verify($ssl,$resp) }) { + warn "OCSP response verify failed\n"; + return 1; + } + # check if the certificate is valid + # we should check here against the peer_certificate + my $cert = Net::SSLeay::get_peer_certificate(); + my $certid = eval { Net::SSLeay::OCSP_cert2ids($ssl,$cert) } or do { + warn "cannot get certid from cert: $@"; + $cert_valid = -1; + return 1; + }; + + if ( $nextupd = eval { + Net::SSLeay::OCSP_response_results($resp,$certid) }) { + warn "certificate not revoked\n"; + $cert_valid = 1; + } else { + warn "certificate not valid: $@"; + $cert_valid = 0; + } + }); + + # do SSL handshake here + .... + # check if certificate revocation was checked already + if ( ! defined $cert_valid) { + # check revocation outside of SSL handshake by asking OCSP responder + ... + } elsif ( ! $cert_valid ) { + die "certificate not valid - closing SSL connection"; + } elsif ( $cert_valid<0 ) { + die "cannot verify certificate revocation - self-signed ?"; + } else { + # everything fine + ... + } + + +=head2 Using Net::SSLeay in multi-threaded applications + +B + +Net::SSLeay module implements all necessary stuff to be ready for multi-threaded +environment - it requires openssl-0.9.7 or newer. The implementation fully follows thread safety related requirements +of openssl library(see L). + +If you are about to use Net::SSLeay (or any other module based on Net::SSLeay) in multi-threaded +perl application it is recommended to follow this best-practice: + +=head3 Initialization + +Load and initialize Net::SSLeay module in the main thread: + + use threads; + use Net::SSLeay; + + Net::SSLeay::load_error_strings(); + Net::SSLeay::SSLeay_add_ssl_algorithms(); + Net::SSLeay::randomize(); + + sub do_master_job { + #... call whatever from Net::SSLeay + } + + sub do_worker_job { + #... call whatever from Net::SSLeay + } + + #start threads + my $master = threads->new(\&do_master_job, 'param1', 'param2'); + my @workers = threads->new(\&do_worker_job, 'arg1', 'arg2') for (1..10); + + #waiting for all threads to finish + $_->join() for (threads->list); + +NOTE: Openssl's C function (which is also aliased as +C, C and C) +is not re-entrant and multiple calls can cause a crash in threaded application. +Net::SSLeay implements flags preventing repeated calls to this function, +therefore even multiple initialization via Net::SSLeay::SSLeay_add_ssl_algorithms() +should work without trouble. + +=head3 Using callbacks + +Do not use callbacks across threads (the module blocks cross-thread callback operations +and throws a warning). Always do the callback setup, callback use and callback destruction +within the same thread. + +=head3 Using openssl elements + +All openssl elements (X509, SSL_CTX, ...) can be directly passed between threads. + + use threads; + use Net::SSLeay; + + Net::SSLeay::load_error_strings(); + Net::SSLeay::SSLeay_add_ssl_algorithms(); + Net::SSLeay::randomize(); + + sub do_job { + my $context = shift; + Net::SSLeay::CTX_set_default_passwd_cb($context, sub { "secret" }); + #... + } + + my $c = Net::SSLeay::CTX_new(); + threads->create(\&do_job, $c); + +Or: + + use threads; + use Net::SSLeay; + + my $context; #does not need to be 'shared' + + Net::SSLeay::load_error_strings(); + Net::SSLeay::SSLeay_add_ssl_algorithms(); + Net::SSLeay::randomize(); + + sub do_job { + Net::SSLeay::CTX_set_default_passwd_cb($context, sub { "secret" }); + #... + } + + $context = Net::SSLeay::CTX_new(); + threads->create(\&do_job); + + +=head3 Using other perl modules based on Net::SSLeay + +It should be fine to use any other module based on L (like L) +in multi-threaded applications. It is generally recommended to do any global initialization +of such a module in the main thread before calling C<< threads->new(..) >> or +C<< threads->create(..) >> but it might differ module by module. + +To be safe you can load and init Net::SSLeay explicitly in the main thread: + + use Net::SSLeay; + use Other::SSLeay::Based::Module; + + Net::SSLeay::load_error_strings(); + Net::SSLeay::SSLeay_add_ssl_algorithms(); + Net::SSLeay::randomize(); + +Or even safer: + + use Net::SSLeay; + use Other::SSLeay::Based::Module; + + BEGIN { + Net::SSLeay::load_error_strings(); + Net::SSLeay::SSLeay_add_ssl_algorithms(); + Net::SSLeay::randomize(); + } + +=head3 Combining Net::SSLeay with other modules linked with openssl + +B + +There are many other (XS) modules linked directly to openssl library (like L). + +As it is expected that also "another" module will call C at some point +we have again a trouble with multiple openssl initialization by Net::SSLeay and "another" module. + +As you can expect Net::SSLeay is not able to avoid multiple initialization of openssl library +called by "another" module, thus you have to handle this on your own (in some cases it might +not be possible at all to avoid this). + +=head3 Threading with get_https and friends + +The convenience functions get_https, post_https etc all initialize the SSL library by calling +Net::SSLeay::initialize which does the conventional library initialization: + + Net::SSLeay::load_error_strings(); + Net::SSLeay::SSLeay_add_ssl_algorithms(); + Net::SSLeay::randomize(); + +Net::SSLeay::initialize initializes the SSL library at most once. +You can override the Net::SSLeay::initialize function if you desire +some other type of initialization behaviour by get_https and friends. +You can call Net::SSLeay::initialize from your own code if you desire this conventional library initialization. + +=head2 Convenience routines + +To be used with Low level API + + Net::SSLeay::randomize($rn_seed_file,$additional_seed); + Net::SSLeay::set_cert_and_key($ctx, $cert_path, $key_path); + $cert = Net::SSLeay::dump_peer_certificate($ssl); + Net::SSLeay::ssl_write_all($ssl, $message) or die "ssl write failure"; + $got = Net::SSLeay::ssl_read_all($ssl) or die "ssl read failure"; + + $got = Net::SSLeay::ssl_read_CRLF($ssl [, $max_length]); + $got = Net::SSLeay::ssl_read_until($ssl [, $delimit [, $max_length]]); + Net::SSLeay::ssl_write_CRLF($ssl, $message); + +=over + +=item * randomize + +seeds the openssl PRNG with C (see the top of C +for how to change or configure this) and optionally with user provided +data. It is very important to properly seed your random numbers, so +do not forget to call this. The high level API functions automatically +call C so it is not needed with them. See also caveats. + +=item * set_cert_and_key + +takes two file names as arguments and sets +the certificate and private key to those. This can be used to +set either server certificates or client certificates. + +=item * dump_peer_certificate + +allows you to get a plaintext description of the +certificate the peer (usually the server) presented to us. + +=item * ssl_read_all + +see ssl_write_all (below) + +=item * ssl_write_all + +C and C provide true blocking semantics for +these operations (see limitation, below, for explanation). These are +much preferred to the low level API equivalents (which implement BSD +blocking semantics). The message argument to C can be +a reference. This is helpful to avoid unnecessary copying when writing +something big, e.g: + + $data = 'A' x 1000000000; + Net::SSLeay::ssl_write_all($ssl, \$data) or die "ssl write failed"; + +=item * ssl_read_CRLF + +uses C to read in a line terminated with a +carriage return followed by a linefeed (CRLF). The CRLF is included in +the returned scalar. + +=item * ssl_read_until + +uses C to read from the SSL input +stream until it encounters a programmer specified delimiter. +If the delimiter is undefined, C<$/> is used. If C<$/> is undefined, +C<\n> is used. One can optionally set a maximum length of bytes to read +from the SSL input stream. + +=item * ssl_write_CRLF + +writes C<$message> and appends CRLF to the SSL output stream. + +=back + +=head2 Initialization + +In order to use the low level API you should start your programs with +the following incantation: + + use Net::SSLeay qw(die_now die_if_ssl_error); + Net::SSLeay::load_error_strings(); + Net::SSLeay::SSLeay_add_ssl_algorithms(); # Important! + Net::SSLeay::ENGINE_load_builtin_engines(); # If you want built-in engines + Net::SSLeay::ENGINE_register_all_complete(); # If you want built-in engines + Net::SSLeay::randomize(); + +=head2 Error handling functions + +I can not emphasize the need to check for error enough. Use these +functions even in the most simple programs, they will reduce debugging +time greatly. Do not ask questions on the mailing list without having +first sprinkled these in your code. + +=over + +=item * die_now + +=item * die_if_ssl_error + +C and C are used to conveniently print the SSLeay error +stack when something goes wrong: + + Net::SSLeay::connect($ssl) or die_now("Failed SSL connect ($!)"); + + + Net::SSLeay::write($ssl, "foo") or die_if_ssl_error("SSL write ($!)"); + +=item * print_errs + +You can also use C to dump the error stack without +exiting the program. As can be seen, your code becomes much more readable +if you import the error reporting functions into your main name space. + +=back + +=head2 Sockets + +Perl uses file handles for all I/O. While SSLeay has a quite flexible BIO +mechanism and perl has an evolved PerlIO mechanism, this module still +sticks to using file descriptors. Thus to attach SSLeay to a socket you +should use C to extract the underlying file descriptor: + + Net::SSLeay::set_fd($ssl, fileno(S)); # Must use fileno + +You should also set C<$|> to 1 to eliminate STDIO buffering so you do not +get confused if you use perl I/O functions to manipulate your socket +handle. + +If you need to C on the socket, go right ahead, but be warned +that OpenSSL does some internal buffering so SSL_read does not always +return data even if the socket selected for reading (just keep on +selecting and trying to read). C is no different from the +C language OpenSSL in this respect. + +=head2 Callbacks + +You can establish a per-context verify callback function something like this: + + sub verify { + my ($ok, $x509_store_ctx) = @_; + print "Verifying certificate...\n"; + ... + return $ok; + } + +It is used like this: + + Net::SSLeay::set_verify ($ssl, Net::SSLeay::VERIFY_PEER, \&verify); + +Per-context callbacks for decrypting private keys are implemented. + + Net::SSLeay::CTX_set_default_passwd_cb($ctx, sub { "top-secret" }); + Net::SSLeay::CTX_use_PrivateKey_file($ctx, "key.pem", + Net::SSLeay::FILETYPE_PEM) + or die "Error reading private key"; + Net::SSLeay::CTX_set_default_passwd_cb($ctx, undef); + +If Hello Extensions are supported by your OpenSSL, +a session secret callback can be set up to be called when a session secret is set +by openssl. + +Establish it like this: + + Net::SSLeay::set_session_secret_cb($ssl, \&session_secret_cb, $somedata); + +It will be called like this: + + sub session_secret_cb + { + my ($secret, \@cipherlist, \$preferredcipher, $somedata) = @_; + } + + +No other callbacks are implemented. You do not need to use any +callback for simple (i.e. normal) cases where the SSLeay built-in +verify mechanism satisfies your needs. + +It is required to reset these callbacks to undef immediately after use to prevent +memory leaks, thread safety problems and crashes on exit that +can occur if different threads set different callbacks. + +If you want to use callback stuff, see examples/callback.pl! It's the +only one I am able to make work reliably. + +=head2 Low level API + +In addition to the high level functions outlined above, this module +contains straight-forward access to CRYPTO and SSL parts of OpenSSL C API. + +See the C<*.h> headers from OpenSSL C distribution for a list of low level +SSLeay functions to call (check SSLeay.xs to see if some function has been +implemented). The module strips the initial C<"SSL_"> off of the SSLeay names. +Generally you should use C in its place. + +Note that some functions are prefixed with C<"P_"> - these are very close to +the original API however contain some kind of a wrapper making its interface +more perl friendly. + +For example: + +In C: + + #include + + err = SSL_set_verify (ssl, SSL_VERIFY_CLIENT_ONCE, + &your_call_back_here); + +In Perl: + + use Net::SSLeay; + + $err = Net::SSLeay::set_verify ($ssl, + Net::SSLeay::VERIFY_CLIENT_ONCE, + \&your_call_back_here); + +If the function does not start with C you should use the full +function name, e.g.: + + $err = Net::SSLeay::ERR_get_error; + +The following new functions behave in perlish way: + + $got = Net::SSLeay::read($ssl); + # Performs SSL_read, but returns $got + # resized according to data received. + # Returns undef on failure. + + Net::SSLeay::write($ssl, $foo) || die; + # Performs SSL_write, but automatically + # figures out the size of $foo + +=head3 Low level API: Version and library information related functions + +=over + +=item * OpenSSL_version_num and SSLeay + +B SSLeay() is not available in Net-SSLeay-1.42 and +before. SSLeay() was made an alias of OpenSSL_version_num() in OpenSSL +1.1.0 and LibreSSL 2.7.0. + +B OpenSSL_version_num() requires at least +Net-SSLeay-1.82 with OpenSSL 1.1.0, or Net-SSLeay-1.88 with LibreSSL +2.7.0. + +Both functions return OPENSSL_VERSION_NUMBER constant (numeric) as +defined by the underlying OpenSSL or LibreSSL library. + + my $ver_number = Net::SSLeay::SSLeay(); +or + my $ver_number = Net::SSLeay::OpenSSL_version_num(); + # returns: OPENSSL_VERSION_NUMBER constant + + OpenSSL version numbering is: + + # 0x00903100 => openssl-0.9.3 + # 0x00904100 => openssl-0.9.4 + # 0x00905100 => openssl-0.9.5 + # 0x0090600f => openssl-0.9.6 + # 0x0090601f => openssl-0.9.6a + # ... + # 0x009060df => openssl-0.9.6m + # 0x0090700f => openssl-0.9.7 + # 0x0090701f => openssl-0.9.7a + # ... + # 0x009070df => openssl-0.9.7m + # 0x0090800f => openssl-0.9.8 + # 0x0090801f => openssl-0.9.8a + # ... + # 0x0090821f => openssl-0.9.8zh + # 0x1000000f => openssl-1.0.0 + # ... + # 0x1000014f => openssl-1.0.0t + # 0x1000100f => openssl-1.0.1 + # ... + # 0x1000115f => openssl-1.0.1u + # 0x1000200f => openssl-1.0.2 + # ... + # 0x1000215f => openssl-1.0.2u + # 0x1010000f => openssl-1.1.0 + # ... + # 0x101000cf => openssl-1.1.0l + # 0x1010100f => openssl-1.1.1 + # ... + # 0x101010df => openssl-1.1.1m + # 0x30000000 => openssl-3.0.0 + # 0x30000010 => openssl-3.0.1 + + Note that OpenSSL 3.0.0 and later do not set the status nibble in the + least significant octet to f. + + LibreSSL returns 0x20000000 always: + + # 0x20000000 => libressl-2.2.1 + # ... + # 0x20000000 => libressl-3.4.2 + +You can use the version number like this when you know that the +underlying library is OpenSSL: + + if (Net::SSLeay::SSLeay() < 0x0090800f) { + die "You need OpenSSL 0.9.8 or higher"; + } + +LibresSSL 2.2.2 and later define constant LIBRESSL_VERSION_NUMBER that +gives the LibreSSL version number. The format is the same that OpenSSL +uses with OPENSSL_VERSION_NUMBER. You can do this if you need to +check that the underlying library is LibreSSL and it's recent enough: + + + if (Net::SSLeay::SSLeay() != 0x20000000 || + Net::SSLeay::LIBRESSL_VERSION_NUMBER() < 0x3040200f) { + die "You need LibreSSL. Version 3.4.2 or higher"; + } + +Check openssl doc +L + +See OpenSSL 1.1.1 and earlier documentation for the details of status +nibble and the format interpretation. + +=item * SSLeay_version + +B not available in Net-SSLeay-1.42 and before + +Returns different strings depending on $type. + + my $ver_string = Net::SSLeay::SSLeay_version($type); + # $type + # SSLEAY_VERSION - e.g. 'OpenSSL 1.0.0d 8 Feb 2011' + # SSLEAY_CFLAGS - e.g. 'compiler: gcc -D_WINDLL -DOPENSSL_USE_APPLINK .....' + # SSLEAY_BUILT_ON - e.g. 'built on: Fri May 6 00:00:46 GMT 2011' + # SSLEAY_PLATFORM - e.g. 'platform: mingw' + # SSLEAY_DIR - e.g. 'OPENSSLDIR: "z:/...."' + # + # returns: string + + Net::SSLeay::SSLeay_version(); + #is equivalent to + Net::SSLeay::SSLeay_version(SSLEAY_VERSION); + +OpenSSL 1.1.0 changed SSLeay_version() to an alias of +OpenSSL_version(). To ensure correct functionality with LibreSSL, use +SSLEAY_* constants with SSLeay_version() and OPENSSL_* constants with +OpenSSL_version(). + +Check openssl doc L + +OpenSSL website no longer has a manual page for SSLeay_version(). + +=item * OpenSSL_version + +B requires at least Net-SSLeay-1.82 with OpenSSL +1.1.0, or Net-SSLeay-1.88 with LibreSSL 2.7.0. + +Returns different strings depending on $t. Available $t constants +depend on the library version. + + my $ver_string = Net::SSLeay::OpenSSL_version($t); + # $t + # OPENSSL_VERSION - e.g. 'OpenSSL 1.1.0g 2 Nov 2017' + # OPENSSL_CFLAGS - e.g. 'compiler: cc -DDSO_DLFCN -DHAVE_DLFCN_H .....' + # OPENSSL_BUILT_ON - e.g. 'built on: reproducible build, date unspecified' + # OPENSSL_PLATFORM - e.g. 'platform: darwin64-x86_64-cc' + # OPENSSL_DIR - e.g. 'OPENSSLDIR: "/opt/openssl-1.1.0g"' + # OPENSSL_ENGINES_DIR - e.g. 'ENGINESDIR: "/opt/openssl-1.1.0g/lib/engines-1.1"' + # + # returns: string + + Net::SSLeay::OpenSSL_version(); + #is equivalent to + Net::SSLeay::OpenSSL_version(OPENSSL_VERSION); + +Check openssl doc L + +=item * OPENSSL_info + +B not available in Net-SSLeay-1.90 and before; requires at least OpenSSL 3.0.0-alpha1 + +Returns different strings depending on $t. Available $t constants +depend on the library version. + + my $info_string = Net::SSLeay::OPENSSL_info($t); + # $t + # OPENSSL_INFO_CONFIG_DIR - e.g. '/opt/openssl-3.0.1' + # OPENSSL_INFO_... + # + # returns: string + +Check openssl doc L + +=item * OPENSSL_version_major, OPENSSL_version_minor and OPENSSL_version_patch + +B not available in Net-SSLeay-1.90 and before; requires at least OpenSSL 3.0.0-alpha1, not in LibreSSL + +Return constants OPENSSL_VERSION_MAJOR, OPENSSL_VERSION_MINOR and OPENSSL_VERSION_PATCH, respectively. + + my $major = Net::SSLeay::OPENSSL_version_major(); + my $minor = Net::SSLeay::OPENSSL_version_minor(); + my $patch = Net::SSLeay::OPENSSL_version_patch(); + # + # return: integer + +For example with OpenSSL 3.0.1, $major is 3, $minor is 0 and $patch is 1. + +Note: the constants record Net::SSLeay compile time values whereas the +three functions return values from the library. Typically these are +the same, but they can be different if the library version is updated +but Net::SSLeay is not re-compiled. See the OpenSSL and LibreSSL +API/ABI compatibility statements for more information. + +Check openssl doc L + +=item * OPENSSL_version_pre_release + +B not available in Net-SSLeay-1.90 and before; requires at least OpenSSL 3.0.0-alpha1, not in LibreSSL + +Return constant string defined by C macro OPENSSL_VERSION_PRE_RELEASE. + + my $pre_release = Net::SSLeay::OPENSSL_version_pre_release(); + # + # returns: string + + For example: "-alpha3" or "" for a release version. + +When the macro is not defined, an empty string is returned instead. + +Check openssl doc L + +=item * OPENSSL_version_build_metadata() + +B not available in Net-SSLeay-1.90 and before; requires at least OpenSSL 3.0.0-alpha1, not in LibreSSL + +Return constant string defined by C macro OPENSSL_VERSION_BUILD_METADATA. + + my $metadata = Net::SSLeay::OPENSSL_version_build_metadata(); + # + # returns: string + + For example: "+fips" or "". + +When the macro is not defined, an empty string is returned instead. + +Check openssl doc L + + +=back + +=head3 Low level API: Initialization related functions + +=over + +=item * library_init + +Initialize SSL library by registering algorithms. + + my $rv = Net::SSLeay::library_init(); + +Check openssl doc L + +While the original function from OpenSSL always returns 1, Net::SSLeay adds a +wrapper around it to make sure that the OpenSSL function is only called once. +Thus the function will return 1 if initialization was done and 0 if not, i.e. if +initialization was done already before. + +=item * add_ssl_algorithms + +The alias for L + + Net::SSLeay::add_ssl_algorithms(); + +=item * OpenSSL_add_ssl_algorithms + +The alias for L + + Net::SSLeay::OpenSSL_add_ssl_algorithms(); + +=item * SSLeay_add_ssl_algorithms + +The alias for L + + Net::SSLeay::SSLeay_add_ssl_algorithms(); + +=item * load_error_strings + +Registers the error strings for all libcrypto + libssl related functions. + + Net::SSLeay::load_error_strings(); + # + # returns: no return value + +Check openssl doc L + +=item * ERR_load_crypto_strings + +Registers the error strings for all libcrypto functions. No need to call this function if you have already called L. + + Net::SSLeay::ERR_load_crypto_strings(); + # + # returns: no return value + +Check openssl doc L + +=item * ERR_load_RAND_strings + +Registers the error strings for RAND related functions. No need to call this function if you have already called L. + + Net::SSLeay::ERR_load_RAND_strings(); + # + # returns: no return value + +=item * ERR_load_SSL_strings + +Registers the error strings for SSL related functions. No need to call this function if you have already called L. + + Net::SSLeay::ERR_load_SSL_strings(); + # + # returns: no return value + +=item * OpenSSL_add_all_algorithms + +B not available in Net-SSLeay-1.45 and before + +Add algorithms to internal table. + + Net::SSLeay::OpenSSL_add_all_algorithms(); + # + # returns: no return value + +Check openssl doc L + +=item * OPENSSL_add_all_algorithms_conf + +B not available in Net-SSLeay-1.45 and before + +Similar to L - will ALWAYS load the config file + + Net::SSLeay::OPENSSL_add_all_algorithms_conf(); + # + # returns: no return value + +=item * OPENSSL_add_all_algorithms_noconf + +B not available in Net-SSLeay-1.45 and before + +Similar to L - will NEVER load the config file + + Net::SSLeay::OPENSSL_add_all_algorithms_noconf(); + # + # returns: no return value + +=back + +=head3 Low level API: ERR_* and SSL_alert_* related functions + +B Please note that SSL_alert_* function have "SSL_" part stripped from their names. + +=over + +=item * ERR_clear_error + +Clear the error queue. + + Net::SSLeay::ERR_clear_error(); + # + # returns: no return value + +Check openssl doc L + +=item * ERR_error_string + +Generates a human-readable string representing the error code $error. + + my $rv = Net::SSLeay::ERR_error_string($error); + # $error - (unsigned integer) error code + # + # returns: string + +Check openssl doc L + +=item * ERR_get_error + +Returns the earliest error code from the thread's error queue and removes the entry. +This function can be called repeatedly until there are no more error codes to return. + + my $rv = Net::SSLeay::ERR_get_error(); + # + # returns: (unsigned integer) error code + +Check openssl doc L + +=item * ERR_peek_error + +Returns the earliest error code from the thread's error queue without modifying it. + + my $rv = Net::SSLeay::ERR_peek_error(); + # + # returns: (unsigned integer) error code + +Check openssl doc L + +=item * ERR_put_error + +Adds an error code to the thread's error queue. It signals that the error of $reason +code reason occurred in function $func of library $lib, in line number $line of $file. + + Net::SSLeay::ERR_put_error($lib, $func, $reason, $file, $line); + # $lib - (integer) library id (check openssl/err.h for constants e.g. ERR_LIB_SSL) + # $func - (integer) function id (check openssl/ssl.h for constants e.g. SSL_F_SSL23_READ) + # $reason - (integer) reason id (check openssl/ssl.h for constants e.g. SSL_R_SSL_HANDSHAKE_FAILURE) + # $file - (string) file name + # $line - (integer) line number in $file + # + # returns: no return value + +Check openssl doc L +and L + +=item * alert_desc_string + +Returns a two letter string as a short form describing the reason of the alert specified by value. + + my $rv = Net::SSLeay::alert_desc_string($value); + # $value - (integer) allert id (check openssl/ssl.h for SSL3_AD_* and TLS1_AD_* constants) + # + # returns: description string (2 letters) + +Check openssl doc L + +=item * alert_desc_string_long + +Returns a string describing the reason of the alert specified by value. + + my $rv = Net::SSLeay::alert_desc_string_long($value); + # $value - (integer) allert id (check openssl/ssl.h for SSL3_AD_* and TLS1_AD_* constants) + # + # returns: description string + +Check openssl doc L + +=item * alert_type_string + +Returns a one letter string indicating the type of the alert specified by value. + + my $rv = Net::SSLeay::alert_type_string($value); + # $value - (integer) allert id (check openssl/ssl.h for SSL3_AD_* and TLS1_AD_* constants) + # + # returns: string (1 letter) + +Check openssl doc L + +=item * alert_type_string_long + +Returns a string indicating the type of the alert specified by value. + + my $rv = Net::SSLeay::alert_type_string_long($value); + # $value - (integer) allert id (check openssl/ssl.h for SSL3_AD_* and TLS1_AD_* constants) + # + # returns: string + +Check openssl doc L + +=back + +=head3 Low level API: SSL_METHOD_* related functions + +=over + +=item * SSLv23_method, SSLv23_server_method and SSLv23_client_method + +B not available in Net-SSLeay-1.82 and before. + +Returns SSL_METHOD structure corresponding to general-purpose version-flexible TLS method, the return value can be later used as a param of L. + +B Consider using TLS_method, TLS_server_method or TLS_client_method with new code. + + my $rv = Net::SSLeay::SSLv2_method(); + # + # returns: value corresponding to openssl's SSL_METHOD structure (0 on failure) + +=item * SSLv2_method + +Returns SSL_METHOD structure corresponding to SSLv2 method, the return value can be later used as a param of L. Only available where supported by the underlying openssl. + + my $rv = Net::SSLeay::SSLv2_method(); + # + # returns: value corresponding to openssl's SSL_METHOD structure (0 on failure) + +=item * SSLv3_method + +Returns SSL_METHOD structure corresponding to SSLv3 method, the return value can be later used as a param of L. + + my $rv = Net::SSLeay::SSLv3_method(); + # + # returns: value corresponding to openssl's SSL_METHOD structure (0 on failure) + +Check openssl doc L + +=item * TLSv1_method, TLSv1_server_method and TLSv1_client_method + +B Server and client methods not available in Net-SSLeay-1.82 and before. + +Returns SSL_METHOD structure corresponding to TLSv1 method, the return value can be later used as a param of L. + + my $rv = Net::SSLeay::TLSv1_method(); + # + # returns: value corresponding to openssl's SSL_METHOD structure (0 on failure) + +Check openssl doc L + +=item * TLSv1_1_method, TLSv1_1_server_method and TLSv1_1_client_method + +B Server and client methods not available in Net-SSLeay-1.82 and before. + +Returns SSL_METHOD structure corresponding to TLSv1_1 method, the return value can be later used as a param of L. Only available where supported by the underlying openssl. + + my $rv = Net::SSLeay::TLSv1_1_method(); + # + # returns: value corresponding to openssl's SSL_METHOD structure (0 on failure) + +Check openssl doc L + +=item * TLSv1_2_method, TLSv1_2_server_method and TLSv1_2_client_method + +B Server and client methods not available in Net-SSLeay-1.82 and before. + +Returns SSL_METHOD structure corresponding to TLSv1_2 method, the return value can be later used as a param of L. Only available where supported by the underlying openssl. + + my $rv = Net::SSLeay::TLSv1_2_method(); + # + # returns: value corresponding to openssl's SSL_METHOD structure (0 on failure) + +Check openssl doc L + +=item * TLS_method, TLS_server_method and TLS_client_method + +B Not available in Net-SSLeay-1.82 and before. + +Returns SSL_METHOD structure corresponding to general-purpose version-flexible TLS method, the return value can be later used as a param of L. Only available where supported by the underlying openssl. + + my $rv = Net::SSLeay::TLS_method(); + # + # returns: value corresponding to openssl's SSL_METHOD structure (0 on failure) + +Check openssl doc L + +=back + +=head3 Low level API: ENGINE_* related functions + +=over + +=item * ENGINE_load_builtin_engines + +B Requires an OpenSSL build with dynamic engine loading support. + +Load all bundled ENGINEs into memory and make them visible. + + Net::SSLeay::ENGINE_load_builtin_engines(); + # + # returns: no return value + +Check openssl doc L + +=item * ENGINE_register_all_complete + +B Requires an OpenSSL build with dynamic engine loading support. + +Register all loaded ENGINEs for every algorithm they collectively implement. + + Net::SSLeay::ENGINE_register_all_complete(); + # + # returns: no return value + +Check openssl doc L + +=item * ENGINE_set_default + +B Requires an OpenSSL build with dynamic engine loading support. + +Set default engine to $e + set its flags to $flags. + + my $rv = Net::SSLeay::ENGINE_set_default($e, $flags); + # $e - value corresponding to openssl's ENGINE structure + # $flags - (integer) engine flags + # flags value can be made by bitwise "OR"ing: + # 0x0001 - ENGINE_METHOD_RSA + # 0x0002 - ENGINE_METHOD_DSA + # 0x0004 - ENGINE_METHOD_DH + # 0x0008 - ENGINE_METHOD_RAND + # 0x0010 - ENGINE_METHOD_ECDH + # 0x0020 - ENGINE_METHOD_ECDSA + # 0x0040 - ENGINE_METHOD_CIPHERS + # 0x0080 - ENGINE_METHOD_DIGESTS + # 0x0100 - ENGINE_METHOD_STORE + # 0x0200 - ENGINE_METHOD_PKEY_METHS + # 0x0400 - ENGINE_METHOD_PKEY_ASN1_METHS + # Obvious all-or-nothing cases: + # 0xFFFF - ENGINE_METHOD_ALL + # 0x0000 - ENGINE_METHOD_NONE + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * ENGINE_by_id + +Get ENGINE by its identification $id. + +B Requires an OpenSSL build with dynamic engine loading support. + + my $rv = Net::SSLeay::ENGINE_by_id($id); + # $id - (string) engine identification e.g. "dynamic" + # + # returns: value corresponding to openssl's ENGINE structure (0 on failure) + +Check openssl doc L + +=back + +=head3 Low level API: EVP_PKEY_* related functions + +=over + +=item * EVP_PKEY_copy_parameters + +Copies the parameters from key $from to key $to. + + my $rv = Net::SSLeay::EVP_PKEY_copy_parameters($to, $from); + # $to - value corresponding to openssl's EVP_PKEY structure + # $from - value corresponding to openssl's EVP_PKEY structure + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * EVP_PKEY_new + +B not available in Net-SSLeay-1.45 and before + +Creates a new EVP_PKEY structure. + + my $rv = Net::SSLeay::EVP_PKEY_new(); + # + # returns: value corresponding to openssl's EVP_PKEY structure (0 on failure) + +Check openssl doc L + +=item * EVP_PKEY_free + +B not available in Net-SSLeay-1.45 and before + +Free an allocated EVP_PKEY structure. + + Net::SSLeay::EVP_PKEY_free($pkey); + # $pkey - value corresponding to openssl's EVP_PKEY structure + # + # returns: no return value + +Check openssl doc L + +=item * EVP_PKEY_assign_RSA + +B not available in Net-SSLeay-1.45 and before + +Set the key referenced by $pkey to $key + +B No reference counter will be increased, i.e. $key will be freed if +$pkey is freed. + + my $rv = Net::SSLeay::EVP_PKEY_assign_RSA($pkey, $key); + # $pkey - value corresponding to openssl's EVP_PKEY structure + # $key - value corresponding to openssl's RSA structure + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * EVP_PKEY_assign_EC_KEY + +B not available in Net-SSLeay-1.74 and before + +Set the key referenced by $pkey to $key + +B No reference counter will be increased, i.e. $key will be freed if +$pkey is freed. + + my $rv = Net::SSLeay::EVP_PKEY_assign_EC_KEY($pkey, $key); + # $pkey - value corresponding to openssl's EVP_PKEY structure + # $key - value corresponding to openssl's EC_KEY structure + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * EVP_PKEY_bits + +B not available in Net-SSLeay-1.45 and before + +Returns the size of the key $pkey in bits. + + my $rv = Net::SSLeay::EVP_PKEY_bits($pkey); + # $pkey - value corresponding to openssl's EVP_PKEY structure + # + # returns: size in bits + +=item * EVP_PKEY_size + +B not available in Net-SSLeay-1.45 and before + +Returns the maximum size of a signature in bytes. The actual signature may be smaller. + + my $rv = Net::SSLeay::EVP_PKEY_size($pkey); + # $pkey - value corresponding to openssl's EVP_PKEY structure + # + # returns: the maximum size in bytes + +Check openssl doc L + +=item * EVP_PKEY_id + +B not available in Net-SSLeay-1.45 and before; requires at least openssl-1.0.0 + +Returns $pkey type (integer value of corresponding NID). + + my $rv = Net::SSLeay::EVP_PKEY_id($pkey); + # $pkey - value corresponding to openssl's EVP_PKEY structure + # + # returns: (integer) key type + +Example: + + my $pubkey = Net::SSLeay::X509_get_pubkey($x509); + my $type = Net::SSLeay::EVP_PKEY_id($pubkey); + print Net::SSLeay::OBJ_nid2sn($type); #prints e.g. 'rsaEncryption' + +=back + +=head3 Low level API: PEM_* related functions + +Check openssl doc L + +=over + +=item * PEM_read_bio_X509 + +B not available in Net-SSLeay-1.45 and before + +Loads PEM formatted X509 certificate via given BIO structure. + + my $rv = Net::SSLeay::PEM_read_bio_X509($bio); + # $bio - value corresponding to openssl's BIO structure + # + # returns: value corresponding to openssl's X509 structure (0 on failure) + +Example: + + my $bio = Net::SSLeay::BIO_new_file($filename, 'r'); + my $x509 = Net::SSLeay::PEM_read_bio_X509($bio); + Net::SSLeay::BIO_free($bio); + +=item * PEM_read_bio_X509_REQ + +B not available in Net-SSLeay-1.45 and before + +Loads PEM formatted X509_REQ object via given BIO structure. + + my $rv = Net::SSLeay::PEM_read_bio_X509_REQ($bio, $x=NULL, $cb=NULL, $u=NULL); + # $bio - value corresponding to openssl's BIO structure + # + # returns: value corresponding to openssl's X509_REQ structure (0 on failure) + +Example: + + my $bio = Net::SSLeay::BIO_new_file($filename, 'r'); + my $x509_req = Net::SSLeay::PEM_read_bio_X509_REQ($bio); + Net::SSLeay::BIO_free($bio); + +=item * PEM_read_bio_DHparams + +Reads DH structure from BIO. + + my $rv = Net::SSLeay::PEM_read_bio_DHparams($bio); + # $bio - value corresponding to openssl's BIO structure + # + # returns: value corresponding to openssl's DH structure (0 on failure) + +=item * PEM_read_bio_X509_CRL + +Reads X509_CRL structure from BIO. + + my $rv = Net::SSLeay::PEM_read_bio_X509_CRL($bio); + # $bio - value corresponding to openssl's BIO structure + # + # returns: value corresponding to openssl's X509_CRL structure (0 on failure) + +=item * PEM_read_bio_PrivateKey + +B not available in Net-SSLeay-1.45 and before + +Loads PEM formatted private key via given BIO structure. + + my $rv = Net::SSLeay::PEM_read_bio_PrivateKey($bio, $cb, $data); + # $bio - value corresponding to openssl's BIO structure + # $cb - reference to perl callback function + # $data - data that will be passed to callback function (see examples below) + # + # returns: value corresponding to openssl's EVP_PKEY structure (0 on failure) + +Example: + + my $bio = Net::SSLeay::BIO_new_file($filename, 'r'); + my $privkey = Net::SSLeay::PEM_read_bio_PrivateKey($bio); #ask for password if needed + Net::SSLeay::BIO_free($bio); + +To use password you have the following options: + + $privkey = Net::SSLeay::PEM_read_bio_PrivateKey($bio, \&callback_func); # use callback func for getting password + $privkey = Net::SSLeay::PEM_read_bio_PrivateKey($bio, \&callback_func, $data); # use callback_func + pass $data to callback_func + $privkey = Net::SSLeay::PEM_read_bio_PrivateKey($bio, undef, "secret"); # use password "secret" + $privkey = Net::SSLeay::PEM_read_bio_PrivateKey($bio, undef, ""); # use empty password + +Callback function signature: + + sub callback_func { + my ($max_passwd_size, $rwflag, $data) = @_; + # $max_passwd_size - maximum size of returned password (longer values will be discarded) + # $rwflag - indicates whether we are loading (0) or storing (1) - for PEM_read_bio_PrivateKey always 0 + # $data - the data passed to PEM_read_bio_PrivateKey as 3rd parameter + + return "secret"; + } + +=item * PEM_X509_INFO_read_bio + +Reads a BIO containing a PEM formatted file into a STACK_OF(X509_INFO) structure. + + my $rv = Net::SSLeay::PEM_X509_INFO_read_bio($bio); + # $bio - value corresponding to openssl's BIO structure + # + # returns: value corresponding to openssl's STACK_OF(X509_INFO) structure. + +Example: + + my $bio = Net::SSLeay::BIO_new_file($filename, 'r'); + my $sk_x509_info = Net::SSLeay::PEM_X509_INFO_read_bio($bio); + Net::SSLeay::BIO_free($bio); + +=item * PEM_get_string_X509 + +B Does not exactly correspond to any low level API function + +Converts/exports X509 certificate to string (PEM format). + + Net::SSLeay::PEM_get_string_X509($x509); + # $x509 - value corresponding to openssl's X509 structure + # + # returns: string with $x509 in PEM format + +=item * PEM_get_string_PrivateKey + +B not available in Net-SSLeay-1.45 and before + +Converts public key $pk into PEM formatted string (optionally protected with password). + + my $rv = Net::SSLeay::PEM_get_string_PrivateKey($pk, $passwd, $enc_alg); + # $pk - value corresponding to openssl's EVP_PKEY structure + # $passwd - [optional] (string) password to use for key encryption + # $enc_alg - [optional] algorithm to use for key encryption (default: DES_CBC) - value corresponding to openssl's EVP_CIPHER structure + # + # returns: PEM formatted string + +Examples: + + $pem_privkey = Net::SSLeay::PEM_get_string_PrivateKey($pk); + $pem_privkey = Net::SSLeay::PEM_get_string_PrivateKey($pk, "secret"); + $pem_privkey = Net::SSLeay::PEM_get_string_PrivateKey($pk, "secret", Net::SSLeay::EVP_get_cipherbyname("DES-EDE3-CBC")); + +=item * PEM_get_string_X509_CRL + +B not available in Net-SSLeay-1.45 and before + +Converts X509_CRL object $x509_crl into PEM formatted string. + + Net::SSLeay::PEM_get_string_X509_CRL($x509_crl); + # $x509_crl - value corresponding to openssl's X509_CRL structure + # + # returns: no return value + +=item * PEM_get_string_X509_REQ + +B not available in Net-SSLeay-1.45 and before + +Converts X509_REQ object $x509_crl into PEM formatted string. + + Net::SSLeay::PEM_get_string_X509_REQ($x509_req); + # $x509_req - value corresponding to openssl's X509_REQ structure + # + # returns: no return value + +=back + +=head3 Low level API: d2i_* (DER format) related functions + +=over + +=item * d2i_X509_bio + +B not available in Net-SSLeay-1.45 and before + +Loads DER formatted X509 certificate via given BIO structure. + + my $rv = Net::SSLeay::d2i_X509_bio($bp); + # $bp - value corresponding to openssl's BIO structure + # + # returns: value corresponding to openssl's X509 structure (0 on failure) + +Example: + + my $bio = Net::SSLeay::BIO_new_file($filename, 'rb'); + my $x509 = Net::SSLeay::d2i_X509_bio($bio); + Net::SSLeay::BIO_free($bio); + +Check openssl doc L + +=item * d2i_X509_CRL_bio + +B not available in Net-SSLeay-1.45 and before + +Loads DER formatted X509_CRL object via given BIO structure. + + my $rv = Net::SSLeay::d2i_X509_CRL_bio($bp); + # $bp - value corresponding to openssl's BIO structure + # + # returns: value corresponding to openssl's X509_CRL structure (0 on failure) + +Example: + + my $bio = Net::SSLeay::BIO_new_file($filename, 'rb'); + my $x509_crl = Net::SSLeay::d2i_X509_CRL_bio($bio); + Net::SSLeay::BIO_free($bio); + +=item * d2i_X509_REQ_bio + +B not available in Net-SSLeay-1.45 and before + +Loads DER formatted X509_REQ object via given BIO structure. + + my $rv = Net::SSLeay::d2i_X509_REQ_bio($bp); + # $bp - value corresponding to openssl's BIO structure + # + # returns: value corresponding to openssl's X509_REQ structure (0 on failure) + +Example: + + my $bio = Net::SSLeay::BIO_new_file($filename, 'rb'); + my $x509_req = Net::SSLeay::d2i_X509_REQ_bio($bio); + Net::SSLeay::BIO_free($bio); + +=back + +=head3 Low level API: PKCS12 related functions + +=over + +=item * P_PKCS12_load_file + +B not available in Net-SSLeay-1.45 and before + +Loads X509 certificate + private key + certificates of CA chain (if present in PKCS12 file). + + my ($privkey, $cert, @cachain) = Net::SSLeay::P_PKCS12_load_file($filename, $load_chain, $password); + # $filename - name of PKCS12 file + # $load_chain - [optional] whether load (1) or not(0) CA chain (default: 0) + # $password - [optional] password for private key + # + # returns: triplet ($privkey, $cert, @cachain) + # $privkey - value corresponding to openssl's EVP_PKEY structure + # $cert - value corresponding to openssl's X509 structure + # @cachain - array of values corresponding to openssl's X509 structure (empty if no CA chain in PKCS12) + +B after you do the job you need to call X509_free() on $privkey + all members +of @cachain and EVP_PKEY_free() on $privkey. + +Examples: + + my ($privkey, $cert) = Net::SSLeay::P_PKCS12_load_file($filename); + #or + my ($privkey, $cert) = Net::SSLeay::P_PKCS12_load_file($filename, 0, $password); + #or + my ($privkey, $cert, @cachain) = Net::SSLeay::P_PKCS12_load_file($filename, 1); + #or + my ($privkey, $cert, @cachain) = Net::SSLeay::P_PKCS12_load_file($filename, 1, $password); + + #BEWARE: THIS IS WRONG - MEMORY LEAKS! (you cannot free @cachain items) + my ($privkey, $cert) = Net::SSLeay::P_PKCS12_load_file($filename, 1, $password); + +B With some combinations of Windows, perl, compiler and compiler options, you +may see a runtime error "no OPENSSL_Applink", when calling +Net::SSLeay::P_PKCS12_load_file. See README.Win32 for more details. + +=back + +=head3 Low level API: SESSION_* related functions + +=over + +=item * d2i_SSL_SESSION + +B does not work in Net-SSLeay-1.85 and before + +Transforms the binary ASN1 representation string of an SSL/TLS session into an +SSL_SESSION object. + + my $ses = Net::SSLeay::d2i_SSL_SESSION($data); + # $data - the session as ASN1 representation string + # + # returns: $ses - the new SSL_SESSION + +Check openssl doc L + +=item * i2d_SSL_SESSION + +B does not work in Net-SSLeay-1.85 and before + +Transforms the SSL_SESSION object in into the ASN1 representation and returns +it as string. + + my $data = Net::SSLeay::i2d_SSL_SESSION($ses); + # $ses - value corresponding to openssl's SSL_SESSION structure + # + # returns: $data - session as string + +Check openssl doc L + +=item * SESSION_new + +Creates a new SSL_SESSION structure. + + my $rv = Net::SSLeay::SESSION_new(); + # + # returns: value corresponding to openssl's SSL_SESSION structure (0 on failure) + +=item * SESSION_free + +Free an allocated SSL_SESSION structure. + + Net::SSLeay::SESSION_free($ses); + # $ses - value corresponding to openssl's SSL_SESSION structure + # + # returns: no return value + +Check openssl doc L + +=item * SESSION_up_ref + +B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.0-pre4 or LibreSSL 2.7.0 + +Increases the reference counter on a SSL_SESSION structure. + + Net::SSLeay::SESSION_up_ref($ses); + # $ses - value corresponding to openssl's SSL_SESSION structure + # + # returns: 1 on success else 0 + +Check openssl doc +L + +=item * SESSION_dup + +B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1, not in LibreSSL + +Duplicates a SSL_SESSION structure. + + Net::SSLeay::SESSION_dup($ses); + # $ses - value corresponding to openssl's SSL_SESSION structure + # + # returns: the duplicated session + +Check openssl doc +L + +=item * SESSION_is_resumable + +B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1, not in LibreSSL + +Determine whether an SSL_SESSION object can be used for resumption. + + Net::SSLeay::SESSION_is_resumable($ses); + # $ses - value corresponding to openssl's SSL_SESSION structure + # + # returns: (integer) 1 if it can or 0 if not + +Check openssl doc L + +=item * SESSION_cmp + +Compare two SSL_SESSION structures. + + my $rv = Net::SSLeay::SESSION_cmp($sesa, $sesb); + # $sesa - value corresponding to openssl's SSL_SESSION structure + # $sesb - value corresponding to openssl's SSL_SESSION structure + # + # returns: 0 if the two structures are the same + +B Not available in openssl 1.0 or later + +=item * SESSION_get_app_data + +Can be used to get application defined value/data. + + my $rv = Net::SSLeay::SESSION_get_app_data($ses); + # $ses - value corresponding to openssl's SSL_SESSION structure + # + # returns: string/buffer/pointer ??? + +=item * SESSION_set_app_data + +Can be used to set some application defined value/data. + + my $rv = Net::SSLeay::SESSION_set_app_data($s, $a); + # $s - value corresponding to openssl's SSL_SESSION structure + # $a - (string/buffer/pointer ???) data + # + # returns: ??? + +=item * SESSION_get_ex_data + +Is used to retrieve the information for $idx from session $ses. + + my $rv = Net::SSLeay::SESSION_get_ex_data($ses, $idx); + # $ses - value corresponding to openssl's SSL_SESSION structure + # $idx - (integer) index for application specific data + # + # returns: pointer to ??? + +Check openssl doc L + +=item * SESSION_set_ex_data + +Is used to store application data at arg for idx into the session object. + + my $rv = Net::SSLeay::SESSION_set_ex_data($ss, $idx, $data); + # $ss - value corresponding to openssl's SSL_SESSION structure + # $idx - (integer) ??? + # $data - (pointer) ??? + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * SESSION_get_ex_new_index + +Is used to register a new index for application specific data. + + my $rv = Net::SSLeay::SESSION_get_ex_new_index($argl, $argp, $new_func, $dup_func, $free_func); + # $argl - (long) ??? + # $argp - (pointer) ??? + # $new_func - function pointer ??? (CRYPTO_EX_new *) + # $dup_func - function pointer ??? (CRYPTO_EX_dup *) + # $free_func - function pointer ??? (CRYPTO_EX_free *) + # + # returns: (integer) ??? + +Check openssl doc L + +=item * SESSION_get_master_key + +B Does not exactly correspond to any low level API function + +Returns 'master_key' value from SSL_SESSION structure $s + + Net::SSLeay::SESSION_get_master_key($s); + # $s - value corresponding to openssl's SSL_SESSION structure + # + # returns: master key (binary data) + +=item * SESSION_set_master_key + +Sets 'master_key' value for SSL_SESSION structure $s + + Net::SSLeay::SESSION_set_master_key($s, $key); + # $s - value corresponding to openssl's SSL_SESSION structure + # $key - master key (binary data) + # + # returns: no return value + +Not available with OpenSSL 1.1 and later. +Code that previously used + SESSION_set_master_key must now set $secret in the session_secret + callback set with SSL_set_session_secret_cb. + +=item * SESSION_get_time + +Returns the time at which the session s was established. +The time is given in seconds since 1.1.1970. + + my $rv = Net::SSLeay::SESSION_get_time($s); + # $s - value corresponding to openssl's SSL_SESSION structure + # + # returns: timestamp (seconds since 1.1.1970) + +Check openssl doc L + +=item * get_time + +Technically the same functionality as L. + + my $rv = Net::SSLeay::get_time($s); + +=item * SESSION_get_timeout + +Returns the timeout value set for session $s in seconds. + + my $rv = Net::SSLeay::SESSION_get_timeout($s); + # $s - value corresponding to openssl's SSL_SESSION structure + # + # returns: timeout (in seconds) + +Check openssl doc L + +=item * get_timeout + +Technically the same functionality as L. + + my $rv = Net::SSLeay::get_timeout($s); + +=item * SESSION_print + +B Does not exactly correspond to any low level API function + +Prints session details (e.g. protocol version, cipher, session-id ...) to BIO. + + my $rv = Net::SSLeay::SESSION_print($fp, $ses); + # $fp - value corresponding to openssl's BIO structure + # $ses - value corresponding to openssl's SSL_SESSION structure + # + # returns: 1 on success, 0 on failure + +You have to use necessary BIO functions like this: + + # let us have $ssl corresponding to openssl's SSL structure + my $ses = Net::SSLeay::get_session($ssl); + my $bio = Net::SSLeay::BIO_new(&Net::SSLeay::BIO_s_mem); + Net::SSLeay::SESSION_print($bio, $ses); + print Net::SSLeay::BIO_read($bio); + +=item * SESSION_print_fp + +Prints session details (e.g. protocol version, cipher, session-id ...) to file handle. + + my $rv = Net::SSLeay::SESSION_print_fp($fp, $ses); + # $fp - perl file handle + # $ses - value corresponding to openssl's SSL_SESSION structure + # + # returns: 1 on success, 0 on failure + +Example: + + # let us have $ssl corresponding to openssl's SSL structure + my $ses = Net::SSLeay::get_session($ssl); + open my $fh, ">", "output.txt"; + Net::SSLeay::SESSION_print_fp($fh,$ses); + +=item * SESSION_set_time + +Replaces the creation time of the session s with the chosen value $t (seconds since 1.1.1970). + + my $rv = Net::SSLeay::SESSION_set_time($ses, $t); + # $ses - value corresponding to openssl's SSL_SESSION structure + # $t - time value + # + # returns: 1 on success + +Check openssl doc L + +=item * set_time + +Technically the same functionality as L. + + my $rv = Net::SSLeay::set_time($ses, $t); + +=item * SESSION_set_timeout + +Sets the timeout value for session s in seconds to $t. + + my $rv = Net::SSLeay::SESSION_set_timeout($s, $t); + # $s - value corresponding to openssl's SSL_SESSION structure + # $t - timeout (in seconds) + # + # returns: 1 on success + +Check openssl doc L + +=item * set_timeout + +Technically the same functionality as L. + + my $rv = Net::SSLeay::set_timeout($ses, $t); + +=back + +=head3 Low level API: SSL_CTX_* related functions + +B Please note that the function described in this chapter have "SSL_" part stripped from their original openssl names. + +=over + +=item * CTX_add_client_CA + +Adds the CA name extracted from $cacert to the list of CAs sent to the client when requesting a client certificate for $ctx. + + my $rv = Net::SSLeay::CTX_add_client_CA($ctx, $cacert); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $cacert - value corresponding to openssl's X509 structure + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * CTX_add_extra_chain_cert + +Adds the certificate $x509 to the certificate chain presented together with the certificate. Several certificates can be added one after the other. + + my $rv = Net::SSLeay::CTX_add_extra_chain_cert($ctx, $x509); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $x509 - value corresponding to openssl's X509 structure + # + # returns: 1 on success, check out the error stack to find out the reason for failure otherwise + +Check openssl doc L + +=item * CTX_add_session + +Adds the session $ses to the context $ctx. + + my $rv = Net::SSLeay::CTX_add_session($ctx, $ses); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $ses - value corresponding to openssl's SSL_SESSION structure + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * CTX_callback_ctrl + +??? (more info needed) + + my $rv = Net::SSLeay::CTX_callback_ctrl($ctx, $cmd, $fp); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $cmd - (integer) command id + # $fp - (function pointer) ??? + # + # returns: ??? + +Check openssl doc L + +=item * CTX_check_private_key + +Checks the consistency of a private key with the corresponding certificate loaded into $ctx. + + my $rv = Net::SSLeay::CTX_check_private_key($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: 1 on success, otherwise check out the error stack to find out the reason + +Check openssl doc L + +=item * CTX_ctrl + +Internal handling function for SSL_CTX objects. + +B openssl doc says: This function should never be called directly! + + my $rv = Net::SSLeay::CTX_ctrl($ctx, $cmd, $larg, $parg); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $cmd - (integer) command id + # $larg - (integer) long ??? + # $parg - (string/pointer) ??? + # + # returns: (long) result of given command ??? + + #valid $cmd values + 1 - SSL_CTRL_NEED_TMP_RSA + 2 - SSL_CTRL_SET_TMP_RSA + 3 - SSL_CTRL_SET_TMP_DH + 4 - SSL_CTRL_SET_TMP_ECDH + 5 - SSL_CTRL_SET_TMP_RSA_CB + 6 - SSL_CTRL_SET_TMP_DH_CB + 7 - SSL_CTRL_SET_TMP_ECDH_CB + 8 - SSL_CTRL_GET_SESSION_REUSED + 9 - SSL_CTRL_GET_CLIENT_CERT_REQUEST + 10 - SSL_CTRL_GET_NUM_RENEGOTIATIONS + 11 - SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS + 12 - SSL_CTRL_GET_TOTAL_RENEGOTIATIONS + 13 - SSL_CTRL_GET_FLAGS + 14 - SSL_CTRL_EXTRA_CHAIN_CERT + 15 - SSL_CTRL_SET_MSG_CALLBACK + 16 - SSL_CTRL_SET_MSG_CALLBACK_ARG + 17 - SSL_CTRL_SET_MTU + 20 - SSL_CTRL_SESS_NUMBER + 21 - SSL_CTRL_SESS_CONNECT + 22 - SSL_CTRL_SESS_CONNECT_GOOD + 23 - SSL_CTRL_SESS_CONNECT_RENEGOTIATE + 24 - SSL_CTRL_SESS_ACCEPT + 25 - SSL_CTRL_SESS_ACCEPT_GOOD + 26 - SSL_CTRL_SESS_ACCEPT_RENEGOTIATE + 27 - SSL_CTRL_SESS_HIT + 28 - SSL_CTRL_SESS_CB_HIT + 29 - SSL_CTRL_SESS_MISSES + 30 - SSL_CTRL_SESS_TIMEOUTS + 31 - SSL_CTRL_SESS_CACHE_FULL + 32 - SSL_CTRL_OPTIONS + 33 - SSL_CTRL_MODE + 40 - SSL_CTRL_GET_READ_AHEAD + 41 - SSL_CTRL_SET_READ_AHEAD + 42 - SSL_CTRL_SET_SESS_CACHE_SIZE + 43 - SSL_CTRL_GET_SESS_CACHE_SIZE + 44 - SSL_CTRL_SET_SESS_CACHE_MODE + 45 - SSL_CTRL_GET_SESS_CACHE_MODE + 50 - SSL_CTRL_GET_MAX_CERT_LIST + 51 - SSL_CTRL_SET_MAX_CERT_LIST + 52 - SSL_CTRL_SET_MAX_SEND_FRAGMENT + 53 - SSL_CTRL_SET_TLSEXT_SERVERNAME_CB + 54 - SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG + 55 - SSL_CTRL_SET_TLSEXT_HOSTNAME + 56 - SSL_CTRL_SET_TLSEXT_DEBUG_CB + 57 - SSL_CTRL_SET_TLSEXT_DEBUG_ARG + 58 - SSL_CTRL_GET_TLSEXT_TICKET_KEYS + 59 - SSL_CTRL_SET_TLSEXT_TICKET_KEYS + 60 - SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT + 61 - SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB + 62 - SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG + 63 - SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB + 64 - SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG + 65 - SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE + 66 - SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS + 67 - SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS + 68 - SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS + 69 - SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS + 70 - SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP + 71 - SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP + 72 - SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB + 73 - DTLS_CTRL_GET_TIMEOUT + 74 - DTLS_CTRL_HANDLE_TIMEOUT + 75 - DTLS_CTRL_LISTEN + 76 - SSL_CTRL_GET_RI_SUPPORT + 77 - SSL_CTRL_CLEAR_OPTIONS + 78 - SSL_CTRL_CLEAR_MODE + + 82 - SSL_CTRL_GET_EXTRA_CHAIN_CERTS + 83 - SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS + + 88 - SSL_CTRL_CHAIN + 89 - SSL_CTRL_CHAIN_CERT + + 90 - SSL_CTRL_GET_CURVES + 91 - SSL_CTRL_SET_CURVES + 92 - SSL_CTRL_SET_CURVES_LIST + 93 - SSL_CTRL_GET_SHARED_CURVE + 94 - SSL_CTRL_SET_ECDH_AUTO + 97 - SSL_CTRL_SET_SIGALGS + 98 - SSL_CTRL_SET_SIGALGS_LIST + 99 - SSL_CTRL_CERT_FLAGS + 100 - SSL_CTRL_CLEAR_CERT_FLAGS + 101 - SSL_CTRL_SET_CLIENT_SIGALGS + 102 - SSL_CTRL_SET_CLIENT_SIGALGS_LIST + 103 - SSL_CTRL_GET_CLIENT_CERT_TYPES + 104 - SSL_CTRL_SET_CLIENT_CERT_TYPES + 105 - SSL_CTRL_BUILD_CERT_CHAIN + 106 - SSL_CTRL_SET_VERIFY_CERT_STORE + 107 - SSL_CTRL_SET_CHAIN_CERT_STORE + 108 - SSL_CTRL_GET_PEER_SIGNATURE_NID + 109 - SSL_CTRL_GET_SERVER_TMP_KEY + 110 - SSL_CTRL_GET_RAW_CIPHERLIST + 111 - SSL_CTRL_GET_EC_POINT_FORMATS + 112 - SSL_CTRL_GET_TLSA_RECORD + 113 - SSL_CTRL_SET_TLSA_RECORD + 114 - SSL_CTRL_PULL_TLSA_RECORD + +Check openssl doc L + +=item * CTX_flush_sessions + +Causes a run through the session cache of $ctx to remove sessions expired at time $tm. + + Net::SSLeay::CTX_flush_sessions($ctx, $tm); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $tm - specifies the time which should be used for the expiration test (seconds since 1.1.1970) + # + # returns: no return value + +Check openssl doc L + +=item * CTX_free + +Free an allocated SSL_CTX object. + + Net::SSLeay::CTX_free($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: no return value + +Check openssl doc L + +=item * CTX_get_app_data + +Can be used to get application defined value/data. + + my $rv = Net::SSLeay::CTX_get_app_data($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: string/buffer/pointer ??? + +=item * CTX_set_app_data + +Can be used to set some application defined value/data. + + my $rv = Net::SSLeay::CTX_set_app_data($ctx, $arg); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $arg - (string/buffer/pointer ???) data + # + # returns: ??? + +=item * CTX_get0_param + +B not available in Net-SSLeay-1.82 and before; requires at least OpenSSL 1.0.2-beta1 or LibreSSL 2.7.0 + +Returns the current verification parameters. + + my $vpm = Net::SSLeay::CTX_get0_param($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: value corresponding to openssl's X509_VERIFY_PARAM structure + +Check openssl doc L + +=item * CTX_get_cert_store + +Returns the current certificate verification storage. + + my $rv = Net::SSLeay::CTX_get_cert_store($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: value corresponding to openssl's X509_STORE structure (0 on failure) + +Check openssl doc L + +=item * CTX_get_client_CA_list + +Returns the list of client CAs explicitly set for $ctx using L. + + my $rv = Net::SSLeay::CTX_get_client_CA_list($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: value corresponding to openssl's X509_NAME_STACK structure (0 on failure) + +Check openssl doc L + +=item * CTX_get_ex_data + +Is used to retrieve the information for index $idx from $ctx. + + my $rv = Net::SSLeay::CTX_get_ex_data($ssl, $idx); + # $ssl - value corresponding to openssl's SSL_CTX structure + # $idx - (integer) index for application specific data + # + # returns: pointer to ??? + +Check openssl doc L + +=item * CTX_get_ex_new_index + +Is used to register a new index for application specific data. + + my $rv = Net::SSLeay::CTX_get_ex_new_index($argl, $argp, $new_func, $dup_func, $free_func); + # $argl - (long) ??? + # $argp - (pointer) ??? + # $new_func - function pointer ??? (CRYPTO_EX_new *) + # $dup_func - function pointer ??? (CRYPTO_EX_dup *) + # $free_func - function pointer ??? (CRYPTO_EX_free *) + # + # returns: (integer) ??? + +Check openssl doc L + +=item * CTX_get_mode + +Returns the mode set for ctx. + + my $rv = Net::SSLeay::CTX_get_mode($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: mode (bitmask) + + #to decode the return value (bitmask) use: + 0x00000001 corresponds to SSL_MODE_ENABLE_PARTIAL_WRITE + 0x00000002 corresponds to SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER + 0x00000004 corresponds to SSL_MODE_AUTO_RETRY + 0x00000008 corresponds to SSL_MODE_NO_AUTO_CHAIN + 0x00000010 corresponds to SSL_MODE_RELEASE_BUFFERS + (note: some of the bits might not be supported by older openssl versions) + +Check openssl doc L + +=item * CTX_set_mode + +Adds the mode set via bitmask in $mode to $ctx. Options already set before are not cleared. + + my $rv = Net::SSLeay::CTX_set_mode($ctx, $mode); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $mode - mode bitmask + # + # returns: the new mode bitmask after adding $mode + +For bitmask details see L (above). + +Check openssl doc L + +=item * CTX_get_options + +Returns the options (bitmask) set for $ctx. + + my $rv = Net::SSLeay::CTX_get_options($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: options (bitmask) + +B The available constants and their values in bitmask depend +on the TLS library. For example, SSL_OP_NO_TLSv1_3 became available +much later than SSL_OP_NO_COMPRESS which is already deprecated by some +libraries. Also, some previously used option values have been recycled +and are now used for newer options. See the list of constants in this +document for options Net::SSLeay currently supports. + +You are strongly encouraged to B if you need +to use numeric values directly. The following is a sample of historic +values. It may not be correct anymore. + + #to decode the return value (bitmask) use: + 0x00000004 corresponds to SSL_OP_LEGACY_SERVER_CONNECT + 0x00000800 corresponds to SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS + 0x00004000 corresponds to SSL_OP_NO_TICKET + 0x00010000 corresponds to SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION + 0x00400000 corresponds to SSL_OP_CIPHER_SERVER_PREFERENCE + 0x04000000 corresponds to SSL_OP_NO_TLSv1 + +Check openssl doc L + +=item * CTX_set_options + +Adds the options set via bitmask in $options to ctx. Options already set before are not cleared. + + Net::SSLeay::CTX_set_options($ctx, $options); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $options - options bitmask + # + # returns: the new options bitmask after adding $options + +For bitmask details see L (above). + +Check openssl doc L + +=item * CTX_get_quiet_shutdown + +Returns the 'quiet shutdown' setting of $ctx. + + my $rv = Net::SSLeay::CTX_get_quiet_shutdown($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: (integer) the current setting + +Check openssl doc L + +=item * CTX_get_read_ahead + + my $rv = Net::SSLeay::CTX_get_read_ahead($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: (integer) read_ahead value + +=item * CTX_get_session_cache_mode + +Returns the currently used cache mode (bitmask). + + my $rv = Net::SSLeay::CTX_get_session_cache_mode($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: mode (bitmask) + +B SESS_CACHE_OFF and other constants are not available in +Net-SSLeay-1.82 and before. If the constants are not available, the +following values have historically been correct. You are strongly +encouraged to B for the current values. + + #to decode the return value (bitmask) use: + 0x0000 corresponds to SSL_SESS_CACHE_OFF + 0x0001 corresponds to SSL_SESS_CACHE_CLIENT + 0x0002 corresponds to SSL_SESS_CACHE_SERVER + 0x0080 corresponds to SSL_SESS_CACHE_NO_AUTO_CLEAR + 0x0100 corresponds to SSL_SESS_CACHE_NO_INTERNAL_LOOKUP + 0x0200 corresponds to SSL_SESS_CACHE_NO_INTERNAL_STORE + (note: some of the bits might not be supported by older openssl versions) + +Check openssl doc L + +=item * CTX_set_session_cache_mode + +Enables/disables session caching by setting the operational mode for $ctx to $mode. + + my $rv = Net::SSLeay::CTX_set_session_cache_mode($ctx, $mode); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $mode - mode (bitmask) + # + # returns: previously set cache mode + +For bitmask details see L (above). + +Check openssl doc L + +=item * CTX_get_timeout + +Returns the currently set timeout value for $ctx. + + my $rv = Net::SSLeay::CTX_get_timeout($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: timeout in seconds + +Check openssl doc L + +=item * CTX_get_verify_depth + +Returns the verification depth limit currently set in $ctx. If no limit has been explicitly set, -1 is returned and the default value will be used. + + my $rv = Net::SSLeay::CTX_get_verify_depth($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: depth limit currently set in $ctx, -1 if no limit has been explicitly set + +Check openssl doc L + +=item * CTX_get_verify_mode + +Returns the verification mode (bitmask) currently set in $ctx. + + my $rv = Net::SSLeay::CTX_get_verify_mode($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: mode (bitmask) + +For bitmask details see L. + +Check openssl doc L + +=item * CTX_set_verify + +Sets the verification flags for $ctx to be $mode and specifies the verify_callback function to be used. + + Net::SSLeay::CTX_set_verify($ctx, $mode, $callback); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $mode - mode (bitmask), see OpenSSL manual + # $callback - [optional] reference to perl callback function + # + # returns: no return value + +Check openssl doc L + +=item * CTX_set_post_handshake_auth + +B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1, not in LibreSSL + +Enable the Post-Handshake Authentication extension to be added to the ClientHello such that post-handshake authentication can be requested by the server. + + Net::SSLeay::CTX_set_posthandshake_auth($ctx, $val); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $val - 0 then the extension is not sent, otherwise it is + # + # returns: no return value + +Check openssl doc L + +=item * CTX_load_verify_locations + +Specifies the locations for $ctx, at which CA certificates for verification purposes are located. The certificates available via $CAfile and $CApath are trusted. + + my $rv = Net::SSLeay::CTX_load_verify_locations($ctx, $CAfile, $CApath); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $CAfile - (string) file of CA certificates in PEM format, the file can contain several CA certificates (or '') + # $CApath - (string) directory containing CA certificates in PEM format (or '') + # + # returns: 1 on success, 0 on failure (check the error stack to find out the reason) + +Check openssl doc L + +=item * CTX_need_tmp_RSA + +Return the result of C + + my $rv = Net::SSLeay::CTX_need_tmp_RSA($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: result of SSL_CTRL_NEED_TMP_RSA command + +Not available with OpenSSL 1.1 and later. + +=item * CTX_new + +The same as L + + my $rv = Net::SSLeay::CTX_new(); + # + # returns: value corresponding to openssl's SSL_CTX structure (0 on failure) + +Check openssl doc L + +Not available with OpenSSL 1.1 and later. + +=item * CTX_v2_new + +Creates a new SSL_CTX object - based on SSLv2_method() - as framework to establish TLS/SSL enabled connections. + + my $rv = Net::SSLeay::CTX_v2_new(); + # + # returns: value corresponding to openssl's SSL_CTX structure (0 on failure) + +=item * CTX_v23_new + +Creates a new SSL_CTX object - based on SSLv23_method() - as framework to establish TLS/SSL enabled connections. + + my $rv = Net::SSLeay::CTX_v23_new(); + # + # returns: value corresponding to openssl's SSL_CTX structure (0 on failure) + +=item * CTX_v3_new + +Creates a new SSL_CTX object - based on SSLv3_method() - as framework to establish TLS/SSL enabled connections. + + my $rv = Net::SSLeay::CTX_v3_new(); + # + # returns: value corresponding to openssl's SSL_CTX structure (0 on failure) + +=item * CTX_tlsv1_new + +Creates a new SSL_CTX object - based on TLSv1_method() - as framework to establish TLS/SSL enabled connections. + + my $rv = Net::SSLeay::CTX_tlsv1_new(); + # + # returns: value corresponding to openssl's SSL_CTX structure (0 on failure) + +=item * CTX_tlsv1_1_new + +Creates a new SSL_CTX object - based on TLSv1_1_method() - as framework to establish TLS/SSL +enabled connections. Only available where supported by the underlying openssl. + + my $rv = Net::SSLeay::CTX_tlsv1_1_new(); + # + # returns: value corresponding to openssl's SSL_CTX structure (0 on failure) + +=item * CTX_tlsv1_2_new + +Creates a new SSL_CTX object - based on TLSv1_2_method() - as framework to establish TLS/SSL +enabled connections. Only available where supported by the underlying openssl. + + my $rv = Net::SSLeay::CTX_tlsv1_2_new(); + # + # returns: value corresponding to openssl's SSL_CTX structure (0 on failure) + +=item * CTX_new_with_method + +Creates a new SSL_CTX object based on $meth method + + my $rv = Net::SSLeay::CTX_new_with_method($meth); + # $meth - value corresponding to openssl's SSL_METHOD structure + # + # returns: value corresponding to openssl's SSL_CTX structure (0 on failure) + + #example + my $ctx = Net::SSLeay::CTX_new_with_method(&Net::SSLeay::TLSv1_method); + +Check openssl doc L + +=item * CTX_set_min_proto_version, CTX_set_max_proto_version, set_min_proto_version and set_max_proto_version, + +B not available in Net-SSLeay-1.82 and before; requires at least OpenSSL 1.1.0-pre2 or LibreSSL 2.6.0 + +Set the minimum and maximum supported protocol for $ctx or $ssl. + + my $rv = Net::SSLeay::CTX_set_min_proto_version($ctx, $version) + # $ctx - value corresponding to openssl's SSL_CTX structure + # $version - (integer) constat version value or 0 for automatic lowest or highest value + # + # returns: 1 on success, 0 on failure + + #example: allow only TLS 1.2 for a SSL_CTX + my $rv_min = Net::SSLeay::CTX_set_min_proto_version($ctx, Net::SSLeay::TLS1_2_VERSION()); + my $rv_max = Net::SSLeay::CTX_set_max_proto_version($ctx, Net::SSLeay::TLS1_2_VERSION()); + + #example: allow only TLS 1.1 for a SSL + my $rv_min = Net::SSLeay::set_min_proto_version($ssl, Net::SSLeay::TLS1_1_VERSION()); + my $rv_max = Net::SSLeay::set_max_proto_version($ssl, Net::SSLeay::TLS1_1_VERSION()); + +Check openssl doc L + +=item * CTX_get_min_proto_version, CTX_get_max_proto_version, get_min_proto_version and get_max_proto_version, + +B not available in Net-SSLeay-1.82 and before; requires at least OpenSSL 1.1.0g + +Get the minimum and maximum supported protocol for $ctx or $ssl. + + my $version = Net::SSLeay::CTX_get_min_proto_version($ctx) + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: 0 automatic lowest or highest value, configured value otherwise + +Check openssl doc L + +=item * CTX_remove_session + +Removes the session $ses from the context $ctx. + + my $rv = Net::SSLeay::CTX_remove_session($ctx, $ses); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $ses - value corresponding to openssl's SSL_SESSION structure + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * CTX_sess_accept + + my $rv = Net::SSLeay::CTX_sess_accept($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: number of started SSL/TLS handshakes in server mode + +Check openssl doc L + +=item * CTX_sess_accept_good + + my $rv = Net::SSLeay::CTX_sess_accept_good($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: number of successfully established SSL/TLS sessions in server mode + +Check openssl doc L + +=item * CTX_sess_accept_renegotiate + + my $rv = Net::SSLeay::CTX_sess_accept_renegotiate($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: number of start renegotiations in server mode + +Check openssl doc L + +=item * CTX_sess_cache_full + + my $rv = Net::SSLeay::CTX_sess_cache_full($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: number of sessions that were removed because the maximum session cache size was exceeded + +Check openssl doc L + +=item * CTX_sess_cb_hits + + my $rv = Net::SSLeay::CTX_sess_cb_hits($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: number of successfully retrieved sessions from the external session cache in server mode + +Check openssl doc L + +=item * CTX_sess_connect + + my $rv = Net::SSLeay::CTX_sess_connect($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: number of started SSL/TLS handshakes in client mode + +Check openssl doc L + +=item * CTX_sess_connect_good + + my $rv = Net::SSLeay::CTX_sess_connect_good($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: number of successfully established SSL/TLS sessions in client mode + +Check openssl doc L + +=item * CTX_sess_connect_renegotiate + + my $rv = Net::SSLeay::CTX_sess_connect_renegotiate($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: number of start renegotiations in client mode + +Check openssl doc L + +=item * CTX_sess_get_cache_size + +Returns the currently valid session cache size. + + my $rv = Net::SSLeay::CTX_sess_get_cache_size($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: current size + +Check openssl doc L + +=item * CTX_sess_hits + + my $rv = Net::SSLeay::CTX_sess_hits($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: number of successfully reused sessions + +Check openssl doc L + +=item * CTX_sess_misses + + my $rv = Net::SSLeay::CTX_sess_misses($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: number of sessions proposed by clients that were not found in the internal session cache in server mode + +Check openssl doc L + +=item * CTX_sess_number + + my $rv = Net::SSLeay::CTX_sess_number($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: current number of sessions in the internal session cache + +Check openssl doc L + +=item * CTX_sess_set_cache_size + +Sets the size of the internal session cache of context $ctx to $size. + + Net::SSLeay::CTX_sess_set_cache_size($ctx, $size); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $size - cache size (0 = unlimited) + # + # returns: previously valid size + +Check openssl doc L + +=item * CTX_sess_timeouts + +Returns the number of sessions proposed by clients and either found in the internal or external session cache in +server mode, but that were invalid due to timeout. These sessions are not included in the SSL_CTX_sess_hits count. + + my $rv = Net::SSLeay::CTX_sess_timeouts($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: number of sessions + +Check openssl doc L + +=item * CTX_sess_set_new_cb + +B not available in Net-SSLeay-1.85 and before + +Sets the callback function, which is automatically called whenever a new session was negotiated. + + Net::SSLeay::CTX_sess_set_new_cb($ctx, $func); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $func - perl reference to callback function + # + # returns: no return value + +Check openssl doc L + +=item * CTX_sess_set_remove_cb + +B not available in Net-SSLeay-1.85 and before + +Sets the callback function, which is automatically called whenever a session is removed by the SSL engine. + + Net::SSLeay::CTX_sess_set_remove_cb($ctx, $func); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $func - perl reference to callback function + # + # returns: no return value + +Check openssl doc L + +=item * CTX_sessions + +Returns a pointer to the lhash databases containing the internal session cache for ctx. + + my $rv = Net::SSLeay::CTX_sessions($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: value corresponding to openssl's LHASH structure (0 on failure) + +Check openssl doc L + +=item * CTX_set1_param + +B requires at least OpenSSL 1.0.0-beta3 + +Applies X509 verification parameters $vpm on $ctx + + my $rv = Net::SSLeay::CTX_set1_param($ctx, $vpm); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $vpm - value corresponding to openssl's X509_VERIFY_PARAM structure + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * CTX_set_cert_store + +Sets/replaces the certificate verification storage of $ctx to/with $store. + + Net::SSLeay::CTX_set_cert_store($ctx, $store); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $store - value corresponding to openssl's X509_STORE structure + # + # returns: no return value + +Check openssl doc L + +=item * CTX_set_cert_verify_callback + +Sets the verification callback function for $ctx. SSL objects that are created from $ctx +inherit the setting valid at the time when C is called. + + Net::SSLeay::CTX_set_cert_verify_callback($ctx, $func, $data); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $func - perl reference to callback function + # $data - [optional] data that will be passed to callback function when invoked + # + # returns: no return value + +Check openssl doc L + +=item * CTX_set_cipher_list + +Sets the list of available ciphers for $ctx using the control string $str. +The list of ciphers is inherited by all ssl objects created from $ctx. + + my $rv = Net::SSLeay::CTX_set_cipher_list($s, $str); + # $s - value corresponding to openssl's SSL_CTX structure + # $str - (string) cipher list e.g. '3DES:+RSA' + # + # returns: 1 if any cipher could be selected and 0 on complete failure + +The format of $str is described in L + +Check openssl doc L + +=item * CTX_set_ciphersuites + +B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1, not in LibreSSL + +Configure the available TLSv1.3 ciphersuites. + + my $rv = Net::SSLeay::CTX_set_ciphersuites($ctx, $str); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $str - colon (":") separated list of TLSv1.3 ciphersuite names in order of preference + # + # returns: (integer) 1 if the requested ciphersuite list was configured, and 0 otherwise + +Check openssl doc L + +=item * CTX_set_client_CA_list + +Sets the list of CAs sent to the client when requesting a client certificate for $ctx. + + Net::SSLeay::CTX_set_client_CA_list($ctx, $list); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $list - value corresponding to openssl's X509_NAME_STACK structure + # + # returns: no return value + +Check openssl doc L + +=item * CTX_set_default_passwd_cb + +Sets the default password callback called when loading/storing a PEM certificate with encryption. + + Net::SSLeay::CTX_set_default_passwd_cb($ctx, $func); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $func - perl reference to callback function + # + # returns: no return value + +Check openssl doc L + +=item * CTX_set_default_passwd_cb_userdata + +Sets a pointer to userdata which will be provided to the password callback on invocation. + + Net::SSLeay::CTX_set_default_passwd_cb_userdata($ctx, $userdata); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $userdata - data that will be passed to callback function when invoked + # + # returns: no return value + +Check openssl doc L + +=item * CTX_set_default_verify_paths + +??? (more info needed) + + my $rv = Net::SSLeay::CTX_set_default_verify_paths($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: 1 on success, 0 on failure + +=item * CTX_set_ex_data + +Is used to store application data at $data for $idx into the $ctx object. + + my $rv = Net::SSLeay::CTX_set_ex_data($ssl, $idx, $data); + # $ssl - value corresponding to openssl's SSL_CTX structure + # $idx - (integer) ??? + # $data - (pointer) ??? + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * CTX_set_purpose + + my $rv = Net::SSLeay::CTX_set_purpose($s, $purpose); + # $s - value corresponding to openssl's SSL_CTX structure + # $purpose - (integer) purpose identifier + # + # returns: 1 on success, 0 on failure + + #avainable purpose identifier + 1 - X509_PURPOSE_SSL_CLIENT + 2 - X509_PURPOSE_SSL_SERVER + 3 - X509_PURPOSE_NS_SSL_SERVER + 4 - X509_PURPOSE_SMIME_SIGN + 5 - X509_PURPOSE_SMIME_ENCRYPT + 6 - X509_PURPOSE_CRL_SIGN + 7 - X509_PURPOSE_ANY + 8 - X509_PURPOSE_OCSP_HELPER + 9 - X509_PURPOSE_TIMESTAMP_SIGN + + #or use corresponding constants + $purpose = &Net::SSLeay::X509_PURPOSE_SSL_CLIENT; + ... + $purpose = &Net::SSLeay::X509_PURPOSE_TIMESTAMP_SIGN; + +=item * CTX_set_quiet_shutdown + +Sets the 'quiet shutdown' flag for $ctx to be mode. SSL objects created from $ctx inherit the mode valid at the time C is called. + + Net::SSLeay::CTX_set_quiet_shutdown($ctx, $mode); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $mode - 0 or 1 + # + # returns: no return value + +Check openssl doc L + +=item * CTX_set_read_ahead + + my $rv = Net::SSLeay::CTX_set_read_ahead($ctx, $val); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $val - read_ahead value to be set + # + # returns: the original read_ahead value + +=item * CTX_set_session_id_context + +Sets the context $sid_ctx of length $sid_ctx_len within which a session can be reused for the $ctx object. + + my $rv = Net::SSLeay::CTX_set_session_id_context($ctx, $sid_ctx, $sid_ctx_len); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $sid_ctx - data buffer + # $sid_ctx_len - length of data in $sid_ctx + # + # returns: 1 on success, 0 on failure (the error is logged to the error stack) + +Check openssl doc L + +=item * CTX_set_ssl_version + +Sets a new default TLS/SSL method for SSL objects newly created from this $ctx. +SSL objects already created with C are not +affected, except when C is being called. + + my $rv = Net::SSLeay::CTX_set_ssl_version($ctx, $meth); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $meth - value corresponding to openssl's SSL_METHOD structure + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * CTX_set_timeout + +Sets the timeout for newly created sessions for $ctx to $t. The timeout value $t must be given in seconds. + + my $rv = Net::SSLeay::CTX_set_timeout($ctx, $t); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $t - timeout in seconds + # + # returns: previously set timeout value + +Check openssl doc L + +=item * CTX_set_tmp_dh + +Sets DH parameters to be used to be $dh. The key is inherited by all ssl objects created from $ctx. + + my $rv = Net::SSLeay::CTX_set_tmp_dh($ctx, $dh); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $dh - value corresponding to openssl's DH structure + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * CTX_set_tmp_dh_callback + +Sets the callback function for $ctx to be used when a DH parameters are required to $tmp_dh_callback. + + Net::SSLeay::CTX_set_tmp_dh_callback($ctx, $tmp_dh_callback); + # $ctx - value corresponding to openssl's SSL_CTX structure + # tmp_dh_callback - (function pointer) ??? + # + # returns: no return value + +Check openssl doc L + +=item * CTX_set_tmp_rsa + +Sets the temporary/ephemeral RSA key to be used to be $rsa. + + my $rv = Net::SSLeay::CTX_set_tmp_rsa($ctx, $rsa); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $rsa - value corresponding to openssl's RSA structure + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +Not available with OpenSSL 1.1 and later. + +=item * CTX_set_tmp_rsa_callback + +Sets the callback function for ctx to be used when a temporary/ephemeral RSA key is required to $tmp_rsa_callback. + +??? (does this function really work?) + + Net::SSLeay::CTX_set_tmp_rsa_callback($ctx, $tmp_rsa_callback); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $tmp_rsa_callback - (function pointer) ??? + # + # returns: no return value + +Check openssl doc L + +Not available with OpenSSL 1.1 and later. + +=item * CTX_set_trust + + my $rv = Net::SSLeay::CTX_set_trust($s, $trust); + # $s - value corresponding to openssl's SSL_CTX structure + # $trust - (integer) trust identifier + # + # returns: the original value + + #available trust identifiers + 1 - X509_TRUST_COMPAT + 2 - X509_TRUST_SSL_CLIENT + 3 - X509_TRUST_SSL_SERVER + 4 - X509_TRUST_EMAIL + 5 - X509_TRUST_OBJECT_SIGN + 6 - X509_TRUST_OCSP_SIGN + 7 - X509_TRUST_OCSP_REQUEST + 8 - X509_TRUST_TSA + + #or use corresponding constants + $trust = &Net::SSLeay::X509_TRUST_COMPAT; + ... + $trust = &Net::SSLeay::X509_TRUST_TSA; + +=item * CTX_set_verify_depth + +Sets the maximum depth for the certificate chain verification that shall be allowed for ctx. + + Net::SSLeay::CTX_set_verify_depth($ctx, $depth); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $depth - max. depth + # + # returns: no return value + +Check openssl doc L + +=item * CTX_use_PKCS12_file + +Adds the certificate and private key from PKCS12 file $p12filename to $ctx. + + my $rv = Net::SSLeay::CTX_use_PKCS12_file($ctx, $p12filename, $password); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $p12filename - (string) filename + # $password - (string) password to decrypt private key + # + # returns: 1 on success, 0 on failure + +=item * CTX_use_PrivateKey + +Adds the private key $pkey to $ctx. + + my $rv = Net::SSLeay::CTX_use_PrivateKey($ctx, $pkey); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $pkey - value corresponding to openssl's EVP_PKEY structure + # + # returns: 1 on success, otherwise check out the error stack to find out the reason + +Check openssl doc L + +=item * CTX_use_PrivateKey_file + +Adds the first private key found in $file to $ctx. + + my $rv = Net::SSLeay::CTX_use_PrivateKey_file($ctx, $file, $type); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $file - (string) file name + # $type - (integer) type - use constants &Net::SSLeay::FILETYPE_PEM or &Net::SSLeay::FILETYPE_ASN1 + # + # returns: 1 on success, otherwise check out the error stack to find out the reason + +Check openssl doc L + +=item * CTX_use_RSAPrivateKey + +Adds the RSA private key $rsa to $ctx. + + my $rv = Net::SSLeay::CTX_use_RSAPrivateKey($ctx, $rsa); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $rsa - value corresponding to openssl's RSA structure + # + # returns: 1 on success, otherwise check out the error stack to find out the reason + +Check openssl doc L + +=item * CTX_use_RSAPrivateKey_file + +Adds the first RSA private key found in $file to $ctx. + + my $rv = Net::SSLeay::CTX_use_RSAPrivateKey_file($ctx, $file, $type); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $file - (string) file name + # $type - (integer) type - use constants &Net::SSLeay::FILETYPE_PEM or &Net::SSLeay::FILETYPE_ASN1 + # + # returns: 1 on success, otherwise check out the error stack to find out the reason + +=item * CTX_use_certificate + +Loads the certificate $x into $ctx + + my $rv = Net::SSLeay::CTX_use_certificate($ctx, $x); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $x - value corresponding to openssl's X509 structure + # + # returns: 1 on success, otherwise check out the error stack to find out the reason + +Check openssl doc L + +=item * CTX_use_certificate_chain_file + +Loads a certificate chain from $file into $ctx. The certificates must be in PEM format and must be sorted +starting with the subject's certificate (actual client or server certificate), followed by intermediate +CA certificates if applicable, and ending at the highest level (root) CA. + + my $rv = Net::SSLeay::CTX_use_certificate_chain_file($ctx, $file); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $file - (string) file name + # + # returns: 1 on success, otherwise check out the error stack to find out the reason + +Check openssl doc L + +=item * CTX_use_certificate_file + +Loads the first certificate stored in $file into $ctx. + + my $rv = Net::SSLeay::CTX_use_certificate_file($ctx, $file, $type); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $file - (string) file name + # $type - (integer) type - use constants &Net::SSLeay::FILETYPE_PEM or &Net::SSLeay::FILETYPE_ASN1 + # + # returns: 1 on success, otherwise check out the error stack to find out the reason + +Check openssl doc L + +=item * CTX_get_security_level + +B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.0, not in LibreSSL + +Returns the security level associated with $ctx. + + my $level = Net::SSLeay::CTX_get_security_level($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: (integer) current security level + +Check openssl doc L + +=item * CTX_set_security_level + +B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.0, not in LibreSSL + +Sets the security level associated with $ctx to $level. + + Net::SSLeay::CTX_set_security_level($ctx, $level); + # $ssl - value corresponding to openssl's SSL_CTX structure + # $level - new security level + # + # returns: no return value + +Check openssl doc L + +=item * CTX_set_num_tickets + +B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1, not in LibreSSL + +Set number of TLSv1.3 session tickets that will be sent to a client. + + my $rv = Net::SSLeay::CTX_set_num_tickets($ctx, $number_of_tickets); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $number_of_tickets - number of tickets to send + # + # returns: 1 on success, 0 on failure + +Set to zero if you do not no want to support a session resumption. + +Check openssl doc L + +=item * CTX_get_num_tickets + +B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1, not in LibreSSL + +Get number of TLSv1.3 session tickets that will be sent to a client. + + my $number_of_tickets = Net::SSLeay::CTX_get_num_tickets($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: (integer) number of tickets to send + +Check openssl doc L + +=item * CTX_set_keylog_callback + +B not available in Net-SSLeay-1.90 and before; requires at least OpenSSL 1.1.1pre1, not in LibreSSL + +Set the TLS key logging callback. + + Net::SSLeay::CTX_set_keylog_callback($ctx, $cb); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $cb - reference to a perl callback function + # + # returns: no return value + +The callback function will be called like this: + + keylog_cb_func($ssl, $line); + # $ssl - value corresponding to OpenSSL's SSL object associated with the connection + # $line - a string containing the key material in the format used by NSS for its SSLKEYLOGFILE debugging output + +Check openssl doc L + +=item * CTX_get_keylog_callback + +B not available in Net-SSLeay-1.90 and before; requires at least OpenSSL 1.1.1pre1, not in LibreSSL + +Retrieve the previously set TLS key logging callback. + + my $cb = Net::SSLeay::CTX_get_keylog_callback($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: a reference to a perl callback function or undef if no callback is set + +Check openssl doc L + +=back + +=head3 Low level API: SSL_* related functions + +B Please note that the function described in this chapter have "SSL_" part stripped from their original openssl names. + +=over + +=item * new + +Creates a new SSL structure which is needed to hold the data for a TLS/SSL connection. +The new structure inherits the settings of the underlying context $ctx: connection +method (SSLv2/v3/TLSv1), options, verification settings, timeout settings. + + my $rv = Net::SSLeay::new($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: value corresponding to openssl's SSL structure (0 on failure) + +Check openssl doc L + +=item * accept + +Waits for a TLS/SSL client to initiate the TLS/SSL handshake. The communication +channel must already have been set and assigned to the ssl by setting an underlying BIO. + + my $rv = Net::SSLeay::accept($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: 1 = success, 0 = handshake not successful, <0 = fatal error during handshake + +Check openssl doc L + +=item * add_client_CA + +Adds the CA name extracted from cacert to the list of CAs sent to the client +when requesting a client certificate for the chosen ssl, overriding the setting +valid for ssl's SSL_CTX object. + + my $rv = Net::SSLeay::add_client_CA($ssl, $x); + # $ssl - value corresponding to openssl's SSL structure + # $x - value corresponding to openssl's X509 structure + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * callback_ctrl + +??? (more info needed) + + my $rv = Net::SSLeay::callback_ctrl($ssl, $cmd, $fp); + # $ssl - value corresponding to openssl's SSL structure + # $cmd - (integer) command id + # $fp - (function pointer) ??? + # + # returns: ??? + +Check openssl doc L + +=item * check_private_key + +Checks the consistency of a private key with the corresponding certificate loaded into $ssl + + my $rv = Net::SSLeay::check_private_key($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: 1 on success, otherwise check out the error stack to find out the reason + +Check openssl doc L + +=item * clear + +Reset SSL object to allow another connection. + + Net::SSLeay::clear($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: no return value + +Check openssl doc L + +=item * connect + +Initiate the TLS/SSL handshake with an TLS/SSL server. + + my $rv = Net::SSLeay::connect($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: 1 = success, 0 = handshake not successful, <0 = fatal error during handshake + +Check openssl doc L + +=item * copy_session_id + +Copies the session structure fro $from to $to (+ also the private key and certificate associated with $from). + + Net::SSLeay::copy_session_id($to, $from); + # $to - value corresponding to openssl's SSL structure + # $from - value corresponding to openssl's SSL structure + # + # returns: no return value + +=item * ctrl + +Internal handling function for SSL objects. + +B openssl doc says: This function should never be called directly! + + my $rv = Net::SSLeay::ctrl($ssl, $cmd, $larg, $parg); + # $ssl - value corresponding to openssl's SSL structure + # $cmd - (integer) command id + # $larg - (integer) long ??? + # $parg - (string/pointer) ??? + # + # returns: (long) result of given command ??? + +For more details about valid $cmd values check L. + +Check openssl doc L + +=item * do_handshake + +Will wait for a SSL/TLS handshake to take place. If the connection is in client +mode, the handshake will be started. The handshake routines may have to be +explicitly set in advance using either SSL_set_connect_state or SSL_set_accept_state(3). + + my $rv = Net::SSLeay::do_handshake($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: 1 = success, 0 = handshake not successful, <0 = fatal error during handshake + +Check openssl doc L + +=item * dup + +Returns a duplicate of $ssl. + + my $rv = Net::SSLeay::dup($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: value corresponding to openssl's SSL structure (0 on failure) + +=item * free + +Free an allocated SSL structure. + + Net::SSLeay::free($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: no return value + +Check openssl doc L + +=item * get0_param + +B not available in Net-SSLeay-1.82 and before; requires at least OpenSSL 1.0.2-beta1 or LibreSSL 2.7.0 + +Returns the current verification parameters. + + my $vpm = Net::SSLeay::get0_param($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: value corresponding to openssl's X509_VERIFY_PARAM structure + +Check openssl doc L + +=item * get_SSL_CTX + +Returns a pointer to the SSL_CTX object, from which $ssl was created with Net::SSLeay::new. + + my $rv = Net::SSLeay::get_SSL_CTX($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: value corresponding to openssl's SSL_CTX structure (0 on failure) + +Check openssl doc L + +=item * set_SSL_CTX + +B requires at least OpenSSL 0.9.8f + +Sets the SSL_CTX the corresponds to an SSL session. + + my $the_ssl_ctx = Net::SSLeay::set_SSL_CTX($ssl, $ssl_ctx); + # $ssl - value corresponding to openssl's SSL structure + # $ssl_ctx - Change the ssl object to the given ssl_ctx + # + # returns - the ssl_ctx + +=item * get_app_data + +Can be used to get application defined value/data. + + my $rv = Net::SSLeay::get_app_data($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: string/buffer/pointer ??? + +=item * set_app_data + +Can be used to set some application defined value/data. + + my $rv = Net::SSLeay::set_app_data($ssl, $arg); + # $ssl - value corresponding to openssl's SSL structure + # $arg - (string/buffer/pointer ???) data + # + # returns: ??? + +=item * get_certificate + +Gets X509 certificate from an established SSL connection. + + my $rv = Net::SSLeay::get_certificate($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: value corresponding to openssl's X509 structure (0 on failure) + +=item * get_cipher + +Obtains the name of the currently used cipher. + + my $rv = Net::SSLeay::get_cipher($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: (string) cipher name e.g. 'DHE-RSA-AES256-SHA' or '', when no session has been established. + +Check openssl doc L + +=item * get_cipher_bits + +Obtain the number of secret/algorithm bits used. + + my $rv = Net::SSLeay::get_cipher_bits($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: number of secret bits used by current cipher + +Check openssl doc L +and L + +=item * get_ciphers + +B not available in Net-SSLeay-1.88 and before + +Returns a list of SSL_CIPHER structures available for $ssl sorted by preference + + my @ciphers = Net::SSLeay::get_ciphers($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: (list) SSL_CIPHER structures or nothing when $ssl is undefined or no ciphers are available + +Example: + + my @ciphers = Net::SSLeay::get_ciphers($ssl); + foreach my $c (@ciphers) { + print Net::SSLeay::CIPHER_get_name($c) . "\n"; + } + +Check openssl doc L + +=item * get_cipher_list + +Returns the name (string) of the SSL_CIPHER listed for $ssl with priority $n. + + my $rv = Net::SSLeay::get_cipher_list($ssl, $n); + # $ssl - value corresponding to openssl's SSL structure + # $n - (integer) priority + # + # returns: (string) cipher name e.g. 'EDH-DSS-DES-CBC3-SHA' or undef in case of error + +Call Net::SSLeay::get_cipher_list with priority starting from 0 to obtain +the sorted list of available ciphers, until undef is returned: + + my $priority = 0; + while (my $c = Net::SSLeay::get_cipher_list($ssl, $priority)) { + print "cipher[$priority] = $c\n"; + $priority++; + } + +Check openssl doc L + +=item * get_client_CA_list + +Returns the list of client CAs explicitly set for $ssl using C +or $ssl's SSL_CTX object with C, when in server mode. + +In client mode, returns the list of client CAs sent from the server, if any. + + my $rv = Net::SSLeay::get_client_CA_list($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: value corresponding to openssl's STACK_OF(X509_NAME) structure (0 on failure) + +Check openssl doc L + +=item * get_current_cipher + +Returns the cipher actually used. + + my $rv = Net::SSLeay::get_current_cipher($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: value corresponding to openssl's SSL_CIPHER structure (0 on failure) + +Check openssl doc L + +=item * get_default_timeout + +Returns the default timeout value assigned to SSL_SESSION objects negotiated for the protocol valid for $ssl. + + my $rv = Net::SSLeay::get_default_timeout($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: (long) timeout in seconds + +Check openssl doc L + +=item * get_error + +Returns a result code for a preceding call to C, C, C, C, C or C on $ssl. + + my $rv = Net::SSLeay::get_error($ssl, $ret); + # $ssl - value corresponding to openssl's SSL structure + # $ret - return value of preceding TLS/SSL I/O operation + # + # returns: result code, which is one of the following values: + # 0 - SSL_ERROR_NONE + # 1 - SSL_ERROR_SSL + # 2 - SSL_ERROR_WANT_READ + # 3 - SSL_ERROR_WANT_WRITE + # 4 - SSL_ERROR_WANT_X509_LOOKUP + # 5 - SSL_ERROR_SYSCALL + # 6 - SSL_ERROR_ZERO_RETURN + # 7 - SSL_ERROR_WANT_CONNECT + # 8 - SSL_ERROR_WANT_ACCEPT + +Check openssl doc L + +=item * get_ex_data + +Is used to retrieve the information for $idx from $ssl. + + my $rv = Net::SSLeay::get_ex_data($ssl, $idx); + # $ssl - value corresponding to openssl's SSL structure + # $idx - (integer) index for application specific data + # + # returns: pointer to ??? + +Check openssl doc L + +=item * set_ex_data + +Is used to store application data at $data for $idx into the $ssl object. + + my $rv = Net::SSLeay::set_ex_data($ssl, $idx, $data); + # $ssl - value corresponding to openssl's SSL structure + # $idx - (integer) ??? + # $data - (pointer) ??? + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * get_ex_new_index + +Is used to register a new index for application specific data. + + my $rv = Net::SSLeay::get_ex_new_index($argl, $argp, $new_func, $dup_func, $free_func); + # $argl - (long) ??? + # $argp - (pointer) ??? + # $new_func - function pointer ??? (CRYPTO_EX_new *) + # $dup_func - function pointer ??? (CRYPTO_EX_dup *) + # $free_func - function pointer ??? (CRYPTO_EX_free *) + # + # returns: (integer) ??? + +Check openssl doc L + +=item * get_fd + +Returns the file descriptor which is linked to $ssl. + + my $rv = Net::SSLeay::get_fd($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: file descriptor (>=0) or -1 on failure + +Check openssl doc L + +=item * get_finished + +Obtains the latest 'Finished' message sent to the peer. Return value +is zero if there's been no Finished message yet. Default count is +2*EVP_MAX_MD_SIZE that is long enough for all possible Finish +messages. If you supply a non-default count, the resulting return +value may be longer than returned buf's length. + + my $rv = Net::SSLeay::get_finished($ssl, $buf, $count); + # $ssl - value corresponding to openssl's SSL structure + # $buf - buffer where the returned data will be stored + # $count - [optional] max size of return data - default is 2*EVP_MAX_MD_SIZE + # + # returns: length of latest Finished message + +=item * get_peer_finished + +Obtains the latest 'Finished' message expected from the +peer. Parameters and return value are similar to get_finished(). + + my $rv = Net::SSLeay::get_peer_finished($ssl, $buf, $count); + # $ssl - value corresponding to openssl's SSL structure + # $buf - buffer where the returned data will be stored + # $count - [optional] max size of return data - default is 2*EVP_MAX_MD_SIZE + # + # returns: length of latest Finished message + +=item * get_keyblock_size + +Gets the length of the TLS keyblock. + +B Does not exactly correspond to any low level API function. + + my $rv = Net::SSLeay::get_keyblock_size($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: keyblock size, -1 on error + +=item * get_mode + +Returns the mode (bitmask) set for $ssl. + + my $rv = Net::SSLeay::get_mode($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: mode (bitmask) + +To decode the return value (bitmask) see documentation for L. + +Check openssl doc L + +=item * set_mode + +Adds the mode set via bitmask in $mode to $ssl. Options already set before are not cleared. + + my $rv = Net::SSLeay::set_mode($ssl, $mode); + # $ssl - value corresponding to openssl's SSL structure + # $mode - mode (bitmask) + # + # returns: the new mode bitmask after adding $mode + +For $mode bitmask details see L. + +Check openssl doc L + +=item * get_options + +Returns the options (bitmask) set for $ssl. + + my $rv = Net::SSLeay::get_options($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: options (bitmask) + +To decode the return value (bitmask) see documentation for L. + +Check openssl doc L + +=item * set_options + +Adds the options set via bitmask in $options to $ssl. Options already set before are not cleared! + + Net::SSLeay::set_options($ssl, $options); + # $ssl - value corresponding to openssl's SSL structure + # $options - options (bitmask) + # + # returns: the new options bitmask after adding $options + +For $options bitmask details see L. + +Check openssl doc L + +=item * get_peer_certificate + +Get the X509 certificate of the peer. + + my $rv = Net::SSLeay::get_peer_certificate($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: value corresponding to openssl's X509 structure (0 on failure) + +Check openssl doc L + +=item * get_peer_cert_chain + +Get the certificate chain of the peer as an array of X509 structures. + + my @rv = Net::SSLeay::get_peer_cert_chain($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: list of X509 structures + +Check openssl doc L + +=item * get_quiet_shutdown + +Returns the 'quiet shutdown' setting of ssl. + + my $rv = Net::SSLeay::get_quiet_shutdown($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: (integer) current 'quiet shutdown' value + +Check openssl doc L + +=item * get_rbio + +Get 'read' BIO linked to an SSL object $ssl. + + my $rv = Net::SSLeay::get_rbio($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: value corresponding to openssl's BIO structure (0 on failure) + +Check openssl doc L + +=item * get_read_ahead + + my $rv = Net::SSLeay::get_read_ahead($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: (integer) read_ahead value + +=item * set_read_ahead + + Net::SSLeay::set_read_ahead($ssl, $val); + # $ssl - value corresponding to openssl's SSL structure + # $val - read_ahead value to be set + # + # returns: the original read_ahead value + +=item * get_security_level + +B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.0, not in LibreSSL + +Returns the security level associated with $ssl. + + my $level = Net::SSLeay::get_security_level($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: (integer) current security level + +Check openssl doc L + +=item * set_security_level + +B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.0, not in LibreSSL + +Sets the security level associated with $ssl to $level. + + Net::SSLeay::set_security_level($ssl, $level); + # $ssl - value corresponding to openssl's SSL structure + # $level - new security level + # + # returns: no return value + +Check openssl doc L + +=item * set_num_tickets + +B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1, not in LibreSSL + +Set number of TLSv1.3 session tickets that will be sent to a client. + + my $rv = Net::SSLeay::set_num_tickets($ssl, $number_of_tickets); + # $ssl - value corresponding to openssl's SSL structure + # $number_of_tickets - number of tickets to send + # + # returns: 1 on success, 0 on failure + +Set to zero if you do not no want to support a session resumption. + +Check openssl doc L + +=item * get_num_tickets + +B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1, not in LibreSSL + +Get number of TLSv1.3 session tickets that will be sent to a client. + + my $number_of_tickets = Net::SSLeay::get_num_tickets($ctx); + # $ctx - value corresponding to openssl's SSL structure + # + # returns: number of tickets to send + +Check openssl doc L + +=item * get_server_random + +Returns internal SSLv3 server_random value. + + Net::SSLeay::get_server_random($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: server_random value (binary data) + +=item * get_client_random + +B Does not exactly correspond to any low level API function + +Returns internal SSLv3 client_random value. + + Net::SSLeay::get_client_random($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: client_random value (binary data) + +=item * export_keying_material + +Returns keying material based on the string $label and optional +$context. Note that with TLSv1.2 and lower, empty context (empty +string) and undefined context (no value or 'undef') will return +different values. + + my $out = Net::SSLeay::export_keying_material($ssl, $olen, $label, $context); + # $ssl - value corresponding to openssl's SSL structure + # $olen - number of bytes to return + # $label - application specific label + # $context - [optional] context - default is undef for no context + # + # returns: keying material (binary data) or undef on error + +Check openssl doc L + +=item * get_session + +Retrieve TLS/SSL session data used in $ssl. The reference count of the SSL_SESSION is NOT incremented. + + my $rv = Net::SSLeay::get_session($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: value corresponding to openssl's SSL_SESSION structure (0 on failure) + +Check openssl doc L + +=item * SSL_get0_session + +The alias for L (note that the name is C NOT C). + + my $rv = Net::SSLeay::SSL_get0_session(); + +=item * get1_session + +Returns a pointer to the SSL_SESSION actually used in $ssl. The reference count of the SSL_SESSION is incremented by 1. + + my $rv = Net::SSLeay::get1_session($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: value corresponding to openssl's SSL_SESSION structure (0 on failure) + +Check openssl doc L + +=item * get_shared_ciphers + +Returns string with a list (colon ':' separated) of ciphers shared between client and server +within SSL session $ssl. + + my $rv = Net::SSLeay::get_shared_ciphers() + # + # returns: string like 'ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:...' + +=item * get_shutdown + +Returns the shutdown mode of $ssl. + + my $rv = Net::SSLeay::get_shutdown($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: shutdown mode (bitmask) of ssl + + #to decode the return value (bitmask) use: + 0 - No shutdown setting, yet + 1 - SSL_SENT_SHUTDOWN + 2 - SSL_RECEIVED_SHUTDOWN + +Check openssl doc L + +=item * get_ssl_method + +Returns a function pointer to the TLS/SSL method set in $ssl. + + my $rv = Net::SSLeay::get_ssl_method($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: value corresponding to openssl's SSL_METHOD structure (0 on failure) + +Check openssl doc L + +=item * in_init, in_before, is_init_finished, in_connect_init, in_accept_init + +B not available in Net-SSLeay-1.85 and before. + +Retrieve information about the handshake state machine. All functions take $ssl as the only argument and return 0 or 1. These functions are recommended over get_state() and state(). + + my $rv = Net::SSLeay::is_init_finished($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: All functions return 1 or 0 + +Check openssl doc L + +=item * get_state + +B OpenSSL 1.1.0 and later use different constants which are not made available. Use is_init_finished() and related functions instead. + +Returns the SSL connection state. + + my $rv = Net::SSLeay::get_state($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: (integer) state value + # to decode the returned state check: + # SSL_ST_* constants in openssl/ssl.h + # SSL2_ST_* constants in openssl/ssl2.h + # SSL23_ST_* constants in openssl/ssl23.h + # SSL3_ST_* + DTLS1_ST_* constants in openssl/ssl3.h + +=item * state + +Exactly the same as L. + + my $rv = Net::SSLeay::state($ssl); + +=item * set_state + +Sets the SSL connection state. + + Net::SSLeay::set_state($ssl,Net::SSLeay::SSL_ST_ACCEPT()); + +Not available with OpenSSL 1.1 and later. + +=item * get_verify_depth + +Returns the verification depth limit currently set in $ssl. + + my $rv = Net::SSLeay::get_verify_depth($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: current depth or -1 if no limit has been explicitly set + +Check openssl doc L + +=item * set_verify_depth + +Sets the maximum depth for the certificate chain verification that shall be allowed for $ssl. + + Net::SSLeay::set_verify_depth($ssl, $depth); + # $ssl - value corresponding to openssl's SSL structure + # $depth - (integer) depth + # + # returns: no return value + +Check openssl doc L + +=item * get_verify_mode + +Returns the verification mode (bitmask) currently set in $ssl. + + my $rv = Net::SSLeay::get_verify_mode($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: mode (bitmask) + +To decode the return value (bitmask) see documentation for L. + +Check openssl doc L + +=item * set_verify + +Sets the verification flags for $ssl to be $mode and specifies the $verify_callback function to be used. + + Net::SSLeay::set_verify($ssl, $mode, $callback); + # $ssl - value corresponding to openssl's SSL structure + # $mode - mode (bitmask) + # $callback - [optional] reference to perl callback function + # + # returns: no return value + +For $mode bitmask details see L. + +Check openssl doc L + +=item * set_post_handshake_auth + +B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1, not in LibreSSL + +Enable the Post-Handshake Authentication extension to be added to the ClientHello such that post-handshake authentication can be requested by the server. + + Net::SSLeay::set_posthandshake_auth($ssl, $val); + # $ssl - value corresponding to openssl's SSL structure + # $val - 0 then the extension is not sent, otherwise it is + # + # returns: no return value + +Check openssl doc L + +=item * verify_client_post_handshake + +B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1, not in LibreSSL + +verify_client_post_handshake causes a CertificateRequest message to be sent by a server on the given ssl connection. + + my $rv = Net::SSLeay::verify_client_post_handshake($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: 1 if the request succeeded, and 0 if the request failed. The error stack can be examined to determine the failure reason. + +Check openssl doc L + +=item * get_verify_result + +Returns the result of the verification of the X509 certificate presented by the peer, if any. + + my $rv = Net::SSLeay::get_verify_result($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: (integer) + # 0 - X509_V_OK: ok + # 2 - X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate + # 3 - X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL + # 4 - X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature + # 5 - X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature + # 6 - X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key + # 7 - X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure + # 8 - X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure + # 9 - X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid + # 10 - X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired + # 11 - X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid + # 12 - X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired + # 13 - X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field + # 14 - X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field + # 15 - X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field + # 16 - X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field + # 17 - X509_V_ERR_OUT_OF_MEM: out of memory + # 18 - X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate + # 19 - X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain + # 20 - X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate + # 21 - X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate + # 22 - X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long + # 23 - X509_V_ERR_CERT_REVOKED: certificate revoked + # 24 - X509_V_ERR_INVALID_CA: invalid CA certificate + # 25 - X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded + # 26 - X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose + # 27 - X509_V_ERR_CERT_UNTRUSTED: certificate not trusted + # 28 - X509_V_ERR_CERT_REJECTED: certificate rejected + # 29 - X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch + # 30 - X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch + # 31 - X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch + # 32 - X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing + # 50 - X509_V_ERR_APPLICATION_VERIFICATION: application verification failure + +Check openssl doc L + +=item * set_verify_result + +Override result of peer certificate verification. + + Net::SSLeay::set_verify_result($ssl, $v); + # $ssl - value corresponding to openssl's SSL structure + # $v - (integer) result value + # + # returns: no return value + +For more info about valid return values see L + +Check openssl doc L + +=item * get_wbio + +Get 'write' BIO linked to an SSL object $ssl. + + my $rv = Net::SSLeay::get_wbio($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: value corresponding to openssl's BIO structure (0 on failure) + +Check openssl doc L + +=item * load_client_CA_file + +Load X509 certificates from file (PEM formatted). + + my $rv = Net::SSLeay::load_client_CA_file($file); + # $file - (string) file name + # + # returns: value corresponding to openssl's STACK_OF(X509_NAME) structure (0 on failure) + +Check openssl doc L + +=item * clear_num_renegotiations + +Executes SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS command on $ssl. + + my $rv = Net::SSLeay::clear_num_renegotiations($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: command result + +=item * need_tmp_RSA + +Executes SSL_CTRL_NEED_TMP_RSA command on $ssl. + + my $rv = Net::SSLeay::need_tmp_RSA($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: command result + +Not available with OpenSSL 1.1 and later. + +=item * num_renegotiations + +Executes SSL_CTRL_GET_NUM_RENEGOTIATIONS command on $ssl. + + my $rv = Net::SSLeay::num_renegotiations($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: command result + +=item * total_renegotiations + +Executes SSL_CTRL_GET_TOTAL_RENEGOTIATIONS command on $ssl. + + my $rv = Net::SSLeay::total_renegotiations($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: command result + +=item * peek + +Copies $max bytes from the specified $ssl into the returned value. +In contrast to the C function, the data in the SSL +buffer is unmodified after the SSL_peek() operation. + + Net::SSLeay::peek($ssl, $max); + # $ssl - value corresponding to openssl's SSL structure + # $max - [optional] max bytes to peek (integer) - default is 32768 + # + # in scalar context: data read from the TLS/SSL connection, undef on error + # in list context: two-item array consisting of data read (undef on error), + # and return code from SSL_peek(). + +=item * peek_ex + +B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1, not in LibreSSL + +Copies $max bytes from the specified $ssl into the returned value. +In contrast to the C function, the data in the SSL +buffer is unmodified after the SSL_peek_ex() operation. + + my($got, $rv) = Net::SSLeay::peek_ex($ssl, $max); + # $ssl - value corresponding to openssl's SSL structure + # $max - [optional] max bytes to peek (integer) - default is 32768 + # + # returns a list: two-item list consisting of data read (undef on error), + # and return code from SSL_peek_ex(). + +Check openssl doc L + +=item * pending + +Obtain number of readable bytes buffered in $ssl object. + + my $rv = Net::SSLeay::pending($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: the number of bytes pending + +Check openssl doc L + +=item * has_pending + +B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.0, not in LibreSSL + +Returns 1 if $ssl has buffered data (whether processed or unprocessed) and 0 otherwise. + + my $rv = Net::SSLeay::has_pending($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: (integer) 1 or 0 + +Check openssl doc L + +=item * read + +Tries to read $max bytes from the specified $ssl. + + my $got = Net::SSLeay::read($ssl, $max); + my($got, $rv) = Net::SSLeay::read($ssl, $max); + # $ssl - value corresponding to openssl's SSL structure + # $max - [optional] max bytes to read (integer) - default is 32768 + # + # returns: + # in scalar context: data read from the TLS/SSL connection, undef on error + # in list context: two-item array consisting of data read (undef on error), + # and return code from SSL_read(). + +Check openssl doc L + +=item * read_ex + +B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1, not in LibreSSL + +Tries to read $max bytes from the specified $ssl. + + my($got, $rv) = Net::SSLeay::read_ex($ssl, $max); + # $ssl - value corresponding to openssl's SSL structure + # $max - [optional] max bytes to read (integer) - default is 32768 + # + # returns a list: two-item list consisting of data read (undef on error), + # and return code from SSL_read_ex(). + +Check openssl doc L + +=item * renegotiate + +Turn on flags for renegotiation so that renegotiation will happen + + my $rv = Net::SSLeay::renegotiate($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: 1 on success, 0 on failure + +=item * rstate_string + +Returns a 2 letter string indicating the current read state of the SSL object $ssl. + + my $rv = Net::SSLeay::rstate_string($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: 2-letter string + +Check openssl doc L + +=item * rstate_string_long + +Returns a string indicating the current read state of the SSL object ssl. + + my $rv = Net::SSLeay::rstate_string_long($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: string with current state + +Check openssl doc L + +=item * session_reused + +Query whether a reused session was negotiated during handshake. + + my $rv = Net::SSLeay::session_reused($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: 0 - new session was negotiated; 1 - session was reused. + +Check openssl doc L + +=item * set1_param + +B requires at least OpenSSL 1.0.0-beta3 + +Applies X509 verification parameters $vpm on $ssl + + my $rv = Net::SSLeay::set1_param($ssl, $vpm); + # $ssl - value corresponding to openssl's SSL structure + # $vpm - value corresponding to openssl's X509_VERIFY_PARAM structure + # + # returns: 1 on success, 0 on failure + +=item * set_accept_state + +Sets $ssl to work in server mode. + + Net::SSLeay::set_accept_state($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: no return value + +Check openssl doc L + +=item * set_bio + +Connects the BIOs $rbio and $wbio for the read and write operations of the TLS/SSL (encrypted) side of $ssl. + + Net::SSLeay::set_bio($ssl, $rbio, $wbio); + # $ssl - value corresponding to openssl's SSL structure + # $rbio - value corresponding to openssl's BIO structure + # $wbio - value corresponding to openssl's BIO structure + # + # returns: no return value + +Check openssl doc L + +=item * set_cipher_list + +Sets the list of ciphers only for ssl. + + my $rv = Net::SSLeay::set_cipher_list($ssl, $str); + # $ssl - value corresponding to openssl's SSL structure + # $str - (string) cipher list e.g. '3DES:+RSA' + # + # returns: 1 if any cipher could be selected and 0 on complete failure + +Check openssl doc L + +=item * set_ciphersuites + +B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1, not in LibreSSL + +Configure the available TLSv1.3 ciphersuites. + + my $rv = Net::SSLeay::set_ciphersuites($ssl, $str); + # $ssl - value corresponding to openssl's SSL structure + # $str - colon (":") separated list of TLSv1.3 ciphersuite names in order of preference + # + # returns: (integer) 1 if the requested ciphersuite list was configured, and 0 otherwise + +Check openssl doc L + +=item * set_client_CA_list + +Sets the list of CAs sent to the client when requesting a client certificate +for the chosen $ssl, overriding the setting valid for $ssl's SSL_CTX object. + + my $rv = Net::SSLeay::set_client_CA_list($ssl, $list); + # $ssl - value corresponding to openssl's SSL structure + # $list - value corresponding to openssl's STACK_OF(X509_NAME) structure + # + # returns: no return value + +Check openssl doc L + +=item * set_connect_state + +Sets $ssl to work in client mode. + + Net::SSLeay::set_connect_state($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: no return value + +Check openssl doc L + +=item * set_fd + +Sets the file descriptor $fd as the input/output facility for the TLS/SSL (encrypted) +side of $ssl, $fd will typically be the socket file descriptor of a network connection. + + my $rv = Net::SSLeay::set_fd($ssl, $fd); + # $ssl - value corresponding to openssl's SSL structure + # $fd - (integer) file handle (got via perl's fileno) + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * set_psk_client_callback + +Sets the psk client callback. + + Net::SSLeay::set_psk_client_callback($ssl, sub { my $hint = shift; return ($identity, $key) } ); + # $ssl - value corresponding to openssl's SSL structure + # $hint - PSK identity hint send by the server + # $identity - PSK identity + # $key - PSK key, hex string without the leading '0x', e.g. 'deadbeef' + # + # returns: no return value + +Check openssl doc L + +=item * set_rfd + +Sets the file descriptor $fd as the input (read) facility for the TLS/SSL (encrypted) side of $ssl. + + my $rv = Net::SSLeay::set_rfd($ssl, $fd); + # $ssl - value corresponding to openssl's SSL structure + # $fd - (integer) file handle (got via perl's fileno) + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * set_wfd + + my $rv = Net::SSLeay::set_wfd($ssl, $fd); + # $ssl - value corresponding to openssl's SSL structure + # $fd - (integer) file handle (got via perl's fileno) + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * set_info_callback + +Sets the callback function, that can be used to obtain state information for $ssl during connection setup and use. +When callback is undef, the callback setting currently valid for ctx is used. + + Net::SSLeay::set_info_callback($ssl, $cb, [$data]); + # $ssl - value corresponding to openssl's SSL structure + # $cb - sub { my ($ssl,$where,$ret,$data) = @_; ... } + # + # returns: no return value + +Check openssl doc L + +=item * CTX_set_info_callback + +Sets the callback function on ctx, that can be used to obtain state information during ssl connection setup and use. +When callback is undef, an existing callback will be disabled. + + Net::SSLeay::CTX_set_info_callback($ssl, $cb, [$data]); + # $ssl - value corresponding to openssl's SSL structure + # $cb - sub { my ($ssl,$where,$ret,$data) = @_; ... } + # + # returns: no return value + +Check openssl doc L + +=item * set_msg_callback + +Sets the callback function, that can be used to obtain protocol messages information for $ssl during connection setup and use. +When callback is undef, the callback setting currently valid for ctx is used. +Note that set_msg_callback_arg is not provided as there is no need to explicitly set $arg, this is handled by set_msg_callback. + + Net::SSLeay::set_msg_callback($ssl, $cb, [$arg]); + # $ssl - value corresponding to openssl's SSL structure + # $cb - sub { my ($write_p,$version,$content_type,$buf,$len,$ssl,$arg) = @_; ... } + # + # returns: no return value + +Check openssl doc L + +=item * CTX_set_msg_callback + +Sets the callback function on ctx, that can be used to obtain protocol messages information for ssl connection setup and use. +When callback is undef, the existing callback will be disabled. +Note that CTX_set_msg_callback_arg is not provided as there is no need to explicitly set $arg, this is handled by CTX_set_msg_callback. + + Net::SSLeay::CTX_set_msg_callback($ssl, $cb, [$arg]); + # $ssl - value corresponding to openssl's SSL structure + # $cb - sub { my ($write_p,$version,$content_type,$buf,$len,$ssl,$arg) = @_; ... } + # + # returns: no return value + +Check openssl doc L + +=item * set_pref_cipher + +Sets the list of available ciphers for $ssl using the control string $str. + + my $rv = Net::SSLeay::set_pref_cipher($ssl, $str); + # $ssl - value corresponding to openssl's SSL structure + # $str - (string) cipher list e.g. '3DES:+RSA' + # + # returns: 1 if any cipher could be selected and 0 on complete failure + +Check openssl doc L + +=item * CTX_set_psk_client_callback + +Sets the psk client callback. + + Net::SSLeay::CTX_set_psk_client_callback($ssl, sub { my $hint = shift; return ($identity, $key) } ); + # $ssl - value corresponding to openssl's SSL structure + # $hint - PSK identity hint send by the server + # $identity - PSK identity + # $key - PSK key, hex string without the leading '0x', e.g. 'deadbeef' + # + # returns: no return value + +Check openssl doc L + +=item * set_purpose + + my $rv = Net::SSLeay::set_purpose($ssl, $purpose); + # $ssl - value corresponding to openssl's SSL structure + # $purpose - (integer) purpose identifier + # + # returns: 1 on success, 0 on failure + +For more info about available $purpose identifiers see L. + +=item * set_quiet_shutdown + +Sets the 'quiet shutdown' flag for $ssl to be $mode. + + Net::SSLeay::set_quiet_shutdown($ssl, $mode); + # $ssl - value corresponding to openssl's SSL structure + # $mode - 0 or 1 + # + # returns: no return value + +Check openssl doc L + +=item * set_session + +Set a TLS/SSL session to be used during TLS/SSL connect. + + my $rv = Net::SSLeay::set_session($to, $ses); + # $to - value corresponding to openssl's SSL structure + # $ses - value corresponding to openssl's SSL_SESSION structure + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * set_session_id_context + +Sets the context $sid_ctx of length $sid_ctx_len within which a session can be reused for the $ssl object. + + my $rv = Net::SSLeay::set_session_id_context($ssl, $sid_ctx, $sid_ctx_len); + # $ssl - value corresponding to openssl's SSL structure + # $sid_ctx - data buffer + # $sid_ctx_len - length of data in $sid_ctx + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * set_session_secret_cb + +Setup pre-shared secret session resumption function. + + Net::SSLeay::set_session_secret_cb($ssl, $func, $data); + # $ssl - value corresponding to openssl's SSL structure + # $func - perl reference to callback function + # $data - [optional] data that will be passed to callback function when invoked + # + # returns: no return value + +The callback function will be called like: + + callback_function($secret, $ciphers, $pref_cipher, $data); + # $secret is the current master session key, usually all 0s at the beginning of a session + # $ciphers is ref to an array of peer cipher names + # $pref_cipher is a ref to an index into the list of cipher names of + # the preferred cipher. Set it if you want to specify a preferred cipher + # $data is the data passed to set_session_secret_cb + +The callback function should return 1 if it likes the suggested cipher (or has selected an alternative +by setting pref_cipher), else it should return 0 (in which case OpenSSL will select its own preferred cipher). + +With OpenSSL 1.1 and later, callback_function can change the master key for the session by +altering $secret and returning 1. + +=item * CTX_set_tlsext_ticket_getkey_cb + +Setup encryption for TLS session tickets (stateless session reuse). + + Net::SSLeay::CTX_set_tlsext_ticket_getkey_cb($ctx, $func, $data); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $func - perl reference to callback function + # $data - [optional] data that will be passed to callback function when invoked + # + # returns: no return value + +The callback function will be called like: + + getkey($data,[$key_name]) -> ($key,$current_key_name) + # $data is the data passed to set_session_secret_cb + # $key_name is the name of the key OpenSSL has extracted from the session ticket + # $key is the requested key for ticket encryption + HMAC + # $current_key_name is the name for the currently valid key + +OpenSSL will call the function without a key name if it generates a new ticket. +It then needs the callback to return the encryption+HMAC key and an identifier +(key name) for this key. + +When OpenSSL gets a session ticket from the client it extracts the key name and +calls the callback with this name as argument. It then expects the callback to +return the encryption+HMAC key matching the requested key name and and also the +key name which should be used at the moment. If the requested key name and the +returned key name differ it means that this session ticket was created with an +expired key and need to be renewed. In this case OpenSSL will call the callback +again with no key name to create a new session ticket based on the old one. + +The key must be at least 32 byte of random data which can be created with +RAND_bytes. Internally the first 16 byte are used as key in AES-128 encryption +while the next 16 byte are used for the SHA-256 HMAC. +The key name are binary data and must be exactly 16 byte long. + +Example: + + Net::SSLeay::RAND_bytes(my $oldkey,32); + Net::SSLeay::RAND_bytes(my $newkey,32); + my $oldkey_name = pack("a16",'oldsecret'); + my $newkey_name = pack("a16",'newsecret'); + + my @keys = ( + [ $newkey_name, $newkey ], # current active key + [ $oldkey_name, $oldkey ], # already expired + ); + + Net::SSLeay::CTX_set_tlsext_ticket_getkey_cb($server2->_ctx, sub { + my ($mykeys,$name) = @_; + + # return (current_key, current_key_name) if no name given + return ($mykeys->[0][1],$mykeys->[0][0]) if ! $name; + + # return (matching_key, current_key_name) if we find a key matching + # the given name + for(my $i = 0; $i<@$mykeys; $i++) { + next if $name ne $mykeys->[$i][0]; + return ($mykeys->[$i][1],$mykeys->[0][0]); + } + + # no matching key found + return; + },\@keys); + + +This function is based on the OpenSSL function SSL_CTX_set_tlsext_ticket_key_cb +but provides a simpler to use interface. For more information see +L + +=item * set_session_ticket_ext_cb + +Setup callback for TLS session tickets (stateless session reuse). + + Net::SSLeay::set_session_ticket_ext_cb($ssl, $func, $data); + # $ssl - value corresponding to openssl's SSL structure + # $func - perl reference to callback function + # $data - [optional] data that will be passed to callback function when invoked + # + # returns: no return value + +The callback function will be called like: + + getticket($ssl,$ticket,$data) -> $return_value + # $ssl is a value corresponding to openssl's SSL structure + # $ticket is a value of received TLS session ticket (can also be empty) + # $data is the data passed to set_session_ticket_ext_cb + # $return_value is either 0 (failure) or 1 (success) + +This function is based on the OpenSSL function SSL_set_session_ticket_ext_cb. + +=item * set_session_ticket_ext + +Set TLS session ticket (stateless session reuse). + + Net::SSLeay::set_session_ticket_ext($ssl, $ticket); + # $ssl - value corresponding to openssl's SSL structure + # $ticket - is a value of TLS session ticket which client will send (can also be empty string) + # + # returns: no return value + +The callback function will be called like: + + getticket($ssl,$ticket,$data) -> $return_value + # $ssl is a value corresponding to openssl's SSL structure + # $ticket is a value of received TLS session ticket (can also be empty) + # $data is the data passed to set_session_ticket_ext_cb + # $return_value is either 0 (failure) or 1 (success) + +This function is based on the OpenSSL function SSL_set_session_ticket_ext_cb. + +=item * set_shutdown + +Sets the shutdown state of $ssl to $mode. + + Net::SSLeay::set_shutdown($ssl, $mode); + # $ssl - value corresponding to openssl's SSL structure + # $mode - (integer) shutdown mode: + # 0 - No shutdown + # 1 - SSL_SENT_SHUTDOWN + # 2 - SSL_RECEIVED_SHUTDOWN + # 3 - SSL_RECEIVED_SHUTDOWN+SSL_SENT_SHUTDOWN + # + # returns: no return value + +Check openssl doc L + +=item * set_ssl_method + +Sets a new TLS/SSL method for a particular $ssl object. + + my $rv = Net::SSLeay::set_ssl_method($ssl, $method); + # $ssl - value corresponding to openssl's SSL structure + # $method - value corresponding to openssl's SSL_METHOD structure + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * set_tmp_dh + +Sets DH parameters to be used to be $dh. + + my $rv = Net::SSLeay::set_tmp_dh($ssl, $dh); + # $ssl - value corresponding to openssl's SSL structure + # $dh - value corresponding to openssl's DH structure + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * set_tmp_dh_callback + +Sets the callback function for $ssl to be used when a DH parameters are required to $dh_cb. + +??? (does this function really work?) + + Net::SSLeay::set_tmp_dh_callback($ssl, $dh); + # $ssl - value corresponding to openssl's SSL structure + # $dh_cb - pointer to function ??? + # + # returns: no return value + +Check openssl doc L + +=item * set_tmp_rsa + +Sets the temporary/ephemeral RSA key to be used in $ssl to be $rsa. + + my $rv = Net::SSLeay::set_tmp_rsa($ssl, $rsa); + # $ssl - value corresponding to openssl's SSL structure + # $rsa - value corresponding to openssl's RSA structure + # + # returns: 1 on success, 0 on failure + +Example: + + $rsakey = Net::SSLeay::RSA_generate_key(); + Net::SSLeay::set_tmp_rsa($ssl, $rsakey); + Net::SSLeay::RSA_free($rsakey); + +Check openssl doc L + +=item * set_tmp_rsa_callback + +Sets the callback function for $ssl to be used when a temporary/ephemeral RSA key is required to $tmp_rsa_callback. + +??? (does this function really work?) + + Net::SSLeay::set_tmp_rsa_callback($ssl, $tmp_rsa_callback); + # $ssl - value corresponding to openssl's SSL structure + # $tmp_rsa_callback - (function pointer) ??? + # + # returns: no return value + +Check openssl doc L + +=item * set_trust + + my $rv = Net::SSLeay::set_trust($ssl, $trust); + # $ssl - value corresponding to openssl's SSL structure + # $trust - (integer) trust identifier + # + # returns: the original value + +For more details about $trust values see L. + +=item * shutdown + +Shuts down an active TLS/SSL connection. It sends the 'close notify' shutdown alert to the peer. + + my $rv = Net::SSLeay::shutdown($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: 1 - shutdown was successfully completed + # 0 - shutdown is not yet finished, + # -1 - shutdown was not successful + +Check openssl doc L + +=item * state_string + +Returns a 6 letter string indicating the current state of the SSL object $ssl. + + my $rv = Net::SSLeay::state_string($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: 6-letter string + +Check openssl doc L + +=item * state_string_long + +Returns a string indicating the current state of the SSL object $ssl. + + my $rv = Net::SSLeay::state_string_long($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: state strings + +Check openssl doc L + +=item * set_default_passwd_cb + +B not available in Net-SSLeay-1.82 and before; requires at least OpenSSL 1.1.0f. Not needed with LibreSSL. + +Sets the default password callback called when loading/storing a PEM certificate with encryption for $ssl. + + Net::SSLeay::set_default_passwd_cb($ssl, $func); + # $ssl - value corresponding to openssl's SSL structure + # $func - perl reference to callback function + # + # returns: no return value + +Check openssl doc L + +=item * set_default_passwd_cb_userdata + +B not available in Net-SSLeay-1.82 and before; requires at least OpenSSL 1.1.0f. Not needed with LibreSSL. + +Sets a pointer to userdata which will be provided to the password callback of $ssl on invocation. + + Net::SSLeay::set_default_passwd_cb_userdata($ssl, $userdata); + # $ssl - value corresponding to openssl's SSL structure + # $userdata - data that will be passed to callback function when invoked + # + # returns: no return value + +Check openssl doc L + +=item * use_PrivateKey + +Adds $pkey as private key to $ssl. + + my $rv = Net::SSLeay::use_PrivateKey($ssl, $pkey); + # $ssl - value corresponding to openssl's SSL structure + # $pkey - value corresponding to openssl's EVP_PKEY structure + # + # returns: 1 on success, otherwise check out the error stack to find out the reason + +Check openssl doc L + +=item * use_PrivateKey_ASN1 + +Adds the private key of type $pk stored in $data to $ssl. + + my $rv = Net::SSLeay::use_PrivateKey_ASN1($pk, $ssl, $d, $len); + # $pk - (integer) key type, NID of corresponding algorithm + # $ssl - value corresponding to openssl's SSL structure + # $data - key data (binary) + # $len - length of $data + # + # returns: 1 on success, otherwise check out the error stack to find out the reason + +Check openssl doc L + +=item * use_PrivateKey_file + +Adds the first private key found in $file to $ssl. + + my $rv = Net::SSLeay::use_PrivateKey_file($ssl, $file, $type); + # $ssl - value corresponding to openssl's SSL structure + # $file - (string) file name + # $type - (integer) type - use constants &Net::SSLeay::FILETYPE_PEM or &Net::SSLeay::FILETYPE_ASN1 + # + # returns: 1 on success, otherwise check out the error stack to find out the reason + +Check openssl doc L + +=item * use_RSAPrivateKey + +Adds $rsa as RSA private key to $ssl. + + my $rv = Net::SSLeay::use_RSAPrivateKey($ssl, $rsa); + # $ssl - value corresponding to openssl's SSL structure + # $rsa - value corresponding to openssl's RSA structure + # + # returns: 1 on success, otherwise check out the error stack to find out the reason + +Check openssl doc L + +=item * use_RSAPrivateKey_ASN1 + +Adds RSA private key stored in $data to $ssl. + + my $rv = Net::SSLeay::use_RSAPrivateKey_ASN1($ssl, $data, $len); + # $ssl - value corresponding to openssl's SSL structure + # $data - key data (binary) + # $len - length of $data + # + # returns: 1 on success, otherwise check out the error stack to find out the reason + +Check openssl doc L + +=item * use_RSAPrivateKey_file + +Adds the first RSA private key found in $file to $ssl. + + my $rv = Net::SSLeay::use_RSAPrivateKey_file($ssl, $file, $type); + # $ssl - value corresponding to openssl's SSL structure + # $file - (string) file name + # $type - (integer) type - use constants &Net::SSLeay::FILETYPE_PEM or &Net::SSLeay::FILETYPE_ASN1 + # + # returns: 1 on success, otherwise check out the error stack to find out the reason + +Check openssl doc L + +=item * use_certificate + +Loads the certificate $x into $ssl. + + my $rv = Net::SSLeay::use_certificate($ssl, $x); + # $ssl - value corresponding to openssl's SSL structure + # $x - value corresponding to openssl's X509 structure + # + # returns: 1 on success, otherwise check out the error stack to find out the reason + +Check openssl doc L + +=item * use_certificate_ASN1 + +Loads the ASN1 encoded certificate from $data to $ssl. + + my $rv = Net::SSLeay::use_certificate_ASN1($ssl, $data, $len); + # $ssl - value corresponding to openssl's SSL structure + # $data - certificate data (binary) + # $len - length of $data + # + # returns: 1 on success, otherwise check out the error stack to find out the reason + +Check openssl doc L + +=item * use_certificate_chain_file + +B: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL 1.1.0 + +Loads a certificate chain from $file into $ssl. The certificates must be in PEM format and must be sorted +starting with the subject's certificate (actual client or server certificate), followed by intermediate +CA certificates if applicable, and ending at the highest level (root) CA. + + my $rv = Net::SSLeay::use_certificate_chain_file($ssl, $file); + # $ssl - value corresponding to openssl's SSL structure + # $file - (string) file name + # + # returns: 1 on success, otherwise check out the error stack to find out the reason + +Check openssl doc L + +=item * use_certificate_file + +Loads the first certificate stored in $file into $ssl. + + my $rv = Net::SSLeay::use_certificate_file($ssl, $file, $type); + # $ssl - value corresponding to openssl's SSL structure + # $file - (string) file name + # $type - (integer) type - use constants &Net::SSLeay::FILETYPE_PEM or &Net::SSLeay::FILETYPE_ASN1 + # + # returns: 1 on success, otherwise check out the error stack to find out the reason + +Check openssl doc L + +=item * get_version + +Returns SSL/TLS protocol name + + my $rv = Net::SSLeay::get_version($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: (string) protocol name, see OpenSSL manual for the full list + # TLSv1 + # TLSv1.3 + +Check openssl doc L + +=item * version + +Returns SSL/TLS protocol version + + my $rv = Net::SSLeay::version($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: (integer) protocol version, see OpenSSL manual for the full list + # 0x0301 - TLS1_VERSION (TLSv1) + # 0xFEFF - DTLS1_VERSION (DTLSv1) + +Check openssl doc L + +=item * client_version + +B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.0, not in LibreSSL + +Returns TLS protocol version used by the client when initiating the connection + + my $rv = Net::SSLeay::client_version($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: (integer) protocol version, see OpenSSL manual for the full list + # 0x0301 - TLS1_VERSION (TLSv1) + # 0xFEFF - DTLS1_VERSION (DTLSv1) + +Check openssl doc L + +=item * is_dtls + +B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.0, not in LibreSSL + + my $rv = Net::SSLeay::is_dtls($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: (integer) zero or one + # 0 - connection is not using DTLS + # 1 - connection is using DTLS + +Check openssl doc L + +=item * want + +Returns state information for the SSL object $ssl. + + my $rv = Net::SSLeay::want($ssl); + # $ssl - value corresponding to openssl's SSL structure + # + # returns: state + # 1 - SSL_NOTHING + # 2 - SSL_WRITING + # 3 - SSL_READING + # 4 - SSL_X509_LOOKUP + +Check openssl doc L + +=item * write + +Writes data from the buffer $data into the specified $ssl connection. + + my $rv = Net::SSLeay::write($ssl, $data); + # $ssl - value corresponding to openssl's SSL structure + # $data - data to be written + # + # returns: >0 - (success) number of bytes actually written to the TLS/SSL connection + # 0 - write not successful, probably the underlying connection was closed + # <0 - error + +Check openssl doc L + +=item * write_ex + +B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1, not in LibreSSL + +Writes data from the buffer $data into the specified $ssl connection. + + my ($len, $rv) = Net::SSLeay::write_ex($ssl, $data); + # $ssl - value corresponding to openssl's SSL structure + # $data - data to be written + # + # returns a list: two-item list consisting of number of bytes written, + # and return code from SSL_write_ex() + +Check openssl doc L + +=item * write_partial + +B Does not exactly correspond to any low level API function + +Writes a fragment of data in $data from the buffer $data into the specified +$ssl connection. This is a non-blocking function like L. + + my $rv = Net::SSLeay::write_partial($ssl, $from, $count, $data); + # $ssl - value corresponding to openssl's SSL structure + # $from - (integer) offset from the beginning of $data + # $count - (integer) length of data to be written + # $data - data buffer + # + # returns: >0 - (success) number of bytes actually written to the TLS/SSL connection + # 0 - write not successful, probably the underlying connection was closed + # <0 - error + +=item * set_tlsext_host_name + +B not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.8f + +Sets TLS servername extension on SLL object $ssl to value $name. + + my $rv = set_tlsext_host_name($ssl, $name); + # $ssl - value corresponding to openssl's SSL structure + # $name - (string) name to be set + # + # returns: 1 on success, 0 on failure + +=back + +=head3 Low level API: RAND_* related functions + +Check openssl doc related to RAND stuff L + +=over + +=item * RAND_add + +Mixes the $num bytes at $buf into the PRNG state. + + Net::SSLeay::RAND_add($buf, $num, $entropy); + # $buf - buffer with data to be mixed into the PRNG state + # $num - number of bytes in $buf + # $entropy - estimate of how much randomness is contained in $buf (in bytes) + # + # returns: no return value + +Check openssl doc L + +=item * RAND_seed + +Equivalent to L when $num == $entropy. + + Net::SSLeay::RAND_seed($buf); # Perlishly figures out buf size + # $buf - buffer with data to be mixed into the PRNG state + # $num - number of bytes in $buf + # + # returns: no return value + +Check openssl doc L + +=item * RAND_status + +Gives PRNG status (seeded enough or not). + + my $rv = Net::SSLeay::RAND_status(); + #returns: 1 if the PRNG has been seeded with enough data, 0 otherwise + +Check openssl doc L + +=item * RAND_bytes + +Puts $num cryptographically strong pseudo-random bytes into $buf. + + my $rv = Net::SSLeay::RAND_bytes($buf, $num); + # $buf - buffer where the random data will be stored + # $num - the size (in bytes) of requested random data + # + # returns: 1 on success, -1 if not supported by the current RAND method, or 0 on other failure + +Check openssl doc L + +=item * RAND_priv_bytes + +B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1, not in LibreSSL + +Puts $num cryptographically strong pseudo-random bytes into $buf. + + my $rv = Net::SSLeay::RAND_priv_bytes($buf, $num); + # $buf - buffer where the random data will be stored + # $num - the size (in bytes) of requested random data + # + # returns: 1 on success, -1 if not supported by the current RAND method, or 0 on other failure + +RAND_priv_bytes has the same semantics as RAND_bytes, but see see the documentation for more information. + +Check openssl doc L + +=item * RAND_pseudo_bytes + +Puts $num pseudo-random (not necessarily unpredictable) bytes into $buf. + + my $rv = Net::SSLeay::RAND_pseudo_bytes($buf, $num); + # $buf - buffer where the random data will be stored + # $num - the size (in bytes) of requested random data + # + # returns: 1 if the bytes generated are cryptographically strong, 0 otherwise + +Check openssl doc L + +=item * RAND_cleanup + +Erase the PRNG state. + + Net::SSLeay::RAND_cleanup(); + # no args, no return value + +Check openssl doc L + +=item * RAND_egd_bytes + +Queries the entropy gathering daemon EGD on socket $path for $bytes bytes. + + my $rv = Net::SSLeay::RAND_egd_bytes($path, $bytes); + # $path - path to a socket of entropy gathering daemon EGD + # $bytes - number of bytes we want from EGD + # + # returns: the number of bytes read from the daemon on success, and -1 on failure + +Check openssl doc L + +=item * RAND_file_name + +Generates a default path for the random seed file. + + my $file = Net::SSLeay::RAND_file_name($num); + # $num - maximum size of returned file name + # + # returns: string with file name on success, '' (empty string) or undef on failure + +LibreSSL and OpenSSL 1.1.0a and later return undef when, for example, $num is not large enough to hold the filename. + +Check openssl doc L + +=item * RAND_load_file + +B Is no longer functional on LibreSSL + +Reads $max_bytes of bytes from $file_name and adds them to the PRNG. + + my $rv = Net::SSLeay::RAND_load_file($file_name, $max_bytes); + # $file_name - the name of file + # $max_bytes - bytes to read from $file_name; -1 => the complete file is read + # + # returns: the number of bytes read + +Check openssl doc L + +=item * RAND_write_file + +Writes 1024 random bytes to $file_name which can be used to initialize the PRNG by calling L in a later session. + + my $rv = Net::SSLeay::RAND_write_file($file_name); + # $file_name - the name of file + # + # returns: the number of bytes written, and -1 if the bytes written were generated without appropriate seed + +Check openssl doc L + +=item * RAND_poll + +Collects some entropy from operating system and adds it to the PRNG. + + my $rv = Net::SSLeay::RAND_poll(); + # returns: 1 on success, 0 on failure (unable to gather reasonable entropy) + +=back + +=head3 Low level API: OBJ_* related functions + +=over + +=item * OBJ_cmp + +Compares ASN1_OBJECT $a to ASN1_OBJECT $b. + + my $rv = Net::SSLeay::OBJ_cmp($a, $b); + # $a - value corresponding to openssl's ASN1_OBJECT structure + # $b - value corresponding to openssl's ASN1_OBJECT structure + # + # returns: if the two are identical 0 is returned + +Check openssl doc L + +=item * OBJ_dup + +Returns a copy/duplicate of $o. + + my $rv = Net::SSLeay::OBJ_dup($o); + # $o - value corresponding to openssl's ASN1_OBJECT structure + # + # returns: value corresponding to openssl's ASN1_OBJECT structure (0 on failure) + +Check openssl doc L + +=item * OBJ_nid2ln + +Returns long name for given NID $n. + + my $rv = Net::SSLeay::OBJ_nid2ln($n); + # $n - (integer) NID + # + # returns: (string) long name e.g. 'commonName' + +Check openssl doc L + +=item * OBJ_ln2nid + +Returns NID corresponding to given long name $n. + + my $rv = Net::SSLeay::OBJ_ln2nid($s); + # $s - (string) long name e.g. 'commonName' + # + # returns: (integer) NID + +=item * OBJ_nid2sn + +Returns short name for given NID $n. + + my $rv = Net::SSLeay::OBJ_nid2sn($n); + # $n - (integer) NID + # + # returns: (string) short name e.g. 'CN' + +Example: + + print Net::SSLeay::OBJ_nid2sn(&Net::SSLeay::NID_commonName); + +=item * OBJ_sn2nid + +Returns NID corresponding to given short name $s. + + my $rv = Net::SSLeay::OBJ_sn2nid($s); + # $s - (string) short name e.g. 'CN' + # + # returns: (integer) NID + +Example: + + print "NID_commonName constant=", &Net::SSLeay::NID_commonName; + print "OBJ_sn2nid('CN')=", Net::SSLeay::OBJ_sn2nid('CN'); + +=item * OBJ_nid2obj + +Returns ASN1_OBJECT for given NID $n. + + my $rv = Net::SSLeay::OBJ_nid2obj($n); + # $n - (integer) NID + # + # returns: value corresponding to openssl's ASN1_OBJECT structure (0 on failure) + +Check openssl doc L + +=item * OBJ_obj2nid + +Returns NID corresponding to given ASN1_OBJECT $o. + + my $rv = Net::SSLeay::OBJ_obj2nid($o); + # $o - value corresponding to openssl's ASN1_OBJECT structure + # + # returns: (integer) NID + +Check openssl doc L + +=item * OBJ_txt2obj + +Converts the text string s into an ASN1_OBJECT structure. If $no_name is 0 then +long names (e.g. 'commonName') and short names (e.g. 'CN') will be interpreted +as well as numerical forms (e.g. '2.5.4.3'). If $no_name is 1 only the numerical +form is acceptable. + + my $rv = Net::SSLeay::OBJ_txt2obj($s, $no_name); + # $s - text string to be converted + # $no_name - (integer) 0 or 1 + # + # returns: value corresponding to openssl's ASN1_OBJECT structure (0 on failure) + +Check openssl doc L + +=item * OBJ_obj2txt + +Converts the ASN1_OBJECT a into a textual representation. + + Net::SSLeay::OBJ_obj2txt($a, $no_name); + # $a - value corresponding to openssl's ASN1_OBJECT structure + # $no_name - (integer) 0 or 1 + # + # returns: textual representation e.g. 'commonName' ($no_name=0), '2.5.4.3' ($no_name=1) + +Check openssl doc L + +=item * OBJ_txt2nid + +Returns NID corresponding to text string $s which can be a long name, a short name or the numerical representation of an object. + + my $rv = Net::SSLeay::OBJ_txt2nid($s); + # $s - (string) e.g. 'commonName' or 'CN' or '2.5.4.3' + # + # returns: (integer) NID + +Example: + + my $nid = Net::SSLeay::OBJ_txt2nid('2.5.4.3'); + Net::SSLeay::OBJ_nid2sn($n); + +Check openssl doc L + +=back + +=head3 Low level API: ASN1_INTEGER_* related functions + +=over + +=item * ASN1_INTEGER_new + +B not available in Net-SSLeay-1.45 and before + +Creates a new ASN1_INTEGER structure. + + my $rv = Net::SSLeay::ASN1_INTEGER_new(); + # + # returns: value corresponding to openssl's ASN1_INTEGER structure (0 on failure) + +=item * ASN1_INTEGER_free + +B not available in Net-SSLeay-1.45 and before + +Free an allocated ASN1_INTEGER structure. + + Net::SSLeay::ASN1_INTEGER_free($i); + # $i - value corresponding to openssl's ASN1_INTEGER structure + # + # returns: no return value + +=item * ASN1_INTEGER_get + +B not available in Net-SSLeay-1.45 and before + +Returns integer value of given ASN1_INTEGER object. + +B If the value stored in ASN1_INTEGER is greater than max. integer that can be stored +in 'long' type (usually 32bit but may vary according to platform) then this function will return -1. +For getting large ASN1_INTEGER values consider using L or L. + + my $rv = Net::SSLeay::ASN1_INTEGER_get($a); + # $a - value corresponding to openssl's ASN1_INTEGER structure + # + # returns: integer value of ASN1_INTEGER object in $a + +=item * ASN1_INTEGER_set + +B not available in Net-SSLeay-1.45 and before + +Sets value of given ASN1_INTEGER object to value $val + +B $val has max. limit (= max. integer that can be stored in 'long' type). +For setting large ASN1_INTEGER values consider using L or L. + + my $rv = Net::SSLeay::ASN1_INTEGER_set($i, $val); + # $i - value corresponding to openssl's ASN1_INTEGER structure + # $val - integer value + # + # returns: 1 on success, 0 on failure + +=item * P_ASN1_INTEGER_get_dec + +B not available in Net-SSLeay-1.45 and before + +Returns string with decimal representation of integer value of given ASN1_INTEGER object. + + Net::SSLeay::P_ASN1_INTEGER_get_dec($i); + # $i - value corresponding to openssl's ASN1_INTEGER structure + # + # returns: string with decimal representation + +=item * P_ASN1_INTEGER_get_hex + +B not available in Net-SSLeay-1.45 and before + +Returns string with hexadecimal representation of integer value of given ASN1_INTEGER object. + + Net::SSLeay::P_ASN1_INTEGER_get_hex($i); + # $i - value corresponding to openssl's ASN1_INTEGER structure + # + # returns: string with hexadecimal representation + +=item * P_ASN1_INTEGER_set_dec + +B not available in Net-SSLeay-1.45 and before + +Sets value of given ASN1_INTEGER object to value $val (decimal string, suitable for large integers) + + Net::SSLeay::P_ASN1_INTEGER_set_dec($i, $str); + # $i - value corresponding to openssl's ASN1_INTEGER structure + # $str - string with decimal representation + # + # returns: 1 on success, 0 on failure + +=item * P_ASN1_INTEGER_set_hex + +B not available in Net-SSLeay-1.45 and before + +Sets value of given ASN1_INTEGER object to value $val (hexadecimal string, suitable for large integers) + + Net::SSLeay::P_ASN1_INTEGER_set_hex($i, $str); + # $i - value corresponding to openssl's ASN1_INTEGER structure + # $str - string with hexadecimal representation + # + # returns: 1 on success, 0 on failure + +=back + +=head3 Low level API: ASN1_STRING_* related functions + +=over + +=item * P_ASN1_STRING_get + +B not available in Net-SSLeay-1.45 and before + +Returns string value of given ASN1_STRING object. + + Net::SSLeay::P_ASN1_STRING_get($s, $utf8_decode); + # $s - value corresponding to openssl's ASN1_STRING structure + # $utf8_decode - [optional] 0 or 1 whether the returned value should be utf8 decoded (default=0) + # + # returns: string + + $string = Net::SSLeay::P_ASN1_STRING_get($s); + #is the same as: + $string = Net::SSLeay::P_ASN1_STRING_get($s, 0); + +=back + +=head3 Low level API: ASN1_TIME_* related functions + +=over + +=item * ASN1_TIME_new + +B not available in Net-SSLeay-1.42 and before + + my $time = ASN1_TIME_new(); + # returns: value corresponding to openssl's ASN1_TIME structure + +=item * ASN1_TIME_free + +B not available in Net-SSLeay-1.42 and before + + ASN1_TIME_free($time); + # $time - value corresponding to openssl's ASN1_TIME structure + +=item * ASN1_TIME_set + +B not available in Net-SSLeay-1.42 and before + + ASN1_TIME_set($time, $t); + # $time - value corresponding to openssl's ASN1_TIME structure + # $t - time value in seconds since 1.1.1970 + +B It is platform dependent how this function will handle dates after 2038. +Although perl's integer is large enough the internal implementation of this function +is dependent on the size of time_t structure (32bit time_t has problem with 2038). + +If you want to safely set date and time after 2038 use function L. + +=item * P_ASN1_TIME_get_isotime + +B not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7e + +B Does not exactly correspond to any low level API function + +Gives ISO-8601 string representation of ASN1_TIME structure. + + my $datetime_string = P_ASN1_TIME_get_isotime($time); + # $time - value corresponding to openssl's ASN1_TIME structure + # + # returns: datetime string like '2033-05-16T20:39:37Z' or '' on failure + +The output format is compatible with module L + +=item * P_ASN1_TIME_set_isotime + +B not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7e + +B Does not exactly correspond to any low level API function + +Sets time and date value of ANS1_time structure. + + my $rv = P_ASN1_TIME_set_isotime($time, $string); + # $time - value corresponding to openssl's ASN1_TIME structure + # $string - ISO-8601 timedate string like '2033-05-16T20:39:37Z' + # + # returns: 1 on success, 0 on failure + +The C<$string> parameter has to be in full form like C<"2012-03-22T23:55:33"> or +C<"2012-03-22T23:55:33Z"> or C<"2012-03-22T23:55:33CET">. Short forms like +C<"2012-03-22T23:55"> or C<"2012-03-22"> are not supported. + +=item * P_ASN1_TIME_put2string + +B not available in Net-SSLeay-1.42 and before, has bugs with openssl-0.9.8i + +B Does not exactly correspond to any low level API function + +Gives string representation of ASN1_TIME structure. + + my $str = P_ASN1_TIME_put2string($time); + # $time - value corresponding to openssl's ASN1_TIME structure + # + # returns: datetime string like 'May 16 20:39:37 2033 GMT' + +=item * P_ASN1_UTCTIME_put2string + +B deprecated function, only for backward compatibility, just an alias +for L + +=back + +=head3 Low level API: X509_* related functions + +=over + +=item * X509_new + +B not available in Net-SSLeay-1.45 and before + +Allocates and initializes a X509 structure. + + my $rv = Net::SSLeay::X509_new(); + # + # returns: value corresponding to openssl's X509 structure (0 on failure) + +Check openssl doc L + +=item * X509_free + +Frees up the X509 structure. + + Net::SSLeay::X509_free($a); + # $a - value corresponding to openssl's X509 structure + # + # returns: no return value + +Check openssl doc L + +=item * X509_check_host + +B not available in Net-SSLeay-1.68 and before; requires at +least OpenSSL 1.0.2. X509_CHECK_FLAG_NEVER_CHECK_SUBJECT requires OpenSSL 1.1.0. + +Checks if the certificate Subject Alternative Name (SAN) or Subject CommonName +(CN) matches the specified host name. + + my $rv = Net::SSLeay::X509_check_host($cert, $name, $flags, $peername); + # $cert - value corresponding to openssl's X509 structure + # $name - host name to check + # $flags (optional, default: 0) - can be the bitwise OR of: + # &Net::SSLeay::X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT + # &Net::SSLeay::X509_CHECK_FLAG_NO_WILDCARDS + # &Net::SSLeay::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS + # &Net::SSLeay::X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS + # &Net::SSLeay::X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS + # &Net::SSLeay::X509_CHECK_FLAG_NEVER_CHECK_SUBJECT + # $peername (optional) - If not omitted and $host matches $cert, + # a copy of the matching SAN or CN from + # the peer certificate is stored in $peername. + # + # returns: + # 1 for a successful match + # 0 for a failed match + # -1 for an internal error + # -2 if the input is malformed + +Check openssl doc L. + +=item * X509_check_email + +B not available in Net-SSLeay-1.68 and before; requires at least OpenSSL 1.0.2. + +Checks if the certificate matches the specified email address. + + my $rv = Net::SSLeay::X509_check_email($cert, $address, $flags); + # $cert - value corresponding to openssl's X509 structure + # $address - email address to check + # $flags (optional, default: 0) - see X509_check_host() + # + # returns: see X509_check_host() + +Check openssl doc L. + +=item * X509_check_ip + +B not available in Net-SSLeay-1.68 and before; requires at least OpenSSL 1.0.2. + +Checks if the certificate matches the specified IPv4 or IPv6 address. + + my $rv = Net::SSLeay::X509_check_ip($cert, $address, $flags); + # $cert - value corresponding to openssl's X509 structure + # $address - IP address to check in binary format, in network byte order + # $flags (optional, default: 0) - see X509_check_host() + # + # returns: see X509_check_host() + +Check openssl doc L. + +=item * X509_check_ip_asc + +B not available in Net-SSLeay-1.68 and before; requires at least OpenSSL 1.0.2. + +Checks if the certificate matches the specified IPv4 or IPv6 address. + + my $rv = Net::SSLeay::X509_check_ip_asc($cert, $address, $flags); + # $cert - value corresponding to openssl's X509 structure + # $address - IP address to check in text representation + # $flags (optional, default: 0) - see X509_check_host() + # + # returns: see X509_check_host() + +Check openssl doc L. + +=item * X509_certificate_type + +B not available in Net-SSLeay-1.45 and before + +Returns bitmask with type of certificate $x. + + my $rv = Net::SSLeay::X509_certificate_type($x); + # $x - value corresponding to openssl's X509 structure + # + # returns: (integer) bitmask with certificate type + + #to decode bitmask returned by this function use these constants: + &Net::SSLeay::EVP_PKS_DSA + &Net::SSLeay::EVP_PKS_EC + &Net::SSLeay::EVP_PKS_RSA + &Net::SSLeay::EVP_PKT_ENC + &Net::SSLeay::EVP_PKT_EXCH + &Net::SSLeay::EVP_PKT_EXP + &Net::SSLeay::EVP_PKT_SIGN + &Net::SSLeay::EVP_PK_DH + &Net::SSLeay::EVP_PK_DSA + &Net::SSLeay::EVP_PK_EC + &Net::SSLeay::EVP_PK_RSA + +=item * X509_digest + +B not available in Net-SSLeay-1.45 and before + +Computes digest/fingerprint of X509 $data using $type hash function. + + my $digest_value = Net::SSLeay::X509_digest($data, $type); + # $data - value corresponding to openssl's X509 structure + # $type - value corresponding to openssl's EVP_MD structure - e.g. got via EVP_get_digestbyname() + # + # returns: hash value (binary) + + #to get printable (hex) value of digest use: + print unpack('H*', $digest_value); + +=item * X509_issuer_and_serial_hash + +B not available in Net-SSLeay-1.45 and before + +Sort of a checksum of issuer name and serial number of X509 certificate $x. +The result is not a full hash (e.g. sha-1), it is kind-of-a-hash truncated to the size of 'unsigned long' (32 bits). +The resulting value might differ across different openssl versions for the same X509 certificate. + + my $rv = Net::SSLeay::X509_issuer_and_serial_hash($x); + # $x - value corresponding to openssl's X509 structure + # + # returns: number representing checksum + +=item * X509_issuer_name_hash + +B not available in Net-SSLeay-1.45 and before + +Sort of a checksum of issuer name of X509 certificate $x. +The result is not a full hash (e.g. sha-1), it is kind-of-a-hash truncated to the size of 'unsigned long' (32 bits). +The resulting value might differ across different openssl versions for the same X509 certificate. + + my $rv = Net::SSLeay::X509_issuer_name_hash($x); + # $x - value corresponding to openssl's X509 structure + # + # returns: number representing checksum + +=item * X509_subject_name_hash + +B not available in Net-SSLeay-1.45 and before + +Sort of a checksum of subject name of X509 certificate $x. +The result is not a full hash (e.g. sha-1), it is kind-of-a-hash truncated to the size of 'unsigned long' (32 bits). +The resulting value might differ across different openssl versions for the same X509 certificate. + + my $rv = Net::SSLeay::X509_subject_name_hash($x); + # $x - value corresponding to openssl's X509 structure + # + # returns: number representing checksum + +=item * X509_pubkey_digest + +B not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7 + +Computes digest/fingerprint of public key from X509 certificate $data using $type hash function. + + my $digest_value = Net::SSLeay::X509_pubkey_digest($data, $type); + # $data - value corresponding to openssl's X509 structure + # $type - value corresponding to openssl's EVP_MD structure - e.g. got via EVP_get_digestbyname() + # + # returns: hash value (binary) + + #to get printable (hex) value of digest use: + print unpack('H*', $digest_value); + +=item * X509_set_issuer_name + +B not available in Net-SSLeay-1.45 and before + +Sets issuer of X509 certificate $x to $name. + + my $rv = Net::SSLeay::X509_set_issuer_name($x, $name); + # $x - value corresponding to openssl's X509 structure + # $name - value corresponding to openssl's X509_NAME structure + # + # returns: 1 on success, 0 on failure + +=item * X509_set_pubkey + +B not available in Net-SSLeay-1.45 and before + +Sets public key of X509 certificate $x to $pkey. + + my $rv = Net::SSLeay::X509_set_pubkey($x, $pkey); + # $x - value corresponding to openssl's X509 structure + # $pkey - value corresponding to openssl's EVP_PKEY structure + # + # returns: 1 on success, 0 on failure + +=item * X509_set_serialNumber + +B not available in Net-SSLeay-1.45 and before + +Sets serial number of X509 certificate $x to $serial. + + my $rv = Net::SSLeay::X509_set_serialNumber($x, $serial); + # $x - value corresponding to openssl's X509 structure + # $serial - value corresponding to openssl's ASN1_INTEGER structure + # + # returns: 1 on success, 0 on failure + + #to create $serial value use one of these: + $serial = Net::SSLeay::P_ASN1_INTEGER_set_hex('45ad6f'); + $serial = Net::SSLeay::P_ASN1_INTEGER_set_dec('7896541238529631478'); + $serial = Net::SSLeay::ASN1_INTEGER_set(45896); + +=item * X509_set_subject_name + +B not available in Net-SSLeay-1.45 and before + +Sets subject of X509 certificate $x to $name. + + my $rv = Net::SSLeay::X509_set_subject_name($x, $name); + # $x - value corresponding to openssl's X509 structure + # $name - value corresponding to openssl's X509_NAME structure + # + # returns: 1 on success, 0 on failure + +=item * X509_set_version + +B not available in Net-SSLeay-1.45 and before + +Set 'version' value for X509 certificate $ to $version. + + my $rv = Net::SSLeay::X509_set_version($x, $version); + # $x - value corresponding to openssl's X509 structure + # $version - (integer) version number + # + # returns: 1 on success, 0 on failure + +=item * X509_sign + +B not available in Net-SSLeay-1.45 and before + +Sign X509 certificate $x with private key $pkey (using digest algorithm $md). + + my $rv = Net::SSLeay::X509_sign($x, $pkey, $md); + # $x - value corresponding to openssl's X509 structure + # $pkey - value corresponding to openssl's EVP_PKEY structure + # $md - value corresponding to openssl's EVP_MD structure + # + # returns: 1 on success, 0 on failure + +=item * X509_verify + +B not available in Net-SSLeay-1.45 and before + +Verifies X509 object $a using public key $r (pubkey of issuing CA). + + my $rv = Net::SSLeay::X509_verify($x, $r); + # $x - value corresponding to openssl's X509 structure + # $r - value corresponding to openssl's EVP_PKEY structure + # + # returns: 0 - verify failure, 1 - verify OK, <0 - error + +=item * X509_get_ext_count + +B not available in Net-SSLeay-1.45 and before + +Returns the total number of extensions in X509 object $x. + + my $rv = Net::SSLeay::X509_get_ext_count($x); + # $x - value corresponding to openssl's X509 structure + # + # returns: count of extensions + +=item * X509_get_pubkey + +B not available in Net-SSLeay-1.45 and before + +Returns public key corresponding to given X509 object $x. + + my $rv = Net::SSLeay::X509_get_pubkey($x); + # $x - value corresponding to openssl's X509 structure + # + # returns: value corresponding to openssl's EVP_PKEY structure (0 on failure) + +B This method returns only the public key's key bits, without the +algorithm or parameters. Use C to return the full +public key (SPKI) instead. + +=item * X509_get_X509_PUBKEY + +B not available in Net-SSLeay-1.72 and before + +Returns the full public key (SPKI) of given X509 certificate $x. + + Net::SSLeay::X509_get_X509_PUBKEY($x); + # $x - value corresponding to openssl's X509 structure + # + # returns: public key data in DER format (binary) + +=item * X509_get_serialNumber + +B not available in Net-SSLeay-1.45 and before + +Returns serial number of X509 certificate $x. + + my $rv = Net::SSLeay::X509_get_serialNumber($x); + # $x - value corresponding to openssl's X509 structure + # + # returns: value corresponding to openssl's ASN1_INTEGER structure (0 on failure) + +See L, L or L to decode ASN1_INTEGER object. + +=item * X509_get0_serialNumber + +B available in Net-SSLeay-1.86 onwards + +X509_get0_serialNumber() is the same as X509_get_serialNumber() except it accepts a const parameter and returns a const result. + +=item * X509_get_version + +B not available in Net-SSLeay-1.45 and before + +Returns 'version' value of given X509 certificate $x. + + my $rv = Net::SSLeay::X509_get_version($x); + # $x - value corresponding to openssl's X509 structure + # + # returns: (integer) version + +=item * X509_get_ext + +Returns X509_EXTENSION from $x509 based on given position/index. + + my $rv = Net::SSLeay::X509_get_ext($x509, $index); + # $x509 - value corresponding to openssl's X509 structure + # $index - (integer) position/index of extension within $x509 + # + # returns: value corresponding to openssl's X509_EXTENSION structure (0 on failure) + +=item * X509_get_ext_by_NID + +Returns X509_EXTENSION from $x509 based on given NID. + + my $rv = Net::SSLeay::X509_get_ext_by_NID($x509, $nid, $loc); + # $x509 - value corresponding to openssl's X509 structure + # $nid - (integer) NID value + # $loc - (integer) position to start lookup at + # + # returns: position/index of extension, negative value on error + # call Net::SSLeay::X509_get_ext($x509, $rv) to get the actual extension + +=item * X509_get_fingerprint + +Returns fingerprint of certificate $cert. + +B Does not exactly correspond to any low level API function. The implementation +is based on openssl's C. + + Net::SSLeay::X509_get_fingerprint($x509, $type); + # $x509 - value corresponding to openssl's X509 structure + # $type - (string) digest type, currently supported values: + # "md5" + # "sha1" + # "sha256" + # "ripemd160" + # + # returns: certificate digest - hexadecimal string (NOT binary data!) + +=item * X509_get_issuer_name + +Return an X509_NAME object representing the issuer of the certificate $cert. + + my $rv = Net::SSLeay::X509_get_issuer_name($cert); + # $cert - value corresponding to openssl's X509 structure + # + # returns: value corresponding to openssl's X509_NAME structure (0 on failure) + +=item * X509_get_notAfter + +Return an object giving the time after which the certificate $cert is not valid. + + my $rv = Net::SSLeay::X509_get_notAfter($cert); + # $cert - value corresponding to openssl's X509 structure + # + # returns: value corresponding to openssl's ASN1_TIME structure (0 on failure) + +To get human readable/printable form the return value you can use: + + my $time = Net::SSLeay::X509_get_notAfter($cert); + print "notAfter=", Net::SSLeay::P_ASN1_TIME_get_isotime($time), "\n"; + +=item * X509_get_notBefore + +Return an object giving the time before which the certificate $cert is not valid + + my $rv = Net::SSLeay::X509_get_notBefore($cert); + # $cert - value corresponding to openssl's X509 structure + # + # returns: value corresponding to openssl's ASN1_TIME structure (0 on failure) + +To get human readable/printable form the return value you can use: + + my $time = Net::SSLeay::X509_get_notBefore($cert); + print "notBefore=", Net::SSLeay::P_ASN1_TIME_get_isotime($time), "\n"; + +=item * X509_get_subjectAltNames + +B Does not exactly correspond to any low level API function. + +Returns the list of alternative subject names from X509 certificate $cert. + + my @rv = Net::SSLeay::X509_get_subjectAltNames($cert); + # $cert - value corresponding to openssl's X509 structure + # + # returns: list containing pairs - name_type (integer), name_value (string) + # where name_type can be: + # 0 - GEN_OTHERNAME + # 1 - GEN_EMAIL + # 2 - GEN_DNS + # 3 - GEN_X400 + # 4 - GEN_DIRNAME + # 5 - GEN_EDIPARTY + # 6 - GEN_URI + # 7 - GEN_IPADD + # 8 - GEN_RID + +Note: type 7 - GEN_IPADD contains the IP address as a packed binary +address. GEN_RID is available in Net-SSLeay-1.90 and later. Maximum +length for returned RID string is currently 2500. Invalid and overly +long RID values are skipped and not returned. GEN_X400 and +GEN_EDIPARTY are not supported and will not be returned even when +present in the certificate. + +=item * X509_get_subject_name + +Returns the subject of the certificate $cert. + + my $rv = Net::SSLeay::X509_get_subject_name($cert); + # $cert - value corresponding to openssl's X509 structure + # + # returns: value corresponding to openssl's X509_NAME structure (0 on failure) + +=item * X509_gmtime_adj + +Adjust th ASN1_TIME object to the timestamp (in GMT). + + my $rv = Net::SSLeay::X509_gmtime_adj($s, $adj); + # $s - value corresponding to openssl's ASN1_TIME structure + # $adj - timestamp (seconds since 1.1.1970) + # + # returns: value corresponding to openssl's ASN1_TIME structure (0 on failure) + +B this function may fail for dates after 2038 as it is dependent on time_t size on your +system (32bit time_t does not work after 2038). Consider using L instead). + +=item * X509_load_cert_crl_file + +Takes PEM file and loads all X509 certificates and X509 CRLs from that file into X509_LOOKUP structure. + + my $rv = Net::SSLeay::X509_load_cert_crl_file($ctx, $file, $type); + # $ctx - value corresponding to openssl's X509_LOOKUP structure + # $file - (string) file name + # $type - (integer) type - use constants &Net::SSLeay::FILETYPE_PEM or &Net::SSLeay::FILETYPE_ASN1 + # if not FILETYPE_PEM then behaves as Net::SSLeay::X509_load_cert_file() + # + # returns: 1 on success, 0 on failure + +=item * X509_load_cert_file + +Loads/adds X509 certificate from $file to X509_LOOKUP structure + + my $rv = Net::SSLeay::X509_load_cert_file($ctx, $file, $type); + # $ctx - value corresponding to openssl's X509_LOOKUP structure + # $file - (string) file name + # $type - (integer) type - use constants &Net::SSLeay::FILETYPE_PEM or &Net::SSLeay::FILETYPE_ASN1 + # + # returns: 1 on success, 0 on failure + +=item * X509_load_crl_file + +Loads/adds X509 CRL from $file to X509_LOOKUP structure + + my $rv = Net::SSLeay::X509_load_crl_file($ctx, $file, $type); + # $ctx - value corresponding to openssl's X509_LOOKUP structure + # $file - (string) file name + # $type - (integer) type - use constants &Net::SSLeay::FILETYPE_PEM or &Net::SSLeay::FILETYPE_ASN1 + # + # returns: 1 on success, 0 on failure + +=item * X509_policy_level_get0_node + +??? (more info needed) + + my $rv = Net::SSLeay::X509_policy_level_get0_node($level, $i); + # $level - value corresponding to openssl's X509_POLICY_LEVEL structure + # $i - (integer) index/position + # + # returns: value corresponding to openssl's X509_POLICY_NODE structure (0 on failure) + +=item * X509_policy_level_node_count + +??? (more info needed) + + my $rv = Net::SSLeay::X509_policy_level_node_count($level); + # $level - value corresponding to openssl's X509_POLICY_LEVEL structure + # + # returns: (integer) node count + +=item * X509_policy_node_get0_parent + +??? (more info needed) + + my $rv = Net::SSLeay::X509_policy_node_get0_parent($node); + # $node - value corresponding to openssl's X509_POLICY_NODE structure + # + # returns: value corresponding to openssl's X509_POLICY_NODE structure (0 on failure) + +=item * X509_policy_node_get0_policy + +??? (more info needed) + + my $rv = Net::SSLeay::X509_policy_node_get0_policy($node); + # $node - value corresponding to openssl's X509_POLICY_NODE structure + # + # returns: value corresponding to openssl's ASN1_OBJECT structure (0 on failure) + +=item * X509_policy_node_get0_qualifiers + +??? (more info needed) + + my $rv = Net::SSLeay::X509_policy_node_get0_qualifiers($node); + # $node - value corresponding to openssl's X509_POLICY_NODE structure + # + # returns: value corresponding to openssl's STACK_OF(POLICYQUALINFO) structure (0 on failure) + +=item * X509_policy_tree_free + +??? (more info needed) + + Net::SSLeay::X509_policy_tree_free($tree); + # $tree - value corresponding to openssl's X509_POLICY_TREE structure + # + # returns: no return value + +=item * X509_policy_tree_get0_level + +??? (more info needed) + + my $rv = Net::SSLeay::X509_policy_tree_get0_level($tree, $i); + # $tree - value corresponding to openssl's X509_POLICY_TREE structure + # $i - (integer) level index + # + # returns: value corresponding to openssl's X509_POLICY_LEVEL structure (0 on failure) + +=item * X509_policy_tree_get0_policies + +??? (more info needed) + + my $rv = Net::SSLeay::X509_policy_tree_get0_policies($tree); + # $tree - value corresponding to openssl's X509_POLICY_TREE structure + # + # returns: value corresponding to openssl's X509_POLICY_NODE structure (0 on failure) + +=item * X509_policy_tree_get0_user_policies + +??? (more info needed) + + my $rv = Net::SSLeay::X509_policy_tree_get0_user_policies($tree); + # $tree - value corresponding to openssl's X509_POLICY_TREE structure + # + # returns: value corresponding to openssl's X509_POLICY_NODE structure (0 on failure) + +=item * X509_policy_tree_level_count + +??? (more info needed) + + my $rv = Net::SSLeay::X509_policy_tree_level_count($tree); + # $tree - value corresponding to openssl's X509_POLICY_TREE structure + # + # returns: (integer) count + +=item * X509_verify_cert_error_string + +Returns a human readable error string for verification error $n. + + my $rv = Net::SSLeay::X509_verify_cert_error_string($n); + # $n - (long) numeric error code + # + # returns: error string + +Check openssl doc L + +=item * P_X509_add_extensions + +B not available in Net-SSLeay-1.45 and before + +Adds one or more X509 extensions to X509 object $x. + + my $rv = Net::SSLeay::P_X509_add_extensions($x, $ca_cert, $nid, $value); + # $x - value corresponding to openssl's X509 structure + # $ca_cert - value corresponding to openssl's X509 structure (issuer's cert - necessary for sertting NID_authority_key_identifier) + # $nid - NID identifying extension to be set + # $value - extension value + # + # returns: 1 on success, 0 on failure + +You can set more extensions at once: + + my $rv = Net::SSLeay::P_X509_add_extensions($x509, $ca_cert, + &Net::SSLeay::NID_key_usage => 'digitalSignature,keyEncipherment', + &Net::SSLeay::NID_subject_key_identifier => 'hash', + &Net::SSLeay::NID_authority_key_identifier => 'keyid', + &Net::SSLeay::NID_authority_key_identifier => 'issuer', + &Net::SSLeay::NID_basic_constraints => 'CA:FALSE', + &Net::SSLeay::NID_ext_key_usage => 'serverAuth,clientAuth', + &Net::SSLeay::NID_netscape_cert_type => 'server', + &Net::SSLeay::NID_subject_alt_name => 'DNS:s1.dom.com,DNS:s2.dom.com,DNS:s3.dom.com', + ); + +=item * P_X509_copy_extensions + +B not available in Net-SSLeay-1.45 and before + +Copies X509 extensions from X509_REQ object to X509 object - handy when you need to turn X509_REQ into X509 certificate. + + Net::SSLeay::P_X509_copy_extensions($x509_req, $x509, $override); + # $x509_req - value corresponding to openssl's X509_REQ structure + # $x509 - value corresponding to openssl's X509 structure + # $override - (integer) flag indication whether to override already existing items in $x509 (default 1) + # + # returns: 1 on success, 0 on failure + +=item * P_X509_get_crl_distribution_points + +B not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7 + +Get the list of CRL distribution points from X509 certificate. + + my @cdp = Net::SSLeay::P_X509_get_crl_distribution_points($x509); + # $x509 - value corresponding to openssl's X509 structure + # + # returns: list of distribution points (usually URLs) + +=item * P_X509_get_ext_key_usage + +B not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7 + +Gets the list of extended key usage of given X509 certificate $cert. + + my @ext_usage = Net::SSLeay::P_X509_get_ext_key_usage($cert, $format); + # $cert - value corresponding to openssl's X509 structure + # $format - choose type of return values: 0=OIDs, 1=NIDs, 2=shortnames, 3=longnames + # + # returns: list of values + +Examples: + + my @extkeyusage_oid = Net::SSLeay::P_X509_get_ext_key_usage($x509,0); + # returns for example: ("1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2") + + my @extkeyusage_nid = Net::SSLeay::P_X509_get_ext_key_usage($x509,1); + # returns for example: (129, 130) + + my @extkeyusage_sn = Net::SSLeay::P_X509_get_ext_key_usage($x509,2); + # returns for example: ("serverAuth", "clientAuth") + + my @extkeyusage_ln = Net::SSLeay::P_X509_get_ext_key_usage($x509,3); + # returns for example: ("TLS Web Server Authentication", "TLS Web Client Authentication") + +=item * P_X509_get_key_usage + +B not available in Net-SSLeay-1.45 and before + +Gets the list of key usage of given X509 certificate $cert. + + my @keyusage = Net::SSLeay::P_X509_get_key_usage($cert); + # $cert - value corresponding to openssl's X509 structure + # + # returns: list of key usage values which can be none, one or more from the following list: + # "digitalSignature" + # "nonRepudiation" + # "keyEncipherment" + # "dataEncipherment" + # "keyAgreement" + # "keyCertSign" + # "cRLSign" + # "encipherOnly" + # "decipherOnly" + +=item * P_X509_get_netscape_cert_type + +B not available in Net-SSLeay-1.45 and before + +Gets the list of Netscape cert types of given X509 certificate $cert. + + Net::SSLeay::P_X509_get_netscape_cert_type($cert); + # $cert - value corresponding to openssl's X509 structure + # + # returns: list of Netscape type values which can be none, one or more from the following list: + # "client" + # "server" + # "email" + # "objsign" + # "reserved" + # "sslCA" + # "emailCA" + # "objCA" + +=item * P_X509_get_pubkey_alg + +B not available in Net-SSLeay-1.45 and before + +Returns ASN1_OBJECT corresponding to X509 certificate public key algorithm. + + my $rv = Net::SSLeay::P_X509_get_pubkey_alg($x); + # $x - value corresponding to openssl's X509 structure + # + # returns: value corresponding to openssl's ASN1_OBJECT structure (0 on failure) + +To get textual representation use: + + my $alg = Net::SSLeay::OBJ_obj2txt(Net::SSLeay::P_X509_get_pubkey_alg($x509)); + # returns for example: "rsaEncryption" + +=item * P_X509_get_signature_alg + +B not available in Net-SSLeay-1.45 and before + +Returns ASN1_OBJECT corresponding to X509 signarite key algorithm. + + my $rv = Net::SSLeay::P_X509_get_signature_alg($x); + # $x - value corresponding to openssl's X509 structure + # + # returns: value corresponding to openssl's ASN1_OBJECT structure (0 on failure) + +To get textual representation use: + + my $alg = Net::SSLeay::OBJ_obj2txt(Net::SSLeay::P_X509_get_signature_alg($x509)) + # returns for example: "sha1WithRSAEncryption" + +=item * sk_X509_new_null + +Returns a new, empty, STACK_OF(X509) structure. + + my $rv = Net::SSLeay::sk_X509_new_null(); + # + # returns: value corresponding to openssl's STACK_OF(X509) structure + +=item * sk_X509_push + +Pushes an X509 structure onto a STACK_OF(X509) structure. + + my $rv = Net::SSLeay::sk_X509_push($sk_x509, $x509); + # $sk_x509 - value corresponding to openssl's STACK_OF(X509) structure + # $x509 - value corresponding to openssl's X509 structure + # + # returns: total number of elements after the operation, 0 on failure + +=item * sk_X509_pop + +Pops an single X509 structure from a STACK_OF(X509) structure. + + my $x509 = NetSSLeay::sk_X509_pop($sk_x509) + # $sk_x509 - value corresponding to openssl's STACK_OF(X509) structure + # + # returns: a pointer to an X509 structure, undef on failure + +Check openssl doc L + +=item * sk_X509_shift + +Shifts an single X509 structure onto a STACK_OF(X509) structure. + + my $x509 = NetSSLeay::sk_X509_shift($sk_x509, $x509) + # $sk_x509 - value corresponding to openssl's STACK_OF(X509) structure + # $x509 - value corresponding to openssl's X509 structure + # + # returns: a pointer to an X509 structure, undef on failure + +Check openssl doc L + +=item * sk_X509_unshift + +Unshifts an single X509 structure from a STACK_OF(X509) structure. + + my $rv = NetSSLeay::sk_X509_unshift($sk_x509) + # $sk_x509 - value corresponding to openssl's STACK_OF(X509) structure + # + # returns: total number of elements after the operation, 0 on failure + +Check openssl doc L + +=item * sk_X509_insert + +Inserts a single X509 structure into a STACK_OF(X509) at the specified index. + + my $rv = Net::SSLeay::sk_X509_insert($sk_x509, $x509, index); + # $sk_x509 - value corresponding to openssl's STACK_OF(X509) structure + # $x509 - value corresponding to openssl's X509 structure + # index - integer - 0 based index + # + # returns: total number of elements after the operation, 0 on failure + +Check openssl doc L + +=item * sk_X509_delete + +Delete a single X509 structure from a STACK_OF(X509) at the specified index. + + my $x509 = Net::SSLeay::sk_X509_delete($sk_x509, index); + # $sk_x509 - value corresponding to openssl's STACK_OF(X509) structure + # index - integer - 0 based index + # + # returns: a pointer to an X509 structure, undef on failure + +Check openssl doc L + +=item * sk_X509_value + +Return a single X509 structure from a STACK_OF(X509) at the specified index. + + my $x509 = Net::SSLeay::sk_X509_value($sk_x509, index) + # $sk_x509 - value corresponding to openssl's STACK_OF(X509) structure + # index - integer - 0 based index + # + # returns: a pointer to an X509 structure, undef on failure + +Check openssl doc L + +=item * sk_X509_num + +Return the number of X509 elements in a STACK_OF(X509). + + my $num = Net::SSLeay::sk_X509_num($sk_x509); + # $sk_x509 - value corresponding to openssl's STACK_OF(X509) structure + # + # returns: the number of elements in the stack, -1 if the passed stack is NULL + +Check openssl doc L + +=back + +=head3 Low level API: X509_REQ_* related functions + +=over + +=item * X509_REQ_new + +B not available in Net-SSLeay-1.45 and before + +Creates a new X509_REQ structure. + + my $rv = Net::SSLeay::X509_REQ_new(); + # + # returns: value corresponding to openssl's X509_REQ structure (0 on failure) + +=item * X509_REQ_free + +B not available in Net-SSLeay-1.45 and before + +Free an allocated X509_REQ structure. + + Net::SSLeay::X509_REQ_free($x); + # $x - value corresponding to openssl's X509_REQ structure + # + # returns: no return value + +=item * X509_REQ_add1_attr_by_NID + +B not available in Net-SSLeay-1.45 and before + +Adds an attribute whose name is defined by a NID $nid. The field value to be added is in $bytes. + + my $rv = Net::SSLeay::X509_REQ_add1_attr_by_NID($req, $nid, $type, $bytes); + # $req - value corresponding to openssl's X509_REQ structure + # $nid - (integer) NID value + # $type - (integer) type of data in $bytes (see below) + # $bytes - data to be set + # + # returns: 1 on success, 0 on failure + + # values for $type - use constants: + &Net::SSLeay::MBSTRING_UTF8 - $bytes contains utf8 encoded data + &Net::SSLeay::MBSTRING_ASC - $bytes contains ASCII data + +=item * X509_REQ_digest + +B not available in Net-SSLeay-1.45 and before + +Computes digest/fingerprint of X509_REQ $data using $type hash function. + + my $digest_value = Net::SSLeay::X509_REQ_digest($data, $type); + # $data - value corresponding to openssl's X509_REQ structure + # $type - value corresponding to openssl's EVP_MD structure - e.g. got via EVP_get_digestbyname() + # + # returns: hash value (binary) + + #to get printable (hex) value of digest use: + print unpack('H*', $digest_value); + +=item * X509_REQ_get_attr_by_NID + +B not available in Net-SSLeay-1.45 and before + +Retrieve the next index matching $nid after $lastpos ($lastpos should initially be set to -1). + + my $rv = Net::SSLeay::X509_REQ_get_attr_by_NID($req, $nid, $lastpos=-1); + # $req - value corresponding to openssl's X509_REQ structure + # $nid - (integer) NID value + # $lastpos - [optional] (integer) index where to start search (default -1) + # + # returns: index (-1 if there are no more entries) + +Note: use L to get the actual attribute value - e.g. + + my $index = Net::SSLeay::X509_REQ_get_attr_by_NID($req, $nid); + my @attr_values = Net::SSLeay::P_X509_REQ_get_attr($req, $index); + +=item * X509_REQ_get_attr_by_OBJ + +B not available in Net-SSLeay-1.45 and before + +Retrieve the next index matching $obj after $lastpos ($lastpos should initially be set to -1). + + my $rv = Net::SSLeay::X509_REQ_get_attr_by_OBJ($req, $obj, $lastpos=-1); + # $req - value corresponding to openssl's X509_REQ structure + # $obj - value corresponding to openssl's ASN1_OBJECT structure + # $lastpos - [optional] (integer) index where to start search (default -1) + # + # returns: index (-1 if there are no more entries) + +Note: use L to get the actual attribute value - e.g. + + my $index = Net::SSLeay::X509_REQ_get_attr_by_NID($req, $nid); + my @attr_values = Net::SSLeay::P_X509_REQ_get_attr($req, $index); + +=item * X509_REQ_get_attr_count + +B not available in Net-SSLeay-1.45 and before + +Returns the total number of attributes in $req. + + my $rv = Net::SSLeay::X509_REQ_get_attr_count($req); + # $req - value corresponding to openssl's X509_REQ structure + # + # returns: (integer) items count + +=item * X509_REQ_get_pubkey + +B not available in Net-SSLeay-1.45 and before + +Returns public key corresponding to given X509_REQ object $x. + + my $rv = Net::SSLeay::X509_REQ_get_pubkey($x); + # $x - value corresponding to openssl's X509_REQ structure + # + # returns: value corresponding to openssl's EVP_PKEY structure (0 on failure) + +=item * X509_REQ_get_subject_name + +B not available in Net-SSLeay-1.45 and before + +Returns X509_NAME object corresponding to subject name of given X509_REQ object $x. + + my $rv = Net::SSLeay::X509_REQ_get_subject_name($x); + # $x - value corresponding to openssl's X509_REQ structure + # + # returns: value corresponding to openssl's X509_NAME structure (0 on failure) + +=item * X509_REQ_get_version + +B not available in Net-SSLeay-1.45 and before + +Returns 'version' value for given X509_REQ object $x. + + my $rv = Net::SSLeay::X509_REQ_get_version($x); + # $x - value corresponding to openssl's X509_REQ structure + # + # returns: (integer) version e.g. 0 = "version 1" + +=item * X509_REQ_set_pubkey + +B not available in Net-SSLeay-1.45 and before + +Sets public key of given X509_REQ object $x to $pkey. + + my $rv = Net::SSLeay::X509_REQ_set_pubkey($x, $pkey); + # $x - value corresponding to openssl's X509_REQ structure + # $pkey - value corresponding to openssl's EVP_PKEY structure + # + # returns: 1 on success, 0 on failure + +=item * X509_REQ_set_subject_name + +B not available in Net-SSLeay-1.45 and before + +Sets subject name of given X509_REQ object $x to X509_NAME object $name. + + my $rv = Net::SSLeay::X509_REQ_set_subject_name($x, $name); + # $x - value corresponding to openssl's X509_REQ structure + # $name - value corresponding to openssl's X509_NAME structure + # + # returns: 1 on success, 0 on failure + +=item * X509_REQ_set_version + +B not available in Net-SSLeay-1.45 and before + +Sets 'version' of given X509_REQ object $x to $version. + + my $rv = Net::SSLeay::X509_REQ_set_version($x, $version); + # $x - value corresponding to openssl's X509_REQ structure + # $version - (integer) e.g. 0 = "version 1" + # + # returns: 1 on success, 0 on failure + +=item * X509_REQ_sign + +B not available in Net-SSLeay-1.45 and before + +Sign X509_REQ object $x with private key $pk (using digest algorithm $md). + + my $rv = Net::SSLeay::X509_REQ_sign($x, $pk, $md); + # $x - value corresponding to openssl's X509_REQ structure + # $pk - value corresponding to openssl's EVP_PKEY structure (requestor's private key) + # $md - value corresponding to openssl's EVP_MD structure + # + # returns: 1 on success, 0 on failure + +=item * X509_REQ_verify + +B not available in Net-SSLeay-1.45 and before + +Verifies X509_REQ object $x using public key $r (pubkey of requesting party). + + my $rv = Net::SSLeay::X509_REQ_verify($x, $r); + # $x - value corresponding to openssl's X509_REQ structure + # $r - value corresponding to openssl's EVP_PKEY structure + # + # returns: 0 - verify failure, 1 - verify OK, <0 - error + +=item * P_X509_REQ_add_extensions + +B not available in Net-SSLeay-1.45 and before + +Adds one or more X509 extensions to X509_REQ object $x. + + my $rv = Net::SSLeay::P_X509_REQ_add_extensions($x, $nid, $value); + # $x - value corresponding to openssl's X509_REQ structure + # $nid - NID identifying extension to be set + # $value - extension value + # + # returns: 1 on success, 0 on failure + +You can set more extensions at once: + + my $rv = Net::SSLeay::P_X509_REQ_add_extensions($x509_req, + &Net::SSLeay::NID_key_usage => 'digitalSignature,keyEncipherment', + &Net::SSLeay::NID_basic_constraints => 'CA:FALSE', + &Net::SSLeay::NID_ext_key_usage => 'serverAuth,clientAuth', + &Net::SSLeay::NID_netscape_cert_type => 'server', + &Net::SSLeay::NID_subject_alt_name => 'DNS:s1.com,DNS:s2.com', + &Net::SSLeay::NID_crl_distribution_points => 'URI:http://pki.com/crl1,URI:http://pki.com/crl2', + ); + +=item * P_X509_REQ_get_attr + +B not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7 + +Returns attribute value for X509_REQ's attribute at index $n. + + Net::SSLeay::P_X509_REQ_get_attr($req, $n); + # $req - value corresponding to openssl's X509_REQ structure + # $n - (integer) attribute index + # + # returns: value corresponding to openssl's ASN1_STRING structure + +=back + +=head3 Low level API: X509_CRL_* related functions + +=over + +=item * X509_CRL_new + +B not available in Net-SSLeay-1.45 and before + +Creates a new X509_CRL structure. + + my $rv = Net::SSLeay::X509_CRL_new(); + # + # returns: value corresponding to openssl's X509_CRL structure (0 on failure) + +=item * X509_CRL_free + +B not available in Net-SSLeay-1.45 and before + +Free an allocated X509_CRL structure. + + Net::SSLeay::X509_CRL_free($x); + # $x - value corresponding to openssl's X509_CRL structure + # + # returns: no return value + +=item * X509_CRL_digest + +B not available in Net-SSLeay-1.45 and before + +Computes digest/fingerprint of X509_CRL $data using $type hash function. + + my $digest_value = Net::SSLeay::X509_CRL_digest($data, $type); + # $data - value corresponding to openssl's X509_CRL structure + # $type - value corresponding to openssl's EVP_MD structure - e.g. got via EVP_get_digestbyname() + # + # returns: hash value (binary) + +Example: + + my $x509_crl + my $md = Net::SSLeay::EVP_get_digestbyname("sha1"); + my $digest_value = Net::SSLeay::X509_CRL_digest($x509_crl, $md); + #to get printable (hex) value of digest use: + print "digest=", unpack('H*', $digest_value), "\n"; + +=item * X509_CRL_get_ext + +B not available in Net-SSLeay-1.54 and before + +Returns X509_EXTENSION from $x509 based on given position/index. + + my $rv = Net::SSLeay::X509_CRL_get_ext($x509, $index); + # $x509 - value corresponding to openssl's X509_CRL structure + # $index - (integer) position/index of extension within $x509 + # + # returns: value corresponding to openssl's X509_EXTENSION structure (0 on failure) + +=item * X509_CRL_get_ext_by_NID + +B not available in Net-SSLeay-1.54 and before + +Returns X509_EXTENSION from $x509 based on given NID. + + my $rv = Net::SSLeay::X509_CRL_get_ext_by_NID($x509, $nid, $loc); + # $x509 - value corresponding to openssl's X509_CRL structure + # $nid - (integer) NID value + # $loc - (integer) position to start lookup at + # + # returns: position/index of extension, negative value on error + # call Net::SSLeay::X509_CRL_get_ext($x509, $rv) to get the actual extension + +=item * X509_CRL_get_ext_count + +B not available in Net-SSLeay-1.54 and before + +Returns the total number of extensions in X509_CRL object $x. + + my $rv = Net::SSLeay::X509_CRL_get_ext_count($x); + # $x - value corresponding to openssl's X509_CRL structure + # + # returns: count of extensions + +=item * X509_CRL_get_issuer + +B not available in Net-SSLeay-1.45 and before + +Returns X509_NAME object corresponding to the issuer of X509_CRL $x. + + my $rv = Net::SSLeay::X509_CRL_get_issuer($x); + # $x - value corresponding to openssl's X509_CRL structure + # + # returns: value corresponding to openssl's X509_NAME structure (0 on failure) + +See other C functions to get more info from X509_NAME structure. + +=item * X509_CRL_get_lastUpdate + +B not available in Net-SSLeay-1.45 and before + +Returns 'lastUpdate' date-time value of X509_CRL object $x. + + my $rv = Net::SSLeay::X509_CRL_get_lastUpdate($x); + # $x - value corresponding to openssl's X509_CRL structure + # + # returns: value corresponding to openssl's ASN1_TIME structure (0 on failure) + +=item * X509_CRL_get_nextUpdate + +B not available in Net-SSLeay-1.45 and before + +Returns 'nextUpdate' date-time value of X509_CRL object $x. + + my $rv = Net::SSLeay::X509_CRL_get_nextUpdate($x); + # $x - value corresponding to openssl's X509_CRL structure + # + # returns: value corresponding to openssl's ASN1_TIME structure (0 on failure) + +=item * X509_CRL_get_version + +B not available in Net-SSLeay-1.45 and before + +Returns 'version' value of given X509_CRL structure $x. + + my $rv = Net::SSLeay::X509_CRL_get_version($x); + # $x - value corresponding to openssl's X509_CRL structure + # + # returns: (integer) version + +=item * X509_CRL_set_issuer_name + +B not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7 + +Sets the issuer of X509_CRL object $x to X509_NAME object $name. + + my $rv = Net::SSLeay::X509_CRL_set_issuer_name($x, $name); + # $x - value corresponding to openssl's X509_CRL structure + # $name - value corresponding to openssl's X509_NAME structure + # + # returns: 1 on success, 0 on failure + +=item * X509_CRL_set_lastUpdate + +B not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7 + +Sets 'lastUpdate' value of X509_CRL object $x to $tm. + + my $rv = Net::SSLeay::X509_CRL_set_lastUpdate($x, $tm); + # $x - value corresponding to openssl's X509_CRL structure + # $tm - value corresponding to openssl's ASN1_TIME structure + # + # returns: 1 on success, 0 on failure + +=item * X509_CRL_set_nextUpdate + +B not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7 + +Sets 'nextUpdate' value of X509_CRL object $x to $tm. + + my $rv = Net::SSLeay::X509_CRL_set_nextUpdate($x, $tm); + # $x - value corresponding to openssl's X509_CRL structure + # $tm - value corresponding to openssl's ASN1_TIME structure + # + # returns: 1 on success, 0 on failure + +=item * X509_CRL_set_version + +B not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7 + +Sets 'version' value of given X509_CRL structure $x to $version. + + my $rv = Net::SSLeay::X509_CRL_set_version($x, $version); + # $x - value corresponding to openssl's X509_CRL structure + # $version - (integer) version number (1 = version 2 CRL) + # + # returns: 1 on success, 0 on failure + +Note that if you want to use any X509_CRL extension you need to set "version 2 CRL" - C. + +=item * X509_CRL_sign + +B not available in Net-SSLeay-1.45 and before + +Sign X509_CRL object $x with private key $pkey (using digest algorithm $md). + + my $rv = Net::SSLeay::X509_CRL_sign($x, $pkey, $md); + # $x - value corresponding to openssl's X509_CRL structure + # $pkey - value corresponding to openssl's EVP_PKEY structure + # $md - value corresponding to openssl's EVP_MD structure + # + # returns: 1 on success, 0 on failure + +=item * X509_CRL_sort + +B not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7 + +Sorts the data of X509_CRL object so it will be written in serial number order. + + my $rv = Net::SSLeay::X509_CRL_sort($x); + # $x - value corresponding to openssl's X509_CRL structure + # + # returns: 1 on success, 0 on failure + +=item * X509_CRL_verify + +B not available in Net-SSLeay-1.45 and before + +Verifies X509_CRL object $a using public key $r (pubkey of issuing CA). + + my $rv = Net::SSLeay::X509_CRL_verify($a, $r); + # $a - value corresponding to openssl's X509_CRL structure + # $r - value corresponding to openssl's EVP_PKEY structure + # + # returns: 0 - verify failure, 1 - verify OK, <0 - error + +=item * P_X509_CRL_add_revoked_serial_hex + +B not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7 + +Adds given serial number $serial_hex to X509_CRL object $crl. + + Net::SSLeay::P_X509_CRL_add_revoked_serial_hex($crl, $serial_hex, $rev_time, $reason_code, $comp_time); + # $crl - value corresponding to openssl's X509_CRL structure + # $serial_hex - string (hexadecimal) representation of serial number + # $rev_time - (revocation time) value corresponding to openssl's ASN1_TIME structure + # $reason_code - [optional] (integer) reason code (see below) - default 0 + # $comp_time - [optional] (compromise time) value corresponding to openssl's ASN1_TIME structure + # + # returns: no return value + + reason codes: + 0 - unspecified + 1 - keyCompromise + 2 - CACompromise + 3 - affiliationChanged + 4 - superseded + 5 - cessationOfOperation + 6 - certificateHold + 7 - removeFromCRL + +=item * P_X509_CRL_get_serial + +B not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7 + +Returns serial number of X509_CRL object. + + my $rv = Net::SSLeay::P_X509_CRL_get_serial($crl); + # $crl - value corresponding to openssl's X509_CRL structure + # + # returns: value corresponding to openssl's ASN1_INTEGER structure (0 on failure) + +=item * P_X509_CRL_set_serial + +B not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7 + +Sets serial number of X509_CRL object to $crl_number. + + my $rv = Net::SSLeay::P_X509_CRL_set_serial($crl, $crl_number); + # $crl - value corresponding to openssl's X509_CRL structure + # $crl_number - value corresponding to openssl's ASN1_INTEGER structure + # + # returns: 1 on success, 0 on failure + +=item * P_X509_CRL_add_extensions + +B not available in Net-SSLeay-1.88 and before + +Adds one or more X509 extensions to X509 CRL object $x. + + my $rv = Net::SSLeay::P_X509_CRL_add_extensions($x, $ca_cert, $nid, $value); + # $x - value corresponding to openssl's X509 CRL structure + # $ca_cert - value corresponding to openssl's X509 structure (issuer's cert - necessary for sertting NID_authority_key_identifier) + # $nid - NID identifying extension to be set + # $value - extension value + # + # returns: 1 on success, 0 on failure + +For more details see L. + +=back + +=head3 Low level API: X509_EXTENSION_* related functions + +=over + +=item * X509_EXTENSION_get_critical + +B not available in Net-SSLeay-1.45 and before + +Returns 'critical' flag of given X509_EXTENSION object $ex. + + my $rv = Net::SSLeay::X509_EXTENSION_get_critical($ex); + # $ex - value corresponding to openssl's X509_EXTENSION structure + # + # returns: (integer) 1 - critical, 0 - noncritical + +=item * X509_EXTENSION_get_data + +B not available in Net-SSLeay-1.45 and before + +Returns value (raw data) of X509_EXTENSION object $ne. + + my $rv = Net::SSLeay::X509_EXTENSION_get_data($ne); + # $ne - value corresponding to openssl's X509_EXTENSION structure + # + # returns: value corresponding to openssl's ASN1_OCTET_STRING structure (0 on failure) + +Note: you can use L to convert ASN1_OCTET_STRING into perl scalar variable. + +=item * X509_EXTENSION_get_object + +B not available in Net-SSLeay-1.45 and before + +Returns OID (ASN1_OBJECT) of X509_EXTENSION object $ne. + + my $rv = Net::SSLeay::X509_EXTENSION_get_object($ex); + # $ex - value corresponding to openssl's X509_EXTENSION structure + # + # returns: value corresponding to openssl's ASN1_OBJECT structure (0 on failure) + +=item * X509V3_EXT_print + +B not available in Net-SSLeay-1.45 and before + +Returns string representation of given X509_EXTENSION object $ext. + + Net::SSLeay::X509V3_EXT_print($ext, $flags, $utf8_decode); + # $ext - value corresponding to openssl's X509_EXTENSION structure + # $flags - [optional] (integer) Currently the flag argument is unused and should be set to 0 + # $utf8_decode - [optional] 0 or 1 whether the returned value should be utf8 decoded (default=0) + # + # returns: no return value + +=item * X509V3_EXT_d2i + +Parses an extension and returns its internal structure. + + my $rv = Net::SSLeay::X509V3_EXT_d2i($ext); + # $ext - value corresponding to openssl's X509_EXTENSION structure + # + # returns: pointer ??? + +=back + +=head3 Low level API: X509_NAME_* related functions + +=over + +=item * X509_NAME_ENTRY_get_data + +B not available in Net-SSLeay-1.45 and before + +Retrieves the field value of $ne in and ASN1_STRING structure. + + my $rv = Net::SSLeay::X509_NAME_ENTRY_get_data($ne); + # $ne - value corresponding to openssl's X509_NAME_ENTRY structure + # + # returns: value corresponding to openssl's ASN1_STRING structure (0 on failure) + +Check openssl doc L + +=item * X509_NAME_ENTRY_get_object + +B not available in Net-SSLeay-1.45 and before + +Retrieves the field name of $ne in and ASN1_OBJECT structure. + + my $rv = Net::SSLeay::X509_NAME_ENTRY_get_object($ne); + # $ne - value corresponding to openssl's X509_NAME_ENTRY structure + # + # returns: value corresponding to openssl's ASN1_OBJECT structure (0 on failure) + +Check openssl doc L + +=item * X509_NAME_new + +B not available in Net-SSLeay-1.55 and before; requires at least openssl-0.9.5 + +Creates a new X509_NAME structure. +Adds a field whose name is defined by a string $field. The field value to be added is in $bytes. + + my $rv = Net::SSLeay::X509_NAME_new(); + # + # returns: value corresponding to openssl's X509_NAME structure (0 on failure) + +=item * X509_NAME_hash + +B not available in Net-SSLeay-1.55 and before; requires at least openssl-0.9.5 + +Sort of a checksum of issuer name $name. +The result is not a full hash (e.g. sha-1), it is kind-of-a-hash truncated to the size of 'unsigned long' (32 bits). +The resulting value might differ across different openssl versions for the same X509 certificate. + + my $rv = Net::SSLeay::X509_NAME_hash($name); + # $name - value corresponding to openssl's X509_NAME structure + # + # returns: number representing checksum + +=item * X509_NAME_add_entry_by_txt + +B not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.5 + +Adds a field whose name is defined by a string $field. The field value to be added is in $bytes. + + my $rv = Net::SSLeay::X509_NAME_add_entry_by_txt($name, $field, $type, $bytes, $len, $loc, $set); + # $name - value corresponding to openssl's X509_NAME structure + # $field - (string) field definition (name) - e.g. "organizationName" + # $type - (integer) type of data in $bytes (see below) + # $bytes - data to be set + # $loc - [optional] (integer) index where the new entry is inserted: if it is -1 (default) it is appended + # $set - [optional] (integer) determines how the new type is added. If it is 0 (default) a new RDN is created + # + # returns: 1 on success, 0 on failure + + # values for $type - use constants: + &Net::SSLeay::MBSTRING_UTF8 - $bytes contains utf8 encoded data + &Net::SSLeay::MBSTRING_ASC - $bytes contains ASCII data + +Unicode note: when passing non-ascii (unicode) string in $bytes do not forget to set C<$flags = &Net::SSLeay::MBSTRING_UTF8> and encode the perl $string via C<$bytes = encode('utf-8', $string)>. + +Check openssl doc L + +=item * X509_NAME_add_entry_by_NID + +B not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.5 + +Adds a field whose name is defined by a NID $nid. The field value to be added is in $bytes. + + my $rv = Net::SSLeay::X509_NAME_add_entry_by_NID($name, $nid, $type, $bytes, $len, $loc, $set); + # $name - value corresponding to openssl's X509_NAME structure + # $nid - (integer) field definition - NID value + # $type - (integer) type of data in $bytes (see below) + # $bytes - data to be set + # $loc - [optional] (integer) index where the new entry is inserted: if it is -1 (default) it is appended + # $set - [optional] (integer) determines how the new type is added. If it is 0 (default) a new RDN is created + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * X509_NAME_add_entry_by_OBJ + +B not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.5 + +Adds a field whose name is defined by a object (OID) $obj . The field value to be added is in $bytes. + + my $rv = Net::SSLeay::X509_NAME_add_entry_by_OBJ($name, $obj, $type, $bytes, $len, $loc, $set); + # $name - value corresponding to openssl's X509_NAME structure + # $obj - field definition - value corresponding to openssl's ASN1_OBJECT structure + # $type - (integer) type of data in $bytes (see below) + # $bytes - data to be set + # $loc - [optional] (integer) index where the new entry is inserted: if it is -1 (default) it is appended + # $set - [optional] (integer) determines how the new type is added. If it is 0 (default) a new RDN is created + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * X509_NAME_cmp + +B not available in Net-SSLeay-1.45 and before + +Compares two X509_NAME obejcts. + + my $rv = Net::SSLeay::X509_NAME_cmp($a, $b); + # $a - value corresponding to openssl's X509_NAME structure + # $b - value corresponding to openssl's X509_NAME structure + # + # returns: 0 if $a matches $b; non zero otherwise + +=item * X509_NAME_digest + +B not available in Net-SSLeay-1.45 and before + +Computes digest/fingerprint of X509_NAME $data using $type hash function. + + my $digest_value = Net::SSLeay::X509_NAME_digest($data, $type); + # $data - value corresponding to openssl's X509_NAME structure + # $type - value corresponding to openssl's EVP_MD structure - e.g. got via EVP_get_digestbyname() + # + # returns: hash value (binary) + + #to get printable (hex) value of digest use: + print unpack('H*', $digest_value); + +=item * X509_NAME_entry_count + +B not available in Net-SSLeay-1.45 and before + +Returns the total number of entries in $name. + + my $rv = Net::SSLeay::X509_NAME_entry_count($name); + # $name - value corresponding to openssl's X509_NAME structure + # + # returns: (integer) entries count + +Check openssl doc L + +=item * X509_NAME_get_entry + +B not available in Net-SSLeay-1.45 and before + +Retrieves the X509_NAME_ENTRY from $name corresponding to index $loc. Acceptable values for $loc run +from 0 to C. The value returned is an internal pointer which must not be freed. + + my $rv = Net::SSLeay::X509_NAME_get_entry($name, $loc); + # $name - value corresponding to openssl's X509_NAME structure + # $loc - (integer) index of wanted entry + # + # returns: value corresponding to openssl's X509_NAME_ENTRY structure (0 on failure) + +Check openssl doc L + +=item * X509_NAME_print_ex + +B not available in Net-SSLeay-1.45 and before + +Returns a string with human readable version of $name. + + Net::SSLeay::X509_NAME_print_ex($name, $flags, $utf8_decode); + # $name - value corresponding to openssl's X509_NAME structure + # $flags - [optional] conversion flags (default XN_FLAG_RFC2253) - see below + # $utf8_decode - [optional] 0 or 1 whether the returned value should be utf8 decoded (default=0) + # + # returns: string representation of $name + + #available conversion flags - use constants: + &Net::SSLeay::XN_FLAG_COMPAT + &Net::SSLeay::XN_FLAG_DN_REV + &Net::SSLeay::XN_FLAG_DUMP_UNKNOWN_FIELDS + &Net::SSLeay::XN_FLAG_FN_ALIGN + &Net::SSLeay::XN_FLAG_FN_LN + &Net::SSLeay::XN_FLAG_FN_MASK + &Net::SSLeay::XN_FLAG_FN_NONE + &Net::SSLeay::XN_FLAG_FN_OID + &Net::SSLeay::XN_FLAG_FN_SN + &Net::SSLeay::XN_FLAG_MULTILINE + &Net::SSLeay::XN_FLAG_ONELINE + &Net::SSLeay::XN_FLAG_RFC2253 + &Net::SSLeay::XN_FLAG_SEP_COMMA_PLUS + &Net::SSLeay::XN_FLAG_SEP_CPLUS_SPC + &Net::SSLeay::XN_FLAG_SEP_MASK + &Net::SSLeay::XN_FLAG_SEP_MULTILINE + &Net::SSLeay::XN_FLAG_SEP_SPLUS_SPC + &Net::SSLeay::XN_FLAG_SPC_EQ + +Most likely you will be fine with default: + + Net::SSLeay::X509_NAME_print_ex($name, &Net::SSLeay::XN_FLAG_RFC2253); + +Or you might want RFC2253-like output without utf8 chars escaping: + + use Net::SSLeay qw/XN_FLAG_RFC2253 ASN1_STRFLGS_ESC_MSB/; + my $flag_rfc22536_utf8 = (XN_FLAG_RFC2253) & (~ ASN1_STRFLGS_ESC_MSB); + my $result = Net::SSLeay::X509_NAME_print_ex($name, $flag_rfc22536_utf8, 1); + +Check openssl doc L + +=item * X509_NAME_get_text_by_NID + +Retrieves the text from the first entry in name which matches $nid, if no +such entry exists -1 is returned. + +B this is a legacy function which has various limitations which +makes it of minimal use in practice. It can only find the first matching +entry and will copy the contents of the field verbatim: this can be highly +confusing if the target is a multicharacter string type like a BMPString or a UTF8String. + + Net::SSLeay::X509_NAME_get_text_by_NID($name, $nid); + # $name - value corresponding to openssl's X509_NAME structure + # $nid - NID value (integer) + # + # returns: text value + +Check openssl doc L + +=item * X509_NAME_oneline + +Return an ASCII version of $name. + + Net::SSLeay::X509_NAME_oneline($name); + # $name - value corresponding to openssl's X509_NAME structure + # + # returns: (string) ASCII version of $name + +Check openssl doc L + +=item * sk_X509_NAME_free + +Free an allocated STACK_OF(X509_NAME) structure. + + Net::SSLeay::sk_X509_NAME_free($sk); + # $sk - value corresponding to openssl's STACK_OF(X509_NAME) structure + # + # returns: no return value + +=item * sk_X509_NAME_num + +Return number of items in STACK_OF(X509_NAME) + + my $rv = Net::SSLeay::sk_X509_NAME_num($sk); + # $sk - value corresponding to openssl's STACK_OF(X509_NAME) structure + # + # returns: number of items + +=item * sk_X509_NAME_value + +Returns X509_NAME from position $index in STACK_OF(X509_NAME) + + my $rv = Net::SSLeay::sk_X509_NAME_value($sk, $i); + # $sk - value corresponding to openssl's STACK_OF(X509_NAME) structure + # $i - (integer) index/position + # + # returns: value corresponding to openssl's X509_NAME structure (0 on failure) + +=item * add_file_cert_subjects_to_stack + +Add a file of certs to a stack. All certs in $file that are not already in the $stackCAs will be added. + + my $rv = Net::SSLeay::add_file_cert_subjects_to_stack($stackCAs, $file); + # $stackCAs - value corresponding to openssl's STACK_OF(X509_NAME) structure + # $file - (string) filename + # + # returns: 1 on success, 0 on failure + +=item * add_dir_cert_subjects_to_stack + +Add a directory of certs to a stack. All certs in $dir that are not already in the $stackCAs will be added. + + my $rv = Net::SSLeay::add_dir_cert_subjects_to_stack($stackCAs, $dir); + # $stackCAs - value corresponding to openssl's STACK_OF(X509_NAME) structure + # $dir - (string) the directory to append from. All files in this directory will be examined as potential certs. Any that are acceptable to SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be included. + # + # returns: 1 on success, 0 on failure + +=back + +=head3 Low level API: X509_STORE_* related functions + +=over + +=item * X509_STORE_CTX_new + +returns a newly initialised X509_STORE_CTX structure. + +=item * X509_STORE_CTX_init + +X509_STORE_CTX_init() sets up an X509_STORE_CTX for a subsequent verification operation. +It must be called before each call to X509_verify_cert(). + + my $rv = Net::SSLeay::X509_STORE_CTX_init($x509_store_ctx, $x509_store, $x509, $chain); + # $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX structure (required) + # $x509_store - value corresponding to openssl's X509_STORE structure (optional) + # $x509 - value corresponding to openssl's X509 structure (optional) + # $chain - value corresponding to openssl's STACK_OF(X509) structure (optional) + # + # returns: 1 on success, 0 on failure + # + # Note: returns nothing with Net::SSLeay 1.90 and earlier. + +Check openssl doc L + +=item * X509_STORE_CTX_free + +Frees an X509_STORE_CTX structure. + + Net::SSLeay::X509_STORE_CTX_free($x509_store_ctx); + +# $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX structure + +=item * X509_verify_cert + +The X509_verify_cert() function attempts to discover and validate a +certificate chain based on parameters in ctx. A complete description +of the process is contained in the verify(1) manual page. + +If this function returns 0, use X509_STORE_CTX_get_error to get additional error +information. + + my $rv = Net::SSLeay::X509_verify_cert($x509_store_ctx); + # $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX structure + # + # returns: 1 if a complete chain can be built and validated, otherwise 0 + +Check openssl doc L + +=item * X509_STORE_CTX_get_current_cert + +Returns the certificate in ctx which caused the error or 0 if no certificate is relevant. + + my $rv = Net::SSLeay::X509_STORE_CTX_get_current_cert($x509_store_ctx); + # $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX structure + # + # returns: value corresponding to openssl's X509 structure (0 on failure) + +Check openssl doc L + +=item * X509_STORE_CTX_get0_cert + +B: not available in Net-SSLeay-1.88 and before; requires at least OpenSSL 1.1.0pre6 or LibreSSL 2.7.0 + +Returns an internal pointer to the certificate being verified by the ctx. + + my $x509 = Net::SSLeay::X509_STORE_CTX_get0_cert($x509_store_ctx); + # $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX structure + # + # returns: value corresponding to openssl's X509 structure + +Check openssl doc L + +=item * X509_STORE_CTX_get1_chain + +Returns a returns a complete validate chain if a previous call to X509_verify_cert() is successful. + + my $rv = Net::SSLeay::X509_STORE_CTX_get1_chain($x509_store_ctx); + # $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX structure + # + # returns: value corresponding to openssl's STACK_OF(X509) structure + +Check openssl doc L + +=item * X509_STORE_CTX_get_error + +Returns the error code of $ctx. + + my $rv = Net::SSLeay::X509_STORE_CTX_get_error($x509_store_ctx); + # $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX structure + # + # returns: (integer) error code + +For more info about erro code values check function L. + +Check openssl doc L + +=item * X509_STORE_CTX_get_error_depth + +Returns the depth of the error. This is a non-negative integer representing +where in the certificate chain the error occurred. If it is zero it occurred +in the end entity certificate, one if it is the certificate which signed +the end entity certificate and so on. + + my $rv = Net::SSLeay::X509_STORE_CTX_get_error_depth($x509_store_ctx); + # $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX structure + # + # returns: (integer) depth + +Check openssl doc L + +=item * X509_STORE_CTX_get_ex_data + +Is used to retrieve the information for $idx from $x509_store_ctx. + + my $rv = Net::SSLeay::X509_STORE_CTX_get_ex_data($x509_store_ctx, $idx); + # $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX structure + # $idx - (integer) index for application specific data + # + # returns: pointer to ??? + +=item * X509_STORE_CTX_set_ex_data + +Is used to store application data at arg for idx into $x509_store_ctx. + + my $rv = Net::SSLeay::X509_STORE_CTX_set_ex_data($x509_store_ctx, $idx, $data); + # $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX structure + # $idx - (integer) ??? + # $data - (pointer) ??? + # + # returns: 1 on success, 0 on failure + +=item * X509_STORE_CTX_set_cert + +Sets the certificate to be verified in $x509_store_ctx to $x. + + Net::SSLeay::X509_STORE_CTX_set_cert($x509_store_ctx, $x); + # $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX structure + # $x - value corresponding to openssl's X509 structure + # + # returns: no return value + +Check openssl doc L + +=item * X509_STORE_new + +Returns a newly initialized X509_STORE structure. + + my $rv = Net::SSLeay::X509_STORE_new(); + # + # returns: value corresponding to openssl's X509_STORE structure (0 on failure) + +=item * X509_STORE_free + +Frees an X509_STORE structure + + Net::SSLeay::X509_STORE_free($x509_store); + # $x509_store - value corresponding to openssl's X509_STORE structure + +=item * X509_STORE_add_lookup + +Adds a lookup to an X509_STORE for a given lookup method. + + my $method = &Net::SSLeay::X509_LOOKUP_hash_dir; + my $rv = Net::SSLeay::X509_STORE_add_lookup($x509_store, $method); + # $method - value corresponding to openssl's X509_LOOKUP_METHOD structure + # $x509_store - value corresponding to openssl's X509_STORE structure + # + # returns: value corresponding to openssl's X509_LOOKUP structure + +Check openssl doc L + +=item * X509_STORE_CTX_set_error + +Sets the error code of $ctx to $s. For example it might be used in a verification callback to set an error based on additional checks. + + Net::SSLeay::X509_STORE_CTX_set_error($x509_store_ctx, $s); + # $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX structure + # $s - (integer) error id + # + # returns: no return value + +Check openssl doc L + +=item * X509_STORE_add_cert + +Adds X509 certificate $x into the X509_STORE $store. + + my $rv = Net::SSLeay::X509_STORE_add_cert($store, $x); + # $store - value corresponding to openssl's X509_STORE structure + # $x - value corresponding to openssl's X509 structure + # + # returns: 1 on success, 0 on failure + +=item * X509_STORE_add_crl + +Adds X509 CRL $x into the X509_STORE $store. + + my $rv = Net::SSLeay::X509_STORE_add_crl($store, $x); + # $store - value corresponding to openssl's X509_STORE structure + # $x - value corresponding to openssl's X509_CRL structure + # + # returns: 1 on success, 0 on failure + +=item * X509_STORE_set1_param + +??? (more info needed) + + my $rv = Net::SSLeay::X509_STORE_set1_param($store, $pm); + # $store - value corresponding to openssl's X509_STORE structure + # $pm - value corresponding to openssl's X509_VERIFY_PARAM structure + # + # returns: 1 on success, 0 on failure + +=item * X509_LOOKUP_hash_dir + +Returns an X509_LOOKUP structure that instructs an X509_STORE to +load files from a directory containing certificates with filenames +in the format I or crls with filenames in the format IBI + + my $rv = Net::SSLeay::X509_LOOKUP_hash_dir(); + # + # returns: value corresponding to openssl's X509_LOOKUP_METHOD structure, with the hashed directory method + +Check openssl doc L + +=item * X509_LOOKUP_add_dir + +Add a directory to an X509_LOOKUP structure, usually obtained from +X509_STORE_add_lookup. + + my $method = &Net::SSLeay::X509_LOOKUP_hash_dir; + my $lookup = Net::SSLeay::X509_STORE_add_lookup($x509_store, $method); + my $type = &Net::SSLeay::X509_FILETYPE_PEM; + Net::SSLeay::X509_LOOKUP_add_dir($lookup, $dir, $type); + # $lookup - value corresponding to openssl's X509_LOOKUP structure + # $dir - string path to a directory + # $type - constant corresponding to the type of file in the directory - can be X509_FILETYPE_PEM, X509_FILETYPE_DEFAULT, or X509_FILETYPE_ASN1 + +=item * X509_STORE_set_flags + + Net::SSLeay::X509_STORE_set_flags($ctx, $flags); + # $ctx - value corresponding to openssl's X509_STORE structure + # $flags - (unsigned long) flags to be set (bitmask) + # + # returns: no return value + + #to create $flags value use corresponding constants like + $flags = Net::SSLeay::X509_V_FLAG_CRL_CHECK(); + +For more details about $flags bitmask see L. + +=item * X509_STORE_set_purpose + + Net::SSLeay::X509_STORE_set_purpose($ctx, $purpose); + # $ctx - value corresponding to openssl's X509_STORE structure + # $purpose - (integer) purpose identifier + # + # returns: no return value + +For more details about $purpose identifier check L. + +=item * X509_STORE_set_trust + + Net::SSLeay::X509_STORE_set_trust($ctx, $trust); + # $ctx - value corresponding to openssl's X509_STORE structure + # $trust - (integer) trust identifier + # + # returns: no return value + +For more details about $trust identifier check L. + +=back + +=head3 Low Level API: X509_INFO related functions + +=over + +=item * sk_X509_INFO_num + +Returns the number of values in a STACK_OF(X509_INFO) structure. + + my $rv = Net::SSLeay::sk_X509_INFO_num($sk_x509_info); + # $sk_x509_info - value corresponding to openssl's STACK_OF(X509_INFO) structure + # + # returns: number of values in $sk_X509_info + +=item * sk_X509_INFO_value + +Returns the value of a STACK_OF(X509_INFO) structure at a given index. + + my $rv = Net::SSLeay::sk_X509_INFO_value($sk_x509_info, $index); + # $sk_x509_info - value corresponding to openssl's STACK_OF(X509_INFO) structure + # $index - index into the stack + # + # returns: value corresponding to openssl's X509_INFO structure at the given index + +=item * P_X509_INFO_get_x509 + +Returns the X509 structure stored in an X509_INFO structure. + + my $rv = Net::SSLeay::P_X509_INFO_get_x509($x509_info); + # $x509_info - value corresponding to openssl's X509_INFO structure + # + # returns: value corresponding to openssl's X509 structure + +=back + +=head3 Low level API: X509_VERIFY_PARAM_* related functions + +=over + +=item * X509_VERIFY_PARAM_add0_policy + +Enables policy checking (it is disabled by default) and adds $policy to the acceptable policy set. + + my $rv = Net::SSLeay::X509_VERIFY_PARAM_add0_policy($param, $policy); + # $param - value corresponding to openssl's X509_VERIFY_PARAM structure + # $policy - value corresponding to openssl's ASN1_OBJECT structure + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * X509_VERIFY_PARAM_add0_table + +??? (more info needed) + + my $rv = Net::SSLeay::X509_VERIFY_PARAM_add0_table($param); + # $param - value corresponding to openssl's X509_VERIFY_PARAM structure + # + # returns: 1 on success, 0 on failure + +=item * X509_VERIFY_PARAM_add1_host + +B not available in Net-SSLeay-1.82 and before; requires at least OpenSSL 1.0.2-beta2 or LibreSSL 2.7.0 + +Adds an additional reference identifier that can match the peer's certificate. + + my $rv = Net::SSLeay::X509_VERIFY_PARAM_add1_host($param, $name); + # $param - value corresponding to openssl's X509_VERIFY_PARAM structure + # $name - (string) name to be set + # + # returns: 1 on success, 0 on failure + +See also OpenSSL docs, L and +L for more information, including +wildcard matching. + +Check openssl doc L + +=item * X509_VERIFY_PARAM_clear_flags + +Clears the flags $flags in param. + + my $rv = Net::SSLeay::X509_VERIFY_PARAM_clear_flags($param, $flags); + # $param - value corresponding to openssl's X509_VERIFY_PARAM structure + # $flags - (unsigned long) flags to be set (bitmask) + # + # returns: 1 on success, 0 on failure + +For more details about $flags bitmask see L. + +Check openssl doc L + +=item * X509_VERIFY_PARAM_free + +Frees up the X509_VERIFY_PARAM structure. + + Net::SSLeay::X509_VERIFY_PARAM_free($param); + # $param - value corresponding to openssl's X509_VERIFY_PARAM structure + # + # returns: no return value + +=item * X509_VERIFY_PARAM_get0_peername + +B not available in Net-SSLeay-1.82 and before; requires at least OpenSSL 1.0.2-beta2 or LibreSSL 2.7.0 + +Returns the DNS hostname or subject CommonName from the peer certificate that matched one of the reference identifiers. + + my $rv = Net::SSLeay::X509_VERIFY_PARAM_get0_peername($param); + # $param - value corresponding to openssl's X509_VERIFY_PARAM structure + # + # returns: (string) name e.g. '*.example.com' or undef + +Check openssl doc L + +=item * X509_VERIFY_PARAM_get_depth + +Returns the current verification depth. + + my $rv = Net::SSLeay::X509_VERIFY_PARAM_get_depth($param); + # $param - value corresponding to openssl's X509_VERIFY_PARAM structure + # + # returns: (ineger) depth + +Check openssl doc L + +=item * X509_VERIFY_PARAM_get_flags + +Returns the current verification flags. + + my $rv = Net::SSLeay::X509_VERIFY_PARAM_get_flags($param); + # $param - value corresponding to openssl's X509_VERIFY_PARAM structure + # + # returns: (unsigned long) flags to be set (bitmask) + +For more details about returned flags bitmask see L. + +Check openssl doc L + +=item * X509_VERIFY_PARAM_set_flags + + my $rv = Net::SSLeay::X509_VERIFY_PARAM_set_flags($param, $flags); + # $param - value corresponding to openssl's X509_VERIFY_PARAM structure + # $flags - (unsigned long) flags to be set (bitmask) + # + # returns: 1 on success, 0 on failure + + #to create $flags value use corresponding constants like + $flags = Net::SSLeay::X509_V_FLAG_CRL_CHECK(); + +For more details about $flags bitmask, see the OpenSSL docs below. + +Check openssl doc L + +=item * X509_VERIFY_PARAM_inherit + +??? (more info needed) + + my $rv = Net::SSLeay::X509_VERIFY_PARAM_inherit($to, $from); + # $to - value corresponding to openssl's X509_VERIFY_PARAM structure + # $from - value corresponding to openssl's X509_VERIFY_PARAM structure + # + # returns: 1 on success, 0 on failure + +=item * X509_VERIFY_PARAM_lookup + +Finds X509_VERIFY_PARAM by name. + + my $rv = Net::SSLeay::X509_VERIFY_PARAM_lookup($name); + # $name - (string) name we want to find + # + # returns: value corresponding to openssl's X509_VERIFY_PARAM structure (0 on failure) + +=item * X509_VERIFY_PARAM_new + +Creates a new X509_VERIFY_PARAM structure. + + my $rv = Net::SSLeay::X509_VERIFY_PARAM_new(); + # + # returns: value corresponding to openssl's X509_VERIFY_PARAM structure (0 on failure) + +=item * X509_VERIFY_PARAM_set1 + +Sets the name of X509_VERIFY_PARAM structure $to to the same value +as the name of X509_VERIFY_PARAM structure $from. + + my $rv = Net::SSLeay::X509_VERIFY_PARAM_set1($to, $from); + # $to - value corresponding to openssl's X509_VERIFY_PARAM structure + # $from - value corresponding to openssl's X509_VERIFY_PARAM structure + # + # returns: 1 on success, 0 on failure + +=item * X509_VERIFY_PARAM_set1_email + +B not available in Net-SSLeay-1.82 and before; requires at least OpenSSL 1.0.2-beta1 or LibreSSL 2.7.0 + +Sets the expected RFC822 email address to email. + + my $rv = Net::SSLeay::X509_VERIFY_PARAM_set1_email($param, $email); + # $param - value corresponding to openssl's X509_VERIFY_PARAM structure + # $email - (string) email to be set + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * X509_VERIFY_PARAM_set1_host + +B not available in Net-SSLeay-1.82 and before; requires at least OpenSSL 1.0.2-beta1 or LibreSSL 2.7.0 + +Sets the expected DNS hostname to name clearing any previously specified host name or names. + + my $rv = Net::SSLeay::X509_VERIFY_PARAM_set1_host($param, $name); + # $param - value corresponding to openssl's X509_VERIFY_PARAM structure + # $name - (string) name to be set + # + # returns: 1 on success, 0 on failure + +See also OpenSSL docs, L and +L for more information, including +wildcard matching. + +Check openssl doc L + +=item * X509_VERIFY_PARAM_set1_ip + +B not available in Net-SSLeay-1.82 and before; requires at least OpenSSL 1.0.2-beta1 or LibreSSL 2.7.0 + +Sets the expected IP address to ip. + + my $rv = Net::SSLeay::X509_VERIFY_PARAM_set1_ip($param, $ip); + # $param - value corresponding to openssl's X509_VERIFY_PARAM structure + # $ip - (binary) 4 octet IPv4 or 16 octet IPv6 address + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * X509_VERIFY_PARAM_set1_ip_asc + +B not available in Net-SSLeay-1.82 and before; requires at least OpenSSL 1.0.2-beta1 or LibreSSL 2.7.0 + +Sets the expected IP address to ipasc. + + my $rv = Net::SSLeay::X509_VERIFY_PARAM_set1_asc($param, $ipasc); + # $param - value corresponding to openssl's X509_VERIFY_PARAM structure + # $ip - (string) IPv4 or IPv6 address + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * X509_VERIFY_PARAM_set1_name + +Sets the name of X509_VERIFY_PARAM structure $param to $name. + + my $rv = Net::SSLeay::X509_VERIFY_PARAM_set1_name($param, $name); + # $param - value corresponding to openssl's X509_VERIFY_PARAM structure + # $name - (string) name to be set + # + # returns: 1 on success, 0 on failure + +=item * X509_VERIFY_PARAM_set1_policies + +Enables policy checking (it is disabled by default) and sets the acceptable policy set to policies. +Any existing policy set is cleared. The policies parameter can be 0 to clear an existing policy set. + + my $rv = Net::SSLeay::X509_VERIFY_PARAM_set1_policies($param, $policies); + # $param - value corresponding to openssl's X509_VERIFY_PARAM structure + # $policies - value corresponding to openssl's STACK_OF(ASN1_OBJECT) structure + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * X509_VERIFY_PARAM_set_depth + +Sets the maximum verification depth to depth. That is the maximum number of untrusted CA certificates that can appear in a chain. + + Net::SSLeay::X509_VERIFY_PARAM_set_depth($param, $depth); + # $param - value corresponding to openssl's X509_VERIFY_PARAM structure + # $depth - (integer) depth to be set + # + # returns: no return value + +Check openssl doc L + +=item * X509_VERIFY_PARAM_set_hostflags + +B not available in Net-SSLeay-1.82 and before; requires at least OpenSSL 1.0.2-beta2 or LibreSSL 2.7.0 + + Net::SSLeay::X509_VERIFY_PARAM_set_hostflags($param, $flags); + # $param - value corresponding to openssl's X509_VERIFY_PARAM structure + # $flags - (unsigned int) flags to be set (bitmask) + # + # returns: no return value + +See also OpenSSL docs, L and L for more information. +The flags for controlling wildcard checks and other features are defined in OpenSSL docs. + +Check openssl doc L + +=item * X509_VERIFY_PARAM_set_purpose + +Sets the verification purpose in $param to $purpose. This determines the acceptable purpose +of the certificate chain, for example SSL client or SSL server. + + my $rv = Net::SSLeay::X509_VERIFY_PARAM_set_purpose($param, $purpose); + # $param - value corresponding to openssl's X509_VERIFY_PARAM structure + # $purpose - (integer) purpose identifier + # + # returns: 1 on success, 0 on failure + +For more details about $purpose identifier check L. + +Check openssl doc L + +=item * X509_VERIFY_PARAM_set_time + +Sets the verification time in $param to $t. Normally the current time is used. + + Net::SSLeay::X509_VERIFY_PARAM_set_time($param, $t); + # $param - value corresponding to openssl's X509_VERIFY_PARAM structure + # $t - (time_t) time in seconds since 1.1.1970 + # + # returns: no return value + +Check openssl doc L + +=item * X509_VERIFY_PARAM_set_trust + +Sets the trust setting in $param to $trust. + + my $rv = Net::SSLeay::X509_VERIFY_PARAM_set_trust($param, $trust); + # $param - value corresponding to openssl's X509_VERIFY_PARAM structure + # $trust - (integer) trust identifier + # + # returns: 1 on success, 0 on failure + +For more details about $trust identifier check L. + +Check openssl doc L + +=item * X509_VERIFY_PARAM_table_cleanup + +??? (more info needed) + + Net::SSLeay::X509_VERIFY_PARAM_table_cleanup(); + # + # returns: no return value + +=back + +=head3 Low level API: Cipher (EVP_CIPHER_*) related functions + +=over + +=item * EVP_get_cipherbyname + +B not available in Net-SSLeay-1.45 and before + +Returns an EVP_CIPHER structure when passed a cipher name. + + my $rv = Net::SSLeay::EVP_get_cipherbyname($name); + # $name - (string) cipher name e.g. 'aes-128-cbc', 'camellia-256-ecb', 'des-ede', ... + # + # returns: value corresponding to openssl's EVP_CIPHER structure + +Check openssl doc L + +=back + +=head3 Low level API: Digest (EVP_MD_*) related functions + +=over + +=item * OpenSSL_add_all_digests + +B not available in Net-SSLeay-1.42 and before + + Net::SSLeay::OpenSSL_add_all_digests(); + # no args, no return value + +http://www.openssl.org/docs/crypto/OpenSSL_add_all_algorithms.html + +=item * P_EVP_MD_list_all + +B not available in Net-SSLeay-1.42 and before; requires at least openssl-1.0.0 + +B Does not exactly correspond to any low level API function + + my $rv = Net::SSLeay::P_EVP_MD_list_all(); + # + # returns: arrayref - list of available digest names + +The returned digest names correspond to values expected by L. + +Note that some of the digests are available by default and some only after calling L. + +=item * EVP_get_digestbyname + +B not available in Net-SSLeay-1.42 and before + + my $rv = Net::SSLeay::EVP_get_digestbyname($name); + # $name - string with digest name + # + # returns: value corresponding to openssl's EVP_MD structure + +The $name param can be: + + md2 + md4 + md5 + mdc2 + ripemd160 + sha + sha1 + sha224 + sha256 + sha512 + whirlpool + +Or better check the supported digests by calling L. + +=item * EVP_MD_type + +B not available in Net-SSLeay-1.42 and before + + my $rv = Net::SSLeay::EVP_MD_type($md); + # $md - value corresponding to openssl's EVP_MD structure + # + # returns: the NID (integer) of the OBJECT IDENTIFIER representing the given message digest + +=item * EVP_MD_size + +B not available in Net-SSLeay-1.42 and before + + my $rv = Net::SSLeay::EVP_MD_size($md); + # $md - value corresponding to openssl's EVP_MD structure + # + # returns: the size of the message digest in bytes (e.g. 20 for SHA1) + +=item * EVP_MD_CTX_md + +B not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7 + + Net::SSLeay::EVP_MD_CTX_md($ctx); + # $ctx - value corresponding to openssl's EVP_MD_CTX structure + # + # returns: value corresponding to openssl's EVP_MD structure + +=item * EVP_MD_CTX_create + +B not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7 + +Allocates, initializes and returns a digest context. + + my $rv = Net::SSLeay::EVP_MD_CTX_create(); + # + # returns: value corresponding to openssl's EVP_MD_CTX structure + +The complete idea behind EVP_MD_CTX looks like this example: + + Net::SSLeay::OpenSSL_add_all_digests(); + + my $md = Net::SSLeay::EVP_get_digestbyname("sha1"); + my $ctx = Net::SSLeay::EVP_MD_CTX_create(); + Net::SSLeay::EVP_DigestInit($ctx, $md); + + while(my $chunk = get_piece_of_data()) { + Net::SSLeay::EVP_DigestUpdate($ctx,$chunk); + } + + my $result = Net::SSLeay::EVP_DigestFinal($ctx); + Net::SSLeay::EVP_MD_CTX_destroy($ctx); + + print "digest=", unpack('H*', $result), "\n"; #print hex value + +=item * EVP_DigestInit_ex + +B not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7 + +Sets up digest context $ctx to use a digest $type from ENGINE $impl, $ctx must be +initialized before calling this function, type will typically be supplied by a function +such as L. If $impl is 0 then the default implementation of digest $type is used. + + my $rv = Net::SSLeay::EVP_DigestInit_ex($ctx, $type, $impl); + # $ctx - value corresponding to openssl's EVP_MD_CTX structure + # $type - value corresponding to openssl's EVP_MD structure + # $impl - value corresponding to openssl's ENGINE structure + # + # returns: 1 for success and 0 for failure + +=item * EVP_DigestInit + +B not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7 + +Behaves in the same way as L except the passed context $ctx does not have +to be initialized, and it always uses the default digest implementation. + + my $rv = Net::SSLeay::EVP_DigestInit($ctx, $type); + # $ctx - value corresponding to openssl's EVP_MD_CTX structure + # $type - value corresponding to openssl's EVP_MD structure + # + # returns: 1 for success and 0 for failure + +=item * EVP_MD_CTX_destroy + +B not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7 + +Cleans up digest context $ctx and frees up the space allocated to it, it should be +called only on a context created using L. + + Net::SSLeay::EVP_MD_CTX_destroy($ctx); + # $ctx - value corresponding to openssl's EVP_MD_CTX structure + # + # returns: no return value + +=item * EVP_DigestUpdate + +B not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7 + + my $rv = Net::SSLeay::EVP_DigestUpdate($ctx, $data); + # $ctx - value corresponding to openssl's EVP_MD_CTX structure + # $data - data to be hashed + # + # returns: 1 for success and 0 for failure + +=item * EVP_DigestFinal_ex + +B not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7 + +Retrieves the digest value from $ctx. After calling L no +additional calls to L can be made, but +L can be called to initialize a new digest operation. + + my $digest_value = Net::SSLeay::EVP_DigestFinal_ex($ctx); + # $ctx - value corresponding to openssl's EVP_MD_CTX structure + # + # returns: hash value (binary) + + #to get printable (hex) value of digest use: + print unpack('H*', $digest_value); + +=item * EVP_DigestFinal + +B not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7 + +Similar to L except the digest context ctx is automatically cleaned up. + + my $rv = Net::SSLeay::EVP_DigestFinal($ctx); + # $ctx - value corresponding to openssl's EVP_MD_CTX structure + # + # returns: hash value (binary) + + #to get printable (hex) value of digest use: + print unpack('H*', $digest_value); + +=item * MD2 + +B no supported by default in openssl-1.0.0 + +Computes MD2 from given $data (all data needs to be loaded into memory) + + my $digest = Net::SSLeay::MD2($data); + print "digest(hexadecimal)=", unpack('H*', $digest); + +=item * MD4 + +Computes MD4 from given $data (all data needs to be loaded into memory) + + my $digest = Net::SSLeay::MD4($data); + print "digest(hexadecimal)=", unpack('H*', $digest); + +=item * MD5 + +Computes MD5 from given $data (all data needs to be loaded into memory) + + my $digest = Net::SSLeay::MD5($data); + print "digest(hexadecimal)=", unpack('H*', $digest); + +=item * RIPEMD160 + +Computes RIPEMD160 from given $data (all data needs to be loaded into memory) + + my $digest = Net::SSLeay::RIPEMD160($data); + print "digest(hexadecimal)=", unpack('H*', $digest); + +=item * SHA1 + +B not available in Net-SSLeay-1.42 and before + +Computes SHA1 from given $data (all data needs to be loaded into memory) + + my $digest = Net::SSLeay::SHA1($data); + print "digest(hexadecimal)=", unpack('H*', $digest); + +=item * SHA256 + +B not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.8 + +Computes SHA256 from given $data (all data needs to be loaded into memory) + + my $digest = Net::SSLeay::SHA256($data); + print "digest(hexadecimal)=", unpack('H*', $digest); + +=item * SHA512 + +B not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.8 + +Computes SHA512 from given $data (all data needs to be loaded into memory) + + my $digest = Net::SSLeay::SHA512($data); + print "digest(hexadecimal)=", unpack('H*', $digest); + +=item * EVP_Digest + +B not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7 + +Computes "any" digest from given $data (all data needs to be loaded into memory) + + my $md = Net::SSLeay::EVP_get_digestbyname("sha1"); #or any other algorithm + my $digest = Net::SSLeay::EVP_Digest($data, $md); + print "digest(hexadecimal)=", unpack('H*', $digest); + +=item * EVP_sha1 + +B not available in Net-SSLeay-1.42 and before + + my $md = Net::SSLeay::EVP_sha1(); + # + # returns: value corresponding to openssl's EVP_MD structure + +=item * EVP_sha256 + +B requires at least openssl-0.9.8 + + my $md = Net::SSLeay::EVP_sha256(); + # + # returns: value corresponding to openssl's EVP_MD structure + +=item * EVP_sha512 + +B not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.8 + + my $md = Net::SSLeay::EVP_sha512(); + # + # returns: value corresponding to openssl's EVP_MD structure + +=item * EVP_add_digest + + my $rv = Net::SSLeay::EVP_add_digest($digest); + # $digest - value corresponding to openssl's EVP_MD structure + # + # returns: 1 on success, 0 otherwise + +=back + +=head3 Low level API: CIPHER_* related functions + +=over + +=item * CIPHER_get_name + +B not available in Net-SSLeay-1.42 and before + +Returns name of the cipher used. + + my $rv = Net::SSLeay::CIPHER_get_name($cipher); + # $cipher - value corresponding to openssl's SSL_CIPHER structure + # + # returns: (string) cipher name e.g. 'DHE-RSA-AES256-SHA', '(NONE)' if $cipher is undefined. + +Check openssl doc L + +Example: + + my $ssl_cipher = Net::SSLeay::get_current_cipher($ssl); + my $cipher_name = Net::SSLeay::CIPHER_get_name($ssl_cipher); + +=item * CIPHER_description + +B doesn't work correctly in Net-SSLeay-1.88 and before + +Returns a textual description of the cipher used. + + my $rv = Net::SSLeay::CIPHER_description($cipher); + # $cipher - value corresponding to openssl's SSL_CIPHER structure + # + # returns: (string) cipher description e.g. 'DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1' + +Check openssl doc L + +=item * CIPHER_get_bits + +B $alg_bits doesn't work correctly in Net-SSLeay-1.88 and before + +Returns the number of secret bits used for cipher. + + my $rv = Net::SSLeay::CIPHER_get_bits($cipher, $alg_bits); + # $cipher - value corresponding to openssl's SSL_CIPHER structure + # $alg_bits - [optional] empty scalar for storing additional return value + # + # returns: (integer) number of secret bits, 0 on error + # (integer) in $alg_bits for bits processed by the chosen algorithm + +Check openssl doc L + +Example: + + # bits and alg_bits are not equal for e.g., TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + # RFC 8422 name TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA + my $alg_bits; + my $bits = Net::SSLeay::CIPHER_get_bits($cipher, $alg_bits); + #my $bits = Net::SSLeay::CIPHER_get_bits($cipher); + print "bits: $bits, alg_bits: $alg_bits\n"; + + +=item * CIPHER_get_version + +B not available in Net-SSLeay-1.88 and before + +Returns version of SSL/TLS protocol that first defined the cipher + + my $rv = Net::SSLeay::CIPHER_get_version($cipher); + # $cipher - value corresponding to openssl's SSL_CIPHER structure + # + # returns: (string) cipher name e.g. 'TLSv1/SSLv3' with some libraries, 'TLSv1.0' or 'TLSv1.3', '(NONE)' if $cipher is undefined. + +Check openssl doc L + +=back + +=head3 Low level API: RSA_* related functions + +=over + +=item * RSA_generate_key + +Generates a key pair and returns it in a newly allocated RSA structure. +The pseudo-random number generator must be seeded prior to calling RSA_generate_key. + + my $rv = Net::SSLeay::RSA_generate_key($bits, $e, $perl_cb, $perl_cb_arg); + # $bits - (integer) modulus size in bits e.g. 512, 1024, 2048 + # $e - (integer) public exponent, an odd number, typically 3, 17 or 65537 + # $perl_cb - [optional] reference to perl callback function + # $perl_cb_arg - [optional] data that will be passed to callback function when invoked + # + # returns: value corresponding to openssl's RSA structure (0 on failure) + +Check openssl doc L + +=item * RSA_free + +Frees the RSA structure and its components. The key is erased before the memory is returned to the system. + + Net::SSLeay::RSA_free($r); + # $r - value corresponding to openssl's RSA structure + # + # returns: no return value + +Check openssl doc L + +=item * RSA_get_key_parameters + +Returns a list of pointers to BIGNUMs representing the parameters of the key in +this order: +(n, e, d, p, q, dmp1, dmq1, iqmp) + +Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use + + my (@params) = RSA_get_key_parameters($r); + +=back + +=head3 Low level API: BIO_* related functions + +=over + +=item * BIO_eof + +Returns 1 if the BIO has read EOF, the precise meaning of 'EOF' varies according to the BIO type. + + my $rv = Net::SSLeay::BIO_eof($s); + # $s - value corresponding to openssl's BIO structure + # + # returns: 1 if EOF has been reached 0 otherwise + +Check openssl doc L + +=item * BIO_f_ssl + +Returns the SSL BIO method. This is a filter BIO which is a wrapper +round the OpenSSL SSL routines adding a BIO 'flavour' to SSL I/O. + + my $rv = Net::SSLeay::BIO_f_ssl(); + # + # returns: value corresponding to openssl's BIO_METHOD structure (0 on failure) + +Check openssl doc L + +=item * BIO_free + +Frees up a single BIO. + + my $rv = Net::SSLeay::BIO_free($bio;); + # $bio; - value corresponding to openssl's BIO structure + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * BIO_new + +Returns a new BIO using method $type + + my $rv = Net::SSLeay::BIO_new($type); + # $type - value corresponding to openssl's BIO_METHOD structure + # + # returns: value corresponding to openssl's BIO structure (0 on failure) + +Check openssl doc L + +=item * BIO_new_buffer_ssl_connect + +Creates a new BIO chain consisting of a buffering BIO, an SSL BIO (using ctx) and a connect BIO. + + my $rv = Net::SSLeay::BIO_new_buffer_ssl_connect($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: value corresponding to openssl's BIO structure (0 on failure) + +Check openssl doc L + +=item * BIO_new_file + +Creates a new file BIO with mode $mode the meaning of mode is the same +as the stdio function fopen(). The BIO_CLOSE flag is set on the returned BIO. + + my $rv = Net::SSLeay::BIO_new_file($filename, $mode); + # $filename - (string) filename + # $mode - (string) opening mode (as mode by stdio function fopen) + # + # returns: value corresponding to openssl's BIO structure (0 on failure) + +Check openssl doc L + +=item * BIO_new_ssl + +Allocates an SSL BIO using SSL_CTX ctx and using client mode if client is non zero. + + my $rv = Net::SSLeay::BIO_new_ssl($ctx, $client); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $client - (integer) 0 or 1 - indicates ssl client mode + # + # returns: value corresponding to openssl's BIO structure (0 on failure) + +Check openssl doc L + +=item * BIO_new_ssl_connect + +Creates a new BIO chain consisting of an SSL BIO (using ctx) followed by a connect BIO. + + my $rv = Net::SSLeay::BIO_new_ssl_connect($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # + # returns: value corresponding to openssl's BIO structure (0 on failure) + +Check openssl doc L + +=item * BIO_pending + +Return the number of pending characters in the BIOs read buffers. + + my $rv = Net::SSLeay::BIO_pending($s); + # $s - value corresponding to openssl's BIO structure + # + # returns: the amount of pending data + +Check openssl doc L + +=item * BIO_wpending + +Return the number of pending characters in the BIOs write buffers. + + my $rv = Net::SSLeay::BIO_wpending($s); + # $s - value corresponding to openssl's BIO structure + # + # returns: the amount of pending data + +Check openssl doc L + +=item * BIO_read + +Read the underlying descriptor. + + Net::SSLeay::BIO_read($s, $max); + # $s - value corresponding to openssl's BIO structure + # $max - [optional] max. bytes to read (if not specified, the value 32768 is used) + # + # returns: data + +Check openssl doc L + +=item * BIO_write + +Attempts to write data from $buffer to BIO $b. + + my $rv = Net::SSLeay::BIO_write($b, $buffer); + # $b - value corresponding to openssl's BIO structure + # $buffer - data + # + # returns: amount of data successfully written + # or that no data was successfully read or written if the result is 0 or -1 + # or -2 when the operation is not implemented in the specific BIO type + +Check openssl doc L + +=item * BIO_s_mem + +Return the memory BIO method function. + + my $rv = Net::SSLeay::BIO_s_mem(); + # + # returns: value corresponding to openssl's BIO_METHOD structure (0 on failure) + +Check openssl doc L + +=item * BIO_ssl_copy_session_id + +Copies an SSL session id between BIO chains from and to. It does this by locating +the SSL BIOs in each chain and calling SSL_copy_session_id() on the internal SSL pointer. + + my $rv = Net::SSLeay::BIO_ssl_copy_session_id($to, $from); + # $to - value corresponding to openssl's BIO structure + # $from - value corresponding to openssl's BIO structure + # + # returns: 1 on success, 0 on failure + +Check openssl doc L + +=item * BIO_ssl_shutdown + +Closes down an SSL connection on BIO chain bio. It does this by locating the +SSL BIO in the chain and calling SSL_shutdown() on its internal SSL pointer. + + Net::SSLeay::BIO_ssl_shutdown($ssl_bio); + # $ssl_bio - value corresponding to openssl's BIO structure + # + # returns: no return value + +Check openssl doc L + +=back + +=head3 Low level API: Server side Server Name Indication (SNI) support + +=over + +=item * set_tlsext_host_name + +TBA + +=item * get_servername + +TBA + +=item * get_servername_type + +TBA + +=item * CTX_set_tlsext_servername_callback + +B requires at least OpenSSL 0.9.8f + +This function is used in a server to support Server side Server Name Indication (SNI). + + Net::SSLeay::CTX_set_tlsext_servername_callback($ctx, $code) + # $ctx - SSL context + # $code - reference to a subroutine that will be called when a new connection is being initiated + # + # returns: no return value + +On the client side: +use set_tlsext_host_name($ssl, $servername) before initiating the SSL connection. + +On the server side: +Set up an additional SSL_CTX() for each different certificate; + +Add a servername callback to each SSL_CTX() using CTX_set_tlsext_servername_callback(); + +The callback function is required to retrieve the client-supplied servername +with get_servername(ssl). Figure out the right +SSL_CTX to go with that host name, then switch the SSL object to that SSL_CTX +with set_SSL_CTX(). + +Example: + + # set callback + Net::SSLeay::CTX_set_tlsext_servername_callback($ctx, + sub { + my $ssl = shift; + my $h = Net::SSLeay::get_servername($ssl); + Net::SSLeay::set_SSL_CTX($ssl, $hostnames{$h}->{ctx}) if exists $hostnames{$h}; + } ); + + +More complete example: + + # ... initialize Net::SSLeay + + my %hostnames = ( + 'sni1' => { cert=>'sni1.pem', key=>'sni1.key' }, + 'sni2' => { cert=>'sni2.pem', key=>'sni2.key' }, + ); + + # create a new context for each certificate/key pair + for my $name (keys %hostnames) { + $hostnames{$name}->{ctx} = Net::SSLeay::CTX_new or die; + Net::SSLeay::CTX_set_cipher_list($hostnames{$name}->{ctx}, 'ALL'); + Net::SSLeay::set_cert_and_key($hostnames{$name}->{ctx}, + $hostnames{$name}->{cert}, $hostnames{$name}->{key}) or die; + } + + # create default context + my $ctx = Net::SSLeay::CTX_new or die; + Net::SSLeay::CTX_set_cipher_list($ctx, 'ALL'); + Net::SSLeay::set_cert_and_key($ctx, 'cert.pem','key.pem') or die; + + # set callback + Net::SSLeay::CTX_set_tlsext_servername_callback($ctx, sub { + my $ssl = shift; + my $h = Net::SSLeay::get_servername($ssl); + Net::SSLeay::set_SSL_CTX($ssl, $hostnames{$h}->{ctx}) if exists $hostnames{$h}; + } ); + + # ... later + + $s = Net::SSLeay::new($ctx); + Net::SSLeay::set_fd($s, fileno($accepted_socket)); + Net::SSLeay::accept($s); + +=back + +=head3 Low level API: NPN (next protocol negotiation) related functions + +NPN is being replaced with ALPN, a more recent TLS extension for application +protocol negotiation that's in process of being adopted by IETF. Please look +below for APLN API description. + +Simple approach for using NPN support looks like this: + + ### client side + use Net::SSLeay; + use IO::Socket::INET; + + Net::SSLeay::initialize(); + my $sock = IO::Socket::INET->new(PeerAddr=>'encrypted.google.com:443') or die; + my $ctx = Net::SSLeay::CTX_tlsv1_new() or die; + Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL); + Net::SSLeay::CTX_set_next_proto_select_cb($ctx, ['http1.1','spdy/2']); + my $ssl = Net::SSLeay::new($ctx) or die; + Net::SSLeay::set_fd($ssl, fileno($sock)) or die; + Net::SSLeay::connect($ssl); + + warn "client:negotiated=",Net::SSLeay::P_next_proto_negotiated($ssl), "\n"; + warn "client:last_status=", Net::SSLeay::P_next_proto_last_status($ssl), "\n"; + + ### server side + use Net::SSLeay; + use IO::Socket::INET; + + Net::SSLeay::initialize(); + my $ctx = Net::SSLeay::CTX_tlsv1_new() or die; + Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL); + Net::SSLeay::set_cert_and_key($ctx, "cert.pem", "key.pem"); + Net::SSLeay::CTX_set_next_protos_advertised_cb($ctx, ['spdy/2','http1.1']); + my $sock = IO::Socket::INET->new(LocalAddr=>'localhost', LocalPort=>5443, Proto=>'tcp', Listen=>20) or die; + + while (1) { + my $ssl = Net::SSLeay::new($ctx); + warn("server:waiting for incoming connection...\n"); + my $fd = $sock->accept(); + Net::SSLeay::set_fd($ssl, $fd->fileno); + Net::SSLeay::accept($ssl); + warn "server:negotiated=",Net::SSLeay::P_next_proto_negotiated($ssl),"\n"; + my $got = Net::SSLeay::read($ssl); + Net::SSLeay::ssl_write_all($ssl, "length=".length($got)); + Net::SSLeay::free($ssl); + $fd->close(); + } + # check with: openssl s_client -connect localhost:5443 -nextprotoneg http/1.1,spdy/2 + +Please note that the selection (negotiation) is performed by client side, the server side simply advertise the list of supported protocols. + +Advanced approach allows you to implement your own negotiation algorithm. + + #see below documentation for: + Net::SSleay::CTX_set_next_proto_select_cb($ctx, $perl_callback_function, $callback_data); + Net::SSleay::CTX_set_next_protos_advertised_cb($ctx, $perl_callback_function, $callback_data); + +Detection of NPN support (works even in older Net::SSLeay versions): + + use Net::SSLeay; + + if (exists &Net::SSLeay::P_next_proto_negotiated) { + # do NPN stuff + } + +=over + +=item * CTX_set_next_proto_select_cb + +B not available in Net-SSLeay-1.45 and before; requires at least openssl-1.0.1 + +B You need CTX_set_next_proto_select_cb on B of SSL connection. + +Simple usage - in this case a "common" negotiation algorithm (as implemented by openssl's function SSL_select_next_proto) is used. + + $rv = Net::SSleay::CTX_set_next_proto_select_cb($ctx, $arrayref); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $arrayref - list of accepted protocols - e.g. ['http1.0', 'http1.1'] + # + # returns: 0 on success, 1 on failure + +Advanced usage (you probably do not need this): + + $rv = Net::SSleay::CTX_set_next_proto_select_cb($ctx, $perl_callback_function, $callback_data); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $perl_callback_function - reference to perl function + # $callback_data - [optional] data to passed to callback function when invoked + # + # returns: 0 on success, 1 on failure + + # where callback function looks like + sub npn_advertised_cb_invoke { + my ($ssl, $arrayref_proto_list_advertised_by_server, $callback_data) = @_; + my $status; + # ... + $status = 1; #status can be: + # 0 - OPENSSL_NPN_UNSUPPORTED + # 1 - OPENSSL_NPN_NEGOTIATED + # 2 - OPENSSL_NPN_NO_OVERLAP + return $status, ['http1.1','spdy/2']; # the callback has to return 2 values + } + +To undefine/clear this callback use: + + Net::SSleay::CTX_set_next_proto_select_cb($ctx, undef); + +=item * CTX_set_next_protos_advertised_cb + +B not available in Net-SSLeay-1.45 and before; requires at least openssl-1.0.1 + +B You need CTX_set_next_proto_select_cb on B of SSL connection. + +Simple usage: + + $rv = Net::SSleay::CTX_set_next_protos_advertised_cb($ctx, $arrayref); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $arrayref - list of advertised protocols - e.g. ['http1.0', 'http1.1'] + # + # returns: 0 on success, 1 on failure + +Advanced usage (you probably do not need this): + + $rv = Net::SSleay::CTX_set_next_protos_advertised_cb($ctx, $perl_callback_function, $callback_data); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $perl_callback_function - reference to perl function + # $callback_data - [optional] data to passed to callback function when invoked + # + # returns: 0 on success, 1 on failure + + # where callback function looks like + sub npn_advertised_cb_invoke { + my ($ssl, $callback_data) = @_; + # ... + return ['http1.1','spdy/2']; # the callback has to return arrayref + } + +To undefine/clear this callback use: + + Net::SSleay::CTX_set_next_protos_advertised_cb($ctx, undef); + +=item * P_next_proto_negotiated + +B not available in Net-SSLeay-1.45 and before; requires at least openssl-1.0.1 + +Returns the name of negotiated protocol for given SSL connection $ssl. + + $rv = Net::SSLeay::P_next_proto_negotiated($ssl) + # $ssl - value corresponding to openssl's SSL structure + # + # returns: (string) negotiated protocol name (or undef if no negotiation was done or failed with fatal error) + +=item * P_next_proto_last_status + +B not available in Net-SSLeay-1.45 and before; requires at least openssl-1.0.1 + +Returns the result of the last negotiation for given SSL connection $ssl. + + $rv = Net::SSLeay::P_next_proto_last_status($ssl) + # $ssl - value corresponding to openssl's SSL structure + # + # returns: (integer) negotiation status + # 0 - OPENSSL_NPN_UNSUPPORTED + # 1 - OPENSSL_NPN_NEGOTIATED + # 2 - OPENSSL_NPN_NO_OVERLAP + +=back + +=head3 Low level API: ALPN (application layer protocol negotiation) related functions + +Application protocol can be negotiated via two different mechanisms employing +two different TLS extensions: NPN (obsolete) and ALPN (recommended). + +The API is rather similar, with slight differences reflecting protocol +specifics. In particular, with ALPN the protocol negotiation takes place on +server, while with NPN the client implements the protocol negotiation logic. + +With ALPN, the most basic implementation looks like this: + + ### client side + use Net::SSLeay; + use IO::Socket::INET; + + Net::SSLeay::initialize(); + my $sock = IO::Socket::INET->new(PeerAddr=>'encrypted.google.com:443') or die; + my $ctx = Net::SSLeay::CTX_tlsv1_new() or die; + Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL); + Net::SSLeay::CTX_set_alpn_protos($ctx, ['http/1.1', 'http/2.0', 'spdy/3]); + my $ssl = Net::SSLeay::new($ctx) or die; + Net::SSLeay::set_fd($ssl, fileno($sock)) or die; + Net::SSLeay::connect($ssl); + + warn "client:selected=",Net::SSLeay::P_alpn_selected($ssl), "\n"; + + ### server side + use Net::SSLeay; + use IO::Socket::INET; + + Net::SSLeay::initialize(); + my $ctx = Net::SSLeay::CTX_tlsv1_new() or die; + Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL); + Net::SSLeay::set_cert_and_key($ctx, "cert.pem", "key.pem"); + Net::SSLeay::CTX_set_alpn_select_cb($ctx, ['http/1.1', 'http/2.0', 'spdy/3]); + my $sock = IO::Socket::INET->new(LocalAddr=>'localhost', LocalPort=>5443, Proto=>'tcp', Listen=>20) or die; + + while (1) { + my $ssl = Net::SSLeay::new($ctx); + warn("server:waiting for incoming connection...\n"); + my $fd = $sock->accept(); + Net::SSLeay::set_fd($ssl, $fd->fileno); + Net::SSLeay::accept($ssl); + warn "server:selected=",Net::SSLeay::P_alpn_selected($ssl),"\n"; + my $got = Net::SSLeay::read($ssl); + Net::SSLeay::ssl_write_all($ssl, "length=".length($got)); + Net::SSLeay::free($ssl); + $fd->close(); + } + # check with: openssl s_client -connect localhost:5443 -alpn spdy/3,http/1.1 + +Advanced approach allows you to implement your own negotiation algorithm. + + #see below documentation for: + Net::SSleay::CTX_set_alpn_select_cb($ctx, $perl_callback_function, $callback_data); + +Detection of ALPN support (works even in older Net::SSLeay versions): + + use Net::SSLeay; + + if (exists &Net::SSLeay::P_alpn_selected) { + # do ALPN stuff + } + +=over + +=item * CTX_set_alpn_select_cb + +B not available in Net-SSLeay-1.55 and before; requires at least openssl-1.0.2 + +B You need CTX_set_alpn_select_cb on B of TLS connection. + +Simple usage - in this case a "common" negotiation algorithm (as implemented by openssl's function SSL_select_next_proto) is used. + + $rv = Net::SSleay::CTX_set_alpn_select_cb($ctx, $arrayref); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $arrayref - list of accepted protocols - e.g. ['http/2.0', 'http/1.1', 'spdy/3'] + # + # returns: 0 on success, 1 on failure + +Advanced usage (you probably do not need this): + + $rv = Net::SSleay::CTX_set_alpn_select_cb($ctx, $perl_callback_function, $callback_data); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $perl_callback_function - reference to perl function + # $callback_data - [optional] data to passed to callback function when invoked + # + # returns: 0 on success, 1 on failure + + # where callback function looks like + sub alpn_select_cb_invoke { + my ($ssl, $arrayref_proto_list_advertised_by_client, $callback_data) = @_; + # ... + if ($negotiated) { + return 'http/2.0'; + } else { + return undef; + } + } + +To undefine/clear this callback use: + + Net::SSleay::CTX_set_alpn_select_cb($ctx, undef); + +=item * set_alpn_protos + +B not available in Net-SSLeay-1.55 and before; requires at least openssl-1.0.2 + +B You need set_alpn_protos on B of TLS connection. + +This adds list of supported application layer protocols to ClientHello message sent by a client. +It advertises the enumeration of supported protocols: + + Net::SSLeay::set_alpn_protos($ssl, ['http/1.1', 'http/2.0', 'spdy/3]); + # returns 0 on success + +=item * CTX_set_alpn_protos + +B not available in Net-SSLeay-1.55 and before; requires at least openssl-1.0.2 + +B You need CTX_set_alpn_protos on B of TLS connection. + +This adds list of supported application layer protocols to ClientHello message sent by a client. +It advertises the enumeration of supported protocols: + + Net::SSLeay::CTX_set_alpn_protos($ctx, ['http/1.1', 'http/2.0', 'spdy/3]); + # returns 0 on success + +=item * P_alpn_selected + +B not available in Net-SSLeay-1.55 and before; requires at least openssl-1.0.2 + +Returns the name of negotiated protocol for given TLS connection $ssl. + + $rv = Net::SSLeay::P_alpn_selected($ssl) + # $ssl - value corresponding to openssl's SSL structure + # + # returns: (string) negotiated protocol name (or undef if no negotiation was done or failed with fatal error) + +=back + +=head3 Low level API: DANE Support + +OpenSSL version 1.0.2 adds preliminary support RFC6698 Domain Authentication of +Named Entities (DANE) Transport Layer Association within OpenSSL + +=over + +=item * SSL_get_tlsa_record_byname + +B DELETED from net-ssleay, since it is not supported by OpenSSL + +In order to facilitate DANE there is additional interface, +SSL_get_tlsa_record_byname, accepting hostname, port and socket type +that returns packed TLSA record. In order to make it even easier there +is additional SSL_ctrl function that calls SSL_get_tlsa_record_byname +for you. Latter is recommended for programmers that wish to maintain +broader binary compatibility, e.g. make application work with both 1.0.2 +and prior version (in which case call to SSL_ctrl with new code +returning error would have to be ignored when running with prior version). + + Net::SSLeay::get_tlsa_record_byname($name, $port, $type); + +=back + +=head3 Low level API: Other functions + +=over + +=item * COMP_add_compression_method + +Adds the compression method cm with the identifier id to the list of available compression methods. +This list is globally maintained for all SSL operations within this application. +It cannot be set for specific SSL_CTX or SSL objects. + + my $rv = Net::SSLeay::COMP_add_compression_method($id, $cm); + # $id - (integer) compression method id + # 0 to 63: methods defined by the IETF + # 64 to 192: external party methods assigned by IANA + # 193 to 255: reserved for private use + # + # $cm - value corresponding to openssl's COMP_METHOD structure + # + # returns: 0 on success, 1 on failure (check the error queue to find out the reason) + +Check openssl doc L + +=item * DH_free + +Frees the DH structure and its components. The values are erased before the memory is returned to the system. + + Net::SSLeay::DH_free($dh); + # $dh - value corresponding to openssl's DH structure + # + # returns: no return value + +Check openssl doc L + +=item * FIPS_mode_set + +Enable or disable FIPS mode in a FIPS capable OpenSSL. + + Net::SSLeay:: FIPS_mode_set($enable); + # $enable - (integer) 1 to enable, 0 to disable + +=back + +=head3 Low level API: EC related functions + +=over + +=item * CTX_set_tmp_ecdh + +TBA + +=item * EC_KEY_free + +TBA + +=item * EC_KEY_new_by_curve_name + +TBA + +=item * EC_KEY_generate_key + +Generates a EC key and returns it in a newly allocated EC_KEY structure. +The EC key then can be used to create a PKEY which can be used in calls +like X509_set_pubkey. + + my $key = Net::SSLeay::EVP_PKEY_new(); + my $ec = Net::SSLeay::EC_KEY_generate_key($curve); + Net::SSLeay::EVP_PKEY_assign_EC_KEY($key,$ec); + + # $curve - curve name like 'secp521r1' or the matching Id (integer) of the curve + # + # returns: value corresponding to openssl's EC_KEY structure (0 on failure) + +This function has no equivalent in OpenSSL but combines multiple OpenSSL +functions for an easier interface. + +=item * CTX_set_ecdh_auto, set_ecdh_auto + +These functions enable or disable the automatic curve selection on the server +side by calling SSL_CTX_set_ecdh_auto or SSL_set_ecdh_auto respectively. +If enabled the highest preference curve is automatically used for ECDH temporary +keys used during key exchange. +This function is no longer available for OpenSSL 1.1.0 or higher. + + Net::SSLeay::CTX_set_ecdh_auto($ctx,1); + Net::SSLeay::set_ecdh_auto($ssl,1); + +=item * CTX_set1_curves_list, set1_curves_list + +These functions set the supported curves (in order of preference) by calling +SSL_CTX_set1_curves_list or SSL_set1_curves_list respectively. +For a TLS client these curves are offered to the server in the supported curves +extension while on the server side these are used to determine the shared +curve. +These functions are only available since OpenSSL 1.1.0. + + Net::SSLeay::CTX_set1_curves_list($ctx,"P-521:P-384:P-256"); + Net::SSLeay::set1_curves_list($ssl,"P-521:P-384:P-256"); + +=item * CTX_set1_groups_list, set1_groups_list + +These functions set the supported groups (in order of preference) by calling +SSL_CTX_set1_groups_list or SSL_set1_groups_list respectively. +This is practically the same as CTX_set1_curves_list and set1_curves_list except +that all DH groups can be given as supported by TLS 1.3. +These functions are only available since OpenSSL 1.1.1. + + Net::SSLeay::CTX_set1_groups_list($ctx,"P-521:P-384:P-256"); + Net::SSLeay::set1_groups_list($ssl,"P-521:P-384:P-256"); + +=back + + +=head3 Low level API: OSSL_LIB_CTX and OSSL_PROVIDER related functions + +=over + +=item * OSSL_LIB_CTX_get0_global_default + +Returns a concrete (non NULL) reference to the global default library context. + + my $libctx = Net::SSLeay::OSSL_LIB_CTX_get0_global_default(); + # returns: a value corresponding to OSSL_LIB_CTX structure or false on failure + +Typically it's simpler to use undef with functions that take an +OSSL_LIB_CTX argument when global default library context is needed. + +Check openssl doc L + +=item * OSSL_PROVIDER_load + +Loads and initializes a provider + + my $provider = Net::SSLeay::OSSL_PROVIDER_load($libctx, $name); + # $libctx - value corresponding to OSSL_LIB_CTX structure or undef + # $name - (string) provider name, e.g., 'legacy' + # + # returns: a value corresponding to OSSL_PROVIDER or false on failure + +Using undef loads the provider within the global default library context. + + my $provider = Net::SSLeay::OSSL_PROVIDER_load(undef, 'legacy'); + +Check openssl doc L + +=item * OSSL_PROVIDER_try_load + +Loads and initializes a provider similar to OSSL_PROVIDER_load with additional fallback control. + + my $provider = Net::SSLeay::OSSL_PROVIDER_try_load($libctx, $name, $retain_fallbacks); + # $libctx - value corresponding to OSSL_LIB_CTX structure or undef + # $name - (string) provider name, e.g., 'legacy' + # $retain_fallbacks - (integer) 0 or 1 + # + # returns: a value corresponding to OSSL_PROVIDER or false on failure + +Check openssl doc L + +=item * OSSL_PROVIDER_unload + +Unloads the given provider. + + my $rv = Net::SSLeay::OSSL_PROVIDER_unload($provider); + # $provider - a value corresponding to OSSL_PROVIDER + # + # returns: (integer) 1 on success, 0 on error + +Check openssl doc L + +=item * OSSL_PROVIDER_available + +Checks if a named provider is available for use. + + my $rv = Net::SSLeay::OSSL_PROVIDER_available($libctx, $name); + # $libctx - value corresponding to OSSL_LIB_CTX structure or undef + # $name - (string) provider name, e.g., 'legacy' + # + # returns: (integer) 1 if the named provider is available, otherwise 0. + +Check openssl doc L + +=item * OSSL_PROVIDER_do_all + +Iterates over all loaded providers. A callback is called for each provider. + + my $rv = Net::SSLeay::OSSL_PROVIDER_do_all($libctx, $cb, $cbdata); + # $libctx - value corresponding to OSSL_LIB_CTX structure or undef + # $cb - reference to a perl callback function + $ $cbdata - data that will be passed to callback function + # + # returns: (integer) 1 if all callbacks returned 1, 0 the first time a callback returns 0. + +Example: + + sub do_all_cb { + my ($provider, $cbdata) = @_; + + my $name = Net::SSLeay::OSSL_PROVIDER_get0_name($provider); + print "Callback for provider: '$name', cbdata: '$cbdata'\n"; + return 1; + } + my $data_for_cb = 'Hello'; + + # Triggers default provider automatic loading. + Net::SSLeay::OSSL_PROVIDER_available(undef, 'default') || die 'default provider not available'; + Net::SSLeay::OSSL_PROVIDER_load(undef, 'legacy') || die 'load legacy'; + Net::SSLeay::OSSL_PROVIDER_load(undef, 'null') || die 'load null'; + Net::SSLeay::OSSL_PROVIDER_do_all(undef, \&do_all_cb, $data_for_cb) || die 'a callback failed'; + +Check openssl doc L + +=item * OSSL_PROVIDER_get0_name + +Returns the name of the given provider. + + my $name = Net::SSLeay::OSSL_PROVIDER_get0_name($provider); + # $provider - a value corresponding to OSSL_PROVIDER + # + # returns: (string) provider name, e.g., 'legacy' + +Check openssl doc L + +=item * OSSL_PROVIDER_self_test + +Runs the provider's self tests. + + my $rv = Net::SSLeay::OSSL_PROVIDER_self_test($provider); + # $libctx - value corresponding to OSSL_LIB_CTX structure or undef + # $provider - a value corresponding to OSSL_PROVIDER + # + # returns: (integer) returns 1 if the self tests pass, 0 on error + +Check openssl doc L + +=back + +=head2 Constants + +There are many openssl constants available in L. You can use them like this: + + use Net::SSLeay; + print &Net::SSLeay::NID_commonName; + #or + print Net::SSLeay::NID_commonName(); + +Or you can import them and use: + + use Net::SSLeay qw/NID_commonName/; + print &NID_commonName; + #or + print NID_commonName(); + #or + print NID_commonName; + +The constants names are derived from openssl constants, however constants starting with C prefix +have name with C part stripped - e.g. openssl's constant C is available as C + +The list of all available constant names: + +=for comment +The list below is automatically generated - do not manually modify it. +To add or remove a constant, edit helper_script/constants.txt, then run +helper_script/update-exported-constants. + +=for start_constants + + ASN1_STRFLGS_ESC_CTRL OPENSSL_VERSION_STRING + ASN1_STRFLGS_ESC_MSB OP_ALL + ASN1_STRFLGS_ESC_QUOTE OP_ALLOW_NO_DHE_KEX + ASN1_STRFLGS_RFC2253 OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION + CB_ACCEPT_EXIT OP_CIPHER_SERVER_PREFERENCE + CB_ACCEPT_LOOP OP_CISCO_ANYCONNECT + CB_ALERT OP_COOKIE_EXCHANGE + CB_CONNECT_EXIT OP_CRYPTOPRO_TLSEXT_BUG + CB_CONNECT_LOOP OP_DONT_INSERT_EMPTY_FRAGMENTS + CB_EXIT OP_ENABLE_MIDDLEBOX_COMPAT + CB_HANDSHAKE_DONE OP_EPHEMERAL_RSA + CB_HANDSHAKE_START OP_LEGACY_SERVER_CONNECT + CB_LOOP OP_MICROSOFT_BIG_SSLV3_BUFFER + CB_READ OP_MICROSOFT_SESS_ID_BUG + CB_READ_ALERT OP_MSIE_SSLV2_RSA_PADDING + CB_WRITE OP_NETSCAPE_CA_DN_BUG + CB_WRITE_ALERT OP_NETSCAPE_CHALLENGE_BUG + ERROR_NONE OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG + ERROR_SSL OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG + ERROR_SYSCALL OP_NON_EXPORT_FIRST + ERROR_WANT_ACCEPT OP_NO_ANTI_REPLAY + ERROR_WANT_CONNECT OP_NO_CLIENT_RENEGOTIATION + ERROR_WANT_READ OP_NO_COMPRESSION + ERROR_WANT_WRITE OP_NO_ENCRYPT_THEN_MAC + ERROR_WANT_X509_LOOKUP OP_NO_QUERY_MTU + ERROR_ZERO_RETURN OP_NO_RENEGOTIATION + EVP_PKS_DSA OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION + EVP_PKS_EC OP_NO_SSL_MASK + EVP_PKS_RSA OP_NO_SSLv2 + EVP_PKT_ENC OP_NO_SSLv3 + EVP_PKT_EXCH OP_NO_TICKET + EVP_PKT_EXP OP_NO_TLSv1 + EVP_PKT_SIGN OP_NO_TLSv1_1 + EVP_PK_DH OP_NO_TLSv1_2 + EVP_PK_DSA OP_NO_TLSv1_3 + EVP_PK_EC OP_PKCS1_CHECK_1 + EVP_PK_RSA OP_PKCS1_CHECK_2 + FILETYPE_ASN1 OP_PRIORITIZE_CHACHA + FILETYPE_PEM OP_SAFARI_ECDHE_ECDSA_BUG + F_CLIENT_CERTIFICATE OP_SINGLE_DH_USE + F_CLIENT_HELLO OP_SINGLE_ECDH_USE + F_CLIENT_MASTER_KEY OP_SSLEAY_080_CLIENT_DH_BUG + F_D2I_SSL_SESSION OP_SSLREF2_REUSE_CERT_TYPE_BUG + F_GET_CLIENT_FINISHED OP_TLSEXT_PADDING + F_GET_CLIENT_HELLO OP_TLS_BLOCK_PADDING_BUG + F_GET_CLIENT_MASTER_KEY OP_TLS_D5_BUG + F_GET_SERVER_FINISHED OP_TLS_ROLLBACK_BUG + F_GET_SERVER_HELLO READING + F_GET_SERVER_VERIFY RECEIVED_SHUTDOWN + F_I2D_SSL_SESSION RSA_3 + F_READ_N RSA_F4 + F_REQUEST_CERTIFICATE R_BAD_AUTHENTICATION_TYPE + F_SERVER_HELLO R_BAD_CHECKSUM + F_SSL_CERT_NEW R_BAD_MAC_DECODE + F_SSL_GET_NEW_SESSION R_BAD_RESPONSE_ARGUMENT + F_SSL_NEW R_BAD_SSL_FILETYPE + F_SSL_READ R_BAD_SSL_SESSION_ID_LENGTH + F_SSL_RSA_PRIVATE_DECRYPT R_BAD_STATE + F_SSL_RSA_PUBLIC_ENCRYPT R_BAD_WRITE_RETRY + F_SSL_SESSION_NEW R_CHALLENGE_IS_DIFFERENT + F_SSL_SESSION_PRINT_FP R_CIPHER_TABLE_SRC_ERROR + F_SSL_SET_FD R_INVALID_CHALLENGE_LENGTH + F_SSL_SET_RFD R_NO_CERTIFICATE_SET + F_SSL_SET_WFD R_NO_CERTIFICATE_SPECIFIED + F_SSL_USE_CERTIFICATE R_NO_CIPHER_LIST + F_SSL_USE_CERTIFICATE_ASN1 R_NO_CIPHER_MATCH + F_SSL_USE_CERTIFICATE_FILE R_NO_PRIVATEKEY + F_SSL_USE_PRIVATEKEY R_NO_PUBLICKEY + F_SSL_USE_PRIVATEKEY_ASN1 R_NULL_SSL_CTX + F_SSL_USE_PRIVATEKEY_FILE R_PEER_DID_NOT_RETURN_A_CERTIFICATE + F_SSL_USE_RSAPRIVATEKEY R_PEER_ERROR + F_SSL_USE_RSAPRIVATEKEY_ASN1 R_PEER_ERROR_CERTIFICATE + F_SSL_USE_RSAPRIVATEKEY_FILE R_PEER_ERROR_NO_CIPHER + F_WRITE_PENDING R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE + GEN_DIRNAME R_PUBLIC_KEY_ENCRYPT_ERROR + GEN_DNS R_PUBLIC_KEY_IS_NOT_RSA + GEN_EDIPARTY R_READ_WRONG_PACKET_TYPE + GEN_EMAIL R_SHORT_READ + GEN_IPADD R_SSL_SESSION_ID_IS_DIFFERENT + GEN_OTHERNAME R_UNABLE_TO_EXTRACT_PUBLIC_KEY + GEN_RID R_UNKNOWN_REMOTE_ERROR_TYPE + GEN_URI R_UNKNOWN_STATE + GEN_X400 R_X509_LIB + LIBRESSL_VERSION_NUMBER SENT_SHUTDOWN + MBSTRING_ASC SESSION_ASN1_VERSION + MBSTRING_BMP SESS_CACHE_BOTH + MBSTRING_FLAG SESS_CACHE_CLIENT + MBSTRING_UNIV SESS_CACHE_NO_AUTO_CLEAR + MBSTRING_UTF8 SESS_CACHE_NO_INTERNAL + MIN_RSA_MODULUS_LENGTH_IN_BYTES SESS_CACHE_NO_INTERNAL_LOOKUP + MODE_ACCEPT_MOVING_WRITE_BUFFER SESS_CACHE_NO_INTERNAL_STORE + MODE_AUTO_RETRY SESS_CACHE_OFF + MODE_ENABLE_PARTIAL_WRITE SESS_CACHE_SERVER + MODE_RELEASE_BUFFERS SSL2_MT_CLIENT_CERTIFICATE + NID_OCSP_sign SSL2_MT_CLIENT_FINISHED + NID_SMIMECapabilities SSL2_MT_CLIENT_HELLO + NID_X500 SSL2_MT_CLIENT_MASTER_KEY + NID_X509 SSL2_MT_ERROR + NID_ad_OCSP SSL2_MT_REQUEST_CERTIFICATE + NID_ad_ca_issuers SSL2_MT_SERVER_FINISHED + NID_algorithm SSL2_MT_SERVER_HELLO + NID_authority_key_identifier SSL2_MT_SERVER_VERIFY + NID_basic_constraints SSL2_VERSION + NID_bf_cbc SSL3_MT_CCS + NID_bf_cfb64 SSL3_MT_CERTIFICATE + NID_bf_ecb SSL3_MT_CERTIFICATE_REQUEST + NID_bf_ofb64 SSL3_MT_CERTIFICATE_STATUS + NID_cast5_cbc SSL3_MT_CERTIFICATE_URL + NID_cast5_cfb64 SSL3_MT_CERTIFICATE_VERIFY + NID_cast5_ecb SSL3_MT_CHANGE_CIPHER_SPEC + NID_cast5_ofb64 SSL3_MT_CLIENT_HELLO + NID_certBag SSL3_MT_CLIENT_KEY_EXCHANGE + NID_certificate_policies SSL3_MT_ENCRYPTED_EXTENSIONS + NID_client_auth SSL3_MT_END_OF_EARLY_DATA + NID_code_sign SSL3_MT_FINISHED + NID_commonName SSL3_MT_HELLO_REQUEST + NID_countryName SSL3_MT_KEY_UPDATE + NID_crlBag SSL3_MT_MESSAGE_HASH + NID_crl_distribution_points SSL3_MT_NEWSESSION_TICKET + NID_crl_number SSL3_MT_NEXT_PROTO + NID_crl_reason SSL3_MT_SERVER_DONE + NID_delta_crl SSL3_MT_SERVER_HELLO + NID_des_cbc SSL3_MT_SERVER_KEY_EXCHANGE + NID_des_cfb64 SSL3_MT_SUPPLEMENTAL_DATA + NID_des_ecb SSL3_RT_ALERT + NID_des_ede SSL3_RT_APPLICATION_DATA + NID_des_ede3 SSL3_RT_CHANGE_CIPHER_SPEC + NID_des_ede3_cbc SSL3_RT_HANDSHAKE + NID_des_ede3_cfb64 SSL3_RT_HEADER + NID_des_ede3_ofb64 SSL3_RT_INNER_CONTENT_TYPE + NID_des_ede_cbc SSL3_VERSION + NID_des_ede_cfb64 SSLEAY_BUILT_ON + NID_des_ede_ofb64 SSLEAY_CFLAGS + NID_des_ofb64 SSLEAY_DIR + NID_description SSLEAY_PLATFORM + NID_desx_cbc SSLEAY_VERSION + NID_dhKeyAgreement ST_ACCEPT + NID_dnQualifier ST_BEFORE + NID_dsa ST_CONNECT + NID_dsaWithSHA ST_INIT + NID_dsaWithSHA1 ST_OK + NID_dsaWithSHA1_2 ST_READ_BODY + NID_dsa_2 ST_READ_HEADER + NID_email_protect TLS1_1_VERSION + NID_ext_key_usage TLS1_2_VERSION + NID_ext_req TLS1_3_VERSION + NID_friendlyName TLS1_VERSION + NID_givenName TLSEXT_STATUSTYPE_ocsp + NID_hmacWithSHA1 VERIFY_CLIENT_ONCE + NID_id_ad VERIFY_FAIL_IF_NO_PEER_CERT + NID_id_ce VERIFY_NONE + NID_id_kp VERIFY_PEER + NID_id_pbkdf2 VERIFY_POST_HANDSHAKE + NID_id_pe V_OCSP_CERTSTATUS_GOOD + NID_id_pkix V_OCSP_CERTSTATUS_REVOKED + NID_id_qt_cps V_OCSP_CERTSTATUS_UNKNOWN + NID_id_qt_unotice WRITING + NID_idea_cbc X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT + NID_idea_cfb64 X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS + NID_idea_ecb X509_CHECK_FLAG_NEVER_CHECK_SUBJECT + NID_idea_ofb64 X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS + NID_info_access X509_CHECK_FLAG_NO_WILDCARDS + NID_initials X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS + NID_invalidity_date X509_FILETYPE_ASN1 + NID_issuer_alt_name X509_FILETYPE_DEFAULT + NID_keyBag X509_FILETYPE_PEM + NID_key_usage X509_LOOKUP + NID_localKeyID X509_PURPOSE_ANY + NID_localityName X509_PURPOSE_CRL_SIGN + NID_md2 X509_PURPOSE_NS_SSL_SERVER + NID_md2WithRSAEncryption X509_PURPOSE_OCSP_HELPER + NID_md5 X509_PURPOSE_SMIME_ENCRYPT + NID_md5WithRSA X509_PURPOSE_SMIME_SIGN + NID_md5WithRSAEncryption X509_PURPOSE_SSL_CLIENT + NID_md5_sha1 X509_PURPOSE_SSL_SERVER + NID_mdc2 X509_PURPOSE_TIMESTAMP_SIGN + NID_mdc2WithRSA X509_TRUST_COMPAT + NID_ms_code_com X509_TRUST_EMAIL + NID_ms_code_ind X509_TRUST_OBJECT_SIGN + NID_ms_ctl_sign X509_TRUST_OCSP_REQUEST + NID_ms_efs X509_TRUST_OCSP_SIGN + NID_ms_ext_req X509_TRUST_SSL_CLIENT + NID_ms_sgc X509_TRUST_SSL_SERVER + NID_name X509_TRUST_TSA + NID_netscape X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH + NID_netscape_base_url X509_V_ERR_AKID_SKID_MISMATCH + NID_netscape_ca_policy_url X509_V_ERR_APPLICATION_VERIFICATION + NID_netscape_ca_revocation_url X509_V_ERR_CA_KEY_TOO_SMALL + NID_netscape_cert_extension X509_V_ERR_CA_MD_TOO_WEAK + NID_netscape_cert_sequence X509_V_ERR_CERT_CHAIN_TOO_LONG + NID_netscape_cert_type X509_V_ERR_CERT_HAS_EXPIRED + NID_netscape_comment X509_V_ERR_CERT_NOT_YET_VALID + NID_netscape_data_type X509_V_ERR_CERT_REJECTED + NID_netscape_renewal_url X509_V_ERR_CERT_REVOKED + NID_netscape_revocation_url X509_V_ERR_CERT_SIGNATURE_FAILURE + NID_netscape_ssl_server_name X509_V_ERR_CERT_UNTRUSTED + NID_ns_sgc X509_V_ERR_CRL_HAS_EXPIRED + NID_organizationName X509_V_ERR_CRL_NOT_YET_VALID + NID_organizationalUnitName X509_V_ERR_CRL_PATH_VALIDATION_ERROR + NID_pbeWithMD2AndDES_CBC X509_V_ERR_CRL_SIGNATURE_FAILURE + NID_pbeWithMD2AndRC2_CBC X509_V_ERR_DANE_NO_MATCH + NID_pbeWithMD5AndCast5_CBC X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT + NID_pbeWithMD5AndDES_CBC X509_V_ERR_DIFFERENT_CRL_SCOPE + NID_pbeWithMD5AndRC2_CBC X509_V_ERR_EE_KEY_TOO_SMALL + NID_pbeWithSHA1AndDES_CBC X509_V_ERR_EMAIL_MISMATCH + NID_pbeWithSHA1AndRC2_CBC X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD + NID_pbe_WithSHA1And128BitRC2_CBC X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD + NID_pbe_WithSHA1And128BitRC4 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD + NID_pbe_WithSHA1And2_Key_TripleDES_CBC X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD + NID_pbe_WithSHA1And3_Key_TripleDES_CBC X509_V_ERR_EXCLUDED_VIOLATION + NID_pbe_WithSHA1And40BitRC2_CBC X509_V_ERR_HOSTNAME_MISMATCH + NID_pbe_WithSHA1And40BitRC4 X509_V_ERR_INVALID_CA + NID_pbes2 X509_V_ERR_INVALID_CALL + NID_pbmac1 X509_V_ERR_INVALID_EXTENSION + NID_pkcs X509_V_ERR_INVALID_NON_CA + NID_pkcs3 X509_V_ERR_INVALID_POLICY_EXTENSION + NID_pkcs7 X509_V_ERR_INVALID_PURPOSE + NID_pkcs7_data X509_V_ERR_IP_ADDRESS_MISMATCH + NID_pkcs7_digest X509_V_ERR_KEYUSAGE_NO_CERTSIGN + NID_pkcs7_encrypted X509_V_ERR_KEYUSAGE_NO_CRL_SIGN + NID_pkcs7_enveloped X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE + NID_pkcs7_signed X509_V_ERR_NO_EXPLICIT_POLICY + NID_pkcs7_signedAndEnveloped X509_V_ERR_NO_VALID_SCTS + NID_pkcs8ShroudedKeyBag X509_V_ERR_OCSP_CERT_UNKNOWN + NID_pkcs9 X509_V_ERR_OCSP_VERIFY_FAILED + NID_pkcs9_challengePassword X509_V_ERR_OCSP_VERIFY_NEEDED + NID_pkcs9_contentType X509_V_ERR_OUT_OF_MEM + NID_pkcs9_countersignature X509_V_ERR_PATH_LENGTH_EXCEEDED + NID_pkcs9_emailAddress X509_V_ERR_PATH_LOOP + NID_pkcs9_extCertAttributes X509_V_ERR_PERMITTED_VIOLATION + NID_pkcs9_messageDigest X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED + NID_pkcs9_signingTime X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED + NID_pkcs9_unstructuredAddress X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION + NID_pkcs9_unstructuredName X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN + NID_private_key_usage_period X509_V_ERR_STORE_LOOKUP + NID_rc2_40_cbc X509_V_ERR_SUBJECT_ISSUER_MISMATCH + NID_rc2_64_cbc X509_V_ERR_SUBTREE_MINMAX + NID_rc2_cbc X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 + NID_rc2_cfb64 X509_V_ERR_SUITE_B_INVALID_ALGORITHM + NID_rc2_ecb X509_V_ERR_SUITE_B_INVALID_CURVE + NID_rc2_ofb64 X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM + NID_rc4 X509_V_ERR_SUITE_B_INVALID_VERSION + NID_rc4_40 X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED + NID_rc5_cbc X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY + NID_rc5_cfb64 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE + NID_rc5_ecb X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE + NID_rc5_ofb64 X509_V_ERR_UNABLE_TO_GET_CRL + NID_ripemd160 X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER + NID_ripemd160WithRSA X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT + NID_rle_compression X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY + NID_rsa X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE + NID_rsaEncryption X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION + NID_rsadsi X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION + NID_safeContentsBag X509_V_ERR_UNNESTED_RESOURCE + NID_sdsiCertificate X509_V_ERR_UNSPECIFIED + NID_secretBag X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX + NID_serialNumber X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE + NID_server_auth X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE + NID_sha X509_V_ERR_UNSUPPORTED_NAME_SYNTAX + NID_sha1 X509_V_FLAG_ALLOW_PROXY_CERTS + NID_sha1WithRSA X509_V_FLAG_CB_ISSUER_CHECK + NID_sha1WithRSAEncryption X509_V_FLAG_CHECK_SS_SIGNATURE + NID_shaWithRSAEncryption X509_V_FLAG_CRL_CHECK + NID_stateOrProvinceName X509_V_FLAG_CRL_CHECK_ALL + NID_subject_alt_name X509_V_FLAG_EXPLICIT_POLICY + NID_subject_key_identifier X509_V_FLAG_EXTENDED_CRL_SUPPORT + NID_surname X509_V_FLAG_IGNORE_CRITICAL + NID_sxnet X509_V_FLAG_INHIBIT_ANY + NID_time_stamp X509_V_FLAG_INHIBIT_MAP + NID_title X509_V_FLAG_LEGACY_VERIFY + NID_undef X509_V_FLAG_NOTIFY_POLICY + NID_uniqueIdentifier X509_V_FLAG_NO_ALT_CHAINS + NID_x509Certificate X509_V_FLAG_NO_CHECK_TIME + NID_x509Crl X509_V_FLAG_PARTIAL_CHAIN + NID_zlib_compression X509_V_FLAG_POLICY_CHECK + NOTHING X509_V_FLAG_POLICY_MASK + OCSP_RESPONSE_STATUS_INTERNALERROR X509_V_FLAG_SUITEB_128_LOS + OCSP_RESPONSE_STATUS_MALFORMEDREQUEST X509_V_FLAG_SUITEB_128_LOS_ONLY + OCSP_RESPONSE_STATUS_SIGREQUIRED X509_V_FLAG_SUITEB_192_LOS + OCSP_RESPONSE_STATUS_SUCCESSFUL X509_V_FLAG_TRUSTED_FIRST + OCSP_RESPONSE_STATUS_TRYLATER X509_V_FLAG_USE_CHECK_TIME + OCSP_RESPONSE_STATUS_UNAUTHORIZED X509_V_FLAG_USE_DELTAS + OPENSSL_BUILT_ON X509_V_FLAG_X509_STRICT + OPENSSL_CFLAGS X509_V_OK + OPENSSL_CPU_INFO XN_FLAG_COMPAT + OPENSSL_DIR XN_FLAG_DN_REV + OPENSSL_ENGINES_DIR XN_FLAG_DUMP_UNKNOWN_FIELDS + OPENSSL_FULL_VERSION_STRING XN_FLAG_FN_ALIGN + OPENSSL_INFO_CONFIG_DIR XN_FLAG_FN_LN + OPENSSL_INFO_CPU_SETTINGS XN_FLAG_FN_MASK + OPENSSL_INFO_DIR_FILENAME_SEPARATOR XN_FLAG_FN_NONE + OPENSSL_INFO_DSO_EXTENSION XN_FLAG_FN_OID + OPENSSL_INFO_ENGINES_DIR XN_FLAG_FN_SN + OPENSSL_INFO_LIST_SEPARATOR XN_FLAG_MULTILINE + OPENSSL_INFO_MODULES_DIR XN_FLAG_ONELINE + OPENSSL_INFO_SEED_SOURCE XN_FLAG_RFC2253 + OPENSSL_MODULES_DIR XN_FLAG_SEP_COMMA_PLUS + OPENSSL_PLATFORM XN_FLAG_SEP_CPLUS_SPC + OPENSSL_VERSION XN_FLAG_SEP_MASK + OPENSSL_VERSION_MAJOR XN_FLAG_SEP_MULTILINE + OPENSSL_VERSION_MINOR XN_FLAG_SEP_SPLUS_SPC + OPENSSL_VERSION_NUMBER XN_FLAG_SPC_EQ + OPENSSL_VERSION_PATCH + +=for end_constants + +=head2 INTERNAL ONLY functions (do not use these) + +The following functions are not intended for use from outside of L module. +They might be removed, renamed or changed without prior notice in future version. + +Simply B! + +=over + +=item * hello + +=item * blength + +=item * constant + +=back + +=head1 EXAMPLES + +One very good example to look at is the implementation of C in the +C file. + +The following is a simple SSLeay client (with too little error checking :-( + + #!/usr/bin/perl + use Socket; + use Net::SSLeay qw(die_now die_if_ssl_error) ; + Net::SSLeay::load_error_strings(); + Net::SSLeay::SSLeay_add_ssl_algorithms(); + Net::SSLeay::randomize(); + + ($dest_serv, $port, $msg) = @ARGV; # Read command line + $port = getservbyname ($port, 'tcp') unless $port =~ /^\d+$/; + $dest_ip = gethostbyname ($dest_serv); + $dest_serv_params = sockaddr_in($port, $dest_ip); + + socket (S, &AF_INET, &SOCK_STREAM, 0) or die "socket: $!"; + connect (S, $dest_serv_params) or die "connect: $!"; + select (S); $| = 1; select (STDOUT); # Eliminate STDIO buffering + + # The network connection is now open, lets fire up SSL + + $ctx = Net::SSLeay::CTX_new() or die_now("Failed to create SSL_CTX $!"); + Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL) + or die_if_ssl_error("ssl ctx set options"); + $ssl = Net::SSLeay::new($ctx) or die_now("Failed to create SSL $!"); + Net::SSLeay::set_fd($ssl, fileno(S)); # Must use fileno + $res = Net::SSLeay::connect($ssl) and die_if_ssl_error("ssl connect"); + print "Cipher `" . Net::SSLeay::get_cipher($ssl) . "'\n"; + + # Exchange data + + $res = Net::SSLeay::write($ssl, $msg); # Perl knows how long $msg is + die_if_ssl_error("ssl write"); + CORE::shutdown S, 1; # Half close --> No more output, sends EOF to server + $got = Net::SSLeay::read($ssl); # Perl returns undef on failure + die_if_ssl_error("ssl read"); + print $got; + + Net::SSLeay::free ($ssl); # Tear down connection + Net::SSLeay::CTX_free ($ctx); + close S; + +The following is a simple SSLeay echo server (non forking): + + #!/usr/bin/perl -w + use Socket; + use Net::SSLeay qw(die_now die_if_ssl_error); + Net::SSLeay::load_error_strings(); + Net::SSLeay::SSLeay_add_ssl_algorithms(); + Net::SSLeay::randomize(); + + $our_ip = "\0\0\0\0"; # Bind to all interfaces + $port = 1235; + $sockaddr_template = 'S n a4 x8'; + $our_serv_params = pack ($sockaddr_template, &AF_INET, $port, $our_ip); + + socket (S, &AF_INET, &SOCK_STREAM, 0) or die "socket: $!"; + bind (S, $our_serv_params) or die "bind: $!"; + listen (S, 5) or die "listen: $!"; + $ctx = Net::SSLeay::CTX_new () or die_now("CTX_new ($ctx): $!"); + Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL) + or die_if_ssl_error("ssl ctx set options"); + + # Following will ask password unless private key is not encrypted + Net::SSLeay::CTX_use_RSAPrivateKey_file ($ctx, 'plain-rsa.pem', + &Net::SSLeay::FILETYPE_PEM); + die_if_ssl_error("private key"); + Net::SSLeay::CTX_use_certificate_file ($ctx, 'plain-cert.pem', + &Net::SSLeay::FILETYPE_PEM); + die_if_ssl_error("certificate"); + + while (1) { + print "Accepting connections...\n"; + ($addr = accept (NS, S)) or die "accept: $!"; + select (NS); $| = 1; select (STDOUT); # Piping hot! + + ($af,$client_port,$client_ip) = unpack($sockaddr_template,$addr); + @inetaddr = unpack('C4',$client_ip); + print "$af connection from " . + join ('.', @inetaddr) . ":$client_port\n"; + + # We now have a network connection, lets fire up SSLeay... + + $ssl = Net::SSLeay::new($ctx) or die_now("SSL_new ($ssl): $!"); + Net::SSLeay::set_fd($ssl, fileno(NS)); + + $err = Net::SSLeay::accept($ssl) and die_if_ssl_error('ssl accept'); + print "Cipher `" . Net::SSLeay::get_cipher($ssl) . "'\n"; + + # Connected. Exchange some data. + + $got = Net::SSLeay::read($ssl); # Returns undef on fail + die_if_ssl_error("ssl read"); + print "Got `$got' (" . length ($got) . " chars)\n"; + + Net::SSLeay::write ($ssl, uc ($got)) or die "write: $!"; + die_if_ssl_error("ssl write"); + + Net::SSLeay::free ($ssl); # Tear down connection + close NS; + } + +Yet another echo server. This one runs from C so it avoids +all the socket code overhead. Only caveat is opening an rsa key file - +it had better be without any encryption or else it will not know where +to ask for the password. Note how C and C are wired to SSL. + + #!/usr/bin/perl + # /etc/inetd.conf + # ssltst stream tcp nowait root /path/to/server.pl server.pl + # /etc/services + # ssltst 1234/tcp + + use Net::SSLeay qw(die_now die_if_ssl_error); + Net::SSLeay::load_error_strings(); + Net::SSLeay::SSLeay_add_ssl_algorithms(); + Net::SSLeay::randomize(); + + chdir '/key/dir' or die "chdir: $!"; + $| = 1; # Piping hot! + open LOG, ">>/dev/console" or die "Can't open log file $!"; + select LOG; print "server.pl started\n"; + + $ctx = Net::SSLeay::CTX_new() or die_now "CTX_new ($ctx) ($!)"; + $ssl = Net::SSLeay::new($ctx) or die_now "new ($ssl) ($!)"; + Net::SSLeay::set_options($ssl, &Net::SSLeay::OP_ALL) + and die_if_ssl_error("ssl set options"); + + # We get already open network connection from inetd, now we just + # need to attach SSLeay to STDIN and STDOUT + Net::SSLeay::set_rfd($ssl, fileno(STDIN)); + Net::SSLeay::set_wfd($ssl, fileno(STDOUT)); + + Net::SSLeay::use_RSAPrivateKey_file ($ssl, 'plain-rsa.pem', + Net::SSLeay::FILETYPE_PEM); + die_if_ssl_error("private key"); + Net::SSLeay::use_certificate_file ($ssl, 'plain-cert.pem', + Net::SSLeay::FILETYPE_PEM); + die_if_ssl_error("certificate"); + + Net::SSLeay::accept($ssl) and die_if_ssl_err("ssl accept: $!"); + print "Cipher `" . Net::SSLeay::get_cipher($ssl) . "'\n"; + + $got = Net::SSLeay::read($ssl); + die_if_ssl_error("ssl read"); + print "Got `$got' (" . length ($got) . " chars)\n"; + + Net::SSLeay::write ($ssl, uc($got)) or die "write: $!"; + die_if_ssl_error("ssl write"); + + Net::SSLeay::free ($ssl); # Tear down the connection + Net::SSLeay::CTX_free ($ctx); + close LOG; + +There are also a number of example/test programs in the examples directory: + + sslecho.pl - A simple server, not unlike the one above + minicli.pl - Implements a client using low level SSLeay routines + sslcat.pl - Demonstrates using high level sslcat utility function + get_page.pl - Is a utility for getting html pages from secure servers + callback.pl - Demonstrates certificate verification and callback usage + stdio_bulk.pl - Does SSL over Unix pipes + ssl-inetd-serv.pl - SSL server that can be invoked from inetd.conf + httpd-proxy-snif.pl - Utility that allows you to see how a browser + sends https request to given server and what reply + it gets back (very educative :-) + makecert.pl - Creates a self signed cert (does not use this module) + +=head1 INSTALLATION + +See README and README.* in the distribution directory for installation guidance on a variety of platforms. + +=head1 LIMITATIONS + +C uses an internal buffer of 32KB, thus no single read +will return more. In practice one read returns much less, usually +as much as fits in one network packet. To work around this, +you should use a loop like this: + + $reply = ''; + while ($got = Net::SSLeay::read($ssl)) { + last if print_errs('SSL_read'); + $reply .= $got; + } + +Although there is no built-in limit in C, the network +packet size limitation applies here as well, thus use: + + $written = 0; + + while ($written < length($message)) { + $written += Net::SSLeay::write($ssl, substr($message, $written)); + last if print_errs('SSL_write'); + } + +Or alternatively you can just use the following convenience functions: + + Net::SSLeay::ssl_write_all($ssl, $message) or die "ssl write failure"; + $got = Net::SSLeay::ssl_read_all($ssl) or die "ssl read failure"; + +=head1 KNOWN BUGS AND CAVEATS + +LibreSSL versions in the 3.1 - 3.3 series contain a TLS 1.3 implementation that +is not fully compatible with the libssl API, but is still advertised during +protocol auto-negotiation. If you encounter problems or unexpected behaviour +with SSL or SSL_CTX objects whose protocol version was automatically negotiated +and libssl is provided by any of these versions of LibreSSL, it could be because +the peers negotiated to use TLS 1.3 - try setting the maximum protocol version +to TLS 1.2 (via C or +C) before establishing the connection. +The first stable LibreSSL version with a fully libssl-compatible TLS 1.3 +implementation is 3.4.1. + +An OpenSSL bug CVE-2015-0290 "OpenSSL Multiblock Corrupted Pointer Issue" +can cause POST requests of over 90kB to fail or crash. This bug is reported to be fixed in +OpenSSL 1.0.2a. + +Autoloader emits a + + Argument "xxx" isn't numeric in entersub at blib/lib/Net/SSLeay.pm' + +warning if die_if_ssl_error is made autoloadable. If you figure out why, +drop me a line. + +Callback set using C does not appear to work. This may +well be an openssl problem (e.g. see C line 1029). Try using +C instead and do not be surprised if even this stops +working in future versions. + +Callback and certificate verification stuff is generally too little tested. + +Random numbers are not initialized randomly enough, especially if you +do not have C and/or C (such as in Solaris +platforms - but it's been suggested that cryptorand daemon from the SUNski +package solves this). In this case you should investigate third party +software that can emulate these devices, e.g. by way of a named pipe +to some program. + +Another gotcha with random number initialization is randomness +depletion. This phenomenon, which has been extensively discussed in +OpenSSL, Apache-SSL, and Apache-mod_ssl forums, can cause your +script to block if you use C or to operate insecurely +if you use C. What happens is that when too much +randomness is drawn from the operating system's randomness pool +then randomness can temporarily be unavailable. C solves +this problem by waiting until enough randomness can be gathered - and +this can take a long time since blocking reduces activity in the +machine and less activity provides less random events: a vicious circle. +C solves this dilemma more pragmatically by simply returning +predictable "random" numbers. SomeC< /dev/urandom> emulation software +however actually seems to implement C semantics. Caveat emptor. + +I've been pointed to two such daemons by Mik Firestone +who has used them on Solaris 8: + +=over + +=item 1 + +Entropy Gathering Daemon (EGD) at L + +=item 2 + +Pseudo-random number generating daemon (PRNGD) at +L + +=back + +If you are using the low level API functions to communicate with other +SSL implementations, you would do well to call + + Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL) + or die_if_ssl_error("ssl ctx set options"); + +to cope with some well know bugs in some other SSL +implementations. The high level API functions always set all known +compatibility options. + +Sometimes C (and the high level HTTPS functions that build on it) +is too fast in signaling the EOF to legacy HTTPS servers. This causes +the server to return empty page. To work around this problem you can +set the global variable + + $Net::SSLeay::slowly = 1; # Add sleep so broken servers can keep up + +HTTP/1.1 is not supported. Specifically this module does not know to +issue or serve multiple http requests per connection. This is a serious +shortcoming, but using the SSL session cache on your server helps to +alleviate the CPU load somewhat. + +As of version 1.09 many newer OpenSSL auxiliary functions were +added (from C onwards in C). +Unfortunately I have not had any opportunity to test these. Some of +them are trivial enough that I believe they "just work", but others +have rather complex interfaces with function pointers and all. In these +cases you should proceed wit great caution. + +This module defaults to using OpenSSL automatic protocol negotiation +code for automatically detecting the version of the SSL/TLS protocol +that the other end talks. With most web servers this works just +fine, but once in a while I get complaints from people that the module +does not work with some web servers. Usually this can be solved +by explicitly setting the protocol version, e.g. + + $Net::SSLeay::ssl_version = 2; # Insist on SSLv2 + $Net::SSLeay::ssl_version = 3; # Insist on SSLv3 + $Net::SSLeay::ssl_version = 10; # Insist on TLSv1 + $Net::SSLeay::ssl_version = 11; # Insist on TLSv1.1 + $Net::SSLeay::ssl_version = 12; # Insist on TLSv1.2 + $Net::SSLeay::ssl_version = 13; # Insist on TLSv1.3 + +Although the autonegotiation is nice to have, the SSL standards +do not formally specify any such mechanism. Most of the world has +accepted the SSLeay/OpenSSL way of doing it as the de facto standard. But +for the few that think differently, you have to explicitly speak +the correct version. This is not really a bug, but rather a deficiency +in the standards. If a site refuses to respond or sends back some +nonsensical error codes (at the SSL handshake level), try this option +before mailing me. + +On some systems, OpenSSL may be compiled without support for SSLv2. +If this is the case, Net::SSLeay will warn if ssl_version has been set +to 2. + +The high level API returns the certificate of the peer, thus allowing +one to check what certificate was supplied. However, you will only be +able to check the certificate after the fact, i.e. you already sent +your form data by the time you find out that you did not trust them, +oops. + +So, while being able to know the certificate after the fact is surely +useful, the security minded would still choose to do the connection +and certificate verification first and only then exchange data +with the site. Currently none of the high level API functions do +this, thus you would have to program it using the low level API. A +good place to start is to see how the C function +is implemented. + +The high level API functions use a global file handle C +internally. This really should not be a problem because there is no +way to interleave the high level API functions, unless you use threads +(but threads are not very well supported in perl anyway). However, you +may run into problems if you call undocumented internal functions in an +interleaved fashion. The best solution is to "require Net::SSLeay" in +one thread after all the threads have been created. + +=head1 DIAGNOSTICS + +=over + +=item Random number generator not seeded!!! + +B<(W)> This warning indicates that C was not able to read +C or C, possibly because your system does not +have them or they are differently named. You can still use SSL, but +the encryption will not be as strong. + +=item open_tcp_connection: destination host not found:`server' (port 123) ($!) + +Name lookup for host named C failed. + +=item open_tcp_connection: failed `server', 123 ($!) + +The name was resolved, but establishing the TCP connection failed. + +=item msg 123: 1 - error:140770F8:SSL routines:SSL23_GET_SERVER_HELLO:unknown proto + +SSLeay error string. The first number (123) is the PID, the second number +(1) indicates the position of the error message in SSLeay error stack. +You often see a pile of these messages as errors cascade. + +=item msg 123: 1 - error:02001002::lib(2) :func(1) :reason(2) + +The same as above, but you didn't call load_error_strings() so SSLeay +couldn't verbosely explain the error. You can still find out what it +means with this command: + + /usr/local/ssl/bin/ssleay errstr 02001002 + +=item Password is being asked for private key + +This is normal behaviour if your private key is encrypted. Either +you have to supply the password or you have to use an unencrypted +private key. Scan OpenSSL.org for the FAQ that explains how to +do this (or just study examples/makecert.pl which is used +during C to do just that). + +=back + +=head1 SECURITY + +You can mitigate some of the security vulnerabilities that might be present in your SSL/TLS application: + + +=head2 BEAST Attack + +http://blogs.cisco.com/security/beat-the-beast-with-tls/ +https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls +http://blog.zoller.lu/2011/09/beast-summary-tls-cbc-countermeasures.html + +The BEAST attack relies on a weakness in the way CBC mode is used in SSL/TLS. +In OpenSSL versions 0.9.6d and later, the protocol-level mitigation is enabled by default, +thus making it not vulnerable to the BEAST attack. + +Solutions: + +=over + +=item * Compile with OpenSSL versions 0.9.6d or later, which enables SSL_OP_ALL by default + +=item * Ensure SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS is not enabled (its not enabled by default) + +=item * Don't support SSLv2, SSLv3 + +=item * Actively control the ciphers your server supports with set_cipher_list: + +=back + +Net::SSLeay::set_cipher_list($ssl, 'RC4-SHA:HIGH:!ADH'); + + +=head2 Session Resumption + +http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html + +The SSL Labs vulnerability test on your SSL server might report in red: + +Session resumption No (IDs assigned but not accepted) + +This report is not really bug or a vulnerability, since the server will not +accept session resumption requests. +However, you can prevent this noise in the report by disabling the session cache altogether: +Net::SSLeay::CTX_set_session_cache_mode($ssl_ctx, Net::SSLeay::SESS_CACHE_OFF()); +Use 0 if you don't have SESS_CACHE_OFF constant. + + +=head2 Secure Renegotiation and DoS Attack + +https://community.qualys.com/blogs/securitylabs/2011/10/31/tls-renegotiation-and-denial-of-service-attacks + +This is not a "security flaw," it is more of a DoS vulnerability. + +Solutions: + +=over + +=item * Do not support SSLv2 + +=item * Do not set the SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION option + +=item * Compile with OpenSSL 0.9.8m or later + +=back + +=head1 BUGS + +If you encounter a problem with this module that you believe is a bug, please +L +in the Net-SSLeay GitHub repository. Please make sure your bug report includes +the following information: + +=over + +=item * the code you are trying to run; + +=item * your operating system name and version; + +=item * the output of C; + +=item * the version of OpenSSL or LibreSSL you are using. + +=back + +=head1 AUTHOR + +Originally written by Sampo Kellomäki. + +Maintained by Florian Ragwitz between November 2005 and January 2010. + +Maintained by Mike McCauley between November 2005 and June 2018. + +Maintained by Chris Novakovic, Tuure Vartiainen and Heikki Vatiainen since June 2018. + +=head1 COPYRIGHT + +Copyright (c) 1996-2003 Sampo Kellomäki + +Copyright (c) 2005-2010 Florian Ragwitz + +Copyright (c) 2005-2018 Mike McCauley + +Copyright (c) 2018- Chris Novakovic + +Copyright (c) 2018- Tuure Vartiainen + +Copyright (c) 2018- Heikki Vatiainen + +All rights reserved. + +=head1 LICENSE + +This module is released under the terms of the Artistic License 2.0. For +details, see the C file distributed with Net-SSLeay's source code. + +=head1 SEE ALSO + + Net::SSLeay::Handle - File handle interface + ./examples - Example servers and a clients + - OpenSSL source, documentation, etc + openssl-users-request@openssl.org - General OpenSSL mailing list + - TLS 1.0 specification + - HTTP specifications + - How to send password + - Entropy Gathering Daemon (EGD) + + - pseudo-random number generating daemon (PRNGD) + perl(1) + perlref(1) + perllol(1) + perldoc ~openssl/doc/ssl/SSL_CTX_set_verify.pod diff --git a/cpan/Net-SSLeay/lib/Net/SSLeay/Handle.pm b/cpan/Net-SSLeay/lib/Net/SSLeay/Handle.pm new file mode 100644 index 000000000000..036b10a6c0fb --- /dev/null +++ b/cpan/Net-SSLeay/lib/Net/SSLeay/Handle.pm @@ -0,0 +1,409 @@ +package Net::SSLeay::Handle; + +use 5.8.1; + +use strict; + +use Socket; +use Net::SSLeay; + +require Exporter; + +=encoding utf-8 + +=head1 NAME + +Net::SSLeay::Handle - Perl module that lets SSL (HTTPS) sockets be +handled as standard file handles. + +=head1 SYNOPSIS + + use Net::SSLeay::Handle qw/shutdown/; + my ($host, $port) = ("localhost", 443); + + tie(*SSL, "Net::SSLeay::Handle", $host, $port); + + print SSL "GET / HTTP/1.0\r\n"; + shutdown(\*SSL, 1); + print while (); + close SSL; + +=head1 DESCRIPTION + +Net::SSLeay::Handle allows you to request and receive HTTPS web pages +using "old-fashion" file handles as in: + + print SSL "GET / HTTP/1.0\r\n"; + +and + + print while (); + +If you export the shutdown routine, then the only extra code that +you need to add to your program is the tie function as in: + + my $socket; + if ($scheme eq "https") { + tie(*S2, "Net::SSLeay::Handle", $host, $port); + $socket = \*S2; + else { + $socket = Net::SSLeay::Handle->make_socket($host, $port); + } + print $socket $request_headers; + ... + +=cut + +use vars qw(@ISA @EXPORT_OK $VERSION); +@ISA = qw(Exporter); +@EXPORT_OK = qw(shutdown); +$VERSION = '1.92'; + +my $Initialized; #-- only _initialize() once +my $Debug = 0; #-- pretty hokey + +#== Tie Handle Methods ======================================================== +# +# see perldoc perltie for details. +# +#============================================================================== + +sub TIEHANDLE { + my ($class, $socket, $port) = @_; + $Debug > 10 and print "TIEHANDLE(@{[join ', ', @_]})\n"; + + ref $socket eq "GLOB" or $socket = $class->make_socket($socket, $port); + + $class->_initialize(); + + my $ctx = Net::SSLeay::CTX_new() or die_now("Failed to create SSL_CTX $!"); + my $ssl = Net::SSLeay::new($ctx) or die_now("Failed to create SSL $!"); + + my $fileno = fileno($socket); + + Net::SSLeay::set_fd($ssl, $fileno); # Must use fileno + + my $resp = Net::SSLeay::connect($ssl); + + $Debug and print "Cipher '" . Net::SSLeay::get_cipher($ssl) . "'\n"; + + my $self = bless { + ssl => $ssl, + ctx => $ctx, + socket => $socket, + fileno => $fileno, + }, $class; + + return $self; +} + +sub PRINT { + my $self = shift; + + my $ssl = _get_ssl($self); + my $resp = 0; + for my $msg (@_) { + defined $msg or last; + $resp = Net::SSLeay::write($ssl, $msg) or last; + } + return $resp; +} + +sub READLINE { + my $self = shift; + my $ssl = _get_ssl($self); + if (wantarray) { + my @lines; + while (my $line = Net::SSLeay::ssl_read_until($ssl)) { + push @lines, $line; + } + return @lines; + } else { + my $line = Net::SSLeay::ssl_read_until($ssl); + return $line ? $line : undef; + } +} + +sub READ { + my ($self, $buf, $len, $offset) = \ (@_); + my $ssl = _get_ssl($$self); + defined($$offset) or + return length($$buf = Net::SSLeay::ssl_read_all($ssl, $$len)); + + defined(my $read = Net::SSLeay::ssl_read_all($ssl, $$len)) + or return undef; + + my $buf_len = length($$buf); + $$offset > $buf_len and $$buf .= chr(0) x ($$offset - $buf_len); + substr($$buf, $$offset) = $read; + return length($read); +} + +sub WRITE { + my $self = shift; + my ($buf, $len, $offset) = @_; + $offset = 0 unless defined $offset; + + # Return number of characters written. + my $ssl = $self->_get_ssl(); + return $len if Net::SSLeay::write($ssl, substr($buf, $offset, $len)); + return undef; +} + +sub CLOSE { + my $self = shift; + my $fileno = $self->{fileno}; + $Debug > 10 and print "close($fileno)\n"; + Net::SSLeay::free ($self->{ssl}); + Net::SSLeay::CTX_free ($self->{ctx}); + close $self->{socket}; +} + +sub FILENO { $_[0]->{fileno} } + + +=head1 FUNCTIONS + +=over + +=item shutdown + + shutdown(\*SOCKET, $mode) + +Calls to the main shutdown() don't work with tied sockets created with this +module. This shutdown should be able to distinquish between tied and untied +sockets and do the right thing. + +=cut + +sub shutdown { + my ($obj, @params) = @_; + + my $socket = UNIVERSAL::isa($obj, 'Net::SSLeay::Handle') ? + $obj->{socket} : $obj; + return shutdown($socket, @params); +} + +=item debug + + my $debug = Net::SSLeay::Handle->debug() + Net::SSLeay::Handle->debug(1) + +Get/set debugging mode. Always returns the debug value before the function call. +if an additional argument is given the debug option will be set to this value. + +=cut + +sub debug { + my ($class, $debug) = @_; + my $old_debug = $Debug; + @_ >1 and $Debug = $debug || 0; + return $old_debug; +} + +#=== Internal Methods ========================================================= + +=item make_socket + + my $sock = Net::SSLeay::Handle->make_socket($host, $port); + +Creates a socket that is connected to $post using $port. It uses +$Net::SSLeay::proxyhost and proxyport if set and authentificates itself against +this proxy depending on $Net::SSLeay::proxyauth. It also turns autoflush on for +the created socket. + +=cut + +sub make_socket { + my ($class, $host, $port) = @_; + $Debug > 10 and print "_make_socket(@{[join ', ', @_]})\n"; + $host ||= 'localhost'; + $port ||= 443; + + my $phost = $Net::SSLeay::proxyhost; + my $pport = $Net::SSLeay::proxyhost ? $Net::SSLeay::proxyport : $port; + + my $dest_ip = gethostbyname($phost || $host); + my $host_params = sockaddr_in($pport, $dest_ip); + + socket(my $socket, &PF_INET(), &SOCK_STREAM(), 0) or die "socket: $!"; + connect($socket, $host_params) or die "connect: $!"; + + my $old_select = select($socket); $| = 1; select($old_select); + $phost and do { + my $auth = $Net::SSLeay::proxyauth; + my $CRLF = $Net::SSLeay::CRLF; + print $socket "CONNECT $host:$port HTTP/1.0$auth$CRLF$CRLF"; + my $line = <$socket>; + }; + return $socket; +} + +=back + +=cut + +sub _initialize { + $Initialized++ and return; + Net::SSLeay::load_error_strings(); + Net::SSLeay::SSLeay_add_ssl_algorithms(); + Net::SSLeay::randomize(); +} + +sub __dummy { + my $host = $Net::SSLeay::proxyhost; + my $port = $Net::SSLeay::proxyport; + my $auth = $Net::SSLeay::proxyauth; +} + +#--- _get_self($socket) ------------------------------------------------------- +# Returns a hash containing attributes for $socket (= \*SOMETHING) based +# on fileno($socket). Will return undef if $socket was not created here. +#------------------------------------------------------------------------------ + +sub _get_self { return $_[0]; } + +#--- _get_ssl($socket) -------------------------------------------------------- +# Returns a the "ssl" attribute for $socket (= \*SOMETHING) based +# on fileno($socket). Will cause a warning and return undef if $socket was not +# created here. +#------------------------------------------------------------------------------ + +sub _get_ssl { + return $_[0]->{ssl}; +} + +1; + +__END__ + +=head2 USING EXISTING SOCKETS + +One of the motivations for writing this module was to avoid +duplicating socket creation code (which is mostly error handling). +The calls to tie() above where it is passed a $host and $port is +provided for convenience testing. If you already have a socket +connected to the right host and port, S1, then you can do something +like: + + my $socket \*S1; + if ($scheme eq "https") { + tie(*S2, "Net::SSLeay::Handle", $socket); + $socket = \*S2; + } + my $last_sel = select($socket); $| = 1; select($last_sel); + print $socket $request_headers; + ... + +Note: As far as I know you must be careful with the globs in the tie() +function. The first parameter must be a glob (*SOMETHING) and the +last parameter must be a reference to a glob (\*SOMETHING_ELSE) or a +scaler that was assigned to a reference to a glob (as in the example +above) + +Also, the two globs must be different. When I tried to use the same +glob, I got a core dump. + +=head2 EXPORT + +None by default. + +You can export the shutdown() function. + +It is suggested that you do export shutdown() or use the fully +qualified Net::SSLeay::Handle::shutdown() function to shutdown SSL +sockets. It should be smart enough to distinguish between SSL and +non-SSL sockets and do the right thing. + +=head1 EXAMPLES + + use Net::SSLeay::Handle qw/shutdown/; + my ($host, $port) = ("localhost", 443); + + tie(*SSL, "Net::SSLeay::Handle", $host, $port); + + print SSL "GET / HTTP/1.0\r\n"; + shutdown(\*SSL, 1); + print while (); + close SSL; + +=head1 TODO + +Better error handling. Callback routine? + +=head1 CAVEATS + +Tying to a file handle is a little tricky (for me at least). + +The first parameter to tie() must be a glob (*SOMETHING) and the last +parameter must be a reference to a glob (\*SOMETHING_ELSE) or a scaler +that was assigned to a reference to a glob ($s = \*SOMETHING_ELSE). +Also, the two globs must be different. When I tried to use the same +glob, I got a core dump. + +I was able to associate attributes to globs created by this module +(like *SSL above) by making a hash of hashes keyed by the file head1. + +=head1 CHANGES + +Please see Net-SSLeay-Handle-0.50/Changes file. + +=head1 BUGS + +If you encounter a problem with this module that you believe is a bug, please +L +in the Net-SSLeay GitHub repository. Please make sure your bug report includes +the following information: + +=over + +=item * the code you are trying to run; + +=item * your operating system name and version; + +=item * the output of C; + +=item * the version of OpenSSL or LibreSSL you are using. + +=back + +=head1 AUTHOR + +Originally written by Jim Bowlin. + +Maintained by Sampo Kellomäki between July 2001 and August 2003. + +Maintained by Florian Ragwitz between November 2005 and January 2010. + +Maintained by Mike McCauley between November 2005 and June 2018. + +Maintained by Chris Novakovic, Tuure Vartiainen and Heikki Vatiainen since June 2018. + +=head1 COPYRIGHT + +Copyright (c) 2001 Jim Bowlin + +Copyright (c) 2001-2003 Sampo Kellomäki + +Copyright (c) 2005-2010 Florian Ragwitz + +Copyright (c) 2005-2018 Mike McCauley + +Copyright (c) 2018- Chris Novakovic + +Copyright (c) 2018- Tuure Vartiainen + +Copyright (c) 2018- Heikki Vatiainen + +All rights reserved. + +=head1 LICENSE + +This module is released under the terms of the Artistic License 2.0. For +details, see the C file distributed with Net-SSLeay's source code. + +=head1 SEE ALSO + +Net::SSLeay, perl(1), http://openssl.org/ + +=cut diff --git a/cpan/Net-SSLeay/t/data/binary-test.file b/cpan/Net-SSLeay/t/data/binary-test.file new file mode 100644 index 0000000000000000000000000000000000000000..119cecc8c35b4e0aa8f44c0114775e497548b142 GIT binary patch literal 5000 zcmV;36L;)lzdVHFl2v;NWRG#2)0sdYPEq2}GjZ(-kKJJ`Trn7J zD!iNRJKDGmg~@6$(^@=AQ*>|b} zR7$@ukuR!ap8=Wl$b-t_=jf&_#eQ4S{=*c)P_b2&ak4((5AIBJ)50|@=RStC-( z`m!aO$O`4Yz9UB(&c$Xk@heNnzgn7AT=xXk+D&$4j-?7vv%nc@rT-L;DKs*7x_vq~ zfJ~+h>KvYmlKe|0?Xn{TI|awm@IwhMk{Q+`GUU@`cg$cd6IJLV1bEwB=d}&_;q~cE zl)tK#pn;^_mWfOq!3shyw>_86lxEqPPUlw=K8g2iPL=+7D0n$3&#TbE-6vF@CX8ly z_JbVf?WuLz<$qnzp4F3kpTKQl{;>+6x;F8CW#A zH7~JzB-71=qa3kl4ITMh)X?Nf+5`yHF`SO#85raQsk+p~+M7cLzbRfT5JDJ~2h?P; zBJv_Eu#*=;2m^aSL6hLY>xi_%gpYW6S?OUgEC(8JdFNRWtpI3`%LTzMwwzxCf2^2O z(uk=pouocY`IHx&Bj09IfbAQIiV>5}JYahcLU%GJ&{zb->41wmZ~hoCFf6vQ_iZI36iL6aj6+$X$?+LdjYKbwYd=QZ2HE=9tJX1KB^8x16U>gk>)Tv} zRX#dM%@Yhfzr3z47cPLGgW!m}zdMwF4lS6k`CXzg-RBJnw)_j*k*?3FKHihB)^ z?vx<~HtfBIu#N_HA9+l~_m3Phv~B$`gV({IMUFOR{qbs30mckW4vV1&!9HReXoz_ zkhY?BDmZL@AemJ9$Pw-k9_kOR$~uatoj2BIdg@dnfedMU?u1e{U_A_IAPNqXjsbEx zk?jLQv79tn$X$c6Q|Si|!*((J4&^9er8uWN{9c)}zI^pN1AHdovvBF^N_r-@g@wB_ zB(#OLx%87>=Bb43mesZQ0wd*J7Timw-8mvSuq%+IH{)p$tv6YNInSuwAC_(*Yg<6R zhCTlKWalPbuAW862dQMyUFQ7F9#e+GF z-h$fi|6?;pC(%B6%Vx7JB|K0?D`s%FaAme*xkxPyKS&*P zeC;h*{}rBp8Hqat`1^fC_W!iwB(bV+{}2EVN}^-eMK^dDZRs9#5?H+s!RLM|6U6GE&_$~E)iXIFbMTJR%G!HXg|)?2d&DhoIu;9N5(LL+Lqt#g^Kl;`@gg<~2$ zjIUHd9o1@5v`@p=+Lm34f5bzmZ;eY|H;4=r&zL+Oc|0b|?h%fT(1)jdP}(pUXc6*H zgptdfHgq)_84Or|(ml;KRG@XWrO$+a$c)+JNM%d{+)*dOm@8mIht)1Xn>5y1E@`f| z_DTlg3tQ*_DAxMmSb+iktS$cPqI9q~DZxl88)D${#OB-#w8B>w?ZZyu4~|K|94GZ-cL5|qhp*6p?$UQ=)~!84}4rSo*m8vj~v#d(e@f0mA`Jn%TX)a27O&u{UYlJ3fWxQs0=I$O37T+jA z2!gFvP>xDn!@Ww3rR5^n+PYjc_Xq_yJh>=J)1JIN22Eu zt7ir%%C-mCqVG?l%~N&0YzY|n^XrPAO7S#<%79JKkmww5i(ffECj3drMwfj?D#?wa zBQu2M>+9NiMr&7|O2s7SP6ev@Uh19Iw>5^8?{ix&`I+OeAVzV!1Eu|u>(Y?27SCyw zV3nU|f@XN(8*e+Io}60FI#50En6(&UQv|f40EF^P#U^wg9H0)qvG2!t%ql!UyXf2a zGlNt-@|=qzn>hkQw+xdv91bq^Nog6wP4Hw`ttb3!It}WFt-DJmOyN8?@ZVvcobx}c z``z^pbFNN#rM6M?tZdZRojn*6TJ}bw8boGkQ8%=m-h5O@lHE^tQ}Mt~Wd3x{=rN9h z>m9o?I(j1ecMpIp>b~Qpq8VIc{hSAVA94KA%$sT$YT`k42Xt0+Bn^^$Agt1xK4 z^Z_GJL9op!aB^>~U{qdE6?!{fan`#jHfHkp7{jCpkASxSws+N_FvF&@7B_*U*ut^J zCxjn39BSCd?LY^QmiW0_h9&&G$^#q*RhhWgMI?F+n`rD;DN1Y^3)`T=%MWFkl=o4FDwqDL(jHY5V}wyB>_=z~dFt-hzJA!M8+DEe zRVVOd?divnZxU`ViRAhCd+*4&!GCze`+-8c{;7jmL3Jl&m91f);)iO0u z{f`X$q4^FH^{) z1*e2`zwX9(ra!d&$?}vL(-TA6fqBcb;T0I>jm}6WFGk_v9al35<&G)Fi73!Kj*^9a zpA?sO^jzZ$03WjQFR?EBz#i@C8!#CG4_KP#5S&Jyc8ojVei*6YW%o zS(QSjK_FrVMqq=Y@JjcZJ~4>w1Q;;9yuflL`{(Kzs42?*WYZ6hCk-%eRKHDX7UCWv zAUrKQ^qx`#=ix2j8)8z9_Lt(b^17dAMf+KUB|oz4HoA{ED(41o2H=~N-rOQ0ImnuK zCdv_YT+A7a{~Y$B{7>Z^tDd9<6NdP_^_sNVP!#}KcbSi=%!|8Br852{4%Mj4DFaJ$ z{`!TqtyWNtMv4O1(zS4Sde&TpvMa4~eiM%IM;|<20Kg9@t2r5hat6@CcP(ohhgO0* zO2>~xKqn^=2cGwr9Yz_Fx)(jx`SxoAI(@K)&24W+2FbM)OH2M(3dkI=k2|-u0AzD z_fDL3<1xUQQfs@}r>rCNhP0p`2o3A^Mx7@(_!dQSvT#m`XV%S0Nh4Kcybyi7Ci-Nw= zsV`n{q`h8NS zu&eR}REfINSysV|^x&dk`QF8o0trR~^q)f`PakNYW%q zBoMJ;R4PFNAAhuJkZx(^<2++@18gY=jowop_6*~ATv2mJ{9EX>;h4lkA|EFB z*yvQI&{}8Owv(XdqksB^wB#{g-jg!7K<+A^V#faMBsk0{88d;1dQWcpik5juT72uq zNwO?m8K%S}y94?2!P(H@XRa0huH)i;-nvog$8sRlzKZVe*bJ(zL5hznQbqWuv?84;R>BnnSqw;2d!% zqqV*BzINr^`o}%qgC;nv<+rzCjTvRYIXyiA8w+LOMAT6Rpd9x=YMF_U)X(_JjImiX z&QO?vUlwM1$!76);|@H?k_=oMR8)MJJI)c*g`2z^4I^dZa_Wn`DYGXsbkMm_G4F4bBZStSrdFc3>M66`30eTa z9RGL5lElf2r{tOMJ5bEKaO+~w)~txU}Ilz=J*>9H#OLt&7F$g+b$h*2ak~lzd57#-e^zvpx%7 z3nGBUmv!>sTczZrtwSToD$y_fi1DSBn;u%vRSk|MqQUl!mY0tcL=x( z1o)o#5W0N}I{!ww-}_nxLlglWhGG~LR4cs83%hAS4Rz}gRA?0}ZxY32*Te7y@Vy2w zAJJKB4y01cANS)pQ_AO})Gp7Rvt`0zVtr5?JdoaK2?}FDM=GNW{a&Kdd5DZHo&m+4 z&aRv&Mog3cp&dweVu9@4SLA^r+*1a+C^vk03KPBBXH|rZ0WE|H<}<(5 z!!dH)n@v(>vW28NhUyP{AyO%5<8tU(oG~hK!DZ6SAWjhdJ}pj#6fD%QyH&7bI7-V_ z?j|sOT!9t&-=YQmsVDy&t2CC;`OlPswhW-5^KIprZAJ+%P*X~h5Z^`+Dg_tlc&@TQ zn$xe3zx912AMVMiuuvG*dq@w9hmke((l^&Eh6%k3F6Z=PB_dvEjHn+#PjS3a%Bidw z()hegJ3V0_$}uU7W9tLs61D>pC{H3h>ls@K4pFx55DDsS4xMy00UWM;a4AIqE#N2wgFE=1n^q3xiUC}+Rp{O4t$l?vyjk2QJho_>lQ zwyp4N2q)}jyz&k>1b;L9dDxi9qu;FlsDWDwbj;BzZh-VGWQ$21!U5(mE&IggteFte Sk=yc&QN-g4?jrd|I)?y=4Y<<) literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/extended-cert.cert.der b/cpan/Net-SSLeay/t/data/extended-cert.cert.der new file mode 100644 index 0000000000000000000000000000000000000000..3c85968b6e1d429610bd2aeb1d695797f0882be0 GIT binary patch literal 1913 zcmXqLVlOplVvAqE%*4n9L_C*_cCF*o2t^d<=yR1VJ1w z9xlJs65ZfnpVY)km>@R~S4e7ci9&E`W=X1{gn<}HB{L7dXI@EaQEqBVW@1UIg0rK6 zoH(zMfq@|qfIn8UTQ^RZb43}A)f&c zNRoqxHMj)m6hlD+euxV>yz(>h6kPIC4S9i{2P$C|W-&A}Hi4;N=i%_lPfpCqEU7f) zG2jBJ;NfBREz*Oj*WzIT83A*(HV>1Ri=nuIC`hFv4)`s<=mOi8HgokUMt^EFB9nx3rexO;kb6wm8LSEj~9 z)Hmz;`(NJ>lM}kf^W1_6|03O*+d?i?NAXb)tRx8H||@3XN{CiCaqNGgKvd9`ej7ng zrvG!8h4%5KE}XD$KIgC0KkV@ek;1#5?p{&1;l$*6yV*r<*A_1|anMq>3UIo(wr$0I zgAd9r%~or#-Z{b%-f+ffl5p?3JB;T~O>Td$Ue9cNB>QZ``~T}|rLz-Xb25H=xu$fX zW?MTGGb01z;wI+F22ITU292F;9NKJ*tgP&ej4ZVV)dp5Dz5!#KUPehtft9{~esXbv zUM5ls)lE*+!xHqiaJ@`zhETnk#l@wmMa9Humj@;VS!EVrrf3kkdfE3$EHVv;S)_Xj}#Ik|0atB7?^HjrhujHbtmkK;;Lp_`u@6CMn!La`tdscqii&Cus zi!DY5pFeM+x8}UGs5aite8W>w(s-tfm0VMi@!D_eZaX*}0YO4xrF z3x7II`LN>m?Jw=qbIn6KS0{d4AuSrXB5?7Rc?avSaW4L`fFs-GQF69-lbcNBMq|h4 z8<$Gwe_g$!`p1ng=X;*qv1Obb+I%-2ZbV036v?$J>TExP^vN_;yXxzU zVVd*&Rmrho^Cxfkc6QpTw`yIn|FRwm+9wo0oV@?3(5H3ZCFX_ft=;-RP*Kz4Y1aeR SDRG5z2lm-*%X%?M$PEB5`)4u$ literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/extended-cert.cert.dump b/cpan/Net-SSLeay/t/data/extended-cert.cert.dump new file mode 100644 index 000000000000..6ba8f78c31be --- /dev/null +++ b/cpan/Net-SSLeay/t/data/extended-cert.cert.dump @@ -0,0 +1,350 @@ + +# exported via command: perl examples/x509_cert_details.pl -dump -pem t/data/extended-cert.cert.pem > t/data/extended-cert.cert.pem_dump +# hashref dumped via Data::Dump +{ + cdp => [ + "http://intermediate-ca.net-ssleay.example/crl1.crl", + "http://intermediate-ca.net-ssleay.example/crl2.crl", + ], + certificate_type => 305, + digest_sha1 => { + pubkey => pack("H*","db74943bae1b9a5a4749fee47bc40dd18ca9f6bd"), + x509 => pack("H*","0e54235bc35990a1c68c5960a964ef3836082cc9"), + }, + extensions => { + count => 10, + entries => [ + { + critical => 0, + data => "OCSP - URI:http://ocsp.intermediate-ca.net-ssleay.example\nCA Issuers - URI:http://issuers.intermediate-ca.net-ssleay.example", + ln => "Authority Information Access", + nid => 177, + oid => "1.3.6.1.5.5.7.1.1", + sn => "authorityInfoAccess", + }, + { + critical => 0, + data => "D5:D3:4D:E4:59:B9:5C:75:F6:D9:72:F3:9B:DC:FB:EE:80:26:91:6F", + ln => "X509v3 Authority Key Identifier", + nid => 90, + oid => "2.5.29.35", + sn => "authorityKeyIdentifier", + }, + { + critical => 1, + data => "CA:FALSE", + ln => "X509v3 Basic Constraints", + nid => 87, + oid => "2.5.29.19", + sn => "basicConstraints", + }, + { + critical => 0, + data => "Policy: 1.2.3.4.5\nPolicy: 2.3.4.5.6", + ln => "X509v3 Certificate Policies", + nid => 89, + oid => "2.5.29.32", + sn => "certificatePolicies", + }, + { + critical => 0, + data => "Full Name:\n URI:http://intermediate-ca.net-ssleay.example/crl1.crl\nFull Name:\n URI:http://intermediate-ca.net-ssleay.example/crl2.crl", + ln => "X509v3 CRL Distribution Points", + nid => 103, + oid => "2.5.29.31", + sn => "crlDistributionPoints", + }, + { + critical => 1, + data => "TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection, Time Stamping, OCSP Signing, ipsec Internet Key Exchange, Microsoft Individual Code Signing, Microsoft Commercial Code Signing, Microsoft Trust List Signing, Microsoft Encrypted File System, 1.3.6.1.5.5.7.3.13, 1.3.6.1.5.5.7.3.14", + ln => "X509v3 Extended Key Usage", + nid => 126, + oid => "2.5.29.37", + sn => "extendedKeyUsage", + }, + { + critical => 0, + data => "email:intermediate-ca\@net-ssleay.example, URI:http://intermediate-ca.net-ssleay.example, DNS:intermediate-ca.net-ssleay.example, Registered ID:1.2.0.0, IP Address:192.168.0.1, IP Address:FD25:F814:AFB5:9873:0:0:0:1, othername: emailAddress::ica\@net-ssleay.example", + ln => "X509v3 Issuer Alternative Name", + nid => 86, + oid => "2.5.29.18", + sn => "issuerAltName", + }, + { + critical => 0, + data => "Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign, Decipher Only", + ln => "X509v3 Key Usage", + nid => 83, + oid => "2.5.29.15", + sn => "keyUsage", + }, + { + critical => 0, + data => "email:john.doe\@net-ssleay.example, URI:http://johndoe.net-ssleay.example, DNS:johndoe.net-ssleay.example, Registered ID:1.2.3.4, IP Address:192.168.0.2, IP Address:FD25:F814:AFB5:9873:0:0:0:2, othername: emailAddress::jd\@net-ssleay.example", + ln => "X509v3 Subject Alternative Name", + nid => 85, + oid => "2.5.29.17", + sn => "subjectAltName", + }, + { + critical => 0, + data => "DB:74:94:3B:AE:1B:9A:5A:47:49:FE:E4:7B:C4:0D:D1:8C:A9:F6:BD", + ln => "X509v3 Subject Key Identifier", + nid => 82, + oid => "2.5.29.14", + sn => "subjectKeyIdentifier", + }, + ], + }, + extkeyusage => { + ln => [ + "TLS Web Server Authentication", + "TLS Web Client Authentication", + "Code Signing", + "E-mail Protection", + "Time Stamping", + "OCSP Signing", + "ipsec Internet Key Exchange", + "Microsoft Individual Code Signing", + "Microsoft Commercial Code Signing", + "Microsoft Trust List Signing", + "Microsoft Encrypted File System", + ], + nid => [129 .. 133, 180, 1022, 134, 135, 136, 138], + oid => [ + "1.3.6.1.5.5.7.3.1", + "1.3.6.1.5.5.7.3.2", + "1.3.6.1.5.5.7.3.3", + "1.3.6.1.5.5.7.3.4", + "1.3.6.1.5.5.7.3.8", + "1.3.6.1.5.5.7.3.9", + "1.3.6.1.5.5.7.3.17", + "1.3.6.1.4.1.311.2.1.21", + "1.3.6.1.4.1.311.2.1.22", + "1.3.6.1.4.1.311.10.3.1", + "1.3.6.1.4.1.311.10.3.4", + "1.3.6.1.5.5.7.3.13", + "1.3.6.1.5.5.7.3.14", + ], + sn => [ + "serverAuth", + "clientAuth", + "codeSigning", + "emailProtection", + "timeStamping", + "OCSPSigning", + "ipsecIKE", + "msCodeInd", + "msCodeCom", + "msCTLSign", + "msEFS", + ], + }, + fingerprint => { + md5 => "D8:B8:96:CB:80:3B:B1:59:E6:D8:D7:DF:82:9F:B9:4A", + sha1 => "0E:54:23:5B:C3:59:90:A1:C6:8C:59:60:A9:64:EF:38:36:08:2C:C9", + }, + hash => { + issuer => { dec => 2397076613, hex => "8EE07C85" }, + issuer_and_serial => { dec => 2318623373, hex => "8A33628D" }, + subject => { dec => 1333988679, hex => "4F830D47" }, + }, + issuer => { + count => 4, + entries => [ + { + data => "PL", + data_utf8_decoded => "PL", + ln => "countryName", + nid => 14, + oid => "2.5.4.6", + sn => "C", + }, + { + data => "Net-SSLeay", + data_utf8_decoded => "Net-SSLeay", + ln => "organizationName", + nid => 17, + oid => "2.5.4.10", + sn => "O", + }, + { + data => "Test Suite", + data_utf8_decoded => "Test Suite", + ln => "organizationalUnitName", + nid => 18, + oid => "2.5.4.11", + sn => "OU", + }, + { + data => "Intermediate CA", + data_utf8_decoded => "Intermediate CA", + ln => "commonName", + nid => 13, + oid => "2.5.4.3", + sn => "CN", + }, + ], + oneline => "/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA", + print_rfc2253 => "CN=Intermediate CA,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8 => "CN=Intermediate CA,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8_decoded => "CN=Intermediate CA,OU=Test Suite,O=Net-SSLeay,C=PL", + }, + keyusage => [ + "digitalSignature", + "nonRepudiation", + "keyEncipherment", + "dataEncipherment", + "keyAgreement", + "keyCertSign", + "cRLSign", + "decipherOnly", + ], + not_after => "2038-01-01T00:00:00Z", + not_before => "2020-01-01T00:00:00Z", + ns_cert_type => [], + pubkey_alg => "rsaEncryption", + pubkey_bits => 2048, + pubkey_id => 6, + pubkey_size => 256, + serial => { dec => 2, hex => "02", long => 2 }, + signature_alg => "sha256WithRSAEncryption", + subject => { + altnames => [ + 1, + "john.doe\@net-ssleay.example", + 6, + "http://johndoe.net-ssleay.example", + 2, + "johndoe.net-ssleay.example", + 8, + "1.2.3.4", + 7, + "\xC0\xA8\0\2", + 7, + pack("H*","fd25f814afb598730000000000000002"), + 0, + "jd\@net-ssleay.example", + ], + count => 14, + entries => [ + { + data => "PL", + data_utf8_decoded => "PL", + ln => "countryName", + nid => 14, + oid => "2.5.4.6", + sn => "C", + }, + { + data => "Net-SSLeay", + data_utf8_decoded => "Net-SSLeay", + ln => "organizationName", + nid => 17, + oid => "2.5.4.10", + sn => "O", + }, + { + data => "Test Suite", + data_utf8_decoded => "Test Suite", + ln => "organizationalUnitName", + nid => 18, + oid => "2.5.4.11", + sn => "OU", + }, + { + data => "net-ssleay.example", + data_utf8_decoded => "net-ssleay.example", + ln => "dnQualifier", + nid => 174, + oid => "2.5.4.46", + sn => "dnQualifier", + }, + { + data => "State", + data_utf8_decoded => "State", + ln => "stateOrProvinceName", + nid => 16, + oid => "2.5.4.8", + sn => "ST", + }, + { + data => "John Doe", + data_utf8_decoded => "John Doe", + ln => "commonName", + nid => 13, + oid => "2.5.4.3", + sn => "CN", + }, + { + data => 1234, + data_utf8_decoded => 1234, + ln => "serialNumber", + nid => 105, + oid => "2.5.4.5", + sn => "serialNumber", + }, + { + data => "Locality", + data_utf8_decoded => "Locality", + ln => "localityName", + nid => 15, + oid => "2.5.4.7", + sn => "L", + }, + { + data => "Mr.", + data_utf8_decoded => "Mr.", + ln => "title", + nid => 106, + oid => "2.5.4.12", + sn => "title", + }, + { + data => "John", + data_utf8_decoded => "John", + ln => "givenName", + nid => 99, + oid => "2.5.4.42", + sn => "GN", + }, + { + data => "JD", + data_utf8_decoded => "JD", + ln => "initials", + nid => 101, + oid => "2.5.4.43", + sn => "initials", + }, + { + data => "John Q. Public", + data_utf8_decoded => "John Q. Public", + ln => "pseudonym", + nid => 510, + oid => "2.5.4.65", + sn => "pseudonym", + }, + { + data => "Sr.", + data_utf8_decoded => "Sr.", + ln => "generationQualifier", + nid => 509, + oid => "2.5.4.44", + sn => "generationQualifier", + }, + { + data => "john.doe\@net-ssleay.example", + data_utf8_decoded => "john.doe\@net-ssleay.example", + ln => "emailAddress", + nid => 48, + oid => "1.2.840.113549.1.9.1", + sn => "emailAddress", + }, + ], + oneline => "/C=PL/O=Net-SSLeay/OU=Test Suite/dnQualifier=net-ssleay.example/ST=State/CN=John Doe/serialNumber=1234/L=Locality/title=Mr./GN=John/initials=JD/pseudonym=John Q. Public/generationQualifier=Sr./emailAddress=john.doe\@net-ssleay.example", + print_rfc2253 => "emailAddress=john.doe\@net-ssleay.example,generationQualifier=Sr.,pseudonym=John Q. Public,initials=JD,GN=John,title=Mr.,L=Locality,serialNumber=1234,CN=John Doe,ST=State,dnQualifier=net-ssleay.example,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8 => "emailAddress=john.doe\@net-ssleay.example,generationQualifier=Sr.,pseudonym=John Q. Public,initials=JD,GN=John,title=Mr.,L=Locality,serialNumber=1234,CN=John Doe,ST=State,dnQualifier=net-ssleay.example,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8_decoded => "emailAddress=john.doe\@net-ssleay.example,generationQualifier=Sr.,pseudonym=John Q. Public,initials=JD,GN=John,title=Mr.,L=Locality,serialNumber=1234,CN=John Doe,ST=State,dnQualifier=net-ssleay.example,OU=Test Suite,O=Net-SSLeay,C=PL", + }, + version => 2, +} diff --git a/cpan/Net-SSLeay/t/data/extended-cert.cert.pem b/cpan/Net-SSLeay/t/data/extended-cert.cert.pem new file mode 100644 index 000000000000..6cbdc1faea51 --- /dev/null +++ b/cpan/Net-SSLeay/t/data/extended-cert.cert.pem @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIHdTCCBl+gAwIBAgIBAjALBgkqhkiG9w0BAQswUTELMAkGA1UEBhMCUEwxEzAR +BgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsMClRlc3QgU3VpdGUxGDAWBgNVBAMM +D0ludGVybWVkaWF0ZSBDQTAeFw0yMDAxMDEwMDAwMDBaFw0zODAxMDEwMDAwMDBa +MIIBFjELMAkGA1UEBhMCUEwxEzARBgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsM +ClRlc3QgU3VpdGUxGzAZBgNVBC4TEm5ldC1zc2xlYXkuZXhhbXBsZTEOMAwGA1UE +CAwFU3RhdGUxETAPBgNVBAMMCEpvaG4gRG9lMQ0wCwYDVQQFEwQxMjM0MREwDwYD +VQQHDAhMb2NhbGl0eTEMMAoGA1UEDAwDTXIuMQ0wCwYDVQQqDARKb2huMQswCQYD +VQQrDAJKRDEXMBUGA1UEQQwOSm9obiBRLiBQdWJsaWMxDDAKBgNVBCwMA1NyLjEq +MCgGCSqGSIb3DQEJARYbam9obi5kb2VAbmV0LXNzbGVheS5leGFtcGxlMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00brOddneRnLR16XbabDULkvA6Io +D0tHG8X60TJcdFVF3GFJPTesYq6C5KmI3cubWgzrotSVXFh/gy1PT9ewXGxVvDTM +LqAaKJQiJixSyZP2r1LP9nCl+ygNqW+PY5+f6Vwko2i1Qh9mm5yVJyF7E5I8WcKb +QHhdGolosQ1e9nBBvJR12jU2/Um4a4pgWyDIxv9xEFpS1I88EUkC/5wDEr4OZaGQ +vp8J+mX8B18gWRO75buofrDIk38+m3JG1qOlNEAqIzpQQtGthqjfMPAjhIM6rdXc +xAhXgMwykhONrtwBz8qTh+8nfwMzxGvNgO//rn0ba2HrCQH26ax1oSmGhwIDAQAB +o4IDkzCCA48wgYkGCCsGAQUFBwEBBH0wezA6BggrBgEFBQcwAYYuaHR0cDovL29j +c3AuaW50ZXJtZWRpYXRlLWNhLm5ldC1zc2xlYXkuZXhhbXBsZTA9BggrBgEFBQcw +AoYxaHR0cDovL2lzc3VlcnMuaW50ZXJtZWRpYXRlLWNhLm5ldC1zc2xlYXkuZXhh +bXBsZTAfBgNVHSMEGDAWgBTV003kWblcdfbZcvOb3PvugCaRbzAMBgNVHRMBAf8E +AjAAMBkGA1UdIAQSMBAwBgYEKgMEBTAGBgRTBAUGMH0GA1UdHwR2MHQwOKA2oDSG +Mmh0dHA6Ly9pbnRlcm1lZGlhdGUtY2EubmV0LXNzbGVheS5leGFtcGxlL2NybDEu +Y3JsMDigNqA0hjJodHRwOi8vaW50ZXJtZWRpYXRlLWNhLm5ldC1zc2xlYXkuZXhh +bXBsZS9jcmwyLmNybDCBmAYDVR0lAQH/BIGNMIGKBggrBgEFBQcDAQYIKwYBBQUH +AwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgGCCsGAQUFBwMJBggrBgEF +BQcDEQYKKwYBBAGCNwIBFQYKKwYBBAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYBBAGC +NwoDBAYIKwYBBQUHAw0GCCsGAQUFBwMOMIHCBgNVHRIEgbowgbeBImludGVybWVk +aWF0ZS1jYUBuZXQtc3NsZWF5LmV4YW1wbGWGKWh0dHA6Ly9pbnRlcm1lZGlhdGUt +Y2EubmV0LXNzbGVheS5leGFtcGxlgiJpbnRlcm1lZGlhdGUtY2EubmV0LXNzbGVh +eS5leGFtcGxliAMqAACHBMCoAAGHEP0l+BSvtZhzAAAAAAAAAAGgJQYJKoZIhvcN +AQkBoBgMFmljYUBuZXQtc3NsZWF5LmV4YW1wbGUwDAYDVR0PBAUDAwf+gDCBqgYD +VR0RBIGiMIGfgRtqb2huLmRvZUBuZXQtc3NsZWF5LmV4YW1wbGWGIWh0dHA6Ly9q +b2huZG9lLm5ldC1zc2xlYXkuZXhhbXBsZYIaam9obmRvZS5uZXQtc3NsZWF5LmV4 +YW1wbGWIAyoDBIcEwKgAAocQ/SX4FK+1mHMAAAAAAAAAAqAkBgkqhkiG9w0BCQGg +FwwVamRAbmV0LXNzbGVheS5leGFtcGxlMB0GA1UdDgQWBBTbdJQ7rhuaWkdJ/uR7 +xA3RjKn2vTALBgkqhkiG9w0BAQsDggEBAEz87Fu1bOk4ezO3A9hJIRkzmRw6HoJy +M632rtvkn8wim5YPOJEWZgzXyRg/9xZX5ZYjwyH3t+k/Z203VImrYfGoGxVRqFGj +tJ7Bf9YJo/igCGtE4mNrS4JGHFmxM0HnsaUbb/WruHv42PTPjOTcPQGTVYPdWOuw +qTCuL7iYAUCEI4wsJlVy2/fUX4cIUC8ILLoQGqaFjpYVyEsieXGzAHQdp4JNebMY +i0lwe46EoVLJ8iOW8TxNeSWEMSRpWpL1Rmiq4WZDn6pjXVafk7D2zZaq7SaKXf5q +4RE/YHPhk7/lEvKu9xieVL19tf9RISlI5YrgBZRecR7Avj62auiSEkY= +-----END CERTIFICATE----- diff --git a/cpan/Net-SSLeay/t/data/extended-cert.certchain.der b/cpan/Net-SSLeay/t/data/extended-cert.certchain.der new file mode 100644 index 0000000000000000000000000000000000000000..654f7557bb7f6593375be301e9816bff201051af GIT binary patch literal 3615 zcmcgu3p|r;8{e~ojW*1jC5LrDwLL>6he$a~SX7D>Npbfmn(8%auU>Zez}XNtGp*Z0-e@B6-I`)${KKi7TT|NFkL|MkB?E;=0KN^HqR zzyUb)1!qY}>hWxO?{NSy3v{8(0wpC7Zb%6N+}V*r0P*666jsWK#$HUNI?}u&r#fe0 zrPk3{Y)xu7olT=CgNkBL1Xji_giQER)TYsaQYxffj*OuhZ4@f=&L5k z1r&dFQZ-OTJSmAF7Xra!v4SCZBwB>`_RwG&MHYhW;r6R3 zN}z(+b0t=KGQ0~((>Z)wFx_V=#3C$$3Wd-Eb*A@Q5>QkNgaVO#88nN(uK?N^Z4fu@ z4FD(@f(yvNpnfSh7XV;w)`QC*_(!VTvhm8?e(Z|#IWi(&N5;WM?dn*o{${qDRj0R| z*|O4YB5rT--Y2)RJg|fL?FTk*h}pe(?b-(wn}gjh7~Ur3s_LX`&tK%)C>Skwy)znG z_)!N}%t-YS3I{gNEeJSmso|HEePDrB6d}!YEVx;EFHJ2 z4ocX%N%O|F38t)vYkR6G-VQ#IjgYIArseIc6-tiL{y=Zh+(#SKBsimWi} z`vrxD7J5WuXUo~fZT&PtvZxcdb5p<{UJ!#YXb5VG9i9+H zs|9%vN&=$;rQvzHJU$!&z<>fSLI83RsURm_0<%y8K%vk8fQ$yCK;x-42=GV&Y<8$I znauEEg_7uBW$0obZ_*4~Z#F#^&ZB%8OJ}jdX<@7%8Lk1Pf;tfiks?<9UfY`9jpsIp zk3I@}o7MU8RqXuzjLFngCjh_%5)Q&9vshgdDF@1e5)w!~1QI3wry@}jV6-@r266|; z290u;<{I+!r_g+N5oDjRU*VheA+@xTgYh( zGi^yuTX+d6=%A1QcNrW|_{vtCwxyu>Q$A9NKcnHMV@QLX%VKD9NKOsNIm^-h%c0J| zC!X#PZyooq;bzE@y$C%RjE}4mcSVg*z_Y9Ce z=Yb3og+QP`#e$p?@sjXJPCm#Ha{gUy;AwqXi@1J3W%Kun>-#c@SG3-r9WeLb zzHD9m3GX*WY6>nzE(ND@>SOLp7JSIX1g(DN6Xd|Pp1rZsVCD15LN&&_6V*{49{zqO zskhS%5V-ArvSF~I7!;AK4+0i(#H2;@-NHKFw{PKNoXMC)HL|M5_M~Je+;Gs2WLCl0 z>c_cjBCC`W?Lwnc;__S@M~E43OxHxti=)h?d!)Uy4k+pNTO};<@pKmoDn^?!N`~eq zczz1(#+z?tbqg-_$&HBKE9b1c7=3!eMN8MVFX2~Ix)*a!UG0i9f&FQ6)=-h6f?T-S z%))Cor6&KW@XCVH&_O`Li*{u&*gqn;{{xNxo>G-nIPV_n8=r?#rr>I`+E)A{x`*Bq za_ulnT4^kX*Rv2*N6oZb=fWvHSHQjpIUU7 zaot|>ZLczw>kduaTS+7b3$Oaz9W}j6`L#w`%Xe%m%g5dRa2K&8XnTO=$d(t2e1GAg zixixK+%)V7CtEu=*1bRbeS%MamhovqfuBS-o0wyteC;2P{ zC=da4gMZR$M&bDSwl+ztUAg7NLzYSYXE3MhVskhQW{NHeNDT`m@T2i8hjbSk1+*xB z@HhNyH+O{F1RR?|yvscCyZ&=q>&78r_@PQvS0V)Y+_wkBiSfa9rE}h4dXK;&Jz31N6iC>rO)!E=Gar=Zb|6g?Q@W0e#ys|M5eu zCjJq_{@U_QEfeb3W!tWCcT3wZ*XgP9s*uhGV*`U3*HoB`>o?`&1|9vr|fM~Vk3$1`}3J>^yq}6|Ms_)V1=$?_gm^0L_&Ju?vTTK4} z_wlYziv{nR_(w`9R$eBL&c7ll;g>h(kXcI~2>QE~RzDIjc0?|;7`1Z5_1vS>S0uIW zbQMN7?k!aq?tYdyG=XbAe*dE`nR)Agcl4^jYX@z#R#%UccfCqo`+b*&SAKneC*BykoTM?gLt7QVBde(i!whEI`K*6~-Rx6*X8mQ(gdXSuc< T6VNj^o+5Zf?OWZ1eOK{M^|Abo literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/extended-cert.certchain.enc.p12 b/cpan/Net-SSLeay/t/data/extended-cert.certchain.enc.p12 new file mode 100644 index 0000000000000000000000000000000000000000..e3b8b5aa6ae17336a95b9f5b88a11dff863c8a69 GIT binary patch literal 5517 zcmZXXWmFXIw#Ek-T80=x8V0150m-3Dq#Fj1ZjkO!VCa^RP6^2&L>d%n=?>}cmKZ>e z|FiD7=dN`>ynDa<_dIKV+-p5h1X&b18U_?WriO*f5&k;-ng9(OEgwN92}F>I{>4I2 z1YyK~C9He|q0e9BfsO|F+Z_L^ph0P{@cw7RlfN55Kpewx(Gs!!9!zv}96%6)P|~Q| zKv((a{OwzJJ)0e^%tS-)BBWDu?G#AEr^j1i?ApqADh-rZvttpU_{r_)ta?1YaWIU? zv`%*;Y%6q+>=^13CQm;ED-Q$QebpF^lcq@RL-xkxCb8F%K4yO=V(IF@#_3Ly$Y$~{ z=o{M}8NgE`YQN$f1!*gYsV<$wxR-sRFL3K}BX46;#a#5<&}*um4Qzb%vFysJ5&QA5 zNDS;A-X*o;XtHaiz~3H+yyIwe-+emS@G&PhGT-SE&Q#R%JInrJknGz+r`C-8hxDVI zn(s#iYzTv>hORrx1-yw^O%FF}A7Q6QR#J_pU+oUlX82oK-BoFU#jSC^B79yHyb&hT zo6zSJ1zc^CA-%Pf-T5tDlumI;ccT=<#XlZl7ANj?5JS@pLHe$Ty*B%Cj*M){`Sl8Os$SPbd(s-GeNx z@^m?QQ+<7Vz4I=8+O@qcTerC z{~2cl$7*;1rn#f7r`cYB-;Wd@n(1s=BYN_ph}X=^j=G4IsE%j!&*XsIOFuB%TDYP-LQz< zporU&>-UnP62!fH{|G_S)l1g zdJQDM@wC`Ty?#z~8&J>_cd7dJ;V||A^)>3sRXLhN_g3N$<^u8NNfS2@ANO}Pkji~!M;+G;PEX#5_k%XTpx~XS$p=IBEZRwMaRxks= zdNx1aYj4PzaALz4-$Md>BA%Iu?BIAf8}p`tNvu2LCK;9JRF+}y5s=6`7U_GabfH9y z+I5tbw(C#YvKneTV;|6aa3|2MFzz+T^lY`?=NkrsmP{6ci*cGB?U9Z)U+u1IJ@Cm+ zZ}d)t+DM$`9-L0Du&pPtmv&Tq!PZ>{J0vCicPVb8H z!SUcl!J1LD%EWkxMqyvyky{tHN(LtbIvWa4`mFG$)DjET^2jPrcDnlEYSo+{+^%ySTWZf=HVP-puuAsEpb9ea_&u1w!BCMC7 zeBj6>)NEhUOA7WKSr#1M7)5?HSyJKYl}|f&LYIZ9LYBzLZX2{r9Xaq3YacJ7TW<#; z7EQxwt{0g6WxP48&s;f$H)g@T?(ECGS4g9Mk?pd)Hqqs=n*&!duHtqxB6^MiwaX`vI;?W5I{RqP7e4)?jlZnCxiGhB%;KzT6Qm6K4@u!UTGVu6z4J(- z+d!)do`siyTq}+hnD_CWzajli7`Ki87CZcn>6bVS4u&QRBc@3$+g`ZK2!qQ&=*b={ zUte$4F@oW3;c;`Oz|RJ2)Hq##Z_@$@UAP0M%Ec^&1hhW;%z~`SIuiGTzBD#lb}fiY zW3P-s6~QNhjHKNO%-J;ss-+f`^KhaIta_}Q^Qq5K;BYJt_dcCckg^h9p!BZWG{7u7 zc1;|u(ZXa|An>RL>3(v#9zi`9+~brl+#Cn=hr$!-sf|a?lsXJa{ZzC>J9dS;Avqg$ zr`rzAgug7gxwB&C*dczwi<;{SK}_6*m8j~FRODDmRHfw8S4YEFcPDv8;jYBhxARUyK(_g92Q1Y{FYe`TM4Z@{K z!gam-M=&K9asYnORuv(1+eE8(MmkDwD8fl7NJ`TprQXEApKlp1mEe3XKBMCDu49(0 zP=QzGoAE==12Yf6$FrVdla4RZFU*}2wPzlRanTmMVs71R0{BXm*{V9lS9aUsfrIG* zOE4mCFbEJlKTlPU2^|bdLE}%|K9O;gR`5G=ciQ>wmQ||*(DP5;!705THl(aWwzn7i*bV{*8sU z_8QcJ&KEUbZ9m-Jbe;Pi*~K({lsi1owtj!=@q&MUV4-C|A(hiR*xwA0+NikRK-Iq} zi^$NdF-P1Kx3pnGey!iTuh;pZJ8$TE_qDP=m+kf5%D9_Xp(=vi4c?)?I!$*XRPe>v4LJkSxS|?ygz7SbBhZ-S-|INZ#H;}2FM-nu|v@{ zism%f!0K)JDJlvn8Y*)lxcR!;AUsT!FOYB>k`W@DJo)U>=6wCV9ZNJmwzhcooN-?5 z?uy2bL$j3Up3fV}t0mNBlko0_2=?1cS486F>65W)>7Ig9jY`IXoF@aI`=gbWGjMVJ z%({DNR?q$)`vAa3^Vco@}UnI%$x?pC^VO zix)rcJBBGjH;z-fuWAq8x`Q0y79KPd-eqQlx8`N%|O=;uDM4fVQEVWkYEi$kBWYTh3{N5DSL`=ow*e+Lc zQ})_Li_z3wsLaPR@_@M^by{$O+x3%;%}6qCU7-U3l*tc@{uQUl`?*MXaA)~;0Fhkh z;hOZ~vtyuEYN?)B*SIBfUai5{&=PzPYbhrX0RM@pzxoS0&S#sInJK~ixUqV>H>Tin zH&W*5P&pw!PA;7MLx64(5Xek#xIb#=}$=|x=ctUUC)3XZe|-+-Q7ha1QopQzSnlq<*cAHNB(K z!jsQTE{OyJ{>B`|jn|~8|HApnEpy54DIQP(e?u$aWzX3vKNP@nS(<>t>%4xam@>bQ z*WmOeTe1xzBxCuVqpx3BUA!8kxVU+F)@zR*|I(RnzVoco&|Tz${E7?`;l1b^*Lhr2Nr-9ILoHlnAG z=$z~cq*j(@mg%}1$dY2-?0w)r2EKUORfzYYx8h;`z}G89qX!CxaGj}Wfem|#@*KVi*)WhMkoAeokYN+^@-W=iT=Zf zBtFMEq>>Gg4(5xnk=rxEi7LJrNgE~8acAI;Nw3+0^D`*)RXDm;$^waD<(pBo#X=(rP=gA0z8wpTVj$+?YmoNz2w5&5=Jvt==ky8F|Fx9 zB)SJApy~hum+j$Vb?=?2n0Q)|28a)_29YidP%AqOa|p_AJ@%V+Ex^e zQ#F-CG<)anDRBkQJhs@RLnlajOmqQMi@LjcUY9I2vP5r7cJMRc$W;J zwG-v}lvW%o^*ur}o)Jd(@~v_VuL0Ule*13<=T2D%b8%q$cha;;1C?P1z^i({IsRcG z_$y7#Z~;opHQ#7=HR?JyG=XkNsjDQS%YT zNyU?{Sy1z=$FIo|q$`&D!|FNxfjWE)MY4Nxt}x5D5iUsB5LttzIYJ%zLyy2IibqKu zioh)UKY=?Rftd+JV5a`XNq=8F7XE+YHy#>#J_2|QMF98ze=5($80cbt<(Tpuy*)F*SBbP zi)20=<`~+?8{%ex%zWz}ZGB0{oz#I zPpYMx^_rNxi<#3a$wV|0AlWJ`CHlf{RI7*J!60KM%XjPbm0}d47LF`hn&yUApH8l{uBc%4uZj1|6-Jmc_Ja!m zy_wbRLRGs9Y#@TB2u@Uwy7Gv}1o0CtkzT1AR-&^+3anicmGo zaXG$P_BEtN@`MV_PxR;UQ3I#26IF#%;%upqut$kbjy?jKmz`GoW$*AQ4a|RQ$rKr+ z5NKL-EOU9?TAJk3Ty0;~<(W(dbXB693~5t0Xj1>)&%*N}^&PDQ3KJ&GM;S1JMwBpZJtIPex1K0Y zoh>Te`#5{;++-HVjAka~SGAF%OeyGmyc-#Ef~zjdY||qly8jhsc`{F4D|fHAB4W;& zYY>X}1=qEftR>CIMl;9ZYMk~FM+Zy5Cj;(DFjb{^QQCkMW&u|lx5biVVki{`=2N#> z9}h$9kjpCvfirWpPBYIoA{9A=8-x_H(M-Ovbq-YpTz-|0<$!P$xcufIa(#4Ve?8ld z-X(QX=IYnt>E#WvGob971;D{6r|5El2bU?tJi)P0rvE*UxMV!!KvIx4lVO+shl1W% zebX|_6CnW{t^ugke@&!3a5`Op6~G7J@wYkwEdN$Zz;l4b-|qI8!2k^Z<`#b^Ux3TM zU6uf@zw|#2JAgI7?(bywZ|xs$`}c1LaDwtc8KJmXn4BOCbSg{$khDH5!aQpor>%CN b@{Aj?I}uWVr3l3Fs+r3>XQe*==NkVDXi8EI literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/extended-cert.certchain.p12 b/cpan/Net-SSLeay/t/data/extended-cert.certchain.p12 new file mode 100644 index 0000000000000000000000000000000000000000..a2c8064ff302bfbc1f301fc0cc39d788d1ee97eb GIT binary patch literal 5418 zcmeHLdpwlgx1VP&#%0jBC70Yv?w&!pM=AGQL+**eAmcKMpOhIQL^N*YGK4~ibP*y# z$t9s8MM6R%q7IewjN+|+o%6ou{rrCCbN)Eb%skK9YpuQZcduu!z1AL(!YvL55FmwX zmVrqsNg9s!%ju+&iYa%f02EHVGz+t=_!G(ku*4YJa z-pHx|f;i~2df9DcRaE(*2~q%_zdI;DxQRZf94Ch_1TQeq2ZASu4|X~1=Yz+wff%}w z5reWMK~Qj5ko_A%Mnj^fukaos9>)qz9#TPZB5?|eN^2Tu45Km8)y0QE3c+DOX1WFj zgV+}!x27+JLDEgEp_azL4fo(Sg4}e?T^P1i^X78GWjs zfQR1;G9>3l#B2Za3?R>lf~@P>0DyuaC;&SQ;xof3008UJol<@35wfXG&nfNj#k*#= zT!RoZ=x2rZe=-KuiUks|eV-MO3-)~v*-(Y9adqx9m0AI;OaMZEka}(=mOiTFB zXlG$t&YH2B!sF%lsV8=31n54=D^Svw5>qqV{irmma0r|gi;Pe!ef+$M(I&iI;Vfr- z*>m9G18Vflwi5`&Chv~$nU%6Ies7m4CSY-*Bq&!hDjJReU_c%PK?Ny@GaxyJfl-

(wl1P4P^72I2KtDOc4=YsG)kW?%uGd`e3y;Em?@I^_48jKl z{*~@R&{7Z-Lqb6j&h@xw->B^^hoHs&fccE)%kRR)lZdNJQ;-t?R*-NIwz`T1g^?WK z29SXPDTP3y=ub-|iUACxTM|MZ0ZE`r&W;?VD1|jNe>w?y*8m@!9CZ6zJr!1alGEwq zZ>0kz$Aje9HMbyubqc;tA=WA6I>oq7F|AWr24?6*Apwdq9N_+e=2@qiA^U4O%!og% zv98--1IdkaXdFm#HAucm7X9U={wAKHB>%GOD8HKf%^Ep{kb=RYk#`DVK=g($TR(AK zxt<;f`*s02Ti4^33CQ8a@DN;Gego;-I$%el5D4_waFAR~pAr^Hz5tSGqqQnGp(|9Lw- zgRi5ZO{|Yj7cJiYDXl=;763E;{MP=u&xA^-;!Q-KfygGsa{_9cDFKS5i)90&w06;q zRCbjl9(T;sR$i@-JT_ygVs}M8-ki|#IIO%s=CaHCLVj-ZLi4<9*$pS2Fy(#9Vf5bf z%GKM5qAOrqp}1?jqJW>caJee>D`k8#YEedNvFe>?2@in)lS z{#fiwRI-!*<~wyeZ+N{q%b|-SCxT*sc$OOnd5&$rnEhSb#N3wCwg-#cW>j`C%Cv%n zKa{v|4x8;@cvvuu1l@gMZqVHgCJS?go&gX~4JHf=g7|cqE5r$b`K@ZY!DJxGnic`( z4kJJ8lt0U~rR8Q3(_>$@qIhwvbs0T7{}DDq81a2D>c8Y(FxR#7 zgl>5&ep948{|zZ+SF4fOCO&gZU40#w10Hdfthv*VGu;Ar7!2duDub_D5 z#50vB)>GM!G~d()6ml-$#jdw)6SyYztml54rTF^_O;kxouz4frP{Z7eLJy^6VB%dR zr*u@3_WaZ6?dr--gR$?_{6Aax7ldy(t2Zh)i`ceuC(}H*x>u<1YnOz7%-M1ws~#55=^)?Vh@Z*dQ!v-29o9l6-%VMTpV+E|N z5mqa3OsZJ7|K$$~`ZSKS1b8e> z;ca}$_*{CM#hejoIbnnlyw@5lZu8{J4x8JZ8!i+DH4Un^Q^AigCOCDd&JyQ1wp79Xn z>gZY#ytkpJg%ZJLs46j1=~T{^35I+55L-6+%Qo0wV4X5{KYKf#Nj?9|q)ky>U>Sid zrzhn3Kyw)itKeT_&;w$+{t|_#s)T!H_*LBW3Tx-3C(DxZ{%t8PVLDzd>3Sl2s=mk{e|JX5 zLM>iv5LpS%^UPphICVL8H7zDz8rC)5uk@xft!(M)n@^VcM=Q;QsT>mHyX(z6Pd4~g zYgO^=9?NT0^-)3YKVI9c828alrMySe7L16eaFCb^2m#$A`?xT+mB6auo7qjS-JEB0zT zqaD?_8jsb?!?xFTd!!z(M0x+TSXN`t(Ik44Dd$O}n1`<@`cL@O{ogm)bqIOwwP)^0 zcu`8?7_Cx&&5ig1)n<|IhPzX zdRTJLb`Cs_TjFmq73yU-R629(IN^30x?^%CBwp7p33bGcD#=&m9d=nh&SXw~SJZR& zi1>5n+Z(EH1(L$#-Omry#8k{Zgc*)p2`S1P*c+MFE4Pw+5r5BmLZtLciiL4eyh{4~ zk*xPgLyV`LJw~{gn&bI)whV6)I_lewzIhkRbf_Xfe^xM*tL%+vUcJ&F^6vg6l4t_v@83lY27F<6$Nb>7rqNFq z3|}9V2z}j%?KEN4Zp^aGY2o%#NOcnGvYzJU*q3nmJaLN!>eDr}o^sN?y~j3z%_{wl zW7|N6mHYotD2VG~<7hOG5Ef_HHmGf6bhEww`9f9qvt#o6yP7A1ugeVT^gg&*obo9T ze9WX}IvITzfm-f5?oo9t>AL5}cPCjoli*}Btbg)@Z34!>van`|?Im@qO}b0Q{fPgl zQfP2};Ok2accLwFo#0Y9FneSdYg-y0N=f_e5KKs7OB$$Wb1#*%|1{yf)M?~S(zm79@M&C8NoAt6$J)uhQgLe&FB^9MN)t2`~XP3oR zBv1CD=IKz$+r+G~`vOZNR>YJSOpzv3>;Vjuy~#~~gE#J@RWYS#i3A}59j|o0+lppB zsN=@fs+N8Cs%9;{7&w5J0l;EJlK2Do!l_whI)>JQ(LsZ!SJ`pldL-VS#EbqcfZDH&vCCyQ9B(i?$-nGEey@d0*5iD8udn&gW9{3K@J^<6cAfa;g8 zTJCYHjXh9QQa!?4*xo~^Fp`x9!v^O99PVXVaJ}ZB<@qaFxMwR@^qW>G(G zbE79TOQiiqQ1q}~_e=9p(LQI#l2m#3Gado6wlp-H9ByMEov)!CxW!Z{#Nnen7E?FV z69#wfADI?K)~03L4<0v5Nr;Vlc3HbcfO|wxhsCG8LR@6VD|P%-vsQXwHi|?Qo}cHL z=G!toBG5L-J@HO;3a3|kqme@*1}_jjS8M7wWS5i{GivIvh*T>jiK1J2nlvYxR=&Pn zQVFk!tN*`v2$2Ovp#L0E(rgGg9}0%#;>i-CD)+#Lckt|df>sJiSwW+mk&GIOl||SI HT>XCnf5+Jb literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/extended-cert.certchain.pem b/cpan/Net-SSLeay/t/data/extended-cert.certchain.pem new file mode 100644 index 000000000000..b7d819c35c6a --- /dev/null +++ b/cpan/Net-SSLeay/t/data/extended-cert.certchain.pem @@ -0,0 +1,82 @@ +-----BEGIN CERTIFICATE----- +MIIHdTCCBl+gAwIBAgIBAjALBgkqhkiG9w0BAQswUTELMAkGA1UEBhMCUEwxEzAR +BgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsMClRlc3QgU3VpdGUxGDAWBgNVBAMM +D0ludGVybWVkaWF0ZSBDQTAeFw0yMDAxMDEwMDAwMDBaFw0zODAxMDEwMDAwMDBa +MIIBFjELMAkGA1UEBhMCUEwxEzARBgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsM +ClRlc3QgU3VpdGUxGzAZBgNVBC4TEm5ldC1zc2xlYXkuZXhhbXBsZTEOMAwGA1UE +CAwFU3RhdGUxETAPBgNVBAMMCEpvaG4gRG9lMQ0wCwYDVQQFEwQxMjM0MREwDwYD +VQQHDAhMb2NhbGl0eTEMMAoGA1UEDAwDTXIuMQ0wCwYDVQQqDARKb2huMQswCQYD +VQQrDAJKRDEXMBUGA1UEQQwOSm9obiBRLiBQdWJsaWMxDDAKBgNVBCwMA1NyLjEq +MCgGCSqGSIb3DQEJARYbam9obi5kb2VAbmV0LXNzbGVheS5leGFtcGxlMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00brOddneRnLR16XbabDULkvA6Io +D0tHG8X60TJcdFVF3GFJPTesYq6C5KmI3cubWgzrotSVXFh/gy1PT9ewXGxVvDTM +LqAaKJQiJixSyZP2r1LP9nCl+ygNqW+PY5+f6Vwko2i1Qh9mm5yVJyF7E5I8WcKb +QHhdGolosQ1e9nBBvJR12jU2/Um4a4pgWyDIxv9xEFpS1I88EUkC/5wDEr4OZaGQ +vp8J+mX8B18gWRO75buofrDIk38+m3JG1qOlNEAqIzpQQtGthqjfMPAjhIM6rdXc +xAhXgMwykhONrtwBz8qTh+8nfwMzxGvNgO//rn0ba2HrCQH26ax1oSmGhwIDAQAB +o4IDkzCCA48wgYkGCCsGAQUFBwEBBH0wezA6BggrBgEFBQcwAYYuaHR0cDovL29j +c3AuaW50ZXJtZWRpYXRlLWNhLm5ldC1zc2xlYXkuZXhhbXBsZTA9BggrBgEFBQcw +AoYxaHR0cDovL2lzc3VlcnMuaW50ZXJtZWRpYXRlLWNhLm5ldC1zc2xlYXkuZXhh +bXBsZTAfBgNVHSMEGDAWgBTV003kWblcdfbZcvOb3PvugCaRbzAMBgNVHRMBAf8E +AjAAMBkGA1UdIAQSMBAwBgYEKgMEBTAGBgRTBAUGMH0GA1UdHwR2MHQwOKA2oDSG +Mmh0dHA6Ly9pbnRlcm1lZGlhdGUtY2EubmV0LXNzbGVheS5leGFtcGxlL2NybDEu +Y3JsMDigNqA0hjJodHRwOi8vaW50ZXJtZWRpYXRlLWNhLm5ldC1zc2xlYXkuZXhh +bXBsZS9jcmwyLmNybDCBmAYDVR0lAQH/BIGNMIGKBggrBgEFBQcDAQYIKwYBBQUH +AwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgGCCsGAQUFBwMJBggrBgEF +BQcDEQYKKwYBBAGCNwIBFQYKKwYBBAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYBBAGC +NwoDBAYIKwYBBQUHAw0GCCsGAQUFBwMOMIHCBgNVHRIEgbowgbeBImludGVybWVk +aWF0ZS1jYUBuZXQtc3NsZWF5LmV4YW1wbGWGKWh0dHA6Ly9pbnRlcm1lZGlhdGUt +Y2EubmV0LXNzbGVheS5leGFtcGxlgiJpbnRlcm1lZGlhdGUtY2EubmV0LXNzbGVh +eS5leGFtcGxliAMqAACHBMCoAAGHEP0l+BSvtZhzAAAAAAAAAAGgJQYJKoZIhvcN +AQkBoBgMFmljYUBuZXQtc3NsZWF5LmV4YW1wbGUwDAYDVR0PBAUDAwf+gDCBqgYD +VR0RBIGiMIGfgRtqb2huLmRvZUBuZXQtc3NsZWF5LmV4YW1wbGWGIWh0dHA6Ly9q +b2huZG9lLm5ldC1zc2xlYXkuZXhhbXBsZYIaam9obmRvZS5uZXQtc3NsZWF5LmV4 +YW1wbGWIAyoDBIcEwKgAAocQ/SX4FK+1mHMAAAAAAAAAAqAkBgkqhkiG9w0BCQGg +FwwVamRAbmV0LXNzbGVheS5leGFtcGxlMB0GA1UdDgQWBBTbdJQ7rhuaWkdJ/uR7 +xA3RjKn2vTALBgkqhkiG9w0BAQsDggEBAEz87Fu1bOk4ezO3A9hJIRkzmRw6HoJy +M632rtvkn8wim5YPOJEWZgzXyRg/9xZX5ZYjwyH3t+k/Z203VImrYfGoGxVRqFGj +tJ7Bf9YJo/igCGtE4mNrS4JGHFmxM0HnsaUbb/WruHv42PTPjOTcPQGTVYPdWOuw +qTCuL7iYAUCEI4wsJlVy2/fUX4cIUC8ILLoQGqaFjpYVyEsieXGzAHQdp4JNebMY +i0lwe46EoVLJ8iOW8TxNeSWEMSRpWpL1Rmiq4WZDn6pjXVafk7D2zZaq7SaKXf5q +4RE/YHPhk7/lEvKu9xieVL19tf9RISlI5YrgBZRecR7Avj62auiSEkY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDUzCCAj2gAwIBAgIBAjALBgkqhkiG9w0BAQswSTELMAkGA1UEBhMCUEwxEzAR +BgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsMClRlc3QgU3VpdGUxEDAOBgNVBAMM +B1Jvb3QgQ0EwHhcNMjAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjBRMQswCQYD +VQQGEwJQTDETMBEGA1UECgwKTmV0LVNTTGVheTETMBEGA1UECwwKVGVzdCBTdWl0 +ZTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEArbBQg+3l/SUFGDENvpvTPnp942njbsrkcfpmpfLQPn9GsMll +GYQvG7YqN2NV44rEGlFTRkhDYVhni1MNoe3VnGRzNknSoCmvhjqiG8ojZTIzj3/a +OIYNiJ7RPei8cqgT9WUjtcsnHLQq2tPIy1Mm8bE9BazNeFHCE9/B8u8y04Ks2+nu +sxMrhpFA89eHNTs3Xt6K7jpx/FJxpYAQkkfkLvADJ//AnFF4utQfqP7QKHGE4V4U +0+6XGMCZ/9VBIy9sn8Vj0vY80jHgug4hZPpgc2NWSprfI6prbWhC8l/qLGR8hgeo +FU5rVR9KE7LR3FnA6gekv4A66SdqF694abnvXQIDAQABo0IwQDAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU1dNN5Fm5XHX22XLzm9z7 +7oAmkW8wCwYJKoZIhvcNAQELA4IBAQB+oK8jmUKMZ7YItcCAnoFvcY4pLgGPcnAT +h30Rc0uUUUcVB66J6+YRHFVWA1X/AgyWI9Jxq/Qy50hGye2fdZmxBa3j5nbZlwAU +2JylwYigjhNHD3CUxYFInxKSaQKKnzLsjazn8pjLUvJLdPuO42l4RVYRJlfW/TZX +vc4Qoql1xN46C4eNjewzW76BzqyykGjAR02JhImclaciZ+oOz04jp1bvMwfYwcdO +7UBROGqUuamfS6URU5rpMkj6Z/2Z0TtneO9nIhTN0P8dxxDTxoKDDko5KOOzXrAO +nDCAamxvxhlxLcFbog3rTGaSvY0JO6T96lepvnOuaYEuRx9oyj37 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDSzCCAjWgAwIBAgIBATALBgkqhkiG9w0BAQswSTELMAkGA1UEBhMCUEwxEzAR +BgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsMClRlc3QgU3VpdGUxEDAOBgNVBAMM +B1Jvb3QgQ0EwHhcNMjAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjBJMQswCQYD +VQQGEwJQTDETMBEGA1UECgwKTmV0LVNTTGVheTETMBEGA1UECwwKVGVzdCBTdWl0 +ZTEQMA4GA1UEAwwHUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAKSF8tIItlPf3KpLzUgI6JVW/d/+LZP1zYedrDFFXjvZu+4uFxE5zp4vczbX +k+jhF0TZk292eStA9kVMDePVMcGwjNF3Up99yYisFe/h4ovt/w3Op9b7KS9xy5Vh +fUNqxphHIUS4/S9+7o9DUjqNP94EszDzFu8R3V7QXdDE9pSn4UZMVDTozpeu+rLo ++FOkd7NQIJMSKOdCv1HOhcFuuj+4FkLlo8k5bDgEVH68xTOL92Q4sLwubHEWl/Hf +1IA8POwoOVLtuLj4GyIrbqM/Yj779kmRX+LtjsJ1kAmLhsh4T/XhTaOyqz/d253v +OE6hM6pM0KsuFLpdPDJynpSHoQcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8G +A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLzOh106FMJ8u/MANb7SZ5Z+swVrMAsG +CSqGSIb3DQEBCwOCAQEAXU6HGU8ThUuJz+KCSNYaO3HxxFrNH2pFWwrTjt2tdBLk +uDvicaquwUzq6zetEys7v70WOCprGB6uARiet1vU7dg7cmrd7eWibMDNoKdcPNML +oZLO29WL+hvGTx/UD0o0j7l+ab2XB83q73mNRlqRBXZkkykaqWt9qy+LTvI7QYbc +ZoONmVE1wbq5c3R9L2aa27uJsfLPAErjr3mpnNtFhJfULv+hpmXHVukhra+VUkyp +jTiY83ad8ZHfCIxfZ+MUCcWNGj7G4Rkfd27MB7fDEQlisaSk8B17FK7oIqO/NN4E +w1SHQ5TRZSmbOTGIfZtS0KaTaZdZtBNee5BEzQz1sA== +-----END CERTIFICATE----- diff --git a/cpan/Net-SSLeay/t/data/extended-cert.csr.der b/cpan/Net-SSLeay/t/data/extended-cert.csr.der new file mode 100644 index 0000000000000000000000000000000000000000..7aa24d49bdb3caaaf188be349c8bf42b5e7aaeac GIT binary patch literal 877 zcmXqLV$L*ZVhUzrWH4xAR59c>;ACSCWnmL$3h*%$HV_1HxOlkyQcHA$gMCsHD`A4% zJX|5E#U%>CrI{tEhSCO-AeDN;LU}-y#l<;5m3pZaiMa(isfK(8JRnI99@gNJM4)0p z1AY*nnTNwGKO;}UB|p`W*MJ)-~UXk=^xQ^C%|;gg@7n3GvjX~<*11yaGo!|Yq6 z2jj8uFeB;K;$Z<92=jwB50jURp}2u4NS`AQAK0=$J%xbMq@2uTm=QWW%)vkdwG1@a zIJMe5+P?ELax#iZX8{e;OUX}l!1NC=oRkcB;i?%KSs9p{82Lfr$Hmmd$jETn?X~6g z^h(Lo?s3y|mmLn+sn5JfgWua-`slBVMlmI!u6GhWZOzvtt!sL+vg7XQ*-<>N7hRbe z6H(u+>+gSkLrhNS9+NYA3#2rrD5>cLot*q_ebD)D1xtTx@UG17Po6*jWsJ(=jIB=c zX|v}{RadMQo@5hwXtqN|tW;;lM&7t@1&({Bl-@Em`|G(QyDK4D;l#23g#uAQSNd%P zJ(>Q`VHVoQm%4DmzWJQLQva~WD?|$Ke!6=_-G&pB>+NP2xm{bl)Wktc*($*4;@Y+q z_YFQMw=`R=y?W;eM|i^-qe;TO>+Ud~KQ+1iy?Q;f@saGa4e$T2tCh}9e9g)D?d6)% zg_>>cOw5c7j0+fmQ3?xDMs8pTF)}zC7z-7;{FPGrDWBDuv-hk_pZ>v)cMr5@nO~dq zvf)+sCHb#qDTnN~FI{}8Gv->pd7V<)9l?N#esK;af$u_kcJu4r9$RvM-BaNc57WP# zR?E71qf2FZK{MB-jna0V0rFdFR@9j0v}+h8o%dy3V(lT?QeeZd;8W6nNe_E@F449P zNB=}-+2vi#>nban?s`goMJL}C=_#|VK7_2Sl+b(PY`JfiVx0Bd*uU1d1QxDc9ILr>mDR=)P j*%J!P(w-HRW#{dw>?mh(yf|U=+0%7-p?}^#o%jg=Jaa&y literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/extended-cert.csr.pem b/cpan/Net-SSLeay/t/data/extended-cert.csr.pem new file mode 100644 index 000000000000..d7cca16166c3 --- /dev/null +++ b/cpan/Net-SSLeay/t/data/extended-cert.csr.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIDaTCCAlMCAQAwggEkMQswCQYDVQQGEwJQTDETMBEGA1UECgwKTmV0LVNTTGVh +eTETMBEGA1UECwwKVGVzdCBTdWl0ZTEbMBkGA1UELhMSbmV0LXNzbGVheS5leGFt +cGxlMQ4wDAYDVQQIDAVTdGF0ZTERMA8GA1UEAwwISm9obiBEb2UxDTALBgNVBAUT +BDEyMzQxETAPBgNVBAcMCExvY2FsaXR5MQwwCgYDVQQMDANNci4xDDAKBgNVBAQM +A0RvZTENMAsGA1UEKgwESm9objELMAkGA1UEKwwCSkQxFzAVBgNVBEEMDkpvaG4g +US4gUHVibGljMQwwCgYDVQQsDANTci4xKjAoBgkqhkiG9w0BCQEWG2pvaG4uZG9l +QG5ldC1zc2xlYXkuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBANNG6znXZ3kZy0del22mw1C5LwOiKA9LRxvF+tEyXHRVRdxhST03rGKuguSp +iN3Lm1oM66LUlVxYf4MtT0/XsFxsVbw0zC6gGiiUIiYsUsmT9q9Sz/ZwpfsoDalv +j2Ofn+lcJKNotUIfZpuclSchexOSPFnCm0B4XRqJaLENXvZwQbyUddo1Nv1JuGuK +YFsgyMb/cRBaUtSPPBFJAv+cAxK+DmWhkL6fCfpl/AdfIFkTu+W7qH6wyJN/Ppty +RtajpTRAKiM6UELRrYao3zDwI4SDOq3V3MQIV4DMMpITja7cAc/Kk4fvJ38DM8Rr +zYDv/659G2th6wkB9umsdaEphocCAwEAAaAAMAsGCSqGSIb3DQEBCwOCAQEAQzAz +EnFE/Roi+R9qiWy9zRyOL8GI7uArmjfWkumA6mvSH/V2ZMI+t6Wj0olc1m83fiJm +3BFQeI8XCAIQ9xIuPp9+7cak367lE8jhZ/TLJmrZ2Iokp3CDCtKxGz6JUB+0fKh8 +NWyHKDJiz00FpDtIFYRwPACg8mL/GUg/HwoVhrDF/FlqPm7Rbop2cpdFyh+oiQ7U +G5SbOvBUqXkYLuRDOb6aIV47nV39O9oQoa2jXS+j1IjN6z1nR5OCdGVe8QnNSRYl +46kiQYp/9YIAyzQSQ+SVqL2scJAFllrKAyUFNxpHT8RrkHA2ZuZwdmtuvHmIdwRB +0ZCzzct+blX87+WR8g== +-----END CERTIFICATE REQUEST----- diff --git a/cpan/Net-SSLeay/t/data/extended-cert.enc.p12 b/cpan/Net-SSLeay/t/data/extended-cert.enc.p12 new file mode 100644 index 0000000000000000000000000000000000000000..a8a92ba296cbdb6f5b15b26733de926e72b93a56 GIT binary patch literal 3731 zcmZXWWmFXE7KR6$p&7c77;;8nWT=Gy_ny1f{qeo~+s}U2{<+tSK!Y*(c()K}us#7XEJ`)%gdC3$4~qsX1JPiG z8!UrB6Gi_sBEX`F{BMvqJ|5tvp#GWQAy^4W{=I?hW+NC#G;5XjdU}k08y}wt5Q-*} z6H26w@msGnLSH*uuF8naU*vUf0lNe7rA~q>sia?v_}-l{abZ1ePe=g`b=k1Qky!Lc zFw{`j{070}r4n<$>@Ok!MRrzQg=w_*C?UG2K97MJs3Wp=7&Z`MrzFaCrrHtyNVH|7 zRL9W4^?fWWHm47)ZeWE%U-k_h%D>rCxC)P}Z(A7vMs;8Hmx6+!(IZO_eW#8l6o$PU zz&Hghd`^=iIkIgx%&zh8KqVe~vJil6ak9ysbvYYRk7QnApR&<5y>zxS98;C0-eR6b zb5fhXwuDReBaPsp@BpT}VNI*cbBkj^;8w4aSCYmAg7-`DsicFDN{($uWZ!#-y^^*E zAl4EJiOUb>gFszxlM>WDV2Ta0-jP68=T2i)afr4^ozG}I)(JTRLQLd4fa`3^ucmbE zhK5N+c;MJ2Wx}H1d1V<0>qI8<&2$Jf!P``B<6^_WaM{fLNrL#2uj~X9dqgBH;l4a< zbxGm_6^P~MtlK0UR|3qtAJ(-alpeX7B%!%u>iLm58W%^a+faKKOD%74M&IISB53>J zz7sP_zpbtl%odXm`=0L_(PhC$Z9*5#5y5GLW8>MvL~8Ms`s@|@;(3v2DBevh;5%^C zVJGJU#0+dH3NSgc8a5h*$G!2O;FkXLXStEDERfce&}R=6u}DHmCP9~D_-B4x!$$fj zt#$AdwnDk3(B$?qs9EO#wp(S)&SBBuAAxJuVtkMlJ*pBdO+CuTs?@msRb)x_-IC(5 zz|;%k9@LeKNpNNuYdG&Q$JQ%V+E;0=b;j~hW!Q@~_MTTXxzS~{;Nf5O)wSzlX^%tr zxvD5wf#U|>Bn`Y!pyUZh*5-a#&xI#;JTGL&%(iU0w4ty6*Y8Q&%)Hm^8v}0i{1V

io>ak_TU7zZ%*wQUfV)1Qa@6Ty7lXyzSn%{g0F7F4XxK&xuoP?_6jqaW?CK}#wO9xbhf|3+}GZT zh;c5FYt5|2cB!?cwS^5@1u~I3FApX2e<6N*P_2m==sn?T#M|=QYBTSPQ8&O#neOUI zBt_aP5=LZkSl!Z_Mn!z3who~Cqa0Zhs6&?c;_IyT@~t2Yw^}>)Z0LMeH)nA7m9$2h zfQuEylVP~ftaxHsgXN z_V2tvY4iX$O@$=FKNnJD*y(EJM3pAUzB!+yC^+Lylak(wk9gTU_*gi0T#iliSMmc?%z2E##Y7|tO-Jdapisbet%RB3z+b9LG&l7 zUq&JRP#&`v8IRJkH^9@5i^s*ggBpT|sb-p*_gKdknNS~d+bnClu$N(0*Of>mcTXB z?n4{TQjU8Nzj1`V^PYU>$Eg&ZADqY3uJg?0>*e6unXF67!wek8_KyObzt9Q8hbjrX z0=_P@0SQbdGPkf7mwwAay-WF>Qm^@gfs1j`KGzH)xwmySEFD@^ktlkVpyeDH1T!1f zrJ|b*&dQg-9sbfV08>H~``#Kt9EzxMpUP~jtXV&y=+DDEB?Ey@>gGMrRlJ%*n3BDe zmF@2IYKpGYdq<3Se3%@#Cwyg*=j1 zHd88xBMca32_k4hbe0O04jbb<4sNK`8gZ)fN#dTd;ct0J`iB+rpCx6qZBvM3M+Tm>D)Al7_J@+= zs>OKoMLgpg^ZnC0K4-u!K1)Tbw1h{tGP7qMQ1Mz(d7l3`a+geu8fu~0IfNCAuBI}l zsdHpgO-A^f&2Y&7S{;gf_D$ps@`#OWS2)U_xW{3)VS#afg_)&xc$}4oS&(HVN`=Jz zckNmJTWJnKfkmPz9eqRPjJ-LNKj5inM=~$Dnj+2H#}w7~bp%JcK3N)K15UzDI?vxT zZ-lc}*0r>>JOY%ZJV^Z97No*+Q``gl2@vTO0ntnTtd1b3J%g)0|31l?Njor`4SXIi)5~`LcF}fQys~jC-Nf^t<@cCMp{)S@xwl$i| zVw|A;_{Uioi>rd4Saz!YC@RH07~^-Me{S^3bUE9Q%VtoPeB7s1oV&A<;=u{3tyaY+lFUuA4EdfI@p$B$_aBgAC}vhStop12%4t~FLM z?a(CGIIO}(=L<)XWi*?L(Xf`-=Ui+bUC4D;blwT#6afY2_~O5lxk4Y*6xJ1q_Rm?8 zm$04>jsH(2e30AxfEYa7U#SF$1`ed;*!J)*3hN;$=GoI}#k9dJjgq;+ zImHD#Ri5rLk~kiB{s6@=EdrBVi^SzI3G0M>rLv9`76u+h55p9Ln6Hsyue*f~UN&k+ z*zY|P1*{TW20(`ohT0>47VdkFQE3o-@!~#bu=+#L;rczp$Iz~fe6S)bf;n!AKZkNW z23)Ms)Z*%VR2rW}SOWNh_F- zOyyKS%-lJ!A>uhBR;ZvpY(T;8;S|O%-XOlft>kw`Zicn%k3)kkhK!(3oxEeV3LIq& zHjZ0S^Rq?5SZS5cQ)O*VN6Y=Ut5RDk?K*PKsic!D@2B`S+%5p}(Q-D*t}^Xqu7vVW zi`&Z$oXlu5M)1Vop(U0fH7jpGCB3t82K%Ff~%v1?aH_cNeG$8%_R(V6!5ymEyyngxfO z5eXf22Kp*;%}%_BYR{J@m*JnP*bJfMRM%)CpGi$egj$(c7RtTz&4y-`CZ$L(bRk+e zkEe=rlj-EKs>D-Fx>Agl4K!*p(XHD#wo%RFAoVipEV-pRhMwq9O#~Zkw^54ep?x7m z*R0kle7U7kc&@MH`Cc~NYpwYMWxk@ZJV_*%pBZ=DO==NikK zpU(oBuU&q`)AvYwQBkeU;eTX`cW|XV`um>{yXDY;{v5b~su4?FoB& zAad=y(l+~NB~FHqyZg@O{Nj`gM44S7A8rDw!Qm!SLp0M4C^Kg zSLiCyNJw4~F-+*h=mf4l4e0yoqZ;C7?`@jU@J0G`}*)_*(x z;!ZdJCjeIj62XZeCIH<5-@<1G0f4kJ0&oSh>x5d0G{wt=@ed9kHQ$BsOf&{(-0RS)!1_>&LNQUrs4#*Aqyhl|0)hbn0Mkb6IoD@- z8Oujrmu;rQP`NJyq9_kbM;pcZ(K1|gRYlxkNj*2LVy=SZsfgXnn_3L(qSTdKSbu{p zPfypdTx?amG|Vob8Yq+^CM;6PllHGt&-QSo`zQ^mZ;xZ2pXppAqiD54A7-1Jl_w#4 z6Ouex!ka*NT^fmKu?=4Ka6!D3b=oyH{YkiMieOtH$j1M15L!~yk311c0{@%?621;) zp^(0x3HoLH2VWpr6T9WRsD7}>lYc&&az@spr8Gb)BRWt*(XEE4-!Skago8S*)!f7g zSAfhik`s-t+yT$ZlZWpoe*-hbYt4Y~|E_%-YhmjN0ru&vb)hMShXMlu009Dm0RT*U zjaIyj7&1n@*x1jQfp;AGkb$VD)U)!jYFS0LV`QZ)Aj!WF0_Pk~g%NyO@huAknO@X}f#{L)KfNV9SCEJoCm=29bH=PokyGbNA?TktC_u#>qdc)Z?A zvDE6j`;L3BK0Pfjn*#Mh&GX(T#N_y*O6FiFd*;Fs&Q1+L!ktr~#uaKZmR=vwR_z!P zO^&OYZzNI$__PN{H<8Chd>JssIN4q0Col&8$a*rRi_i`d!cl`DCI%Ugy*-b2*Nx2l!+qcGJ8KTqn1!vh8T(0*sQe37+i7w&}%&XEFvfdJX+ z^jVG!akHqq-wxoDC0CeXo5+LtxH7?G%5H9NfL@>W6n_*lSnzg14a=7r1vEhH-vA#d zB$qHpSI3GQO43<+CK zw{c16X5_eutp_NM9~?t!m>Rt^P;3Q$Ou9K!*vGi=Q)&hh0pM~0_Jffo$^!L>@HYa1 zfdI*+7>gfdIyPAiH8i3m48UQX_&$Ha}aqAD7x$ zm1gVMKw0y6(PA43U)G7+=EFK1a=PH+#>W*p<;pWOId%%D%+qPHOD!ufectkNT*sYK z6y_42qj5A+W}Y{=*{0;ys;E|dQorX{w$po^A#48HHveF9_ICL!-?mgk7YKbUi#1$2`j^Ya$%8YJ!G9LwGn>Fzn}F-NVo!V)NnWgLg{yiai7 gT9KEDzlvl?vj6}9 literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/extended-cert.key.enc.der b/cpan/Net-SSLeay/t/data/extended-cert.key.enc.der new file mode 100644 index 0000000000000000000000000000000000000000..bd55cb3d62133e42bb8ec630a00fb5f0043a07de GIT binary patch literal 1218 zcmV;z1U>sOf&{(-0RS)!1_>&LNQUrs4#*Aqyhl|0)hbn0Mkb6IoD@- z8Oujrmu;rQP`NJyq9_kbM;pcZ(K1|gRYlxkNj*2LVy=SZsfgXnn_3L(qSTdKSbu{p zPfypdTx?amG|Vob8Yq+^CM;6PllHGt&-QSo`zQ^mZ;xZ2pXppAqiD54A7-1Jl_w#4 z6Ouex!ka*NT^fmKu?=4Ka6!D3b=oyH{YkiMieOtH$j1M15L!~yk311c0{@%?621;) zp^(0x3HoLH2VWpr6T9WRsD7}>lYc&&az@spr8Gb)BRWt*(XEE4-!Skago8S*)!f7g zSAfhik`s-t+yT$ZlZWpoe*-hbYt4Y~|E_%-YhmjN0ru&vb)hMShXMlu009Dm0RT*U zjaIyj7&1n@*x1jQfp;AGkb$VD)U)!jYFS0LV`QZ)Aj!WF0_Pk~g%NyO@huAknO@X}f#{L)KfNV9SCEJoCm=29bH=PokyGbNA?TktC_u#>qdc)Z?A zvDE6j`;L3BK0Pfjn*#Mh&GX(T#N_y*O6FiFd*;Fs&Q1+L!ktr~#uaKZmR=vwR_z!P zO^&OYZzNI$__PN{H<8Chd>JssIN4q0Col&8$a*rRi_i`d!cl`DCI%Ugy*-b2*Nx2l!+qcGJ8KTqn1!vh8T(0*sQe37+i7w&}%&XEFvfdJX+ z^jVG!akHqq-wxoDC0CeXo5+LtxH7?G%5H9NfL@>W6n_*lSnzg14a=7r1vEhH-vA#d zB$qHpSI3GQO43<+CK zw{c16X5_eutp_NM9~?t!m>Rt^P;3Q$Ou9K!*vGi=Q)&hh0pM~0_Jffo$^!L>@HYa1 zfdI*+7>gfdIyPAiH8i3m48UQX_&$Ha}aqAD7x$ zm1gVMKw0y6(PA43U)G7+=EFK1a=PH+#>W*p<;pWOId%%D%+qPHOD!ufectkNT*sYK z6y_42qj5A+W}Y{=*{0;ys;E|dQorX{w$po^A#48HHveF9_ICL!-?mgk7YKbUi#1$2`j^Ya$%8YJ!G9LwGn>Fzn}F-NVo!V)NnWgLg{yiai7 gT9KEDzlvl?vj6}9 literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/extended-cert.key.enc.pem b/cpan/Net-SSLeay/t/data/extended-cert.key.enc.pem new file mode 100644 index 000000000000..0bae8db83480 --- /dev/null +++ b/cpan/Net-SSLeay/t/data/extended-cert.key.enc.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,50C304F62D13EFABEF66F75F6169BFEE + +HFRYa0G0F+lgvVS6moHTsWz9rlWtKEsz+GNDByVmum3mvrgZaylP43ScCOlAI9JZ +kgU0qLsKf+dHO8ODsrc83Xn01ab/AytfbsTa2P1/8RyHcrts3z4yovyGDvUobf4Z +p2h75cO8viwQ5aChDL7+84s04q/niA18OJQWi3zl2hQqJht7Jc/0ReQGsCYIrgN6 +UxOeplLN8Mf1x8cn65hZz36ozympF+D9jZm8lxIyTJWTpp/DFa/C56rl39VUutx1 +VmhseR1UiX+3SE5EMoBiVj7gw9Vtk6NJLiT346c5wsKIK/pczs+PhEfjLc8YP4ZV +QrXRDrOcXCIFmqEoF5BVh0yilNluHXJ2YaBJsWa19/OU3cn3G6OUgw0N3dmMv7j6 +5F32lkfgj6HOaN+4WZ6hU05/lYW9oPAw0Ln+AI6AVVH5JMFtfZ0RN8rCLGfbWRd0 +Yy5wKaHFunNK2L/05EUh3QR/E8b4kPhnkceq9sO2IbQJwMhg7h7A6QUbKuF1ppi3 +gwYC+ltwreWZ+YbWIzBhHIn+RXQQsuiajuTCU8Im7F8aYVSPlIJA1kp5lLzMcBut +nX8O/X5b/fMadSHeMYOX3CHRukkwoM9Xf8pp0+XJaGj71OlR0u7Bp9QCq0qouR+Y +i94st5+mjSM6D/YWoM9SPjEzc4qu5uAVwf+f6uJX/3tYF6+U5nmVtJd/dWcdow28 +l5Ljdn3uBy2IM39KTG76JLnNuy7oTma5wIJGaFyrqBhgSi7BCOPCnqH79MFOr3As +DHlJUq/s4iyhvY589cpHtT4rQjDNT39U5sxmsjiIRSV8MeD3drBRJqvZ7IMSQyBB +XhieoX0SiGSYWa1Mm7YJy3z78K6RQXtJ6hu6dtdWGC3II2HzTe2O9lS4Kvs1aziA +KXUgM+RQOQRKo/Jpy8qus/HgUCLMfSwzsDgVR67NYkjnudgUT+e5k9u4d3A12X92 +BaM03o7hIDUw0/muHqiflqr6QBsQbqA5HJlpg85TgBjVaqyN5seyv8FpxbmRLf7g +sG/fE1njtOh+Cx5aGR7yYn3hdfkhrRWcNJutFONWq9zJR9MPk65kryMKrh3aSxAT +3/9yUDz/gp3zHAWjXCMYeeYIbK5/8E39VN1hojCJB7wznWMKfLBN6xnckScu4qkD +8Klh3f0oHcxuu4o/ow7Fve2Gks6UlYCGG5urLGnklKqktp0vMsCPCO0thtB4TfzY +5tX43esfYAWrPLigMjk3XodA+k9gcB0o6kmU6RS4em/EbwazD5UHdlEseazOTi1w +m3gY34ue08Pk4mDbJ5QUYfz/fseSX5cAUtk6On4QsvfubO83XO+ap0AVGTffee0y +KD8qtbGBQqQRLNwCh4NtQ136C8BOAF7IVtj6yqq2+Ihuak8S1vWpDKVU8uhpI356 +jQ+ZtPTVD3IFo/4IIW563du/vn2sssugRfPYp2KXNVeXfQwt+YEZvGNY0EtdzQEx +DYHE532jUm/F5YJSVdroSZjdpou9tbVyXnntN814qo0j+Oncn2Mf5y0Wsd4pmtWU +NJ/ftN+KBzmhUG1mFjuiFkSZH+GXYOnxYiT/y9C/zc57veoJHETXGmMVGb2kTMIw +-----END RSA PRIVATE KEY----- diff --git a/cpan/Net-SSLeay/t/data/extended-cert.key.pem b/cpan/Net-SSLeay/t/data/extended-cert.key.pem new file mode 100644 index 000000000000..be4ee4eb509c --- /dev/null +++ b/cpan/Net-SSLeay/t/data/extended-cert.key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA00brOddneRnLR16XbabDULkvA6IoD0tHG8X60TJcdFVF3GFJ +PTesYq6C5KmI3cubWgzrotSVXFh/gy1PT9ewXGxVvDTMLqAaKJQiJixSyZP2r1LP +9nCl+ygNqW+PY5+f6Vwko2i1Qh9mm5yVJyF7E5I8WcKbQHhdGolosQ1e9nBBvJR1 +2jU2/Um4a4pgWyDIxv9xEFpS1I88EUkC/5wDEr4OZaGQvp8J+mX8B18gWRO75buo +frDIk38+m3JG1qOlNEAqIzpQQtGthqjfMPAjhIM6rdXcxAhXgMwykhONrtwBz8qT +h+8nfwMzxGvNgO//rn0ba2HrCQH26ax1oSmGhwIDAQABAoIBAEx7jVa8jBgyRrzY +2M+YgXcc+pCBqKfUs/KxallFtmNkpSwgyb8QAuccToURfFryRJRGPh0NgN5TqSFn +CyGXrp/elfDSWiH80ktjSLNx8yxG1JPmUiNf5y4y8zMlkA5b8CstsJO5KXi83kux +1Oq7+457rz49LS+bAvVCzfPeJ8Tk+KJK5mAoe+bCEc5ODUDCnVOgxhVqMpZeH9BW +7RgSTY6rmm8kUgX4tAdHN5HHRXwZMMU42V3lJzAG/8h6MqWL0A4SwlGDICYGJ95A +S0u3zL/c9bjS2nwvVNDF6ni1LN5D1Mq3qpX4ozDVCT9P6ofDAwX70H5nuHyRtWgX +7oULzpECgYEA2er0WY4McbOou98O4JMlV5hhm8iD+bgywWPKbm5vgF6f9hR/FDJY +8HZBDcuXGgU0QOzfAB8oJJcwR1fHihtK2gKQ2JjPFjD7L8VGEW+VXTWZrK662dvz +yhqcH6hWjy8GrtJqAigYPa+TzA0kzsURwuWxs9WNJriH7QGtKb4q1DECgYEA+DLf +70ogc1S2BwGScG8FZTv+5wjOh8NQw53gwjuOuB30a7sCOJYFR+vLo/1DQVIlBBae +9j2Meym9b53lyBz641Vvld0JhE6TEVgMCVtOt3FJ6GbkuImtByiOHxxDapgavTNQ +bAV+TLo5U9jHuPBTagYSAeByAfaDkSbKAvWI8DcCgYEAyaXk3knXsg8xgEd0GNOQ +pnHXQLRXi2irbtDMrUt72im1k5x7y1CbhEepAv71n5pZNAr8f7xVBSbyAdJ0TpPa +u8nMBuHAHyTMCvRdVh0O9eV3gpddR+OEv+vHtHOtRWmaoYMLnVtEszAZb6Rp/vvU +56hsu6BMsRvoi6QVfJ8AOsECgYEAxnsgu2JDCxfOLVIjgkg2P1u4H5faWZVm69hA +WfN40WIbCV/Widvmwzoccrrg4sbHFTrlyjM0OXYKqMzTabFLLSswfd7yclzHnVIU +5hKfo3E0UmaeN7jZpuTWqqhWfVK/51e203udIcy2dYfhR9LgUeQi2F9drJYvZo9n +cvBZnwcCgYBXSSukPEBzJE80eVz3LxEMvu/TfQJj2ePtIgS8l5vIeOdQlY6Khtqr +QMYcFeMdQwtszLEmIe9qlueIxT+Yc54FdJMg8/MW7Rok7eMcy94V6e456zFHrbbC +EiiJZRyH8rxPcN9akZeJ5E9c9gQ6rXQiB8bTxD3pxP/+7Po4gLGLvw== +-----END RSA PRIVATE KEY----- diff --git a/cpan/Net-SSLeay/t/data/extended-cert.p12 b/cpan/Net-SSLeay/t/data/extended-cert.p12 new file mode 100644 index 0000000000000000000000000000000000000000..333ae1446ac2decae7ce7a01309805e06b6e85fc GIT binary patch literal 3638 zcmeHKd0Z3M7M__*RuYg^WRb86$Z``<5k*iGL{M1-WK%H&2_S(awD2O83={+v#mJ(l zK~W1TC=XF8s4XaqQa4Z$EoucRQYr;Oo?7UHN@`o*d;RsV_s5&b+&T9w-~H~HGxtsa zrp!iQ0>BvWNL0&=lwWF>y;$l% zRoLQYb`BqO0S0UR-9dH14Edlo>S}Q~J)tlbr)R@W3f~+b%VjA8y4*;i z6a7Ru6_zSc`IRAM1wSf|xs=akG4RRbE<|;d#kRAb@*vYGUVKh?EKiioq63=TgH9)` z6xdApThdWE#1!kk2j>Z}9%omT<&e z#nWB)>YLl_P?7(#N8uh$^GzYtM8u)jrFgyZ?!4b zG2d%sX64%=9X;)Pb2R?gTXRMke-}q4>kBn0iK<>=5Lt8}Zutm9>~N2g4!iz?%~~+WYjm@cjWcV zAobdw+S1R?G)uQGDiXNeD>-KGVrlH?z2tUzM(JZPXq=wrSbq1>6-r=gD|?Un&WcCy z&1=%km$SAK?5@OollpR^B1JbQyq^k>_MJ*RY>|9t!gw3r2Ni0~3Ag!3>YWs^NCxYDEKev*(%7;ey4UM6|PzI8EIW;v@ zasf!rON{>TP(SiMWmx>>)M0;w`$&y!BUnOECi+z=1ZPhB*>p_fbakN+`t^W|O%?Ag z6)x7MYwGxZ-onLDO z_T(Ek7`{H==e%k2yfs-T!+$E()$}R#DLH%S>#g^wC1b^un5ExwVmvW7y`W0F#l4ls zbonDEYs6z6uWs(>e&hs8{nNf(+kd7ERM^%O!Y=8?JFLw71rJ}hug|1-+fuA9Ow&33 zc}~7&v!_vVLKP&^{{mZ?T&2C;BVL@7e%QBV$TEK^Q%jX z&P9K}N6n2T$p^;2Wmc1gXHI#IaY#eZ?!%2cf;N;zymXjLv1$SQ-<&j98)t5SxKI)# z!rM3~0&gQAYlws21-Q-;VnT_yUT)*ynq(+`(lY|G!Yy$SA8)68c~B(8!+YVA9&&vY zF7u!`fDtnlL&`roh)F0$6yfT4{EGeX%K|r|^#DUJAu#lZtqH}@QrvPBxBP!|n%bQ3 zOh8`ZodI<_wApTT9UV6dC7$XUrk=o@~X1Gbou%JTLl{a`N*znyQPtNkHgkdYUcIk6p|s08-O3?@v#rla zzqClI>+-B@e^L83M|^sbleKLTGP2~G;jUR%y2p;Jc)r10{JdWE#wvzO{XxItM$Kq; z{yKwO0R!4$BQi!-r8PuQ|0G{&DnRV;=+T6!`E~U7?cL= zvL#jAiAKz|olZ+z874Qbs@C^ZR^8ocR+BjZms?!2Y-h?Px8<`E>4F{jpFUYCUe-%@UIOG%E`>&V$?7G<36xBL3>a;^_agl$pr&;gKGk<>G zx774iQq{F|YRIbd2_D}^cGqN;lg)Ds^jxD0buQX@#}YsDx-j3bqp4=lFPfwVKM}yA zX}M_j&*l=-2bNvE7e`3-M0I9!hM&sf!m`_#@%Wy_Y`+pR7($tuX`7z zyO$y3BeMNL_Oy3f>->pkL+~BZDrskJODpN=R|Y1nv{zvP`pP3cpJD}J?$6RM_cxst zmM`P&Kb)p?Fl1>Jn882F8-Ls0TN+zi>{Y4z{r01pTV#;q*K!VxVrK0|SEcDUtbL8K z<#U}wY77cGgYqK#J6wW>lWuR+rLMo1_3(Lvqn_ZxlkXavG#z`c+1bzkgjU+x#;f$S zo()pEh6JHa2Yof3tI0|d?0q8-&8vBEy!+mX(ts4-%e{f;+QbJ9ThAqCK6StI#HZV+ zV}01EeA~!fn*@VFGBP4b4fL3ObfJsTWVL;A=xbY5`lXj`DG2AmvjHQtuArznsn*6?z3W|?eLv3cXStW3 zt5-A6;_77%)vb?t~m8wnHc}!jYDeX_RIgfOR+UD#Q%R0 rXDbsB9U_Ekyz+~oo_)H(WKM?lLLV>P=sEkEI#Eg_w<$Y(4#DIXi`y?K literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/intermediate-ca.cert.der b/cpan/Net-SSLeay/t/data/intermediate-ca.cert.der new file mode 100644 index 0000000000000000000000000000000000000000..0e6a998ec94b823a5992f88e9230616e8d10eda7 GIT binary patch literal 855 zcmXqLVh%QFVzOPp%*4n9L_C*_cCF*o2t^d<=yR1VJ1w z9xlJs65ZfnpVY)km>@R~S4e7ci9&E`W=X1{fB_#!B{L6uP=0=ig0rK6oH(zMfq@|q zfAXf2v=9Q!t<))@&CYGdvtZZUbGT=pchmn5qL=W{=rZ0jV?E>x&89pW?}8Ni4LEyx0_m< z$KC6CXI1zosBme6z$Eu4dLNk8{~wqWSh4Gh{EB}UGzwcD#)({hH(lbu%>P#%mGyJx zA5FgW&E}HfgI#=zDZdhmlf%4b-B(_fotxqGDgKpCN=+O43Q@o8Pr-^VgBGcqtPb~11PN0uxlDEFxDg`#y=>8B_Z0X3^)_cYeQXP@9;Kl4yWo%*ar;V7>B8r=Ij}99s`G%xlaq z?9@O-1Zm$(A_MQ^xF3P^H^Yt@9nb0ui(Em(4)08h2uKr^5+{5kU+xew4H?ppM z{H*NebOwUnEyr1&&u=mF7 zHx3^6d+QKrku_!K%K6?)1%qe3H1hbB{&(g@>-38E=}IDJFZ`E1E^zr+Q!}5JrN-mU waU1yN7&K(% t/data/intermediate-ca.cert.pem_dump +# hashref dumped via Data::Dump +{ + cdp => [], + certificate_type => 305, + digest_sha1 => { + pubkey => pack("H*","d5d34de459b95c75f6d972f39bdcfbee8026916f"), + x509 => pack("H*","143cc2abd987b88a5534fdee31d950afdd62bbde"), + }, + extensions => { + count => 3, + entries => [ + { + critical => 1, + data => "Certificate Sign, CRL Sign", + ln => "X509v3 Key Usage", + nid => 83, + oid => "2.5.29.15", + sn => "keyUsage", + }, + { + critical => 1, + data => "CA:TRUE", + ln => "X509v3 Basic Constraints", + nid => 87, + oid => "2.5.29.19", + sn => "basicConstraints", + }, + { + critical => 0, + data => "D5:D3:4D:E4:59:B9:5C:75:F6:D9:72:F3:9B:DC:FB:EE:80:26:91:6F", + ln => "X509v3 Subject Key Identifier", + nid => 82, + oid => "2.5.29.14", + sn => "subjectKeyIdentifier", + }, + ], + }, + extkeyusage => { ln => [], nid => [], oid => [], sn => [] }, + fingerprint => { + md5 => "95:50:6F:E6:DF:5D:C9:FA:DC:43:D2:FB:1A:55:A7:8E", + sha1 => "14:3C:C2:AB:D9:87:B8:8A:55:34:FD:EE:31:D9:50:AF:DD:62:BB:DE", + }, + hash => { + issuer => { dec => 3235285478, hex => "C0D689E6" }, + issuer_and_serial => { dec => 3593084692, hex => "D62A1F14" }, + subject => { dec => 2397076613, hex => "8EE07C85" }, + }, + issuer => { + count => 4, + entries => [ + { + data => "PL", + data_utf8_decoded => "PL", + ln => "countryName", + nid => 14, + oid => "2.5.4.6", + sn => "C", + }, + { + data => "Net-SSLeay", + data_utf8_decoded => "Net-SSLeay", + ln => "organizationName", + nid => 17, + oid => "2.5.4.10", + sn => "O", + }, + { + data => "Test Suite", + data_utf8_decoded => "Test Suite", + ln => "organizationalUnitName", + nid => 18, + oid => "2.5.4.11", + sn => "OU", + }, + { + data => "Root CA", + data_utf8_decoded => "Root CA", + ln => "commonName", + nid => 13, + oid => "2.5.4.3", + sn => "CN", + }, + ], + oneline => "/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Root CA", + print_rfc2253 => "CN=Root CA,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8 => "CN=Root CA,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8_decoded => "CN=Root CA,OU=Test Suite,O=Net-SSLeay,C=PL", + }, + keyusage => ["keyCertSign", "cRLSign"], + not_after => "2038-01-01T00:00:00Z", + not_before => "2020-01-01T00:00:00Z", + ns_cert_type => [], + pubkey_alg => "rsaEncryption", + pubkey_bits => 2048, + pubkey_id => 6, + pubkey_size => 256, + serial => { dec => 2, hex => "02", long => 2 }, + signature_alg => "sha256WithRSAEncryption", + subject => { + altnames => [], + count => 4, + entries => [ + { + data => "PL", + data_utf8_decoded => "PL", + ln => "countryName", + nid => 14, + oid => "2.5.4.6", + sn => "C", + }, + { + data => "Net-SSLeay", + data_utf8_decoded => "Net-SSLeay", + ln => "organizationName", + nid => 17, + oid => "2.5.4.10", + sn => "O", + }, + { + data => "Test Suite", + data_utf8_decoded => "Test Suite", + ln => "organizationalUnitName", + nid => 18, + oid => "2.5.4.11", + sn => "OU", + }, + { + data => "Intermediate CA", + data_utf8_decoded => "Intermediate CA", + ln => "commonName", + nid => 13, + oid => "2.5.4.3", + sn => "CN", + }, + ], + oneline => "/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA", + print_rfc2253 => "CN=Intermediate CA,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8 => "CN=Intermediate CA,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8_decoded => "CN=Intermediate CA,OU=Test Suite,O=Net-SSLeay,C=PL", + }, + version => 2, +} diff --git a/cpan/Net-SSLeay/t/data/intermediate-ca.cert.pem b/cpan/Net-SSLeay/t/data/intermediate-ca.cert.pem new file mode 100644 index 000000000000..6997e313db1b --- /dev/null +++ b/cpan/Net-SSLeay/t/data/intermediate-ca.cert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDUzCCAj2gAwIBAgIBAjALBgkqhkiG9w0BAQswSTELMAkGA1UEBhMCUEwxEzAR +BgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsMClRlc3QgU3VpdGUxEDAOBgNVBAMM +B1Jvb3QgQ0EwHhcNMjAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjBRMQswCQYD +VQQGEwJQTDETMBEGA1UECgwKTmV0LVNTTGVheTETMBEGA1UECwwKVGVzdCBTdWl0 +ZTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEArbBQg+3l/SUFGDENvpvTPnp942njbsrkcfpmpfLQPn9GsMll +GYQvG7YqN2NV44rEGlFTRkhDYVhni1MNoe3VnGRzNknSoCmvhjqiG8ojZTIzj3/a +OIYNiJ7RPei8cqgT9WUjtcsnHLQq2tPIy1Mm8bE9BazNeFHCE9/B8u8y04Ks2+nu +sxMrhpFA89eHNTs3Xt6K7jpx/FJxpYAQkkfkLvADJ//AnFF4utQfqP7QKHGE4V4U +0+6XGMCZ/9VBIy9sn8Vj0vY80jHgug4hZPpgc2NWSprfI6prbWhC8l/qLGR8hgeo +FU5rVR9KE7LR3FnA6gekv4A66SdqF694abnvXQIDAQABo0IwQDAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU1dNN5Fm5XHX22XLzm9z7 +7oAmkW8wCwYJKoZIhvcNAQELA4IBAQB+oK8jmUKMZ7YItcCAnoFvcY4pLgGPcnAT +h30Rc0uUUUcVB66J6+YRHFVWA1X/AgyWI9Jxq/Qy50hGye2fdZmxBa3j5nbZlwAU +2JylwYigjhNHD3CUxYFInxKSaQKKnzLsjazn8pjLUvJLdPuO42l4RVYRJlfW/TZX +vc4Qoql1xN46C4eNjewzW76BzqyykGjAR02JhImclaciZ+oOz04jp1bvMwfYwcdO +7UBROGqUuamfS6URU5rpMkj6Z/2Z0TtneO9nIhTN0P8dxxDTxoKDDko5KOOzXrAO +nDCAamxvxhlxLcFbog3rTGaSvY0JO6T96lepvnOuaYEuRx9oyj37 +-----END CERTIFICATE----- diff --git a/cpan/Net-SSLeay/t/data/intermediate-ca.certchain.der b/cpan/Net-SSLeay/t/data/intermediate-ca.certchain.der new file mode 100644 index 0000000000000000000000000000000000000000..b45231501247d0f984df899e976bb60d6badf5f8 GIT binary patch literal 1702 zcmXqLVh%QFVzOPp%*4n9L_C*_cCF*o2t^d<=yR1VJ1w z9xlJs65ZfnpVY)km>@R~S4e7ci9&E`W=X1{fB_#!B{L6uP=0=ig0rK6oH(zMfq@|q zfAXf2v=9Q!t<))@&CYGdvtZZUbGT=pchmn5qL=W{=rZ0jV?E>x&89pW?}8Ni4LEyx0_m< z$KC6CXI1zosBme6z$Eu4dLNk8{~wqWSh4Gh{EB}UGzwcD#)({hH(lbu%>P#%mGyJx zA5FgW&E}HfgI#=zDZdhmlf%4b-B(_fotxqGDgKpCN=+O43Q@o8Pr-^VgBGcqtPb~11PN0uxlDEFxDg`#y=>8B_Z0X3^)_cYeQXP@9;Kl4yWo%*ar;V7>B8r=Ij}99s`G%xlaq z?9@O-1Zm$(A_MQ^xF3P^H^Yt@9nb0ui(Em(4)08h2uKr^5+{5kU+xew4H?ppM z{H*NebOwUnEyr1&&u=mF7 zHx3^6d+QKrku_!K%K6?)1%qe3H1hbB{&(g@>-38E=}IDJFZ`E1E^zr+Q!}5JrN-mU zaU1yN7&K(%{w8XnxxbFn;Ve(lMQHKOkyKI(q^pZDDI zYri%13r|l?taZ*hHp5-fWyfFrx_AA~K~}x?_gFR?d=`5zcsK4s?1dxWrYwKx<`ZJ_ z;@tFgzc#)25xk^)bAZBRA&uuw`vcFl9?aWizeCLF>Ee@?ITkD-b$gB)cYjZ@*sw=0 zr%-JA$NN_rY;4|WSO&e_vEzrdl6Kx=`y{*H-#jPAKYH7DsB{8nciV{y|E~{y7jIf^ zfA{v>_ZEH&jaT_xSgj|rE7r!SXx^0eh3sTyr#QaG+gH1PNgwlW3Ke2}dcS@%L|@qUwgEQdqdou^z()tqf<*ikz>=)$te SnbRY;2**`Va5>BKbprs6zLi`6 literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/intermediate-ca.certchain.enc.p12 b/cpan/Net-SSLeay/t/data/intermediate-ca.certchain.enc.p12 new file mode 100644 index 0000000000000000000000000000000000000000..33810a34881321d3742f077dafb62593f288ac42 GIT binary patch literal 3561 zcmZWqcQ_mV*NupXSgB2oQlr#}s99>%s8uy;Rqd@dHL6A^O;OaUQL~7>cZ~|QqNHZj zs##l&QX^jdKJWW}f6w##<9oas^043`bIyg2@CTA4DEg5|I++ASp9J zNXqwDbP^m%I{)tooP#7CxuUQ@BEZ$x^Y4TR&I*S9uLH%EBNYhJzu(2p_lDIS2!sGa zk)-ci59Sv^)wDO!7hOyCBl=No%;uu6a*V|iX+V=vTIjS3=q#~iDotbwRZ?jQ!J@ZT z&HltcqHr#2U0IX(QiqJ%mASH5uYqc~e0V1hc8?3yT1xJ{C(C(SHRCGO%iXr9E)Ye!SR#}#!6(aiROblghE$p_@BPp=)u8be88`mx5|UN>0=54YuCAh$cF*&B>R2 zR&w%mrIzXMEF^C+8y+S^Q{^?%o>r`ld&QG>=n4I7#u{Ke1|slwB+%wZMCFtQ^s2js z!`hQ;WSx;hG#oN`<}Gm)$4kG}3f0rWgxBfDLZj!5FQ2&=>)MXyi9hhe2Fohgxef0K zdPWxAY?|+L7B&T`Pr_;<>pc*kQd!BnBtv{Sr+!!*e0eQ4t!N|&8r|Rw4Y_>1_G=l< zge*PakH1Y1)9*AnpMme1PzjA%0=qX84Tc5+p`QZJ@7#PJoT2%X6Vag@^g5e6bt^C> z0<^m6nx#AcOMKagqRjjr!P*J*h@J%^y1Sij=Tv@(J5McS@UwmPay`!}HU%^nZjFwC zX*($QhQbw%sBsoJ>0^Wx_}x+ah@xeI3eRmnmmGb0%|5SZ9n+lt%-ohzANyre827Zp zKZsSent31E7DCqfm5gFjJ*6HibZ`hwh1+y`M)`llOsZ8eD`m^OW<=}fTH~yr+BzQD zIWkQ5s#$%tRQw?Ij-fE67i1meb>ZI2KeHg*!tCCUDDIY^)U=fj$D}_EfW3#+&l#iQ ziEezRFC8VpyO{+)(+)ZQBAaqLdWD5v_3UHjv_+*li9(o!JFIy)A~|J=$z zd@csb49Bz}E`Fg}Um1Sx8zEm`>SvLt3R*oOj8`!P$cX$#8Hn*x zDMq`Nun2}xW37WU^Vn8JjccFfJ_9hta%iNRaxYq9V!y^-L*_MG|#tb!1z0E*lxMk8*EcAN+&a(-R zJ#x)7Xdn>fgO+KFF*8sicqRDl89CTJVG3N^U3ykcVh~I3TZ+mw;VF3>tL@wJwU`P! zl?`d|kmOYjk9BKjBPC2es6GV8OTLIZG#kHPa4A$5tg!13xK(AB6yhq=G!=-hl?{+I z4S(dWUiY{;;;7!Qh_THYt{2-aS6Q3Yxfb5HL@Y=Lnh*NJW;m52B$QrIQ>yrk`B+hh zM`b38=DgCmP^rayAFNF7J+1(`m}nUibLvd`Q$(q|=s2mOIcA#_x{)#;H!=6?ZXGR- z9_H53e!DF5@&n()dFk%su&>FFr0WaQDmNc(iPU+XVMQg`gt76l69TrrN6K}u3uVs% zqDqel^^W!I>9O%a;P5lkMlZSx0&$4wN^YEY%NIviY?&!5oej^&gh)1w3!7hUfGw^H?-_n^xCcUj8S;I@qB7T=5J=EVNvsM$> zt8`#HXZ!8WIk9%(DI^52NbI*(KX=0|eChEDX)ARj(^;aI^}N&Wgj|V*Xz&kZR?Gb{6T zauvK$z`Scs_NS#Nh?&|qGUQ05`$|*na>r&+6`W76*K+7dDta#u) z&%j}fvVb>JI#ced9RJAAyvUs}1`Ykmk!!av_DvHct5|L0ayZA?`^ZP@9~Prm7D)3M;HuKD?0XwYP*9wC zbak~w=*Z9ffqXeAR@cV(M*CT5FBL;Ui*EH@Z612s!nmqxtS%sxzq-)HYnbmFLiIzs z#&pqG#q=9oP3(kX8}C-!n#2%_u`^}+l@rlanG-HL+1JfugjrhWc>y|3B)7!o3_>`{F z?x*3Uduge^-u&zof^cm6^t*<*n21_cWXF@>|G|Dx+argk+> zE@!IVkh|l-kcQb?!-@@}g7d+Id+X*hgm%oR*%QQ&v8>Jmj}oOX%PW2TSoW}(sOb$8 z=}A%8+Yj;`b=kANn8rvnmAK=pTc~kpQHd}6PXy`RlrQp{!Bxp?jU2fd4J`WCX^8Ru z05-qD#S=r$lU(*i z$r`6M)pR5|()w6&pS>)gk~_9mAy45EKS;EASpcmb(zW(#J7%yyJ{5j%DC;d0JI!xd zxc?^E5aDJUOmM0>IOt|Mt>w?Z=g}{w9A5gfH{)5_lloeMNXf_VlryFVO(#;D-ToBW z=Ln_Bl^gx%x1!bW3k9h<4vY6pjtNrR;O*|nOXGxv50+zktkNao3rDmf=Xm@xz1>_% zdV*&j+#*8qeVcCVl-Y=J*E%?O-j?PjEk)02t)5t+R&}@Zd$vmV4%vXrxhQWJSDuZ$ zhFLz7IC{Z+P%Zy8+?hq=xn(G7lh82?panhE70ga$WPU1)YR?-zeE4ej+Vz=+|x}0AbG#IixO9Pi>>#GeMQo5d)LgZT~Br5?Yxi8PsVCVhpCt^$NL*^ z6;cj|DQm2`M0jKF+>VryN*8qkCT$t~C}OM1Pv@AJ!Eos|r*l(77bN%jRDTP)i==a_ruNN*EzKbaRz6?~2^3!Se-6SG8?q$ga%R#+YH7n0#&;?Lh?VIVCL;18;IoR=grylCT1%&722|7d>uaB_q&yIAqY z-ktF!k#J&N9z*n z=gcDw)}e82hzaud+}Q&nPi`=uO8PH>?m?x~1HtyUK2i{66wFkJA(dH&TXWxK9+xOO ztQwG}MSGvr{6prf*EiSO$h@9RO7gP8TBswNty;n)|KHEr>(+FGkk zLhI%FtJfC9>SZDOdYd$-_NwP&&CL_cUQ1kwz~@Nc%!b1Snmo{V3$TV12bpAJHCh4SSQrSBe{(`3pPzK)??wI}Uu=?E literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/intermediate-ca.certchain.p12 b/cpan/Net-SSLeay/t/data/intermediate-ca.certchain.p12 new file mode 100644 index 0000000000000000000000000000000000000000..f6a5fe341fa0aa5b24fc0eaa39256d684a1ba631 GIT binary patch literal 3466 zcmeHKcUTkI7SE)BlmH=-W&vSW=_G(sLhsTc0-`h}AyT9U1y_^=NN52OG$1TZ1gU~p z=uJh$rGto|EP_%bAjPsEu!C=#`_KEn{oeP!_s5%=J9E$PoLlDHbAM+BOGDD301Qh* z+H!Eo(#`0fkN_u;OGE0zX-I7l*1*y@E51>2=D=y3nIO!<(%`}zJioQ#z;?P*s zw!qEHZB3#m5D1o}6XCyuJiOdTNFfvnLZ~-|gcHE>ZCk>4Iqd@iC=!PH*uBC?Wh@p4 zo?nk+!blbMzld17e>#*1R_I?t@gMf5kb+N>h~6hCr0pSTfFu_A=j#9n2#f~sLqMDx zN&^5$d8KU>`_0Dp2oW5zDRV&QT*RdJq<`mB(3;ncHfpN=_gk^VmaK#E?UW`*US((KYjTbxM(xRgy2hP^Tkfv-`AX8iH@4KaiyE zK0UDej_iwpj;DnEOI6y4vaT?@HuQMw@}lwpt!#95p&BhmPtjW$W*o$;xxI>C&HU_?|vxucfB@GGuzFt?YY#sFY{B7R9B^RyL67c1Z_5ZQ418esYy*67Avk7ez-r35)+O}g zNbpML*!n``{*-`kf(G<40J)HRODe-4k$i8*-ImB~YCuquj3SU69EfH_ph7It>`ZrZ zR>Zw~i`wnr2y@ti@?Mqd4=P<%o;EXi!p;fJs6v!azCAO-f?%F!-Dr)?O+uUU2c|uu zn&k*y_J+piD9q?O%d5*8gTB^u#QHAq)>tk!So}Ic+T5WNT#SIkU+N`qK8hIn5 z4^IwTBuiqtdbjpG78q!!Me&(yNKaO~Rq|zFBYpe=+C_sDT94-=-&uNHZe()d3pVDQ zikm_zys3(&;-@;b*KyP|tkfT&$F&m&dJd!2Ryx9{iFZ)lSip_g-g3ojW|jY&)bJl7C&_7<|c=-IlAQqa>YCn5}e+S5(<8P#kk zU06sqwAWv>HxdnSetT6%b_OWeo! zIQKx(%W{g~R1N-hP)S9r<=i{9amY21t5}r|M(#LIX>9uCHqajUrSeR zk&D&L3UF|mFgZ$>I$+Z`}8(ExPbBp0jlVd4}GsILGv0~qdQl$jzWxPIp z%qxnSVRx{#t~P`cq2zUKv_7tCxd&oCc`Lj)Yt%TJHK@3iS4ev7IJ>X>))jlpVy1ff z%9$URQpR^Ax|1g{T#uMyI_(pp;%EJT;=KO=#dWf(py2(UA21a&lGmG6U%?+7VHl?M zkz_J8aIq1Y_PvFv-Yn-kXty6O8Fle~sKn9`QGaaq?PQLiz-fp;5cUJhslRSZPzi4V z(|7|Efc!0k!D;Y9P?Ha8{-48s&tae^AY60e*UUA zOz0e$hPG{c%}mo>deYShO6Cj0Q)5*r>gPM8TWZ{lY*rvFX0LP4+S&^J&>35ooCZ@W zL-hR{G6##TkWeDaIo^}+!cnp+e}g&mmVIE-nmtF4RmmY$K3O8N>7*Y2`-kdQ+K!AEo;@v z9~wSzPVBh37@$wIDvl~#if|^>am9?W^h@ zkFrQ{GE*7~N&4(H@#LNk@XUo*cxXRsN0dB(xP4w@{}D(h+PUk-4eOMGS+EcnpSnk!?~#6K+N=SOmvY^q|u zyt_Y4c^n^Qojo`3RC=baCA*NQnv2>8rAF#nWc0SHp=6`4!<_i~GG-qFbMM`%#g?Kw zyE#N~>kW9F{*laD27~C;?)SnDwqY)wM2_hA9DR6dd_f19*PGf?25oNwSU?>UL0XxT z>~L_O4KtS7kXLivt-vvMcc%Z%YFD?nBFCi^7KDpKmz6 zs<$~i>%4u|A zoyD~^A8DNY5ZkY4<8tG(`>2_(=}RMha0-IYI^zJo@4a2dM9%r1CznoV>Nk35bdEl{ z_}wDKMOrm_cX6QkdwN8oR#2;s_nAI1g=ajOGLvN&*r`E*s6#V54dy$d=R4Gwq`%}* z=aX>5k0nSRzo0A7eD~^fqq5!o41|N7xGT20XY^iC6K>zBugYA|N=}H~Y>4|IJO6>o z|LP}@0(KwxPlJ%-gF(d*5I6>IRgL?!@M4N6Ce`fsiGy^S{bCKigCL++;5pc(@+)i$ Bb+G^d literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/intermediate-ca.certchain.pem b/cpan/Net-SSLeay/t/data/intermediate-ca.certchain.pem new file mode 100644 index 000000000000..c125d6f4a984 --- /dev/null +++ b/cpan/Net-SSLeay/t/data/intermediate-ca.certchain.pem @@ -0,0 +1,40 @@ +-----BEGIN CERTIFICATE----- +MIIDUzCCAj2gAwIBAgIBAjALBgkqhkiG9w0BAQswSTELMAkGA1UEBhMCUEwxEzAR +BgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsMClRlc3QgU3VpdGUxEDAOBgNVBAMM +B1Jvb3QgQ0EwHhcNMjAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjBRMQswCQYD +VQQGEwJQTDETMBEGA1UECgwKTmV0LVNTTGVheTETMBEGA1UECwwKVGVzdCBTdWl0 +ZTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEArbBQg+3l/SUFGDENvpvTPnp942njbsrkcfpmpfLQPn9GsMll +GYQvG7YqN2NV44rEGlFTRkhDYVhni1MNoe3VnGRzNknSoCmvhjqiG8ojZTIzj3/a +OIYNiJ7RPei8cqgT9WUjtcsnHLQq2tPIy1Mm8bE9BazNeFHCE9/B8u8y04Ks2+nu +sxMrhpFA89eHNTs3Xt6K7jpx/FJxpYAQkkfkLvADJ//AnFF4utQfqP7QKHGE4V4U +0+6XGMCZ/9VBIy9sn8Vj0vY80jHgug4hZPpgc2NWSprfI6prbWhC8l/qLGR8hgeo +FU5rVR9KE7LR3FnA6gekv4A66SdqF694abnvXQIDAQABo0IwQDAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU1dNN5Fm5XHX22XLzm9z7 +7oAmkW8wCwYJKoZIhvcNAQELA4IBAQB+oK8jmUKMZ7YItcCAnoFvcY4pLgGPcnAT +h30Rc0uUUUcVB66J6+YRHFVWA1X/AgyWI9Jxq/Qy50hGye2fdZmxBa3j5nbZlwAU +2JylwYigjhNHD3CUxYFInxKSaQKKnzLsjazn8pjLUvJLdPuO42l4RVYRJlfW/TZX +vc4Qoql1xN46C4eNjewzW76BzqyykGjAR02JhImclaciZ+oOz04jp1bvMwfYwcdO +7UBROGqUuamfS6URU5rpMkj6Z/2Z0TtneO9nIhTN0P8dxxDTxoKDDko5KOOzXrAO +nDCAamxvxhlxLcFbog3rTGaSvY0JO6T96lepvnOuaYEuRx9oyj37 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDSzCCAjWgAwIBAgIBATALBgkqhkiG9w0BAQswSTELMAkGA1UEBhMCUEwxEzAR +BgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsMClRlc3QgU3VpdGUxEDAOBgNVBAMM +B1Jvb3QgQ0EwHhcNMjAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjBJMQswCQYD +VQQGEwJQTDETMBEGA1UECgwKTmV0LVNTTGVheTETMBEGA1UECwwKVGVzdCBTdWl0 +ZTEQMA4GA1UEAwwHUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAKSF8tIItlPf3KpLzUgI6JVW/d/+LZP1zYedrDFFXjvZu+4uFxE5zp4vczbX +k+jhF0TZk292eStA9kVMDePVMcGwjNF3Up99yYisFe/h4ovt/w3Op9b7KS9xy5Vh +fUNqxphHIUS4/S9+7o9DUjqNP94EszDzFu8R3V7QXdDE9pSn4UZMVDTozpeu+rLo ++FOkd7NQIJMSKOdCv1HOhcFuuj+4FkLlo8k5bDgEVH68xTOL92Q4sLwubHEWl/Hf +1IA8POwoOVLtuLj4GyIrbqM/Yj779kmRX+LtjsJ1kAmLhsh4T/XhTaOyqz/d253v +OE6hM6pM0KsuFLpdPDJynpSHoQcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8G +A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLzOh106FMJ8u/MANb7SZ5Z+swVrMAsG +CSqGSIb3DQEBCwOCAQEAXU6HGU8ThUuJz+KCSNYaO3HxxFrNH2pFWwrTjt2tdBLk +uDvicaquwUzq6zetEys7v70WOCprGB6uARiet1vU7dg7cmrd7eWibMDNoKdcPNML +oZLO29WL+hvGTx/UD0o0j7l+ab2XB83q73mNRlqRBXZkkykaqWt9qy+LTvI7QYbc +ZoONmVE1wbq5c3R9L2aa27uJsfLPAErjr3mpnNtFhJfULv+hpmXHVukhra+VUkyp +jTiY83ad8ZHfCIxfZ+MUCcWNGj7G4Rkfd27MB7fDEQlisaSk8B17FK7oIqO/NN4E +w1SHQ5TRZSmbOTGIfZtS0KaTaZdZtBNee5BEzQz1sA== +-----END CERTIFICATE----- diff --git a/cpan/Net-SSLeay/t/data/intermediate-ca.crl.der b/cpan/Net-SSLeay/t/data/intermediate-ca.crl.der new file mode 100644 index 0000000000000000000000000000000000000000..160573a5030a4fe23b20d3f9c686e1b967cf5bbc GIT binary patch literal 462 zcmXqLVmxKgxRr^K(SVzcQ>)FR?K>|cBey}IA-4f18*?ZNn=n&=kD;)EAc(`o!{wJ+ zq8l9SlbTow6XfRM3P~+4Q3x*0EJ-z#Fc1T&Wai=b%qvMP%1uqlOe{%NaCQ{uH8La z^1S_#|4p&GiA(-ZTOVh>|8tL{p>%7C zMd}Z~(85i=XWmG@UUF)+UIE8T(N!O%FEb=MZ`98_E2y*3vwtnuojWOW+snV2&iavX zDe(91@ZedJCy!X2I;`?^V7%&zF162eA3=c_ebY*gFWn^h#bY&nzK`?>= zA}|dG2`Yw2hW8Bt0RaU71A+k$05F093Ic)w0RXMAP=oE|{Urq$F%7<((>{8A<7wk= z%H(nSW~K7bK7U5A$z>UYFB`ThH)B=fio_aGQ$|QbVOVF2Qw^c*)tqE=Hc8T;DX)e) zq8rL1Wim65f7&>P4Tzr6J?Ol0s1x;NBelyX9JDIh)5yzHCh@U71+2|@QNk17!Se4i z(}Jwq>F%==D~6Fk^Vf$pJ2zh5itajb{8DkHfDn>Lrml(jA|J6YwFKnO1W776K(lOw=4k2XvU~^+uN}Aszs%vd%Lh@hgEM$C!2dEWJ zYgHdg6SC3VS-|QCq`!bV=_hIzuXt&>?_B}|0RRD@05A&%2`Yw2hW8Bt0Sg0y0RaF( z)dL(19-6AU*X?~C8xLj}vXkX9HP6cH53OQG{MEpMNPaX<_khmf7E&S8CKjQEQO@wY z@;PNYev3_c^udObb?)*$f44&b^}pc)V-6}pV7!a0(|+S1?NVAM?2Yx;9pim65dGea z76N||3X*~Gz%;piXwR6R17wFmR`BX~Yosr>(aj zA}`I)8aBKEk_m{*x?Of`9<>WAe`h2)|B6`|kvLav}rxlDg@qKpho&2@vQK zAQ}l4PPpIy$hK0gWG9_QlGmx49aL4p*nv{SZaN$4>n=ZdrlR4N0c?~~x^x_$p>jS` zVEgHn`~qcQccP8P8!BN9U#asLITA7m2rFKRjreS{g11bp6vE_HI(>F%T^34hf72{G zq{ovhNyy+0{>Chtrswf2z-y4I%0uyiuXaHe3UAXpL#y2*b`76(16|~~xA4a@W%ItH zS4h$`co>>z)4Gq90BX23bk0F!n)8sb1{k+M^5J$IQxDmj7(82?1FrQk&UT6#=Vd*4 zX{MY_d!E+;M+84{-tm$33q zjH>&Q|F?vnv20=I(_(*2E2f<9t;R8b0n zp1XK<;@&q#o_8WzS-4M(;{@y@HS2l7yV1q2B~>vo+kJ+wAyWleR8+|j%jN_1B%8Av z8|C@2c}yTS3xV<*2k5e^<~^3A%Y$PsX>!VS(+hwI<_e*{#Oc9MBE(s_c)Fe^aovD8 z>c|PCSjNaE`F5jTu({kq-DiK$IT;$hojw-&x$p<851l7Z^5*Kx=}N;Hj9dK1)q#Zw z=)59nsbSTYM8e1J8c)(pQ%^w6>t0YNjCEcqxHW?nZZJJ##L;|@|2(I@&vcI|hR|m+ ze|^LhR;=5XHaHuUi1}D}hyKV}lyOj=(K7<<;udVb^g`E*R^EMaow*}E(b*RPflVL>O3iHxGI|;M=zM|RVvuSl{;K= zs`)S|=waF9U`0Tl(Ys}x7zF@2WoNv?ypdT=G7>iAIyzAdK|!E)hs&)@a{QSo`7q92 z%l4Ppj}|;&c{hbMQgGT(!QG>S@d__>gl#VFto`H_%Sz;RbtMlj>{E0E%D^Bhz0c*L_puj~WI8hB9>L4)F?24`c^i-wtnudpLD0;`XdW=(+Z&h=KI#%?&4z zHD$cDzSY=-K$e4#6ici?7y?BAXQ8*8SEEzohgKNu0>{`u(BG}Z*kR$V_IrlGYov0rh7q`Sk0g+Vb*E~u}j z9qJ})$@k<^kC2p>H};e>H+3lFA6Y#~`cR_Ov3|jGTkOojT4moClaUau(wCU~)F;O8 zZ@OBnxvzZiy0MwK$gI|2*DM(SVIb6TCSEj~WyXQ~6lcM_#9tu**`AAEbIV~~bZ4Oa zQIsWwVCO2d`XECEnB&-ua=R)|M7Nn*yKrS$xI~Q}R=a`>W#tx}F*gU|UWeTNKJoRV z(=}I)NA}Azjk4_>GhKyF+p{AN4RUhz)Bz`Qm27ildmV?T(~2vA~xK_Dkc1>BRy^rcnoHGPabX z9c7&zH9j627=v!_i0ZR?gX*uid877Po`~Bmwn~q=K14m3N%MH4$Bbr4ae89=CINA5 zJ|@()$g;OI-S$Lc*RB%0>)}AjU$|{YncSDHi~-lDO4{ACqnvjr)%zja)y_aK8n(8FLV>mwNDqOxV0Y#Nt%&zqD>r;D zseJ2I7T}dlABeINAAc;!cf|&8eSxJ2Ap~R1Hr9=`eT96Tq6l5q&N^MtWH8zXn!bP3b6?!7qY6qVbWNET7{Z+``f5b_ zp=+qn6+WB7Ypo%y?@^;EQg>bTxCqauwnwaRU^XsaY)MVFP}6j#s9rdlp_OOB+lo z21*DE$vyeQJ{oV45|^r`EwJfWbzJK@l{2=&PhIAcihb9SrFt<5OjQj9FNu_y)t(Z7 zvoVY8Lw{|y#NSZY*1SQ#8`yH{;#s(pk)nZmQch6^^NheG%mJ~&@TtI+dZz%xgf{il zH?S+xvJ}zt^HcO?JtsH$8N(9tS8!cgrOeyPY)whRdF;)!3qJL*&VsnS`T5uFd=_zs z)XT;4Y4Vev#1tdjjZm&EMwQI%^xoI;Jx0#@L4BYh(BfbP!d5JyrCz zTv-{9+Lz?LDW|#Jo{=Qc*pANxAWU33ziM^AmgG~Nu97cuKR;R>x&>tLSps7FOSy8y zV_v}d{)=q>zD3A zp2^v8aX1uCLq!Q=pa5}D0>G?N>z<`i7R}dpCl_CqK?k(kA_bt}OKu8%GKlk?=3iX? E7sM&>NB{r; literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/intermediate-ca.key.der b/cpan/Net-SSLeay/t/data/intermediate-ca.key.der new file mode 100644 index 0000000000000000000000000000000000000000..4283b56cd8cb138382af8f814ee3ed1f1bb7748a GIT binary patch literal 1216 zcmV;x1V8&Qf&{z*0RS)!1_>&LNQUrrZ9p8q5=T`0)hbn0Ijf4gYD)0 zB?TBU4ZfSxK6-uQY2$9nafIPs6w~gP7{HnT)j=aKY@fwr()K*kG2prmA!Pbsb7NLYn%^U; zYi(#k@?YvKWPFAPs1;6YRUb+dveDdG!0HF2zkoXFCu$e3cxk!sT>=9E009Dm0RRc= zAD(zk0hdH%E+D75!(=p{%>;E^6t35%z=uYL2Ae}r!X8LRm|V}8H&ZW4?$_kpv5`1@ z$SAS zSlfhWxwv35sEI|bQI&6o{Z2i@JNbxU&7SlfdK70gG-TDNH5iMj`(Kb$+kz03E1kA^vTBW ze3WNpQ7pL>x*sAhLKH0AUJV&q=NgM;Gyw)$6!chpxa|AtLjHh~=v7rw0*@)dDq~7+ ztpN&pjMhVP62wDJ37PapZg_>@#Ve3cv4#BWx7T#Xii1v`>eI_8=(@n3rerjr5g`JB zfImx_(8f0rDukm0R}Rsc>BIr*@LsbT@r26G1{g8>ygNS9*_*kChh%2PY}!!+{YoE> zXMM={gh}Mz?mi8n(38)s0>-`pmjSws1!eQ(BFI%=>3BsW{VX?K94!Xiwdm62$BDPU z3k8lhBPJ1Q?;qlbg1UWOUyHGaiWAobF#>^rdf9-=S3ixwN0$l+l&*vrg24pBapxQ$ ziH2uODyRzkPxS58MU0nue<`;Dt%#?1)r#2tR^Gc$HLH-&7(89+5r_f|ew*&;SVR%Q zO+Ysi{Om23pJJ(5JxO9Kd6p-N{y9ORr=PuCmv=G3zf`^B^@!3gPh6$=U)xA)N8Ln0 z0)c=M*2;+i4kc+^+!%Umd}piYn?b!`Im+9`eViJaNH3X?D>X zE!GR0DdVhu?UQkE5jN-*LhQ(d?8rFrDEy&;?2a+l#~@{3`4g@a4z{{KgPvb(LKkvZ e3a&LNQUrrZ9p8q5=T`0)hbn0Ijf4gYD)0 zB?TBU4ZfSxK6-uQY2$9nafIPs6w~gP7{HnT)j=aKY@fwr()K*kG2prmA!Pbsb7NLYn%^U; zYi(#k@?YvKWPFAPs1;6YRUb+dveDdG!0HF2zkoXFCu$e3cxk!sT>=9E009Dm0RRc= zAD(zk0hdH%E+D75!(=p{%>;E^6t35%z=uYL2Ae}r!X8LRm|V}8H&ZW4?$_kpv5`1@ z$SAS zSlfhWxwv35sEI|bQI&6o{Z2i@JNbxU&7SlfdK70gG-TDNH5iMj`(Kb$+kz03E1kA^vTBW ze3WNpQ7pL>x*sAhLKH0AUJV&q=NgM;Gyw)$6!chpxa|AtLjHh~=v7rw0*@)dDq~7+ ztpN&pjMhVP62wDJ37PapZg_>@#Ve3cv4#BWx7T#Xii1v`>eI_8=(@n3rerjr5g`JB zfImx_(8f0rDukm0R}Rsc>BIr*@LsbT@r26G1{g8>ygNS9*_*kChh%2PY}!!+{YoE> zXMM={gh}Mz?mi8n(38)s0>-`pmjSws1!eQ(BFI%=>3BsW{VX?K94!Xiwdm62$BDPU z3k8lhBPJ1Q?;qlbg1UWOUyHGaiWAobF#>^rdf9-=S3ixwN0$l+l&*vrg24pBapxQ$ ziH2uODyRzkPxS58MU0nue<`;Dt%#?1)r#2tR^Gc$HLH-&7(89+5r_f|ew*&;SVR%Q zO+Ysi{Om23pJJ(5JxO9Kd6p-N{y9ORr=PuCmv=G3zf`^B^@!3gPh6$=U)xA)N8Ln0 z0)c=M*2;+i4kc+^+!%Umd}piYn?b!`Im+9`eViJaNH3X?D>X zE!GR0DdVhu?UQkE5jN-*LhQ(d?8rFrDEy&;?2a+l#~@{3`4g@a4z{{KgPvb(LKkvZ e3aAianiq8$q+zvF^mp@ zV00jk@EeHVfcQcm!N6z_1ZO}n%Ay#J0#V2VNq_YUN<;QkX$X%)yJK)9l$#Tk1Q8_+ zL5ASM;_5OOPOM{5zk|{;goCUIt~w)uu)C>R8R zsv5WWsrM_}u}W0g=7L_!=-6S-aB#;+*kVB0T$kn9{WXtS$_cwR)oUC1yALNnP@yyS z+wDE($xdO&mQ3{(G9z}|_Y`Yg6PT86>Y%Xn4bGo^Wh{_QEb6uxyBmI)^fQZ6_e4YW zruM7e_9u)Tv$Yo3%1$1=mGq`%ZbrWst{fbnzCqe4$grC47k+DIMO0|E*EqTH8jsU3a}?U1gvUZ?XGD7}RG)Rs?;7su~N}f$ByMA4rIIf5v5|*x|2c8cPB?)7R5sq1O+Ip$#q>mqn zs_uu-?rSKSY)Vhq)dl@gyZw)+M3H&5*s9?Vrw4KX^2@@qmc-(85=}ld>mlDxq?pM; zC5!YY(<(>ja-STSbL1|i4|90?4iR^Fyja=o(ezZIv?B7sYg1`qTH2(+k!JqW%Ig)S1|SMs{e*t{9` zHgadz+U7?Jy=`#3oP&wx@C~0Dxk4!JWKc+(a+q$*ky6=@P63%sX?U|ARwg_unj@+? zd_9`li4Kb;DnB2hd@VivdMc7RvU%&(0paarcf*xw>VVs|ACKR84MqH+M5YF8VFDZ= z7~lddARIV_j1vCX7hV_eM`osgIuMCyun_V`bfSRJFH$C;gGhpb5M=cKV$DS?0}zr} zN&HFh6UZF#55d@^uVE!^1sjclv8NF@9HHPp_YOpe5hD%dE(!$x<18WV<`N<)MI`?} zO~0QeBohFBLam7B4CdG}_0-E7?lTQVotQ{(a&`YDv2ectSFqQub&DM>*ZWzn5o4Fb zbpOauZH947yQcWIkFD!GkdxNs^=xr*Uap$Q-TY?Ke0Y{201S2s~i8~V7z#Mvj$--;}(!#X zh(JA>V)sX%n$F&KeAK!6;O5+1^^@ThnvKT3PO93@E%K33z0oR198^GSrgKI7rP)|7 zMkD^*P>%K0O}4SZRgIo1GxPS&o2iBdgR#6)LX%_-Q)cmw86I}K`XbUl2fTY+PfNqU zoXA{w+%^-F#b(iU8pw@m+jiNIb%uOol@E`qq_7M@++p&9XUy%%r3stWxXdwkcRK34 zR*Sa3LvR&Hh)#X6H(c?-UKf1c!v0|1xwj8@UU02FxBT%|Klf2`yi3tU?-R|jMsd+4 zreQI0D~cbt$1$&~&4{R-@IBf?t~+o10XXr==Z4B`LdR2_5_RdWnPtyFL4#1p3}_2_ zMMtkVsHL-G+dn7RkGz?-lr8DH_^cAu)(qx=jcHic{K&R;ci(Z|KFW%Y(NR@h+)&+E z&-+J7x9&+}(~T%Qh$m;%eoBNJV~_f#)C!YH{a7lpgy?~|4v#%)Vp9165N7m z4I5QePZF>lwJ#HvTo$g`gbSar19VaHDWX=>! zk9*n@Tb!+o6qhG;vqi@%ye#aG?~KaUNM1FuE-4o^dFT9%+IsI`)9}xUJ$kO*WuJWq z?E+~(+FBz^P<+vm1j=pacn>K>2gb0kjuu!q`I&SKK0N!)4A)!JFhR8<)ZvpLHq|_= z#gcQnTSfPUbb;1z<(a9AVWGs`W9w}u+Y=_+jb}BNOZb!N)c!~6EWck#)g-z4#y#;x zzCkt{!#xPqYfs0lUh`9~-@H>>Fl~N5C2{p`(%*|p?;HGYH)CCBEAo$p-6@AgsbB#N kdC#J8-2?l65qBZ?;&Z3T&j*+?v6yv=XO1-zS=_3B0dGMc;{X5v literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/revoked-cert.cert.der b/cpan/Net-SSLeay/t/data/revoked-cert.cert.der new file mode 100644 index 0000000000000000000000000000000000000000..baaf9aaa41e45ab1d644db9629bee6410ca4c8e3 GIT binary patch literal 893 zcmXqLVy-l3VoF}X%*4pV#K>yE&Bm$K=F#?@mywa%AkdK8fRl|ml!Z;0DZs~2*gz1( z;o{-)OD)k24)#e+tb_@2^KgZv7MCalmu8lv8cG<5fmAZ{@O$Q!q!#6-rer3Tq$)T& z8pw(B8W|WE0wEYgiSrs;AaM;6$+c3$Kn-H0d{Jsyes*e#ZgOf-iC!MirNzZLK$q&J zRwU*Yu1gyqDQwd z>^_$LQz(QXM*7qGdDD&<`~DWZ<5RrxxW8SEz)ZuYV?~pczt%M88PA^JafHPsfARK8 zN88{JWh)l*OWkzzHJ-EXT-pTjz1H7k=cP~mB;YG=w?OLL%HJ~%oxh;<%|WI*Q=6mU zNPbV6@05z3DqX%;H7h1C2s|%U_4wKL<=9(;89HZulC;{YO#5!%oh-~W%j*y8A2Vyu z1ED3K(`+UG@S89HR93smc~8fzJ^SW%PZxe*S~y3iXOF_;VDY$*Ow5c7jEe&d{0#Vj zAu7wy$oQXyg_((Ufq^WDugW53Ai~C>&Bn;e%FfIPXE8yf`B=nQM7TQVYaaIa``U9( z%jBJjpZ=FyZ|p}&TEGxzWSCPn^We4}g6|K_;E4{gT)u5`TBjy0ykxHOZNA-P z=ZjDB&8g!bZ_DJc_%-5%891G@Vv5} zFaOaR*Uu#{ltSv~*k@M%+y188H;?tZ@7e_>&z4_EJN!k#W^w$41zHa^Uh_V#e<43R zuG8ax`96gU=^I{pELk(jU*udNf2XIoOViE6d(PKOtkIt8{iI}(y7tKpUakM%?0FSG h_rd+`&tJxtXA7KbICbB>wRBp1!pj+I;s&!KEC3EKROtW! literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/revoked-cert.cert.dump b/cpan/Net-SSLeay/t/data/revoked-cert.cert.dump new file mode 100644 index 000000000000..334da2377cef --- /dev/null +++ b/cpan/Net-SSLeay/t/data/revoked-cert.cert.dump @@ -0,0 +1,152 @@ + +# exported via command: perl examples/x509_cert_details.pl -dump -pem t/data/revoked-cert.cert.pem > t/data/revoked-cert.cert.pem_dump +# hashref dumped via Data::Dump +{ + cdp => [], + certificate_type => 305, + digest_sha1 => { + pubkey => pack("H*","0a899f29c348fdeb499c8493b961f2ff773bb18f"), + x509 => pack("H*","9a401f7c4714157b88b9a24faec20e6b89fb6864"), + }, + extensions => { + count => 3, + entries => [ + { + critical => 1, + data => "Digital Signature, Key Encipherment", + ln => "X509v3 Key Usage", + nid => 83, + oid => "2.5.29.15", + sn => "keyUsage", + }, + { + critical => 0, + data => "TLS Web Server Authentication, TLS Web Client Authentication", + ln => "X509v3 Extended Key Usage", + nid => 126, + oid => "2.5.29.37", + sn => "extendedKeyUsage", + }, + { + critical => 0, + data => "0A:89:9F:29:C3:48:FD:EB:49:9C:84:93:B9:61:F2:FF:77:3B:B1:8F", + ln => "X509v3 Subject Key Identifier", + nid => 82, + oid => "2.5.29.14", + sn => "subjectKeyIdentifier", + }, + ], + }, + extkeyusage => { + ln => [ + "TLS Web Server Authentication", + "TLS Web Client Authentication", + ], + nid => [129, 130], + oid => ["1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2"], + sn => ["serverAuth", "clientAuth"], + }, + fingerprint => { + md5 => "42:CE:3D:42:75:D9:D9:58:D3:C0:4F:DB:FD:40:5E:49", + sha1 => "9A:40:1F:7C:47:14:15:7B:88:B9:A2:4F:AE:C2:0E:6B:89:FB:68:64", + }, + hash => { + issuer => { dec => 2397076613, hex => "8EE07C85" }, + issuer_and_serial => { dec => 4163254640, hex => "F8263970" }, + subject => { dec => 168762383, hex => "A0F1C0F" }, + }, + issuer => { + count => 4, + entries => [ + { + data => "PL", + data_utf8_decoded => "PL", + ln => "countryName", + nid => 14, + oid => "2.5.4.6", + sn => "C", + }, + { + data => "Net-SSLeay", + data_utf8_decoded => "Net-SSLeay", + ln => "organizationName", + nid => 17, + oid => "2.5.4.10", + sn => "O", + }, + { + data => "Test Suite", + data_utf8_decoded => "Test Suite", + ln => "organizationalUnitName", + nid => 18, + oid => "2.5.4.11", + sn => "OU", + }, + { + data => "Intermediate CA", + data_utf8_decoded => "Intermediate CA", + ln => "commonName", + nid => 13, + oid => "2.5.4.3", + sn => "CN", + }, + ], + oneline => "/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA", + print_rfc2253 => "CN=Intermediate CA,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8 => "CN=Intermediate CA,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8_decoded => "CN=Intermediate CA,OU=Test Suite,O=Net-SSLeay,C=PL", + }, + keyusage => ["digitalSignature", "keyEncipherment"], + not_after => "2038-01-01T00:00:00Z", + not_before => "2020-01-01T00:00:00Z", + ns_cert_type => [], + pubkey_alg => "rsaEncryption", + pubkey_bits => 2048, + pubkey_id => 6, + pubkey_size => 256, + serial => { dec => 5, hex => "05", long => 5 }, + signature_alg => "sha256WithRSAEncryption", + subject => { + altnames => [], + count => 4, + entries => [ + { + data => "PL", + data_utf8_decoded => "PL", + ln => "countryName", + nid => 14, + oid => "2.5.4.6", + sn => "C", + }, + { + data => "Net-SSLeay", + data_utf8_decoded => "Net-SSLeay", + ln => "organizationName", + nid => 17, + oid => "2.5.4.10", + sn => "O", + }, + { + data => "Test Suite", + data_utf8_decoded => "Test Suite", + ln => "organizationalUnitName", + nid => 18, + oid => "2.5.4.11", + sn => "OU", + }, + { + data => "revoked-cert.net-ssleay.example", + data_utf8_decoded => "revoked-cert.net-ssleay.example", + ln => "commonName", + nid => 13, + oid => "2.5.4.3", + sn => "CN", + }, + ], + oneline => "/C=PL/O=Net-SSLeay/OU=Test Suite/CN=revoked-cert.net-ssleay.example", + print_rfc2253 => "CN=revoked-cert.net-ssleay.example,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8 => "CN=revoked-cert.net-ssleay.example,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8_decoded => "CN=revoked-cert.net-ssleay.example,OU=Test Suite,O=Net-SSLeay,C=PL", + }, + version => 2, +} diff --git a/cpan/Net-SSLeay/t/data/revoked-cert.cert.pem b/cpan/Net-SSLeay/t/data/revoked-cert.cert.pem new file mode 100644 index 000000000000..9c2d5eb1a22f --- /dev/null +++ b/cpan/Net-SSLeay/t/data/revoked-cert.cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDeTCCAmOgAwIBAgIBBTALBgkqhkiG9w0BAQswUTELMAkGA1UEBhMCUEwxEzAR +BgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsMClRlc3QgU3VpdGUxGDAWBgNVBAMM +D0ludGVybWVkaWF0ZSBDQTAeFw0yMDAxMDEwMDAwMDBaFw0zODAxMDEwMDAwMDBa +MGExCzAJBgNVBAYTAlBMMRMwEQYDVQQKDApOZXQtU1NMZWF5MRMwEQYDVQQLDApU +ZXN0IFN1aXRlMSgwJgYDVQQDDB9yZXZva2VkLWNlcnQubmV0LXNzbGVheS5leGFt +cGxlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydkDWdvnw6Yglwzp +H6caBO1lSHc+yHt301porX24RBXZ6WqwRlA67TXdWGc8QlzrJpH/9W5rS+k+gtvO +U5/r5kMoFcW0ALvGa/kSVABcG/KvnpbEM037EdxMc7HHTz58EJkxgsZykiP1fINu +M5uQSMQERG+jt3lBPVPwdqijDxrZQU0znK7OZpAXvTv2HZ5nlfIQTR8+oBrOqfuY +ws/QKvZAHHtpKwhwxG+MZk2UeIx6LQ7qfKiQABDndSVI+Yb0xu0wmCzNTGIqhno1 +jtvdkxMCmkr8Bfw2O0nAVXTzZj0Z/A83p/J2fbJDvIiavL6di5cT4DVxnCyMvCDj +Uxde8QIDAQABo1AwTjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH +AwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQKiZ8pw0j960mchJO5YfL/dzuxjzALBgkq +hkiG9w0BAQsDggEBAJx2mcG2uBHvwpgMW1Q5p7aTgfGI0mKqGfX7K3yo/ty8oBtV +4RU6EpoT3LVbstf7njem9+YUeSWaiHvaXSTJPJI7jj1t7rCFlWKh0jck9p8+kyOa +JCkv1S/gxts/wphIXJb0GoI/cGDfB6fuIYkWxhIaI1si3qH3nsnxSR4VZ+hJ1LcO +b+KsRfN06CJUf5w/aXv+t+yLTW4F902toDTmp9Bmw/QgPKNfkKAq4SjrDeN/6B+b +XolI/3e+INBnsOlIpKySTxTOcQ+JSRdEgtnDvM9/GKwrlUvkdKInK8mwSoX/7Lzq +X53g37fn6V13axDOgMrfR4V1ll9g6ZgmFzCaWDg= +-----END CERTIFICATE----- diff --git a/cpan/Net-SSLeay/t/data/revoked-cert.certchain.der b/cpan/Net-SSLeay/t/data/revoked-cert.certchain.der new file mode 100644 index 0000000000000000000000000000000000000000..d703bab72ff101625edf6f21ce7aefa8244928b0 GIT binary patch literal 2595 zcmciBXH=6*8UWx_dT0q<1woOb@Btzv6zQRt02Ty92{C|RAT$BNNR{4O=qR9c3!sQJ zQFMt&Q4tU^D$Rfd!Fxr_4SIL?^6T#L?C#8u`QDlDoSAv&eE>2v3?M^Jmq8(52m}lV zxY;-r;xKVv5MVGjV6VaraI!(2U~EW;os|j_5ZDU1c(`nEqyt#270x5WE=LV5Vi{Ybcgvp7$J2MH%-WB}|EL8tUX{w@nU|~@FRBY+u2O~M52RA`?`+a^FbOfD{U^JHG_NiHK2uxZ9Hb1o0i{LL% zA@>Jl%B)3P@>45H$MnIB{VQ9;40N%df@>=I#K#S+)hG>AuXK@n==Gf?_#6hmwWMB| zIJI^ozvt$I7E=1I%gZO8I_F{gI``k|l^7ju~ol=N9 zubw(Fm4$>9T6}|lJA^jxaw4sI>56^h)2L4HQ`;$AQXjl=q z6$lgz0$17rHUKXxqdWP)U?vO(g}}>zom=rV;5|h>L!C;1wi=$Tc?W~I{3B#wZiLGrY zM$~+t>?o6Pni0|#EJRM;a%p+7QKE76%Li20-ok|NSFU>obTZMYx@VV~VslQF4{PjM zFV)MEDcmEkJf{4ne?q?}A9Eu2vp8A*+{tP7>ZRR@!u^8cGA`1u%fFNiteEc-!q1tH zw(|PFtut9A%}F~(QS=Gn-&;Q>S^L4iSl5>w{7^mQ)%#gWr_w#WOkqZD5kZTZlPq#e z#4tlTrH1fL^O&l-Oj{I{$d_m?VoVV2&BcDEpQ^I6b_sGpzFF z4)1QyuO|afJ6jY^%Utt0d&ZFAzOdgjB96UA$i~M>(gNA?Z1Pyw0(;f{XzlrZ-Xe{m zg!X0EpU4b>!`qR8*#N#RWXLUaZ~)30{=#Z(#QNQ__7g$t;{mHhlN(FXvKju{islEa z3uTQm1%}D^+Z?yLqDwCN6I11tz-a;JknxcMftK0!W|R4|hOxm>FHF{N&nk^jVj zVM*FZr4d3+oCRc$Jl{NYsX#1Rd1c;9;Y3$$E*z=t3~V4=R5Fu1^H_I-#mbV! zO8rk(;B6WDf3o^73jRAzRk4g=j@#Jj$!nH_7>>Cd=gsNw2eQ@%{T92Zt#hUN^Bq(8g4{o06Y}IFv>XB-9Bl&%8~dGZED4=Nt0M z#3wl(kw)JA`DVL~+cuRiETtJaXs77EhTQ;Gg_i}U+=g6-`qs0nXH2ae56)5Z8osv7 z{f4ayxnU=jB`7y*c;B8H+wFHpzfIWiedU0buO`g#LdOHOq%WSDO&vCtE% zosV)_4)nIR-z20J{VMfO>20i=XSlzmr}hM;b0)<-3bkFEv94^nu0J(VysT+cu6E68 z=(-Z>j;oGpKuLCdIr}eh>Y&EEYNL80?yiE=JBRVP7jD3PwiU|{POdibVz$Uw%fzQ| z$(ZNjXyQuW@j*#%6Bn+L)Tw%s;JY^TTjI5bZmWewje4Xa`u;s(O$8s(T@7H-l2(^d z`b%_x_Z0nog>TnjS@j8>5$^I#>cm*mSBZXG$x%LwgK6y-2>0^X2N#yZQcRC$z=J)r zit|B=xL*H^m}H3GKiFG)1vpPNS59Xci&p?!&&>B-#+VnJZnRdbO{7NLMW0>pP1}nyjJ{gDj*5407<6+Lek0H zVhJdcBH>?)xBy8Je2W4JfPh;;{ObUr_lU{==K|&JMQRXf7Ah_ts#SVJKtKwJLQ*JA zeb=Dc3ui9*dw<}G()qvuVSnI#K^}L^&?2$_*--lJRf<@9Z^Vk$*u6iMJ>0t zue_@$?0wdqzNc`s!}2w7_oqHQov}Dn_bBGG%g$PJpoY0=&s^)%vCllvMICddnp03l zBZel|2WI;IgObfynN><>&a$R*74B0=Va-1a2+0ghjDC7bb`%+mNIT}v6?MPBHh!1?|C zl4=GoYWxGPur+n=)c5S)xRvL6x)(>IP2LNW?$iY=e8~G<1Wlm1!jc?9{c~EIna=S0 z$JUrVhv*>Z$T!$bN~x6BBcd;lQs);g&tJ?h?d~@R%G|pi(Z_qeE%L!80e+C zu6FL~^y46ku;GP;TKuu!K;9>gYsS3S-AvnjTQ}{TY-lmW5vNw%^mKx$+@C`C;>~QA zcGqT$5&_Q=izwaz|HteP3u9}ooJxbkAdSnPuO9)$Uq?xbe?*qrS!{-nrr2pyO{VMR9jx@Yf>Eob@FN+afF9oa>~ghI!H>VWIM+M7eS|2ZkYl>a-Bei-D~p~jq84$QcdM=FV%u{)iZBO?)CB-eh0 zO*FO#X#w=PUVF>*AhWobwGe{rW!x1;M*d;0JsiDqvgv1&5)sNshrah9)kL%kd02cX zuZ-Q92JrRpk`=GZ;cxnDp!}t7V0ZuE!+z>tc5;_tg}ZNIRII}77o6uww!gJ>`Yud~ zw_@PIoqI{qoB<%Qw#w;2nP5>|MT{9b+HbH4|CM_L@;Kb;8RV|AVP(jqnxkEKa3IvrXM zsUIRm@t7uVe!O%BPO-NJv5Fs!FizZrVb?G7e(@Q+mpx97hpE&hD(FdAeR|iZsZ80U zG7ua88$)66_GFWdzdyYr;cdYyV4bCSxykI2+I})V2=XCOqI4u&ZMkIC^vMA-;3I_m zkWM)(VRq%(Nb|8S@$pCVX&vF(^O?95xgpFl9{A9b;z8TWmdg! z{1R8(i9kj?nLh?GqV@7j(@G@3khv%DNdzU0P1h zO<4Bs$I0bwOlOCay()_lctnt^uFpcNp=*j(Vdxnwie!Ul$rFghNgJrqEG0!goSXP* zM4i;t&F`Gxqpr!X>?Q&tnTm4kRS=kPdcZ4vpia7xo$H!B7wiT%NEb@CPk8#0yvLIy z^DCy!;y~lX=R`HP%I0Qt{bsyMsot`OY)h4{t6(uINLwKdS5YcBdQWovTUzjp$z}}} zjSpuIihPEna%zy_ajeF##7k3irnr&)`e>Q@!`v^|F9+Fshu2I!HNu#wGz(beX4=q$ z&MH=97xGl*s_|C2oYdYMg!~Yz%i<&CaoS*MD8I}eBd*7tIDPv~s$>ulRXNHF!_tau zAobhFvG<(k%SP3Nd61t~H+|U$A*MF(dM0HEq+?_^i6{eE_vzF&fSI zT>B!noN;~5M;xohU9;aR+K)}E2S}A3h0m9~YD&PzT~kk#2c<}@dyz}~n`m5Vpzm#1 ze01~uol(eqN)WXpeQfm=E6SCFGt>Nos_NDS=@{1LWt~Rd!#JNes)H{o`|ECeLONl2 z%>5?2>@+*V^@L)*e>O&EZCc=zBwbOB3WpNt&m`o=kb6(y>O@$BWIb=~ChD*?M@!O- zEPqc~XuiV->FRpfYo~=4Z?0_tLmiZbPs^8zRfG8ccw!gnN+CvFS%(g5PPgG@myZ-C zKy5j6TaMpYMOyVEdSUBXIh>F@B!Qh{YJNOcB9X8C+V~h?&zb*(Dj#!EG(XPA9aX8xL2yW7d?!vB&jhBx4@4e4`qkT}nVlBa9OgP?Y7^KKh~_^%C}NsxUI? z!^5B@`k*dC1n;4O;rGlRixj;`N^G2biGBT=>eLUdo7M-Dpx~W=D6D*OEoGQ(X?t9r z?>nx29YGnD$`&lo;1oJ8+dkbF5f{NVk87b@zAN{*9H+b<5{zfATH1ZPL=}QNqOqxx zVN3ot!bKE+bT!8W&N_wfaca0EK@wN_8m}A7PPVX97=PVK(>wbe@ZK{RmT7EOUu$h( ztfP7TtG6KMy}a&VWO7=xU8c0+4>{vM-!a?8(O}-PAr;A|u^!4I0%XTDS!JeKuVW?c z`_EpJt*$R8lg}U>_UBLOo{6T%A41GaU*?9}W)w1+g&u=T*f%Y=d;aVjFHIk-yH$)m zJ_N*Nlof2t3`*^BN!~y#6n>n>S>5eq>`Y7~>q^;f&rNXwiYx?74^C)wSRX>XGOL`r z?rDDvB$?r8zIm{STl}UIS@8HE0zoog@DNj)+Oc~>xXLm6MogN|V{TU$P569S8@bT5 z1=-oIRJW!glwMAu{}F`HXhUYh%LCWd}i=b%hEf?5<+LQ;Yaf!cIW<75HUDD@F1; z8XA=?PvtVppbTb`wMSPWA~1vHHr17x7ktk@(fs)tuX0{QVzEQfFW}Asq$V5_6RD3g z^wU{@(WSLta`xWcjtQp^Ebd+Q3;E7pNfJ2Os6H5gB&qwjAYG)O|JZavX+_u9AC#3R z36ZPXx%4l~BniIqncqNOzqNK_sYuL#c~bAm6DM~r$F>^8IpMpw?4=jd2Ocb^+Cp8Q z>{1*}2X8wIegSV(V1#v@>`AX>Y914r*La10)np2!w-2xPo0y3A^K6if`ttzELDW`E zezh^fY(vwZka8+BBYHS1CVtTB#-;V7#qqhJPM{KF8RBv5kSoQ+-GK#Ve}{nMHqHmv z&+#5!tOMF9V~=)MYZVGV-i0EGO8!saEtFc;wL+WZRXqIPRC+AlYv+T;u=1VjTcNs&d z4&;{u6wFUBOMWa3czuWu@mXi7_>a3*mmd4 z0hvZ^aL3tGbsI@bPEFu}DX^JSCWE2XyM16*HRMSaDaAkJ7f#_#g_!_`%89ryA3bMjY8*Qfx7*kBQ;Jrkp;oGG56J@FZ z7+seQsq~C)+irIqk(T;J(GB+MO|d2AFIIZb?S2S~GkHUd=0g~67rmok&}*9DTeQz9~=>sv3`NcYNxl8dd2WAOBt|7$<-RGxz~{9rUc8L0 ztAAttbv(N^+Vgo;hHN?nW)EDTUa!rN@Iz;{EBZ0-Q**@b8*-AN?k*g<&SY0V9epBE z*(aqWb9T6tOUXjHy2`O=L8cFe(^omR6mxV{xE)ONe9a8a_43={{>AdOqCwQJ@nGPL z$E5>n95`$DSJyqoXb9UI$c$bVMG^j4>!9XcZG2LxP(!mZ6>;afYudU;Kzq=%gWQwA zpWy}vH7%WSSeExCpoWk%QCN6PGWj!U|84#5NJ0JQs180KCe!L*X;HEVu1)J~k~3_3&qP7X;|< zuS^a3>~))c5HonkFGBHX4o2}ppaZE z=0dOLZ+f^fH@wsHrCr2KReC9|%QHe@v+r& zC;M*bT6zn;XO^j!US?EMR=&hU9~^pH3QpYI9hH_b>xr&MIUc~!)m)lMjFePnc&n060&W*7LGKl;U z$xjLE4c$h8oGk{SZ9x?o=J-Wv(&>risMnAT{1o?RSg=z&?YfyoA$LW#O)#@d2P=M) zarF+j+X+vLr^<6{9T47u&SW3-DWDeDBYPAs4j^lRGL+0qMIf<=K#(Z6S`YG0;3^q`H? z^JckbgA#PQl7u}?JmGM(QlU!^d+(^xuvnB(;~sY9eQrGQV10@I6ZkYck1hr)iQ>pS z`a5u&($`*tT<5f?OKW(8%PdYdn$M-jo8Dg2YJNC5CGSDVjjUX_T&^6QcjwC^EYZRU z;?v+&-&R9J1YAYLnDa~Od4Igjz-iO(NT7msZHr#p{q@Cn&BAKjSe`L4jFE6O3d;4r z?~#l_m=Q$(O6h*MCOt#g^G}6_)jianiI;9pP{)6l=!MPLO#uD?XTVc{55V(QodALW z$6NIW1Oj9Lf8BQ8x3fPW1mJs1{_zEF>3=rd0WJXd+sXdFy??mdZSM~7h6+PDpk%~E v{M3X5U?KpB-cxe<72f-f1gG%Q*F|&b9PLQcmmtz79LtA$SAsVG{Nn!tA)$3( literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/revoked-cert.certchain.p12 b/cpan/Net-SSLeay/t/data/revoked-cert.certchain.p12 new file mode 100644 index 0000000000000000000000000000000000000000..07ee5eaf97d708cd751464b4a0d0b1785903c8dd GIT binary patch literal 4394 zcmeHLc{mk)`=7Jf_hZWv(IZP8gOn{~sbejUP(qgDIF9UVAx_z{WX&2!cw{GKDG{QF z9;XvpWb34?Aw)$w@90_UpZC3<>;3(%-ygr3Yp(CypZhyA_uO-TK6B52WL_CK3;~jP z-ZQbv$6#YVa>AHl6fzGTN#+@Y;9-!=Zuy;yT^~ti*MVS7kc>RY#QytH9BeQIg^b7q z$%s@Yw%ke}L>9Y*u*x07+aRF#xY53<_?~L~w8$c?ID8&f;B(P62pH z{lnl+Ax>owRD#xT%PApF6}7*apwmCSq%0`&+a)FZ@Il@ryz4#}yk7vu3yRd=-xG=y zgAZ{!>*I+B$uKF9^RL^4p#TIK#tlF?8=MS-0lmYBlOxkzKTBqD%u1ArAQ$l1VC`Sd z2M?ZduMTfE5E!2Is5^38V?lMymY}6~dR``#vF1fGnbjtbP;rIxQ~I(3-M4_dJ*3Zk zR={b|mD+-<4^+%Hc}GqC>mMG|4&%vDBKP>ENw0-n^is)7!9GA5co#Q?9zKM7A9SOb zTV(jKnM!^Q)h$Knp60rE0U>jR$4o+-B0??S%KPs{nohL*0yU2S?E`)zWI9-TO}uPLJrGt1Pp)`9|z4rE-0ho+%OmeiA2Cr6i|HI z{s}1v@-wk0Fu_nLW(4fdJ@{{KE~FrmpDn&nt_!<0Z?PPWdyfL(g=04*pjNWWBgQK?sy|11M+ZJ z>*EW;RSKCVZvw9GQRuBRj%K`TopZeQYNBa+);^fTLyhd4I2s*z)$z=1wu}&%YpbRd zl?+P%S%|CxN>Ju>fgr#eAVH%m zun%y7Mn50`&;TTXK)?&KydcaE2nBo~bbHQT$n(c6BH#uPAU-n6;a0jr)4p(|t{1=KlA>s%{6Uu!lb0WeSm2Ie z^_^@92{_K8g{S$h{s)W(C~~zi8rMbpr18osS1!C%i{Xqbcyef_)$ay+4KIEB(H^l| z@-GK}d4!W$u0MpT>JPE#L{D_AEGZ9?t43xQ8_)_dsk*DrV^uW|I*eal)bRac>027f zlXmnC<~?E$<9@zH$ekgH8((R%zL)3@{DX^G!uN9+PY+8gdKPxO46JJnD80JFwaazm zjK7Puaqfh41?jB2-iqVgUe~Y~<{JX$q!SXx=$lVQPu`znE@_X{nBC(cR2xEUS+f64 zBJ@Dr?~rS*WV<=;-~;~P5k^6uhypze}o`UdeuBxndHq znLJ4hF|_8Dv3a(2z~&y6=X!bIgK-V^*rcR)Dt2vA)T)~)?)Q(H#b1ig&n%N7%yB(7 zmoBqjQel44@z8uh*Fw!Bqousiq?8wzJFAS{AZ+D4(IkW{5v2J0X$&ko;x9d_3_=S|(x?j^BmmTb-0l(+fU5Th_hCEWWCZ9=pP`H_PJ z2z2>@gE)wT#~|DU;-Kp99E5$B&i_pg{uk-~@3>bIy)wYkh?^L#FzLs#%w$?`O?=&# zzSbXmtxCzzL38--B1VW;om!yif8crg3|+`zINduaR6%#$(3ErXsZvK>;*(&@!tma> zDuE^X>x2acC$;R^rktYhqfDo8eUF~(qq_{6w-h55ujpH9Bo{v~t{bH~zFtV~3`}87i1{Vt*c#oe z_-3Wf*vPddHS;2s3R7AohX0Pema<<#Mr;xDKjL01HP&8(zccLaDxlgnK)4#wfFgZY zEZ?|iZyvkj7&_V{{_$%v_L+#L@A89F{SqFAc5H*mW7PqCZ<;k<`&QI+n9j`~tVSzn zw%-#}lP3x9tbqv^G}#R;ywLRX7+ZLI-Sd7wrR=oUAbU|7b>wNnhG@?*i6L&|{a0Ed zi1)IX`{$NIla8E9MFqL0%ZZee!YdUM%vUrI$BepNOveTPJ_ z*RRY?UA(N$^(7_m#n1EC%t#ft?;l5YS;gvSJi*K5sVl{W=ULKzPA6uayoGi+pJLF@ zu~r9?Q5XJv)owT3C?6ylQ2n*)kMFfdH1Jicl_nYq*oyn4$91;} z4;j30o_?5}^H6^FTxzABMIGu{^OU^xLDrD zWm@=f!COX$Q>XgjNFuE)tb92H?rt~fYk#B>ap{F*7*jN+`_UzvnZSuJVW#z!=pfr& z@Te%@S?tG)`uZ69Xs539>4m1|O)H_@8H7rGmZWd2BR+~H zyk4sv1dGd^K6|npjxHR!z7EPZTBQz*cZ$yLbdU|I8t8^g`4L4 zTLGIP1a?mj$xbY-m%T%HNR^Q5S^sj{|1N9-wa)h@D$h^;WsLY;HrlJH%QJnJxC_Zf zPTMiisOIJ~Rg92!KB)$5*K}WYplg&L#Y}ypTQDrLmz222dn_aEI3a96EhW%q<&BWO zHmKK?gl%S|Y1md$g4X%8&t{xSl(F&X&*hn*k@ogn^b2;D6XMw7{@|3dA=Ax6@wfjn>H*DKBP-Xlr$B$1vC!`c%R5LTo3I)F2>=if?N^o?}_*JLQ54tC3QzcwWR2>tpNV>Vnm)Cg0AMn$2 z8O=7OpG>rC8d*m-US$=*2PI6cF>HOihO>QJmNt1)_ITMnvD0e3ocel1=$4~8>FpQo zhz@TT|1;pVOfC4YJN5M7Y&+@dA6INl0<`Zi?PWGo`M>uGvJcz^{c}Jma3SC#C;-V{ iPhITfJA2KDVD^bnmOrEClvnp0$#QXmHr5hNw)hv?7}ab5 literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/revoked-cert.certchain.pem b/cpan/Net-SSLeay/t/data/revoked-cert.certchain.pem new file mode 100644 index 000000000000..bad4b7c6c0ab --- /dev/null +++ b/cpan/Net-SSLeay/t/data/revoked-cert.certchain.pem @@ -0,0 +1,61 @@ +-----BEGIN CERTIFICATE----- +MIIDeTCCAmOgAwIBAgIBBTALBgkqhkiG9w0BAQswUTELMAkGA1UEBhMCUEwxEzAR +BgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsMClRlc3QgU3VpdGUxGDAWBgNVBAMM +D0ludGVybWVkaWF0ZSBDQTAeFw0yMDAxMDEwMDAwMDBaFw0zODAxMDEwMDAwMDBa +MGExCzAJBgNVBAYTAlBMMRMwEQYDVQQKDApOZXQtU1NMZWF5MRMwEQYDVQQLDApU +ZXN0IFN1aXRlMSgwJgYDVQQDDB9yZXZva2VkLWNlcnQubmV0LXNzbGVheS5leGFt +cGxlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydkDWdvnw6Yglwzp +H6caBO1lSHc+yHt301porX24RBXZ6WqwRlA67TXdWGc8QlzrJpH/9W5rS+k+gtvO +U5/r5kMoFcW0ALvGa/kSVABcG/KvnpbEM037EdxMc7HHTz58EJkxgsZykiP1fINu +M5uQSMQERG+jt3lBPVPwdqijDxrZQU0znK7OZpAXvTv2HZ5nlfIQTR8+oBrOqfuY +ws/QKvZAHHtpKwhwxG+MZk2UeIx6LQ7qfKiQABDndSVI+Yb0xu0wmCzNTGIqhno1 +jtvdkxMCmkr8Bfw2O0nAVXTzZj0Z/A83p/J2fbJDvIiavL6di5cT4DVxnCyMvCDj +Uxde8QIDAQABo1AwTjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH +AwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQKiZ8pw0j960mchJO5YfL/dzuxjzALBgkq +hkiG9w0BAQsDggEBAJx2mcG2uBHvwpgMW1Q5p7aTgfGI0mKqGfX7K3yo/ty8oBtV +4RU6EpoT3LVbstf7njem9+YUeSWaiHvaXSTJPJI7jj1t7rCFlWKh0jck9p8+kyOa +JCkv1S/gxts/wphIXJb0GoI/cGDfB6fuIYkWxhIaI1si3qH3nsnxSR4VZ+hJ1LcO +b+KsRfN06CJUf5w/aXv+t+yLTW4F902toDTmp9Bmw/QgPKNfkKAq4SjrDeN/6B+b +XolI/3e+INBnsOlIpKySTxTOcQ+JSRdEgtnDvM9/GKwrlUvkdKInK8mwSoX/7Lzq +X53g37fn6V13axDOgMrfR4V1ll9g6ZgmFzCaWDg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDUzCCAj2gAwIBAgIBAjALBgkqhkiG9w0BAQswSTELMAkGA1UEBhMCUEwxEzAR +BgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsMClRlc3QgU3VpdGUxEDAOBgNVBAMM +B1Jvb3QgQ0EwHhcNMjAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjBRMQswCQYD +VQQGEwJQTDETMBEGA1UECgwKTmV0LVNTTGVheTETMBEGA1UECwwKVGVzdCBTdWl0 +ZTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEArbBQg+3l/SUFGDENvpvTPnp942njbsrkcfpmpfLQPn9GsMll +GYQvG7YqN2NV44rEGlFTRkhDYVhni1MNoe3VnGRzNknSoCmvhjqiG8ojZTIzj3/a +OIYNiJ7RPei8cqgT9WUjtcsnHLQq2tPIy1Mm8bE9BazNeFHCE9/B8u8y04Ks2+nu +sxMrhpFA89eHNTs3Xt6K7jpx/FJxpYAQkkfkLvADJ//AnFF4utQfqP7QKHGE4V4U +0+6XGMCZ/9VBIy9sn8Vj0vY80jHgug4hZPpgc2NWSprfI6prbWhC8l/qLGR8hgeo +FU5rVR9KE7LR3FnA6gekv4A66SdqF694abnvXQIDAQABo0IwQDAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU1dNN5Fm5XHX22XLzm9z7 +7oAmkW8wCwYJKoZIhvcNAQELA4IBAQB+oK8jmUKMZ7YItcCAnoFvcY4pLgGPcnAT +h30Rc0uUUUcVB66J6+YRHFVWA1X/AgyWI9Jxq/Qy50hGye2fdZmxBa3j5nbZlwAU +2JylwYigjhNHD3CUxYFInxKSaQKKnzLsjazn8pjLUvJLdPuO42l4RVYRJlfW/TZX +vc4Qoql1xN46C4eNjewzW76BzqyykGjAR02JhImclaciZ+oOz04jp1bvMwfYwcdO +7UBROGqUuamfS6URU5rpMkj6Z/2Z0TtneO9nIhTN0P8dxxDTxoKDDko5KOOzXrAO +nDCAamxvxhlxLcFbog3rTGaSvY0JO6T96lepvnOuaYEuRx9oyj37 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDSzCCAjWgAwIBAgIBATALBgkqhkiG9w0BAQswSTELMAkGA1UEBhMCUEwxEzAR +BgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsMClRlc3QgU3VpdGUxEDAOBgNVBAMM +B1Jvb3QgQ0EwHhcNMjAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjBJMQswCQYD +VQQGEwJQTDETMBEGA1UECgwKTmV0LVNTTGVheTETMBEGA1UECwwKVGVzdCBTdWl0 +ZTEQMA4GA1UEAwwHUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAKSF8tIItlPf3KpLzUgI6JVW/d/+LZP1zYedrDFFXjvZu+4uFxE5zp4vczbX +k+jhF0TZk292eStA9kVMDePVMcGwjNF3Up99yYisFe/h4ovt/w3Op9b7KS9xy5Vh +fUNqxphHIUS4/S9+7o9DUjqNP94EszDzFu8R3V7QXdDE9pSn4UZMVDTozpeu+rLo ++FOkd7NQIJMSKOdCv1HOhcFuuj+4FkLlo8k5bDgEVH68xTOL92Q4sLwubHEWl/Hf +1IA8POwoOVLtuLj4GyIrbqM/Yj779kmRX+LtjsJ1kAmLhsh4T/XhTaOyqz/d253v +OE6hM6pM0KsuFLpdPDJynpSHoQcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8G +A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLzOh106FMJ8u/MANb7SZ5Z+swVrMAsG +CSqGSIb3DQEBCwOCAQEAXU6HGU8ThUuJz+KCSNYaO3HxxFrNH2pFWwrTjt2tdBLk +uDvicaquwUzq6zetEys7v70WOCprGB6uARiet1vU7dg7cmrd7eWibMDNoKdcPNML +oZLO29WL+hvGTx/UD0o0j7l+ab2XB83q73mNRlqRBXZkkykaqWt9qy+LTvI7QYbc +ZoONmVE1wbq5c3R9L2aa27uJsfLPAErjr3mpnNtFhJfULv+hpmXHVukhra+VUkyp +jTiY83ad8ZHfCIxfZ+MUCcWNGj7G4Rkfd27MB7fDEQlisaSk8B17FK7oIqO/NN4E +w1SHQ5TRZSmbOTGIfZtS0KaTaZdZtBNee5BEzQz1sA== +-----END CERTIFICATE----- diff --git a/cpan/Net-SSLeay/t/data/revoked-cert.csr.der b/cpan/Net-SSLeay/t/data/revoked-cert.csr.der new file mode 100644 index 0000000000000000000000000000000000000000..f2f311c0242adb2b6fc75028620b665a1ed43948 GIT binary patch literal 680 zcmV;Z0$2Sof&!#4f&q>K0RS*zF$*vW1_M?^VC@>}l162eA3?Fi3c5iECWG!Q5a&#_kWppib zb8KZ{c`jvmVQp}1WiWyPA}|dG2`Yw2hW8Bt0RaU71A+k$05F093Ic)w0RYL_16kYW z!=@mY4Cx=I8U*cSNOwNSdw0`XXsvy?L>1ZTYOqF7I_)*xSZ6#!T z+s;#;>*hl!6~(jwyT)tz5>x@OG%94;tA)O*5RX&SsDoy*u_Do@bTv5KSLGpc>Ap`zasc73u#yoj2-zMYGg6W}#*oGgsIAmdXPUhx700RRD@05A&% z2`Yw2hW8Bt0Sg0y0RaGkDY8^UjTU%Iv%0L8k7tN4CxDUA2G|llWO&vfDJ}Amf*dRni;=7|i=6TqnV#F3pM-QW$W? zNFe2u{V5fPs53;&jM29T^D# literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/revoked-cert.csr.pem b/cpan/Net-SSLeay/t/data/revoked-cert.csr.pem new file mode 100644 index 000000000000..0f963688f84c --- /dev/null +++ b/cpan/Net-SSLeay/t/data/revoked-cert.csr.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICpDCCAY4CAQAwYTELMAkGA1UEBhMCUEwxEzARBgNVBAoMCk5ldC1TU0xlYXkx +EzARBgNVBAsMClRlc3QgU3VpdGUxKDAmBgNVBAMMH3Jldm9rZWQtY2VydC5uZXQt +c3NsZWF5LmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJ +2QNZ2+fDpiCXDOkfpxoE7WVIdz7Ie3fTWmitfbhEFdnparBGUDrtNd1YZzxCXOsm +kf/1bmtL6T6C285Tn+vmQygVxbQAu8Zr+RJUAFwb8q+elsQzTfsR3ExzscdPPnwQ +mTGCxnKSI/V8g24zm5BIxAREb6O3eUE9U/B2qKMPGtlBTTOcrs5mkBe9O/YdnmeV +8hBNHz6gGs6p+5jCz9Aq9kAce2krCHDEb4xmTZR4jHotDup8qJAAEOd1JUj5hvTG +7TCYLM1MYiqGejWO292TEwKaSvwF/DY7ScBVdPNmPRn8Dzen8nZ9skO8iJq8vp2L +lxPgNXGcLIy8IONTF17xAgMBAAGgADALBgkqhkiG9w0BAQsDggEBAIEpslRDjRZ4 +S7O6rJePZ4gvJ4CR0AbYEj5keNYgKS3ykYIcO0tSquimlKIdZuEwfSKiLZ19Pycu ++SPExOxof2kOcmy2X2/C1oxgdo4Mr9HQlrAQSZ+LZqJcG3M6ogDVVsV/MJkf+2+f +NI/h5qrH2ErUC/W4akx4Cl6yPQ0OSekuCp1alKkAb33zo1Y6gRvCZIpAb9JFHl5L +sYNgF70Wv3Qj47ZorPWNZpasH+BJVdIcBhjM+yVcJ8GkLs2KFlIYcMZIIOWU/SkV +h6gzRMyM2ZpIqk0HO6ZuAmM1FEORhJU9JNkkrqO90GZGbwYSPoWf+F5v2aYnD9ru +yLF3Fkv5/RA= +-----END CERTIFICATE REQUEST----- diff --git a/cpan/Net-SSLeay/t/data/revoked-cert.enc.p12 b/cpan/Net-SSLeay/t/data/revoked-cert.enc.p12 new file mode 100644 index 0000000000000000000000000000000000000000..80c0fa2ba4c684682039c21ad198b6bd2d872335 GIT binary patch literal 2713 zcmZXUcTf{*7R5tI0z^Sd0I3>Kq!SRNBfSQYA~j&7cQBw}0EG~F^xlF}r966PmCY-9k@l3<*QkK4!QfIwP6 z7!IUc*VdH8OtWSz1EL}c|&^lRGsU>11OXJPEF@mD zC{4P~`w|aF$5C|k56B6XH+nzZhplKpF;>{OYf#`CE6*v@PC>w**`C`|8*vGA{%Y=_Q4;@P4$I-_ zQLCy*Vw8W{iihbNV4CBBa{$`Ltj<+zqV80?_tD(Rw>7rug{4K;f$}dBsF%j3(YMQp zfx=!lusWmLjvqVX4VDCiTG%;>t{yB$R1) zh1yMXuI!5$@4A0r)swpi1i7BZ!=vJyMX%RL{EDMNwqGo_#PZIn*M~m5@Wq?BCCf zGoT!VTHU^dUY>;~+)a#-)uwj8OIh3z=e*G?^|zcYg1_QwRoV_GTDnfkb~0tx+w51D z$Q3JNNnGD${D3^Jgy6D$UwMsgeQSjUboms^*X+*Wio}oMqSxm)BP^vUk3VJpMCeKtc7caU^Pq-n zg+zlKZy`LVeeIBsZjJqL_Hmc?y_O5~55RTtulAe_fH$8_g$mtEZzcxX+RpR#+;LzM ze<>OGsJ9XvuVQ*B^)HJC(zTJgp>FDXS9RC59iF?Gl1^M2N{-ylp6es>Wr!*7cr}jH zKHj%)g3lUy+COkz^D^oI`h?@9^=bUKB3_CN^qy{}qW=C)s8k%>>pVr7$m;dm@U=ez z7jtD|!Dk2@xaxnvlaB-Ef^gt$ikw0DDUb{Q#SoMVNa58E1ymdVPbWSzx-~YdLCs%u z0^vY|yv8b=dJOGyTMUAp)P`i2PrZ7yoJw$9(9Cg4Bi8r=?E|h`TB0^rW+kn-hlgss zk}Ytbi;i1|vVw@qJ)-?JLS)%72{x&Q4_?cp1!ZCn0>km*t4&}?SXj>qUOIUvA|F1K zs}>f8QD?Ymx#o+v+Q$Z`ghi`Z$Kd>0^*9|%*CM%?Q(3AOjY7>MjZW%aIXG^osZ_}L z&evC$Ua)Hx!b}i687c;R=6XkP=jDJ6hvvU{t|-BT>ell{yK}H$M{V~9C(}||sJ6Op zJ;lFKnftlfPm2m%C(`O6Wtx4V#eL6|gl&tr)O@{fd|rI2LD!*cB-HZlaJ^xpb<;jV zKcjsCa4#}jY+S3@$CxCw+?1BS`^W3|I~OeQHl<1I-^9Frw!JZCzKCM><>wU$vJ-kZ z$wuZ8Ib4)ysxoys-A?a+9ZjO)FieRfpC2|JtQs`rJ|rc7memG?)~&Ho=^q{-!`BG@ z(C~PpWsE;Wjji9*>4Rcp&GoOlY86j1Z%YhAS2~DEgx7AjkK#<<#_PFtz%nIrIa`?- z%xb0Axx#|~NUf?}eVnYQw9>_Hl)hNwv4E8xs9!G{FQ_Ds=N(xx?7ThrG{%H1wQuK` zN7$IfVwDF&Yy##X$U$g~qJ*^Bl+B!#+buKkCRQP%BYiP~#@%~6-u?($C(WIuv-#!E zgpS(ERZY&tvMcYn%>8r7GisvmRFej^`wt;vLP)vp%`egKy~PuHE_vK7jM{U-ob0Y4 zSox@$OG@Y)XY0nrF(dEGs6m&<^`6CJe{}DK!wvR&W2STRyj1sFB9Sb^7gftV zyR8#%YDFhFj^;htHQ2SRop~%nxuoY=elWTIDtcc+LxSJcKmBIV-@a#DCC zAVSUfY=-iw$1dg}0`6kp@WfNl`G25I!wK9?E`42#PES$rI9M>@WyJ9IFFwr@;9zM zX%0@GW-l@g&XheRRd|8fBVLN@U*QmJk>s0|iOhQ*^SY(4=l1sOiil(QEHVMjIrONr z`HjRQw0=dp8Ak4o4cGmV);XoVVxB#E;Q{N=QKe(*%J*hWsYW-%LX<`=3?v9K9oY?S zmQAx&3EHnJ#=l$8&0cba=JdgMVpkRpyJO^~xQQ?C8+Uz*{(YSd!p%gOUT~% z@3b!h=@0xwJ4BL59n{=4< zr!R(RjB}&7gBv%3WMBzD@o{`cWJXM+$BRGs&dcUTOU3_0oWUCO;N=z(@k`v%^$J3P z&S$>zVKO)Pn%XxwvuLYK(qmM`c=CD)JaA(IdfA<^&|(WiV*^Uo$n{kmF_1&^U7ze^ zG7|C6JpPIssaZd`CEK~_R#6+vRLESBA+Bc96c_l?Q!+dW!T%2)=~yM%K(K7pDVXK9m^) zcnt8PD8GDBit0m2U;QWN4sZduQ>Od>PW;l{D7`zt2O)`oBj_Mt5e8}?Cl~;NDN;Et hAM0J4gp8cvo&dPJ1q%0RK(uVB=1gC!lQw=4`Cl6f=t%$o literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/revoked-cert.key.der b/cpan/Net-SSLeay/t/data/revoked-cert.key.der new file mode 100644 index 0000000000000000000000000000000000000000..3981d0a51a819b37ceeb19af60d4e65e4142f52a GIT binary patch literal 1218 zcmV;z1U>sOf&{(-0RS)!1_>&LNQUrs4#*Aqyhl|0)hbn0Lj?{S=;Bs zrXZIL=^v*W1np%=cRt8_chg#Et$nye71`-(utrci?KRz4XFNh&>n4%^^=@lR={|zn z&QqW3=0hkI#k2ss#%uW!Q~+EX@~@tj#4}C%5!_63vByt7d=Qy2g2r-^BlUcPZZn&Z zNW=t0Z=<()K|NFOcBrEd8reZjGn}r@W{?-XJN6x(XO;30O&>m>8qTTvn8MG{D)vAe zdub~OaKvwnW=)iMjCw5&>U^k>01)SOB}n;(^v3Nlm@LgqVk(AuHICcelM@1(O8f=< zHakhcRdn-aJsJEDH>dJ;eX>Kmh?=~9i29QJTYzk0xngRXw=c6wgMf@%n!RxU_~yCvV$JaV z2$3~rE?*OYBSob^3>=xQzUw2?vTLaNfoTSIG6s>iaB6+VrN=v;skhQJnY_jS&~;mL zKh4gIZ8FK(9n`JeyB#8JV|HqneLn*Q&96Dny}y3560JC;j7b$(9dMI~#l9HSMA%~I z$C#PND(QNWt3pw*1=hIcU0yCKn*M>q;lD;AHxA_mH2{L@!Ho%ER@WUIoA>e1ec7Jn z|G{CxIYEGF(5HN<@puAgTjOzEMz#Zl*dTlcg)YU*gjeWw-~4<`v8xkySRn#|fdJNr z_k%-2F5%q5KqFl3x48RM7bM=}s$r_(-;4h+Vz;2uAH`plqmBPaeW&K!mOJ>=esD^S z7pv+f1&FUj>;@woJfO$*;mu!k&TtP0?Ho2!D9vwN-&-!X@oosO1QVQ*s;g-x+M}ZV zUAWdoU02H1T0m0sSfF_rYJM(fFOdR)fdKH`Xzf-CIloI&-9&jJ`5@u?_5=4Ei{kaK z(=el{VfkzbL4}{xqV_N-wp5YQ-ohK{9$qMRu-PWjxIO?2$$r5FY8$p4pr89rG`s*; z)B{K-nQL1dlF19f7}PaqnryM!=X1LO-v#y(lJZIob)CRb|Bnh@X6Yb?fta(7}W7YzLm^kI#I<)Mkc(BMMcuqvT4?vxrnJi!8ifdJFCdDSaye}}?pYqJ#_1&O}6J!lNu z-KAH!{Zrz1F7xuV&;&cmzw7bctgwBSVZ!u4S?Q43Ios~QS%pO8Q0tz1CIrs8cOLRWE1}q0nGwljeX#fBK literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/revoked-cert.key.enc.der b/cpan/Net-SSLeay/t/data/revoked-cert.key.enc.der new file mode 100644 index 0000000000000000000000000000000000000000..3981d0a51a819b37ceeb19af60d4e65e4142f52a GIT binary patch literal 1218 zcmV;z1U>sOf&{(-0RS)!1_>&LNQUrs4#*Aqyhl|0)hbn0Lj?{S=;Bs zrXZIL=^v*W1np%=cRt8_chg#Et$nye71`-(utrci?KRz4XFNh&>n4%^^=@lR={|zn z&QqW3=0hkI#k2ss#%uW!Q~+EX@~@tj#4}C%5!_63vByt7d=Qy2g2r-^BlUcPZZn&Z zNW=t0Z=<()K|NFOcBrEd8reZjGn}r@W{?-XJN6x(XO;30O&>m>8qTTvn8MG{D)vAe zdub~OaKvwnW=)iMjCw5&>U^k>01)SOB}n;(^v3Nlm@LgqVk(AuHICcelM@1(O8f=< zHakhcRdn-aJsJEDH>dJ;eX>Kmh?=~9i29QJTYzk0xngRXw=c6wgMf@%n!RxU_~yCvV$JaV z2$3~rE?*OYBSob^3>=xQzUw2?vTLaNfoTSIG6s>iaB6+VrN=v;skhQJnY_jS&~;mL zKh4gIZ8FK(9n`JeyB#8JV|HqneLn*Q&96Dny}y3560JC;j7b$(9dMI~#l9HSMA%~I z$C#PND(QNWt3pw*1=hIcU0yCKn*M>q;lD;AHxA_mH2{L@!Ho%ER@WUIoA>e1ec7Jn z|G{CxIYEGF(5HN<@puAgTjOzEMz#Zl*dTlcg)YU*gjeWw-~4<`v8xkySRn#|fdJNr z_k%-2F5%q5KqFl3x48RM7bM=}s$r_(-;4h+Vz;2uAH`plqmBPaeW&K!mOJ>=esD^S z7pv+f1&FUj>;@woJfO$*;mu!k&TtP0?Ho2!D9vwN-&-!X@oosO1QVQ*s;g-x+M}ZV zUAWdoU02H1T0m0sSfF_rYJM(fFOdR)fdKH`Xzf-CIloI&-9&jJ`5@u?_5=4Ei{kaK z(=el{VfkzbL4}{xqV_N-wp5YQ-ohK{9$qMRu-PWjxIO?2$$r5FY8$p4pr89rG`s*; z)B{K-nQL1dlF19f7}PaqnryM!=X1LO-v#y(lJZIob)CRb|Bnh@X6Yb?fta(7}W7YzLm^kI#I<)Mkc(BMMcuqvT4?vxrnJi!8ifdJFCdDSaye}}?pYqJ#_1&O}6J!lNu z-KAH!{Zrz1F7xuV&;&cmzw7bctgwBSVZ!u4S?Q43Ios~QS%pO8Q0tz1CIrs8cOLRWE1}q0nGwljeX#fBK literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/revoked-cert.key.enc.pem b/cpan/Net-SSLeay/t/data/revoked-cert.key.enc.pem new file mode 100644 index 000000000000..9fbd1d045916 --- /dev/null +++ b/cpan/Net-SSLeay/t/data/revoked-cert.key.enc.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,3355D51E49FF08E889DFE1B5BECA5629 + +HBOo4GUGlhClMpKJCn7mKKZizPe2o8+/d7SrgRTtyL1x3XUQXWKRUXbB7nuvEzte +sJ/wSojvuhIjpM+GEi1xK9Grwpf2F0QcBHpAjXXlt9MKZioT//RVxmyv/AgOZ/WC +EIs8/BD+rvZuQUHErbmeV8n/Gc9XJaj16M5w5ZN3LKHdjES9kLPiv3ZnyfheBp2S +vPnL18Sbzs8g8WNvHTcQXT6v4O0awf/j9PRELB787QXkZmED7QpS98xbZaCf4osQ +v0G2I7Mer5KxX6XZWW2ZfLHaPNfv0AIaaDlJqWSb03REpocsvbscQC4ZbCEynF4m +9qkW6tzAd37jtYllXmCQ/RdleRm3V88ybhHYF3hBlxa0N3ye4CoNpgPQH5u6psKh +6GDUkL2Us6ek/pmAs2EYXVnQulISyS4bva6eBeD+g7OMUtAWtxEcdJwfDMZkfTBd +6nfkiQkcTRpzBBl9PnFVkJYX+TH2QpPQo+cI8EZ5nVwvkSagRVgVnXSBZC/i3vm1 +929ZY8rtlhYp3ALM4FmnnE7hovI00NJHG+yuSM6IxsBWMO8DvbqXGLp9mpcVheqv +566j1lg4+3oCoJEI2QZhAaUZcpw6FVA/SPebPoOLmwtaVTm727akaOoUtz96HJMR +tiTJsCifUkOFNr9d9HXKuMMMynBDDdmvO740V0JEstcY5S0OGwDf4GBo0ofFOzSL +I6rOhjiz+UvC25dkF5dmXsAQCtR9a/q2TDY73Q9Yasl/RpnfbLgjeik0qLlqfnvO +xIphTx1KiFw/z5PMZbK168Bv04yaYb/z5NVaVqrpuER1FC252zLg43pGFcN7NR7p +Dr1G8VdK7IXjADg+dY5o+x080PravPe4Bek54z6HYnHyEGTOhWeD/0ZrHwqz7ykW +N5VzO0s7Wgt5B7rR13/KoHSHSXwyW3xZ/Yuyw/vJo6fThbE/G4+9gsGmV4sDWAyh +0j56oWAFnDSaOWYSf6Ctx4NuruUa7/gqcP0yO59Xxy3NQm0J5bluSuYeyDhPJNCu +vKfU4CF8ubfm8EY+EgRDiFxMg4EqKif2S94Cgs5msff1x2VPbcTMHv/2zXBChXYv +h+hQ3+Lo46c8EM7HqtiaPSxbhMv+Y8N4ok5S5Z+P12+ph0nZ77ZN4xW2BoqW9ggg +SHwsU09CuA1mFKh3YCyjfk+nC+7GVk1z6RsNp4TveZtQdI6cmnCxmfflwHx2EkM0 +o6g4SIbzK8yKpcd4Ae/TWnmqx6xhEFBmuPbzMQEjWQmjwc/dMDrRvbNjBreEUfv5 +NSpJaNQEWbFUZtt7Rd4dIFrEaosR0IdsXXfXuuwxaqHrCeKMRJx5LwhKw3Gi0eqV +G/XbxO3dTBTCfcqbAx5HcmpEqlaLIrbkLCmPbyHMF++ZUx0c4R0641peUTtB4uUx +fV9qXxhyCeKQehUEytdXaBsucWMdJAWE5xXQDvv5PzC/bhDgTzePAYttDNNRp3tZ +QuWTKNH/5cnqi4p+s0uk4ViHmobqv3NQhPPLBeyzqiYnDBoGSnxjDywlFRh8E7iD +DzEIjFiIlgkU51cM6vaEmxAcQmiumtOYtlEc/bU0UP7SFPCGCRbrOLGhyNZLVzO1 +-----END RSA PRIVATE KEY----- diff --git a/cpan/Net-SSLeay/t/data/revoked-cert.key.pem b/cpan/Net-SSLeay/t/data/revoked-cert.key.pem new file mode 100644 index 000000000000..417cd3d54991 --- /dev/null +++ b/cpan/Net-SSLeay/t/data/revoked-cert.key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAydkDWdvnw6YglwzpH6caBO1lSHc+yHt301porX24RBXZ6Wqw +RlA67TXdWGc8QlzrJpH/9W5rS+k+gtvOU5/r5kMoFcW0ALvGa/kSVABcG/KvnpbE +M037EdxMc7HHTz58EJkxgsZykiP1fINuM5uQSMQERG+jt3lBPVPwdqijDxrZQU0z +nK7OZpAXvTv2HZ5nlfIQTR8+oBrOqfuYws/QKvZAHHtpKwhwxG+MZk2UeIx6LQ7q +fKiQABDndSVI+Yb0xu0wmCzNTGIqhno1jtvdkxMCmkr8Bfw2O0nAVXTzZj0Z/A83 +p/J2fbJDvIiavL6di5cT4DVxnCyMvCDjUxde8QIDAQABAoIBAADpIu7r60NWh5s8 +3HynQqqa5lgFyzWI+pL8W4BsYrliapq3L7NKg4CMW5q9cP/45rn0Ys3w/QiRNWYu +XxOBI0WlQAwcma2+6yPTsmuo+oFpBnYyBpG3cGp9xqXHO5+pt9I0mbzF/9B1W3M/ +zc6LbTLJ2R3Urd27HSJtY3Zql30/AwXNrznPvb9+sxKtOKWMSRVYHXCTiMW+GNRE +2GLnx5iZxyrpepGrQlGwBda45l1eLiqa/oHD4b9GIjcO5QU1AILqwY0JYFbXHRyb +9/HQfdme5f/BYcI5QYBp0Kd8qfF4Amhb43FdRrYDhNggfAaFLsXLhFfodd/8fEyx +qxN2WCECgYEA1of3g0NDLuHcwkAjXO23uPtUFyTe46phquHfi/8wYreg0h/FX5Wj +jf9Ifafm3JY7+NR+cEqNF6vqJgWIr0XsBiMcPKDH9eHNX3TOcA8H7Rw2UyjNb1zf +Wy638W4IrwQTnJGqq2km2qOi/V241kVdV8rWWkBS81igeRhqfi5nL5ECgYEA8N1o +7VYKOb9LU91EeSL5IOH69gP3HIvi9a/TMKOpYflsCEGFn9Si9jAotlSR0t7CG+ke +Xih2sNkm0bg+AAvJfsEFahu2HaCf+040vABX1ANIJ5lrWxySyQvBGNQ1Z5pssdrn +c7sB3wX2EuSBm3Iq2oYduwrQ4OaK6MpSU3+OSWECgYEA0M5OTuis/3i/EiKzSMPn +yph1ZIFyoE05+sUWfIDJa4wnb92UklBnfNI4kHVX8uQXQz4wQsONSLj/kjpYq6B2 +9hI+bZRgjCZXas2aEN/QayzGg3J3YikXDP0P9GGQ+igRnpb5cxVJyAz1m34ZZhTl +oYm/0OBC3LAqoTLulBo+PMECgYEA07Z51Stsf4fCaWuzFRsFib64PWgM292lV7j9 +U+J3LvPy3mrhTjS0LNr13hYFuykryyakF7VPZnDo6ywb6yRxLuXwoWzMLcyS8myy +c5GFoYhk8tGqiIJcDzUyvGVCr9cPtWEpUhNNOMBfpAmQVpcKTdvW5CJEqXpbHPVB +Wb1jzuECgYBoHgu/B8mO0AQ7yr/r8d2ssH2WYcL0QFnpkR9kpDVfi48gZmYqqa5s +AsQU4Zr/uFel+Es+rrYJ3Prgl6EC0x9MVi4KyiHZmHG57/sRkCduW9FbPLyKkeLb +F7RfOWvl/D5+wW9jc2AwnZU8AsweQkICCh7hOffyV0t0ProGLAdNMw== +-----END RSA PRIVATE KEY----- diff --git a/cpan/Net-SSLeay/t/data/revoked-cert.p12 b/cpan/Net-SSLeay/t/data/revoked-cert.p12 new file mode 100644 index 0000000000000000000000000000000000000000..7cee3dab8768f46e27af5873ea96334699484c61 GIT binary patch literal 2614 zcmeHJYdBPE8(wQp7^0k}94AV0m=_ZI zicSt+Vk6oVP1uzXQ#nl1jvNX#-?9(wy}zH|ukXjV*0rwpeeU~t-{)D+^*;CYLOiTF z0z^VQxh0I8Q4%R>eg!B43VCvqD4v`IhDRVC%JUx-$_d3o?Sx@F__M*t|FKE|3nGO) zWG2Kz@-f&yKsj}IFC-VmL&m~*48%kD3y}yAfdJ8v{MTJUdFVScc}Na}Jb=QeAoe+% zsX(ii4XgszmC7=8b91IrV*Ui>6|nBqNEY5LipHXvt%lT>J&_7ZP7D^68Ac7DQCL*G zgB_%UTVW1CX7Kyla~QW`^R~a45aquOX$Tqo9#WS{Wrx$L0jB;`CX2v;GmVT4g)=2k zk5R%RLa7iB)Pq+1^_w6XK=ME(0LHNh9tZ;MeaJ)oV=X`8FDOWKi#1S_R8lnY=M&LA zhl49(YaP}4Bq3G1_HCcE81xLXw)dJa;7ey2^gR+HufNN!U}Dt4P_6YAaHoy_N!cCn z(wwf$&$_qSWpUMjbL92=dx@NtIcB^zW`_PO=OkluZaV26$}zmCCdSUj?LGTyk&;HA zoy+FDYh8iqxVu(!+WA45(<@zci9(I8lEv)iMI<7Y2IXr9!x6 zv{)3_GK04+@<|sOi47-Kyow*!%{`Jrl14Y+ML|^((&h4uy{cVDl~SB=j=a8>`bY7r z%Z)Slyk=e6VBB7{J5l|+8m40r|pt1k@*1Zc2D`ORY)4~FM7fC2H)iC+UQ z%MO~2;-Q%^yiA4sU0Yxh)eH+x0|Es8qo-gwx(YLwVdno`^=DVXl>h*V-n)qjhl8hc ztp_;8_N9VRPxJ$e%knJ(2|g-Z z{he2A6|{0H8Yc96ZqTnTaA_E}Ifh>o5fa;W<-S!xNlo{bocdO&D2g1pqq8eD%)Gr% zySHNSj<#NyKRe_?><%Qlv(oa>-Nv|^$`#wLq&ca1YDb()Zf#iI>-fxX?0$C6eIvbA#sGDP5k8?-VX*(9>iKU?r|G*jM4jq7ca~q=e1H_&Q|t7MJ1F^p|W;~ z1-+N%Aj4{Re)o%JO^MDCLv~f4!Q)yYAm1L>gbvZH))p2lx^AflJbIC&4LNkORz|yg z)9PM}AVKK$=VOs~z#;UU@@sA`)987U_8qKfc=Y@6j{R=&XPqd^If%MkUB}C%#~PLO zZjxHYIYPWQI-D39saI0qtR-*SdjE6v#MStex9 zDHFra`=%Lqgmem44vFX{Z6}%0ej9NLpOt1P=?jLd^0PigsyY3vFq<2X=`QL*q|3)95$VG|?#ywKl;D{exFLYCpTZj3#`Tei0&e z-Ezz1`RogI^qq~y4-78jZto3@7@siFoLG01F!H`I^r7j)jOoxDk^IEMsC&Bm$K=F#?@mywa%z|)Z1fRl|ml!Z;0DZs~2*gz1( z;o{-)OD)k24)#e+tb_@2^KgZv7MCalmu8lv8VVTjfmAZ{um|Pmmnb+p8pw(B8W|WE z0wEYgiSrs;AaSW_RTHC<0WZQEjI0dIO^o~u22G4yOihf83`<%+UEl^4GKNbJrNU##!Io{Z3C@(DK|o{bIB0lV3a(ceyz^zpPT*;hU=u@8he6 z2RHOwEDxGrd$MDV==+C{y5IiiJ-7VYZ%zHe(^C^`owJV3a94EM@mIg@UB7dXRj>U$ zmdysA#oi0vjk^$g;mEfs%OAS=gqXZIH+|i&O)q`~FDc&~pfFiT{*?wBn>QMkL2q~L_#v&NowwLN$?o?z z&x!Gm-u4|Toxs`McA~=n>qFngn^xQ3y*>B6h2KKsRX!J1>xt}&wJ|E1H>G_cI}kQv)=K11&F;?( zru#0XPpjL^nvIfJfMLwY5bM`2=`Y;s-Ff~|lgBkF>%xymqRz@^xkhtc?z_9TMCi#5 z>qmvF)*bYD_1b)`u(tL7yV0nzqW$uNO z&fUJ+{Y(0ozx)+`FO&YAb(wpov!8wSzOvUXY9eb{%4AKcmD#nc^}GE(Sv$7fNo($% z8EATN*UsXSTK%+Hw|94L{B)kd>+$-^m2+;pwoJdG_kZEC)Z<|<71yqx8sxLG*J8%! zvbi58-sk9vPk$`Jd9+u`?$|>~`SQFo?As3uawctDvgCtowaB^`N{jcK++#T$((XLv fVyfnBOT&)Z*+CbUP0pMixkWgxdV t/data/root-ca.cert.pem_dump +# hashref dumped via Data::Dump +{ + cdp => [], + certificate_type => 305, + digest_sha1 => { + pubkey => pack("H*","bcce875d3a14c27cbbf30035bed267967eb3056b"), + x509 => pack("H*","7a0a5ed28550577415e83e97373181a9708cad0d"), + }, + extensions => { + count => 3, + entries => [ + { + critical => 1, + data => "Certificate Sign, CRL Sign", + ln => "X509v3 Key Usage", + nid => 83, + oid => "2.5.29.15", + sn => "keyUsage", + }, + { + critical => 1, + data => "CA:TRUE", + ln => "X509v3 Basic Constraints", + nid => 87, + oid => "2.5.29.19", + sn => "basicConstraints", + }, + { + critical => 0, + data => "BC:CE:87:5D:3A:14:C2:7C:BB:F3:00:35:BE:D2:67:96:7E:B3:05:6B", + ln => "X509v3 Subject Key Identifier", + nid => 82, + oid => "2.5.29.14", + sn => "subjectKeyIdentifier", + }, + ], + }, + extkeyusage => { ln => [], nid => [], oid => [], sn => [] }, + fingerprint => { + md5 => "41:F8:1A:EE:19:3D:28:70:79:BA:6E:07:AA:9D:74:27", + sha1 => "7A:0A:5E:D2:85:50:57:74:15:E8:3E:97:37:31:81:A9:70:8C:AD:0D", + }, + hash => { + issuer => { dec => 3235285478, hex => "C0D689E6" }, + issuer_and_serial => { dec => 960827716, hex => 39451144 }, + subject => { dec => 3235285478, hex => "C0D689E6" }, + }, + issuer => { + count => 4, + entries => [ + { + data => "PL", + data_utf8_decoded => "PL", + ln => "countryName", + nid => 14, + oid => "2.5.4.6", + sn => "C", + }, + { + data => "Net-SSLeay", + data_utf8_decoded => "Net-SSLeay", + ln => "organizationName", + nid => 17, + oid => "2.5.4.10", + sn => "O", + }, + { + data => "Test Suite", + data_utf8_decoded => "Test Suite", + ln => "organizationalUnitName", + nid => 18, + oid => "2.5.4.11", + sn => "OU", + }, + { + data => "Root CA", + data_utf8_decoded => "Root CA", + ln => "commonName", + nid => 13, + oid => "2.5.4.3", + sn => "CN", + }, + ], + oneline => "/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Root CA", + print_rfc2253 => "CN=Root CA,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8 => "CN=Root CA,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8_decoded => "CN=Root CA,OU=Test Suite,O=Net-SSLeay,C=PL", + }, + keyusage => ["keyCertSign", "cRLSign"], + not_after => "2038-01-01T00:00:00Z", + not_before => "2020-01-01T00:00:00Z", + ns_cert_type => [], + pubkey_alg => "rsaEncryption", + pubkey_bits => 2048, + pubkey_id => 6, + pubkey_size => 256, + serial => { dec => 1, hex => "01", long => 1 }, + signature_alg => "sha256WithRSAEncryption", + subject => { + altnames => [], + count => 4, + entries => [ + { + data => "PL", + data_utf8_decoded => "PL", + ln => "countryName", + nid => 14, + oid => "2.5.4.6", + sn => "C", + }, + { + data => "Net-SSLeay", + data_utf8_decoded => "Net-SSLeay", + ln => "organizationName", + nid => 17, + oid => "2.5.4.10", + sn => "O", + }, + { + data => "Test Suite", + data_utf8_decoded => "Test Suite", + ln => "organizationalUnitName", + nid => 18, + oid => "2.5.4.11", + sn => "OU", + }, + { + data => "Root CA", + data_utf8_decoded => "Root CA", + ln => "commonName", + nid => 13, + oid => "2.5.4.3", + sn => "CN", + }, + ], + oneline => "/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Root CA", + print_rfc2253 => "CN=Root CA,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8 => "CN=Root CA,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8_decoded => "CN=Root CA,OU=Test Suite,O=Net-SSLeay,C=PL", + }, + version => 2, +} diff --git a/cpan/Net-SSLeay/t/data/root-ca.cert.pem b/cpan/Net-SSLeay/t/data/root-ca.cert.pem new file mode 100644 index 000000000000..ab481e2346ce --- /dev/null +++ b/cpan/Net-SSLeay/t/data/root-ca.cert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSzCCAjWgAwIBAgIBATALBgkqhkiG9w0BAQswSTELMAkGA1UEBhMCUEwxEzAR +BgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsMClRlc3QgU3VpdGUxEDAOBgNVBAMM +B1Jvb3QgQ0EwHhcNMjAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjBJMQswCQYD +VQQGEwJQTDETMBEGA1UECgwKTmV0LVNTTGVheTETMBEGA1UECwwKVGVzdCBTdWl0 +ZTEQMA4GA1UEAwwHUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAKSF8tIItlPf3KpLzUgI6JVW/d/+LZP1zYedrDFFXjvZu+4uFxE5zp4vczbX +k+jhF0TZk292eStA9kVMDePVMcGwjNF3Up99yYisFe/h4ovt/w3Op9b7KS9xy5Vh +fUNqxphHIUS4/S9+7o9DUjqNP94EszDzFu8R3V7QXdDE9pSn4UZMVDTozpeu+rLo ++FOkd7NQIJMSKOdCv1HOhcFuuj+4FkLlo8k5bDgEVH68xTOL92Q4sLwubHEWl/Hf +1IA8POwoOVLtuLj4GyIrbqM/Yj779kmRX+LtjsJ1kAmLhsh4T/XhTaOyqz/d253v +OE6hM6pM0KsuFLpdPDJynpSHoQcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8G +A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLzOh106FMJ8u/MANb7SZ5Z+swVrMAsG +CSqGSIb3DQEBCwOCAQEAXU6HGU8ThUuJz+KCSNYaO3HxxFrNH2pFWwrTjt2tdBLk +uDvicaquwUzq6zetEys7v70WOCprGB6uARiet1vU7dg7cmrd7eWibMDNoKdcPNML +oZLO29WL+hvGTx/UD0o0j7l+ab2XB83q73mNRlqRBXZkkykaqWt9qy+LTvI7QYbc +ZoONmVE1wbq5c3R9L2aa27uJsfLPAErjr3mpnNtFhJfULv+hpmXHVukhra+VUkyp +jTiY83ad8ZHfCIxfZ+MUCcWNGj7G4Rkfd27MB7fDEQlisaSk8B17FK7oIqO/NN4E +w1SHQ5TRZSmbOTGIfZtS0KaTaZdZtBNee5BEzQz1sA== +-----END CERTIFICATE----- diff --git a/cpan/Net-SSLeay/t/data/root-ca.certchain.der b/cpan/Net-SSLeay/t/data/root-ca.certchain.der new file mode 100644 index 0000000000000000000000000000000000000000..7b4ee9ea037016eb7f9ee50c1ed14b706d636ccb GIT binary patch literal 847 zcmXqLV)iy@VlrL8%*4pV#K>sC&Bm$K=F#?@mywa%z|)Z1fRl|ml!Z;0DZs~2*gz1( z;o{-)OD)k24)#e+tb_@2^KgZv7MCalmu8lv8VVTjfmAZ{um|Pmmnb+p8pw(B8W|WE z0wEYgiSrs;AaSW_RTHC<0WZQEjI0dIO^o~u22G4yOihf83`<%+UEl^4GKNbJrNU##!Io{Z3C@(DK|o{bIB0lV3a(ceyz^zpPT*;hU=u@8he6 z2RHOwEDxGrd$MDV==+C{y5IiiJ-7VYZ%zHe(^C^`owJV3a94EM@mIg@UB7dXRj>U$ zmdysA#oi0vjk^$g;mEfs%OAS=gqXZIH+|i&O)q`~FDc&~pfFiT{*?wBn>QMkL2q~L_#v&NowwLN$?o?z z&x!Gm-u4|Toxs`McA~=n>qFngn^xQ3y*>B6h2KKsRX!J1>xt}&wJ|E1H>G_cI}kQv)=K11&F;?( zru#0XPpjL^nvIfJfMLwY5bM`2=`Y;s-Ff~|lgBkF>%xymqRz@^xkhtc?z_9TMCi#5 z>qmvF)*bYD_1b)`u(tL7yV0nzqW$uNO z&fUJ+{Y(0ozx)+`FO&YAb(wpov!8wSzOvUXY9eb{%4AKcmD#nc^}GE(Sv$7fNo($% z8EATN*UsXSTK%+Hw|94L{B)kd>+$-^m2+;pwoJdG_kZEC)Z<|<71yqx8sxLG*J8%! zvbi58-sk9vPk$`Jd9+u`?$|>~`SQFo?As3uawctDvgCtowaB^`N{jcK++#T$((XLv fVyfnBOT&)Z*+CbUP0pMixkWgxdVD6dZ6b$=*<+jS3n>= zAQlIrUr~rZ`;(MrVbVe>tg`^D4>zyT7`Vk`G!3soqTvYX%~tuSFl9I zIUm!_DNh+*zlZDuxE7U7+;3osr2uG73%!LKY+!5nD_l_~U zPetS^bG*drG5u}cE-Ey5ZX3c@EiU`yF*(})qMfx`p0k69s!qz~`yDNcW++~7`6Od~ zcpjpLFYVgAQ;U>SAb4ZG3toD_WS&YHwXAW1kBo9p+^-VG)D8|wMC^BWWR$JAD>r4- zv{Kx=dotxm*as`lY2P5+tdbh0y-+7Qgw*cXBm#vpPHLlwleIx}Y-0yN_lyL|Ac}wI zETevOr^`UljkLa=OV&5U_cR*zcGg9;H4i%YcEZg>MT)Ka6_SR`eZH=k_noKJ zx~-nO@3}pkEJ5rmw%<>fug)0gN@TXR^lTxh_WhXCl9l|05+22W+HI`(oq8!NYdT7F zUEd_u^*HMRn%TT}b$ZuMaWy5PG%6z&`(3q2EeBByQE(U`u&+a{eN=RW@IGb6uSq)8$N3V3^wp1CdWfU4{#fq^wF=8JNgT1BISct zfAK=hj8gugZ?^MuRPyR?&+HBhGrj<&<2QR{j9P=|m%h0>or$TLkRETtNKP0XEk{TC z{45KS$Q%kUuG`D1$|N7UkuR#}1qPyt8`8+0{;>x^FjEkB@yzWWTkaUxheo_b@12Y^ z#aEh4v7xi)E9Xvo2XFa~H9PcWg|K0*iQ7(h_qUE66jWsvVOs6j> z>5d<&zI%hr2_e1c?A^#zdO>r}iqzD^(tGQ%uq5Pj+cw1;+Ke<{&NRjN{tH8imkHZNCw`s6@m@-fHA zot|=Zu#7I$XFLX$R6pN|$Y5V|P;9a+@ z_x0H>>C-tAKN?6@LQKzkhrS-kt?CAJ1>98(veWFQv=}*-se_`V4a|7hDVOaKIB?9M`ObVd_(`z1%v|)cn2L%9Y@&R zhN7yFmhvZ_^^+ijyJRg*vzX9EDUxr_s6k0hX~oSfobr)KW@Qytfc+P=d7$5J`0s? z2_pGR7-;MsB|#-qU$3M^tEtwPzP(R}J93MTZ$lBF;#t9%=_>;1bxCpQDvUC|Dhf-V ziMs7}De}5Etr8lHc8Y@w!&`z~1^fXcJLI1aG@45l(|hu4EVpRuIQoQR{1)3?3d2?x z6DwhQKzZNEGaF}rxyK0d+r0CQjUlfv96aA#8$lX&>kG>~QQ@I=7p|Z3FVIEtmLHC9 zK06)Ou~pT0IvM8-{%xi!+RNQdJ`ODGi9z0W<;5|T1`U|n^At(P8gHszR>Kj|kFPKh~ymAXu@nKGIHra)02f|yzTjL`q zbYX-+F?-{+@ld@Px9U`%a6(lO(iRAYw0$UyPZA5==9A++*yXGr_q7%b5HA1=@*Nz6 z$C|ja_{s0?!?mIO%O4WqCTd;wKOB(>j-36qJOL1Uk!sT@3*J)tNX+T?NS38UQ5CG6 z?&xLZwb@S^!*gzg_}8U%cH7!qPZzUu1&@;1LvD{I=1Z~RwZdQ0v|m4S*h%_~a~BuE zW%AG5*%YfEDqGLX6d;0u7w5&xn-)g4_LbbVR{2{BSOsM{=WV7u45Oy!6qffGJ&SsE zxvG$XQ=cayvYqB5%-ZE6dGVEaLyw0sdEuU2;_XnY8q#p?w3^}KjaN!sZKUVcS8M6a z%`=-=H?neO7krZ0Z$MM{U(`AvYtr}~B^4HOJ>f7tie9i8j`MJ31Mn~e1o7j5D z0KRT(Y=agRkn=lvSOS8(?y$%wcx(Vj<4fHBv;&jEq7nSJ9%80p z<}ZhvAd!l6Zwe)yiU$@QgE_S(IJd9!VPwH#XE-BJ?_@^_+7U|%WpYI%&hrj>iPgg> zCs?BNaOHlF_}DVLwaduX1qUy#kF_SzlQoC9hvVqvFT^+n&WW1qu*R-*Si$GE-wf&; z4XJ|_g(ViAY{F}Kij=@@8*?xB2{Dczi`_f-GOpO~@7ZL?rS%8e zr})kEf}z7zc)#Y**T`6A4EZH!o|Mh-zFnY?tKv?M(IR`rtg$)ot(r#~fwoF6=ZmAwMWK_y@q#deYcnHrfzu@H>3+o z6WOVcrb;?fLWSh8#O1MY9vYB0Ms8i2m_qhlBgF9zoJV%m6}`RZhF*mw|IH56d?Sj0TuQa**S(O1i<61zxR=KS(oA zolE8iO*D7n8GiA0S#F{^4_U>;N#T`ZTF6YkMo^iT&FLF#_Hp7Le$BoQPb~bqe;VHu zic%Q!Wj#k${3vJQvQ*cZssgFIC%}!` ze{cV0e|-gb{p1nj)Z-P^21) zNJo(-L_|=OlA(zLB49xsM#_L~fVpwaI5Y3}`|*CvIcu+b_V?}6_C9;Bi!k7q7!Zpv z;2IpfBhDi3g8;}27Bb*MhymxKa2CRVr2j!d1c(9gqA)rOyMZJ8F^eA$Vhb7AV<_l} z!~X%o66ji3M~H#7MR6;Hfzc_%Vn7TA1QEiwRY3w`NhTmL4toH?iDB%l$zq5ISHbh+ zsWiHpqoXy=J^W9Qz>jyLh0qloPx;VkWMM>*Yl-FObqENcE12v>$$KtRXb_!{tO0SLC_WiLP{w+pL62>oCJ^Cl~Ag8F?U0R7B zy!2{stDgvx$XuKn{?D#mKP%}w%r`ZClp(43vy40pzpPqbJ~}g>eD~BPI5F=g7zA9Y@lv*8u~z2? zW*8Qu(gs0`_YU>R`M?RO9p%6CcMujW!vj?v^0m%BQ?Bp##_(VEe!zsXKTXCbH~kMGKbYS zib`qso!@M!s>yJ$E>F_SS`N)yygbEs@#wKxBHWcEZP-06B_HPB%iGu~0(;aI7ca>E zNUWYCvDn(rpiZZFlk}fx%2)Ks36WPEIHhSmnFnu*x&3&_w2yzKmK+^}D1Li-us9j@ zTm;^2FxJk6E0lqo@(fAi+gyg@wyNaads++v1pdZmklN+*w#mNrO(Ua3>W z?)uer=K#9lrKwr4M|by=|OFPQIapuF!6Fv`(-~y}Wf|Hz0IT zUZr2&IbhYiMzn>wmaJVN)K0Q-E|_|LgzUa;AfY}m?(yvxW6MG8D)W|<%24?UPbgMF zIw2gy%~RIgwvHM9MrlzfX<&)e$aGnr99jPueXYBK{d(`4iyq`|QKC&j%&l{fIjst4 zg?r&Oc*NOd8pwx9r7`y_o@UFHnAVef6dfY6I}9E#v^^d1vLKAdQT^H;!f6xlwiLi> z!aHcX`hF^}7C1zfc#Oo^by!A+T8D{_23}t9aNVKPi^ZyYZ6>?h%{?DO0~wH zs)RQ3k^;PKFD#k{+|v}CEYEyl<*sp_IKUsSSr$2BuoT%)tP-4d?cnh)v-OkXNwTtl zqv@5ZYRiEV4<02q#L9Fn7ZR3+$=}wo2y#7BNME1P3-aOlm-x-ux;WE}KMmAdTvlFh~SNO?5 z+;?Op+c~c%BYwZ}$9Ym#o!70-V#|0Z>=-Tk!La2ABf4Dcy3!3P{d1c**F0ZLMt({O zU`WnpwS4LO-cmk$EzjuAuwg7{IrU{!^{XFPqcJR{tCi1PS!`^1MG>y&jPPxW#;8U@ z=eDR~d}A%u%q>rAf^EOR*+?z83J(pYt8l)HB&PSK>V0ZSZgR6l+bX0~EMU)5nsV6eKs{sQx+kA&7~o$!bK9jkm3l^1LR#annGxR2kHSR5Zg~vFALy|_Ii72gMgFkJHc~E zIsY$}R}I;M{xb2X2x2kPJOD)O1JZM9Q%W|kHsDHghVGmh6`Otn@$IiX-n{GVk*MDR DLI(+{ literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/root-ca.certchain.pem b/cpan/Net-SSLeay/t/data/root-ca.certchain.pem new file mode 100644 index 000000000000..ab481e2346ce --- /dev/null +++ b/cpan/Net-SSLeay/t/data/root-ca.certchain.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSzCCAjWgAwIBAgIBATALBgkqhkiG9w0BAQswSTELMAkGA1UEBhMCUEwxEzAR +BgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsMClRlc3QgU3VpdGUxEDAOBgNVBAMM +B1Jvb3QgQ0EwHhcNMjAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjBJMQswCQYD +VQQGEwJQTDETMBEGA1UECgwKTmV0LVNTTGVheTETMBEGA1UECwwKVGVzdCBTdWl0 +ZTEQMA4GA1UEAwwHUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAKSF8tIItlPf3KpLzUgI6JVW/d/+LZP1zYedrDFFXjvZu+4uFxE5zp4vczbX +k+jhF0TZk292eStA9kVMDePVMcGwjNF3Up99yYisFe/h4ovt/w3Op9b7KS9xy5Vh +fUNqxphHIUS4/S9+7o9DUjqNP94EszDzFu8R3V7QXdDE9pSn4UZMVDTozpeu+rLo ++FOkd7NQIJMSKOdCv1HOhcFuuj+4FkLlo8k5bDgEVH68xTOL92Q4sLwubHEWl/Hf +1IA8POwoOVLtuLj4GyIrbqM/Yj779kmRX+LtjsJ1kAmLhsh4T/XhTaOyqz/d253v +OE6hM6pM0KsuFLpdPDJynpSHoQcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8G +A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLzOh106FMJ8u/MANb7SZ5Z+swVrMAsG +CSqGSIb3DQEBCwOCAQEAXU6HGU8ThUuJz+KCSNYaO3HxxFrNH2pFWwrTjt2tdBLk +uDvicaquwUzq6zetEys7v70WOCprGB6uARiet1vU7dg7cmrd7eWibMDNoKdcPNML +oZLO29WL+hvGTx/UD0o0j7l+ab2XB83q73mNRlqRBXZkkykaqWt9qy+LTvI7QYbc +ZoONmVE1wbq5c3R9L2aa27uJsfLPAErjr3mpnNtFhJfULv+hpmXHVukhra+VUkyp +jTiY83ad8ZHfCIxfZ+MUCcWNGj7G4Rkfd27MB7fDEQlisaSk8B17FK7oIqO/NN4E +w1SHQ5TRZSmbOTGIfZtS0KaTaZdZtBNee5BEzQz1sA== +-----END CERTIFICATE----- diff --git a/cpan/Net-SSLeay/t/data/root-ca.csr.der b/cpan/Net-SSLeay/t/data/root-ca.csr.der new file mode 100644 index 0000000000000000000000000000000000000000..a32d3ccc39976b1660530af8c65f0376a371149c GIT binary patch literal 656 zcmV;B0&o2=f&z>%f&q2{0RS*bF$*vW1_M?^V5HJn~162eA3=A}|dG2`Yw2 zhW8Bt0RaU71A+k$05F093Ic)w0RW_h^3n*lQ{UXGOU+0K=#^Ie-~KI=_05N!tT9Di zJK4MLE*B9w&YmxGHrJEr;TJ^NlW%r;D?s)|Obz4JF~P8m(RWgxeaVQd74PBVi|zjn z&ZpMt<=?9=^;*L<`eql0z^Js4UzNbuTg-y4C z?bU8n0O)Z;_%saYC7G(kUNqNwdw+Tgb3?=;40kP2W_zMsGVYhw6$_LsY%Sg~lR>ij zWRT**YXs?ZYl9ek)emk=K(LTYMKvw{&olA1X`|&m>o`$#>aj+%@|ItobI*+poWDha z9Kc@YN9xf=iA51X=pvnu2I{Y}n(tCRVRua1Qg`{UamiO+1Cj4Y!89`No^Kf@UB4u7 qIo3f{y~ur>&Gm|8^?WJ~{n5axXK0IMsk2a_c?I`a&|>!oNLWpFjv+4q literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/root-ca.csr.pem b/cpan/Net-SSLeay/t/data/root-ca.csr.pem new file mode 100644 index 000000000000..8d165e2ac9d6 --- /dev/null +++ b/cpan/Net-SSLeay/t/data/root-ca.csr.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICjDCCAXYCAQAwSTELMAkGA1UEBhMCUEwxEzARBgNVBAoMCk5ldC1TU0xlYXkx +EzARBgNVBAsMClRlc3QgU3VpdGUxEDAOBgNVBAMMB1Jvb3QgQ0EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkhfLSCLZT39yqS81ICOiVVv3f/i2T9c2H +nawxRV472bvuLhcROc6eL3M215Po4RdE2ZNvdnkrQPZFTA3j1THBsIzRd1KffcmI +rBXv4eKL7f8NzqfW+ykvccuVYX1DasaYRyFEuP0vfu6PQ1I6jT/eBLMw8xbvEd1e +0F3QxPaUp+FGTFQ06M6Xrvqy6PhTpHezUCCTEijnQr9RzoXBbro/uBZC5aPJOWw4 +BFR+vMUzi/dkOLC8LmxxFpfx39SAPDzsKDlS7bi4+BsiK26jP2I++/ZJkV/i7Y7C +dZAJi4bIeE/14U2jsqs/3dud7zhOoTOqTNCrLhS6XTwycp6Uh6EHAgMBAAGgADAL +BgkqhkiG9w0BAQsDggEBAGinCBxBYGfimynq9S/EvRpLARaM6HabwX9YT2AYQj3U +cfkXSkPpB6Bn4o5Q435hMoDzaG79vqdMaoVNt4Ht1W5UAOhxQ/g0DOglmarEXjTX +ent/egpzQ8QiDHctUWZ7olwy7pfWFQuULGwt3jGTQbL6ZJDiwmsE6XRrgxh81Q9u +TECwkEtFNS3+zzPxtmmj5T3rOFF06rFGs/KWX55zz40NnL9FghzAXuZH6tFGiUUR +QeginY8G6q+ymu9SPmF3TNtSd/mvcclXXgOR70jBNDLunm8ZJl2/JHA51kFVvch9 +nM31imT1fCoN/dHAqmdoi2Wps1CheQX3WNBi9wdIWE0= +-----END CERTIFICATE REQUEST----- diff --git a/cpan/Net-SSLeay/t/data/root-ca.enc.p12 b/cpan/Net-SSLeay/t/data/root-ca.enc.p12 new file mode 100644 index 0000000000000000000000000000000000000000..cb9abc542d1424605724674fd857be0e06c7dcdf GIT binary patch literal 2647 zcmZXUXHe5?7Ki^p2oS|97&<}_=`E3VX@Yd6V<^&F=t0`02vS1tNbk~%NE3{bzy+j8 z7YRs5dQ(B9_l+~Vdv|8%oip#5=XcKe_`orc$D|}=a14YAOvN9m9(hDfLP1i9fj~eQ z2$+aT;TVw7KM}YP15zg_1DHQAD= zB$|6W@hj5i?u^uAoxQPl1lH&MbG(AVX862J3BmbmY94hME8if-w`@jn0u2#q4xXW- zahk~IFWM@tQ@Z}etz|Pa&oXE!F66-O^oVCjx4Fk}-dYp0q&p*UPgjc`?R)H6y4NSpMbU_-V)sBw^_YvKdeX{@JXhiNFM6YeU-VyuR35)% zx2m#Ii#ENS^EGl#VISoAhYw^fhk!P@1Rp5!R0 zUCDH9?&5P}-*y_Z!l{~!V`bW1s=OhXrJQRc>mFbj5LH z7OeYrGcp2}QlrI{qIa21l*)vj+RR04W$H02_`tTUW6XHG<+(IMQJe{kDb8Y*Kiyg)7YkMS8r3$nD+|0J3ye;@g z3%$xk{xB}wRFgo$TmOCxtVYm8W6-wE>3OB+<@zqWmEfR*>I|Fv>MG)_lBW|II%i`8 zz1jh%FaC=B4(k^iJ|!SpzL`qN+)@~%NLyR9)5jjtIV$4P`LsK$yk2>XddZe$C3SQ6 zQKvePz)ndT2DFj~ln(IL^UD2jteR=w?X6ET3uUyIC+SmEA@T|{M$y7+3sOx(!w=Y& zFV=J581j<;5lA71JPm{)PbT7cVnu_m{YNJd5>ldfwu!>o`hUw@<- z)Z06B%O5%6wn`DZ+5!7w{TS76M8YN56PAA$fP0`?-vzDYIDOQNx768Z1 zecCW##UvUZW&4SB`7P>Isb0?PKJ?;I3XYJREU6){h_Y7y>?C*Kkj${fjO&r8ybn9X z)M@Al@a~ljlV%78&V?loB=t9Vu>kuH{epPwQai&mwgodLpCdeug{*B}7v|Z2 zTlhAifTgJu{!+?Wjvc##D;-lC5U_%}Q-a-X4GM}G39+$PIhu4#_LzIRez|5ec>CbY zcb=V(n%5gJZo52mhzIt)~mvC6QG|B?+5B zE-@dIJB#qhKw~n~ecqJ-TAtIa+b>I=FK#8F7Xkbk{$t%XlioSAcy19Ivjc6Gs97^R z<=8_05!rJxE-rI;ieuYc=Vm8hpli1UKW7WZXqj+Y#SWd){;iRTG+ zz4@R?dDu=gW?igcw*q-zZrlBBP{~l<6+bU3(c_}1(_IHFR+s6p%g-aZ>tmTJwWi3S z>nVbEVEJ$aQBhtbe~?VebZXKrdf%P~8Do7(FLbdm+qirbcCHJ*Z;natg&avIF?Zz& z5|~_E{40)8LEhU|Q3er8mau%)oePGg!ylT6=VgR3k)%>>ni|1ox^HY`RSAWWqVwx6 z;}OP|#``1=&lp@znkEAb))Kq3+UM{h+%#qF41(7f7)%MFklBi{QM(I99s#cE z7k9AUxN}#PACa6#UH*4v{46uU?yYTX{e7$(CMBm+e?)aQCQ3U_saU1dU3W>%*0E%! zE_RAO{fm&>Ac9T}@!z#4bc6n)6V@wN9-(a2kXAL5ycTyeRLY949G{7ZB1!wR+ig@s zF@#H+{oCU{Z$yKTszhLl+Z~i41gkFfhEXDdTRcujQ8uQy+6bu=Pf_spuqE}^V4z#4 z_XnZ$Utqw|+A$te!!5ZGbsh3fHcpGfC*f=M%J4^uj_9=t!|-lC zuy9|>*$^t;P!7!{I>F~Gr_Z_k{W0T&({s6q=)?Q!lT5Xu4 z8TfWw{`wKt#^YC+&QU9>(@?sbmeJ#6nJ;($yB|H|9Gj-VdbV6*qkYL5AGQqKYopSB z;XP-?rWK4hnmcEQF)n&aoa?lWVAFWbl{><6Cyr!Q8Pd21bWP8y5<{O0tD}7>`UPND zZ4F{Ps!>V$hQ-1?0bYE}0kJI#P9AL9=RAgi~*jTCMQoxXw;OY007Hz7~b<0Pk-}W1;RE39*1nD!B z*k+M#9g3~=0;g$vuBo}$N9ivYFXk@SHrx@2&`3DvfAvU3hoA>RpFu1}BXo_t={D|X zN+Lq5+~aGg;g>A;1=}2BZNPfCAizy(i!gxDz=Fumc2%)Qva= zBXSfm@dlg#dt&|G_&xEPI}&>*zzvRobHJ&<&LNQUrsW5^Br2+u}0)hbn0HlTT(g?Ow z-`uK8%}5C7l~(=V{w2`235$lvcu)1=O{21_Ki%7%?>J7OGpbC`t1c9}T|6>!o|K272Lb~D009Dm0RS1C z7B9AzcNpe31_Y+vXd?3eBGP1%-xS8O_Wo9HbUu*Z;{nMxC*SmGd&r@qx^} z(92Y6b_>OJ#=n6za#yk+OpC?<4~!ox&L389_C~J~x|aQpG^-E3B28AG-{4#^VJ6Rr zvT%miyyV#Palfrbx{s`OAKYUEg&-P;c>xCPI{jWG*h2g|x*(;sqYQLFtTQF~$-UO`n9eg9JuptpK|T%nAJo)mB&G0Ga6@(Ul{s|j3PO$=kfdJ)- zVqGCM3D6BFDRm~se?xMmS|Z~_)=o?cb*u#cosDm1Pm1wGZ^SYV-Km%4OJOgG6weHK zGN*mjJMw+Cq$_fhs99*mMgDEujU62TQ$(Asu1U|OVg)E(FiS-JoCFXXg)GpXwTM&G zAAtk*<_|(*=k*;ah4eve7o+D2H#Y)-fdIFB@K9s5hXL}kH^1HiUzXZ7SIP%&U|BFg z>P#Htz6v&Ri>p`I!xJ$-@M};Iu1BExI~8ix^_fn6YHG!=y=vR0G&$ znaI>h_dj$VyZ$J%899R((5PeN-F^9wZ-N)&n7aGTSVMni)rT2O_V!`ri~Ffzu9pe(_UfCjgW6To<9wRx#n? zF%bfRfdJJ`XRR3>5OS+4-oj*6W_lk8p7gIH*mEKx2BEQcI+~7_dST&LNQUrsW5^Br2+u}0)hbn0HlTT(g?Ow z-`uK8%}5C7l~(=V{w2`235$lvcu)1=O{21_Ki%7%?>J7OGpbC`t1c9}T|6>!o|K272Lb~D009Dm0RS1C z7B9AzcNpe31_Y+vXd?3eBGP1%-xS8O_Wo9HbUu*Z;{nMxC*SmGd&r@qx^} z(92Y6b_>OJ#=n6za#yk+OpC?<4~!ox&L389_C~J~x|aQpG^-E3B28AG-{4#^VJ6Rr zvT%miyyV#Palfrbx{s`OAKYUEg&-P;c>xCPI{jWG*h2g|x*(;sqYQLFtTQF~$-UO`n9eg9JuptpK|T%nAJo)mB&G0Ga6@(Ul{s|j3PO$=kfdJ)- zVqGCM3D6BFDRm~se?xMmS|Z~_)=o?cb*u#cosDm1Pm1wGZ^SYV-Km%4OJOgG6weHK zGN*mjJMw+Cq$_fhs99*mMgDEujU62TQ$(Asu1U|OVg)E(FiS-JoCFXXg)GpXwTM&G zAAtk*<_|(*=k*;ah4eve7o+D2H#Y)-fdIFB@K9s5hXL}kH^1HiUzXZ7SIP%&U|BFg z>P#Htz6v&Ri>p`I!xJ$-@M};Iu1BExI~8ix^_fn6YHG!=y=vR0G&$ znaI>h_dj$VyZ$J%899R((5PeN-F^9wZ-N)&n7aGTSVMni)rT2O_V!`ri~Ffzu9pe(_UfCjgW6To<9wRx#n? zF%bfRfdJJ`XRR3>5OS+4-oj*6W_lk8p7gIH*mEKx2BEQcI+~7_dSTD{4Zw8Glj)?Ltu_A&_0RapZ^PPy2EMYT(kkR(_ zJ19%oV)!@pf4LP4Bq4;qegnh-SQaP-AS@7%VSyk}5WCPLblZ7!__|H!ZlUQ6mzB{~ z?X;!N_?&XGrJM2dhF^7LC5*aqbwjp3OPd~(wRoNu5Eh}iW7*P{FwswLzLE5ExKmzK zdqTPN?AUnX%o?Gqc;JhMZqU;V_b79pwoAKIE$UWuqkl~?ccLVlzJzWfi!!qkBW^rb z-oxee;xQ{*s@`;0X65Ia>5t9@;Wr&s(j?WV%(#2IVw?TzP3vULUUS-wP8dSe=zFbO z52S2;r!H7@iY(nAGtVJv->x1k zO-4NziFfOXb==R8o;JxeATvt?lPU;^=U+xdvWpTG2nGVs#sIVdPrx0Z04hKz;1AGH z@kF@@AQ0tffES>JGXAKg3X0QEh5>j3bX54W_!fNpI6C$Q{1F!J^tWyJg(vUABBeRY`ZzM(szCNS>Vy~)AFAZ~?KeM)(l z@~|fqtFkU30u-2`thlWoH2a-WuTogck*HE=wf5^@{m3k7E8|Y>e4FG!Zj&V1<;C1S z16k23fCjh&UV-~v_KyL%FsUf!QQ3{a(9;hvMvg8=t^w z!|zq|U~TbDGy@}F%{OyAB1bw#=Eqf7LEpX_!(;-l&w042>cc#Ox<=@Rwja%d3lEYe zEC%dt@uB6=T268R-QnE4MZm+&q9di5lQ!C?HTcV%s$SLE>(NoZYi*ir(y?bS&#dyKbSI<8dlYB${U@LetF&xpKJJ(z1Mk_S53` zD7pi>2`w9<3-EVt*ju{gY#HY6o#U;g=3Rq(d(t&|-$xPCJ5mil)u%TpoOstkkfvGJ zgqSnZTFD99n|43rnFs0|zXh`!u%M4tA0;qY$KPm;k2x z@&cIK`F_Z@qi0W=%WAVZh`0;I!OEnGB0{y=x;)Ve^VMm(zU6$V! zE=a1X|2#@mVfKnfM$bFbHUeo&hh_7-UC3kOWC{Km`t6TZ$SaBmmubFy;I)q)sVtQH zTb0^i2#F++UmZ@le4ZUizxy;?GW@njZ~VS?o3lDv`rrLxCV6AU?MbCIg|e|`uYE0n z>iS--hZu_wDpJ3na#Ch{fePD^`tsC&Bm$K=F#?@mywa%AkdK8fRl|ml!Z;0DZs~2*gz1( z;o{-)OD)k24)#e+tb_@2^KgZv7MCalmu8lv8cG<5fmAZ{@O$Q!q!#6-rer3Tq$)T& z8pw(B8W|WE0wEYgiSrs;AaM;6$hA`4Kow%8TybV@K~Ab}a%xeDULMe)#l<;5hw7zP zB!a{Zni!P~coDv2WMyD(V&rE4igPhFF)}hdT*y!#YBHyO=aXaUm-2n0W6gd)h?A6( z_v2VCJL}&a!Ml2kH7D7A6MeYfW$NT+zVw(QZ9P+6GQ6gLnwjxz>#8dPp08ZQ8N~1F zrC16@tNn^mS)j;S8Cde_b8)-n@l)sBKO7Mgn3S?`--+++X~qi{lz8mo{(QEY%~$Ag zwNe1fhktHGR~otY%Jd&ExBk2Nn#Sa0ef=#qdOH1AITe4ydtgZDj^_xIaO z=-AD=^eRV!VYm5X^E>BtE9$CrO%@j%_@}ULOVe)NkTcKSotc;!85kD_82B0R0RvQ) zpONuD3kx$7>jDE=5MPx=%s_;VLz|6}m6e^D5zbSZd#ALONyyD(u?MZnqh|5{;8$Pz&gM}x$;2OEw@zL>;O_-cN^i&er;E^#-Rf0<(ysw~=9n7dO({kesT zXPnj_&*pc>I&c1e)lmL_?Xi#p@xAR*&Nk~N+xYJ1+_C+bTNz8&U)J}PDifXGrbU(( eyjv+aUFZIe9v8F4re|U&@0#`fidd!oe0czP^H_EO literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/simple-cert.cert.dump b/cpan/Net-SSLeay/t/data/simple-cert.cert.dump new file mode 100644 index 000000000000..c6dd8f092bae --- /dev/null +++ b/cpan/Net-SSLeay/t/data/simple-cert.cert.dump @@ -0,0 +1,152 @@ + +# exported via command: perl examples/x509_cert_details.pl -dump -pem t/data/simple-cert.cert.pem > t/data/simple-cert.cert.pem_dump +# hashref dumped via Data::Dump +{ + cdp => [], + certificate_type => 305, + digest_sha1 => { + pubkey => pack("H*","f97df76fdbdf40e3a4b123b8a1176589fc7a5bf5"), + x509 => pack("H*","9c2e90b9a7847a3a2bbefda5d146ea3175e90326"), + }, + extensions => { + count => 3, + entries => [ + { + critical => 1, + data => "Digital Signature, Key Encipherment", + ln => "X509v3 Key Usage", + nid => 83, + oid => "2.5.29.15", + sn => "keyUsage", + }, + { + critical => 0, + data => "TLS Web Server Authentication, TLS Web Client Authentication", + ln => "X509v3 Extended Key Usage", + nid => 126, + oid => "2.5.29.37", + sn => "extendedKeyUsage", + }, + { + critical => 0, + data => "F9:7D:F7:6F:DB:DF:40:E3:A4:B1:23:B8:A1:17:65:89:FC:7A:5B:F5", + ln => "X509v3 Subject Key Identifier", + nid => 82, + oid => "2.5.29.14", + sn => "subjectKeyIdentifier", + }, + ], + }, + extkeyusage => { + ln => [ + "TLS Web Server Authentication", + "TLS Web Client Authentication", + ], + nid => [129, 130], + oid => ["1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2"], + sn => ["serverAuth", "clientAuth"], + }, + fingerprint => { + md5 => "B0:86:83:7D:61:C9:77:F6:7B:38:64:E2:5E:DE:93:F1", + sha1 => "9C:2E:90:B9:A7:84:7A:3A:2B:BE:FD:A5:D1:46:EA:31:75:E9:03:26", + }, + hash => { + issuer => { dec => 2397076613, hex => "8EE07C85" }, + issuer_and_serial => { dec => 2508738936, hex => 95885178 }, + subject => { dec => 2371491374, hex => "8D5A162E" }, + }, + issuer => { + count => 4, + entries => [ + { + data => "PL", + data_utf8_decoded => "PL", + ln => "countryName", + nid => 14, + oid => "2.5.4.6", + sn => "C", + }, + { + data => "Net-SSLeay", + data_utf8_decoded => "Net-SSLeay", + ln => "organizationName", + nid => 17, + oid => "2.5.4.10", + sn => "O", + }, + { + data => "Test Suite", + data_utf8_decoded => "Test Suite", + ln => "organizationalUnitName", + nid => 18, + oid => "2.5.4.11", + sn => "OU", + }, + { + data => "Intermediate CA", + data_utf8_decoded => "Intermediate CA", + ln => "commonName", + nid => 13, + oid => "2.5.4.3", + sn => "CN", + }, + ], + oneline => "/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA", + print_rfc2253 => "CN=Intermediate CA,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8 => "CN=Intermediate CA,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8_decoded => "CN=Intermediate CA,OU=Test Suite,O=Net-SSLeay,C=PL", + }, + keyusage => ["digitalSignature", "keyEncipherment"], + not_after => "2038-01-01T00:00:00Z", + not_before => "2020-01-01T00:00:00Z", + ns_cert_type => [], + pubkey_alg => "rsaEncryption", + pubkey_bits => 2048, + pubkey_id => 6, + pubkey_size => 256, + serial => { dec => 1, hex => "01", long => 1 }, + signature_alg => "sha256WithRSAEncryption", + subject => { + altnames => [], + count => 4, + entries => [ + { + data => "PL", + data_utf8_decoded => "PL", + ln => "countryName", + nid => 14, + oid => "2.5.4.6", + sn => "C", + }, + { + data => "Net-SSLeay", + data_utf8_decoded => "Net-SSLeay", + ln => "organizationName", + nid => 17, + oid => "2.5.4.10", + sn => "O", + }, + { + data => "Test Suite", + data_utf8_decoded => "Test Suite", + ln => "organizationalUnitName", + nid => 18, + oid => "2.5.4.11", + sn => "OU", + }, + { + data => "simple-cert.net-ssleay.example", + data_utf8_decoded => "simple-cert.net-ssleay.example", + ln => "commonName", + nid => 13, + oid => "2.5.4.3", + sn => "CN", + }, + ], + oneline => "/C=PL/O=Net-SSLeay/OU=Test Suite/CN=simple-cert.net-ssleay.example", + print_rfc2253 => "CN=simple-cert.net-ssleay.example,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8 => "CN=simple-cert.net-ssleay.example,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8_decoded => "CN=simple-cert.net-ssleay.example,OU=Test Suite,O=Net-SSLeay,C=PL", + }, + version => 2, +} diff --git a/cpan/Net-SSLeay/t/data/simple-cert.cert.pem b/cpan/Net-SSLeay/t/data/simple-cert.cert.pem new file mode 100644 index 000000000000..23dcc34df0d0 --- /dev/null +++ b/cpan/Net-SSLeay/t/data/simple-cert.cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDeDCCAmKgAwIBAgIBATALBgkqhkiG9w0BAQswUTELMAkGA1UEBhMCUEwxEzAR +BgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsMClRlc3QgU3VpdGUxGDAWBgNVBAMM +D0ludGVybWVkaWF0ZSBDQTAeFw0yMDAxMDEwMDAwMDBaFw0zODAxMDEwMDAwMDBa +MGAxCzAJBgNVBAYTAlBMMRMwEQYDVQQKDApOZXQtU1NMZWF5MRMwEQYDVQQLDApU +ZXN0IFN1aXRlMScwJQYDVQQDDB5zaW1wbGUtY2VydC5uZXQtc3NsZWF5LmV4YW1w +bGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhoQB/VTScf7nkxmfS +b0xbXTb74F4ZGh9OCKsdmv7cEd0uoymSPfYV4b9ElZODDmdcxIaMlURoSpfymWjm +tarUEEnqRBcAF98uZDkSWyb6XCSgIQl5UXTq83OHOcfKz0fwxBYQkmShvsj3B2Yz +oKB0SLoL8817Bk0S43siUATw/kZy1IEKvRyPx3c7/bPWKJNjLy9WTUfJnBOokC9P +brRIa78UbMrWTecZPt7w9P5drpIxf1EF0kftU7CAc+9WzUR6zk25eazoQOGOr9RS +mTeLZ/PAgNHg74x53788kIi7BaXVCGAxizfjN9zPLXh+ei00o3DA/iCutIK7DVTM +50dDAgMBAAGjUDBOMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwHQYDVR0OBBYEFPl992/b30DjpLEjuKEXZYn8elv1MAsGCSqG +SIb3DQEBCwOCAQEAf4AukrDG9wiJ0sEmYeqnlKGQ1fBSteLIKDBKy+cOPmatdtPb +NU2Cf9RU76Cf8wm71LRo/vDbuRs6NFTZxl3BOndamg/4Dyel+M6bMDm/53xDsqXm +Fx+NadtdwZE/nXVPQbqbn26WG03tXIajbPgrLcyPtY+NM67RTlyYLE+L7PN8l6C/ +jZjeZ9cUxNYMeSatQTBhXuCwx1nokghx6p9w6KoT5NILgjf0nDpVIxWOcW25HCfn +OCRJXir8SYPuxonZ/+qAd/+txlTAX42HGkM8rpM8Tb8JuLfGRnYEiv0F73kkkUPt +Zll1cO6pEZcs37iMRDajNcxdk7qa99QWeS+fHw== +-----END CERTIFICATE----- diff --git a/cpan/Net-SSLeay/t/data/simple-cert.certchain.der b/cpan/Net-SSLeay/t/data/simple-cert.certchain.der new file mode 100644 index 0000000000000000000000000000000000000000..81846ae28b12abd7c1edc1ac69948a7edfa88467 GIT binary patch literal 2594 zcmciDc{G&$9sqE&*~ijMgi2ACWab%5*6i7r7<9{0${2$%W^9$EQ6$DLS;`2n$QCV@ zis{v8Bg;@;B1X~F7!kUJchp_p&b{Zn_jK;P&+m`t`F@|@Ip5#&{rx`Y0Vt3tfC4^F zgMdL`FbD*Q@C)rpv`$=tgFqsHGe!gu;)l3F`4QlQ_80^pxe*A93OnM+>R7Bj&L{fs zNfA+DR~(7F0~<~t<1kwQsg0QsQE{7KGA`^S&X?dr#_cdS1-47WH2?s^8{e)Y(r``P zKZL-spDn2j?EYSIJBe^IGzh1D0vAR`1@jh4A_eglio!+tY~%q7NCANV^D99xJ_rRQ z&d19OgDD^o-*^dMoSRlrT=OIY-xp%<;k9q&jkk=fyrbZaZ3Sy1lCM#vs#*INH;=bj z>`3J$KP|3Pn4U+4H0%z0RjE ztY$l;B(i)<9z0$W@YAHx$kr_)^IfO;9X7E}D;$K*u33gL&kEn)n%)^{u-Z7Nl6?Y= zc6YFPQiQmkfp!YMWgXat40<}~FePI&I{SIet2PT0=M3w!;$Z9JNnH0Xi&NbW&C%7< zCgW*!OqYC}6#RU9eD51>YV=r}VaA14Sowh9F-(dMOK0STdQ|Kwb*<9S_O%_gwia;^_0iL4=0P)aS&fzJSwZ6u_Tz>M_2M;SLBpr49vRR zo_MSR*gl&QGxDp6=pWX0pu{mm-jlQ ze4Ia%M{A>A9>u>zb_|L}E7h0+KHhKYI}cB12@=`Gq0?1}$vzQ^&gUY1H^t3q#FNci zm8W!f*?8~yYLhU-NFG{e$49Q$FkIV@Qj=uO4QsOv9omGN?lLSRpchwR+~{4I<{ZDn z;h{5?l6iZ_no=$Hm1;lt%5EuGVoF7$i{$|d1k1Cx|8MrdKXeGN`B?}O-}a4XPrxN4 zg#4eF`yVj>Gh{XO2NO7NS9im^forr+E9B^442>e(Qhy46F3%=6+apSCsQZ#29^!tIG%H#-Kp$=f0tdPfeovjxi9;`QGv z2T0dN5t_MP-;tRCCO;wr@dM%;$PgRoU;u=7`va?ieuv4!&7R?lLt*oUBP%oUN|_-) z9GY*eVrg}X`DUs3JA${{Egw?R#MGWQfAzu}h(=X7{5LV)$Igid-7jMcUfG-wne56)S z&0T)xGG|9#Nn;VB4!BDy9U5HScj$h%#I?%sj!}J)Br5fzrpJS`-PH{l{_R!{$>)-b zaw`<@Y_S)PiWTl$O@UYRPDhT3vu;36b7iqzxg@sWy@vHNel@?>03XH0D&#;NT5T%X__?AS<^U6-}sbgujA*qVCwLRZq2YRmy|gQ3){0FU2;(0{@khmt&HQ6XLvG@{0+I z^`NW)@l(fV=;uWQJgCYuZ5o26NJ~H^Zz};UZg^u4WE1TVR8d*E7 qP}-(73jNhJ$vmeQr&_3oxe!z6((_9;A@A@lg!kzTi!RZH`riRV67A6d literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/simple-cert.certchain.enc.p12 b/cpan/Net-SSLeay/t/data/simple-cert.certchain.enc.p12 new file mode 100644 index 0000000000000000000000000000000000000000..33dbae3140466b3ede047da272ef9fe58acd9a04 GIT binary patch literal 4489 zcmZXWWmpvKv&I*e?xm4->0H*OV`=FwK|!Pu&}Bgyk?t;OWRdPh1Y`jzX^`#~5SJ1J zJiO;R|MQ;fIv?hlncqFne4Ois1cSn`v4D_ZkR~1>U$|QMB`Fp@RzWaG1}7LKagSk; zVB&~>CA@-QV()w8fsF;YPp-Ym83D+swV$tmHQHM>Bbh6)X<`mGMh1#>X9;&jymkk-2vphQ1f@ z(kJvRm-%YVB}#;Lx;)csMa~OggLSHWBeda8MD+P5nVVl(`BIPcAq)}LA(-dh_+skb zl`#SAZFnKmTei@Ir&f#_IY;cqOgD&&8dvetAr500-LJX8p)$wA5Xke%odkM&$w!L% z3~#uvBj_DCTV;E6um_h|2hq$vv4D<6rk?Xs?81sdoz-odg)Rcrakb&>R>`8n5 zYNQ%R9R5(#uU5NH8zZVE&gGyx{&rf0q68=v7 zH#`#TO@4=)FyTZv&3O9cB(K8Az%T`glS~aKUM06~g40B5Y1)yulznTuTt_IHxzo0q zr=^Lq(rQX5$~dPQ*zb|#IX30PG)8d}STXt@qkhUkM5~ACrCiv-7gLzGEQh%{iw8$KpdicoFV~(_`*BZ_m96GDtf;U;EIb3Fh0!q>Bm4GUT3p^$O#i zj*)x)a(>)lhekCKYhw&}ra%%Fp?jt1qz_L_meXg@)M65AfBbHvn)NpAP4y&Vtv(>Z&^!zYoAm;f5p|Y87)1O zqIa7F*9CMj9v6xc@s&lYce<1deljeq5Wt-m+{Vc{clc_DBN+F{MA9hOck5OYaT-;_ zAjtfzom;{7tUB7_ik!Tlu{5hznt+cu0FP}n6^F8ARlt~sr|6u5$Kmh3pvy3F@v|m% z#JUk)ci;0KhimcD<(qi_3gdcQd?I&=RiA7*mE@2HSP$XPtRt?TJu`sHA2T#ideUj1 ze^JcErhMB^Q;kxRHwIPo^xo?phHJZ?Nl*%>q=q**ueQF zoPu&9jx*@$^?UP(-*hy{GmLh8#O#yCL4CP!uJpKPSJ#!3&$p?oQV?FzJlR=6I7*bs z=Lx^BOI(9u&r0mgwep45mRTvLnVFdPd|J z@|tvBDfgm9cV&2=*LkjI?6}>mvU`sT&&wAR<}UXuEjsIAF9aF6@z`j|qDLI*lR0Sm zXJE;E^0SWso;;yuPpsu^o_okz7|04;BgR;q?|D>XsmiL7>~%r?ZFr3*=e;Nm#mvDZ zPWG&M746S)JF&9OhH@m|DpUDWi2t-D0sUhQRo`x=S*WrTdMfHgt*_V z4JBxKZ?;q+4z*bDz|Is`&i<6E9k4pXLp4Go!LI491pH%*B)Eg#oR1-psezt4{!I8r zvSeLfQs9dGBs+=P@|TNL{sV6DQ8rQUWJcRR>XHLvxt`e#$lOlMj&}x7N2ZL zX1ZR!M;~S$ld&yodrs6g;n2oya%D%>nl8YcN&J1p-#Bl9Dh>=3&d&x51b%d|Lu9L{ zev7o8Rs_*k4_VjnaFG~ zEQGwfD<#-Pg={lQiT-YRm%e|_y7vBw_}NJjRO0V236w(RoR&nHAqUN(*}a^krgtux)~7NxJA|D2!M=%)7c^-gVXVn4^r%zkS$noIpK<{Z!jRUE^pS%UysWVg+T4 zc1t(9YRu;Tkok92S>a<|zL;O;s*dcDco!A?@BI4ZtDT<2#iV$n)?6~`8%VqVoDFG! z5Sv%hX?>u@%Jpye%`$`Nyl@%sIO%Bzz_(AizHc{4r>E2$Zt!-3&Z9CCGt`U1kJ_2< zo(_vow;8*k+wH|c^u&yQVG2DQY-9We?~8FW1x}@&f|MM2%hQn0@?Qja@Y8`cI~$wH zi8X6(x0tUTUW$mH5Ax}%u+RPQlBMl4;|{cWnjYbmTctQcN8P~dVaGu&U-)JA;OJ_3 zM&W8lqEaR>*KzL$ffn0K@}?A??_oPlnx}d5aA&vbzv{HLHJ5G1XKt2)dBW7oLXid^ z3f~Ifkv5-MV+G@S{}K0jrxoWtB6S3<({CCiB+)>%7Az(=B@IW@FCAMxQVZo;{2WT2 zYwyE?N_rDl&V`6_z z>Fdh6(oG07o@sV5aL?4C?^4H%@Dv>G4<-6W%Q zN5?u-UoA9C=k4}~R7-fJxNeu_uD@v_OW}B^E7VrEH23)7=+Mn+2Nk1_5V9YkI)v%* zL>zwgrG$!hFLM3?{uJF-Wu*q&ibqz9&79j$t^7PDuu|(Hp}?mU404XfpT;d3xheeN z=eeNyx$8HvGA2r|KIQINp0}@=(HULte5*^pF3tr0a%Xa!-qc+PpjpP|!Gd|(eqkM9 zrr-w`t2Aha z96Aj@4%76Z1_areSoJpOKv)=+n=YF!7q%?Qq^|U}iP*UtbYA6h`uyC(kp1NAQ_B90 z`ql>}G+FU&ZgguM1Ca+Gb27WTh4TCO8Hcl5koKcsg~eZcbq8F9L5THhX|0-3Ux&{o zGe{*~D%!@VgQ;o&(TtOALZQ*Ej49x?V{-|3FXPfxBb1rD(D%pDoLudaFx zuB_5(KeAGR!Zs3MirWo~L|!r6Qr_&O5gT@>q=a=VY5y0XFv5@QGCyK3FSKpU^Vwsy z)S+OM8ubY|Jmiv4g~M5mMmG1wBOrR$?PILh%y5SSQB-|*2Vd=m2{D(0kypTXIq_yo zzKsa^nGPW8!Q#M_sks!t`N$~E`h0O<-ppE_s^{%pfS7h|fsL(-KwHO+ItxLwgap`y zo2heQiuZfu5Rv^0qiSBxURV8@uk+uH65AC!S`4p+lU6x8*0+VsI?H;CUD08Z$#`U@ zo!`qq0!UvTm<2v)au-cwS6lt8Fnd)>HrC=Y5vnCts8Uyy0_DTRIARMq5C*5p|Awmf zqZvEUGO8mle#Oqg)FQ~r02DNMu<%`~AI$Wf3t3Q-MNg|(yJiwk3l&^=F13fCVQGkt zeqvja1V2Kid8Nl8*P3*-;u$0uxA^}U?t)<4bev$^&s#Wo{Av93D z1a<=}pkH`Z$Y=M-rd9^$QrzScr7bc9Vob%R`}^clP(|~R7!fo)xO;P4bXODeE@hjH z53vHZlTEhxpf>svv`x=iE)T6XC>pG|dazXBi>Z(m*DR$4SLt?bL$&0@py3+mzRPO8 z2A_Z#zb{=y10aTGy;f7=Xq-{)<+;L}*2l?{O$xO%ouDm@OKR`?{V#iAh=y2`S>gx1 z;z3Hvyo#?GWSaF>4j~Y&(fXV}m==Q~j+P1~LG$20J3NV^xh$;-AMjJg-`BMjQQB&) zYSaX)T9tR%y^NC@zSVl6D4&?5-M43pcOobP%+lzo^#dXil&UP1q^t_{-1b4Cr6H_X zKg5)kNV|C1Qt!;)5oa=gRwN?efW0mWKz%D}#!E*Zv@=PDk&49-J^)>K=6=ZapT}cw zu5VGPeiii!=FWfn9d1PN+EV?1i45^api6CO@KpC&1RU^Fb~RD7VJjrtPr_Z1du?;E zLo>OpSB#kO@YT|{^18CI{3xqQ58z*;D|j)Pg-pdw+_4+J&(ZUf-BKat($WPb`4^ZH z1HPq{HqLN(ie{jB5S>)q?Zi-i(+Wi=7Ekk$_>^!A*VjgT_$iW$BDJ$j7bujfb_1#A z0$1c&T=fOhLJLw3uA7Nm1=>V;US0g!IG?)k>1}Y@M?A9M?mC@stnlprs~ch;lGr)F zKV$sF5-w~Oh|cy0x1CK?E5mCA7&NrFgf~X)a{SZYJq{%KqeS;+V=e%zSnpDu#|*7A zVVV%L35-AQ2sqx+qe412tVxlu%r0ubZWVZ6JSFQ?9nPkc=;FE2*;xdG}lt^E7BmPl)q$lNFa_HuyX^zL`# zpYuPX`lBOT8jlb*gdDIs|6!{jW^NPns`iuT>)R?U*_XV-(Y7SAMTiY;S5i z^Y+#SDoTf(^f3NqVE6oc^hbW2`7PO${)&|&nMB`gn{s`I4wgE31k5^gRbj{j4?65~ z=1YI7GIZiSb_06r%chx{VtBQ7YB5Hp?>c1b+xSvrg9m~B=6zuo7IQTGH(()|5bmR5 zeV+B!Fw+67`vqOOlD(abK{!Ofkum2_A=$r6H23EyA|6V?0n1p+}?EMLB`EZMg(Jci7uP;FAdm0mauA3ktR!Gd5T(I7Ewzzy4VwW7YPCX z?|CGo5uwGQ&Jjv%D+%?L;_tjIo=`my@!SV;L9G8Bq82e?F#sR|P5@WHYk&*D4j>4y zxqsaO9snr-+kNGB-@5~R?p2Tb&K4kWPyaLF1hBvVX#=qSZ|xuMcwajK+#n(lb_gLJ vEv-Ri2_)%AUKyFnroHynlliHr*r)IyP3 zksEX{N?0zDaRf;5>s|Y3V2E5IA{8Ve5-DhY z1*zGfwh#m)5pfa113@C(Ar}FM!Qn6%Nc(%MFj~+UO$$;}Ak2{z%y1(;G&9JwXVC1U zF~H(QOilH$_CddawEJkxu)g>srhYg)7JUF@+pCG#$Dr+j$NHSdI^pc`*duBx;9+(; zaS%j9`?u{3JDr5|pG@%VU+t0~JoZbMhkbG9z1*=Pj#wYOs0S3Nudh24s3;D5zvfGlY43QYxzftUnCz5S|7?TOSt2(VuT@RE))`Epzke#2#|XKyqv6vZPE+?& zLVJMR_QOGe6h|>J3w_P!+03^R#SA?vwA>n4+&c#KXAUZkt$f3MEch3Ysofk9oiq0keeZx}v#ISy|<=mV#>YDxv*PWH&szb7pWZMIeb>>DtTaZ`|7dku^43ySEE!|5Xw*ew%ZUZcv(ddgA{Tz4#AE)ISr5l5(R<_`-u03=awEa3r8j?ue~No$zg2At}MxVe>L$gBrqmxPK&M}_;(w# zjRULuxo+)r3wTFN+OqU5r5|X_*d0*e6?4yd>e#z3-;188rssCrJnQRdp_4hzd&lj( ztLm!V{Bfs?k(9Ss4cyGRbeJFXjGS(qrz~h7$jGI*sv4cE%qpNxZF$q`?SyEn6X?S;vzE`BS13Kw|Nf{D*^ zaQlR1T^Hlc+kUNMvb3bQxJ3!8`tYuM4-#D)HT9z-qO;SAd0gh{Um5TgTP#aZzG-SV zAS)Y7pG&Q}ougaGWSTiAuC?j1ozWxb61eQb!_wKk%h}G@*G9ZVuOlNc_0YDQJ{u&Q zbN6gJ=q=J@b(3yE&pEj+j#{o@d*1SPy>BTlTvU_GwL@WRZ#n*vgDw#0_yY$`Ar2Zs zxGuy&sein7{}(y>l ziLx`vblnj1J@Gnac9LCvD8wkNzMqZi|I3C8(Lm#wm>#4<)8hU1uvt8+> zn-6Bcm=**)G&+*9UtmVH!MN*klSj2uC7bH|{O2<6(nzz=+NTmR8&1;YwW99cZ0R4z z`w8;$ivltx%oBa~0V|Ddva~^- z#2vlvyP_=BHuB;=H&RJ?lz)kPwOu3|S(fIDHEV!WeXq;a(1$3uzvrHf0qLM2^JU%W zSMP{ggB)_+A6w6Ka-BPAMbj5QT7us{T`Bj@`%Y<--uwclgjrawp^i;j$nC)4QrLkT zPptaMZ{&Q=jgsHrbZ_j;Ew+~Lqs>e18Xkz*Jk(~$)z6?KnNSsqt4pWsoL>%#(>Rla z@^?xRV&kT!yh!Q+1UuK19qpbGRn@{^~10XR0jdcJ}bei1dEZ z-Mk`fyTu%LNm-hS-t9Q)Yis`3KPHV+#oD<{u~0va<4|myJjfN`@sjdM3lp`&{eprO z&R~|(S)Tj`$uVS$8A&a*2P>E*gN_QxGU+Z#!KI(BV73iTRPWsPxf~>-LVjOp_p)u2 z2aFPa}Uq6vCEX!MY>K-SVqqSpRcdCT+o+U}qdbF-gAZO9i zlk>s+ZJRor=5nph6ZiGEQE#oPi?TXO#zz#^95(JY)_Qm3+V^{l?Kj9`rII{7)E?vI zq{ZU1V5hTDX6^6N5>8>NHcE$Z&Ip)Js-O;-6ik~M@0HCauVF?MtS-;cUqlWq^3Zd> zQaj~+wpnpP4WIq9c&VM4cnSZeKv>T}`zRAP@2&FSmYTAAT@`IDS7zB+gR3LqLX@SX z&xIUYNMk>0y4uw^u@-z*%30v6sjkZE%)pU}pS~(eEdf6ztT42{ zX_u$fHa6$%du5pU91{_>7sDr7HU0;4BPQJ83tc*VSL~5_?ikg#Z~?dZc0!oyRX&v+ zBIP-Wo}--!4(S+j>~U$#8@BA11F;F3k(k*2M?x7|QgH_Q>fE`V)J1(~GB5Z1ttb91IVqK&$|qLsvMeM&;@=l!E5R)jh6c2XgJeUxR1Yiq*dHvWiWBf#2jF2 z`h1MipGKQ-bDfyNuTeBmVZ0Z^b;6c*{1{wvs{|vj6vCmUpg-U+35y^j@+@R$TuzJE zz1_Z17p(twt6!o3!+c86X5nZ@jDh1yV}(++7Y^~HJz<*a(1#vfX2PfNP#8+4(jyCD*i3WXV{LeX4b(Y`;Je;5yZ1yu} zd4f=1%*bMsnwewl1&aF6wNvR*BkUrFX{J0#DTB@f8qZ{<28!6Y1CRH(hSW`v18t0VR5z_Jk|c89J5 zxP0G^AJ!rm>lb_zW)}`d$&GCOuYG`sfZWjU29z*80?vT~kSwt}u6K7FPsks*{QPwV WS6()W_uUsHRq~3LMUU;LioXHT;?Lp$ literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/simple-cert.certchain.pem b/cpan/Net-SSLeay/t/data/simple-cert.certchain.pem new file mode 100644 index 000000000000..62ac3a2233d3 --- /dev/null +++ b/cpan/Net-SSLeay/t/data/simple-cert.certchain.pem @@ -0,0 +1,61 @@ +-----BEGIN CERTIFICATE----- +MIIDeDCCAmKgAwIBAgIBATALBgkqhkiG9w0BAQswUTELMAkGA1UEBhMCUEwxEzAR +BgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsMClRlc3QgU3VpdGUxGDAWBgNVBAMM +D0ludGVybWVkaWF0ZSBDQTAeFw0yMDAxMDEwMDAwMDBaFw0zODAxMDEwMDAwMDBa +MGAxCzAJBgNVBAYTAlBMMRMwEQYDVQQKDApOZXQtU1NMZWF5MRMwEQYDVQQLDApU +ZXN0IFN1aXRlMScwJQYDVQQDDB5zaW1wbGUtY2VydC5uZXQtc3NsZWF5LmV4YW1w +bGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhoQB/VTScf7nkxmfS +b0xbXTb74F4ZGh9OCKsdmv7cEd0uoymSPfYV4b9ElZODDmdcxIaMlURoSpfymWjm +tarUEEnqRBcAF98uZDkSWyb6XCSgIQl5UXTq83OHOcfKz0fwxBYQkmShvsj3B2Yz +oKB0SLoL8817Bk0S43siUATw/kZy1IEKvRyPx3c7/bPWKJNjLy9WTUfJnBOokC9P +brRIa78UbMrWTecZPt7w9P5drpIxf1EF0kftU7CAc+9WzUR6zk25eazoQOGOr9RS +mTeLZ/PAgNHg74x53788kIi7BaXVCGAxizfjN9zPLXh+ei00o3DA/iCutIK7DVTM +50dDAgMBAAGjUDBOMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwHQYDVR0OBBYEFPl992/b30DjpLEjuKEXZYn8elv1MAsGCSqG +SIb3DQEBCwOCAQEAf4AukrDG9wiJ0sEmYeqnlKGQ1fBSteLIKDBKy+cOPmatdtPb +NU2Cf9RU76Cf8wm71LRo/vDbuRs6NFTZxl3BOndamg/4Dyel+M6bMDm/53xDsqXm +Fx+NadtdwZE/nXVPQbqbn26WG03tXIajbPgrLcyPtY+NM67RTlyYLE+L7PN8l6C/ +jZjeZ9cUxNYMeSatQTBhXuCwx1nokghx6p9w6KoT5NILgjf0nDpVIxWOcW25HCfn +OCRJXir8SYPuxonZ/+qAd/+txlTAX42HGkM8rpM8Tb8JuLfGRnYEiv0F73kkkUPt +Zll1cO6pEZcs37iMRDajNcxdk7qa99QWeS+fHw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDUzCCAj2gAwIBAgIBAjALBgkqhkiG9w0BAQswSTELMAkGA1UEBhMCUEwxEzAR +BgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsMClRlc3QgU3VpdGUxEDAOBgNVBAMM +B1Jvb3QgQ0EwHhcNMjAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjBRMQswCQYD +VQQGEwJQTDETMBEGA1UECgwKTmV0LVNTTGVheTETMBEGA1UECwwKVGVzdCBTdWl0 +ZTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEArbBQg+3l/SUFGDENvpvTPnp942njbsrkcfpmpfLQPn9GsMll +GYQvG7YqN2NV44rEGlFTRkhDYVhni1MNoe3VnGRzNknSoCmvhjqiG8ojZTIzj3/a +OIYNiJ7RPei8cqgT9WUjtcsnHLQq2tPIy1Mm8bE9BazNeFHCE9/B8u8y04Ks2+nu +sxMrhpFA89eHNTs3Xt6K7jpx/FJxpYAQkkfkLvADJ//AnFF4utQfqP7QKHGE4V4U +0+6XGMCZ/9VBIy9sn8Vj0vY80jHgug4hZPpgc2NWSprfI6prbWhC8l/qLGR8hgeo +FU5rVR9KE7LR3FnA6gekv4A66SdqF694abnvXQIDAQABo0IwQDAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU1dNN5Fm5XHX22XLzm9z7 +7oAmkW8wCwYJKoZIhvcNAQELA4IBAQB+oK8jmUKMZ7YItcCAnoFvcY4pLgGPcnAT +h30Rc0uUUUcVB66J6+YRHFVWA1X/AgyWI9Jxq/Qy50hGye2fdZmxBa3j5nbZlwAU +2JylwYigjhNHD3CUxYFInxKSaQKKnzLsjazn8pjLUvJLdPuO42l4RVYRJlfW/TZX +vc4Qoql1xN46C4eNjewzW76BzqyykGjAR02JhImclaciZ+oOz04jp1bvMwfYwcdO +7UBROGqUuamfS6URU5rpMkj6Z/2Z0TtneO9nIhTN0P8dxxDTxoKDDko5KOOzXrAO +nDCAamxvxhlxLcFbog3rTGaSvY0JO6T96lepvnOuaYEuRx9oyj37 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDSzCCAjWgAwIBAgIBATALBgkqhkiG9w0BAQswSTELMAkGA1UEBhMCUEwxEzAR +BgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsMClRlc3QgU3VpdGUxEDAOBgNVBAMM +B1Jvb3QgQ0EwHhcNMjAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjBJMQswCQYD +VQQGEwJQTDETMBEGA1UECgwKTmV0LVNTTGVheTETMBEGA1UECwwKVGVzdCBTdWl0 +ZTEQMA4GA1UEAwwHUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAKSF8tIItlPf3KpLzUgI6JVW/d/+LZP1zYedrDFFXjvZu+4uFxE5zp4vczbX +k+jhF0TZk292eStA9kVMDePVMcGwjNF3Up99yYisFe/h4ovt/w3Op9b7KS9xy5Vh +fUNqxphHIUS4/S9+7o9DUjqNP94EszDzFu8R3V7QXdDE9pSn4UZMVDTozpeu+rLo ++FOkd7NQIJMSKOdCv1HOhcFuuj+4FkLlo8k5bDgEVH68xTOL92Q4sLwubHEWl/Hf +1IA8POwoOVLtuLj4GyIrbqM/Yj779kmRX+LtjsJ1kAmLhsh4T/XhTaOyqz/d253v +OE6hM6pM0KsuFLpdPDJynpSHoQcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8G +A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLzOh106FMJ8u/MANb7SZ5Z+swVrMAsG +CSqGSIb3DQEBCwOCAQEAXU6HGU8ThUuJz+KCSNYaO3HxxFrNH2pFWwrTjt2tdBLk +uDvicaquwUzq6zetEys7v70WOCprGB6uARiet1vU7dg7cmrd7eWibMDNoKdcPNML +oZLO29WL+hvGTx/UD0o0j7l+ab2XB83q73mNRlqRBXZkkykaqWt9qy+LTvI7QYbc +ZoONmVE1wbq5c3R9L2aa27uJsfLPAErjr3mpnNtFhJfULv+hpmXHVukhra+VUkyp +jTiY83ad8ZHfCIxfZ+MUCcWNGj7G4Rkfd27MB7fDEQlisaSk8B17FK7oIqO/NN4E +w1SHQ5TRZSmbOTGIfZtS0KaTaZdZtBNee5BEzQz1sA== +-----END CERTIFICATE----- diff --git a/cpan/Net-SSLeay/t/data/simple-cert.csr.der b/cpan/Net-SSLeay/t/data/simple-cert.csr.der new file mode 100644 index 0000000000000000000000000000000000000000..edd90eec08fa687631a8b92112ea180773d835e3 GIT binary patch literal 679 zcmV;Y0$BYpf&!y3f&q;J0RS*yF$*vW1_M?^VCom-j162eA3?6f7ZE$R5En{VJbS`dXbS-mp zY-M42E@gOOZE$R5FoFRhFbxI?Duzgg_YDC70R;d9f&mWzFoFRJ0)hbn0O6qke^oS` zf4StwXVPy>TU|E$;9eOTA5I9X9h&~!5#27MDUv<*72&@`m6L-GXI#XFjFm)aN|*AP zXy&!5)DTJPL>B-T-!5c15?dzvTqK|&33*X;>hp7lImgP+NAScJ5Rzn}zR33nW;39m zbV#}j^UZq(O%mgKB2WbI{zh`tfeO7GkH>dA{j=66lVdM0R!v9AoD-;!FHdf?NNc|o zY|7S6=NUfU@bvy&u97i-Q3cXR?NhLTbMIEoM0(Cmxp}PUK;e$B)KZx@i)Zt|fYIRZ zjCtR`JdlXH1*O#pU@?m~<2T&TEqH!f{cOy0w2Pyd{sRV%|bv4Vx&{oIjf2 zl4-k_r|xg*b;p}sUh;8)1PR>M;~K~{7>}S zEmsj{;pm;?yRK4yiDpY<^Hm}li-Ci?&Y literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/simple-cert.csr.pem b/cpan/Net-SSLeay/t/data/simple-cert.csr.pem new file mode 100644 index 000000000000..9bce8fd68550 --- /dev/null +++ b/cpan/Net-SSLeay/t/data/simple-cert.csr.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICozCCAY0CAQAwYDELMAkGA1UEBhMCUEwxEzARBgNVBAoMCk5ldC1TU0xlYXkx +EzARBgNVBAsMClRlc3QgU3VpdGUxJzAlBgNVBAMMHnNpbXBsZS1jZXJ0Lm5ldC1z +c2xlYXkuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOGh +AH9VNJx/ueTGZ9JvTFtdNvvgXhkaH04Iqx2a/twR3S6jKZI99hXhv0SVk4MOZ1zE +hoyVRGhKl/KZaOa1qtQQSepEFwAX3y5kORJbJvpcJKAhCXlRdOrzc4c5x8rPR/DE +FhCSZKG+yPcHZjOgoHRIugvzzXsGTRLjeyJQBPD+RnLUgQq9HI/Hdzv9s9Yok2Mv +L1ZNR8mcE6iQL09utEhrvxRsytZN5xk+3vD0/l2ukjF/UQXSR+1TsIBz71bNRHrO +Tbl5rOhA4Y6v1FKZN4tn88CA0eDvjHnfvzyQiLsFpdUIYDGLN+M33M8teH56LTSj +cMD+IK60grsNVMznR0MCAwEAAaAAMAsGCSqGSIb3DQEBCwOCAQEAczET6zVSbA/f +Kr41p//q5A6PurV/Kbwlj6li3kJgDZso1Zw/muCSabuXp+5v6XXHm11e8nGB5DpJ +8xoy7VdvzutttA8Ywrjfvxwsf/FxEVNgjL8Yzp+iwFQcp2jl7yA1+3WefMY7Yz4B +tPHJam2VGahpFiZJbIeRrn+kA6Dq9yl8XulnCZtHH2OK/E/02i1XEWbh6J3ju65S +f4lotjL74k2La1cVD2cF7hFi76JwlI2pQq7eXaOvo82S+CjRMTn+9i8oJasLT9IH +ybdaz+A1akEIsZgyVIqDoJSK7WH8EZWkaJRBVxrzpBFtPYJtWkL6e4Rz3xmEK/7g +QJ/1MPWYZw== +-----END CERTIFICATE REQUEST----- diff --git a/cpan/Net-SSLeay/t/data/simple-cert.enc.p12 b/cpan/Net-SSLeay/t/data/simple-cert.enc.p12 new file mode 100644 index 0000000000000000000000000000000000000000..d0526bf56b323e526e4c1d46976dc97c25f0c216 GIT binary patch literal 2703 zcmZXUXIRr|7RCRBP=W#?0i+3`S4mK+v=tC(p(A}M(xmq)CG;}%CZPohNbg{j7DUA$ zAP8hsnxK@BL8MpR%sx9i`#k&Mz3;u}oO?h1;3$R+5EV5X#b81Ukx0Ime8fmaM^%Ml zxC2Hps8M8PI0~Hdw?$ip0*6ziU=S5R`F#F%sNg)b4F9=snR1Z{On=h7^|}%~5eNd& z192#@hM|}0U`6%k&$Ct}*1h+-=`O=gj!9%Yu7Qg&A1!^yA|9h0EI7YN{+7-x$Tg8! zR(X4jI)^H`J=w-_j}D{B`>UEA-2eT`WZVlzsvmxvW8LI z7gUI#HEY3my5Fj&Cto>^JBQ2ry3oOuCN?0^g6MCil7u z#ggIU48q?@H6j_@QRQB;H~GunH93wPe!KnZfP^m~t&~<9iblEHhvbr3~X9&{G zMy;=`@;ysFPiwYfouyuou;ChNlKWe%iZTcIM0xnLG@G7=)z2S-e z>BG5o+Y25efmu3P#eUJp_Hk-(!OQ>M+Gm*AR%HJMM6NC-_5IKEZ_KOPn>#S>WV-u*cFRsix(5Dne6ip(|+< zTPR1&t;ohjj;F$Inx5}<4OcU^@Ijm;s)FN7Ju*|Q!a%pihpNSF`_$y{K^7e^A8Jk* z1mKLf6TVr`wQbJCit1d=#8@xiT$6h#B=A_h6?4XC6#GpG9t<`e;LNx zrRqQ$_$jBFw)Fovvy~KXk8<3>B28Jw3}T9p$2t>RkWLBW zrz)vtUbBJ4Wk|*6i zJQWjp_@+2)UQM3=ZbHQ5r#R*+0YbIoMx0}%61%L9wBN}ePSl6#;@;40yNZ^X1w| zwr4HLvpJrtf}Sv2tJI3mzf@RMe~zuByj&H43vzYS^JPEl!7CYJv+(%^P?k;=mfNdA zeZyK+`gJP$ld1|*_|iXuM_(Fqc5{A*nCPs{lT9dQ5&ej#^Bx<}?DLO$!4|q`KWH>!8+%RI z6j#4wkbHlVJha`|Ynm|vJm0?_U2L$HKuEykbq~ty`pyo9L+iXGRD|fCGA4F{fq; z$Zrivffvf6kE@&yKRlV2uOAiOQq&-sv>9ivFxK9m$t6K&AH^9)mzEu6o9IjDu*w_% zXk;WT32b^REqUg-b_Gr>ejjLubzMi$e!q2X?T9vPHQ@%BpEh*TUvW_H^=PT23Ei{J z4XFQBW?ef8oR;pSOK-`8Pwf7Cj5w#>XFdwrBCq_G5q9DZF}i|(*kcr@*q)bUVy{&b zyO-t7pZx$kF+8}n)7qfS$E0w&% z%@pF}_cmBj>|<#-){5iG!c43YOppKUdGOfV(%RCx@3+e3dciOLaNJb0oSCFI7q(S@ z?#36qEMMD0e6@%XdF^=VBN=k|slO@f@MO$V;|FH!QW{Y|DSWl2@`c;h6)^hXTH%~Z zC(k=i5`(|zsA-by^}H*)+S%NkdNK-}HRg!;EV$r*@d#lZ@` zQGEeFO8qP63Aj=AT>z(lC;rquD7`1(3rE0Va0o4pBoj4=iv|Egp-011d+(}obW*l> ZXuCTioy#E#Og~>!aB3Q%=<+9z{{^tJ;$r{+ literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/simple-cert.key.der b/cpan/Net-SSLeay/t/data/simple-cert.key.der new file mode 100644 index 0000000000000000000000000000000000000000..50966aceef29dcf8a82a43aefdd71ffe77f95860 GIT binary patch literal 1218 zcmV;z1U>sOf&{(-0RS)!1_>&LNQUrs4#*Aqyhl|0)hbn0O6qke^oS` zf4StwXVPy>TU|E$;9eOTA5I9X9h&~!5#27MDUv<*72&@`m6L-GXI#XFjFm)aN|*AP zXy&!5)DTJPL>B-T-!5c15?dzvTqK|&33*X;>hp7lImgP+NAScJ5Rzn}zR33nW;39m zbV#}j^UZq(O%mgKB2WbI{zh`tfeO7GkH>dA{j=66lVdM0R!v9AoD-;!FHdf?NNc|o zY|7S6=NUfU@bvy&u97i-Q3cXR?NhLTbMIEoM0(Cmxp}PUK;e$B)KZx@i)Zt|fYIRZ zjCtR`JdlXH1*O#pU@?m~<2T&TEqH!hOZNd8s5SgnWU6p=n$ z-Mz0UpX^s}9kS}FUA<{X@4QO4Z1&oS+FQD&o64=<+&%MR_p89Xamt`!)NwBoPMZ}7 zG+Eili*RH}6msidO82i^c4xzZ22(@b4FhJGcjS?@33uTsmE+&iI-KqEH{3m2h35`@ z1ljB&4js=!SaD#&KHx)iocS`YUsN)!C;BLV(bdP@5g{X}uzSP1udL3r#>0x}7ZrQD zh5{-Fu7~xd8v6uMbqNi;@{KRUbeof40Q^%+LGtI-AmEbDo`i(6Gf~5Yxgi39fdK5T z$Vt3t;PkC@>u>rq)+ln&FmKvXw$6Som!iVELeu}gCY9%-!M^QjbBDNHcp5M=MgRd= z(ucS}?ub{vkoA=3%IO&@$z3==ECMku6E46M6{c1FqE2k8kiYWTTs@jAxZrk|@-7K8 z0$3|O*%HD3BE(*dpJ3%c0afV{f&~JBfdKRiLnpH7+)^Qd>&{9hieUtyY&SyM0w`&-H@z^FcK_M*IwMeJK zTTb95QdIyJ!Sy8vb_z*=qV|H5Cq|~#v{3?qfdHL=`$>-80yO)rH#|Rm8c01&)nefR zgzW>NRyyZrSu(xa{hqyhP1^g^Go&{YSSelWB+83UWAMPVKe}*f1GmSI4+V~lzRzJBvqmo?lMEglNvZikcBX4OW>IyKd&v4E7C z<1HfIKV9s3I-0=BeJ?~O^ik!9RtWo)@sTuOdLwiGNG4U3@*fnDbCKiC{`K g&lvAe5M}-i$^eD2Unc>>DU5Y{q5)rlFo-+c`n#S;nE(I) literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/simple-cert.key.enc.der b/cpan/Net-SSLeay/t/data/simple-cert.key.enc.der new file mode 100644 index 0000000000000000000000000000000000000000..50966aceef29dcf8a82a43aefdd71ffe77f95860 GIT binary patch literal 1218 zcmV;z1U>sOf&{(-0RS)!1_>&LNQUrs4#*Aqyhl|0)hbn0O6qke^oS` zf4StwXVPy>TU|E$;9eOTA5I9X9h&~!5#27MDUv<*72&@`m6L-GXI#XFjFm)aN|*AP zXy&!5)DTJPL>B-T-!5c15?dzvTqK|&33*X;>hp7lImgP+NAScJ5Rzn}zR33nW;39m zbV#}j^UZq(O%mgKB2WbI{zh`tfeO7GkH>dA{j=66lVdM0R!v9AoD-;!FHdf?NNc|o zY|7S6=NUfU@bvy&u97i-Q3cXR?NhLTbMIEoM0(Cmxp}PUK;e$B)KZx@i)Zt|fYIRZ zjCtR`JdlXH1*O#pU@?m~<2T&TEqH!hOZNd8s5SgnWU6p=n$ z-Mz0UpX^s}9kS}FUA<{X@4QO4Z1&oS+FQD&o64=<+&%MR_p89Xamt`!)NwBoPMZ}7 zG+Eili*RH}6msidO82i^c4xzZ22(@b4FhJGcjS?@33uTsmE+&iI-KqEH{3m2h35`@ z1ljB&4js=!SaD#&KHx)iocS`YUsN)!C;BLV(bdP@5g{X}uzSP1udL3r#>0x}7ZrQD zh5{-Fu7~xd8v6uMbqNi;@{KRUbeof40Q^%+LGtI-AmEbDo`i(6Gf~5Yxgi39fdK5T z$Vt3t;PkC@>u>rq)+ln&FmKvXw$6Som!iVELeu}gCY9%-!M^QjbBDNHcp5M=MgRd= z(ucS}?ub{vkoA=3%IO&@$z3==ECMku6E46M6{c1FqE2k8kiYWTTs@jAxZrk|@-7K8 z0$3|O*%HD3BE(*dpJ3%c0afV{f&~JBfdKRiLnpH7+)^Qd>&{9hieUtyY&SyM0w`&-H@z^FcK_M*IwMeJK zTTb95QdIyJ!Sy8vb_z*=qV|H5Cq|~#v{3?qfdHL=`$>-80yO)rH#|Rm8c01&)nefR zgzW>NRyyZrSu(xa{hqyhP1^g^Go&{YSSelWB+83UWAMPVKe}*f1GmSI4+V~lzRzJBvqmo?lMEglNvZikcBX4OW>IyKd&v4E7C z<1HfIKV9s3I-0=BeJ?~O^ik!9RtWo)@sTuOdLwiGNG4U3@*fnDbCKiC{`K g&lvAe5M}-i$^eD2Unc>>DU5Y{q5)rlFo-+c`n#S;nE(I) literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/simple-cert.key.enc.pem b/cpan/Net-SSLeay/t/data/simple-cert.key.enc.pem new file mode 100644 index 000000000000..9cad3841853f --- /dev/null +++ b/cpan/Net-SSLeay/t/data/simple-cert.key.enc.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,CA0111C181D97AFC60C5BEFC7B110E3C + +LdI/uPXbBWbGleO1Tf+BZuJgc0SPNqZVK3EFWQU3XjJRTW8aPLdXO3tWoTeRHLqx +wgVFCDrelqGih99uKBDiL32zVCQ12I/nPrB5vlmVm86nPNngi1ib1N4Wzp4UC5at +JwiJJJvO/4nC07OJTPdBTl8LDrPPtx4x3xJwkr3JrbVW6Yfwz7E7uAC2X2ijoXSj +h4is3MgKEwSGnwTN76R0ZbzbEtlP3MPguDvmmzVeBTRO/SpY2PvPTVOH6nGz9cgO +2W90mXaaSaTflIOsSfLrkb3PknwSzcKyr2TFShc2WYJjNgF3dm+8Nd9hJarb3eJ3 +20SRVG+hl4Kz6+swT0Vg88rC6WMn1vmpPmzfVI8GX/p3h6xMphzweXQ+CdVZAneq +D6ggadWNRJK2OGISDNz/SpMTZYBXUSCOV9Ok/iQNzoK+A3Nv687hBQNRX75Lw8st +lxGTtOmgkz81lQM+oMJ+kN7PEmhWZ0J9DNX7w3QBgCqt5V16MjsJRyk0Ak38lApA +3dqmBadkcDVt5WdLhLE828qTu3KZ+ikv3pmMXoGYpOmFbIKpWunFrkZkZQuMiudG +p7sIFJibhh6BAZNzcLI/8opE530zQa3N2ngUYNI6YRn87KAzDhQPhbt+4vNvjAiX +avojkt82mTj3vDEZiMt3rYB8LtD9H3m7ggqd8CGW1A7Ev6jfVJlSbxtgdgOkyflU +zY5EvqSLx406LhkX6U1HROeYR1bsvH+B5dM3xKS/xrDuF0RRAGMQKckajL3Aql0E +Tq7g5LaQYkFgKhaRgV7nz/Dh1fVxHqWE7sM94C+J0GMEPJmUW4UmLA7S0YMyUrZ2 +qTy2Mnk2go1s7jyKORjm56dD0EKwDbOVXKZ292KrocFKHSKwCOkERjQHN6wmZ0N+ +BJ0kgmA4SFn7N7tE3k/1P+Q1uNdItv2WdFCYSCqRdI42XVW9h/e2OhCPzfhKjI2M +ILF/B+jp55c0Tu/+yhRWS4KBRTnEm2docaf3anKISgbJch1Ir15cO4k4l8R3V1sN +qp8ow06cQvTjVh7GXa7Kax3gIJWwZqu+2/zcUDDqnWe9fYkW2yGn0OFZRKl8itWB +aboJ/Pi8YcO20XFgraM1Q8X9m/B2TLRKdlSb2cnkfB/UuhTROqnSsGPevCw7mf7d +53IHuv/jbjdrCItv3XvSZIf4U0oh5mx1+0+op7lK/BkRBCq2NSH8SY3ltza07Kre +0MsIzvWK1/luwuThPDN0yjpQtyqLieZkhG+E5oaHPrFxEiqDSbu+zzHF5G76K48m +ccLdIt2/IqQIBXml0oZVEV5b4xDnWh4IQR19BJPoqSacQzCH71bwSHiVONVknrs/ +VIcf3n+RgB3RHzvj0xQ45HU2DHq/N0LvDEX6WjjM7dFqxCauXs7G0njGs7aZ36p1 +vyi3pAbgB4RZV+OIFIZn5EjcQ46xI3zTRl6HCgOJa8PTG6ub1/4gb7IyhOrvVF2L +h4ctBMREAvZqC54pooCBxLd4ljJ/tcfWvjzwU3zB7it5mDX6XXwr2UqAWcaBMcgb ++R3/jZlF0eDtKyWxuE09rn3TrmYvU/efR20XlbbXnArGUyxOE1KhIznZaKGP2SLw +-----END RSA PRIVATE KEY----- diff --git a/cpan/Net-SSLeay/t/data/simple-cert.key.pem b/cpan/Net-SSLeay/t/data/simple-cert.key.pem new file mode 100644 index 000000000000..d37b17afe277 --- /dev/null +++ b/cpan/Net-SSLeay/t/data/simple-cert.key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA4aEAf1U0nH+55MZn0m9MW102++BeGRofTgirHZr+3BHdLqMp +kj32FeG/RJWTgw5nXMSGjJVEaEqX8plo5rWq1BBJ6kQXABffLmQ5Elsm+lwkoCEJ +eVF06vNzhznHys9H8MQWEJJkob7I9wdmM6CgdEi6C/PNewZNEuN7IlAE8P5GctSB +Cr0cj8d3O/2z1iiTYy8vVk1HyZwTqJAvT260SGu/FGzK1k3nGT7e8PT+Xa6SMX9R +BdJH7VOwgHPvVs1Ees5NuXms6EDhjq/UUpk3i2fzwIDR4O+Med+/PJCIuwWl1Qhg +MYs34zfczy14fnotNKNwwP4grrSCuw1UzOdHQwIDAQABAoIBAC9p8fzQHvo0LRBS +UUb7dIROlltfzuZfguyXDb5u79e3OU+vofDFbI00n0j+Vb1YrYflFJE+XN29ryif +7FdvHbLqqV29aUfvvEq3bPbaiNpbuqabyq3f3D3zYverwLxxyqBh1HEvEk6bFQg0 +WdnHi3BkSBRy619K969cdmfDgQZTQ90NA2aZd+SRtAl34SmV49/SOpzt8zfcPVuF +5w58BNnsIg4dz0NYcWDCPuBDdJz5Mq5fVDKtJ/oof9HVx90RISOosHvDu6+szrTG +w4roFxV7uoYCKgeuh/WlGvsEUXUJDbzyjS/DdJuTYAD8U0tB8ufVIOCSzp6EhLMz +UcOEuSECgYEA7K7ISbxo4PStdOtv+jPWKHLQMG/aUbbOfi6XosK7QtP/viaV56PB +vu1pc4e4XXgaMDJGAAFY0oe4QO6IV7+Q9ZTnyukZKsldOEAsAjEuEy7AFBWmVf2i +TmyqkL/y2Vw9miu44HaX8i4JMwJYKz3ZEsH/IsRejJ9g5UABVekRggUCgYEA9AtD +J7Lp3FIhgevOSiaKYQShbDdC2gIoa+rHgH9CliZB/oIHajPRJM2PYpc37YwsODfY +FpzM1YyPR4Y3jNS1KplINY1OTUQhoM0JptNamTeAPjaNJ8JtS6ex74HCaDBDft9c +P4UbMYBkNK+uL73kbXfFhw8RpuvNMrbAqEoZfqcCgYEAlsUwaWhQFx1GcbiY+HWU +8udQn8pg9LTTDaZ4igIqcAPEYkkKLSkv/oQWLLZER6Z+aD1eQhqZjmNOiG5rBBrQ +KODWV3ftxEfJzk9yuWLCyw145lJ0R0ru3a5zaQodlUEhLNi1SKfDW07gJVJVABbB +9SUHdgpJgKL2gpMnRqbVtFECgYEAnYD7SY7eAjT7rTc8P30aSD1N1WLhAYTtA6FW +OudnWTK92v2evXtN2vvUM6Q3E1gpXeskyotOY/DAtD+6cGkDt8eP5Agb5iA3t+k8 +9m9oBITefsiEV4nTMkW7wEE18DpeBW8wwUot38fmZF6SA/wBhmkLkfw2v01mdPmf +471XMPcCgYA+e1T5HbCPKtOL3OzBQ1RjjHoGvn7zWJc13BctHgrjboeT1mbVRsg6 +NdWnsYCUmuMtIt4/Xex5OprAyn0vRCf0UeWHVgj7lOUwxF2eWUkxryJA0ol/S69d +fD28mPNQN4lgSjXPGO9QEGX+DcoAhbFfJwHDKYx1e6IBX4EwiDvc+g== +-----END RSA PRIVATE KEY----- diff --git a/cpan/Net-SSLeay/t/data/simple-cert.p12 b/cpan/Net-SSLeay/t/data/simple-cert.p12 new file mode 100644 index 0000000000000000000000000000000000000000..9b58eae492def8acfea5196d0ea09a6b5120140c GIT binary patch literal 2609 zcmeHJdpK0<8eeP88q8=&ZaZy-3Sn5|($wsT#&N5eTuU+TgE=v7BSegqNQh8!*%>LS zz0rko$z8~f%585FI%G=3L8(Z4*?ZUC`}}$SI)9vRJ>U0y@9+1n_kF+j`QG>W5R^!U zKpcV+7DWge@fPumBv2F-poEt&N*KrBQ3Qn@{zk!OFbeO%U?XhOM8yC2YYh>^2~b=n zg5uIdh<|_tIm{N052Ls!3=c<8$U}gGKnMasMEt8&P#m$Lh$93MoC7Q(4O#D_NF!3K z0&xwI$>x#m?DnzUBffy*Yl!yj5T24@a4LMR9V&kKMU2mQR5s_|Bz?tpzxtnEvqF6$LGF~xpR%vl+d zdZt~tE#2^)?DKlla~UTje4Jb2lh2v@T4l{;`%Y9`?_Fy-X(|uMk7#@CT<4_v(RqtN znGj*ao170x*xA;qK;9A9+AVN zkCF8Y0~=P9O3Tq2lKn%WIUT}*09a^^FcAqXp^B0q_!)+A5MF>NuF6|sIYdT8Oj88J z<3(}c*B$gbEdk5HG9QjF20R@x9=m*Vb7g@%J8}7#)7!t@EG*+75X09_ztOrVme}2> z>ONVVS&-H@Yg_TJc6G$+C!vIqcgfM7rv?l(rq_N(kUvkT=`HtNnSENdfu?Ui(8_A0 zg&oe3d@reX<$YH!va?Y}J#c{`InsuM9JTaT3gucS5B1isIlA*Y4bOu5I4&V<20)7A+AOoJ*8Vv9N8lVJ( z0$fbuVpuQ`fobqC$qUfJ7%mWitzUFGfH!8t6L9}cV-@$s_8fqVp!gGC-L3W&PRQkV@2%f&qz4$?6C2(<%F>3+s=)Rbkp*t=cz-6PA7#DQSiW&iiF}Lx?_-A zlhG)hm-j)p)YV?MMD3$`%#*&hXHv?Wuil7kt||MmtGu=O^h^&^vQ{FpuGRZUh<(SPba z+0vQnkwu+O*4jb+MK14QUvjE>JTC#QAC)VwI#*U)8;LiQO?<|*zGSmCky zX#c^m=@#<`UHgNpJeqzYg-_V>%&p!$D-Gcg70;O{YyDDTQQYjr9NlW`0LV4I-70#N zXvx3y4$V+AE9xt^S&iX){*vXHVMu?egt}|@aRm!QMxV!XFm4)GaDXQCIiy=V_~~M8 zBx7)?SMM@a+Ho7}^_Gq#rsr%!`R?jK4(@JS>bTg32_@>?SG(Q?_`-3+(d}^u6MJ<3 zQPW^zFiUg62Oy1BiyUJ>-Q2$4R4eC{h>NV#l9|B Ntl~(RkJ*6n@UKIZBmDpX literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/strange-cert.cert.der b/cpan/Net-SSLeay/t/data/strange-cert.cert.der new file mode 100644 index 0000000000000000000000000000000000000000..d85313d3a9bc83807f7b639d7233d5fe4d7c2193 GIT binary patch literal 985 zcmXqLV!mq7#I%0_GZP~d6C;ZOHyfu`n@8JsUPeZ4gFr)W15P&PP!={}rT`y9VFN)B zhl_{HFSSHBIM^pOu@WZ8&BGOvT3n(KT$)*uYA9hK22#n)!|$0_l3J9Tnv$7VlB(eB zXdoxfYh++x2!vn|CC+PXfy6av+=FCisH35ffdIr#&cvi-1s6S6JvT#V14ob;H;+|t zh+|NQf}(of{ucog06zSf|WwNg1$nuLac(4g1SPDf`YAr zwt}mli=mc*2FMT&9>oi@FZNv6ba5IGHv(C^E^JV^u@n0ZP=k0! zzPO|)F)uw;H#xPaL@y5*3dO}az);Xjtw_u*$VoM5VpKBVMFb%uD+6;ABR>OBoQtW6 zk&$8RmASPVforOdUtNAs=*FRYVHLs?^UKerXBBHQp4$59@S*$idnRkMJilqxGE*~Y z(VTM?i?+3X6h3i8VyfHTnYaF|m_AX!Fre1!)`pjN^4lkWng05gp67S9C9jVi`_OAI zbb;-p{g(#@30c>?zQ)J4)toQuzWvWjxjZTS`?1cI$8=TpMcXap7Ko1Rtq7alS-e#3j*QuPvCG|FnJ9{_yTx?s`t``bo@JM$zB0AHxee$x_uC8A7 ze6F*_y&m3J`AeKq5C1bUGcqtP4lwXD-~)!JEI%XTe-;*ICe{T8vLL=Hi2za z5;yIN)7`~suxiiFGzaEj2Mg1{-&QyH8Ikl;nCDQ5B*D1bi4KJ&CZclNY zwDeH=>I9W2YQR2sRgs$akO-}H2=>1X!YSw)pCcG t/data/strange-cert.cert.pem_dump +# hashref dumped via Data::Dump +{ + cdp => [], + certificate_type => 305, + digest_sha1 => { + pubkey => pack("H*","0d115f7bf1d18314665f7f7bf574ae274e8740d9"), + x509 => pack("H*","a0b4e0c8ae9428bc8e3a6d54a76fc7fedf39bfef"), + }, + extensions => { + count => 3, + entries => [ + { + critical => 1, + data => "Digital Signature, Key Encipherment", + ln => "X509v3 Key Usage", + nid => 83, + oid => "2.5.29.15", + sn => "keyUsage", + }, + { + critical => 0, + data => "TLS Web Server Authentication, TLS Web Client Authentication", + ln => "X509v3 Extended Key Usage", + nid => 126, + oid => "2.5.29.37", + sn => "extendedKeyUsage", + }, + { + critical => 0, + data => "0D:11:5F:7B:F1:D1:83:14:66:5F:7F:7B:F5:74:AE:27:4E:87:40:D9", + ln => "X509v3 Subject Key Identifier", + nid => 82, + oid => "2.5.29.14", + sn => "subjectKeyIdentifier", + }, + ], + }, + extkeyusage => { + ln => [ + "TLS Web Server Authentication", + "TLS Web Client Authentication", + ], + nid => [129, 130], + oid => ["1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2"], + sn => ["serverAuth", "clientAuth"], + }, + fingerprint => { + md5 => "D9:28:01:72:6F:C6:7E:F1:C2:0A:C9:39:1D:50:BD:05", + sha1 => "A0:B4:E0:C8:AE:94:28:BC:8E:3A:6D:54:A7:6F:C7:FE:DF:39:BF:EF", + }, + hash => { + issuer => { dec => 2397076613, hex => "8EE07C85" }, + issuer_and_serial => { dec => 1043266401, hex => "3E2EFB61" }, + subject => { dec => 1601970016, hex => "5F7C1F60" }, + }, + issuer => { + count => 4, + entries => [ + { + data => "PL", + data_utf8_decoded => "PL", + ln => "countryName", + nid => 14, + oid => "2.5.4.6", + sn => "C", + }, + { + data => "Net-SSLeay", + data_utf8_decoded => "Net-SSLeay", + ln => "organizationName", + nid => 17, + oid => "2.5.4.10", + sn => "O", + }, + { + data => "Test Suite", + data_utf8_decoded => "Test Suite", + ln => "organizationalUnitName", + nid => 18, + oid => "2.5.4.11", + sn => "OU", + }, + { + data => "Intermediate CA", + data_utf8_decoded => "Intermediate CA", + ln => "commonName", + nid => 13, + oid => "2.5.4.3", + sn => "CN", + }, + ], + oneline => "/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA", + print_rfc2253 => "CN=Intermediate CA,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8 => "CN=Intermediate CA,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8_decoded => "CN=Intermediate CA,OU=Test Suite,O=Net-SSLeay,C=PL", + }, + keyusage => ["digitalSignature", "keyEncipherment"], + not_after => "2038-01-01T00:00:00Z", + not_before => "2020-01-01T00:00:00Z", + ns_cert_type => [], + pubkey_alg => "rsaEncryption", + pubkey_bits => 2048, + pubkey_id => 6, + pubkey_size => 256, + serial => { dec => 4, hex => "04", long => 4 }, + signature_alg => "sha256WithRSAEncryption", + subject => { + altnames => [], + count => 5, + entries => [ + { + data => "UA", + data_utf8_decoded => "UA", + ln => "countryName", + nid => 14, + oid => "2.5.4.6", + sn => "C", + }, + { + data => "abc D.E.F", + data_utf8_decoded => "abc D.E.F", + ln => "organizationName", + nid => 17, + oid => "2.5.4.10", + sn => "O", + }, + { + data => "START ! \@ # \$ % ^ & * ( ) , . - ? : _ / [ ] \" ' | = + END", + data_utf8_decoded => "START ! \@ # \$ % ^ & * ( ) , . - ? : _ / [ ] \" ' | = + END", + ln => "organizationalUnitName", + nid => 18, + oid => "2.5.4.11", + sn => "OU", + }, + { + data => pack("H*","d09bd18cd0b2d196d0b2d181d18cd0bad0b020d0bed0b1d0bbd0b0d181d182d18c"), + data_utf8_decoded => "\x{41B}\x{44C}\x{432}\x{456}\x{432}\x{441}\x{44C}\x{43A}\x{430} \x{43E}\x{431}\x{43B}\x{430}\x{441}\x{442}\x{44C}", + ln => "stateOrProvinceName", + nid => 16, + oid => "2.5.4.8", + sn => "ST", + }, + { + data => "strange-cert.net-ssleay.example", + data_utf8_decoded => "strange-cert.net-ssleay.example", + ln => "commonName", + nid => 13, + oid => "2.5.4.3", + sn => "CN", + }, + ], + oneline => "/C=UA/O=abc D.E.F/OU=START ! \@ # \$ % ^ & * ( ) , . - ? : _ \\/ [ ] \" ' | = \\+ END/ST=\\xD0\\x9B\\xD1\\x8C\\xD0\\xB2\\xD1\\x96\\xD0\\xB2\\xD1\\x81\\xD1\\x8C\\xD0\\xBA\\xD0\\xB0 \\xD0\\xBE\\xD0\\xB1\\xD0\\xBB\\xD0\\xB0\\xD1\\x81\\xD1\\x82\\xD1\\x8C/CN=strange-cert.net-ssleay.example", + print_rfc2253 => "CN=strange-cert.net-ssleay.example,ST=\\D0\\9B\\D1\\8C\\D0\\B2\\D1\\96\\D0\\B2\\D1\\81\\D1\\8C\\D0\\BA\\D0\\B0 \\D0\\BE\\D0\\B1\\D0\\BB\\D0\\B0\\D1\\81\\D1\\82\\D1\\8C,OU=START ! \@ # \$ % ^ & * ( ) \\, . - ? : _ / [ ] \\\" ' | = \\+ END,O=abc D.E.F,C=UA", + print_rfc2253_utf8 => "CN=strange-cert.net-ssleay.example,ST=\xD0\x9B\xD1\x8C\xD0\xB2\xD1\x96\xD0\xB2\xD1\x81\xD1\x8C\xD0\xBA\xD0\xB0 \xD0\xBE\xD0\xB1\xD0\xBB\xD0\xB0\xD1\x81\xD1\x82\xD1\x8C,OU=START ! \@ # \$ % ^ & * ( ) \\, . - ? : _ / [ ] \\\" ' | = \\+ END,O=abc D.E.F,C=UA", + print_rfc2253_utf8_decoded => "CN=strange-cert.net-ssleay.example,ST=\x{41B}\x{44C}\x{432}\x{456}\x{432}\x{441}\x{44C}\x{43A}\x{430} \x{43E}\x{431}\x{43B}\x{430}\x{441}\x{442}\x{44C},OU=START ! \@ # \$ % ^ & * ( ) \\, . - ? : _ / [ ] \\\" ' | = \\+ END,O=abc D.E.F,C=UA", + }, + version => 2, +} diff --git a/cpan/Net-SSLeay/t/data/strange-cert.cert.pem b/cpan/Net-SSLeay/t/data/strange-cert.cert.pem new file mode 100644 index 000000000000..cc437d309089 --- /dev/null +++ b/cpan/Net-SSLeay/t/data/strange-cert.cert.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID1TCCAr+gAwIBAgIBBDALBgkqhkiG9w0BAQswUTELMAkGA1UEBhMCUEwxEzAR +BgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsMClRlc3QgU3VpdGUxGDAWBgNVBAMM +D0ludGVybWVkaWF0ZSBDQTAeFw0yMDAxMDEwMDAwMDBaFw0zODAxMDEwMDAwMDBa +MIG8MQswCQYDVQQGEwJVQTESMBAGA1UECgwJYWJjIEQuRS5GMUMwQQYDVQQLDDpT +VEFSVCAhIEAgIyAkICUgXiAmICogKCApICwgLiAtID8gOiBfIC8gWyBdICIgJyB8 +ICA9ICsgRU5EMSowKAYDVQQIDCHQm9GM0LLRltCy0YHRjNC60LAg0L7QsdC70LDR +gdGC0YwxKDAmBgNVBAMMH3N0cmFuZ2UtY2VydC5uZXQtc3NsZWF5LmV4YW1wbGUw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC11J19KFGse8fVp8ES2MLe +VngTkW93zmdqcykByrXyw8LfH7yTKwTn2TqEmSliopzOeKK2hfETyMQYlUa9mdr8 +qJeREDFQfUrasOncb4eT9Jfr2i5J9yak68bG8I0/EtAGyT/04DBgatZK9V9dhnzP +dovb/kojd2JX98aJqcYtJL5bPqELEFtdjXhWm4lzoyqq0eeH0aymO8X3ORWw9XeI +aJtuXadG6jQhFq7aAsrX11lRjKbSGvUCh+zYX8pVaM0eMKBgjcgFqqiml3Y+vnVf +e2+JkTl35vEZ6scA6WyVpYOkG0gbKHipH9XUfgeuEat7quedQzjejA1dH9IJGuH/ +AgMBAAGjUDBOMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI +KwYBBQUHAwIwHQYDVR0OBBYEFA0RX3vx0YMUZl9/e/V0ridOh0DZMAsGCSqGSIb3 +DQEBCwOCAQEAbSgGiiajGn5qYbK6Xi26CTCqvLlmQANTQDg1Ufs6DO1Vi6OpuGWv +Q2WCcwRZQvL1lE0GgOl7DNuURZKlwmerYCT2VnF48qcxDOV4GxRjiy0PaWD9LiQz +w5ODDutwmY3I0Le9HPNvIiC2vHPj0Nu2gIapkL90SKJws7ag7mMmbpi/5HNbxT3b +gFnRpmOQBiiqAtz7dKSzusQ30F/mAB/FoLhB2HeyKQyQeTJEqn+vo/6XZzqXzL4+ +Olp2o0SxvGC03fwucJJW/zbgNsdiHswGR57OUv02LckYwFSgyrTvnfASViIakd2y +I+GONFs+17aGcSolGWpygJFwozwKAQr6ew== +-----END CERTIFICATE----- diff --git a/cpan/Net-SSLeay/t/data/strange-cert.certchain.der b/cpan/Net-SSLeay/t/data/strange-cert.certchain.der new file mode 100644 index 0000000000000000000000000000000000000000..0936ba5be2c063ea47627cfb5d75ec36911f5f44 GIT binary patch literal 2687 zcmciCc|2789tUu<*o|!@OXZ+sd5klZ82c`ytX+BR#zexH!E{BIGKrD3N%lQU))KO3 ziJ}=x*(H@Ngy?zYkvro;1)39NXMx$kS&-0kW@seHw>RP7;xNY&<*lsDur62rUgYHB zu*MRIfK`Ae5sMZA1^4cRaq*n?A!7Y6W8FPnh*&^R2Rw2Rp$LL##{PY~a1f!S^3xOy zZ~SRZ8yz%1$opeWb{AJSKp$m*GDPcvI(s!vE{v76j-@pq4rl|Cz)|2B;0Qj~0207);3@!U0CIqVxjtGJl-_#?8<#jOjUG#@rr%*4;fzrO ztrDO$)2e7sXqAjY1U(il4NCoZ9WesY-^B-qm3PDX6Hz{l6bJ-wMhYk_$>p-2Hx`V5 zNPvicMhIbMf<-`hm>6{qXaoep^k^s}MB1V(xO=#$jen$l%9eyo@D1w6c@bnFy^q$P zwoi*SCdt9)Mlsh@Wn6R9`$@UAH`b8PI)qXTn^MPqzfVozMV|{X8LM2F@FgdGrY?=4 zPJfZgU+U`mMA71>vGiztegisty)xN!a)`S6GB9TRn~7wQ>-jHT(ZyZzN1N?6b2xeJ z9VjH*v}i(}YzcjiOfM@`>-?g6pmHi3kO6tq2!Mv zPQ5l4`;LIw&Xi}&CHD)dftt+$PQkv>393OK)`SoAiHol49c7h9^RWDgA0NJENpTt z5N2jp7~~%#=#R_Xa6z~Lg3l>%uWcELLzpg0v)q!(6AATl zscvwTZ(s*Y8tXl@VOH8ICoQ%yT+22wdBt_u3O#HD0dA+ezL|W6C2S#>YdqN?v7jAS z>U?y|7Ef9)LUX+*i3+&I$n$tQ@1TwF~6pv;}p&51Cv;1cAd^hP_+zK z{1rw0l4})t->5hY^+mHL=0aeeepRFM!^z)Keu=ib%5RjrU5~tAG0N<>+)qcg zkAiiY<~7609<1m^DtPG9yT>gTKu|ni552w2mlur+2%Tz>Raz%S3 zv5HE!uZ^ihA#P^UHRc=r?;|&{l8>GrKlD&`Z1CB0E2*_A4d${wl0`dmx@~<`aWJB6 zd|{;qDHoNXz44lSQtg!E)U6c^{&!1!K^SkM(L2;9*zw)gbPH0$kl6iiG->?x8ApM^ z6{=8c>h7?Pq=I)=r`y1m`T+V(1Gl*QS7(Bot;xM<$&yQ#FY2y4E&k$uHH!8A0rN{X zVkXFH`h;EUB5Qt27-r$P*TD*sXZ@(S{cMH0A0?w970MYgL-tRrpR=F8d^DqhL;#aX5Wd{*}s6pg>) zc2enTIMOOkLZFYfd$^l-uqz^x+eB4*w#KoNI~@%3^7ic##>=}vTt zi|31*3FV&QC?m0py&BsLR;CPAC;wmt*_Y7&lhuDw@SkzYzp*~RR%%r>85 zyEFYwK54U$oKc20a8w(8vVuCur`n&XKu~_2G(U4te>BNA@QR%FmVp^!b{O4O8A}hc z%nIqbS$1G`=55UKE~3Ba)wYZR{&|W^h@My1T_bV*x*dhkmD_rj7>d>uyawD5T;-c| zq&d(!wvvlx49%=h%=c5vzgExxW|bdQa}G%2m!8vYvFN|i=F^~6C#d^AuSeBe1#TVM z*r^or#a*Sc5#@~+q^?a5g{iB5lvcG|uB-b^R6@=tPs>$vd+T(9)7#~^_JDZyn5bu@ zvzs$#@~TU^TPGCLa*_-_@zT#g~+~nJq4z zdVrKuYiSZxk-a2zq#PoY`PhDFc|^_MYjXL0u6Ju+cG0iugPb{u{o}(iUq!pliVg9Y zoVZ;d>e)nP?OR;ELNUCMz#QnFBqLIMDWp^(#(Z5(Cu+hYl9Fn1vaO+>KnzjvxHtYJ zx@!F;lgVtwmE!bqgX`2G)NW28w%c|={6R&ErCBjWeBBI$f zBP6AuVV5CDrN;(BZU=)Gn z-LwCF_niH3>-XGqKi=~|;KUo~Xc!PUF#?3c9jzLDLx6^bRs<)`1j30^A8`@{j<@lz z1S*2#O+TV>bTq(Y8U9y6gV2I-|K|e!<3&Osc8ZqP-{9>5OLTN>KsX#Po7|9(?36Hr zHO9{Dc1=fW!+DE`R{&>6gO#axIrfTkY@bEBk~cVkSu!Jb3pe?D=7HjBsmoj!scAAp zGHrgja#?#mR3#@2@gY;?ZtBhh8e*?=FLg6`m;EzNq%I21&!ivXlA89AmRmbBKowI8 zCn7~ipU@mtjf2mQM6j_FCIc=eJHuLF(H83X(rTJ8*T)VP8{e~u-XdA2FgfXEvX&adD(>-h~ zoi|5IPTRIr;@83I@G1q6R>2qR=rC^$MXPM)rQ_ke#~sIlsZfiLSkZo6g6$Q=oWJp! z-`4;duhB1md}~Ts3$$NIwy;lPPiZ_r`XjXR&Xv%Ii-M_6UbE}PqAH!@mS{R#Cun~~#O`_HA{WsMlKD<^5MMvFln zyWV|igH;2@f!*id5o`j+vYN+f{!%2Q zf;lDvJ+hIU!e*|8O$A>cq08Vl$aTmQy=51M`FKTSFpQy#$uLk zP8@qvCz+}SHj}Zj7~fMpV7XCUc$>54>tn5Z{vkomY(0DkBRaD9J_U$E+f4SpVYTuBph!+wc9o{jlbVR z3_o4iEjfDL9T^XoKaELMsB9k06&1Xf9!9@_?FI%C#WRbdPPOESwA*=*e!G8Nf##=; zN_Ydy#<*6DrPBNK^|Mq#{WTROC)Uq={c-7*MZGg=t5GMfxn>$q)Drn>U$jUwv1Quv zpF40XbptOw=;W8~Q4RUIAAD1P{aqCRVoW0f#JVC($k&YSlg1a9(+1q5q9^Vc`yM(n ziG_WVZ9f@}*^97PV8%|ghDlS{i{m2g3o;6mx)mBe;4DiD!I(OY0} zZS|lZW7;7sWUybnmn4>#{M#5SPmb}gC)Qa*zUiMVpVC3=7tx_WF2y$#-L?>yvuRkH z;~@TZ>$Rn?mGY$MpPr)h;hHpa?XU!8RXHieq;v47`t#cEyq>04yY0@e#YAktyKA{h zb555q=gTaNgi~{nM;Jb}gwa$_qI<-VI(vfE&m8)WVvVCQmfX{yUwho?DklO|(u(Dp z&8gVe;k$1uMv^Fw|LOpq$wl4N?5iwA=I9xLhNhBW_Pedm1E(`|WHNk|KE4c5e{Rv$`uZ^2^1$2(W45TGfhTrb`LJg;+SXqo z+*zef!i#;mMp%TmQ>)cvsjtxzMCE5)BSZYtpJ$@JmhczD$@lyoln z-dIjPBQ6U3FjZc+9oM|g-9P8osybv}ckoJ0F(Y^)E|wT6OskRNjt8?TY+vQO{}H_E z!bbQxe#QNC-83t^Q+}pdK)k0Zv%lQ8n62;JDm+UD3oixH^(85{wz|bnj#J|4cLquy zFuw-9Q+~K12eB)pb-h0ms^`~71a}_#v>ojeX7Ms6^oBiDAY?xhYoPH0KD7*H>3U0( zKMDQAbgI|VCb#AQBLe_)v-Dn@+;^}InnKmF67{sPW%{u2(L-p%oEP3}@V~^twY|(b z^Zv#97cIwfT~&=cyfkK(+@vpgd}+(gj1KsFJ~6 z<}d!|zQCE7oTPw}gRobSr!{qv!-E?in0AA&ue0cs_g;Q~>n8D~w5`?sEMT z7nGWww2Me-pjwC@@j0lC!rd}rZ|b5<%7z^@Q?<<6pcS=7lZ308?6zMlb6!ZwGgL4D z{*?cP(?rQEgoeG$z6&=;TPYeZN<6Qk5Q<*CAs-CE(|E z8i1|pW0>Rv@jxJdK3!=N#lVMS@a#+hNAJUnlkVJJd}(ka(R6k7`o$?u;JU$_rk9SozbBw!T9@olq zSC{009N@p`qGauAb1~F-&~hQN3Z=_)k|p_Y15*o}e!%3an6!C~%ZC}(im2-+`h^H` z!bX!-S2?Dn+IQcSM~?zWBuwgPq~xypQ7N!U$LqZutZ8yctpVxSVa|A^h>_q#6 zP7S5Kfl7g7xD2ZTxD@4j`X(|cbZgpAOjbJ`IXi0179E#oy3xRNv-g9A3e{w#AC(r& z^pN=)ejGV0nnjyn9YH}sAR|+IIEO}1wSyjP**8~+=Zu_*^9#btUf@@0-L2+lF^UQ` z`3Zhf7%aFB@VsVni=KG*ZOsg6=Xn-m>oWAM7JOb&Ccwt}b!JKD$Kq}~GSbZP;L!%2B-jX1ya;pc+tf*Bc5$j!)%Wif$s;h}| zzBC8HNqMQbx0|{+=9#?YsA!IEO*PDzDeOn!7Hpi8nr+ymW^l|Z{d2hDz4I)z_}9n@ zL26HXkHOF#!rNIFDZbjo_nB7KuKLZ?!In z71a32s_yg=V?nJNr!4OFwk)oSyH5c1OI@Eogp&)%A?EOA@q@mm2xC#9Y9t^lIqh&X zkv_}+y??|I)cicu5tEu8w{am z^=@#nkqi|G@Wq#8MIbL8Vh0myj`#A{By%=-fLGAI-VsbYa%Aexld;e2>eJ7uYp^_F_RcZ(Xd48M zS@D02d=VTo8wkftf5gd;kpRN`kFCc=Lob2@e?Z{CqyO*rqXdSG?q}Y0{p0q5aNy{> z2yGg=D_CGNH;&jK4W`(%^~19pMHNIzmM)o7xX^&_@M)riYFcMDTt1o|dUyyfA^aMO z?D@z`n+!sg&ApH2N>Cgts|0NmkTjB%+NQTl$F!`zWB2vQG0bRW-p?1}S80 z4tH(MT|*#i`+KOk9_w2Ds@@6bK-_O~&6b)@)o)2yRjvpvK(3r*=K&Ye^WY#x-84d_ zo)BS_sJ?nAHDW8AR`JvL;5B_v(^Ijo)njO0jk{?Axwq$(z1t+p1}y69$E+ zQ7pQ%s=g+(Jmd=rq;iWC63lMS&OfH}2a$~HoCjm~FU0a}X+I#b7xfHr*>^q3zL!v1 zv>``=8b|$dorLSiKZ>AJt$8&EA$x1z^3^A052t$(bF?zdZBM3K{XNzBT)`F8)34Z$ zJgdf~&@fQ^Nv_r_7wTqORIbAOGwLjV$g_Vi{lP3n0@JRY8!dxz^QEE8s9~Od@XAdGGK;10mEJ#+%G`HXtI`YUN*jyZRnVEa&KPu=W0T zw}#hziNRPeucoG|M?#WU^dPS9-rPcs|8U@LmjWq47j1H7df8b= zpfB>hv$|9p1N5Rpx|c1)HIvI(`Tg~>;y2$WfcKAY3c+1rhP*wWY!+n^yG;>hKQ2h2 z8Q196qGmT$Em;J`u7*{l`xWkiX_>M8JjMu{9Zw{Q_MV*HI`$&NbDL-TPxzUN`%UE> z_5l!i{-R+ctO2U4XH(^}vtdD7^bC-_6X`-p$3W<25qCsG(&qgMhI6gNPJNNMFKveR zlC<2QkbJSGlTeE{SxPB+gS6o}kfBS^lDdWM@9Y>vUVH7S(SX}aPSlMiwQVXjY`1~b zG*WH+I7hxX3u9;lc68>|W8bo-{8xh0{G)zhC5{a@3S0B?g{_Bq@9|P#36e|4kRsV*&MA)=j=|B z@Gz|K8oA#P?>&Rq|GPx`%$VK~;0N#r_yTMJo&aZnBY+QJ|CoIrnFN6GvGaVKeF4D$ z??>VYZ~*W=(*JC@0Gt3WkCW|xYyWWQWA6g+ggk>VL2y8rJcJnN)R+Ju>EyWB8yB_^ f*4q&Ziiu5(GjMdk6Cif@lKOF|3AO1zzxclZzcG0~ literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/strange-cert.certchain.p12 b/cpan/Net-SSLeay/t/data/strange-cert.certchain.p12 new file mode 100644 index 0000000000000000000000000000000000000000..ff48551c0f97a3ba09e99d868bdd8cb2b9c8340a GIT binary patch literal 4485 zcmeI0XIN9)n#WV=sF(S?+5CNr!CLkgz zQk5{ z3WI_>ldy2`(^GpQ>E%7YLPrqPs-l+x^ji8u`g3|2Bv5-IiGtwKKfVr*?CD|UVn-6S zCV6-gT%atF$xcuf2qa%CXE!GjNQDc4oc~H891TNK;k#jw&W51E;jqX3=>dZJ#r`b= zw1&N}Urdwx=!L&B+Pg1K% z8Tpc*9Jhz47oa&(Haq4Tn(!%keuQv#{bx zQ=2=%&s{QtXdfE7pdXpn%e#gM{rK9l-Ppd956rk6)rv06&r9}JsP(e+cMXq|@%e4# zz+4M#)+s4BIOm|oK|$XF+(3UIa|u_Gf8qOd73qmcPIFu@EAP}c0ttt~v-Ln7a2J%( zUv|Uc+b9$gfzAMb+36oaaf4VU77->m8qJJ^|J_3T5#EL3MqxR*Ed5t{g0Z%iH~iN; zOOEM;Dh>Zowou05FlRxg+efo`10Ai(t1LvTSi!>TXSPa6LnUcR{Y_bp1>=b9f~TZX z6%v(j23L9BIz=x&G0TZF?BFB5`y z&AX*UwbGx|99nf104l4=GxX6)N=QL$ou@{Y+oQ^iMeCz3ck14f&6-Y)QZDr5S;sO7 z79z$rJ#!vaHJ+qf{szM}Wjs}W?Nctq5$h*@rtn5-_Sa-P+2oE|1=)+<*=HVBU#=Mc zLU4;W*_L`E)pCWegGv2fm%)~lXxsjJqm1^7rS#>!CIY;1plA^PcOkOwBSM+WsCd&_k|XUl|@kz&)3;Ctm$6VHtUByFN|dx2hkP|CKK2esjtK+qam!zdmJqKp8LQ zbic{E_p^L2@lDk(ew&TUWNQ=6yOa3BtIqbP8J2U$ZLWtf=kL?GYK+swl=qBXsGnob zsiVlw9&_X=^>ui*Wc~*tPJ>E6A_C3??%qKJW(OH)5DC3~2Ze#Yb8jy^yX5tG*kd(y zY;%!vG|u&hqWK1ez>HFS%IQeEN|wj@eaer^T z1LF35@sCl(?-_Sq88EawH=}19d{s@jj+zc`NtxDk?a3fYC}CC`)Ky#_ zYhSN^F8pSAS`tmbZf;k%4xVPRB*FZ;p+#pwNnhGA@maxrtz0g{yR+gN8+KbMJ#u!w zOLhX-PWtvQEqnT!slmH6Wdvs)S(NQc11XM9uFVJBMH|erIOnx(<7=W=<#M*>Obcqs zB@RIZb)0?ssZGdMzCU}=4ic?@@}ME)L0w4Kf;=esrw8Fbr1O8%ga3_o|99TYxy9&Z zsWhA%E7a=LVEK?_vNictG-0hXG`*OpY9TlLe38JzCDV0Jj4U;j@L`JQ%y5FMx1Wg8 zXH{*^nE_%$S!9oo!To@?u;P77Q_~R(+nimr!A&7C_g6_)0VHV`HzA!1`AK0{(ewE#3fttio)jS zvvHQw3(+sUVp$_XT77lbrp{%T7b%X9rY}kBWJ(lj(~Ah$Dsy>pk9&!snauws?^Sn& zn#*EeTz|d_ldSEv`!(L?D~%UBagM5HY<y0Y*fwu7+D$`09SX68QdmPt5ukUdwqnjxW5+a;oplpk0#h zW6zB58Xbt(IM}R<>))+;BIa43LrpSs=iHKCl-k8Ow6{%y5O2ZNfFiL79fq88$e3+# zREoZ2L)9~~XMmXP-O=aa4;kGs&6!fag0xZ9o5}rz?aVwxmd3}%*k2)#UESpK_I*C#02W4QK(8{4@oFh zh8Px*YCz9Ra7eyTfwAz9J=4jtRt8ehfq(zh?ri4Kt|%&$C@LCqAlmwSTS7rp1GJ5= zLBL@@?IuxF6b*`GLy`aAPyV%^gfanRI#Tz_bj0gS=Wxv=i=c8kb68JSW9@O4*rlgH za-?S2Wml=peHYqOgf}c&HNhG$rPcEynJSGPx4KsBMdve&OUpYHzi@>B!d7U3H`G(_qVsGO_OJ%*K)5JGKmU zvz6C4-yXD$tyktb9%FyVuTCzUi;>wT{mPJXZ;R*fnqrL3KQ`f^%VM=d)^~rUz4&@= zc%`B$--+G4Vsm8cmH?h~NskJd&MY#28ZQ~TW zN-+BuH0RikmgG~z>Fd)omV@ Q+Qh z>GcwBdjwQ_OF#WC*$_?$6i=uKUOqgdTjHgi`}UG_?F#Z@SvQ}Qf#asC=`}r`Ps@+O zlwyZdQmTNt%ugaM29?8MTHcf#e#+?~C(_OuM#o0nPicy?`VbhasRz*2@Fp`Bk%>1H zDIv8g<1m_miFQv1`=N0YvzE*zyv)ScPcUn1z13Gz9xsLX?Zv;^<5*&H8HA-g+UDJJ z9SdGYifX_YbuBl)iHA#)pNirZE+jnP+8<@;oF69X+}7+U8+Z$uH5(v-(=ioe$szaW zB7!LXjykn#2nfm_{SLJa`BU{G0wxdJyuaJL*qr%~EvnCJi$OEd(X*CvH1f5p9VRD( zoaETyARnwL_Kkizmb*>KM!h5@z3Ai(R>jWR+eUUv7iEXlXfy$-4Ge8N(PjO41Tm@j z7EhOGcdsgLY;Ek&iJPD8i#>|)RgovBdv97nOYk_NH^VS=_btMDCFAmBeZ(xS2HOjr zrA+44rl*81eXRc473?6aV=K zuB{^82ovu7G{4QhKp|W_dDXd4ZZg;+r{}cCv4jr~8qZ&s_Ymnzifwmpt zme8`%fzgc6y3nv7(7w>I(7VvE(Sgx|(Tp(?Fc1aL}MNUL9C@>}l162eA3?FlJa$#;~Wi4Z6a&#_kWppibb8KZ{c`jvmVQp}1 zWiWyPA}|dG2`Yw2hW8Bt0RaU71A+k$05F093Ic)w0RXksoqZ@#tb51Rr@<1~!roSR z6OnIs&Sz?KDFMp0^25U4AH0(*1n1d0gqbN~qMXinqPB(c6Uf9El}5dp+We@Okq|LZ zeM;J}>D+IJlk}JC+Ac}=CZy}e#_)|l63_<8KlI=*U~1M%^NFu1uG#|1 z*VkE5jHc2W^#X_N*k8(3Xw4olpkR&21*)i~mv%nBbzggLiIF*X=J6To#{lVUm8FBE z8%P@{c&Q)N)P4u95vzNu=bb}1-i!@hAJPdL;r{{y0RRD@05A&%2`Yw2hW8Bt0Sg0y z0RaF*yFL3?=+Ci2wZDtv=Q=hZBJ_lYT03=Ncpgs>tUc=zW4FwQj>apG_T1y5g)j#2}9;m{9vOJUfZa zdj>?=j}m~Je6J=WYja}nSKhH|s87}VYpfUaTgfg&DhzbT{a8Yd0w{gTZ;KF_PzC^Q zfwG2gvQ=vbNPy#Qk!S}u2<6O2;+*fusNe1O+rPnM1E^CX)XSNa!OTpTcM-YAi(MVa z&A%TTDcz|ZwTN`xffc&_r^mBKz`eTdb}7H#OUx=p=(8s}I`wyg0N!1Fi!`5q0=luDBVIeC(8d?|@@&?Q(lVF&z$3jC-Q-p;) z17RUWR7`+jK@0z^z(rWl7!?fxX#mu(_n!?7j2{g7&jn`c#WNrVEgry=f?@|TAdmqN zjRh5)IG(Wc+j2KcmpQuSURtl-avw@5x&gN@2>8zWjQ!FjmIqm(drdvIVDWoj@T;>6=W(6J~~d&tj4lA=UcQP4qcB znvEP&_?2NTpqRxJ_#koeor#q4C8IX-m~qBr^V@W9ek2>O%Y3MVpzLk=SZTk49KzOz zAJN3N}(@n>yd%`34@(|W>Tl9=`5q6UF2J-ZWva7~+hVzX0}?7F&< zYY<^o&^CJnt{M`(Y&(N-y*$Da-AJIdn2bSi^ctw9Z??qx#&J7^ZJU{}-{&;ewDOr) z*BJB%%2?TNH+~bm!aJvW%l&g;?iC34EWW9}8=}OZg1GRkZK{3x(W00Mx~O%1*{$Fp znm=h>;I+ti9k)y5vHJ9#4Jod>sxF7}8@W7|vz()o?G2wipf5GmRY<>Hq|SizrYZvk zjBXBMh)Q$>Cbw90XUnf(N18&%TEXiWOh>S^ZDXC3S(;UMTarynt&!Q5BZ4V^QLfHr`BpMN{GXc}J6y2YQ^0 zh36@P@oP7RH`+S@;=Ow09FmvsyV?z$QWLw0rVgT8=J_O7Y@&78VVA)bPO{FvAEh*_ z#2=7F*C01OqVBf{lQd$Zw+Zl^dUmtJ4#U$O1UQ(k~w9BT2$bu*aVvznXp zj<8{|ml~+!`Y4O+&~Q{MGnDI`ibj^A3)b^6UA;RGJ9KHGWf*3!Z5lh|>A)ltw zp-0XqB9+`38WnI8Sr?7x8&eSGunD#WsmSCJU!_La3D>AvRZXpMReD+E{#0=O2<4%8 zz?4rut=9gSjk_c*lg%tm`S5})G_P=+%FQ^Tt|zoMcNilsU>K8SYrPJ`(v|&>(2B5h zL=cuPkBYOY4-aPgTW=5=Ak~AbR000}f9nMyhxLG~VTONM4}=AE-t^zRu(Pi`$qSj1!hEYeisu4{^se@|P5c=>@mDh#)>$}j! z;H6p6#<^TXkFY_v_nkGz%-I%N7ZD9LmO7l{MbA8Yg4${PMX`aXjvFF29tRToK~VC7 z#|3%sDD>lN+-l(#+TF!h)d-+w_mNII8?HAIyiqi6v75LOFPzIC8`HVrIW__2eN=Jw zq{Dj2Qlm!vzDF*aRc$A9Gq2^qS8w6F?48b#PhXdT4H*L6xNL0&P3-1=_UzQvquuyt zkt>(qwla&!a4_tw8nx3j+248;KG2u4%_{SX@AO?*@`oAs2JPc^@C6?u-?cS@{%Bm1 zjp(*gEP_y`F8_%i++Ag4Lht7fr`6+B+?Q!bbi#%G3SlP&Z{2>{K31K5Loeszqje~V z8bbCcP%7SOeHGCCU^tK=*f8)}cTzDc7`>k&$@)4ca`#XVe`=aR%H_6m{tD9$FS}i_ zR!SSxL;nKhi|5PPYU?Wt=YrqJ>5h}EJ4iMN(?HvM_+D$)`?Qg$UGaT!uewN$LgBTC zVp~qgGvs;sV=l=Tz21&Wq6e5gjk#)XeW_SrjP1|@hCPgHhD)k3+Ky0)VRuIhKj(hb zw!uRuFnnH$Me3HS*@3?SsSUFH=!XNBupNB~!r zx5TB{#75=S4?5LW8Q%@ZFOg2-L_#-BW)?Hem&!socOrVvJa%&0jkn@IzS9*tXvEu| zHE@7)Ecn4N!R}n6n;(C5<41YK?3RJ(kksr857x7}BnzueXuclpBPdf?1PBJ)0k{GD0p0*lfIQ$PwcepJHGnX+^QX>t0Cxemsl*fD0g$6oe?S1W z{+;s$cmaH=liR-&e{mmb?+fsU!C@jWMlhZ18Cu{uIsl0CxiztwTQkxiM@KPJ(Y)rx V$&LNQUrr!ay9qXGc{0)hbn0JYSeeJD|^ zd&kwM!4lZQ-d1=Mk#Bd-XKHgP0m`-V!@}Pmypt;g=h-@hnJHqToX&WnwuSK%$ix_x zM!lKZ{HT|a5HV1FO4_jL+;4}I^q1?}E=l($r0d4U@Qptb&<4pr^x!aHYSv2iUtNZL z&vuL3{z@ZvVpsRZiK)gdB)(fdp$iaOU5$8Fn~8IyDyq@vhtaI2JH_`o6|nVph-jN` zU8hFsG$9tQ+5*bg*I7}FrqUYq0*CC_U&>Wz%^onIV2#KHs;H)yc0Rs!UwdzfkvVtf z@fqsJ0O@R%rGum!NE;}4sUOwUeh01*t9z>FokKX@j165M(g_;j{{jO6009Dm0RRRi zzspzJbwthCz268ZL7fMP(W1n@EC`VAxFDB|O0ZyWHlY<+%9$$qUdT!?y>&qISSz7J z#LR`x@n|jUpjEH1WeCGaNTmo6jkMy=!6Q=!ckLF^!m_9FT#vU`uJtm+rQ9zt-}V#N zseQhM$>7YROHcD~f)z*#rj1r(&dsAEa}C+cmf0`hXN8b>+>5$VzVQQEu+JVgQfm7}S9(wv^zgHYK#pTL>%O;D9zMM!Hpqr&3l-(aZ}R-Bw%2p~WLP-v0Ce zV`EVB%QkYuDIsVw{%9WvkEQZ1@202wnoZ2@byPn_ApA#5aCzRb?=|$Rk?mQNyZsoA zQ*Ee-HEqepYC3*}1ET4DGapV@F9@V_)TIJ}fO~3AzV!m}-_-1R9Ld*vf>4Wn-y~$` zn#S(Nq51uSci3LmTP@p3UpuFBdTY#9H-T(B3jr`50L75tQJoYP$v|XBu9=;yH-8B~ z&Ay6MXYX1%*+!?QA~yOHr~j00_q&TRm8^vq&MnW6kms}yyYAEr8YFJEES%BpQPR_jMRpW&i&Kbwkp#A~N%x#GykVV=!f zt_B4K8cWd8ZE{rc-Avr_k|X~MDh1)Ud+V)l$SZaNRu-t7dHd6TDIbz^^KGg---BMH f(L!=3ljyC)SbRKkE7O&b%5BIYU1lJ)WzXGICc9n{ literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/strange-cert.key.enc.der b/cpan/Net-SSLeay/t/data/strange-cert.key.enc.der new file mode 100644 index 0000000000000000000000000000000000000000..2a2de5e4012f7611a237affbeb3a022b2e02094c GIT binary patch literal 1217 zcmV;y1U~yPf&{$+0RS)!1_>&LNQUrr!ay9qXGc{0)hbn0JYSeeJD|^ zd&kwM!4lZQ-d1=Mk#Bd-XKHgP0m`-V!@}Pmypt;g=h-@hnJHqToX&WnwuSK%$ix_x zM!lKZ{HT|a5HV1FO4_jL+;4}I^q1?}E=l($r0d4U@Qptb&<4pr^x!aHYSv2iUtNZL z&vuL3{z@ZvVpsRZiK)gdB)(fdp$iaOU5$8Fn~8IyDyq@vhtaI2JH_`o6|nVph-jN` zU8hFsG$9tQ+5*bg*I7}FrqUYq0*CC_U&>Wz%^onIV2#KHs;H)yc0Rs!UwdzfkvVtf z@fqsJ0O@R%rGum!NE;}4sUOwUeh01*t9z>FokKX@j165M(g_;j{{jO6009Dm0RRRi zzspzJbwthCz268ZL7fMP(W1n@EC`VAxFDB|O0ZyWHlY<+%9$$qUdT!?y>&qISSz7J z#LR`x@n|jUpjEH1WeCGaNTmo6jkMy=!6Q=!ckLF^!m_9FT#vU`uJtm+rQ9zt-}V#N zseQhM$>7YROHcD~f)z*#rj1r(&dsAEa}C+cmf0`hXN8b>+>5$VzVQQEu+JVgQfm7}S9(wv^zgHYK#pTL>%O;D9zMM!Hpqr&3l-(aZ}R-Bw%2p~WLP-v0Ce zV`EVB%QkYuDIsVw{%9WvkEQZ1@202wnoZ2@byPn_ApA#5aCzRb?=|$Rk?mQNyZsoA zQ*Ee-HEqepYC3*}1ET4DGapV@F9@V_)TIJ}fO~3AzV!m}-_-1R9Ld*vf>4Wn-y~$` zn#S(Nq51uSci3LmTP@p3UpuFBdTY#9H-T(B3jr`50L75tQJoYP$v|XBu9=;yH-8B~ z&Ay6MXYX1%*+!?QA~yOHr~j00_q&TRm8^vq&MnW6kms}yyYAEr8YFJEES%BpQPR_jMRpW&i&Kbwkp#A~N%x#GykVV=!f zt_B4K8cWd8ZE{rc-Avr_k|X~MDh1)Ud+V)l$SZaNRu-t7dHd6TDIbz^^KGg---BMH f(L!=3ljyC)SbRKkE7O&b%5BIYU1lJ)WzXGICc9n{ literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/strange-cert.key.enc.pem b/cpan/Net-SSLeay/t/data/strange-cert.key.enc.pem new file mode 100644 index 000000000000..fd4003780a9d --- /dev/null +++ b/cpan/Net-SSLeay/t/data/strange-cert.key.enc.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,B77CE985CD51B8ECFE85CFA9B82249FE + +8J6PQb0g0x3fq4ijhU20OaBK5PwCWxKUzv7IkAweKg7/1y7PraAPi3zH8AdSYRwz +8LYB4coJdvd67Ev11urlfW8frVXqw9yZRTrxexS6BbUhZh0LFCvoA2VS1SIzyHtM +iC9fWd3BXCw014qX3gQHPEszZBLPElpki28avrsGHV1Cui1sQ2nbpeIAU4vMfvzb +vw9AGSekyqRWOkC8NI9RB84CP9K2en9oR07yRlbm9+c7iBCVulCCPbuQdHFMEBwX +6R8miOePOYBvTGDVkamNMUNx0nAkNtXW/xwsaX7+GntPZkYagn+46d48CWVDcc91 +dwaYIf7RDFgGqKcszHmFJrl2X9VlfPrAeIAhieJoTwJfF3Q243ybcv5aY63DwnHH +oo1V8kbrVVBcOPu71hFiwCaIa3Pst8JNVtChkISeMavtm/ATbSTpxcUvPEszHICq +yMmSBTaCPTlCH0K//dhkWzv2GRZvieZ3G52TO0qhZVlQ/iKwikcI7RnnixnNtPmg +heFy20l9jKIuBVovQZ7xxG/F+yPwhaQWszYUpvPTADKDdSMWuFxulFApZx+LR/2u +cHlDXHxh3gurF2IdLPX8CmU1bYo0EbJQ2pwXfD7uVEF4lPE3zTfh2BZvYWiS90d1 +q8UK3DpjM2iBrwQ7ZYwrm4M4SLz09z+psf+AXpeEc89Q4ETVqvL4pzWuqQ2k4RPT ++aCPF2WaGNrCpo26UjrhA5gWPCW1NvCJGxdJTTnRBJmQe5eNZbo6ub/TGdBrYcvx +Z932Fkulu4CF1ScA6bpJJgsTLxCXVEKWoHEMU9A/XnDXjaBhXmipt6jpXBjvZw19 +aXZlhMfELrqJ2hZJeIqMyC7OU36HkynfVWGN2XHABwoYMJSX8NwtDbmdHSG7TO/G +lPTTUmEmnx/j4xoP7x618bM4GBnjRbrv/o7S8ZrjeddtSI0wdk2PPwLKOrC/Aj5y +m/dNfGntVsPLJ2JxBvqK5dQvhr8HV4OeZknx+iSjkZSAtQWS6oME+iTw1bMob/6Z +0CF86+Ob8rE2A13USXR7Sj8xzsIWqXsYip1TlePfAp7KnXhhwNUT5NR8OhCPxDyM +aWHZTyF/JDk7VS8jIZk8r+P1mwPQzep/5Xo1Y1pXNJY5++4zuyo75YP8FoL8LOBO +Ws6k7jZjZatLwvfNKvI6K6TyCKOuvXDku7vcZ1Lw7LA0yQz8Gsr9Kqsi9/6IiNq5 +eaYXyqyx/Dw83yW1/qIa16a+l8svPECyVZ59RdKi2FtcJ4OXvm5VRj7V0KdqcbBN +ixA7bTch8/b8QYBcxncQiiCbpZRPBYcLlFvyfr/3iFTqRa5wahYO3vD08SNrPlrX ++jOToBoZZxlKYw776L1PBSnMjISMwHUL0tb65WHdWCklCkAOUjr4VmiFaciNT7sd +Fy3Sge1z2S80riXWRTnIzpnjdPHNWLopXnj/uwGPki4hUNPgw2SwCGhyF7qDB4mB +L1QlrUEVmED+EQwz0cUrkKtgzbdUi+YyrO2xE6B3QfF3mJ4tirDT/Pk5qb8NX+Xg +HSEkOA9Piruia38U6ZkXqFGdqQIP00xlxehm7YlRCqHMav6H0/sAGjvecFyR+HdA +-----END RSA PRIVATE KEY----- diff --git a/cpan/Net-SSLeay/t/data/strange-cert.key.pem b/cpan/Net-SSLeay/t/data/strange-cert.key.pem new file mode 100644 index 000000000000..449f2654b5bc --- /dev/null +++ b/cpan/Net-SSLeay/t/data/strange-cert.key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAtdSdfShRrHvH1afBEtjC3lZ4E5Fvd85nanMpAcq18sPC3x+8 +kysE59k6hJkpYqKczniitoXxE8jEGJVGvZna/KiXkRAxUH1K2rDp3G+Hk/SX69ou +SfcmpOvGxvCNPxLQBsk/9OAwYGrWSvVfXYZ8z3aL2/5KI3diV/fGianGLSS+Wz6h +CxBbXY14VpuJc6MqqtHnh9GspjvF9zkVsPV3iGibbl2nRuo0IRau2gLK19dZUYym +0hr1Aofs2F/KVWjNHjCgYI3IBaqoppd2Pr51X3tviZE5d+bxGerHAOlslaWDpBtI +Gyh4qR/V1H4HrhGre6rnnUM43owNXR/SCRrh/wIDAQABAoIBAAYlv8tX2nVEzdm9 +3wgoQZ0HiNGixL4sCJDvuCCXjEqwYG82oRVZypkq+l7ISjC9dUDzWCuhQ8TMhc7x +aC3roFWvsGUIw0hIpQgQjbTiz8EjUwZ37RbSwrKn8VyPt1eu9TLEpdwvMN/2E9ep +fb6FyeDMo0tP83CCFUgKpo1WY87NoyNzFJAtH0GKzhZvJXXDMXJY/IAVvr5I16bW +j7KcsBf3R9YMPMRoAhQp9H6VfCqYE7YTTGrH188Ksr1titZmkMBBFyyPaBx5vzuJ +EfKhyTjLU4Ce/Rck9T+PTvn7AYfwL77XY5qWp8L+TdnxtLqobAtdtPva/TfZht5Y +NiG2Mk0CgYEA8t1GgUn63v1sy+CQfLyCvo8Rqx/34kxVmdBDrCNBry/pE20Fz8xl +dvKs+vjigg8j2iFKbgwhJ/B1MsAz/bTLd5rukinT0ds1t+H6gBQjdeXNhsnTEzMq +HCWA+qP2uJVMOVckDMHMiEsGw947YtqkXXrpIcjyh47VEtUFeqbU1JMCgYEAv6pC +WWqiO1JNC2SQQGC0sOtccQtSSMWdkhZPNPNtal0M/441HkYfUVHQoPCDqBMMIWlv +ncAzcBAiRdKv9Pg1wYkufjKTtIPwJONPrnVMpeRcOL7xA1qwzx42Umr7RVd6UBf0 +8LOIQJDZmZm6IOqh9CvHUrbZiEt2gKQhgELXbGUCgYEA29zacT1KMgl3LvLzmxkF +vAHFWwgr3uCANilGulWIp1JWTNHMCxzdVlvHocUjOd7+9ABjY1DzyzZywykhaDL+ +aB8Ij6XyLu+mp/uaTcztdVQ/RiD8R0twed6x7zX0q5HtWZO7/RiNU22oiDVtycZq +On6FA6LpfTMfTlcvCKRz1KUCgYB7ak6+9QLx39TseRzJ13uCUIt93yRk55rG7sah ++f2Cd9he1lst20lfO6dzemvMVjeBbDsLATAeAMWQ4FGdFBbJQGRHrpmdqzd/CT/N +vopUZ+9aOtlGp6ciNvoTp/+Ubve7izGVrIUXzi3P0kUf3PXcHDSE9miscqsjuow3 +4tKEYQKBgHIlUOPyU3F4qxR1lx+mOncvX2HWyqptNlbrRzyf4aJzP5uKeMRrp2m5 +4sjIYZ7NW64GBQUaS9DRbXJU8d1M3PKSI/8LKgXht3vrrW/IK3YCVhaonHn7034p +H5Jz822qO9+DXqTRQnInk+itxFh8PHIr05WQym3IIV1mILVlz91U +-----END RSA PRIVATE KEY----- diff --git a/cpan/Net-SSLeay/t/data/strange-cert.p12 b/cpan/Net-SSLeay/t/data/strange-cert.p12 new file mode 100644 index 0000000000000000000000000000000000000000..6a25564366252b1fc505f59b763be820e1368249 GIT binary patch literal 2705 zcmeH}`CAiL7sqF^2}y8cQ>0`q58=;Y9;!AAjRH|95Capwj0zH98yW!?$DtiCI7yVXB~23E zuLQ)y~e6;Sv5B5{P(v20IwCEjX1fQ*e` z1z8C#7^WfbU(YdF3GH29xo}kVS93ZT(Kf>CKg}ubal#Wa(J<98qZz|StBgR@v$Hp{ zwTH-%Aw+?cAZ5rE+6t*bDv&C)9nyfPkO8Czxj~wcGvop(LffD-5VRLkhfJ+ZXlk&^ z>L6l7vhcbnURW;r4zVbtS0yZigaY9m;X`2=0(hc$nhL!2)9;Yj!7LAdF9y|0y$|0ihjUzHC*n_1<*dlMzyNsygOvpWgWl)e|{4I>K@)FHA``*KbNQtI6p9SeTx? zo@Ra4qQ7ixFd#N{HhsKb?rK++hZ~3<`Q$JGvxBXvIQmd zgyVeU#aoS3C4uw4Y{GhHmxM6-^^5FWwIb2mSW!uVe#883>9V=dIPdHJE_}0JcaUXD z`%$gEy-qgq1zmD;sMz0LxV1WXw=2L|?g`D=x;HcjTJV4aE^fZ!?W|4aZBkkh;X>Uap|fAOPlC!&dNGMA2{7f#3=T zgGOPq;BQuaWsD3gg%eZ9fmrMsH29^5`V?M^k-7hJl{D%P;? zU)vT@90ZsuxJz4eRO=iYk2xNXefu`y2j zr{}I7#&O3YhyzzmQ}Um96}u~apa+Fb^J&C4VOyj;FH_g~xG!laY1gGjuN@D}NN5(` zuaTb#P=qS0*{_8ImE4$HNwvY|Ie~X8v)+4d_5Z&1XSQ?0-T|(YsK7G`r&5F(Tnx^; zTUEbP==KXhYRGzE^dhuem6#N+Wm0tRcJ6YzmtK0CV4vQxkX(~H)$SETA2k9~=qtLT zx=kk(+HePMcGxcIQd>4Xvd?O*n8=*mNLQ3g9xA82yt2c2UvFhhkec#lUlunxFn13g z#4kk9qOQV}FB?%@nuaKsRWaIJdR3+RiXPLRAJDWsvb%NyX8w~TMRQkh1=v6^zydq~ zf4~c1093#eX;}!<10aBdPzGY22nh!Q5y}8g0^5;@KM;VlpL2bHQ-BZRdHj{J%Ds`k z58w~;u;;%_xLVS%91IT|gkUCOK3~@@B#3#86tfx>2>jQXLP{MUiR2=Y|DUSQrwUO5 zz$w>0b?oPuwD;AFh^ZK5u89-n)C;zYB~3hl(&H`4+yiv8rJY(c)D~QuE#MlC;mlF> zY~%X23msG5)bT8b+hq)~I&<@UvGoZRuR0%7>~Nv)WV)V|^QVp{-ghjW)2h!O)PzSq zNcP@3E4a`y+Ln9h$V?zl+8keyK=*zQI`0^U&rJhqskBnruCwj|=*Xm!~FrD49 z>!}_0=8~+^oI#@1AB$k@q^6+P^V)a(C(DQXrYfom{Rl1XIw94x^%? zfaxK#sDlf`OMXvBlg?E01c@7pN%OBP9WsQ*B^0CEnq!hoY-bxIWV&SG_gB1ilzy^> zKasp`lB4xVd#U1S=(YDLs?S6NI`>~LaHS}mH|;Sk&m^_g+S?+dJB0g@5 zJA|tn)<4mo=W=?C+&mq7<@v_v*wY2w-KncMzpKGF_cuV~tJd-ivo#}_pswNfjhCzW0w zDdkw^|9pIxU{<0D+seMULm}KeGIxKk zA7gb51B3lRdo8rYLp7#nu5ZRxgALAN>cgX4T~)Ixhd911-BQ#>kRPHuH)S_ab`LMl z0-m1MGf#C{b*f}^LAHb1*=0%^oEwziasGpM39Fb=6~FUU z*Le?Q2`pvn*VA@EVZ~CMbW(v{sHU4oPiqlVmp*=A&krwi*ap`xh1Gw{_xb5nbF;_I zcIQ$Y7Atp1C}Ohgr-m#Cr&A~^1U2l-`w`B!SO6m>H`#r& fd2f6?AZ<9V`NPra2lzK57_svYBi_?(ERX*QD|B4p literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/verify-ca.cert.der b/cpan/Net-SSLeay/t/data/verify-ca.cert.der new file mode 100644 index 0000000000000000000000000000000000000000..95dca1826414a03547c7f9c383b25a56cc98e9dc GIT binary patch literal 874 zcmXqLVooz?VhUKm%*4pV#K>&G&Bm$K=F#?@mywa%z|)Z1fRl|ml!Z;0DZs~2*gz1( z;o{-)OD)k24)#e+tb_@2^KgZv7MCalmu8lv8VVTjfmAZ{um|Pmmnb+p8pw(B8W|WE z0wEYgiSrs;AaM->$+b$tKn!9Pe^_c!W?E))Vo7Fx9>~fjMkNDYgm)NO8JL?G`5A!X zTue=jj0`8gd{}yO&8olcEFXFTgta%^aBG>pNvY{yR?2kVsm(SwC%)J8;Z0q;J?H4H zg(X`b?d0|eP>!5wKK04jv>&U2zkZ2LpVQdY*gNC<%&jlE!e6bP{Bw0%%ia>Vx!f~u zYZ9bL}C_Nk{pWVLj&Cfm{CYyE$0d6V}ATwB3vq4Z() zN~eTnyA4*aK9^gXBfRIt?Oz8Hiv+gacw-g1ae8uz$F(hKH!AM#JSSl(ma4J%tdha+ zrHX3Ce~o5tU;K=jr=#?PH4`%<1LNXQgJ5uE$?`KY{%2tUrUNzueqe~o3WNBp2FyUp zKo%sx$0EieqWJc6@tR3*i(0sZ0(FhtSi#9cR)K}ffWv@|jYW$Ys0}$C0fU{9 zp+Uqt@6GexDM2>5>CA7|9KE&d)9q8dqNkHgnHQcr;iGJFaHG-ELk;Y1QFr^|EzcGz zx$RxN@A@j`P$jJ|DoHMu`%b*|nQ3Gd@oW3+4&S&v8oI$J<5JE%Jf~l{Ip=I}+Gbz~ zFFbt4{8p}3?up*bqH??6EU`$rFZN@DWKU+ri?xzghi4ZZUzq#Pn_E4^G;mkRor?Ww>I>N{$I69dZVyQ^jGDHO_%nv9(J t/data/verify-ca.cert.pem_dump +# hashref dumped via Data::Dump +{ + cdp => [], + certificate_type => 305, + digest_sha1 => { + pubkey => pack("H*","21edf373ac92ed72840a12518d4f1a7a16528205"), + x509 => pack("H*","b7d290f2e81ccf507afc62514cffaff35dc9a51a"), + }, + extensions => { + count => 4, + entries => [ + { + critical => 1, + data => "Certificate Sign, CRL Sign", + ln => "X509v3 Key Usage", + nid => 83, + oid => "2.5.29.15", + sn => "keyUsage", + }, + { + critical => 1, + data => "CA:TRUE", + ln => "X509v3 Basic Constraints", + nid => 87, + oid => "2.5.29.19", + sn => "basicConstraints", + }, + { + critical => 0, + data => "21:ED:F3:73:AC:92:ED:72:84:0A:12:51:8D:4F:1A:7A:16:52:82:05", + ln => "X509v3 Subject Key Identifier", + nid => 82, + oid => "2.5.29.14", + sn => "subjectKeyIdentifier", + }, + { + critical => 0, + data => "Policy: 1.2.3.4.5", + ln => "X509v3 Certificate Policies", + nid => 89, + oid => "2.5.29.32", + sn => "certificatePolicies", + }, + ], + }, + extkeyusage => { ln => [], nid => [], oid => [], sn => [] }, + fingerprint => { + md5 => "C2:93:B9:A1:1E:1D:64:15:8C:26:83:C1:0A:54:0F:47", + sha1 => "B7:D2:90:F2:E8:1C:CF:50:7A:FC:62:51:4C:FF:AF:F3:5D:C9:A5:1A", + }, + hash => { + issuer => { dec => 3235285478, hex => "C0D689E6" }, + issuer_and_serial => { dec => 2780294971, hex => "A5B7EF3B" }, + subject => { dec => 1524484324, hex => "5ADDC8E4" }, + }, + issuer => { + count => 4, + entries => [ + { + data => "PL", + data_utf8_decoded => "PL", + ln => "countryName", + nid => 14, + oid => "2.5.4.6", + sn => "C", + }, + { + data => "Net-SSLeay", + data_utf8_decoded => "Net-SSLeay", + ln => "organizationName", + nid => 17, + oid => "2.5.4.10", + sn => "O", + }, + { + data => "Test Suite", + data_utf8_decoded => "Test Suite", + ln => "organizationalUnitName", + nid => 18, + oid => "2.5.4.11", + sn => "OU", + }, + { + data => "Root CA", + data_utf8_decoded => "Root CA", + ln => "commonName", + nid => 13, + oid => "2.5.4.3", + sn => "CN", + }, + ], + oneline => "/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Root CA", + print_rfc2253 => "CN=Root CA,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8 => "CN=Root CA,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8_decoded => "CN=Root CA,OU=Test Suite,O=Net-SSLeay,C=PL", + }, + keyusage => ["keyCertSign", "cRLSign"], + not_after => "2038-01-01T00:00:00Z", + not_before => "2020-01-01T00:00:00Z", + ns_cert_type => [], + pubkey_alg => "rsaEncryption", + pubkey_bits => 2048, + pubkey_id => 6, + pubkey_size => 256, + serial => { dec => 3, hex => "03", long => 3 }, + signature_alg => "sha256WithRSAEncryption", + subject => { + altnames => [], + count => 4, + entries => [ + { + data => "PL", + data_utf8_decoded => "PL", + ln => "countryName", + nid => 14, + oid => "2.5.4.6", + sn => "C", + }, + { + data => "Net-SSLeay", + data_utf8_decoded => "Net-SSLeay", + ln => "organizationName", + nid => 17, + oid => "2.5.4.10", + sn => "O", + }, + { + data => "Test Suite", + data_utf8_decoded => "Test Suite", + ln => "organizationalUnitName", + nid => 18, + oid => "2.5.4.11", + sn => "OU", + }, + { + data => "Verification CA", + data_utf8_decoded => "Verification CA", + ln => "commonName", + nid => 13, + oid => "2.5.4.3", + sn => "CN", + }, + ], + oneline => "/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Verification CA", + print_rfc2253 => "CN=Verification CA,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8 => "CN=Verification CA,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8_decoded => "CN=Verification CA,OU=Test Suite,O=Net-SSLeay,C=PL", + }, + version => 2, +} diff --git a/cpan/Net-SSLeay/t/data/verify-ca.cert.pem b/cpan/Net-SSLeay/t/data/verify-ca.cert.pem new file mode 100644 index 000000000000..a5be81733cab --- /dev/null +++ b/cpan/Net-SSLeay/t/data/verify-ca.cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDZjCCAlCgAwIBAgIBAzALBgkqhkiG9w0BAQswSTELMAkGA1UEBhMCUEwxEzAR +BgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsMClRlc3QgU3VpdGUxEDAOBgNVBAMM +B1Jvb3QgQ0EwHhcNMjAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjBRMQswCQYD +VQQGEwJQTDETMBEGA1UECgwKTmV0LVNTTGVheTETMBEGA1UECwwKVGVzdCBTdWl0 +ZTEYMBYGA1UEAwwPVmVyaWZpY2F0aW9uIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAyfTwpdmsqv2HBPCMUBMrsNhGhJuyIoL+amSXDZWDPNmR7ylM +DWWtt2zF2qF0teK5C0xQI1mZN5XkzWb4qlP19F1nnIGKgY2Y95m16QpX6quT+auG +hL10Rp0LmNsqMqifjEyC5hk/XUzVCtzv2YDEy003pRyTUPrXMLzYDnwPEgFdaWS2 +Iles/nVjb2gGaBo3CzYeR00s2Cy31TXF9EOEs17FpwQG8oxwFKsbgykGxXPWj/w9 +DWO+UNaoBTgi8JupQmCmuzCrq85tdWwTvMjb+sBhchC22Ow6VbGXY3RI1rRm2Hjd +uc4YORZlKKPNIjD7pSEmM/0ymbej5gMMiHXwOwIDAQABo1UwUzAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUIe3zc6yS7XKEChJRjU8a +ehZSggUwEQYDVR0gBAowCDAGBgQqAwQFMAsGCSqGSIb3DQEBCwOCAQEAgBQ7buzn +jZRSPG1nA+ysxdqm8tvKDRXLYjUDoc7ITCM0wbEypcKAB0Za3Y5fOc1xIka9o77X +qiNVIir0JGJEOb7I7UyZMjpY+rebiE1evCgtU8leZMzhzi9xs2zNU2az2YDEocPM +N9ptKm3IjbMVHrvspDhk3xb4sBmMaXjorRk6w5tyx6Ft/ksLJ1Q1Ubp0vGFB9dFX +BLFeHCtjhYCOFf+qqhuxE0Rb9SORgtK9BcNCPQsiATk054axKcfumeUUl0FyJnK1 +T9ZaOMz1Rqh+Gwof1YUcSbOEqoUE2MxuEfCTLRFtCYJIfeff2TCHND7AQeYO+V2d +/62BQ9lK3klPyA== +-----END CERTIFICATE----- diff --git a/cpan/Net-SSLeay/t/data/verify-ca.certchain.der b/cpan/Net-SSLeay/t/data/verify-ca.certchain.der new file mode 100644 index 0000000000000000000000000000000000000000..dabeb0fc7841392f02bc3fe3a607001216703dfd GIT binary patch literal 1721 zcmXqLVooz?VhUKm%*4pV#K>&G&Bm$K=F#?@mywa%z|)Z1fRl|ml!Z;0DZs~2*gz1( z;o{-)OD)k24)#e+tb_@2^KgZv7MCalmu8lv8VVTjfmAZ{um|Pmmnb+p8pw(B8W|WE z0wEYgiSrs;AaM->$+b$tKn!9Pe^_c!W?E))Vo7Fx9>~fjMkNDYgm)NO8JL?G`5A!X zTue=jj0`8gd{}yO&8olcEFXFTgta%^aBG>pNvY{yR?2kVsm(SwC%)J8;Z0q;J?H4H zg(X`b?d0|eP>!5wKK04jv>&U2zkZ2LpVQdY*gNC<%&jlE!e6bP{Bw0%%ia>Vx!f~u zYZ9bL}C_Nk{pWVLj&Cfm{CYyE$0d6V}ATwB3vq4Z() zN~eTnyA4*aK9^gXBfRIt?Oz8Hiv+gacw-g1ae8uz$F(hKH!AM#JSSl(ma4J%tdha+ zrHX3Ce~o5tU;K=jr=#?PH4`%<1LNXQgJ5uE$?`KY{%2tUrUNzueqe~o3WNBp2FyUp zKo%sx$0EieqWJc6@tR3*i(0sZ0(FhtSi#9cR)K}ffWv@|jYW$Ys0}$C0fU{9 zp+Uqt@6GexDM2>5>CA7|9KE&d)9q8dqNkHgnHQcr;iGJFaHG-ELk;Y1QFr^|EzcGz zx$RxN@A@j`P$jJ|DoHMu`%b*|nQ3Gd@oW3+4&S&v8oI$J<5JE%Jf~l{Ip=I}+Gbz~ zFFbt4{8p}3?up*bqH??6EU`$rFZN@DWKU+ri?xzghi4ZZUzq#Pn_E4^G;mkRor?Ww>I>N{$I69dZVyQ^jGDHO_%nv9(J%sA2YS`cV z|8ysRJ=;EajiGCt_08Sy^uz@%&&|^>HoHFg#Y1tIo0Id)DzzQHx%%)vzG`@IL(j$X zp!u~YJJyK4fB2~T?SI~L%dh>`)Gs_eHL=z?>(~r;MVB3a_3PgCI|o_y+TUZ@Z17p^ zz2M!r3$YiDe4DcTp_@;L$%}K-*Ztb`;z#h3^34GXlZ7;%JM9lV*LpB-m;DYgr>Bcg zTIN`=gw*XhYTW%j#bU!Ay_`a^=^yW3X|S<*qhT5JcE^q%(n{KSi|v!_et+|v82{*P z-=We8oZW3FD*V4b^j*AZwf)`ObKhI|Ei_)`b78ff$gWr$qoR3J+844za+s5W11ULd z&$;$kE0IGryFW9S?z@yet!^`GHcDavXQx=dc1eHXR`1U9kD5HLNm&vG@SwIxDNc33|uT($0?&#TwwYlXF~_wN<6(8`vOTgNCdZ+rBWw>PYdvhKcpx+v$s z*#*mEY%X&zoOJH?)$U)?$Nc55@Ozo`@2tz*JDvUPtM`??Zc!6i%Tgw5O0CSUU9I2k z_sQC^?M_;A@615cgS&PXm(=Q~&APq2bK|G;3|^1dSFW6M+qGr-6}|rpm!%#Ld#Si~ z{nQ|zmAw`-K9|k?IPpG5Pkj1g5zeE%Qg+84O3Ih#onha8SdcSmvmY literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/verify-ca.certchain.enc.p12 b/cpan/Net-SSLeay/t/data/verify-ca.certchain.enc.p12 new file mode 100644 index 0000000000000000000000000000000000000000..bac044823f0670a000a70030f545a4773510259a GIT binary patch literal 3557 zcmZXVcQ_mT*Ty3vv56f)jkY$iM~K!|qiAcjYE?aAmK3$6u}kf$8Pwji_O4mGwo-dm z1y#Gep67bs_xWAd?~ikR&-ZiR=lpqY1eR(ENJNalQsslm1VS`Jj;V+sM0hM!G6+kR zaE)USSjfh|5*Uw#OkbmMAQ9mD8T?lvLa>3!|91oB^+swCDX%FzvaJ(53j~q^0D-{i=98v&-)MySdc;fb}K6O8=g8 zm(KF&L^pf(e24eU^!51cTPIKI$n1zkHZj<##kOyngvLqKd&#AG3`pXZlj-{&WJ(f55W8w-dO3p;hFX zGdBpTx}5RXq;qx+kKxeckOwN*Y##L6q9 z{g2L>+n6naluP|O*}YuP9nZQ6KmvIw{QFU~9>YDoJ#sCVZB^2HA=vEq&0D#{>sLx2 zF#Ls5CoHubdVvb9Fy^W5_C%rfn5;0NULCyx37LSs4;!gnHGd^Q{L}UDZYyal%z^)Zy`^U zvYpN#@5L_HYx6o`@}vVYQ{$kFZ*c$P>SsPoOMpHSwG>%gANkz{&@kn33FPIWqjQ)n zOzi=il)>*A&Lic`7cfBKr|{JbkGU2o8W(Iv5lZhhKkgQ}U}I$v+$KZ@A2lVc#PXPXyslu)B}4zs&yN~-z{mci3*ruWKHGNPKxn0L2>5jMT!pMFHZ z7;7GoO|oRva2Td(?1!vzRqqL3CYIWv;+fRBBzGU1ByO?+?Ki9h;(j#7cinO3!8fo_ zirY2b>)iRSNxu7b?a@FPOIgacDYkpsE2HklO%>jNV-w&Xc+SHfYQe&cBK3T|)hZ}M z0_|;c)F@s{)!}~Kd;{6dlcASE@y^)vceIB~jzVFYeC-@R_}|3sH0+cquW3zjFGta* zI4yHmPp-3U0Dzyyru;0-(H6zZ-rar|;m`9*dLzufdMASZ=*l5!nMPtPnXJo1#<`a{ zKJo0p-))Sp+HGE>t&kO_#9uu&M>!o?@%BagX8c7vV)hE@I=?f_oUM>5H+chx=`5LF zi9fuJ+AHE2vdOS-B|r#B$9kQR!tiq&C+D|p@@(+VrB&@8Ml9Su z6Emkj#g*M{<1@6LtamR&o+rsSC+|(Op2Ee}xDPZ#r!SeC%I!zsV%@zZC;E3>nQP8K zl2pGqvdUxetGOr|za>so(uc(bGyOEejZyxNN!_@w>her>!69R?=Dik2LyYJhmO*M$D(65vjpY=OyuO;Qaj>T=g?pYhU53c z*bj-cgO$}6>9=c)Pwali5&L5`9Se)d)DtB@FsZKZ?(8dPAK?)epQTF8`?JwK8;6}t z4CPk>4nt}+z87`NIgm1~b666(nNX{#i#w2|jzNyb=%Xig=FX9%1aMthoxCps> zT+&O%fkq{yh>hQ}4F!dlk@CboQl4-ZnN4^_-3*~6+TY%cvumYCs-n8FUV+QKDXQnm z)o4Jj%As$+2tC3Owp?H}icce5=5o>H;gVR1acWmoeB|?nep~Uh zYOiM;3MBV0Mr3iTf-BJlnV=y@AznlhabM-urN%VYNY3kWlJgC!gB?3*-1o3!>60~Q zCV`JjET&+`W44~P>F4`o(rUW73TV{FRLbA-FUSBB(3sHb;xH2o$?D2OddkdKNh>+D z4JnLrqYcq!ZGYfrvE#(`Tj3y{2L|JFsRw?}o93?&Sdy&&2y{G_Bo2fniN3}W*A)V$ z_`i53Cj#QJpj`wOwEf?yZ->dr!&b%P{!V=m7Szi#efJNM03#xA9bF#5(#oQE=xD8x zK0g!SvsI7|3=T7In`=Ny6_Gt&!1X&HpFc`q>_OLgJ}hX%slc9}lGHmfAFa{|B>4$v zQSlDa%UC)$qU-(AMUT<&i-YuGH=RMLLxCAyF(#tyv=d`{JJ0n>&Wh4XM~Rv9;Qpz$ zeQR9eGJEkm%wj%mdWWQUut-m6sVg+Wp=>s7ueh!r`Ds=unEn$E^@Sx1`lg`GFk;Ax zFXE6D|DjOW@kJB*w_5&gu9_lW8AS0VpBf+L8^-yfQezamDeT=d!+&%AQ54!kHqWhS zfHBqI!A5y}*I>y>(R-VGL^>fd(c7It-Tr$KrBgRloP_YmgxXFmpSK;g8z96nxj)+? z>lxnLX1faxC+RZ2$f29VP|ywbetQutJ;CE*44<5-MD3d|KZ7TwNW>0|rzT*UPa%^nl}d5hHg<_hRF(E&ei^yw6`il{%PBD7;Jr|N3#=&F!X~O#KJA2Ii1T$&mi|SFQQD%vfneqFq`7dhBidv$C%PZK ze+sDkGOF2KzBe@aRhn1-vTj+G5W=$000?wINSk{ryk-`8YAAEmC>Ut0aWW?5V`vf@ zr|~gypgq^!XCP>vU076?t@TuEkF__2GP6F5X?u)W{w`33tRc?f7A3P~=naCG#hkQ{ zZ&^*G;~y$oQ>~XY=GG0XbAtI0B-&Xh-FEFH9~`MZ5mx!OQ(o%6D%sr@{7`_ML}~=_ zPZ~2Z^sNoGk(T_C+Y{3*)mqih`=73NpyGe6XnNpM%O#}v6U)yg`3-eUBujm3nLqq! z^E4B2NIItfSYd8)a;B~=*pX8uI_B7CYB-Oz6;6BRd=@-Rqt;mn2HB1J4CzN&z(`=q z9r_BK+|K0_H)(wKM=>QnrnhQs9d8J6Z@8wuJyHu1Py5hh!LwFXFd(*6e;Fsa(8Gh>!r^5|oGU8;UIYVb@ z9sC(uFmL!h*KeC=v6V&T&Rvl%d4BSNC@P5l@Dw9VSX_&=&fr zomq1?N@*(XbQXTBqf^?s^`l+wB|GZgh24o>&*y-G%+9CFBT%zKA|7Qj`*r zB+Y-P;}p^sNXE^!P;C680yyp7s>~}(d1HjDG?ew*;fQl_bF1>yhqKxB!wIXzkVbK9 zk&I{uit;FERUy1wF#>zDd5rJj6JC}0>ftT2xqcGLtr|-Jp8t*Y+&4q*Q|maj{-3MR z+Qe;`QuA?t<}LK1fi)k1+$h#dns8+%_c1^#K<^vhFwWj0QgY;ie*%Un5I4SSH;tO3 zK$#oOPuJ!p(~pbNu1x|(t63V1+_{>IgNB53SnvgS3!F)RMti)DxK^>8_%E}*NV(^~ z9Qjw&12SLUQB(B~U?rwJ{=Lag*~!~^S{s!V;)n$kczoj6UiHY8lKVe`f5B&7uDuES zBC~2&kt-I2L-73nc_d>LV*)YMevLWUWE$|=`zW2S}>$&dVec#Xhy!UfIzx#aw5C^is z5derIvUA8Lm?eC|!O`$M5T}a-ahedU3V`Ukzo^hfNDzGkf^z{7DaMZd)r%7YN92JB z5C9QT?3iCc4t{7Z1QiJ)d?4Hl0NJeb5NvR^osihyXN6+{b0sXm!H%#;vh%T76P5S? zo*e5X*_NBL~qWNWl~uS!pl8wPT6kMBAP{OOr6v2gC$$$^f7Q z-Mg2Q0Pe8HpG3gs-wh=Q@c$Bu+kqTN@uGOR(OB zwUlGFdd3@u7ps)Cw(8>jL(HWZ`qfX_b?-1I-j}8QRF)9eLNmFBy*ehVeCv8L5q!H} z&xJUEd9gSW{h-G}y-+00dSeJ^9_EVR=7qaZJns-rlz$2KID3ZujF383P0ZBd(D0%9 z0oBe`!?;@4&SE6{a`HKRnQ*KOduPz#<eTLkBY;3aJ~ z1RMr0um?!HndZ9xM?y12qrBB_l8QP>+b%5?uI4jxUXw}%ds|Q)2D(@R zTvKHxp<3qQLiRL1OF!^nV4c;Vlg5)ZlUq^381aF45%b!((s<K zGcf`rsvK$4f6Mig%eC!_7{ifcFU_sGm0~UcQomOt$37(}nf1L_mS;ttTA%-X+J?A& zd&T8Zp%CEyhY?=MPRte-0wco$VHB7bEF2~e^MJX-v|tjjU>Fs`sgN89;pbp9Nb-ao zf;1kx_Ox9O%C7y6ZU;XD`BGq1=+KA#ogus-(Bp3mL4p{<3c`;=459ifL%{#Cv;R$o z_z#lNKVycQ@yoq??vN&4lpbf8?U~JR*qZnvpSH$GyjHGc?5aJ|w4flsqsh!w3{o3P zo1GLe8c91F5-xXi-I$1bJ)qQHmHa%^_Il)_3+4M3C#RC;w{gtk!A%*(fSwHZNJF2l ztEQ4h4O@y)3zrRTwdi^;k+r}I|02)0>ob>U57yI*CryZUDznV2%8i;?7U^bat+hlN zuk?&Ts|_>0o!Y3^z;7^J@JQ2718Eo4+<7?Zlcz>ivw~j$f7Zu|{%9SYIcZJX`Gy9T zFhP!5pm+Mn=DK;R+thr@{opGcNeSIyR%??M1vO=Q<73wrH7xTFmlB_qDc~Djbd&>g z(-ZU2zc7OVaP(hchGu4>ix&QVMAHgP^hW8_bnFVMilt}UsJ1uW4WdOVdVN3Ebg_E*DeTzm+uuHQvhlH-^zY#Wl$zyXcnjC1jnYl`EV}oI4P5K zAHQyp366?*Or6wD_}pDTjW_C@_B&hU26zVwgCozqeeQTPa6oCg zx`N0#@~g+rs4$%W-ud;Gy`onB4`QdiTB3!f_OGr;7qVUjEIC#QAn9!#E=t-}O_3X4 zffJD-)ow=-g3&UY60z0KFsvnll3Q;}dz*n%U3%0heOb!~S&|le%}!=43zSMJPyrDtu>=ac+yPC|wBmvDn{1+q=uodQ1@gM(V53=;@Wl zWU*@&DW~on^5s5e(#2xMEb%!jWq)&cytQ6@VLj6XV;44CB^I?3!16xu!{rZWvUtY2 zi)~`3iY-mY+5&dgF#p+E(BWvu!G)53Uaohq#p2>(yvjyJ78!*6d`0`ZqWAqRg13rf zUcP!X%DKfO%FQ!a8Q~amiixqi9Ok&$YV;v>(X+x-LAOTn-CpC@YfTjENasF!9p=E? zV9P{h6ar1afBo{|V`~e3;wW|GAGeCJN!>yX?ovUMx!G2QJia??Xe^ZwojQG~s#P;Z zS>Tmg_Ef``x|~jlTx*ej(RKD2(-1$>3H4}!$=Rf>KKzl&IrEo>`&2%aNF~IKdzlI^w4p*1tBPGEu5v%T>Ck6&c)V}Tcf(z% zp_p0pBt9pU@Lbkd=f)+=sRM&|EXiAj*rISjP`jy)5@bqC^m%t4Ypy78uw3rx_QGSy znSpG3^AJ@NvTKFYy}+Kv56R2hUFuqwg3ISIp^cQjdk0YDxq=7-NoWbdD7y_&AmR&) zbESGlN8!ESkFsuh32$$gX`Ac5w;O9#K*u_lgulu5nf{1pcEu!Ysg$1Q?Tfgmz=qO& zc0J3MQFAI)+A~Qf=|woS%GAoZ(Rj?}?op SVjZC%_ZTX#59yiDg#QfuTXT;9 literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/verify-ca.certchain.pem b/cpan/Net-SSLeay/t/data/verify-ca.certchain.pem new file mode 100644 index 000000000000..294e4740167f --- /dev/null +++ b/cpan/Net-SSLeay/t/data/verify-ca.certchain.pem @@ -0,0 +1,41 @@ +-----BEGIN CERTIFICATE----- +MIIDZjCCAlCgAwIBAgIBAzALBgkqhkiG9w0BAQswSTELMAkGA1UEBhMCUEwxEzAR +BgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsMClRlc3QgU3VpdGUxEDAOBgNVBAMM +B1Jvb3QgQ0EwHhcNMjAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjBRMQswCQYD +VQQGEwJQTDETMBEGA1UECgwKTmV0LVNTTGVheTETMBEGA1UECwwKVGVzdCBTdWl0 +ZTEYMBYGA1UEAwwPVmVyaWZpY2F0aW9uIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAyfTwpdmsqv2HBPCMUBMrsNhGhJuyIoL+amSXDZWDPNmR7ylM +DWWtt2zF2qF0teK5C0xQI1mZN5XkzWb4qlP19F1nnIGKgY2Y95m16QpX6quT+auG +hL10Rp0LmNsqMqifjEyC5hk/XUzVCtzv2YDEy003pRyTUPrXMLzYDnwPEgFdaWS2 +Iles/nVjb2gGaBo3CzYeR00s2Cy31TXF9EOEs17FpwQG8oxwFKsbgykGxXPWj/w9 +DWO+UNaoBTgi8JupQmCmuzCrq85tdWwTvMjb+sBhchC22Ow6VbGXY3RI1rRm2Hjd +uc4YORZlKKPNIjD7pSEmM/0ymbej5gMMiHXwOwIDAQABo1UwUzAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUIe3zc6yS7XKEChJRjU8a +ehZSggUwEQYDVR0gBAowCDAGBgQqAwQFMAsGCSqGSIb3DQEBCwOCAQEAgBQ7buzn +jZRSPG1nA+ysxdqm8tvKDRXLYjUDoc7ITCM0wbEypcKAB0Za3Y5fOc1xIka9o77X +qiNVIir0JGJEOb7I7UyZMjpY+rebiE1evCgtU8leZMzhzi9xs2zNU2az2YDEocPM +N9ptKm3IjbMVHrvspDhk3xb4sBmMaXjorRk6w5tyx6Ft/ksLJ1Q1Ubp0vGFB9dFX +BLFeHCtjhYCOFf+qqhuxE0Rb9SORgtK9BcNCPQsiATk054axKcfumeUUl0FyJnK1 +T9ZaOMz1Rqh+Gwof1YUcSbOEqoUE2MxuEfCTLRFtCYJIfeff2TCHND7AQeYO+V2d +/62BQ9lK3klPyA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDSzCCAjWgAwIBAgIBATALBgkqhkiG9w0BAQswSTELMAkGA1UEBhMCUEwxEzAR +BgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsMClRlc3QgU3VpdGUxEDAOBgNVBAMM +B1Jvb3QgQ0EwHhcNMjAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjBJMQswCQYD +VQQGEwJQTDETMBEGA1UECgwKTmV0LVNTTGVheTETMBEGA1UECwwKVGVzdCBTdWl0 +ZTEQMA4GA1UEAwwHUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAKSF8tIItlPf3KpLzUgI6JVW/d/+LZP1zYedrDFFXjvZu+4uFxE5zp4vczbX +k+jhF0TZk292eStA9kVMDePVMcGwjNF3Up99yYisFe/h4ovt/w3Op9b7KS9xy5Vh +fUNqxphHIUS4/S9+7o9DUjqNP94EszDzFu8R3V7QXdDE9pSn4UZMVDTozpeu+rLo ++FOkd7NQIJMSKOdCv1HOhcFuuj+4FkLlo8k5bDgEVH68xTOL92Q4sLwubHEWl/Hf +1IA8POwoOVLtuLj4GyIrbqM/Yj779kmRX+LtjsJ1kAmLhsh4T/XhTaOyqz/d253v +OE6hM6pM0KsuFLpdPDJynpSHoQcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8G +A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLzOh106FMJ8u/MANb7SZ5Z+swVrMAsG +CSqGSIb3DQEBCwOCAQEAXU6HGU8ThUuJz+KCSNYaO3HxxFrNH2pFWwrTjt2tdBLk +uDvicaquwUzq6zetEys7v70WOCprGB6uARiet1vU7dg7cmrd7eWibMDNoKdcPNML +oZLO29WL+hvGTx/UD0o0j7l+ab2XB83q73mNRlqRBXZkkykaqWt9qy+LTvI7QYbc +ZoONmVE1wbq5c3R9L2aa27uJsfLPAErjr3mpnNtFhJfULv+hpmXHVukhra+VUkyp +jTiY83ad8ZHfCIxfZ+MUCcWNGj7G4Rkfd27MB7fDEQlisaSk8B17FK7oIqO/NN4E +w1SHQ5TRZSmbOTGIfZtS0KaTaZdZtBNee5BEzQz1sA== +-----END CERTIFICATE----- diff --git a/cpan/Net-SSLeay/t/data/verify-ca.csr.der b/cpan/Net-SSLeay/t/data/verify-ca.csr.der new file mode 100644 index 0000000000000000000000000000000000000000..6f7478012da1907b482a97884a7b5c8e314c2613 GIT binary patch literal 664 zcmV;J0%!d&f&!E?^V7%&zF162eA3=dXia%pC1V_|e@Z*Cw%K`?>= zA}|dG2`Yw2hW8Bt0RaU71A+k$05F093Ic)w0RYML@TJ+Ts{Mxq@QhFsE3nu`gqyM= zg8ph`mkpJJJlT=&DNGGzt+#B&+M#r{;<*bZ_CatA>QVbVi*EnA<8csGp2Xg60`NT};&q-0#_d#LG=Lr5uw``qwbL*baOT z5&>OlWVRw#tp0UlZ)gT+8aE3z9!E_q*etizHO2HpgtK17rvwJ_jBpgI8-pnZ#dFq= z{5=h0zEIYv1vnz`o2f!zrn@k!tIln8Y!kf5+xoy^auBxI>^fDkmt%BD*0g5Wc-^_q z7&#VYD5K3HF#Dw;CNupqnYW|n0}P0D@H+wn0RRD@05A&%2`Yw2hW8Bt0Sg0y0RaGb z4ZYN=9K6PqyL{O8^ra^LXZemXR*#?MJ%cyy^iTJ%`~J+I-daybEF{y`bGF%GtOx)E zAEeK#DO%nf=-+Ux$DoAhbT~B-8QQS_4=Jb^!G{{4Tj99iD@|T&)yYh$^gpbUxBIF><^=7i#a3KKM~7$^EUsC1CAUWK{5$+Y_t@ z<`o(ci~PG=Kn=0@AFB}1p#j0-9RThL~$ ygu9~KltzR)3!tv(>w7T@8=XEYp1@gYrn(^M-g>t-crKkbuQ$;dz;RA2NS3_K)gw;; literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/verify-ca.csr.pem b/cpan/Net-SSLeay/t/data/verify-ca.csr.pem new file mode 100644 index 000000000000..82d5a307d329 --- /dev/null +++ b/cpan/Net-SSLeay/t/data/verify-ca.csr.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIClDCCAX4CAQAwUTELMAkGA1UEBhMCUEwxEzARBgNVBAoMCk5ldC1TU0xlYXkx +EzARBgNVBAsMClRlc3QgU3VpdGUxGDAWBgNVBAMMD1ZlcmlmaWNhdGlvbiBDQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMn08KXZrKr9hwTwjFATK7DY +RoSbsiKC/mpklw2VgzzZke8pTA1lrbdsxdqhdLXiuQtMUCNZmTeV5M1m+KpT9fRd +Z5yBioGNmPeZtekKV+qrk/mrhoS9dEadC5jbKjKon4xMguYZP11M1Qrc79mAxMtN +N6Uck1D61zC82A58DxIBXWlktiJXrP51Y29oBmgaNws2HkdNLNgst9U1xfRDhLNe +xacEBvKMcBSrG4MpBsVz1o/8PQ1jvlDWqAU4IvCbqUJgprswq6vObXVsE7zI2/rA +YXIQttjsOlWxl2N0SNa0Zth43bnOGDkWZSijzSIw+6UhJjP9Mpm3o+YDDIh18DsC +AwEAAaAAMAsGCSqGSIb3DQEBCwOCAQEAeA291KocvMaUu3zY9vSlJv5n+Y4xVo+f +5T2DN+70T/ev+/7Mn95aT0csJNPWc7bZYawIAAQfpM+rKVreHOjfcKzHoITodDg1 +EBnasP8PKagYwYcaoFvhuODjoreHaf5rocTxolP4zJNBGpO1kitNXmvVyUyp9D+s +krf7qkLmBO2oxVZcRkeHaBcssHIZ83AFzCVg7VVkVPCW2xOsB+YVGhCLmRnKpB/P +cZfief5hB/QVek9INwNlLb9Ni97xTmcTaOZG27AlQ6fZjAsqBFvQZq2Eu6LblEaE +OgugrujrezEKG50+K57AWWmmuiDp3nq3NngunTavN9EZwHFOLEiWvA== +-----END CERTIFICATE REQUEST----- diff --git a/cpan/Net-SSLeay/t/data/verify-ca.enc.p12 b/cpan/Net-SSLeay/t/data/verify-ca.enc.p12 new file mode 100644 index 0000000000000000000000000000000000000000..ed3f4fbadafb0ff54fdcf8699748e2acf2b05364 GIT binary patch literal 2683 zcmZXUc{mj88i!|?8T&qHn6ZS$nlVJ7u@>3)?IXt4Ofi-wYp6l?ElV_!$Qs7>S+mV& zSGMd$8ljMUi6nBSu5-?JuIv2qzVGwi&+~i!yip|9USo12j>R7vu+@sg$i` z=zMW5z5LG;axQRAyZH=ktdWUp>t1q^QTcSLQ@nzmSIUgYiqwOx4q`4TCsd7Ki1X0_*qCP z`jhQz<45&jRN=_;@*QPuw^l;%Y~WUAq$!fQ)W*^pB?FT1O@Vb4&ji@cN%=IU&wNEN zHZGhGn|Tk%csn~^C|!!g;14{Znsz5GPlQ+ZhKz?1W5b@$FKGKAAM&HKeFV2Zo!w(G z%Pt0HcHnx$Y^MdgG6E#3OFuN{+n(!l9rN;T0hwJeOQM<$uH5kc2?>xDonA$O0ph>mgkJ!KS zk&ilgwLS0dk}fV=#Jw(RIFO18HJ35*1r0`k_Ig#!Dy?^JCH32AVVVb{%!bv43tK;7 zBvlab>pRQZ%AY1x!Jqs6jjku0=EJ6s*?&}<+hR`-uRfE&c4?Nn^!DJrMVi-^SC#k4 zn_6bp+T#NP!PewGUb?8_9CSjvcXao-nZ4%r`W2}VxF}3E;F^<>`bfbwWw(YpcIU{6 zXKI5YAvfD^NIeDmp;Euj_kRc>j^nOUc{2)2x@Iw~BnNHsVM@6U%aibM>R$9oz7s2Y z1RQ+ns1CE4;b(s~yKKh+{j)X_hRj^@x}=g3>(2E376zr()gk;1&c=RqXJCk-MVstJ z?7ydfa~E*rE{cv>1@HLl9f!4c334XLu))3A+aDqFebhqzTY{qC9E`I9Q?op`ts!+o z{1>&>vwUK)zIyf z@&3VyOKM7dxOlGH2mAJO9Fb|7lO>$6@U87L+dqU{Z>@!)NZ_*n5lkTooC_j>v*p z^YqUfbI4fi-*0HE%g%=2}61Bij@b@|CIOY1`cj>^J-naS(h(f@yU8DtNKO zHZ6;9LrJB32vdX%Tue;j$kL66 z!c)y>JKy!OZxNNk!Uewx;+1O@QV|f#{x%_3?RUlL2?dha^z)ryX=&y0;ipYNiz>y& z^2HF8xc_Y(4OXaLT%oV<&Wk^u9kL-2vUaa318~c>DI(`46lWtV%V>{cgpvkTC-`J* zB~qX}-%X2@uJeCTtRD?Ol_U1dasDd4j6%vwj>^HGE=tt6Q#@d7LQ{Bow|~Y=)lAvh z`(|(Naa+4pbWkbbLP-1SMB?h7*P7xC(=HEtiH0S0+SbcdQof4_cy17+4ig;nVeDVO zu*kOdFJL`gDy8{5-hf?|sWIox^V$l&5bjW|ta4pmE0>`^ywY`N1UU}3?ckQ1xZoU#j`8jMfpDRltX_xq5$B3a%7UynKHeGru<4Z*VL_GrAe%FDE>s5P zF=@ZSP1tWH3@ApF5PPq9dPgn}iPEsGFdKfBcuW22ot%xw_svw9FDx!6q(%CM;5>Uf zF8l1(1-K#B+>`H4vacy*_d)YAK1KmvCaxuI(SAC}9bn{>88dy$hT>^)h~37qp0|6N zbHsTzO8bI5FWg+cd(`9Pol|5a?Z*n`?H$QwA^x@IpS|-OsaXvghtPBufoQc{=CHM` zjcyNKlY9=CXlbT$ZMRn&E_r&n&4Q}rCNlm_`#gS>CrQnSJft6Ao5NB-T@ zg!oZa*{L5=<;U85w48oLYn$@r&75Lc3~)8h3Gco718W0s;(Um%NpY9r(j2@Qw=1Tf z>q?q!e)YFvSGP(Nbj5C?{3|RE1pj7J^0y6y10>&KWt9CBV?r(r+FgX1>Johvpv6H& z5hgsaXbaABWQ0ZPqD)kt|I=!nDs`1y=2ta&aS2HQy7daZKN(>pE#o)d@ub&UhD7Tx zMcs&RhTPnNPmroH4j|utY^59U$A4q||{mJ0Xom z7G>=8srn=*jvH5uqAkp2(Vl&){-$z2cpu{l4jy5K z4C$ELeOq%G6y=q7sWa~8Q=#1l&IfS5>IXUHD)kBbLw%tXtW0m@n$c{2UW2l$vp*pa)X$q8lGWvE05?>Bx5w`U@plIQJMnAc z7st`lcmM&Vgc3)wK)`aGj0{3x00^3;g!0hCW_nUvyZVu-`e_{1%h4d_(BQ?-3*jWy HUoQR^*wxWH literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/verify-ca.key.der b/cpan/Net-SSLeay/t/data/verify-ca.key.der new file mode 100644 index 0000000000000000000000000000000000000000..1aafb9ab9ed50dbab3a3de2f1d2bad191ced684b GIT binary patch literal 1217 zcmV;y1U~yPf&{$+0RS)!1_>&LNQUrr!ay9qXGc{0)hbn0Lk?5rP-{i z{f7kbj8GFRu-Ha~o3bK;{%T~G4V8mD*^%!lObunNw`|4Qp>(z4xeH8CBUza@mE_H4 z_^MO&^j&A1fr^2RnD?2r=?YistCRVwhJ?LzMx6_o+bS}spNvd`<{3X-Ow|h9@7aLF z%S|_>9FtJ`*D$=;4tx(10bOZiwjx)o{&iz-Xa;B+Hw!i%M@=l)EVtD)#q>jjvtGrg z1P1bqa1^T>gDD2ZbJmaiJq=^NP}ZmgI3no()S=mQ%tM_Cl6|+8krzSUZON$hYMbMAGGKZ?Io5XL1{Y+0kcexpvE- zN*gu~4AdVKbq*0}cR77mqgc1xZrdd{R^c*JmAe-m%Bserpn`Q}&Q*qd&Z8mjrs+2b_9B^ge%3B3^4Q&wZ_Pr1tPi@455Km!(y*W5>aCtT6n95n+a{rYa@`Aj+S2Bz>X+VPz`E*JvN>&|AbrmaMm_c)xiRRfdJV) zYv=+A;Rjmowv9FyMC4tdS&D1*!Bfo7}P9PiB{ zp`kBTwWjLSy%?ybDc<18+6?^>9S;%Ku6$W`T+Rwqk9b-8zeMYi?_{kEJfezD;w9F$PG$W=3#NG(f;+plX>&((hid71 z3rQ~*Caf#Z|L)2m=hc~2Np>|xWnQgXzH-aD>x}aM#y2{Ob*$|Qce-iQz9j`^?4x`_ zAp(Jbbp=%V9WZ?U_zd&0=R7XzY_uw0KZfS7t2;?O>QvjjE(e2Ksd?m?YUS}1&c=a; z{WPk264QK%E&>HT(4Uu5&9YpPC}fK~8}x};*!oV(N~lw6TXr}MS^hTvAy_i*ZVm;q f==oHe*7P*<+9t7zmP@PuqP(+1_@2~fm#&n`d>&Km literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/verify-ca.key.enc.der b/cpan/Net-SSLeay/t/data/verify-ca.key.enc.der new file mode 100644 index 0000000000000000000000000000000000000000..1aafb9ab9ed50dbab3a3de2f1d2bad191ced684b GIT binary patch literal 1217 zcmV;y1U~yPf&{$+0RS)!1_>&LNQUrr!ay9qXGc{0)hbn0Lk?5rP-{i z{f7kbj8GFRu-Ha~o3bK;{%T~G4V8mD*^%!lObunNw`|4Qp>(z4xeH8CBUza@mE_H4 z_^MO&^j&A1fr^2RnD?2r=?YistCRVwhJ?LzMx6_o+bS}spNvd`<{3X-Ow|h9@7aLF z%S|_>9FtJ`*D$=;4tx(10bOZiwjx)o{&iz-Xa;B+Hw!i%M@=l)EVtD)#q>jjvtGrg z1P1bqa1^T>gDD2ZbJmaiJq=^NP}ZmgI3no()S=mQ%tM_Cl6|+8krzSUZON$hYMbMAGGKZ?Io5XL1{Y+0kcexpvE- zN*gu~4AdVKbq*0}cR77mqgc1xZrdd{R^c*JmAe-m%Bserpn`Q}&Q*qd&Z8mjrs+2b_9B^ge%3B3^4Q&wZ_Pr1tPi@455Km!(y*W5>aCtT6n95n+a{rYa@`Aj+S2Bz>X+VPz`E*JvN>&|AbrmaMm_c)xiRRfdJV) zYv=+A;Rjmowv9FyMC4tdS&D1*!Bfo7}P9PiB{ zp`kBTwWjLSy%?ybDc<18+6?^>9S;%Ku6$W`T+Rwqk9b-8zeMYi?_{kEJfezD;w9F$PG$W=3#NG(f;+plX>&((hid71 z3rQ~*Caf#Z|L)2m=hc~2Np>|xWnQgXzH-aD>x}aM#y2{Ob*$|Qce-iQz9j`^?4x`_ zAp(Jbbp=%V9WZ?U_zd&0=R7XzY_uw0KZfS7t2;?O>QvjjE(e2Ksd?m?YUS}1&c=a; z{WPk264QK%E&>HT(4Uu5&9YpPC}fK~8}x};*!oV(N~lw6TXr}MS^hTvAy_i*ZVm;q f==oHe*7P*<+9t7zmP@PuqP(+1_@2~fm#&n`d>&Km literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/verify-ca.key.enc.pem b/cpan/Net-SSLeay/t/data/verify-ca.key.enc.pem new file mode 100644 index 000000000000..f3d0bd538983 --- /dev/null +++ b/cpan/Net-SSLeay/t/data/verify-ca.key.enc.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,653296D10A4C066A6865DAB458166404 + +1Bsbea51+wBGYVKF76n6csZlArTFPGx3QxnX2I77B+AQhRWKPA3KwT4i+PdPvoEf +7TXffSj2Rcv677IM8mVpEnZRfW26dCdYfmIYh1x2YOD/vErCo9kgWMzhIFbOg5eH +SFtbw1zgaZiyeRi1revymv2+WzMO2aTSV2chxtfj9n3mG3edool1HbE4DqdT0hx6 +URUsq2vms5waZKMpXJvvNnenQvbzDNt82Rp2Y0D5Hw4HPZ0h5WF1dXJdwckLGEFX +0hE9yN38DR05KoZo89Gsd6lIypGW9dlkfAywb1LLkxdJ6ba6jsJfj/rmyBJIoK7u +YNNMzHAQraz7Wrb7lPgk+IXdbzdvR9e16n+5xT8hHY5WA4R6qdnZaMZ1k8RXAqvy +PZA0smAJ6fVYER7NknNU11LzObhR/IV2eDt3HcqK9l3sqWSedl9iqvO0hu7D5Ot7 +n0dIkzU415p0oux4lrbaaXSeCGHPCWLKYEr28Fq6C9xFZZeoXKhhDdOjZA8qFYvn +8kwqifGyB/jK1QYMUWKZsX1TvvrPXe+Hsrf/sk87ZbWws2vCJDJ3Vh99XfF30NYy +l5/YWrZ70S0IeRGzHGw2TqI69Xr1t2YlwtuB73p+kipFpOZuCAAcMROEBcYZQiuF +z/d5E7RFHoNCHUa/ML5BGnHa4eiAsjqUnN77BxvEAQgIJdIIzJSILrQrVwk1awcX +P7Fitvqzgb3jhMcXgcgTHMAMH8RfFrC2Bkn2bG5hlpQ3pC6Q1DbKLeb5ZypYpHLq +6HLyOnnpBhAb+fHFtZ28xstSJ6KpVHjv/SMDX7pAyG9xHneMIICfBl+atnSsyEYm +uRI+8BxzP1qGyexUYUP3ykcdk47EsQgMKBLc/k/U371Zy9t0/TZr22TQ/JLeJzw0 +QNIU7AFYcTpjB0HA66fMXNFo13aT44gQhm2Y0uyUPgh602LFMi591OwNr2q/vIuC +6Uea1ojH7WZMe7RdDRR7Rz7K6O1oRp+RBbpEC5qtiZergKSNnQJ241XAt0+FonBF +J6XFLsRaLG0VFDgxMD/lmMFc3FLy1CSqTSMAPDorjKKya4moSvm/AC9z4mIuWotP +M7kqEHeApvhRAvathlCXCQ3p0V/RitMMXwLpYXs3JkK+R5U+x71NRlbqLA4Ioe5u +kgmwuD36MFdYmlT5bzP0cPQxAPuEAfQCtmrkZiSj3gxyG/k67kHaR5avVcFTVXd+ +xmtanAAZngFvBwAiTQpjvcx1rhmfEkGN4udysPTrO5T13CtWugImjz1ovVR1ANI7 +jcnQQBkm1pwS8ypyF1Aeya5D5zj6UhE7X48l8QhQPc9KQIXNpgWFnhuoc2fy5p5p +MqEo6sd+kOBHxtMqg66Gr7bDk+Qukm+csbWGEgWUSNgAXwdeD9MkA3Tt2ZBqmdLg +BijcafofR3TadGxPTrYNKegwKtxkatb5PzmOZb/uNwpAjwuyv4ytqj7FBDqjED3Z +pHTpN27n1+PIl+MPYgj06RTTj9mQf3fF/5SiLC5B7oHvtEfRRS410XAV5JLwvzIn +0HDujwNHB5QdFWUOIp/hIrNfRQOwlWyXz6mdUu3ra9YZk9frtsZ6cnRvO4lfTIlc +-----END RSA PRIVATE KEY----- diff --git a/cpan/Net-SSLeay/t/data/verify-ca.key.pem b/cpan/Net-SSLeay/t/data/verify-ca.key.pem new file mode 100644 index 000000000000..0a418fbaf6a0 --- /dev/null +++ b/cpan/Net-SSLeay/t/data/verify-ca.key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAyfTwpdmsqv2HBPCMUBMrsNhGhJuyIoL+amSXDZWDPNmR7ylM +DWWtt2zF2qF0teK5C0xQI1mZN5XkzWb4qlP19F1nnIGKgY2Y95m16QpX6quT+auG +hL10Rp0LmNsqMqifjEyC5hk/XUzVCtzv2YDEy003pRyTUPrXMLzYDnwPEgFdaWS2 +Iles/nVjb2gGaBo3CzYeR00s2Cy31TXF9EOEs17FpwQG8oxwFKsbgykGxXPWj/w9 +DWO+UNaoBTgi8JupQmCmuzCrq85tdWwTvMjb+sBhchC22Ow6VbGXY3RI1rRm2Hjd +uc4YORZlKKPNIjD7pSEmM/0ymbej5gMMiHXwOwIDAQABAoIBAAf4DE7fCfstSdie +DUtTllPCFPZCloLaHGPiWDuG/Mi35RRE0uVsb7BfMGdyG4LZ0WdquXbLoEobNg4M +1B8UdQ4RaXc5fVejWLfcbtslN1bhMlOVuxcdyqrGo6CCdWXOVY1Zr4iY0nFCCN4G +3cf9VsaW4202dXGqlDcuHHBl4MpbBXgNbRDt9r0QHU9txIPlZr2AGuIZ9PMopfjg +cfBZsBcEjcDDXTE7sLt9+iSC3312sV9AAxiAKfsgg7HQCvjwIjFf0r3BwEJatZR+ +XEEqTsSXIevVbEcSUWMbWnirhpsJbc1rI5CVjpZe3MCOKFJQDWp9PTaeMP+EW/pw +1jZT1cECgYEA2T5r6AIJ4Qda7raNNhdE5F2gWYpr9cOX4T25SOwq8aB8Lij3pelN +lXD9AqaUGg3xp21WO2fGVFDbGAfkIyR3gOXzuowenU2OXLYsaw9KRsb4+IHwE1sx +mWAz3b+3H+72lkYKVHjosB5+83H4ZyWcj+tolxHbyKdRg+KnTkfbwHECgYEA7fxb +GFZAwybuqdQSDunjHoSEgWar2hzvzSKhoS9Vtabq1L0YqKYp3uDJ2gz9ER0PEdau +fFl2XM4KVI94Wfu/ROuR72StRy49si/pEEXj9btpUH1b0421CiXs1r3frn4DByIU +J97HylBNFkzabtl/qKcLi8gauGEjc+GemU+lEWsCgYEAuqogHeJiirC/OY4yF+A2 +meK4/TcrPKkrv6ZBpp8G50d2bFNXN4AX4eiL/dMUPq7sjWgtSC4LBDfVifh91pRm ++qKbohbz10XkpVUDJZqlv9sH4sADgR5Cp/85kbhBqXay+ryD88FQbsRFYPj07+wp +cqBb5jK6Htdl+2StTV4BPIECgYAVNPepI4aB3WZHG+7ABXeHsKdeIJgPx6RW008z +3dP1a/phGrinzqbMhZt3ItEqRTyiik7iJda2TmX9QwumeRiCO7u1aXNHdIdq6XoL +SS8XJqwrz//uyiHn1ZlVSXY1RmVerVq+csu664zy/8Y3Oop1rO0Kd7pp074lBWXs +o3xCIQKBgHUFVPodMHz++Azzsec8LupstCpfP4bmr6s7ST3qVNu8LgeDW6l55Jlq +5fEUzsaBhv00qnoS03yJLgIFPdCfl1LNslyRKGSLPBv0iVnY+k7LSqhTalt2OAxZ +/jb/IVgy7m4OBbLo+VSb1vQ089omsYqWS6v/oryzQ/ie1GeXrpTK +-----END RSA PRIVATE KEY----- diff --git a/cpan/Net-SSLeay/t/data/verify-ca.p12 b/cpan/Net-SSLeay/t/data/verify-ca.p12 new file mode 100644 index 0000000000000000000000000000000000000000..80f6a2d79a6b43ef5a4da9410ea8c8282526e975 GIT binary patch literal 2582 zcmeHJdpK0<8ecPO&1hzf>xA55L@v=Hkx<*6av2Q@Au$-t$QV)w$1G9_Z6}u;yCU12 zB3sHO+9LOMiCj`qqCyHaDcNhBz1yAh=lSdWan|>I>wDhcdtLAMzVEYOgeZZE0v>dQ@RC@Xy{;rIE+B})L`Mc! zn@+c9_#XQcBncB;7!h10dL)y}&=rG41d^bz(7v!Ru9AfrtSC*^gJE5Ctvw#n<5UC-wwy$ z>2@$Ils`vXegroTiNuIXV7!?A*Qxs}zDD|m1>u8a4M_%yHV#{cw$u%5Z(FoTtnqFu zhVbuGj!??w5;X8_5rb#Hn3DZ&(FRL!JE-%yrRIl<8sPHsK2~I?WMjwZa*HoV?E28m zPS@&eKd$ZIF9Ac*V>kO`jHDRq1-(@GbD^@@wiUgcx`LOW@TtgoV=RaPFa@qKeeJRo zL@}6E2tw-s4~wE1Rge_WI2c3^SU~`YKvEDzd3GV9;vch|M52Uqs*~(-seK4;tt=Fj zAR@dD#^WJP5LNrWj?lDYfOv{AduA#%W1k5t5S*!K8!37}+C^U9eRw;V-`8QUqJO(u zukhD+A#0DZG#{hhaH@4v!L3JSDy~$`#Z8ATjc#?!+UMx)Jg{7sd&FwV$ z-nTWpCbX9xP=jVTzqQA3gr&*qNUd3~*f8_+4*#c8{HhHp%;@RL4Le(NId}6}U-yzW zyKHx^=QjG9E#2P_ReQ^8`JISQTfbUXCRZ(K>A9qmjy!0>wVIofs2C&tsibO+yK^~{ zlx#DO8mHE2&|^o>l66U(9C72o33)4xzwbu~%7kvCbEOH30sf<<(5X|5atct+ z|C{R1rb06T2=Rp-pAtT6+YMbL@1(%gz~Gxv-FbWD3`B$ZNO3)eyV933(bDRqgWwC=;*oSt+6VHzI$Ys_XNh>2`~` zM{P#jK{HLqJK4%_210Eloc-iHqRW$V39Q}_l^-+Hvb-O+q^a+tk%MDR4KBi~iJr?x z1`X%~x3N4PFuW^d8cP@#@|e4xY9MX-!Yj``Ib^9dd))Mvle$H!ta_n{#N}SaaRR zxer;^M3?C4D#f^kaDJfbPiNl*Ws8q?6gwwO6g%3CwuB2}nEm1@F36WRN z6%!MA0p%m|Z+ofv`CDCUi(Wr$k|`E4qZAvWW_%?>CH> z9-lt5(oflSWhOO9+g67J84jH0#|~x$EMLyOEVb~+>P4X|sQS;s=24-E7LccCUc73Q ze#5LZ>e_N+!oqDD`;OHi{^Hvi4NjitOTBu;DDD}RkmC5B~#|hQJ>yC^S3sTWB z8N|4umKkBgJsJG!ILU6Sv|5GMz16uc<*9)jSG%a~)(r1Tk6WDX`Zp=>SKAGDCP!Ax z5|7q1`){e@7&8Si=E`UYkvNxS1vus_UwEN<%0%aN=r5W+yOUmCEjP9^eeE*Zs3Vl% zS$gb6PVnSAN?$uKX+^*6xI}-!Z_J`BvhlF{|QH-WWbW%U0F rrzHYnWpMyRaaFd+eaDQzIYmX`cvhTyn@|637qrg$QtsoCK$ghwi`g3S literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/verify-cert.cert.der b/cpan/Net-SSLeay/t/data/verify-cert.cert.der new file mode 100644 index 0000000000000000000000000000000000000000..3111bd773b19e81afff21db8c3ca917065a15183 GIT binary patch literal 1032 zcmXqLVqr08VtTiLnTe5!iILHOn~hVe&7tSP2v4=HUuSEiO?AF3l`SHIy(A1F2-@;SWnK%1p~lPAtjH&r@)A zG>{YLH8LAh^JfJ&^i*tbP)Jv^M z%q_@CHPkZDfP0aXQA`@7R1c`u0aL9(6Qhy=FI+VvBP#=Q6C*zZP@IdYiII_E2XAfm zA;uri!V;yNQr_<4b|@(= z#Vq(_TI->(TMlh;Dcd`9V_1FuX18~*+S>VXJM*Vs_g{P|%9>Hn_N{cAw$0vY0ip5c z(-<DLEX@R$fC)pPZDoE!vT+!yg`TN+s zW`S^N_sCYCNd`ZrXKg+1)#LqDeP3jblkStxWjf~CtkbO)x<1MKyZ`VN#aTs+p;f;n zUK|ds{rSMn>-vTHikp|e-@eFL%yH8U)iZxt&sSXIY>s=rCT@B0ERmBH=i`{qOEsLk za9{9YJrgq{1LNYx4F-*C4fue8FU!x!_@9M^nTd6Qfh>rx$|7bU!p5P^#>mRb&ddmB zF+rsHSj1RFa##$wJO5ry+cfbcW8%uD7oHzIPkvtQH?`-Pwd%9Eo>8$YdhfMj>>Z=PMuQ;Zyyi~cc?$c(YTs;N-C?^>? z-u?*-jkg|+(07?_Vl>yIk@2&6n!Uk-#e4foCG#db*Q-=s{nW*?bJpiZq1STzG_9vM zYI4{xIa`OleN@!`T$t%&S6a{h+sEb2_NhhQsrbC&^!$`~wR7vmR9E`1UvKbWZMvUt z^fK+Re{Tg8B_&UvHRyQ}D1Wjkr?;ui`1{JgmwrgNCOw=~U#C{`eNi;)^x2AHmuF0k kkX~WC&hfv2y?WW}S@w-lgz>% literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/verify-cert.cert.dump b/cpan/Net-SSLeay/t/data/verify-cert.cert.dump new file mode 100644 index 000000000000..84aa265ed48f --- /dev/null +++ b/cpan/Net-SSLeay/t/data/verify-cert.cert.dump @@ -0,0 +1,183 @@ + +# exported via command: perl examples/x509_cert_details.pl -dump -pem t/data/verify-cert.cert.pem > t/data/verify-cert.cert.pem_dump +# hashref dumped via Data::Dump +{ + cdp => [], + certificate_type => 305, + digest_sha1 => { + pubkey => pack("H*","6c04300b89fdd566b291c90161a982e849f149c8"), + x509 => pack("H*","b01e01d619bcec62ef10ccb75460bb0cc6b2bce0"), + }, + extensions => { + count => 5, + entries => [ + { + critical => 1, + data => "Digital Signature, Key Encipherment", + ln => "X509v3 Key Usage", + nid => 83, + oid => "2.5.29.15", + sn => "keyUsage", + }, + { + critical => 0, + data => "TLS Web Server Authentication, TLS Web Client Authentication", + ln => "X509v3 Extended Key Usage", + nid => 126, + oid => "2.5.29.37", + sn => "extendedKeyUsage", + }, + { + critical => 0, + data => "6C:04:30:0B:89:FD:D5:66:B2:91:C9:01:61:A9:82:E8:49:F1:49:C8", + ln => "X509v3 Subject Key Identifier", + nid => 82, + oid => "2.5.29.14", + sn => "subjectKeyIdentifier", + }, + { + critical => 0, + data => "Policy: 1.2.3.4.5", + ln => "X509v3 Certificate Policies", + nid => 89, + oid => "2.5.29.32", + sn => "certificatePolicies", + }, + { + critical => 0, + data => "email:john.doe\@net-ssleay.example, DNS:*.johndoe.net-ssleay.example, IP Address:192.168.0.3", + ln => "X509v3 Subject Alternative Name", + nid => 85, + oid => "2.5.29.17", + sn => "subjectAltName", + }, + ], + }, + extkeyusage => { + ln => [ + "TLS Web Server Authentication", + "TLS Web Client Authentication", + ], + nid => [129, 130], + oid => ["1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2"], + sn => ["serverAuth", "clientAuth"], + }, + fingerprint => { + md5 => "3F:EE:91:43:6F:20:61:62:C6:AD:26:E9:ED:BF:F3:25", + sha1 => "B0:1E:01:D6:19:BC:EC:62:EF:10:CC:B7:54:60:BB:0C:C6:B2:BC:E0", + }, + hash => { + issuer => { dec => 1524484324, hex => "5ADDC8E4" }, + issuer_and_serial => { dec => 3016836270, hex => "B3D144AE" }, + subject => { dec => 1528789409, hex => "5B1F79A1" }, + }, + issuer => { + count => 4, + entries => [ + { + data => "PL", + data_utf8_decoded => "PL", + ln => "countryName", + nid => 14, + oid => "2.5.4.6", + sn => "C", + }, + { + data => "Net-SSLeay", + data_utf8_decoded => "Net-SSLeay", + ln => "organizationName", + nid => 17, + oid => "2.5.4.10", + sn => "O", + }, + { + data => "Test Suite", + data_utf8_decoded => "Test Suite", + ln => "organizationalUnitName", + nid => 18, + oid => "2.5.4.11", + sn => "OU", + }, + { + data => "Verification CA", + data_utf8_decoded => "Verification CA", + ln => "commonName", + nid => 13, + oid => "2.5.4.3", + sn => "CN", + }, + ], + oneline => "/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Verification CA", + print_rfc2253 => "CN=Verification CA,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8 => "CN=Verification CA,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8_decoded => "CN=Verification CA,OU=Test Suite,O=Net-SSLeay,C=PL", + }, + keyusage => ["digitalSignature", "keyEncipherment"], + not_after => "2038-01-01T00:00:00Z", + not_before => "2020-01-01T00:00:00Z", + ns_cert_type => [], + pubkey_alg => "rsaEncryption", + pubkey_bits => 2048, + pubkey_id => 6, + pubkey_size => 256, + serial => { dec => 1, hex => "01", long => 1 }, + signature_alg => "sha256WithRSAEncryption", + subject => { + altnames => [ + 1, + "john.doe\@net-ssleay.example", + 2, + "*.johndoe.net-ssleay.example", + 7, + "\xC0\xA8\0\3", + ], + count => 5, + entries => [ + { + data => "PL", + data_utf8_decoded => "PL", + ln => "countryName", + nid => 14, + oid => "2.5.4.6", + sn => "C", + }, + { + data => "Net-SSLeay", + data_utf8_decoded => "Net-SSLeay", + ln => "organizationName", + nid => 17, + oid => "2.5.4.10", + sn => "O", + }, + { + data => "Test Suite", + data_utf8_decoded => "Test Suite", + ln => "organizationalUnitName", + nid => 18, + oid => "2.5.4.11", + sn => "OU", + }, + { + data => "*.johndoe.net-ssleay.example", + data_utf8_decoded => "*.johndoe.net-ssleay.example", + ln => "commonName", + nid => 13, + oid => "2.5.4.3", + sn => "CN", + }, + { + data => "john.doe\@net-ssleay.example", + data_utf8_decoded => "john.doe\@net-ssleay.example", + ln => "emailAddress", + nid => 48, + oid => "1.2.840.113549.1.9.1", + sn => "emailAddress", + }, + ], + oneline => "/C=PL/O=Net-SSLeay/OU=Test Suite/CN=*.johndoe.net-ssleay.example/emailAddress=john.doe\@net-ssleay.example", + print_rfc2253 => "emailAddress=john.doe\@net-ssleay.example,CN=*.johndoe.net-ssleay.example,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8 => "emailAddress=john.doe\@net-ssleay.example,CN=*.johndoe.net-ssleay.example,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8_decoded => "emailAddress=john.doe\@net-ssleay.example,CN=*.johndoe.net-ssleay.example,OU=Test Suite,O=Net-SSLeay,C=PL", + }, + version => 2, +} diff --git a/cpan/Net-SSLeay/t/data/verify-cert.cert.pem b/cpan/Net-SSLeay/t/data/verify-cert.cert.pem new file mode 100644 index 000000000000..080b6972f42a --- /dev/null +++ b/cpan/Net-SSLeay/t/data/verify-cert.cert.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEBDCCAu6gAwIBAgIBATALBgkqhkiG9w0BAQswUTELMAkGA1UEBhMCUEwxEzAR +BgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsMClRlc3QgU3VpdGUxGDAWBgNVBAMM +D1ZlcmlmaWNhdGlvbiBDQTAeFw0yMDAxMDEwMDAwMDBaFw0zODAxMDEwMDAwMDBa +MIGKMQswCQYDVQQGEwJQTDETMBEGA1UECgwKTmV0LVNTTGVheTETMBEGA1UECwwK +VGVzdCBTdWl0ZTElMCMGA1UEAwwcKi5qb2huZG9lLm5ldC1zc2xlYXkuZXhhbXBs +ZTEqMCgGCSqGSIb3DQEJARYbam9obi5kb2VAbmV0LXNzbGVheS5leGFtcGxlMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuA19a8IB+OZWYRpCZO+4c3UI +fkrTAD/XjUyFs6deHRkIGGISAGDLeSJFenbIVYT5n4GWwmJmZDZTyWaFwlbaQIZe +ZLeJbVwFTP1rh4uqtYnxtwPy+t/o9HJqmH8G9nW2Kzy9llBVXzeWAGm23Fcwad98 +wyh0y4fwiJPbOZn5xHD9B1w0NtXLEO0xyQejESAbbIDUKw/Z+8aegxBXG0dZhUyS +MPiXarXHSoxL9Se+WWxCLeTzdiw3KwWXOqFF5G79v8PUIZpyAVV6+xjow1V9+eBG +StfQnyGzp++3ojMWQbKYJcz9Bc941gmDXuesXqdzmhTJeM9eA88agM7Q3xHhfwID +AQABo4GwMIGtMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI +KwYBBQUHAwIwHQYDVR0OBBYEFGwEMAuJ/dVmspHJAWGpguhJ8UnIMBEGA1UdIAQK +MAgwBgYEKgMEBTBKBgNVHREEQzBBgRtqb2huLmRvZUBuZXQtc3NsZWF5LmV4YW1w +bGWCHCouam9obmRvZS5uZXQtc3NsZWF5LmV4YW1wbGWHBMCoAAMwCwYJKoZIhvcN +AQELA4IBAQBlkfUelR35jj9bN9kdFE0fsYNTS/edfVEXUrsr1UclG/gH2jvusGPc +sopO5bkn5ZpXZ+ECbxsnq3HjqMYrI6UjcX7yszJtLiAvWkIcHg2PkKEztcVYL0Sb +NDKdSIEB8zdmPzCgo72OdRluk0N/JHnV8ooMuZrzgRLrHr4pO5eBKQg8AkM7Vu3i +cofnEwLximaMv9vHHza+JlncePOoy59kXybOrxYlqU+vrzDgrWdOTVumK1b+7RAh +GRnLzTCM6FEfyYJsjYKGM/ep/dL4GEVi4ZJ/fiZ096JbBZebIRbTmJVYG6g9rkH/ +MD8nduuaP4FacbSItkJnJKFrdB6GWLpq +-----END CERTIFICATE----- diff --git a/cpan/Net-SSLeay/t/data/verify-cert.certchain.der b/cpan/Net-SSLeay/t/data/verify-cert.certchain.der new file mode 100644 index 0000000000000000000000000000000000000000..c0d61ee529c7499a93bf8729c5a2d20ea94ca45d GIT binary patch literal 2753 zcmchYc|4T+9>+biS;izw6DE5Lrg&^wJF;dOdnhs;%#1L|7@`xIv5aDrq_G^;q_P(# zTb7Cxmzh+EkV6Znk}X-fa!1|Ut6t~4&bjxz?!C|R$MbxD&*$~~{+{pm`~H4GIt&KV zA@43iApisd03Z?}te$L>ynq4#BZ=+6-~v!OASS?H7lF_LK%fp48{7gczVh&uH788fMMMh4**z98 zeZs^gaSHKrGD6aR5&}PV#wc4IjcRvKT)IFz*WyPa>~!lOCAD}w-JOgl)Sd`A0LQHa zGg3>cPt4RpXO~AN-cy3Ik0U-r)?iJV&N;gu)ITQ>STp1a296wSRi$<^rc*Kp4Re<6 z9$pbVpu4lTbN!@NhhTxYB8D8_gB2V2c<+3|dQZ%r{Ykhp;36xi`o3M7{rtA({bchU zFXp1Q>to?8BevCx(3M-QJxaM0!2Re)>4{eN*ri{r?VfaBP~sF$)n3v;n^k3R=~{t5 zi0%_kz>k;V3nOx+I-(!op$}x^dEF!8qsJjoKmaJ9Re-c|a2-GRa$*3m3WGr*@Qa|_ zn!N>v2Bi=}SOfrv3qpafZ;&sa*TK**DKZR1o>=K6Rb_MlzQyzj+Zo&T&xIzZ2onK? zKm-D&4u!!%yR{9)VHThn?T?a1|HJe%V7H3|px;$FKc#>GF=JjnOKvIM)LVZ*PRc={ zGQrJ$AwSk-qiX}Uch45gqTo~GcNP9aRVN)^)^B^6>lrW#3BznF4S!yA536!TB|L7H zqaC85sOe?CNgj3TG+U>-ZJ(xPp00Mj4GoynCz*m53!2g+WkNG8j&F|Xojoa9pF2mB zcq8AeX3V0g37J4Fj6EjDD2#DQ$jnJn+O5I+3Ok#(?jMStE9$&JIJlK}9lfR4>H2l> zm+}Bd2k)y`k57~9m1JZ(xnSCai$VvT%%mslEEKOiT9mf(8$EM8ZYy=+k~f@{r-Xi- zowW~BwCkGLDrmYb>P@aG%`5yyN{xBIW_B=DK6&5GAdn6v@%w=DKl{M<5dv-hDwFF! zmj%BM2)c%aQU4wO{|7DS&nWJAKYeAOtYn1&n@)3<#8&iMC+1Zt(?10fSg5Q7lYxvW zH5`gqUQ2F!%BEJ2)gy7vD*JQvvtDpXizROJ?|lM(rk$iQvlnuze--h3U7ER6nw;1~ zwa!Oo52|YyT}Z>xU&)yI;Ce-drUv5gb~@-^*_7$L`~+<5Uw2GQ0`LhW)F^wFeTwuC zJA^nStB>3%zsF&F|MuEmy|(uji5z@eAq+8_c37$ulc0uZi|9M`_gyIeX6L>lxPkI? zUa|R)R~x|6QeH?TS+cQxaQU_`WqnQmTO;>MmOs^|?*^$qdbpk^ZHOkS7I2lpk5`no z>a1wz)E2ygil#(P8-JnL9d!GiVE_S&tsy75#xxv+@*m$&t28+mQFdmMk|-kK!gP{7 zigu;Le~;R4=gDW%;-!p3-;OiSx|)OpK;M?NJ-s?R_&3ysPCq>;o7aw0(Y;fteWfK{ z(AsM_{h%Q?T-my*p!rFOio3G<`^|oqhRyAhxEyVxeap3ZDGvBX)g5jfctY1GPcxiD z=DLwM{0OsKyY!!isE4#OIUD2~-d;8!jGz}QWYPkoC(31vTJtFP*&(0ok=yp_x!j~S z`kKu@^n_L7H(~vg;?p;*mXu&BB`v+@RWj(0n&7SGyO7F&q3(EcrP}>>IWMJHW|Xaz zYNtLggRXh&qBx9*LT}P0TTWt060E-~RD3#fhj@rE-6nQ?WB_F7{&3su)w(60{MB-r z#em&2Tc>tDY4&{5^nQQh{vS#EFS`0O!Y(JxJ`$>N8yPCG=h_HOWO=NNeAG7 zX<6Zo2O8dKY!o--o!5-m`6P2{1VcJ~J>9O`+m)}4y9heup5#CD{VZI~Jz zOPyRr@e2Dss%eIIX8Fci1l`NtqhwjPq8az@l!dDi)ASjP1J0qR#E0?SKHYaeoGl!+ z#_iRe;IXbPS4}LsT|UBbR?L)89XG$_!b`dndegKHZT_;L!;owM+Z)%|rjxorFsNwM zAcvz_Gb26mCMIuH4P7Ve>J~A|*w6w~zaKt+u+2C)HksZMd0IF%xjouxe$=6$s?>CN zFn`Lxk*!mL>n_!hy6I!0O*wy-!4~{Nm^rxnKOwA<$M7+dYB|<0C!p8-DBxTi2Oj*} z!R6z~ka3bsvOn=)jBe8>YaBjv*NdwVWaTaLIDNRBD)FMucr3i++8x~MH~Qt0SmRqw zXan_NY58k_^!Zxvp2>b=O3?7+%S+_j+>3<=OdccIXLy6XsmqvqP6|C@cDkqP;{uyl zg51|rF-&W(40seFQ%$xwIJQ(X)p6F?EP05Oz|3*cyK}QXf*Pwy${lPtQ91iS!0!3= znBt!YtrA&18msK9#QPqW%h4YKE=@@FzegwhTMJeLw~W6J(;Z&XI%NNAT} zZL7GjU*+Y?({evaU7JuYxTX6H*1DHrarPlmEzeLZB{t8s`)Xz&YyS;N{77g5umhKjYZibdlNr}V% ztb6XcYuyj;diV2t_Pams^*&%Y2^~5b1{hAfjsMQc%-sILmK5V0sWT%xj&1B7Qb3j4n7mBCuGi$ha&}b!+Qb*RGFDYEi%h=l?!Rqe zoTob^rt=tIY%N+$p54mP)~@>_B=CZ0Qrq|H;mfyr-=d66YJp$%H6H{M*%~g@^M8sr zrDq_#-{b~mwh?l%PSx;?QO6ZajYX#~i84*wW0Na*2DmFhT8Jk~sYT!QtjL$Z7&Az+ zV^K*FMj_#9bl+0pc~*+zoa^T+)JcIHlCaK$SqiBQ{Eg>^l%%rip}*cyiZ@+;F+;TI zW`jgDf+(gIP?wn%aTV4HJ6Ur*?T5+L1*R65HC$^wp&vug$5#tA)z&ho#+DCz z(;EtEwCQc+bnH>F{cPl5ck#~CI+6A7&1|Gz+2JvS(;hlPL`H`hMdctKdmb-8@bsY? zWqLHUzF;cI;gRgOMBWe|as1n4Vux^)Ia17gkyi6K5u}7G6>UUO(d%Ah=?~iysQ3V7 ziVEhE^}TT05ATqW4_p`70UUBX-46+CXH}_uc&_Ycf@Gdup*0wqc;g z$&S{tJMQuqZEUsN^D^|{YxH(jwYrHpcPNlKt}2VOtfW!fifHAY(J69zA}GR^llQjI z*j9q{2oFZp|3hSSZnQ8DzpqjBtMR-JW6Y84IWgD2FxryF@_{y~)9MEW)_e>?(WvTyiAu&d*?A?AE#~jp%`lj6z zKj{meo3+kB{>hiJ7TMD3xLkiVNk_AOp*gTrZ-)Ebcl&e2V40hYEii8P%~ z{h=?pV$XG?(nYQ$;bKZ>AAFb{SbglO?%~>)%awlrDdzj-X|zY2VSo3*YZf2&)Ibk4 z*yVsTv7xAK0jp@A?x8Mr3>Atnw@>I(dA+b&l>g^d+yzW3vJ+$Aybw@9-zfT7MzCtU zDH}BNqJK*n!Bua&7g>NR@vK=)Tk88Jorx1nQcViO2pEMro}8dHSI{DTp9n0vH5CK5SBdtjCcLi8_@& z!!^qkn0%YNK?!2@m^rE4S^+DF9K;50XZg`1#q{GfrU_UA^7~2`@tn)?s?1#bJZPbT zxZjAIWPLyXF-xBD5RHO1{PKbE8~b$f*NWL|HOQf-#^yXUeZcXF*gpUDE02P4m+GR> zu(s4SYe%3c3K`Z<6$3lHIQhjYdtcZT?%1sBa+}lRDwLhr+aQ;_vp?@Ax7Z8SkSK2N);>loRNjlD+B}N6N0$!kp}G z)Tt8dEFQvTV(rsI*dQ2E@66aQN7`;cZw`zP_*%(4r9EH~AAR#e z9&c|ir>kT9P>!0TRwLlu$sL|uGKa0(?u*2Bi=BBJv-4=)`Eqyj8&)ZYN{n|ONbcSd zvOS;`CbkXnQ|V@zLKCi2bE*_fIfY6)M`SNfcb8|dfK*pwzW`7{3ib6}ed1^d^t<{H z!Pzs+iD-*H%Hl#@$0B%rbLWDTG#>PrOFak0(s!9@G(+tNVL}LJB&kN`SBz#R_*Sdh zb5?)1c&P6Y>V%$) zHTG^;0`&+rOV(}Mzd$?Yiv?0YC<2Tzl4nXJf?8$P0(B3>(kticQ`c~In(NHuXm(@+ zA|2w>xC11?{z&IJf}bj9Hv>Tq{xOZsWjE!i_SmWv<=D?d(4s8j_2wl!uLKZT8D4=H zaNttnGwyJKA(a%6(Qgz-N>c87n8xHvdraTaSxWW{I1(e_V+3Ukj~#Ix z3W%Ii?;IlnnNyUAG3BRhlwiA50x|MxvukH-K>AS~9p`aTgooUQiJVm5CMSR?P_{ zNKxEMxRzwLGf(NrOJb6I&tgz$okIk_BQI>~LhTno>w}oWr7Y^;< z%`oZoyJlG}BBr3TWcRs}I&IZvD{x>|u287wIVjoiG*i~iZ90Fi&`iGlpe#9d<5>8} zSO(0bvNzkRasYNXiAs@X$>HnO5y^Qm97_i47WFx(BCa6O)rwdiY1pWr_H^mX@{<{} z1HA+(6P<=`TQv^(=&(Yiop7X06;7&YBlbhi{=lyh+XK<747Y}WPSuJWea_IJhg=O^ zbH`q_z!zP)gUg?k>!+R<(mKRQaU(2v~+>3ub-(aa0 z{gGC0Gp6x1^9Omf<)85W_GLPinFSrPLG`+?>#ub1u5KzbFm+9n$_i2Cr5l=#`JD$N z(p#IHD|i%c;^CzEnq$!ynbWlQh`X_r)?pre!zZmn2>vQ6uw;I&g_iQWtm}g!Oj#xx z4=U~vzEwVeU!X_VV-Ud1|35(h0mn=N!ZG6>@t4OFfra;!!7&n3w=Gzx4)J zgWBHC`o|X4@Z<6{I63iwqsupLttX9$u-dVv>v+$&BbkwHxF+K_SE| z{tRb9gSxR;{X2$rgiMik9o}oG*hy0hS&}=bK@u|*&D87ANJ9I`oBErxd_P|Ym6VzR zs!^%Hg!T3+TL(tH*+@QjCBr0Jg1WT=SDR}if*H0b-ujZq&&Gbj?bt4MAEyB6?gHI}ZYGb{xDD4A+KaK%Ut4U8_)!5usJie5kcY%wRL zEQ(4~n%)d7ETDJNV_Ic4Af}z`a(?WoA-imx>#8K=ZZ9ZURG&wXWUvu~G{bX>KhgO& z(7tCsQ>4yxx$UM=(>RRnpDF%B&M=SCD*S^2nD9Y{m!HL_+M%#a=L( zi47Jy^*p0CKD zyrF!U!>#mP+m7Ss@y~)AwKn*+Ht~4l`m4-TL6-tv3xmDtwKOQ3a~vzouog42YUFqA zNw+K$l+l}=fcgvvgKegRbX^x^W!e{$uYw6*k5BTUNPYs_338f1vN%<5-80Ez0q zL^<4g4XPa;{v2JKUiP9R3OTLD|58cgCrUxz&Uk9Kd?Xd_fn{k1#1}1^Yd@9$Zgmte zu*m<(KAMP(dyVF~zL@b|caT<^&fKm(!#y*5lZp9>pJ_^x>!Qfo_<_8n?Q#A2PnyL{h76t*huvYmoo@cB#JcwJ;FYDq+DIO{_HkBXrNy&1 z6lE6S+3ZIBRKs|bc(2e*EbPtM(ccX+C6! z-+XYsObI*~XyWc`bDoC_NuSJhdB)kZe>ogVqhrJ;szyNb>)8jk^EENYtr57a;7iIC z2BRaHyZNVGthz0_G*B%xHr36=slk+&1%zeE#oroNqA-wV-|rHOc^JABoH$Lgi(%wD zP6pF?T^`DoSzfR5sF>atJ=e=wMR@VaSa;;K%VPRmF|6PwD za$X7`StUK%G@~ literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/verify-cert.certchain.p12 b/cpan/Net-SSLeay/t/data/verify-cert.certchain.p12 new file mode 100644 index 0000000000000000000000000000000000000000..63c2c872c4808a6c4bca8911f5bb19d6ed27e40e GIT binary patch literal 4547 zcmeHLXH-<#mabcgP#_ec$WbKX53T6_5M?nhm5gPM*D>_;LkxN1HLm)Sr z_IHp52la)dLsF2`5RL>X@ReKy9Du_C0K|On6~KVT(io5ijW9=|nc+rwX=V_+Z_v`w z8W2blrlxp;eb65uhK|;Z;7j5+^>ZZ=q}f5-ek6j9!Gb_^b#`^MC%Jli@oQ;-ylnI` zASexezFk&q^sFnNeHy}yx>8Q z76V1T|3n%9$F(0S3B{`aeJn@;1VQ@m(ExygAt(R?48m#Q6aaudpbv3>4D8HX*mG(+ ztv>MeqYgdw9Hus!h>xr(vgP5RW_MtMo$Cz})Cuo$WH!`!B&}dei@if;cK&IZx-c*IrB8kU$m@Fc1FBzSw3S@@Yo*)abx1ftsS# zx}Rln8r2zxpX{NY29D5#+b)#Z7Wrne^aMV&MLgvU>mQiL&R&Ki02q)@t^~>D-~njy zc^ClTD-wx-qjEu>efuyH2eP24#nAu?MTG#qKf!-aFW_f7@t0{771m8bqU!VhAJ(Jhk5;7O4elkpEfIDE~D5(a1-|FvJhL97-twBP4I} zrty4AQnOYV=V8(3s|q(gy`2+c%x2OcK78UZ*ACT$%1WiB?n48~}9IVZGCcJUo;7CQSPaI?7g zmXn=Oe+BOF9m9$WaHibFK;ODh+~UhJqW}j-Zy%VjXw26`@kpdZ$!_1-d$z-_<1m|Y zIaG+W{j)VHJzD_xJR|K4SMjmC8ec&*VgL78YGf;)+L-&AE{F2mNxV^K9=b`B6CnEh zp*1wD(okY5d4Um*#wCYU#wT@V=Njlbs~cxP!hZy@NT1=gfce7+Fe1zq<_rshNx&Sx zStOV;j34F)^MWid2qQwi3osI7Il+!VouAn;f16i+#uW;(lDdnHSEXif_ne1o-lsf(vXHxnRt7X{xjP3KOmR?N`ZPltlb_j zE7^-it|b^Ti&u{6Mr2nDQogu3rPHT{tBxnHisI=B<#iq%6M3Y2bM+X!(ZREs3TdzV zoOeo0w?5do+#tu16En6m@4cn9d{>(KsWd90iKLr@$(R(ADZZ6}r_6Jx+2Dt1U#yOY zwfE{P+~!U-+8qTO#|~U#U;=Dho$d=-mVNPa^gfS1bp%6mfp$k>s(Vfl^^S`jt2 z9Ysj=M#2S_Qm$}ObcgTAm0yq1J2o4Q6r&Uc*Rt zk1Z*iSEW0WPL9+%j|EQE_p>YE2qO7?g5c-d0z$HTGMRPx^9Z^azcrQL6v!Mj{ZW4a zG{~?o7tH&5gaQ%J*Pj$eV0qKGEM=J(LCa*EXvi6iGohgVk>dRMEc~VtVJs?MOACqD zOjJEx5KCnp6NMX-ztFSxI>;mP`n&N55kzq-!UrS23 zs+hH{w+<##o;9J`G>>5f0VTPGs4CH}mCQFR=^8{K;yuF=E5#>Uy2YVfw0y&n+XL|($?}5-J6wX|UioSc$3K76OSYR^PI~Njl_ox_JJ4`zRzJVGRBdW9 zXI0T4PqqXp16DHsM%;kD$4a)uR zPiPy1XbwZ>$kVY;=O`yfI8}Vs+pYTe+;psIpC?U~lbBvVP?_^7x!a0=_g2RIhvRp-It}@T7*5GusSkB+ zN~h|3w;GhFYn6=hcS;rIyyG5HDiv?Ap`sD>!Z|!K(^$UsVZARYM9Mj9vLUu=<0&29V1A3-OJti_wAQsjf@rpqbWBLL$v|PMYx>z*X4{KbwfpF{ zDnSbB()Y7>|78H>iKL)hA(#N&_J5}3es$jpRrXDA0QQ&q6{`7*AWuHz`Tq*`j|vuA z379#l6DIDfxI1{4qSluF(k|_|jlNJKFPjzbe6m?-%pRW==lsL~F4lQiK11si$55+O zxde8PDI<8PLMCX!wEp?q@~>0BNK)5Qr5H4_Mt$&!lg4u32Y-d=NQP@4B7;Vm!8)j+maUwm*l#4W|R4Df}-yEMKnjsz<#~WKfs& z%~U!ZoI?MsWU{wiTAp(-@&bzJL+#SkxFnM0e2)7Jn{MC8(*=h(w@bNiq6AR8(<7CD zV~V#S%fh8;S*}`3+9B8#bIPXBP=rW_Sigz7=zDn5+<6lF<%l`2A=hI;uTq!}4bn=G zf{R>R;p8y>%jf-GuP)zs%PMg9Y9+~Mp=6Gw3*p+E5R2q}H zdPBc}PJ8TE97?pde5<|@;aBF_T^urS(-m|QE#x0`v``%k(QN#sg;^TN3tnV5Vu|j* ztso_xrhUH@EyUlKRZkxlGuT8d^Q*p~i@?^hHO$yRQwYfJiB=^(qneYbPpwcRztpW- z$;b;m)EaexLwa4hTgL7#vbaZ(7k*3GN2p#e z$H4~N{Ve*r>_8^YE$)#Wxls6I*oDk7g3c(Xfn96s-273})Tq1AT2n{(t8mTQbB>dW zoWd^jj?gNQVdSP?hi+0!3xr=5pXqPL(P;U$ywvx5VmVT>Qkx&Ip8L#k45lB?b2zxF zNAJT=q>Ge9ZEcNlt)(o*J9P$V7?5f5!b^dnJ(o1)x7eP~ry=a848q l$-=3B!!50oO>KN2Lg0p?;^Fd3Ezu1Q_DM~wgb8x< zaD}86mna06W|pKHsv0PRR5J6(Xz69;XXK^ir|RVa^%NK90QKmlRwU*Y4b|@(=#Vq(_ zTI->(TMlh;Dcd`9V_1FuX18~*+S>VXJM*Vs_g{P|%9>Hn_N{cAw$0vY0ip5c(-<DLEX@R$fC)pPZDoE!vT+!yg`TN+sW`S^N z_sCYCNd`ZrXKg+1)#LqDeP3jblkStxWjf~CtkbO)x<1MKyZ`VN#aTs+p;f;nUK|ds z{rSMn>-vTHikp|e-@eFL%yH8U)iZxt&sSXIY>s=rCT@B0ERmBH=i`{qOEsLka9{9Y zJrgq{1LFb)18zhZaRWn$kzwh^JBOIs*A_CLiT-}$=KYhqE(C`7{=YrN#3y4>+Chl` z!=n>EG|00&by{us;hQwuw3a_-16c0wJonw@-K3cj;b&D?w&i;^yylF%Eyw!ZSmxzb zV?#gZJ1+u`1{d)>J##A~W2%d>!}nc}8^va7tDX-(x@K3yt*JA*1lGlxpI>lH?2lBj z^O0@F*5`iqd}r0;;lI}MTdHjUbLE~}wReV>)!K_M+*s}wvA<;qJbSTw#iaQnP-*fs#R#yIl; literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/verify-cert.csr.pem b/cpan/Net-SSLeay/t/data/verify-cert.csr.pem new file mode 100644 index 000000000000..297287bc7361 --- /dev/null +++ b/cpan/Net-SSLeay/t/data/verify-cert.csr.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICzjCCAbgCAQAwgYoxCzAJBgNVBAYTAlBMMRMwEQYDVQQKDApOZXQtU1NMZWF5 +MRMwEQYDVQQLDApUZXN0IFN1aXRlMSUwIwYDVQQDDBwqLmpvaG5kb2UubmV0LXNz +bGVheS5leGFtcGxlMSowKAYJKoZIhvcNAQkBFhtqb2huLmRvZUBuZXQtc3NsZWF5 +LmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4DX1rwgH4 +5lZhGkJk77hzdQh+StMAP9eNTIWzp14dGQgYYhIAYMt5IkV6dshVhPmfgZbCYmZk +NlPJZoXCVtpAhl5kt4ltXAVM/WuHi6q1ifG3A/L63+j0cmqYfwb2dbYrPL2WUFVf +N5YAabbcVzBp33zDKHTLh/CIk9s5mfnEcP0HXDQ21csQ7THJB6MRIBtsgNQrD9n7 +xp6DEFcbR1mFTJIw+JdqtcdKjEv1J75ZbEIt5PN2LDcrBZc6oUXkbv2/w9QhmnIB +VXr7GOjDVX354EZK19CfIbOn77eiMxZBspglzP0Fz3jWCYNe56xep3OaFMl4z14D +zxqAztDfEeF/AgMBAAGgADALBgkqhkiG9w0BAQsDggEBAKWx3MICh61xA8xb99jZ +38m60FFUTf/blDRMaKJmwRhQMcWQ8IAfBOVCqzHw9hsGloT8zVAE37nO90TukplY +V80kBLZvSYDrCV7bHgX3Mxzp1TMxTkPc6FDFU3IM5czaaGiVRDNA97rjgRaZKyXP +V8WsuoDalZiKEK5dN8+gxhb8GnNDxLYzO875jPcFLgwP1oTnFthQSbK967Iv5N/9 +pamQkztikb4LhhLjzUQk13ieCdqBipOqxcTMG+xlSkXy8a2AfnYUzwptzqq9mEo6 +rdHoRgTdcgftAFHN0YuY5r4MDUHDRNMoRvQH3FV4327I6ESMDufzrx80/tsQ289D +VrY= +-----END CERTIFICATE REQUEST----- diff --git a/cpan/Net-SSLeay/t/data/verify-cert.enc.p12 b/cpan/Net-SSLeay/t/data/verify-cert.enc.p12 new file mode 100644 index 0000000000000000000000000000000000000000..ec0fc8dc776318ceca9eaf03fc0934881a41501b GIT binary patch literal 2847 zcmZXUbyySZ8i%(rMwe{j2t{IqphIAQsKf*bB_u`Zme>gCav&igFc1)x(Mm|kh*5$} zKwyL)NP{C(Lc&RkXMWc?=R4PR{&?T(`Q13AtH$b{M4Y+FS$1};)npUkG zZuO}$gtL$u2rC;P>JcckfYEGGFK0}p2y8U9!$9%ZfufoPngvB8r8m?I zc=?{EFU+ZxEexgd-|fab&~%RU7}-u_NuNll!Z{O$a;TDGmjn(d@LJSDeBkrEFOlW1 zmnP#cw6Cu-Yf^k7_xB+R|5a&+&h~HC?7HT%D!; zpw=K=GUq@6*TaTPzA#;cnerOcx6NhXqG2lPC)S=xFC(!Rrk4G(UzY&KcMe-%o(PeN zCtcL3Lzxo-p@RU5huR0t)vK8@4JIkh<~*;QRBob0PU$n*7Rs8dW!~P7M(zeor35ER zzq{F~cvu3}d~mTV(d0#tY@YS<7>^vCYW~J z;M;}6cjUy_7#?_^ME>;MiAcSQc$tfro7-lz!eA7v5jgM~F#SsZZ7_J)UU?l@sq) zz!E-T78h%@w8oS4rX|{5jlvE4N~^yoT)h*9N6aG{!OppEf6?*@k>`9L(`*lS7VAyz zua$Ag*$X~T8aSVlN{kw?wYRrZv1Q)UgWye09L< zXEQ9S$34oW4?BI$Uo8uFh)R%rn8u!~Zqtn4ykYf#%C{r#jTG;hZb>l#P6-B)6JmJw z;)GpbiCfo?+=9%Bi+r>ntp>gNYEAZj@)^V%)J}Q?>VrqJptm)tMYh% zei_u~nn=WcAg%wYxLp|luY97gke?`xaO68$w;T$87i3(tm;mII29^vWC zKP||sTq-{Ut)fQiAMo8E@6S3^%oNvo-$g%KiujVXM}}B%^7r>NYE|a|u&FyJC>zl* zxf|-dQv7_nFW&VT7@sdf?9piJ{m}ndK#X#7VA!v0^1V+DMNjHxSU zOv%if{)sIc-;oW9$^n|$JBNm>_NY5?BjolCx$s`)`i5BxX2nxp9&FZJUbhmClkF^H zlV5m0K09mR{|4(Bb2lfqF=>sr0Q1%irapW|piO(JQ&@(}pne_4H<^(pQ({wDSCI`| zFmEp^RIYx#s)_pbvog?gNELH`uXH}6`$2wd4|BnFaYJ3L9 zF=o?o2K}W%*#4tKRv?Ig18>lU`R)HLc~CzeHc(7$_+v>h4&3AUKBB|Kv|bkteYt*Q z*wVKadGx3xlOt%uixF?usC~s~pDO~SXgte)l3TP%MEiV*4K{eb_vL+txbfHbJmzXV z@&-QC$_rbLdo(i9P?vjW?~k)=DzvWE%c9t$ilwt}FZ)rkT|wn-s=pL)x{@I;h=?Id z-;ij{ld+lZ8<&f=thfrU_sfNTh)#0MTWvgj9rFc+IOAi!OzT8>l)%F0}`q19DH* zpv2z%B2m&DKWh`*!%4P5lHX$Bia!{rO?hvT*xCh}{)YC4YI zPK8ZD{WQ_EZ{v;JZ%{~xeQ2ygmGu-guU0Np(fb)sY$ z7(;pZzFP~s{peJg5wsEcp^SqSqpUf00Bl5EBM$Fbt|dZ3fK6J;FI3q;^u0DD9}Gir zCsA`H`gyt!)T=-DCC6mK9_=OxDd2lP3TaIDeH9xQ{tap!Gy;1s0V+*d=X%KLPo6gC zUZo^jLjmPXYb<2bIl#B{VK_JX*3vcaA~Q8OmFP@*h&Bx@)(|#Xvlvz8 zANo5eLh2eW{Mf*}J4Q}rsiM(*7uDMf*s)kWGMn*K-N4pXoPUy7xqA zyzoBBML*aPk6J~S0+Yn(z+)p0Bb`GC(qF6Ee$7@KJ@D`t^QJ$BUuidN#}y^*8M`=< zygKEO-!weoJCpmqyQOAoCTQoycG5=J{eVD23RJ*#eP&5OF+=5Da{S3s7Px7it*>P= z@!WTa!W{;kCByyf&8E{4(p^r3i%lx8hUAUbt>)sy(8r@?y^U@U2X1&RA2rH1PtvM8 z7Wo+)UItf&^1W4@Ib*QZx7d(spi>K>D0C2!UrIsx9XVHfL^WI0G2Lar=mKPSx;xBm zKWRei=R&rv&Jvs4SCk&d*W43gW&w4s%ztUik@k+ zi@Pt3YwpRu2bpK#TRr%cF;*Z9f^u`^k>Wt4^S7AvD_e7KS&<3h!0=~LlUcc^h=S0h z4D6jBym%`TZA4e|quhfOr09S3$O4l)35Hgm29Cj7)*QZb_cxf@k=V(#E%Qj%e}ihW& Lo)L1Je|-Ee!@Wv` literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/verify-cert.key.der b/cpan/Net-SSLeay/t/data/verify-cert.key.der new file mode 100644 index 0000000000000000000000000000000000000000..84862f87b5faf47449f0170a740b36206194d0ce GIT binary patch literal 1217 zcmV;y1U~yPf&{$+0RS)!1_>&LNQUrr!ay9qXGc{0)hbn0Jsf(Yr+Be z=2l@ELS*l_b9D%QO49&8*Nsetv!`Ai83-6+5&&S!c_Kx6cF0wP`JaK7!eVA*HdD!F zg~C?aK!#pqw~1|B1x)>Ghl{GUiSf4s^7`NC^m1yLe+Kq-wktfnmQYn+H)(L}N=d50*bD9*%c+Xw~&l-Tv(BBc^e*yym009Dm0RUBW z#sDjGIQr49fv99v503=8;sZi2Wa08s^&27KvunHJC$68Pvfqtt}D# z5}11IuQGYsQ@PXWt^eK1E(o*-l1{u8h4#mZKSwDZpN=Rsz#4MIDnV=S=Hm?Krmrh; zgQN(^Ud=h2Hw@^tyQh8fkiIKZJN6 z5dxX(0el}rYiD}@Aju_?cR`!ZmQwTTlRh$3Id2Ph*SsPD9fYALi5R;mbQPl3;!yKq zArLGrcM!+sSmj0j3-`tSwS~T?B&6)%c3`2X!yeS}K_uG6dr+DxT7d$AfdJrb z0tf}fojk;YMO7O23U;&(BSi}r+@DuJb6d;MzPX?$naJ@k5NLVpjKEw@arr)d-b9uTlEmxf2eq%^llw zvY=GPj5T?InMsykcIb-{z6^4gn?C}9fdJ9+WDb6kAlz(M-tQhjhU<+FKr?fhIVF0M z4brOH%fvA?8qtMt1#)o+XT7}aD4J$q99S1d&DPK7Vv1^fpyh@k1^VCCumNL|Z%-8G zeBU!0v{wq$0FPCI^Cr}UD8(wyQa~x|0*>NnbQphx;%?MwJ$d7j5+u#2uoaqnYFiWvcFqSSI=~s*61gFcUv0K*Q#yw-7@N&nQTPCZBneUuUqzpvZ z{1yc%w5|2IyaRQtZOEv7(4J{9WGSW~(PLIT(S1U^%D)pa0ik;67*G_4&ZRdmF_lEN zs|F?@&6>FlfQZq(a;$Z-a7F_Wv=_VJT>^oCcbmzFJaWkJcZyyR$j5;zY^*V7Txk;U3T`>Cl zDdemUnHFk_z+Zu;CrE&Bnb>7T*BVY=!NKC@Hgw(BYbNl$#e?I6LbPCG+c+90XANV) z0)c@5fxZ0Ho(M4^gMTaF&b}52Lvz30O?Avy)~fEbql-YG(qq^FO^Y2Rda=n#^jvg% zf{jE(L3=W!Y==|79%RS)g2)jf+oVicFR^7eQXEH()OdY+Q5+gTL~GzCbX`{VPv@<| fB9@0>_0P}-I?++pXyI*nHs%Nsjt~-picI?!Y*RnE literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/verify-cert.key.enc.der b/cpan/Net-SSLeay/t/data/verify-cert.key.enc.der new file mode 100644 index 0000000000000000000000000000000000000000..84862f87b5faf47449f0170a740b36206194d0ce GIT binary patch literal 1217 zcmV;y1U~yPf&{$+0RS)!1_>&LNQUrr!ay9qXGc{0)hbn0Jsf(Yr+Be z=2l@ELS*l_b9D%QO49&8*Nsetv!`Ai83-6+5&&S!c_Kx6cF0wP`JaK7!eVA*HdD!F zg~C?aK!#pqw~1|B1x)>Ghl{GUiSf4s^7`NC^m1yLe+Kq-wktfnmQYn+H)(L}N=d50*bD9*%c+Xw~&l-Tv(BBc^e*yym009Dm0RUBW z#sDjGIQr49fv99v503=8;sZi2Wa08s^&27KvunHJC$68Pvfqtt}D# z5}11IuQGYsQ@PXWt^eK1E(o*-l1{u8h4#mZKSwDZpN=Rsz#4MIDnV=S=Hm?Krmrh; zgQN(^Ud=h2Hw@^tyQh8fkiIKZJN6 z5dxX(0el}rYiD}@Aju_?cR`!ZmQwTTlRh$3Id2Ph*SsPD9fYALi5R;mbQPl3;!yKq zArLGrcM!+sSmj0j3-`tSwS~T?B&6)%c3`2X!yeS}K_uG6dr+DxT7d$AfdJrb z0tf}fojk;YMO7O23U;&(BSi}r+@DuJb6d;MzPX?$naJ@k5NLVpjKEw@arr)d-b9uTlEmxf2eq%^llw zvY=GPj5T?InMsykcIb-{z6^4gn?C}9fdJ9+WDb6kAlz(M-tQhjhU<+FKr?fhIVF0M z4brOH%fvA?8qtMt1#)o+XT7}aD4J$q99S1d&DPK7Vv1^fpyh@k1^VCCumNL|Z%-8G zeBU!0v{wq$0FPCI^Cr}UD8(wyQa~x|0*>NnbQphx;%?MwJ$d7j5+u#2uoaqnYFiWvcFqSSI=~s*61gFcUv0K*Q#yw-7@N&nQTPCZBneUuUqzpvZ z{1yc%w5|2IyaRQtZOEv7(4J{9WGSW~(PLIT(S1U^%D)pa0ik;67*G_4&ZRdmF_lEN zs|F?@&6>FlfQZq(a;$Z-a7F_Wv=_VJT>^oCcbmzFJaWkJcZyyR$j5;zY^*V7Txk;U3T`>Cl zDdemUnHFk_z+Zu;CrE&Bnb>7T*BVY=!NKC@Hgw(BYbNl$#e?I6LbPCG+c+90XANV) z0)c@5fxZ0Ho(M4^gMTaF&b}52Lvz30O?Avy)~fEbql-YG(qq^FO^Y2Rda=n#^jvg% zf{jE(L3=W!Y==|79%RS)g2)jf+oVicFR^7eQXEH()OdY+Q5+gTL~GzCbX`{VPv@<| fB9@0>_0P}-I?++pXyI*nHs%Nsjt~-picI?!Y*RnE literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/verify-cert.key.enc.pem b/cpan/Net-SSLeay/t/data/verify-cert.key.enc.pem new file mode 100644 index 000000000000..a875204f2efc --- /dev/null +++ b/cpan/Net-SSLeay/t/data/verify-cert.key.enc.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,02259B7050C64CC324F90A75965ECEC4 + +r6qQaWzKbJHctKUiaSLBmM1hFkJSkafmOpG0mNlV4Cey4HbQk94KOm1qWZe71NxZ +X7jtb8ywQstPWqmH+XcKddRkIPs+TwlFdxwh1uTcUgYlkP2PryqGAV6WSwtPHbwC +ZBix+hm/lT/67eny53vm+E0g98odaqAH2h/Sr3vx+n6jqUxzoq+rONfVnZcQntPO +0z0wGv3WnArl4MQz9j0esDYEXumRF06DLoerr7W71GHSQFMqKOPuDIaJVeaY0sKu +uovWlUwyc7556CJcfmiybujc21kzZ8SaIB3DGAhPP+4z5d0ELcBLkDYiNcn5im0o +5EAOoipiYIZPMqw6LHCZej7BzgPi2+UnNrcdZts7jujfVzej/MlioT8cqFedR37t +w434zT6VsN0wisE2IYW0fE9WEEIn/izv06qLnGjqHoIj5J3WmpQVp8p0+jCnVgFP +lUyks31KcxMascW1raaro6+m/TlPdxUQZ/hi0nnRd1OY7zFpTZq69TTdthDc/QEV +GWRgkRCZ+Z4/mFv5SaSOtc6JqV35As2BpC8ALm7qaQ+N9vndPrfHHjJ4NhYV1WhE +hSyc5N3bLwSpabgMNbk6BziskoMzXNIpKXPyxxHVwbFbglc1b8TziO+yZIx1pix0 +pioKgS22YbD6sb6NeGnv2+MJvnmteSDF7lLmPghXtaT5T46w25FbCYqEkbe5uVC2 +TKagEVOA2mxJqRo0ZjxBUFo9vN6HVoE42rrmeKOfVAXmprZ0MDC1yeFXC6om9uO3 +OWllCjg2XaWqH5DO16Xwgpqi3Nxl1u1GSN7FsDt0Lc/mbo7Wtc7TjY8aIftJ/Myi +qh/gMeURBwCVzvtszl3matclfGYw34hl4qAlt99Kl7iTjGiWGHsuq3FnIZ+yQsjy +Xlz3DruKqHggkH5nWyZVS33xtWmjCIqMRlYNjfG/+28biJ7Hm/qj3lHcKq10fSfs +VxuRxCYeE8s+ei65s8M2Cu6ZoinMfEIJrLlMzYPnXMB7qMiV8eDE8d00JX9OOgXC +iN3QrNQN0eaL2zwZIiIIXIskMl1tBOkv0PIfiUyhYmgBJJUqFS7grPfjx2rH9KMk +rVZ42q8ca8Cav4nZKiLwUflWH/r8mgOtOVPcLFnn9vOPZH9biC+OzGpNd+Opvoq6 +qveDF7gSO64z/0khpHULTZuCM3Vs37H8FmkC/e0+XMkOL815k3yyaHXleFZWCGa1 +smXgOpDd0cJfXqv4ApVoRioXHHo119yVELTIkmi2jKzeMg4mTskqVziTZ6WQzccm +ZsgGSYq2vYmkMAyzD07hCLmg4ubfNekoPkYkPmXZ3NKVvCYw0Yeem7Iij8Kz6VV1 +0pJRvV/H6O0KsV2VqBCG/9Bur44mz65rusIV9RhYysEAmdJ3iyBstZe9K2Mvbs6s +ihIFY9QO8x+v9pZmMLNAoyWyj38m1fmXQgoJrtLf0ahEeIT37CV0X926lc+h44H6 +BOuE8PV/Bfx/fazSqsjfGeyak2cP8ih/S+IaIdObfpaO430xqVHKYt0IEdK0GHsG +D2Gl2eNBNuXc+jBbtypaxIFA5WcrffFJg4WrklVuswKGoBT1ZuuRe2jDNzec3l5g +-----END RSA PRIVATE KEY----- diff --git a/cpan/Net-SSLeay/t/data/verify-cert.key.pem b/cpan/Net-SSLeay/t/data/verify-cert.key.pem new file mode 100644 index 000000000000..18806d636506 --- /dev/null +++ b/cpan/Net-SSLeay/t/data/verify-cert.key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAuA19a8IB+OZWYRpCZO+4c3UIfkrTAD/XjUyFs6deHRkIGGIS +AGDLeSJFenbIVYT5n4GWwmJmZDZTyWaFwlbaQIZeZLeJbVwFTP1rh4uqtYnxtwPy ++t/o9HJqmH8G9nW2Kzy9llBVXzeWAGm23Fcwad98wyh0y4fwiJPbOZn5xHD9B1w0 +NtXLEO0xyQejESAbbIDUKw/Z+8aegxBXG0dZhUySMPiXarXHSoxL9Se+WWxCLeTz +diw3KwWXOqFF5G79v8PUIZpyAVV6+xjow1V9+eBGStfQnyGzp++3ojMWQbKYJcz9 +Bc941gmDXuesXqdzmhTJeM9eA88agM7Q3xHhfwIDAQABAoIBAFV0xgArczj60a6C +P8OX3l+VPl1NJo0eF1oe5pFUq4j9H1oa5trQFolm1TWYQ0oZ1MEvrS0R/RKYeuyv +MnnaU7nT6a3/3couCLQHkk68FYX2x4k/Ryken44oNcAacsQqQWvv5uMM56avK3GD +pAjIXs05nDcM6LW7p33ykL489NA1EEfOKVnATegUxXH43YPLFcTEhgYTChdJTJ4/ +hHgfEQKZ6wF8H0NrZ3r/IMklkndBm86WUvPqkz4yVDlvC3fXvCIBHYShJ4kYuyh0 +FaLW4lDzYiEQLC13EMfmWOVF/gv3xf21hb6nJKTs4HZgoajDHtTxQSTaxeR1Yo57 +UJoqWoECgYEA4G0CCAXEnTzEg0VVGvcKdrQOI0ULF9yfVz91za115pCmAVSm5Ddb +oUMGuWrGmh6LyTWbkUO+K/db1iAYGDc+TKP3U5nSZ+DaPCnu1JK88UOMqGJW9123 +S6c11QiVQK9R+t65Ew6uzR3bc7KgVMaMNXmBmUmWX3boixG+DHKXmz8CgYEA0fJk +Dn6SINxsV97vHkCG640PQDNzmTklepIN0qrby8QxNRrRhXAFcnEIZ7287CiaZmAc +WBdGzdbP52KKanyg5YYhBfrf1rABY5JvTxTnfN8zG7RXCtQAj1WC8ybUhCjFKs5S +QCnrAo7iaHQYf4TibtRpPXnjkhIk0QotdHqnacECgYAgf2h15O/tnOkP4TBLsU4w +li4d6VeL4wSny6axW9bgxj1jn/Byx5lbJquIme+cTaQMRNj8FgUptK31ubwDdaxt +yKh90J5pMGQppiDRY1Y80X1CvMq/EzEBoXroGFAUh86lNy8xlUS2qwYmIM2auQ2A +iNG9cqx1snBGAxG0F7vgXQKBgHebyYc8ctIH4i25k68/gd5Gse6YoX4kwYZwGTHx +J2GSd5pSmhWUeXX2kZxQy4Ybp8M1dFB3il4QyMeBK2x5bkz1OnEmuUmdYl0w+vsp +5KwOmRZqisBfgaYnSIBwmdhlRdcaTl/BweLmNnTd12sm8L3Fg+ODQrRgY9s4Gidn +DWPBAoGBAIG9/NSeCDEhg38r4M6+FglDc7/eTXXMV9aq7rSji0Cg0mPYAE2LHSV6 +sclJ9Fx0e4KNRERBezKkbIdTvx5kx/mCyBEi26RMWS+xZTdSHEeN1Hh9e1EcGkBE +a+AmdF1W9k/nrcIilodg9c/QBjrRUdVo4W15NuYIEY4QEoKKTPsW +-----END RSA PRIVATE KEY----- diff --git a/cpan/Net-SSLeay/t/data/verify-cert.p12 b/cpan/Net-SSLeay/t/data/verify-cert.p12 new file mode 100644 index 0000000000000000000000000000000000000000..c7f1f30c86999741c43073eb0c7f12b53c54d695 GIT binary patch literal 2748 zcmeHJdpK0<8eeN>%@||cqH!Oi+$XFd>7vH9Qi$9_xetxYV9dCcm?ebRHJw~Wg|v+> z66xZEl6xYA+H^rer;DW0W!s&lz3c4Gd7k~p`Rn{~)_T@@zW4Y3zW00A_kQp1SujGp ziUF}OLPYT5`stg~=OsZgummB-KnO7sg~MP38vDTo^+O2MgTlAarwuRh$1D;N#Fiis z6$MrC#6LiBG8zjap%Vxw4#5cKRS6aYVlW^GOMH(CO2E!^30NGDb%XG77$%U!73ts;FnyUJSp^>}UL6J;DHkxNlOgNgSAv4}TA}X9o z*N1h#f1)@@R#~JPqFjsrqLJN}d?|GML<_&pHZoX!D0PFGt5193MZ?i79 zE93QnBO_}HKej|Ii0xdtYOqV@CB0LuOqQw=o-#m_{^fJqiBuU6l}(;$_5%1re(0t4 zEeE&0(`ob!w=$TRi(O$x!{x6nwVhxuTyGxG5OP4b#LtS;&2C8_M>lS{*ITS{Q8aVq zqzT!wra?m|qD?p_{KJ z4T4`F2#dj$z-o)O7DR^S@dO$k#NouS;P(;ccefNohUCK`SR!*_Fu3M$C+L3~nYNp? z>-c)m)Tj^qJg@Rr4ZvXC`w$^WaOA%9u^4CqD$fc@c=qa_6a=HYjgqiP>> z8Qx~UsL4C1SEsscoj;!Btg!tWZE%y8$_KIGb+0Z2KB&oZd|IdTROk^hhKW?sIUD_? zqK&rv=jGA+-dr?}Fr*rJS*cPae>zlZa;bHPkxkJ`3R$mJ=qk60&b zCJesGBGn1!_)DHs8uixY^YsYk80&TJFUL6ySI68Qj)7*c1DWjpJ)YT0ioOV|4M8b2Bbd&kh3;iDyZ3D&x$@{dq z^C!J=`9&J!y9Gygs8p;!Z}|mg=)^u3GWcH6wFfR+g=m(BaVhCL{vJx_3()rYrZwVA z>1bgtP{1Lj`WFE+GPkd|`duTn)zpu|VgDk@(|ssAfmnbEZ~zt%3?u*sK;T!43#Q8;=5k_{C1(Z?nig1ZQ5tA6sx**YSW=MqqRKd7*ro37v&t_I zZy6G5#RQJ^OVi%BXEHYFQHpbQO>Zc3TJ$Z$W+tDIrpl{m(W$2h9X{P_j+v3BFI^KQ zy*boq{b%z=M9Hx`PS$U4^z9AwzQ<<<%kM)_9qzoegW)iC?Il zT7o#sqMp3%bN@K9!Ps?8q(t1k`emTn{!*Px#cR6Ur6-5Ro#p~GWL6l&$+S=IcxwBb z#C+?*rL;zo=BXE>v3{i$&6I&zOU>cd30^?%9w(u`7azmt1EUcb0H=XYJ%Dl#1;9JQ!&{`9C$PU?KO+DJ@IiEG!Zlin0?Ga}BV8?YQ{}$2C>$r6 z5YkZpLRT2UT z`*mCOd$wEXJ;&sZ@8&8d?;mFmu+}F$5iHT{BN}iMMXV+aKZTmSn>R7@^4K%!F?egW zBb;Zb_RJ&u2_)(&ul61qZCf8${F>8V=&gPBK;g_Whf^e*`@fQLdbO4B>gut)a}gaC zNxdgnaFAX(wJ*@!yf4YB{?>IlI#`-Gt>`45(etyJ5&fvm<+FHgYPYaXGUY&D1LqvC zCTb&AwpQWV=q@ycxT4Msb56h5xIx{KDhB`2#_CrErTa9S(xa5+FsP?1Ddi)|)sdRY(ray5Y+&*V&vB zRd}Cidr#TXx2b7-auxUCy)f<94Xvq9QmtzJ0!LOW>x4)KqPxHc_zk}foFLFOQj=+; zJ&j~>>zM109C)`qhR(dIEz7nj=?}aQIAp77C02LZz1_*(gXGxQSne@C6`tX8of6dk z5$TX!Hgd||)2Nzhwq12o&Om(99%of$3!AV}ZSF4j_uHl_Z!XKr@OyWs7r(a8d2shw zM8c{`f^4qL5+uw1Gx>j0g$-a0^e+%clfq(@aR4OWGxHF;cK+n~1~*S#{z`V;1UN1a O5x7RnSBs3cb^Q~T?=(~Z literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/wildcard-cert.cert.der b/cpan/Net-SSLeay/t/data/wildcard-cert.cert.der new file mode 100644 index 0000000000000000000000000000000000000000..0254d84098bd6a5d1dcb9e599de2fbf458558993 GIT binary patch literal 915 zcmXqLV(vF+Vyaxg%*4pV#K>&G&Bm$K=F#?@mywa%AkdK8fRl|ml!Z;0DZs~2*gz1( z;o{-)OD)k24)#e+tb_@2^KgZv7MCalmu8lv8cG<5fmAZ{@O$Q!q!#6-rer3Tq$)T& z8pw(B8W|WE0wEYgiSrs;AaM=C$hA_|KpJADh?ZU+(0RqhIY8&>rB)>77UZNFG%+d} z@FM)i$jZRn#K_M86z5`UVq|34bkT%KsPWq5rV{fHvaBlFs_EOqRGib6=S1F*UvkDn z!m7<`{!~)~{|jfYzWC(%SEFs8-s3ZlsV6+LCSBQK6u9hyuhfiR{izzue0NyO@t=-e z@G;b9_tlB9%R3*MPAqe|XusBQUi3z9tB?J^cU>!cY} ztJ!6DOk;8BvFB5mH3O^PCSK!J>E#x^6ePIhr^0l9qYBaLPFH2Mt?wRL?2ON-s6X-M zcUFxvyWH)mBGprEQoRcQ965RGT9EBG(=U9^1yc{TJ&4md&9k-1T!MLV!R$!J13fcr zCNo}8fA>yXbfp!mRexRlzN6>#_N4E+dARdoB@;6v1LNXCgM0%%U@*$^Gcx{XVPR%s zU0@&!;;XWV8HliPXtOc0va&NX!dXlZX+9P)77>GgPygso@V zRT#Hi`mEEE$8_(U#ImVPu7c~f&v@!A`{0Wl(6RGbTlSxp5&bDM>2;!j^*p`R8vZA4 z=}8-|Z@t8xAG=X8((~qj6SMw$XH#YVxm_DHa+a)E(m7RXj>h{YdkmwrX89 z%=oz|Vega)tj0N^SA!I;RJ-ura+R8Q;?awBt9rwvEDPl>DE>b9;x*TkkdIX>Zr#(2 zJAX1;?z_mkE`bBa%QkCA=1)8ool`mg;^)I(iri(kS#3Y|SFW>UDc8J19!<&j)^(&R fZ?y5|e*8{+*K$PxwhYmNr&H#H-BMqon-l;5A~8wG literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/wildcard-cert.cert.dump b/cpan/Net-SSLeay/t/data/wildcard-cert.cert.dump new file mode 100644 index 000000000000..484f34482b9d --- /dev/null +++ b/cpan/Net-SSLeay/t/data/wildcard-cert.cert.dump @@ -0,0 +1,160 @@ + +# exported via command: perl examples/x509_cert_details.pl -dump -pem t/data/wildcard-cert.cert.pem > t/data/wildcard-cert.cert.pem_dump +# hashref dumped via Data::Dump +{ + cdp => [], + certificate_type => 305, + digest_sha1 => { + pubkey => pack("H*","308c68e0f72b4592c2084b9f02113d1203352779"), + x509 => pack("H*","6f07b76e454c7b5e00a8eb1d321019500fa294f5"), + }, + extensions => { + count => 4, + entries => [ + { + critical => 1, + data => "Digital Signature, Key Encipherment", + ln => "X509v3 Key Usage", + nid => 83, + oid => "2.5.29.15", + sn => "keyUsage", + }, + { + critical => 0, + data => "TLS Web Server Authentication, TLS Web Client Authentication", + ln => "X509v3 Extended Key Usage", + nid => 126, + oid => "2.5.29.37", + sn => "extendedKeyUsage", + }, + { + critical => 0, + data => "30:8C:68:E0:F7:2B:45:92:C2:08:4B:9F:02:11:3D:12:03:35:27:79", + ln => "X509v3 Subject Key Identifier", + nid => 82, + oid => "2.5.29.14", + sn => "subjectKeyIdentifier", + }, + { + critical => 0, + data => "DNS:*.net-ssleay.example", + ln => "X509v3 Subject Alternative Name", + nid => 85, + oid => "2.5.29.17", + sn => "subjectAltName", + }, + ], + }, + extkeyusage => { + ln => [ + "TLS Web Server Authentication", + "TLS Web Client Authentication", + ], + nid => [129, 130], + oid => ["1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2"], + sn => ["serverAuth", "clientAuth"], + }, + fingerprint => { + md5 => "D7:CA:D0:AA:8E:A9:30:8C:0D:F4:A3:6B:1B:94:74:76", + sha1 => "6F:07:B7:6E:45:4C:7B:5E:00:A8:EB:1D:32:10:19:50:0F:A2:94:F5", + }, + hash => { + issuer => { dec => 2397076613, hex => "8EE07C85" }, + issuer_and_serial => { dec => 3758447858, hex => "E0055CF2" }, + subject => { dec => 3756668519, hex => "DFEA3667" }, + }, + issuer => { + count => 4, + entries => [ + { + data => "PL", + data_utf8_decoded => "PL", + ln => "countryName", + nid => 14, + oid => "2.5.4.6", + sn => "C", + }, + { + data => "Net-SSLeay", + data_utf8_decoded => "Net-SSLeay", + ln => "organizationName", + nid => 17, + oid => "2.5.4.10", + sn => "O", + }, + { + data => "Test Suite", + data_utf8_decoded => "Test Suite", + ln => "organizationalUnitName", + nid => 18, + oid => "2.5.4.11", + sn => "OU", + }, + { + data => "Intermediate CA", + data_utf8_decoded => "Intermediate CA", + ln => "commonName", + nid => 13, + oid => "2.5.4.3", + sn => "CN", + }, + ], + oneline => "/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA", + print_rfc2253 => "CN=Intermediate CA,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8 => "CN=Intermediate CA,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8_decoded => "CN=Intermediate CA,OU=Test Suite,O=Net-SSLeay,C=PL", + }, + keyusage => ["digitalSignature", "keyEncipherment"], + not_after => "2038-01-01T00:00:00Z", + not_before => "2020-01-01T00:00:00Z", + ns_cert_type => [], + pubkey_alg => "rsaEncryption", + pubkey_bits => 2048, + pubkey_id => 6, + pubkey_size => 256, + serial => { dec => 3, hex => "03", long => 3 }, + signature_alg => "sha256WithRSAEncryption", + subject => { + altnames => [2, "*.net-ssleay.example"], + count => 4, + entries => [ + { + data => "PL", + data_utf8_decoded => "PL", + ln => "countryName", + nid => 14, + oid => "2.5.4.6", + sn => "C", + }, + { + data => "Net-SSLeay", + data_utf8_decoded => "Net-SSLeay", + ln => "organizationName", + nid => 17, + oid => "2.5.4.10", + sn => "O", + }, + { + data => "Test Suite", + data_utf8_decoded => "Test Suite", + ln => "organizationalUnitName", + nid => 18, + oid => "2.5.4.11", + sn => "OU", + }, + { + data => "*.net-ssleay.example", + data_utf8_decoded => "*.net-ssleay.example", + ln => "commonName", + nid => 13, + oid => "2.5.4.3", + sn => "CN", + }, + ], + oneline => "/C=PL/O=Net-SSLeay/OU=Test Suite/CN=*.net-ssleay.example", + print_rfc2253 => "CN=*.net-ssleay.example,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8 => "CN=*.net-ssleay.example,OU=Test Suite,O=Net-SSLeay,C=PL", + print_rfc2253_utf8_decoded => "CN=*.net-ssleay.example,OU=Test Suite,O=Net-SSLeay,C=PL", + }, + version => 2, +} diff --git a/cpan/Net-SSLeay/t/data/wildcard-cert.cert.pem b/cpan/Net-SSLeay/t/data/wildcard-cert.cert.pem new file mode 100644 index 000000000000..f65a01771a50 --- /dev/null +++ b/cpan/Net-SSLeay/t/data/wildcard-cert.cert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDjzCCAnmgAwIBAgIBAzALBgkqhkiG9w0BAQswUTELMAkGA1UEBhMCUEwxEzAR +BgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsMClRlc3QgU3VpdGUxGDAWBgNVBAMM +D0ludGVybWVkaWF0ZSBDQTAeFw0yMDAxMDEwMDAwMDBaFw0zODAxMDEwMDAwMDBa +MFYxCzAJBgNVBAYTAlBMMRMwEQYDVQQKDApOZXQtU1NMZWF5MRMwEQYDVQQLDApU +ZXN0IFN1aXRlMR0wGwYDVQQDDBQqLm5ldC1zc2xlYXkuZXhhbXBsZTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALLRNAISgdaTgnQ38B0FJCslZ7dWJENm +p2xZ31+kzEgYOoY6n5U1ME/QzdXo8kn9KIa+LuPMQWXISGqS1LgyUabQTRqY+o9l +KKZNuDseD8tdoPFVTLvVkV2nieE1kXZE0T+tMZ5bsUs68Y/7utZ24z3d4ckz+Fxb +k48nEBHAvQhicv0pij7GKKN1xueUAylRe+1h1g0kjQsV0lIRpPkgl08yeBV7iUUj +JrXu4ji5X2h4f8js+2p8Qwce25UUe5U8ZUpx/MTJ2tZSPfY19A5DcJXChuBeKMsM +tYI3GAOjcJtZAcCMmDyTAdAn7u4rFak6BTqPfl++xc4uvGe62cOJ4XkCAwEAAaNx +MG8wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD +AjAdBgNVHQ4EFgQUMIxo4PcrRZLCCEufAhE9EgM1J3kwHwYDVR0RBBgwFoIUKi5u +ZXQtc3NsZWF5LmV4YW1wbGUwCwYJKoZIhvcNAQELA4IBAQCPTVntOhLoKlEipQiB +t/VVrxPbo3QTTwvAja4tjWC1zIckAbTS8yyEbgLezhimlYJFEa63mOVDHeD0HqAw +HZ8FhL/LHBX5HJLrYRA7ni6rKE/I2i4bMa+F0gdvXbEhWUnZ/zQ2j39DNSMPnYqw +KGykqKSJlRqcKO+y1H5+Vn9DrUmFKtUxaPmiYL2UkAUzbFXVUiDUe0QN2kUansji +6K6qjVYaOXEe0CH7wejrCuRU8Xqo2t4pXs/Jax73FK6KEMAzprMrWW+RyltseZ/R +88P0ckcctjq3xv0eiXSlCp7CSIJj3q6IZSOxPEsL4+4XuqchEAZoFXDllJxW2iek +LWJQ +-----END CERTIFICATE----- diff --git a/cpan/Net-SSLeay/t/data/wildcard-cert.certchain.der b/cpan/Net-SSLeay/t/data/wildcard-cert.certchain.der new file mode 100644 index 0000000000000000000000000000000000000000..20b73fa4ceb282f1063044657c61d34c8b281ffc GIT binary patch literal 2617 zcmciBdo)!09sqEA#u%@`nDK}ZDudJ5Ly8%CP4cE0nXZJC$!o$e#1S!Rgr>>sPzhy_ zV!SGkB2*&Lc%D$i)JbXxrQ$g5sB`bFweDKyuGYPG??3kb{`TJM``y3q_X9Ga9FPf# z%7;P#2n2wFG7?e-EF0EG1OUi@B%BN=B>{C6mq0;wJK#_tawU+Km3E>sHn_MrP`#u6 zu_z-ey@wjcSmP4z&!FN|LFJV5vq^BH-ox{xE<6~K^TJ|PIP`b_NgFD z%)SXh%8#bh0M);yL>pj(MCFBr(M088sgd4CLTFTw3Fv@`fBhQ(6N54Vc`?ztG=vEN zVpZK6A&T(>=}gAvcN(y@hUwT4PcX-%%}lfkVXXV{{-UEoWY#F5j&>9jYUDAfEZ9f z2ZKR5(Kc$x1HiJlI1~cQ2Q^mWb>hk(T0+uL0)WBbP~e|;kgt#B#FfR-;Ay|-9}TV2 zS|siBAV^C^sHt8QsI~GnQd~3;%zxjQZwF4)5+0nxbO!UGtxL3GInQA$h>8ifiSjur? zne9n~ew^Ru%Lf`V&caM+uKnaSebGA+Lsn|JZQ~QXt89vzIbD;lz1TeQM*78`nV+u= zjp%zmZV%M_h~_0LG?^4t8@dIjK6Ix=<#o^9eIIJQ`X;`nbxAXcQ7E0;V#7Q%!aGIP zt+cS05lpGn7i%j>_$h_F%*de(>2Wt4+zm3JE+Ueaf0BfJPtx{BeJFfstcWC>930H} zPbmHm^#7H@vWnd&gfExY!BlaG#tXe$evT3N3xXcLpf4OQoaJvhzN@00x+=j){iea@ zL#~44duk+?T{cATzxk%PAT9~}b9}-!+4kh?m$UGf)gS6ojZHYmhs;=rQ@P!i6SqUJ zpgvG_Z*=IbzHTto+t%T-ex}kAR@xa!YC(-Q&rTcnGE0YFPgSD~S*hFReoZtbZ1x;U zp2E|AC({e#6w<6;VBbOYmYZ@&k@bCASN`B*=m}$<=-#O;)uwaH{o8eoXnFS!^~_uJ z;GWmZY5Oc32s=cvJ3p#>HSmbvj#;nCpL~w7;8&EK0$sK2P*vSe-I^xh+&gjj*Lnde z<&pk%(;i=Po>5oQhkY8vNbR zd|?%vU#@#@$7$c2k~f;-a^r*PXY{cECo}|=7=sM6&mdVV!Ffqd z_Rz1rH-2Tat6i8Eey$Q$CipF4FiQ;mB&V?XRQ?&1wR}j%{dk)^#Wa6Na-Q*9cIm6x z><;p*J!A2Vz(3N8f?U6MU}@9dhAxH6CE@o*@G^;P_FEJ8#`vz%sgxg4F0U32AdG>`!m-DZUZ5Di&&UF)fBd2|J(4G8cjRy+7 zt;`d0cIFsCwP%G~4j30e3vOLS-_Y!S8S%#9a9RUfioji(+*{HZ#`BNIT5I_|v|JRi zvKO&3{gV~&-422OM^^vERDZ>Zdvdl%@}|q^)2sHKHj)#Wl%>%>Hl%;(OuSf%v+^Vi z-kQRyAkDjSjlwqlnm#e6vU4y!I3mh$+q{(nLeP(Et~lL&l$;mSeyUVydTcyJxQys3 z9$3^jqIYC^#}ETrv#qsv)-D;vPH~82JbUYicr`euJdJ$j$@k#jo6jg7+vTul<3v{$ zZ=q`9lMDA~_3kz4ikMeB?vT1pHV4&jtySLfvY_3ZW+uKT_V#^~l#f1U6}Pc8x^mXc zXkVO##aoOySy)^9NnOVmGgvYA1kswNLm z&8>0o6Fwn?20RnKyi9BA%rD+=(JON)t!ubHWkJ2wS*uUpZX>5I*1sVO-Z?oP#oo0q z6&B%>uCG=S7<0`i#c7tXo%Qta3HCXXX>)yD7$e5$@cH3eNtLsY#q0#-Q6)LURtZ^s z*yT$_)CZK;+GXXLWQP*AS@vAS#hKJm$ya?MREWU5Xk|QEBWjmGcV8Yg&M{%YI8ALN>C85_Q;vW0QeTG8h4uWD@SA`d z>A}kGDK|A2lVQ2XdQ7;;d1TQv!xVxGmjzue+0B}=IUG! z`+xT)B*iQu=h&s!QtOxF2Mr-`t&=0Yb3-R3h^lFi&;!%MAnzYp*xfR$$)nH|1;muN za-ikZ1b8oQVA?w+dq03Md)CdyeAc{mudq3d)rVidiOzYVNlgI7Pkx@5*ZG!lrRLE+ ztPif};z$it3}0F)89op&A)ka$w;gwGZ{L#u`oM9eKcRtIHKLGt?yfOkW1K{-#iu$c$4cA7&;> z3I}2ogRu2QaJ9jf*&z4)2Y{#Y3#eit#qSx&M-(2p2doW&goV z`PWOXEaV(>!RRJ)XuAA9A|zZ+J8wGpglkBC<;!*9S18!2czFKD!kmZ>aq4jmPq;}fsn|SS> zSwl){QxT$#*X*r0vbN;>+OS6w?^1&TQG%C99M^uV+8?sa*bl3t*hLLxC6wFkPf%q} ze?lmk%g@t%3EhDg#Ne;4%y>T2=%v38NT-CVER*w&$$L6f*R|Dc?FR#PgM66PnbqeE zzDf(j6eYSK?C73PIgF(k#ksC1mkaBgDr{w=&(VB{<>&nLD$GI{a;f=)XZ~^Wm|?4* z3{UAq_Ln0@Mb_1CydCDWlFw|$7$@}-XMTGhPx8jK!gH=fzM0e`arr}Ev{jeE7zoW< z=E*iH#vC|q2>Nzn-GK)|DP}+}+!L*5s}y?FS~Gz{=Z-pR+PN6##%&+^t@7d0;7&E% zjpm>|Z;AKDQ37gHU^|zW)8O`ns8>5UVZVA|2j|{l&EG`6NGbZefK@x->)Sz_Jx~S* z(Cnckiu7pe(yS>xkp&}k`#1V>0Qp4y3F)=FEib^?(jNAkDI&&DP(3#C=sA;f=c*O6>uVx{<@g^<Wg;DjKo=_mYqq**5O-q8;jao2nXA4J8r(PhVzdioe`rUxml^&tRdnbetu8H^@3l5 z*!vWBreQ@y877=>8!F7lXeq!dP@i{?g`dFQe5x>bJ?3GcW_Prl3zzerfmek0Jb%xLuh^==lZ>G~w!@#b`tI^ujEf?UtBz7)uMfvwmRpuzHXXFV^gDR;vE zeOT}aV6`7y`MJ)+A}IL@iC}op+Q9ktImM` z)Nc`aa<#GdKAh-G_exJ&Sv8kuS(L83E4W$($#M>yt~4T5bWgtD!gvkX#b{Cw-I z@S4oZc)jvOpN-JR=pA`*pj9!2mIZ2+Z)Z0Tp6WRK^3cw$6yN{L$MdpCJwA&879m^( zA;Rnj0zMfFd)rMnfHfWl8hQDBCVPq2Zy?-_?|qPombdT)Z(A!)-nuMcvKTzq22gq3 zRCUFKo`o@I`1|#?WGi(J_#_C)MqD7Kv+*T(x+MoO0IoUCt_+LtvpR5o$H8&U#8Q}P zwfa<`Q%YLdVe&}$>lDljl77#;h$T~Uz+MaqVgraTs`d)AE0{8)W9Ix|Qt+ga>P>yj zvG)~$#xhO1L*v1&w$jB`Z{(-^32^B=N`r|W-S9;cgW5j% zLR?sECE@LZ4ttm1Jtce^L>`VQR#7NnT@C*8RpIAX*~hDVGUiA9Q3C|*(1+_ z|5!f&sx%B+nJCJGhL%CU%D&Voq5W%j%e=jOS~f?eoIa@N^@WsA>QSDKRMk!IMZGFd z+I`9_?fu&7Jtt(IjO=LW9W&+gwnxMolQkbsMCpsM2Vo_~gsu%@b>xyS1lWEM#ZVAQ z&@G!XSH5VLV-F2BOOdJ_J{e#(S#3T;0d8t!U40{}&}vUVY0GkydP*jWrXIyS*;{4| z%xG19S~T+%;8_I1Yp92m!m0Q|g#YR+8mT3Er@30Sar7B3+BNegBYKD}{eu19huMhC zHwMwr$&9kHx}fs5jNG%j;y zBr0s8=vq!NT_s1*B^kbX+r;~8eWZ8P@D11TN7%>p}f`6w91xgV;iNQsqPYxdBvoEk# z#ae%qB$4G~e!9WFh(6dkww)?a`ZC4Db_VWvy^oApGChg*3pefB_;y2>{7mj&>F40A%w%x~{2+Qe-I2n#3uN`dKjx+%rjI-c*nitvvLt(&!E(sbAczuz&200~-I6(6etaDK@PqdfoWWyY*UB zDht~luUYx-r4w)yH@H!oi5U@<7(mJiUZuFotL;?9aaBrb8LNH_a9n~`<$RB*X$@~p zgg84wrmU>>UnEgfCJ+d4EGeIm024Mt8_oCE!h`Fb*B~q-u1va+E1m5*>10BC9Oq3-3d(`b_gFPEZEuc!qcS` zzsZu>@k;tC*EAqbr?8fXodn%S`?p6uMcb{3(ufOkexh=R6y0Pgu z_er?G+)jD_-l-NxI|&%-s}KNa+^kn)JMhXqXcE;HzHS<2i1142S!j`dE<-%6^V_^J zt$o3Wk#}G3D(yAYTo33kT>)bh1k<_|@7tKm0!>0k`d^3*iKhc@$-o3s0YaD@6xt(%9HA&?7K$AYc?{3&FTEdl& z8_OiU1B8^PnBub)2VtEXy|p1wSz-5{$5KftP^&`CJ}PM(MbJzy8~qI3$(j`$0A0!F zn^c!HY7*t(7Z?6KXox*?PT{gCOL}Pmd0r)8u|HLyN!~sWa%XuaoPLcsq-Jd>HwOYG zb%A*I&90@2t;2m*PkN%;)BIW#mk4=zSNvPW7Y_>gVMXO*$~W6t(Au;PC-}@mIb#Kd zN9!e~I9om`Gqy9E#eVb&R~kJR4C^6jCnY-Btz)5~Hbpw4$ZO##VyBkstUuP#g)V1H z-0}rFU`NJouwMl)9oV)7uoBx-XA|rsyQz9j-U@hUaB*)Z;!^v{Y^0Y#cbR9gy~F7I z@J&y(@V?@_hB3#>r5?`E%4JoMyk$n<&g}hEx1bK@_8K`V!RqVJJ!4?euV z`5pqKfhBpeog1wkw=dtuiD|Sq#yzWBr?(+I_>r*`E2mERWInC>m!dgo_RLdMV#`64 zf^PV}C8$^}n9+OsP?xkz%PWJ;?8wE{Sg7#J1x=2yL^WwPTt!!rfh?Y-|Jsb0c1j{! zNVDI?SrzfN^Vin>LnV$MyU69U6eT+FSc9}y%EMPYBER)#fmF$O6I;Coq2k^n|w_9B|}=F4fvg0 z01PpF2Akkj7{6e@$#lxVFmosQ-hXulPbal!qn%K|uQK3Qr2|ku6SH8M)WT&T8kvVO4t1Jep5D)h|X0Mp;5si^3{XE1MLreCuip&EF%F+biHyMsZHL zB%C-v>LOI%D^w6}{Zt@Bx+~tOLs`f-Y3`-HzC^l;k*Jti3%WDD@zKcIEFlv)j3;K~ zfguc|Gc{z0&44m0<`y(>#T)++XJNx}G8fm{Z$Q@4+xL%s!H3xaxF04>?2-1u2FI`b z4_&(3Sy#7w!pTrvBMnld z&BNI<)_4;7+u=b$493EW=&Bpf9_pp=Dc||(>qB!r-`i>Wp?Y|fRz!k^u}CapkWg|) z6|(-)eQv=Cx_CGt)JyPYg=Pw>w27!KBSm0?QibtA<^^YgK`vZ1ttcFL8Hr!=;(Ukq zrt^~1EC@+rH}w5QP8xXEfIdhV;|Dzl<06Ty!z#8CnSB37B{hjgwJO*&wDYv`77a#!OaYyX$e8D^V z-wqhy)!pf@&F-simXZeOYq2J U^++6#@R9atDMIAa)IZnwKV|Z44gdfE literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/wildcard-cert.certchain.p12 b/cpan/Net-SSLeay/t/data/wildcard-cert.certchain.p12 new file mode 100644 index 0000000000000000000000000000000000000000..f51651016ef57528753b3da7df6f1f4575ce1ccc GIT binary patch literal 4419 zcmeHLc{o)49-r0N24lv)l%*^a4zi9l$xikwAu$+)vBfLfRAZg&X^|zem64P!ijqh) z){-Pi@05@wiC6CN?)BW~x%YXWd+&4qxaU0QIltfM`&+)}_xpZ6=X(x7!RW)FaDakg zV_}o0no>Wbp(toEg=ZZ>;aLSJJWBwD!~Yu-hbw}@;S9p|00m*g!trY_PIf4~m;%2F zP~a6T?7xC+{NPydd;|ra1L7F~1r}Wlhe2W6Q*!)1DwG4TRptQLSm2Hb7A)+br7{-4 zY**Mh*{zA;3ikGvM9=8oKn_lJ2Vz+GPWuQ_I8j*;;NNZu=j1jE3MYmhBYKlO!-+eM z3;}TgvbBUf;e}tTk)c!{z+qNQmZe1mqFvM)RHZB(N8Vp5EycHf$Rt=a717Zuq6@S={hUq?lp!-ekLRn>Mrvoo zdE9x>uh{C_GIl>@DjEidLZGE&AQ<2Rmr;xx3f)2=;4ow{AhuoKh2RHpEUb7IC=!W+ zLw_&9elc?)_z^fD-S5?Bym9tDR*NDSMwb_^CKC#`Aa$XCp`h;pKymND*-%2_cL9-)KWmvcV>q(2(rln;v^f*gmCAb}8Xh!?~Y5(?fG zz!DKGg+sI|NC=1$!8Ut9%Wthn5Fc=a?cUqAZQKtmlORE$N+f(Q zDZwBZ@SUW98UzP52o7oxO!rqwfqg3}W`C96JU<5}C@Cnr;Nb9oMN0ky>h;f5q~`j; zlXEkhyO4s)=sOpO^nQq)CQS!DdP83Kxw6F2i$8F^hbVMPNu)tu!^?3xwNu#E{(z~G z=ihwO?9nB2BL&`J>Slw*a=;XoyU1n=&CH50h>Q=9e=uP?O zL*2dhyBF(pk=Od7Z0}(wJC+tyhA7v@-_6%!@zgAX<)=w%1P%9>sq@<8pX|t25_qyr z-Y9;A%WSn5*haMs@2LFBkR_j*a>otL=L@!<-x@KLQVJ}3;5E3aGpPKkg-gPF{YaRX zllg^7sp^1Ze*2a@-tX}~K}A*aSqC`oFvs2)c;V9i9#wWXLHnJIzd&sisd>Te7ZuqD z7<{WDP!@oDTL-Y)s)7XI;O$SkF*0QJ#-;gi#Ohe+^2HY$^9j4Ng1-rxpJgGgxK`@? zzI5LP)?4ifg^9uBGjfX1jL;BlQYo>!8p%K4U(^}sQhSp zpl7Zq;(Q&lX8LX9SUv>ztl&yVa`73g33o{DgGAFJ-fR*qwMgXy?b?q^=X&jyEW$U= zOp~IFoiMwdM>o}-+xmGfS4DKb)aFQ{(LSiU-bw7gb|cfT-NY*8R7yc!g{1F$t|!(~ z6;2DPsAnAyt>+AEHT`p&tBNeHVC*lvQ!!ol-8?@)@QqsVmBjTiw!|Lt40TaXa+zz% zPS?9%=PCda`~!o#gvbgVu9wlXmOj~SG&Vxn=6mO=J7IKEqN2$Tzel?dDTTlAT-GV`1^C%-D> zeCkWObWPdVoiKKLUQqy})nBL-rv5aCIVG@vEGIZJ8gH;_Y>A#8QSP{&K5*QwD7Gj0 z8sEay>$JHobbrO@hMW?)H_tQH$iM5HiNyY5% z_SU@Ksu)P-&tIGzPSDZ$Agg6J*VMEoB8d+w)jz7Yv1*p(@p|sey@*VOxC&n)=Xj+%3R$DTzD&kt)bW}nMbCXI?e~Ejo{Yh@xxO*pVFGJMs4Emmpt49WW z6D&V-&&@hX$Oe1bBIU_zis`5@fxOsxsBeeAu`Bz~nTeWk-ZxEz*W_w?hvoZOjT$VT zaJP+LQ$9dYoDLN%Y;+x-dqxQLpO~Au9N6AhTya=uh@&LCe|#iuU8Kuq$1u0~-i+or zQd>T%@BKnF?ZBZdWTbbFoN!e@>{X>S>m`CA^@Yz#+Id^Gj+W-I@K`0E3*)y_>Xx2B z%%^Lks|v=APvs9QZk3c1A3D90sHx4fv#g?No?DK*w3s!?n(pB{jbnR26V~gR654S* z=rOACK8EdRU0K;ju^1ekDOq}V?@Ppeha{ui0ixVRE#>6ci*}6i98$i^O{{xN=Kem; zPuBqoGU4}^?RFxLBqJ!uV<1cdFXEqR2^tX{U<%#_gF?PbI1v;?1!yS+E&oqBe@i*R zm4LwSP2R2XTW?*>g6OHMqrdERZ76{?@6&+UE)*S^IW1auC^SUtRWs^C$3kI%o&i4e zjA)9d&?aZzoa>T#d}f5GMd}-c36vQiZ0n=BAR`t?YgiL*cIx?nxIKRydCvc)5f+O@@2i(Qz*54c z5XtHI=6Fx;<6|7L@_*A_=cLLk^q*)j539U6YhO6BTV?MDD8o{+xh+{1>2#`sBg-^= zvO(u|m0YxVbKcv!N`jETAt7K*_S#3a5Mx`jvsN?d{f|lUIb@L#Xw6;y`X2_g4I`(f zVTp;5FQd#$_!d9Q_oEf1u?E47?suo!OXGJ1$9LYO^>R-T!9 zeGTR#rBkh)Po|^FyH{nqBR%zfsvnunloOs&^|yU!)LNTBHy8v&|Dd@hKDo$rS4$fw zC0p(~`tj{8{pkJJXBY?n%T)qGxa-b8wcQ~bJoRSuIfZ$OhtRs{jMy<9ZieV>pvHqB=S6|H`>Ah4s_K>x z3vci}H-RN4SS*>_JboZ`@{C5gIeR?c>aCR)7oV|Dw@jBbzJ^n%ly67w*P))dQs<%CvuPQhB{y{WKg zleIZlJ+9KBs+~)cjqmocmk5^hW~`j>bv;3dSRjN+bWVUS$nvf9JI|J!^Bk}`A0Y4~ zn>m&$mtHEsM<45nuj)I@cGB~+CQ?OL;aHjtuG%O1MgD#1dS3>`fl2*|y?@>%`-H0; zZ8M>ad!x*0#oT9V;zcjD2eRIM^y%)Ask3iyv&ITbr*>@)*&FkUJ)BlIxA}S`RMGjx z#kCfbna*Z+1Z{gKvWNSPJ8M5g-hrc#MW!~)D9-l;l1o!E74JNnzy3D=KAy)cI5p0& zn#HT+YfEH#`C5J|ds~#(oVdCc?{dVR(RG)lxMvQhK z;)Z0bnlphdxqG*QzvI*NaJQ8_d2ZMvH$&bB7g+h!dOG*iN&GKKhGi9{W3}w6~Q2 literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/wildcard-cert.certchain.pem b/cpan/Net-SSLeay/t/data/wildcard-cert.certchain.pem new file mode 100644 index 000000000000..391801bb71f2 --- /dev/null +++ b/cpan/Net-SSLeay/t/data/wildcard-cert.certchain.pem @@ -0,0 +1,62 @@ +-----BEGIN CERTIFICATE----- +MIIDjzCCAnmgAwIBAgIBAzALBgkqhkiG9w0BAQswUTELMAkGA1UEBhMCUEwxEzAR +BgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsMClRlc3QgU3VpdGUxGDAWBgNVBAMM +D0ludGVybWVkaWF0ZSBDQTAeFw0yMDAxMDEwMDAwMDBaFw0zODAxMDEwMDAwMDBa +MFYxCzAJBgNVBAYTAlBMMRMwEQYDVQQKDApOZXQtU1NMZWF5MRMwEQYDVQQLDApU +ZXN0IFN1aXRlMR0wGwYDVQQDDBQqLm5ldC1zc2xlYXkuZXhhbXBsZTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALLRNAISgdaTgnQ38B0FJCslZ7dWJENm +p2xZ31+kzEgYOoY6n5U1ME/QzdXo8kn9KIa+LuPMQWXISGqS1LgyUabQTRqY+o9l +KKZNuDseD8tdoPFVTLvVkV2nieE1kXZE0T+tMZ5bsUs68Y/7utZ24z3d4ckz+Fxb +k48nEBHAvQhicv0pij7GKKN1xueUAylRe+1h1g0kjQsV0lIRpPkgl08yeBV7iUUj +JrXu4ji5X2h4f8js+2p8Qwce25UUe5U8ZUpx/MTJ2tZSPfY19A5DcJXChuBeKMsM +tYI3GAOjcJtZAcCMmDyTAdAn7u4rFak6BTqPfl++xc4uvGe62cOJ4XkCAwEAAaNx +MG8wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD +AjAdBgNVHQ4EFgQUMIxo4PcrRZLCCEufAhE9EgM1J3kwHwYDVR0RBBgwFoIUKi5u +ZXQtc3NsZWF5LmV4YW1wbGUwCwYJKoZIhvcNAQELA4IBAQCPTVntOhLoKlEipQiB +t/VVrxPbo3QTTwvAja4tjWC1zIckAbTS8yyEbgLezhimlYJFEa63mOVDHeD0HqAw +HZ8FhL/LHBX5HJLrYRA7ni6rKE/I2i4bMa+F0gdvXbEhWUnZ/zQ2j39DNSMPnYqw +KGykqKSJlRqcKO+y1H5+Vn9DrUmFKtUxaPmiYL2UkAUzbFXVUiDUe0QN2kUansji +6K6qjVYaOXEe0CH7wejrCuRU8Xqo2t4pXs/Jax73FK6KEMAzprMrWW+RyltseZ/R +88P0ckcctjq3xv0eiXSlCp7CSIJj3q6IZSOxPEsL4+4XuqchEAZoFXDllJxW2iek +LWJQ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDUzCCAj2gAwIBAgIBAjALBgkqhkiG9w0BAQswSTELMAkGA1UEBhMCUEwxEzAR +BgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsMClRlc3QgU3VpdGUxEDAOBgNVBAMM +B1Jvb3QgQ0EwHhcNMjAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjBRMQswCQYD +VQQGEwJQTDETMBEGA1UECgwKTmV0LVNTTGVheTETMBEGA1UECwwKVGVzdCBTdWl0 +ZTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEArbBQg+3l/SUFGDENvpvTPnp942njbsrkcfpmpfLQPn9GsMll +GYQvG7YqN2NV44rEGlFTRkhDYVhni1MNoe3VnGRzNknSoCmvhjqiG8ojZTIzj3/a +OIYNiJ7RPei8cqgT9WUjtcsnHLQq2tPIy1Mm8bE9BazNeFHCE9/B8u8y04Ks2+nu +sxMrhpFA89eHNTs3Xt6K7jpx/FJxpYAQkkfkLvADJ//AnFF4utQfqP7QKHGE4V4U +0+6XGMCZ/9VBIy9sn8Vj0vY80jHgug4hZPpgc2NWSprfI6prbWhC8l/qLGR8hgeo +FU5rVR9KE7LR3FnA6gekv4A66SdqF694abnvXQIDAQABo0IwQDAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU1dNN5Fm5XHX22XLzm9z7 +7oAmkW8wCwYJKoZIhvcNAQELA4IBAQB+oK8jmUKMZ7YItcCAnoFvcY4pLgGPcnAT +h30Rc0uUUUcVB66J6+YRHFVWA1X/AgyWI9Jxq/Qy50hGye2fdZmxBa3j5nbZlwAU +2JylwYigjhNHD3CUxYFInxKSaQKKnzLsjazn8pjLUvJLdPuO42l4RVYRJlfW/TZX +vc4Qoql1xN46C4eNjewzW76BzqyykGjAR02JhImclaciZ+oOz04jp1bvMwfYwcdO +7UBROGqUuamfS6URU5rpMkj6Z/2Z0TtneO9nIhTN0P8dxxDTxoKDDko5KOOzXrAO +nDCAamxvxhlxLcFbog3rTGaSvY0JO6T96lepvnOuaYEuRx9oyj37 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDSzCCAjWgAwIBAgIBATALBgkqhkiG9w0BAQswSTELMAkGA1UEBhMCUEwxEzAR +BgNVBAoMCk5ldC1TU0xlYXkxEzARBgNVBAsMClRlc3QgU3VpdGUxEDAOBgNVBAMM +B1Jvb3QgQ0EwHhcNMjAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjBJMQswCQYD +VQQGEwJQTDETMBEGA1UECgwKTmV0LVNTTGVheTETMBEGA1UECwwKVGVzdCBTdWl0 +ZTEQMA4GA1UEAwwHUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAKSF8tIItlPf3KpLzUgI6JVW/d/+LZP1zYedrDFFXjvZu+4uFxE5zp4vczbX +k+jhF0TZk292eStA9kVMDePVMcGwjNF3Up99yYisFe/h4ovt/w3Op9b7KS9xy5Vh +fUNqxphHIUS4/S9+7o9DUjqNP94EszDzFu8R3V7QXdDE9pSn4UZMVDTozpeu+rLo ++FOkd7NQIJMSKOdCv1HOhcFuuj+4FkLlo8k5bDgEVH68xTOL92Q4sLwubHEWl/Hf +1IA8POwoOVLtuLj4GyIrbqM/Yj779kmRX+LtjsJ1kAmLhsh4T/XhTaOyqz/d253v +OE6hM6pM0KsuFLpdPDJynpSHoQcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8G +A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLzOh106FMJ8u/MANb7SZ5Z+swVrMAsG +CSqGSIb3DQEBCwOCAQEAXU6HGU8ThUuJz+KCSNYaO3HxxFrNH2pFWwrTjt2tdBLk +uDvicaquwUzq6zetEys7v70WOCprGB6uARiet1vU7dg7cmrd7eWibMDNoKdcPNML +oZLO29WL+hvGTx/UD0o0j7l+ab2XB83q73mNRlqRBXZkkykaqWt9qy+LTvI7QYbc +ZoONmVE1wbq5c3R9L2aa27uJsfLPAErjr3mpnNtFhJfULv+hpmXHVukhra+VUkyp +jTiY83ad8ZHfCIxfZ+MUCcWNGj7G4Rkfd27MB7fDEQlisaSk8B17FK7oIqO/NN4E +w1SHQ5TRZSmbOTGIfZtS0KaTaZdZtBNee5BEzQz1sA== +-----END CERTIFICATE----- diff --git a/cpan/Net-SSLeay/t/data/wildcard-cert.csr.der b/cpan/Net-SSLeay/t/data/wildcard-cert.csr.der new file mode 100644 index 0000000000000000000000000000000000000000..81cc89790630e019b8806f7c89808f6d031d78cd GIT binary patch literal 669 zcmV;O0%H9zf&!T^f&qg90RS*oF$*vW1_M?^V9WWaP162eA3=}FZZe?^Wb8~EEVR&LNQUIoz%t#nIhB}{>H84-m&DH4gN&P5>zAod;L1oBDYLe8rGEt_`O&XZ` zk7X#PO}INA56fMk@l{N_)sbDNiQzSoc0|!XtudZku}eDfkNdjTcH=$W;mI@jTw9Zm zClC?9y$E7*{V9q*#weq8#^;m+DN%dvVb%>KjSCghQW2#2AeT=vcolnzMI$D)?&3JP zUubxL$n5)Sd_xBw+m#f1l{{rias0%|+SXD%_BHelLvWSChTvW(%M7)GHy8t>aGO~H zz>JtYlL62t?(QoUsX7HZkA7di#m+9gXS&(LiQ#zy0|5X5pa3un1_>&LNQUlr*_U84i0fRLL-@#fRg+qmP=9~?&9&Nj&E3A+J|h^7^3?6$Qc#udmPbfDsTEPY(Ub-KVW8!OU3lgZ>qmV+_8g#`Q^R_ zB*d1|K9hJhpKL=vHOWC~)z)SBP~oWCa{ow-Eq^)}w$-Fj!rFLyvNJ*uqR+_88&Qq+ z;-xOL(kmO*85mqOoA;(&Q~sr~j|?Dl)tH0O-$>OcZ%9v4Se>-Tl9DEp)YtzO7sn=Y zq;iHqGy99wYnmsc&{6{_JEFYag;G{8%|C(wI){$Ls(zdEf17;1&FloPa*nwplsmmj DAl4t1 literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/wildcard-cert.csr.pem b/cpan/Net-SSLeay/t/data/wildcard-cert.csr.pem new file mode 100644 index 000000000000..bbdf51bd6d85 --- /dev/null +++ b/cpan/Net-SSLeay/t/data/wildcard-cert.csr.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICmTCCAYMCAQAwVjELMAkGA1UEBhMCUEwxEzARBgNVBAoMCk5ldC1TU0xlYXkx +EzARBgNVBAsMClRlc3QgU3VpdGUxHTAbBgNVBAMMFCoubmV0LXNzbGVheS5leGFt +cGxlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstE0AhKB1pOCdDfw +HQUkKyVnt1YkQ2anbFnfX6TMSBg6hjqflTUwT9DN1ejySf0ohr4u48xBZchIapLU +uDJRptBNGpj6j2Uopk24Ox4Py12g8VVMu9WRXaeJ4TWRdkTRP60xnluxSzrxj/u6 +1nbjPd3hyTP4XFuTjycQEcC9CGJy/SmKPsYoo3XG55QDKVF77WHWDSSNCxXSUhGk ++SCXTzJ4FXuJRSMmte7iOLlfaHh/yOz7anxDBx7blRR7lTxlSnH8xMna1lI99jX0 +DkNwlcKG4F4oywy1gjcYA6Nwm1kBwIyYPJMB0Cfu7isVqToFOo9+X77Fzi68Z7rZ +w4nheQIDAQABoAAwCwYJKoZIhvcNAQELA4IBAQCnds4bDg5xOEIjmZWAkvwklktS +IO8lmiMv38RuD1EKOvPJgyBzXxZa9gXz1axM1PTrxmz3jm9YXtqHbNQYovr6yBkV +63sc0Woqb/ovbEDSxz9gZo1LxfTOb6q/Rdyxg4L55b4GJMSW0j6TeDafbEM/NclB +adXWZfhQ4ajbcv9IjC1/Ohe21aRRwtp4e7IzQhCiz8jMG1GN9uKlLrPSKxvWGRhc +NZv3pl1T/qWxjwwgc9WYg9DfSNUob0hPUlidtMeSkiaS1Nf/FhfHJnKkcoZBM/uL +1GuaJ6PQUgMpO6K83oVSVi/NP4IAOoeOxKp+m/N/m3y+zewEr3KOuSOUO71K +-----END CERTIFICATE REQUEST----- diff --git a/cpan/Net-SSLeay/t/data/wildcard-cert.enc.p12 b/cpan/Net-SSLeay/t/data/wildcard-cert.enc.p12 new file mode 100644 index 0000000000000000000000000000000000000000..6347dfe616c62aa7eea3ff53ee19e77eb7cb1660 GIT binary patch literal 2739 zcmZXUc{mhm8^(ubEJK#T$Ue5wk!2WB7!(O9V=W9BG(wgz*|NDlPv5k zg#<7TNC3MsZD#}lSn_YgR!9IoWm*}mECA+6`Zr-gh_iwJ)4fh} zQ8@BgG0F!@@=HMYo^!2vrhb$SY%0F;A*6z3dSrj;=#19swcbD@r%}#X;WrO%uIM{& zzjM_t{+K|exxcLU;-mB%qf4A``c8daH%|~0PYXQt=e+XzqmVClkOfr2eE8Xp zNRNa1-Cg)~t2bl$AMxra^&J(DqpumKl}R?z?~5d>h{+53L9Mg*<<;3Va;%@UKefs8 zzFCROPuvWwGGM2y2KP)6KyGrkB?zk7nUsV-E@*Sb*&0MXNT>c#rpG#j%2d(1{?ga1 z)w|E0ay)-~w*!3qHiSlYR@xk>oZ~{k>?bBl;-?C*vIQk4+}0X+8p48=r+hTq>vt9| zi^-)*S*TH*tlEYLM69jg#HjJwItqTo$#u^viP)`npV&MHX|D7Z;kyu!=`#{;Cv_-t zIUD980;I}8r(zcU0yA|L{Zbn4?6wuNu5TtOn{Q#CENMIG2GFg-dgqYd{UWt`b`dB8 zLy+W&13F~XRFs`K5sH-LP;|A><)E%Jl8Z&;A=MA?LUZm*?s|r?iaM=bv9@&4ZDY8l z)ku|z0jc^cxKZH2vjglk<=4IJ5>mDMDWvBH==kGRZ^>JKiP&>^XFwcU#xZN~N7Fo* zeg(7={X~>bsE=@nyL+i!@s910$g_J>W&y|iqbSbR`g(rI#lq9r>8&`;3@6of(Dp_N+L{FsZr)C!KiA!(ylIPlUTZN|Gq^oGo92G$ZohzFpM**7= znpH}wN0@nMBQEA%i^qXcDE}T>te>Y{3z8SANlLkHR&<6ELY3x}-QnSgv((}rN8PAF z)1g9YSbVUgHGjc1GK^rwkee3vMHqZop&VqX)~MW75#bp4t%67}XOn6aEkh3#Y(@yRuosnk7ZL=RQUO3Dd{MK`AOX9Fb8yaEZ8~j?U{mxM= zfd7$~#gnKXBS&a|6)0>?cs&`D!N9!ML7u5`&Z4;n876y)UVi{KBU`ZtY!BBT<~l>K z+uOL>eU=j$&8vwn@V1QAKoyoI*8A;H_=BMytCxjwWwWWC@y8k?GTiQgjt_H_fmwSY z!^=Cu24hlon!)L?uVF>7lcQzwM&K76jtO!Zs>x4CS+rZqCJTO7(pUD%Hfqn*xsYN! zGk8N7^D1{gT*27pLpnc_TiZP!f8=vgF~9NF>BtvT$}3RzLuj+vpz=4`(%UL-_?t=mJiS~mpFrpM^Lc6S#Ar8=NsgQSTFK>EuKQt`O8W_+juK*+FyW_BOGk$41@9U~AU*_T- z3A9qVD+g5#c?Pa1FRv4-Yls$#@{<`4U)NbsD#S5L4QdMfnE?mseO+nFri0&t3inNV zIQo708pY&iKpdE+|(R`2>2!TF&#DE3#q_D6elZcQgV$a^TKG-1})VFjK8 zJTRrRQ-#MNmy+};Lmk5HxtBuNT!c8^xZ;Ykb6B`Ng_Ga=>mNYXHYgnp*^&pr?LHmT z=@)N?;u!_Y-BErPnz@ONQ>pE5WwuOp*k>!6wA_)5KG*(BKy#ncp3d0v{d~ixe~V2IYS~fhvcXJl;QSvk~#88%gHum*pv6gS}@<6)Jl$!Kl^RP{O4K_7Xz zcy50_1;wckhhEYf%-`sMeC9X84%eS5C*%jWab7fVG8`0x82bk%Mt) z#uIVxS?SYM{hr~1nSy6}1Z@_PTk}h*(FR$=N%fzKtM7|vOX~(CLM#JQseJx}=llB{ z>6z&Kmk_m>G=%Jb@yIEp1_cWGu~U36nTImi_%oeb%v_1-`U3oz?>~E<035U9*Zr@J zU;b^T_5}DM)DY4LPBzdPo)fI1AOKJhUQ6}A}3fKizTLdFRgV0Ir!O&LNQUrr!ay9qXGc{0)hbn0J70E0uq7N zlY(?N@ErvtDB8SGx%IvlaD755x~6&VsiZ{iay3DqjkpTlmjVId+lM?4J3^V71B}>r1>D1PcnEF zdx=FOCbjP3IJsYFcz?+3`)Yhc2Ois%6nm9CWlC}U#L3#$Qa$!H^bSLCmBNPLUMR~9 zwSqSo1EX-8SpmR|m^_mK&?oNhD;23a1v-y@U%ti8F1%;D*~5w9c>)6g009Dm0RRKS z-@mPB`n>j$06sQ04f!-%wxI&KLN@|Y@1J1hg&eV3a&S4|xd-gQ@1AQuKr3>N9Eo8W z{S1}uTk=YOkaZkOisUWb2T3p*QD!*rCmn2!w)h&kR>|xHyY6=dP*gx|A+C*zFr{cf zS&*m$FDrF-($*V-!O&bm`<4s>P2*1>>#-h_no+d((G<6W8XbKNLbD=92B8iub_`YI zcgd8@Z3}%WSUUO)h9~dNe6~t+sI==-p4BEYH0%M;Od`3xh$sbCgr^IUNOa$}JiDnW zc^hCc#9J?8mLEG)7v!Mx> zP8zALTpIfo+D8I` zfJ^d9Pt3(5gN`?*N(z4!_OgTJ98n#-2#DtC>8Y1SL>meVbM*QYZuRw=-G-XjH4G7 zuGz_dsm)vogJJhL1u{J?ZHrG7s%ClIm%}8pXV8LF=!X0X&hA-~d|N4v{eYwo`=nO% zN@n5R+{=c^0Q$&c*Cy5Bmgc(%eHtW+#{JV%MG_sy<2Fi9{$O%0SKOQUx<}>2xn2Z~ z0)c@5lGM&c#INjjz5@pZpGZ&Wcns=0X<4|4hAUUrm-^}B{kUoqds)OK;9gRkHvLbyoS33!a f$R;gnRo9GkUG$YI4+6?vK@!E92o*KS#4NEP8L&g? literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/wildcard-cert.key.enc.der b/cpan/Net-SSLeay/t/data/wildcard-cert.key.enc.der new file mode 100644 index 0000000000000000000000000000000000000000..d35aa07d8404084c3fa34321261a1334f0bf17f0 GIT binary patch literal 1217 zcmV;y1U~yPf&{$+0RS)!1_>&LNQUrr!ay9qXGc{0)hbn0J70E0uq7N zlY(?N@ErvtDB8SGx%IvlaD755x~6&VsiZ{iay3DqjkpTlmjVId+lM?4J3^V71B}>r1>D1PcnEF zdx=FOCbjP3IJsYFcz?+3`)Yhc2Ois%6nm9CWlC}U#L3#$Qa$!H^bSLCmBNPLUMR~9 zwSqSo1EX-8SpmR|m^_mK&?oNhD;23a1v-y@U%ti8F1%;D*~5w9c>)6g009Dm0RRKS z-@mPB`n>j$06sQ04f!-%wxI&KLN@|Y@1J1hg&eV3a&S4|xd-gQ@1AQuKr3>N9Eo8W z{S1}uTk=YOkaZkOisUWb2T3p*QD!*rCmn2!w)h&kR>|xHyY6=dP*gx|A+C*zFr{cf zS&*m$FDrF-($*V-!O&bm`<4s>P2*1>>#-h_no+d((G<6W8XbKNLbD=92B8iub_`YI zcgd8@Z3}%WSUUO)h9~dNe6~t+sI==-p4BEYH0%M;Od`3xh$sbCgr^IUNOa$}JiDnW zc^hCc#9J?8mLEG)7v!Mx> zP8zALTpIfo+D8I` zfJ^d9Pt3(5gN`?*N(z4!_OgTJ98n#-2#DtC>8Y1SL>meVbM*QYZuRw=-G-XjH4G7 zuGz_dsm)vogJJhL1u{J?ZHrG7s%ClIm%}8pXV8LF=!X0X&hA-~d|N4v{eYwo`=nO% zN@n5R+{=c^0Q$&c*Cy5Bmgc(%eHtW+#{JV%MG_sy<2Fi9{$O%0SKOQUx<}>2xn2Z~ z0)c@5lGM&c#INjjz5@pZpGZ&Wcns=0X<4|4hAUUrm-^}B{kUoqds)OK;9gRkHvLbyoS33!a f$R;gnRo9GkUG$YI4+6?vK@!E92o*KS#4NEP8L&g? literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/data/wildcard-cert.key.enc.pem b/cpan/Net-SSLeay/t/data/wildcard-cert.key.enc.pem new file mode 100644 index 000000000000..83d3cd722148 --- /dev/null +++ b/cpan/Net-SSLeay/t/data/wildcard-cert.key.enc.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,22A87C4E10CCE3101EA266DA88CEE247 + +DHD+x+cc/q4cUaEFbb0dKp8GcR8KZAFo1zKdaM7KSdQq7yfevts/AqkrKqhxcSjV +pqh1UbtI+sUQ31ygh3X5+BCoUGfSDX11jr1OTKlTgBa2KZkH3QzXIGTX8hGd/2ZI +RKDq6pPCtQfaEEecNlfafZ7R9brFcZ67bQFDAGodITt29nNIhW3/oT/gbFC9v+Ln +Da+I7VJV+zKu9+2HoVobA2HxQKeKeF0QjnMylIy/Heqg96TF1QQbG+g7OWr9SmSN +vddERLecFomMQQCxS+3Iyk2hKVw6gw7nvKOjRfcNU7U4ZQZwpu1U3xqGg+cdvtVe +raM1WpfrhVwydJvTgbMLeGjN/3rw3F7W2mN5IUIvVa+D08XrtItynbOgPdiGzQQ3 +tL3ivVoMECxgqaCeB0ogkMg1/aIElhLwUmSWOWqI+0aF7+8zfNfoWTPkvd3OcdWg +Ltkgme5ZRm0ZFNSs8bxlwQ1u3S3AQXX5gslyBWFCCvg3dppN7b+4zGa26XoH32vH +OcGA2dZDBfnuB3YE2Cz+IdWncqANP4/TZJraU95M6IZ6IVWOzRfAzMYm1Wl1xsyx +/48vv3RleB0mvsTwcRgmqPpGzormzwC+/y75ph6IKlluoc95w0j35j/bHUzsRPF8 +Ad7BEUSB7CS8+XNZMygOSAJG9t5ah5nl81EWX8ESHRWQAyMOxA9jdlCYO3KaBMEV +XiWVvEYKx1bWTHOhzoTBXV94E0NLYB94dpFN3qsCwNbuqY47fGBIioEKaE3fA1SK +x5an9HmtaB3nqgJDv+bCAYZJo8EEd5FXu7FkgcsemFGrxqMNvfJvnSjDRC6gyujX +RG3lT2QZS7d77CFlaGQUdiUqTLbQEZn2SMrR4k622gg7A0deuThuFLeF3f5yxWxk +0XuyNJ2cj0YKPocobV5+itdgwrA+opxfQO6KxBHN69UCKTdgF3Cbq9o0JzYBKKpA +Cb3C37ilhOHFvb+JkKIWLL9A0huc/Qut1fqIup6FXlp7aYk9iBXTxQmJTTAMUL3M +W0X2A9k9wIeccQLJU0mohH+Z+D236MQiC8v8YGTFD4+tSI9TbzgNBspf3xiw69yK +G03z30yjoRDbmwLAyKeoGzV7Hf3Yi4i56kuCkkNc+fsFZqgPuDAHWuX5Xn8wO0MM +DH60f2rOiPl9eJTCmGHoRPgY4AwSSG7WpiMIGh7HfxFUfrcJu/vyAhZTqYvcm4Iu +ItXbsN4QAb4OG3ydpwPFkR/TIIteOsM+x8wiS1uDyxYxCkES1OdqSiJc4ffru5Pl +XF8GR+3VVxs4TeT7F+sYow8lc23P9hx5BhX/u/s1h3jFJoAYrEOVvebnwtqzep0F +iUEQAyU+eZHg81CFyfp9jE+x9m48ET9nnPUjwOctXSqmwKUyyc3/d3RlwLCYBO4q +7syMhmMKSg/QofGpzlbRmOYRNnZb+5oYS2u9QLj7FLOAlJTSifiHSSRlhPgikGzy +qrwSdQjagqx7mgW00FDJlddTnuYg6fA6JTuiyYjo6cVMB2l70cbGgxbwqNP/Bzq5 +ULW4chlEp8jrVgjqqa6K3toNAww4dcrcMNJ5HkiJbV1TPPyAdvEGqUjlOuVRJrhA +-----END RSA PRIVATE KEY----- diff --git a/cpan/Net-SSLeay/t/data/wildcard-cert.key.pem b/cpan/Net-SSLeay/t/data/wildcard-cert.key.pem new file mode 100644 index 000000000000..34f272ac1276 --- /dev/null +++ b/cpan/Net-SSLeay/t/data/wildcard-cert.key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAstE0AhKB1pOCdDfwHQUkKyVnt1YkQ2anbFnfX6TMSBg6hjqf +lTUwT9DN1ejySf0ohr4u48xBZchIapLUuDJRptBNGpj6j2Uopk24Ox4Py12g8VVM +u9WRXaeJ4TWRdkTRP60xnluxSzrxj/u61nbjPd3hyTP4XFuTjycQEcC9CGJy/SmK +PsYoo3XG55QDKVF77WHWDSSNCxXSUhGk+SCXTzJ4FXuJRSMmte7iOLlfaHh/yOz7 +anxDBx7blRR7lTxlSnH8xMna1lI99jX0DkNwlcKG4F4oywy1gjcYA6Nwm1kBwIyY +PJMB0Cfu7isVqToFOo9+X77Fzi68Z7rZw4nheQIDAQABAoIBAAPC37+taPq89pEA +PjY2Dfk0W7ahArlCNwJR759g5YUcsVpycDnguQfswe+eaz5AK3KOHIlhGf0Mle1b +8kp/kHUcS4rkLd0HSTAaUWY47ycdbI22+Bq5VsnsBLvudwVQVEBtIa6NijClaEBZ +kKgDLyt1d9LWG4LB0FxB+5YMAk3jTyDrsR6TmlG099EUt4IaHX0NQrMiRgahDi12 +DFXkd8mUzG0LfSpYOvoMhifvzny2SnOotOtTntUmMjTsAdBMIrm9iCgFVoSnC5FI +dN+2PLupKXkeuZXmsag7GWpBO2v4KKzwNXBFUUmWTeWMzsxpf5NxG3ABrb8/s3rR +OkF24eMCgYEA+dbonSu6aEzq1qejfUBvt16/4cCjfyVvfvnfHK2GsyQ3ZNVS+WWn +VtcZi7ot4JFN6ZWSdlAarlMWPCRXO2xzl5AySH1LJlx1h68NTGTxIsXgYKp7GD7h +dloTbBkRLAS8EOWzPzfoyi+EvMTP43imyPYoyHZhP2aqyknlpjvYhj8CgYEAtzn4 +3Q22QGt5ejj4Ht/x6F41i9tpiEwlYvDmtT95RBPYEVRqoqkXGRSwV/y9vnFA12TQ +zVZzYR5wjcau0H3ZPA/QHLsZlEHb7aazoQmXThwLKoW0gZ73bExOFDgT3C6xntik +WcPODF/+YdKvWbR3YZsX5kSG5BupsfNcGvsV2kcCgYBL8kpPzMUjg443pkoKfxX2 +tfS6WWbZ9bVI8gginZU+y5mTK03HxmDyAv0e/n+HrmPyx6b4FC2oJFWz/pAN3k/d +GNZQNtYrWRvZHRt7x4uNuH0WpXw5yJOc+JDC4XPY36+Tq1+rrgEzxPIit+lCCqEY +ocuP9HxnW3w7de87cyHE3QKBgCgV9M5X66GYYdFNmWsXz5Lo2YopjKMXFa7ZyX+p +zVwJg2H3OAUyPS1ti08UqmZ53JfDJLNn0IJU6Ib8Cs7uWZJ8WymN/YCkD/ukVvRK +ZuHd3MuGyQD6yGLXJtXhlua7CH0aJIrG/dNTRRIdx+M2Sk/+YHIuV9yb+LpH5cS5 +XgSNAoGBAJLUzkXEr+x2vgMHBZ9IT+h4DOo7aVm4iIYrV9aX+uaXwysQSW+KfkGq +BmOh/rp2pqb4l4oKvXhj7R42ORLzdeX/F5oRWh4lklSgmYFGPd0/kD6MIaqD4I4d +jUZ1siJ9NVc7CYjIJi1qVdeMdF30lSoPAspdQRLFmggVNcnELLEh +-----END RSA PRIVATE KEY----- diff --git a/cpan/Net-SSLeay/t/data/wildcard-cert.p12 b/cpan/Net-SSLeay/t/data/wildcard-cert.p12 new file mode 100644 index 0000000000000000000000000000000000000000..144dc52633bdfea08d6232845d76354a38492bd1 GIT binary patch literal 2639 zcmeHJdpuP87T@gTYoMqh$p zbSV!12Pmh4*h1%FU~~?GXFxD2z7UN9QA;if->iZJ$kUhr$>GpG7@RW7!_`kN>2_fFn_Ow)nlyKUB}k54=N4g3~VoHcT{5uSp{NK$i4Gn z_vn<<0$q5+Xt>>u*W$P*`^i-kPf4d6_2lOa9$n&g)siOP=3hAJ<9e+-%fB>r$TTZv zLzhj3alT)b3u`iCzM&^(cwPTc>+0EUemNQX3W~QHWp_j_7^GP@(~F~<|DKCB@Jx8e z?IG!j2$aWL6ieo`^W071C<&Eh*++=)2nPe`ZNwVbTn$|uafSolNr1Tx$>?^sHshMu|? zWK-%s`cx`EFBT}f6K;v5Oi^G>`w>0x%Ht2K4uzv$cBo0ju!Ews?&OHQ*5EV^3AO-x z=w_QHWll4DjH_UoZ*+<7-qL5JVO)9mu?*k8N{8dr`(=$;MzX!>a`|&Jg(YMs-u7lrbLY7o@MvxmoRsD7^j?omVc{MIf^lIw0xPm za0l0f0HAD4%S1ulL;ig3M~MHY64`hMEf9zWLVz$}7qAoH0+Gm@iBLR*5&$ef8;AzN z5iT6TB7t}y0zr9*&MHI_4)BrZSKSaG2(hzdV@YEP4@T$^ARL0R!f!5@#t}9a17o8Q zn2)T`?`IAo#N0*(Q6mZj{;lnhF;$94iV?~G8}Do5AtwQ#?+o0m2>yKiQx;%tW=5J@ z<5ydRs$Xx8@|-9L96796wKXzg?O?sk+uIZQq1LvH$m5!+T=fN__?_RBb8=?1rc2r@ zX1|ORMD+}^n9$b>6V=XA>)EYuG1tapu^!&Gdv&CuH0VOGEhn=K{R1O9_HmB}e7kd- z-TVn6%5B(Pd#s9rFp#1$=L#t?m8#kS_Q?=@hBb3K2%D`auf{IT3x$n5KpTYzpg5?RNrG~89Gb< z>Ah)$gQwF8w~_RY_K@V9eHsy9#Z8;){aq}(n4w`*N(wO7GkT8E5bXMEPib+IEx#_{ z=FqL;c<+GgIR8G#Mv<(RH>JWm7cF z%5Bj{DoL)pCUx%(29_tNSr5f*RSr{ET!p!=Fj8$}KKkH?L)V)g4aZ4ZKG9oZxHduM z51d9Mmd}JXOEJ`~o$V*p+J?sOx0t03OpXSa9(x{g)OE#<_pfVg;x{NiQ}o_*{-UZn z`DfqX8gJ~geY&gjAv=moix4$SJCk~??ZmMxCehZ9=8|=rZN(-hOZS!QFe+x_OiDbxaOG5Lse=hS`4ESXuR=Tp6yNqXtt zuh!#X*2Cav^lE7&+&?C|nxt|eacxV^+1boHLs8ELDswJvza#}$H%;l*y;+YhQY&i9 zm`>d7muMM1VHu^<)Q^Nfr%ZSFjuoBccDbDjReh8_+M8yOUaU%y_O>Qpe7H^SAa}+B zYqE~H_n14mJShG}-d(-w-JP)asPH#@$2ccD(a%7%@MDSmdB{b*6R)qyCQf7r~~eK9c7$oIvW*@jIcP4xj7(NZR|pL94hRlbe6 zftJA*IJ%F<5r4G|;aoi`Wcc>veSV#Hm!aUqPdi{&j@wzZ*bpO;%;u%x8{>AqqnWK$ z`Vc+xMfJ4eR@#be@4{0l8`t&QWLl@|lph>Ct|i(SeOWij)Ynq(Xv<3G9-pV_0{>~T zp*-q=zn#*()3OxP)}~ceI{&+qmc1u$gulfGU2g7Ngm+Mg13SG*xT SW049mvP!N7t@0ly+5Z3?dkiB0 literal 0 HcmV?d00001 diff --git a/cpan/Net-SSLeay/t/external/ocsp.t b/cpan/Net-SSLeay/t/external/ocsp.t new file mode 100644 index 000000000000..6b1367a77446 --- /dev/null +++ b/cpan/Net-SSLeay/t/external/ocsp.t @@ -0,0 +1,263 @@ +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw(initialise_libssl); + +use IO::Socket::INET; + +if (!defined &Net::SSLeay::OCSP_response_status) { + plan skip_all => 'No support for OCSP in your OpenSSL'; +} + +#$Net::SSLeay::trace=3; + +my @tests = ( + { + # this should give us OCSP stapling + host => 'www.microsoft.com', + port => 443, + fingerprint => '5f0b37e633840ca02468552ea3b1197e5e118f7b', + ocsp_staple => 1, + expect_status => Net::SSLeay::V_OCSP_CERTSTATUS_GOOD(), + }, + { + # no OCSP stapling + host => 'www.heise.de', + port => 443, + fingerprint => '36a7d7bfc59db65c040bccd291ae563d9ef7bafc', + expect_status => Net::SSLeay::V_OCSP_CERTSTATUS_GOOD(), + }, + { + # this is revoked + host => 'revoked.grc.com', + port => 443, + fingerprint => '310665f4c8e78db761c764e798dca66047341264', + expect_status => Net::SSLeay::V_OCSP_CERTSTATUS_REVOKED(), + }, +); + +my $release_tests = $ENV{RELEASE_TESTING} ? 1:0; +plan tests => $release_tests + @tests; + +initialise_libssl(); + +my $timeout = 10; # used to TCP connect and SSL connect +my $http_ua = eval { require HTTP::Tiny } && HTTP::Tiny->new(verify_SSL => 0); + +my $sha1 = Net::SSLeay::EVP_get_digestbyname('sha1'); + + +my @fp_mismatch; +TEST: +for my $test (@tests) { + my $cleanup = __cleanup__->new; + SKIP: { + skip 'HTTP::Tiny required but not installed', 1 + unless $http_ua; + + my $cl = IO::Socket::INET->new( + PeerAddr => $test->{host}, + PeerPort => $test->{port}, + Timeout => $timeout, + ); + skip "TCP connect to $test->{host}:$test->{port} failed: $!",1 + if !$cl; + diag("tcp connect to $test->{host}:$test->{port} ok"); + + my $ctx = Net::SSLeay::CTX_new() or die "failed to create CTX"; + + # enable verification with hopefully usable CAs + Net::SSLeay::CTX_set_default_verify_paths($ctx); + Net::SSLeay::CTX_load_verify_locations($ctx, + Mozilla::CA::SSL_ca_file(),'') + if eval { require Mozilla::CA }; + Net::SSLeay::CTX_set_verify($ctx,Net::SSLeay::VERIFY_PEER(),undef); + + # setup TLS extension callback to catch stapled OCSP response + my $stapled_response; + Net::SSLeay::CTX_set_tlsext_status_cb($ctx,sub { + my ($ssl,$resp) = @_; + diag("got ".($resp ? '':'no ')."stapled OCSP response"); + return 1 if ! $resp; + $stapled_response = Net::SSLeay::i2d_OCSP_RESPONSE($resp); + return 1; + }); + + # create SSL object only after we have the context fully done since + # some parts of the context (like verification mode) will be copied + # to the SSL object and thus later changes to the CTX don't affect + # the SSL object + my $ssl = Net::SSLeay::new($ctx) or die "failed to create SSL"; + + # setup TLS extension to request stapled OCSP response + Net::SSLeay::set_tlsext_status_type($ssl, + Net::SSLeay::TLSEXT_STATUSTYPE_ocsp()); + + # non-blocking SSL_connect with timeout + $cl->blocking(0); + Net::SSLeay::set_fd($ssl,fileno($cl)); + my $end = time() + $timeout; + my ($rv,@err); + while (($rv = Net::SSLeay::connect($ssl)) < 0) { + my $to = $end-time(); + $to<=0 and last; + my $err = Net::SSLeay::get_error($ssl,$rv); + vec( my $vec = '',fileno($cl),1) = 1; + if ( $err == Net::SSLeay::ERROR_WANT_READ()) { + select($vec,undef,undef,$to); + } elsif ( $err == Net::SSLeay::ERROR_WANT_WRITE()) { + select(undef,$vec,undef,$to); + } else { + while ( my $err = Net::SSLeay::ERR_get_error()) { + push @err, Net::SSLeay::ERR_error_string($err); + } + last + } + } + skip "SSL_connect with $test->{host}:$test->{port} failed: @err",1 + if $rv<=0; + diag("SSL_connect ok"); + + # make sure we talk to the right party, e.g. no SSL interception + my $leaf_cert = Net::SSLeay::get_peer_certificate($ssl); + $cleanup->add(sub { Net::SSLeay::X509_free($leaf_cert) }) if $leaf_cert; + my $fp = $leaf_cert + && unpack("H*",Net::SSLeay::X509_digest($leaf_cert,$sha1)); + skip "could not get fingerprint",1 if !$fp; + if ($fp ne $test->{fingerprint}) { + push @fp_mismatch, [ $fp,$test ]; + skip("bad fingerprint for $test->{host}:$test->{port} -". + " expected $test->{fingerprint}, got $fp",1) + } + diag("fingerprint matches"); + + if ( $test->{ocsp_staple} && ! $stapled_response ) { + fail("did not get expected stapled OCSP response on $test->{host}:$test->{port}"); + next TEST; + } + + # create OCSP_REQUEST for all certs + my @requests; + for my $cert (Net::SSLeay::get_peer_cert_chain($ssl)) { + my $subj = Net::SSLeay::X509_NAME_oneline( + Net::SSLeay::X509_get_subject_name($cert)); + my $uri = Net::SSLeay::P_X509_get_ocsp_uri($cert); + if (!$uri) { + diag("no OCSP URI for cert $subj"); + next; + } + my $id = eval { Net::SSLeay::OCSP_cert2ids($ssl,$cert) } or do { + fail("failed to get OCSP_CERTIDs for cert $subj: $@"); + next TEST; + }; + my $req = Net::SSLeay::OCSP_ids2req($id); + push @requests, [ $uri,$req,$id,$subj ]; + $cleanup->add(sub { Net::SSLeay::OCSP_REQUEST_free($req) }); + } + if (!@requests) { + fail("no certificate checks for $test->{host}:$test->{port}"); + next TEST; + } + + my $check_response = sub { + my ($resp,$req,$id,$expect_status) = @_; + if ( Net::SSLeay::OCSP_response_status($resp) + != Net::SSLeay::OCSP_RESPONSE_STATUS_SUCCESSFUL()) { + return [ undef,"response bad status ". + Net::SSLeay::OCSP_response_status_str(Net::SSLeay::OCSP_response_status($resp)) ]; + } elsif ( ! eval { + Net::SSLeay::OCSP_response_verify($ssl,$resp,$req) }) { + return [ undef,"cannot verify response: $@" ]; + } + # extract result for id + my ($status) = Net::SSLeay::OCSP_response_results($resp,$id); + return [ undef,"no data for cert in response: $status->[1]" ] + if ! $status->[2]; + if ($expect_status != $status->[2]{statusType}) { + return [ undef, + "unexpected status=$status->[2]{statusType} (expected $expect_status): $status->[1]" ] + } elsif ( $status->[2]{nextUpdate} ) { + diag("status=$expect_status as expected: nextUpd=".localtime($status->[2]{nextUpdate})); + } else { + diag("status=$expect_status as expected: no nextUpd"); + } + return $status; + }; + + if ($stapled_response) { + my $stat = $check_response->( + Net::SSLeay::d2i_OCSP_RESPONSE($stapled_response), + undef, # no OCSP_REQUEST + $requests[0][2], # stapled response is for the leaf certificate + $test->{expect_status} + ); + if (!$stat->[0]) { + fail($stat->[1]); + next TEST; + } + } + + for(my $i=0;$i<@requests;$i++) { + my ($uri,$req,$id,$subj) = @{$requests[$i]}; + if ( ! $http_ua ) { + diag("no HTTP: skip checking $uri | $subj"); + next + } + my $res = $http_ua->request('POST',$uri, { + headers => { 'Content-type' => 'application/ocsp-request' }, + content => Net::SSLeay::i2d_OCSP_REQUEST($req), + timeout => $timeout, + }); + if (!$res->{success}) { + if ($res->{status} == 599) { + # internal error, assume network problem + diag("disabling HTTP because of $http_ua->{reason}"); + $http_ua = undef; + } + diag("$http_ua->{reason}: skip checking $uri | $subj"); + next; + } + my $resp = eval { Net::SSLeay::d2i_OCSP_RESPONSE($res->{content}) }; + if (!$resp) { + diag("bad OCSP response($@): skip checking $uri | $subj"); + next; + } + my $stat = $check_response->( + $resp, + $req, + $id, + ($i>0) ? Net::SSLeay::V_OCSP_CERTSTATUS_GOOD() : $test->{expect_status}, + ); + if (!$stat->[0]) { + fail($stat->[1]); + next TEST; + } + } + + pass("OCSP test $test->{host}:$test->{port} ok"); + } +} + +if ($release_tests) { + if (!@fp_mismatch) { + pass("all fingerprints matched"); + } else { + for(@fp_mismatch) { + my ($fp,$test) = @$_; + diag("fingerprint mismatch for $test->{host}:$test->{port} -". + " expected $test->{fingerprint}, got $fp") + } + fail("some fingerprints did not matched - please adjust test"); + } +} + +{ + # cleanup stuff when going out of scope + package __cleanup__; + sub new { bless [],shift }; + sub add { my $self = shift; push @$self,@_ } + sub DESTROY { + my $self = shift; + &$_ for(@$self) + } +} diff --git a/cpan/Net-SSLeay/t/handle/external/10_destroy.t b/cpan/Net-SSLeay/t/handle/external/10_destroy.t new file mode 100644 index 000000000000..cf2279ef7517 --- /dev/null +++ b/cpan/Net-SSLeay/t/handle/external/10_destroy.t @@ -0,0 +1,55 @@ +#!/usr/bin/perl + +use strict; +use warnings; +use Test::More; + +my @uris = qw( + www.google.com + www.microsoft.com + www.kernel.org +); +@uris = split(/:/, $ENV{SSLEAY_URIS}) if exists $ENV{SSLEAY_URIS}; +if (@uris) { + plan tests => scalar @uris * 2; +} +else { + plan skip_all => 'No external hosts specified for SSL testing'; +} + +use File::Spec; +use Symbol qw(gensym); +use Net::SSLeay::Handle; + +# On some platforms, such as Solaris, the act of resolving the host name +# opens (and leaves open) a connection to the DNS client, which breaks +# the fd counting algorithm below. Make sure the DNS is operating before +# we count the FDs for the first time. +for my $uri (@uris) { + my $dummy = gethostbyname($uri); +} + +my $fdcount_start = count_fds(); + +for my $uri (@uris) { + { + my $ssl = gensym(); + tie(*$ssl, "Net::SSLeay::Handle", $uri, 443); + print $ssl "GET / HTTP/1.0\r\n\r\n"; + + my $response = do { local $/ = undef; <$ssl> }; + like( $response, qr/^HTTP\/1/s, 'correct response' ); + } + + my $fdcount_end = count_fds(); + is ($fdcount_end, $fdcount_start, 'handle gets destroyed when it goes out of scope'); +} + +sub count_fds { + my $fdpath = File::Spec->devnull(); + my $fh = gensym(); + open($fh, $fdpath) or die; + my $count = fileno($fh); + close($fh); + return $count; +} diff --git a/cpan/Net-SSLeay/t/handle/external/50_external.t b/cpan/Net-SSLeay/t/handle/external/50_external.t new file mode 100644 index 000000000000..40df5b9c91d8 --- /dev/null +++ b/cpan/Net-SSLeay/t/handle/external/50_external.t @@ -0,0 +1,78 @@ +#!/usr/bin/perl + +use strict; +use warnings; +use Test::More; +use Symbol qw(gensym); +use Net::SSLeay::Handle; + +my @sites = qw( + www.google.com + www.microsoft.com + www.kernel.org +); +@sites = split(/:/, $ENV{SSLEAY_SITES}) if exists $ENV{SSLEAY_SITES}; +if (@sites) { + plan tests => scalar @sites * 7; +} +else { + plan skip_all => 'No external hosts specified for SSL testing'; +} + + +for my $site (@sites) { + SKIP: { + my $ssl = gensym(); + eval { + tie(*$ssl, 'Net::SSLeay::Handle', $site, 443); + }; + + skip('could not connect to '.$site, 2) if $@; + pass('connection to '.$site); + + print $ssl "GET / HTTP/1.0\r\n\r\n"; + my $resp = do { local $/ = undef; <$ssl> }; + + like( $resp, qr/^HTTP\/1/, 'response' ); + } +} + +{ + my @sock; + for (my $i = 0; $i < scalar @sites; $i++) { + SKIP: { + my $ssl = gensym(); + eval { + tie(*$ssl, 'Net::SSLeay::Handle', $sites[$i], 443); + }; + + $sock[$i] = undef; #so scalar @sock == scalar @sites + + skip('could not connect', 2) if $@; + pass('connection'); + + $sock[$i] = $ssl; + + ok( $ssl, 'got handle' ); + } + } + + for my $sock (@sock) { + SKIP : { + skip('not connected', 2) unless defined $sock; + pass('connected'); + + print $sock "GET / HTTP/1.0\r\n\r\n"; + + my $resp = do { local $/ = undef; <$sock> }; + like( $resp, qr/^HTTP\/1/, 'response' ); + } + } + + for my $sock (@sock) { + SKIP : { + skip('not connected', 1) unless defined $sock; + ok(close($sock), 'socket closed'); + } + } +} diff --git a/cpan/Net-SSLeay/t/handle/local/05_use.t b/cpan/Net-SSLeay/t/handle/local/05_use.t new file mode 100644 index 000000000000..6e82b4fc1c5c --- /dev/null +++ b/cpan/Net-SSLeay/t/handle/local/05_use.t @@ -0,0 +1,9 @@ +#!/usr/bin/perl + +use strict; +use warnings; +use Test::More tests => 1; + +BEGIN { + use_ok('Net::SSLeay::Handle'); +} diff --git a/cpan/Net-SSLeay/t/local/03_use.t b/cpan/Net-SSLeay/t/local/03_use.t new file mode 100644 index 000000000000..36364b47d71f --- /dev/null +++ b/cpan/Net-SSLeay/t/local/03_use.t @@ -0,0 +1,74 @@ +# Basic module loading test, plus OS/Perl/libssl information to assist +# with diagnosing later test failures + +use lib 'inc'; + +use Test::Net::SSLeay; + +BEGIN { + plan tests => 1; + + use_ok('Net::SSLeay'); +} + +diag(""); +diag("Testing Net::SSLeay $Net::SSLeay::VERSION"); +diag(""); +diag("Perl information:"); +diag(" Version: '" . $] . "'"); +diag(" Executable path: '" . $^X . "'"); +diag(""); + +my $version_num; +if (defined &Net::SSLeay::OpenSSL_version_num) { + diag("Library version with OpenSSL_version_num():"); + $version_num = Net::SSLeay::OpenSSL_version_num(); +} else { + diag("Library version with SSLeay():"); + $version_num = Net::SSLeay::SSLeay(); +} +diag(" OPENSSL_VERSION_NUMBER: " . sprintf("'0x%08x'", $version_num)); +diag(""); + +my $have_openssl_version = defined &Net::SSLeay::OpenSSL_version; + +diag("Library information with SSLeay_version()" . ($have_openssl_version ? " and OpenSSL_version()" : '') . ":"); +diag(" SSLEAY_VERSION: '" . Net::SSLeay::SSLeay_version(Net::SSLeay::SSLEAY_VERSION()) . "'"); +diag(" SSLEAY_CFLAGS: '" . Net::SSLeay::SSLeay_version(Net::SSLeay::SSLEAY_CFLAGS()) . "'"); +diag(" SSLEAY_BUILT_ON: '" . Net::SSLeay::SSLeay_version(Net::SSLeay::SSLEAY_BUILT_ON()) . "'"); +diag(" SSLEAY_PLATFORM: '" . Net::SSLeay::SSLeay_version(Net::SSLeay::SSLEAY_PLATFORM()) . "'"); +diag(" SSLEAY_DIR: '" . Net::SSLeay::SSLeay_version(Net::SSLeay::SSLEAY_DIR()) . "'"); + +# This constant was added about the same time as OpenSSL_version() +if ($have_openssl_version) { + diag(" OPENSSL_ENGINES_DIR: '" . Net::SSLeay::OpenSSL_version(Net::SSLeay::OPENSSL_ENGINES_DIR()) . "'"); +} + +# These were added in OpenSSL 3.0.0 +if (eval { Net::SSLeay::OPENSSL_MODULES_DIR(); 1; }) { + diag(" OPENSSL_MODULES_DIR: '" . Net::SSLeay::OpenSSL_version(Net::SSLeay::OPENSSL_MODULES_DIR()) . "'"); + diag(" OPENSSL_CPU_INFO: '" . Net::SSLeay::OpenSSL_version(Net::SSLeay::OPENSSL_CPU_INFO()) . "'"); + diag(" OPENSSL_VERSION_STRING: '" . Net::SSLeay::OpenSSL_version(Net::SSLeay::OPENSSL_VERSION_STRING()) . "'"); + diag(" OPENSSL_FULL_VERSION_STRING: '" . Net::SSLeay::OpenSSL_version(Net::SSLeay::OPENSSL_FULL_VERSION_STRING()) . "'"); +} + +# These were added in OpenSSL 3.0.0 +if (defined &Net::SSLeay::OPENSSL_version_major) { + diag(""); + diag("Library version information with OPENSSL_version_*():"); + diag(" OPENSSL_version_major(): '" . Net::SSLeay::OPENSSL_version_major() . "'"); + diag(" OPENSSL_version_minor(): '" . Net::SSLeay::OPENSSL_version_minor() . "'"); + diag(" OPENSSL_version_patch(): '" . Net::SSLeay::OPENSSL_version_patch() . "'"); + diag(" OPENSSL_version_pre_release(): '" . Net::SSLeay::OPENSSL_version_pre_release() . "'"); + diag(" OPENSSL_version_build_metadata(): '" . Net::SSLeay::OPENSSL_version_build_metadata() . "'"); + diag(""); + diag("Library information with OPENSSL_info():"); + diag(" OPENSSL_INFO_CONFIG_DIR: '" . Net::SSLeay::OPENSSL_info(Net::SSLeay::OPENSSL_INFO_CONFIG_DIR()) . "'"); + diag(" OPENSSL_INFO_ENGINES_DIR: '" . Net::SSLeay::OPENSSL_info(Net::SSLeay::OPENSSL_INFO_ENGINES_DIR()) . "'"); + diag(" OPENSSL_INFO_MODULES_DIR: '" . Net::SSLeay::OPENSSL_info(Net::SSLeay::OPENSSL_INFO_MODULES_DIR()) . "'"); + diag(" OPENSSL_INFO_DSO_EXTENSION: '" . Net::SSLeay::OPENSSL_info(Net::SSLeay::OPENSSL_INFO_DSO_EXTENSION()) . "'"); + diag(" OPENSSL_INFO_DIR_FILENAME_SEPARATOR: '" . Net::SSLeay::OPENSSL_info(Net::SSLeay::OPENSSL_INFO_DIR_FILENAME_SEPARATOR()) . "'"); + diag(" OPENSSL_INFO_LIST_SEPARATOR: '" . Net::SSLeay::OPENSSL_info(Net::SSLeay::OPENSSL_INFO_LIST_SEPARATOR()) . "'"); + diag(" OPENSSL_INFO_SEED_SOURCE: '" . Net::SSLeay::OPENSSL_info(Net::SSLeay::OPENSSL_INFO_SEED_SOURCE()) . "'"); + diag(" OPENSSL_INFO_CPU_SETTINGS: '" . Net::SSLeay::OPENSSL_info(Net::SSLeay::OPENSSL_INFO_CPU_SETTINGS()) . "'"); +} diff --git a/cpan/Net-SSLeay/t/local/04_basic.t b/cpan/Net-SSLeay/t/local/04_basic.t new file mode 100644 index 000000000000..6796c8521ca7 --- /dev/null +++ b/cpan/Net-SSLeay/t/local/04_basic.t @@ -0,0 +1,72 @@ +# Test version and initialisation functions + +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw(lives_ok); + +plan tests => 29; + +lives_ok( sub { Net::SSLeay::randomize() }, 'seed pseudorandom number generator' ); +lives_ok( sub { Net::SSLeay::ERR_load_crypto_strings() }, 'load libcrypto error strings' ); +lives_ok( sub { Net::SSLeay::load_error_strings() }, 'load libssl error strings' ); +lives_ok( sub { Net::SSLeay::library_init() }, 'register default TLS ciphers and digest functions' ); +lives_ok( sub { Net::SSLeay::OpenSSL_add_all_digests() }, 'register all digest functions' ); +#version numbers: 0x00903100 ~ 0.9.3, 0x0090600f ~ 0.6.9 +ok( Net::SSLeay::SSLeay() >= 0x00903100, 'SSLeay (version min 0.9.3)' ); +isnt( Net::SSLeay::SSLeay_version(), '', 'SSLeay (version string)' ); +is( Net::SSLeay::SSLeay_version(), Net::SSLeay::SSLeay_version(Net::SSLeay::SSLEAY_VERSION()), 'SSLeay_version optional argument' ); +is(Net::SSLeay::hello(), 1, 'hello world'); + +if (exists &Net::SSLeay::OpenSSL_version) +{ + is(Net::SSLeay::SSLeay(), Net::SSLeay::OpenSSL_version_num(), 'OpenSSL_version_num'); + + is(Net::SSLeay::OpenSSL_version(), Net::SSLeay::OpenSSL_version(Net::SSLeay::OPENSSL_VERSION()), 'OpenSSL_version optional argument'); + + is(Net::SSLeay::SSLeay_version(Net::SSLeay::SSLEAY_VERSION()), Net::SSLeay::OpenSSL_version(Net::SSLeay::OPENSSL_VERSION()), 'OpenSSL_version(OPENSSL_VERSION)'); + is(Net::SSLeay::SSLeay_version(Net::SSLeay::SSLEAY_CFLAGS()), Net::SSLeay::OpenSSL_version(Net::SSLeay::OPENSSL_CFLAGS()), 'OpenSSL_version(OPENSSL_CFLAGS)'); + is(Net::SSLeay::SSLeay_version(Net::SSLeay::SSLEAY_BUILT_ON()), Net::SSLeay::OpenSSL_version(Net::SSLeay::OPENSSL_BUILT_ON()), 'OpenSSL_version(OPENSSL_BUILT_ON)'); + is(Net::SSLeay::SSLeay_version(Net::SSLeay::SSLEAY_PLATFORM()), Net::SSLeay::OpenSSL_version(Net::SSLeay::OPENSSL_PLATFORM()), 'OpenSSL_version(OPENSSL_PLATFORM)'); + is(Net::SSLeay::SSLeay_version(Net::SSLeay::SSLEAY_DIR()), Net::SSLeay::OpenSSL_version(Net::SSLeay::OPENSSL_DIR()), 'OpenSSL_version(OPENSSL_DIR)'); +} +else +{ + SKIP: { + skip('Only on OpenSSL 1.1.0 or later', 7); + } +} + +if (defined &Net::SSLeay::OPENSSL_version_major) +{ + + my $major = Net::SSLeay::OPENSSL_version_major(); + my $minor = Net::SSLeay::OPENSSL_version_minor(); + my $patch = Net::SSLeay::OPENSSL_version_patch(); + + # Separate test for being defined because cmp_ok won't fail this: + # cmp_ok(undef, '>=', 0) + isnt($major, undef, 'major is defined'); + isnt($minor, undef, 'minor is defined'); + isnt($patch, undef, 'patch is defined'); + + cmp_ok($major, '>=', 3, 'OPENSSL_version_major'); + cmp_ok($minor, '>=', 0, 'OPENSSL_version_minor'); + cmp_ok($patch, '>=', 0, 'OPENSSL_version_patch'); + + is(Net::SSLeay::OPENSSL_VERSION_MAJOR(), $major, 'OPENSSL_VERSION_MAJOR and OPENSSL_version_major are equal'); + is(Net::SSLeay::OPENSSL_VERSION_MINOR(), $minor, 'OPENSSL_VERSION_MINOR and OPENSSL_version_minor are equal'); + is(Net::SSLeay::OPENSSL_VERSION_PATCH(), $patch, 'OPENSSL_VERSION_PATCH and OPENSSL_version_patch are equal'); + + isnt(defined Net::SSLeay::OPENSSL_version_pre_release(), undef, 'OPENSSL_version_pre_release returns a defined value'); + isnt(defined Net::SSLeay::OPENSSL_version_build_metadata(), undef, 'OPENSSL_version_build_metadata returns a defined value'); + + isnt(Net::SSLeay::OPENSSL_info(Net::SSLeay::OPENSSL_INFO_CONFIG_DIR()), undef, 'OPENSSL_INFO(OPENSSL_INFO_CONFIG_DIR) returns a defined value'); + is(Net::SSLeay::OPENSSL_info(-1), undef, 'OPENSSL_INFO(-1) returns an undefined value'); +} +else +{ + SKIP: { + skip('Only on OpenSSL 3.0.0 or later', 13); + } +} diff --git a/cpan/Net-SSLeay/t/local/05_passwd_cb.t b/cpan/Net-SSLeay/t/local/05_passwd_cb.t new file mode 100644 index 000000000000..878e2aa9b8e8 --- /dev/null +++ b/cpan/Net-SSLeay/t/local/05_passwd_cb.t @@ -0,0 +1,181 @@ +# Test password entry callback functionality + +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw( data_file_path initialise_libssl ); + +plan tests => 36; + +initialise_libssl(); + +my $key_pem = data_file_path('simple-cert.key.enc.pem'); +my $key_password = 'test'; + +my $cb_1_calls = 0; +my $cb_2_calls = 0; +my $cb_3_calls = 0; +my $cb_4_calls = 0; +my $cb_bad_calls = 0; + +sub callback1 { + my ($rwflag, $userdata) = @_; + + $cb_1_calls++; + + is ($rwflag, 0, 'rwflag is set correctly'); + is( $$userdata, $key_password, 'received userdata properly' ); + return $$userdata; +} + +sub callback2 { + my ($rwflag, $userdata) = @_; + + $cb_2_calls++; + + is( $$userdata, $key_password, 'received userdata properly' ); + return $$userdata; +} + +sub callback3 { + my ($rwflag, $userdata) = @_; + + $cb_3_calls++; + + is( $userdata, undef, 'received no userdata' ); + return $key_password; +} + +sub callback_bad { + my ($rwflag, $userdata) = @_; + + $cb_bad_calls++; + + is( $userdata, $key_password, 'received userdata properly' ); + return $key_password . 'incorrect'; # Return incorrect password +} + +my $ctx_1 = Net::SSLeay::CTX_new(); +ok($ctx_1, 'CTX_new 1'); + +my $ctx_2 = Net::SSLeay::CTX_new(); +ok($ctx_2, 'CTX_new 2'); + +my $ctx_3 = Net::SSLeay::CTX_new(); +ok($ctx_3, 'CTX_new 3'); + +my $ctx_4 = Net::SSLeay::CTX_new(); +ok($ctx_4, 'CTX_new 4'); + +Net::SSLeay::CTX_set_default_passwd_cb($ctx_1, \&callback1); +Net::SSLeay::CTX_set_default_passwd_cb_userdata($ctx_1, \$key_password); + +Net::SSLeay::CTX_set_default_passwd_cb($ctx_2, \&callback2); +Net::SSLeay::CTX_set_default_passwd_cb_userdata($ctx_2, \$key_password); + +Net::SSLeay::CTX_set_default_passwd_cb($ctx_3, \&callback3); + +ok( Net::SSLeay::CTX_use_PrivateKey_file($ctx_1, $key_pem, &Net::SSLeay::FILETYPE_PEM), + 'CTX_use_PrivateKey_file works with right passphrase and userdata' ); + +ok( Net::SSLeay::CTX_use_PrivateKey_file($ctx_2, $key_pem, &Net::SSLeay::FILETYPE_PEM), + 'CTX_use_PrivateKey_file works with right passphrase and userdata' ); + +ok( Net::SSLeay::CTX_use_PrivateKey_file($ctx_3, $key_pem, &Net::SSLeay::FILETYPE_PEM), + 'CTX_use_PrivateKey_file works with right passphrase and without userdata' ); + +Net::SSLeay::CTX_set_default_passwd_cb($ctx_4, sub { $cb_4_calls++; return $key_password; }); +ok( Net::SSLeay::CTX_use_PrivateKey_file($ctx_4, $key_pem, &Net::SSLeay::FILETYPE_PEM), + 'CTX_use_PrivateKey_file works when callback data is unset' ); + +ok( $cb_1_calls == 1 + && $cb_2_calls == 1 + && $cb_3_calls == 1 + && $cb_4_calls == 1, + 'different cbs per ctx work' ); + +$key_password = 'incorrect'; + +ok( !Net::SSLeay::CTX_use_PrivateKey_file($ctx_1, $key_pem, &Net::SSLeay::FILETYPE_PEM), + 'CTX_use_PrivateKey_file doesn\'t work with wrong passphrase' ); + +is($cb_1_calls, 2, 'callback1 called 2 times'); + + +# OpenSSL 1.1.0 has SSL_set_default_passwd_cb, but the callback is not +# called for SSL before OpenSSL 1.1.0f +if (exists &Net::SSLeay::set_default_passwd_cb) +{ + test_ssl_funcs(); +} +else +{ + SKIP: { + skip('Do not have Net::SSLeay::set_default_passwd_cb', 19); + }; +} + +exit(0); + +sub test_ssl_funcs +{ + my $ctx_1 = Net::SSLeay::CTX_new(); + my $ssl_1 = Net::SSLeay::new($ctx_1); + ok($ssl_1, 'SSL_new 1'); + + my $ctx_2 = Net::SSLeay::CTX_new(); + my $ssl_2 = Net::SSLeay::new($ctx_2); + ok($ssl_2, 'SSL_new 2'); + + my $ctx_3 = Net::SSLeay::CTX_new(); + my $ssl_3 = Net::SSLeay::new($ctx_3); + ok($ssl_3, 'SSL_new 3'); + + my $ctx_4 = Net::SSLeay::CTX_new(); + my $ssl_4 = Net::SSLeay::new($ctx_4); + ok($ssl_4, 'SSL_new 4'); + + $cb_1_calls = $cb_2_calls = $cb_3_calls = $cb_4_calls = $cb_bad_calls = 0; + $key_password = 'test'; + + Net::SSLeay::set_default_passwd_cb($ssl_1, \&callback1); + Net::SSLeay::set_default_passwd_cb_userdata($ssl_1, \$key_password); + + Net::SSLeay::set_default_passwd_cb($ssl_2, \&callback2); + Net::SSLeay::set_default_passwd_cb_userdata($ssl_2, \$key_password); + + Net::SSLeay::set_default_passwd_cb($ssl_3, \&callback3); + + ok( Net::SSLeay::use_PrivateKey_file($ssl_1, $key_pem, &Net::SSLeay::FILETYPE_PEM), + 'use_PrivateKey_file works with right passphrase and userdata' ); + + ok( Net::SSLeay::use_PrivateKey_file($ssl_2, $key_pem, &Net::SSLeay::FILETYPE_PEM), + 'use_PrivateKey_file works with right passphrase and userdata' ); + + # Setting the callback for CTX should not change anything + Net::SSLeay::CTX_set_default_passwd_cb($ctx_2, \&callback_bad); + Net::SSLeay::CTX_set_default_passwd_cb_userdata($ctx_2, \$key_password); + ok( Net::SSLeay::use_PrivateKey_file($ssl_2, $key_pem, &Net::SSLeay::FILETYPE_PEM), + 'use_PrivateKey_file works with right passphrase and userdata after bad passphrase set for CTX' ); + + ok( Net::SSLeay::use_PrivateKey_file($ssl_3, $key_pem, &Net::SSLeay::FILETYPE_PEM), + 'use_PrivateKey_file works with right passphrase and without userdata' ); + + Net::SSLeay::set_default_passwd_cb($ssl_4, sub { $cb_4_calls++; return $key_password; }); + ok( Net::SSLeay::use_PrivateKey_file($ssl_4, $key_pem, &Net::SSLeay::FILETYPE_PEM), + 'use_PrivateKey_file works when callback data is unset' ); + + ok( $cb_1_calls == 1 + && $cb_2_calls == 2 + && $cb_3_calls == 1 + && $cb_4_calls == 1 + && $cb_bad_calls == 0, + 'different cbs per ssl work' ); + + $key_password = 'incorrect'; + + ok( !Net::SSLeay::use_PrivateKey_file($ssl_1, $key_pem, &Net::SSLeay::FILETYPE_PEM), + 'use_PrivateKey_file doesn\'t work with wrong passphrase' ); + + is($cb_1_calls, 2, 'callback1 called 2 times'); +} diff --git a/cpan/Net-SSLeay/t/local/06_tcpecho.t b/cpan/Net-SSLeay/t/local/06_tcpecho.t new file mode 100644 index 000000000000..e92c0eb06f88 --- /dev/null +++ b/cpan/Net-SSLeay/t/local/06_tcpecho.t @@ -0,0 +1,55 @@ +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw( can_fork initialise_libssl tcp_socket ); + +BEGIN { + if (not can_fork()) { + plan skip_all => "fork() not supported on this system"; + } else { + plan tests => 4; + } +} + +initialise_libssl(); + +my $server = tcp_socket(); +my $msg = 'ssleay-tcp-test'; + +my $pid; + +{ + $pid = fork(); + die "fork failed: $!" unless defined $pid; + if ($pid == 0) { + $server->accept(\*Net::SSLeay::SSLCAT_S); + + my $got = Net::SSLeay::tcp_read_all(); + is($got, $msg, 'tcp_read_all'); + + ok(Net::SSLeay::tcp_write_all(uc($got)), 'tcp_write_all'); + + close Net::SSLeay::SSLCAT_S; + $server->close() || die("server listen socket close: $!"); + + exit; + } +} + +my @results; +{ + my ($got) = Net::SSLeay::tcpcat($server->get_addr(), $server->get_port(), $msg); + push @results, [ $got eq uc($msg), 'sent and received correctly' ]; +} + +$server->close() || die("client listen socket close: $!"); + +waitpid $pid, 0; +push @results, [ $? == 0, 'server exited with 0' ]; + +END { + Test::More->builder->current_test(2); + for my $t (@results) { + ok( $t->[0], $t->[1] ); + } +} diff --git a/cpan/Net-SSLeay/t/local/07_sslecho.t b/cpan/Net-SSLeay/t/local/07_sslecho.t new file mode 100644 index 000000000000..e809c97a0a5c --- /dev/null +++ b/cpan/Net-SSLeay/t/local/07_sslecho.t @@ -0,0 +1,349 @@ +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw( + can_fork data_file_path initialise_libssl new_ctx tcp_socket +); + +BEGIN { + if (not can_fork()) { + plan skip_all => "fork() not supported on this system"; + } else { + plan tests => 122; + } +} + +initialise_libssl(); + +$SIG{'PIPE'} = 'IGNORE'; + +my $server = tcp_socket(); +my $pid; + +my $msg = 'ssleay-test'; + +my $ca_cert_pem = data_file_path('intermediate-ca.certchain.pem'); +my $cert_pem = data_file_path('simple-cert.cert.pem'); +my $key_pem = data_file_path('simple-cert.key.pem'); + +my $cert_name = '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=simple-cert.net-ssleay.example'; +my $cert_issuer = '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA'; +my $cert_sha1_fp = '9C:2E:90:B9:A7:84:7A:3A:2B:BE:FD:A5:D1:46:EA:31:75:E9:03:26'; + +$ENV{RND_SEED} = '1234567890123456789012345678901234567890'; + +{ + my ( $ctx, $ctx_protocol ) = new_ctx(); + ok($ctx, 'new CTX'); + ok(Net::SSLeay::CTX_set_cipher_list($ctx, 'ALL'), 'CTX_set_cipher_list'); + my ($dummy, $errs) = Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem); + ok($errs eq '', "set_cert_and_key: $errs"); + SKIP: { + skip 'Disabling session tickets requires OpenSSL >= 1.1.1', 1 + unless defined (&Net::SSLeay::CTX_set_num_tickets); + # TLS 1.3 server sends session tickets after a handhake as part of + # the SSL_accept(). If a client finishes all its job including closing + # TCP connection before a server sends the tickets, SSL_accept() fails + # with SSL_ERROR_SYSCALL and EPIPE errno and the server receives + # SIGPIPE signal. + ok(Net::SSLeay::CTX_set_num_tickets($ctx, 0), 'Session tickets disabled'); + } + + # The client side of this test uses Net::SSLeay::sslcat(), which by default + # will attempt to auto-negotiate the SSL/TLS protocol version to use when it + # connects to the server. This conflicts with the server-side SSL_CTX + # created by Test::Net::SSLeay::new_ctx(), which only accepts the most recent + # SSL/TLS protocol version supported by libssl; atempts to negotiate the + # version will fail. We need to force sslcat() to communicate with the server + # using the same protocol version that was chosen for the server SSL_CTX, + # which is done by setting a specific value for $Net::SSLeay::ssl_version + my %ssl_versions = ( + 'SSLv2' => 2, + 'SSLv3' => 3, + 'TLSv1' => 10, + 'TLSv1.1' => 11, + 'TLSv1.2' => 12, + 'TLSv1.3' => 13, + ); + + $Net::SSLeay::ssl_version = $ssl_versions{$ctx_protocol}; + + $pid = fork(); + BAIL_OUT("failed to fork: $!") unless defined $pid; + if ($pid == 0) { + for (1 .. 7) { + my $ns = $server->accept(); + + my $ssl = Net::SSLeay::new($ctx); + ok($ssl, 'new'); + + is(Net::SSLeay::in_before($ssl), 1, 'in_before is 1'); + is(Net::SSLeay::in_init($ssl), 1, 'in_init is 1'); + + ok(Net::SSLeay::set_fd($ssl, fileno($ns)), 'set_fd using fileno'); + ok(Net::SSLeay::accept($ssl), 'accept'); + + is(Net::SSLeay::is_init_finished($ssl), 1, 'is_init_finished is 1'); + + ok(Net::SSLeay::get_cipher($ssl), 'get_cipher'); + like(Net::SSLeay::get_shared_ciphers($ssl), qr/(AES|RSA|SHA|CBC|DES)/, 'get_shared_ciphers'); + + my $got = Net::SSLeay::ssl_read_all($ssl); + is($got, $msg, 'ssl_read_all') if $_ < 7; + + is(Net::SSLeay::get_shutdown($ssl), Net::SSLeay::RECEIVED_SHUTDOWN(), 'shutdown from peer'); + ok(Net::SSLeay::ssl_write_all($ssl, uc($got)), 'ssl_write_all'); + + # With 1.1.1e and $Net::SSLeay::trace=3 you'll see these without shutdown: + # SSL_read 9740: 1 - error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading + my $sret = Net::SSLeay::shutdown($ssl); + if ($sret < 0) + { + # ERROR_SYSCALL seen on < 1.1.1, if so also print errno string + my $err = Net::SSLeay::get_error($ssl, $sret); + my $extra = ($err == Net::SSLeay::ERROR_SYSCALL()) ? "$err, $!" : "$err"; + + ok($err == Net::SSLeay::ERROR_ZERO_RETURN() || + $err == Net::SSLeay::ERROR_SYSCALL(), + "server shutdown not success, but acceptable: $extra"); + } + else + { + pass('server shutdown success'); + } + + Net::SSLeay::free($ssl); + close($ns) || die("server close: $!"); + } + + Net::SSLeay::CTX_free($ctx); + $server->close() || die("server listen socket close: $!"); + + exit; + } +} + +my @results; +{ + my ($got) = Net::SSLeay::sslcat($server->get_addr(), $server->get_port(), $msg); + push @results, [ $got eq uc($msg), 'send and received correctly' ]; + +} + +{ + my $s = $server->connect(); + + push @results, [ my $ctx = new_ctx(), 'new CTX' ]; + push @results, [ my $ssl = Net::SSLeay::new($ctx), 'new' ]; + + push @results, [ Net::SSLeay::set_fd($ssl, $s), 'set_fd using glob ref' ]; + push @results, [ Net::SSLeay::connect($ssl), 'connect' ]; + + push @results, [ Net::SSLeay::get_cipher($ssl), 'get_cipher' ]; + + push @results, [ Net::SSLeay::ssl_write_all($ssl, $msg), 'write' ]; + push @results, [ Net::SSLeay::shutdown($ssl) >= 0, 'client side ssl shutdown' ]; + shutdown($s, 1); + + my $got = Net::SSLeay::ssl_read_all($ssl); + push @results, [ $got eq uc($msg), 'read' ]; + + Net::SSLeay::free($ssl); + Net::SSLeay::CTX_free($ctx); + + shutdown($s, 2); + close($s) || die("client close: $!"); + +} + +{ + my $verify_cb_1_called = 0; + my $verify_cb_2_called = 0; + my $verify_cb_3_called = 0; + { + my $ctx = new_ctx(); + push @results, [ Net::SSLeay::CTX_load_verify_locations($ctx, $ca_cert_pem, ''), 'CTX_load_verify_locations' ]; + Net::SSLeay::CTX_set_verify($ctx, &Net::SSLeay::VERIFY_PEER, \&verify); + + my $ctx2 = new_ctx(); + Net::SSLeay::CTX_set_cert_verify_callback($ctx2, \&verify4, 1); + + { + my $s = $server->connect(); + + my $ssl = Net::SSLeay::new($ctx); + Net::SSLeay::set_fd($ssl, fileno($s)); + Net::SSLeay::connect($ssl); + + Net::SSLeay::ssl_write_all($ssl, $msg); + + push @results, [Net::SSLeay::shutdown($ssl) >= 0, 'verify: client side ssl shutdown' ]; + shutdown $s, 2; + close $s; + Net::SSLeay::free($ssl); + + push @results, [ $verify_cb_1_called == 1, 'verify cb 1 called once' ]; + push @results, [ $verify_cb_2_called == 0, 'verify cb 2 wasn\'t called yet' ]; + push @results, [ $verify_cb_3_called == 0, 'verify cb 3 wasn\'t called yet' ]; + } + + { + my $s1 = $server->connect(); + my $s2 = $server->connect(); + my $s3 = $server->connect(); + + my $ssl1 = Net::SSLeay::new($ctx); + Net::SSLeay::set_verify($ssl1, &Net::SSLeay::VERIFY_PEER, \&verify2); + Net::SSLeay::set_fd($ssl1, $s1); + + my $ssl2 = Net::SSLeay::new($ctx); + Net::SSLeay::set_verify($ssl2, &Net::SSLeay::VERIFY_PEER, \&verify3); + Net::SSLeay::set_fd($ssl2, $s2); + + my $ssl3 = Net::SSLeay::new($ctx2); + Net::SSLeay::set_fd($ssl3, $s3); + + Net::SSLeay::connect($ssl1); + Net::SSLeay::ssl_write_all($ssl1, $msg); + push @results, [Net::SSLeay::shutdown($ssl1) >= 0, 'client side ssl1 shutdown' ]; + shutdown $s1, 2; + + Net::SSLeay::connect($ssl2); + Net::SSLeay::ssl_write_all($ssl2, $msg); + push @results, [Net::SSLeay::shutdown($ssl2) >= 0, 'client side ssl2 shutdown' ]; + shutdown $s2, 2; + + Net::SSLeay::connect($ssl3); + Net::SSLeay::ssl_write_all($ssl3, $msg); + push @results, [Net::SSLeay::shutdown($ssl3) >= 0, 'client side ssl3 shutdown' ]; + shutdown $s3, 2; + + close($s1) || die("client close s1: $!"); + close($s2) || die("client close s2: $!"); + close($s3) || die("client close s3: $!"); + + Net::SSLeay::free($ssl1); + Net::SSLeay::free($ssl2); + Net::SSLeay::free($ssl3); + + push @results, [ $verify_cb_1_called == 1, 'verify cb 1 wasn\'t called again' ]; + push @results, [ $verify_cb_2_called == 1, 'verify cb 2 called once' ]; + push @results, [ $verify_cb_3_called == 1, 'verify cb 3 wasn\'t called yet' ]; + } + + + Net::SSLeay::CTX_free($ctx); + Net::SSLeay::CTX_free($ctx2); + } + + sub verify { + my ($ok, $x509_store_ctx) = @_; + + # Skip intermediate certs but propagate possible not ok condition + my $depth = Net::SSLeay::X509_STORE_CTX_get_error_depth($x509_store_ctx); + return $ok unless $depth == 0; + + $verify_cb_1_called++; + + my $cert = Net::SSLeay::X509_STORE_CTX_get_current_cert($x509_store_ctx); + push @results, [ $cert, 'verify cb cert' ]; + + my $issuer_name = Net::SSLeay::X509_get_issuer_name( $cert ); + my $issuer = Net::SSLeay::X509_NAME_oneline( $issuer_name ); + + my $subject_name = Net::SSLeay::X509_get_subject_name( $cert ); + my $subject = Net::SSLeay::X509_NAME_oneline( $subject_name ); + + my $cn = Net::SSLeay::X509_NAME_get_text_by_NID($subject_name, &Net::SSLeay::NID_commonName); + + my $fingerprint = Net::SSLeay::X509_get_fingerprint($cert, 'SHA-1'); + + push @results, [ $ok == 1, 'verify is ok' ]; + push @results, [ $issuer eq $cert_issuer, 'cert issuer' ]; + push @results, [ $subject eq $cert_name, 'cert subject' ]; + push @results, [ substr($cn, length($cn) - 1, 1) ne "\0", 'tailing 0 character is not returned from get_text_by_NID' ]; + push @results, [ $fingerprint eq $cert_sha1_fp, 'SHA-1 fingerprint' ]; + + return 1; + } + + sub verify2 { + my ($ok, $x509_store_ctx) = @_; + + # Skip intermediate certs but propagate possible not ok condition + my $depth = Net::SSLeay::X509_STORE_CTX_get_error_depth($x509_store_ctx); + return $ok unless $depth == 0; + + $verify_cb_2_called++; + push @results, [ $ok == 1, 'verify 2 is ok' ]; + return $ok; + } + + sub verify3 { + my ($ok, $x509_store_ctx) = @_; + + # Skip intermediate certs but propagate possible not ok condition + my $depth = Net::SSLeay::X509_STORE_CTX_get_error_depth($x509_store_ctx); + return $ok unless $depth == 0; + + $verify_cb_3_called++; + push @results, [ $ok == 1, 'verify 3 is ok' ]; + return $ok; + } + + sub verify4 { + my ($cert_store, $userdata) = @_; + push @results, [$userdata == 1, 'CTX_set_cert_verify_callback']; + return $userdata; + } +} + +{ + my $s = $server->connect(); + + my $ctx = new_ctx(); + my $ssl = Net::SSLeay::new($ctx); + + Net::SSLeay::set_fd($ssl, fileno($s)); + Net::SSLeay::connect($ssl); + + my $cert = Net::SSLeay::get_peer_certificate($ssl); + + my $subject = Net::SSLeay::X509_NAME_oneline( + Net::SSLeay::X509_get_subject_name($cert) + ); + + my $issuer = Net::SSLeay::X509_NAME_oneline( + Net::SSLeay::X509_get_issuer_name($cert) + ); + + push @results, [ $subject eq $cert_name, 'get_peer_certificate subject' ]; + push @results, [ $issuer eq $cert_issuer, 'get_peer_certificate issuer' ]; + + my $data = 'a' x 1024 ** 2; + my $written = Net::SSLeay::ssl_write_all($ssl, \$data); + push @results, [ $written == length $data, 'ssl_write_all' ]; + + push @results, [Net::SSLeay::shutdown($ssl) >= 0, 'client side aaa write ssl shutdown' ]; + shutdown $s, 1; + + my $got = Net::SSLeay::ssl_read_all($ssl); + push @results, [ $got eq uc($data), 'ssl_read_all' ]; + + Net::SSLeay::free($ssl); + Net::SSLeay::CTX_free($ctx); + + close($s) || die("client close: $!"); +} + +$server->close() || die("client listen socket close: $!"); + +waitpid $pid, 0; +push @results, [ $? == 0, 'server exited with 0' ]; + +END { + Test::More->builder->current_test(87); + for my $t (@results) { + ok( $t->[0], $t->[1] ); + } +} diff --git a/cpan/Net-SSLeay/t/local/08_pipe.t b/cpan/Net-SSLeay/t/local/08_pipe.t new file mode 100644 index 000000000000..e85f188b8aa7 --- /dev/null +++ b/cpan/Net-SSLeay/t/local/08_pipe.t @@ -0,0 +1,96 @@ +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw( can_really_fork data_file_path initialise_libssl ); + +use IO::Handle; +use Symbol qw( gensym ); + +if (not can_really_fork()) { + # Perl's pseudofork implementation doesn't correctly dup file handles + # connected to pipes, so this test requires a native fork() system call + plan skip_all => "fork() not natively supported on this system"; +} else { + plan tests => 11; +} + +initialise_libssl(); + +my $cert = data_file_path('simple-cert.cert.pem'); +my $key = data_file_path('simple-cert.key.pem'); + +my $how_much = 1024 ** 2; + +my $rs = gensym(); +my $ws = gensym(); +my $rc = gensym(); +my $wc = gensym(); + +pipe $rs, $wc or die "pipe 1 ($!)"; +pipe $rc, $ws or die "pipe 2 ($!)"; + +for my $h ($rs, $ws, $rc, $wc) { + my $old_select = select $h; + $| = 1; + select $old_select; +} + +my $pid = fork(); +die unless defined $pid; + +if ($pid == 0) { + my $ctx = Net::SSLeay::CTX_new(); + Net::SSLeay::set_server_cert_and_key($ctx, $cert, $key); + + my $ssl = Net::SSLeay::new($ctx); + + ok( Net::SSLeay::set_rfd($ssl, fileno($rs)), 'set_rfd using fileno' ); + ok( Net::SSLeay::set_wfd($ssl, fileno($ws)), 'set_wfd using fileno' ); + + ok( Net::SSLeay::accept($ssl), 'accept' ); + + ok( my $got = Net::SSLeay::ssl_read_all($ssl, $how_much), 'ssl_read_all' ); + + is( Net::SSLeay::ssl_write_all($ssl, \$got), length $got, 'ssl_write_all' ); + + Net::SSLeay::free($ssl); + Net::SSLeay::CTX_free($ctx); + + close $ws; + close $rs; + exit; +} + +my @results; +{ + my $ctx = Net::SSLeay::CTX_new(); + my $ssl = Net::SSLeay::new($ctx); + + my $rc_handle = IO::Handle->new_from_fd( fileno($rc), 'r' ); + my $wc_handle = IO::Handle->new_from_fd( fileno($wc), 'w' ); + push @results, [ Net::SSLeay::set_rfd($ssl, $rc_handle), 'set_rfd using an io handle' ]; + push @results, [ Net::SSLeay::set_wfd($ssl, $wc_handle), 'set_wfd using an io handle' ]; + + push @results, [ Net::SSLeay::connect($ssl), 'connect' ]; + + my $data = 'B' x $how_much; + + push @results, [ Net::SSLeay::ssl_write_all($ssl, \$data) == length $data, 'ssl_write_all' ]; + + my $got = Net::SSLeay::ssl_read_all($ssl, $how_much); + push @results, [ $got eq $data, 'ssl_read_all' ]; + + Net::SSLeay::free($ssl); + Net::SSLeay::CTX_free($ctx); + + close $wc; + close $rc; +} + +waitpid $pid, 0; +push @results, [ $? == 0, 'server exited with 0' ]; + +Test::More->builder->current_test(5); +for my $t (@results) { + ok( $t->[0], $t->[1] ); +} diff --git a/cpan/Net-SSLeay/t/local/09_ctx_new.t b/cpan/Net-SSLeay/t/local/09_ctx_new.t new file mode 100644 index 000000000000..128af0b04340 --- /dev/null +++ b/cpan/Net-SSLeay/t/local/09_ctx_new.t @@ -0,0 +1,183 @@ +# Test SSL_CTX_new and related functions, and handshake state machine retrieval + +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw(initialise_libssl); + +plan tests => 44; + +initialise_libssl(); + +sub is_known_proto_version { + return 1 if $_[0] == 0x0000; # Automatic version selection + return 1 if $_[0] == Net::SSLeay::SSL3_VERSION(); # OpenSSL 0.9.8+ + return 1 if $_[0] == Net::SSLeay::TLS1_VERSION(); # OpenSSL 0.9.8+ + return 1 if $_[0] == Net::SSLeay::TLS1_1_VERSION(); # OpenSSL 0.9.8+ + return 1 if $_[0] == Net::SSLeay::TLS1_2_VERSION(); # OpenSSL 0.9.8+ + if (eval { Net::SSLeay::TLS1_3_VERSION() }) { + return 1 if $_[0] == Net::SSLeay::TLS1_3_VERSION(); # OpenSSL 1.1.1+ + } + + return; +} + +# Shortcuts from SSLeay.xs +my $ctx = Net::SSLeay::CTX_new(); +ok($ctx, 'CTX_new'); +$ctx = Net::SSLeay::CTX_v23_new(); +ok($ctx, 'CTX_v23_new'); +$ctx = Net::SSLeay::CTX_tlsv1_new(); +ok($ctx, 'CTX_tlsv1_new'); + +my $ctx_23 = Net::SSLeay::CTX_new_with_method(Net::SSLeay::SSLv23_method()); +ok($ctx_23, 'CTX_new with SSLv23_method'); + +my $ctx_23_client = Net::SSLeay::CTX_new_with_method(Net::SSLeay::SSLv23_client_method()); +ok($ctx_23_client, 'CTX_new with SSLv23_client_method'); + +my $ctx_23_server = Net::SSLeay::CTX_new_with_method(Net::SSLeay::SSLv23_server_method()); +ok($ctx_23_server, 'CTX_new with SSLv23_server_method'); + +my $ctx_tls1 = Net::SSLeay::CTX_new_with_method(Net::SSLeay::TLSv1_method()); +ok($ctx_tls1, 'CTX_new with TLSv1_method'); + +# Retrieve information about the handshake state machine +is(Net::SSLeay::in_connect_init(Net::SSLeay::new($ctx_23_client)), 1, 'in_connect_init() is 1 for client'); +is(Net::SSLeay::in_accept_init(Net::SSLeay::new($ctx_23_client)), 0, 'in_accept_init() is 0 for client'); +is(Net::SSLeay::in_connect_init(Net::SSLeay::new($ctx_23_server)), 0, 'in_connect_init() is 0 for server'); +is(Net::SSLeay::in_accept_init(Net::SSLeay::new($ctx_23_server)), 1, 'in_accept_init() is 1 for server'); + +# Need recent enough OpenSSL or LibreSSL for TLS_method functions +my ($ctx_tls, $ssl_tls, $ctx_tls_client, $ssl_tls_client, $ctx_tls_server, $ssl_tls_server); +if (exists &Net::SSLeay::TLS_method) +{ + $ctx_tls = Net::SSLeay::CTX_new_with_method(Net::SSLeay::TLS_method()); + ok($ctx_tls, 'CTX_new with TLS_method'); + + $ssl_tls = Net::SSLeay::new($ctx_tls); + ok($ssl_tls, 'New SSL created with ctx_tls'); + + $ctx_tls_client = Net::SSLeay::CTX_new_with_method(Net::SSLeay::TLS_client_method()); + ok($ctx_tls_client, 'CTX_new with TLS_client_method'); + + $ctx_tls_server = Net::SSLeay::CTX_new_with_method(Net::SSLeay::TLS_server_method()); + ok($ctx_tls_server, 'CTX_new with TLS_server_method'); +} +else +{ + SKIP: { + skip('Do not have Net::SSLeay::TLS_method', 4); + }; +} + +# Having TLS_method() does not necessarily that proto setters are available +if ($ctx_tls && exists &Net::SSLeay::CTX_set_min_proto_version) +{ + my $ver_1_0 = Net::SSLeay::TLS1_VERSION(); + ok($ver_1_0, "Net::SSLeay::TLS1_VERSION() returns non-false: $ver_1_0, hex " . sprintf('0x%04x', $ver_1_0)); + my $ver_min = Net::SSLeay::TLS1_1_VERSION(); + ok($ver_min, "Net::SSLeay::TLS1_1_VERSION() returns non-false: $ver_min, hex " . sprintf('0x%04x', $ver_min)); + my $ver_max = Net::SSLeay::TLS1_2_VERSION(); + ok($ver_max, "Net::SSLeay::TLS1_2_VERSION() returns $ver_max, hex " . sprintf('0x%04x', $ver_max)); + isnt($ver_1_0, $ver_min, 'Version 1_0 and 1_1 values are different'); + isnt($ver_min, $ver_max, 'Version 1_1 and 1_2 values are different'); + + my $rv; + + $rv = Net::SSLeay::CTX_set_min_proto_version($ctx_tls_client, $ver_min); + is($rv, 1, 'Setting client CTX minimum version'); + + $rv = Net::SSLeay::CTX_set_min_proto_version($ctx_tls_client, 0); + is($rv, 1, 'Setting client CTX minimum version to automatic'); + + $rv = Net::SSLeay::CTX_set_min_proto_version($ctx_tls_client, -1); + is($rv, 0, 'Setting client CTX minimum version to bad value'); + + $rv = Net::SSLeay::CTX_set_min_proto_version($ctx_tls_client, $ver_min); + is($rv, 1, 'Setting client CTX minimum version back to good value'); + + $rv = Net::SSLeay::CTX_set_max_proto_version($ctx_tls_client, $ver_max); + is($rv, 1, 'Setting client CTX maximum version'); + + # This SSL should have min and max versions set based on its + # CTX. We test the getters later, if they exist. + $ssl_tls_client = Net::SSLeay::new($ctx_tls_client); + ok($ssl_tls_client, 'New SSL created from client CTX'); + + # This SSL should have min and max versions set to automatic based + # on its CTX. We change them now and test the getters later, if + # they exist. + $ssl_tls_server = Net::SSLeay::new($ctx_tls_server); + ok($ssl_tls_server, 'New SSL created from server CTX'); + $rv = Net::SSLeay::set_min_proto_version($ssl_tls_server, Net::SSLeay::TLS1_VERSION()); + is($rv, 1, 'Setting SSL minimum version for ssl_tls_server'); + $rv = Net::SSLeay::set_max_proto_version($ssl_tls_server, Net::SSLeay::TLS1_2_VERSION()); + is($rv, 1, 'Setting SSL maximum version for ssl_tls_server'); +} +else +{ + SKIP: { + skip('Do not have Net::SSLeay::CTX_get_min_proto_version', 14); + }; +} + +# Having TLS_method() does not necessarily that proto getters are available +if ($ctx_tls && exists &Net::SSLeay::CTX_get_min_proto_version) +{ + my $ver; + $ver = Net::SSLeay::CTX_get_min_proto_version($ctx_tls); + ok(is_known_proto_version($ver), 'TLS_method CTX has known minimum version'); + $ver = Net::SSLeay::CTX_get_max_proto_version($ctx_tls); + ok(is_known_proto_version($ver), 'TLS_method CTX has known maximum version'); + + $ver = Net::SSLeay::get_min_proto_version($ssl_tls); + ok(is_known_proto_version($ver), 'SSL from TLS_method CTX has known minimum version'); + $ver = Net::SSLeay::get_max_proto_version($ssl_tls); + ok(is_known_proto_version($ver), 'SSL from TLS_method CTX has known maximum version'); + + # First see if our CTX has min and max settings enabled + $ver = Net::SSLeay::CTX_get_min_proto_version($ctx_tls_client); + is($ver, Net::SSLeay::TLS1_1_VERSION(), 'TLS_client CTX has minimum version correctly set'); + $ver = Net::SSLeay::CTX_get_max_proto_version($ctx_tls_client); + is($ver, Net::SSLeay::TLS1_2_VERSION(), 'TLS_client CTX has maximum version correctly set'); + + # Then see if our client SSL has min and max settings enabled + $ver = Net::SSLeay::get_min_proto_version($ssl_tls_client); + is($ver, Net::SSLeay::TLS1_1_VERSION(), 'SSL from TLS_client CTX has minimum version correctly set'); + $ver = Net::SSLeay::get_max_proto_version($ssl_tls_client); + is($ver, Net::SSLeay::TLS1_2_VERSION(), 'SSL from TLS_client CTX has maximum version correctly set'); + + # Then see if our server SSL has min and max settings enabled + $ver = Net::SSLeay::get_min_proto_version($ssl_tls_server); + is($ver, Net::SSLeay::TLS1_VERSION(), 'SSL from TLS_server CTX has minimum version correctly set'); + $ver = Net::SSLeay::get_max_proto_version($ssl_tls_server); + is($ver, Net::SSLeay::TLS1_2_VERSION(), 'SSL from TLS_server CTX has maximum version correctly set'); +} +else +{ + SKIP: { + skip('Do not have Net::SSLeay::CTX_get_min_proto_version', 10); + }; +} + +if (eval {Net::SSLeay::TLS1_3_VERSION()}) +{ + my $ver_1_2 = Net::SSLeay::TLS1_2_VERSION(); + ok($ver_1_2, "Net::SSLeay::TLS1_2_VERSION() returns non-false: $ver_1_2, hex " . sprintf('0x%04x', $ver_1_2)); + my $ver_1_3 = Net::SSLeay::TLS1_3_VERSION(); + ok($ver_1_3, "Net::SSLeay::TLS1_3_VERSION() returns non-false: $ver_1_3, hex " . sprintf('0x%04x', $ver_1_3)); + isnt($ver_1_2, $ver_1_3, 'Version 1_2 and 1_3 values are different'); + + my $rv = 0; + ok(eval {$rv = Net::SSLeay::OP_NO_TLSv1_3()}, 'Have OP_NO_TLSv1_3'); + isnt($rv, 0, 'OP_NO_TLSv1_3 returns non-zero value'); +} +else +{ + SKIP: { + skip('Do not have Net::SSLeay::TLS1_3_VERSION', 5); + }; +} + +exit(0); diff --git a/cpan/Net-SSLeay/t/local/10_rand.t b/cpan/Net-SSLeay/t/local/10_rand.t new file mode 100644 index 000000000000..fb0f0f3ce13c --- /dev/null +++ b/cpan/Net-SSLeay/t/local/10_rand.t @@ -0,0 +1,147 @@ +# RAND-related tests + +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw( data_file_path initialise_libssl is_libressl ); + +plan tests => 53; + +initialise_libssl(); + +is(Net::SSLeay::RAND_status(), 1, 'RAND_status'); +is(Net::SSLeay::RAND_poll(), 1, 'RAND_poll'); + +# RAND_file_name has significant differences between the two libraries +is_libressl() ? + test_rand_file_name_libressl() : + test_rand_file_name_openssl(); + +# RAND_load_file +my $binary_file = data_file_path('binary-test.file'); +my $binary_file_size = -s $binary_file; + +cmp_ok($binary_file_size, '>=', 1000, "Have binary file with good size: $binary_file $binary_file_size"); +is(Net::SSLeay::RAND_load_file($binary_file, $binary_file_size), $binary_file_size, 'RAND_load with specific size'); +if (Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER")) +{ + # RAND_load_file does nothing on LibreSSL but should return something sane + cmp_ok(Net::SSLeay::RAND_load_file($binary_file, -1), '>', 0, 'RAND_load with -1 is positive with LibreSSL'); +} else { + is(Net::SSLeay::RAND_load_file($binary_file, -1), $binary_file_size, 'RAND_load with -1 returns file size'); +} + +test_rand_bytes(); + +exit(0); + +# With LibreSSL RAND_file_name is expected to always succeed as long +# as the buffer size is large enough. Their manual states that it's +# implemented for API compatibility only and its use is discouraged. +sub test_rand_file_name_libressl +{ + my $file_name = Net::SSLeay::RAND_file_name(300); + isnt($file_name, undef, 'RAND_file_name returns defined value'); + isnt($file_name, q{}, "RAND_file_name returns non-empty string: $file_name"); + + $file_name = Net::SSLeay::RAND_file_name(2); + is($file_name, undef, "RAND_file_name return value is undef with too short buffer"); + + return; +} + +# With OpenSSL there are a number of options that affect +# RAND_file_name return value. Note: we override environment variables +# temporarily because some environments do not have HOME set or may +# already have RANDFILE set. We do not try to trigger a failure which +# happens if there's no HOME nor RANDFILE in order to keep the test +# from becoming overly complicated. +sub test_rand_file_name_openssl +{ + my $file_name; + local %ENV = %ENV; + delete $ENV{RANDFILE}; + + # NOTE: If there are test failures, are you using some type of + # setuid environment? If so, this may affect usability of + # environment variables. + + $ENV{HOME} = '/nosuchdir-1/home'; + $file_name = Net::SSLeay::RAND_file_name(300); + if (Net::SSLeay::SSLeay() >= 0x10100006 && Net::SSLeay::SSLeay() <= 0x1010000f) + { + # This was broken starting with 1.0.0-pre6 and fixed after 1.0.0 + is($file_name, q{}, "RAND_file_name return value is empty and doesn't include '.rnd'"); + } else { + like($file_name, qr/\.rnd/s, "RAND_file_name return value '$file_name' includes '.rnd'"); + } + + my $randfile = '/nosuchdir-2/randfile'; + $ENV{RANDFILE} = $randfile; + $file_name = Net::SSLeay::RAND_file_name(300); + if (Net::SSLeay::SSLeay() < 0x1010001f) { + # On Windows, and possibly other non-Unix systems, 1.0.2 + # series and earlier did not honour RANDFILE. 1.1.0a is an + # educated guess when it starts working with all platforms. + isnt($file_name, q{}, "RAND_file_name returns non-empty string when RANDFILE is set: $file_name"); + } else { + is($file_name, $randfile, "RAND_file_name return value '$file_name' is RANDFILE environment value"); + } + + # RANDFILE is longer than 2 octets. OpenSSL 1.1.0a and later + # return undef with short buffer + $file_name = Net::SSLeay::RAND_file_name(2); + if (Net::SSLeay::SSLeay() < 0x1010001f) { + is($file_name, q{}, "RAND_file_name return value is empty string with too short buffer"); + } else { + is($file_name, undef, "RAND_file_name return value is undef with too short buffer"); + } + + return; +} + +sub test_rand_bytes +{ + my ($ret, $rand_bytes, $rand_length, $rand_expected_length); + + my @rand_lengths = (0, 1, 1024, 65536, 1024**2); + + foreach $rand_expected_length (@rand_lengths) + { + $rand_length = $rand_expected_length; + $ret = Net::SSLeay::RAND_bytes($rand_bytes, $rand_length); + test_rand_bytes_results('RAND_bytes', $ret, $rand_bytes, $rand_length, $rand_expected_length); + } + + foreach $rand_expected_length (@rand_lengths) + { + $rand_length = $rand_expected_length; + $ret = Net::SSLeay::RAND_pseudo_bytes($rand_bytes, $rand_length); + test_rand_bytes_results('RAND_pseudo_bytes', $ret, $rand_bytes, $rand_length, $rand_expected_length); + } + + if (defined &Net::SSLeay::RAND_priv_bytes) + { + foreach $rand_expected_length (@rand_lengths) + { + $rand_length = $rand_expected_length; + $ret = Net::SSLeay::RAND_priv_bytes($rand_bytes, $rand_length); + test_rand_bytes_results('RAND_priv_bytes', $ret, $rand_bytes, $rand_length, $rand_expected_length); + } + } else { + SKIP : { + # Multiplier is the test count in test_rand_bytes_results + skip("Do not have Net::SSLeay::RAND_priv_bytes", ((scalar @rand_lengths) * 3)); + }; + } +} + +sub test_rand_bytes_results +{ + my ($func, $ret, $rand_bytes, $rand_length, $rand_expected_length) = @_; + + # RAND_bytes functions do not update their rand_length argument, but check for this + is($ret, 1, "$func: $rand_expected_length return value ok"); + is(length($rand_bytes), $rand_length, "$func: length of rand_bytes and rand_length match"); + is(length($rand_bytes), $rand_expected_length, "$func: length of rand_bytes is expected length $rand_length"); +} diff --git a/cpan/Net-SSLeay/t/local/11_read.t b/cpan/Net-SSLeay/t/local/11_read.t new file mode 100644 index 000000000000..bab0ec076aec --- /dev/null +++ b/cpan/Net-SSLeay/t/local/11_read.t @@ -0,0 +1,318 @@ +# Various SSL read and write related tests: SSL_read, SSL_peek, SSL_read_ex, +# SSL_peek_ex, SSL_write_ex, SSL_pending and SSL_has_pending + +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw( + can_fork data_file_path initialise_libssl tcp_socket +); + +use Storable; + +if (not can_fork()) { + plan skip_all => "fork() not supported on this system"; +} else { + plan tests => 53; +} + +initialise_libssl(); + +my $pid; +alarm(30); +END { kill 9,$pid if $pid } + +my $server = tcp_socket(); + +# See that lengths differ for all msgs +my $msg1 = "1 first message from server"; +my $msg2 = "2 second message from server"; +my $msg3 = "3 third message from server: pad"; + +my @rounds = qw(openssl openssl-1.1.0 openssl-1.1.1); + +sub server +{ + # SSL server - just handle connections, send to client and exit + my $cert_pem = data_file_path('simple-cert.cert.pem'); + my $key_pem = data_file_path('simple-cert.key.pem'); + + defined($pid = fork()) or BAIL_OUT("failed to fork: $!"); + if ($pid == 0) { + foreach my $round (@rounds) + { + my ($ctx, $ssl, $cl); + + next if skip_round($round); + + $cl = $server->accept(); + + $ctx = Net::SSLeay::CTX_new(); + Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem); + + $ssl = Net::SSLeay::new($ctx); + Net::SSLeay::set_fd($ssl, fileno($cl)); + Net::SSLeay::accept($ssl); + + Net::SSLeay::write($ssl, $msg1); + Net::SSLeay::write($ssl, $msg2); + + my $msg = Net::SSLeay::read($ssl); + Net::SSLeay::write($ssl, $msg); + Net::SSLeay::shutdown($ssl); + Net::SSLeay::free($ssl); + close($cl) || die("client close: $!"); + } + $server->close() || die("server listen socket close: $!"); + exit(0); + } +} + +sub client +{ + foreach my $round (@rounds) + { + my ($ctx, $ssl, $cl); + + $cl = $server->connect(); + + $ctx = Net::SSLeay::CTX_new(); + $ssl = Net::SSLeay::new($ctx); + + my ($reason, $num_tests) = skip_round($round); + if ($reason) { + SKIP: { + skip($reason, $num_tests); + } + next; + } + + round_openssl($ctx, $ssl, $cl) if $round eq 'openssl'; + round_openssl_1_1_0($ctx, $ssl, $cl) if $round eq 'openssl-1.1.0'; + round_openssl_1_1_1($ctx, $ssl, $cl) if $round eq 'openssl-1.1.1'; + + Net::SSLeay::shutdown($ssl); + Net::SSLeay::free($ssl); + close($cl) || die("client close: $!"); + } + $server->close() || die("client listen socket close: $!"); + return; +} + +# Returns list for skip() if we should skip this round, false if we +# shouldn't +sub skip_round +{ + my ($round) = @_; + + return if $round eq 'openssl'; + + if ($round eq 'openssl-1.1.0') { + if (Net::SSLeay::constant("OPENSSL_VERSION_NUMBER") < 0x1010000f || + Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER")) + { + return ("Need OpenSSL 1.1.0 or later", 6); + } else { + return; + } + } + + if ($round eq 'openssl-1.1.1') { + if (Net::SSLeay::constant("OPENSSL_VERSION_NUMBER") < 0x1010100f || + Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER")) + { + return ("Need OpenSSL 1.1.1 or later", 26); + } else { + return; + } + } + + diag("Unknown round: $round"); + return; +} + +sub round_openssl +{ + my ($ctx, $ssl, $cl) = @_; + + my ($peek_msg, $read_msg, $len, $err, $ret); + + # ssl is not connected yet + $peek_msg = Net::SSLeay::peek($ssl); + is($peek_msg, undef, "scalar: peek returns undef for closed ssl"); + + ($peek_msg, $len) = Net::SSLeay::peek($ssl); + is($peek_msg, undef, "list: peek returns undef for closed ssl"); + cmp_ok($len, '<=', 0, 'list: peek returns length <=0 for closed ssl'); + $err = Net::SSLeay::get_error($ssl, $len); + isnt($err, Net::SSLeay::ERROR_WANT_READ(), "peek err $err is not retryable WANT_READ"); + isnt($err, Net::SSLeay::ERROR_WANT_WRITE(), "peek err $err is not retryable WANT_WRITE"); + + $read_msg = Net::SSLeay::read($ssl); + is($read_msg, undef, "scalar: read returns undef for closed ssl"); + + ($read_msg, $len) = Net::SSLeay::read($ssl); + is($read_msg, undef, "list: read returns undef for closed ssl"); + cmp_ok($len, '<=', 0, 'list: read returns length <=0 for closed ssl'); + $err = Net::SSLeay::get_error($ssl, $len); + isnt($err, Net::SSLeay::ERROR_WANT_READ(), "read err $err is not retryable WANT_READ"); + isnt($err, Net::SSLeay::ERROR_WANT_WRITE(), "read err $err is not retryable WANT_WRITE"); + + $ret = Net::SSLeay::pending($ssl); + is($ret, 0, "pending returns 0 for closed ssl"); + + Net::SSLeay::set_fd($ssl, $cl); + Net::SSLeay::connect($ssl); + + # msg1 + $ret = Net::SSLeay::pending($ssl); + is($ret, 0, "pending returns 0"); + + $peek_msg = Net::SSLeay::peek($ssl); + is($peek_msg, $msg1, "scalar: peek returns msg1"); + + # processing was triggered by peek + $ret = Net::SSLeay::pending($ssl); + is($ret, length($msg1), "pending returns msg1 length"); + + ($peek_msg, $len) = Net::SSLeay::peek($ssl); + is($peek_msg, $msg1, "list: peek returns msg1"); + is($len, length($msg1), "list: peek returns msg1 length"); + + $read_msg = Net::SSLeay::read($ssl); + is($peek_msg, $read_msg, "scalar: read and peek agree about msg1"); + + # msg2 + $peek_msg = Net::SSLeay::peek($ssl); + is($peek_msg, $msg2, "scalar: peek returns msg2"); + + ($read_msg, $len) = Net::SSLeay::read($ssl); + is($peek_msg, $read_msg, "list: read and peek agree about msg2"); + is($len, length($msg2), "list: read returns msg2 length"); + + # msg3 + Net::SSLeay::write($ssl, $msg3); + is(Net::SSLeay::read($ssl), $msg3, "ping with msg3"); + + return; +} + +# Test has_pending and other functionality added in 1.1.0. +# Revisit: Better tests for has_pending +sub round_openssl_1_1_0 +{ + my ($ctx, $ssl, $cl) = @_; + + my ($peek_msg, $read_msg, $len, $err, $ret); + + # ssl is not connected yet + $ret = Net::SSLeay::has_pending($ssl); + is($ret, 0, "1.1.0: has_pending returns 0 for closed ssl"); + + Net::SSLeay::set_fd($ssl, $cl); + Net::SSLeay::connect($ssl); + + # msg1 + $ret = Net::SSLeay::has_pending($ssl); + is($ret, 0, "1.1.0: has_pending returns 0"); + + # This triggers processing after which we have pending data + $peek_msg = Net::SSLeay::peek($ssl); + is($peek_msg, $msg1, "1.1.0: peek returns msg1"); + + $ret = Net::SSLeay::has_pending($ssl); + is($ret, 1, "1.1.0: has_pending returns 1"); + + Net::SSLeay::read($ssl); # Read and discard + + $ret = Net::SSLeay::has_pending($ssl); + is($ret, 0, "1.1.0: has_pending returns 0 after read"); + + # msg2 + Net::SSLeay::read($ssl); # Read and discard + + # msg3 + Net::SSLeay::write($ssl, $msg3); + is(Net::SSLeay::read($ssl), $msg3, "1.1.0: ping with msg3"); + + return; +} + +sub round_openssl_1_1_1 +{ + my ($ctx, $ssl, $cl) = @_; + + my ($peek_msg, $read_msg, $len, $err, $err_ex, $ret); + + # ssl is not connected yet + ($peek_msg, $ret) = Net::SSLeay::peek_ex($ssl); + is($peek_msg, undef, "1.1.1: list: peek_ex returns undef message for closed ssl"); + is($ret, 0, '1.1.1: list: peek_ex returns 0 for closed ssl'); + $err = Net::SSLeay::get_error($ssl, $ret); + isnt($err, Net::SSLeay::ERROR_WANT_READ(), "1.1.1: peek_ex err $err is not retryable WANT_READ"); + isnt($err, Net::SSLeay::ERROR_WANT_WRITE(), "1.1.1: peek_ex err $err is not retryable WANT_WRITE"); + + ($read_msg, $len) = Net::SSLeay::read($ssl); + is($read_msg, undef, "1.1.1: list: read returns undef message for closed ssl"); + cmp_ok($len, '<=', 0, '1.1.1: list: read returns length <=0 for closed ssl'); + $err = Net::SSLeay::get_error($ssl, $len); + isnt($err, Net::SSLeay::ERROR_WANT_READ(), "1.1.1: read err $err is not retryable WANT_READ"); + isnt($err, Net::SSLeay::ERROR_WANT_WRITE(), "1.1.1: read err $err is not retryable WANT_WRITE"); + + ($read_msg, $ret) = Net::SSLeay::read_ex($ssl); + is($read_msg, undef, "1.1.1: list: read_ex returns undef message for closed sssl"); + is($ret, 0, "1.1.1: list: read_ex returns 0 for closed sssl"); + $err_ex = Net::SSLeay::get_error($ssl, $ret); + is ($err_ex, $err, '1.1.1: read_ex and read err are equal'); + + Net::SSLeay::set_fd($ssl, $cl); + Net::SSLeay::connect($ssl); + + # msg1 + $ret = Net::SSLeay::has_pending($ssl); + is($ret, 0, "1.1.1: has_pending returns 0"); + + # This triggers processing after which we have pending data + ($peek_msg, $ret) = Net::SSLeay::peek_ex($ssl); + is($peek_msg, $msg1, "1.1.1: list: peek_ex returns msg1"); + is($ret, 1, "1.1.1: list: peek_ex returns 1"); + + $len = Net::SSLeay::pending($ssl); + is($len, length($msg1), "1.1.1: pending returns msg1 length"); + + $ret = Net::SSLeay::has_pending($ssl); + is($ret, 1, "1.1.1: has_pending returns 1"); + + ($read_msg, $ret) = Net::SSLeay::read_ex($ssl); + is($read_msg, $msg1, "1.1.1: list: read_ex returns msg1"); + is($ret, 1, "1.1.1: list: read_ex returns 1"); + + $len = Net::SSLeay::pending($ssl); + is($len, 0, "1.1.1: pending returns 0 after read_ex"); + + $ret = Net::SSLeay::has_pending($ssl); + is($ret, 0, "1.1.1: has_pending returns 0 after read_ex"); + + # msg2 + Net::SSLeay::read($ssl); # Read and discard + + # msg3 + ($len, $ret) = Net::SSLeay::write_ex($ssl, $msg3); + is($len, length($msg3), "1.1.1: write_ex wrote all"); + is($ret, 1, "1.1.1: write_ex returns 1"); + + my ($read_msg1, $ret1) = Net::SSLeay::read_ex($ssl, 5); + my ($read_msg2, $ret2) = Net::SSLeay::read_ex($ssl, (length($msg3) - 5)); + + is($ret1, 1, '1.1.1: ping with msg3 part1 ok'); + is($ret2, 1, '1.1.1: ping with msg3 part2 ok'); + is(length($read_msg1), 5, '1.1.1: ping with msg3, part1 length was 5'); + is($read_msg1 . $read_msg2, $msg3, "1.1.1: ping with msg3 in two parts"); + + return; +} + +server(); +client(); +waitpid $pid, 0; +exit(0); diff --git a/cpan/Net-SSLeay/t/local/15_bio.t b/cpan/Net-SSLeay/t/local/15_bio.t new file mode 100644 index 000000000000..1a7751f47dbb --- /dev/null +++ b/cpan/Net-SSLeay/t/local/15_bio.t @@ -0,0 +1,23 @@ +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw(initialise_libssl); + +plan tests => 7; + +initialise_libssl(); + +my $data = '0123456789' x 100; +my $len = length $data; + +ok( my $bio = Net::SSLeay::BIO_new( &Net::SSLeay::BIO_s_mem ), 'BIO_new' ); +is( Net::SSLeay::BIO_write($bio, $data), $len, 'BIO_write' ); +is( Net::SSLeay::BIO_pending($bio), $len, 'BIO_pending' ); + +my $read_len = 9; +is( Net::SSLeay::BIO_read($bio, $read_len), substr($data, 0, $read_len), 'BIO_read part' ); +is( Net::SSLeay::BIO_pending($bio), $len - $read_len, 'BIO_pending' ); + +is( Net::SSLeay::BIO_read($bio), substr($data, $read_len), 'BIO_read rest' ); + +ok( Net::SSLeay::BIO_free($bio), 'BIO_free' ); diff --git a/cpan/Net-SSLeay/t/local/20_functions.t b/cpan/Net-SSLeay/t/local/20_functions.t new file mode 100644 index 000000000000..98bdba9ce70e --- /dev/null +++ b/cpan/Net-SSLeay/t/local/20_functions.t @@ -0,0 +1,53 @@ +# Checks whether (a subset of) the functions that should be exported by +# Net::SSLeay can be autoloaded. This script does not check whether constants +# can be autoloaded - see t/local/21_constants.t for that. + +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw(dies_like); + +my @functions = qw( + die_if_ssl_error + die_now + do_https + dump_peer_certificate + get_http + get_http4 + get_https + get_https3 + get_https4 + get_httpx + get_httpx4 + make_form + make_headers + post_http + post_http4 + post_https + post_https3 + post_https4 + post_httpx + post_httpx4 + print_errs + set_cert_and_key + set_server_cert_and_key + sslcat + tcpcat + tcpxcat +); + +plan tests => @functions + 1; + +for (@functions) { + dies_like( + sub { "Net::SSLeay::$_"->(); die "ok\n" }, + qr/^(?!Can't locate .*\.al in \@INC)/, + "function is autoloadable: $_" + ); +} + +dies_like( + sub { Net::SSLeay::doesnt_exist() }, + qr/^Can't locate .*\.al in \@INC/, + 'nonexistent function is not autoloadable' +); diff --git a/cpan/Net-SSLeay/t/local/21_constants.t b/cpan/Net-SSLeay/t/local/21_constants.t new file mode 100644 index 000000000000..611583a63e57 --- /dev/null +++ b/cpan/Net-SSLeay/t/local/21_constants.t @@ -0,0 +1,646 @@ +# This file is automatically generated - do not manually modify it. +# +# To add or remove a constant, edit helper_script/constants.txt, then run +# helper_script/update-exported-constants. + +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw(dies_like); + +# We rely on symbolic references in the dies_like() tests: +no strict 'refs'; + +plan tests => 607; + +my @constants = qw( + ASN1_STRFLGS_ESC_CTRL + ASN1_STRFLGS_ESC_MSB + ASN1_STRFLGS_ESC_QUOTE + ASN1_STRFLGS_RFC2253 + CB_ACCEPT_EXIT + CB_ACCEPT_LOOP + CB_ALERT + CB_CONNECT_EXIT + CB_CONNECT_LOOP + CB_EXIT + CB_HANDSHAKE_DONE + CB_HANDSHAKE_START + CB_LOOP + CB_READ + CB_READ_ALERT + CB_WRITE + CB_WRITE_ALERT + ERROR_NONE + ERROR_SSL + ERROR_SYSCALL + ERROR_WANT_ACCEPT + ERROR_WANT_CONNECT + ERROR_WANT_READ + ERROR_WANT_WRITE + ERROR_WANT_X509_LOOKUP + ERROR_ZERO_RETURN + EVP_PKS_DSA + EVP_PKS_EC + EVP_PKS_RSA + EVP_PKT_ENC + EVP_PKT_EXCH + EVP_PKT_EXP + EVP_PKT_SIGN + EVP_PK_DH + EVP_PK_DSA + EVP_PK_EC + EVP_PK_RSA + FILETYPE_ASN1 + FILETYPE_PEM + F_CLIENT_CERTIFICATE + F_CLIENT_HELLO + F_CLIENT_MASTER_KEY + F_D2I_SSL_SESSION + F_GET_CLIENT_FINISHED + F_GET_CLIENT_HELLO + F_GET_CLIENT_MASTER_KEY + F_GET_SERVER_FINISHED + F_GET_SERVER_HELLO + F_GET_SERVER_VERIFY + F_I2D_SSL_SESSION + F_READ_N + F_REQUEST_CERTIFICATE + F_SERVER_HELLO + F_SSL_CERT_NEW + F_SSL_GET_NEW_SESSION + F_SSL_NEW + F_SSL_READ + F_SSL_RSA_PRIVATE_DECRYPT + F_SSL_RSA_PUBLIC_ENCRYPT + F_SSL_SESSION_NEW + F_SSL_SESSION_PRINT_FP + F_SSL_SET_FD + F_SSL_SET_RFD + F_SSL_SET_WFD + F_SSL_USE_CERTIFICATE + F_SSL_USE_CERTIFICATE_ASN1 + F_SSL_USE_CERTIFICATE_FILE + F_SSL_USE_PRIVATEKEY + F_SSL_USE_PRIVATEKEY_ASN1 + F_SSL_USE_PRIVATEKEY_FILE + F_SSL_USE_RSAPRIVATEKEY + F_SSL_USE_RSAPRIVATEKEY_ASN1 + F_SSL_USE_RSAPRIVATEKEY_FILE + F_WRITE_PENDING + GEN_DIRNAME + GEN_DNS + GEN_EDIPARTY + GEN_EMAIL + GEN_IPADD + GEN_OTHERNAME + GEN_RID + GEN_URI + GEN_X400 + LIBRESSL_VERSION_NUMBER + MBSTRING_ASC + MBSTRING_BMP + MBSTRING_FLAG + MBSTRING_UNIV + MBSTRING_UTF8 + MIN_RSA_MODULUS_LENGTH_IN_BYTES + MODE_ACCEPT_MOVING_WRITE_BUFFER + MODE_AUTO_RETRY + MODE_ENABLE_PARTIAL_WRITE + MODE_RELEASE_BUFFERS + NID_OCSP_sign + NID_SMIMECapabilities + NID_X500 + NID_X509 + NID_ad_OCSP + NID_ad_ca_issuers + NID_algorithm + NID_authority_key_identifier + NID_basic_constraints + NID_bf_cbc + NID_bf_cfb64 + NID_bf_ecb + NID_bf_ofb64 + NID_cast5_cbc + NID_cast5_cfb64 + NID_cast5_ecb + NID_cast5_ofb64 + NID_certBag + NID_certificate_policies + NID_client_auth + NID_code_sign + NID_commonName + NID_countryName + NID_crlBag + NID_crl_distribution_points + NID_crl_number + NID_crl_reason + NID_delta_crl + NID_des_cbc + NID_des_cfb64 + NID_des_ecb + NID_des_ede + NID_des_ede3 + NID_des_ede3_cbc + NID_des_ede3_cfb64 + NID_des_ede3_ofb64 + NID_des_ede_cbc + NID_des_ede_cfb64 + NID_des_ede_ofb64 + NID_des_ofb64 + NID_description + NID_desx_cbc + NID_dhKeyAgreement + NID_dnQualifier + NID_dsa + NID_dsaWithSHA + NID_dsaWithSHA1 + NID_dsaWithSHA1_2 + NID_dsa_2 + NID_email_protect + NID_ext_key_usage + NID_ext_req + NID_friendlyName + NID_givenName + NID_hmacWithSHA1 + NID_id_ad + NID_id_ce + NID_id_kp + NID_id_pbkdf2 + NID_id_pe + NID_id_pkix + NID_id_qt_cps + NID_id_qt_unotice + NID_idea_cbc + NID_idea_cfb64 + NID_idea_ecb + NID_idea_ofb64 + NID_info_access + NID_initials + NID_invalidity_date + NID_issuer_alt_name + NID_keyBag + NID_key_usage + NID_localKeyID + NID_localityName + NID_md2 + NID_md2WithRSAEncryption + NID_md5 + NID_md5WithRSA + NID_md5WithRSAEncryption + NID_md5_sha1 + NID_mdc2 + NID_mdc2WithRSA + NID_ms_code_com + NID_ms_code_ind + NID_ms_ctl_sign + NID_ms_efs + NID_ms_ext_req + NID_ms_sgc + NID_name + NID_netscape + NID_netscape_base_url + NID_netscape_ca_policy_url + NID_netscape_ca_revocation_url + NID_netscape_cert_extension + NID_netscape_cert_sequence + NID_netscape_cert_type + NID_netscape_comment + NID_netscape_data_type + NID_netscape_renewal_url + NID_netscape_revocation_url + NID_netscape_ssl_server_name + NID_ns_sgc + NID_organizationName + NID_organizationalUnitName + NID_pbeWithMD2AndDES_CBC + NID_pbeWithMD2AndRC2_CBC + NID_pbeWithMD5AndCast5_CBC + NID_pbeWithMD5AndDES_CBC + NID_pbeWithMD5AndRC2_CBC + NID_pbeWithSHA1AndDES_CBC + NID_pbeWithSHA1AndRC2_CBC + NID_pbe_WithSHA1And128BitRC2_CBC + NID_pbe_WithSHA1And128BitRC4 + NID_pbe_WithSHA1And2_Key_TripleDES_CBC + NID_pbe_WithSHA1And3_Key_TripleDES_CBC + NID_pbe_WithSHA1And40BitRC2_CBC + NID_pbe_WithSHA1And40BitRC4 + NID_pbes2 + NID_pbmac1 + NID_pkcs + NID_pkcs3 + NID_pkcs7 + NID_pkcs7_data + NID_pkcs7_digest + NID_pkcs7_encrypted + NID_pkcs7_enveloped + NID_pkcs7_signed + NID_pkcs7_signedAndEnveloped + NID_pkcs8ShroudedKeyBag + NID_pkcs9 + NID_pkcs9_challengePassword + NID_pkcs9_contentType + NID_pkcs9_countersignature + NID_pkcs9_emailAddress + NID_pkcs9_extCertAttributes + NID_pkcs9_messageDigest + NID_pkcs9_signingTime + NID_pkcs9_unstructuredAddress + NID_pkcs9_unstructuredName + NID_private_key_usage_period + NID_rc2_40_cbc + NID_rc2_64_cbc + NID_rc2_cbc + NID_rc2_cfb64 + NID_rc2_ecb + NID_rc2_ofb64 + NID_rc4 + NID_rc4_40 + NID_rc5_cbc + NID_rc5_cfb64 + NID_rc5_ecb + NID_rc5_ofb64 + NID_ripemd160 + NID_ripemd160WithRSA + NID_rle_compression + NID_rsa + NID_rsaEncryption + NID_rsadsi + NID_safeContentsBag + NID_sdsiCertificate + NID_secretBag + NID_serialNumber + NID_server_auth + NID_sha + NID_sha1 + NID_sha1WithRSA + NID_sha1WithRSAEncryption + NID_shaWithRSAEncryption + NID_stateOrProvinceName + NID_subject_alt_name + NID_subject_key_identifier + NID_surname + NID_sxnet + NID_time_stamp + NID_title + NID_undef + NID_uniqueIdentifier + NID_x509Certificate + NID_x509Crl + NID_zlib_compression + NOTHING + OCSP_RESPONSE_STATUS_INTERNALERROR + OCSP_RESPONSE_STATUS_MALFORMEDREQUEST + OCSP_RESPONSE_STATUS_SIGREQUIRED + OCSP_RESPONSE_STATUS_SUCCESSFUL + OCSP_RESPONSE_STATUS_TRYLATER + OCSP_RESPONSE_STATUS_UNAUTHORIZED + OPENSSL_BUILT_ON + OPENSSL_CFLAGS + OPENSSL_CPU_INFO + OPENSSL_DIR + OPENSSL_ENGINES_DIR + OPENSSL_FULL_VERSION_STRING + OPENSSL_INFO_CONFIG_DIR + OPENSSL_INFO_CPU_SETTINGS + OPENSSL_INFO_DIR_FILENAME_SEPARATOR + OPENSSL_INFO_DSO_EXTENSION + OPENSSL_INFO_ENGINES_DIR + OPENSSL_INFO_LIST_SEPARATOR + OPENSSL_INFO_MODULES_DIR + OPENSSL_INFO_SEED_SOURCE + OPENSSL_MODULES_DIR + OPENSSL_PLATFORM + OPENSSL_VERSION + OPENSSL_VERSION_MAJOR + OPENSSL_VERSION_MINOR + OPENSSL_VERSION_NUMBER + OPENSSL_VERSION_PATCH + OPENSSL_VERSION_STRING + OP_ALL + OP_ALLOW_NO_DHE_KEX + OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION + OP_CIPHER_SERVER_PREFERENCE + OP_CISCO_ANYCONNECT + OP_COOKIE_EXCHANGE + OP_CRYPTOPRO_TLSEXT_BUG + OP_DONT_INSERT_EMPTY_FRAGMENTS + OP_ENABLE_MIDDLEBOX_COMPAT + OP_EPHEMERAL_RSA + OP_LEGACY_SERVER_CONNECT + OP_MICROSOFT_BIG_SSLV3_BUFFER + OP_MICROSOFT_SESS_ID_BUG + OP_MSIE_SSLV2_RSA_PADDING + OP_NETSCAPE_CA_DN_BUG + OP_NETSCAPE_CHALLENGE_BUG + OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG + OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG + OP_NON_EXPORT_FIRST + OP_NO_ANTI_REPLAY + OP_NO_CLIENT_RENEGOTIATION + OP_NO_COMPRESSION + OP_NO_ENCRYPT_THEN_MAC + OP_NO_QUERY_MTU + OP_NO_RENEGOTIATION + OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION + OP_NO_SSL_MASK + OP_NO_SSLv2 + OP_NO_SSLv3 + OP_NO_TICKET + OP_NO_TLSv1 + OP_NO_TLSv1_1 + OP_NO_TLSv1_2 + OP_NO_TLSv1_3 + OP_PKCS1_CHECK_1 + OP_PKCS1_CHECK_2 + OP_PRIORITIZE_CHACHA + OP_SAFARI_ECDHE_ECDSA_BUG + OP_SINGLE_DH_USE + OP_SINGLE_ECDH_USE + OP_SSLEAY_080_CLIENT_DH_BUG + OP_SSLREF2_REUSE_CERT_TYPE_BUG + OP_TLSEXT_PADDING + OP_TLS_BLOCK_PADDING_BUG + OP_TLS_D5_BUG + OP_TLS_ROLLBACK_BUG + READING + RECEIVED_SHUTDOWN + RSA_3 + RSA_F4 + R_BAD_AUTHENTICATION_TYPE + R_BAD_CHECKSUM + R_BAD_MAC_DECODE + R_BAD_RESPONSE_ARGUMENT + R_BAD_SSL_FILETYPE + R_BAD_SSL_SESSION_ID_LENGTH + R_BAD_STATE + R_BAD_WRITE_RETRY + R_CHALLENGE_IS_DIFFERENT + R_CIPHER_TABLE_SRC_ERROR + R_INVALID_CHALLENGE_LENGTH + R_NO_CERTIFICATE_SET + R_NO_CERTIFICATE_SPECIFIED + R_NO_CIPHER_LIST + R_NO_CIPHER_MATCH + R_NO_PRIVATEKEY + R_NO_PUBLICKEY + R_NULL_SSL_CTX + R_PEER_DID_NOT_RETURN_A_CERTIFICATE + R_PEER_ERROR + R_PEER_ERROR_CERTIFICATE + R_PEER_ERROR_NO_CIPHER + R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE + R_PUBLIC_KEY_ENCRYPT_ERROR + R_PUBLIC_KEY_IS_NOT_RSA + R_READ_WRONG_PACKET_TYPE + R_SHORT_READ + R_SSL_SESSION_ID_IS_DIFFERENT + R_UNABLE_TO_EXTRACT_PUBLIC_KEY + R_UNKNOWN_REMOTE_ERROR_TYPE + R_UNKNOWN_STATE + R_X509_LIB + SENT_SHUTDOWN + SESSION_ASN1_VERSION + SESS_CACHE_BOTH + SESS_CACHE_CLIENT + SESS_CACHE_NO_AUTO_CLEAR + SESS_CACHE_NO_INTERNAL + SESS_CACHE_NO_INTERNAL_LOOKUP + SESS_CACHE_NO_INTERNAL_STORE + SESS_CACHE_OFF + SESS_CACHE_SERVER + SSL2_MT_CLIENT_CERTIFICATE + SSL2_MT_CLIENT_FINISHED + SSL2_MT_CLIENT_HELLO + SSL2_MT_CLIENT_MASTER_KEY + SSL2_MT_ERROR + SSL2_MT_REQUEST_CERTIFICATE + SSL2_MT_SERVER_FINISHED + SSL2_MT_SERVER_HELLO + SSL2_MT_SERVER_VERIFY + SSL2_VERSION + SSL3_MT_CCS + SSL3_MT_CERTIFICATE + SSL3_MT_CERTIFICATE_REQUEST + SSL3_MT_CERTIFICATE_STATUS + SSL3_MT_CERTIFICATE_URL + SSL3_MT_CERTIFICATE_VERIFY + SSL3_MT_CHANGE_CIPHER_SPEC + SSL3_MT_CLIENT_HELLO + SSL3_MT_CLIENT_KEY_EXCHANGE + SSL3_MT_ENCRYPTED_EXTENSIONS + SSL3_MT_END_OF_EARLY_DATA + SSL3_MT_FINISHED + SSL3_MT_HELLO_REQUEST + SSL3_MT_KEY_UPDATE + SSL3_MT_MESSAGE_HASH + SSL3_MT_NEWSESSION_TICKET + SSL3_MT_NEXT_PROTO + SSL3_MT_SERVER_DONE + SSL3_MT_SERVER_HELLO + SSL3_MT_SERVER_KEY_EXCHANGE + SSL3_MT_SUPPLEMENTAL_DATA + SSL3_RT_ALERT + SSL3_RT_APPLICATION_DATA + SSL3_RT_CHANGE_CIPHER_SPEC + SSL3_RT_HANDSHAKE + SSL3_RT_HEADER + SSL3_RT_INNER_CONTENT_TYPE + SSL3_VERSION + SSLEAY_BUILT_ON + SSLEAY_CFLAGS + SSLEAY_DIR + SSLEAY_PLATFORM + SSLEAY_VERSION + ST_ACCEPT + ST_BEFORE + ST_CONNECT + ST_INIT + ST_OK + ST_READ_BODY + ST_READ_HEADER + TLS1_1_VERSION + TLS1_2_VERSION + TLS1_3_VERSION + TLS1_VERSION + TLSEXT_STATUSTYPE_ocsp + VERIFY_CLIENT_ONCE + VERIFY_FAIL_IF_NO_PEER_CERT + VERIFY_NONE + VERIFY_PEER + VERIFY_POST_HANDSHAKE + V_OCSP_CERTSTATUS_GOOD + V_OCSP_CERTSTATUS_REVOKED + V_OCSP_CERTSTATUS_UNKNOWN + WRITING + X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT + X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS + X509_CHECK_FLAG_NEVER_CHECK_SUBJECT + X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS + X509_CHECK_FLAG_NO_WILDCARDS + X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS + X509_FILETYPE_ASN1 + X509_FILETYPE_DEFAULT + X509_FILETYPE_PEM + X509_LOOKUP + X509_PURPOSE_ANY + X509_PURPOSE_CRL_SIGN + X509_PURPOSE_NS_SSL_SERVER + X509_PURPOSE_OCSP_HELPER + X509_PURPOSE_SMIME_ENCRYPT + X509_PURPOSE_SMIME_SIGN + X509_PURPOSE_SSL_CLIENT + X509_PURPOSE_SSL_SERVER + X509_PURPOSE_TIMESTAMP_SIGN + X509_TRUST_COMPAT + X509_TRUST_EMAIL + X509_TRUST_OBJECT_SIGN + X509_TRUST_OCSP_REQUEST + X509_TRUST_OCSP_SIGN + X509_TRUST_SSL_CLIENT + X509_TRUST_SSL_SERVER + X509_TRUST_TSA + X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH + X509_V_ERR_AKID_SKID_MISMATCH + X509_V_ERR_APPLICATION_VERIFICATION + X509_V_ERR_CA_KEY_TOO_SMALL + X509_V_ERR_CA_MD_TOO_WEAK + X509_V_ERR_CERT_CHAIN_TOO_LONG + X509_V_ERR_CERT_HAS_EXPIRED + X509_V_ERR_CERT_NOT_YET_VALID + X509_V_ERR_CERT_REJECTED + X509_V_ERR_CERT_REVOKED + X509_V_ERR_CERT_SIGNATURE_FAILURE + X509_V_ERR_CERT_UNTRUSTED + X509_V_ERR_CRL_HAS_EXPIRED + X509_V_ERR_CRL_NOT_YET_VALID + X509_V_ERR_CRL_PATH_VALIDATION_ERROR + X509_V_ERR_CRL_SIGNATURE_FAILURE + X509_V_ERR_DANE_NO_MATCH + X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT + X509_V_ERR_DIFFERENT_CRL_SCOPE + X509_V_ERR_EE_KEY_TOO_SMALL + X509_V_ERR_EMAIL_MISMATCH + X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD + X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD + X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD + X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD + X509_V_ERR_EXCLUDED_VIOLATION + X509_V_ERR_HOSTNAME_MISMATCH + X509_V_ERR_INVALID_CA + X509_V_ERR_INVALID_CALL + X509_V_ERR_INVALID_EXTENSION + X509_V_ERR_INVALID_NON_CA + X509_V_ERR_INVALID_POLICY_EXTENSION + X509_V_ERR_INVALID_PURPOSE + X509_V_ERR_IP_ADDRESS_MISMATCH + X509_V_ERR_KEYUSAGE_NO_CERTSIGN + X509_V_ERR_KEYUSAGE_NO_CRL_SIGN + X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE + X509_V_ERR_NO_EXPLICIT_POLICY + X509_V_ERR_NO_VALID_SCTS + X509_V_ERR_OCSP_CERT_UNKNOWN + X509_V_ERR_OCSP_VERIFY_FAILED + X509_V_ERR_OCSP_VERIFY_NEEDED + X509_V_ERR_OUT_OF_MEM + X509_V_ERR_PATH_LENGTH_EXCEEDED + X509_V_ERR_PATH_LOOP + X509_V_ERR_PERMITTED_VIOLATION + X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED + X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED + X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION + X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN + X509_V_ERR_STORE_LOOKUP + X509_V_ERR_SUBJECT_ISSUER_MISMATCH + X509_V_ERR_SUBTREE_MINMAX + X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 + X509_V_ERR_SUITE_B_INVALID_ALGORITHM + X509_V_ERR_SUITE_B_INVALID_CURVE + X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM + X509_V_ERR_SUITE_B_INVALID_VERSION + X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED + X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY + X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE + X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE + X509_V_ERR_UNABLE_TO_GET_CRL + X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY + X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE + X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION + X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION + X509_V_ERR_UNNESTED_RESOURCE + X509_V_ERR_UNSPECIFIED + X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX + X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE + X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE + X509_V_ERR_UNSUPPORTED_NAME_SYNTAX + X509_V_FLAG_ALLOW_PROXY_CERTS + X509_V_FLAG_CB_ISSUER_CHECK + X509_V_FLAG_CHECK_SS_SIGNATURE + X509_V_FLAG_CRL_CHECK + X509_V_FLAG_CRL_CHECK_ALL + X509_V_FLAG_EXPLICIT_POLICY + X509_V_FLAG_EXTENDED_CRL_SUPPORT + X509_V_FLAG_IGNORE_CRITICAL + X509_V_FLAG_INHIBIT_ANY + X509_V_FLAG_INHIBIT_MAP + X509_V_FLAG_LEGACY_VERIFY + X509_V_FLAG_NOTIFY_POLICY + X509_V_FLAG_NO_ALT_CHAINS + X509_V_FLAG_NO_CHECK_TIME + X509_V_FLAG_PARTIAL_CHAIN + X509_V_FLAG_POLICY_CHECK + X509_V_FLAG_POLICY_MASK + X509_V_FLAG_SUITEB_128_LOS + X509_V_FLAG_SUITEB_128_LOS_ONLY + X509_V_FLAG_SUITEB_192_LOS + X509_V_FLAG_TRUSTED_FIRST + X509_V_FLAG_USE_CHECK_TIME + X509_V_FLAG_USE_DELTAS + X509_V_FLAG_X509_STRICT + X509_V_OK + XN_FLAG_COMPAT + XN_FLAG_DN_REV + XN_FLAG_DUMP_UNKNOWN_FIELDS + XN_FLAG_FN_ALIGN + XN_FLAG_FN_LN + XN_FLAG_FN_MASK + XN_FLAG_FN_NONE + XN_FLAG_FN_OID + XN_FLAG_FN_SN + XN_FLAG_MULTILINE + XN_FLAG_ONELINE + XN_FLAG_RFC2253 + XN_FLAG_SEP_COMMA_PLUS + XN_FLAG_SEP_CPLUS_SPC + XN_FLAG_SEP_MASK + XN_FLAG_SEP_MULTILINE + XN_FLAG_SEP_SPLUS_SPC + XN_FLAG_SPC_EQ +); + +my %exported = map { $_ => 1 } @Net::SSLeay::EXPORT_OK; +my @missing; + +for my $c (@constants) { + dies_like( + sub { "Net::SSLeay::$c"->(); die "ok\n"; }, + qr/^(?:ok\n$|Your vendor has not defined SSLeay macro )/, + "constant is exported or not defined: $c" + ); + push @missing, $c if !exists $exported{$c}; +} + +is( + join( q{,}, sort @missing ), + '', + 'no constants missing from @EXPORT_OK (total missing: ' . scalar(@missing) . ')' +); + +dies_like( + sub { Net::SSLeay::_NET_SSLEAY_TEST_UNDEFINED_CONSTANT() }, + qr/^Your vendor has not defined SSLeay macro _NET_SSLEAY_TEST_UNDEFINED_CONSTANT/, + 'referencing an undefined constant raises an exception' +); diff --git a/cpan/Net-SSLeay/t/local/22_provider.t b/cpan/Net-SSLeay/t/local/22_provider.t new file mode 100644 index 000000000000..74c89d2387a7 --- /dev/null +++ b/cpan/Net-SSLeay/t/local/22_provider.t @@ -0,0 +1,106 @@ +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay (initialise_libssl); + +# We don't do intialise_libssl() now because we want to want to +# trigger automatic loading of the default provider. +# +# Quote from +# https://www.openssl.org/docs/manmaster/man7/OSSL_PROVIDER-default.html +# about default provider: +# +# It is loaded automatically the first time that an algorithm is +# fetched from a provider or a function acting on providers is +# called and no other provider has been loaded yet. +# +#initialise_libssl(); # Don't do this + +if (defined &Net::SSLeay::OSSL_PROVIDER_load) { + plan(tests => 16); +} else { + plan(skip_all => "no support for providers"); +} + +# Supplied OpenSSL configuration file may load unwanted providers. +local $ENV{OPENSSL_CONF} = ''; + +# provider loading, availability and unloading +{ + # See top of file why things are done in this order. We don't want + # to load the default provider automatically. + + my $null_provider = Net::SSLeay::OSSL_PROVIDER_load(undef, 'null'); + ok($null_provider, 'null provider load returns a pointer'); + my $null_avail = Net::SSLeay::OSSL_PROVIDER_available(undef, 'null'); + is($null_avail, 1, 'null provider loaded and available'); + + my $default_avail = Net::SSLeay::OSSL_PROVIDER_available(undef, 'default'); + is($default_avail, 0, 'default provider not loaded, not available'); + if ($default_avail) + { + diag('Default provider was already available. More provider tests in this and other provider test files may fail'); + diag('If your configuration loads the default provider, consider ignoring the errors or using OPENSSL_CONF environment variable'); + diag('For example: OPENSSL_CONF=/path/to/openssl/ssl/openssl.cnf.dist make test'); + } + + my $null_unload = Net::SSLeay::OSSL_PROVIDER_unload($null_provider); + is($null_unload, 1, 'null provider successfully unloaded'); + $null_avail = Net::SSLeay::OSSL_PROVIDER_available(undef, 'null'); + is($null_avail, 0, 'null provider is no longer available'); + + $default_avail = Net::SSLeay::OSSL_PROVIDER_available(undef, 'default'); + is($default_avail, 0, 'default provider still not loaded, not available'); + + my $default_provider_undef_libctx = Net::SSLeay::OSSL_PROVIDER_load(undef, 'default'); + ok($default_provider_undef_libctx, 'default provider with NULL libctx loaded successfully'); + + my $libctx = Net::SSLeay::OSSL_LIB_CTX_get0_global_default(); + ok($libctx, 'OSSL_LIB_CTX_get0_global_default() returns a pointer'); + + my $default_provider_default_libctx = Net::SSLeay::OSSL_PROVIDER_load($libctx, 'default'); + ok($default_provider_default_libctx, 'default provider with default libctx loaded successfully'); + is($default_provider_default_libctx, $default_provider_undef_libctx, 'OSSL_PROVIDER_load with undef and defined libctx return the same pointer'); +} + + +# get0_name, selftest +{ + my $null_provider = Net::SSLeay::OSSL_PROVIDER_load(undef, 'null'); + my $default_provider = Net::SSLeay::OSSL_PROVIDER_load(undef, 'default'); + + is(Net::SSLeay::OSSL_PROVIDER_get0_name($null_provider), 'null', 'get0_name for null provider'); + is(Net::SSLeay::OSSL_PROVIDER_get0_name($default_provider), 'default', 'get0_name for default provider'); + + is(Net::SSLeay::OSSL_PROVIDER_self_test($null_provider), 1, 'self_test for null provider'); + is(Net::SSLeay::OSSL_PROVIDER_self_test($default_provider), 1, 'self_test for default provider'); +} + + +# do_all +{ + my %seen_providers; + sub all_cb { + my ($provider_cb, $cbdata_cb) = @_; + + fail('provider already seen') if exists $seen_providers{$provider_cb}; + $seen_providers{$provider_cb} = $cbdata_cb; + return 1; + }; + + my $null_provider = Net::SSLeay::OSSL_PROVIDER_load(undef, 'null'); + my $default_provider = Net::SSLeay::OSSL_PROVIDER_load(undef, 'default'); + my $cbdata = 'data for cb'; + + Net::SSLeay::OSSL_PROVIDER_do_all(undef, \&all_cb, $cbdata); + foreach my $provider ($null_provider, $default_provider) + { + my $name = Net::SSLeay::OSSL_PROVIDER_get0_name($provider); + is(delete $seen_providers{$provider}, $cbdata, "provider '$name' was seen"); + } + foreach my $provider (keys(%seen_providers)) + { + my $name = Net::SSLeay::OSSL_PROVIDER_get0_name($provider); + diag("Provider '$name' was also seen by the callback"); + } +} diff --git a/cpan/Net-SSLeay/t/local/22_provider_try_load.t b/cpan/Net-SSLeay/t/local/22_provider_try_load.t new file mode 100644 index 000000000000..15dd88df5368 --- /dev/null +++ b/cpan/Net-SSLeay/t/local/22_provider_try_load.t @@ -0,0 +1,32 @@ +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay (initialise_libssl); + +# Avoid default provider automatic loading. See 22_provider.t for more +# information. +# +#initialise_libssl(); # Don't do this +# +# We use a separate test file so that we get a newly loaded library +# that still has triggers for automatic loading enabled. + +if (defined &Net::SSLeay::OSSL_PROVIDER_load) { + plan(tests => 3); +} else { + plan(skip_all => "no support for providers"); +} + +# Supplied OpenSSL configuration file may load unwanted providers. +local $ENV{OPENSSL_CONF} = ''; + +my ($null_provider, $default_avail, $null_avail); + +$null_provider = Net::SSLeay::OSSL_PROVIDER_try_load(undef, 'null', 1); +ok($null_provider, 'try_load("null", retain_fallbacks = 1) returns a pointer'); + +$default_avail = Net::SSLeay::OSSL_PROVIDER_available(undef, 'default'); +is($default_avail, 1, 'default provider automatically loaded after try_load("null", retain_fallbacks = 1)'); + +$null_avail = Net::SSLeay::OSSL_PROVIDER_available(undef, 'null'); +is($null_avail, 1, 'null provider loaded after try_load("null", retain_fallbacks = 1)'); diff --git a/cpan/Net-SSLeay/t/local/22_provider_try_load_zero_retain.t b/cpan/Net-SSLeay/t/local/22_provider_try_load_zero_retain.t new file mode 100644 index 000000000000..554443bdba64 --- /dev/null +++ b/cpan/Net-SSLeay/t/local/22_provider_try_load_zero_retain.t @@ -0,0 +1,32 @@ +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay (initialise_libssl); + +# Avoid default provider automatic loading. See 22_provider.t for more +# information. +# +#initialise_libssl(); # Don't do this +# +# We use a separate test file so that we get a newly loaded library +# that still has triggers for automatic loading enabled. + +if (defined &Net::SSLeay::OSSL_PROVIDER_load) { + plan(tests => 3); +} else { + plan(skip_all => "no support for providers"); +} + +# Supplied OpenSSL configuration file may load unwanted providers. +local $ENV{OPENSSL_CONF} = ''; + +my ($null_provider, $default_avail, $null_avail); + +$null_provider = Net::SSLeay::OSSL_PROVIDER_try_load(undef, 'null', 0); +ok($null_provider, 'try_load("null", retain_fallbacks = 0) returns a pointer'); + +$default_avail = Net::SSLeay::OSSL_PROVIDER_available(undef, 'default'); +is($default_avail, 0, 'default provider not automatically loaded after try_load("null", retain_fallbacks = 0)'); + +$null_avail = Net::SSLeay::OSSL_PROVIDER_available(undef, 'null'); +is($null_avail, 1, 'null provider loaded after try_load("null", retain_fallbacks = 0)'); diff --git a/cpan/Net-SSLeay/t/local/30_error.t b/cpan/Net-SSLeay/t/local/30_error.t new file mode 100644 index 000000000000..8ad156044ef3 --- /dev/null +++ b/cpan/Net-SSLeay/t/local/30_error.t @@ -0,0 +1,103 @@ +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw( + dies_like doesnt_warn initialise_libssl lives_ok warns_like +); + +plan tests => 11; + +doesnt_warn('tests run without outputting unexpected warnings'); + +initialise_libssl(); + +# See below near 'sub put_err' for more about how error string and +# erro code contents have changed between library versions. +my $err_string = "foo $$: 1 - error:10000080:BIO routines:"; +$err_string = "foo $$: 1 - error:20000080:BIO routines:" + if Net::SSLeay::SSLeay_version(Net::SSLeay::SSLEAY_VERSION()) =~ m/^OpenSSL 3.0.0-alpha[1-4] /s; +$err_string = "foo $$: 1 - error:2006D080:BIO routines:" + if (Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") || Net::SSLeay::constant("OPENSSL_VERSION_NUMBER") < 0x30000000); + +# Note, die_now usually just prints the process id and the argument string eg: +# 57611: test +# but on some systems, perhaps if diagnostics are enabled, it might [roduce something like: +# found: Uncaught exception from user code: +# 57611: test +# therefore the qr match strings below have been chnaged so they dont have tooccur at the +# beginning of the line. +{ + dies_like(sub { + Net::SSLeay::die_now('test') + }, qr/$$: test\n$/, 'die_now dies without errors'); + + lives_ok(sub { + Net::SSLeay::die_if_ssl_error('test'); + }, 'die_if_ssl_error lives without errors'); + + put_err(); + dies_like(sub { + Net::SSLeay::die_now('test'); + }, qr/$$: test\n$/, 'die_now dies with errors'); + + put_err(); + dies_like(sub { + Net::SSLeay::die_if_ssl_error('test'); + }, qr/$$: test\n$/, 'die_if_ssl_error dies with errors'); +} + +{ + local $Net::SSLeay::trace = 1; + + dies_like(sub { + Net::SSLeay::die_now('foo'); + }, qr/$$: foo\n$/, 'die_now dies without arrors and with trace'); + + lives_ok(sub { + Net::SSLeay::die_if_ssl_error('foo'); + }, 'die_if_ssl_error lives without errors and with trace'); + + put_err(); + warns_like(sub { + dies_like(sub { + Net::SSLeay::die_now('foo'); + }, qr/^$$: foo\n$/, 'die_now dies with errors and trace'); + }, qr/$err_string/i, 'die_now raises warnings about the occurred error when tracing'); + + put_err(); + warns_like(sub { + dies_like(sub { + Net::SSLeay::die_if_ssl_error('foo'); + }, qr/^$$: foo\n$/, 'die_if_ssl_error dies with errors and trace'); + }, qr/$err_string/i, 'die_if_ssl_error raises warnings about the occurred error when tracing'); +} + +# The resulting error strings looks something like below. The number +# after 'foo' is the process id. OpenSSL 3.0.0 drops function name and +# changes how error code is packed. +# - OpenSSL 3.0.0: foo 61488: 1 - error:10000080:BIO routines::no such file +# - OpenSSL 3.0.0-alpha5: foo 16380: 1 - error:10000080:BIO routines::no such file +# - OpenSSL 3.0.0-alpha1: foo 16293: 1 - error:20000080:BIO routines::no such file +# - OpenSSL 1.1.1l: foo 61202: 1 - error:2006D080:BIO routines:BIO_new_file:no such file +# - OpenSSL 1.1.0l: foo 61295: 1 - error:2006D080:BIO routines:BIO_new_file:no such file +# - OpenSSL 1.0.2u: foo 61400: 1 - error:2006D080:BIO routines:BIO_new_file:no such file +# - OpenSSL 1.0.1u: foo 13621: 1 - error:2006D080:BIO routines:BIO_new_file:no such file +# - OpenSSL 1.0.0t: foo 14349: 1 - error:2006D080:BIO routines:BIO_new_file:no such file +# - OpenSSL 0.9.8zh: foo 14605: 1 - error:2006D080:BIO routines:BIO_new_file:no such file +# - OpenSSL 0.9.8f: foo 14692: 1 - error:2006D080:BIO routines:BIO_new_file:no such file +# +# 1.1.1 series and earlier create error by ORing together lib, func +# and reason with 24 bit left shift, 12 bit left shift and without bit +# shift, respectively. +# 3.0.0 alpha1 drops function name from error string and alpha5 +# changes bit shift of lib to 23. +# LibreSSL 2.5.1 drops function name from error string. +sub put_err { + Net::SSLeay::ERR_put_error( + 32, #lib - 0x20 ERR_LIB_BIO 'BIO routines' + 109, #func - 0x6D BIO_F_BIO_NEW_FILE 'BIO_new_file' + 128, #reason - 0x80 BIO_R_NO_SUCH_FILE 'no such file' + 1, #file - file name (not packed into error code) + 1, #line - line number (not packed into error code) + ); +} diff --git a/cpan/Net-SSLeay/t/local/31_rsa_generate_key.t b/cpan/Net-SSLeay/t/local/31_rsa_generate_key.t new file mode 100644 index 000000000000..dec3e8075e1a --- /dev/null +++ b/cpan/Net-SSLeay/t/local/31_rsa_generate_key.t @@ -0,0 +1,65 @@ +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw( dies_like initialise_libssl lives_ok ); + +plan tests => 14; + +initialise_libssl(); + +lives_ok(sub { + Net::SSLeay::RSA_generate_key(2048, 0x10001); +}, 'RSA_generate_key with valid callback'); + +dies_like(sub { + Net::SSLeay::RSA_generate_key(2048, 0x10001, 1); +}, qr/Undefined subroutine &main::1 called/, 'RSA_generate_key with invalid callback'); + +{ + my $called = 0; + + lives_ok(sub { + Net::SSLeay::RSA_generate_key(2048, 0x10001, \&cb); + }, 'RSA_generate_key with valid callback'); + + cmp_ok( $called, '>', 0, 'callback has been called' ); + + sub cb { + my ($i, $n, $d) = @_; + + if ($called == 0) { + is( wantarray(), undef, 'RSA_generate_key callback is executed in void context' ); + is( $d, undef, 'userdata will be undef if no userdata was given' ); + + ok( defined $i, 'first argument is defined' ); + ok( defined $n, 'second argument is defined' ); + } + + $called++; + } +} + +{ + my $called = 0; + my $userdata = 'foo'; + + lives_ok(sub { + Net::SSLeay::RSA_generate_key(2048, 0x10001, \&cb_data, $userdata); + }, 'RSA_generate_key with valid callback and userdata'); + + cmp_ok( $called, '>', 0, 'callback has been called' ); + + sub cb_data { + my ($i, $n, $d) = @_; + + if ($called == 0) { + is( wantarray(), undef, 'RSA_generate_key callback is executed in void context' ); + + ok( defined $i, 'first argument is defined' ); + ok( defined $n, 'second argument is defined' ); + is( $d, $userdata, 'third argument is the userdata we passed in' ); + } + + $called++; + } +} diff --git a/cpan/Net-SSLeay/t/local/32_x509_get_cert_info.t b/cpan/Net-SSLeay/t/local/32_x509_get_cert_info.t new file mode 100644 index 000000000000..1f0f20a863e5 --- /dev/null +++ b/cpan/Net-SSLeay/t/local/32_x509_get_cert_info.t @@ -0,0 +1,407 @@ +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw( + data_file_path initialise_libssl is_libressl is_openssl +); + +use lib '.'; + +my $tests = ( is_openssl() && Net::SSLeay::SSLeay < 0x10100003 ) || is_libressl() + ? 723 + : 726; + +plan tests => $tests; + +initialise_libssl(); + +# Check some basic X509 features added in 1.54: +my $name = Net::SSLeay::X509_NAME_new(); +ok ($name, "X509_NAME_new"); +my $hash = Net::SSLeay::X509_NAME_hash($name); +ok ($hash = 4003674586, "X509_NAME_hash"); + +# Caution from perl 25 onwards, need use lib '.'; above in order to 'do' these files +my $dump = {}; +for my $cert ( qw( extended-cert simple-cert strange-cert wildcard-cert ) ) { + $dump->{"$cert.cert.pem"} = do( data_file_path("$cert.cert.dump") ); +} + +my %available_digests = map {$_=>1} qw( md5 sha1 ); +if (Net::SSLeay::SSLeay >= 0x1000000f) { + my $ctx = Net::SSLeay::EVP_MD_CTX_create(); + %available_digests = map { $_=>1 } grep { + # P_EVP_MD_list_all() does not remove digests disabled in FIPS + my $md; + $md = Net::SSLeay::EVP_get_digestbyname($_) and + Net::SSLeay::EVP_DigestInit($ctx, $md) + } @{Net::SSLeay::P_EVP_MD_list_all()}; +} + +for my $f (keys (%$dump)) { + my $filename = data_file_path($f); + ok(my $bio = Net::SSLeay::BIO_new_file($filename, 'rb'), "BIO_new_file\t$f"); + ok(my $x509 = Net::SSLeay::PEM_read_bio_X509($bio), "PEM_read_bio_X509\t$f"); + ok(Net::SSLeay::X509_get_pubkey($x509), "X509_get_pubkey\t$f"); #only test whether the function works + + ok(my $subj_name = Net::SSLeay::X509_get_subject_name($x509), "X509_get_subject_name\t$f"); + is(my $subj_count = Net::SSLeay::X509_NAME_entry_count($subj_name), $dump->{$f}->{subject}->{count}, "X509_NAME_entry_count\t$f"); + + #BEWARE: values are not the same across different openssl versions therefore cannot test exact match + #is(Net::SSLeay::X509_NAME_oneline($subj_name), $dump->{$f}->{subject}->{oneline}, "X509_NAME_oneline\t$f"); + #is(Net::SSLeay::X509_NAME_print_ex($subj_name), $dump->{$f}->{subject}->{print_rfc2253}, "X509_NAME_print_ex\t$f"); + like(Net::SSLeay::X509_NAME_oneline($subj_name), qr|/OU=.*?/CN=|, "X509_NAME_oneline\t$f"); + like(Net::SSLeay::X509_NAME_print_ex($subj_name), qr|CN=.*?,OU=|, "X509_NAME_print_ex\t$f"); + + for my $i (0..$subj_count-1) { + ok(my $entry = Net::SSLeay::X509_NAME_get_entry($subj_name, $i), "X509_NAME_get_entry\t$f:$i"); + ok(my $asn1_string = Net::SSLeay::X509_NAME_ENTRY_get_data($entry), "X509_NAME_ENTRY_get_data\t$f:$i"); + ok(my $asn1_object = Net::SSLeay::X509_NAME_ENTRY_get_object($entry), "X509_NAME_ENTRY_get_object\t$f:$i"); + is(Net::SSLeay::OBJ_obj2txt($asn1_object,1), $dump->{$f}->{subject}->{entries}->[$i]->{oid}, "OBJ_obj2txt\t$f:$i"); + is(Net::SSLeay::P_ASN1_STRING_get($asn1_string), $dump->{$f}->{subject}->{entries}->[$i]->{data}, "P_ASN1_STRING_get.1\t$f:$i"); + is(Net::SSLeay::P_ASN1_STRING_get($asn1_string, 1), $dump->{$f}->{subject}->{entries}->[$i]->{data_utf8_decoded}, "P_ASN1_STRING_get.2\t$f:$i"); + if (defined $dump->{$f}->{entries}->[$i]->{nid}) { + is(my $nid = Net::SSLeay::OBJ_obj2nid($asn1_object), $dump->{$f}->{subject}->{entries}->[$i]->{nid}, "OBJ_obj2nid\t$f:$i"); + is(Net::SSLeay::OBJ_nid2ln($nid), $dump->{$f}->{subject}->{entries}->[$i]->{ln}, "OBJ_nid2ln\t$f:$i"); + is(Net::SSLeay::OBJ_nid2sn($nid), $dump->{$f}->{subject}->{entries}->[$i]->{sn}, "OBJ_nid2sn\t$f:$i"); + } + } + + ok(my $issuer_name = Net::SSLeay::X509_get_issuer_name($x509), "X509_get_subject_name\t$f"); + is(my $issuer_count = Net::SSLeay::X509_NAME_entry_count($issuer_name), $dump->{$f}->{issuer}->{count}, "X509_NAME_entry_count\t$f"); + is(Net::SSLeay::X509_NAME_oneline($issuer_name), $dump->{$f}->{issuer}->{oneline}, "X509_NAME_oneline\t$f"); + is(Net::SSLeay::X509_NAME_print_ex($issuer_name), $dump->{$f}->{issuer}->{print_rfc2253}, "X509_NAME_print_ex\t$f"); + + for my $i (0..$issuer_count-1) { + ok(my $entry = Net::SSLeay::X509_NAME_get_entry($issuer_name, $i), "X509_NAME_get_entry\t$f:$i"); + ok(my $asn1_string = Net::SSLeay::X509_NAME_ENTRY_get_data($entry), "X509_NAME_ENTRY_get_data\t$f:$i"); + ok(my $asn1_object = Net::SSLeay::X509_NAME_ENTRY_get_object($entry), "X509_NAME_ENTRY_get_object\t$f:$i"); + is(Net::SSLeay::OBJ_obj2txt($asn1_object,1), $dump->{$f}->{issuer}->{entries}->[$i]->{oid}, "OBJ_obj2txt\t$f:$i"); + is(Net::SSLeay::P_ASN1_STRING_get($asn1_string), $dump->{$f}->{issuer}->{entries}->[$i]->{data}, "P_ASN1_STRING_get.1\t$f:$i"); + is(Net::SSLeay::P_ASN1_STRING_get($asn1_string, 1), $dump->{$f}->{issuer}->{entries}->[$i]->{data_utf8_decoded}, "P_ASN1_STRING_get.2\t$f:$i"); + if (defined $dump->{$f}->{entries}->[$i]->{nid}) { + is(my $nid = Net::SSLeay::OBJ_obj2nid($asn1_object), $dump->{$f}->{issuer}->{entries}->[$i]->{nid}, "OBJ_obj2nid\t$f:$i"); + is(Net::SSLeay::OBJ_nid2ln($nid), $dump->{$f}->{issuer}->{entries}->[$i]->{ln}, "OBJ_nid2ln\t$f:$i"); + is(Net::SSLeay::OBJ_nid2sn($nid), $dump->{$f}->{issuer}->{entries}->[$i]->{sn}, "OBJ_nid2sn\t$f:$i"); + } + } + + my @subjectaltnames = Net::SSLeay::X509_get_subjectAltNames($x509); + is(scalar(@subjectaltnames), scalar(@{$dump->{$f}->{subject}->{altnames}}), "subjectaltnames size\t$f"); + for my $i (0..$#subjectaltnames) { + SKIP: { + skip('altname types are different on pre-0.9.7', 1) unless Net::SSLeay::SSLeay >= 0x0090700f || ($i%2)==1; + is($subjectaltnames[$i], $dump->{$f}->{subject}->{altnames}->[$i], "subjectaltnames match\t$f:$i"); + } + } + + #BEWARE: values are not the same across different openssl versions or FIPS mode, therefore testing just >0 + #is(Net::SSLeay::X509_subject_name_hash($x509), $dump->{$f}->{hash}->{subject}->{dec}, 'X509_subject_name_hash dec'); + #is(Net::SSLeay::X509_issuer_name_hash($x509), $dump->{$f}->{hash}->{issuer}->{dec}, 'X509_issuer_name_hash dec'); + #is(Net::SSLeay::X509_issuer_and_serial_hash($x509), $dump->{$f}->{hash}->{issuer_and_serial}->{dec}, "X509_issuer_and_serial_hash dec\t$f"); + cmp_ok(Net::SSLeay::X509_subject_name_hash($x509), '>', 0, "X509_subject_name_hash dec\t$f"); + cmp_ok(Net::SSLeay::X509_issuer_name_hash($x509), '>', 0, "X509_issuer_name_hash dec\t$f"); + cmp_ok(Net::SSLeay::X509_issuer_and_serial_hash($x509), '>', 0, "X509_issuer_and_serial_hash dec\t$f"); + + for my $digest (qw( md5 sha1 )) { + is(Net::SSLeay::X509_get_fingerprint($x509, $digest), + (exists $available_digests{$digest} ? + $dump->{$f}->{fingerprint}->{$digest} : + undef), + "X509_get_fingerprint $digest\t$f"); + } + + my $sha1_digest = Net::SSLeay::EVP_get_digestbyname("sha1"); + SKIP: { + skip('requires openssl-0.9.7', 1) unless Net::SSLeay::SSLeay >= 0x0090700f; + is(Net::SSLeay::X509_pubkey_digest($x509, $sha1_digest), $dump->{$f}->{digest_sha1}->{pubkey}, "X509_pubkey_digest\t$f"); + } + is(Net::SSLeay::X509_digest($x509, $sha1_digest), $dump->{$f}->{digest_sha1}->{x509}, "X509_digest\t$f"); + + + SKIP: { + skip('P_ASN1_TIME_get_isotime requires 0.9.7e+', 2) unless Net::SSLeay::SSLeay >= 0x0090705f; + is(Net::SSLeay::P_ASN1_TIME_get_isotime(Net::SSLeay::X509_get_notBefore($x509)), $dump->{$f}->{not_before}, "X509_get_notBefore\t$f"); + is(Net::SSLeay::P_ASN1_TIME_get_isotime(Net::SSLeay::X509_get_notAfter($x509)), $dump->{$f}->{not_after}, "X509_get_notAfter\t$f"); + } + + ok(my $ai = Net::SSLeay::X509_get_serialNumber($x509), "X509_get_serialNumber\t$f"); + + is(Net::SSLeay::P_ASN1_INTEGER_get_hex($ai), $dump->{$f}->{serial}->{hex}, "serial P_ASN1_INTEGER_get_hex\t$f"); + is(Net::SSLeay::P_ASN1_INTEGER_get_dec($ai), $dump->{$f}->{serial}->{dec}, "serial P_ASN1_INTEGER_get_dec\t$f"); + + SKIP: { + # X509_get0_serialNumber should function the same as X509_get_serialNumber + skip('X509_get0_serialNumber requires OpenSSL 1.1.0+ or LibreSSL 2.8.1+', 3) unless defined (&Net::SSLeay::X509_get0_serialNumber); + ok(my $ai = Net::SSLeay::X509_get0_serialNumber($x509), "X509_get0_serialNumber\t$f"); + + is(Net::SSLeay::P_ASN1_INTEGER_get_hex($ai), $dump->{$f}->{serial}->{hex}, "serial P_ASN1_INTEGER_get_hex\t$f"); + is(Net::SSLeay::P_ASN1_INTEGER_get_dec($ai), $dump->{$f}->{serial}->{dec}, "serial P_ASN1_INTEGER_get_dec\t$f"); + } + + # On platforms with 64-bit long int returns 4294967295 rather than -1 + # Caution, there is much difference between 32 and 64 bit behaviours with + # Net::SSLeay::ASN1_INTEGER_get. + # This test is deleted +# my $asn1_integer = Net::SSLeay::ASN1_INTEGER_get($ai); +# if ($asn1_integer == 4294967295) { +# $asn1_integer = -1; +# } +# is($asn1_integer, $dump->{$f}->{serial}->{long}, "serial ASN1_INTEGER_get\t$f"); + + is(Net::SSLeay::X509_get_version($x509), $dump->{$f}->{version}, "X509_get_version\t$f"); + + is(my $ext_count = Net::SSLeay::X509_get_ext_count($x509), $dump->{$f}->{extensions}->{count}, "X509_get_ext_count\t$f"); + for my $i (0..$ext_count-1) { + ok(my $ext = Net::SSLeay::X509_get_ext($x509,$i), "X509_get_ext\t$f:$i"); + ok(my $asn1_string = Net::SSLeay::X509_EXTENSION_get_data($ext), "X509_EXTENSION_get_data\t$f:$i"); + ok(my $asn1_object = Net::SSLeay::X509_EXTENSION_get_object($ext), "X509_EXTENSION_get_object\t$f:$i"); + SKIP: { + skip('X509_EXTENSION_get_critical works differently on pre-0.9.7', 1) unless Net::SSLeay::SSLeay >= 0x0090700f; + is(Net::SSLeay::X509_EXTENSION_get_critical($ext), $dump->{$f}->{extensions}->{entries}->[$i]->{critical}, "X509_EXTENSION_get_critical\t$f:$i"); + } + is(Net::SSLeay::OBJ_obj2txt($asn1_object,1), $dump->{$f}->{extensions}->{entries}->[$i]->{oid}, "OBJ_obj2txt\t$f:$i"); + + if (defined $dump->{$f}->{extensions}->{entries}->[$i]->{nid}) { + is(my $nid = Net::SSLeay::OBJ_obj2nid($asn1_object), $dump->{$f}->{extensions}->{entries}->[$i]->{nid}, "OBJ_obj2nid\t$f:$i"); + is(Net::SSLeay::OBJ_nid2ln($nid), $dump->{$f}->{extensions}->{entries}->[$i]->{ln}, "OBJ_nid2ln nid=$nid\t$f:$i"); + is(Net::SSLeay::OBJ_nid2sn($nid), $dump->{$f}->{extensions}->{entries}->[$i]->{sn}, "OBJ_nid2sn nid=$nid\t$f:$i"); + #BEARE: handling some special cases - mostly things that varies with different openssl versions + SKIP: { + my $ext_data = $dump->{$f}->{extensions}->{entries}->[$i]->{data}; + + if ( is_openssl() ) { + if ( $nid == 85 + || $nid == 86 ) { + # IPv6 address formatting is broken in a way that loses + # information between OpenSSL 3.0.0-alpha1 and 3.0.0-alpha7, + # so there's no point in running this test + if ( $ext_data =~ /IP Address:(?!(?:\d{1,3}\.){3}\d{1,3})/ + && Net::SSLeay::SSLeay == 0x30000000 + && Net::SSLeay::SSLeay_version( Net::SSLeay::SSLEAY_VERSION() ) =~ /-alpha[2-6]/ ) { + skip( 'This OpenSSL version does not correctly format IPv6 addresses', 1 ); + } + + # "othername" fields in subject and issuer alternative name + # output are unsupported before OpenSSL 3.0.0-alpha2 + if ( + $ext_data =~ m|othername:| + && ( + Net::SSLeay::SSLeay < 0x30000000 + || ( + Net::SSLeay::SSLeay == 0x30000000 + && Net::SSLeay::SSLeay_version( Net::SSLeay::SSLEAY_VERSION() ) =~ /-alpha1\ / + ) + ) + ) { + $ext_data =~ s{(othername:) [^, ]+}{$1}g; + } + } + elsif ( $nid == 89 ) { + # The output formatting for certificate policies has a + # trailing newline before OpenSSL 3.0.0-alpha1 + if ( Net::SSLeay::SSLeay < 0x30000000 ) { + $ext_data .= "\n"; + } + } + elsif ( $nid == 90 ) { + # Authority key identifier formatting has a "keyid:" prefix + # and a trailing newline before OpenSSL 3.0.0-alpha1 + if ( Net::SSLeay::SSLeay < 0x30000000 ) { + $ext_data = 'keyid:' . $ext_data . "\n"; + } + } + elsif ( $nid == 103 ) { + # The output format for CRL distribution points varies between + # different OpenSSL major versions + if ( Net::SSLeay::SSLeay < 0x10000001 ) { + # OpenSSL 0.9.8: + $ext_data =~ s{Full Name:\n }{}g; + $ext_data .= "\n"; + } elsif ( Net::SSLeay::SSLeay < 0x30000000 ) { + # OpenSSL 1.0.0 to 1.1.1: + $ext_data =~ s{(Full Name:\n )}{\n$1}g; + $ext_data .= "\n"; + } + } + elsif ( $nid == 126 ) { + # OID 1.3.6.1.5.5.7.3.17 ("ipsec Internet Key Exchange") isn't + # given its name in extended key usage formatted output before + # OpenSSL 1.1.0-pre3 + if ( Net::SSLeay::SSLeay < 0x10100003 ) { + $ext_data =~ s{ipsec Internet Key Exchange(,|$)}{1.3.6.1.5.5.7.3.17$1}g; + } + } + elsif ( $nid == 177 ) { + # Authority information access formatting has a trailing + # newline before OpenSSL 3.0.0-alpha1 + if ( Net::SSLeay::SSLeay < 0x30000000 ) { + $ext_data .= "\n"; + } + } + } + # LibreSSL is a fork of OpenSSL 1.0.1g, so any pre-1.0.2 changes above + # also apply here: + elsif ( is_libressl() ) { + if ( $nid == 85 + || $nid == 86 ) { + # "othername" fields in subject and issuer alternative name + # output are unsupported + $ext_data =~ s{(othername:) [^, ]+}{$1}g; + } + elsif ( $nid == 89 ) { + # The output formatting for certificate policies has a + # trailing newline + $ext_data .= "\n"; + } + elsif ( $nid == 90 ) { + # Authority key identifier formatting has a "keyid:" prefix + # and a trailing newline + $ext_data = 'keyid:' . $ext_data . "\n"; + } + elsif ( $nid == 103 ) { + # The output format for CRL distribution points contains + # extra newlines between the values, and has leading and + # trailing newlines + $ext_data =~ s{(Full Name:\n )}{\n$1}g; + $ext_data .= "\n"; + } + elsif ( $nid == 126 ) { + # OID 1.3.6.1.5.5.7.3.17 ("ipsec Internet Key Exchange") isn't + # given its name in extended key usage formatted output + $ext_data =~ s{ipsec Internet Key Exchange(,|$)}{1.3.6.1.5.5.7.3.17$1}g; + } + elsif ( $nid == 177 ) { + # Authority information access formatting has a trailing + # newline + $ext_data .= "\n"; + } + } + + is( Net::SSLeay::X509V3_EXT_print($ext), $ext_data, "X509V3_EXT_print nid=$nid\t$f:$i" ); + } + } + } + + SKIP: { + skip('crl_distribution_points requires 0.9.7+', int(@{$dump->{$f}->{cdp}})+1) unless Net::SSLeay::SSLeay >= 0x0090700f; + my @cdp = Net::SSLeay::P_X509_get_crl_distribution_points($x509); + is(scalar(@cdp), scalar(@{$dump->{$f}->{cdp}}), "cdp size\t$f"); + for my $i (0..$#cdp) { + is($cdp[$i], $dump->{$f}->{cdp}->[$i], "cdp match\t$f:$i"); + } + } + + my @keyusage = Net::SSLeay::P_X509_get_key_usage($x509); + my @ns_cert_type = Net::SSLeay::P_X509_get_netscape_cert_type($x509); + is(scalar(@keyusage), scalar(@{$dump->{$f}->{keyusage}}), "keyusage size\t$f"); + is(scalar(@ns_cert_type), scalar(@{$dump->{$f}->{ns_cert_type}}), "ns_cert_type size\t$f"); + for my $i (0..$#keyusage) { + is($keyusage[$i], $dump->{$f}->{keyusage}->[$i], "keyusage match\t$f:$i"); + } + for my $i (0..$#ns_cert_type) { + is($ns_cert_type[$i], $dump->{$f}->{ns_cert_type}->[$i], "ns_cert_type match\t$f:$i"); + } + + SKIP: { + # "ipsec Internet Key Exchange" isn't known by its name in OpenSSL + # 1.1.0-pre2 and below or in LibreSSL + if ( is_openssl() && Net::SSLeay::SSLeay < 0x10100003 + || is_libressl() ) { + @{ $dump->{$f}->{extkeyusage}->{ln} } = + grep { $_ ne 'ipsec Internet Key Exchange' } + @{ $dump->{$f}->{extkeyusage}->{ln} }; + + @{ $dump->{$f}->{extkeyusage}->{nid} } = + grep { $_ != 1022 } + @{ $dump->{$f}->{extkeyusage}->{nid} }; + + @{ $dump->{$f}->{extkeyusage}->{sn} } = + grep { $_ ne 'ipsecIKE' } + @{ $dump->{$f}->{extkeyusage}->{sn} }; + } + + my $test_count = 4 + scalar(@{$dump->{$f}->{extkeyusage}->{oid}}) + + scalar(@{$dump->{$f}->{extkeyusage}->{nid}}) + + scalar(@{$dump->{$f}->{extkeyusage}->{sn}}) + + scalar(@{$dump->{$f}->{extkeyusage}->{ln}}); + + skip('extended key usage requires 0.9.7+', $test_count) unless Net::SSLeay::SSLeay >= 0x0090700f; + my @extkeyusage_oid = Net::SSLeay::P_X509_get_ext_key_usage($x509,0); + my @extkeyusage_nid = Net::SSLeay::P_X509_get_ext_key_usage($x509,1); + my @extkeyusage_sn = Net::SSLeay::P_X509_get_ext_key_usage($x509,2); + my @extkeyusage_ln = Net::SSLeay::P_X509_get_ext_key_usage($x509,3); + + is(scalar(@extkeyusage_oid), scalar(@{$dump->{$f}->{extkeyusage}->{oid}}), "extku_oid size\t$f"); + is(scalar(@extkeyusage_nid), scalar(@{$dump->{$f}->{extkeyusage}->{nid}}), "extku_nid size\t$f"); + is(scalar(@extkeyusage_sn), scalar(@{$dump->{$f}->{extkeyusage}->{sn}}), "extku_sn size\t$f"); + is(scalar(@extkeyusage_ln), scalar(@{$dump->{$f}->{extkeyusage}->{ln}}), "extku_ln size\t$f"); + + for my $i (0..$#extkeyusage_oid) { + is($extkeyusage_oid[$i], $dump->{$f}->{extkeyusage}->{oid}->[$i], "extkeyusage_oid match\t$f:$i"); + } + for my $i (0..$#extkeyusage_nid) { + is($extkeyusage_nid[$i], $dump->{$f}->{extkeyusage}->{nid}->[$i], "extkeyusage_nid match\t$f:$i"); + } + for my $i (0..$#extkeyusage_sn) { + is($extkeyusage_sn[$i], $dump->{$f}->{extkeyusage}->{sn}->[$i], "extkeyusage_sn match\t$f:$i"); + } + for my $i (0..$#extkeyusage_ln) { + is($extkeyusage_ln[$i], $dump->{$f}->{extkeyusage}->{ln}->[$i], "extkeyusage_ln match\t$f:$i"); + } + } + + ok(my $pubkey = Net::SSLeay::X509_get_pubkey($x509), "X509_get_pubkey"); + is(Net::SSLeay::OBJ_obj2txt(Net::SSLeay::P_X509_get_signature_alg($x509)), $dump->{$f}->{signature_alg}, "P_X509_get_signature_alg"); + is(Net::SSLeay::OBJ_obj2txt(Net::SSLeay::P_X509_get_pubkey_alg($x509)), $dump->{$f}->{pubkey_alg}, "P_X509_get_pubkey_alg"); + is(Net::SSLeay::EVP_PKEY_size($pubkey), $dump->{$f}->{pubkey_size}, "EVP_PKEY_size"); + is(Net::SSLeay::EVP_PKEY_bits($pubkey), $dump->{$f}->{pubkey_bits}, "EVP_PKEY_bits"); + SKIP: { + skip('EVP_PKEY_id requires OpenSSL 1.0.0+', 1) unless Net::SSLeay::SSLeay >= 0x1000000f; + is(Net::SSLeay::EVP_PKEY_id($pubkey), $dump->{$f}->{pubkey_id}, "EVP_PKEY_id"); + } + +} + +my $ctx = Net::SSLeay::X509_STORE_CTX_new(); +my $filename = data_file_path('simple-cert.cert.pem'); +my $bio = Net::SSLeay::BIO_new_file($filename, 'rb'); +my $x509 = Net::SSLeay::PEM_read_bio_X509($bio); +my $x509_store = Net::SSLeay::X509_STORE_new(); +Net::SSLeay::X509_STORE_CTX_set_cert($ctx,$x509); + +my $ca_filename = data_file_path('root-ca.cert.pem'); +my $ca_bio = Net::SSLeay::BIO_new_file($ca_filename, 'rb'); +my $ca_x509 = Net::SSLeay::PEM_read_bio_X509($ca_bio); +is (Net::SSLeay::X509_STORE_add_cert($x509_store,$ca_x509), 1, 'X509_STORE_add_cert'); +is (Net::SSLeay::X509_STORE_CTX_init($ctx, $x509_store, $x509), 1, 'X509_STORE_CTX_init'); +SKIP: { + skip('X509_STORE_CTX_get0_cert requires OpenSSL 1.1.0-pre5+ or LibreSSL 2.7.0+', 1) unless defined (&Net::SSLeay::X509_STORE_CTX_get0_cert); + ok (my $x509_from_cert = Net::SSLeay::X509_STORE_CTX_get0_cert($ctx),'Get x509 from store ctx'); +}; +Net::SSLeay::X509_verify_cert($ctx); +ok (my $sk_x509 = Net::SSLeay::X509_STORE_CTX_get1_chain($ctx),'Get STACK_OF(x509) from store ctx'); +my $size; +ok ($size = Net::SSLeay::sk_X509_num($sk_x509),'STACK_OF(X509) size '.$size); +ok (Net::SSLeay::sk_X509_value($sk_x509,0),'STACK_OF(X509) value at 0'); + +my $new_filename = data_file_path('wildcard-cert.cert.pem'); +my $new_bio = Net::SSLeay::BIO_new_file($new_filename,'rb'); +my $new_x509 = Net::SSLeay::PEM_read_bio_X509($new_bio); + +ok (Net::SSLeay::sk_X509_insert($sk_x509,$new_x509,1),'STACK_OK(X509) insert'); +my $new_size; +$new_size = Net::SSLeay::sk_X509_num($sk_x509); +ok ($new_size == $size + 1, 'size is ' . ($size + 1) . ' after insert'); +ok (Net::SSLeay::sk_X509_delete($sk_x509, 1),'STACK_OK(X509) delete'); +$new_size = Net::SSLeay::sk_X509_num($sk_x509); +ok ($new_size == $size, "size is $size after delete"); +ok (Net::SSLeay::sk_X509_unshift($sk_x509,$new_x509),'STACK_OF(X509) unshift'); +$new_size = Net::SSLeay::sk_X509_num($sk_x509); +ok ($new_size == $size + 1, 'size is ' . ($size + 1) . ' after unshift'); +ok (Net::SSLeay::sk_X509_shift($sk_x509),'STACK_OF(X509) shift'); +$new_size = Net::SSLeay::sk_X509_num($sk_x509); +ok ($new_size == $size, "size is $size after shift"); +ok (Net::SSLeay::sk_X509_pop($sk_x509),'STACK_OF(X509) pop'); +$new_size = Net::SSLeay::sk_X509_num($sk_x509); +ok ($new_size == $size - 1, 'size is ' . ($size + 1) . ' after pop'); diff --git a/cpan/Net-SSLeay/t/local/33_x509_create_cert.t b/cpan/Net-SSLeay/t/local/33_x509_create_cert.t new file mode 100644 index 000000000000..3cad03404a68 --- /dev/null +++ b/cpan/Net-SSLeay/t/local/33_x509_create_cert.t @@ -0,0 +1,331 @@ +use lib 'inc'; + +use Net::SSLeay qw(MBSTRING_ASC MBSTRING_UTF8 EVP_PK_RSA EVP_PKT_SIGN EVP_PKT_ENC); +use Test::Net::SSLeay qw( data_file_path initialise_libssl is_openssl ); + +use utf8; + +plan tests => 139; + +initialise_libssl(); + +if (defined &Net::SSLeay::OSSL_PROVIDER_load) +{ + my $provider = Net::SSLeay::OSSL_PROVIDER_load(undef, 'legacy'); + diag('Failed to load legacy provider: PEM_get_string_PrivateKey may fail') + unless $provider; +} + +my $ca_crt_pem = data_file_path('root-ca.cert.pem'); +my $ca_key_pem = data_file_path('root-ca.key.pem'); + +ok(my $bio1 = Net::SSLeay::BIO_new_file($ca_crt_pem, 'r'), "BIO_new_file 1"); +ok(my $ca_cert = Net::SSLeay::PEM_read_bio_X509($bio1), "PEM_read_bio_X509"); +ok(my $bio2 = Net::SSLeay::BIO_new_file($ca_key_pem, 'r'), "BIO_new_file 2"); +ok(my $ca_pk = Net::SSLeay::PEM_read_bio_PrivateKey($bio2), "PEM_read_bio_PrivateKey"); +is(Net::SSLeay::X509_verify($ca_cert, $ca_pk), 1, "X509_verify"); + +ok(my $ca_subject = Net::SSLeay::X509_get_subject_name($ca_cert), "X509_get_subject_name"); +ok(my $ca_issuer = Net::SSLeay::X509_get_issuer_name($ca_cert), "X509_get_issuer_name"); +is(Net::SSLeay::X509_NAME_cmp($ca_issuer, $ca_subject), 0, "X509_NAME_cmp"); + +{ ### X509 certificate - create directly, sign with $ca_pk + ok(my $pk = Net::SSLeay::EVP_PKEY_new(), "EVP_PKEY_new"); + ok(my $rsa = Net::SSLeay::RSA_generate_key(2048, &Net::SSLeay::RSA_F4), "RSA_generate_key"); + ok(Net::SSLeay::EVP_PKEY_assign_RSA($pk,$rsa), "EVP_PKEY_assign_RSA"); + + SKIP: + { + skip 'openssl<1.1.0 required', 1 unless Net::SSLeay::SSLeay < 0x10100000 + or Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER"); + my @params = Net::SSLeay::RSA_get_key_parameters($rsa); + ok(@params == 8, "RSA_get_key_parameters"); + } + + ok(my $x509 = Net::SSLeay::X509_new(), "X509_new"); + ok(Net::SSLeay::X509_set_pubkey($x509,$pk), "X509_set_pubkey"); + ok(my $name = Net::SSLeay::X509_get_subject_name($x509), "X509_get_subject_name"); + + ok(Net::SSLeay::X509_NAME_add_entry_by_NID($name, &Net::SSLeay::NID_commonName, MBSTRING_UTF8, "Common name text X509"), "X509_NAME_add_entry_by_NID"); + #set countryName via add_entry_by_OBJ + ok(my $obj = Net::SSLeay::OBJ_nid2obj(&Net::SSLeay::NID_countryName), "OBJ_nid2obj"); + ok(Net::SSLeay::X509_NAME_add_entry_by_OBJ($name, $obj, MBSTRING_UTF8, "UK"), "X509_NAME_add_entry_by_OBJ"); + #set organizationName via add_entry_by_txt + ok(Net::SSLeay::X509_NAME_add_entry_by_txt($name, "organizationName", MBSTRING_UTF8, "Company Name"), "X509_NAME_add_entry_by_txt"); + + ok(Net::SSLeay::X509_set_version($x509, 3), "X509_set_version"); + ok(my $sn = Net::SSLeay::X509_get_serialNumber($x509), "X509_get_serialNumber"); + + my $pubkey = Net::SSLeay::X509_get_X509_PUBKEY($x509); + ok($pubkey ne '', "X509_get_X509_PUBKEY"); + + ##let us do some ASN1_INTEGER related testing + #test big integer via P_ASN1_INTEGER_set_dec + Net::SSLeay::P_ASN1_INTEGER_set_dec($sn, '123456789123456789123456789123456789123456789'); + # On platforms with 64-bit long int returns 4294967295 rather than -1 + my $asn1_integer = Net::SSLeay::ASN1_INTEGER_get(Net::SSLeay::X509_get_serialNumber($x509)); + if ($asn1_integer == 4294967295) { + $asn1_integer = -1; + } + is($asn1_integer, -1, "ASN1_INTEGER_get"); + is(Net::SSLeay::P_ASN1_INTEGER_get_hex(Net::SSLeay::X509_get_serialNumber($x509)), '058936E53D139AFEFABB2683F150B684045F15', "P_ASN1_INTEGER_get_hex"); + #test short integer via P_ASN1_INTEGER_set_hex + Net::SSLeay::P_ASN1_INTEGER_set_hex($sn, 'D05F14'); + is(Net::SSLeay::ASN1_INTEGER_get(Net::SSLeay::X509_get_serialNumber($x509)), 13655828, "ASN1_INTEGER_get"); + is(Net::SSLeay::P_ASN1_INTEGER_get_dec(Net::SSLeay::X509_get_serialNumber($x509)), '13655828', "P_ASN1_INTEGER_get_dec"); + #test short integer via ASN1_INTEGER_set + Net::SSLeay::ASN1_INTEGER_set($sn, 123456); + is(Net::SSLeay::P_ASN1_INTEGER_get_hex(Net::SSLeay::X509_get_serialNumber($x509)), '01E240', "P_ASN1_INTEGER_get_hex"); + + Net::SSLeay::X509_set_issuer_name($x509, Net::SSLeay::X509_get_subject_name($ca_cert)); + SKIP: { + skip 'openssl-0.9.7e required', 2 unless Net::SSLeay::SSLeay >= 0x0090705f; + ok(Net::SSLeay::P_ASN1_TIME_set_isotime(Net::SSLeay::X509_get_notBefore($x509), "2010-02-01T00:00:00Z"), "P_ASN1_TIME_set_isotime+X509_get_notBefore"); + ok(Net::SSLeay::P_ASN1_TIME_set_isotime(Net::SSLeay::X509_get_notAfter($x509), "2099-02-01T00:00:00Z"), "P_ASN1_TIME_set_isotime+X509_get_notAfter"); + } + + ok(Net::SSLeay::P_X509_add_extensions($x509,$ca_cert, + &Net::SSLeay::NID_key_usage => 'digitalSignature,keyEncipherment', + &Net::SSLeay::NID_basic_constraints => 'CA:FALSE', + &Net::SSLeay::NID_ext_key_usage => 'serverAuth,clientAuth', + &Net::SSLeay::NID_netscape_cert_type => 'server', + &Net::SSLeay::NID_subject_alt_name => 'DNS:s1.dom.com,DNS:s2.dom.com,DNS:s3.dom.com', + &Net::SSLeay::NID_crl_distribution_points => 'URI:http://pki.dom.com/crl1.pem,URI:http://pki.dom.com/crl2.pem', + ), "P_X509_add_extensions"); + + ok(my $sha1_digest = Net::SSLeay::EVP_get_digestbyname("sha1"), "EVP_get_digestbyname"); + ok(Net::SSLeay::X509_sign($x509, $ca_pk, $sha1_digest), "X509_sign"); + + is(Net::SSLeay::X509_get_version($x509), 3, "X509_get_version"); + is(Net::SSLeay::X509_verify($x509, Net::SSLeay::X509_get_pubkey($ca_cert)), 1, "X509_verify"); + + like(my $crt_pem = Net::SSLeay::PEM_get_string_X509($x509), qr/-----BEGIN CERTIFICATE-----/, "PEM_get_string_X509"); + + like(my $key_pem1 = Net::SSLeay::PEM_get_string_PrivateKey($pk), qr/-----BEGIN (RSA )?PRIVATE KEY-----/, "PEM_get_string_PrivateKey+nopasswd"); + like(my $key_pem2 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password"), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd"); + + ok(my $alg1 = Net::SSLeay::EVP_get_cipherbyname("DES-EDE3-CBC"), "EVP_get_cipherbyname"); + like(my $key_pem3 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg1), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg"); + +# DES-EDE3-OFB has no ASN1 support, detected by changes to do_pk8pkey as of openssl 1.0.1n +# https://git.openssl.org/?p=openssl.git;a=commit;h=4d9dc0c269be87b92da188df1fbd8bfee4700eb3 +# this test now fails +# ok(my $alg2 = Net::SSLeay::EVP_get_cipherbyname("DES-EDE3-OFB"), "EVP_get_cipherbyname"); +# like(my $key_pem4 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg2), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg"); + + is(Net::SSLeay::X509_NAME_print_ex($name), "O=Company Name,C=UK,CN=Common name text X509", "X509_NAME_print_ex"); + + # 2014-06-06: Sigh, some versions of openssl have this patch, which afffects the results of this test: + # https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3009244da47b989c4cc59ba02cf81a4e9d8f8431 + # with this patch, the result is "ce83889f1beab8e70aa142e07e94b0ebbd9d59e0" +# is(unpack("H*",Net::SSLeay::X509_NAME_digest($name, $sha1_digest)), "044d7ea7fddced7b9b63799600b9989a63b36819", "X509_NAME_digest"); + + ok(my $ext_idx = Net::SSLeay::X509_get_ext_by_NID($x509, &Net::SSLeay::NID_ext_key_usage), "X509_get_ext_by_NID"); + ok(my $ext = Net::SSLeay::X509_get_ext($x509, $ext_idx), "X509_get_ext"); + is(Net::SSLeay::X509V3_EXT_print($ext), 'TLS Web Server Authentication, TLS Web Client Authentication', "X509V3_EXT_print"); + + #write_file("tmp_cert1.crt.pem", $crt_pem); + #write_file("tmp_cert1.key1.pem", $key_pem1); + #write_file("tmp_cert1.key2.pem", $key_pem2); + #write_file("tmp_cert1.key3.pem", $key_pem3); + #write_file("tmp_cert1.key4.pem", $key_pem4); +} + +{ ### X509_REQ certificate request >> sign >> X509 certificate + + ## PHASE1 - create certificate request + ok(my $pk = Net::SSLeay::EVP_PKEY_new(), "EVP_PKEY_new"); + ok(my $rsa = Net::SSLeay::RSA_generate_key(2048, &Net::SSLeay::RSA_F4), "RSA_generate_key"); + ok(Net::SSLeay::EVP_PKEY_assign_RSA($pk,$rsa), "EVP_PKEY_assign_RSA"); + + ok(my $req = Net::SSLeay::X509_REQ_new(), "X509_REQ_new"); + ok(Net::SSLeay::X509_REQ_set_pubkey($req,$pk), "X509_REQ_set_pubkey"); + ok(my $name = Net::SSLeay::X509_REQ_get_subject_name($req), "X509_REQ_get_subject_name"); + ok(Net::SSLeay::X509_NAME_add_entry_by_txt($name, "commonName", MBSTRING_UTF8, "Common name text X509_REQ"), "X509_NAME_add_entry_by_txt"); + ok(Net::SSLeay::X509_NAME_add_entry_by_txt($name, "countryName", MBSTRING_UTF8, "UK"), "X509_NAME_add_entry_by_txt"); + ok(Net::SSLeay::X509_NAME_add_entry_by_txt($name, "organizationName", MBSTRING_UTF8, "Company Name"), "X509_NAME_add_entry_by_txt"); + + # All these subjectAltNames should be copied to the + # certificate. This array is also used later when checking the + # signed certificate. + my @req_altnames = ( + # Numeric type, Type name, Value to add, Value to expect back, if not equal + #[ Net::SSLeay::GEN_DIRNAME(), 'dirName', 'dir_sect' ], # Would need config file + [ Net::SSLeay::GEN_DNS(), 'DNS', 's1.com' ], + [ Net::SSLeay::GEN_DNS(), 'DNS', 's2.com' ], + #[ Net::SSLeay::GEN_EDIPARTY(), 'EdiPartyName?', '' ], # Name not in OpenSSL source + [ Net::SSLeay::GEN_EMAIL(), 'email', 'foo@xample.com.com' ], + [ Net::SSLeay::GEN_IPADD(), 'IP', '10.20.30.41', pack('CCCC', '10', '20', '30', '41') ], + [ Net::SSLeay::GEN_IPADD(), 'IP', '2001:db8:23::1', pack('nnnnnnnn', 0x2001, 0x0db8, 0x23, 0, 0, 0, 0, 0x01) ], + [ Net::SSLeay::GEN_OTHERNAME(), 'otherName', '2.3.4.5;UTF8:some other identifier', 'some other identifier' ], + [ Net::SSLeay::GEN_RID(), 'RID', '1.2.3.4.1.2.3.4.1.2.3.4.1.2.3.4.1.2.3.4.1.2.3.4.1.2.3.4.1.2.3.4.1.2.3.4.1.2.3.4.1.2.3.4.1.2.3.4.1.2.3.4.1.2.3.4.1.2.3.4.99.1234' ], + [ Net::SSLeay::GEN_URI(), 'URI', 'https://john.doe@www.example.com:123/forum/questions/?tag=networking&order=newest#top' ], + #[ Net::SSLeay::GEN_X400(), 'X400Name?', '' ], # Name not in OpenSSL source + ); + + # Create a comma separated list of typename:value altnames + my $req_ext_altname = ''; + foreach my $alt (@req_altnames) { + $req_ext_altname .= "$alt->[1]:$alt->[2],"; + } + chop $req_ext_altname; # Remove trailing comma + + ok(Net::SSLeay::P_X509_REQ_add_extensions($req, + &Net::SSLeay::NID_key_usage => 'digitalSignature,keyEncipherment', + &Net::SSLeay::NID_basic_constraints => 'CA:FALSE', + &Net::SSLeay::NID_ext_key_usage => 'serverAuth,clientAuth', + &Net::SSLeay::NID_netscape_cert_type => 'server', + &Net::SSLeay::NID_subject_alt_name => $req_ext_altname, + &Net::SSLeay::NID_crl_distribution_points => 'URI:http://pki.com/crl1,URI:http://pki.com/crl2', + ), "P_X509_REQ_add_extensions"); + + #54 = NID_pkcs9_challengePassword - XXX-TODO add new constant + ok(Net::SSLeay::X509_REQ_add1_attr_by_NID($req, 54, MBSTRING_ASC, 'password xyz'), "X509_REQ_add1_attr_by_NID"); + #49 = NID_pkcs9_unstructuredName - XXX-TODO add new constant + ok(Net::SSLeay::X509_REQ_add1_attr_by_NID($req, 49, MBSTRING_ASC, 'Any Uns.name'), "X509_REQ_add1_attr_by_NID"); + + ok(Net::SSLeay::X509_REQ_set_version($req, 2), "X509_REQ_set_version"); + + ok(my $sha1_digest = Net::SSLeay::EVP_get_digestbyname("sha1"), "EVP_get_digestbyname"); + ok(Net::SSLeay::X509_REQ_sign($req, $pk, $sha1_digest), "X509_REQ_sign"); + + ok(my $req_pubkey = Net::SSLeay::X509_REQ_get_pubkey($req), "X509_REQ_get_pubkey"); + is(Net::SSLeay::X509_REQ_verify($req, $req_pubkey), 1, "X509_REQ_verify"); + + is(Net::SSLeay::X509_REQ_get_version($req), 2, "X509_REQ_get_version"); + ok(my $obj_challengePassword = Net::SSLeay::OBJ_txt2obj('1.2.840.113549.1.9.7'), "OBJ_txt2obj"); + ok(my $nid_challengePassword = Net::SSLeay::OBJ_obj2nid($obj_challengePassword), "OBJ_obj2nid"); + is(Net::SSLeay::X509_REQ_get_attr_count($req), 3, "X509_REQ_get_attr_count"); + is(my $n1 = Net::SSLeay::X509_REQ_get_attr_by_NID($req, $nid_challengePassword,-1), 1, "X509_REQ_get_attr_by_NID"); + is(my $n2 = Net::SSLeay::X509_REQ_get_attr_by_OBJ($req, $obj_challengePassword,-1), 1, "X509_REQ_get_attr_by_OBJ"); + + SKIP: { + skip('requires openssl-0.9.7', 3) unless Net::SSLeay::SSLeay >= 0x0090700f; + ok(my @attr_values = Net::SSLeay::P_X509_REQ_get_attr($req, $n1), "P_X509_REQ_get_attr"); + is(scalar(@attr_values), 1, "attr_values size"); + is(Net::SSLeay::P_ASN1_STRING_get($attr_values[0]), "password xyz", "attr_values[0]"); + } + + like(my $req_pem = Net::SSLeay::PEM_get_string_X509_REQ($req), qr/-----BEGIN CERTIFICATE REQUEST-----/, "PEM_get_string_X509_REQ"); + like(my $key_pem = Net::SSLeay::PEM_get_string_PrivateKey($pk), qr/-----BEGIN (RSA )?PRIVATE KEY-----/, "PEM_get_string_PrivateKey"); + + #write_file("tmp_cert2.req.pem", $req_pem); + #write_file("tmp_cert2.key.pem", $key_pem); + + ## PHASE2 - turn X509_REQ into X509 cert + sign with CA key + ok(my $x509ss = Net::SSLeay::X509_new(), "X509_new"); + ok(Net::SSLeay::X509_set_version($x509ss, 2), "X509_set_version"); + ok(my $sn = Net::SSLeay::X509_get_serialNumber($x509ss), "X509_get_serialNumber"); + Net::SSLeay::P_ASN1_INTEGER_set_hex($sn, 'ABCDEF'); + Net::SSLeay::X509_set_issuer_name($x509ss, Net::SSLeay::X509_get_subject_name($ca_cert)); + ok(Net::SSLeay::X509_gmtime_adj(Net::SSLeay::X509_get_notBefore($x509ss), 0), "X509_gmtime_adj + X509_get_notBefore"); + ok(Net::SSLeay::X509_gmtime_adj(Net::SSLeay::X509_get_notAfter($x509ss), 60*60*24*100), "X509_gmtime_adj + X509_get_notAfter"); + ok(Net::SSLeay::X509_set_subject_name($x509ss, Net::SSLeay::X509_REQ_get_subject_name($req)), "X509_set_subject_name + X509_REQ_get_subject_name"); + + ok(Net::SSLeay::P_X509_copy_extensions($req, $x509ss), "P_X509_copy_extensions"); + + ok(my $tmppkey = Net::SSLeay::X509_REQ_get_pubkey($req), "X509_REQ_get_pubkey"); + ok(Net::SSLeay::X509_set_pubkey($x509ss,$tmppkey), "X509_set_pubkey"); + Net::SSLeay::EVP_PKEY_free($tmppkey); + + ok(Net::SSLeay::X509_sign($x509ss, $ca_pk, $sha1_digest), "X509_sign"); + like(my $crt_pem = Net::SSLeay::PEM_get_string_X509($x509ss), qr/-----BEGIN CERTIFICATE-----/, "PEM_get_string_X509"); + + #write_file("tmp_cert2.crt.pem", $crt_pem); + + ## PHASE3 - check some certificate parameters + is(Net::SSLeay::X509_NAME_print_ex(Net::SSLeay::X509_get_subject_name($x509ss)), "O=Company Name,C=UK,CN=Common name text X509_REQ", "X509_NAME_print_ex 1"); + is(Net::SSLeay::X509_NAME_print_ex(Net::SSLeay::X509_get_issuer_name($x509ss)), 'CN=Root CA,OU=Test Suite,O=Net-SSLeay,C=PL', "X509_NAME_print_ex 2"); + SKIP: { + skip 'openssl-0.9.7e required', 2 unless Net::SSLeay::SSLeay >= 0x0090705f; + like(Net::SSLeay::P_ASN1_TIME_get_isotime(Net::SSLeay::X509_get_notBefore($x509ss)), qr/^\d\d\d\d-\d\d-\d\d/, "X509_get_notBefore"); + like(Net::SSLeay::P_ASN1_TIME_get_isotime(Net::SSLeay::X509_get_notAfter($x509ss)), qr/^\d\d\d\d-\d\d-\d\d/, "X509_get_notAfter"); + } + + # See that all subjectAltNames added to request were copied to the certificate + my @altnames = Net::SSLeay::X509_get_subjectAltNames($x509ss); + for (my $i = 0; $i < @req_altnames; $i++) + { + my ($type, $name) = ($altnames[2*$i], $altnames[2*$i+1]); + my $test_vec = $req_altnames[$i]; + my $expected = defined $test_vec->[3] ? $test_vec->[3] : $test_vec->[2]; + + is($type, $test_vec->[0], "subjectAltName type in certificate matches request: $type"); + is($name, $expected, "subjectAltName value in certificate matches request: $test_vec->[2]"); + } + + my $mask = EVP_PK_RSA | EVP_PKT_SIGN | EVP_PKT_ENC; + is(Net::SSLeay::X509_certificate_type($x509ss)&$mask, $mask, "X509_certificate_type"); + + is(Net::SSLeay::X509_REQ_free($req), undef, "X509_REQ_free"); + is(Net::SSLeay::X509_free($x509ss), undef, "X509_free"); +} + +{ ### X509 certificate - unicode + ok(my $x509 = Net::SSLeay::X509_new(), "X509_new"); + ok(my $name = Net::SSLeay::X509_get_subject_name($x509), "X509_get_subject_name"); + my $txt = "\x{17E}lut\xFD"; + utf8::encode($txt); + ok(Net::SSLeay::X509_NAME_add_entry_by_txt($name, "CN", MBSTRING_UTF8, $txt), "X509_NAME_add_entry_by_txt"); + ok(Net::SSLeay::X509_NAME_add_entry_by_txt($name, "OU", MBSTRING_UTF8, "Unit"), "X509_NAME_add_entry_by_txt"); + is(Net::SSLeay::X509_NAME_print_ex($name), 'OU=Unit,CN=\C5\BElut\C3\BD', "X509_NAME_print_ex"); +} + +{ ### X509 certificate - copy some fields from other certificate + + my $orig_crt_pem = data_file_path('wildcard-cert.cert.pem'); + ok(my $bio = Net::SSLeay::BIO_new_file($orig_crt_pem, 'r'), "BIO_new_file"); + ok(my $orig_cert = Net::SSLeay::PEM_read_bio_X509($bio), "PEM_read_bio_X509"); + + ok(my $pk = Net::SSLeay::EVP_PKEY_new(), "EVP_PKEY_new"); + ok(my $rsa = Net::SSLeay::RSA_generate_key(2048, &Net::SSLeay::RSA_F4), "RSA_generate_key"); + ok(Net::SSLeay::EVP_PKEY_assign_RSA($pk,$rsa), "EVP_PKEY_assign_RSA"); + + ok(my $x509 = Net::SSLeay::X509_new(), "X509_new"); + ok(Net::SSLeay::X509_set_pubkey($x509,$pk), "X509_set_pubkey"); + ok(my $name = Net::SSLeay::X509_get_subject_name($orig_cert), "X509_get_subject_name"); + ok(Net::SSLeay::X509_set_subject_name($x509, $name), "X509_set_subject_name"); + + ok(my $sn = Net::SSLeay::X509_get_serialNumber($orig_cert), "X509_get_serialNumber"); + ok(Net::SSLeay::X509_set_serialNumber($x509, $sn), "X509_get_serialNumber"); + + Net::SSLeay::X509_set_issuer_name($x509, Net::SSLeay::X509_get_subject_name($ca_cert)); + SKIP: { + skip 'openssl-0.9.7e required', 2 unless Net::SSLeay::SSLeay >= 0x0090705f; + ok(Net::SSLeay::P_ASN1_TIME_set_isotime(Net::SSLeay::X509_get_notBefore($x509), "2010-02-01T00:00:00Z") , "P_ASN1_TIME_set_isotime+X509_get_notBefore"); + ok(Net::SSLeay::P_ASN1_TIME_set_isotime(Net::SSLeay::X509_get_notAfter($x509), "2038-01-01T00:00:00Z"), "P_ASN1_TIME_set_isotime+X509_get_notAfter"); + } + + ok(my $sha1_digest = Net::SSLeay::EVP_get_digestbyname("sha1"), "EVP_get_digestbyname"); + ok(Net::SSLeay::X509_sign($x509, $ca_pk, $sha1_digest), "X509_sign"); + + like(my $crt_pem = Net::SSLeay::PEM_get_string_X509($x509), qr/-----BEGIN CERTIFICATE-----/, "PEM_get_string_X509"); + like(my $key_pem = Net::SSLeay::PEM_get_string_PrivateKey($pk), qr/-----BEGIN (RSA )?PRIVATE KEY-----/, "PEM_get_string_PrivateKey"); + + #write_file("tmp_cert3.crt.pem", $crt_pem); + #write_file("tmp_cert3.key.pem", $key_pem); +} + +{ ### X509 request from file + some special tests + my $req_pem = data_file_path('simple-cert.csr.pem'); + ok(my $bio = Net::SSLeay::BIO_new_file($req_pem, 'r'), "BIO_new_file"); + ok(my $req = Net::SSLeay::PEM_read_bio_X509_REQ($bio), "PEM_read_bio_X509"); + + ok(my $sha1_digest = Net::SSLeay::EVP_get_digestbyname("sha1"), "EVP_get_digestbyname"); + is(unpack("H*", Net::SSLeay::X509_REQ_digest($req, $sha1_digest)), "372c21a20a6d4e15bf8ecefb487cc604d9a10960", "X509_REQ_digest"); + + ok(my $req2 = Net::SSLeay::X509_REQ_new(), "X509_REQ_new"); + ok(my $name = Net::SSLeay::X509_REQ_get_subject_name($req), "X509_REQ_get_subject_name"); + ok(Net::SSLeay::X509_REQ_set_subject_name($req2, $name), "X509_REQ_set_subject_name"); + is(Net::SSLeay::X509_REQ_free($req), undef, "X509_REQ_free"); +} + +{ ### X509 + X509_REQ loading DER format + my $req_der = data_file_path('simple-cert.csr.der'); + ok(my $bio1 = Net::SSLeay::BIO_new_file($req_der, 'rb'), "BIO_new_file"); + ok(my $req = Net::SSLeay::d2i_X509_REQ_bio($bio1), "d2i_X509_REQ_bio"); + + my $x509_der = data_file_path('simple-cert.cert.der'); + ok(my $bio2 = Net::SSLeay::BIO_new_file($x509_der, 'rb'), "BIO_new_file"); + ok(my $x509 = Net::SSLeay::d2i_X509_bio($bio2), "d2i_X509_bio"); +} diff --git a/cpan/Net-SSLeay/t/local/34_x509_crl.t b/cpan/Net-SSLeay/t/local/34_x509_crl.t new file mode 100644 index 000000000000..0e989878b6a4 --- /dev/null +++ b/cpan/Net-SSLeay/t/local/34_x509_crl.t @@ -0,0 +1,139 @@ +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw( data_file_path initialise_libssl is_openssl ); + +plan tests => 42; + +initialise_libssl(); + +my $ca_crt_pem = data_file_path('intermediate-ca.cert.pem'); +my $ca_key_pem = data_file_path('intermediate-ca.key.pem'); +ok(my $bio1 = Net::SSLeay::BIO_new_file($ca_crt_pem, 'r'), "BIO_new_file 1"); +ok(my $ca_cert = Net::SSLeay::PEM_read_bio_X509($bio1), "PEM_read_bio_X509"); +ok(my $bio2 = Net::SSLeay::BIO_new_file($ca_key_pem, 'r'), "BIO_new_file 2"); +ok(my $ca_pk = Net::SSLeay::PEM_read_bio_PrivateKey($bio2), "PEM_read_bio_PrivateKey"); + +{ ### X509_CRL show info + my $crl_der = data_file_path('intermediate-ca.crl.der'); + my $crl_pem = data_file_path('intermediate-ca.crl.pem'); + + ok(my $bio1 = Net::SSLeay::BIO_new_file($crl_der, 'rb'), "BIO_new_file 1"); + ok(my $bio2 = Net::SSLeay::BIO_new_file($crl_pem, 'r'), "BIO_new_file 2"); + + ok(my $crl1 = Net::SSLeay::d2i_X509_CRL_bio($bio1), "d2i_X509_CRL_bio"); + ok(my $crl2 = Net::SSLeay::PEM_read_bio_X509_CRL($bio2), "PEM_read_bio_X509_CRL"); + + ok(my $name1 = Net::SSLeay::X509_CRL_get_issuer($crl1), "X509_CRL_get_issuer 1"); + ok(my $name2 = Net::SSLeay::X509_CRL_get_issuer($crl2), "X509_CRL_get_issuer 2"); + is(Net::SSLeay::X509_NAME_cmp($name1, $name2), 0, "X509_NAME_cmp"); + + is(Net::SSLeay::X509_NAME_print_ex($name1), 'CN=Intermediate CA,OU=Test Suite,O=Net-SSLeay,C=PL', "X509_NAME_print_ex"); + + ok(my $time_last = Net::SSLeay::X509_CRL_get_lastUpdate($crl1), "X509_CRL_get_lastUpdate"); + ok(my $time_next = Net::SSLeay::X509_CRL_get_nextUpdate($crl1), "X509_CRL_get_nextUpdate"); + SKIP: { + skip 'openssl-0.9.7e required', 2 unless Net::SSLeay::SSLeay >= 0x0090705f; + is(Net::SSLeay::P_ASN1_TIME_get_isotime($time_last), '2020-07-01T00:00:00Z', "P_ASN1_TIME_get_isotime last"); + is(Net::SSLeay::P_ASN1_TIME_get_isotime($time_next), '2020-07-08T00:00:00Z', "P_ASN1_TIME_get_isotime next"); + } + + is(Net::SSLeay::X509_CRL_get_version($crl1), 1, "X509_CRL_get_version"); + ok(my $sha1_digest = Net::SSLeay::EVP_get_digestbyname("sha1"), "EVP_get_digestbyname"); + is(unpack("H*",Net::SSLeay::X509_CRL_digest($crl1, $sha1_digest)), 'f0e5c853477a206c03f7347aee09a01d91df0ac5', "X509_CRL_digest"); +} + +{ ### X509_CRL create + ok(my $crl = Net::SSLeay::X509_CRL_new(), "X509_CRL_new"); + + ok(my $name = Net::SSLeay::X509_get_subject_name($ca_cert), "X509_get_subject_name"); + SKIP: { + skip('requires openssl-0.9.7', 1) unless Net::SSLeay::SSLeay >= 0x0090700f; + ok(Net::SSLeay::X509_CRL_set_issuer_name($crl, $name), "X509_CRL_set_issuer_name"); + } + + if (Net::SSLeay::SSLeay >= 0x0090705f) { + Net::SSLeay::P_ASN1_TIME_set_isotime(Net::SSLeay::X509_CRL_get_lastUpdate($crl), "2010-02-01T00:00:00Z"); + Net::SSLeay::P_ASN1_TIME_set_isotime(Net::SSLeay::X509_CRL_get_nextUpdate($crl), "2011-02-01T00:00:00Z"); + } + else { + # P_ASN1_TIME_set_isotime not available before openssl-0.9.7e + Net::SSLeay::X509_gmtime_adj(Net::SSLeay::X509_CRL_get_lastUpdate($crl), 0); + Net::SSLeay::X509_gmtime_adj(Net::SSLeay::X509_CRL_get_lastUpdate($crl), 0); + } + + SKIP: { + skip('requires openssl-0.9.7', 2) unless Net::SSLeay::SSLeay >= 0x0090700f; + ok(Net::SSLeay::X509_CRL_set_version($crl, 1), "X509_CRL_set_version"); + my $ser = Net::SSLeay::ASN1_INTEGER_new(); + Net::SSLeay::P_ASN1_INTEGER_set_hex($ser, "4AFED5654654BCEDED4AFED5654654BCEDED"); + ok(Net::SSLeay::P_X509_CRL_set_serial($crl, $ser), "P_X509_CRL_set_serial"); + Net::SSLeay::ASN1_INTEGER_free($ser); + } + + my @rev_table = ( + { serial_hex=>'1A2B3D', rev_datetime=>"2011-02-01T00:00:00Z", comp_datetime=>"2911-11-11T00:00:00Z", reason=>2 }, # 2 = cACompromise + { serial_hex=>'2A2B3D', rev_datetime=>"2011-03-01T00:00:00Z", comp_datetime=>"2911-11-11T00:00:00Z", reason=>3 }, # 3 = affiliationChanged + ); + + my $rev_datetime = Net::SSLeay::ASN1_TIME_new(); + my $comp_datetime = Net::SSLeay::ASN1_TIME_new(); + for my $item (@rev_table) { + if (Net::SSLeay::SSLeay >= 0x0090705f) { + Net::SSLeay::P_ASN1_TIME_set_isotime($rev_datetime, $item->{rev_datetime}); + Net::SSLeay::P_ASN1_TIME_set_isotime($comp_datetime, $item->{comp_datetime}); + } + else { + # P_ASN1_TIME_set_isotime not available before openssl-0.9.7e + Net::SSLeay::X509_gmtime_adj($rev_datetime, 0); + Net::SSLeay::X509_gmtime_adj($comp_datetime, 0); + } + SKIP: { + skip('requires openssl-0.9.7', 1) unless Net::SSLeay::SSLeay >= 0x0090700f; + ok(Net::SSLeay::P_X509_CRL_add_revoked_serial_hex($crl, $item->{serial_hex}, $rev_datetime, $item->{reason}, $comp_datetime), "P_X509_CRL_add_revoked_serial_hex"); + } + } + Net::SSLeay::ASN1_TIME_free($rev_datetime); + Net::SSLeay::ASN1_TIME_free($comp_datetime); + + ok(Net::SSLeay::P_X509_CRL_add_extensions($crl,$ca_cert, + &Net::SSLeay::NID_authority_key_identifier => 'keyid:always,issuer:always', + ), "P_X509_CRL_add_extensions"); + + ok(my $sha1_digest = Net::SSLeay::EVP_get_digestbyname("sha1"), "EVP_get_digestbyname"); + SKIP: { + skip('requires openssl-0.9.7', 1) unless Net::SSLeay::SSLeay >= 0x0090700f; + ok(Net::SSLeay::X509_CRL_sort($crl), "X509_CRL_sort"); + } + ok(Net::SSLeay::X509_CRL_sign($crl, $ca_pk, $sha1_digest), "X509_CRL_sign"); + + like(my $crl_pem = Net::SSLeay::PEM_get_string_X509_CRL($crl), qr/-----BEGIN X509 CRL-----/, "PEM_get_string_X509_CRL"); + + #write_file("tmp.crl.pem", $crl_pem); + + is(Net::SSLeay::X509_CRL_free($crl), undef, "X509_CRL_free"); +} + +{ ### special tests + my $crl_der = data_file_path('intermediate-ca.crl.der'); + ok(my $bio = Net::SSLeay::BIO_new_file($crl_der, 'rb'), "BIO_new_file"); + ok(my $crl = Net::SSLeay::d2i_X509_CRL_bio($bio), "d2i_X509_CRL_bio"); + is(Net::SSLeay::X509_CRL_verify($crl, Net::SSLeay::X509_get_pubkey($ca_cert)), 1, "X509_CRL_verify"); + + ok(my $time_last = Net::SSLeay::X509_CRL_get_lastUpdate($crl), "X509_CRL_get_lastUpdate"); + ok(my $time_next = Net::SSLeay::X509_CRL_get_nextUpdate($crl), "X509_CRL_get_nextUpdate"); + + SKIP: { + skip('requires openssl-0.9.7', 2) unless Net::SSLeay::SSLeay >= 0x0090700f; + ok(my $sn = Net::SSLeay::P_X509_CRL_get_serial($crl), "P_X509_CRL_get_serial"); + is(Net::SSLeay::ASN1_INTEGER_get($sn), 1, "ASN1_INTEGER_get"); + } + + SKIP: { + skip('requires openssl-0.9.7', 3) unless Net::SSLeay::SSLeay >= 0x0090700f; + ok(my $crl2 = Net::SSLeay::X509_CRL_new(), "X509_CRL_new"); + ok(Net::SSLeay::X509_CRL_set_lastUpdate($crl2, $time_last), "X509_CRL_set_lastUpdate"); + ok(Net::SSLeay::X509_CRL_set_nextUpdate($crl2, $time_next), "X509_CRL_set_nextUpdate"); + Net::SSLeay::X509_CRL_free($crl2); + } +} diff --git a/cpan/Net-SSLeay/t/local/35_ephemeral.t b/cpan/Net-SSLeay/t/local/35_ephemeral.t new file mode 100644 index 000000000000..f86a80dc05cd --- /dev/null +++ b/cpan/Net-SSLeay/t/local/35_ephemeral.t @@ -0,0 +1,16 @@ +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw(initialise_libssl); + +if (Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") || Net::SSLeay::constant("OPENSSL_VERSION_NUMBER") >= 0x10100000) { + plan skip_all => "LibreSSL and OpenSSL 1.1.0 removed support for ephemeral/temporary RSA private keys"; +} else { + plan tests => 3; +} + +initialise_libssl(); + +ok( my $ctx = Net::SSLeay::CTX_new(), 'CTX_new' ); +ok( my $rsa = Net::SSLeay::RSA_generate_key(2048, Net::SSLeay::RSA_F4()), 'RSA_generate_key' ); +ok( Net::SSLeay::CTX_set_tmp_rsa($ctx, $rsa), 'CTX_set_tmp_rsa' ); diff --git a/cpan/Net-SSLeay/t/local/36_verify.t b/cpan/Net-SSLeay/t/local/36_verify.t new file mode 100644 index 000000000000..393798fed2a2 --- /dev/null +++ b/cpan/Net-SSLeay/t/local/36_verify.t @@ -0,0 +1,372 @@ +# Test various verify and ASN functions + +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw( + can_fork data_file_path initialise_libssl is_libressl is_openssl new_ctx + tcp_socket +); + +plan tests => 105; + +initialise_libssl(); + +my $root_ca_pem = data_file_path('root-ca.cert.pem'); +my $ca_pem = data_file_path('verify-ca.certchain.pem'); +my $ca_dir = ''; +my $cert_pem = data_file_path('verify-cert.cert.pem'); +my $certchain_pem = data_file_path('verify-cert.certchain.pem'); +my $key_pem = data_file_path('verify-cert.key.pem'); + +# The above certificate must specify the following policy OID: +my $required_oid = '1.2.3.4.5'; + +my $pm; +my $pm2; +my $verify_result = -1; + +SKIP: { + skip 'openssl-0.9.8 required', 7 unless Net::SSLeay::SSLeay >= 0x0090800f; + $pm = Net::SSLeay::X509_VERIFY_PARAM_new(); + ok($pm, 'X509_VERIFY_PARAM_new'); + $pm2 = Net::SSLeay::X509_VERIFY_PARAM_new(); + ok($pm2, 'X509_VERIFY_PARAM_new 2'); + ok(Net::SSLeay::X509_VERIFY_PARAM_inherit($pm2, $pm), 'X509_VERIFY_PARAM_inherit'); + ok(Net::SSLeay::X509_VERIFY_PARAM_set1($pm2, $pm), 'X509_VERIFY_PARAM_inherit'); + ok(Net::SSLeay::X509_VERIFY_PARAM_set1_name($pm, 'fred'), 'X509_VERIFY_PARAM_set1_name'); + ok(Net::SSLeay::X509_V_FLAG_ALLOW_PROXY_CERTS() == 0x40, 'X509_V_FLAG_ALLOW_PROXY_CERTS'); + ok(Net::SSLeay::X509_VERIFY_PARAM_set_flags($pm, Net::SSLeay::X509_V_FLAG_ALLOW_PROXY_CERTS()), 'X509_VERIFY_PARAM_set_flags'); +} + +SKIP: { + skip 'openssl-0.9.8a required', 3 unless Net::SSLeay::SSLeay >= 0x0090801f; + + # Between versions 3.2.4 and 3.4.0, LibreSSL signals the use of its legacy + # X.509 verifier via the X509_V_FLAG_LEGACY_VERIFY flag; this flag persists + # even after X509_VERIFY_PARAM_clear_flags() is called + my $base_flags = + is_libressl() + && Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") >= 0x3020400f + && Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") <= 0x3040000f + ? Net::SSLeay::X509_V_FLAG_LEGACY_VERIFY() + : 0; + + ok(Net::SSLeay::X509_VERIFY_PARAM_get_flags($pm) == ($base_flags | Net::SSLeay::X509_V_FLAG_ALLOW_PROXY_CERTS()), 'X509_VERIFY_PARAM_get_flags'); + ok(Net::SSLeay::X509_VERIFY_PARAM_clear_flags($pm, Net::SSLeay::X509_V_FLAG_ALLOW_PROXY_CERTS()), 'X509_VERIFY_PARAM_clear_flags'); + ok(Net::SSLeay::X509_VERIFY_PARAM_get_flags($pm) == ($base_flags | 0), 'X509_VERIFY_PARAM_get_flags'); +}; + +SKIP: { + skip 'openssl-0.9.8 required', 4 unless Net::SSLeay::SSLeay >= 0x0090800f; + ok(Net::SSLeay::X509_PURPOSE_SSL_CLIENT() == 1, 'X509_PURPOSE_SSL_CLIENT'); + ok(Net::SSLeay::X509_VERIFY_PARAM_set_purpose($pm, Net::SSLeay::X509_PURPOSE_SSL_CLIENT()), 'X509_VERIFY_PARAM_set_purpose'); + ok(Net::SSLeay::X509_TRUST_EMAIL() == 4, 'X509_TRUST_EMAIL'); + ok(Net::SSLeay::X509_VERIFY_PARAM_set_trust($pm, Net::SSLeay::X509_TRUST_EMAIL()), 'X509_VERIFY_PARAM_set_trust'); + Net::SSLeay::X509_VERIFY_PARAM_set_depth($pm, 5); + Net::SSLeay::X509_VERIFY_PARAM_set_time($pm, time); + Net::SSLeay::X509_VERIFY_PARAM_free($pm); + Net::SSLeay::X509_VERIFY_PARAM_free($pm2); +} + +# Test ASN1 objects +my $asn_object = Net::SSLeay::OBJ_txt2obj('1.2.3.4', 0); +ok($asn_object, 'OBJ_txt2obj'); +ok(Net::SSLeay::OBJ_obj2txt($asn_object, 0) eq '1.2.3.4', 'OBJ_obj2txt'); + +ok(Net::SSLeay::OBJ_txt2nid('1.2.840.113549.1') == 2, 'OBJ_txt2nid'); # NID_pkcs +ok(Net::SSLeay::OBJ_txt2nid('1.2.840.113549.2.5') == 4, 'OBJ_txt2nid'); # NID_md5 + +ok(Net::SSLeay::OBJ_ln2nid('RSA Data Security, Inc. PKCS') == 2, 'OBJ_ln2nid'); # NID_pkcs +ok(Net::SSLeay::OBJ_ln2nid('md5') == 4, 'OBJ_ln2nid'); # NID_md5 + +ok(Net::SSLeay::OBJ_sn2nid('pkcs') == 2, 'OBJ_sn2nid'); # NID_pkcs +ok(Net::SSLeay::OBJ_sn2nid('MD5') == 4, 'OBJ_sn2nid'); # NID_md5 + +my $asn_object2 = Net::SSLeay::OBJ_txt2obj('1.2.3.4', 0); +ok(Net::SSLeay::OBJ_cmp($asn_object2, $asn_object) == 0, 'OBJ_cmp'); +$asn_object2 = Net::SSLeay::OBJ_txt2obj('1.2.3.5', 0); +ok(Net::SSLeay::OBJ_cmp($asn_object2, $asn_object) != 0, 'OBJ_cmp'); + +ok(1, "Finished with tests that don't need fork"); + +my $server; +SKIP: { + if (not can_fork()) { + skip "fork() not supported on this system", 54; + } + + $server = tcp_socket(); + + run_server(); # Forks: child does not return + $server->close() || die("client listen socket close: $!"); + client(); +} + +verify_local_trust(); + +sub test_policy_checks +{ + my ($ctx, $cl, $ok) = @_; + + $pm = Net::SSLeay::X509_VERIFY_PARAM_new(); + + # Certificate must have this policy + Net::SSLeay::X509_VERIFY_PARAM_set_flags($pm, Net::SSLeay::X509_V_FLAG_POLICY_CHECK() | Net::SSLeay::X509_V_FLAG_EXPLICIT_POLICY()); + + my $oid = $ok ? $required_oid : ( $required_oid . '.1' ); + my $pobject = Net::SSLeay::OBJ_txt2obj($oid, 1); + ok($pobject, "OBJ_txt2obj($oid)"); + is(Net::SSLeay::X509_VERIFY_PARAM_add0_policy($pm, $pobject), 1, "X509_VERIFY_PARAM_add0_policy($oid)"); + + my $ssl = client_get_ssl($ctx, $cl, $pm); + my $ret = Net::SSLeay::connect($ssl); + is($verify_result, Net::SSLeay::get_verify_result($ssl), 'Verify callback result and get_verify_result are equal'); + if ($ok) { + is($ret, 1, 'connect ok: policy checks succeeded'); + is($verify_result, Net::SSLeay::X509_V_OK(), 'Verify result is X509_V_OK'); + print "connect failed: $ret: " . Net::SSLeay::print_errs() . "\n" unless $ret == 1; + } else { + isnt($ret, 1, 'connect not ok: policy checks must fail') if !$ok; + is($verify_result, Net::SSLeay::X509_V_ERR_NO_EXPLICIT_POLICY(), 'Verify result is X509_V_ERR_NO_EXPLICIT_POLICY'); + } + + Net::SSLeay::X509_VERIFY_PARAM_free($pm); +} + +# These need at least OpenSSL 1.0.2 or LibreSSL 2.7.0 +sub test_hostname_checks +{ + my ($ctx, $cl, $ok) = @_; + SKIP: { + skip 'No Net::SSLeay::X509_VERIFY_PARAM_set1_host, skipping hostname_checks', 13 unless (exists &Net::SSLeay::X509_VERIFY_PARAM_set1_host); + + $pm = Net::SSLeay::X509_VERIFY_PARAM_new(); + + # Note: wildcards are supported by default + is(Net::SSLeay::X509_VERIFY_PARAM_set1_host($pm, 'test.johndoe.net-ssleay.example'), 1, 'X509_VERIFY_PARAM_set1_host(test.johndoe.net-ssleay.example)') if $ok; + is(Net::SSLeay::X509_VERIFY_PARAM_add1_host($pm, 'invalid.net-ssleay.example'), 1, 'X509_VERIFY_PARAM_add1_host(invalid.net-ssleay.example)') if !$ok; + + is(Net::SSLeay::X509_VERIFY_PARAM_set1_email($pm, 'john.doe@net-ssleay.example'), 1, 'X509_VERIFY_PARAM_set1_email(john.doe@net-ssleay.example)'); + + # Note: 'set' means that only one successfully set can be active + # set1_ip: IPv4 or IPv6 address as 4 or 16 octet binary. + # setip_ip_asc: IPv4 or IPv6 address as ASCII string + is(Net::SSLeay::X509_VERIFY_PARAM_set1_ip($pm, pack('CCCC', 192, 168, 0, 3)), 1, 'X509_VERIFY_PARAM_set1_ip(192.168.0.3)'); +# is(Net::SSLeay::X509_VERIFY_PARAM_set1_ip($pm, pack('NNNN', hex('20010db8'), hex('01480100'), 0, hex('31'))), 1, 'X509_VERIFY_PARAM_set1_ip(2001:db8:148:100::31)'); +# is(Net::SSLeay::X509_VERIFY_PARAM_set1_ip_asc($pm, '10.20.30.40'), 1, 'X509_VERIFY_PARAM_set1_ip_asc(10.20.30.40)'); +# is(Net::SSLeay::X509_VERIFY_PARAM_set1_ip_asc($pm, '2001:db8:148:100::31'), 1, 'X509_VERIFY_PARAM_set1_ip_asc(2001:db8:148:100::31))'); + + # Also see that incorrect values do not change anything. + is(Net::SSLeay::X509_VERIFY_PARAM_set1_ip($pm, '123'), 0, 'X509_VERIFY_PARAM_set1_ip(123)'); + is(Net::SSLeay::X509_VERIFY_PARAM_set1_ip($pm, '123456789012345'), 0, 'X509_VERIFY_PARAM_set1_ip(123456789012345)'); + is(Net::SSLeay::X509_VERIFY_PARAM_set1_ip_asc($pm, '10.20.30.256'), 0, 'X509_VERIFY_PARAM_set1_ip_asc(10.20.30.256)'); + is(Net::SSLeay::X509_VERIFY_PARAM_set1_ip_asc($pm, '12345::'), 0, 'X509_VERIFY_PARAM_set1_ip_asc(12345::)'); + + my $ssl = client_get_ssl($ctx, $cl, $pm); + my $ret = Net::SSLeay::connect($ssl); + is($verify_result, Net::SSLeay::get_verify_result($ssl), 'Verify callback result and get_verify_result are equal'); + if ($ok) { + is($ret, 1, 'connect ok: hostname checks succeeded'); + is($verify_result, Net::SSLeay::X509_V_OK(), 'Verify result is X509_V_OK'); + print "connect failed: $ret: " . Net::SSLeay::print_errs() . "\n" unless $ret == 1; + } else { + isnt($ret, 1, 'connect not ok: hostname checks must fail') if !$ok; + is($verify_result, Net::SSLeay::X509_V_ERR_HOSTNAME_MISMATCH(), 'Verify result is X509_V_ERR_HOSTNAME_MISMATCH'); + } + + # For some reason OpenSSL 1.0.2 and LibreSSL return undef for get0_peername. Are we doing this wrong? + $pm2 = Net::SSLeay::get0_param($ssl); + my $peername = Net::SSLeay::X509_VERIFY_PARAM_get0_peername($pm2); + if ($ok) { + is($peername, '*.johndoe.net-ssleay.example', 'X509_VERIFY_PARAM_get0_peername returns *.johndoe.net-ssleay.example') + if (Net::SSLeay::SSLeay >= 0x10100000 && is_openssl()); + is($peername, undef, 'X509_VERIFY_PARAM_get0_peername returns undefined for OpenSSL 1.0.2 and LibreSSL') + if (Net::SSLeay::SSLeay < 0x10100000 || is_libressl()); + } else { + is($peername, undef, 'X509_VERIFY_PARAM_get0_peername returns undefined'); + } + + Net::SSLeay::X509_VERIFY_PARAM_free($pm); + Net::SSLeay::X509_VERIFY_PARAM_free($pm2); + } +} + +sub test_wildcard_checks +{ + my ($ctx, $cl) = @_; + SKIP: { + skip 'No Net::SSLeay::X509_VERIFY_PARAM_set1_host, skipping wildcard_checks', 7 unless (exists &Net::SSLeay::X509_VERIFY_PARAM_set1_host); + + $pm = Net::SSLeay::X509_VERIFY_PARAM_new(); + + # Wildcards are allowed by default: disallow + is(Net::SSLeay::X509_VERIFY_PARAM_set1_host($pm, 'test.johndoe.net-ssleay.example'), 1, 'X509_VERIFY_PARAM_set1_host'); + is(Net::SSLeay::X509_VERIFY_PARAM_set_hostflags($pm, Net::SSLeay::X509_CHECK_FLAG_NO_WILDCARDS()), undef, 'X509_VERIFY_PARAM_set_hostflags(X509_CHECK_FLAG_NO_WILDCARDS)'); + + my $ssl = client_get_ssl($ctx, $cl, $pm); + my $ret = Net::SSLeay::connect($ssl); + isnt($ret, 1, 'Connect must fail in wildcard test'); + is($verify_result, Net::SSLeay::get_verify_result($ssl), 'Verify callback result and get_verify_result are equal'); + is($verify_result, Net::SSLeay::X509_V_ERR_HOSTNAME_MISMATCH(), 'Verify result is X509_V_ERR_HOSTNAME_MISMATCH'); + + Net::SSLeay::X509_VERIFY_PARAM_free($pm); + } +} + +sub verify_local_trust { + # Read entire certificate chain + my $bio = Net::SSLeay::BIO_new_file($certchain_pem, 'r'); + ok(my $x509_info_sk = Net::SSLeay::PEM_X509_INFO_read_bio($bio), "PEM_X509_INFO_read_bio able to read in entire chain"); + Net::SSLeay::BIO_free($bio); + # Read just the leaf certificate from the chain + $bio = Net::SSLeay::BIO_new_file($certchain_pem, 'r'); + ok(my $cert = Net::SSLeay::PEM_read_bio_X509($bio), "PEM_read_bio_X509 able to read in single cert from chain"); + Net::SSLeay::BIO_free($bio); + # Read root CA certificate + $bio = Net::SSLeay::BIO_new_file($root_ca_pem, 'r'); + ok(my $ca = Net::SSLeay::PEM_read_bio_X509($bio), "PEM_read_bio_X509 able to read in root CA"); + Net::SSLeay::BIO_free($bio); + + ok(my $x509_sk = Net::SSLeay::sk_X509_new_null(), "sk_X509_new_null creates STACK_OF(X509) successfully"); + ok(my $num = Net::SSLeay::sk_X509_INFO_num($x509_info_sk), "sk_X509_INFO_num is nonzero"); + + # Set up STORE_CTX and verify leaf certificate using only root CA (should fail due to incomplete chain) + ok(my $store = Net::SSLeay::X509_STORE_new(), "X509_STORE_new creates new store"); + ok(Net::SSLeay::X509_STORE_add_cert($store, $ca), "X509_STORE_add_cert CA cert"); + ok(my $ctx = Net::SSLeay::X509_STORE_CTX_new(), "X509_STORE_CTX_new creates new store context"); + is(Net::SSLeay::X509_STORE_CTX_init($ctx, $store, $cert), 1, 'X509_STORE_CTX_init succeeds'); + ok(!Net::SSLeay::X509_verify_cert($ctx), 'X509_verify_cert correctly fails'); + is(Net::SSLeay::X509_STORE_CTX_get_error($ctx), + Net::SSLeay::X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY(), "X509_STORE_CTX_get_error returns unable to get local issuer certificate"); + Net::SSLeay::X509_STORE_free($store); + Net::SSLeay::X509_STORE_CTX_free($ctx); + + # Add all certificates from entire certificate chain to X509 stack + for (my $i = 0; $i < $num; $i++) { + ok(my $x509_info = Net::SSLeay::sk_X509_INFO_value($x509_info_sk, $i), "sk_X509_INFO_value"); + ok(my $x509 = Net::SSLeay::P_X509_INFO_get_x509($x509_info), "P_X509_INFO_get_x509"); + ok(Net::SSLeay::sk_X509_push($x509_sk, $x509), "sk_X509_push"); + } + + # set up STORE_CTX and verify leaf certificate using root CA and chain (should succeed) + ok($store = Net::SSLeay::X509_STORE_new(), "X509_STORE_new creates new store"); + ok(Net::SSLeay::X509_STORE_add_cert($store, $ca), "X509_STORE_add_cert CA cert"); + ok($ctx = Net::SSLeay::X509_STORE_CTX_new(), "X509_STORE_CTX_new creates new store context"); + is(Net::SSLeay::X509_STORE_CTX_init($ctx, $store, $cert, $x509_sk), 1, 'X509_STORE_CTX_init succeeds'); + ok(Net::SSLeay::X509_verify_cert($ctx), 'X509_verify_cert correctly succeeds'); + is(Net::SSLeay::X509_STORE_CTX_get_error($ctx), Net::SSLeay::X509_V_OK(), "X509_STORE_CTX_get_error returns ok"); + Net::SSLeay::X509_STORE_free($store); + Net::SSLeay::X509_STORE_CTX_free($ctx); + + Net::SSLeay::sk_X509_free($x509_sk); +} + +# Prepare and return a new $ssl based on callers verification needs +# Note that this adds tests to caller's test count. +sub client_get_ssl +{ + my ($ctx, $cl, $pm) = @_; + + my $store = Net::SSLeay::CTX_get_cert_store($ctx); + ok($store, 'CTX_get_cert_store'); + is(Net::SSLeay::X509_STORE_set1_param($store, $pm), 1, 'X509_STORE_set1_param'); + + # Needs OpenSSL 1.0.0 or later + #Net::SSLeay::CTX_set1_param($ctx, $pm); + + $verify_result = -1; # Last verification result, set by callback below + my $verify_cb = sub { $verify_result = Net::SSLeay::X509_STORE_CTX_get_error($_[1]); return $_[0];}; + + my $ssl = Net::SSLeay::new($ctx); + Net::SSLeay::set_verify($ssl, Net::SSLeay::VERIFY_PEER(), $verify_cb); + Net::SSLeay::set_fd($ssl, $cl); + + return $ssl; +} + +# SSL client - connect to server and test different verification +# settings +sub client { + my ($ctx, $cl); + foreach my $task (qw( + policy_checks_ok policy_checks_fail + hostname_checks_ok hostname_checks_fail + wildcard_checks + finish)) + { + $ctx = new_ctx(); + is(Net::SSLeay::CTX_load_verify_locations($ctx, $ca_pem, $ca_dir), 1, "load_verify_locations($ca_pem $ca_dir)"); + + $cl = $server->connect(); + + test_policy_checks($ctx, $cl, 1) if $task eq 'policy_checks_ok'; + test_policy_checks($ctx, $cl, 0) if $task eq 'policy_checks_fail'; + test_hostname_checks($ctx, $cl, 1) if $task eq 'hostname_checks_ok'; + test_hostname_checks($ctx, $cl, 0) if $task eq 'hostname_checks_fail'; + test_wildcard_checks($ctx, $cl) if $task eq 'wildcard_checks'; + last if $task eq 'finish'; # Leaves $cl alive + + close($cl) || die("client close: $!"); + } + + # Tell the server to quit and see that our connection is still up + $ctx = new_ctx(); + my $ssl = Net::SSLeay::new($ctx); + Net::SSLeay::set_fd($ssl, $cl); + Net::SSLeay::connect($ssl); + my $end = "end"; + Net::SSLeay::ssl_write_all($ssl, $end); + Net::SSLeay::shutdown($ssl); + ok($end eq Net::SSLeay::ssl_read_all($ssl), 'Successful termination'); + Net::SSLeay::free($ssl); + close($cl) || die("client final close: $!"); + return; +} + +# SSL server - just accept connnections and exit when told to by +# the client +sub run_server +{ + my $pid; + defined($pid = fork()) or BAIL_OUT("failed to fork: $!"); + + return if $pid != 0; + + $SIG{'PIPE'} = 'IGNORE'; + my $ctx = new_ctx(); + Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem); + my $ret = Net::SSLeay::CTX_check_private_key($ctx); + BAIL_OUT("Server: CTX_check_private_key failed: $cert_pem, $key_pem") unless $ret == 1; + if (defined &Net::SSLeay::CTX_set_num_tickets) { + # TLS 1.3 server sends session tickets after a handhake as part of + # the SSL_accept(). If a client finishes all its job including closing + # TCP connectino before a server sends the tickets, SSL_accept() fails + # with SSL_ERROR_SYSCALL and EPIPE errno and the server receives + # SIGPIPE signal. + my $ret = Net::SSLeay::CTX_set_num_tickets($ctx, 0); + BAIL_OUT("Session tickets disabled") unless $ret; + } + + while (1) + { + my $cl = $server->accept() or BAIL_OUT("accept failed: $!"); + my $ssl = Net::SSLeay::new($ctx); + + Net::SSLeay::set_fd($ssl, fileno($cl)); + my $ret = Net::SSLeay::accept($ssl); + next unless $ret == 1; + + # Termination request or other message from client + my $msg = Net::SSLeay::ssl_read_all($ssl); + if (defined $msg and $msg eq 'end') + { + Net::SSLeay::ssl_write_all($ssl, 'end'); + Net::SSLeay::shutdown($ssl); + Net::SSLeay::free($ssl); + close($cl) || die("server close: $!"); + $server->close() || die("server listen socket close: $!"); + exit (0); + } + } +} diff --git a/cpan/Net-SSLeay/t/local/37_asn1_time.t b/cpan/Net-SSLeay/t/local/37_asn1_time.t new file mode 100644 index 000000000000..bc5cef3cd7ed --- /dev/null +++ b/cpan/Net-SSLeay/t/local/37_asn1_time.t @@ -0,0 +1,42 @@ +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw(initialise_libssl); + +plan tests => 10; + +initialise_libssl(); + +my $atime1 = Net::SSLeay::ASN1_TIME_new(); +ok($atime1, 'ASN1_TIME_new [1]'); + +Net::SSLeay::ASN1_TIME_set($atime1, 1999888777); +SKIP: { + skip 'openssl-0.9.8i is buggy', 2 if Net::SSLeay::SSLeay == 0x0090809f; + is(Net::SSLeay::P_ASN1_TIME_put2string($atime1), 'May 16 20:39:37 2033 GMT', 'P_ASN1_TIME_put2string'); + is(Net::SSLeay::P_ASN1_UTCTIME_put2string($atime1), 'May 16 20:39:37 2033 GMT', 'P_ASN1_UTCTIME_put2string'); +} +SKIP: { + skip 'openssl-0.9.7e required', 1 unless Net::SSLeay::SSLeay >= 0x0090705f; + is(Net::SSLeay::P_ASN1_TIME_get_isotime($atime1), '2033-05-16T20:39:37Z', 'P_ASN1_TIME_get_isotime'); +} +Net::SSLeay::ASN1_TIME_free($atime1); + +my $atime2 = Net::SSLeay::ASN1_TIME_new(); +ok($atime2, 'ASN1_TIME_new [2]'); +SKIP: { + skip 'openssl-0.9.7e required', 2 unless Net::SSLeay::SSLeay >= 0x0090705f; + Net::SSLeay::P_ASN1_TIME_set_isotime($atime2, '2075-06-19T13:08:52Z'); + SKIP: { + skip 'openssl-0.9.8i is buggy', 1 if Net::SSLeay::SSLeay == 0x0090809f; + is(Net::SSLeay::P_ASN1_TIME_put2string($atime2), 'Jun 19 13:08:52 2075 GMT', 'P_ASN1_TIME_put2string y=2075'); + } + is(Net::SSLeay::P_ASN1_TIME_get_isotime($atime2), '2075-06-19T13:08:52Z', 'P_ASN1_TIME_get_isotime y=2075'); +} +Net::SSLeay::ASN1_TIME_free($atime2); + +my $atime3 = Net::SSLeay::ASN1_TIME_new(); +ok($atime1, 'ASN1_TIME_new [3]'); +ok(Net::SSLeay::X509_gmtime_adj($atime3, 60*60*24*365*2)); +like(Net::SSLeay::P_ASN1_TIME_put2string($atime3), qr/[A-Z][a-z]+ +\d+ +\d+:\d+:\d+ +20\d\d/, 'X509_gmtime_adj'); +Net::SSLeay::ASN1_TIME_free($atime3); diff --git a/cpan/Net-SSLeay/t/local/38_priv-key.t b/cpan/Net-SSLeay/t/local/38_priv-key.t new file mode 100644 index 000000000000..ce7090f5e5e6 --- /dev/null +++ b/cpan/Net-SSLeay/t/local/38_priv-key.t @@ -0,0 +1,37 @@ +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw( data_file_path initialise_libssl ); + +plan tests => 10; + +initialise_libssl(); + +my $key_pem = data_file_path('simple-cert.key.pem'); +my $key_pem_encrypted = data_file_path('simple-cert.key.enc.pem'); +my $key_password = 'test'; + +{ + ok(my $bio_pem = Net::SSLeay::BIO_new_file($key_pem, 'r'), "BIO_new_file 3"); + ok(Net::SSLeay::PEM_read_bio_PrivateKey($bio_pem), "PEM_read_bio_PrivateKey no password"); +} + +{ + ok(my $bio_pem_encrypted = Net::SSLeay::BIO_new_file($key_pem_encrypted, 'r'), "BIO_new_file"); + ok(Net::SSLeay::PEM_read_bio_PrivateKey($bio_pem_encrypted, sub { $key_password }), "PEM_read_bio_PrivateKey encrypted - callback"); +} + +{ + ok(my $bio_pem_encrypted = Net::SSLeay::BIO_new_file($key_pem_encrypted, 'r'), "BIO_new_file"); + ok(Net::SSLeay::PEM_read_bio_PrivateKey($bio_pem_encrypted, undef, $key_password), "PEM_read_bio_PrivateKey encrypted - password"); +} + +{ + ok(my $bio_pem_encrypted = Net::SSLeay::BIO_new_file($key_pem_encrypted, 'r'), "BIO_new_file"); + ok(!Net::SSLeay::PEM_read_bio_PrivateKey($bio_pem_encrypted, sub { $key_password . 'invalid' }), "PEM_read_bio_PrivateKey encrypted - callback (wrong password)"); +} + +{ + ok(my $bio_pem_encrypted = Net::SSLeay::BIO_new_file($key_pem_encrypted, 'r'), "BIO_new_file"); + ok(!Net::SSLeay::PEM_read_bio_PrivateKey($bio_pem_encrypted, undef, $key_password . 'invalid'), "PEM_read_bio_PrivateKey encrypted - password (wrong password)"); +} diff --git a/cpan/Net-SSLeay/t/local/39_pkcs12.t b/cpan/Net-SSLeay/t/local/39_pkcs12.t new file mode 100644 index 000000000000..5083331ae564 --- /dev/null +++ b/cpan/Net-SSLeay/t/local/39_pkcs12.t @@ -0,0 +1,74 @@ +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw( data_file_path initialise_libssl ); + +plan tests => 17; + +initialise_libssl(); + +# Encrypted PKCS#12 archive, no chain: +my $filename1 = data_file_path('simple-cert.enc.p12'); +my $filename1_password = 'test'; + +# Encrypted PKCS#12 archive, full chain: +my $filename2 = data_file_path('simple-cert.certchain.enc.p12'); +my $filename2_password = 'test'; + +# PKCS#12 archive, no chain: +my $filename3 = data_file_path('simple-cert.p12'); + +{ + my($privkey, $cert, @cachain) = Net::SSLeay::P_PKCS12_load_file($filename1, 1, $filename1_password); + ok($privkey, '$privkey [1]'); + ok($cert, '$cert [1]'); + is(scalar(@cachain), 0, 'size of @cachain [1]'); + my $subj_name = Net::SSLeay::X509_get_subject_name($cert); + is(Net::SSLeay::X509_NAME_oneline($subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=simple-cert.net-ssleay.example', "X509_NAME_oneline [1]"); +} + +{ + my($privkey, $cert, @cachain) = Net::SSLeay::P_PKCS12_load_file($filename2, 1, $filename2_password); + ok($privkey, '$privkey [2]'); + ok($cert, '$cert [2]'); + is(scalar(@cachain), 2, 'size of @cachain [2]'); + my $subj_name = Net::SSLeay::X509_get_subject_name($cert); + my $ca1_subj_name = Net::SSLeay::X509_get_subject_name($cachain[0]); + my $ca2_subj_name = Net::SSLeay::X509_get_subject_name($cachain[1]); + is(Net::SSLeay::X509_NAME_oneline($subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=simple-cert.net-ssleay.example', "X509_NAME_oneline [2/1]"); + # OpenSSL versions 1.0.0-beta2 to 3.0.0-alpha6 inclusive and all versions of + # LibreSSL return the CA certificate chain with the root CA certificate at the + # end; all other versions return the certificate chain with the root CA + # certificate at the start + if ( + Net::SSLeay::SSLeay < 0x10000002 + || ( + Net::SSLeay::SSLeay == 0x30000000 + && Net::SSLeay::SSLeay_version( Net::SSLeay::SSLEAY_VERSION() ) !~ /-alpha[1-6] / + ) + || Net::SSLeay::SSLeay > 0x30000000 + ) { + is(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA', "X509_NAME_oneline [2/3]"); + is(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Root CA', "X509_NAME_oneline [2/4]"); + } + else { + is(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Root CA', "X509_NAME_oneline [2/3]"); + is(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA', "X509_NAME_oneline [2/4]"); + } +} + +{ + my($privkey, $cert, @cachain) = Net::SSLeay::P_PKCS12_load_file($filename3, 1); + ok($privkey, '$privkey [3]'); + ok($cert, '$cert [3]'); + is(scalar(@cachain), 0, 'size of @cachain [3]'); + my $subj_name = Net::SSLeay::X509_get_subject_name($cert); + is(Net::SSLeay::X509_NAME_oneline($subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=simple-cert.net-ssleay.example', "X509_NAME_oneline [3]"); +} + +{ + my($privkey, $cert, @should_be_empty) = Net::SSLeay::P_PKCS12_load_file($filename2, 0, $filename2_password); + ok($privkey, '$privkey [4]'); + ok($cert, '$cert [4]'); + is(scalar(@should_be_empty), 0, 'size of @should_be_empty'); +} diff --git a/cpan/Net-SSLeay/t/local/40_npn_support.t b/cpan/Net-SSLeay/t/local/40_npn_support.t new file mode 100644 index 000000000000..ea2d09bf56fc --- /dev/null +++ b/cpan/Net-SSLeay/t/local/40_npn_support.t @@ -0,0 +1,96 @@ +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw( + can_fork data_file_path initialise_libssl new_ctx tcp_socket +); + +BEGIN { + if (Net::SSLeay::SSLeay < 0x10001000) { + plan skip_all => "OpenSSL 1.0.1 or above required"; + } elsif (Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER")) { + plan skip_all => "LibreSSL removed support for NPN"; + } elsif (not can_fork()) { + plan skip_all => "fork() not supported on this system"; + } elsif ( !eval { new_ctx( undef, 'TLSv1.2' ); 1 } ) { + # NPN isn't well-defined for TLSv1.3, so these tests can't be run if + # that's the only available protocol version + plan skip_all => 'TLSv1.2 or below not available in this libssl'; + } else { + plan tests => 7; + } +} + +initialise_libssl(); + +my $server = tcp_socket(); +my $msg = 'ssleay-npn-test'; + +my $pid; + +my $cert_pem = data_file_path('simple-cert.cert.pem'); +my $key_pem = data_file_path('simple-cert.key.pem'); + +my @results; + +{ + # SSL server + $pid = fork(); + BAIL_OUT("failed to fork: $!") unless defined $pid; + if ($pid == 0) { + my $ns = $server->accept(); + + my ( $ctx, $proto ) = new_ctx( undef, 'TLSv1.2' ); + Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem); + + my $rv = Net::SSLeay::CTX_set_next_protos_advertised_cb($ctx, ['spdy/2','http1.1']); + is($rv, 1, 'CTX_set_next_protos_advertised_cb'); + + my $ssl = Net::SSLeay::new($ctx); + Net::SSLeay::set_fd($ssl, fileno($ns)); + Net::SSLeay::accept($ssl); + + is('spdy/2' , Net::SSLeay::P_next_proto_negotiated($ssl), 'P_next_proto_negotiated/server'); + + my $got = Net::SSLeay::ssl_read_all($ssl); + is($got, $msg, 'ssl_read_all compare'); + + Net::SSLeay::ssl_write_all($ssl, uc($got)); + Net::SSLeay::free($ssl); + Net::SSLeay::CTX_free($ctx); + close($ns) || die("server close: $!"); + $server->close() || die("server listen socket close: $!"); + exit; + } +} + +{ + # SSL client + my $s1 = $server->connect(); + + my $ctx1 = new_ctx( undef, 'TLSv1.2' ); + + my $rv = Net::SSLeay::CTX_set_next_proto_select_cb($ctx1, ['http1.1','spdy/2']); + push @results, [ $rv==1, 'CTX_set_next_proto_select_cb']; + + Net::SSLeay::CTX_set_options($ctx1, &Net::SSLeay::OP_ALL); + my $ssl1 = Net::SSLeay::new($ctx1); + Net::SSLeay::set_fd($ssl1, $s1); + Net::SSLeay::connect($ssl1); + Net::SSLeay::ssl_write_all($ssl1, $msg); + + push @results, [ 'spdy/2' eq Net::SSLeay::P_next_proto_negotiated($ssl1), 'P_next_proto_negotiated/client']; + push @results, [ 1 == Net::SSLeay::P_next_proto_last_status($ssl1), 'P_next_proto_last_status/client']; + + Net::SSLeay::free($ssl1); + Net::SSLeay::CTX_free($ctx1); + close($s1) || die("client close: $!"); + $server->close() || die("client listen socket close: $!"); +} + +waitpid $pid, 0; +push @results, [$? == 0, 'server exited with 0']; +END { + Test::More->builder->current_test(3); + ok( $_->[0], $_->[1] ) for (@results); +} diff --git a/cpan/Net-SSLeay/t/local/41_alpn_support.t b/cpan/Net-SSLeay/t/local/41_alpn_support.t new file mode 100644 index 000000000000..c3d5aa03945f --- /dev/null +++ b/cpan/Net-SSLeay/t/local/41_alpn_support.t @@ -0,0 +1,100 @@ +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw( + can_fork data_file_path initialise_libssl new_ctx tcp_socket +); + +BEGIN { + if (Net::SSLeay::SSLeay < 0x10002000) { + plan skip_all => "OpenSSL 1.0.2 or above required"; + } elsif (not can_fork()) { + plan skip_all => "fork() not supported on this system"; + } else { + plan tests => 6; + } +} + +initialise_libssl(); + +my $server = tcp_socket(); +my $pid; + +my $msg = 'ssleay-alpn-test'; + +my $cert_pem = data_file_path('simple-cert.cert.pem'); +my $key_pem = data_file_path('simple-cert.key.pem'); + +my @results; + +{ + # SSL server + $pid = fork(); + BAIL_OUT("failed to fork: $!") unless defined $pid; + if ($pid == 0) { + my $ns = $server->accept(); + + my ( $ctx, $proto ) = new_ctx(); + Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem); + + # TLSv1.3 servers send session tickets after the handshake; if a client + # closes the connection before the server sends the tickets, accept() + # fails with SSL_ERROR_SYSCALL and errno=EPIPE, which will cause this + # process to receive a SIGPIPE signal and exit unsuccessfully + if ( + $proto eq 'TLSv1.3' + && defined &Net::SSLeay::CTX_set_num_tickets + ) { + Net::SSLeay::CTX_set_num_tickets( $ctx, 0 ); + } + + my $rv = Net::SSLeay::CTX_set_alpn_select_cb($ctx, ['http/1.1','spdy/2']); + is($rv, 1, 'CTX_set_alpn_select_cb'); + + my $ssl = Net::SSLeay::new($ctx); + Net::SSLeay::set_fd($ssl, fileno($ns)); + Net::SSLeay::accept($ssl); + + is(Net::SSLeay::P_alpn_selected($ssl), 'spdy/2', 'P_alpn_selected/server'); + + my $got = Net::SSLeay::ssl_read_all($ssl); + is($got, $msg, 'ssl_read_all compare'); + + Net::SSLeay::ssl_write_all($ssl, uc($got)); + Net::SSLeay::free($ssl); + Net::SSLeay::CTX_free($ctx); + close($ns) || die("server close: $!"); + $server->close() || die("server listen socket close: $!"); + exit; + } +} + +{ + # SSL client + my $s1 = $server->connect(); + + my $ctx1 = new_ctx(); + + my $rv = Net::SSLeay::CTX_set_alpn_protos($ctx1, ['spdy/2','http/1.1']); + push @results, [ $rv==0, 'CTX_set_alpn_protos']; + + Net::SSLeay::CTX_set_options($ctx1, &Net::SSLeay::OP_ALL); + my $ssl1 = Net::SSLeay::new($ctx1); + Net::SSLeay::set_fd($ssl1, $s1); + Net::SSLeay::connect($ssl1); + Net::SSLeay::ssl_write_all($ssl1, $msg); + + push @results, [ 'spdy/2' eq Net::SSLeay::P_alpn_selected($ssl1), 'P_alpn_selected/client']; + + Net::SSLeay::free($ssl1); + Net::SSLeay::CTX_free($ctx1); + close($s1) || die("client close: $!"); + $server->close() || die("client listen socket close: $!"); +} + +waitpid $pid, 0; +push @results, [$? == 0, 'server exited with 0']; +END { + Test::More->builder->current_test(3); + ok( $_->[0], $_->[1] ) for (@results); +} diff --git a/cpan/Net-SSLeay/t/local/42_info_callback.t b/cpan/Net-SSLeay/t/local/42_info_callback.t new file mode 100644 index 000000000000..8ddcb0c81f47 --- /dev/null +++ b/cpan/Net-SSLeay/t/local/42_info_callback.t @@ -0,0 +1,110 @@ +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw( + can_fork data_file_path initialise_libssl new_ctx tcp_socket +); + +if (not can_fork()) { + plan skip_all => "fork() not supported on this system"; +} else { + plan tests => 2; +} + +initialise_libssl(); + +my $pid; +alarm(30); +END { kill 9,$pid if $pid } + +my $server = tcp_socket(); + +{ + # SSL server - just handle single connect and shutdown connection + my $cert_pem = data_file_path('simple-cert.cert.pem'); + my $key_pem = data_file_path('simple-cert.key.pem'); + + defined($pid = fork()) or BAIL_OUT("failed to fork: $!"); + if ($pid == 0) { + for(qw(ctx ssl)) { + my $cl = $server->accept(); + my $ctx = new_ctx(); + Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem); + my $ssl = Net::SSLeay::new($ctx); + Net::SSLeay::set_fd($ssl, fileno($cl)); + Net::SSLeay::accept($ssl); + for(1,2) { + last if Net::SSLeay::shutdown($ssl)>0; + } + close($cl) || die("server close: $!"); + } + $server->close() || die("server listen socket close: $!"); + exit; + } +} + +sub client { + my ($where,$expect) = @_; + # SSL client - connect and shutdown, all the while getting state updates + # with info callback + + my @states; + my $infocb = sub { + my ($ssl,$where,$ret) = @_; + push @states,[$where,$ret]; + }; + + my $cl = $server->connect(); + my $ctx = new_ctx(); + Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL); + Net::SSLeay::CTX_set_info_callback($ctx, $infocb) if $where eq 'ctx'; + my $ssl = Net::SSLeay::new($ctx); + Net::SSLeay::set_fd($ssl, $cl); + Net::SSLeay::set_info_callback($ssl, $infocb) if $where eq 'ssl'; + Net::SSLeay::connect($ssl); + for(1,2) { + last if Net::SSLeay::shutdown($ssl)>0; + } + + for my $st (@states) { + my @txt; + for(qw( + CB_READ_ALERT CB_WRITE_ALERT + CB_ACCEPT_EXIT CB_ACCEPT_LOOP + CB_CONNECT_EXIT CB_CONNECT_LOOP + CB_HANDSHAKE_START CB_HANDSHAKE_DONE + CB_READ CB_WRITE CB_ALERT + CB_LOOP CB_EXIT + )) { + my $i = eval "Net::SSLeay::$_()" + or BAIL_OUT("no state $_ known"); + if (($st->[0] & $i) == $i) { + $st->[0] &= ~$i; + push @txt,$_; + } + } + die "incomplete: @txt | $st->[0]" if $st->[0]; + $st = join("|",@txt); + } + + if ("@states" =~ $expect) { + pass("$where: @states"); + } else { + fail("$where: @states"); + } + close($cl) || die("client close: $!"); + +} + +my $expect = qr{^ + CB_HANDSHAKE_START\s + (CB_CONNECT_LOOP\s)+ + CB_HANDSHAKE_DONE\s + CB_CONNECT_EXIT\b +}x; + +client('ctx',$expect); +client('ssl',$expect); +$server->close() || die("client listen socket close: $!"); +waitpid $pid, 0; + diff --git a/cpan/Net-SSLeay/t/local/43_misc_functions.t b/cpan/Net-SSLeay/t/local/43_misc_functions.t new file mode 100644 index 000000000000..0e03cb495769 --- /dev/null +++ b/cpan/Net-SSLeay/t/local/43_misc_functions.t @@ -0,0 +1,368 @@ +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw( + can_fork data_file_path initialise_libssl is_libressl new_ctx tcp_socket +); + +if (not can_fork()) { + plan skip_all => "fork() not supported on this system"; +} else { + plan tests => 46; +} + +initialise_libssl(); + +my $pid; +alarm(30); +END { kill 9,$pid if $pid } + +# Values that were previously looked up for get_keyblock_size test +# Revisit: currently the only known user for get_keyblock_size is +# EAP-FAST. How it works with AEAD ciphers is for future study. +our %non_aead_cipher_to_keyblock_size = + ( + 'RC4-MD5' => 64, + 'RC4-SHA' => 72, + 'AES256-SHA256' => 160, + 'AES128-SHA256' => 128, + 'AES128-SHA' => 104, + 'AES256-SHA' => 136, + ); + +our %tls_1_2_aead_cipher_to_keyblock_size = ( + 'AES128-GCM-SHA256' => 56, + 'AES256-GCM-SHA384' => 88, + ); + +# LibreSSL uses different names for the TLSv1.3 ciphersuites: +our %tls_1_3_aead_cipher_to_keyblock_size = + is_libressl() + ? ( + 'AEAD-AES128-GCM-SHA256' => 56, + 'AEAD-AES256-GCM-SHA384' => 88, + 'AEAD-CHACHA20-POLY1305-SHA256' => 88, + ) + : ( + 'TLS_AES_128_GCM_SHA256' => 56, + 'TLS_AES_256_GCM_SHA384' => 88, + 'TLS_CHACHA20_POLY1305_SHA256' => 88, + ); + +# Combine the AEAD hashes +our %aead_cipher_to_keyblock_size = (%tls_1_2_aead_cipher_to_keyblock_size, %tls_1_3_aead_cipher_to_keyblock_size); + +# Combine the hashes +our %cipher_to_keyblock_size = (%non_aead_cipher_to_keyblock_size, %aead_cipher_to_keyblock_size); + +our %version_str2int = ( + 'SSLv3' => sub { return eval { Net::SSLeay::SSL3_VERSION(); } }, + 'TLSv1' => sub { return eval { Net::SSLeay::TLS1_VERSION(); } }, + 'TLSv1.1' => sub { return eval { Net::SSLeay::TLS1_1_VERSION(); } }, + 'TLSv1.2' => sub { return eval { Net::SSLeay::TLS1_2_VERSION(); } }, + 'TLSv1.3' => sub { return eval { Net::SSLeay::TLS1_3_VERSION(); } }, +); + +# Tests that don't need a connection +client_test_ciphersuites(); +test_cipher_funcs(); + +# Tests that need a connection +my $server = tcp_socket(); + +{ + # SSL server - just handle single connect, send information to + # client and exit + + my $cert_pem = data_file_path('simple-cert.cert.pem'); + my $key_pem = data_file_path('simple-cert.key.pem'); + + defined($pid = fork()) or BAIL_OUT("failed to fork: $!"); + if ($pid == 0) { + my $cl = $server->accept(); + my $ctx = new_ctx(); + Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem); +# my $get_keyblock_size_ciphers = join(':', keys(%cipher_to_keyblock_size)); + my $get_keyblock_size_ciphers = join(':', keys(%non_aead_cipher_to_keyblock_size)); + Net::SSLeay::CTX_set_cipher_list($ctx, $get_keyblock_size_ciphers); + my $ssl = Net::SSLeay::new($ctx); + + Net::SSLeay::set_fd($ssl, fileno($cl)); + Net::SSLeay::accept($ssl); + + # Send our idea of Finished messages to the client. + my ($f_len, $finished_s, $finished_c); + + $f_len = Net::SSLeay::get_finished($ssl, $finished_s); + Net::SSLeay::write($ssl, "server: $f_len ". unpack('H*', $finished_s)); + + $f_len = Net::SSLeay::get_peer_finished($ssl, $finished_c); + Net::SSLeay::write($ssl, "client: $f_len ". unpack('H*', $finished_c)); + + # Echo back the termination request from client + my $end = Net::SSLeay::read($ssl); + Net::SSLeay::write($ssl, $end); + Net::SSLeay::shutdown($ssl); + Net::SSLeay::free($ssl); + close($cl) || die("server close: $!"); + $server->close() || die("server listen socket close: $!"); + exit(0); + } +} + +sub client { + # SSL client - connect to server and receive information that we + # compare to our expected values + + my ($f_len, $f_len_trunc, $finished_s, $finished_c, $msg, $expected); + + my $cl = $server->connect(); + my $ctx = new_ctx(); + Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL); + my $ssl = Net::SSLeay::new($ctx); + + Net::SSLeay::set_fd($ssl, $cl); + + client_test_finished($ssl); + client_test_keyblock_size($ssl); + client_test_version_funcs($ssl); + + # Tell the server to quit and see that our connection is still up + my $end = "end"; + Net::SSLeay::write($ssl, $end); + ok($end eq Net::SSLeay::read($ssl), 'Successful termination'); + Net::SSLeay::shutdown($ssl); + Net::SSLeay::free($ssl); + close($cl) || die("client close: $!"); + $server->close() || die("client listen socket close: $!"); + return; +} + +client(); +waitpid $pid, 0; +exit(0); + +# Test get_finished() and get_peer_finished() with server. +sub client_test_finished +{ + my ($ssl) = @_; + my ($f_len, $f_len_trunc, $finished_s, $finished_c, $msg, $expected); + + # Finished messages have not been sent yet + $f_len = Net::SSLeay::get_peer_finished($ssl, $finished_s); + ok($f_len == 0, 'Return value for get_peer_finished is empty before connect for server'); + ok(defined $finished_s && $finished_s eq '', 'Server Finished is empty'); + + $f_len = Net::SSLeay::get_finished($ssl, $finished_c); + ok($f_len == 0, 'Finished is empty before connect for client'); + ok(defined $finished_c && $finished_c eq '', 'Client Finished is empty'); + + # Complete connection. After this we have Finished messages from both peers. + Net::SSLeay::connect($ssl); + + $f_len = Net::SSLeay::get_peer_finished($ssl, $finished_s); + ok($f_len, 'Server Finished is not empty'); + ok($f_len == length($finished_s), 'Return value for get_peer_finished equals to Finished length'); + $expected = "server: $f_len " . unpack('H*', $finished_s); + $msg = Net::SSLeay::read($ssl); + ok($msg eq $expected, 'Server Finished is equal'); + + $f_len = Net::SSLeay::get_finished($ssl, $finished_c); + ok($f_len, 'Client Finished is not empty'); + ok($f_len == length($finished_c), 'Return value for get_finished equals to Finished length'); + $expected = "client: $f_len " . unpack('H*', $finished_c); + $msg = Net::SSLeay::read($ssl); + ok($msg eq $expected, 'Client Finished is equal'); + + ok($finished_s ne $finished_c, 'Server and Client Finished are not equal'); + + # Finished should still be the same. See that we can fetch truncated values. + my $trunc8_s = substr($finished_s, 0, 8); + $f_len_trunc = Net::SSLeay::get_peer_finished($ssl, $finished_s, 8); + ok($f_len_trunc == $f_len, 'Return value for get_peer_finished is unchanged when count is set'); + ok($trunc8_s eq $finished_s, 'Count works for get_peer_finished'); + + my $trunc8_c = substr($finished_c, 0, 8); + $f_len_trunc = Net::SSLeay::get_finished($ssl, $finished_c, 8); + ok($f_len_trunc == $f_len, 'Return value for get_finished is unchanged when count is set'); + ok($trunc8_c eq $finished_c, 'Count works for get_finished'); + +} + +# Test get_keyblock_size +# Notes: With TLS 1.3 the cipher is always an AEAD cipher. If AEAD +# ciphers are enabled for TLS 1.2 and earlier, with LibreSSL +# get_keyblock_size returns -1 when AEAD cipher is chosen. +sub client_test_keyblock_size +{ + my ($ssl) = @_; + + my $cipher = Net::SSLeay::get_cipher($ssl); + ok($cipher, "get_cipher returns a value: $cipher"); + + my $keyblock_size = &Net::SSLeay::get_keyblock_size($ssl); + ok(defined $keyblock_size, 'get_keyblock_size return value is defined'); + if ($keyblock_size == -1) + { + # Accept -1 with AEAD ciphers with LibreSSL + ok(is_libressl(), 'get_keyblock_size returns -1 with LibreSSL'); + ok(defined $aead_cipher_to_keyblock_size{$cipher}, 'keyblock size is -1 for an AEAD cipher'); + } + else + { + ok($keyblock_size >= 0, 'get_keyblock_size return value is not negative'); + ok($cipher_to_keyblock_size{$cipher} == $keyblock_size, "keyblock size $keyblock_size is the expected value $cipher_to_keyblock_size{$cipher}"); + } +} + +# Test SSL_get_version and related functions +sub client_test_version_funcs +{ + my ($ssl) = @_; + + my $version_str = Net::SSLeay::get_version($ssl); + my $version_const = $version_str2int{$version_str}; + my $version = Net::SSLeay::version($ssl); + + ok(defined $version_const, "Net::SSLeay::get_version return value $version_str is known"); + is(&$version_const, $version, "Net:SSLeay::version return value $version matches get_version string"); + + if (defined &Net::SSLeay::client_version) { + if ($version_str eq 'TLSv1.3') { + # Noticed that client_version and version are equal for all SSL/TLS versions except of TLSv1.3 + # For more, see https://github.com/openssl/openssl/issues/7079 + is(Net::SSLeay::client_version($ssl), &{$version_str2int{'TLSv1.2'}}, + 'Net::SSLeay::client_version TLSv1.2 is expected when Net::SSLeay::version indicates TLSv1.3'); + } else { + is(Net::SSLeay::client_version($ssl), $version, 'Net::SSLeay::client_version equals to Net::SSLeay::version'); + } + is(Net::SSLeay::is_dtls($ssl), 0, 'Net::SSLeay::is_dtls returns 0'); + } else + { + SKIP: { + skip('Do not have Net::SSLeay::client_version nor Net::SSLeay::is_dtls', 2); + }; + } + + return; +} + +sub client_test_ciphersuites +{ + unless (defined &Net::SSLeay::CTX_set_ciphersuites) + { + SKIP: { + skip('Do not have Net::SSLeay::CTX_set_ciphersuites', 10); + } + return; + } + + my $ciphersuites = join(':', keys(%tls_1_3_aead_cipher_to_keyblock_size)); + + # In OpenSSL 3.0.0 alpha 11 (commit c1e8a0c66e32b4144fdeb49bd5ff7acb76df72b9) + # SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites() were + # changed to ignore unknown ciphers + my $ret_partially_bad_ciphersuites = 1; + if (Net::SSLeay::SSLeay() == 0x30000000) { + my $ssleay_version = Net::SSLeay::SSLeay_version(Net::SSLeay::SSLEAY_VERSION()); + $ret_partially_bad_ciphersuites = 0 if ($ssleay_version =~ m/-alpha(\d+)/s) && $1 < 11; + } elsif (Net::SSLeay::SSLeay() < 0x30000000) { + $ret_partially_bad_ciphersuites = 0; + } + + my ($ctx, $rv, $ssl); + $ctx = new_ctx(); + $rv = Net::SSLeay::CTX_set_ciphersuites($ctx, $ciphersuites); + is($rv, 1, 'CTX set good ciphersuites'); + $rv = Net::SSLeay::CTX_set_ciphersuites($ctx, ''); + is($rv, 1, 'CTX set empty ciphersuites'); + { + no warnings 'uninitialized'; + $rv = Net::SSLeay::CTX_set_ciphersuites($ctx, undef); + }; + is($rv, 1, 'CTX set undef ciphersuites'); + $rv = Net::SSLeay::CTX_set_ciphersuites($ctx, 'nosuchthing:' . $ciphersuites); + is($rv, $ret_partially_bad_ciphersuites, 'CTX set partially bad ciphersuites'); + $rv = Net::SSLeay::CTX_set_ciphersuites($ctx, 'nosuchthing:'); + is($rv, 0, 'CTX set bad ciphersuites'); + + $ssl = Net::SSLeay::new($ctx); + $rv = Net::SSLeay::set_ciphersuites($ssl, $ciphersuites); + is($rv, 1, 'SSL set good ciphersuites'); + $rv = Net::SSLeay::set_ciphersuites($ssl, ''); + is($rv, 1, 'SSL set empty ciphersuites'); + { + no warnings 'uninitialized'; + $rv = Net::SSLeay::set_ciphersuites($ssl, undef); + }; + is($rv, 1, 'SSL set undef ciphersuites'); + $rv = Net::SSLeay::set_ciphersuites($ssl, 'nosuchthing:' . $ciphersuites); + is($rv, $ret_partially_bad_ciphersuites, 'SSL set partially bad ciphersuites'); + $rv = Net::SSLeay::set_ciphersuites($ssl, 'nosuchthing:'); + is($rv, 0, 'SSL set bad ciphersuites'); + + return; +} + +sub test_cipher_funcs +{ + + my ($ctx, $rv, $ssl); + $ctx = new_ctx(); + $ssl = Net::SSLeay::new($ctx); + + # OpenSSL API says these can accept NULL ssl + { + no warnings 'uninitialized'; + my @a = Net::SSLeay::get_ciphers(undef); + is(@a, 0, 'SSL_get_ciphers with undefined ssl'); + + is(Net::SSLeay::get_cipher_list(undef, 0), undef, 'SSL_get_cipher_list with undefined ssl'); + is(Net::SSLeay::CIPHER_get_name(undef), '(NONE)', 'SSL_CIPHER_get_name with undefined ssl'); + is(Net::SSLeay::CIPHER_get_bits(undef), 0, 'SSL_CIPHER_get_bits with undefined ssl'); + is(Net::SSLeay::CIPHER_get_version(undef), '(NONE)', 'SSL_CIPHER_get_version with undefined ssl'); + } + + # 10 is based on experimentation. Lowest count seen was 15 in + # OpenSSL 0.9.8zh. + my @ciphers = Net::SSLeay::get_ciphers($ssl); + cmp_ok(@ciphers, '>=', 10, 'SSL_get_ciphers: number of ciphers: ' . @ciphers); + + my $first; + my ($name_failed, $desc_failed, $vers_failed, $bits_failed, $alg_bits_failed) = (0, 0, 0, 0, 0); + foreach my $c (@ciphers) + { + # Shortest seen: RC4-MD5 + my $name = Net::SSLeay::CIPHER_get_name($c); + $name_failed++ if $name !~ m/^[A-Z0-9_-]{7,}\z/s; + $first = $name unless $first; + + # Cipher description should begin with its name + my $desc = Net::SSLeay::CIPHER_description($c); + $desc_failed++ if $desc !~ m/^$name\s+/s; + + # For example: TLSv1/SSLv3, SSLv2 + my $vers = Net::SSLeay::CIPHER_get_version($c); + $vers_failed++ if length($vers) < 5; + + # See that get_bits returns the same no matter how it's called + my $alg_bits; + my $bits = Net::SSLeay::CIPHER_get_bits($c, $alg_bits); + $bits_failed++ if $bits ne Net::SSLeay::CIPHER_get_bits($c); + + # Once again, a value that should be reasonable + $alg_bits_failed++ if $alg_bits < 56; + } + + is($name_failed, 0, 'CIPHER_get_name'); + is($desc_failed, 0, 'CIPHER_description matches with CIPHER_name'); + is($vers_failed, 0, 'CIPHER_get_version'); + is($bits_failed, 0, 'CIPHER_get_bits'); + is($alg_bits_failed, 0, 'CIPHER_get_bits with alg_bits'); + is($first, Net::SSLeay::get_cipher_list($ssl, 0), 'SSL_get_cipher_list'); + + Net::SSLeay::free($ssl); + Net::SSLeay::CTX_free($ctx); + + return; +} diff --git a/cpan/Net-SSLeay/t/local/44_sess.t b/cpan/Net-SSLeay/t/local/44_sess.t new file mode 100644 index 000000000000..ce14422a4412 --- /dev/null +++ b/cpan/Net-SSLeay/t/local/44_sess.t @@ -0,0 +1,369 @@ +# Test session-related functions + +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw( + can_fork data_file_path initialise_libssl is_protocol_usable new_ctx + tcp_socket +); + +use Storable; + +if (not can_fork()) { + plan skip_all => "fork() not supported on this system"; +} else { + plan tests => 58; +} + +initialise_libssl(); + +my @rounds = qw( + TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 TLSv1.3-num-tickets-ssl + TLSv1.3-num-tickets-ctx-6 TLSv1.3-num-tickets-ctx-0 +); + +my %usable = + map { + ( my $proto = $_ ) =~ s/-.*$//; + + $_ => is_protocol_usable($proto) + } + @rounds; + +my $pid; +alarm(30); +END { kill 9,$pid if $pid } + +my (%server_stats, %client_stats); + +# Update client and server stats so that when something fails, it +# remains in failed state +sub set_client_stat +{ + my ($round, $param, $is_ok) = @_; + + if ($is_ok) { + $client_stats{$round}->{$param} = 1 unless defined $client_stats{$round}->{$param}; + return; + } + $client_stats{$round}->{$param} = 0; +} + +sub set_server_stat +{ + my ($round, $param, $is_ok) = @_; + + if ($is_ok) { + $server_stats{$round}->{$param} = 1 unless defined $server_stats{$round}->{$param}; + return; + } + $server_stats{$round}->{$param} = 0; +} + +# Separate session callbacks for client and server. The callbacks +# update stats and check that SSL_CTX, SSL and SESSION are as +# expected. +sub client_new_cb +{ + my ($ssl, $ssl_session, $expected_ctx, $round) = @_; + + $client_stats{$round}->{new_cb_called}++; + + my $ctx = Net::SSLeay::get_SSL_CTX($ssl); + my $ssl_version = Net::SSLeay::get_version($ssl); + my $is_ok = ($ctx eq $expected_ctx && + $ssl_session eq Net::SSLeay::SSL_get0_session($ssl) && + $round =~ m/^$ssl_version/); + diag("client_new_cb params not ok: $round") unless $is_ok; + set_client_stat($round, 'new_params_ok', $is_ok); + + if (defined &Net::SSLeay::SESSION_is_resumable) { + my $is_resumable = Net::SSLeay::SESSION_is_resumable($ssl_session); + BAIL_OUT("is_resumable is not 0 or 1: $round") unless defined $is_resumable && ($is_resumable == 0 || $is_resumable == 1); + set_client_stat($round, 'new_session_is_resumable', $is_resumable); + } + + #Net::SSLeay::SESSION_print_fp(*STDOUT, $ssl_session); + return 0; +} + +sub client_remove_cb +{ + my ($ctx, $ssl_session, $expected_ctx, $round) = @_; + + $client_stats{$round}->{remove_cb_called}++; + + my $is_ok = ($ctx eq $expected_ctx); + diag("client_remove_cb params not ok: $round") unless $is_ok; + set_client_stat($round, 'remove_params_ok', $is_ok); + + #Net::SSLeay::SESSION_print_fp(*STDOUT, $ssl_session); + return; +} + +sub server_new_cb +{ + my ($ssl, $ssl_session, $expected_ctx, $round) = @_; + + $server_stats{$round}->{new_cb_called}++; + + my $ctx = Net::SSLeay::get_SSL_CTX($ssl); + my $ssl_version = Net::SSLeay::get_version($ssl); + my $is_ok = ($ctx eq $expected_ctx && + $ssl_session eq Net::SSLeay::SSL_get0_session($ssl) && + $round =~ m/^$ssl_version/); + diag("server_new_cb params not ok: $round") unless $is_ok; + set_server_stat($round, 'new_params_ok', $is_ok); + + if (defined &Net::SSLeay::SESSION_is_resumable) { + my $is_resumable = Net::SSLeay::SESSION_is_resumable($ssl_session); + BAIL_OUT("is_resumable is not 0 or 1: $round") unless defined $is_resumable && ($is_resumable == 0 || $is_resumable == 1); + set_server_stat($round, 'new_session_is_resumable', $is_resumable); + } + + #Net::SSLeay::SESSION_print_fp(*STDOUT, $ssl_session); + return 0; +} + +sub server_remove_cb +{ + my ($ctx, $ssl_session, $expected_ctx, $round) = @_; + + $server_stats{$round}->{remove_cb_called}++; + + my $is_ok = ($ctx eq $expected_ctx); + diag("server_remove_cb params not ok: $round") unless $is_ok; + set_server_stat($round, 'remove_params_ok', $is_ok); + + return; +} + +my ($server_ctx, $client_ctx, $server_ssl, $client_ssl); + +my $server = tcp_socket(); + +sub server +{ + # SSL server - just handle connections, send information to + # client and exit + my $cert_pem = data_file_path('simple-cert.cert.pem'); + my $key_pem = data_file_path('simple-cert.key.pem'); + + defined($pid = fork()) or BAIL_OUT("failed to fork: $!"); + if ($pid == 0) { + my ($ctx, $ssl, $ret, $cl); + + foreach my $round (@rounds) + { + ( my $proto = $round ) =~ s/-.*?$//; + next unless $usable{$proto}; + + $cl = $server->accept(); + + $ctx = new_ctx( $proto, $proto ); + + Net::SSLeay::CTX_set_security_level($ctx, 0) + if Net::SSLeay::SSLeay() >= 0x30000000 && ($proto eq 'TLSv1' || $proto eq 'TLSv1.1'); + Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem); + Net::SSLeay::CTX_set_session_cache_mode($ctx, Net::SSLeay::SESS_CACHE_SERVER()); + # Need OP_NO_TICKET to enable server side (Session ID based) resumption. + # See also SSL_CTX_set_options documenation about its use with TLSv1.3 + if ( $round !~ /^TLSv1\.3/ ) { + my $ctx_options = Net::SSLeay::OP_ALL(); + + # OP_NO_TICKET requires OpenSSL 0.9.8f or above + if ( eval { Net::SSLeay::OP_NO_TICKET(); 1; } ) { + $ctx_options |= Net::SSLeay::OP_NO_TICKET(); + } + + Net::SSLeay::CTX_set_options($ctx, $ctx_options); + } + + Net::SSLeay::CTX_sess_set_new_cb($ctx, sub {server_new_cb(@_, $ctx, $round);}); + Net::SSLeay::CTX_sess_set_remove_cb($ctx, sub {server_remove_cb(@_, $ctx, $round);}); + + # Test set_num_tickets separately for CTX and SSL + if (defined &Net::SSLeay::CTX_set_num_tickets) + { + Net::SSLeay::CTX_set_num_tickets($ctx, 6) if ($round eq 'TLSv1.3-num-tickets-ctx-6'); + Net::SSLeay::CTX_set_num_tickets($ctx, 0) if ($round eq 'TLSv1.3-num-tickets-ctx-0'); + $server_stats{$round}->{get_num_tickets} = Net::SSLeay::CTX_get_num_tickets($ctx); + } + + $ssl = Net::SSLeay::new($ctx); + if (defined &Net::SSLeay::set_num_tickets) + { + Net::SSLeay::set_num_tickets($ssl, 4) if ($round eq 'TLSv1.3-num-tickets-ssl'); + $server_stats{$round}->{get_num_tickets} = Net::SSLeay::get_num_tickets($ssl); + } + Net::SSLeay::set_fd($ssl, fileno($cl)); + Net::SSLeay::accept($ssl); + + Net::SSLeay::write($ssl, "msg from server: $round"); + Net::SSLeay::read($ssl); + Net::SSLeay::shutdown($ssl); + my $sess = Net::SSLeay::get1_session($ssl); + $ret = Net::SSLeay::CTX_remove_session($ctx, $sess); + + if (defined &Net::SSLeay::SESSION_is_resumable) { + my $is_resumable = Net::SSLeay::SESSION_is_resumable($sess); + BAIL_OUT("is_resumable is not 0 or 1: $round") unless defined $is_resumable && ($is_resumable == 0 || $is_resumable == 1); + set_server_stat($round, 'old_session_is_resumable', $is_resumable); + } + + Net::SSLeay::SESSION_free($sess) unless $ret; # Not cached, undo get1 + Net::SSLeay::free($ssl); + close($cl) || die("server close: $!"); + } + + $cl = $server->accept(); + + print $cl "end\n"; + print $cl unpack( 'H*', Storable::freeze(\%server_stats) ), "\n"; + + close($cl) || die("server close stats socket: $!"); + $server->close() || die("server listen socket close: $!"); + + #use Data::Dumper; print "Server:\n" . Dumper(\%server_stats); + exit(0); + } +} + +sub client { + # SSL client - connect to server and receive information that we + # compare to our expected values + + my ($ctx, $ssl, $ret, $cl); + + foreach my $round (@rounds) + { + ( my $proto = $round ) =~ s/-.*?$//; + next unless $usable{$proto}; + + $cl = $server->connect(); + + $ctx = new_ctx( $proto, $proto ); + + Net::SSLeay::CTX_set_security_level($ctx, 0) + if Net::SSLeay::SSLeay() >= 0x30000000 && ($proto eq 'TLSv1' || $proto eq 'TLSv1.1'); + Net::SSLeay::CTX_set_session_cache_mode($ctx, Net::SSLeay::SESS_CACHE_CLIENT()); + Net::SSLeay::CTX_set_options($ctx, Net::SSLeay::OP_ALL()); + Net::SSLeay::CTX_sess_set_new_cb($ctx, sub {client_new_cb(@_, $ctx, $round);}); + Net::SSLeay::CTX_sess_set_remove_cb($ctx, sub {client_remove_cb(@_, $ctx, $round);}); + $ssl = Net::SSLeay::new($ctx); + + Net::SSLeay::set_fd($ssl, $cl); + my $ret = Net::SSLeay::connect($ssl); + if ($ret <= 0) { + diag("Protocol $proto, connect() returns $ret, Error: ".Net::SSLeay::ERR_error_string(Net::SSLeay::ERR_get_error())); + } + my $msg = Net::SSLeay::read($ssl); + #print "server said: $msg\n"; + + Net::SSLeay::write($ssl, "continue"); + my $sess = Net::SSLeay::get1_session($ssl); + $ret = Net::SSLeay::CTX_remove_session($ctx, $sess); + Net::SSLeay::SESSION_free($sess) unless $ret; # Not cached, undo get1 + + if (defined &Net::SSLeay::SESSION_is_resumable) { + my $is_resumable = Net::SSLeay::SESSION_is_resumable($sess); + BAIL_OUT("is_resumable is not 0 or 1: $round") unless defined $is_resumable && ($is_resumable == 0 || $is_resumable == 1); + set_client_stat($round, 'old_session_is_resumable', $is_resumable); + } + + Net::SSLeay::shutdown($ssl); + Net::SSLeay::free($ssl); + close($cl) || die("client close: $!"); + } + + $cl = $server->connect(); + chomp( my $server_end = <$cl> ); + is( $server_end, 'end', 'Successful termination' ); + + # Stats from server + chomp( my $server_stats = <$cl> ); + my $server_stats_ref = Storable::thaw( pack( 'H*', $server_stats ) ); + + close($cl) || die("client close stats socket: $!"); + $server->close() || die("client listen socket close: $!"); + + test_stats($server_stats_ref, \%client_stats); + + return; +} + +sub test_stats { + my ($srv_stats, $clt_stats) = @_; + + for my $round (@rounds) { + # The TLSv1.3-specific results will be checked separately later + next if $round =~ /-/; + + if (!$usable{$round}) { + SKIP: { + skip( "$round not available in this libssl", 12 ); + } + next; + } + + my $s = $srv_stats->{$round}; + my $c = $clt_stats->{$round}; + + # With TLSv1.3, two session tickets are sent by default, so new_cb is + # called twice; with all other protocol versions, new_cb is called once + my $cbs = ( $round =~ /^TLSv1\.3/ ? 2 : 1 ); + + is( $s->{new_cb_called}, $cbs, "Server $round new_cb call count" ); + is( $s->{new_params_ok}, 1, "Server $round new_cb params were correct" ); + is( $s->{remove_cb_called}, 1, "Server $round remove_cb call count" ); + is( $s->{remove_params_ok}, 1, "Server $round remove_cb params were correct" ); + + is( $c->{new_cb_called}, $cbs, "Client $round new_cb call count" ); + is( $c->{new_params_ok}, 1, "Client $round new_cb params were correct" ); + is( $c->{remove_cb_called}, 1, "Client $round remove_cb call count" ); + is( $c->{remove_params_ok}, 1, "Client $round remove_cb params were correct" ); + + if ( + defined &Net::SSLeay::SESSION_is_resumable + || $round =~ /^TLSv1\.3/ + ) { + is( $s->{new_session_is_resumable}, 1, "Server $round session is resumable" ); + is( $s->{old_session_is_resumable}, 0, "Server $round session is no longer resumable" ); + + is( $c->{new_session_is_resumable}, 1, "Client $round session is resumable" ); + is( $c->{old_session_is_resumable}, 0, "Client $round session is no longer resumable" ); + } else { + SKIP: { + skip( 'Do not have Net::SSLeay::SESSION_is_resumable', 4 ); + } + } + } + + if ($usable{'TLSv1.3'}) { + is( $srv_stats->{'TLSv1.3-num-tickets-ssl'}->{get_num_tickets}, 4, 'Server TLSv1.3 get_num_tickets 4' ); + is( $srv_stats->{'TLSv1.3-num-tickets-ssl'}->{new_cb_called}, 4, 'Server TLSv1.3 new_cb call count with set_num_tickets 4' ); + is( $clt_stats->{'TLSv1.3-num-tickets-ssl'}->{new_cb_called}, 4, 'Client TLSv1.3 new_cb call count with set_num_tickets 4' ); + + is( $srv_stats->{'TLSv1.3-num-tickets-ctx-6'}->{get_num_tickets}, 6, 'Server TLSv1.3 CTX_get_num_tickets 6' ); + is( $srv_stats->{'TLSv1.3-num-tickets-ctx-6'}->{new_cb_called}, 6, 'Server TLSv1.3 new_cb call count with CTX_set_num_tickets 6' ); + is( $clt_stats->{'TLSv1.3-num-tickets-ctx-6'}->{new_cb_called}, 6, 'Client TLSv1.3 new_cb call count with CTX_set_num_tickets 6' ); + + is( $srv_stats->{'TLSv1.3-num-tickets-ctx-0'}->{get_num_tickets}, 0, 'Server TLSv1.3 CTX_get_num_tickets 0' ); + is( $srv_stats->{'TLSv1.3-num-tickets-ctx-0'}->{new_cb_called}, undef, 'Server TLSv1.3 new_cb call count with CTX_set_num_tickets 0' ); + is( $clt_stats->{'TLSv1.3-num-tickets-ctx-0'}->{new_cb_called}, undef, 'Client TLSv1.3 new_cb call count with CTX_set_num_tickets 0' ); + } + else { + SKIP: { + skip( 'TLSv1.3 not available in this libssl', 9 ); + } + } + + # use Data::Dumper; print "Server:\n" . Dumper(\%srv_stats); + # use Data::Dumper; print "Client:\n" . Dumper(\%clt_stats); +} + +server(); +client(); +waitpid $pid, 0; +exit(0); diff --git a/cpan/Net-SSLeay/t/local/45_exporter.t b/cpan/Net-SSLeay/t/local/45_exporter.t new file mode 100644 index 000000000000..aaacc7b189ed --- /dev/null +++ b/cpan/Net-SSLeay/t/local/45_exporter.t @@ -0,0 +1,171 @@ +# Various TLS exporter-related tests + +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw( + can_fork data_file_path initialise_libssl is_protocol_usable new_ctx + tcp_socket +); + +use Storable; + +if (not can_fork()) { + plan skip_all => "fork() not supported on this system"; +} elsif (!defined &Net::SSLeay::export_keying_material) { + plan skip_all => "No export_keying_material()"; +} else { + plan tests => 36; +} + +initialise_libssl(); + +my @rounds = qw( TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 ); + +my %usable = + map { + $_ => is_protocol_usable($_) + } + @rounds; + +my $pid; +alarm(30); +END { kill 9,$pid if $pid } + +my (%server_stats, %client_stats); + +my ($server_ctx, $client_ctx, $server_ssl, $client_ssl); + +my $server = tcp_socket(); + +sub server +{ + # SSL server - just handle connections, write, wait for read and repeat + my $cert_pem = data_file_path('simple-cert.cert.pem'); + my $key_pem = data_file_path('simple-cert.key.pem'); + + defined($pid = fork()) or BAIL_OUT("failed to fork: $!"); + if ($pid == 0) { + my ($ctx, $ssl, $ret, $cl); + + foreach my $round (@rounds) + { + next unless $usable{$round}; + + $cl = $server->accept(); + + $ctx = new_ctx( $round, $round ); + + Net::SSLeay::CTX_set_security_level($ctx, 0) + if Net::SSLeay::SSLeay() >= 0x30000000 && ($round eq 'TLSv1' || $round eq 'TLSv1.1'); + Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem); + $ssl = Net::SSLeay::new($ctx); + Net::SSLeay::set_fd($ssl, fileno($cl)); + Net::SSLeay::accept($ssl); + + Net::SSLeay::write($ssl, $round); + my $msg = Net::SSLeay::read($ssl); + + Net::SSLeay::shutdown($ssl); + Net::SSLeay::free($ssl); + close($cl) || die("server close: $!"); + } + $server->close() || die("server listen socket close: $!"); + exit(0); + } +} + +# SSL client - connect to server, read, test and repeat +sub client { + for my $round (@rounds) { + if ($usable{$round}) { + my $cl = $server->connect(); + + my $ctx = new_ctx( $round, $round ); + Net::SSLeay::CTX_set_security_level($ctx, 0) + if Net::SSLeay::SSLeay() >= 0x30000000 && ($round eq 'TLSv1' || $round eq 'TLSv1.1'); + my $ssl = Net::SSLeay::new($ctx); + Net::SSLeay::set_fd( $ssl, $cl ); + my $ret = Net::SSLeay::connect($ssl); + if ($ret <= 0) { + diag("Protocol $round, connect() returns $ret, Error: ".Net::SSLeay::ERR_error_string(Net::SSLeay::ERR_get_error())); + } + + my $msg = Net::SSLeay::read($ssl); + + test_export($ssl); + + Net::SSLeay::write( $ssl, $msg ); + + Net::SSLeay::shutdown($ssl); + Net::SSLeay::free($ssl); + close($cl) || die("client close: $!"); + } + else { + SKIP: { + skip( "$round not available in this libssl", 9 ); + } + } + } + $server->close() || die("client listen socket close: $!"); + + return 1; +} + +sub test_export +{ + my ($ssl) = @_; + + my ($bytes1_0, $bytes1_1, $bytes1_2, $bytes1_3, $bytes2_0, $bytes2_2_64); + + my $tls_version = Net::SSLeay::get_version($ssl); + + $bytes1_0 = Net::SSLeay::export_keying_material($ssl, 64, 'label 1'); + $bytes1_1 = Net::SSLeay::export_keying_material($ssl, 64, 'label 1', undef); + $bytes1_2 = Net::SSLeay::export_keying_material($ssl, 64, 'label 1', ''); + $bytes1_3 = Net::SSLeay::export_keying_material($ssl, 64, 'label 1', 'context'); + $bytes2_0 = Net::SSLeay::export_keying_material($ssl, 128, 'label 1', ''); + $bytes2_2_64 = substr($bytes2_0, 0, 64); + + is(length($bytes1_0), 64, "$tls_version: Got enough for bytes1_0"); + is(length($bytes1_1), 64, "$tls_version: Got enough for bytes1_1"); + is(length($bytes1_2), 64, "$tls_version: Got enough for bytes1_2"); + is(length($bytes1_3), 64, "$tls_version: Got enough for bytes1_3"); + is(length($bytes2_0), 128, "$tls_version: Got enough for bytes2_0"); + + $bytes1_0 = unpack('H*', $bytes1_0); + $bytes1_1 = unpack('H*', $bytes1_1); + $bytes1_2 = unpack('H*', $bytes1_2); + $bytes1_3 = unpack('H*', $bytes1_3); + $bytes2_0 = unpack('H*', $bytes2_0); + $bytes2_2_64 = unpack('H*', $bytes2_2_64); + + # Last argument should default to undef + is($bytes1_0, $bytes1_1, "$tls_version: context default param is undef"); + + # Empty and undefined context are the same for TLSv1.3. + # Different length export changes the whole values for TLSv1.3. + if ($tls_version eq 'TLSv1.3') { + is($bytes1_0, $bytes1_2, "$tls_version: empty and undefined context yields equal values"); + isnt($bytes2_2_64, $bytes1_2, "$tls_version: export length does matter"); + } else { + isnt($bytes1_0, $bytes1_2, "$tls_version: empty and undefined context yields different values"); + is($bytes2_2_64, $bytes1_2, "$tls_version: export length does not matter"); + } + + isnt($bytes1_3, $bytes1_0, "$tls_version: different context"); + + return; +} + +# For SSL_export_keying_material_early available with TLSv1.3 +sub test_export_early +{ + + return; +} + +server(); +client(); +waitpid $pid, 0; +exit(0); diff --git a/cpan/Net-SSLeay/t/local/46_msg_callback.t b/cpan/Net-SSLeay/t/local/46_msg_callback.t new file mode 100644 index 000000000000..587e5a0e0b82 --- /dev/null +++ b/cpan/Net-SSLeay/t/local/46_msg_callback.t @@ -0,0 +1,114 @@ +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw( + can_fork data_file_path initialise_libssl new_ctx tcp_socket +); + +if (not can_fork()) { + plan skip_all => "fork() not supported on this system"; +} else { + plan tests => 10; +} + +initialise_libssl(); + +my $pid; +alarm(30); +END { kill 9,$pid if $pid } + +my $server = tcp_socket(); + +{ + # SSL server - just handle single connect and shutdown connection + my $cert_pem = data_file_path('simple-cert.cert.pem'); + my $key_pem = data_file_path('simple-cert.key.pem'); + + defined($pid = fork()) or BAIL_OUT("failed to fork: $!"); + if ($pid == 0) { + for(qw(ctx ssl)) { + my $cl = $server->accept(); + my $ctx = new_ctx(); + Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem); + my $ssl = Net::SSLeay::new($ctx); + Net::SSLeay::set_fd($ssl, fileno($cl)); + Net::SSLeay::accept($ssl); + for(1,2) { + last if Net::SSLeay::shutdown($ssl)>0; + } + close($cl) || die("server close: $!"); + } + $server->close() || die("server listen socket close: $!"); + exit; + } +} + +sub client { + my ($where) = @_; + # SSL client - connect and shutdown, all the while getting state updates + # with info callback + + my @cb_data; + my @states; + my $msgcb = sub { + my ($write_p,$version,$content_type,$buf,$len,$ssl,$cb_data) = @_; + # buffer is of course randomized/timestamped, this is hard to test, so + # skip this + my $hex_buf = unpack("H*", $buf||''); + + # version appears to be different running in different test envs that + # have a different openssl version, so we skip that too. This isn't a + # good test for that, and it's not up to Net::SSLeay to make all + # openssl implementations look the same + + # the 3 things this sub needs to do: + # 1. not die + # 2. no memory leak + # 3. provide information + # + # The validness of the buffer can be checked, so we use this as a + # validation instead. This selftest is not here to validate the + # protocol and the intricacies of the possible implementation or + # version (ssl3 vs tls1 etc) + + push @states,(defined $buf and length($buf) == $len)||0; + + # cb_data can act as a check + push @cb_data, $cb_data; + }; + + my $cl = $server->connect(); + my $ctx = new_ctx(); + Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL); + Net::SSLeay::CTX_set_msg_callback($ctx, $msgcb, "CB_DATA") if $where eq 'ctx'; + my $ssl = Net::SSLeay::new($ctx); + Net::SSLeay::set_fd($ssl, $cl); + Net::SSLeay::set_msg_callback($ssl, $msgcb, "CB_DATA") if $where eq 'ssl'; + Net::SSLeay::connect($ssl); + for(1,2) { + last if Net::SSLeay::shutdown($ssl)>0; + } + close($cl) || die("client close: $!"); + + ok(scalar(@states) > 1, "at least 2 messages logged: $where"); + my $all_ok = 1; + $all_ok &= $_ for @states; + is($all_ok, 1, "all states are OK: length(buf) = len for $where"); + + ok(scalar(@cb_data) > 1, "all cb data SV's are OK for $where (at least 2)"); + my $all_cb_data_ok = 0; + $all_cb_data_ok++ for grep {$_ eq "CB_DATA"} grep {defined} @cb_data; + is(scalar(@cb_data), $all_cb_data_ok, "all cb data SV's are OK for $where"); + + eval { + Net::SSLeay::CTX_set_msg_callback($ctx, undef) if $where eq 'ctx'; + Net::SSLeay::set_msg_callback($ssl, undef) if $where eq 'ssl'; + }; + is($@, '', "no error during set_msg_callback() for $where"); +} + +client('ctx'); +client('ssl'); +$server->close() || die("client listen socket close: $!"); +waitpid $pid, 0; + diff --git a/cpan/Net-SSLeay/t/local/47_keylog.t b/cpan/Net-SSLeay/t/local/47_keylog.t new file mode 100644 index 000000000000..b2bfce5af2b9 --- /dev/null +++ b/cpan/Net-SSLeay/t/local/47_keylog.t @@ -0,0 +1,208 @@ +# Tests for logging TLS key material + +use lib 'inc'; + +use Net::SSLeay; +use Test::Net::SSLeay qw( + can_fork data_file_path initialise_libssl is_protocol_usable new_ctx + tcp_socket +); + +if (not can_fork()) { + plan skip_all => "fork() not supported on this system"; +} elsif (!defined &Net::SSLeay::CTX_set_keylog_callback) { + plan skip_all => "No CTX_set_keylog_callback()"; +} else { + plan tests => 11; +} + +initialise_libssl(); + +# TLSv1.3 keylog is different from previous TLS versions. We expect +# that both types can be tested +my @rounds = qw( TLSv1.2 TLSv1.3 ); +my %keylog = ( + 'TLSv1.2' => {}, + 'TLSv1.3' => {}, + ); + +# %keylog ends up looking like this if everything goes as planned +# See below for more information about the keys and the values. +# $VAR1 = { +# 'TLSv1.2' => { +# 'CLIENT_RANDOM' => '54f8fdb2... 2232f0ab...' +# }, +# 'TLSv1.3' => { +# 'CLIENT_HANDSHAKE_TRAFFIC_SECRET' => '0d862c40... d85e3d34...', +# 'CLIENT_TRAFFIC_SECRET_0' => '0d862c40... 5c211de7...', +# 'EXPORTER_SECRET' => '0d862c40... 332b80bb...', +# 'SERVER_HANDSHAKE_TRAFFIC_SECRET' => '0d862c40... 93a9c58e...', +# 'SERVER_TRAFFIC_SECRET_0' => '0d862c40... 34b7afff...' +# } +# }; + +# This will trigger diagnostics if the desired TLS versions are not +# available. +my %usable = + map { + $_ => is_protocol_usable($_) + } + @rounds; + +my $pid; +alarm(30); +END { kill 9,$pid if $pid } + +my $server = tcp_socket(); + +sub server +{ + # SSL server - just handle connections, write, wait for read and repeat + my $cert_pem = data_file_path('simple-cert.cert.pem'); + my $key_pem = data_file_path('simple-cert.key.pem'); + + defined($pid = fork()) or BAIL_OUT("failed to fork: $!"); + if ($pid == 0) { + my ($ctx, $ssl, $ret, $cl); + + foreach my $round (@rounds) + { + next unless $usable{$round}; + + $cl = $server->accept(); + + $ctx = new_ctx( $round, $round ); + Net::SSLeay::CTX_set_keylog_callback($ctx, \&keylog_cb); + Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem); + $ssl = Net::SSLeay::new($ctx); + Net::SSLeay::set_fd($ssl, fileno($cl)); + Net::SSLeay::accept($ssl); + + # Keylog data has been collected at this point. Doing some + # reads and writes allows us to see our connection works. + my $ssl_version = Net::SSLeay::read($ssl); + Net::SSLeay::write($ssl, $ssl_version); + my $keys = $keylog{$ssl_version}; + foreach my $label (keys %{$keylog{$round}}) + { + Net::SSLeay::write($ssl, $label); + Net::SSLeay::write($ssl, $keylog{$ssl_version}->{$label}); + } + Net::SSLeay::shutdown($ssl); + Net::SSLeay::free($ssl); + close($cl) || die("server close: $!"); + } + $server->close() || die("server listen socket close: $!"); + + exit(0); + } +} + +# SSL client - connect to server, read, test and repeat +sub client { + + # For storing keylog information the server sends + my %server_keylog; + + for my $round (@rounds) { + if ($usable{$round}) { + my $cl = $server->connect(); + + my $ctx = new_ctx( $round, $round ); + Net::SSLeay::CTX_set_keylog_callback($ctx, \&keylog_cb); + my $ssl = Net::SSLeay::new($ctx); + Net::SSLeay::set_fd( $ssl, $cl ); + my $ret = Net::SSLeay::connect($ssl); + if ($ret <= 0) { + diag("Protocol $round, connect() returns $ret, Error: " . Net::SSLeay::ERR_error_string(Net::SSLeay::ERR_get_error())); + } + + # Pull server's keylog for this TLS version. + Net::SSLeay::write($ssl, $round); + my $ssl_version = Net::SSLeay::read($ssl); + my %keys; + while (my $label = Net::SSLeay::read($ssl)) + { + $keys{$label} = Net::SSLeay::read($ssl); + } + $server_keylog{$round} = \%keys; + + Net::SSLeay::shutdown($ssl); + Net::SSLeay::free($ssl); + close($cl) || die("client close: $!"); + } + else { + diag("$round not available in this libssl but required by test"); + } + } + $server->close() || die("client listen socket close: $!"); + + # Server and connections are gone but the client has all the data + # it needs for the tests + + # Start with set/get test + { + my $ctx = new_ctx(); + my $cb = Net::SSLeay::CTX_get_keylog_callback($ctx); + is($cb, undef, 'Keylog callback is initially undefined'); + + Net::SSLeay::CTX_set_keylog_callback($ctx, \&keylog_cb); + $cb = Net::SSLeay::CTX_get_keylog_callback($ctx); + is($cb, \&keylog_cb, 'CTX_get_keylog_callback'); + + Net::SSLeay::CTX_set_keylog_callback($ctx, undef); + $cb = Net::SSLeay::CTX_get_keylog_callback($ctx); + is($cb, undef, 'Keylog callback successfully unset'); + } + + # Make it clear we have separate keylog hashes. The also align + # nicely below. The compare server and client keylogs. + my %client_keylog = %keylog; + foreach my $round (@rounds) + { + ok(exists $server_keylog{$round}, "Server keylog for $round exists"); + ok(exists $client_keylog{$round}, "Client keylog for $round exists"); + + my $s_kl = delete $server_keylog{$round}; + my $c_kl = delete $client_keylog{$round}; + is_deeply($s_kl, $c_kl, "Client and Server have equal keylog for $round"); + } + is_deeply(\%server_keylog, {}, 'Server keylog has no unexpected entries'); + is_deeply(\%client_keylog, {}, 'Client keylog has no unexpected entries'); + + return 1; +} + + +# The keylog file format is specified by Mozilla: +# https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format +# Quote: +# This key log file is a series of lines. Comment lines begin with +# a sharp character ('#') and are ignored. Secrets follow the +# format