From bfd24c367bbfa0c0060d2f7c1267f69d5faf9e89 Mon Sep 17 00:00:00 2001 From: MSP-Greg Date: Mon, 7 Sep 2020 20:39:34 -0500 Subject: [PATCH 1/5] Backport ssl fixtures/changes from #2333 --- examples/puma/cert_puma.pem | 34 ++--- examples/puma/client-certs/ca.crt | 34 ++--- examples/puma/client-certs/ca.key | 50 +++---- examples/puma/client-certs/client.crt | 34 ++--- examples/puma/client-certs/client.key | 50 +++---- examples/puma/client-certs/client_expired.crt | 34 ++--- examples/puma/client-certs/client_expired.key | 50 +++---- examples/puma/client-certs/client_unknown.crt | 34 ++--- examples/puma/client-certs/client_unknown.key | 50 +++---- examples/puma/client-certs/generate.rb | 78 ---------- .../puma/client-certs/generate_client_test.rb | 133 ++++++++++++++++++ .../client-certs/run_server_with_certs.rb | 26 ++++ examples/puma/client-certs/server.crt | 34 ++--- examples/puma/client-certs/server.key | 50 +++---- examples/puma/client-certs/unknown_ca.crt | 34 ++--- examples/puma/client-certs/unknown_ca.key | 50 +++---- examples/puma/generate_server_test.rb | 56 ++++++++ examples/puma/puma_keypair.pem | 38 +++-- examples/puma/server.p12 | 0 test/helpers/ssl.rb | 10 +- test/test_puma_server_ssl.rb | 52 +++---- 21 files changed, 543 insertions(+), 388 deletions(-) delete mode 100644 examples/puma/client-certs/generate.rb create mode 100644 examples/puma/client-certs/generate_client_test.rb create mode 100644 examples/puma/client-certs/run_server_with_certs.rb create mode 100644 examples/puma/generate_server_test.rb create mode 100644 examples/puma/server.p12 diff --git a/examples/puma/cert_puma.pem b/examples/puma/cert_puma.pem index 7e68d622a1..a0730990da 100644 --- a/examples/puma/cert_puma.pem +++ b/examples/puma/cert_puma.pem @@ -1,19 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIC/jCCAeagAwIBAgIBAjANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJVUzEO -MAwGA1UECgwFbG9jYWwxDTALBgNVBAsMBGFlcm8xCzAJBgNVBAMMAkNBMB4XDTEy -MDExNDAwMjcyN1oXDTEzMDExMzAwMjcyN1owSDELMAkGA1UEBhMCVVMxDjAMBgNV +MIIDgjCCAmqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADA5MQswCQYDVQQGEwJVUzEO +MAwGA1UECgwFbG9jYWwxDTALBgNVBAsMBGFlcm8xCzAJBgNVBAMMAkNBMB4XDTIw +MDgwMTAwMDAwMFoXDTI0MDgwMTAwMDAwMFowSDELMAkGA1UEBhMCVVMxDjAMBgNV BAoMBWxvY2FsMQ0wCwYDVQQLDARhZXJvMQswCQYDVQQLDAJDQTENMAsGA1UEAwwE -cHVtYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArxfNMp+g/pKhsDEkB3KR -1MAkbfnN/UKMvfXwlnXpz7YX1LHHnMutiI/PqymAp6BPcu+umuW2qMHQyqqtyATm -Z9jr3t837nhmxwG1noRaKRtsckn9FD43ZlpPg0Q5QnhS4oOsXwJzilqPjdDFYrKN -3TSvIGM2+hVqpVoGYAHDKbMCAwEAAaOBhTCBgjAMBgNVHRMBAf8EAjAAMDEGCWCG -SAGG+EIBDQQkFiJSdWJ5L09wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0G -A1UdDgQWBBTyDyJlmYBDwfWdRj6lWGvoY43k9DALBgNVHQ8EBAMCBaAwEwYDVR0l -BAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEFBQADggEBAIbBVfoVCG8RyVesPW+q -5i0wAMbHZ1fwv1RKp17c68DYDs0YYPi0bA0ss8AgpU6thWmskxPiFaE6D5x8iv9f -zkcHxgr1Mrbx6RLx9tLUVehSmRv3aiVO4k9Mp6vf+rJK1AYeaGBmvoqTBLwy7Jrt -ytKMdqMJj5jKWkWgEGgTnjzbcOClmCQab9isigIzTxMyC/LjeKZe8pPeVX6OM8bY -y8XGZp9B7uwdPzqt/g25IzTC0KsQwq8cB0raAtZzIyTNv42zcUjmQNVazAozCTcq -MsEtK2z7TYBC3udTsdyS2qVqCpsk7IMOBGrw8vk4SNhO+coiDObW2K/HNvhl0tZC -oQI= +cHVtYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9pa0gvlNdwge/u +aZNE5hTyBLH3eQzdduGcYjoSy6AVgab8M8s5O7RPMEDORV6xRuGfNgRI40Kkx4E8 +w5icHSp9WumsEi5FrKIcIXttquLdcBkUEq9N/mPVZAlg5Jr5IePzWafM0gTdKlR1 +LN/UHcVaMHWt4/Kz2ja9wlUhaKly7+UG1JdHhQ1yrAVVUTLN9YT8VTkyaB11+K0m +KpdvHcyFuB4yBcvCd4iGSIqf7wjlEIRp8Pa9C6tR8gAlCi4APlzmngYod3wbXAhE +psjvSXCWCdeHKD/wAgBz1abA4yNnSIhb4KFFkGMn+F74ZjeCZN287lz/18gQLn06 +3EXVKIECAwEAAaOBhTCBgjAMBgNVHRMBAf8EAjAAMDEGCWCGSAGG+EIBDQQkFiJS +dWJ5L09wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTyDyJl +mYBDwfWdRj6lWGvoY43k9DALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUH +AwEwDQYJKoZIhvcNAQELBQADggEBAH2YCJJY9RFO8a7wW+9LonTVL1QLvpS0bgqC +1CvW3ANCXriCXHUHc/aLmneRfXhrezCcAgqyqG2+HxJ3fLllec7lbiznnV7DaAmn +Jhgmlho9fw2FxPA4iZ5DQvCALS0Ho4Vo+kPVExbhH4XKZkVTJosms5TWmDaeyfN0 +PyWDeyKsjqi9oXqqAZKBo9DFWxkJUThzpxXdWo2S9cKt7EWJJlgdlmQGyoo39Xdu +86MxNGfaS+7ChzcXQVu1B/t0fpFKfkVCEKvNEQ50v/D01Ed0hgQPOaqgFvFMp0eU +B0b1xpKQ2OshyOK1048ou3Gv+fAw+xtcC840T0DDMte73sysXtg= -----END CERTIFICATE----- diff --git a/examples/puma/client-certs/ca.crt b/examples/puma/client-certs/ca.crt index 7ca63b0ba6..a69ea6fb60 100644 --- a/examples/puma/client-certs/ca.crt +++ b/examples/puma/client-certs/ca.crt @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- -MIIDEDCCAfigAwIBAgIBATANBgkqhkiG9w0BAQUFADA4MRMwEQYKCZImiZPyLGQB -GRYDbmV0MRQwEgYKCZImiZPyLGQBGRYEcHVtYTELMAkGA1UEAwwCY2EwIBcNMTQw -MjAyMjAwODI3WhgPMjExNTAxMDkyMDA4MjdaMDgxEzARBgoJkiaJk/IsZAEZFgNu -ZXQxFDASBgoJkiaJk/IsZAEZFgRwdW1hMQswCQYDVQQDDAJjYTCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAN0u8/heGbkoFDDsx6uidE6DKPvjIPnZPFzR -CMkzrNgIeq/hfAItIJAO0m8YZivkUWeE3ut4ibSL+OVTvLRWDL/L736LILUxrD2f -joKHHLSVIUWl3H0VjYDE2RCiVkvxP4sAo7EYecZesTtb7W7DdAjHztFZIl+wT+ri -MlxDRmYxwsOPQtL0/wJZF80uTpC29V47NY9ITd/A+1xMblPAuQKO3vqZ4Yq07mO/ -KKSbepo07v7jMhNOSHf8VBFlTzzG5AHmxZUW0qjCkJBV8N1MiT9cIk81ZuSqOZu3 -A+aDAlOYPJe2WVpGskCme9HkJaHTeP87tQUsLqRsLgq/AXh5R58CAwEAAaMjMCEw -DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQAD -ggEBAKiGZ57rSAlL9slQ0FklVjpe+YrfZvmaXTRPl+9YhikoVI91u1r/qA9PrXKn -cL6u66SU6kJwI5572uT1TpKO7jQLXJZV0LO17WuF3P7y44QnNb53Em2GYi8DD/gq -X0Y1u8QzIxo4uomWiE73fnao2I9eErKNi/xCySaX/SLQ/9tcEgUyeLlTtJZ3feVF -7K0llR+hSb0Wy/uWnP7qP59YsyCJl1H23j7IEVCTMsOQ4tyIK16+qRA+aVLtE9f5 -orsrOWWGJOdAn1nCJweKqhG1vd3GKGRW3Rf/iugCbvgJy0NFLfTpeJ4fJosC3A/K -6K+pe9hNsi2kBPwC67QeVjnbqd4= +MIIDDjCCAfagAwIBAgIBAzANBgkqhkiG9w0BAQsFADA4MRMwEQYKCZImiZPyLGQB +GRYDbmV0MRQwEgYKCZImiZPyLGQBGRYEcHVtYTELMAkGA1UEAwwCQ0EwHhcNMjAw +ODAxMDAwMDAwWhcNMjQwODAxMDAwMDAwWjA4MRMwEQYKCZImiZPyLGQBGRYDbmV0 +MRQwEgYKCZImiZPyLGQBGRYEcHVtYTELMAkGA1UEAwwCQ0EwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDIHxrFcS2JkRQbXLFosb32unVkVuwHSPSt6Dpl +2jUQHP/bceAx/d9waHYf8rlbCFAIoduZDOc7XCJUidgcG5NfLJyQpkkWOU8CGWH+ +Ipl4AE8auYCcy/0T7BQqaRC41HPmrJG1CC40rqcY47lUO2haI+vj5TZFHNhAbRat +rR1iD1veis2gBZtrMzd4IlpvEHGv6ghfnSc20za4exmapjp/uAAIOXpeFX8QHumA +bty4dd+iHpKjDzUrhG9Qa5v28ii2K1AcbczUQ7FzSp2/GoRSjF+WY6i86N9Z1M97 +2PEgy0IG5l6JHu1P0/rd00hN0h0Owzv3V5ldMLZap7+pVFQTAgMBAAGjIzAhMA8G +A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IB +AQA3GWpy4bYLOHLENDTUBeclF6cDdYiautD6gxd1SDLMWOhAUF7ywwT87OAJdr1I ++W1TUv5BRG21rNm1QsZfLbStdKA1mpiET/9nYN7m1YauL5hI3yD49TGuO9/sxcE5 +zNW7D3VBVNq+pyT21/TvLAgxCNvjjm7byzyIOcoRUyZx8WhCf8nUT6cEShXqEg4Q +iUBSLI38tiQoZneuVzDRlXBY0PqoB19l2Kg9yThHjPTVhw5EAQSDKXCCvaxAbVw6 +ZPLNnOdK6DvqEZ3GC5WlaHQdmLxmN4OfV6AEtpgqgGY9u8K1ylTr3ET7xLK7bhcA +oZsggEVZr1Ifx9BWIazRNwlw -----END CERTIFICATE----- diff --git a/examples/puma/client-certs/ca.key b/examples/puma/client-certs/ca.key index e229c7b91c..59bc391a20 100644 --- a/examples/puma/client-certs/ca.key +++ b/examples/puma/client-certs/ca.key @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA3S7z+F4ZuSgUMOzHq6J0ToMo++Mg+dk8XNEIyTOs2Ah6r+F8 -Ai0gkA7SbxhmK+RRZ4Te63iJtIv45VO8tFYMv8vvfosgtTGsPZ+OgocctJUhRaXc -fRWNgMTZEKJWS/E/iwCjsRh5xl6xO1vtbsN0CMfO0VkiX7BP6uIyXENGZjHCw49C -0vT/AlkXzS5OkLb1Xjs1j0hN38D7XExuU8C5Ao7e+pnhirTuY78opJt6mjTu/uMy -E05Id/xUEWVPPMbkAebFlRbSqMKQkFXw3UyJP1wiTzVm5Ko5m7cD5oMCU5g8l7ZZ -WkayQKZ70eQlodN4/zu1BSwupGwuCr8BeHlHnwIDAQABAoIBABjXyj1OTHNYhhQM -tEyZ3Zhn8PWByFVnyfje3a7DqBlHsogIuoYADZVApPAnfGpXpbEL4oHuMwFda2JO -qnZS5/Gu9UJwXAceAiuVvUr55AaAbZFGFOLTxeX9tifBJBI5kZqKQtiEWEEop510 -MNHtEB5gWuF2sn6u7fsC1wc34zNdE/4hR1njsppIlJ1GP0ICQUI/YKybipF6+pI7 -+vg7bF5DU93/uUoRY83NjREeAswFE67OOHi592YIyr5TLu06NDqJ2EBneXyO63Q7 -pAakX84SI7k8p8t9XBW6D56pT23JYcrDXwayH1P+SAA4FdDhPlZlGPWjXqQc0biA -l1HlfiECgYEA8bwVsukWSGE+XdRnilVATP4zTS7ZpcYzUufS9+pa5w0sVIkDScgL -3YrB0rY7BS/kImOg+xrFz7ILCoIyjDCEVtly0Hc1aZw9SWu545lfFWcd7s7nN5nQ -iM9jGxoAWu/VT2GKIfhxMK89CzLD1DGgqsiyYxmPMyplekupUEkkiHECgYEA6jxl -uNddzzfKZKHEWS1Tax0hgchOaVMyML35ySz5kgw1tSO8G64eKtrSCq7wcSvb4uc3 -hz1yl5Ydxqa+1qX5Qi+UcoRhZZHqGTsbid1aiQJKltk4ImtlptBbX+NTvEDIDblQ -fzse/a+upesutwaTchlXtuPG2F53UZeQ831GWQ8CgYAqKdtDDILVdxiwtwakS0Be -7Yu3L6/IyWxUTpkuotLeMB8GU6ueJ+Vh6/zoqt5ahkLteKEwizfrhSuF1rXIXAIJ -P/5VvCU12YmbD84pk6vRCN5gs/gCa7LC2iF4La3YLrLvGJ1GVZYwnrAwDte3YDyc -7UqoHGIs031FuoK6vTdBEQKBgHG5bz3mOqKgGMDxFY6ihgzMcPc9FGzousaVhhAZ -qPYyvWS7+9mImRb/dNlBBHY98B1jWz9rIxbcCIrpbGB05ucuiKltAoi45mrnmsA9 -23YHycUho7J6aDkskiClE4OkBD09iwqq3qoWwPnHjL/KDo5oJYEjZ+inPNE9gF/n -o98bAoGBAMLZ7BYOXU1svCwuEz9RdAyXsrOX+Z9DW9i6WMVlfk9K1IxwpXYCvOjO -J+wJuQtuNbwKqNPw1DUEp/25cDVoekRAxaKgYGlJFib8vEGtbQ7GQK9bDA11/sIz -PQSfc92Y4+qpQ9WzhsZXip49itzBFgmN7/4eaohpvyHCFkVCZVpf +MIIEpgIBAAKCAQEAyB8axXEtiZEUG1yxaLG99rp1ZFbsB0j0reg6Zdo1EBz/23Hg +Mf3fcGh2H/K5WwhQCKHbmQznO1wiVInYHBuTXyyckKZJFjlPAhlh/iKZeABPGrmA +nMv9E+wUKmkQuNRz5qyRtQguNK6nGOO5VDtoWiPr4+U2RRzYQG0Wra0dYg9b3orN +oAWbazM3eCJabxBxr+oIX50nNtM2uHsZmqY6f7gACDl6XhV/EB7pgG7cuHXfoh6S +ow81K4RvUGub9vIotitQHG3M1EOxc0qdvxqEUoxflmOovOjfWdTPe9jxIMtCBuZe +iR7tT9P63dNITdIdDsM791eZXTC2Wqe/qVRUEwIDAQABAoIBAQCrFcxxV5yyqxEh +g1E4TBw3Ppj1u0n1wG1N7+ddA/uxVtl15hjhJEVNeEDkd0H3jVe+yYFPizR0DwRa +ea4D+Z84Eo+XKlH5ae0dwk2AUlwZt0npcwV9BvfJfF6RE1l0akzbvFSlC+VUrKu2 +H5llZZSE24jjQCXxWAOYsKpeuE0ScsIvgKIW7i7sSKE8x8bRyEY6nF8ayfwLoDId +O1eIYM9bYt+y/K0MnZLuKxKRMXDiORSTu9ujR5NVmDkb4DJgVhkz8DcN9K9UV5FE +tRZzD13fOJS/RnKjoGCtJV4G8vzWvtqcaQaxxCCfYQS+XChqUExNxooOVQjlx+AE +HWrJ/oEhAoGBAPkrY5P6OfV7GOC5CxcI4wv955vf17rT85VSyqHRztiLv90IFi0B +snBjocJo466Xsi85QNkRHyW/DG0xuZ/lJyJyM79prOV0PXRlEr8loR3RT7OqK8KQ +nX4Ip7ELixT7Kspwh+p3S/Z2/9kR0XXJ8aJCb5Xz31YvswEew7Z7kbNHAoGBAM2b +gjw6BGzP9Ni9xTQKKK6NBimlsKqg/pnvEVSMb4lNNB/nPlVEzFUc5iFHX5luaaCr +dsaa7vOjUZ14aLQcuGTDrWKc82Vn2g6A+//TXbm0zWK5x1fctFdUxHPmBNiTO5xc ++29cGv/laehyphkIfQsLsmnOeMvDkyNeX0L0JYbVAoGBAL4so5/5x+rYvTAni5NV +MRWiAPgzbJAn3S4HNqkzXVBhuVqWJXbMaMjnAjtDmyNSnKj2ZcxHCSLiIjXlUev8 +FlZwG5borRGkGpOP4TMLIWGEs/RI2YVyowHi0TqLuOeWnB5OrS4DR3MheDzRILFq +JIbXdhtZOwio91LPjEjnH1lZAoGBAI5mnAa2cAYk6YGLvZ9TQeXSymfh17/1jSB0 +EV6rfTxs+iL2d5d69MImJ8T4t99+Ny4OU08uUzzu6kHT+UB1e8heNiHMbk7XZJET +CHWgoJNUA8PSw5u4wjaSARX8Q3L0Vh7vzzzLX+/HplhVv3ArDt+tlD3vwH3v0GJ4 +pCWtDqiZAoGBAMjf2InVEJsQD/uOFblpgzTxNXoWnYDA2udIpHOgcdw3+JhZzOXx +01WReomSBtuc0XStJdZKZbLuYgtG3XEJPA8rqS4SVm+M05XTCnDVkpENAZf14u8r +8dbPJUWzoVDkEuJespgixpJ18JAytDXvl5gzFp6Gr2O0Dd7arN/8IIP8 -----END RSA PRIVATE KEY----- diff --git a/examples/puma/client-certs/client.crt b/examples/puma/client-certs/client.crt index bfb7f668f2..9703ebdbde 100644 --- a/examples/puma/client-certs/client.crt +++ b/examples/puma/client-certs/client.crt @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- -MIIDAzCCAeugAwIBAgIBAzANBgkqhkiG9w0BAQUFADA4MRMwEQYKCZImiZPyLGQB -GRYDbmV0MRQwEgYKCZImiZPyLGQBGRYEcHVtYTELMAkGA1UEAwwCY2EwIBcNMTQw -MjAyMjAwODI3WhgPMjExNTAxMDkyMDA4MjdaMDwxEzARBgoJkiaJk/IsZAEZFgNu -ZXQxFDASBgoJkiaJk/IsZAEZFgRwdW1hMQ8wDQYDVQQDDAZjbGllbnQwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGnFKNrNj9pvHIK+iUf1UoDJ0O7hpj -jn7QWd65xnHWN9YF9RfBVRxg7HLcPls6GL4c+e5KQP1W0o4gSzwbUc3a/LyqkTEA -dligEjXTkQY6tCn/51CuClynreQ98wdgQrayzobKhWMALG7IRLraprZmiQJpxWOF -evd7WkF32AwSklZMEdWcLdI36swTV0UzuR9IDUnIh5GGPbikF/6hQ1E1+rL/sZkh -czYNEniJGk2pD3MqJguTvYTF24k1KEOV5koSuAPnyl4E/dX9g3AIHWo8OhqVs/4P -hrX6++qmrsVz9LIvPw3+SMAE3QU49J7uAANRQMBlxWhlbIpeFi8zNig7AgMBAAGj -EjAQMA4GA1UdDwEB/wQEAwIEsDANBgkqhkiG9w0BAQUFAAOCAQEAtxbX3CfQgMwa -CWYTjupyTC+KDajbkLLsNXw49PeTIj0FOjAdKA1zyEZcrxtaU+flJr8QHdI8HyZH -hpofnOTSBg5k9y4Qz8gjI1Nsh0H8WU/d7F//2l2fUDOhVAb6JtTAKnMpU4snb0GD -bxcO6QxfNh50Qdb7KoJH7baJ3aAnsRrLVGqQ7jH20iMu163j/pYw4dDskFMr65Le -bMB3NeQ5pHwtYf2J5EliKCtH+Df/BTIl9u1vviZs84gA0Odai/YaMZWCqFiWqIax -lkMHNSDWh2G++qMn9erLjRtYDAbIt3VhMncUpEBx3lBEIaVg7qyfpWQ4EkkkylH6 -WRv06vukVg== +MIIDBDCCAeygAwIBAgIBCzANBgkqhkiG9w0BAQsFADA4MRMwEQYKCZImiZPyLGQB +GRYDbmV0MRQwEgYKCZImiZPyLGQBGRYEcHVtYTELMAkGA1UEAwwCQ0EwHhcNMjAw +ODAxMDAwMDAwWhcNMjQwODAxMDAwMDAwWjA/MRMwEQYKCZImiZPyLGQBGRYDbmV0 +MRQwEgYKCZImiZPyLGQBGRYEcHVtYTESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoywLJRT7wZM1P3Abg9NIT+NJ8TkS +IBz8ZgyyhSW1lU/tcsNEJakIl22XAeLEHfMknMzDqvU1G256hqM+/Tgohreat+yc +ofy+2OOu4un+44qIGX82i2PCt+afVvbGhPpHioyAJRDXZd9V4FtESH+6As7m+6MH +E4yX547E6XmmJ9lp8z9FnBMi1a6C01bI6mZhMuReLl2bS0FWjqrwNN3PpizBD+Vv +FbUIndC+UiD0kYPxTwSDCpEq/To0FrNCdAj94Y4oZVuvx8B1mHiqwkqmlOLUZslS +u7CFInqbswq5LnGFRIVSg3bu4bgCbCEmJhfqxp5MODT4VBXa2sCOnG7BBwIDAQAB +oxIwEDAOBgNVHQ8BAf8EBAMCBLAwDQYJKoZIhvcNAQELBQADggEBAApaKvnGiRqs +Vz4B06f/mDLmN7gb0e/evEypB2S06fp9f/oWWHXHCxpx9bKbiHFNNiinoc97/Spb +GzylHV/n9j8GEtZmJMiSJZubN8vpn1Jg0Usz3ZtAy0fe9ephjBIXPpwrsGF6Oz3u +U/b2zTpJX3oJ3Eq6Q9hLplYU3bNHfrw6PAbzbB91zVTFsqZUTctKrMRgp68FA4fw +VWQkb4QwLK1UVJIT/nR3v7nJDktgpR4mfdrtWbWxOGm/ed2oOilpqVhVN99P+bUn +3cFkQ6PSYK8En9jJhBMe/zQqpSyy09Tfi/Zy6nzZv0ah53bpeCFLZFi+0CU8HwPr +MuD1XQN72zg= -----END CERTIFICATE----- diff --git a/examples/puma/client-certs/client.key b/examples/puma/client-certs/client.key index a497041210..15820eed73 100644 --- a/examples/puma/client-certs/client.key +++ b/examples/puma/client-certs/client.key @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAxpxSjazY/abxyCvolH9VKAydDu4aY45+0FneucZx1jfWBfUX -wVUcYOxy3D5bOhi+HPnuSkD9VtKOIEs8G1HN2vy8qpExAHZYoBI105EGOrQp/+dQ -rgpcp63kPfMHYEK2ss6GyoVjACxuyES62qa2ZokCacVjhXr3e1pBd9gMEpJWTBHV -nC3SN+rME1dFM7kfSA1JyIeRhj24pBf+oUNRNfqy/7GZIXM2DRJ4iRpNqQ9zKiYL -k72ExduJNShDleZKErgD58peBP3V/YNwCB1qPDoalbP+D4a1+vvqpq7Fc/SyLz8N -/kjABN0FOPSe7gADUUDAZcVoZWyKXhYvMzYoOwIDAQABAoIBAA7C+aPMEAiyStAs -60l2OVcTsOy2J8H0ilpkA5jdNgLM/ZxNvilBcS2HBXZ3MAKeairvLJXaRLoaRjQC -Q4JoTxuSo1cuGW1GXonvMI77/XGJiIGbqLR20rIny4oLMSYnbzrU/NG6nkQaCVXb -PeQYdgAi+MnxwNbf79r8N1d3+FW85vjczo2aobWnJpir8U+xp5pe4xpqP8nddP7v -tdfIku8HBt76pu4ZfZynO6z9C+ZKS1s7YmBkGNuE46kwl9dhdmZGawAHxNYNAAJS -FPLHR11f3syjtPUUm3MAr5BlCFd6vgWYJFrdKv8/uH++WAiVvApnG/FjPh90i42p -muGHJbECgYEA+eiHPNzlCwYpPzY+n/AfBQ48G7sYeHk/yEDvhkJOnwAQEQMMw1s9 -AGHFTaKa2rb6fruZp8qCXiuzhWq2x7e5+W2Buj+VU15fI1JCJW1s2GdlGOAclvEW -HvhcmlwtmSOWgTv1bbVSgQZB9hjbVK+81yQ9hn6AxJUT9k1IU3HALGkCgYEAy3Ow -DBX97AVn+1h4I/7cTqzjjLCaBn4UVcy0s3hsbvW/b+aYb8a3F4wJ7mWXvFk9Lb4h -uMfka6DYHszma1Bp7BEr63QIAhf936PXAljgtBBCron+9Y6DD83mz/9sX/MTo/pE -2J/qHOqYwoboDoscgtVXZxNM3UX70RJ6RBKAKwMCgYEAxpX+kWC/KWl18WM7lICN -Rckv/qFIKsO+6XSgYcHjE/pKyhnwVHT2Ho2S6cRi5ZYtq/OLgIgt3INBnq1UHZRj -1k8snUHVeXAujbTaFz/DFJvk/EVqso9Vkrqta4QAQAbFnGB3APzrWNgOJm9OKxeT -KisEMRHpZU1JlZmH9bcYjLECgYAPb1tvz0tQWKim3PNgZ7l3Do7E4bENxQrt53Xe -F8jCMkqvxqLR+BVz59/pAjQcyfhmPAJ67k9aCv3aeFkS0yr2Ced3GXpyDjfoe5mY -R/3kK0ejzjxVjNZMoKZeKVajgOGAk0Ad3yP3xaSJPYrlb5BeLKlQ3Jn8P473MZut -BmpK2QKBgQCr7aaFL5Ypv21kBKVI478jk7v/6PcYOztkFbOsje5A4SlkhlaE5u0h -iK0jON8MnAieLeP5QvyXy5n6wL/6THUSxpm3ZJRXpNgKHqENJrZBh3HpmrtzXjxF -WLMGl20yrsNUE8WR8wAJ5ECxwUPGZazDY9CD6C0Vm0LUWYdgZQnjnA== +MIIEowIBAAKCAQEAoywLJRT7wZM1P3Abg9NIT+NJ8TkSIBz8ZgyyhSW1lU/tcsNE +JakIl22XAeLEHfMknMzDqvU1G256hqM+/Tgohreat+ycofy+2OOu4un+44qIGX82 +i2PCt+afVvbGhPpHioyAJRDXZd9V4FtESH+6As7m+6MHE4yX547E6XmmJ9lp8z9F +nBMi1a6C01bI6mZhMuReLl2bS0FWjqrwNN3PpizBD+VvFbUIndC+UiD0kYPxTwSD +CpEq/To0FrNCdAj94Y4oZVuvx8B1mHiqwkqmlOLUZslSu7CFInqbswq5LnGFRIVS +g3bu4bgCbCEmJhfqxp5MODT4VBXa2sCOnG7BBwIDAQABAoIBAGsjyE2Y8ZWxKw10 +dxyf5qNOAoc5igU8Ax6ex7lVgV2BFdB9FooD63hCpRy/4TYpKKksam4eg7h3Wkx9 +dCagcTvD4vtRiadzZXzUQ0kLjCmsFKFpPk9YOcq2y3k2oDNAgykeCCZOYKCrfJ/M +TZGtDF47rL8d1M+pSTTqMbF8BvWyZ3hTKkB4dNbF4uNQ5EPD8fgkmPOMR9Ul5R3X +XvrzDWYJb0+qElbtP4Y570KQTmbBpTj2soFb2fLuPv4NpBTNx3xIja4fs7wYP46M +k1dI+wQnrC512rpacowOtWKlqx3yBrtKNjg39faPHQQpfPqkJNYZZPVA9rc255SG +l4B7y4ECgYEA1v+8z4r+lkrX/t0L2WmuHHjE6no+1c3C4RdHkkUYvgUWdE7fjRGH +fpcfZu/aTcnTj+LAkZpEty8gDZKqb8tpliMbpnkzx7Li4AYQof5QYcWQb9rJYihT +70fJgLN2QQCAD7VC00AuUam7D8r4o4uImmrOxa5jqZFHztphKXMU4p8CgYEAwkoc +vZ/LRcbiKm72/CJ8RI9YgkQanFye/6cYwsVyrydmaevxdCq68hcafPSHwJSraEK9 +zo2T6qaZZr1zdwdSFutsBfOw6g7MMPfxtUPtmHJnwoFsEBSjwSwddwi/RLXiZGUK +I31z1sRO4XoLzhvESZZP9aCURT3MSwqFTWsasJkCgYEApyKpoeHYpfdK0FsAciRA +cOvFkM41eLn7LEaPofrLEDUeTo5eJOkinttWUwxUdbJXH/zTXJ1Dm/Arh8Gjc0L7 +MvbZ8OE5yp2a1zJ/zZ7I2CjgbsPzV7YoAdSZpc5dOIzuAMgVSeoT1/INdGqCPYkk +SX6MfYpi+Zfx7bFAZRuMedsCgYA2Qrp6HumHSD8buLfTvNHV1+7RGrIP3zIslf8t +TjV0Q12v0UwytEhXmio0oZpUJ3Ejghg+Wn3n97U540kfAfVkH0Wg9+j9xTozpttj +U2BExhbCVKDYcNs29NoZx2CbkOx0O1+0f7HdVh/tisdHPav5HTihkcI3AEZQ4tRN +xc7DaQKBgFtj7G/nbhU1Rr1d7HJk8to88zHvUPPWI8AaqyQKDKD2nOSAysA0v9h6 +z7FG0SidXeCZF8NnlxRcR6+Zf/oDgx/akKGXGGGifgAIjkq53CQewNyg8iQda0cF +3wU8z+qAajPnhXEZ7T/OO1pRUUQRvM1obOLVORTzP+ZTD9/RZu4F -----END RSA PRIVATE KEY----- diff --git a/examples/puma/client-certs/client_expired.crt b/examples/puma/client-certs/client_expired.crt index d0accc8859..cd20e04895 100644 --- a/examples/puma/client-certs/client_expired.crt +++ b/examples/puma/client-certs/client_expired.crt @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- -MIIDCTCCAfGgAwIBAgIBBDANBgkqhkiG9w0BAQUFADA4MRMwEQYKCZImiZPyLGQB -GRYDbmV0MRQwEgYKCZImiZPyLGQBGRYEcHVtYTELMAkGA1UEAwwCY2EwHhcNMTQw -MjAyMjAwODI3WhcNMTQwODA0MDgwODI3WjBEMRMwEQYKCZImiZPyLGQBGRYDbmV0 -MRQwEgYKCZImiZPyLGQBGRYEcHVtYTEXMBUGA1UEAwwOY2xpZW50LWV4cGlyZWQw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZQSVfI4KNwus/+9gE9Rww -+cehxzw80fNi4tmruSApitTIk1u1r1rYVexkBkVTtl6Fg/aNAAdsI4aATanyGj0m -yRqEMxYMt8RtzAYHY6ZEJBm4WUAa44W7WNG2ZA/e0bCDq4Sn+hlPJw0e4iQimJqi -8+iitgyTdicTKDR+9kTS3W/33PZqSwqqnN55m9n9A5FIKwd8fbPsO8k6xIhFS2sL -KZ2TkAYLNXu2vFGJR7b37U8mYcHObB1p7U7WYJ2JCf21WZOC4iI25Xk7MFSUYPqb -W/iV+41EcslbHwAZHEjqeNynKNlnZokVrviOFeFrHqXbVKp43027L3RZr/JXfxMl -AgMBAAGjEjAQMA4GA1UdDwEB/wQEAwIEsDANBgkqhkiG9w0BAQUFAAOCAQEAdCLR -jmHeQDrtl9w0cr8Vls+clhoWSDIEj2NC7PRUbDS5T0kAnF/N64n9RJFPS+4bpZaT -c9v3DXzdaTTp7moUrwVc3EKVLV5EJcm+TcuUhbL2ZnRgFHggVaoePShBHkDJGLz9 -lR30KJnKsyFKEDEyD4rYtYvg98858EtkuxKLsD8efQ/9V8WDLAJJWTsJweEbEpIq -GqblQnBeNrLZ7yS32NAM9jnB9wPsMXPZnAAV/o/U6TTwIO9ChApWX+qer1/mIoc7 -90/XhxEVw6EcXfGPnsLJ85n9FNGbWnLFRxvFAYcD0z6KQYxVHDiUAMSKqAkpENYO -k3gVOw5YNxNpPmUrjw== +MIIDBDCCAeygAwIBAgIBFzANBgkqhkiG9w0BAQsFADA4MRMwEQYKCZImiZPyLGQB +GRYDbmV0MRQwEgYKCZImiZPyLGQBGRYEcHVtYTELMAkGA1UEAwwCQ0EwHhcNMTkw +ODAxMDAwMDAwWhcNMjAwODAxMDAwMDAwWjA/MRMwEQYKCZImiZPyLGQBGRYDbmV0 +MRQwEgYKCZImiZPyLGQBGRYEcHVtYTESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoywLJRT7wZM1P3Abg9NIT+NJ8TkS +IBz8ZgyyhSW1lU/tcsNEJakIl22XAeLEHfMknMzDqvU1G256hqM+/Tgohreat+yc +ofy+2OOu4un+44qIGX82i2PCt+afVvbGhPpHioyAJRDXZd9V4FtESH+6As7m+6MH +E4yX547E6XmmJ9lp8z9FnBMi1a6C01bI6mZhMuReLl2bS0FWjqrwNN3PpizBD+Vv +FbUIndC+UiD0kYPxTwSDCpEq/To0FrNCdAj94Y4oZVuvx8B1mHiqwkqmlOLUZslS +u7CFInqbswq5LnGFRIVSg3bu4bgCbCEmJhfqxp5MODT4VBXa2sCOnG7BBwIDAQAB +oxIwEDAOBgNVHQ8BAf8EBAMCBLAwDQYJKoZIhvcNAQELBQADggEBAHDfDovSTCmM +sxDCfTGQUYwnvOohTP0hjUHB6BzNAPVKYoBiq064m/JoDFmOGGtF3CqhWqtE2psl +eOK8fA/QomyFaIAowhx8qrswMP7T/rRldAG+9QHBYZGkPtbB8evK6XqrMEQTf2Ux +FlN3p7BZl9rhtuManMb+Wud3HfLYjXn2nTRvkOTi93MP05Vrho8KegZ9Kj4wY1rK +gOnkbI6bv+1r9yjsZuUKPH/OjFkpmAoOab5hX5R5CmEefGAet2KPCNrApuwfvRHT +x9jVwtOYBHq3DVcBDBu+O38L+WlKGeXvUK4AzvxQaVUysCG3DA1zrvyI3Y8Jy2Jk +KfmWZWlvXlM= -----END CERTIFICATE----- diff --git a/examples/puma/client-certs/client_expired.key b/examples/puma/client-certs/client_expired.key index eadc5e8a89..15820eed73 100644 --- a/examples/puma/client-certs/client_expired.key +++ b/examples/puma/client-certs/client_expired.key @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA2UElXyOCjcLrP/vYBPUcMPnHocc8PNHzYuLZq7kgKYrUyJNb -ta9a2FXsZAZFU7ZehYP2jQAHbCOGgE2p8ho9JskahDMWDLfEbcwGB2OmRCQZuFlA -GuOFu1jRtmQP3tGwg6uEp/oZTycNHuIkIpiaovPoorYMk3YnEyg0fvZE0t1v99z2 -aksKqpzeeZvZ/QORSCsHfH2z7DvJOsSIRUtrCymdk5AGCzV7trxRiUe29+1PJmHB -zmwdae1O1mCdiQn9tVmTguIiNuV5OzBUlGD6m1v4lfuNRHLJWx8AGRxI6njcpyjZ -Z2aJFa74jhXhax6l21SqeN9Nuy90Wa/yV38TJQIDAQABAoIBAQDOhvSc7aflVZ/H -koT3qX8kO78AVuM3uiqSHa7pZTJi63x+ND9hhxJoR75SE/gBrYNLj3ho79cegOMS -w0HEShdJ8LFJbTsP2f5cljBBBAUCEAN3UTj0lsgBolyx84t2uYYAlaOk/8bhjPEX -I8lQLhwKvq2vSDrKT+6zcmv9KeWhQWoQavq+QAkTVO9gAqmlkdMEjZntT8hau/qC -jkgW7MG/U/CkbALcrbhAWBtMSvUDSKHrrva7XPaMq5nDvX0Wj6PZhY9KaaweR8ZR -xfrgzbFfRSKdbT5dD7IcwQhjV51hev6+q8pIFgTiFimeNq4TvKgH5MMwixBnVM+3 -djBTB4+dAoGBAO5BYdbpEuVDlwMfHo//R/BJEGJn9dwc3ZpBmJ6vQGmLGjf/oXBr -9tDf/yZKDLwVAgnRdVkllMxpEWrFjD3OpnukbvzTijBi0AQAljRSwNlMTsLwAifi -EBXvENFG/7iJKssCQBD6rkeNir3VRlMa5khI9jHahZ0B53RtQCYYDzZ/AoGBAOlv -W005wD3g9K2P5BIo+qXB43ZFFsAFOnhu7jUyTciu/95iJ+zw/AGHI/JhNy+jSHnw -ZCARLy1c2CImAshadYuWDqR5okR+xHHj3Lgf9ig7lbSf+skn3R4y6fTlxxNdbbU7 -dbZbiMm5CyUHTR6957BQaS7mfQZJG0OP5G9fl0xbAoGAOSNa+HRbALqN68S5yqTZ -Nsn+8OqnrssJZiYXGO9Ejks61XUr3U83GO6vPRqDJVQQchRWhTObFM6Zy7ZmpKf7 -iylrKJz+xg3cfyk43IGAGFzRgrSWf8QaQXhc2yOgzjuvFJKMlMXZp/VM8avFOsb3 -tRwyVtBmPLopLOXKfZhFhbcCgYA/etbbU18h9LDVGhItlhNDTEys9vDO2x0hbxk8 -QifA8UYHla3B027Ug4mU+jblr4OgFW1FAydPMLZd4vRSw7a/dNkahTFJayfEyPBW -6eoo2rtFWVP7q+mHstTIkkvmyjtxU3AZXR7/rGCJe0jPmVkOK2/PH0LUmMDfSJwY -ZWhhjQKBgDCB823bmF6+7J0mtNFFKvRMz6k0wKz7Qe6+AkwmyR3v9IBpL4UMFgIq -xdRR7iGhlRHaWVZyzG3WQ1ZgLmVUsfmk9OrD5PfhKaElKvaRr8e+MHOesQ6AgWW2 -YXr6vgr6tykVtjG4/v98r05+9q10HH0xOhbuBz+1P7IyLfTCWxbE +MIIEowIBAAKCAQEAoywLJRT7wZM1P3Abg9NIT+NJ8TkSIBz8ZgyyhSW1lU/tcsNE +JakIl22XAeLEHfMknMzDqvU1G256hqM+/Tgohreat+ycofy+2OOu4un+44qIGX82 +i2PCt+afVvbGhPpHioyAJRDXZd9V4FtESH+6As7m+6MHE4yX547E6XmmJ9lp8z9F +nBMi1a6C01bI6mZhMuReLl2bS0FWjqrwNN3PpizBD+VvFbUIndC+UiD0kYPxTwSD +CpEq/To0FrNCdAj94Y4oZVuvx8B1mHiqwkqmlOLUZslSu7CFInqbswq5LnGFRIVS +g3bu4bgCbCEmJhfqxp5MODT4VBXa2sCOnG7BBwIDAQABAoIBAGsjyE2Y8ZWxKw10 +dxyf5qNOAoc5igU8Ax6ex7lVgV2BFdB9FooD63hCpRy/4TYpKKksam4eg7h3Wkx9 +dCagcTvD4vtRiadzZXzUQ0kLjCmsFKFpPk9YOcq2y3k2oDNAgykeCCZOYKCrfJ/M +TZGtDF47rL8d1M+pSTTqMbF8BvWyZ3hTKkB4dNbF4uNQ5EPD8fgkmPOMR9Ul5R3X +XvrzDWYJb0+qElbtP4Y570KQTmbBpTj2soFb2fLuPv4NpBTNx3xIja4fs7wYP46M +k1dI+wQnrC512rpacowOtWKlqx3yBrtKNjg39faPHQQpfPqkJNYZZPVA9rc255SG +l4B7y4ECgYEA1v+8z4r+lkrX/t0L2WmuHHjE6no+1c3C4RdHkkUYvgUWdE7fjRGH +fpcfZu/aTcnTj+LAkZpEty8gDZKqb8tpliMbpnkzx7Li4AYQof5QYcWQb9rJYihT +70fJgLN2QQCAD7VC00AuUam7D8r4o4uImmrOxa5jqZFHztphKXMU4p8CgYEAwkoc +vZ/LRcbiKm72/CJ8RI9YgkQanFye/6cYwsVyrydmaevxdCq68hcafPSHwJSraEK9 +zo2T6qaZZr1zdwdSFutsBfOw6g7MMPfxtUPtmHJnwoFsEBSjwSwddwi/RLXiZGUK +I31z1sRO4XoLzhvESZZP9aCURT3MSwqFTWsasJkCgYEApyKpoeHYpfdK0FsAciRA +cOvFkM41eLn7LEaPofrLEDUeTo5eJOkinttWUwxUdbJXH/zTXJ1Dm/Arh8Gjc0L7 +MvbZ8OE5yp2a1zJ/zZ7I2CjgbsPzV7YoAdSZpc5dOIzuAMgVSeoT1/INdGqCPYkk +SX6MfYpi+Zfx7bFAZRuMedsCgYA2Qrp6HumHSD8buLfTvNHV1+7RGrIP3zIslf8t +TjV0Q12v0UwytEhXmio0oZpUJ3Ejghg+Wn3n97U540kfAfVkH0Wg9+j9xTozpttj +U2BExhbCVKDYcNs29NoZx2CbkOx0O1+0f7HdVh/tisdHPav5HTihkcI3AEZQ4tRN +xc7DaQKBgFtj7G/nbhU1Rr1d7HJk8to88zHvUPPWI8AaqyQKDKD2nOSAysA0v9h6 +z7FG0SidXeCZF8NnlxRcR6+Zf/oDgx/akKGXGGGifgAIjkq53CQewNyg8iQda0cF +3wU8z+qAajPnhXEZ7T/OO1pRUUQRvM1obOLVORTzP+ZTD9/RZu4F -----END RSA PRIVATE KEY----- diff --git a/examples/puma/client-certs/client_unknown.crt b/examples/puma/client-certs/client_unknown.crt index 359e33d6c9..8cdfc87bb9 100644 --- a/examples/puma/client-certs/client_unknown.crt +++ b/examples/puma/client-certs/client_unknown.crt @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- -MIIDEzCCAfugAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMRMwEQYKCZImiZPyLGQB -GRYDbmV0MRQwEgYKCZImiZPyLGQBGRYEcHVtYTETMBEGA1UEAwwKY2EtdW5rbm93 -bjAgFw0xNDAyMDIyMDA4MjdaGA8yMTE1MDEwOTIwMDgyN1owRDETMBEGCgmSJomT -8ixkARkWA25ldDEUMBIGCgmSJomT8ixkARkWBHB1bWExFzAVBgNVBAMMDmNsaWVu -dC11bmtub3duMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Ewf7nWJ -WcHI3NB+gjz5jWnpNwnU47hjIWq+S41iIymN7FsNdssfzeGb3ZElcQAfofvNf75F -6mE7YEpbKRU7t/Nptvx+Rd1YGOS2N/PWdj3IcJgvQ2guiU0aYkdB7lC1vlI0QzHT -dte9pGK/ZPp/mvRZGwi9WmwlNhBwOzvdyRuLyi63dmZ8vgyZrfbmGhZYdhCZ77Uv -i+VYqYv5X30I2gQkV6YQMj/AF5Fmt9a4TNGfIjXb6FKmNhlsDMduovrfQMh2umMK -YYQ4A+Vi2yMAZkKeD5cogGLS8wmg76n7miPaKLVU9xTEf55IO+HjIBIqz6VG8qbg -iBV4Lr6BkkaKTQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCBLAwDQYJKoZIhvcNAQEF -BQADggEBAGGaA7fZLOqxx1wIIay0Ewni3ljzR+RAlpTHAh4x+NilcaQ2ils+JoGH -/DCdX2iD5nevGVm1DANBhfAuFxXGGBjoOLqtg/sO7Rk51IV9WjDVB2rGeH3hoTCk -Qi6Bazdlcvvs3SyFEKcJm2zXizR7O9I+tDv++F6bbaHSBWB6tB9g93pZuMR+smvR -Ll2+/jRGPe1Pif1UFs5DR8QshpvxrIwCmO1vznLhDeA5Pde6CtahGJvi1Y25L1h0 -9l0LjMxxqgVh8h4A5AR8VufCcDiaT8lzCkz4G4jQYFhrJXmBn8Em6NZfdP/LmM9I -0zEB2Y3lp32ng+WMyaqNh6nfpxEfBoY= +MIIDBTCCAe2gAwIBAgIBEzANBgkqhkiG9w0BAQsFADA5MRMwEQYKCZImiZPyLGQB +GRYDbmV0MRQwEgYKCZImiZPyLGQBGRYEcHVtYTEMMAoGA1UEAwwDQ0FVMB4XDTIw +MDgwMTAwMDAwMFoXDTI0MDgwMTAwMDAwMFowPzETMBEGCgmSJomT8ixkARkWA25l +dDEUMBIGCgmSJomT8ixkARkWBHB1bWExEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKQo9ve3XI5fiKE5AKI3Qm7aeGwy +uIR5RBo58Na4saBSfCaKZvNwzuEimKN6S4ShUlV0egKwCs/KvzbhQJpIxVsLQCGs +AQDxdOGP1FyizQvzDhzL7BC2I/Dp3A5V6uXkxo1qTqoBdTYeJ/mdIVgZ7bgTnUdu +uY9KErU/ugR8MbqZyQel/04PSmkCTdhzP41w0xvmc7Jgab0vJ0oXU4knXIyKsLeq +BkL6fevPW4fdaU+ppXBvpsgWfACk/WZs+DyhPndcX7JNrcnYIIAJy75wivqw2RDB +m59XNhoDwbR21EkcZnlQL59pv4ASA7DrJs+tFoGqsCs7DyEioePNp6ZraSkCAwEA +AaMSMBAwDgYDVR0PAQH/BAQDAgSwMA0GCSqGSIb3DQEBCwUAA4IBAQBMbPmIekCi +TMLtclXtkhKUefb9hoALhABwRbTbzPjz+MGJX2BMwLt8bAs6AMY8jEazvfm9+G0m +1liBAGWFojSzAykNIq/zAG2tgDVolQp3x4JcyFDJ0cuR8DIdll2CCnLM2jP8Nek8 +wSyuWDsm1U5kmos/dP/ialCvvCLHULoSCBhsyBFKmH2ViXdW09Wg4jSQ4RIToBBn +w/VbObeKA8NBUW6/7w6MS1oeFL3PlZJ205zVrZ68nqm/ckYyaBAdlQNTmlThNSQ5 +eL7w2QgfYDM72Sk4/rjZsW0kH+V0ZqmIuyVBE6jo5EulGPLo2eQEfPmhEdbo5rFi +foV+QKM8z3K0 -----END CERTIFICATE----- diff --git a/examples/puma/client-certs/client_unknown.key b/examples/puma/client-certs/client_unknown.key index 82825f77aa..96b41acf9e 100644 --- a/examples/puma/client-certs/client_unknown.key +++ b/examples/puma/client-certs/client_unknown.key @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA0Ewf7nWJWcHI3NB+gjz5jWnpNwnU47hjIWq+S41iIymN7FsN -dssfzeGb3ZElcQAfofvNf75F6mE7YEpbKRU7t/Nptvx+Rd1YGOS2N/PWdj3IcJgv -Q2guiU0aYkdB7lC1vlI0QzHTdte9pGK/ZPp/mvRZGwi9WmwlNhBwOzvdyRuLyi63 -dmZ8vgyZrfbmGhZYdhCZ77Uvi+VYqYv5X30I2gQkV6YQMj/AF5Fmt9a4TNGfIjXb -6FKmNhlsDMduovrfQMh2umMKYYQ4A+Vi2yMAZkKeD5cogGLS8wmg76n7miPaKLVU -9xTEf55IO+HjIBIqz6VG8qbgiBV4Lr6BkkaKTQIDAQABAoIBAC41pSPWqWjjJ7ds -/ZPRCR/JLjbKlJMMVdmU/7BtJidc0aJstLj06RJYiaaGy8Kc32elH/rF8GbFuVFs -TXr4ve3aL0qsCytepmunWZFiI+LJZA0uhdWzaBeHpmHFIyhGeXtGa1e41wvXYrf0 -PDefpu1uZdIshy1nLn4m+W76ogI6FrcyUQ+XRN6f5x6af70Kfi414qf9NLOvajnl -JCx90WpdwBp1jC8totKDp9kvILCymFnGBl93NUl8F3Tz7zLkh2SIhaKxQIHTc9g0 -LPNkd1Q5tIl/rG3lZ6vw2/UlCVB1NdLsItlJVIJhu6ChIrSXeoDg0GNlJFp7op6W -jlJDoRUCgYEA67Nuzrv/lkVljRFDVw97DTiCbLL7SDXDH6Jf43+Bz6prGLqd4Nfd -LTO7AdLGd5UTWB1Oj2U94pFXNFkucGv65ck6QAPZ4UrCk9lyjx/dN7d6CxUBDeu2 -4zPeHy/mAgkVmKSzEy5L2ERwoQqK8A/g6HtuThB87gtKUpnG+QSfz6sCgYEA4jyE -kPRudqne0VXWL/Mhnrls2PNo4MDIOxUp+KcFLGY/44RIEoit3WLRDXULAgT3U20Z -lY7nQJyU+/CaEH6rIpADp6VRPA0XJo7HCuMGEO7bk8AAXkXTplVs+XbsD0221AKl -GRpS0CtcvHllHiwG8iL+zHAJzL4wbNY36L97decCgYB0UuHk9bN2Hlm3/UUWunUo -WTNFIjARuzbJbgGU7WDLdHfWhINWbDKkFFu+0p9QdSpO2mfjLTwVjVVUaI8avK/e -qCkvXrcxEQxmm3KGYFt1HAAHaB5VGHfyOa7uBV2ms4UNCHu4g6i620warnFTeQKu -ufv+WvTNJpVPnsUsMLQOcQKBgQDcfgDxydjTPDIWseLjrsGIkc29EFaaHinIM5NJ -bXbEVA9WbflUXvOc/g8jX3xQBokKPR2fPryxoyos9c0h4GJoeBWn0Z5/uX5jrOne -+W5TGIjW0l1JhCKITV+9LqNZMvPKY52G/rnRe0GRy3q60kwet+6/Tz6t1nsZyBqL -c/we5wKBgQDc0rE459diZTpxKzumgUGlutKWhqPDGO+NwMa8xaaPvn/k6bg5avx2 -8by3BSWhc/YEK7qtVcO1sDr7m9dHtqxrk8+2CC+ZI6wfc359xB9uImrbs9Jqz3VZ -+Ji2VOirgm/oZNzhpi2l7yG2atXg0PqLMkS/ft6gWyAjzy/Q8WDSjQ== +MIIEpQIBAAKCAQEApCj297dcjl+IoTkAojdCbtp4bDK4hHlEGjnw1rixoFJ8Jopm +83DO4SKYo3pLhKFSVXR6ArAKz8q/NuFAmkjFWwtAIawBAPF04Y/UXKLNC/MOHMvs +ELYj8OncDlXq5eTGjWpOqgF1Nh4n+Z0hWBntuBOdR265j0oStT+6BHwxupnJB6X/ +Tg9KaQJN2HM/jXDTG+ZzsmBpvS8nShdTiSdcjIqwt6oGQvp9689bh91pT6mlcG+m +yBZ8AKT9Zmz4PKE+d1xfsk2tydgggAnLvnCK+rDZEMGbn1c2GgPBtHbUSRxmeVAv +n2m/gBIDsOsmz60WgaqwKzsPISKh482npmtpKQIDAQABAoIBAQCOZybN/pbgvojU +apFdJpiPdx8tpNYhvNxR7983NOKJU+R0vmzOUxZzgEJu1cC63gKBNNg+ip3mYVd8 +cOxMqkHhV6IbU41PVyXwIYezkFpVOlQMsO0oFgiZjRSiru9k3A9NT2HL4hXei0xc +IW1ycpOfsgwmkiuP3E7cQdrI1z+AQVG0VKaETHg8acqrC7Dp4VGuz9t5bXjZKU2+ +GjZ/bNFfuHHeDndZ6xKb+4nVCf0HouxwGzGArMMrI0XXStoR5w6DSn35j5AaqX1a +FzEHn+VolmdAJnK9kH/1tPmLYAzlnnpF4MmiPQhaQZFCGa+Slg71fFmHdKEqnFCO +Q24S2faNAoGBANJgTZ/KDHaXCd4qjVTVp1dXhnY2SAxCBGdftRiuviF+ZwJPNx1B +vhtBYOccneMv5AZ7DhXXLRhCcEN8F/FxQd+coZWgZU7TjW+9fLgHJDvQKUUmrQmn +fanhEmdkHT4bte/uQ0+GUbi7uTxVi9b2keSWvEmYsb30IXruvABAGVsDAoGBAMfC +005AW6kBluxmS1e0uC4vMCvp9ICFRonBk+ZXrt2wCDJjfnsl3tCyP31DxWpw/P51 +PtTxAnHsYwDvIjsoCghGECfvSmzdx32zzSLZ9maf5GF95tMgYnxwQN/nG5DLEjHF +kizkXYAjt1bjEy+Ih/52x42gtzMph9BJFNvIJL1jAoGAGRvhZ+bnoefZB6kwgSWW ++Xe61rUX2E6w0926cZ25l6nMhZwKyfUkyX/+HtdtiMYYgyWAwt6RxUl4uLVA7lJE +OHorVv5z2Pqq8OE+14AStQjdRCGfmX1iJDp2xdxPGTCZgG+BnSY87r2JGEhljlyT +gSL0ihwtaqyOqmuACM+dtx0CgYEAhi6SLcABUfclX8oe1d0o0q0T2IuglyvvA92p +8VH4viTefKpkbWg00U7KYuRBGYyoBGzRNcxmbgvxPNFk1wPAKWqWs5yDC7m1pPQ/ +2Sc74heJGwutHyhjv17P1RayZ4JgyFoEJG+JdueG4bBKVOWLJBy5UqMgLBe7iOdu +QWuhci0CgYEAxYbtLUBarxuOe6B2WIGm7ovuT/R5jZVND3hBPjEDbcIZVVEzljkI +Kp4nq973guCc2qSPFvMpw4T66G2GrQ+xEoaGSTPVB3l//7w6gJki9gJQ08PzMmsc +GXI1TsTqxRY6tw3tKnyWd6n3k/gSOKw9sF4+imvkpZqZmsHKNsfEUng= -----END RSA PRIVATE KEY----- diff --git a/examples/puma/client-certs/generate.rb b/examples/puma/client-certs/generate.rb deleted file mode 100644 index 3542057e20..0000000000 --- a/examples/puma/client-certs/generate.rb +++ /dev/null @@ -1,78 +0,0 @@ -require "bundler/setup" -require "puma" -require "puma/minissl" - -case ARGV[0] - -when "s" - - app = proc {|env| - p env['puma.peercert'] - [200, {}, [ env['puma.peercert'] ]] - } - events = Puma::Events.new($stdout, $stderr) - server = Puma::Server.new(app, events) - - context = Puma::MiniSSL::Context.new - context.key = "certs/server.key" - context.cert = "certs/server.crt" - context.ca = "certs/ca.crt" - #context.verify_mode = Puma::MiniSSL::VERIFY_NONE - #context.verify_mode = Puma::MiniSSL::VERIFY_PEER - context.verify_mode = Puma::MiniSSL::VERIFY_PEER | Puma::MiniSSL::VERIFY_FAIL_IF_NO_PEER_CERT - - server.add_ssl_listener("127.0.0.1", 4000, context) - - server.run - sleep - #server.stop(true) - -when "g" - - def issue_cert(dn, key, serial, not_before, not_after, extensions, issuer, issuer_key, digest) - cert = OpenSSL::X509::Certificate.new - issuer = cert unless issuer - issuer_key = key unless issuer_key - cert.version = 2 - cert.serial = serial - cert.subject = dn - cert.issuer = issuer.subject - cert.public_key = key.public_key - cert.not_before = not_before - cert.not_after = not_after - ef = OpenSSL::X509::ExtensionFactory.new - ef.subject_certificate = cert - ef.issuer_certificate = issuer - extensions.each {|oid, value, critical| - cert.add_extension(ef.create_extension(oid, value, critical)) - } - cert.sign(issuer_key, digest) - cert - end - - @ca_key = OpenSSL::PKey::RSA.generate(2048) - @svr_key = OpenSSL::PKey::RSA.generate(2048) - @cli_key = OpenSSL::PKey::RSA.generate(2048) - @ca = OpenSSL::X509::Name.parse("/DC=net/DC=client-cbhq/CN=CA") - @svr = OpenSSL::X509::Name.parse("/DC=net/DC=client-cbhq/CN=localhost") - @cli = OpenSSL::X509::Name.parse("/DC=net/DC=client-cbhq/CN=localhost") - now = Time.at(Time.now.to_i) - ca_exts = [ - ["basicConstraints","CA:TRUE",true], - ["keyUsage","cRLSign,keyCertSign",true], - ] - ee_exts = [ - #["keyUsage","keyEncipherment,digitalSignature",true], - ["keyUsage","keyEncipherment,dataEncipherment,digitalSignature",true], - ] - @ca_cert = issue_cert(@ca, @ca_key, 1, now, now+3600_000, ca_exts, nil, nil, OpenSSL::Digest::SHA1.new) - @svr_cert = issue_cert(@svr, @svr_key, 2, now, now+1800_000, ee_exts, @ca_cert, @ca_key, OpenSSL::Digest::SHA1.new) - @cli_cert = issue_cert(@cli, @cli_key, 3, now, now+1800_000, ee_exts, @ca_cert, @ca_key, OpenSSL::Digest::SHA1.new) - - File.open("ca.crt","wb") {|f| f.print @ca_cert.to_pem } - File.open("ca.key","wb") {|f| f.print @ca_key.to_pem } - File.open("server.crt","wb") {|f| f.print @svr_cert.to_pem } - File.open("server.key","wb") {|f| f.print @svr_key.to_pem } - File.open("client1.crt","wb") {|f| f.print @cli_cert.to_pem } - File.open("client1.key","wb") {|f| f.print @cli_key.to_pem } -end diff --git a/examples/puma/client-certs/generate_client_test.rb b/examples/puma/client-certs/generate_client_test.rb new file mode 100644 index 0000000000..0671546b75 --- /dev/null +++ b/examples/puma/client-certs/generate_client_test.rb @@ -0,0 +1,133 @@ +# frozen_string_literal: false + +=begin +run code to generate all certs +certs before date will be the first of the current month +expire in four years + +JRuby: +see https://github.com/puma/puma/commit/4ae0de4f4cc +after running this Ruby code, delete keystore.jks and server.p12, then +cd examples/puma/client-certs +openssl pkcs12 -chain -CAfile ./ca.crt -export -password pass:jruby_puma -inkey server.key -in server.crt -name server -out server.p12 +keytool -importkeystore -srckeystore server.p12 -srcstoretype pkcs12 -srcstorepass jruby_puma -destkeystore keystore.jks -deststoretype JKS -storepass jruby_puma +keytool -importcert -alias ca -noprompt -trustcacerts -file ca.crt -keystore keystore.jks -storepass jruby_puma +=end + +require "openssl" + +module Generate + + KEY_LEN = 2048 + SIGN_ALGORITHM = OpenSSL::Digest::SHA256 + + CA_EXTS = [ + ["basicConstraints","CA:TRUE",true], + ["keyUsage","cRLSign,keyCertSign",true], + ] + EE_EXTS = [ + #["keyUsage","keyEncipherment,digitalSignature",true], + ["keyUsage","keyEncipherment,dataEncipherment,digitalSignature",true], + ] + + class << self + def run + set_dates + output_info + setup_issue + write_files + end + + private + + def setup_issue + ca = OpenSSL::X509::Name.parse "/DC=net/DC=puma/CN=CA" + ca_u = OpenSSL::X509::Name.parse "/DC=net/DC=puma/CN=CAU" + svr = OpenSSL::X509::Name.parse "/DC=net/DC=puma/CN=localhost" + cli = OpenSSL::X509::Name.parse "/DC=net/DC=puma/CN=localhost" + cli_u = OpenSSL::X509::Name.parse "/DC=net/DC=puma/CN=localhost" + + [:@ca_key, :@svr_key, :@cli_key, :@ca_key_u, :@cli_key_u].each do |k| + instance_variable_set k, OpenSSL::PKey::RSA.generate(KEY_LEN) + end + + @ca_cert = issue_cert ca , @ca_key , 3, @before, @after, CA_EXTS, nil , nil , SIGN_ALGORITHM.new + @svr_cert = issue_cert svr, @svr_key, 7, @before, @after, EE_EXTS, @ca_cert, @ca_key, SIGN_ALGORITHM.new + @cli_cert = issue_cert cli, @cli_key, 11, @before, @after, EE_EXTS, @ca_cert, @ca_key, SIGN_ALGORITHM.new + + # unknown certs + @ca_cert_u = issue_cert ca_u , @ca_key_u , 17, @before, @after, CA_EXTS, nil , nil , SIGN_ALGORITHM.new + @cli_cert_u = issue_cert cli_u, @cli_key_u, 19, @before, @after, EE_EXTS, @ca_cert_u, @ca_key_u, SIGN_ALGORITHM.new + + # expired cert is identical to client cert with different dates + @cli_cert_exp = issue_cert cli, @cli_key, 23, @b_exp, @a_exp, EE_EXTS, @ca_cert, @ca_key, SIGN_ALGORITHM.new + end + + def issue_cert(dn, key, serial, not_before, not_after, extensions, issuer, issuer_key, digest) + cert = OpenSSL::X509::Certificate.new + issuer = cert unless issuer + issuer_key = key unless issuer_key + cert.version = 2 + cert.serial = serial + cert.subject = dn + cert.issuer = issuer.subject + cert.public_key = key.public_key + cert.not_before = not_before + cert.not_after = not_after + ef = OpenSSL::X509::ExtensionFactory.new + ef.subject_certificate = cert + ef.issuer_certificate = issuer + extensions.each {|oid, value, critical| + cert.add_extension(ef.create_extension(oid, value, critical)) + } + cert.sign(issuer_key, digest) + cert + end + + def write_files + Dir.chdir __dir__ do + File.write "ca.crt" , @ca_cert.to_pem , mode: 'wb' + File.write "ca.key" , @ca_key.to_pem , mode: 'wb' + File.write "server.crt", @svr_cert.to_pem, mode: 'wb' + File.write "server.key", @svr_key.to_pem , mode: 'wb' + File.write "client.crt", @cli_cert.to_pem, mode: 'wb' + File.write "client.key", @cli_key.to_pem , mode: 'wb' + + File.write "unknown_ca.crt", @ca_cert_u.to_pem, mode: 'wb' + File.write "unknown_ca.key", @ca_key_u.to_pem , mode: 'wb' + + File.write "client_unknown.crt", @cli_cert_u.to_pem, mode: 'wb' + File.write "client_unknown.key", @cli_key_u.to_pem , mode: 'wb' + + File.write "client_expired.crt", @cli_cert_exp.to_pem, mode: 'wb' + File.write "client_expired.key", @cli_key.to_pem , mode: 'wb' + end + end + + def set_dates + now = Time.now.utc + mo = now.month + yr = now.year + zone = '+00:00' + + @before = Time.new yr , mo, 1, 0, 0, 0, zone + @after = Time.new yr+4, mo, 1, 0, 0, 0, zone + + @b_exp = Time.new yr-1, mo, 1, 0, 0, 0, zone + @a_exp = Time.new yr , mo, 1, 0, 0, 0, zone + end + + def output_info + puts "" + puts " Key length: #{KEY_LEN}" + puts "sign_algorithm: #{SIGN_ALGORITHM}" + puts "" + puts "Normal cert dates: #{@before} to #{@after}" + puts "" + puts "Expired cert dates: #{@b_exp} to #{@a_exp}" + puts "" + end + end +end + +Generate.run diff --git a/examples/puma/client-certs/run_server_with_certs.rb b/examples/puma/client-certs/run_server_with_certs.rb new file mode 100644 index 0000000000..6df57b678e --- /dev/null +++ b/examples/puma/client-certs/run_server_with_certs.rb @@ -0,0 +1,26 @@ +require "bundler/setup" +require "puma" +require "puma/detect" +require "puma/puma_http11" +require "puma/minissl" + +app = proc {|env| + p env['puma.peercert'] + [200, {}, [ env['puma.peercert'] ]] +} +events = Puma::Events.new($stdout, $stderr) +server = Puma::Server.new(app, events) + +context = Puma::MiniSSL::Context.new +context.key = "certs/server.key" +context.cert = "certs/server.crt" +context.ca = "certs/ca.crt" +#context.verify_mode = Puma::MiniSSL::VERIFY_NONE +#context.verify_mode = Puma::MiniSSL::VERIFY_PEER +context.verify_mode = Puma::MiniSSL::VERIFY_PEER | Puma::MiniSSL::VERIFY_FAIL_IF_NO_PEER_CERT + +server.add_ssl_listener("127.0.0.1", 4000, context) + +server.run +sleep +#server.stop(true) diff --git a/examples/puma/client-certs/server.crt b/examples/puma/client-certs/server.crt index 7fb2f9b8f3..5c3c334edd 100644 --- a/examples/puma/client-certs/server.crt +++ b/examples/puma/client-certs/server.crt @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- -MIIDBjCCAe6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA4MRMwEQYKCZImiZPyLGQB -GRYDbmV0MRQwEgYKCZImiZPyLGQBGRYEcHVtYTELMAkGA1UEAwwCY2EwIBcNMTQw -MjAyMjAwODI3WhgPMjExNTAxMDkyMDA4MjdaMD8xEzARBgoJkiaJk/IsZAEZFgNu -ZXQxFDASBgoJkiaJk/IsZAEZFgRwdW1hMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK2ioejidqPJzhGgYh9Nc/CD8g -n/vFqchULvmG796R01Rx0Xk5v7OgWs4GMhvJ8o4soCxTmACyPStdemDlocdzZf2d -yfv1alVVfBBwqSsiekiB7IiSvpyg5t3h8XqWJcKtP00tPEYmAkVuMbVSxQPrsEi5 -47kxu7zyiV0RavaZbODgxkupSjEr0DHa1h7pkip53ekz/rnoceVcvSnCdOahUVj6 -ZwMkOQtay/b6746ttbfQh1ygbqTbV/lcV9erldlDkqKG0gQ6gxaBcbIiom1p+ohu -CcoTDGZu431KOU6ZygbGxaIEZY9Zbyg9Dp+o6Zyyd7UTY/0JcCWUq7O/XaN5AgMB -AAGjEjAQMA4GA1UdDwEB/wQEAwIEsDANBgkqhkiG9w0BAQUFAAOCAQEAIfMqanJJ -aVD6XuS3aj0I31L4RiPSfKhkPiuO+lqBGzZhUEKwnEqVWLosFF1SK8Inbu1c1uyP -zRb0tB4nSO01L8Oc5kTfuN9lr3nNaWDpGksa/S5e9WndQk95XF3FLt7FJii8wWnM -9xGW27lurskbpuZc1M7IkD5W90y2fF19qB8fY8B2RGovPJEsDKSZ7pwSozijGR4Q -2iIY4Lk9/vYxEYMRixE2+exYiKTNfaPt+CgxHxXksn0LvbYYQTxUmDgvSxXdrnCc -4Kb1BbxOmB8XF17aJuRdUJxDxlnQK5LpoUWGfW7jFPbfX4d3nzpxjPaxvr3peRQV -DNtRoD9mFvocbQ== +MIIDBDCCAeygAwIBAgIBBzANBgkqhkiG9w0BAQsFADA4MRMwEQYKCZImiZPyLGQB +GRYDbmV0MRQwEgYKCZImiZPyLGQBGRYEcHVtYTELMAkGA1UEAwwCQ0EwHhcNMjAw +ODAxMDAwMDAwWhcNMjQwODAxMDAwMDAwWjA/MRMwEQYKCZImiZPyLGQBGRYDbmV0 +MRQwEgYKCZImiZPyLGQBGRYEcHVtYTESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXOg3gTrGJfVft9cSrfGRnEZezDB +L93fcLwJAoaXGxbEg1RW/fOrSpSNemuqOvbzczV7m5eYTf1lHPBJsndbYyijIR1+ +Fp4tjFDp76SC3hxCIc3uYXIz0qQwSOAi1z15zobS4xF29jlsXWtfBl9fivjzdj/f +pbZ+JPYOrlcJAf6Xmr3xh//13rOI0ytBMlWf51z/iAZBLm2wvbt+nR7B6koAdTgM +Coe+gOtcLWYY5ApJ4qB9knGdxWoF5p7guHHw2aGTM0jyhgBowfVkFRiE2JUmODae +g+dHsd8ogWbqhGyZTredJF/NRrLKU0h+t7ldKHvXEZy4qyqQlvKoTpODqQIDAQAB +oxIwEDAOBgNVHQ8BAf8EBAMCBLAwDQYJKoZIhvcNAQELBQADggEBAI/bcQP4Hu9O +OtaaIjVxN8+9jXUOrMpSogmZ4bRKImispt9SA+sbxec7iOMM2pG3Py2yi0hWGzii +hSebWIsM1JuPj7ks9l8nGRxpGeInJwTkJorG4ZLEypoS2wW3fQZGx3o4da5V+U2Z +HEY0wQTbPBqqnyeZ16ZFNVCzw8y9l7y7CEFjvUO3sq0pne9r7Z+XVgjGyBdBYkJS +0kcqPBXFCMHrWH5UlacYlM5cqgoVztOp2STGmR3XR7a34oueeA10QSP+jzeYvWA1 +wTYA762uU2ReCdujfNbf8V1tZWAH36KldM3hhDNWeveAGxxj1h2R9T/k2kHl/a7D +I3VdS59vjJY= -----END CERTIFICATE----- diff --git a/examples/puma/client-certs/server.key b/examples/puma/client-certs/server.key index c1c031430b..75a358ff5c 100644 --- a/examples/puma/client-certs/server.key +++ b/examples/puma/client-certs/server.key @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAytoqHo4najyc4RoGIfTXPwg/IJ/7xanIVC75hu/ekdNUcdF5 -Ob+zoFrOBjIbyfKOLKAsU5gAsj0rXXpg5aHHc2X9ncn79WpVVXwQcKkrInpIgeyI -kr6coObd4fF6liXCrT9NLTxGJgJFbjG1UsUD67BIueO5Mbu88oldEWr2mWzg4MZL -qUoxK9Ax2tYe6ZIqed3pM/656HHlXL0pwnTmoVFY+mcDJDkLWsv2+u+OrbW30Idc -oG6k21f5XFfXq5XZQ5KihtIEOoMWgXGyIqJtafqIbgnKEwxmbuN9SjlOmcoGxsWi -BGWPWW8oPQ6fqOmcsne1E2P9CXAllKuzv12jeQIDAQABAoIBABBL4JBd2TrGrc/D -uHRn6BbvQasMTzy8/BQPRgqaIKZUdPdD3dpO1U5vnReQVP0vWE6re4QntP6cvWwg -FcK88XoK2oofnPdFWJ+qfOOgI4/8hPCzIPGxEII4qeCp9rAzTmV+rWOR8QzCp/NH -WQrSOxNnMSCF8+3T6EUP1gM9NZxzpycvoa3Xk4QduPdSN9+ifLOohvRwq0PsP8z5 -6tPIxEyHTmUjJhDh0en2fXFs6ncxvzQJ+p8R3cSaACDDmAR3uuKgpinC7zLKRyIB -rqThVMOO+yxMYNNZ+JIJbuaAAAQy1znPfPsy8syFEvOBhZXJNLEpTqr7n4kHvxpW -MI8ukTUCgYEA6zCSMEb9lH/z/qgJPYbZcUuT/M9/EJdiDlazfYrzAHsmwL/FRXjc -vAJCeayy3A/oMBWJ+tQrRCPb0e/LU2kqLJRWENKN7uTAHGntDJOtM94ZWDLcAySv -zo6usr7BhLmP8ySVojjbWoWI4+SHONYcxsk1v5O7f0ZbzMoDoQPPcl8CgYEA3M0Y -l8mDcPlm90r0/CKq5egpzWvb6dvz5Sly83bJIK1CnjyZUbmQZSO2fp9fFFffZ3SG -tbgDJ5xQ5Ie+H2mTCsCqkIRqi8tCnbHCXcN40N3SXxcS4e4UcMhVCAHrGODqHrAb -if8uTxwozxZtYklaZwhszdtY0lWRG2BzILfOKScCgYBOjyvVqnDboJ3cyz5C6f9J -48fr41d7MEXVqkpMPhSLbZd1PNllKkj5F/wibnhUH5AcN6WePi6xlRTBHEsbcn5e -47GX7uzwBkLReuRulgl90MtAdcSd3CxJX8mk9Sjo757QxcChrkI/C2m9TcGJT6PP -Fri4ZF111wek8TmjGAW8GwKBgDhuuvBgcpW3SJe/sqmWerNUCQsVnBlDPCy/0T9k -hrcxUSt8NXtrv/n5jLUEKpracqDQaXWcWEIRc6NVBkSlCQ3gfDd/gHPGOXpwakro -oMJRT2k6TnssDFFfAkyPoPS012GMhR1Z+Q4DFnMHOmG6eb6HqrdabnMjp3ilyAb+ -s1RVAoGAQCGfhL3j9ShiTlpbOcL6CdERk4Jzw7mD4g6gVvyKLJWwACl5Y7YgVcfU -Bsm9c3GM2OkAAHDlYd8oBvaWArI5eN93zLgD4uU/Bm08SKpQqOOghqrFQy3B9Ngr -eEgVYYvmHikJfcUzOYfotRdH4APGt8EAL2007oyox7Yucv5pzNA= +MIIEpQIBAAKCAQEAvXOg3gTrGJfVft9cSrfGRnEZezDBL93fcLwJAoaXGxbEg1RW +/fOrSpSNemuqOvbzczV7m5eYTf1lHPBJsndbYyijIR1+Fp4tjFDp76SC3hxCIc3u +YXIz0qQwSOAi1z15zobS4xF29jlsXWtfBl9fivjzdj/fpbZ+JPYOrlcJAf6Xmr3x +h//13rOI0ytBMlWf51z/iAZBLm2wvbt+nR7B6koAdTgMCoe+gOtcLWYY5ApJ4qB9 +knGdxWoF5p7guHHw2aGTM0jyhgBowfVkFRiE2JUmODaeg+dHsd8ogWbqhGyZTred +JF/NRrLKU0h+t7ldKHvXEZy4qyqQlvKoTpODqQIDAQABAoIBAQCCtt8NkNMs2sYB +jdc97mKtg6eTKeaBQlLCk9qblYV4uVLJUk3bVl6fTLP4/YQsvurmWMZ6ajQ5y1YS +i3At5NB3MDitxo2SyXyfzcw6/oUU/uZaMJ4DOiqrcYGnJo6jd9UtPDURWqF77c7o +/gZIfVGMr4w70IJc8fdDRUqH26Fpb7Gp0+RNUXtM9tSovkX/yICje7Hp4IIiJJ0t +KGepdHfddshR4OIALh0k3jC9zfbYfSdIKZuGBf7bmjJTByLavjcG6HFLyt7aZBt3 +136hXAOvMO780WW2vQ8xAYkd+8bf4db4fjUpw3NWJ5wVdQhI9jhkAc9LhhxiDVoI +g9IyaSUBAoGBAObajQ24JlNg11ZZffPZwmvMlMDyZ8pZ5dk/Up9nOvCp1J2+7ef/ +6wjkOhrSyIPpvJCmftOn0c9IkV7tk5673Kjmly33QiIwiEeEG3lNN6GytiXIGqFV +ScPGznO/rNeKUsMFu3SXZNYs7aYqr9OCadwATuh+IzTQAx3T3prno4F5AoGBANIW +kJRF2Pl4yWc7MRjF+WnGfhJHv7VOcLlmFD1fa/IIM9xuBRgikiBWHtFwLoXknsY8 +y2VqNrPEkjCp+qLpXLC8l3dzpNU33Z42h/tUfoTmgSgDUQXGggjzbcS8cf+1D55z +KuPazKAndyiuhIENk1gE+5RKdNyjYP2sI4+L5jexAoGBANxx2rw9GywHj9n/P006 +pnO2Ol49nGsYiWp5E3bwZtIl+shf6GLgeRpWhj3TBnMhIlWnB/kpiiq8i0Tw7URo +9H+9IqRcNqTbX2ebeXjOCc+5DkLp4LQq83OmRsM1R+HTTtC4ipb9cucqpA1HOftp +z5isGq3ctdXaxP8YsLuPcw1RAoGAXZx0W70ryy2JAJidbd55Hiq17ktOHumOzO2x +Qw+Lt9Lz2NqlJnXxCruVC9miwUJ3hPl93/iN21hRk6GJ7qFxDcda7nz3C5LTCzZd +LR4fKfTTxBKGPb6QHpDpbmpRmZECHqZOjCzoVMyBCf2JST/VUbkWqKLso4uhIidb +yRCbSmECgYEAp+IuwpnMxVPxP52/xPFVcAxH2pDfmn5TJLJCNuKEUAS9ncZuz7rh +jJxtbC4AoGsS0+TdxnlMBvBpZE3QddQmjvey77yu/OvRUX2m/J/d+I2duTaHGR9Z +9VMxtlFY+DbDkJI2HVVxu5XfLKMJSEsMza8K64Ntx3XY3dJLCHrR1EY= -----END RSA PRIVATE KEY----- diff --git a/examples/puma/client-certs/unknown_ca.crt b/examples/puma/client-certs/unknown_ca.crt index 43f25188d3..419487f839 100644 --- a/examples/puma/client-certs/unknown_ca.crt +++ b/examples/puma/client-certs/unknown_ca.crt @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- -MIIDIDCCAgigAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMRMwEQYKCZImiZPyLGQB -GRYDbmV0MRQwEgYKCZImiZPyLGQBGRYEcHVtYTETMBEGA1UEAwwKY2EtdW5rbm93 -bjAgFw0xNDAyMDIyMDA4MjdaGA8yMTE1MDEwOTIwMDgyN1owQDETMBEGCgmSJomT -8ixkARkWA25ldDEUMBIGCgmSJomT8ixkARkWBHB1bWExEzARBgNVBAMMCmNhLXVu -a25vd24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlvCM8F2q9vE7d -PMgao53q0U3MIJgNMOw4eZGDfxZrbGM3x5Zws3/7jzngE8BFc/Y+RhC73T/dN6E9 -ZT2jfwlRRSUxx8Pq2OUMA9Pb8fj8TAoLGwC6txKaqy/UqKqhVGjQ3FUS3cXBzR85 -PGN9mhIB72+ftcWzw0KSNb+pYG8tg+1p6Nb+UlSrjS9/Z0KM8zKnteMG75qhtKnC -rtD6RBiqp98c5r/JJ+LANODaCjtVj5SJTVd/MyshvrNlfYPlMgt+/tU8qSlKzwMa -HcN7KA+oT0blOojaUNJMjgqwCI8QeTP1/DEDfvJvTtzPkaz/ctrmbHzQvLS8Lh6f -KVv32cg9AgMBAAGjIzAhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG -MA0GCSqGSIb3DQEBBQUAA4IBAQCpp/LR62GvtZVrscMVKMfHtlotU67g1nP+FESE -7nJ5Av4rhaxRFHkF1YdQINyB6mL4fHzDu1g4aLdZmTRjOZcYw6Y2xrJZ/X1lIg29 -7X4s5AlyHJUstWJnk/FrycPBJqZ75b5SJOayaMiAW+fEsQM2wETISkLitQyVlU3V -CtITVjcvgrnsFmnN/qi75EnxxkohZFZGtC2f/NZufYmbpB2FHMt9hhddG7nMawGK -dnpbEAiDiQO757Td3vSfAQN6ahopwe2YbrgirrwMQpScoy5pKdbrhMXTLCuwXZmj -KR6n2WyS0IzminNy1M4FeB4Pq82VH4rFPwl+t6PWjSHaF87V +MIIDEDCCAfigAwIBAgIBETANBgkqhkiG9w0BAQsFADA5MRMwEQYKCZImiZPyLGQB +GRYDbmV0MRQwEgYKCZImiZPyLGQBGRYEcHVtYTEMMAoGA1UEAwwDQ0FVMB4XDTIw +MDgwMTAwMDAwMFoXDTI0MDgwMTAwMDAwMFowOTETMBEGCgmSJomT8ixkARkWA25l +dDEUMBIGCgmSJomT8ixkARkWBHB1bWExDDAKBgNVBAMMA0NBVTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJXBTI7itz3JCkNRpR3Jdas/HK2+WLoy3cck +taH0OUHPxSEDteNCRlwR07cEWThl6QMQROHEJLCVPIjCLXmu2uwJ6SjPb7keRXJb +mOHWo0ZXyc0xnLIv8anWXFAlMconvtpSoYgyNUFwYQdhWTv3I9HrdqCrez70+DXy +q3gsTgvixwUIUm+/kWs6zfIHCtwiAusM2Xjrc9Aa/+5JTa3rsdXUXxyrakoKr2ED +0BrhWRmopM+xf7V42dNpwuFnrtqDfmyPKtzZbv5J8w6oq7BGC2+CL7MYo1fnonWP +kxRZCYzp/qtkhotHHypnpZuQh2puOwnisGykA8rSX/hltCklx5ECAwEAAaMjMCEw +DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQAD +ggEBAFH23fStJpmaYUwqIhuWfId4a75eJvp5zpedU4e9Adl+a87u+iNrppa34fPs +Ni1XhrGYbh4gTSRmy39R1JW3O5LUDJ6LlDkZOgduiMyLvVksmD70MPuyaBrPmIWE +mauOzk3TtvKI4+wBEzLAdYUhliAtMyRJaUN5Bbe+q3P9tL7Hsh9uKusJ5jyMetI7 +8lLZqKHvE4MDV3AqS6OLLlTC1WdTKR9fqdHYwyh8+DFMBm7PuZjFP9tjDiQwhfEX +zbj9J8ba94BA8jmh3Z8a/S0rzcF33KPn+DWyrnyLWWSWKTLHN9TpVHRlhQ4OEOYZ +LVu0+VBx8eIwdLZplDfQ9sGUjCs= -----END CERTIFICATE----- diff --git a/examples/puma/client-certs/unknown_ca.key b/examples/puma/client-certs/unknown_ca.key index 50f0b3336f..d9e3a62037 100644 --- a/examples/puma/client-certs/unknown_ca.key +++ b/examples/puma/client-certs/unknown_ca.key @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA5bwjPBdqvbxO3TzIGqOd6tFNzCCYDTDsOHmRg38Wa2xjN8eW -cLN/+4854BPARXP2PkYQu90/3TehPWU9o38JUUUlMcfD6tjlDAPT2/H4/EwKCxsA -urcSmqsv1KiqoVRo0NxVEt3Fwc0fOTxjfZoSAe9vn7XFs8NCkjW/qWBvLYPtaejW -/lJUq40vf2dCjPMyp7XjBu+aobSpwq7Q+kQYqqffHOa/ySfiwDTg2go7VY+UiU1X -fzMrIb6zZX2D5TILfv7VPKkpSs8DGh3DeygPqE9G5TqI2lDSTI4KsAiPEHkz9fwx -A37yb07cz5Gs/3La5mx80Ly0vC4enylb99nIPQIDAQABAoIBAQCbxT6K30HkFsvO -nQj9bxWDg5nhn/QZdaOmA2AULlbwTdTUnIM4Na3Az3OpqRrEvQUpYm60Qyergq3U -qFHsCxYxQdYfc9k24wwjYnEDgIWX5KMmto9/CuUVdJ+A7UCNFWPgwpT4ruEJMGFM -eNLo9k/heg1Q2HqOEgaQhttHKHkZ/UJaR6XXeucBfJtXSIWf42omeDRNhlwsQ+LY -WbTv3XmiFbu1Bhkk67xlpyuGEL1g9Auz9P2z+2Q2LV66kNhfInIFtUYFeNpkjgUJ -TtDRU7UBOm+YPMjDfjVUzPbzvCVAtxG4t0ZSJJcQF3N4+HfpoL1c33CCqYwkh1KI -xJi1CgjtAoGBAPR3u8OovMmSJ6tdee0WyTahYmK6VOtmSm4IJf1t/wUvf/u6X/Q6 -U06TxUAiAs8rMwvvtgPeLYxtaEKO0PSD0rHNL1MHnBwYAmLvAFyCc5tuuyb3ZIyg -1oAz/hW5bYgAL32nmDrlwq0W+KU478SRWWYZA2raO3Ha08I1YVbgkSHPAoGBAPCS -fIexjEPxeyZJe4+iKQcmWW42HA9rWIpu/9FDZxvn+PpWhBwMzlxjTlQS2V3nMSHp -Jtzyj+Y2R1SO8OQoqZ6s7G+cv8Ni+FqOidcUPUH6aDc2A0ihb0FANp4FQsrv7riP -W12mWfniTxZri+nKAwpXjEjko8yi05go3y0dTjQzAoGAJq+n6/+Q2Ikjc+/X8pfv -gZCqZBs+gv3t+1mYwXEdsTFiHHDS7HAqbL3fshVvwl8AtfvaHuSS6q0JmbbGBFu0 -BOUGfyouHxgBkKxnrzwJlWhBf5oYtFRjfWg85i0w0xvMaCMUaQWg+AkxkdvfvYiO -0CRXMRqV25+YcRxHahshfGsCgYEAus9Vql1B6YS8N4f6ThgDOg0ahw23jnWyJJV7 -SznG+JGS8np6TfnXyUBIE9srNdMQgR+20P3+piriCxSQlOvKg3AOjcEv2/6fklp7 -SSvrQa+8e5sSw7SwWwANKXo2WrYkLucLcNZ7qiKFfYh39kyrPb2sLvJ1C7QpEVAz -tam7D6cCgYBdqh+SlwryiX351eh+tLOlysAPJ1cb3JotnZY1WYKfR9r5PlJsisut -dcjOOaz5/Uo/UlVKOjOxxUuB8FIIJGPvx6lo0hq8ornS0CdqhDspUx4aAD0iZ6+y -iccYnG0CLW3HpS4B1B7a8ktXW59m+tT9Fl+usOmwdPNIzcdAMqff+A== +MIIEowIBAAKCAQEAlcFMjuK3PckKQ1GlHcl1qz8crb5YujLdxyS1ofQ5Qc/FIQO1 +40JGXBHTtwRZOGXpAxBE4cQksJU8iMItea7a7AnpKM9vuR5FcluY4dajRlfJzTGc +si/xqdZcUCUxyie+2lKhiDI1QXBhB2FZO/cj0et2oKt7PvT4NfKreCxOC+LHBQhS +b7+RazrN8gcK3CIC6wzZeOtz0Br/7klNreux1dRfHKtqSgqvYQPQGuFZGaikz7F/ +tXjZ02nC4Weu2oN+bI8q3Nlu/knzDqirsEYLb4IvsxijV+eidY+TFFkJjOn+q2SG +i0cfKmelm5CHam47CeKwbKQDytJf+GW0KSXHkQIDAQABAoIBAAHmslIeDrV6F+dC +4hW+uP+zjWmnQPkcLDSbArNLpm5vdNE2etinvrzsfQOVyowsvwiK7FTxaIXVXy9d +R7aDwcO9XHhoKcLv33HUN9ymHOyHsMgqGRMqCKdfUUyzLC6k0odzBRn1iTeLda/i +TH+2Y34GvzrK8oWaFoyYyBR+e38rHOMBF5gmQSkwHZ+8qOsHuI7ajukLioRXLElq +ivrOdeaiNmTfofXiDakZm5/SKJ2pXbzQkeibqLkTXeU/p3ltjVrg0GbgF1l5SjmK +OyFUeTRjmA8KAFpPri2WggZ6rW9N58u7iF1+hIxRua42lHQ3UXvza41cLX0IjxkT +dL0e5QECgYEAxC7kswPej/Omo8T0hZtWHAB6eyas43VzCyypdrDKyfKJGbVWBC61 +YsOI7L2K1biKsx7gyidOVlNdp3ycmgyyBuH4vn8UhEzOpLLnEw1HX9KDfKQL9yjG +f7GYUiHIOE1ah0X45PMpuk/FI0JvFdQCG3MKe7ypM7h2QV2wSM43n3cCgYEAw2p0 +Dc8AmkEIOP2ZtB4jadD/XTZpxotd6rqZkGt0YWW4fkzdJGjeDhs+W4pT6tG85fFW +Bmxz80YsbG9ktHiUTZAS89ixxUnmecudsp4xlTGsGaIboQLPwST8S7iA2AXq0fgW +rZX/OiKM+IVbszBWrVpCNHKGPnfiO6PE3GiU4zcCgYBZXTcGKIQQNJ+6x/POjIS7 ++qfQQzzL2+tMssp662tkdFtpX4XQH+q2E3XiyTBdzFM55p3k1+TCQ/VMXuIC9jd+ +FR82vzJ8VXRn56qEri7OAlmsxBlDO8q3zhEhkIvgwbO0HPaUbAOc/8tAFXn+inVv +RYcH+Fdm3ObZPbEYaP9DXwKBgF14JqiQMbaWkotH6eP4YnHzsKFyLGf2M2bZ+CfW +7eTEVdm7hC8tJcFTkKESag8wYQ0PQVlzOIbNMuRu55lW74CmABq4tFcsgNwS44wT +FJ5LEwlzu4lpIdw9h5vkVWR+eBIUeyxuSZUR/6HDj9gGr/7c5DvX55QrnX9vVvMh +5s1DAoGBAICs0BjCHmAOcEXIHzt3gTju6oj2sQ/Fob03XsEKcfR6Ci32sBQekdqA +rpkNiJKzrHjo79nDDcioXGvDD5Duv0fTxFmYME2lTm6nvKS8QF4b+K8C/UKzhpmt +zAvwVTOtLnMpHNcKvadSPKFMWNl8M12oi8ELGGPouuh24zX4eyAe -----END RSA PRIVATE KEY----- diff --git a/examples/puma/generate_server_test.rb b/examples/puma/generate_server_test.rb new file mode 100644 index 0000000000..086b5a778a --- /dev/null +++ b/examples/puma/generate_server_test.rb @@ -0,0 +1,56 @@ +# frozen_string_literal: true + +=begin +regenerates cert_puma.pem and puma_keypair.pem +dates, key length & sign_algorithm are changed + +JRuby: +after running this file, delete server.p12 and keystore.jks, then (I think) +cd examples/puma +openssl pkcs12 -export -password pass:jruby_puma -inkey puma_keypair.pem -in cert_puma.pem -name puma -out server.p12 +keytool -importkeystore -srckeystore server.p12 -srcstoretype pkcs12 -srcstorepass jruby_puma -destkeystore keystore.jks -deststoretype JKS -storepass jruby_puma +=end + +require 'openssl' + +module Generate + + KEY_LEN = 2048 + SIGN_ALGORITHM = OpenSSL::Digest::SHA256 + + FNC = 'cert_puma.pem' + FNK = 'puma_keypair.pem' + + class << self + + def run + ca_key = OpenSSL::PKey::RSA.new KEY_LEN + key = OpenSSL::PKey::RSA.new KEY_LEN + + raw = File.read File.join(__dir__, FNC), mode: 'rb' + + cert = OpenSSL::X509::Certificate.new raw + puts "\nOld:", cert.to_text, "" + + now = Time.now.utc + mo = now.month + yr = now.year + zone = '+00:00' + + cert.not_before = Time.new yr , mo, 1, 0, 0, 0, zone + cert.not_after = Time.new yr+4, mo, 1, 0, 0, 0, zone + cert.public_key = key.public_key + cert.sign ca_key, SIGN_ALGORITHM.new + puts "New:", cert.to_text, "" + + Dir.chdir __dir__ do + File.write FNC, cert.to_pem, mode: 'wb' + File.write FNK, key.to_pem , mode: 'wb' + end + rescue => e + puts "error: #{e.message}" + end + end +end + +Generate.run diff --git a/examples/puma/puma_keypair.pem b/examples/puma/puma_keypair.pem index 94cdcbcba3..c8057c8f17 100644 --- a/examples/puma/puma_keypair.pem +++ b/examples/puma/puma_keypair.pem @@ -1,15 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQCvF80yn6D+kqGwMSQHcpHUwCRt+c39Qoy99fCWdenPthfUscec -y62Ij8+rKYCnoE9y766a5baowdDKqq3IBOZn2Ove3zfueGbHAbWehFopG2xySf0U -PjdmWk+DRDlCeFLig6xfAnOKWo+N0MViso3dNK8gYzb6FWqlWgZgAcMpswIDAQAB -AoGAHv/UyZivdULas4oPue3T2dnm2T239ZXZuywW21ym96pij7ql/6Gj6KClgMVJ -TOQ6DLxYqn3vF/OwlqEfQWF0tTUYY+xNbEDE1YsbrS5/FSzbaEYYOHzRl/vMmnsf -aNgYaSjOIecin7L71Wzq0piMIxg8BLb6IVECBku9EQNzxuECQQDZsbRgg1XZGj+r -XAu/qXTNKQ/r7k+iPN5bXON6ApBomG+4Q7VVITL3tkGzLOphRZ37Q28FrN4B4gtC -Xb9il5lDAkEAzecTSopPi2VdcME4WWmwn1rbTp/jJNt4dGZLsNfj9RejVDd32i/L -P7wCpoPDaaVcoF2HgvCs39qatyVg6ecu0QJBALN4q+q9nDMGTuNpWU5D2EWjyrqJ -mCF66R6NcASQxJlWwxQ4zfBHFIvgOD4Nk5VqHZqet5MIN2d6AipOu4/+x50CQHDp -jf+rd1GHBcXGf8MwnUXWCjvEnEhi/lw+mLVivsRx8QRG4rfIy9monX949Flj8DaU -87IPj422kG9s1QeP2nECQQCkg+RUcoQm7SiM8OXuXNeHQlvQNp65geFRxzKAXxT/ -+1Mbtwnd3AXXZBekFDDpE9U3ZQjahoe7oc1oUBuw5hXL +MIIEpAIBAAKCAQEAv2lrSC+U13CB7+5pk0TmFPIEsfd5DN124ZxiOhLLoBWBpvwz +yzk7tE8wQM5FXrFG4Z82BEjjQqTHgTzDmJwdKn1a6awSLkWsohwhe22q4t1wGRQS +r03+Y9VkCWDkmvkh4/NZp8zSBN0qVHUs39QdxVowda3j8rPaNr3CVSFoqXLv5QbU +l0eFDXKsBVVRMs31hPxVOTJoHXX4rSYql28dzIW4HjIFy8J3iIZIip/vCOUQhGnw +9r0Lq1HyACUKLgA+XOaeBih3fBtcCESmyO9JcJYJ14coP/ACAHPVpsDjI2dIiFvg +oUWQYyf4XvhmN4Jk3bzuXP/XyBAufTrcRdUogQIDAQABAoIBAQC3fm3UE5kSNs65 +ncoj3cbbiW8q1Fx9EslmWq5nkaEW48cYt2lHhqRPpCJT3enubu/OVvxHe0AxoRmI +MSIo6G+lTeqbW9NJ/I0UEveeBXHube2KfQ20dIZMWkK+It7EGdR9W8o07ErhUsvD +j1jnccbgbCdMiNiez/9+vsbPKWnWFaok28+k3SHzsxVQm9zW3X9RVEACcoWeUW1O +6SWUwdEttP9+X+zAOONGtuzbR4lYwI7rl0DDoQ1oY6oROLU9XTXEs5hlSSvxQQLV +u4AHogcUlnNPbd31NnjYtsBeh/TKJ4njYqooCTHjtkUtYbOCt8X6Yd7U4KwtViNd +RIrTSxHJAoGBAOi33Bbbnty03gm2tYO16RgVTsPnzruJsCWOJbviNW/NIzB85j8a +S1OCH+10/MBUEOl/Q7S7xFsBVvmNA9pyw1RiRHGxRVTRl4XbpPhDhDCo/m3U4/6Y +MyLAprOcUJP/b6pbNzjnowuQDqvFm/I60tazSPobhMoxo06NbOFiNqF7AoGBANKP +qXKI8P06TQ+gK+DfXwAslcHtQzTPEoVl5GuvUcL+HOMzR7zQwLVOwA0FCyBtYewd +byOhsDqOQFyQCGCk9JUmvbrzx5fg5IWWz245pvwIrQ0X2H7YemeRsGS5DGQXpuvi +2aQWbXdI27v83OTCDZbo27mNTCPqy7MLKa+Wp+czAoGAO+z8c7ZiFhtNAdtWqm/x +cg4qli/fAFPYVBNijBsX/44nfZjsAVvYAc0EQ7VYUH5VTItE+AlR6s1RhDlXwKzE +t7oGPfCUFd9S0VlaBcP9Cjq6KbYkb67pnA1X3/Bkn3erXYbXlYOwbI3P+VONcLbN +DBRmumDTtO1LTDMG0pLj1nkCgYEAvo+mGzI0Z/lLpMig7XM61z2Ci2/fUvvVF0WP +5KVWqdKw8i6GzitfPLd4uE/IMiDMbpR08Rp0E4qKVTtFWbHwaMwXCgt2p82xA/Xo +5SjoJ1DyzNa36JSisvj3WzDeNffx6an0rrxddYdK1meSwrWc9ubndJacQiVNFU0U +/QSsEGECgYBinPeuJEPabDpvTsAvtuQHoh1jLAVZutvCdFUvG0Ozf2GJQ0evDYml +UqWG9YElKfTN8NDLQehNANuUMRjDIqNF7B6Y0/dg2HJJjv5OXoYUDhGzV7RitFyV +qfdp99aSQpIsmevzUMbHa/0Uh5e3bnnIH+9QYQJSaI7D/8oD2OhBVQ== -----END RSA PRIVATE KEY----- diff --git a/examples/puma/server.p12 b/examples/puma/server.p12 new file mode 100644 index 0000000000..e69de29bb2 diff --git a/test/helpers/ssl.rb b/test/helpers/ssl.rb index e9e7b24ea5..9847a7607c 100644 --- a/test/helpers/ssl.rb +++ b/test/helpers/ssl.rb @@ -1,12 +1,12 @@ module SSLHelper def ssl_query @ssl_query ||= if Puma.jruby? - @keystore = File.expand_path "../../../examples/puma/keystore.jks", __FILE__ - @ssl_cipher_list = "TLS_DHE_RSA_WITH_DES_CBC_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" - "keystore=#{@keystore}&keystore-pass=pswd&ssl_cipher_list=#{@ssl_cipher_list}" + @keystore = File.expand_path "../../examples/puma/keystore.jks", __dir__ + @ssl_cipher_list = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + "keystore=#{@keystore}&keystore-pass=jruby_puma&ssl_cipher_list=#{@ssl_cipher_list}" else - @cert = File.expand_path "../../../examples/puma/cert_puma.pem", __FILE__ - @key = File.expand_path "../../../examples/puma/puma_keypair.pem", __FILE__ + @cert = File.expand_path "../../examples/puma/cert_puma.pem", __dir__ + @key = File.expand_path "../../examples/puma/puma_keypair.pem", __dir__ "key=#{@key}&cert=#{@cert}" end end diff --git a/test/test_puma_server_ssl.rb b/test/test_puma_server_ssl.rb index 50d4cff3d9..1329a1d969 100644 --- a/test/test_puma_server_ssl.rb +++ b/test/test_puma_server_ssl.rb @@ -53,11 +53,11 @@ def start_server ctx = Puma::MiniSSL::Context.new if Puma.jruby? - ctx.keystore = File.expand_path "../../examples/puma/keystore.jks", __FILE__ - ctx.keystore_pass = 'blahblah' + ctx.keystore = File.expand_path "../examples/puma/keystore.jks", __dir__ + ctx.keystore_pass = 'jruby_puma' else - ctx.key = File.expand_path "../../examples/puma/puma_keypair.pem", __FILE__ - ctx.cert = File.expand_path "../../examples/puma/cert_puma.pem", __FILE__ + ctx.key = File.expand_path "../examples/puma/puma_keypair.pem", __dir__ + ctx.cert = File.expand_path "../examples/puma/cert_puma.pem", __dir__ end ctx.verify_mode = Puma::MiniSSL::VERIFY_NONE @@ -204,26 +204,30 @@ def test_tls_v1_1_rejection # client-side TLS authentication tests class TestPumaServerSSLClient < Minitest::Test parallelize_me! + + CERT_PATH = File.expand_path "../examples/puma/client-certs", __dir__ + def assert_ssl_client_error_match(error, subject=nil, &blk) - host = "127.0.0.1" + host = "localhost" port = UniquePort.call app = lambda { |env| [200, {}, [env['rack.url_scheme']]] } ctx = Puma::MiniSSL::Context.new if Puma.jruby? - ctx.keystore = File.expand_path "../../examples/puma/client-certs/keystore.jks", __FILE__ - ctx.keystore_pass = 'blahblah' + ctx.keystore = "#{CERT_PATH}/keystore.jks" + ctx.keystore_pass = 'jruby_puma' else - ctx.key = File.expand_path "../../examples/puma/client-certs/server.key", __FILE__ - ctx.cert = File.expand_path "../../examples/puma/client-certs/server.crt", __FILE__ - ctx.ca = File.expand_path "../../examples/puma/client-certs/ca.crt", __FILE__ + ctx.key = "#{CERT_PATH}/server.key" + ctx.cert = "#{CERT_PATH}/server.crt" + ctx.ca = "#{CERT_PATH}/ca.crt" end ctx.verify_mode = Puma::MiniSSL::VERIFY_PEER | Puma::MiniSSL::VERIFY_FAIL_IF_NO_PEER_CERT events = SSLEventsHelper.new STDOUT, STDERR server = Puma::Server.new app, events server.add_ssl_listener host, port, ctx + host_addrs = server.binder.ios.map { |io| io.to_io.addr[2] } server.run http = Net::HTTP.new host, port @@ -246,11 +250,11 @@ def assert_ssl_client_error_match(error, subject=nil, &blk) sleep 0.1 assert_equal !!error, client_error - # The JRuby MiniSSL implementation lacks error capturing currently, so we can't inspect the - # messages here + # The JRuby MiniSSL implementation lacks error capturing currently, + # so we can't inspect the messages here unless Puma.jruby? assert_match error, events.error.message if error - assert_equal host, events.addr if error + assert_includes host_addrs, events.addr if error assert_equal subject, events.cert.subject.to_s if subject end ensure @@ -264,32 +268,32 @@ def test_verify_fail_if_no_client_cert end def test_verify_fail_if_client_unknown_ca - assert_ssl_client_error_match('self signed certificate in certificate chain', '/DC=net/DC=puma/CN=ca-unknown') do |http| - key = File.expand_path "../../examples/puma/client-certs/client_unknown.key", __FILE__ - crt = File.expand_path "../../examples/puma/client-certs/client_unknown.crt", __FILE__ + assert_ssl_client_error_match('self signed certificate in certificate chain', '/DC=net/DC=puma/CN=CAU') do |http| + key = "#{CERT_PATH}/client_unknown.key" + crt = "#{CERT_PATH}/client_unknown.crt" http.key = OpenSSL::PKey::RSA.new File.read(key) http.cert = OpenSSL::X509::Certificate.new File.read(crt) - http.ca_file = File.expand_path "../../examples/puma/client-certs/unknown_ca.crt", __FILE__ + http.ca_file = "#{CERT_PATH}/unknown_ca.crt" end end def test_verify_fail_if_client_expired_cert - assert_ssl_client_error_match('certificate has expired', '/DC=net/DC=puma/CN=client-expired') do |http| - key = File.expand_path "../../examples/puma/client-certs/client_expired.key", __FILE__ - crt = File.expand_path "../../examples/puma/client-certs/client_expired.crt", __FILE__ + assert_ssl_client_error_match('certificate has expired', '/DC=net/DC=puma/CN=localhost') do |http| + key = "#{CERT_PATH}/client_expired.key" + crt = "#{CERT_PATH}/client_expired.crt" http.key = OpenSSL::PKey::RSA.new File.read(key) http.cert = OpenSSL::X509::Certificate.new File.read(crt) - http.ca_file = File.expand_path "../../examples/puma/client-certs/ca.crt", __FILE__ + http.ca_file = "#{CERT_PATH}/ca.crt" end end def test_verify_client_cert assert_ssl_client_error_match(nil) do |http| - key = File.expand_path "../../examples/puma/client-certs/client.key", __FILE__ - crt = File.expand_path "../../examples/puma/client-certs/client.crt", __FILE__ + key = "#{CERT_PATH}/client.key" + crt = "#{CERT_PATH}/client.crt" http.key = OpenSSL::PKey::RSA.new File.read(key) http.cert = OpenSSL::X509::Certificate.new File.read(crt) - http.ca_file = File.expand_path "../../examples/puma/client-certs/ca.crt", __FILE__ + http.ca_file = "#{CERT_PATH}/ca.crt" http.verify_mode = OpenSSL::SSL::VERIFY_PEER end end From cafa6efee32200b77a5c5b6fefc42d1aa2b81c20 Mon Sep 17 00:00:00 2001 From: MSP-Greg Date: Mon, 7 Sep 2020 20:51:11 -0500 Subject: [PATCH 2/5] RuboCop server.rb --- lib/puma/server.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/puma/server.rb b/lib/puma/server.rb index 0e123687c3..22584dd6d1 100644 --- a/lib/puma/server.rb +++ b/lib/puma/server.rb @@ -694,7 +694,7 @@ def handle_request(req, lines) to_add = {} end - to_add[k.gsub(",", "_")] = v + to_add[k.tr(",", "_")] = v end end From 870ccf5a53a53c61bc64486e948f4e54451873f7 Mon Sep 17 00:00:00 2001 From: MSP-Greg Date: Mon, 7 Sep 2020 20:54:58 -0500 Subject: [PATCH 3/5] Update Actions workflow, add Ubuntu 20.04 --- .github/workflows/puma.yml | 62 +++++++++++++++++++++++++++++++++ .github/workflows/ruby.yml | 71 -------------------------------------- 2 files changed, 62 insertions(+), 71 deletions(-) create mode 100644 .github/workflows/puma.yml delete mode 100644 .github/workflows/ruby.yml diff --git a/.github/workflows/puma.yml b/.github/workflows/puma.yml new file mode 100644 index 0000000000..522ef4fc0e --- /dev/null +++ b/.github/workflows/puma.yml @@ -0,0 +1,62 @@ +name: CI + +on: [push, pull_request] + +jobs: + build: + name: >- + ${{ matrix.os }} ${{ matrix.ruby }} + env: + CI: true + TESTOPTS: -v + + runs-on: ${{ matrix.os }} + if: | + !( contains(github.event.pull_request.title, '[ci skip]') + || contains(github.event.pull_request.title, '[skip ci]') + || contains(github.event.head_commit.message, '[ci skip]') + || contains(github.event.head_commit.message, '[skip ci]')) + strategy: + fail-fast: false + matrix: + os: [ ubuntu-20.04, ubuntu-18.04, macos-10.15, windows-2019 ] + ruby: [ 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, head ] + include: + - { os: windows-2019 , ruby: mingw } + exclude: + - { os: ubuntu-20.04 , ruby: 2.2 } + - { os: ubuntu-20.04 , ruby: 2.3 } + - { os: ubuntu-20.04 , ruby: 2.4 } + - { os: ubuntu-20.04 , ruby: 2.6 } + - { os: windows-2019 , ruby: head } + + steps: + - name: repo checkout + uses: actions/checkout@v2 + + - name: load ruby, ragel + uses: MSP-Greg/setup-ruby-pkgs@v1 + with: + ruby-version: ${{ matrix.ruby }} + apt-get: ragel + brew: ragel + mingw: _upgrade_ openssl ragel + + - name: bundle install + shell: pwsh + run: | + # update RubyGems in Ruby 2.2, bundle install + if ('${{ matrix.ruby }}' -lt '2.3') { + gem update --system 2.7.10 --no-document + } + bundle install --jobs 4 --retry 3 + + - name: compile + run: bundle exec rake compile + + - name: rubocop + run: bundle exec rake rubocop + + - name: test + timeout-minutes: 10 + run: bundle exec rake test:all diff --git a/.github/workflows/ruby.yml b/.github/workflows/ruby.yml deleted file mode 100644 index d3bc3afb17..0000000000 --- a/.github/workflows/ruby.yml +++ /dev/null @@ -1,71 +0,0 @@ -name: Puma - -on: - push: - branches: - - '*' - pull_request: - branches: - - '*' - -jobs: - build: - name: >- - OS: ${{ matrix.os }} Ruby: ${{ matrix.ruby }} - runs-on: ${{ matrix.os }} - strategy: - fail-fast: false - matrix: - os: [ 'ubuntu-16.04', 'ubuntu-18.04', 'macos', 'windows-latest' ] - ruby: [ '2.3.x', '2.4.x', '2.5.x', '2.6.x' ] - exclude: - - os: ubuntu-16.04 - ruby: 2.4.x - - os: ubuntu-16.04 - ruby: 2.5.x - - os: ubuntu-16.04 - ruby: 2.6.x - - os: ubuntu-18.04 - ruby: 2.3.x - - os: macos - ruby: 2.3.x - - os: windows-latest - ruby: 2.3.x - steps: - - name: repo checkout - uses: actions/checkout@v1 - with: - fetch-depth: 10 - - name: load ruby - uses: actions/setup-ruby@v1 - with: - ruby-version: ${{ matrix.ruby }} - - - name: ubuntu & macos - install ragel - if: startsWith(matrix.os, 'ubuntu') || startsWith(matrix.os, 'macos') - run: | - if [ "${{ matrix.os }}" == "macos" ]; then - brew install ragel - else - sudo apt-get install ragel - fi - - name: windows - update MSYS2, openssl, ragel - if: startsWith(matrix.os, 'windows') - uses: MSP-Greg/msys2-action@master - with: - base: update - mingw: openssl ragel - - - name: RubyGems, Bundler Update - run: gem update --system --no-document --conservative - - name: bundle install - run: bundle install --jobs 4 --retry 3 - - name: compile - run: bundle exec rake compile - - name: test - run: bundle exec rake - timeout-minutes: 10 - env: - CI: true - TESTOPTS: -v - RUBYOPT: --enable-frozen-string-literal From fb4c3eeb131bb13f11355ae682e37ace10ccdd95 Mon Sep 17 00:00:00 2001 From: MSP-Greg Date: Mon, 7 Sep 2020 21:11:45 -0500 Subject: [PATCH 4/5] Update extconf.rb --- ext/puma_http11/extconf.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/puma_http11/extconf.rb b/ext/puma_http11/extconf.rb index a0edd839ec..feb812d8a6 100644 --- a/ext/puma_http11/extconf.rb +++ b/ext/puma_http11/extconf.rb @@ -1,7 +1,7 @@ require 'mkmf' dir_config("puma_http11") -if RUBY_PLATFORM[/mingw32/] +if $mingw && RUBY_VERSION >= '2.4' append_cflags '-D_FORTIFY_SOURCE=2' append_ldflags '-fstack-protector' have_library 'ssp' From d999d4ba9f5b9e82af6fd1777ef0c4daed977623 Mon Sep 17 00:00:00 2001 From: MSP-Greg Date: Mon, 7 Sep 2020 21:31:35 -0500 Subject: [PATCH 5/5] Backport #2121 Co-authored-by: wjordan --- lib/puma/client.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/puma/client.rb b/lib/puma/client.rb index a6107cc94f..1e31d292c4 100644 --- a/lib/puma/client.rb +++ b/lib/puma/client.rb @@ -153,7 +153,7 @@ def try_to_finish begin data = @io.read_nonblock(CHUNK_SIZE) - rescue Errno::EAGAIN + rescue IO::WaitReadable return false rescue SystemCallError, IOError, EOFError raise ConnectionError, "Connection error detected during read" @@ -351,7 +351,7 @@ def read_body begin chunk = @io.read_nonblock(want) - rescue Errno::EAGAIN + rescue IO::WaitReadable return false rescue SystemCallError, IOError raise ConnectionError, "Connection error detected during read"