Needs more tests.
c.context.addRootCerts();
}
+ if (options.crl) {
+ if (Array.isArray(options.crl)) {
+ for(var i = 0, len = options.crl.length; i < len; i++) {
+ c.context.addCRL(options.crl[i]);
+ }
+ } else {
+ c.context.addCRL(options.crl);
+ }
+ }
+
return c;
};
// constructor call
net.Server.call(this, function(socket) {
- var creds = crypto.createCredentials(
- { key: self.key, cert: self.cert, ca: self.ca });
+ var creds = crypto.createCredentials({
+ key: self.key,
+ cert: self.cert,
+ ca: self.ca,
+ crl: self.crl
+ });
//creds.context.setCiphers('RC4-SHA:AES128-SHA:AES256-SHA');
var pair = new SecurePair(creds,
if (options.key) this.key = options.key;
if (options.cert) this.cert = options.cert;
if (options.ca) this.ca = options.ca;
+ if (options.crl) this.crl = options.crl;
};
NODE_SET_PROTOTYPE_METHOD(t, "setKey", SecureContext::SetKey);
NODE_SET_PROTOTYPE_METHOD(t, "setCert", SecureContext::SetCert);
NODE_SET_PROTOTYPE_METHOD(t, "addCACert", SecureContext::AddCACert);
+ NODE_SET_PROTOTYPE_METHOD(t, "addCRL", SecureContext::AddCRL);
NODE_SET_PROTOTYPE_METHOD(t, "addRootCerts", SecureContext::AddRootCerts);
NODE_SET_PROTOTYPE_METHOD(t, "setCiphers", SecureContext::SetCiphers);
NODE_SET_PROTOTYPE_METHOD(t, "close", SecureContext::Close);
}
+Handle<Value> SecureContext::AddCRL(const Arguments& args) {
+ HandleScope scope;
+
+ SecureContext *sc = ObjectWrap::Unwrap<SecureContext>(args.Holder());
+
+ if (args.Length() != 1) {
+ return ThrowException(Exception::TypeError(String::New("Bad parameter")));
+ }
+
+ BIO *bio = LoadBIO(args[0]);
+ if (!bio) return False();
+
+ X509_CRL *x509 = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL);
+
+ if (x509 == NULL) {
+ BIO_free(bio);
+ return False();
+ }
+
+ X509_STORE_add_crl(sc->ca_store_, x509);
+
+ X509_STORE_set_flags(sc->ca_store_, X509_V_FLAG_CRL_CHECK |
+ X509_V_FLAG_CRL_CHECK_ALL);
+
+ BIO_free(bio);
+ X509_CRL_free(x509);
+
+ return True();
+}
+
+
Handle<Value> SecureContext::AddRootCerts(const Arguments& args) {
HandleScope scope;
static v8::Handle<v8::Value> SetKey(const v8::Arguments& args);
static v8::Handle<v8::Value> SetCert(const v8::Arguments& args);
static v8::Handle<v8::Value> AddCACert(const v8::Arguments& args);
+ static v8::Handle<v8::Value> AddCRL(const v8::Arguments& args);
static v8::Handle<v8::Value> AddRootCerts(const v8::Arguments& args);
static v8::Handle<v8::Value> SetCiphers(const v8::Arguments& args);
static v8::Handle<v8::Value> Close(const v8::Arguments& args);
-all: agent1-cert.pem agent2-cert.pem agent3-cert.pem agent4-cert.pem
+all: agent1-cert.pem agent2-cert.pem agent3-cert.pem agent4-cert.pem ca2-crl.pem
#
#
ca2-cert.pem: ca2.cnf
openssl req -new -x509 -config ca2.cnf -keyout ca2-key.pem -out ca2-cert.pem
+ echo '01' > ca2-serial
+ touch ca2-database.txt
#
agent4-verify: agent4-cert.pem ca2-cert.pem
openssl verify -CAfile ca2-cert.pem agent4-cert.pem
-
-# TODO: agent on CRL
-
+#
+# Make CRL with agent4 being rejected
+#
+ca2-crl.pem: ca2-key.pem ca2-cert.pem ca2.cnf
+ openssl ca -revoke agent4-cert.pem \
+ -keyfile ca2-key.pem \
+ -cert ca2-cert.pem \
+ -config ca2.cnf
+ openssl ca \
+ -keyfile ca2-key.pem \
+ -cert ca2-cert.pem \
+ -config ca2.cnf \
+ -gencrl \
+ -out ca2-crl.pem
clean:
- rm -f *.pem *.srl
+ rm -f *.pem *.srl ca2-database.txt ca2-serial
test: agent1-verify agent2-verify agent3-verify agent4-verify
-----BEGIN CERTIFICATE-----
-MIICKjCCAZMCCQC9jzMlG+W8DDANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJV
+MIICKjCCAZMCCQDMRmF28ReZjTANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJV
UzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNGMQ8wDQYDVQQKEwZKb3llbnQxEDAO
BgNVBAsTB05vZGUuanMxDDAKBgNVBAMTA2NhMjEgMB4GCSqGSIb3DQEJARYRcnlA
-dGlueWNsb3Vkcy5vcmcwHhcNMTEwMjEwMDIzMDIwWhcNMTMxMTA1MDIzMDIwWjB9
+dGlueWNsb3Vkcy5vcmcwHhcNMTEwMjEwMDc1NjU1WhcNMTMxMTA1MDc1NjU1WjB9
MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNGMQ8wDQYDVQQK
EwZKb3llbnQxEDAOBgNVBAsTB05vZGUuanMxDzANBgNVBAMTBmFnZW50MzEgMB4G
CSqGSIb3DQEJARYRcnlAdGlueWNsb3Vkcy5vcmcwXDANBgkqhkiG9w0BAQEFAANL
-ADBIAkEAy6zp21WUvCB8XknL2c6TggDtXj34e+jr7CvUU+PmoFJYzITeRWCx84kP
-8VhXkz6nbG/7vpjT9sT/SDFxt0T3/wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBANrA
-du9DMhBACSm8dlQVIHxwR2rsScKeY/RigOJ1nkDSHHSLjnIZ2UEzAwd6JsfMmApt
-d4DE3PNjSFpLP7pGlCOV9DxFUk/PSzSmQOMn7+t5n6tjCGGfXwvOYNwuI8L65Kqz
-Q8c9vXcICBLs7EN0/6NDHWcYuWvpi/UzhLmoQsEW
+ADBIAkEAvo97SurQMLbB62avPWW7KZQ4Xw1jhXZ9uoQ+3A+RZoZ7MRkLYT8R+8l/
+r3ZZo6uYVMrlP14YPZ35qXGs2i7vqwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAHde
+DjVjyBmqHJFkZ1bhGOUisChHxg90SX+X9aCxpS7PPWJks56HDlQWMIeU4LmFDX+B
+1dF8TKSiWb7XHWLChrMaRdF01wDUuM/lgnJvK+YikiHdAz3dndUT93JQwWv8skg1
+6pHpYaK3A5AsHH+bogz+/sCCuoVwp8hPwcVWJkXK
-----END CERTIFICATE-----
MIIBXTCCAQcCAQAwfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQswCQYDVQQH
EwJTRjEPMA0GA1UEChMGSm95ZW50MRAwDgYDVQQLEwdOb2RlLmpzMQ8wDQYDVQQD
EwZhZ2VudDMxIDAeBgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMub3JnMFwwDQYJ
-KoZIhvcNAQEBBQADSwAwSAJBAMus6dtVlLwgfF5Jy9nOk4IA7V49+Hvo6+wr1FPj
-5qBSWMyE3kVgsfOJD/FYV5M+p2xv+76Y0/bE/0gxcbdE9/8CAwEAAaAlMCMGCSqG
+KoZIhvcNAQEBBQADSwAwSAJBAL6Pe0rq0DC2wetmrz1luymUOF8NY4V2fbqEPtwP
+kWaGezEZC2E/EfvJf692WaOrmFTK5T9eGD2d+alxrNou76sCAwEAAaAlMCMGCSqG
SIb3DQEJBzEWExRBIGNoYWxsZW5nZSBwYXNzd29yZDANBgkqhkiG9w0BAQUFAANB
-AGK5j9t+2Owk6r5h3My5kBpRkCUMZdU57Wlpcm6G8tZ3kz65pvarWOFFwPQzWC40
-tR/Fd1a61L20G9KGzB3zjik=
+AJ0eUoKBgimALry2MLT3VktNJQwD8OorIIvnUz0BjG86F0fVX+FWZEqw1aXmblAZ
+WTPvnqq//bzzi2PwvoEJ4Lc=
-----END CERTIFICATE REQUEST-----
-----BEGIN RSA PRIVATE KEY-----
-MIIBOgIBAAJBAMus6dtVlLwgfF5Jy9nOk4IA7V49+Hvo6+wr1FPj5qBSWMyE3kVg
-sfOJD/FYV5M+p2xv+76Y0/bE/0gxcbdE9/8CAwEAAQJAWRD1dx/WmeoO2OCmj0nB
-waEMLCEnb3As8ys7f6/yo3p2ZjRIMgOPZys7dTEmEx5m62uI21EMUQOL9jN+nWPs
-MQIhAP1bkf9NaNqHUgQM4/hcKWyhKlNVwXelGEli3xjn0K5XAiEAzcyy0gymOrYS
-vRpW9FV+hu2onGfJvdza5HRx6pwRqpkCIDq/6in2bFMIQAd6ab6kuGJdOPBcGWHC
-IdCaobsnvic/AiEAqh+tMzaBs8cPdoNvnkuObLvJxoGFpA4OZQxdnzOk5wECIAEy
-7T0nAmXRYTCJhdt4NbET+tmktA8N24Q39c2yZLX9
+MIIBOQIBAAJBAL6Pe0rq0DC2wetmrz1luymUOF8NY4V2fbqEPtwPkWaGezEZC2E/
+EfvJf692WaOrmFTK5T9eGD2d+alxrNou76sCAwEAAQJAcT7Nk4kWLkz900pTzBX/
+80a9dWd8hF0VfNmIjbjGvPkaCW6th6N5TuSJbrwrKcSqyxB9fG8/oY42IsGe+Tj8
+MQIhAN3VnmNLml9/w6ksMfulhddGPKEi7RpNvTe+rq3vVsfTAiEA2+jOzgkA3Vn0
+riBRt7jAH+8OTh9Qxu23akW77nj/6ckCIChCeqpesDegwmvTf4bCNZYqQxqjchCS
+B0M0shMTGtbNAiAFEtHynvKOKM0kV0qLWo/ULMe/tak/bayVnxY+4jvFQQIgSToA
+tCzu09vpDbkH5oXgZbLKSznShbYWpAng1XMJlYI=
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-MIICSDCCAbGgAwIBAgIJAL2PMyUb5bwNMA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV
+MIICSDCCAbGgAwIBAgIJAMxGYXbxF5mOMA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJDQTELMAkGA1UEBxMCU0YxDzANBgNVBAoTBkpveWVu
dDEQMA4GA1UECxMHTm9kZS5qczEMMAoGA1UEAxMDY2EyMSAwHgYJKoZIhvcNAQkB
-FhFyeUB0aW55Y2xvdWRzLm9yZzAeFw0xMTAyMTAwMjMwMjBaFw0xMzExMDUwMjMw
-MjBaMH0xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTELMAkGA1UEBxMCU0YxDzAN
+FhFyeUB0aW55Y2xvdWRzLm9yZzAeFw0xMTAyMTAwNzU2NTVaFw0xMzExMDUwNzU2
+NTVaMH0xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTELMAkGA1UEBxMCU0YxDzAN
BgNVBAoTBkpveWVudDEQMA4GA1UECxMHTm9kZS5qczEPMA0GA1UEAxMGYWdlbnQ0
MSAwHgYJKoZIhvcNAQkBFhFyeUB0aW55Y2xvdWRzLm9yZzBcMA0GCSqGSIb3DQEB
-AQUAA0sAMEgCQQDGlJNGU61zPQE5+KynnUpFSKLNR7hebT+MXf+/JtCMZh4oE26M
-iVVxgR+3+g7FDcYsI/pjh4VUT/SYE7wcg3x1AgMBAAGjFzAVMBMGA1UdJQQMMAoG
-CCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4GBAH5NOqmgyD/ZCezX/VGTNeYMXhIj
-vaKDBsxoSWCLMA3zzr7ixmeFyYgI1Lt1jZXnQkMCL/K9QrmQxpsEJAiirYNvS9vW
-n0kS5K0it878yAza5pfGNSosFK5ZdJvJOplrzOL10l+JZglPsU30apqydYc1BOq2
-dAqSyneuVANFbzUE
+AQUAA0sAMEgCQQC+eEnKdt2AHzGMt1EkALMiSHk6MLnHLxigi6CCM3jxxNz/lw7Y
+uZfAWyTBr6jjCZsa/SC8DpE7caRZED//F4tFAgMBAAGjFzAVMBMGA1UdJQQMMAoG
+CCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4GBAKJu+RhRDKkzVn9BrS8r3hPlJUdS
+ybHfZpsOHpltmzO+PkWaio7jEXT7nnKBjV4VP8ld6wDa4mk+tRyhgt91+nmvrIeT
+yw7I9UBY7RCCDIXy755zSkT3OitOTk7besU70Am8/P3Srg7IyHeYBnJVLqn4FIlz
+/apIKko90U+bEgk2
-----END CERTIFICATE-----
MIIBXTCCAQcCAQAwfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQswCQYDVQQH
EwJTRjEPMA0GA1UEChMGSm95ZW50MRAwDgYDVQQLEwdOb2RlLmpzMQ8wDQYDVQQD
EwZhZ2VudDQxIDAeBgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMub3JnMFwwDQYJ
-KoZIhvcNAQEBBQADSwAwSAJBAMaUk0ZTrXM9ATn4rKedSkVIos1HuF5tP4xd/78m
-0IxmHigTboyJVXGBH7f6DsUNxiwj+mOHhVRP9JgTvByDfHUCAwEAAaAlMCMGCSqG
+KoZIhvcNAQEBBQADSwAwSAJBAL54Scp23YAfMYy3USQAsyJIeTowuccvGKCLoIIz
+ePHE3P+XDti5l8BbJMGvqOMJmxr9ILwOkTtxpFkQP/8Xi0UCAwEAAaAlMCMGCSqG
SIb3DQEJBzEWExRBIGNoYWxsZW5nZSBwYXNzd29yZDANBgkqhkiG9w0BAQUFAANB
-ALUeDCFkwYvz9/uFAl7oK6tPpeEl1EuPxWfvgP9ldggAIjSVsVfdI3Ailm3OcZ5Y
-dzVJ/VZyyK5iZfovMoW8APc=
+AJc7y8DLaJ+j9wdEmjPV+mt6NuFQ3MHVuTzteMAsdASiJ9ce5U/vNMvS0UXdjzkd
+y4uuWOqLyZaajVCqDDk5JvE=
-----END CERTIFICATE REQUEST-----
-----BEGIN RSA PRIVATE KEY-----
-MIIBOgIBAAJBAMaUk0ZTrXM9ATn4rKedSkVIos1HuF5tP4xd/78m0IxmHigTboyJ
-VXGBH7f6DsUNxiwj+mOHhVRP9JgTvByDfHUCAwEAAQJBAL8mk6G1uJfeGEkiW6g4
-2x5YLgZmTE3w4aQPc7gf9828aJzlGWgN7KcedGAzhlhsrj+MLDPjNvTWGHUY+gP7
-RwECIQDkWhHV+L+KrOuH/LAVg1HsNHtG28dxOrN3GVovtLkLwQIhAN6ft7TXPDaN
-fw+CaYXEDH1XngFf/gIwEGgBzREq7W21AiBGEAyg5i1+0weBNdqg/yXHn2KjnxNW
-fnhJ9pFhScXtAQIgDQU4YFpKSkKCUOzmsQ0jUd1i/1+W4pffDcY1MTDajBUCIGqr
-8kxP5se+Y9ihqzMwvvP0/nOtciGeJjEzKlGDrC28
+MIIBPQIBAAJBAL54Scp23YAfMYy3USQAsyJIeTowuccvGKCLoIIzePHE3P+XDti5
+l8BbJMGvqOMJmxr9ILwOkTtxpFkQP/8Xi0UCAwEAAQJBALq4g2ZnBpfOfK29HF9W
+DEZElAs2rzkT82mX198sBJnFOFfdo0GdGkA8LlQVwXEv2yWKlzN5zrkJPK/I/Z6A
+vxUCIQDxRDPGSV0nfnFH5mcs7pnWNIi7tRZecsAhaj2gGBNCfwIhAMoZ94XYslXl
+2eHUDPvVYhzNqdRWXfgD8N89lYXXTMg7AiEAnPwmwCeuYGtKpGEL01WxbYqjSZfr
+5Sq/Tz7EuG3R4lsCIQDIz/pprUKuJUBUqt3n0UO2uQgZq2Odj1TkjQ2oOqDZhwIh
+AIydKQ6a35hFleOih3yiHvFPUEE7jOAIhGTOAd3s31LN
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-MIICazCCAdQCCQC7OMCdtvshmTANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJV
+MIICazCCAdQCCQDzyKZgsfidNjANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJV
UzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNGMQ8wDQYDVQQKEwZKb3llbnQxEDAO
BgNVBAsTB05vZGUuanMxDDAKBgNVBAMTA2NhMjEgMB4GCSqGSIb3DQEJARYRcnlA
-dGlueWNsb3Vkcy5vcmcwHhcNMTEwMjEwMDIzMDIwWhcNMTEwMzEyMDIzMDIwWjB6
+dGlueWNsb3Vkcy5vcmcwHhcNMTEwMjEwMDc1NjU1WhcNMTEwMzEyMDc1NjU1WjB6
MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNGMQ8wDQYDVQQK
EwZKb3llbnQxEDAOBgNVBAsTB05vZGUuanMxDDAKBgNVBAMTA2NhMjEgMB4GCSqG
SIb3DQEJARYRcnlAdGlueWNsb3Vkcy5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBAONi4yMjv8R0hfjVtvEM8PoXvPP24e0NQZeJs+mFqVVt4JaRxYbX8qXx
-9KiEwCAYdS5FSl1mcotATeKLp2vlCXaG2Fb4xCn0ollFe+ubA2Ud8RiOhw2Pbc3D
-I40LekBKJsZfns6vftRGlwb7URt55Efx9QbBbONwMWHDKbGYA5GPAgMBAAEwDQYJ
-KoZIhvcNAQEFBQADgYEAeQzT6q8xuxUuQ9tmZEjq6vHaUaU2gq5Zp48XBJg3XjNI
-sxQEy1LreOR48THhS7QrKFELDGfr4bd6gPE0IvEpwAVu6eNNX/ZkrkiE2480W7CY
-8hJMtYGXRi09BOSXnpSy0qMh63wjA3v5tTs+DPSwfi3xPsx8RyIz/hBXazoAKAM=
+MIGJAoGBAMf9gxkjRyoHsgvya+jMlHRRds6qwt43t6tB6tkB6dW/23HBvXOCuHe0
+Ryn2EofWtNaLg6IfJg8JwM6k39/EvGgjr730WeI2iQt2b7+OmBBLiEr+Xkrkeskp
+Wv+3TdbwF08Vh4pV34kPQhD+q2d0PBZUGgBUVhVzcwZ4XWWJDq1DAgMBAAEwDQYJ
+KoZIhvcNAQEFBQADgYEArEYmxp6S+LRE6Nu7ULVElCXL1ouR+srM03j25D/2G/6O
+lryRDHGTsNUytBhQFghwi1vPB8mHTVLpWV9NgTbQrQF4qjQHY6CzcM2gnNfkmWql
+mpR3x4hs25a86KR3OzrAx4JOkpvzEf1PJgWOLaKt38JoPxehvhgNMx1sd+MR8kw=
-----END CERTIFICATE-----
-BD8F33251BE5BC0D
+CC466176F117998E
--- /dev/null
+-----BEGIN X509 CRL-----
+MIIBXTCBxzANBgkqhkiG9w0BAQQFADB6MQswCQYDVQQGEwJVUzELMAkGA1UECBMC
+Q0ExCzAJBgNVBAcTAlNGMQ8wDQYDVQQKEwZKb3llbnQxEDAOBgNVBAsTB05vZGUu
+anMxDDAKBgNVBAMTA2NhMjEgMB4GCSqGSIb3DQEJARYRcnlAdGlueWNsb3Vkcy5v
+cmcXDTExMDIxMDA3NTcxMVoXDTEzMTEwNTA3NTcxMVowHDAaAgkAzEZhdvEXmY4X
+DTExMDIxMDA3NTY1N1owDQYJKoZIhvcNAQEEBQADgYEAgH9u/zWn48ycNmJezW57
+E54QQI2KqwqmnO1S0lt6EDhjktCAxgljoEhjb3rS3221jddbb9FckYVVMKVX3rPP
+cUPXF1jLJ8I/jF0mETK4sZQPjA/PIzPQOnUzzQmszfr42b+5x6HQ0gg2RTqN1TC2
+wLLY7ihxVXUzhVIHlGIp9Hk=
+-----END X509 CRL-----
--- /dev/null
+R 131105075655Z 110210075657Z CC466176F117998E unknown /C=US/ST=CA/L=SF/O=Joyent/OU=Node.js/CN=agent4/emailAddress=ry@tinyclouds.org
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIg0hLO3eutNQCAggA
-MBQGCCqGSIb3DQMHBAiRtZu32UxWpwSCAoCud1+Lak/kkrYxcdTeNh4RBQwpuEjv
-fdoshPagoLVkp8hHWVPfIVJWI3AwjyPtQShusGZwTyjiDF7k6ycTZSNH6+nuc8K2
-ZNGwPFWMEaO510tcraDf/H8yNbeThTvYkudQLwTRseZw3NmuBBkPEThYkJrBibsJ
-Z8BsZ0y9FWgF+ufx7sGCC0Dq/Dd/JBGV7Kx75Vm65CpKkTV7W3tMXWa38yER8dBE
-1vCexF95ih5zXbsRMlBoA0p45QD+0LrHssCSe+iuNAowvX/YHdfrcFRuvHkazzql
-5j4sxs4647F+U1CTsb2+7C0LlijZBuP0x9GUsJck8M9Zh0s9sfwPbSofjZWhFcdR
-liy7lxfyFdIbLav1cTfilT06BoyLLRUFp5Zu1XPCdxrf0pHoDjgXO/ToEjhStctM
-RyVigOIQY+2yvgnzE/cw5niQlXDWDAnsSibYpjU8lJ1k97Iqx/qogqNSTIim8ml4
-h7aDPHEBlGG9wmTkPV5L18/wI7iGom9rroQFrkgrqQ2JoIAKCXrocDKUjFAVB7QA
-mreUdYowm6ee/AUdtsYQpn5hasIa/A/fD/Ia9E41rkplZZS43r9YyyQCTdJFF9Hm
-TROxSlKrpEoap9RZyFEfhr9hrnw6uQyl3EY5wvRzsTe6KLN60DkUOkLjJVBLx4iE
-QlwMeAknMNBqJS1Uqivw94Pi1yYLlKCY0I0/cf97HCwx8j+97XWEUAQehXvYRwdd
-E6/mC/GGH/cT7A6TF8mN0i0UOmAQ9EjEqlOQXR9tmlhafbOoorFXjGelSILsFnV2
-oxN9847cjGQbGh6wytJYP4fpvJr1xt21SzzctK5h3mqmfHmCXi0Duea0
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIzqCAnqkKV5sCAggA
+MBQGCCqGSIb3DQMHBAgvE1MWZKV5tgSCAoAe0ygwlrXz3uIDRw2hKhgG28XFZaG0
+Py/8vORZ6JknZF/ucZE4ZsJW0OLhLRe0VmoVIErgLQ6bl6ZhlGq7oZ0DCyiHo3TV
+2uUTn3DXQ9d4aSE2cMlA3wSzYihm1up9PUYvWhrhC90/Sc0fB81OA1Hhv2jS36hY
+c4rSVfCkSgaziWy77x9XqbEnxpdVRkngbVnVG4UWFfoBTsza+j+C/ysxR/nXDlei
+5KKe87V9AcdzFKI+qJP52CQBac1DQCg8EQ51v40BllfK/8JB/45tAETqAiu80COI
+zSFs56p4UIsQiXUaToZxA9SsLOPJJHrOL9/IQe5aMRrG0ro5u0/CbIYN0uSbR6Om
+iUAXXk/6Oni8C07qO4VLIjG0NKnnIhDgtGGkyn8XDhtNBKsFLhGzAbmOLOZKKko6
+GgxzY7o52I5bOu8oDN9KLrMZKC9Sow9J+xEf65jCIK40HjpoYiKDiDY/xaSOUL9b
+ig0WkxwMzWCA0RIsA/958ZBzv+R2Ag90iPDz9xF5vMNucvGHqOPuKo56JcM0SGev
+Xr1KxZAOVJcP9It3Yv8Of+DLilwo56O9md2Su0HKNxM0wyanowPw2PcGCK5rtu87
+YDSOHfmg05Bt0F3LC2dU5ak1YJfu/DpVj69hQ5/g/c5JMMVYAjmZGyc6IPKWXHYr
+P+ECSDdICBrDLkVeCClhKkNgAw1n8xepdgCE0rWSkbxoCmoKDXQDl1kOfs5TWIvL
+JRqrVYz2yoPAa1Q9gTM3iDtBL3RJwF2jXk4IDySR/1YDf+BbnyhiisIRSMp8GeQS
+uX1Ke+bu3QWwFVqa0eYScVPZZzNUADHzviMweRX9l+1aCw0R31po7Fwl
-----END ENCRYPTED PRIVATE KEY-----
+[ ca ]
+default_ca = CA_default
+
+[ CA_default ]
+serial = ca2-serial
+crl = ca2-crl.pem
+database = ca2-database.txt
+name_opt = CA_default
+cert_opt = CA_default
+default_crl_days = 999
+default_md = md5
+
+
[ req ]
default_bits = 1024
days = 999
{ name: 'nocert', shouldReject: true }
]
},
+
+
+ { title: "Allow only certs signed by CA2 but not in the CRL",
+ requestCert: true,
+ rejectUnauthorized: true,
+ CAs: ['ca2-cert'],
+ crl: 'ca2-crl',
+ clients:
+ [ { name: 'agent1', shouldReject: true, shouldAuth: false },
+ { name: 'agent2', shouldReject: true, shouldAuth: false },
+ { name: 'agent3', shouldReject: false, shouldAuth: true },
+ // Agent4 has a cert in the CRL.
+ { name: 'agent4', shouldReject: true, shouldAuth: false },
+ { name: 'nocert', shouldReject: true }
+ ]
+ },
];
var args = ['s_client', '-connect', '127.0.0.1:' + common.PORT];
+
+ console.log(" connecting with", options.name);
+
switch (options.name) {
case 'agent1':
// Signed by CA1
args.push(filenamePEM('agent3-cert'));
break;
+ case 'agent4':
+ // Signed by CA2 (rejected by ca2-crl)
+ args.push('-key');
+ args.push(filenamePEM('agent4-key'));
+ args.push('-cert');
+ args.push(filenamePEM('agent4-cert'));
+ break;
+
case 'nocert':
// Do not send certificate
break;
var cas = tcase.CAs.map(loadPEM);
+ var crl = tcase.crl ? loadPEM(tcase.crl) : null;
+
var serverOptions = {
key: serverKey,
cert: serverCert,
ca: cas,
+ crl: crl,
requestCert: tcase.requestCert,
rejectUnauthorized: tcase.rejectUnauthorized
};
}
});
- function runNextClient (clientIndex) {
+ function runNextClient(clientIndex) {
var options = tcase.clients[clientIndex];
if (options) {
runClient(options, function () {