Przeglądaj źródła

[crypto] Fix parsing of OCSP responder ID key hash

We currently compare the entirety of the KeyHash object (including the
ASN.1 tag and length byte) against the raw SHA-1 hash of the
certificate's public key.  This causes OCSP validation to fail for any
responses which identify the responder by key hash rather than by
name, and hence prevents the use of X.509 certificates where any
certificate in the chain has an OCSP responder which chooses to
identify itself via its key hash.

Fix by adding the missing asn1_enter() required to enter the ASN.1
octet string containing the key hash.

Also add a corresponding test case including an OCSP response where
the responder is identified by key hash, to ensure that this
functionality cannot be broken in future.

Debugged-by: Brian Rak <brak@gameservers.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 10 lat temu
rodzic
commit
5cbdc41778
2 zmienionych plików z 419 dodań i 3 usunięć
  1. 8
    3
      src/crypto/ocsp.c
  2. 411
    0
      src/tests/ocsp_test.c

+ 8
- 3
src/crypto/ocsp.c Wyświetl plik

@@ -405,12 +405,17 @@ static int ocsp_compare_responder_name ( struct ocsp_check *ocsp,
405 405
 static int ocsp_compare_responder_key_hash ( struct ocsp_check *ocsp,
406 406
 					     struct x509_certificate *cert ) {
407 407
 	struct ocsp_responder *responder = &ocsp->response.responder;
408
+	struct asn1_cursor key_hash;
408 409
 	uint8_t ctx[SHA1_CTX_SIZE];
409 410
 	uint8_t digest[SHA1_DIGEST_SIZE];
410 411
 	int difference;
411 412
 
413
+	/* Enter responder key hash */
414
+	memcpy ( &key_hash, &responder->id, sizeof ( key_hash ) );
415
+	asn1_enter ( &key_hash, ASN1_OCTET_STRING );
416
+
412 417
 	/* Sanity check */
413
-	difference = ( sizeof ( digest ) - responder->id.len );
418
+	difference = ( sizeof ( digest ) - key_hash.len );
414 419
 	if ( difference )
415 420
 		return difference;
416 421
 
@@ -421,8 +426,8 @@ static int ocsp_compare_responder_key_hash ( struct ocsp_check *ocsp,
421 426
 			cert->subject.public_key.raw_bits.len );
422 427
 	digest_final ( &sha1_algorithm, ctx, digest );
423 428
 
424
-	/* Compare responder ID with SHA1 hash of certificate's public key */
425
-	return memcmp ( digest, responder->id.data, sizeof ( digest ) );
429
+	/* Compare responder key hash with hash of certificate's public key */
430
+	return memcmp ( digest, key_hash.data, sizeof ( digest ) );
426 431
 }
427 432
 
428 433
 /**

+ 411
- 0
src/tests/ocsp_test.c Wyświetl plik

@@ -825,6 +825,253 @@ CERTIFICATE ( startssl_crt,
825 825
 		      0x1c, 0xec, 0xc2, 0x1c, 0xc5, 0xc2, 0xf5, 0x67,
826 826
 		      0x48, 0xa7, 0x11, 0x01, 0x69, 0x83, 0xfd, 0x8e ) );
827 827
 
828
+/*
829
+ * subject	RapidSSL SHA256 CA - G3
830
+ * issuer	GeoTrust Global CA
831
+ */
832
+CERTIFICATE ( rapidssl_crt,
833
+	DATA ( 0x30, 0x82, 0x04, 0x25, 0x30, 0x82, 0x03, 0x0d, 0xa0, 0x03,
834
+	       0x02, 0x01, 0x02, 0x02, 0x03, 0x02, 0x3a, 0x77, 0x30, 0x0d,
835
+	       0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
836
+	       0x0b, 0x05, 0x00, 0x30, 0x42, 0x31, 0x0b, 0x30, 0x09, 0x06,
837
+	       0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x16,
838
+	       0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x47,
839
+	       0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e,
840
+	       0x63, 0x2e, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04,
841
+	       0x03, 0x13, 0x12, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73,
842
+	       0x74, 0x20, 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x20, 0x43,
843
+	       0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x30, 0x38, 0x32,
844
+	       0x39, 0x32, 0x31, 0x33, 0x39, 0x33, 0x32, 0x5a, 0x17, 0x0d,
845
+	       0x32, 0x32, 0x30, 0x35, 0x32, 0x30, 0x32, 0x31, 0x33, 0x39,
846
+	       0x33, 0x32, 0x5a, 0x30, 0x47, 0x31, 0x0b, 0x30, 0x09, 0x06,
847
+	       0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x16,
848
+	       0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x47,
849
+	       0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e,
850
+	       0x63, 0x2e, 0x31, 0x20, 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04,
851
+	       0x03, 0x13, 0x17, 0x52, 0x61, 0x70, 0x69, 0x64, 0x53, 0x53,
852
+	       0x4c, 0x20, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x20, 0x43,
853
+	       0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30, 0x82, 0x01, 0x22,
854
+	       0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
855
+	       0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00,
856
+	       0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xaf,
857
+	       0x54, 0x9b, 0xd9, 0x58, 0x5d, 0x1e, 0x2c, 0x56, 0xc6, 0xd5,
858
+	       0xe8, 0x7f, 0xf4, 0x7d, 0x16, 0x03, 0xff, 0xd0, 0x8b, 0x5a,
859
+	       0xe4, 0x8e, 0xa7, 0xdd, 0x54, 0x2e, 0xd4, 0x04, 0xc0, 0x5d,
860
+	       0x98, 0x9c, 0x8d, 0x90, 0x0f, 0xbc, 0x10, 0x65, 0x5f, 0xda,
861
+	       0x9a, 0xd6, 0x44, 0x7c, 0xc0, 0x9f, 0xb5, 0xe9, 0x4a, 0x8c,
862
+	       0x0b, 0x06, 0x43, 0x04, 0xbb, 0xf4, 0x96, 0xe2, 0x26, 0xf6,
863
+	       0x61, 0x01, 0x91, 0x66, 0x31, 0x22, 0xc3, 0x34, 0x34, 0x5f,
864
+	       0x3f, 0x3f, 0x91, 0x2f, 0x44, 0x5f, 0xdc, 0xc7, 0x14, 0xb6,
865
+	       0x03, 0x9f, 0x86, 0x4b, 0x0e, 0xa3, 0xff, 0xa0, 0x80, 0x02,
866
+	       0x83, 0xc3, 0xd3, 0x1f, 0x69, 0x52, 0xd6, 0x9d, 0x64, 0x0f,
867
+	       0xc9, 0x83, 0xe7, 0x1b, 0xc4, 0x70, 0xac, 0x94, 0xe7, 0xc3,
868
+	       0xa4, 0x6a, 0x2c, 0xbd, 0xb8, 0x9e, 0x69, 0xd8, 0xbe, 0x0a,
869
+	       0x8f, 0x16, 0x63, 0x5a, 0x68, 0x71, 0x80, 0x7b, 0x30, 0xde,
870
+	       0x15, 0x04, 0xbf, 0xcc, 0xd3, 0xbf, 0x3e, 0x48, 0x05, 0x55,
871
+	       0x7a, 0xb3, 0xd7, 0x10, 0x0c, 0x03, 0xfc, 0x9b, 0xfd, 0x08,
872
+	       0xa7, 0x8c, 0x8c, 0xdb, 0xa7, 0x8e, 0xf1, 0x1e, 0x63, 0xdc,
873
+	       0xb3, 0x01, 0x2f, 0x7f, 0xaf, 0x57, 0xc3, 0x3c, 0x48, 0xa7,
874
+	       0x83, 0x68, 0x21, 0xa7, 0x2f, 0xe7, 0xa7, 0x3f, 0xf0, 0xb5,
875
+	       0x0c, 0xfc, 0xf5, 0x84, 0xd1, 0x53, 0xbc, 0x0e, 0x72, 0x4f,
876
+	       0x60, 0x0c, 0x42, 0xb8, 0x98, 0xad, 0x19, 0x88, 0x57, 0xd7,
877
+	       0x04, 0xec, 0x87, 0xbf, 0x7e, 0x87, 0x4e, 0xa3, 0x21, 0xf9,
878
+	       0x53, 0xfd, 0x36, 0x98, 0x48, 0x8d, 0xd6, 0xf8, 0xbb, 0x48,
879
+	       0xf2, 0x29, 0xc8, 0x64, 0xd1, 0xcc, 0x54, 0x48, 0x53, 0x8b,
880
+	       0xaf, 0xb7, 0x65, 0x1e, 0xbf, 0x29, 0x33, 0x29, 0xd9, 0x29,
881
+	       0x60, 0x48, 0xf8, 0xff, 0x91, 0xbc, 0x57, 0x58, 0xe5, 0x35,
882
+	       0x2e, 0xbb, 0x69, 0xb6, 0x59, 0x02, 0x03, 0x01, 0x00, 0x01,
883
+	       0xa3, 0x82, 0x01, 0x1d, 0x30, 0x82, 0x01, 0x19, 0x30, 0x1f,
884
+	       0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
885
+	       0x14, 0xc0, 0x7a, 0x98, 0x68, 0x8d, 0x89, 0xfb, 0xab, 0x05,
886
+	       0x64, 0x0c, 0x11, 0x7d, 0xaa, 0x7d, 0x65, 0xb8, 0xca, 0xcc,
887
+	       0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16,
888
+	       0x04, 0x14, 0xc3, 0x9c, 0xf3, 0xfc, 0xd3, 0x46, 0x08, 0x34,
889
+	       0xbb, 0xce, 0x46, 0x7f, 0xa0, 0x7c, 0x5b, 0xf3, 0xe2, 0x08,
890
+	       0xcb, 0x59, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
891
+	       0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02,
892
+	       0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01,
893
+	       0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x35,
894
+	       0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2e, 0x30, 0x2c, 0x30,
895
+	       0x2a, 0xa0, 0x28, 0xa0, 0x26, 0x86, 0x24, 0x68, 0x74, 0x74,
896
+	       0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x2e, 0x73, 0x79, 0x6d, 0x63,
897
+	       0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x73,
898
+	       0x2f, 0x67, 0x74, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x2e,
899
+	       0x63, 0x72, 0x6c, 0x30, 0x2e, 0x06, 0x08, 0x2b, 0x06, 0x01,
900
+	       0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x22, 0x30, 0x20, 0x30,
901
+	       0x1e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30,
902
+	       0x01, 0x86, 0x12, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
903
+	       0x67, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x64, 0x2e, 0x63, 0x6f,
904
+	       0x6d, 0x30, 0x4c, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x45,
905
+	       0x30, 0x43, 0x30, 0x41, 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01,
906
+	       0x86, 0xf8, 0x45, 0x01, 0x07, 0x36, 0x30, 0x33, 0x30, 0x31,
907
+	       0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01,
908
+	       0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77,
909
+	       0x77, 0x77, 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73,
910
+	       0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x73, 0x6f,
911
+	       0x75, 0x72, 0x63, 0x65, 0x73, 0x2f, 0x63, 0x70, 0x73, 0x30,
912
+	       0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
913
+	       0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xa3,
914
+	       0x58, 0x1e, 0xc6, 0x43, 0x32, 0xac, 0xac, 0x2f, 0x93, 0x78,
915
+	       0xb7, 0xea, 0xae, 0x54, 0x40, 0x47, 0x2d, 0x7e, 0x78, 0x8d,
916
+	       0x50, 0xf6, 0xf8, 0x66, 0xac, 0xd6, 0x4f, 0x73, 0xd6, 0x44,
917
+	       0xef, 0xaf, 0x0b, 0xcc, 0x5b, 0xc1, 0xf4, 0x4f, 0x9a, 0x8f,
918
+	       0x49, 0x7e, 0x60, 0xaf, 0xc2, 0x27, 0xc7, 0x16, 0xf1, 0xfb,
919
+	       0x93, 0x81, 0x90, 0xa9, 0x7c, 0xef, 0x6f, 0x7e, 0x6e, 0x45,
920
+	       0x94, 0x16, 0x84, 0xbd, 0xec, 0x49, 0xf1, 0xc4, 0x0e, 0xf4,
921
+	       0xaf, 0x04, 0x59, 0x83, 0x87, 0x0f, 0x2c, 0x3b, 0x97, 0xc3,
922
+	       0x5a, 0x12, 0x9b, 0x7b, 0x04, 0x35, 0x7b, 0xa3, 0x95, 0x33,
923
+	       0x08, 0x7b, 0x93, 0x71, 0x22, 0x42, 0xb3, 0xa9, 0xd9, 0x6f,
924
+	       0x4f, 0x81, 0x92, 0xfc, 0x07, 0xb6, 0x79, 0xbc, 0x84, 0x4a,
925
+	       0x9d, 0x77, 0x09, 0xf1, 0xc5, 0x89, 0xf2, 0xf0, 0xb4, 0x9c,
926
+	       0x54, 0xaa, 0x12, 0x7b, 0x0d, 0xba, 0x4f, 0xef, 0x93, 0x19,
927
+	       0xec, 0xef, 0x7d, 0x4e, 0x61, 0xa3, 0x8e, 0x76, 0x9c, 0x59,
928
+	       0xcf, 0x8c, 0x94, 0xb1, 0x84, 0x97, 0xf7, 0x1a, 0xb9, 0x07,
929
+	       0xb8, 0xb2, 0xc6, 0x4f, 0x13, 0x79, 0xdb, 0xbf, 0x4f, 0x51,
930
+	       0x1b, 0x7f, 0x69, 0x0d, 0x51, 0x2a, 0xc1, 0xd6, 0x15, 0xff,
931
+	       0x37, 0x51, 0x34, 0x65, 0x51, 0xf4, 0x1e, 0xbe, 0x38, 0x6a,
932
+	       0xec, 0x0e, 0xab, 0xbf, 0x3d, 0x7b, 0x39, 0x05, 0x7b, 0xf4,
933
+	       0xf3, 0xfb, 0x1a, 0xa1, 0xd0, 0xc8, 0x7e, 0x4e, 0x64, 0x8d,
934
+	       0xcd, 0x8c, 0x61, 0x55, 0x90, 0xfe, 0x3a, 0xca, 0x5d, 0x25,
935
+	       0x0f, 0xf8, 0x1d, 0xa3, 0x4a, 0x74, 0x56, 0x4f, 0x1a, 0x55,
936
+	       0x40, 0x70, 0x75, 0x25, 0xa6, 0x33, 0x2e, 0xba, 0x4b, 0xa5,
937
+	       0x5d, 0x53, 0x9a, 0x0d, 0x30, 0xe1, 0x8d, 0x5f, 0x61, 0x2c,
938
+	       0xaf, 0xcc, 0xef, 0xb0, 0x99, 0xa1, 0x80, 0xff, 0x0b, 0xf2,
939
+	       0x62, 0x4c, 0x70, 0x26, 0x98 ),
940
+	FINGERPRINT ( 0xbc, 0x3f, 0x03, 0xa4, 0x36, 0x24, 0x0e, 0xdb,
941
+		      0xa5, 0xf8, 0x37, 0x14, 0xf6, 0xf6, 0x77, 0xe3,
942
+		      0x4b, 0x37, 0xf9, 0xb1, 0xf0, 0xc0, 0x8c, 0x1e,
943
+		      0x55, 0x8d, 0x98, 0x1e, 0x27, 0x9e, 0x82, 0x09 ) );
944
+
945
+/*
946
+ * subject	*.vultr.com
947
+ * issuer	RapidSSL SHA256 CA - G3
948
+ */
949
+CERTIFICATE ( vultr_crt,
950
+	DATA ( 0x30, 0x82, 0x04, 0xa8, 0x30, 0x82, 0x03, 0x90, 0xa0, 0x03,
951
+	       0x02, 0x01, 0x02, 0x02, 0x03, 0x00, 0x95, 0x4d, 0x30, 0x0d,
952
+	       0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
953
+	       0x0b, 0x05, 0x00, 0x30, 0x47, 0x31, 0x0b, 0x30, 0x09, 0x06,
954
+	       0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x16,
955
+	       0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x47,
956
+	       0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e,
957
+	       0x63, 0x2e, 0x31, 0x20, 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04,
958
+	       0x03, 0x13, 0x17, 0x52, 0x61, 0x70, 0x69, 0x64, 0x53, 0x53,
959
+	       0x4c, 0x20, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x20, 0x43,
960
+	       0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30, 0x1e, 0x17, 0x0d,
961
+	       0x31, 0x34, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x33, 0x31,
962
+	       0x32, 0x38, 0x5a, 0x17, 0x0d, 0x31, 0x37, 0x31, 0x32, 0x32,
963
+	       0x32, 0x31, 0x39, 0x32, 0x39, 0x31, 0x30, 0x5a, 0x30, 0x81,
964
+	       0x8f, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b,
965
+	       0x13, 0x0a, 0x47, 0x54, 0x36, 0x32, 0x30, 0x37, 0x39, 0x37,
966
+	       0x32, 0x31, 0x31, 0x31, 0x30, 0x2f, 0x06, 0x03, 0x55, 0x04,
967
+	       0x0b, 0x13, 0x28, 0x53, 0x65, 0x65, 0x20, 0x77, 0x77, 0x77,
968
+	       0x2e, 0x72, 0x61, 0x70, 0x69, 0x64, 0x73, 0x73, 0x6c, 0x2e,
969
+	       0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72,
970
+	       0x63, 0x65, 0x73, 0x2f, 0x63, 0x70, 0x73, 0x20, 0x28, 0x63,
971
+	       0x29, 0x31, 0x33, 0x31, 0x2f, 0x30, 0x2d, 0x06, 0x03, 0x55,
972
+	       0x04, 0x0b, 0x13, 0x26, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e,
973
+	       0x20, 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x20, 0x56,
974
+	       0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x64, 0x20, 0x2d,
975
+	       0x20, 0x52, 0x61, 0x70, 0x69, 0x64, 0x53, 0x53, 0x4c, 0x28,
976
+	       0x52, 0x29, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04,
977
+	       0x03, 0x0c, 0x0b, 0x2a, 0x2e, 0x76, 0x75, 0x6c, 0x74, 0x72,
978
+	       0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d,
979
+	       0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
980
+	       0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82,
981
+	       0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0x9f, 0xa8, 0x2e,
982
+	       0x65, 0x41, 0x05, 0xec, 0xef, 0x69, 0x92, 0xf6, 0xd3, 0x53,
983
+	       0x4f, 0xd4, 0x8e, 0xd3, 0x49, 0x8c, 0xc7, 0x85, 0x6d, 0xb0,
984
+	       0x71, 0xe0, 0x28, 0x04, 0x80, 0x85, 0x82, 0x3e, 0x3f, 0xdb,
985
+	       0x0c, 0xed, 0xcd, 0x2b, 0x04, 0xc8, 0x67, 0x15, 0x8c, 0x25,
986
+	       0xd6, 0x7a, 0x54, 0x67, 0x94, 0xbe, 0x33, 0x12, 0x33, 0x88,
987
+	       0xfe, 0x5d, 0x1d, 0x36, 0x62, 0x4e, 0xbc, 0x1e, 0x7e, 0xd3,
988
+	       0x3e, 0x7c, 0x3c, 0x59, 0x4a, 0x99, 0x0b, 0xca, 0x9b, 0x1e,
989
+	       0xc7, 0xf7, 0xe7, 0x6d, 0xdc, 0x57, 0xbe, 0x3a, 0xab, 0xc2,
990
+	       0x0b, 0xb1, 0xbe, 0x90, 0xa1, 0x54, 0x07, 0xc5, 0x48, 0x65,
991
+	       0xc1, 0x32, 0x99, 0x92, 0x26, 0x97, 0x90, 0x3e, 0x68, 0x6b,
992
+	       0xac, 0xbd, 0x4f, 0x0e, 0x88, 0x38, 0xd3, 0xdc, 0x80, 0x9e,
993
+	       0xb9, 0x66, 0x5d, 0xeb, 0x19, 0xfd, 0x85, 0xff, 0xba, 0xf0,
994
+	       0x89, 0x20, 0x08, 0xea, 0xd8, 0x01, 0x76, 0x29, 0xdc, 0xf0,
995
+	       0x1c, 0xfa, 0xbf, 0x6f, 0x7b, 0x67, 0xf4, 0xc4, 0xee, 0xe3,
996
+	       0xde, 0x95, 0xa2, 0x76, 0x65, 0x98, 0xc5, 0x21, 0xdc, 0xe9,
997
+	       0x95, 0xee, 0x83, 0x97, 0xae, 0xdd, 0xab, 0xdb, 0xc0, 0x47,
998
+	       0xc8, 0x68, 0x00, 0xb3, 0xab, 0x11, 0x4f, 0x81, 0xf5, 0x45,
999
+	       0x01, 0xd1, 0x64, 0xfd, 0x53, 0xbf, 0x86, 0xef, 0x87, 0xca,
1000
+	       0x8e, 0x55, 0xa0, 0x27, 0x27, 0xe5, 0x9e, 0xc1, 0x69, 0x28,
1001
+	       0x2a, 0x9f, 0x2d, 0xe2, 0x2c, 0x25, 0xef, 0x74, 0x1b, 0x52,
1002
+	       0xe4, 0x81, 0xf4, 0xc2, 0x71, 0x0a, 0x48, 0xff, 0x47, 0xa5,
1003
+	       0xea, 0x0a, 0xf5, 0xb1, 0x6d, 0xae, 0x09, 0x2b, 0xf9, 0x23,
1004
+	       0x6a, 0x28, 0x58, 0x3d, 0xbb, 0x9f, 0x80, 0xb2, 0x81, 0x03,
1005
+	       0xae, 0xe5, 0xea, 0xbe, 0x97, 0xae, 0xec, 0x3c, 0x33, 0xc7,
1006
+	       0x68, 0xf0, 0x6c, 0x89, 0x9d, 0x01, 0x2a, 0x1e, 0x2b, 0xd7,
1007
+	       0x93, 0x5a, 0xa9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82,
1008
+	       0x01, 0x52, 0x30, 0x82, 0x01, 0x4e, 0x30, 0x1f, 0x06, 0x03,
1009
+	       0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xc3,
1010
+	       0x9c, 0xf3, 0xfc, 0xd3, 0x46, 0x08, 0x34, 0xbb, 0xce, 0x46,
1011
+	       0x7f, 0xa0, 0x7c, 0x5b, 0xf3, 0xe2, 0x08, 0xcb, 0x59, 0x30,
1012
+	       0x57, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01,
1013
+	       0x01, 0x04, 0x4b, 0x30, 0x49, 0x30, 0x1f, 0x06, 0x08, 0x2b,
1014
+	       0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x13, 0x68,
1015
+	       0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x76, 0x2e, 0x73,
1016
+	       0x79, 0x6d, 0x63, 0x64, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x26,
1017
+	       0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02,
1018
+	       0x86, 0x1a, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67,
1019
+	       0x76, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f,
1020
+	       0x6d, 0x2f, 0x67, 0x76, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0e,
1021
+	       0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04,
1022
+	       0x03, 0x02, 0x05, 0xa0, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d,
1023
+	       0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01,
1024
+	       0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01,
1025
+	       0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x21, 0x06, 0x03, 0x55,
1026
+	       0x1d, 0x11, 0x04, 0x1a, 0x30, 0x18, 0x82, 0x0b, 0x2a, 0x2e,
1027
+	       0x76, 0x75, 0x6c, 0x74, 0x72, 0x2e, 0x63, 0x6f, 0x6d, 0x82,
1028
+	       0x09, 0x76, 0x75, 0x6c, 0x74, 0x72, 0x2e, 0x63, 0x6f, 0x6d,
1029
+	       0x30, 0x2b, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x24, 0x30,
1030
+	       0x22, 0x30, 0x20, 0xa0, 0x1e, 0xa0, 0x1c, 0x86, 0x1a, 0x68,
1031
+	       0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x76, 0x2e, 0x73,
1032
+	       0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67,
1033
+	       0x76, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0c, 0x06, 0x03, 0x55,
1034
+	       0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30,
1035
+	       0x45, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x3e, 0x30, 0x3c,
1036
+	       0x30, 0x3a, 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8,
1037
+	       0x45, 0x01, 0x07, 0x36, 0x30, 0x2c, 0x30, 0x2a, 0x06, 0x08,
1038
+	       0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1e,
1039
+	       0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77,
1040
+	       0x77, 0x2e, 0x72, 0x61, 0x70, 0x69, 0x64, 0x73, 0x73, 0x6c,
1041
+	       0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x65, 0x67, 0x61, 0x6c,
1042
+	       0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
1043
+	       0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
1044
+	       0x93, 0x63, 0x02, 0x6a, 0xa1, 0x2a, 0xf3, 0xbe, 0x64, 0x2b,
1045
+	       0x36, 0xaf, 0x66, 0x16, 0x49, 0x29, 0x56, 0x6c, 0xc7, 0x75,
1046
+	       0x74, 0xf3, 0x69, 0xd8, 0x85, 0xce, 0x50, 0x3b, 0x43, 0x89,
1047
+	       0xaf, 0x74, 0x99, 0x26, 0x34, 0xa4, 0x27, 0xa8, 0xfa, 0xfe,
1048
+	       0x45, 0xaf, 0xbe, 0x75, 0x22, 0x3d, 0x15, 0xca, 0xa6, 0x38,
1049
+	       0xc9, 0x2b, 0x3c, 0xf4, 0x11, 0x9f, 0x96, 0xa7, 0x69, 0x3e,
1050
+	       0xf8, 0xf0, 0x88, 0xd8, 0xd2, 0x9c, 0x1c, 0x0e, 0x4c, 0xfd,
1051
+	       0xf3, 0x3b, 0x48, 0x25, 0x68, 0xb3, 0x8d, 0x7e, 0x26, 0x73,
1052
+	       0x73, 0xcb, 0x3a, 0x41, 0x92, 0x16, 0x55, 0xe1, 0xff, 0x00,
1053
+	       0x07, 0xa2, 0xfe, 0xfe, 0x25, 0xfc, 0x86, 0x0f, 0x49, 0xff,
1054
+	       0x96, 0x78, 0x02, 0x65, 0xd7, 0xad, 0xcd, 0x0c, 0x82, 0x35,
1055
+	       0x56, 0xfe, 0x12, 0x25, 0xa9, 0x8f, 0xc2, 0xa4, 0xe9, 0x43,
1056
+	       0xbb, 0x85, 0x62, 0x21, 0x62, 0x5d, 0x70, 0x76, 0x79, 0x75,
1057
+	       0xeb, 0xd6, 0x82, 0x53, 0x0d, 0xde, 0x77, 0x95, 0x56, 0x87,
1058
+	       0x44, 0x13, 0x82, 0x7d, 0xa9, 0x9a, 0x94, 0x7e, 0x1c, 0x6d,
1059
+	       0x7f, 0x72, 0xef, 0x04, 0x84, 0xdf, 0x65, 0x98, 0x17, 0xb4,
1060
+	       0xbe, 0xfe, 0x30, 0x0f, 0xfa, 0x8d, 0x9f, 0x29, 0x1d, 0xbd,
1061
+	       0x99, 0xa7, 0xe3, 0x09, 0x1d, 0x13, 0x21, 0xfd, 0x9e, 0x03,
1062
+	       0x17, 0xb9, 0x9e, 0x48, 0x35, 0x66, 0xe5, 0x86, 0x0a, 0x0f,
1063
+	       0x04, 0xfd, 0xcd, 0x3b, 0x13, 0x59, 0xd6, 0x0c, 0x05, 0x8c,
1064
+	       0xd2, 0x6b, 0x5c, 0x45, 0x33, 0x43, 0x91, 0xac, 0xb8, 0xdd,
1065
+	       0xe3, 0xbe, 0xdf, 0x7b, 0x5c, 0x94, 0xa9, 0xfd, 0xc0, 0xf8,
1066
+	       0xa9, 0xd2, 0x82, 0xcd, 0xbf, 0x60, 0xd7, 0xf8, 0x3d, 0x53,
1067
+	       0xf7, 0x6a, 0xdc, 0x46, 0xc4, 0x22, 0x84, 0x98, 0x6a, 0x32,
1068
+	       0xf2, 0xdf, 0x43, 0xd9, 0x5a, 0xdb, 0x97, 0x20, 0x05, 0x0b,
1069
+	       0x3e, 0x06, 0x38, 0x13, 0x3a, 0x21 ),
1070
+	FINGERPRINT ( 0x2c, 0x58, 0x63, 0x6e, 0xf1, 0xab, 0x8f, 0xff,
1071
+		      0x86, 0x5d, 0x4f, 0x8d, 0x3f, 0xa9, 0x4d, 0x63,
1072
+		      0xe7, 0xe6, 0xc6, 0x03, 0x1e, 0xc9, 0x0e, 0xfb,
1073
+		      0xe8, 0xaa, 0xa6, 0xf4, 0x6f, 0x21, 0xc7, 0x7b ) );
1074
+
828 1075
 OCSP ( barclays_ocsp, &barclays_crt, &verisign_crt,
829 1076
 	DATA ( 0x30, 0x51, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x4b, 0x30, 0x49,
830 1077
 	       0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
@@ -1301,12 +1548,164 @@ OCSP ( unknown_ocsp, &thawte_crt, &startssl_crt,
1301 1548
 	       0x8c, 0x3e, 0xb4, 0x66, 0x76, 0x67, 0x34, 0x70, 0x00, 0x63,
1302 1549
 	       0xcf, 0x9e, 0xc8, 0xc5, 0x5f, 0x48, 0x06, 0x53, 0x26, 0x55 ) );
1303 1550
 
1551
+OCSP ( vultr_ocsp, &vultr_crt, &rapidssl_crt,
1552
+	DATA ( 0x30, 0x44, 0x30, 0x42, 0x30, 0x40, 0x30, 0x3e, 0x30, 0x3c,
1553
+	       0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
1554
+	       0x00, 0x04, 0x14, 0x40, 0x0b, 0x46, 0x7a, 0xf1, 0xe6, 0xb2,
1555
+	       0xd3, 0x09, 0x83, 0xba, 0x0d, 0x60, 0x7e, 0x7e, 0x59, 0x37,
1556
+	       0x48, 0x24, 0xc4, 0x04, 0x14, 0xc3, 0x9c, 0xf3, 0xfc, 0xd3,
1557
+	       0x46, 0x08, 0x34, 0xbb, 0xce, 0x46, 0x7f, 0xa0, 0x7c, 0x5b,
1558
+	       0xf3, 0xe2, 0x08, 0xcb, 0x59, 0x02, 0x03, 0x00, 0x95, 0x4d ),
1559
+	DATA ( 0x30, 0x82, 0x05, 0x70, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x05,
1560
+	       0x69, 0x30, 0x82, 0x05, 0x65, 0x06, 0x09, 0x2b, 0x06, 0x01,
1561
+	       0x05, 0x05, 0x07, 0x30, 0x01, 0x01, 0x04, 0x82, 0x05, 0x56,
1562
+	       0x30, 0x82, 0x05, 0x52, 0x30, 0x81, 0x91, 0xa2, 0x16, 0x04,
1563
+	       0x14, 0xfa, 0x58, 0xdb, 0x09, 0x53, 0xbc, 0x19, 0xc5, 0xe7,
1564
+	       0xb5, 0x8b, 0xf6, 0x10, 0xf8, 0x1e, 0x84, 0x6d, 0x3a, 0x8f,
1565
+	       0xd8, 0x18, 0x0f, 0x32, 0x30, 0x31, 0x34, 0x31, 0x31, 0x32,
1566
+	       0x32, 0x32, 0x33, 0x30, 0x38, 0x35, 0x36, 0x5a, 0x30, 0x66,
1567
+	       0x30, 0x64, 0x30, 0x3c, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
1568
+	       0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x40, 0x0b, 0x46,
1569
+	       0x7a, 0xf1, 0xe6, 0xb2, 0xd3, 0x09, 0x83, 0xba, 0x0d, 0x60,
1570
+	       0x7e, 0x7e, 0x59, 0x37, 0x48, 0x24, 0xc4, 0x04, 0x14, 0xc3,
1571
+	       0x9c, 0xf3, 0xfc, 0xd3, 0x46, 0x08, 0x34, 0xbb, 0xce, 0x46,
1572
+	       0x7f, 0xa0, 0x7c, 0x5b, 0xf3, 0xe2, 0x08, 0xcb, 0x59, 0x02,
1573
+	       0x03, 0x00, 0x95, 0x4d, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30,
1574
+	       0x31, 0x34, 0x31, 0x31, 0x32, 0x32, 0x32, 0x33, 0x30, 0x38,
1575
+	       0x35, 0x36, 0x5a, 0xa0, 0x11, 0x18, 0x0f, 0x32, 0x30, 0x31,
1576
+	       0x34, 0x31, 0x31, 0x32, 0x39, 0x32, 0x33, 0x30, 0x38, 0x35,
1577
+	       0x36, 0x5a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
1578
+	       0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01,
1579
+	       0x01, 0x00, 0x6a, 0x71, 0x8f, 0x84, 0x66, 0xb5, 0x75, 0xe6,
1580
+	       0x97, 0xa4, 0xb9, 0xc6, 0xa0, 0x37, 0x6f, 0x23, 0x76, 0x3c,
1581
+	       0x59, 0x4c, 0x1c, 0x2d, 0x9f, 0x70, 0xab, 0x83, 0xbf, 0xa9,
1582
+	       0xbf, 0x79, 0x31, 0x69, 0xdd, 0x78, 0xd5, 0x59, 0x90, 0x68,
1583
+	       0xbe, 0x25, 0xb7, 0x53, 0x7d, 0x8b, 0xcf, 0x66, 0x3b, 0xcd,
1584
+	       0xe0, 0xd2, 0x40, 0x1d, 0xc8, 0x29, 0xe4, 0x37, 0xbf, 0x20,
1585
+	       0x7e, 0x64, 0x8d, 0x0d, 0xc7, 0xed, 0x0d, 0x08, 0x05, 0x36,
1586
+	       0x27, 0x4f, 0xb8, 0xe3, 0x19, 0xec, 0xf0, 0x96, 0xe8, 0x48,
1587
+	       0x9b, 0x8b, 0x2c, 0x18, 0xdb, 0x1e, 0x68, 0x11, 0xf3, 0xfb,
1588
+	       0x9c, 0x68, 0xad, 0xcc, 0x15, 0xe0, 0x25, 0x08, 0x98, 0xd2,
1589
+	       0xbf, 0xd0, 0x57, 0xe6, 0x4c, 0x73, 0x5a, 0x2c, 0xc8, 0x89,
1590
+	       0xd6, 0xe4, 0xd0, 0x47, 0x6d, 0x8c, 0xc7, 0x75, 0xb1, 0x4e,
1591
+	       0x10, 0x34, 0xe5, 0x40, 0xa3, 0xb1, 0x50, 0x07, 0x3d, 0x7d,
1592
+	       0xad, 0xeb, 0x1d, 0x91, 0x7f, 0x77, 0x2e, 0x0d, 0x9a, 0xa7,
1593
+	       0xbb, 0x68, 0x89, 0xd2, 0x05, 0x58, 0x16, 0xf1, 0x5e, 0x1d,
1594
+	       0x05, 0xf6, 0x9e, 0xe9, 0x89, 0x52, 0x35, 0xb7, 0x29, 0x7a,
1595
+	       0x68, 0x02, 0x6f, 0xc7, 0x20, 0x30, 0xc8, 0xde, 0x97, 0x3f,
1596
+	       0xb7, 0x28, 0x38, 0x39, 0xd1, 0x4b, 0x4b, 0x90, 0x71, 0xe5,
1597
+	       0x58, 0xa4, 0xa3, 0xbd, 0x78, 0x95, 0xb5, 0x54, 0xdd, 0xf7,
1598
+	       0x4f, 0x8e, 0x78, 0x73, 0x86, 0xbf, 0x28, 0xb0, 0xdd, 0xc0,
1599
+	       0xe9, 0x4a, 0xf5, 0x9f, 0x02, 0x8e, 0x63, 0x8f, 0x59, 0xf1,
1600
+	       0x93, 0xf0, 0x45, 0x97, 0x30, 0xdb, 0x0a, 0x04, 0x3e, 0x81,
1601
+	       0x99, 0x20, 0x7a, 0xb2, 0xe6, 0x8c, 0x8f, 0x2a, 0x4c, 0x31,
1602
+	       0xf1, 0x64, 0xbc, 0xb7, 0xec, 0xb1, 0xf9, 0x69, 0x1f, 0x99,
1603
+	       0x89, 0x3e, 0x3e, 0xa0, 0xf4, 0xde, 0x79, 0xa7, 0xae, 0xa3,
1604
+	       0x23, 0xbd, 0x16, 0xbb, 0x6d, 0x0f, 0x15, 0x68, 0xa0, 0x82,
1605
+	       0x03, 0xa6, 0x30, 0x82, 0x03, 0xa2, 0x30, 0x82, 0x03, 0x9e,
1606
+	       0x30, 0x82, 0x02, 0x86, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
1607
+	       0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
1608
+	       0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x47, 0x31,
1609
+	       0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
1610
+	       0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04,
1611
+	       0x0a, 0x13, 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73,
1612
+	       0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x20, 0x30, 0x1e,
1613
+	       0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x17, 0x52, 0x61, 0x70,
1614
+	       0x69, 0x64, 0x53, 0x53, 0x4c, 0x20, 0x53, 0x48, 0x41, 0x32,
1615
+	       0x35, 0x36, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33,
1616
+	       0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x30, 0x38, 0x32, 0x39,
1617
+	       0x32, 0x33, 0x33, 0x39, 0x33, 0x30, 0x5a, 0x17, 0x0d, 0x31,
1618
+	       0x35, 0x30, 0x35, 0x32, 0x32, 0x32, 0x33, 0x33, 0x39, 0x33,
1619
+	       0x30, 0x5a, 0x30, 0x31, 0x31, 0x2f, 0x30, 0x2d, 0x06, 0x03,
1620
+	       0x55, 0x04, 0x03, 0x13, 0x26, 0x52, 0x61, 0x70, 0x69, 0x64,
1621
+	       0x53, 0x53, 0x4c, 0x20, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36,
1622
+	       0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x20, 0x4f,
1623
+	       0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
1624
+	       0x64, 0x65, 0x72, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06,
1625
+	       0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
1626
+	       0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01,
1627
+	       0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0x9b, 0xf2, 0x8e, 0xe9,
1628
+	       0x57, 0x3e, 0xa8, 0x5c, 0xfd, 0x00, 0x14, 0x21, 0xe7, 0xe4,
1629
+	       0x57, 0xbb, 0x55, 0xc8, 0xa8, 0x50, 0x93, 0xdc, 0xbf, 0xfc,
1630
+	       0xde, 0x46, 0x8a, 0x53, 0x9f, 0x12, 0xaa, 0x7c, 0xf1, 0xdd,
1631
+	       0x89, 0x9e, 0x02, 0x27, 0x9c, 0x1a, 0xa0, 0x94, 0xf5, 0xec,
1632
+	       0x06, 0xa3, 0xdb, 0xf3, 0x3f, 0x6d, 0xfd, 0x30, 0x6d, 0xab,
1633
+	       0xcb, 0xc3, 0x72, 0xa9, 0x25, 0x35, 0x69, 0x67, 0x07, 0xaf,
1634
+	       0x9c, 0x91, 0x3a, 0x24, 0x03, 0x74, 0x59, 0xfd, 0x69, 0xa6,
1635
+	       0xfe, 0x23, 0xa4, 0x6c, 0x2f, 0xbe, 0x44, 0x56, 0x47, 0xee,
1636
+	       0xdb, 0x07, 0xc3, 0x72, 0x3f, 0x14, 0xdc, 0x16, 0xb9, 0x66,
1637
+	       0x48, 0x7c, 0x6e, 0x69, 0x6f, 0xa1, 0x05, 0xc6, 0x36, 0x08,
1638
+	       0x01, 0xdd, 0x1c, 0xb8, 0x52, 0xf4, 0x86, 0x96, 0x85, 0x39,
1639
+	       0x89, 0xb0, 0x31, 0x67, 0x62, 0xc5, 0x52, 0x91, 0x72, 0xd7,
1640
+	       0x96, 0x8c, 0xe1, 0x0a, 0x02, 0x6a, 0xfe, 0x82, 0xca, 0xc0,
1641
+	       0x34, 0xc9, 0xbc, 0x45, 0xa7, 0xc0, 0x4b, 0xa0, 0x7c, 0x7c,
1642
+	       0xcc, 0x29, 0xe5, 0x8c, 0xf6, 0x91, 0x65, 0x33, 0xf1, 0x7b,
1643
+	       0xda, 0x55, 0x69, 0x93, 0x2d, 0x4e, 0xb9, 0xb4, 0x7f, 0x56,
1644
+	       0xe6, 0x80, 0xbe, 0x23, 0x4a, 0x4a, 0x65, 0xa6, 0xab, 0xa2,
1645
+	       0x40, 0xb1, 0x75, 0x62, 0x13, 0xc1, 0xfd, 0x52, 0xe1, 0xbb,
1646
+	       0x7b, 0xb1, 0x7f, 0x8a, 0x0c, 0x27, 0x35, 0xec, 0x27, 0x3b,
1647
+	       0xa5, 0xe7, 0x75, 0xb8, 0xe3, 0xc4, 0xcf, 0x4d, 0x8a, 0x02,
1648
+	       0x57, 0x57, 0x16, 0xa2, 0x8e, 0x9d, 0x87, 0x5a, 0x32, 0xb6,
1649
+	       0xf6, 0x1d, 0xf5, 0xe3, 0xd7, 0xcf, 0x79, 0xc8, 0x77, 0x74,
1650
+	       0xdc, 0xe5, 0xba, 0xde, 0x5c, 0x22, 0xad, 0xc0, 0xfa, 0x67,
1651
+	       0xf3, 0x26, 0xbf, 0xcc, 0xd4, 0x88, 0xd5, 0xda, 0x87, 0x4d,
1652
+	       0x9d, 0x99, 0xc1, 0xce, 0xa4, 0x9a, 0xda, 0x99, 0xa5, 0xa2,
1653
+	       0xe1, 0xc5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xaa,
1654
+	       0x30, 0x81, 0xa7, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23,
1655
+	       0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xc3, 0x9c, 0xf3, 0xfc,
1656
+	       0xd3, 0x46, 0x08, 0x34, 0xbb, 0xce, 0x46, 0x7f, 0xa0, 0x7c,
1657
+	       0x5b, 0xf3, 0xe2, 0x08, 0xcb, 0x59, 0x30, 0x0f, 0x06, 0x09,
1658
+	       0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x05, 0x04,
1659
+	       0x02, 0x05, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
1660
+	       0x04, 0x16, 0x04, 0x14, 0xfa, 0x58, 0xdb, 0x09, 0x53, 0xbc,
1661
+	       0x19, 0xc5, 0xe7, 0xb5, 0x8b, 0xf6, 0x10, 0xf8, 0x1e, 0x84,
1662
+	       0x6d, 0x3a, 0x8f, 0xd8, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d,
1663
+	       0x25, 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01,
1664
+	       0x05, 0x05, 0x07, 0x03, 0x09, 0x30, 0x0c, 0x06, 0x03, 0x55,
1665
+	       0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30,
1666
+	       0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04,
1667
+	       0x04, 0x03, 0x02, 0x07, 0x80, 0x30, 0x21, 0x06, 0x03, 0x55,
1668
+	       0x1d, 0x11, 0x04, 0x1a, 0x30, 0x18, 0xa4, 0x16, 0x30, 0x14,
1669
+	       0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
1670
+	       0x09, 0x54, 0x47, 0x56, 0x2d, 0x42, 0x2d, 0x32, 0x31, 0x34,
1671
+	       0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
1672
+	       0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
1673
+	       0x3e, 0x45, 0xce, 0x3d, 0x53, 0x8c, 0x88, 0xcd, 0xde, 0xf1,
1674
+	       0x38, 0x0c, 0x00, 0x7a, 0x7e, 0x22, 0xe7, 0x1a, 0xa5, 0xbe,
1675
+	       0xee, 0x1c, 0x17, 0x20, 0xc3, 0x65, 0x68, 0x86, 0x27, 0x83,
1676
+	       0x62, 0xd7, 0xdc, 0x1d, 0x6c, 0xfa, 0x24, 0x2e, 0x66, 0x50,
1677
+	       0xe5, 0xe0, 0x42, 0xa5, 0x73, 0x67, 0x2a, 0xea, 0x5a, 0x17,
1678
+	       0x20, 0x3b, 0x14, 0xd4, 0x74, 0x14, 0xbd, 0x18, 0x60, 0xbe,
1679
+	       0xa6, 0x46, 0xb1, 0xc2, 0x82, 0xc9, 0xb6, 0x99, 0x67, 0x56,
1680
+	       0xbe, 0x17, 0xda, 0x78, 0x05, 0x48, 0x65, 0x9d, 0x48, 0xb5,
1681
+	       0xda, 0x1d, 0x52, 0x59, 0x2a, 0xac, 0x09, 0x2d, 0x29, 0x18,
1682
+	       0x96, 0xc1, 0x58, 0x79, 0xfc, 0x73, 0x0b, 0x70, 0x4d, 0x31,
1683
+	       0x61, 0x80, 0xc7, 0x77, 0x02, 0xf1, 0x12, 0xb3, 0x80, 0x6f,
1684
+	       0xb9, 0x05, 0x69, 0xcf, 0x4f, 0x80, 0x7d, 0xf5, 0x06, 0xe6,
1685
+	       0x2e, 0xc7, 0x53, 0x99, 0x8b, 0x07, 0xc7, 0x7a, 0xe6, 0xf3,
1686
+	       0x12, 0x86, 0xd1, 0xbb, 0x8a, 0x8a, 0xfb, 0x9d, 0xd1, 0x0b,
1687
+	       0xe7, 0x9f, 0x12, 0x06, 0xfb, 0x7d, 0x8e, 0xe7, 0xb7, 0x39,
1688
+	       0xe0, 0x3c, 0xd0, 0xe8, 0x35, 0x44, 0x28, 0xb7, 0xcb, 0xee,
1689
+	       0xef, 0xa7, 0x14, 0xfa, 0x0e, 0x34, 0xaf, 0x78, 0x59, 0x1e,
1690
+	       0x91, 0xd9, 0xe0, 0x9b, 0x3c, 0x9e, 0x3a, 0xbf, 0xf5, 0xf5,
1691
+	       0x11, 0x5b, 0x04, 0x48, 0xcd, 0x3a, 0x3f, 0xee, 0x46, 0x6d,
1692
+	       0x69, 0x68, 0x39, 0xc1, 0x4d, 0x54, 0xfd, 0x6c, 0x27, 0x1e,
1693
+	       0x5b, 0x58, 0x00, 0xbb, 0x4f, 0x1b, 0x12, 0xd3, 0xbb, 0x46,
1694
+	       0xf4, 0x7c, 0x4a, 0x44, 0xb5, 0xcb, 0x4f, 0xf2, 0x3d, 0xc3,
1695
+	       0x51, 0xfc, 0x7a, 0x2c, 0x59, 0xd0, 0x82, 0x73, 0xe3, 0x88,
1696
+	       0xfc, 0x25, 0x4c, 0x35, 0x6f, 0x88, 0x85, 0xff, 0xad, 0x8c,
1697
+	       0x83, 0xc4, 0x76, 0x58, 0x6b, 0xfa, 0xf2, 0xed, 0x5b, 0x95,
1698
+	       0xd9, 0x07, 0x55, 0x58, 0xfe, 0x08 ) );
1699
+
1304 1700
 /** Time at which OCSP responses are valid */
1305 1701
 static time_t test_time = 1337062083ULL; /* Tue 15 May 2012 06:08:03 */
1306 1702
 
1307 1703
 /** Time at which OCSP responses are not valid */
1308 1704
 static time_t test_stale = 1375573111ULL; /* Sat Aug  3 23:38:31 2013 */
1309 1705
 
1706
+/** Time at which "vultr" OCSP response (generated more recently) is valid */
1707
+static time_t test_vultr = 1416697736ULL; /* Sat 22 Nov 23:08:56 2014 */
1708
+
1310 1709
 /**
1311 1710
  * Report certificate parsing test result
1312 1711
  *
@@ -1398,12 +1797,15 @@ static void ocsp_test_exec ( void ) {
1398 1797
 	ocsp_certificate_ok ( &verisign_crt );
1399 1798
 	ocsp_certificate_ok ( &thawte_crt );
1400 1799
 	ocsp_certificate_ok ( &startssl_crt );
1800
+	ocsp_certificate_ok ( &rapidssl_crt );
1801
+	ocsp_certificate_ok ( &vultr_crt );
1401 1802
 
1402 1803
 	/* Parse OCSP checks */
1403 1804
 	ocsp_check_ok ( &barclays_ocsp );
1404 1805
 	ocsp_check_ok ( &google_ocsp );
1405 1806
 	ocsp_check_ok ( &unauthorized_ocsp );
1406 1807
 	ocsp_check_ok ( &unknown_ocsp );
1808
+	ocsp_check_ok ( &vultr_ocsp );
1407 1809
 
1408 1810
 	/* "barclays" test */
1409 1811
 	ocsp_request_ok ( &barclays_ocsp );
@@ -1425,13 +1827,22 @@ static void ocsp_test_exec ( void ) {
1425 1827
 	ocsp_request_ok ( &unknown_ocsp );
1426 1828
 	ocsp_response_fail_ok ( &unknown_ocsp );
1427 1829
 
1830
+	/* "vultr" test */
1831
+	ocsp_request_ok ( &vultr_ocsp );
1832
+	ocsp_response_ok ( &vultr_ocsp );
1833
+	ocsp_validate_ok ( &vultr_ocsp, test_vultr );
1834
+	ocsp_validate_fail_ok ( &vultr_ocsp, test_stale );
1835
+
1428 1836
 	/* Drop OCSP check references */
1429 1837
 	ocsp_put ( unknown_ocsp.ocsp );
1430 1838
 	ocsp_put ( unauthorized_ocsp.ocsp );
1431 1839
 	ocsp_put ( google_ocsp.ocsp );
1432 1840
 	ocsp_put ( barclays_ocsp.ocsp );
1841
+	ocsp_put ( vultr_ocsp.ocsp );
1433 1842
 
1434 1843
 	/* Drop certificate references */
1844
+	x509_put ( vultr_crt.cert );
1845
+	x509_put ( rapidssl_crt.cert );
1435 1846
 	x509_put ( startssl_crt.cert );
1436 1847
 	x509_put ( thawte_crt.cert );
1437 1848
 	x509_put ( verisign_crt.cert );

Ładowanie…
Anuluj
Zapisz