robin.thoni
/
ipxe
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 11 Wiki Activity
Browse Source

[crypto] Fix parsing of OCSP responder ID key hash 

We currently compare the entirety of the KeyHash object (including the
ASN.1 tag and length byte) against the raw SHA-1 hash of the
certificate's public key.  This causes OCSP validation to fail for any
responses which identify the responder by key hash rather than by
name, and hence prevents the use of X.509 certificates where any
certificate in the chain has an OCSP responder which chooses to
identify itself via its key hash.

Fix by adding the missing asn1_enter() required to enter the ASN.1
octet string containing the key hash.

Also add a corresponding test case including an OCSP response where
the responder is identified by key hash, to ensure that this
functionality cannot be broken in future.

Debugged-by: Brian Rak <brak@gameservers.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 10 years ago
parent
a937615151
commit
5cbdc41778
2 changed files with 419 additions and 3 deletions
Unified View Show Diff Stats
  1. 8
    3
      src/crypto/ocsp.c
  2. 411
    0
      src/tests/ocsp_test.c

+ 8
- 3
src/crypto/ocsp.c View File

405 
 static int ocsp_compare_responder_key_hash ( struct ocsp_check *ocsp,
 405 
 static int ocsp_compare_responder_key_hash ( struct ocsp_check *ocsp,
406 
 					     struct x509_certificate *cert ) {
 406 
 					     struct x509_certificate *cert ) {
407 
 	struct ocsp_responder *responder = &ocsp->response.responder;
 407 
 	struct ocsp_responder *responder = &ocsp->response.responder;
408 
+	struct asn1_cursor key_hash;
408 
 	uint8_t ctx[SHA1_CTX_SIZE];
 409 
 	uint8_t ctx[SHA1_CTX_SIZE];
409 
 	uint8_t digest[SHA1_DIGEST_SIZE];
 410 
 	uint8_t digest[SHA1_DIGEST_SIZE];
410 
 	int difference;
 411 
 	int difference;
411
412
413 
+	/* Enter responder key hash */
414 
+	memcpy ( &key_hash, &responder->id, sizeof ( key_hash ) );
415 
+	asn1_enter ( &key_hash, ASN1_OCTET_STRING );
416 
+
412 
 	/* Sanity check */
 417 
 	/* Sanity check */
413 
-	difference = ( sizeof ( digest ) - responder->id.len );
418 
+	difference = ( sizeof ( digest ) - key_hash.len );
414 
 	if ( difference )
 419 
 	if ( difference )
415 
 		return difference;
 420 
 		return difference;
416
421
421 
 			cert->subject.public_key.raw_bits.len );
 426 
 			cert->subject.public_key.raw_bits.len );
422 
 	digest_final ( &sha1_algorithm, ctx, digest );
 427 
 	digest_final ( &sha1_algorithm, ctx, digest );
423
428
424 
-	/* Compare responder ID with SHA1 hash of certificate's public key */
425 
-	return memcmp ( digest, responder->id.data, sizeof ( digest ) );
429 
+	/* Compare responder key hash with hash of certificate's public key */
430 
+	return memcmp ( digest, key_hash.data, sizeof ( digest ) );
426 
 }
 431 
 }
427
432
428 
 /**
 433 
 /**

+ 411
- 0
src/tests/ocsp_test.c View File

825 
 		      0x1c, 0xec, 0xc2, 0x1c, 0xc5, 0xc2, 0xf5, 0x67,
 825 
 		      0x1c, 0xec, 0xc2, 0x1c, 0xc5, 0xc2, 0xf5, 0x67,
826 
 		      0x48, 0xa7, 0x11, 0x01, 0x69, 0x83, 0xfd, 0x8e ) );
 826 
 		      0x48, 0xa7, 0x11, 0x01, 0x69, 0x83, 0xfd, 0x8e ) );
827
827
828 
+/*
829 
+ * subject	RapidSSL SHA256 CA - G3
830 
+ * issuer	GeoTrust Global CA
831 
+ */
832 
+CERTIFICATE ( rapidssl_crt,
833 
+	DATA ( 0x30, 0x82, 0x04, 0x25, 0x30, 0x82, 0x03, 0x0d, 0xa0, 0x03,
834 
+	       0x02, 0x01, 0x02, 0x02, 0x03, 0x02, 0x3a, 0x77, 0x30, 0x0d,
835 
+	       0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
836 
+	       0x0b, 0x05, 0x00, 0x30, 0x42, 0x31, 0x0b, 0x30, 0x09, 0x06,
837 
+	       0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x16,
838 
+	       0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x47,
839 
+	       0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e,
840 
+	       0x63, 0x2e, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04,
841 
+	       0x03, 0x13, 0x12, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73,
842 
+	       0x74, 0x20, 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x20, 0x43,
843 
+	       0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x30, 0x38, 0x32,
844 
+	       0x39, 0x32, 0x31, 0x33, 0x39, 0x33, 0x32, 0x5a, 0x17, 0x0d,
845 
+	       0x32, 0x32, 0x30, 0x35, 0x32, 0x30, 0x32, 0x31, 0x33, 0x39,
846 
+	       0x33, 0x32, 0x5a, 0x30, 0x47, 0x31, 0x0b, 0x30, 0x09, 0x06,
847 
+	       0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x16,
848 
+	       0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x47,
849 
+	       0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e,
850 
+	       0x63, 0x2e, 0x31, 0x20, 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04,
851 
+	       0x03, 0x13, 0x17, 0x52, 0x61, 0x70, 0x69, 0x64, 0x53, 0x53,
852 
+	       0x4c, 0x20, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x20, 0x43,
853 
+	       0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30, 0x82, 0x01, 0x22,
854 
+	       0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
855 
+	       0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00,
856 
+	       0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xaf,
857 
+	       0x54, 0x9b, 0xd9, 0x58, 0x5d, 0x1e, 0x2c, 0x56, 0xc6, 0xd5,
858 
+	       0xe8, 0x7f, 0xf4, 0x7d, 0x16, 0x03, 0xff, 0xd0, 0x8b, 0x5a,
859 
+	       0xe4, 0x8e, 0xa7, 0xdd, 0x54, 0x2e, 0xd4, 0x04, 0xc0, 0x5d,
860 
+	       0x98, 0x9c, 0x8d, 0x90, 0x0f, 0xbc, 0x10, 0x65, 0x5f, 0xda,
861 
+	       0x9a, 0xd6, 0x44, 0x7c, 0xc0, 0x9f, 0xb5, 0xe9, 0x4a, 0x8c,
862 
+	       0x0b, 0x06, 0x43, 0x04, 0xbb, 0xf4, 0x96, 0xe2, 0x26, 0xf6,
863 
+	       0x61, 0x01, 0x91, 0x66, 0x31, 0x22, 0xc3, 0x34, 0x34, 0x5f,
864 
+	       0x3f, 0x3f, 0x91, 0x2f, 0x44, 0x5f, 0xdc, 0xc7, 0x14, 0xb6,
865 
+	       0x03, 0x9f, 0x86, 0x4b, 0x0e, 0xa3, 0xff, 0xa0, 0x80, 0x02,
866 
+	       0x83, 0xc3, 0xd3, 0x1f, 0x69, 0x52, 0xd6, 0x9d, 0x64, 0x0f,
867 
+	       0xc9, 0x83, 0xe7, 0x1b, 0xc4, 0x70, 0xac, 0x94, 0xe7, 0xc3,
868 
+	       0xa4, 0x6a, 0x2c, 0xbd, 0xb8, 0x9e, 0x69, 0xd8, 0xbe, 0x0a,
869 
+	       0x8f, 0x16, 0x63, 0x5a, 0x68, 0x71, 0x80, 0x7b, 0x30, 0xde,
870 
+	       0x15, 0x04, 0xbf, 0xcc, 0xd3, 0xbf, 0x3e, 0x48, 0x05, 0x55,
871 
+	       0x7a, 0xb3, 0xd7, 0x10, 0x0c, 0x03, 0xfc, 0x9b, 0xfd, 0x08,
872 
+	       0xa7, 0x8c, 0x8c, 0xdb, 0xa7, 0x8e, 0xf1, 0x1e, 0x63, 0xdc,
873 
+	       0xb3, 0x01, 0x2f, 0x7f, 0xaf, 0x57, 0xc3, 0x3c, 0x48, 0xa7,
874 
+	       0x83, 0x68, 0x21, 0xa7, 0x2f, 0xe7, 0xa7, 0x3f, 0xf0, 0xb5,
875 
+	       0x0c, 0xfc, 0xf5, 0x84, 0xd1, 0x53, 0xbc, 0x0e, 0x72, 0x4f,
876 
+	       0x60, 0x0c, 0x42, 0xb8, 0x98, 0xad, 0x19, 0x88, 0x57, 0xd7,
877 
+	       0x04, 0xec, 0x87, 0xbf, 0x7e, 0x87, 0x4e, 0xa3, 0x21, 0xf9,
878 
+	       0x53, 0xfd, 0x36, 0x98, 0x48, 0x8d, 0xd6, 0xf8, 0xbb, 0x48,
879 
+	       0xf2, 0x29, 0xc8, 0x64, 0xd1, 0xcc, 0x54, 0x48, 0x53, 0x8b,
880 
+	       0xaf, 0xb7, 0x65, 0x1e, 0xbf, 0x29, 0x33, 0x29, 0xd9, 0x29,
881 
+	       0x60, 0x48, 0xf8, 0xff, 0x91, 0xbc, 0x57, 0x58, 0xe5, 0x35,
882 
+	       0x2e, 0xbb, 0x69, 0xb6, 0x59, 0x02, 0x03, 0x01, 0x00, 0x01,
883 
+	       0xa3, 0x82, 0x01, 0x1d, 0x30, 0x82, 0x01, 0x19, 0x30, 0x1f,
884 
+	       0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
885 
+	       0x14, 0xc0, 0x7a, 0x98, 0x68, 0x8d, 0x89, 0xfb, 0xab, 0x05,
886 
+	       0x64, 0x0c, 0x11, 0x7d, 0xaa, 0x7d, 0x65, 0xb8, 0xca, 0xcc,
887 
+	       0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16,
888 
+	       0x04, 0x14, 0xc3, 0x9c, 0xf3, 0xfc, 0xd3, 0x46, 0x08, 0x34,
889 
+	       0xbb, 0xce, 0x46, 0x7f, 0xa0, 0x7c, 0x5b, 0xf3, 0xe2, 0x08,
890 
+	       0xcb, 0x59, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
891 
+	       0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02,
892 
+	       0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01,
893 
+	       0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x35,
894 
+	       0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2e, 0x30, 0x2c, 0x30,
895 
+	       0x2a, 0xa0, 0x28, 0xa0, 0x26, 0x86, 0x24, 0x68, 0x74, 0x74,
896 
+	       0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x2e, 0x73, 0x79, 0x6d, 0x63,
897 
+	       0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x73,
898 
+	       0x2f, 0x67, 0x74, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x2e,
899 
+	       0x63, 0x72, 0x6c, 0x30, 0x2e, 0x06, 0x08, 0x2b, 0x06, 0x01,
900 
+	       0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x22, 0x30, 0x20, 0x30,
901 
+	       0x1e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30,
902 
+	       0x01, 0x86, 0x12, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
903 
+	       0x67, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x64, 0x2e, 0x63, 0x6f,
904 
+	       0x6d, 0x30, 0x4c, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x45,
905 
+	       0x30, 0x43, 0x30, 0x41, 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01,
906 
+	       0x86, 0xf8, 0x45, 0x01, 0x07, 0x36, 0x30, 0x33, 0x30, 0x31,
907 
+	       0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01,
908 
+	       0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77,
909 
+	       0x77, 0x77, 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73,
910 
+	       0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x73, 0x6f,
911 
+	       0x75, 0x72, 0x63, 0x65, 0x73, 0x2f, 0x63, 0x70, 0x73, 0x30,
912 
+	       0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
913 
+	       0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xa3,
914 
+	       0x58, 0x1e, 0xc6, 0x43, 0x32, 0xac, 0xac, 0x2f, 0x93, 0x78,
915 
+	       0xb7, 0xea, 0xae, 0x54, 0x40, 0x47, 0x2d, 0x7e, 0x78, 0x8d,
916 
+	       0x50, 0xf6, 0xf8, 0x66, 0xac, 0xd6, 0x4f, 0x73, 0xd6, 0x44,
917 
+	       0xef, 0xaf, 0x0b, 0xcc, 0x5b, 0xc1, 0xf4, 0x4f, 0x9a, 0x8f,
918 
+	       0x49, 0x7e, 0x60, 0xaf, 0xc2, 0x27, 0xc7, 0x16, 0xf1, 0xfb,
919 
+	       0x93, 0x81, 0x90, 0xa9, 0x7c, 0xef, 0x6f, 0x7e, 0x6e, 0x45,
920 
+	       0x94, 0x16, 0x84, 0xbd, 0xec, 0x49, 0xf1, 0xc4, 0x0e, 0xf4,
921 
+	       0xaf, 0x04, 0x59, 0x83, 0x87, 0x0f, 0x2c, 0x3b, 0x97, 0xc3,
922 
+	       0x5a, 0x12, 0x9b, 0x7b, 0x04, 0x35, 0x7b, 0xa3, 0x95, 0x33,
923 
+	       0x08, 0x7b, 0x93, 0x71, 0x22, 0x42, 0xb3, 0xa9, 0xd9, 0x6f,
924 
+	       0x4f, 0x81, 0x92, 0xfc, 0x07, 0xb6, 0x79, 0xbc, 0x84, 0x4a,
925 
+	       0x9d, 0x77, 0x09, 0xf1, 0xc5, 0x89, 0xf2, 0xf0, 0xb4, 0x9c,
926 
+	       0x54, 0xaa, 0x12, 0x7b, 0x0d, 0xba, 0x4f, 0xef, 0x93, 0x19,
927 
+	       0xec, 0xef, 0x7d, 0x4e, 0x61, 0xa3, 0x8e, 0x76, 0x9c, 0x59,
928 
+	       0xcf, 0x8c, 0x94, 0xb1, 0x84, 0x97, 0xf7, 0x1a, 0xb9, 0x07,
929 
+	       0xb8, 0xb2, 0xc6, 0x4f, 0x13, 0x79, 0xdb, 0xbf, 0x4f, 0x51,
930 
+	       0x1b, 0x7f, 0x69, 0x0d, 0x51, 0x2a, 0xc1, 0xd6, 0x15, 0xff,
931 
+	       0x37, 0x51, 0x34, 0x65, 0x51, 0xf4, 0x1e, 0xbe, 0x38, 0x6a,
932 
+	       0xec, 0x0e, 0xab, 0xbf, 0x3d, 0x7b, 0x39, 0x05, 0x7b, 0xf4,
933 
+	       0xf3, 0xfb, 0x1a, 0xa1, 0xd0, 0xc8, 0x7e, 0x4e, 0x64, 0x8d,
934 
+	       0xcd, 0x8c, 0x61, 0x55, 0x90, 0xfe, 0x3a, 0xca, 0x5d, 0x25,
935 
+	       0x0f, 0xf8, 0x1d, 0xa3, 0x4a, 0x74, 0x56, 0x4f, 0x1a, 0x55,
936 
+	       0x40, 0x70, 0x75, 0x25, 0xa6, 0x33, 0x2e, 0xba, 0x4b, 0xa5,
937 
+	       0x5d, 0x53, 0x9a, 0x0d, 0x30, 0xe1, 0x8d, 0x5f, 0x61, 0x2c,
938 
+	       0xaf, 0xcc, 0xef, 0xb0, 0x99, 0xa1, 0x80, 0xff, 0x0b, 0xf2,
939 
+	       0x62, 0x4c, 0x70, 0x26, 0x98 ),
940 
+	FINGERPRINT ( 0xbc, 0x3f, 0x03, 0xa4, 0x36, 0x24, 0x0e, 0xdb,
941 
+		      0xa5, 0xf8, 0x37, 0x14, 0xf6, 0xf6, 0x77, 0xe3,
942 
+		      0x4b, 0x37, 0xf9, 0xb1, 0xf0, 0xc0, 0x8c, 0x1e,
943 
+		      0x55, 0x8d, 0x98, 0x1e, 0x27, 0x9e, 0x82, 0x09 ) );
944 
+
945 
+/*
946 
+ * subject	*.vultr.com
947 
+ * issuer	RapidSSL SHA256 CA - G3
948 
+ */
949 
+CERTIFICATE ( vultr_crt,
950 
+	DATA ( 0x30, 0x82, 0x04, 0xa8, 0x30, 0x82, 0x03, 0x90, 0xa0, 0x03,
951 
+	       0x02, 0x01, 0x02, 0x02, 0x03, 0x00, 0x95, 0x4d, 0x30, 0x0d,
952 
+	       0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
953 
+	       0x0b, 0x05, 0x00, 0x30, 0x47, 0x31, 0x0b, 0x30, 0x09, 0x06,
954 
+	       0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x16,
955 
+	       0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x47,
956 
+	       0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e,
957 
+	       0x63, 0x2e, 0x31, 0x20, 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04,
958 
+	       0x03, 0x13, 0x17, 0x52, 0x61, 0x70, 0x69, 0x64, 0x53, 0x53,
959 
+	       0x4c, 0x20, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x20, 0x43,
960 
+	       0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30, 0x1e, 0x17, 0x0d,
961 
+	       0x31, 0x34, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x33, 0x31,
962 
+	       0x32, 0x38, 0x5a, 0x17, 0x0d, 0x31, 0x37, 0x31, 0x32, 0x32,
963 
+	       0x32, 0x31, 0x39, 0x32, 0x39, 0x31, 0x30, 0x5a, 0x30, 0x81,
964 
+	       0x8f, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b,
965 
+	       0x13, 0x0a, 0x47, 0x54, 0x36, 0x32, 0x30, 0x37, 0x39, 0x37,
966 
+	       0x32, 0x31, 0x31, 0x31, 0x30, 0x2f, 0x06, 0x03, 0x55, 0x04,
967 
+	       0x0b, 0x13, 0x28, 0x53, 0x65, 0x65, 0x20, 0x77, 0x77, 0x77,
968 
+	       0x2e, 0x72, 0x61, 0x70, 0x69, 0x64, 0x73, 0x73, 0x6c, 0x2e,
969 
+	       0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72,
970 
+	       0x63, 0x65, 0x73, 0x2f, 0x63, 0x70, 0x73, 0x20, 0x28, 0x63,
971 
+	       0x29, 0x31, 0x33, 0x31, 0x2f, 0x30, 0x2d, 0x06, 0x03, 0x55,
972 
+	       0x04, 0x0b, 0x13, 0x26, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e,
973 
+	       0x20, 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x20, 0x56,
974 
+	       0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x64, 0x20, 0x2d,
975 
+	       0x20, 0x52, 0x61, 0x70, 0x69, 0x64, 0x53, 0x53, 0x4c, 0x28,
976 
+	       0x52, 0x29, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04,
977 
+	       0x03, 0x0c, 0x0b, 0x2a, 0x2e, 0x76, 0x75, 0x6c, 0x74, 0x72,
978 
+	       0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d,
979 
+	       0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
980 
+	       0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82,
981 
+	       0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0x9f, 0xa8, 0x2e,
982 
+	       0x65, 0x41, 0x05, 0xec, 0xef, 0x69, 0x92, 0xf6, 0xd3, 0x53,
983 
+	       0x4f, 0xd4, 0x8e, 0xd3, 0x49, 0x8c, 0xc7, 0x85, 0x6d, 0xb0,
984 
+	       0x71, 0xe0, 0x28, 0x04, 0x80, 0x85, 0x82, 0x3e, 0x3f, 0xdb,
985 
+	       0x0c, 0xed, 0xcd, 0x2b, 0x04, 0xc8, 0x67, 0x15, 0x8c, 0x25,
986 
+	       0xd6, 0x7a, 0x54, 0x67, 0x94, 0xbe, 0x33, 0x12, 0x33, 0x88,
987 
+	       0xfe, 0x5d, 0x1d, 0x36, 0x62, 0x4e, 0xbc, 0x1e, 0x7e, 0xd3,
988 
+	       0x3e, 0x7c, 0x3c, 0x59, 0x4a, 0x99, 0x0b, 0xca, 0x9b, 0x1e,
989 
+	       0xc7, 0xf7, 0xe7, 0x6d, 0xdc, 0x57, 0xbe, 0x3a, 0xab, 0xc2,
990 
+	       0x0b, 0xb1, 0xbe, 0x90, 0xa1, 0x54, 0x07, 0xc5, 0x48, 0x65,
991 
+	       0xc1, 0x32, 0x99, 0x92, 0x26, 0x97, 0x90, 0x3e, 0x68, 0x6b,
992 
+	       0xac, 0xbd, 0x4f, 0x0e, 0x88, 0x38, 0xd3, 0xdc, 0x80, 0x9e,
993 
+	       0xb9, 0x66, 0x5d, 0xeb, 0x19, 0xfd, 0x85, 0xff, 0xba, 0xf0,
994 
+	       0x89, 0x20, 0x08, 0xea, 0xd8, 0x01, 0x76, 0x29, 0xdc, 0xf0,
995 
+	       0x1c, 0xfa, 0xbf, 0x6f, 0x7b, 0x67, 0xf4, 0xc4, 0xee, 0xe3,
996 
+	       0xde, 0x95, 0xa2, 0x76, 0x65, 0x98, 0xc5, 0x21, 0xdc, 0xe9,
997 
+	       0x95, 0xee, 0x83, 0x97, 0xae, 0xdd, 0xab, 0xdb, 0xc0, 0x47,
998 
+	       0xc8, 0x68, 0x00, 0xb3, 0xab, 0x11, 0x4f, 0x81, 0xf5, 0x45,
999 
+	       0x01, 0xd1, 0x64, 0xfd, 0x53, 0xbf, 0x86, 0xef, 0x87, 0xca,
1000 
+	       0x8e, 0x55, 0xa0, 0x27, 0x27, 0xe5, 0x9e, 0xc1, 0x69, 0x28,
1001 
+	       0x2a, 0x9f, 0x2d, 0xe2, 0x2c, 0x25, 0xef, 0x74, 0x1b, 0x52,
1002 
+	       0xe4, 0x81, 0xf4, 0xc2, 0x71, 0x0a, 0x48, 0xff, 0x47, 0xa5,
1003 
+	       0xea, 0x0a, 0xf5, 0xb1, 0x6d, 0xae, 0x09, 0x2b, 0xf9, 0x23,
1004 
+	       0x6a, 0x28, 0x58, 0x3d, 0xbb, 0x9f, 0x80, 0xb2, 0x81, 0x03,
1005 
+	       0xae, 0xe5, 0xea, 0xbe, 0x97, 0xae, 0xec, 0x3c, 0x33, 0xc7,
1006 
+	       0x68, 0xf0, 0x6c, 0x89, 0x9d, 0x01, 0x2a, 0x1e, 0x2b, 0xd7,
1007 
+	       0x93, 0x5a, 0xa9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82,
1008 
+	       0x01, 0x52, 0x30, 0x82, 0x01, 0x4e, 0x30, 0x1f, 0x06, 0x03,
1009 
+	       0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xc3,
1010 
+	       0x9c, 0xf3, 0xfc, 0xd3, 0x46, 0x08, 0x34, 0xbb, 0xce, 0x46,
1011 
+	       0x7f, 0xa0, 0x7c, 0x5b, 0xf3, 0xe2, 0x08, 0xcb, 0x59, 0x30,
1012 
+	       0x57, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01,
1013 
+	       0x01, 0x04, 0x4b, 0x30, 0x49, 0x30, 0x1f, 0x06, 0x08, 0x2b,
1014 
+	       0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x13, 0x68,
1015 
+	       0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x76, 0x2e, 0x73,
1016 
+	       0x79, 0x6d, 0x63, 0x64, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x26,
1017 
+	       0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02,
1018 
+	       0x86, 0x1a, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67,
1019 
+	       0x76, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f,
1020 
+	       0x6d, 0x2f, 0x67, 0x76, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0e,
1021 
+	       0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04,
1022 
+	       0x03, 0x02, 0x05, 0xa0, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d,
1023 
+	       0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01,
1024 
+	       0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01,
1025 
+	       0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x21, 0x06, 0x03, 0x55,
1026 
+	       0x1d, 0x11, 0x04, 0x1a, 0x30, 0x18, 0x82, 0x0b, 0x2a, 0x2e,
1027 
+	       0x76, 0x75, 0x6c, 0x74, 0x72, 0x2e, 0x63, 0x6f, 0x6d, 0x82,
1028 
+	       0x09, 0x76, 0x75, 0x6c, 0x74, 0x72, 0x2e, 0x63, 0x6f, 0x6d,
1029 
+	       0x30, 0x2b, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x24, 0x30,
1030 
+	       0x22, 0x30, 0x20, 0xa0, 0x1e, 0xa0, 0x1c, 0x86, 0x1a, 0x68,
1031 
+	       0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x76, 0x2e, 0x73,
1032 
+	       0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67,
1033 
+	       0x76, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0c, 0x06, 0x03, 0x55,
1034 
+	       0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30,
1035 
+	       0x45, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x3e, 0x30, 0x3c,
1036 
+	       0x30, 0x3a, 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8,
1037 
+	       0x45, 0x01, 0x07, 0x36, 0x30, 0x2c, 0x30, 0x2a, 0x06, 0x08,
1038 
+	       0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1e,
1039 
+	       0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77,
1040 
+	       0x77, 0x2e, 0x72, 0x61, 0x70, 0x69, 0x64, 0x73, 0x73, 0x6c,
1041 
+	       0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x65, 0x67, 0x61, 0x6c,
1042 
+	       0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
1043 
+	       0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
1044 
+	       0x93, 0x63, 0x02, 0x6a, 0xa1, 0x2a, 0xf3, 0xbe, 0x64, 0x2b,
1045 
+	       0x36, 0xaf, 0x66, 0x16, 0x49, 0x29, 0x56, 0x6c, 0xc7, 0x75,
1046 
+	       0x74, 0xf3, 0x69, 0xd8, 0x85, 0xce, 0x50, 0x3b, 0x43, 0x89,
1047 
+	       0xaf, 0x74, 0x99, 0x26, 0x34, 0xa4, 0x27, 0xa8, 0xfa, 0xfe,
1048 
+	       0x45, 0xaf, 0xbe, 0x75, 0x22, 0x3d, 0x15, 0xca, 0xa6, 0x38,
1049 
+	       0xc9, 0x2b, 0x3c, 0xf4, 0x11, 0x9f, 0x96, 0xa7, 0x69, 0x3e,
1050 
+	       0xf8, 0xf0, 0x88, 0xd8, 0xd2, 0x9c, 0x1c, 0x0e, 0x4c, 0xfd,
1051 
+	       0xf3, 0x3b, 0x48, 0x25, 0x68, 0xb3, 0x8d, 0x7e, 0x26, 0x73,
1052 
+	       0x73, 0xcb, 0x3a, 0x41, 0x92, 0x16, 0x55, 0xe1, 0xff, 0x00,
1053 
+	       0x07, 0xa2, 0xfe, 0xfe, 0x25, 0xfc, 0x86, 0x0f, 0x49, 0xff,
1054 
+	       0x96, 0x78, 0x02, 0x65, 0xd7, 0xad, 0xcd, 0x0c, 0x82, 0x35,
1055 
+	       0x56, 0xfe, 0x12, 0x25, 0xa9, 0x8f, 0xc2, 0xa4, 0xe9, 0x43,
1056 
+	       0xbb, 0x85, 0x62, 0x21, 0x62, 0x5d, 0x70, 0x76, 0x79, 0x75,
1057 
+	       0xeb, 0xd6, 0x82, 0x53, 0x0d, 0xde, 0x77, 0x95, 0x56, 0x87,
1058 
+	       0x44, 0x13, 0x82, 0x7d, 0xa9, 0x9a, 0x94, 0x7e, 0x1c, 0x6d,
1059 
+	       0x7f, 0x72, 0xef, 0x04, 0x84, 0xdf, 0x65, 0x98, 0x17, 0xb4,
1060 
+	       0xbe, 0xfe, 0x30, 0x0f, 0xfa, 0x8d, 0x9f, 0x29, 0x1d, 0xbd,
1061 
+	       0x99, 0xa7, 0xe3, 0x09, 0x1d, 0x13, 0x21, 0xfd, 0x9e, 0x03,
1062 
+	       0x17, 0xb9, 0x9e, 0x48, 0x35, 0x66, 0xe5, 0x86, 0x0a, 0x0f,
1063 
+	       0x04, 0xfd, 0xcd, 0x3b, 0x13, 0x59, 0xd6, 0x0c, 0x05, 0x8c,
1064 
+	       0xd2, 0x6b, 0x5c, 0x45, 0x33, 0x43, 0x91, 0xac, 0xb8, 0xdd,
1065 
+	       0xe3, 0xbe, 0xdf, 0x7b, 0x5c, 0x94, 0xa9, 0xfd, 0xc0, 0xf8,
1066 
+	       0xa9, 0xd2, 0x82, 0xcd, 0xbf, 0x60, 0xd7, 0xf8, 0x3d, 0x53,
1067 
+	       0xf7, 0x6a, 0xdc, 0x46, 0xc4, 0x22, 0x84, 0x98, 0x6a, 0x32,
1068 
+	       0xf2, 0xdf, 0x43, 0xd9, 0x5a, 0xdb, 0x97, 0x20, 0x05, 0x0b,
1069 
+	       0x3e, 0x06, 0x38, 0x13, 0x3a, 0x21 ),
1070 
+	FINGERPRINT ( 0x2c, 0x58, 0x63, 0x6e, 0xf1, 0xab, 0x8f, 0xff,
1071 
+		      0x86, 0x5d, 0x4f, 0x8d, 0x3f, 0xa9, 0x4d, 0x63,
1072 
+		      0xe7, 0xe6, 0xc6, 0x03, 0x1e, 0xc9, 0x0e, 0xfb,
1073 
+		      0xe8, 0xaa, 0xa6, 0xf4, 0x6f, 0x21, 0xc7, 0x7b ) );
1074 
+
828 
 OCSP ( barclays_ocsp, &barclays_crt, &verisign_crt,
 1075 
 OCSP ( barclays_ocsp, &barclays_crt, &verisign_crt,
829 
 	DATA ( 0x30, 0x51, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x4b, 0x30, 0x49,
 1076 
 	DATA ( 0x30, 0x51, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x4b, 0x30, 0x49,
830 
 	       0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
 1077 
 	       0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
1301 
 	       0x8c, 0x3e, 0xb4, 0x66, 0x76, 0x67, 0x34, 0x70, 0x00, 0x63,
 1548 
 	       0x8c, 0x3e, 0xb4, 0x66, 0x76, 0x67, 0x34, 0x70, 0x00, 0x63,
1302 
 	       0xcf, 0x9e, 0xc8, 0xc5, 0x5f, 0x48, 0x06, 0x53, 0x26, 0x55 ) );
 1549 
 	       0xcf, 0x9e, 0xc8, 0xc5, 0x5f, 0x48, 0x06, 0x53, 0x26, 0x55 ) );
1303
1550
1551 
+OCSP ( vultr_ocsp, &vultr_crt, &rapidssl_crt,
1552 
+	DATA ( 0x30, 0x44, 0x30, 0x42, 0x30, 0x40, 0x30, 0x3e, 0x30, 0x3c,
1553 
+	       0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
1554 
+	       0x00, 0x04, 0x14, 0x40, 0x0b, 0x46, 0x7a, 0xf1, 0xe6, 0xb2,
1555 
+	       0xd3, 0x09, 0x83, 0xba, 0x0d, 0x60, 0x7e, 0x7e, 0x59, 0x37,
1556 
+	       0x48, 0x24, 0xc4, 0x04, 0x14, 0xc3, 0x9c, 0xf3, 0xfc, 0xd3,
1557 
+	       0x46, 0x08, 0x34, 0xbb, 0xce, 0x46, 0x7f, 0xa0, 0x7c, 0x5b,
1558 
+	       0xf3, 0xe2, 0x08, 0xcb, 0x59, 0x02, 0x03, 0x00, 0x95, 0x4d ),
1559 
+	DATA ( 0x30, 0x82, 0x05, 0x70, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x05,
1560 
+	       0x69, 0x30, 0x82, 0x05, 0x65, 0x06, 0x09, 0x2b, 0x06, 0x01,
1561 
+	       0x05, 0x05, 0x07, 0x30, 0x01, 0x01, 0x04, 0x82, 0x05, 0x56,
1562 
+	       0x30, 0x82, 0x05, 0x52, 0x30, 0x81, 0x91, 0xa2, 0x16, 0x04,
1563 
+	       0x14, 0xfa, 0x58, 0xdb, 0x09, 0x53, 0xbc, 0x19, 0xc5, 0xe7,
1564 
+	       0xb5, 0x8b, 0xf6, 0x10, 0xf8, 0x1e, 0x84, 0x6d, 0x3a, 0x8f,
1565 
+	       0xd8, 0x18, 0x0f, 0x32, 0x30, 0x31, 0x34, 0x31, 0x31, 0x32,
1566 
+	       0x32, 0x32, 0x33, 0x30, 0x38, 0x35, 0x36, 0x5a, 0x30, 0x66,
1567 
+	       0x30, 0x64, 0x30, 0x3c, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
1568 
+	       0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x40, 0x0b, 0x46,
1569 
+	       0x7a, 0xf1, 0xe6, 0xb2, 0xd3, 0x09, 0x83, 0xba, 0x0d, 0x60,
1570 
+	       0x7e, 0x7e, 0x59, 0x37, 0x48, 0x24, 0xc4, 0x04, 0x14, 0xc3,
1571 
+	       0x9c, 0xf3, 0xfc, 0xd3, 0x46, 0x08, 0x34, 0xbb, 0xce, 0x46,
1572 
+	       0x7f, 0xa0, 0x7c, 0x5b, 0xf3, 0xe2, 0x08, 0xcb, 0x59, 0x02,
1573 
+	       0x03, 0x00, 0x95, 0x4d, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30,
1574 
+	       0x31, 0x34, 0x31, 0x31, 0x32, 0x32, 0x32, 0x33, 0x30, 0x38,
1575 
+	       0x35, 0x36, 0x5a, 0xa0, 0x11, 0x18, 0x0f, 0x32, 0x30, 0x31,
1576 
+	       0x34, 0x31, 0x31, 0x32, 0x39, 0x32, 0x33, 0x30, 0x38, 0x35,
1577 
+	       0x36, 0x5a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
1578 
+	       0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01,
1579 
+	       0x01, 0x00, 0x6a, 0x71, 0x8f, 0x84, 0x66, 0xb5, 0x75, 0xe6,
1580 
+	       0x97, 0xa4, 0xb9, 0xc6, 0xa0, 0x37, 0x6f, 0x23, 0x76, 0x3c,
1581 
+	       0x59, 0x4c, 0x1c, 0x2d, 0x9f, 0x70, 0xab, 0x83, 0xbf, 0xa9,
1582 
+	       0xbf, 0x79, 0x31, 0x69, 0xdd, 0x78, 0xd5, 0x59, 0x90, 0x68,
1583 
+	       0xbe, 0x25, 0xb7, 0x53, 0x7d, 0x8b, 0xcf, 0x66, 0x3b, 0xcd,
1584 
+	       0xe0, 0xd2, 0x40, 0x1d, 0xc8, 0x29, 0xe4, 0x37, 0xbf, 0x20,
1585 
+	       0x7e, 0x64, 0x8d, 0x0d, 0xc7, 0xed, 0x0d, 0x08, 0x05, 0x36,
1586 
+	       0x27, 0x4f, 0xb8, 0xe3, 0x19, 0xec, 0xf0, 0x96, 0xe8, 0x48,
1587 
+	       0x9b, 0x8b, 0x2c, 0x18, 0xdb, 0x1e, 0x68, 0x11, 0xf3, 0xfb,
1588 
+	       0x9c, 0x68, 0xad, 0xcc, 0x15, 0xe0, 0x25, 0x08, 0x98, 0xd2,
1589 
+	       0xbf, 0xd0, 0x57, 0xe6, 0x4c, 0x73, 0x5a, 0x2c, 0xc8, 0x89,
1590 
+	       0xd6, 0xe4, 0xd0, 0x47, 0x6d, 0x8c, 0xc7, 0x75, 0xb1, 0x4e,
1591 
+	       0x10, 0x34, 0xe5, 0x40, 0xa3, 0xb1, 0x50, 0x07, 0x3d, 0x7d,
1592 
+	       0xad, 0xeb, 0x1d, 0x91, 0x7f, 0x77, 0x2e, 0x0d, 0x9a, 0xa7,
1593 
+	       0xbb, 0x68, 0x89, 0xd2, 0x05, 0x58, 0x16, 0xf1, 0x5e, 0x1d,
1594 
+	       0x05, 0xf6, 0x9e, 0xe9, 0x89, 0x52, 0x35, 0xb7, 0x29, 0x7a,
1595 
+	       0x68, 0x02, 0x6f, 0xc7, 0x20, 0x30, 0xc8, 0xde, 0x97, 0x3f,
1596 
+	       0xb7, 0x28, 0x38, 0x39, 0xd1, 0x4b, 0x4b, 0x90, 0x71, 0xe5,
1597 
+	       0x58, 0xa4, 0xa3, 0xbd, 0x78, 0x95, 0xb5, 0x54, 0xdd, 0xf7,
1598 
+	       0x4f, 0x8e, 0x78, 0x73, 0x86, 0xbf, 0x28, 0xb0, 0xdd, 0xc0,
1599 
+	       0xe9, 0x4a, 0xf5, 0x9f, 0x02, 0x8e, 0x63, 0x8f, 0x59, 0xf1,
1600 
+	       0x93, 0xf0, 0x45, 0x97, 0x30, 0xdb, 0x0a, 0x04, 0x3e, 0x81,
1601 
+	       0x99, 0x20, 0x7a, 0xb2, 0xe6, 0x8c, 0x8f, 0x2a, 0x4c, 0x31,
1602 
+	       0xf1, 0x64, 0xbc, 0xb7, 0xec, 0xb1, 0xf9, 0x69, 0x1f, 0x99,
1603 
+	       0x89, 0x3e, 0x3e, 0xa0, 0xf4, 0xde, 0x79, 0xa7, 0xae, 0xa3,
1604 
+	       0x23, 0xbd, 0x16, 0xbb, 0x6d, 0x0f, 0x15, 0x68, 0xa0, 0x82,
1605 
+	       0x03, 0xa6, 0x30, 0x82, 0x03, 0xa2, 0x30, 0x82, 0x03, 0x9e,
1606 
+	       0x30, 0x82, 0x02, 0x86, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
1607 
+	       0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
1608 
+	       0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x47, 0x31,
1609 
+	       0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
1610 
+	       0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04,
1611 
+	       0x0a, 0x13, 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73,
1612 
+	       0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x20, 0x30, 0x1e,
1613 
+	       0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x17, 0x52, 0x61, 0x70,
1614 
+	       0x69, 0x64, 0x53, 0x53, 0x4c, 0x20, 0x53, 0x48, 0x41, 0x32,
1615 
+	       0x35, 0x36, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33,
1616 
+	       0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x30, 0x38, 0x32, 0x39,
1617 
+	       0x32, 0x33, 0x33, 0x39, 0x33, 0x30, 0x5a, 0x17, 0x0d, 0x31,
1618 
+	       0x35, 0x30, 0x35, 0x32, 0x32, 0x32, 0x33, 0x33, 0x39, 0x33,
1619 
+	       0x30, 0x5a, 0x30, 0x31, 0x31, 0x2f, 0x30, 0x2d, 0x06, 0x03,
1620 
+	       0x55, 0x04, 0x03, 0x13, 0x26, 0x52, 0x61, 0x70, 0x69, 0x64,
1621 
+	       0x53, 0x53, 0x4c, 0x20, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36,
1622 
+	       0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x20, 0x4f,
1623 
+	       0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
1624 
+	       0x64, 0x65, 0x72, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06,
1625 
+	       0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
1626 
+	       0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01,
1627 
+	       0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0x9b, 0xf2, 0x8e, 0xe9,
1628 
+	       0x57, 0x3e, 0xa8, 0x5c, 0xfd, 0x00, 0x14, 0x21, 0xe7, 0xe4,
1629 
+	       0x57, 0xbb, 0x55, 0xc8, 0xa8, 0x50, 0x93, 0xdc, 0xbf, 0xfc,
1630 
+	       0xde, 0x46, 0x8a, 0x53, 0x9f, 0x12, 0xaa, 0x7c, 0xf1, 0xdd,
1631 
+	       0x89, 0x9e, 0x02, 0x27, 0x9c, 0x1a, 0xa0, 0x94, 0xf5, 0xec,
1632 
+	       0x06, 0xa3, 0xdb, 0xf3, 0x3f, 0x6d, 0xfd, 0x30, 0x6d, 0xab,
1633 
+	       0xcb, 0xc3, 0x72, 0xa9, 0x25, 0x35, 0x69, 0x67, 0x07, 0xaf,
1634 
+	       0x9c, 0x91, 0x3a, 0x24, 0x03, 0x74, 0x59, 0xfd, 0x69, 0xa6,
1635 
+	       0xfe, 0x23, 0xa4, 0x6c, 0x2f, 0xbe, 0x44, 0x56, 0x47, 0xee,
1636 
+	       0xdb, 0x07, 0xc3, 0x72, 0x3f, 0x14, 0xdc, 0x16, 0xb9, 0x66,
1637 
+	       0x48, 0x7c, 0x6e, 0x69, 0x6f, 0xa1, 0x05, 0xc6, 0x36, 0x08,
1638 
+	       0x01, 0xdd, 0x1c, 0xb8, 0x52, 0xf4, 0x86, 0x96, 0x85, 0x39,
1639 
+	       0x89, 0xb0, 0x31, 0x67, 0x62, 0xc5, 0x52, 0x91, 0x72, 0xd7,
1640 
+	       0x96, 0x8c, 0xe1, 0x0a, 0x02, 0x6a, 0xfe, 0x82, 0xca, 0xc0,
1641 
+	       0x34, 0xc9, 0xbc, 0x45, 0xa7, 0xc0, 0x4b, 0xa0, 0x7c, 0x7c,
1642 
+	       0xcc, 0x29, 0xe5, 0x8c, 0xf6, 0x91, 0x65, 0x33, 0xf1, 0x7b,
1643 
+	       0xda, 0x55, 0x69, 0x93, 0x2d, 0x4e, 0xb9, 0xb4, 0x7f, 0x56,
1644 
+	       0xe6, 0x80, 0xbe, 0x23, 0x4a, 0x4a, 0x65, 0xa6, 0xab, 0xa2,
1645 
+	       0x40, 0xb1, 0x75, 0x62, 0x13, 0xc1, 0xfd, 0x52, 0xe1, 0xbb,
1646 
+	       0x7b, 0xb1, 0x7f, 0x8a, 0x0c, 0x27, 0x35, 0xec, 0x27, 0x3b,
1647 
+	       0xa5, 0xe7, 0x75, 0xb8, 0xe3, 0xc4, 0xcf, 0x4d, 0x8a, 0x02,
1648 
+	       0x57, 0x57, 0x16, 0xa2, 0x8e, 0x9d, 0x87, 0x5a, 0x32, 0xb6,
1649 
+	       0xf6, 0x1d, 0xf5, 0xe3, 0xd7, 0xcf, 0x79, 0xc8, 0x77, 0x74,
1650 
+	       0xdc, 0xe5, 0xba, 0xde, 0x5c, 0x22, 0xad, 0xc0, 0xfa, 0x67,
1651 
+	       0xf3, 0x26, 0xbf, 0xcc, 0xd4, 0x88, 0xd5, 0xda, 0x87, 0x4d,
1652 
+	       0x9d, 0x99, 0xc1, 0xce, 0xa4, 0x9a, 0xda, 0x99, 0xa5, 0xa2,
1653 
+	       0xe1, 0xc5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xaa,
1654 
+	       0x30, 0x81, 0xa7, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23,
1655 
+	       0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xc3, 0x9c, 0xf3, 0xfc,
1656 
+	       0xd3, 0x46, 0x08, 0x34, 0xbb, 0xce, 0x46, 0x7f, 0xa0, 0x7c,
1657 
+	       0x5b, 0xf3, 0xe2, 0x08, 0xcb, 0x59, 0x30, 0x0f, 0x06, 0x09,
1658 
+	       0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x05, 0x04,
1659 
+	       0x02, 0x05, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
1660 
+	       0x04, 0x16, 0x04, 0x14, 0xfa, 0x58, 0xdb, 0x09, 0x53, 0xbc,
1661 
+	       0x19, 0xc5, 0xe7, 0xb5, 0x8b, 0xf6, 0x10, 0xf8, 0x1e, 0x84,
1662 
+	       0x6d, 0x3a, 0x8f, 0xd8, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d,
1663 
+	       0x25, 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01,
1664 
+	       0x05, 0x05, 0x07, 0x03, 0x09, 0x30, 0x0c, 0x06, 0x03, 0x55,
1665 
+	       0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30,
1666 
+	       0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04,
1667 
+	       0x04, 0x03, 0x02, 0x07, 0x80, 0x30, 0x21, 0x06, 0x03, 0x55,
1668 
+	       0x1d, 0x11, 0x04, 0x1a, 0x30, 0x18, 0xa4, 0x16, 0x30, 0x14,
1669 
+	       0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
1670 
+	       0x09, 0x54, 0x47, 0x56, 0x2d, 0x42, 0x2d, 0x32, 0x31, 0x34,
1671 
+	       0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
1672 
+	       0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
1673 
+	       0x3e, 0x45, 0xce, 0x3d, 0x53, 0x8c, 0x88, 0xcd, 0xde, 0xf1,
1674 
+	       0x38, 0x0c, 0x00, 0x7a, 0x7e, 0x22, 0xe7, 0x1a, 0xa5, 0xbe,
1675 
+	       0xee, 0x1c, 0x17, 0x20, 0xc3, 0x65, 0x68, 0x86, 0x27, 0x83,
1676 
+	       0x62, 0xd7, 0xdc, 0x1d, 0x6c, 0xfa, 0x24, 0x2e, 0x66, 0x50,
1677 
+	       0xe5, 0xe0, 0x42, 0xa5, 0x73, 0x67, 0x2a, 0xea, 0x5a, 0x17,
1678 
+	       0x20, 0x3b, 0x14, 0xd4, 0x74, 0x14, 0xbd, 0x18, 0x60, 0xbe,
1679 
+	       0xa6, 0x46, 0xb1, 0xc2, 0x82, 0xc9, 0xb6, 0x99, 0x67, 0x56,
1680 
+	       0xbe, 0x17, 0xda, 0x78, 0x05, 0x48, 0x65, 0x9d, 0x48, 0xb5,
1681 
+	       0xda, 0x1d, 0x52, 0x59, 0x2a, 0xac, 0x09, 0x2d, 0x29, 0x18,
1682 
+	       0x96, 0xc1, 0x58, 0x79, 0xfc, 0x73, 0x0b, 0x70, 0x4d, 0x31,
1683 
+	       0x61, 0x80, 0xc7, 0x77, 0x02, 0xf1, 0x12, 0xb3, 0x80, 0x6f,
1684 
+	       0xb9, 0x05, 0x69, 0xcf, 0x4f, 0x80, 0x7d, 0xf5, 0x06, 0xe6,
1685 
+	       0x2e, 0xc7, 0x53, 0x99, 0x8b, 0x07, 0xc7, 0x7a, 0xe6, 0xf3,
1686 
+	       0x12, 0x86, 0xd1, 0xbb, 0x8a, 0x8a, 0xfb, 0x9d, 0xd1, 0x0b,
1687 
+	       0xe7, 0x9f, 0x12, 0x06, 0xfb, 0x7d, 0x8e, 0xe7, 0xb7, 0x39,
1688 
+	       0xe0, 0x3c, 0xd0, 0xe8, 0x35, 0x44, 0x28, 0xb7, 0xcb, 0xee,
1689 
+	       0xef, 0xa7, 0x14, 0xfa, 0x0e, 0x34, 0xaf, 0x78, 0x59, 0x1e,
1690 
+	       0x91, 0xd9, 0xe0, 0x9b, 0x3c, 0x9e, 0x3a, 0xbf, 0xf5, 0xf5,
1691 
+	       0x11, 0x5b, 0x04, 0x48, 0xcd, 0x3a, 0x3f, 0xee, 0x46, 0x6d,
1692 
+	       0x69, 0x68, 0x39, 0xc1, 0x4d, 0x54, 0xfd, 0x6c, 0x27, 0x1e,
1693 
+	       0x5b, 0x58, 0x00, 0xbb, 0x4f, 0x1b, 0x12, 0xd3, 0xbb, 0x46,
1694 
+	       0xf4, 0x7c, 0x4a, 0x44, 0xb5, 0xcb, 0x4f, 0xf2, 0x3d, 0xc3,
1695 
+	       0x51, 0xfc, 0x7a, 0x2c, 0x59, 0xd0, 0x82, 0x73, 0xe3, 0x88,
1696 
+	       0xfc, 0x25, 0x4c, 0x35, 0x6f, 0x88, 0x85, 0xff, 0xad, 0x8c,
1697 
+	       0x83, 0xc4, 0x76, 0x58, 0x6b, 0xfa, 0xf2, 0xed, 0x5b, 0x95,
1698 
+	       0xd9, 0x07, 0x55, 0x58, 0xfe, 0x08 ) );
1699 
+
1304 
 /** Time at which OCSP responses are valid */
 1700 
 /** Time at which OCSP responses are valid */
1305 
 static time_t test_time = 1337062083ULL; /* Tue 15 May 2012 06:08:03 */
 1701 
 static time_t test_time = 1337062083ULL; /* Tue 15 May 2012 06:08:03 */
1306
1702
1307 
 /** Time at which OCSP responses are not valid */
 1703 
 /** Time at which OCSP responses are not valid */
1308 
 static time_t test_stale = 1375573111ULL; /* Sat Aug  3 23:38:31 2013 */
 1704 
 static time_t test_stale = 1375573111ULL; /* Sat Aug  3 23:38:31 2013 */
1309
1705
1706 
+/** Time at which "vultr" OCSP response (generated more recently) is valid */
1707 
+static time_t test_vultr = 1416697736ULL; /* Sat 22 Nov 23:08:56 2014 */
1708 
+
1310 
 /**
 1709 
 /**
1311 
  * Report certificate parsing test result
 1710 
  * Report certificate parsing test result
1312 
  *
 1711 
  *
1398 
 	ocsp_certificate_ok ( &verisign_crt );
 1797 
 	ocsp_certificate_ok ( &verisign_crt );
1399 
 	ocsp_certificate_ok ( &thawte_crt );
 1798 
 	ocsp_certificate_ok ( &thawte_crt );
1400 
 	ocsp_certificate_ok ( &startssl_crt );
 1799 
 	ocsp_certificate_ok ( &startssl_crt );
1800 
+	ocsp_certificate_ok ( &rapidssl_crt );
1801 
+	ocsp_certificate_ok ( &vultr_crt );
1401
1802
1402 
 	/* Parse OCSP checks */
 1803 
 	/* Parse OCSP checks */
1403 
 	ocsp_check_ok ( &barclays_ocsp );
 1804 
 	ocsp_check_ok ( &barclays_ocsp );
1404 
 	ocsp_check_ok ( &google_ocsp );
 1805 
 	ocsp_check_ok ( &google_ocsp );
1405 
 	ocsp_check_ok ( &unauthorized_ocsp );
 1806 
 	ocsp_check_ok ( &unauthorized_ocsp );
1406 
 	ocsp_check_ok ( &unknown_ocsp );
 1807 
 	ocsp_check_ok ( &unknown_ocsp );
1808 
+	ocsp_check_ok ( &vultr_ocsp );
1407
1809
1408 
 	/* "barclays" test */
 1810 
 	/* "barclays" test */
1409 
 	ocsp_request_ok ( &barclays_ocsp );
 1811 
 	ocsp_request_ok ( &barclays_ocsp );
1425 
 	ocsp_request_ok ( &unknown_ocsp );
 1827 
 	ocsp_request_ok ( &unknown_ocsp );
1426 
 	ocsp_response_fail_ok ( &unknown_ocsp );
 1828 
 	ocsp_response_fail_ok ( &unknown_ocsp );
1427
1829
1830 
+	/* "vultr" test */
1831 
+	ocsp_request_ok ( &vultr_ocsp );
1832 
+	ocsp_response_ok ( &vultr_ocsp );
1833 
+	ocsp_validate_ok ( &vultr_ocsp, test_vultr );
1834 
+	ocsp_validate_fail_ok ( &vultr_ocsp, test_stale );
1835 
+
1428 
 	/* Drop OCSP check references */
 1836 
 	/* Drop OCSP check references */
1429 
 	ocsp_put ( unknown_ocsp.ocsp );
 1837 
 	ocsp_put ( unknown_ocsp.ocsp );
1430 
 	ocsp_put ( unauthorized_ocsp.ocsp );
 1838 
 	ocsp_put ( unauthorized_ocsp.ocsp );
1431 
 	ocsp_put ( google_ocsp.ocsp );
 1839 
 	ocsp_put ( google_ocsp.ocsp );
1432 
 	ocsp_put ( barclays_ocsp.ocsp );
 1840 
 	ocsp_put ( barclays_ocsp.ocsp );
1841 
+	ocsp_put ( vultr_ocsp.ocsp );
1433
1842
1434 
 	/* Drop certificate references */
 1843 
 	/* Drop certificate references */
1844 
+	x509_put ( vultr_crt.cert );
1845 
+	x509_put ( rapidssl_crt.cert );
1435 
 	x509_put ( startssl_crt.cert );
 1846 
 	x509_put ( startssl_crt.cert );
1436 
 	x509_put ( thawte_crt.cert );
 1847 
 	x509_put ( thawte_crt.cert );
1437 
 	x509_put ( verisign_crt.cert );
 1848 
 	x509_put ( verisign_crt.cert );

Write Preview
Loading…
Cancel
Save