Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • fornari/ngx_http_voms_module
  • cnafsd/ngx_http_voms_module
2 results
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 406 additions and 508 deletions
t/certs/test0.p12 deleted 100644 → 0
View file @ 366a92f2
File deleted
t/certs/voms_example.cert.pem deleted 100644 → 0
View file @ 366a92f2
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 787 (0x313)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=IT, O=IGI, CN=Test CA
Validity
Not Before: Dec 6 09:46:37 2017 GMT
Not After : Dec 4 09:46:37 2027 GMT
Subject: C=IT, O=IGI, CN=voms.example
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:bc:7f:c8:da:1e:0d:93:50:b4:98:22:1a:2f:ad:
23:f4:92:2b:72:91:12:9b:ef:e1:a3:a2:a6:03:04:
bd:c7:c2:7f:78:51:78:fd:94:06:d3:aa:e8:dd:56:
8f:1d:d5:1d:a5:49:3f:4c:b2:4c:d1:3e:69:2c:60:
c0:8f:5f:0f:7c:6d:a4:cb:58:0c:6e:de:33:6a:6c:
32:11:bb:d3:e1:4d:03:13:b5:1f:99:35:1d:1f:af:
b4:7b:da:b6:1b:5a:76:76:54:04:f3:e8:d7:60:6b:
c6:55:d9:d4:12:eb:7b:f2:3d:df:ec:9e:da:d4:df:
10:af:ee:dc:9d:96:c7:14:8c:60:16:d8:92:ca:29:
8c:df:f7:4f:8f:8b:a7:80:01:e7:f7:7a:4f:3c:32:
42:af:ce:2e:f8:1a:7b:bc:b5:eb:20:a7:d5:28:c1:
a4:d3:54:d3:dc:c0:dc:96:7b:c4:09:c5:9f:2f:c8:
db:73:61:01:e4:2e:97:b9:05:64:1a:dc:76:09:09:
eb:af:be:6c:47:b9:5b:41:86:c1:51:c0:fe:65:23:
2b:94:ac:b0:81:46:99:9a:c2:9e:6f:0b:62:03:34:
d3:5b:b5:db:e7:ac:38:0e:31:63:ed:81:1f:6e:bc:
41:65:89:b1:8d:2f:5f:fa:8a:da:88:ac:f8:cb:3f:
eb:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
33:8C:09:D4:49:94:01:CE:D1:FB:0B:9D:19:5E:AD:C4:D7:F5:90:C4
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection
X509v3 Authority Key Identifier:
keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6
X509v3 Subject Alternative Name:
DNS:voms.example
Signature Algorithm: sha256WithRSAEncryption
e0:c5:08:e4:92:9b:26:09:04:64:b9:9e:c9:27:82:2c:90:4c:
4b:f1:3c:1a:4d:cd:f6:5a:fe:8a:58:6b:36:42:3b:7b:d0:e0:
66:2a:ee:2d:ad:d0:2a:59:52:c8:44:85:b6:90:af:12:49:cc:
de:a4:65:aa:e9:6e:83:e1:cf:20:d3:98:8f:3e:a8:a1:82:f8:
f5:6e:97:73:78:be:46:a7:5a:a7:10:30:b7:01:13:cf:b4:03:
c6:74:f7:e4:b8:51:21:33:79:4a:88:d6:01:cb:c1:22:37:6e:
9f:1d:2c:3e:eb:d0:09:51:3b:0a:5f:b5:19:b6:1a:35:63:95:
94:f5:99:a1:bc:18:bc:84:aa:9b:70:3a:b2:2d:c2:ed:50:19:
20:16:94:21:ea:49:e1:d8:61:10:9d:f5:29:65:11:a2:15:2b:
8a:f7:14:5a:49:b8:2d:5c:0f:fc:77:20:e7:03:3a:15:b8:21:
31:d8:33:fc:8f:70:1c:a6:90:80:84:b3:af:1f:2d:28:9e:c6:
e2:8a:43:ec:26:32:bf:d7:6a:aa:42:5a:2c:50:29:33:5d:b7:
e8:58:22:b6:c7:7b:bf:a4:ac:55:32:2d:51:58:1a:ee:9e:80:
d2:4d:24:4b:6a:e3:97:2e:a7:5c:e3:50:84:33:b5:ec:a4:20:
6e:70:1d:e9
-----BEGIN CERTIFICATE-----
MIIDljCCAn6gAwIBAgICAxMwDQYJKoZIhvcNAQELBQAwLTELMAkGA1UEBhMCSVQx
DDAKBgNVBAoMA0lHSTEQMA4GA1UEAwwHVGVzdCBDQTAeFw0xNzEyMDYwOTQ2Mzda
Fw0yNzEyMDQwOTQ2MzdaMDIxCzAJBgNVBAYTAklUMQwwCgYDVQQKDANJR0kxFTAT
BgNVBAMMDHZvbXMuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALx/yNoeDZNQtJgiGi+tI/SSK3KREpvv4aOipgMEvcfCf3hReP2UBtOq6N1W
jx3VHaVJP0yyTNE+aSxgwI9fD3xtpMtYDG7eM2psMhG70+FNAxO1H5k1HR+vtHva
thtadnZUBPPo12BrxlXZ1BLre/I93+ye2tTfEK/u3J2WxxSMYBbYksopjN/3T4+L
p4AB5/d6TzwyQq/OLvgae7y16yCn1SjBpNNU09zA3JZ7xAnFny/I23NhAeQul7kF
ZBrcdgkJ66++bEe5W0GGwVHA/mUjK5SssIFGmZrCnm8LYgM001u12+esOA4xY+2B
H268QWWJsY0vX/qK2ois+Ms/6ysCAwEAAaOBujCBtzAMBgNVHRMBAf8EAjAAMB0G
A1UdDgQWBBQzjAnUSZQBztH7C50ZXq3E1/WQxDAOBgNVHQ8BAf8EBAMCBeAwPgYD
VR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMDBglghkgBhvhC
BAEGCCsGAQUFBwMEMB8GA1UdIwQYMBaAFJF3NnsutGnzJ+q39giLSiOiEUnGMBcG
A1UdEQQQMA6CDHZvbXMuZXhhbXBsZTANBgkqhkiG9w0BAQsFAAOCAQEA4MUI5JKb
JgkEZLmeySeCLJBMS/E8Gk3N9lr+ilhrNkI7e9DgZiruLa3QKllSyESFtpCvEknM
3qRlqulug+HPINOYjz6ooYL49W6Xc3i+RqdapxAwtwETz7QDxnT35LhRITN5SojW
AcvBIjdunx0sPuvQCVE7Cl+1GbYaNWOVlPWZobwYvISqm3A6si3C7VAZIBaUIepJ
4dhhEJ31KWURohUrivcUWkm4LVwP/Hcg5wM6FbghMdgz/I9wHKaQgISzrx8tKJ7G
4opD7CYyv9dqqkJaLFApM1236Fgitsd7v6SsVTItUVga7p6A0k0kS2rjly6nXONQ
hDO17KQgbnAd6Q==
-----END CERTIFICATE-----
t/certs/voms_example.key.pem deleted 100644 → 0
View file @ 366a92f2
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvH/I2h4Nk1C0mCIaL60j9JIrcpESm+/ho6KmAwS9x8J/eFF4
/ZQG06ro3VaPHdUdpUk/TLJM0T5pLGDAj18PfG2ky1gMbt4zamwyEbvT4U0DE7Uf
mTUdH6+0e9q2G1p2dlQE8+jXYGvGVdnUEut78j3f7J7a1N8Qr+7cnZbHFIxgFtiS
yimM3/dPj4ungAHn93pPPDJCr84u+Bp7vLXrIKfVKMGk01TT3MDclnvECcWfL8jb
c2EB5C6XuQVkGtx2CQnrr75sR7lbQYbBUcD+ZSMrlKywgUaZmsKebwtiAzTTW7Xb
56w4DjFj7YEfbrxBZYmxjS9f+oraiKz4yz/rKwIDAQABAoIBACXvPXeP1sGP21hG
fKidmn/Mrsu2oF0bcHhi8i/nU14RKWAIXWYC1UDhw01P7ytcyUOLMx73PvhZLAdP
TVFNGyu6URDPHmltdEF1lrn059YOjpD3wW0uwDaxQIwwXrewg+iaTgjcEgQIjHiY
htJr65y7kQXojjeK0KvnUSSxxEzA/uWeyQi/+ZFzPRfrj5o0uwo+qnwwiYn8FSVl
9S/MPiAXZcvQTojEu5kbH/0iRUwhDzcmtj8O1M3idhMl1G/WtdU2zHsR6p78HuZK
uZu9JRnSh1K8wiDdT+8TIitvBuv87fVFJg54pbO+Sa6tsfm4q9Vf21DyY7ZVRoie
Y6IPz8ECgYEA3c8NuLLKCFvU55lZkNWl0ixicD3w4o1k2at9FKYsboPJ9BUIYpVO
vqSflUKATENNfkoWmT4iTbNq8VJxnLNn1y33uB9ztQIn99Do0YeERSW0JExb363r
dJNlirxovoXvUT6kGHqFWIJyxXkh6wEZ4gqne94ujtqj9KHWczbpw4sCgYEA2Y5G
1L49361df9VDblhxS60hNmtNC9h3XTqKwfOXLCHG61JMxNUChhKikUuDsvfmXwta
dX51WJSL56pDHlk0prLrMWli4zLhiPiXknUIFiUt07lbzfDZ0aehr9xOFM4oBnyV
oR3eBhE/YJ1W3Xt2DGUySE09eukHoEeZURrq6uECgYAqKDhLam/Ltuh4PEUxqemi
UJ1FCADIjmckl9tmGU9IkfPIWFcHpakZwuAx1jncRM5tulchORX7/qXMyAaf6dlK
pIn4jMHJHWfLSgF2EXOqUMg0Pe8YTE38EieyfqzJyVr67hTyMhc2A1UdAzDXIZZx
x+SdPlVLAXM4A6pmq4EykQKBgQCLq+9HiDe7Edd0SZu4DSn3ltg60tqtHzVK8lnB
OT01xR2rWLQWrlancvFR7LRJwyPwox5ZTm3SB9RmUAY1Rropx7Z9i5ZEHRd003yk
N2SQqx/nzRnmdpmxIzkH6Z1reAt0VqnNvZocNRiGU51AJpJcVN/aUVSGQ3N08GK7
Elf9oQKBgGKL4eCjoLp9Kuvp+UXeKeeTSR2rTSOh36ZjtxDLOhdAj5mXSFj2nvLx
j2YNCkuU0Y25Vbpt/go7DFRnbZmKucpyUJNC49m3YD4zq0CVMX4BOUkkg3rJjMhP
Ce3aEfVwC9rF9sFHp5pHTBm6HCBCZikVtpYjn05rUtLYiYcSia88
-----END RSA PRIVATE KEY-----
t/certs/voms_example_2.cert.pem deleted 100644 → 0
View file @ 366a92f2
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=IT, O=IGI, CN=Test CA 2
Validity
Not Before: Mar 14 16:18:34 2018 GMT
Not After : Mar 11 16:18:34 2028 GMT
Subject: C=IT, O=IGI, CN=voms.example
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:ca:0f:d7:c6:91:cc:15:a1:97:32:0b:20:fd:94:
11:57:46:59:3a:79:3e:ef:53:ab:9b:28:30:64:da:
bc:c5:0b:90:25:67:e5:46:06:2d:cf:dd:42:15:08:
f1:1e:ed:8b:e5:c9:cb:3d:cc:4a:77:92:63:af:ac:
94:a7:e6:89:06:64:0c:bc:28:52:d1:50:48:02:54:
5b:5b:6d:9e:0f:ee:89:f4:01:21:25:ea:ac:af:06:
a4:92:ce:32:2f:10:54:f6:37:02:7e:e0:e7:2a:fd:
42:92:c8:ff:5c:f1:f2:83:62:9b:d9:7d:f6:08:cb:
84:3e:03:26:a3:01:a2:ce:9c:de:d9:37:26:7e:6c:
12:50:14:88:47:bc:68:91:6a:f6:d5:05:70:e6:fd:
10:05:65:56:45:6f:95:22:d2:d4:55:77:cc:f5:fa:
08:a4:36:2c:fa:b2:47:90:6c:c4:84:36:ac:24:f8:
d9:a8:99:66:e0:5e:96:34:1e:65:48:86:0f:10:7b:
e9:3d:1a:3f:ea:53:9f:70:30:0c:30:93:d3:f9:67:
d1:66:7c:a0:40:28:fe:6b:17:72:df:d5:5b:a7:0f:
28:bc:92:d1:c8:31:a6:64:e0:d1:c0:1d:f6:dd:b8:
03:b1:31:9d:d8:0d:54:56:df:69:35:f1:55:cc:84:
52:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
5F:FE:E5:D5:AC:A3:6C:F4:19:A8:02:7D:F0:B8:9A:67:D0:A9:A1:1F
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection
X509v3 Authority Key Identifier:
keyid:37:03:CB:96:42:3A:14:8F:BD:5B:72:2A:EE:F0:6B:A8:6D:4F:8C:44
X509v3 Subject Alternative Name:
DNS:voms.example
Signature Algorithm: sha1WithRSAEncryption
d2:75:21:54:90:c6:88:15:25:79:48:6d:d1:ba:5a:c7:58:a4:
b0:35:5e:30:1a:cf:ba:3f:36:fc:1e:9c:91:ab:54:ca:a8:3e:
2a:3c:75:44:55:2a:27:de:e7:0f:d8:c8:37:91:b1:65:2a:bf:
81:37:5a:0f:b4:31:d6:2c:7d:e0:ff:e1:36:c4:cf:d7:b3:a3:
20:be:7d:bb:26:ae:f6:55:df:68:46:83:4c:90:83:ee:6e:5d:
16:4c:ab:94:02:61:18:bb:48:e0:78:c3:ce:8e:87:30:cd:82:
19:8a:6a:d9:90:a4:db:00:fc:ee:fd:b1:c8:f1:0f:08:c6:47:
78:da:7e:2f:33:f1:8f:16:80:f0:97:a1:72:f9:5a:6e:30:12:
28:2a:c3:ca:cd:b3:c7:f1:ab:e1:db:b8:16:01:54:b7:5f:9e:
df:5e:56:25:6e:d4:72:78:a4:5d:c5:ea:92:c0:6b:a6:aa:bd:
06:73:6f:5f:57:29:38:db:13:f1:7d:51:60:af:21:fe:79:fa:
a5:8c:cc:12:34:76:32:92:24:9e:9e:6d:51:56:2d:05:28:09:
9b:ca:d7:8e:f3:22:ea:a5:80:82:6b:83:5e:2a:35:53:67:bc:
05:5b:ac:0e:24:48:1a:ef:98:96:e5:8a:7f:28:64:1e:ae:ec:
11:18:66:45
-----BEGIN CERTIFICATE-----
MIIDlzCCAn+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADAvMQswCQYDVQQGEwJJVDEM
MAoGA1UECgwDSUdJMRIwEAYDVQQDDAlUZXN0IENBIDIwHhcNMTgwMzE0MTYxODM0
WhcNMjgwMzExMTYxODM0WjAyMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRUw
EwYDVQQDDAx2b21zLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDKD9fGkcwVoZcyCyD9lBFXRlk6eT7vU6ubKDBk2rzFC5AlZ+VGBi3P3UIV
CPEe7Yvlycs9zEp3kmOvrJSn5okGZAy8KFLRUEgCVFtbbZ4P7on0ASEl6qyvBqSS
zjIvEFT2NwJ+4Ocq/UKSyP9c8fKDYpvZffYIy4Q+AyajAaLOnN7ZNyZ+bBJQFIhH
vGiRavbVBXDm/RAFZVZFb5Ui0tRVd8z1+gikNiz6skeQbMSENqwk+NmomWbgXpY0
HmVIhg8Qe+k9Gj/qU59wMAwwk9P5Z9FmfKBAKP5rF3Lf1VunDyi8ktHIMaZk4NHA
HfbduAOxMZ3YDVRW32k18VXMhFLRAgMBAAGjgbowgbcwDAYDVR0TAQH/BAIwADAd
BgNVHQ4EFgQUX/7l1ayjbPQZqAJ98LiaZ9CpoR8wDgYDVR0PAQH/BAQDAgXgMD4G
A1UdJQQ3MDUGCCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4
QgQBBggrBgEFBQcDBDAfBgNVHSMEGDAWgBQ3A8uWQjoUj71bciru8GuobU+MRDAX
BgNVHREEEDAOggx2b21zLmV4YW1wbGUwDQYJKoZIhvcNAQEFBQADggEBANJ1IVSQ
xogVJXlIbdG6WsdYpLA1XjAaz7o/NvwenJGrVMqoPio8dURVKife5w/YyDeRsWUq
v4E3Wg+0MdYsfeD/4TbEz9ezoyC+fbsmrvZV32hGg0yQg+5uXRZMq5QCYRi7SOB4
w86OhzDNghmKatmQpNsA/O79scjxDwjGR3jafi8z8Y8WgPCXoXL5Wm4wEigqw8rN
s8fxq+HbuBYBVLdfnt9eViVu1HJ4pF3F6pLAa6aqvQZzb19XKTjbE/F9UWCvIf55
+qWMzBI0djKSJJ6ebVFWLQUoCZvK147zIuqlgIJrg14qNVNnvAVbrA4kSBrvmJbl
in8oZB6u7BEYZkU=
-----END CERTIFICATE-----
t/certs/voms_example_2.key.pem deleted 100644 → 0
View file @ 366a92f2
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAyg/XxpHMFaGXMgsg/ZQRV0ZZOnk+71OrmygwZNq8xQuQJWfl
RgYtz91CFQjxHu2L5cnLPcxKd5Jjr6yUp+aJBmQMvChS0VBIAlRbW22eD+6J9AEh
Jeqsrwakks4yLxBU9jcCfuDnKv1Cksj/XPHyg2Kb2X32CMuEPgMmowGizpze2Tcm
fmwSUBSIR7xokWr21QVw5v0QBWVWRW+VItLUVXfM9foIpDYs+rJHkGzEhDasJPjZ
qJlm4F6WNB5lSIYPEHvpPRo/6lOfcDAMMJPT+WfRZnygQCj+axdy39Vbpw8ovJLR
yDGmZODRwB323bgDsTGd2A1UVt9pNfFVzIRS0QIDAQABAoIBAC16D1hTrBkaO0s6
EfzAfH6mCKMOcsmujSroiqvIR0AZ8CFbFtEBxwHHjH3re0k4sYnQNvv7pK7wtZru
Pq7jRee4UN1wPeN6LBrKHZ2gODjhuQ6/ylQcUy05U4Tu/4B0LosTqm4f9CdKxNcA
gejLU4eag/UZUmx8UZEbaHC7h4b0hQxu0EKEYZGo34azLRBaBqREtm2FpVk9ycJk
+Ij4a+qUfwCDJl8Z61hh4BNT7tWJVy5R61qxlD5Y9+thG7p2pgLCAyXVskgYfwCV
/AYOblWM9mEKpfnhEkhG0e2AO9/jOSsVaXWbiKC4tq59Lh3s6P5c0vlM4lMG4ZRS
axWVRBkCgYEA6xU9AaW5sd8gtOk1zpKVga5PdcewkCMj4eABZvuXW4B2wJr3KDIi
TYAZFqz6t7yy7VxhR75lXECbmyFB1uoHxt9yl+yY6R0IQEKsLA9xvEw2Xzqr7gch
Tfv+sQsIoW+nl5Z4TTrNMRoBwvzTZNkBSUQXRhOOfWhQUKJ/ZrDvS6MCgYEA3Apx
0YPQrb5r8V4hu6OyPhfUp3ZsoKvOyLVKKv7Yhx2u/yXCtsCXP+c5sNDFN3vxoWxX
8uOgZUrwhKF5ieYSQB0uSZONzHGtItRtaAaSGdQ4s7UDbWFHEfxR9XE1ZP8m/A5Z
wN0knnTQjve1ZyovTSGSs0zzRQoZaYmw6WFYzvsCgYEA1S46V48Y+WNVPpmpsL2f
FK2k4zMGO3+SX5gKzX/j/xddGUauUWY9UziSB80vw4U8YSGAGlZfhqwUMDaVhTZP
fRpOydTFycgJHnUXuxD6W/5k5DDJjx4qJpUZnyVZW0Rsn3vVdnuXbiqeZFtvvClK
EE3OKT883R7Gjoj9rXtQVa8CgYEAkLtiACCGyzFcSMfUwlo67HK6UmgnrUs02Xm9
TiiQfdc9et/4gkKNed/6Z136yrMAzV+5Pa8Rmm6/Y03e5qBpUrie8JBYjagb7LPz
PqBLyyd3IGUo2vJIUAE6W4naSBM4LkS2LpCG/J7za4ZtUG1D7aTunHc58ChjbLK/
pdJ9Gq8CgYEAmQHYXsVzjhxLDdYJGj4Dg2abaSL4y0e+76zP/AVfeNHfAoztm2w2
WJm5Xdf1NFEP+aopuGl9D4ikGvZ5bHscAgj/L3rbrOCz1XAmIwAcpcPE782vV1Pe
AEM7dszw7BXxvh5Fld1SJcC+/bUW7JTRzPRJmfz/jF/AF4SKkE9yk6Q=
-----END RSA PRIVATE KEY-----
t/conf.d/ephemeral_ca.conf 0 → 100644
View file @ 3c4a7183
[ ephemeral_ca ]
dir = ${ENV::CA_NAME}
certs = $dir/certs
database = $dir/index.txt
serial = $dir/serial
certificate = $dir/ca.crt
private_key = $dir/private/ca.key
default_crl_days = 30
default_md = sha512
[ ephemeral_ca_cert ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/private/ca.key
distinguished_name = ${ENV::CA_NAME}_dn
prompt = no
encrypt_key = no
default_md = sha512
x509_extensions = ${ENV::CA_NAME}_extensions
[ ephemeral_ca_dn ]
C = IT
O = IGI
CN = Ephemeral CA
[ ephemeral_ca_extensions ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
basicConstraints = critical, CA:true
keyUsage = critical, cRLSign, keyCertSign
t/conf.d/expired.conf 0 → 100644
View file @ 3c4a7183
[ expired ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/certs/expired.key.pem
distinguished_name = expired_dn
prompt = no
output_password = pass
default_md = sha512
x509_extensions = expired_extensions
[ expired_dn ]
C = IT
O = IGI
CN = Expired
[ expired_extensions ]
basicConstraints = critical,CA:FALSE
subjectKeyIdentifier = hash
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
authorityKeyIdentifier = keyid, issuer
subjectAltName = email:expired@cnaf.infn.it
t/conf.d/igi_test_ca.conf 0 → 100644
View file @ 3c4a7183
[ igi_test_ca ]
dir = ${ENV::CA_NAME}
certs = $dir/certs
database = $dir/index.txt
serial = $dir/serial
certificate = $dir/ca.crt
private_key = $dir/private/ca.key
default_crl_days = 30
default_md = sha512
[ igi_test_ca_cert ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/private/ca.key
distinguished_name = ${ENV::CA_NAME}_dn
prompt = no
encrypt_key = no
default_md = sha512
x509_extensions = ${ENV::CA_NAME}_extensions
[ igi_test_ca_dn ]
C = IT
O = IGI
CN = Test CA
[ igi_test_ca_extensions ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
basicConstraints = critical, CA:true
keyUsage = critical, cRLSign, keyCertSign
t/conf.d/igi_test_ca2.conf 0 → 100644
View file @ 3c4a7183
[ igi_test_ca2 ]
dir = ${ENV::CA_NAME}
certs = $dir/certs
database = $dir/index.txt
serial = $dir/serial
certificate = $dir/ca.crt
private_key = $dir/private/ca.key
default_crl_days = 30
default_md = sha512
[ igi_test_ca2_cert ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/private/ca.key
distinguished_name = ${ENV::CA_NAME}_dn
prompt = no
encrypt_key = no
default_md = sha512
x509_extensions = ${ENV::CA_NAME}_extensions
[ igi_test_ca2_dn ]
C = IT
O = IGI
CN = Test CA 2
[ igi_test_ca2_extensions ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
basicConstraints = critical, CA:true
keyUsage = critical, cRLSign, keyCertSign
t/conf.d/revoked.conf 0 → 100644
View file @ 3c4a7183
[ revoked ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/certs/revoked.key.pem
distinguished_name = revoked_dn
prompt = no
output_password = pass
default_md = sha512
x509_extensions = revoked_extensions
[ revoked_dn ]
C = IT
O = IGI
CN = Revoked
[ revoked_extensions ]
basicConstraints = critical,CA:FALSE
subjectKeyIdentifier = hash
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
authorityKeyIdentifier = keyid, issuer
subjectAltName = email:revoked@cnaf.infn.it
t/conf.d/star_test_example.conf 0 → 100644
View file @ 3c4a7183
[ star_test_example ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/certs/star_test_example.key.pem
distinguished_name = star_test_example_dn
prompt = no
encrypt_key = no
default_md = sha512
x509_extensions = star_test_example_extensions
[ star_test_example_dn ]
C = IT
O = IGI
CN = *.test.example
[ star_test_example_extensions ]
basicConstraints = critical,CA:FALSE
subjectKeyIdentifier = hash
keyUsage = critical, digitalSignature
extendedKeyUsage = serverAuth, clientAuth
authorityKeyIdentifier = keyid, issuer
subjectAltName = DNS:*.test.example
t/conf.d/test0.conf 0 → 100644
View file @ 3c4a7183
[ test0 ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/certs/test0.key.pem
distinguished_name = test0_dn
prompt = no
encrypt_key = no
default_md = sha512
x509_extensions = test0_extensions
[ test0_dn ]
C = IT
O = IGI
CN = Test0
[ test0_extensions ]
basicConstraints = critical,CA:FALSE
subjectKeyIdentifier = hash
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
authorityKeyIdentifier = keyid, issuer
subjectAltName = email:test0@cnaf.infn.it
t/conf.d/test1.conf 0 → 100644
View file @ 3c4a7183
[ test1 ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/certs/test1.key.pem
distinguished_name = test1_dn
prompt = no
encrypt_key = no
default_md = sha512
x509_extensions = test1_extensions
[ test1_dn ]
C = IT
O = IGI
CN = Test1
[ test1_extensions ]
basicConstraints = critical,CA:FALSE
subjectKeyIdentifier = hash
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
authorityKeyIdentifier = keyid, issuer
subjectAltName = email:test1@cnaf.infn.it
t/conf.d/untrusted_voms.conf 0 → 100644
View file @ 3c4a7183
[ untrusted_voms ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/certs/untrusted_voms.key.pem
distinguished_name = untrusted_voms_dn
prompt = no
encrypt_key = no
default_md = sha512
x509_extensions = untrusted_voms_extensions
[ untrusted_voms_dn ]
C = IT
O = IGI
CN = untrusted-voms.example
[ untrusted_voms_extensions ]
basicConstraints = critical,CA:FALSE
subjectKeyIdentifier = hash
keyUsage = critical, digitalSignature
extendedKeyUsage = serverAuth, clientAuth
authorityKeyIdentifier = keyid, issuer
subjectAltName = DNS:untrusted-voms.example
t/eec_cert.t deleted 100644 → 0
View file @ 366a92f2
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: rfc proxy certificate, no AC
--- main_config
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
--- http_config
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
echo $ssl_client_ee_cert;
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/0.cert.pem;
proxy_ssl_certificate_key ../../certs/0.key.pem;
}
--- request
GET /
--- response_body
-----BEGIN CERTIFICATE-----
MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
vDxcPMc/wmnMa+smNal0sJ6m
-----END CERTIFICATE-----
--- error_code: 200
=== TEST 2: EEC
--- main_config
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
--- http_config
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
echo $ssl_client_ee_cert;
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/test0.cert.pem;
proxy_ssl_certificate_key ../../certs/9.key.pem;
}
--- request
GET /
--- response_body
-----BEGIN CERTIFICATE-----
MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
vDxcPMc/wmnMa+smNal0sJ6m
-----END CERTIFICATE-----
--- error_code: 200
t/eec_cert1.t 0 → 100644
View file @ 3c4a7183
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: RFC proxy certificate, no AC
--- main_config
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
return 200 "$ssl_client_ee_s_dn\n$ssl_client_ee_i_dn\n$ssl_client_s_dn\n$ssl_client_i_dn\n";
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/0.cert.pem;
proxy_ssl_certificate_key ../../certs/0.key.pem;
}
--- request
GET /
--- response_body eval
my $ee_s = `openssl x509 -in t/certs/test0.cert.pem -noout -subject -nameopt RFC2253` =~ s/^subject=//r;
my $ee_i = `openssl x509 -in t/certs/test0.cert.pem -noout -issuer -nameopt RFC2253` =~ s/^issuer=//r;
my $pr_s = `openssl x509 -in t/certs/0.cert.pem -noout -subject -nameopt RFC2253` =~ s/^subject=//r;
my $pr_i = `openssl x509 -in t/certs/0.cert.pem -noout -issuer -nameopt RFC2253` =~ s/^issuer=//r;
"$ee_s$ee_i$pr_s$pr_i";
--- error_code: 200
t/eec_chain.t
View file @ 3c4a7183
......@@ -8,50 +8,35 @@ __DATA__
--- main_config
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
location = / {
default_type text/plain;
echo $ssl_client_ee_cert;
return 200 "$ssl_client_ee_s_dn\n";
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/9.pem;
proxy_ssl_certificate_key ../../certs/9.key.pem;
proxy_ssl_certificate ../../certs/test0+ca.pem;
proxy_ssl_certificate_key ../../certs/test0.key.pem;
}
--- request
GET /
--- response_body
-----BEGIN CERTIFICATE-----
MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
vDxcPMc/wmnMa+smNal0sJ6m
-----END CERTIFICATE-----
GET /
--- response_body eval
`openssl x509 -in t/certs/test0.cert.pem -noout -subject -nameopt RFC2253` =~ s/^subject=//r;
--- error_code: 200
t/eec_subject.t deleted 100644 → 0
View file @ 366a92f2
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: rfc proxy certificate, no AC
--- main_config
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
--- http_config
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
echo $ssl_client_ee_s_dn;
echo $ssl_client_ee_i_dn;
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/0.cert.pem;
proxy_ssl_certificate_key ../../certs/0.key.pem;
}
--- request
GET /
--- response_body
CN=test0,O=IGI,C=IT
CN=Test CA,O=IGI,C=IT
--- error_code: 200
=== TEST 2: standard x.509 certificate
--- main_config
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
--- http_config
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
echo $ssl_client_ee_s_dn;
echo $ssl_client_s_dn;
echo $ssl_client_ee_i_dn;
echo $ssl_client_i_dn;
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/nginx_voms_example.cert.pem;
proxy_ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
}
--- request
GET /
--- response_body
CN=nginx-voms.example,O=IGI,C=IT
CN=nginx-voms.example,O=IGI,C=IT
CN=Test CA,O=IGI,C=IT
CN=Test CA,O=IGI,C=IT
--- error_code: 200
=== TEST 3: three delegations proxy
--- main_config
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
--- http_config
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
echo $ssl_client_ee_s_dn;
echo $ssl_client_ee_i_dn;
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/7.cert.pem;
proxy_ssl_certificate_key ../../certs/7.key.pem;
}
--- request
GET /
--- response_body
CN=test0,O=IGI,C=IT
CN=Test CA,O=IGI,C=IT
--- error_code: 200
=== TEST 4: three delegations proxy + CA cert
--- main_config
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
--- http_config
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
echo $ssl_client_ee_s_dn;
echo $ssl_client_ee_i_dn;
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/8.cert.pem;
proxy_ssl_certificate_key ../../certs/8.key.pem;
}
--- request
GET /
--- response_body
CN=test0,O=IGI,C=IT
CN=Test CA,O=IGI,C=IT
--- error_code: 200
t/eec_subject2.t 0 → 100644
View file @ 3c4a7183
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: End-entity X.509 certificate
--- main_config
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
return 200 "$ssl_client_ee_s_dn\n$ssl_client_s_dn\n$ssl_client_ee_i_dn\n$ssl_client_i_dn\n";
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/test0.cert.pem;
proxy_ssl_certificate_key ../../certs/test0.key.pem;
}
--- request
GET /
--- response_body eval
my $c_s = `openssl x509 -in t/certs/test0.cert.pem -noout -subject -nameopt RFC2253` =~ s/^subject=//r;
my $c_i = `openssl x509 -in t/certs/test0.cert.pem -noout -issuer -nameopt RFC2253` =~ s/^issuer=//r;
"$c_s$c_s$c_i$c_i";
--- error_code: 200
t/eec_subject3.t 0 → 100644
View file @ 3c4a7183
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: three delegations proxy
--- main_config
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
return 200 "$ssl_client_ee_s_dn\n$ssl_client_ee_i_dn\n";
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/6.cert.pem;
proxy_ssl_certificate_key ../../certs/6.key.pem;
}
--- request
GET /
--- response_body eval
my $c_s = `openssl x509 -in t/certs/test0.cert.pem -noout -subject -nameopt RFC2253` =~ s/^subject=//r;
my $c_i = `openssl x509 -in t/certs/test0.cert.pem -noout -issuer -nameopt RFC2253` =~ s/^issuer=//r;
"$c_s$c_i";
--- error_code: 200