trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jackso...@apache.org
Subject [2/4] trafficserver git commit: Add Tests for intermediate CAs for RSA keys
Date Mon, 20 Apr 2015 21:21:54 GMT
Add Tests for intermediate CAs for RSA keys


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/3181fc79
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/3181fc79
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/3181fc79

Branch: refs/heads/master
Commit: 3181fc79ee4f1fa12bf0c29e11c2293d96fe895b
Parents: d73914f
Author: Thomas Jackson <jacksontj@apache.org>
Authored: Mon Apr 13 13:09:25 2015 -0700
Committer: Thomas Jackson <jacksontj@apache.org>
Committed: Mon Apr 20 14:20:42 2015 -0700

----------------------------------------------------------------------
 ci/new_tsqa/files/rsa_keys/README.rst          | 21 +++++++++
 ci/new_tsqa/files/rsa_keys/ca.crt              | 30 ++++++++++++
 ci/new_tsqa/files/rsa_keys/ca.key              | 51 +++++++++++++++++++++
 ci/new_tsqa/files/rsa_keys/intermediate.crt    | 29 ++++++++++++
 ci/new_tsqa/files/rsa_keys/intermediate.key    | 51 +++++++++++++++++++++
 ci/new_tsqa/files/rsa_keys/www.example.com.pem | 29 ++++++------
 ci/new_tsqa/files/rsa_keys/www.test.com.pem    | 41 +++++++++--------
 ci/new_tsqa/tests/test_https.py                | 40 +++++++++++++++-
 8 files changed, 258 insertions(+), 34 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/3181fc79/ci/new_tsqa/files/rsa_keys/README.rst
----------------------------------------------------------------------
diff --git a/ci/new_tsqa/files/rsa_keys/README.rst b/ci/new_tsqa/files/rsa_keys/README.rst
index c799025..9fb6a8d 100644
--- a/ci/new_tsqa/files/rsa_keys/README.rst
+++ b/ci/new_tsqa/files/rsa_keys/README.rst
@@ -5,3 +5,24 @@ Try to use existing certs if possible rather than generating your own.
 
 # generated using (make sure to set "hostname"):
 openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -nodes && cat key.pem
cert.pem > keypair.pem && rm key.pem cert.pem
+
+
+## Since we want to verify all of the certificate verification, we need to generate
+## our own CA and intermediate CA
+# Create CA
+openssl genrsa -out ca.key 4096
+openssl req -new -x509 -nodes -sha1 -days 1825 -key ca.key -out ca.crt
+
+# Create Intermediate
+openssl genrsa -out intermediate.key 4096
+openssl req -new -sha1 -key intermediate.key -out intermediate.csr
+
+# CA signs Intermediate
+openssl x509 -req -days 1825 -in intermediate.csr -CA ca.crt -CAkey ca.key -set_serial 01
-out intermediate.crt
+
+# Create Server
+openssl genrsa -out test.example.com.key 4096
+openssl req -new -key test.example.com.key -out test.example.com.csr
+
+# Intermediate signs Server
+openssl x509 -req -days 1825 -in test.example.com.csr -CA intermediate.crt -CAkey intermediate.key
-set_serial 01 -out test.example.com.crt

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/3181fc79/ci/new_tsqa/files/rsa_keys/ca.crt
----------------------------------------------------------------------
diff --git a/ci/new_tsqa/files/rsa_keys/ca.crt b/ci/new_tsqa/files/rsa_keys/ca.crt
new file mode 100644
index 0000000..b0ce838
--- /dev/null
+++ b/ci/new_tsqa/files/rsa_keys/ca.crt
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFNzCCAx+gAwIBAgIJAL8yIx0Q66ZXMA0GCSqGSIb3DQEBBQUAMDIxCzAJBgNV
+BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxDDAKBgNVBAoMA0FUUzAeFw0x
+NTA0MTMxODQ5NTNaFw0yMDA0MTExODQ5NTNaMDIxCzAJBgNVBAYTAlhYMRUwEwYD
+VQQHDAxEZWZhdWx0IENpdHkxDDAKBgNVBAoMA0FUUzCCAiIwDQYJKoZIhvcNAQEB
+BQADggIPADCCAgoCggIBANYzN4s+B8KAbPxdpMzoVh+xsgPeauothjQq8tQmViT5
+3bnEf7zb+4Wy/7Y9CLj2CSnf6tv271OVwVQZWlDrmqr6greUePz28j3/sJ/lQ9bR
+aZOWQI3d4rgCy6UdJ6rhD2BYrZVFnIZQ5zVZu3rbUBuPwBuRQdTLOWjzcSguyg2R
+jiJ/W2/IToRjgX27cPPArhJQ2ibwsbtvqecj1lQfT5yg8WEDeeOyYwzfT4VEGm7f
+8Q4qrBKxhdRTF6LhNkVKkOM6Jvvq7ULNpSAh1+zFAfzMpPUt1T+sjObQ0HHMeh0J
+ghwOh8OAqFyMAsNdzFwjz4lSrliTMYoq6JdK0In5FUqlCt5RsKrfxsykhvUb66/R
++a9uGboEMlce/sZcxSpnDJYOmxrecQYmEaoKhbIcJBrRqYMgyQL9X+JJfsdyKR2V
+CbSV0FjHeybpOwl76QGoZPhRy2e551uqKN0qdQMmfI3ZjZqmN1EuuOcRNKU8r0He
+AOTRZ2BssDfvs/YWgZsKoHqoLIQCGgWw1ZhsK8bhFKKBtBqbyAu995XxhJezbSAg
+57+1Icp8qmCWvCO0zxm5ckCRNICxGolT/0Mi5Cl8hmfbx9Gv4Na/KEcxpKLPy43t
+UUqfCtvGOUE/S6TWleL5YII4mI86fIOHFkAozdeokcF54lhENpcLL3R5ggRiBJ83
+AgMBAAGjUDBOMB0GA1UdDgQWBBTMx2X9hPjXNTOKTSQELEBv4pEHADAfBgNVHSME
+GDAWgBTMx2X9hPjXNTOKTSQELEBv4pEHADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
+DQEBBQUAA4ICAQCZ+B8wevb1DsA0XsGkBIHrAK2zc4u54nIhVEw/6PnJBBpV5Eha
+rKtamhyeBjKt1267SaoQIWy/os9QlEYmn2AKn7J0rxqokowr0r8jdh4nDDeCGGkb
+g7ieinIpuUr5Unpp+J+9/FXtrX1m5sXuHlMao9eTK86NoXPJgt4z4HQd1ZaEJp5s
+H60PVd93TwcIDQjbsGdpFS7LhtYSx5Np/LmrQj0tnt18AUh1SgVwvtAqiSsyhxFa
+yPBZKIsdbNQkPoaIKQovCg0cRjlRr1XAk+cfRbf8OUmS1JMs1+/b0zX0kk9xynhj
+4CUPxsVy4SnOeg95yPB8BEyvU1uxnflq3QTJsSxcePYte5ni1wx8Vbn7cJusJRYK
+LNaEFq/nkFxAlP4PTkv9mGq7ZYLqwpE9s6rPmJZc37ti0OUmLiVpqk6DtN5x/TD2
+vKeZMupGCWF71kueR4QAClEnDHe6/lKqe7CH3OuY8bA+7N0RNrEqUBJ7qnD6Frcu
+UfmrkZcIj6DWSnpfwL884WoSCkYuyYP/v+PhR5fSao3l7ZB9UQXdXYhx/Kyd3lPZ
+DKSZjOthCm1dblzKLK4VHy0dmAQdIczIXY6ztIKUY8z0poMNiyJEGeYYPf5jjxU4
+Q2u9W/ReEaza6HshFnoka4IZqlfLinWRoAt92rA+nFIShaBBimvc32kHrQ==
+-----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/3181fc79/ci/new_tsqa/files/rsa_keys/ca.key
----------------------------------------------------------------------
diff --git a/ci/new_tsqa/files/rsa_keys/ca.key b/ci/new_tsqa/files/rsa_keys/ca.key
new file mode 100644
index 0000000..d892296
--- /dev/null
+++ b/ci/new_tsqa/files/rsa_keys/ca.key
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEA1jM3iz4HwoBs/F2kzOhWH7GyA95q6i2GNCry1CZWJPnducR/
+vNv7hbL/tj0IuPYJKd/q2/bvU5XBVBlaUOuaqvqCt5R4/PbyPf+wn+VD1tFpk5ZA
+jd3iuALLpR0nquEPYFitlUWchlDnNVm7ettQG4/AG5FB1Ms5aPNxKC7KDZGOIn9b
+b8hOhGOBfbtw88CuElDaJvCxu2+p5yPWVB9PnKDxYQN547JjDN9PhUQabt/xDiqs
+ErGF1FMXouE2RUqQ4zom++rtQs2lICHX7MUB/Myk9S3VP6yM5tDQccx6HQmCHA6H
+w4CoXIwCw13MXCPPiVKuWJMxiirol0rQifkVSqUK3lGwqt/GzKSG9Rvrr9H5r24Z
+ugQyVx7+xlzFKmcMlg6bGt5xBiYRqgqFshwkGtGpgyDJAv1f4kl+x3IpHZUJtJXQ
+WMd7Juk7CXvpAahk+FHLZ7nnW6oo3Sp1AyZ8jdmNmqY3US645xE0pTyvQd4A5NFn
+YGywN++z9haBmwqgeqgshAIaBbDVmGwrxuEUooG0GpvIC733lfGEl7NtICDnv7Uh
+ynyqYJa8I7TPGblyQJE0gLEaiVP/QyLkKXyGZ9vH0a/g1r8oRzGkos/Lje1RSp8K
+28Y5QT9LpNaV4vlggjiYjzp8g4cWQCjN16iRwXniWEQ2lwsvdHmCBGIEnzcCAwEA
+AQKCAgEA0Sxc3mYp77+4Lk5IRC3TBMpjW7HU2HCycLlMPu5dC2jSJLoGP+jW275s
+Roudu/nQAwt+b2XaWtaQX88OSp15geR2yE1+RRHmh7LsyYh60gnYPt7olWGMKEPa
+mJg7B30WpfCTOoUrEGNrFcdV9Oi8dt3PLVyRW/tFSf8JjsL6X3u3wGp8YVHLky8U
+4jKsX+zWUF6SWpqMBc1KrsRpZebZuMvWS/W4DypB3e0o26wg4AtifIIhXXPsi+bE
+2zNw6wOhL7S3IyVMowLtcM577OSKR1OU9zTV3YNkaXabR7X1vetuGnX6EGnQf+fe
+PuiXS5dQ8PpD9Y1wQEwcrLnLoiESrvK8zYytZDR4KTlWP6eIhnn/6EyEV13pV7AH
+LQ4ZarRq0A2i9HAPeZuUYZ8YxT5Yhl+CvyzsCwd08e9YGSLKTCmZKYwmVZVOcwsq
+OOB6srHNwSH15lxwf1uHh1zn1QyG29tXlJeEKTqZ64VYxDAHiuXFBrEAFXmwvzw3
+YcuTRkDoxUFNuwdr35lXBpjtYuUDYprODEDnyJC2T+bDo1htczKNlSKLJNZJPsYS
+47C7DFj1S2CGXGM3WuEPV76ge92F42U6F0cGvThnB02D09wUilSWiCeJmhUW9LRD
+N5QofYra1DdJ4N5bBqMwoUafF7fH7qb1Dwq9tQo0qaIP2YR8JTECggEBAPsKRg+j
+IKETzcxlwCIZvAeoMny3srMrRYbqA8UnBDvzd81fOXj/r1PSEfGFKeuRhOqANQ6o
+mowIQibIKcUb6Lc51voWGb5VeRwfLLoMkHZLHcKysJtRwMP+ceRUZCTfxetvptsd
+laalVLxfXzoy/UKrUPtz2V6LtCtB5u77Xucz9GQoqWdHAmFcjlUqFUEXU3wj/J7k
+roS7n++pKfxeA0YhiQHjBj2i0d0W+rX1B78AeS7IbG0nUIxj2yb6OojxLTIhsRox
+CYbmX+7UmLO79rdJ2YAKMWoEC3erHfyGduxWUWVEy0gw4Xgzd0VnbD78iAn8LVbd
+D9dC2bHWmx11UVkCggEBANpunIAKxsU6U6rnMrRm/p3KxdOLPNksxmEg983SG1AW
+sDH/ZSycNYphHB8vQmVsH0DDI//djRbdbx4gCSBInZm6x97nsSeq4zk8ymoHiL34
+KVZcCgDfW+n7cl1DVHCQAdqv295cn2NX4VPaGG0CFyMGU48C1Xo1GnAYAHJC4OiA
+vn+OWMUoRjDNRNvl03zmWpXMcR0DMuKKlnYh/0sHuNtlKVHIVMpubk6xXYKF32Ku
++nxpYSTyVl/gZWNbxveDELCH9fatGcGidDytEMELvrYOPTAhwGLBfC8b5r1jNF9o
+WRDOy3IV+vBM4m+IZQ6NBsjly7HII4SCvFBHHH9NUw8CggEAfC1uzplgsIz9Rdgn
+HDcinZ8DqlGr4ZjMAZqMVt+f5o/eeQZbhZDkh0/odFHslIwc9WqJ1EBugkorfseQ
+ceIGUWwY/Qgln9Lj35dEJpvEcd9iT0bYuVvNQKYCbHGaP+s5GebW4JhXyGEL80ox
+7rX+NRZNLrT1lyD/9E3bD+fj3/YBM/IxKdckREjmVxZEATiqoUOj2G1CLoIo8QH6
+tM1ETVKVVQuZsK9zpCuTxKH6PO7dAtk9WRkTbP6QD03D2q2CL8QeuNf84G/gkGE1
+T+LwfWXYYs+n9cseaQmKAbn55ZolFTTcYU9cmHrMytYH43hDSr0lKEydY1u8F44S
+mJXJsQKCAQAUjQ+gZGMrLz+r9rColIAkLG3MZ29EJ5hKjyWBceEr+dZ9/b9xIQlQ
+ia5xqKqgjDmsiC+c5SVfH1pTBUSWiv549j/T0wyx5LwYKIYKz8anyO9qtqIiTuGA
+9C1gZPNO292wy5buJtzAJgaHMx/VMbsninLWI7geFVz1auyv02cBuQszSRtFAXMJ
+KGbwIYFyYOHo8iE6T5C8C7n4R16Tmphj2/K1RRnlKdqrALkBjMLlr/zVM7z2Eu7Z
+em1PmdTweJ5bXY9gtAyWUUiKZOYMo6Q/0LslCiflorqiXAerjefhihnHIQ23ICZJ
+8ZHkWHrZkZ8vy58MjP36e6poCyi9OXM1AoIBAQC01zUvApHgYUprHmnsO4ynazao
+DYSLHTJq/VYjH/TjxuXML2xOF72IL/l/e9xN9OiWHAGIda63N7m7j5rnyWsMm8vR
+nUeJlraFDBN4T96Xf3YaNvbZHfuLjBur2q+SIUMdvqZzllRghLaDAf3g9VHtXBWO
+d70FveQS2dImpYp5XhhdOEVCOkMqUuOCu2Gfe8a8K+GoHMTrSD5z5amjzHx6t02d
+4oU9Rr7TZnrkrxL0JapyqLsZr6ZafK26lqqRANNQIX5crUkprKp8HGv7fmqDsdGI
+qTKbYliQ8KjyfSlfj5qBsqhic1RsonNmf/RL5dNevKxxVR7OCzTnN5lHM8Ln
+-----END RSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/3181fc79/ci/new_tsqa/files/rsa_keys/intermediate.crt
----------------------------------------------------------------------
diff --git a/ci/new_tsqa/files/rsa_keys/intermediate.crt b/ci/new_tsqa/files/rsa_keys/intermediate.crt
new file mode 100644
index 0000000..eacc2b9
--- /dev/null
+++ b/ci/new_tsqa/files/rsa_keys/intermediate.crt
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE7zCCAtcCAQEwDQYJKoZIhvcNAQEFBQAwMjELMAkGA1UEBhMCWFgxFTATBgNV
+BAcMDERlZmF1bHQgQ2l0eTEMMAoGA1UECgwDQVRTMB4XDTE1MDQxMzIwMDI0M1oX
+DTIwMDQxMTIwMDI0M1owSTELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQg
+Q2l0eTEMMAoGA1UECgwDQVRTMRUwEwYDVQQDDAxpbnRlcm1lZGlhdGUwggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDe2tfo88v44Tl9TATixb5qmBobnAy/
+oYpaX2St28qNuAC47ftkFaE+4zZIN8IeOAKkMC29ZVxOhXoNWovu4aa9PXdnmatQ
+M/vezta451JE7lVQK0q6dViGyeevBkumgQ2TD+Kj6R2uH5zHDSSVEWEJIb8rTb5i
+1pA4pF4ZLMBLAoZwrQfH9xjNZWSi7UJ0g1eYwRh5ahjl2SBRxSrH6GEUBCuI7S1o
+AvUvj0aDVXmPJEuyrkvw1u566g7DyQ242SnqdZnHVP17g1YmqCbq6qxipb6YKOke
+LBOL1zMKjdVQ3QAbw7Y7RBFcVUdUvoh4uL+IoWr+A8s99OxUhz2kEXU+gjwJtOOR
+keZGzMo9rA9cProwHC414Q++Ct0YhUAO2vTjEhnEvlJFv8cGRYT/Oifwrxny6KTA
+kC+4gwgrJgWR9DHeL814aTnotRUGLLsZAeo+O0al3/0QlN09XDFstkmn/mgaCmbF
+LN9dqwvg1gwS5Hbd+vdlguhcx5mlaI+jZp29CBwBdkkKVAns/3Tne+KpwJIsdRMp
+es+ajkFEZoOc6GVBrW/BjxQ6JBgQA6R4//eWunbMYfhkNY5l9SS1qZak1j9+qWAX
+JcSQVbUxgRSe01MzIqScc2btB8WJbi/IJp+hcdFLDzKYIolT7mRm8Xu6j3M6YF7E
+UaOuyRqoRiIr/wIDAQABMA0GCSqGSIb3DQEBBQUAA4ICAQCk4HQOq4A9cwmrPVk6
+vqR8CmRYiStM76RmLqX3XeVx1GybfvZzK/WYLcwInmXD4iitQflB9S0Ut0ChuLKo
+klj10wdAv6iNrRMUtmY9w8zV8GSLRHZrOo6Rd0affUNjBy79FaNypmdrydc8+M7L
+pGWKVN4qN5cOs/XLFT2TFk8davnyFOucP7kxWeNiZ38Kh8cAYYkovMpfcEJSrMGS
+musUqvAlPVZXDgBjblVHjZ2dvgRCdYFwrMxo14SALOmM1Hi7oWbX5A8uNdeoq8lB
+mwdUBpdWDm6IgJ2aiufOqBV3Mv6AUysLE+qHdP/lTHIHNc0LinuJK10F/jqbf9uY
+gzETU6HT1gQ3X3noDRB2vMMPJQOx8uQX04dfUx8WOmgwCx1X5Vc8gLhH+JbZz1PZ
+GlWgX5VGiGgLkq+rgQBLOLIe/NAnUCXPG78DttQpWMs8JjxEcgnVjLNZNAaWymAl
+U3JzmbX5UZePwEMjKSjKNDraU3Tuq+QTdPr+W2ilJEsLLPbsenc1QTNsPUv5aI8h
+LaayTP7aWMVg0QFfV1O7+vVz5ej7CO7Be7w57VWGDwBBVm81vDbeFna4RJPk2qAw
+K5wOYak0Z27v+0wBXHaceH0j45fn/lixt7FANv9NhB3krcjrUwUsooMAIsnCKAlK
+nQD8ySYdm+OGchPeRVW+MH8FPw==
+-----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/3181fc79/ci/new_tsqa/files/rsa_keys/intermediate.key
----------------------------------------------------------------------
diff --git a/ci/new_tsqa/files/rsa_keys/intermediate.key b/ci/new_tsqa/files/rsa_keys/intermediate.key
new file mode 100644
index 0000000..561765f
--- /dev/null
+++ b/ci/new_tsqa/files/rsa_keys/intermediate.key
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKgIBAAKCAgEA3trX6PPL+OE5fUwE4sW+apgaG5wMv6GKWl9krdvKjbgAuO37
+ZBWhPuM2SDfCHjgCpDAtvWVcToV6DVqL7uGmvT13Z5mrUDP73s7WuOdSRO5VUCtK
+unVYhsnnrwZLpoENkw/io+kdrh+cxw0klRFhCSG/K02+YtaQOKReGSzASwKGcK0H
+x/cYzWVkou1CdINXmMEYeWoY5dkgUcUqx+hhFAQriO0taAL1L49Gg1V5jyRLsq5L
+8NbueuoOw8kNuNkp6nWZx1T9e4NWJqgm6uqsYqW+mCjpHiwTi9czCo3VUN0AG8O2
+O0QRXFVHVL6IeLi/iKFq/gPLPfTsVIc9pBF1PoI8CbTjkZHmRszKPawPXD66MBwu
+NeEPvgrdGIVADtr04xIZxL5SRb/HBkWE/zon8K8Z8uikwJAvuIMIKyYFkfQx3i/N
+eGk56LUVBiy7GQHqPjtGpd/9EJTdPVwxbLZJp/5oGgpmxSzfXasL4NYMEuR23fr3
+ZYLoXMeZpWiPo2advQgcAXZJClQJ7P9053viqcCSLHUTKXrPmo5BRGaDnOhlQa1v
+wY8UOiQYEAOkeP/3lrp2zGH4ZDWOZfUktamWpNY/fqlgFyXEkFW1MYEUntNTMyKk
+nHNm7QfFiW4vyCafoXHRSw8ymCKJU+5kZvF7uo9zOmBexFGjrskaqEYiK/8CAwEA
+AQKCAgBagZZeTWTxVsb6U/1H+/cxY0R3IhErYnfF7Cf/U9wXYjso373RD9fEqpJJ
+EhwMGcM42zg4SwoJ+btv4O4jvhDxmhz8PjSNBg+slWQvBAMta33KaUqYH0AsvaMS
+OgRPQuo4Z6Mr3mjnZn9Nd9D7mWtHQiVZeOFxUqKP3nE42CvgSs4+xIb8dyXjhOIy
+KRlsKEtTBljiNmyWLHArxV9ygLWsY2Uq3ugp7cmV3yJMBFKyB5OWpaLB1QhVcuk8
+KlMgV1HmnowtoB6yIszCNlhX36bTCW02bqb+Ufg+Os/H4YJYrOh2Xi2MNEC4twmZ
+KShTnvRqkOPa9b99EhNI4QPvtgde8XzZ15etuLG5Jg1McjJi6EK5AQx6NAfKWSpd
+lEryShnePd6Tx8taBsBG29ibPfAGuH/enhhgHjs2Tw4WY+fHq0laH3H0NI9EpV80
+ygAynoYfCeyUJiTpv9/dq49V+lJ+SJ5Wpc9kGRGxcMlIvCUETgiSHkz9TOmhb15H
+qX63B+AfMDwLSFwhnWJydPslXNqNH+ACzRAr0vSFYtfAs1I537JGKAJT3eZOt3lg
+lfXrEe5HKSxANx1qUvFIyRBFZYVWCb3gXvfU8fKGLM2xDuRBaNsEtlQzFuAN6lXd
+iDe9+upHJHRiAKb3xtM7Gfjp9UzffXZjwxmg+p2w5wHQKVFbgQKCAQEA9hFafDVH
+RwchKEAzGA+CxVIIA/1LIq0ZenOZJGX+px2nP5C0L0DV4L66c+r1b8zzt7+dooA/
+f0UQg++a/DzHCaM4SB0GAhzeHndq1P+1/9rFabOJmWpkeTCvkTW6Onq0yjOoYhnI
+7DeoKrK8jxZGIRUV0bOLIKro3w764SnjAwNgdfi0MVDdEAgMn/ZM9ZetoEVeTY7K
+saq/Gz/N/sTO/qv13ARqCxIzQr578pXP50Z0h9l9ln1DWaVoqa9IhpkMlPzrlmU8
+8ZVJIIofOUcvSq8366LmdFJ2ftIgFkYfAT5iVyoauikeGkWTWbKCxqrHz9R6HvLi
+9LguykeBeoml2QKCAQEA59mgyivkaYBolozJkD2C4mJfnQZB6znMzDsccDxqBvDu
+L6vAZYaIFsvW5df9G7uqKsQ4NTlfr1Ea2vdFHxs+nSO3v7cHdj0KFQBO2LkIr31z
+lfvGm73+eK+7d0tmD2L9GZ0swCxDzt94iT9tUuiPj8f3CEOCuUbHdlszHE3Q8jFD
+GSW688v9nxKTR0eQhYY248Var67puHF+CuzOjlgbr+W2+21h0wLAfu9Qqwp+2ry9
+8S1qJ8Mi2y7SGvjxMpWbMBA7O1/sCcrcuHpsata+RwowctyvqEEfaKyLmlfxJGCI
+wPoTHwLuoIMjLQJ+OxAm5URnhbKhsAjcDgi2zveBlwKCAQEAxLaKx9Ev8jBY6Xyp
+XArKWESD8+yCLG6Fd8cCHn8LXT3vfnmIEl6anNjc5d5n58DI9ZRRyJ8OJAhqc48R
+L6TG2YWKcNwC+Z1qVKDS3wSt0qRqPV4yGltbhybMtCFnh2ihLySs7//9CBpWbgwF
+gb4kwj3A+6u1BaCcGfY3ydlaigYhDy6LnwEuOKq2rQqR66QeQYozIX2NvQrrTDVt
+0MY1VJLUMde1jrQ2Fp2BKSVq11ETx6avJ6dsODZrvXtLV47y6Ahprgmw9tCJbWH+
+JCQsQmBhLBdGdKeX4zrIPAZCsxPUOiqGw1wrnIUSjxqOQZQ1uIf8ONGjbk/v1/Xi
+JLv1wQKCAQEAln5hLFoJTaIYQYDpZUNILgKE5bwmFbXTBc5oy0Gr4Q2Kzk7B+CS3
+OXTe7RqiJNpPvqrXgVTYk0gmEnPm3iYlIoMIxtzbbxh37uHgTDTvOlpIKNbhOD6/
+az9GhEzg1qP+fh3T6nnRGftcllohcGucpEu8QhTwSatz1ZOlPX4VXuAzGaOwEoga
+/KJmDyKY4NMZ1gdIsjjrZNnmYtkLysHOVwLZH6MEmJ90q/BTgHKznPBeqqo7+ctk
+WLmvj+p/RcJulWgzynqdEE4pr2Vn8oGpyRsID8bIDoMXDC7T/z+OO3qdygWJW9vf
+YTk+H/06SsRVOwSH3fTxlv5pOILXhsiJyQKCAQEAvSS36aam59KHJP8MG0Xm1OId
+cXSQqC1TUFt9mfIfiNdlmQWqlX/FWQSKo3B/ufJVChSu7Vy4pWd2FKfqhDsVrJ/W
+6U1U7QJdqsYMN8yWGHEC9riBFl/Pu6vaCluWm/qANzoSMaLB1oMy4SCxGui+6yxN
+YktI6E+fRTzPdj/1hznyqicnmOBarzUKItfkwyh6fyIgfaFD9N79CmjZWLpKf16Y
+lp6hmCR6BAErj0jjKZjsC51DfAs5fnnA6csZxWtGF3HJnIqz/Fdjsb2R+RNlWQGX
+2pZ8hMV0OvEajK66ApbqQMeJzQwGi91Xr6w1z+EvAr6H6jECE+daY2GDtJ7V5Q==
+-----END RSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/3181fc79/ci/new_tsqa/files/rsa_keys/www.example.com.pem
----------------------------------------------------------------------
diff --git a/ci/new_tsqa/files/rsa_keys/www.example.com.pem b/ci/new_tsqa/files/rsa_keys/www.example.com.pem
index a2ef567..4bc273d 100644
--- a/ci/new_tsqa/files/rsa_keys/www.example.com.pem
+++ b/ci/new_tsqa/files/rsa_keys/www.example.com.pem
@@ -27,23 +27,26 @@ X+RxTyZzoNazbC6JEsFx9IJLn/L0/8jsg368m1f0Dkptd2LzrLsw2zuY6wm8DrLH
 Re4GALck6zlT+rZNLuN13p5Z
 -----END PRIVATE KEY-----
 -----BEGIN CERTIFICATE-----
-MIIDizCCAnOgAwIBAgIJAPvhz+ZDGGDAMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV
-BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg
-Q29tcGFueSBMdGQxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTAeFw0xNTAxMjgx
-ODU4NTVaFw0xNTAyMjcxODU4NTVaMFwxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxE
-ZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxGDAWBgNV
+MIIECTCCAfECAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCWFgxFTATBgNV
+BAcMDERlZmF1bHQgQ2l0eTEMMAoGA1UECgwDQVRTMRUwEwYDVQQDDAxpbnRlcm1l
+ZGlhdGUwHhcNMTUwNDEzMjAwNDA3WhcNMjAwNDExMjAwNDA3WjBMMQswCQYDVQQG
+EwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MQwwCgYDVQQKDANBVFMxGDAWBgNV
 BAMMD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
 ggEBAKtLcne4vYw2vVD3Mvs4O6TDxQ4c3gDC5aw1IMnNqzCuDG0U7dV8lsJ+jsJS
 2iOgljf3vzebcecuE8BwXF+xKBDRnxN1Rli2rYjWn94Sn8DqR1B98dLhOjS55hDy
 vUjqkwlOeJoOLwgIPR3zftbBtRRrHHwiHNoU0+u9J2ElvUsY/GPxi98q8cX2uTCq
 klIQBcUIpNr8fSLzBvyHe7hxdmZg3pqihqLdJjUoaVZm0B9uBOUwy28HdkTcmw03
 BsviB/PFix9dNb1BRnaRPeKuYHzSShCPMOJboynGYum8MP82lBZKJH1MNlgIm0AL
-BbKjGqjyAdlWqwX+uQrKqSDZxskCAwEAAaNQME4wHQYDVR0OBBYEFDI+rlmBGnur
-j67NWhWx/oyK+xYOMB8GA1UdIwQYMBaAFDI+rlmBGnurj67NWhWx/oyK+xYOMAwG
-A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAKl1WYFnT3LYuh3FLvLarZd0
-MPAiTfbFbZBm7WWXm/ZPL+uvdtIQVD8VzGjA1Y3HfapQyVyqNh1BWmlY4oDFFGOF
-VZrZZ9vLG5xqTMBfjm/u7kBlKoU7DKNyeLeHoaOtaJ8Gk0QzUuCXTCF4Nd6qOyz+
-zhGhUa+QeiGIcsQLqTco84KprxD2FXvgFcmDU/OQksXml+QVUSqbZw+P+G9suOq3
-n7zGO7ff6CWjB3bS5m5Wfo1hcLAtGMHr+ZkWLCV5xh7zn7GZOyEpFrbC7TUnee4Y
-+CE3ISKrhIob4WUCd9r8GYGh21CavGCccPxqasdGqRS6ZQpQXopo/UhDR//UURo=
+BbKjGqjyAdlWqwX+uQrKqSDZxskCAwEAATANBgkqhkiG9w0BAQUFAAOCAgEAGrOo
+IRDUjxt65cBR9OZSXRdnL6szAMuNHWlK0MfVtTATWXDKU9S3KjK6seo+ebyaqt1J
+nlyUZ79n6+vU5uSIDANpYQ5Z1DuV5NM2V9o2QiRqExwfgpGUcAXAi0lQ79eA2kzi
+cDgDIpbEAJTFP5/uinaRA9H4KqqfMg5m34tu44A01brb2h/czPOWxD89mKKbtS9H
+ODPkDkq3wTUG/F0RQvfFC6Na8IWkW0jijDBxuFeSbRV00GH3/wpMBcxDuIcKBJcy
+tFrXjCFKzop7djU7OuxEnqQdlgiHgQsszjnLP0k5Lz9CrNG7W+zqmYsvO6s6a94Z
+8lHuwl9GAS/IFQS+c+PsPT7uxgSfbdFHWlmOv1+p/PsPaAQ4Hu/ugga8AjMYoyHg
+V6LBCTbUK7aA3lnu6+EW3qpGve6Z2H1D+B5V8ZXLuA6ooIS80CN9xw6jFcAXcUv8
+pNw/sJDnErzRbxsOPKeLl2EjJ/1/MsQf5DNp3xPFyhv5l3oOxodICEr4eeudGmAW
+OGp21xqo7i3K8YQ6GDMPF6RVX4mOCxY5L9qf+VDLYx8AV9gFZ+VWG8we7jyruqxE
+DwetsfCtwXo5gho9p+K8VHA7nWukydBNiekPFD6S6gBu0vMZxIfW/AKolWgxmyPz
+zZhR8034yoSR6qxuh+as+JpXmw+3MypZ5G/1S54=
 -----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/3181fc79/ci/new_tsqa/files/rsa_keys/www.test.com.pem
----------------------------------------------------------------------
diff --git a/ci/new_tsqa/files/rsa_keys/www.test.com.pem b/ci/new_tsqa/files/rsa_keys/www.test.com.pem
index 6bd3b10..5a0cfa7 100644
--- a/ci/new_tsqa/files/rsa_keys/www.test.com.pem
+++ b/ci/new_tsqa/files/rsa_keys/www.test.com.pem
@@ -27,23 +27,26 @@ j3YSMgXHYSgYti73+zBcy1uVVlUR5Q2HnihFX5Ho1IAQbC+TXzUCnLOEoR/IIHIz
 +qWsoHgJD98ie3cjys0WujpH
 -----END PRIVATE KEY-----
 -----BEGIN CERTIFICATE-----
-MIIDhTCCAm2gAwIBAgIJAJ7iD8W9eXUHMA0GCSqGSIb3DQEBBQUAMFkxCzAJBgNV
-BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg
-Q29tcGFueSBMdGQxFTATBgNVBAMMDHd3dy50ZXN0LmNvbTAeFw0xNTAxMjgxODU5
-MTVaFw0xNTAyMjcxODU5MTVaMFkxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZh
-dWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxFTATBgNVBAMM
-DHd3dy50ZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANSI
-XDSnQk5+b8bRgeK+R3m/le7m2QFYRO702AouvsyQQF6pvV+OSbwZ3Uiyd2hiHRH+
-2RHN0To76U1aMyAS4K3P7nNuUFD3EMzAAoj7ViG52qvAjGpcHOnK8ABnBTkQd+2i
-D9aIQO8k8zRcRCzHrXjaSBVHk181fodYc4vwfzqPth9t13Qqe7RC/226ULxp4Ftn
-6kpTT9wEJWKWOvw4V2sJm7USQohq3egGN1sQXhuiHiA1KzFtf7z25bhJlhH8bjER
-fhVkksyyWgZg6Rw4tNX3T5UNtt2tmyeaBCCkoGWnY0F1LHsxlBFTkN7c8wHOja6g
-i+bBdL1nG1Muv792nFkCAwEAAaNQME4wHQYDVR0OBBYEFDZ0k9VGIt+bls2dqEsk
-+71jcD6uMB8GA1UdIwQYMBaAFDZ0k9VGIt+bls2dqEsk+71jcD6uMAwGA1UdEwQF
-MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAITinBiCI4VJg/rgLsadx3VCeSfu0AgU
-VnS5Z5FJ6HqL0xtRgUrwQgqIM72nf5x3MGcx70TJVv4hDHBPFTfaQ2c3AeGzlpnI
-j46UTEcuHx2ilyXnAOW3Z7Ap08WrBRATwUK21IVqoj9yfKUQ9Y70PCq/wKbZPMbX
-v8zSJ/B+CJcV3yUJKhFVyKJ+de3i36XtItXBUnLoTSByjdCvLDc/uv900kU06DQ1
-qLUVPA0sEYIrC1V3fDokZLHuXW8ZdknfFWHP514rZ++njdrs3D0hInSI/IYIvp0f
-3aK15+uirKoXxjxlQN5zQC/GKCcSiJo2yJ/mvOxIzUjCmb8Zg2ynqsc=
+MIIEBjCCAe4CAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCWFgxFTATBgNV
+BAcMDERlZmF1bHQgQ2l0eTEMMAoGA1UECgwDQVRTMRUwEwYDVQQDDAxpbnRlcm1l
+ZGlhdGUwHhcNMTUwNDEzMjAwNDE0WhcNMjAwNDExMjAwNDE0WjBJMQswCQYDVQQG
+EwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MQwwCgYDVQQKDANBVFMxFTATBgNV
+BAMMDHd3dy50ZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANSIXDSnQk5+b8bRgeK+R3m/le7m2QFYRO702AouvsyQQF6pvV+OSbwZ3Uiyd2hi
+HRH+2RHN0To76U1aMyAS4K3P7nNuUFD3EMzAAoj7ViG52qvAjGpcHOnK8ABnBTkQ
+d+2iD9aIQO8k8zRcRCzHrXjaSBVHk181fodYc4vwfzqPth9t13Qqe7RC/226ULxp
+4Ftn6kpTT9wEJWKWOvw4V2sJm7USQohq3egGN1sQXhuiHiA1KzFtf7z25bhJlhH8
+bjERfhVkksyyWgZg6Rw4tNX3T5UNtt2tmyeaBCCkoGWnY0F1LHsxlBFTkN7c8wHO
+ja6gi+bBdL1nG1Muv792nFkCAwEAATANBgkqhkiG9w0BAQUFAAOCAgEARQSyOqxM
+ecr1SvIu65yZbOPq29343KewRs39ZbjsEbmm5SMdFs7asWHtbD6iiU3mPzqAG0Y3
+i+S98J7xwSvAnWERVNzWhymCu7MQ/mKM9WZWDRGUshFgaYpWDqjw2a/qVC54f/Ye
+OaeDqzWc96Ib0khZdE+IyqpLdclxagVHv0cJOQwqhKOkIDQGEeBTc8AA/luOnC8d
+tE9s8IwTmGpZPYY+kwGVbaLKPanONGDiZM5IyZbBgb9Dq3wL/5DXvQApid37BzHJ
+ceT/gKDQljXOSWacxCPUSNb6aut5ivfbd9w7kXdTZL9UcS+FGPNXQ2z1yu3VaqJV
+MTSfSW5KUHKVLwDsp9hvBpid8S3TpQLeGt68wXoHxvh5PMnsgdA4JxsOTTwKP/gE
+rYhockBGuftKOaRqlRn4+n/nSfLogYoD+32S6ZMBJpPuMBXODiezsP+eAb+wqrV7
+4tiKJC70YNVL7XMdmsDtxj8lcY+aouREnd2+Iutr+YrCM5ZIOKAq57Ib4qTNV3Is
+F0KDEHRBpiS9hcGYzhg39Dovc6RHc6QRqKVrfZfE3jKXfCtefcqceIsh3jH51ONI
+sudX6SOv76PMjnAj0uqF8Kw6YVzLO/MGbAyGilIXYc18GdRWL4gqj9Z9BiLuNcZU
+8AhkHaBWKOHEtVZ8ueEkRBS3I0JZZ8ZKlTM=
 -----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/3181fc79/ci/new_tsqa/tests/test_https.py
----------------------------------------------------------------------
diff --git a/ci/new_tsqa/tests/test_https.py b/ci/new_tsqa/tests/test_https.py
index fcc6bad..6786cbd 100644
--- a/ci/new_tsqa/tests/test_https.py
+++ b/ci/new_tsqa/tests/test_https.py
@@ -44,6 +44,21 @@ class CertSelectionMixin(object):
         sock.do_handshake()
         return sock.get_peer_certificate()
 
+    def _get_cert_chain(self, addr, sni_name=None, ciphers=None):
+        '''
+        Return the certificate chain for addr. Optionally sending sni_name
+        '''
+        ctx = SSL.Context(SSL.TLSv1_2_METHOD)
+        # Set up client
+        sock = SSL.Connection(ctx, socket.socket(socket.AF_INET, socket.SOCK_STREAM))
+        sock.connect(addr)
+        if sni_name is not None:
+            sock.set_tlsext_host_name(sni_name)
+        if ciphers is not None:
+            ctx.set_cipher_list(ciphers)
+        sock.do_handshake()
+        return sock.get_peer_cert_chain()
+
     def test_star_ordering(self):
         '''
         We should be served the first match, since we aren't sending SNI headers
@@ -82,6 +97,20 @@ class CertSelectionMixin(object):
         cert = self._get_cert(addr, sni_name='www.example.com')
         self.assertEqual(cert.get_subject().commonName.decode(), 'www.example.com')
 
+    def _intermediate_ca_t(self, cipher):
+        # send a request that *should* get an intermediate CA
+        addr = ('127.0.0.1', self.ssl_port)
+        cert_chain = self._get_cert_chain(addr, ciphers=CIPHER_MAP[cipher])
+        self.assertEqual(len(cert_chain), 2)
+        self.assertEqual(cert_chain[0].get_subject().commonName.decode(), 'www.example.com')
+        self.assertEqual(cert_chain[1].get_subject().commonName.decode(), 'intermediate')
+
+        # send a request that shouldn't get an intermediate CA
+        addr = ('127.0.0.1', self.ssl_port)
+        cert_chain = self._get_cert_chain(addr, ciphers=CIPHER_MAP[cipher], sni_name='www.test.com')
+        self.assertEqual(len(cert_chain), 1)
+        self.assertEqual(cert_chain[0].get_subject().commonName.decode(), 'www.test.com')
+
 
 class TestRSA(helpers.EnvironmentCase, CertSelectionMixin):
     '''
@@ -99,10 +128,10 @@ class TestRSA(helpers.EnvironmentCase, CertSelectionMixin):
         })
 
         # configure SSL multicert
-        cls.configs['ssl_multicert.config'].add_line('dest_ip=127.0.0.2 ssl_cert_name={0}'.format(helpers.tests_file_path('rsa_keys/www.example.com.pem')))
+        cls.configs['ssl_multicert.config'].add_line('dest_ip=127.0.0.2 ssl_cert_name={0}
ssl_ca_name={1}'.format(helpers.tests_file_path('rsa_keys/www.example.com.pem'), helpers.tests_file_path('rsa_keys/intermediate.crt')))
         cls.configs['ssl_multicert.config'].add_line('dest_ip=127.0.0.2 ssl_cert_name={0}'.format(helpers.tests_file_path('rsa_keys/www.test.com.pem')))
 
-        cls.configs['ssl_multicert.config'].add_line('dest_ip=* ssl_cert_name={0}'.format(helpers.tests_file_path('rsa_keys/www.example.com.pem')))
+        cls.configs['ssl_multicert.config'].add_line('dest_ip=* ssl_cert_name={0} ssl_ca_name={1}'.format(helpers.tests_file_path('rsa_keys/www.example.com.pem'),
helpers.tests_file_path('rsa_keys/intermediate.crt')))
         cls.configs['ssl_multicert.config'].add_line('dest_ip=* ssl_cert_name={0}'.format(helpers.tests_file_path('rsa_keys/www.test.com.pem')))
 
     def test_rsa(self):
@@ -116,6 +145,13 @@ class TestRSA(helpers.EnvironmentCase, CertSelectionMixin):
             cert = self._get_cert(addr, ciphers=CIPHER_MAP['ecdsa'])
             self.assertEqual(cert.get_subject().commonName.decode(), 'www.example.com')
 
+    def test_intermediate_ca_rsa(self):
+        self._intermediate_ca_t('rsa')
+
+    def test_intermediate_ca_ecdsa(self):
+        with self.assertRaises(Exception):
+            self._intermediate_ca_t('ecdsa')
+
 class TestECDSA(helpers.EnvironmentCase, CertSelectionMixin):
     '''
     Tests for https for ATS configured with ECDSA certificates


Mime
View raw message