Remove all static minica keys (#7489)
Remove the redis-tls, wfe-tls, and mail-test-srv keys which were generated by minica and then checked in to the repo. All three are replaced by the dynamically-generated ipki directory. Part of https://github.com/letsencrypt/boulder/issues/7476
This commit is contained in:
Aaron Gable
GitHub
parent
eb607e5b10
commit
146b78a0f7
|
|
@ -229,8 +229,8 @@ the following URLs:
|
|||
|
||||
To access the HTTPS versions of the endpoints you will need to configure your
|
||||
ACME client software to use a CA truststore that contains the
|
||||
`test/wfe-tls/minica.pem` CA certificate. See
|
||||
[`test/PKI.md`](https://github.com/letsencrypt/boulder/blob/main/test/PKI.md)
|
||||
`test/certs/ipki/minica.pem` CA certificate. See
|
||||
[`test/certs/README.md`](https://github.com/letsencrypt/boulder/blob/main/test/certs/README.md)
|
||||
for more information.
|
||||
|
||||
Your local Boulder instance uses a fake DNS resolver that returns 127.0.0.1
|
||||
|
|
|
|||
|
|
@ -24,9 +24,9 @@ import (
|
|||
)
|
||||
|
||||
func makeClient() (*rocsp.RWClient, clock.Clock) {
|
||||
CACertFile := "../../test/redis-tls/minica.pem"
|
||||
CertFile := "../../test/redis-tls/boulder/cert.pem"
|
||||
KeyFile := "../../test/redis-tls/boulder/key.pem"
|
||||
CACertFile := "../../test/certs/ipki/minica.pem"
|
||||
CertFile := "../../test/certs/ipki/localhost/cert.pem"
|
||||
KeyFile := "../../test/certs/ipki/localhost/key.pem"
|
||||
tlsConfig := cmd.TLSConfig{
|
||||
CACertFile: CACertFile,
|
||||
CertFile: CertFile,
|
||||
|
|
|
|||
|
|
@ -41,9 +41,9 @@ Redis protocol. Here's the command to do that (run from the Boulder root):
|
|||
|
||||
```shell
|
||||
openssl s_client -connect 10.33.33.2:4218 \
|
||||
-CAfile test/redis-tls/minica.pem \
|
||||
-cert test/redis-tls/boulder/cert.pem \
|
||||
-key test/redis-tls/boulder/key.pem
|
||||
-CAfile test/certs/ipki/minica.pem \
|
||||
-cert test/certs/ipki/localhost/cert.pem \
|
||||
-key test/certs/ipki/localhost/key.pem
|
||||
```
|
||||
|
||||
Then, first thing when you connect, run `AUTH <user> <password>`. You can get a
|
||||
|
|
|
|||
|
|
@ -2,6 +2,9 @@ package mail
|
|||
|
||||
import (
|
||||
"bufio"
|
||||
"crypto/ecdsa"
|
||||
"crypto/elliptic"
|
||||
"crypto/rand"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"fmt"
|
||||
|
|
@ -9,7 +12,6 @@ import (
|
|||
"net"
|
||||
"net/mail"
|
||||
"net/textproto"
|
||||
"os"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
|
|
@ -21,6 +23,42 @@ import (
|
|||
"github.com/letsencrypt/boulder/test"
|
||||
)
|
||||
|
||||
var (
|
||||
// These variables are populated by init(), and then referenced by setup() and
|
||||
// listenForever(). smtpCert is the TLS certificate which will be served by
|
||||
// the fake SMTP server, and smtpRoot is the issuer of that certificate which
|
||||
// will be trusted by the SMTP client under test.
|
||||
smtpRoot *x509.CertPool
|
||||
smtpCert *tls.Certificate
|
||||
)
|
||||
|
||||
func init() {
|
||||
// Populate the global smtpRoot and smtpCert variables. We use a single self
|
||||
// signed cert for both, for ease of generation. It has to assert the name
|
||||
// localhost to appease the mailer, which is connecting to localhost.
|
||||
key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
||||
fmt.Println(err)
|
||||
template := x509.Certificate{
|
||||
DNSNames: []string{"localhost"},
|
||||
SerialNumber: big.NewInt(123),
|
||||
NotBefore: time.Now().Add(-24 * time.Hour),
|
||||
NotAfter: time.Now().Add(24 * time.Hour),
|
||||
}
|
||||
certDER, err := x509.CreateCertificate(rand.Reader, &template, &template, key.Public(), key)
|
||||
fmt.Println(err)
|
||||
cert, err := x509.ParseCertificate(certDER)
|
||||
fmt.Println(err)
|
||||
|
||||
smtpRoot = x509.NewCertPool()
|
||||
smtpRoot.AddCert(cert)
|
||||
|
||||
smtpCert = &tls.Certificate{
|
||||
Certificate: [][]byte{certDER},
|
||||
PrivateKey: key,
|
||||
Leaf: cert,
|
||||
}
|
||||
}
|
||||
|
||||
type fakeSource struct{}
|
||||
|
||||
func (f fakeSource) generate() *big.Int {
|
||||
|
|
@ -76,13 +114,8 @@ func expect(t *testing.T, buf *bufio.Reader, expected string) error {
|
|||
type connHandler func(int, *testing.T, net.Conn, *net.TCPConn)
|
||||
|
||||
func listenForever(l *net.TCPListener, t *testing.T, handler connHandler) {
|
||||
keyPair, err := tls.LoadX509KeyPair("../test/mail-test-srv/localhost/cert.pem", "../test/mail-test-srv/localhost/key.pem")
|
||||
if err != nil {
|
||||
t.Errorf("loading keypair: %s", err)
|
||||
|
||||
}
|
||||
tlsConf := &tls.Config{
|
||||
Certificates: []tls.Certificate{keyPair},
|
||||
Certificates: []tls.Certificate{*smtpCert},
|
||||
}
|
||||
connID := 0
|
||||
for {
|
||||
|
|
@ -285,16 +318,6 @@ func setup(t *testing.T) (*mailerImpl, *net.TCPListener, func()) {
|
|||
}
|
||||
}
|
||||
|
||||
pem, err := os.ReadFile("../test/mail-test-srv/minica.pem")
|
||||
if err != nil {
|
||||
t.Fatalf("loading smtp root: %s", err)
|
||||
}
|
||||
smtpRoots := x509.NewCertPool()
|
||||
ok := smtpRoots.AppendCertsFromPEM(pem)
|
||||
if !ok {
|
||||
t.Fatal("failed parsing SMTP root")
|
||||
}
|
||||
|
||||
// We can look at the listener Addr() to figure out which free port was
|
||||
// assigned by the operating system
|
||||
|
||||
|
|
@ -308,7 +331,7 @@ func setup(t *testing.T) (*mailerImpl, *net.TCPListener, func()) {
|
|||
port,
|
||||
"user@example.com",
|
||||
"passwd",
|
||||
smtpRoots,
|
||||
smtpRoot,
|
||||
*fromAddress,
|
||||
log,
|
||||
metrics.NoopRegisterer,
|
||||
|
|
|
|||
|
|
@ -374,9 +374,9 @@ func initAuthorities(t *testing.T) (*DummyValidationAuthority, sapb.StorageAutho
|
|||
rc := bredis.Config{
|
||||
Username: "unittest-rw",
|
||||
TLS: cmd.TLSConfig{
|
||||
CACertFile: "../test/redis-tls/minica.pem",
|
||||
CertFile: "../test/redis-tls/boulder/cert.pem",
|
||||
KeyFile: "../test/redis-tls/boulder/key.pem",
|
||||
CACertFile: "../test/certs/ipki/minica.pem",
|
||||
CertFile: "../test/certs/ipki/localhost/cert.pem",
|
||||
KeyFile: "../test/certs/ipki/localhost/key.pem",
|
||||
},
|
||||
Lookups: []cmd.ServiceDomain{
|
||||
{
|
||||
|
|
|
|||
|
|
@ -4,19 +4,20 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
"golang.org/x/net/context"
|
||||
|
||||
"github.com/letsencrypt/boulder/cmd"
|
||||
"github.com/letsencrypt/boulder/metrics"
|
||||
"github.com/letsencrypt/boulder/test"
|
||||
"golang.org/x/net/context"
|
||||
|
||||
"github.com/jmhodges/clock"
|
||||
"github.com/redis/go-redis/v9"
|
||||
)
|
||||
|
||||
func newTestRedisSource(clk clock.FakeClock, addrs map[string]string) *RedisSource {
|
||||
CACertFile := "../test/redis-tls/minica.pem"
|
||||
CertFile := "../test/redis-tls/boulder/cert.pem"
|
||||
KeyFile := "../test/redis-tls/boulder/key.pem"
|
||||
CACertFile := "../test/certs/ipki/minica.pem"
|
||||
CertFile := "../test/certs/ipki/localhost/cert.pem"
|
||||
KeyFile := "../test/certs/ipki/localhost/key.pem"
|
||||
tlsConfig := cmd.TLSConfig{
|
||||
CACertFile: CACertFile,
|
||||
CertFile: CertFile,
|
||||
|
|
|
|||
|
|
@ -14,9 +14,9 @@ import (
|
|||
)
|
||||
|
||||
func newTestRedisRing() *redis.Ring {
|
||||
CACertFile := "../test/redis-tls/minica.pem"
|
||||
CertFile := "../test/redis-tls/boulder/cert.pem"
|
||||
KeyFile := "../test/redis-tls/boulder/key.pem"
|
||||
CACertFile := "../test/certs/ipki/minica.pem"
|
||||
CertFile := "../test/certs/ipki/localhost/cert.pem"
|
||||
KeyFile := "../test/certs/ipki/localhost/key.pem"
|
||||
tlsConfig := cmd.TLSConfig{
|
||||
CACertFile: CACertFile,
|
||||
CertFile: CertFile,
|
||||
|
|
|
|||
|
|
@ -9,16 +9,17 @@ import (
|
|||
"time"
|
||||
|
||||
"github.com/jmhodges/clock"
|
||||
"github.com/letsencrypt/boulder/cmd"
|
||||
"github.com/letsencrypt/boulder/metrics"
|
||||
"github.com/redis/go-redis/v9"
|
||||
"golang.org/x/crypto/ocsp"
|
||||
|
||||
"github.com/letsencrypt/boulder/cmd"
|
||||
"github.com/letsencrypt/boulder/metrics"
|
||||
)
|
||||
|
||||
func makeClient() (*RWClient, clock.Clock) {
|
||||
CACertFile := "../test/redis-tls/minica.pem"
|
||||
CertFile := "../test/redis-tls/boulder/cert.pem"
|
||||
KeyFile := "../test/redis-tls/boulder/key.pem"
|
||||
CACertFile := "../test/certs/ipki/minica.pem"
|
||||
CertFile := "../test/certs/ipki/localhost/cert.pem"
|
||||
KeyFile := "../test/certs/ipki/localhost/key.pem"
|
||||
tlsConfig := cmd.TLSConfig{
|
||||
CACertFile: CACertFile,
|
||||
CertFile: CertFile,
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
/ipki
|
||||
/misc
|
||||
/webpki
|
||||
/.softhsm-tokens
|
||||
|
|
|
|||
|
|
@ -47,22 +47,37 @@ these certificates (for the services that we run multiple copies of) have
|
|||
multiple names, so the same certificate can be loaded by each copy of that
|
||||
service.
|
||||
|
||||
It also contains some non-gRPC certificates which are nonetheless serving the
|
||||
role of internal authentication between Let's Encrypt components:
|
||||
|
||||
- The IP-address certificate used by challtestsrv (which acts as the integration
|
||||
test environment's recursive resolver) for DoH handshakes.
|
||||
- The certificate presented by mail-test-srv's SMTP endpoint.
|
||||
- The certificate presented by the test redis cluster.
|
||||
- The certificate presented by the WFE's API TLS handler (which is usually
|
||||
behind some other load-balancer like nginx).
|
||||
|
||||
This PKI is loaded by virtually every Boulder component.
|
||||
|
||||
**Note:** the minica issuer certificate and the "localhost" end-entity
|
||||
certificate are also used by several rocsp and ratelimit unit tests. The tests
|
||||
use these certificates to authenticate to the docker-compose redis cluster, and
|
||||
therefore cannot succeed outside of the docker environment anyway, so a
|
||||
dependency on the ipki hierarchy having been generated does not break them
|
||||
further.
|
||||
|
||||
## Other Test PKIs
|
||||
|
||||
A variety of other PKIs (collections of keys and certificates) exist in this
|
||||
repository for the sake of unit and integration testing. We list them here as a
|
||||
TODO-list of PKIs to remove and clean up:
|
||||
|
||||
- challtestsrv DoH: Our fake DNS challenge test server (which fulfills DNS-01
|
||||
challenges during integration tests) can negotiate DoH handshakes. The key and
|
||||
cert is uses for this are currently generated as part of the ipki directory,
|
||||
but are fundamentally different from that PKI and should be moved.
|
||||
- wfe-tls: The //test/wfe-tls/ directory holds the key and certificate which the
|
||||
WFE uses to negotiate TLS handshakes with API clients.
|
||||
- redis: The //test/redis-tls/ directory holds the key and certificate used by
|
||||
our test redis cluster. This should probably be moved into the ipki directory.
|
||||
- unit tests: the //test/hierarchy/ directory holds a variety of certificates
|
||||
used by unit tests. These should be replaced by certs which the unit tests
|
||||
dynamically generate in-memory, rather than loading from disk.
|
||||
- unit test hierarchy: the //test/hierarchy/ directory holds a collection of
|
||||
certificates used by unit tests which want access to realistic issuer certs
|
||||
but don't want to rely on the //test/certs/webpki directory being generated.
|
||||
These should be replaced by certs which the unit tests dynamically generate
|
||||
in-memory, rather than loading from disk.
|
||||
- unit test mocks: //test/test-key-5.der and //wfe2/wfe_test.go contain keys and
|
||||
certificates which are used to elicit specific behavior from //mocks/mocks.go.
|
||||
These should be replaced with dynamically-generated keys and more flexible
|
||||
mocks.
|
||||
|
|
|
|||
|
|
@ -3,32 +3,50 @@ set -e
|
|||
|
||||
cd "$(realpath -- $(dirname -- "$0"))"
|
||||
|
||||
ipki() (
|
||||
# Check that `minica` is installed
|
||||
command -v minica >/dev/null 2>&1 || {
|
||||
echo >&2 "No 'minica' command available.";
|
||||
echo >&2 "Check your GOPATH and run: 'go install github.com/jsha/minica@latest'.";
|
||||
exit 1;
|
||||
}
|
||||
# Check that `minica` is installed
|
||||
command -v minica >/dev/null 2>&1 || {
|
||||
echo >&2 "No 'minica' command available.";
|
||||
echo >&2 "Check your GOPATH and run: 'go install github.com/jsha/minica@latest'.";
|
||||
exit 1;
|
||||
}
|
||||
|
||||
ipki() (
|
||||
# Minica generates everything in-place, so we need to cd into the subdirectory.
|
||||
# This function executes in a subshell, so this cd does not affect the parent
|
||||
# script.
|
||||
mkdir ipki
|
||||
cd ipki
|
||||
|
||||
# Used by challtestsrv to negotiate DoH handshakes.
|
||||
# TODO: Move this out of the ipki directory.
|
||||
# This also creates the issuer key, so the loops below can run in the
|
||||
# background without competing over who gets to create it.
|
||||
# Create a generic cert which can be used by our test-only services (like
|
||||
# mail-test-srv) that aren't sophisticated enough to present a different name.
|
||||
# This first invocation also creates the issuer key, so the loops below can
|
||||
# run in the background without racing to create it.
|
||||
minica -domains localhost
|
||||
|
||||
# Used by challtestsrv to negotiate DoH handshakes. Even though we think of
|
||||
# challtestsrv as being external to our infrastructure (because it hosts the
|
||||
# DNS records that the tests validate), it *also* takes the place of our
|
||||
# recursive resolvers, so the DoH certificate that it presents to the VAs is
|
||||
# part of our internal PKI.
|
||||
minica -ip-addresses 10.77.77.77,10.88.88.88
|
||||
|
||||
# Presented by the WFE's TLS server, when configured. Normally the WFE lives
|
||||
# behind another TLS-terminating server like nginx or apache, so the cert that
|
||||
# it presents to that layer is also part of the internal PKI.
|
||||
minica -domains "boulder"
|
||||
|
||||
# Presented by the test redis cluster. Contains IP addresses because Boulder
|
||||
# components find individual redis servers via SRV records.
|
||||
minica -domains redis -ip-addresses 10.33.33.2,10.33.33.3,10.33.33.4,10.33.33.5,10.33.33.6,10.33.33.7,10.33.33.8,10.33.33.9
|
||||
|
||||
# Used by Boulder gRPC services as both server and client mTLS certificates.
|
||||
for SERVICE in admin-revoker expiration-mailer ocsp-responder consul \
|
||||
wfe akamai-purger bad-key-revoker crl-updater crl-storer \
|
||||
health-checker; do
|
||||
health-checker rocsp-tool; do
|
||||
minica -domains "${SERVICE}.boulder" &
|
||||
done
|
||||
|
||||
# Same as above, for services that we run multiple copies of.
|
||||
for SERVICE in publisher nonce ra ca sa va rva ; do
|
||||
minica -domains "${SERVICE}.boulder,${SERVICE}1.boulder,${SERVICE}2.boulder" &
|
||||
done
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ DIRECTORY_V2 = os.getenv('DIRECTORY_V2', 'http://boulder.service.consul:4001/dir
|
|||
ACCEPTABLE_TOS = os.getenv('ACCEPTABLE_TOS',"https://boulder.service.consul:4431/terms/v7")
|
||||
PORT = os.getenv('PORT', '80')
|
||||
|
||||
os.environ.setdefault('REQUESTS_CA_BUNDLE', 'test/wfe-tls/minica.pem')
|
||||
os.environ.setdefault('REQUESTS_CA_BUNDLE', 'test/certs/ipki/minica.pem')
|
||||
|
||||
import challtestsrv
|
||||
challSrv = challtestsrv.ChallTestServer()
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@
|
|||
"username": "cert-manager@example.com",
|
||||
"from": "bad key revoker <bad-key-revoker@test.org>",
|
||||
"passwordFile": "test/secrets/smtp_password",
|
||||
"SMTPTrustedRootFile": "test/mail-test-srv/minica.pem",
|
||||
"SMTPTrustedRootFile": "test/certs/ipki/minica.pem",
|
||||
"emailSubject": "Certificates you've issued have been revoked due to key compromise",
|
||||
"emailTemplate": "test/example-bad-key-revoker-template"
|
||||
},
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@
|
|||
"noWaitForReady": true,
|
||||
"hostOverride": "sa.boulder"
|
||||
},
|
||||
"SMTPTrustedRootFile": "test/mail-test-srv/minica.pem",
|
||||
"SMTPTrustedRootFile": "test/certs/ipki/minica.pem",
|
||||
"frequency": "1h",
|
||||
"features": {
|
||||
"ExpirationMailerUsesJoin": true
|
||||
|
|
|
|||
|
|
@ -11,9 +11,9 @@
|
|||
"poolSize": 100,
|
||||
"routeRandomly": true,
|
||||
"tls": {
|
||||
"caCertFile": "test/redis-tls/minica.pem",
|
||||
"certFile": "test/redis-tls/boulder/cert.pem",
|
||||
"keyFile": "test/redis-tls/boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/ocsp-responder.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/ocsp-responder.boulder/key.pem"
|
||||
}
|
||||
},
|
||||
"tls": {
|
||||
|
|
|
|||
|
|
@ -9,9 +9,9 @@
|
|||
},
|
||||
"timeout": "5s",
|
||||
"tls": {
|
||||
"caCertFile": "test/redis-tls/minica.pem",
|
||||
"certFile": "test/redis-tls/boulder/cert.pem",
|
||||
"keyFile": "test/redis-tls/boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/rocsp-tool.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/rocsp-tool.boulder/key.pem"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
{
|
||||
"wfe": {
|
||||
"timeout": "30s",
|
||||
"serverCertificatePath": "test/wfe-tls/boulder/cert.pem",
|
||||
"serverKeyPath": "test/wfe-tls/boulder/key.pem",
|
||||
"serverCertificatePath": "test/certs/ipki/boulder/cert.pem",
|
||||
"serverKeyPath": "test/certs/ipki/boulder/key.pem",
|
||||
"allowOrigins": [
|
||||
"*"
|
||||
],
|
||||
|
|
@ -118,9 +118,9 @@
|
|||
"poolSize": 100,
|
||||
"routeRandomly": true,
|
||||
"tls": {
|
||||
"caCertFile": "test/redis-tls/minica.pem",
|
||||
"certFile": "test/redis-tls/boulder/cert.pem",
|
||||
"keyFile": "test/redis-tls/boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/wfe.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/wfe.boulder/key.pem"
|
||||
}
|
||||
},
|
||||
"Defaults": "test/config-next/wfe2-ratelimit-defaults.yml",
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@
|
|||
"username": "cert-manager@example.com",
|
||||
"from": "bad key revoker <bad-key-revoker@test.org>",
|
||||
"passwordFile": "test/secrets/smtp_password",
|
||||
"SMTPTrustedRootFile": "test/mail-test-srv/minica.pem",
|
||||
"SMTPTrustedRootFile": "test/certs/ipki/minica.pem",
|
||||
"emailSubject": "Certificates you've issued have been revoked due to key compromise",
|
||||
"emailTemplate": "test/example-bad-key-revoker-template"
|
||||
},
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@
|
|||
"noWaitForReady": true,
|
||||
"hostOverride": "sa.boulder"
|
||||
},
|
||||
"SMTPTrustedRootFile": "test/mail-test-srv/minica.pem",
|
||||
"SMTPTrustedRootFile": "test/certs/ipki/minica.pem",
|
||||
"frequency": "1h"
|
||||
},
|
||||
"syslog": {
|
||||
|
|
|
|||
|
|
@ -15,9 +15,9 @@
|
|||
"poolSize": 100,
|
||||
"routeRandomly": true,
|
||||
"tls": {
|
||||
"caCertFile": "test/redis-tls/minica.pem",
|
||||
"certFile": "test/redis-tls/boulder/cert.pem",
|
||||
"keyFile": "test/redis-tls/boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/ocsp-responder.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/ocsp-responder.boulder/key.pem"
|
||||
}
|
||||
},
|
||||
"tls": {
|
||||
|
|
|
|||
|
|
@ -10,9 +10,9 @@
|
|||
},
|
||||
"timeout": "5s",
|
||||
"tls": {
|
||||
"caCertFile": "test/redis-tls/minica.pem",
|
||||
"certFile": "test/redis-tls/boulder/cert.pem",
|
||||
"keyFile": "test/redis-tls/boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/rocsp-tool.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/rocsp-tool.boulder/key.pem"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
|
|||
|
|
@ -2,8 +2,8 @@
|
|||
"wfe": {
|
||||
"listenAddress": "0.0.0.0:4001",
|
||||
"TLSListenAddress": "0.0.0.0:4431",
|
||||
"serverCertificatePath": "test/wfe-tls/boulder/cert.pem",
|
||||
"serverKeyPath": "test/wfe-tls/boulder/key.pem",
|
||||
"serverCertificatePath": "test/certs/ipki/boulder/cert.pem",
|
||||
"serverKeyPath": "test/certs/ipki/boulder/key.pem",
|
||||
"allowOrigins": [
|
||||
"*"
|
||||
],
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ import (
|
|||
"testing"
|
||||
|
||||
"github.com/jmhodges/clock"
|
||||
|
||||
"github.com/letsencrypt/boulder/cmd"
|
||||
blog "github.com/letsencrypt/boulder/log"
|
||||
"github.com/letsencrypt/boulder/metrics"
|
||||
|
|
@ -35,9 +36,9 @@ func TestDuplicateFQDNRateLimit(t *testing.T) {
|
|||
rc := bredis.Config{
|
||||
Username: "unittest-rw",
|
||||
TLS: cmd.TLSConfig{
|
||||
CACertFile: "test/redis-tls/minica.pem",
|
||||
CertFile: "test/redis-tls/boulder/cert.pem",
|
||||
KeyFile: "test/redis-tls/boulder/key.pem",
|
||||
CACertFile: "test/certs/ipki/minica.pem",
|
||||
CertFile: "test/certs/ipki/localhost/cert.pem",
|
||||
KeyFile: "test/certs/ipki/localhost/key.pem",
|
||||
},
|
||||
Lookups: []cmd.ServiceDomain{
|
||||
{
|
||||
|
|
|
|||
|
|
@ -1,19 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDDTCCAfWgAwIBAgIIQGSVDolhyP4wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
|
||||
AxMVbWluaWNhIHJvb3QgY2EgMGY1NmYxMCAXDTE3MTEwMjAxMzUyMVoYDzIxMDcx
|
||||
MTAyMDIzNTIxWjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB
|
||||
AQUAA4IBDwAwggEKAoIBAQDUJMN6C6mqo/AYMKYUBnsxvsnyZYFSqeWraSZQlMWs
|
||||
THB2FYUUndTOOQIypQfDEHtSx+bA5VzvKfgUSYMcHeFqf5zm00+33G6Z/TlBS6a1
|
||||
UG1GQf5saKemKkujLS7zHBTn7OqANJefZtIlXOh4s6EwkbpzyYM2s89FxxQMvdnH
|
||||
eB6exiiOsG9OHlA9Y4sPOSt1myYcuGKaxzTeEHpBYQii/SPzNqVEikDAmzfXDkUZ
|
||||
Y7xnJO7B1JLkWz+/J/OoEPcjulPuyO1x71b8Wxlf7IGz4G1L0DwYWYWF9ihBAP7L
|
||||
nxCghb2J3wyh+NXRN67teIjL5Ata4i9QleoQVCO31GMNAgMBAAGjVTBTMA4GA1Ud
|
||||
DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0T
|
||||
AQH/BAIwADAUBgNVHREEDTALgglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggEB
|
||||
AHya9synKy5sBv+608s9stcDPOdT6neNtzOm2cY9mq9KEO58acRi7CTa/Fxa/cpm
|
||||
B/iYMHznqe/6dzgpdDUYgcr/gfMFKI7qjms7EyCUdIpC5qmiyZNjTNMOLm7SlM0F
|
||||
00FobsGScgK/D1AubqzbizgCzKO4QttlZd07i5mQHdFURGRg2CHCVawRVMUzMgA3
|
||||
ZslZh+wTa4AilXunA02aOkwDkQcPUQJXaUIx2NpIN3+aPSw3/8aTU3tiEEgCbblQ
|
||||
YfGC0H5gPF5OjZCknTp0RxdCMIfnWdgzh9mU3cmXwR7roLEec+Wp0S7PQ8ayo/c1
|
||||
ocNPAB9fZDHmqHaRYApI4BI=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpQIBAAKCAQEA1CTDegupqqPwGDCmFAZ7Mb7J8mWBUqnlq2kmUJTFrExwdhWF
|
||||
FJ3UzjkCMqUHwxB7UsfmwOVc7yn4FEmDHB3han+c5tNPt9xumf05QUumtVBtRkH+
|
||||
bGinpipLoy0u8xwU5+zqgDSXn2bSJVzoeLOhMJG6c8mDNrPPRccUDL3Zx3gensYo
|
||||
jrBvTh5QPWOLDzkrdZsmHLhimsc03hB6QWEIov0j8zalRIpAwJs31w5FGWO8ZyTu
|
||||
wdSS5Fs/vyfzqBD3I7pT7sjtce9W/FsZX+yBs+BtS9A8GFmFhfYoQQD+y58QoIW9
|
||||
id8MofjV0Teu7XiIy+QLWuIvUJXqEFQjt9RjDQIDAQABAoIBAQCwQut3mAEcmqF+
|
||||
N82Fje0F4/N+xv+wYyFETlVbVoD3K3u1YSP1gT2zKoK8+Yl9dVBB832yf9+7hy9s
|
||||
C7g3wEvuZKFE2AXAShJLN64+plCZDX39hg+Sm1HQKgw2Q/BiZc6o9JvSceAYvSGV
|
||||
kaBFyVoANNSqJ6Ax7ywkWcg63fL4Wz2r0J+HhEI09OlazdKepbcteDu+3ohw1FkA
|
||||
LSMJ6UuBCyx2w5TY32YTArtrX41gVKYJ9CfJd/9Bp3xypBQ+GTDoYQfHSAJjhK/3
|
||||
yRS6xlg05v6WVccjAJv2depKEpRXTWrHLiPRW+Rdn70T65vd4Kkwa7m1KAPPdOzq
|
||||
p7MgyBAxAoGBAN0j17g/QjjHGVsw/58tbzC1Wk5rULmMbz4BPRMCv5KJN2iRbJiO
|
||||
hHkMX6AeMbQCkRhoMDSRfNbTnzEfwUepD40U4rlRdoMv7Ig0Aj88/bc4KzC4ihJ0
|
||||
FBtehGfGbGds5DvXj/tAOqQaZwIu6bazg35RlkEwVyU1KouCGa7+alYHAoGBAPWV
|
||||
3nUC0VQ3NnYcvHhWpSZO+K4PzE+Z27npTXlNbdosPuOZE86OeS0JLHYpwZPHZb7M
|
||||
53FA1hEiST1E7NEu6lNj0L077dD528BDMuZqywvfqclUH5EWXZp9HRXzO5eRa9td
|
||||
N/peQST93/hJohZ/EKuxUxoHe0HPx68e2+Sr5ZlLAoGAYbnPQSsjdrf16qjSrmOD
|
||||
ucDLMdCXEgiPuJUPinEye+2LwPhTR2/j9yKSt83gJS7lNCYG95Q72SwYM7tWzPZX
|
||||
Wv+Z2k+30e3B18c0HwIzFV8LJzLGQbVulVHFrZ6wlVw32IJArMYLpC3Oy9Yzjnvy
|
||||
ZkZj4lcci+Lc9F4AP6dLEs0CgYEAiwYoRL0vmykWX46s8sK6AxG5nW+8DWPgC0KT
|
||||
ZRP8GAHsKBPELq5g0qnazZmdx/adFoIQkwBNLq3mIBUgqtqQNFzREg8W9bI8QH7K
|
||||
Fb5m63XWO+6vYAb1PjuNd5uWJJtiH3CJ++XXowVFAN1OMMYFvexISvfpQrxJIk2p
|
||||
1a2p8DkCgYEAzniTsmTFI9WrOb6CKhPiPBvjhHApixQ9531tUHvXh43OGwc3z5Wi
|
||||
tQzdzo7QRPmerKFwI3o7H6Ei+39xbIDnCZtQkctzyxLFYZA18xx+zgkEhgxWZUT6
|
||||
aJ49/xHnzyQC0OV5IYpxxzbnBnj8RmjEnsvsqD0VI/jdAV40W3G6vVE=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEA1B7APkx8Eu5xL7ZogG2U12ag9XUGEGYdCLtsbbg54HTSmGwr
|
||||
8G6HZHBt4U2gkn0MieuE75UXyoCuTMYFgC5YKZgUo3Qb2pIey5FHhsFY+84swuq8
|
||||
vV/vPYiiG+Mf1UDTICKY+GeCmiHs07KyaVmnJyfx2R3/FEjL194b2u9rOeTNJrNg
|
||||
QdY2yRUG+x2Ml725w3RzXN/szdaVrSnmpSmVLGQhVnTy/je1CENcfvc/unixf02v
|
||||
Z0m8h1dCehDG/5It8d6EQT2FieuTLU7TKxzCR+6O1ZxXG74D5B6cOz1cpOi9v95J
|
||||
EKaspoW04LtBZbZODUk0TqIgxwCIT4ZJx3M9rQIDAQABAoIBAQDCf/Ps6/r07PiS
|
||||
NGL8J/7LyAodKBHIZamHwTu6G6vOObCFHOLpUqAJI+JNLf3ndIxTxsadXIt1Hqs0
|
||||
MHsIvvYOJan++s8zirp8FJmOYamzMqjujYlE6DuZo7hpc8hTpV4x4Cd91oP1yte6
|
||||
geeAHDnd+I2VdSDYu6tWJA5MoS4j5RHwbijaQa7YaLcKq4t5BEuktJjq0/H+i39Y
|
||||
/Qay5DprRadm2PYIAlMs14eCNTYTsKRvVseVlMXEW33+Abi2Qi0nBRI11Pk3JHjx
|
||||
sleaWtQr+fYQx2roMAPdaKqclrt0LD4FkIkEn6fMU8fEvwP+/HH0T70qIF4Ez2QS
|
||||
Qwzbed7NAoGBAOEbia+VosDN4PM7m9tnwhj05P7S3GkyxkksQhVd9ZneDGZnDQ/g
|
||||
817GYCsK1JMor5xDhlbsuHbi5qYvqSq3l2Jc94xs4aEd7VbKxv5SeqQNAKkWqG8l
|
||||
E27a9KyaAmOO/KvbSsHST5KtnPaMhGlZWLtn+EFmHibHQhPZI/p5eAaXAoGBAPE6
|
||||
8GU0MECqin6v0qQpepIrVtp2rYnKC7pusklwFlJgFeadoMoS5GUwLOY42FbLI9FI
|
||||
BFZXy5lu18mqrdsZo6DaNU9GuU1vqY//FjJ867ih/Pk/5PEckG8FfUekQf9mQn0c
|
||||
aRqmSYTBUBea2NV+BJN7Vad51As4wBmN3W8CkQpbAoGAOQZa2MoVUrZU2AkvsGMW
|
||||
fm/7Wrpb76JXLM4zZ2pH/1SK254bZvxbapTiY8T4mNbjtbg9XePVzvgn6c2FEzcy
|
||||
+E4Iv+ANQF1udGAmDOMkAk7w7eS5gn5n79szxE23cTUVuQtyYqs+US/95U8vc+iY
|
||||
W9E4yIhv9u7fRFvri1YeG70CgYBeiN16m7gpL2w094xR3xt0ut0/ofCiJfbwqb7e
|
||||
vrlQsO0EQlOnvT2aVgXSdwZ5BQTVWCay+5cDWwfftS6KxYJ1X+4yUiH+Mbs+fhXh
|
||||
1Ui/Q2QS/bIntyz3BSyybbGbeCSoSQD7e50mFGfhyEIfcFI0xcmsZzbs6uGFYi4b
|
||||
+eKDLwKBgQCeC7/V/PB3AIwpyxpu4D1/5+o7YSAY7Nz+qhqq1ar175/Zyg7KePmg
|
||||
i+cQdpIThu836NjEjl1NpSPoR2sAtF0wry1JdYw4iSbi9wppamCGcGrFEDUZnruG
|
||||
pGQgQS035iShZ7Fpll/rAosNXONYPxQEO55xSkqlSec4oxBDVjkO8w==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDCTCCAfGgAwIBAgIID1bxK97hADQwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
|
||||
AxMVbWluaWNhIHJvb3QgY2EgMGY1NmYxMCAXDTE3MTEwMjAxMzUyMVoYDzIxMTcx
|
||||
MTAyMDIzNTIxWjAgMR4wHAYDVQQDExVtaW5pY2Egcm9vdCBjYSAwZjU2ZjEwggEi
|
||||
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUHsA+THwS7nEvtmiAbZTXZqD1
|
||||
dQYQZh0Iu2xtuDngdNKYbCvwbodkcG3hTaCSfQyJ64TvlRfKgK5MxgWALlgpmBSj
|
||||
dBvakh7LkUeGwVj7zizC6ry9X+89iKIb4x/VQNMgIpj4Z4KaIezTsrJpWacnJ/HZ
|
||||
Hf8USMvX3hva72s55M0ms2BB1jbJFQb7HYyXvbnDdHNc3+zN1pWtKealKZUsZCFW
|
||||
dPL+N7UIQ1x+9z+6eLF/Ta9nSbyHV0J6EMb/ki3x3oRBPYWJ65MtTtMrHMJH7o7V
|
||||
nFcbvgPkHpw7PVyk6L2/3kkQpqymhbTgu0Fltk4NSTROoiDHAIhPhknHcz2tAgMB
|
||||
AAGjRTBDMA4GA1UdDwEB/wQEAwIChDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
|
||||
BQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEAx4uu
|
||||
dfQYt+ptP1d+rrOxhA+g1eFH25icncf+ZUYCWVgJru9rvFQML1YfXVQ9HhRaIANA
|
||||
CogsogYob/3adaGXIMeC0ujA7YQOT6twe4APwHZwNElk9tcH/0SwHNimumvbz2F4
|
||||
QKkz43Ml1bomVlZH/RXXH9QGdIOb/WkPXyO1OrooEgSysduA2k6T2DJ3pZN68cz9
|
||||
GScL8xqe3oiJX/CEr20FxG1V8fYi8VWfh1+EIDDssT4RDnvoTOxuRonobCRKd5EV
|
||||
wrYm4SHoj1jU6PeZxFb+EesgTOcscgQORdmFdi873Qks1RVqRQPohzBsqW4/56gG
|
||||
imYVgFowC7JJ0DjBpg==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -4,9 +4,9 @@ set -feuo pipefail
|
|||
|
||||
ARGS="-p 4218 \
|
||||
--tls \
|
||||
--cert /test/redis-tls/redis/cert.pem \
|
||||
--key /test/redis-tls/redis/key.pem \
|
||||
--cacert /test/redis-tls/minica.pem \
|
||||
--cert /test/certs/ipki/redis/cert.pem \
|
||||
--key /test/certs/ipki/redis/key.pem \
|
||||
--cacert /test/certs/ipki/minica.pem \
|
||||
--user admin-user \
|
||||
--pass 435e9c4225f08813ef3af7c725f0d30d263b9cd3"
|
||||
|
||||
|
|
|
|||
|
|
@ -28,6 +28,6 @@ user unittest-rw on +@all ~* >824968fa490f4ecec1e52d5e34916bdb60d45f8d
|
|||
masteruser admin-user
|
||||
masterauth 435e9c4225f08813ef3af7c725f0d30d263b9cd3
|
||||
tls-protocols "TLSv1.3"
|
||||
tls-cert-file /test/redis-tls/redis/cert.pem
|
||||
tls-key-file /test/redis-tls/redis/key.pem
|
||||
tls-ca-cert-file /test/redis-tls/minica.pem
|
||||
tls-cert-file /test/certs/ipki/redis/cert.pem
|
||||
tls-key-file /test/certs/ipki/redis/key.pem
|
||||
tls-ca-cert-file /test/certs/ipki/minica.pem
|
||||
|
|
|
|||
|
|
@ -25,6 +25,6 @@ user unittest-rw on +@all ~* >824968fa490f4ecec1e52d5e34916bdb60d45f8d
|
|||
masteruser admin-user
|
||||
masterauth 435e9c4225f08813ef3af7c725f0d30d263b9cd3
|
||||
tls-protocols "TLSv1.3"
|
||||
tls-cert-file /test/redis-tls/redis/cert.pem
|
||||
tls-key-file /test/redis-tls/redis/key.pem
|
||||
tls-ca-cert-file /test/redis-tls/minica.pem
|
||||
tls-cert-file /test/certs/ipki/redis/cert.pem
|
||||
tls-key-file /test/certs/ipki/redis/key.pem
|
||||
tls-ca-cert-file /test/certs/ipki/minica.pem
|
||||
|
|
|
|||
|
|
@ -1,20 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDNDCCAhygAwIBAgIIQHm/iT9HzJQwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
|
||||
AxMVbWluaWNhIHJvb3QgY2EgMDIwZGJhMB4XDTIzMTEyMjIxMjUzMVoXDTI1MTIy
|
||||
MjIxMjUzMVowGDEWMBQGA1UEAxMNYm91bGRlci1yZWRpczCCASIwDQYJKoZIhvcN
|
||||
AQEBBQADggEPADCCAQoCggEBAJyiukCCpUBL7biyuwKIVHBQ8RhsRy2qlAo/LIgG
|
||||
yrUt6A25Hyl6NQ7Ay1/BjzyY7b0gu6O45WwnQBTlBjRFf26kzA1lr7ASaLMKx7gc
|
||||
dJfosz3EerAuY+jr3/Fckib9rLEdYv/60a47PNlmUQcK1TR2wKzmCecoRVZuvD36
|
||||
LxdD2Vhj90/9wEquKvHkV0TjaUUQ2+UTUUDp6KPJ+/caQq5o27FCC7Df0FRkU2TS
|
||||
S0RfqJwQ6zFDcMamOzQGnol8ijP++B/tGPhOrsHU3T5G91XjSAcB/KKpwoyQfPlo
|
||||
jgMF3n5n59xrVwvVq/pIerlv0zIraQkZNQGWcGyDl58YTEkCAwEAAaN6MHgwDgYD
|
||||
VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV
|
||||
HRMBAf8EAjAAMB8GA1UdIwQYMBaAFA/oVvRrtcTNIZU9ljkaOO5YoxCtMBgGA1Ud
|
||||
EQQRMA+CDWJvdWxkZXItcmVkaXMwDQYJKoZIhvcNAQELBQADggEBAAS24MPzIZMA
|
||||
PCdQMCu0HLio2WKkG9mcfr9jrnBOqZL32ef9a+h6h363fHdfd78kbt9GE7NibY9B
|
||||
v5UKrFBrBFX3ddQ9eRMkRxsdcedjwAq2Do7wgiAaBHHAj5nxH4Q3tZEPX8Q4yhG+
|
||||
sXVvqcWF9CLD4V//uTEBQ8T4uPaZOgxLrGBs4fs0pz/8ULBgTHL+plOGay8KzwJa
|
||||
flBQUV29T5dPSransox/50YvX56V2UYW2fALJzbAuHjp/y2r9XVcVUSolVGt9di8
|
||||
fOYK7Lk462xVthN3PuiI97ZTkhnYgxGrBKWFotNg+BPuxNcx9hJdiBa7DOI3PU/D
|
||||
UCCjY21XRvw=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAnKK6QIKlQEvtuLK7AohUcFDxGGxHLaqUCj8siAbKtS3oDbkf
|
||||
KXo1DsDLX8GPPJjtvSC7o7jlbCdAFOUGNEV/bqTMDWWvsBJoswrHuBx0l+izPcR6
|
||||
sC5j6Ovf8VySJv2ssR1i//rRrjs82WZRBwrVNHbArOYJ5yhFVm68PfovF0PZWGP3
|
||||
T/3ASq4q8eRXRONpRRDb5RNRQOnoo8n79xpCrmjbsUILsN/QVGRTZNJLRF+onBDr
|
||||
MUNwxqY7NAaeiXyKM/74H+0Y+E6uwdTdPkb3VeNIBwH8oqnCjJB8+WiOAwXefmfn
|
||||
3GtXC9Wr+kh6uW/TMitpCRk1AZZwbIOXnxhMSQIDAQABAoIBAQCA0ghSA+B6l7ej
|
||||
3kKVW5/uW3NdfbewZAiqwLgUC1ntVhryJlztlNdMEd1xHFR8Jt3nXKNVjDwLDeDT
|
||||
DmRi2wFp8tjq78VlDk7TaTtGPQja4oN/ejbY7N44cr1T2KlOrfS4GY4RLqwCGi/6
|
||||
L/7Vxt//7Oabi/l7BhC4fAwPANJ304jlqOMvZ+EhwVtdHecmNcthcaz2focMiFrd
|
||||
NJX8+lEpdt/KU2of+6vrtY29dyqHIiEv2F4ioTrIp34JnsQoL6W6v/tHdl39ahEh
|
||||
sgE7ay7BHX3ltp7f3NuWU0xFS067bTxHfK7iZD1SxwZAWBDJpevgN/Y1hNOnJ3Ur
|
||||
InxefrXxAoGBAMWiaAtpiezHu0/ALunrhpqNLSvppeHIBoTOvM65i9O7FrEGqNuI
|
||||
2RwPGBUYI8CXD2znLJgRcq0p4oiq0M1KMBfrJdeO615JYVzJL/uR/83SM4saKFB4
|
||||
OG0k1KQQbsk8Uhxo9tovcrHdPKHfV2SWCvOkmBXySCAyYdhtQucVz+OVAoGBAMrk
|
||||
ueSYCSz0E+ADRm1acOLXYkb4zakF6/Jolj/9Ql9L98BpXu6MQ2LGW2vIJ0qbn2hv
|
||||
FrpRwsPXRN1qQMt40UeRvfRYZwR/jdOPpyllIGstMdSD/sADHfm+/8mwf/gbTEKu
|
||||
X/x7TwEXiDALIixYF64MCi1YqRzFFV5AyiacrNjlAoGAdwFXU1/mrIyMjvYzianI
|
||||
MLJH/ARCXdVbj4cJjBWQTBuBC3HuJduemFXCc5lIlgSgRjxhzuPawMjS3ua0upks
|
||||
oop3C/jEY88d8Ig4+2wrs50aam2CzwnFOHuQC4bVnxlSfEb8Nd+SWeXVR8e70RbE
|
||||
W3fGGJj+s1yDLJaGTa4Fs40CgYBGACIOt1G7G77bs+WRhvmZmfwDRoYWQb/FE8Z6
|
||||
71L99ATXcsNZBDWfl5YlGppLyGN4MZOi1uCelt/gkG8ohFeYHLVv3ywzxhpVmqNu
|
||||
ycAkmiQuERhMgQbPitFPccDFBg4Kl4TwZE6+rrLC+KRirkYFO4wrVwKJtYmIyku0
|
||||
hKux7QKBgQC6NRzYWwRRSQnaXKvgNVKibenVRpp9gj9jZ1ZS2o2g0q32/4Xa6UwF
|
||||
2XTL4DmO91wXK08tZIa47dHQblV24R89gWrPz9/RLAPPIEYlLJZd77oNuCIrlmq3
|
||||
Ra27fPDn/a+x4CE9pkWIkaVNh6YnelaxVOg2HSb4vSHjualmrIQLOA==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDKDCCAhCgAwIBAgIIL2oIBmXMfVEwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
|
||||
AxMVbWluaWNhIHJvb3QgY2EgMDIwZGJhMB4XDTIzMTEyMjIxMzIwNFoXDTI1MTIy
|
||||
MjIxMzIwNFowEjEQMA4GA1UEAxMHYm91bGRlcjCCASIwDQYJKoZIhvcNAQEBBQAD
|
||||
ggEPADCCAQoCggEBAKMk2GleTJ4ev+X3z20Z80SnalsAz5I+UODas8fYrM9caTze
|
||||
c+zNY/PPOsgBCWJlGEZj5eTEqoKp22+okzaa0wQ/FubZ/K05mZzME6dFxhRN1mmd
|
||||
/7oPctb/0LFaLU/QSqp+HEJwIwpTz8XrgfR//WguLmDyIFUrtaUQBluQEbANQIid
|
||||
LghcjNgZVZucrm12da9kh9pd5BD/apJp+qmhMJpDf1Q2yjUjiRpmVswzTSEIuHW8
|
||||
6GPc9Njb+pgi4PuXsT+cNA/CnsMUUiED84RBIwwNnTSsGcNg7ALUCUqg0+k5Os3M
|
||||
/gwZJ88Fa8QW0fDEn7zOYavKbEp371hFjVAQ9IkCAwEAAaN0MHIwDgYDVR0PAQH/
|
||||
BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E
|
||||
AjAAMB8GA1UdIwQYMBaAFA/oVvRrtcTNIZU9ljkaOO5YoxCtMBIGA1UdEQQLMAmC
|
||||
B2JvdWxkZXIwDQYJKoZIhvcNAQELBQADggEBAI/IA1xC4k8Q15Dtpnr2uulIiGdn
|
||||
4kuS/4AjKsABkjaBU7bQyUm8A7hxIJLszWJoe1QuwgkXH9KIm6v3CQeCKxJB5YMp
|
||||
Q0009v1nwshFBTqacRX6ClQ/dt7pYaFX33wMYesPZc8r+i76IEbgQ+Fe9odHZUlc
|
||||
F+FsmrZg5cUBte7bAxe/5x4SGzT2Up1NT5tu1cLal6EwevH5dqB6IpkSNn2ixBh7
|
||||
G9M1/DsL3aFnqSxTzvwP7mG0e0mg8WGt3BzA6p3xtWeScFSPKOgIsLDSB48UTCOQ
|
||||
m6uJ1mxS103oqkFn8PovGOKymm5FyVIQc36WizioMPIDSFnKBfV+LRpdjsA=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAoyTYaV5Mnh6/5ffPbRnzRKdqWwDPkj5Q4Nqzx9isz1xpPN5z
|
||||
7M1j8886yAEJYmUYRmPl5MSqgqnbb6iTNprTBD8W5tn8rTmZnMwTp0XGFE3WaZ3/
|
||||
ug9y1v/QsVotT9BKqn4cQnAjClPPxeuB9H/9aC4uYPIgVSu1pRAGW5ARsA1AiJ0u
|
||||
CFyM2BlVm5yubXZ1r2SH2l3kEP9qkmn6qaEwmkN/VDbKNSOJGmZWzDNNIQi4dbzo
|
||||
Y9z02Nv6mCLg+5exP5w0D8KewxRSIQPzhEEjDA2dNKwZw2DsAtQJSqDT6Tk6zcz+
|
||||
DBknzwVrxBbR8MSfvM5hq8psSnfvWEWNUBD0iQIDAQABAoIBAFgj3OO4da5rsIN/
|
||||
CcrI3Vw3EsfNvVcmYa3Jmp2a22pAY/7ltD24jYq4Z+qMXNSTB7Vn3VlmQzTKreo6
|
||||
aiZzKRQ/PZFFLjUsTGig/PE/Sg/IKdHv8axFEmdD2C0pKhfX0a8g6QWf7d5zf2pP
|
||||
nWtKBs9VO+tWhM9fCQj/il/HizbQZNzs5H4Wl2vFoBMn9bYaWoXdb+XCtgviuqO4
|
||||
Ix3qvGvE0Q2CbWfI22IpexETMhnaH8fJsTOK5GpYZRh1bLW6XsjVobpHsBbMilOM
|
||||
bMD/cEGaAqYQ+XXfUk8hc+KS73pmB31UmSwIZLSwAw4mUhWMT6ANG01qrZxFofTM
|
||||
6nfGMjECgYEAwMRKYwXS/bwjyg9B/G2GCPjwju6XQlynZhA0+maBGCD/wS+hMy0X
|
||||
BHIoHqjCG5eSdpAGk7pZimwpoaistb4rRKFjyOpUIyTMnv9k77/z5l6NOrR2kjAr
|
||||
aO9FJlE0DOAx+kySEjQ6nzA46PYMvVWf1y5/hI9zbnfY1Js+y1fxIzUCgYEA2Kj1
|
||||
dmM/fTRgD8h6/l1hxKM/95iwbdhYOxCFVkluYcFkNwPix8EY0qKGYeG0BWOS8xTZ
|
||||
irpb6tpjNactbK/KV0twT6wMPk12ptxsMP71gPsyBZ758uiZcH3SfwYSZGuHbg9L
|
||||
v+LgdXPTFceD1746ocGHX1oV/7tcM6D9ExKeQoUCgYA1Fpop9VOrX6I3psYUgBFW
|
||||
7UBLDPiJZT0RBcuhXpOVEpl9GeH6VyOsrMfR0cZLlQ3YK0g0bTD1x14b0HloQCxo
|
||||
ZU426hor55mW/F1PDf1c55NbpJG3Jx79clAIAnskRKZe+bGM4+d1KfGybvkJN8ii
|
||||
mYKy/lLbDJSh0POVSu31NQKBgQCsgLoPbK4cLhtd9a2X4Rn6ylAf/v5aNyrovBqt
|
||||
vQGZ67Sy6PEjQmdVLfn47Q+8Sq+xwyQCBKcysnbTPSw5oS1lm7bseHu3D04tRMsP
|
||||
p7Ao5dfKCe3Qrcmde1Chul/ifIrz4lHZkfZNDc8/Q/+BQwDD0abLEJr7Zl3e7YsS
|
||||
KHzBUQKBgFPH4+87koCQkFPdzi2QshTqg1DZ5a6IfTbDljzf/zErk5PEDu3aXxYX
|
||||
mKRiXX5WtD2RZn6GUerkCRIpAJg0qOD86t9iTytZbeqh1r44bG3pkymGHBUTr6ra
|
||||
3QO6yTG1SBQP9vSeIY5ihqzXAus5VeTXpsRuRu4vwxhD9j6zo/R9
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
set -o xtrace
|
||||
|
||||
cd "$(realpath -- $(dirname -- "$0"))"
|
||||
|
||||
# Check that `minica` is installed
|
||||
command -v minica >/dev/null 2>&1 || {
|
||||
echo >&2 "No 'minica' command available.";
|
||||
echo >&2 "Check your GOPATH and run: 'go get github.com/jsha/minica'.";
|
||||
exit 1;
|
||||
}
|
||||
|
||||
minica -domains boulder
|
||||
minica -domains boulder-redis
|
||||
minica -domains redis -ip-addresses 10.33.33.2,10.33.33.3,10.33.33.4,10.33.33.5,10.33.33.6,10.33.33.7,10.33.33.8,10.33.33.9
|
||||
|
||||
# minica sets restrictive directory permissions, but we don't want that
|
||||
chmod -R go+rX .
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEogIBAAKCAQEAzJTME7rHyGhM+3gfEWbmupFvNdRuQ87zvF/RgIvJnZaqDrkp
|
||||
krxzc+fVZ9JVGex9TcMgF6j5uxYGKxswDwSifipMPXaySS6Hklj7RU/ZSEm5faka
|
||||
WIPfWls1n7hHSmCQ2ucKGS6EBGgEVvPE3AgeOMC7SsiaWpDCWSleYF6n6X0gEckD
|
||||
y7D/44q1YQ/mzRLN7AQccNljLQ3VUtdldbKA9oigOcE4ijY46W8nmukOc1nIxati
|
||||
vLqceuYS++bXZB2mAqi2Xnqv3IoJRr1wynp2TDEmPTs+KlA4cVk3G9ec8qJU/H0P
|
||||
UHWarwaDg+lgblkzV25098yEomRgAD0IHb/XewIDAQABAoIBAEJgxRZhtBDCRrgQ
|
||||
8YOj75j5NywwENbPfyXPsRoUQQZwrBy611JU8uDYh9V32UTgBogEl5UVrnGVY8r4
|
||||
t08oIdDtyG7o5E/6WOKTHHQQxF9ADH9JLtMpdn7KuUtpbzgivN1JuW0SOqNzXHUa
|
||||
AvWhbKzdW+eXzv0zmttzILwD+lc3PXEwk5mBe81wExOTSJYRN5jg2Ww+2RZBsc8S
|
||||
APWddtoK08sEwK+l1GRyWE8GERlz1+f0EvUEMzBIGTXvAopLz/fDp/qkcZWhYEXn
|
||||
cFtZmadlJyiuBh66BD42kcS7PtWs/HM0R/Q30lDG4ke/udZOAafzZDrGQGNKti/y
|
||||
8NfZJ4ECgYEA3tdfOscgPYA5cviBMOIJIlcfaXswsYKE8PTSmwIVopNeuDxAc2qS
|
||||
ay/UH+jeqXNA7qoIX4bMf53o5aCgxT0UcGP+uggZHfmUwG0FSksmWbyol6Da2EF6
|
||||
iAR3+AF3MZQ9teIs2xGt0Mo0NvVQh9PJaX1+VFiBlVCHs0KKg9sH2wUCgYEA6wXZ
|
||||
pK7JIoV2PMdAvkf1R64GktN27qrKSa3poVSec8ZYjDrZC2EN5FTH83QI2h9vhHCi
|
||||
HFXR4/wO+iRGvUj1PtKhIMOkpi8CgTPGhZ798o5kXFyOEJ2ELC9NT1cW/GewfZVk
|
||||
fPSfQi58iy1L+B8vw87lxYg+eO639jIgTc9ocH8CgYAgoq4hr5P7LdI8EkTpYdEw
|
||||
pE3HZvFErfbGSzSk2vNMMgUHOlu+C3eSFxkb60Dg1C5IRcKgKt+8OOYo6xNgj4d0
|
||||
xlBB8nmrOCge3liN/t+I+OY//qDOVxiY3v6q5ZwNOMao4ozrMHWiRFrNSbQXkF7J
|
||||
AkYEGEoyEe8tw6sBkIxf+QKBgBUyjuHKnfuOHA75Tb6b0OSpLpCZoBWAtAQXOoZB
|
||||
kpUQo7XqLN9Y3p7kgrBTm+TIhw9j9Usm9mpgtp0bHoI+DVigOMYyvyv5+3jZyaMN
|
||||
pwv0idrGwk1/V4eAsLFiQoF7fLCnA8w9aAvZE4SeDkcP0QgRJio90pyns1HyTXWX
|
||||
Km1TAoGAa7UyLJnaQIg7P+XnDpm/RdNyJPkXfUz4sW3tZNTSjBcmeIsf1REvnt0R
|
||||
+xR58ANZIAxNjhWzDkMq0bMFlWE3aMTVVwpWD3+fqi0b8uOIPH55hKdUgYW7fN9d
|
||||
lzXHeP37rzOFAdZCC1co5gCeqbodoJ4U802eKP75OAdEfj8BbQQ=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDSzCCAjOgAwIBAgIIAg26dvKrbYkwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
|
||||
AxMVbWluaWNhIHJvb3QgY2EgMDIwZGJhMCAXDTIxMTAyMzAyMTUxOVoYDzIxMjEx
|
||||
MDIzMDMxNTE5WjAgMR4wHAYDVQQDExVtaW5pY2Egcm9vdCBjYSAwMjBkYmEwggEi
|
||||
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMlMwTusfIaEz7eB8RZua6kW81
|
||||
1G5DzvO8X9GAi8mdlqoOuSmSvHNz59Vn0lUZ7H1NwyAXqPm7FgYrGzAPBKJ+Kkw9
|
||||
drJJLoeSWPtFT9lISbl9qRpYg99aWzWfuEdKYJDa5woZLoQEaARW88TcCB44wLtK
|
||||
yJpakMJZKV5gXqfpfSARyQPLsP/jirVhD+bNEs3sBBxw2WMtDdVS12V1soD2iKA5
|
||||
wTiKNjjpbyea6Q5zWcjFq2K8upx65hL75tdkHaYCqLZeeq/ciglGvXDKenZMMSY9
|
||||
Oz4qUDhxWTcb15zyolT8fQ9QdZqvBoOD6WBuWTNXbnT3zISiZGAAPQgdv9d7AgMB
|
||||
AAGjgYYwgYMwDgYDVR0PAQH/BAQDAgKEMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
|
||||
BgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBQP6Fb0a7XEzSGV
|
||||
PZY5GjjuWKMQrTAfBgNVHSMEGDAWgBQP6Fb0a7XEzSGVPZY5GjjuWKMQrTANBgkq
|
||||
hkiG9w0BAQsFAAOCAQEASfe9zRlpIXHy4+mp1PIpjGjJjk0NhPOcoN8B2vCqYWsJ
|
||||
nnfl9zfORkWPL6PgiXWqS6nNC+iqRFBWphaRqtSle0j+4NLFnmmOMXI/NlCjAvTH
|
||||
6TNJ/H0nHlJ9p3Ui9a5MvZ8I/dOJLrFDX4/d9Lg76txKhFJBzXvxd9PSVKPJvnfx
|
||||
x3aare5fkXy+JlZwP8FhbzIwVTmHGPxKEUCbImhmailXTfLTmm+bS1CW2OrOnlSn
|
||||
ZPlEA8N1Y8ogNZQf2v65QCT7k64a1IuEA7XcH+W4+JhRAPPp1NujMTbeo855gMMm
|
||||
D6LXhbMEV2jO6Yfqgr2H+fmiWq3nILj/XBSTEYNBqQ==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDVjCCAj6gAwIBAgIIFK4th6FcU8AwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
|
||||
AxMVbWluaWNhIHJvb3QgY2EgMDIwZGJhMB4XDTIzMTEyMjIxMjUzMVoXDTI1MTIy
|
||||
MjIxMjUzMVowEDEOMAwGA1UEAxMFcmVkaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
|
||||
DwAwggEKAoIBAQDoo5YMrAiUB2+It/4wC4Jb6UVnlZ3yA+3sGnrv4qzZpZKBZeC5
|
||||
NRZZin18+NiLxRdKTXvUpFL/2c4jXVE3w63aPQoqsCFVeU6PW3/WoCzmyG7h1TlQ
|
||||
7eVX5ifCuL7Or0TI+XqEBhkiI4CmhoOKKYmcEl5+7Xej9duPvK2+5BXJ7nqAlkFV
|
||||
35rlxcMsSinMfC54e2jbyXRmy8EHV5s6fgQ6d8BV/xle8uFiJs8iubEJQTKEhf5c
|
||||
t46Hg4czjluAiRaTqadjSisw8uczJG0FkW4vER1kBdbQMrHmqDdfC9PW86JT5dkv
|
||||
Yk6swzEv0qWbAsEhdQ38n268YbeloH6VlRLXAgMBAAGjgaMwgaAwDgYDVR0PAQH/
|
||||
BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E
|
||||
AjAAMB8GA1UdIwQYMBaAFA/oVvRrtcTNIZU9ljkaOO5YoxCtMEAGA1UdEQQ5MDeC
|
||||
BXJlZGlzhwQKISEChwQKISEDhwQKISEEhwQKISEFhwQKISEGhwQKISEHhwQKISEI
|
||||
hwQKISEJMA0GCSqGSIb3DQEBCwUAA4IBAQCxN17tuodLpUjPNP4I2eJxHMNjTY+H
|
||||
b8av1W8L3HG2yHC5uCI/FESvPrDK0jfaD5IHu/XZp8p/7fvGnTX0B5+x1X2My2ow
|
||||
Uf/9WrMyj9nbikj/ZFCwpYdaKxitvHD3mXLBUmkRUhY1aC98kzcQpg+8OwdgVlYj
|
||||
3XMlgJjwdEERayaPsn9FDPW9B23W8jSC5hjTuz5+R4ZB5Y8TAvqmCJGnKpa/XCh0
|
||||
qr9By7B/kbnZmmMxszooJYwqRyDLLZOSCaA7u2Y+VqMTyOd1dk4sN5LJYHZdeB4L
|
||||
nQN60PTQhfM6JEMDc1iGCzEXh26ji0e8HQOE04vwMsDWGUi+3Jk9FZsY
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpQIBAAKCAQEA6KOWDKwIlAdviLf+MAuCW+lFZ5Wd8gPt7Bp67+Ks2aWSgWXg
|
||||
uTUWWYp9fPjYi8UXSk171KRS/9nOI11RN8Ot2j0KKrAhVXlOj1t/1qAs5shu4dU5
|
||||
UO3lV+Ynwri+zq9EyPl6hAYZIiOApoaDiimJnBJefu13o/Xbj7ytvuQVye56gJZB
|
||||
Vd+a5cXDLEopzHwueHto28l0ZsvBB1ebOn4EOnfAVf8ZXvLhYibPIrmxCUEyhIX+
|
||||
XLeOh4OHM45bgIkWk6mnY0orMPLnMyRtBZFuLxEdZAXW0DKx5qg3XwvT1vOiU+XZ
|
||||
L2JOrMMxL9KlmwLBIXUN/J9uvGG3paB+lZUS1wIDAQABAoIBAQC36zxhYFCX1xkS
|
||||
WYQXr8GrsEwyjFKGVxzuIDE5HVfR6dhdfJGhWpsExzxWZNWuCm9TStavUgpcQ3F4
|
||||
+/mNwKHde4xiG0T/MhwtsgTrRU66VZNz7wKVPL6oM0kT5MLU3DPhP3rgjYGpP7Ah
|
||||
9w5fWF92h/81EcAYW/LtPBmQZPnk3acTWrhREh9ZI14ugA87lNUHdzHKo0mWi2HU
|
||||
Au9xbxV8wIqRe771cq62pXfP8D4eZMjxEoSXfBP0MFV9tuXSyCcw++jWRfZNGUgA
|
||||
fNWORakLu38gNM7soIhCIDHjVF1bbAHh/iiAFhuJ6YcNk8nIQ9Oaj0n8hDOiF/bU
|
||||
Jha2Q15hAoGBAPVcYFMFbyMHv+Lf7YaqAaLIND+uOicdOYsMoqAkvxxHZja7Ki5O
|
||||
ZuAcefRCbcXf9l0HeHPF+fDXE+hLO3a6BJrrRnW68d4bfYsH830AEwJSE+aGyS1w
|
||||
vKN3v9HINEXR8M2pOBVyHQns21ZVo5pOh9y/Ix+iuF6cQsqzQlfaX7MNAoGBAPK5
|
||||
/cigMZ4N9NfZlSctmvmX6Hx5IY14lZavuC9q5TGcHiFhaBO2ea7j5yprGODfAXlh
|
||||
U7bZifTOebtCJe7yDByq4dTG4shvIPGN4yMnnCY/lnzoj9oBIaQXUASme9j2/ecx
|
||||
+zTbI/ftg+KQh6sCatModQxuvheLmR7PZrHi3TRzAoGBAMndYYaMfv5EHvQqpcJY
|
||||
VpY1vv7xefi6S6CCGb5F3VIH0CmRXUfRy0PxScjTansVIx0wy0H9DQDAAynn05l/
|
||||
u9A1Z7fuwZWp6mUbepFKIVmUa7kLBbM0AI9BM3kGDTOwYTzjTzgdtZR34ZErTjnj
|
||||
CFZujxg1CRkV2MHqL9gV2wx1AoGAG4LBJPAjL4rdaWmb4ijlG8z/6LvB9crpCX85
|
||||
HQa8m3baY2Yq6bEQ8aWbGc+xrisYe61wU5UscbbFTVgd/IsqnEUx+2/fXGBcF4TB
|
||||
bcabiCpE4DtrsoXWTkbmJuDHwLud44pisobz+LHO9Or0tYk8mlpHifUzTm/gFwHi
|
||||
3d6cu8kCgYEAscvA6kNcDzt+toZMSy9TOKeZdy+fZdZlcUksaMgOhAToZ/qLCrPm
|
||||
6BWv0ek9x1QzcsUnS3sFdXrznFf794FYI6jWATbieq7WUnanu8dE5FLC9rrLEnAC
|
||||
+WhjSpg34ejr/fMRntJGWr+MnfGGydOJsZ7CEt8z5c6iUqiGHC4ZV64=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -56,7 +56,7 @@ SERVICES = (
|
|||
None),
|
||||
Service('mail-test-srv',
|
||||
9380, None, None,
|
||||
('./bin/mail-test-srv', '--closeFirst', '5', '--cert', 'test/mail-test-srv/localhost/cert.pem', '--key', 'test/mail-test-srv/localhost/key.pem'),
|
||||
('./bin/mail-test-srv', '--closeFirst', '5', '--cert', 'test/certs/ipki/localhost/cert.pem', '--key', 'test/certs/ipki/localhost/key.pem'),
|
||||
None),
|
||||
Service('ocsp-responder',
|
||||
8005, None, None,
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
This directory contains the minica hierarchy used to produce certificates for
|
||||
Redis to use in integration tests, and for boulder to authenticate to Redis.
|
||||
|
||||
See boulder/test/PKI.md
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDCTCCAfGgAwIBAgIIYFPZfdxpKUswDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
|
||||
AxMVbWluaWNhIHJvb3QgY2EgNWE1ZDYwMCAXDTE4MDEwMzIxNTQwMVoYDzIxMDgw
|
||||
MTAzMjE1NDAxWjASMRAwDgYDVQQDEwdib3VsZGVyMIIBIjANBgkqhkiG9w0BAQEF
|
||||
AAOCAQ8AMIIBCgKCAQEAsHE8C5UYyHimY4cnVnEqB2RQ96H8WQhwNRAY5Wggg6PN
|
||||
7k6V+bamYfu3YJ27YvwERGsB7lZ5jsa8NqhnRpe0FaPb5h/o3MU8qigSK+Jzy1Cz
|
||||
/E37Jns1JXLoquog5wVDl5Q9kJAVIzInLBdlBIQ3KW0nQwpIXRAy37zjXu+TJp3d
|
||||
1gdXFuQ4I43dZxafV+CX5F/NFZmJKIRNmMDteNeukgyR/8Dh+pTuX5q+lf+rRecr
|
||||
KmKvnqYP55fzstnTK385pMXCLiBNC3XjumpEAh8Z2PFrDVnWeJYDjlWvT6VJ+5h8
|
||||
7eMLOR2Fr/EL1j8WdaaeXQBe+f9rKthdUtK5UkIHlwIDAQABo1MwUTAOBgNVHQ8B
|
||||
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB
|
||||
/wQCMAAwEgYDVR0RBAswCYIHYm91bGRlcjANBgkqhkiG9w0BAQsFAAOCAQEAr8bY
|
||||
DWWWHjdH7sbGzei165sMHZK8PLFl9ns7/VI7KKIyIg3uUTwbDLf2ZvE0fSZgPDq6
|
||||
oPe3vE7kLUvJCQG7Dq0TcT5s1HOXwqdLijJMPxBEflmT+da3qAduL0AQ76TZEGxl
|
||||
6T57QywI9S2nwFx7IgL9VQ5iOKuuSL/i9xEKp9IMYVGvuT7uTt/CQyX/sgR2mcRN
|
||||
kem/ZwG9sLa9D94YWTwvLjsItyjb56THETu91o83M+4em981yngbtuuLd8hX5ini
|
||||
4Kl6pn8EAS75l0EfTUHlnXAwc9RMAG3TkjghCVUtuC8q4TgDLXLHRCRsojaKnK6H
|
||||
0xbgULqAjqRkJ0Cu9Q==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAsHE8C5UYyHimY4cnVnEqB2RQ96H8WQhwNRAY5Wggg6PN7k6V
|
||||
+bamYfu3YJ27YvwERGsB7lZ5jsa8NqhnRpe0FaPb5h/o3MU8qigSK+Jzy1Cz/E37
|
||||
Jns1JXLoquog5wVDl5Q9kJAVIzInLBdlBIQ3KW0nQwpIXRAy37zjXu+TJp3d1gdX
|
||||
FuQ4I43dZxafV+CX5F/NFZmJKIRNmMDteNeukgyR/8Dh+pTuX5q+lf+rRecrKmKv
|
||||
nqYP55fzstnTK385pMXCLiBNC3XjumpEAh8Z2PFrDVnWeJYDjlWvT6VJ+5h87eML
|
||||
OR2Fr/EL1j8WdaaeXQBe+f9rKthdUtK5UkIHlwIDAQABAoIBABOzAMY2RkcTmVgh
|
||||
XdX72npqy9NqBXeXRpfWDUGHp6Gq5zIFGh+AMgFcjjO+SI6bnopY/CU1CGtVauwb
|
||||
TzSFeXi1C7cctu33I3fH84dsyAraHs47kp/QP7XHp4x1iWjhoJNK3LjILWP5lIAK
|
||||
uJ+Rd2sroaeNfVjOly99slEGJIK6C+ImFKWmfCwaXcxbl+PbpIcL0SiTF/5FmuXx
|
||||
Ri9vUJxxVv1+GZNTiEjXFKe9UfYNt3DoAolRTaL7ZdzEny0cXf31eIeA8LY9uQ8I
|
||||
pec0zheqdpfj+L3qfV7RDh0va4fEzXP92mBgrvFiJsRa2cvQoDFW2IXSR2chl8Tn
|
||||
r/qlEhkCgYEAyJ4JADnhmQvXVYa90oIYicJeJie3lLtjMFps7EvHCmKjTpzGG1s6
|
||||
r4EBQEConJQeR2YLVjgN45ureAkLJTswqt9UcXxJFBIHuCUF1QqtjtVIgG3v6REH
|
||||
jnr+o2XigHv4pQB2g1mlYh3LwhD94hyWIRxyzeW/oeENykfIZcDWud0CgYEA4Sa2
|
||||
EDLvCPFZMFk2m/FDOyMUORdeUFMLCA6igtAoL53v19eoe+kICiqCNbTj9ekcSA2N
|
||||
ojKBHkG9x+TrIDc036ZbpCO99FLOlX9uRFuEQCkcih27bMvSN5e3TFnOPOENNIKi
|
||||
A1WDbbS+mJQcf3EV8mzGdd7vlpPk2mYzVdSgogMCgYBRDkEWvUwgGP+sx58EYZnm
|
||||
dwixI9Txm/CMhcyCgG9wC8Btr7v/K5H/fQDzY+x8LwA42srzz/wUnT3fZtAA//Q+
|
||||
5bLpk0y3dj12Mkcz93d+QUBk24ZWRZInCBzAChdE0FH64MABfAPtK5q600Cwzdn+
|
||||
kM71z8Dod9SpiO03530aZQKBgQCB81ft7Zftr29s6nEMfKnzPgH0GbrD3cpmMhw2
|
||||
KHKpWR0PlVeXfR64z2QsH2Xbj1pVdA0lasT/c65X65aSF4sa8ue9yyteE1VNECnS
|
||||
poekiJYCWbrNxq5ki9qt5L+Wf8ahYiykg/zBmyrO4d246MpkC8hYS/45CM90Brzm
|
||||
czzrhQKBgAePfH2J5EKZUA064DwMytgyp3yj1ki+6/lH4nfDKhtili/CkLjkeOKl
|
||||
g/rG1ysU63TTn7IEdLDmLI8UhWNXc8i/leuTp9yufEpxZhfHjbKOQ5m9IUg6lixP
|
||||
YJZLI2ig3hxwPJi/tIKoYXVn2dk2LCYGmGiqZmGzKK3j0dvdYJxe
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEogIBAAKCAQEAuQbmziJB9NUIWtUeHsEdTDrWtEUuqQbX6Tz1/VhSEkTIyxze
|
||||
c7U62ytZ1MijAS/PPd1G6eIIv5NRKJycnzRFHClNKKzMnBPTNnp8DlWKaRsorp9q
|
||||
vdc0R1ep2eysaUDUNwJyHPygjdXD+ob846LUiSNWmZa0Fxxp4NOrLaJzBo1/uojN
|
||||
kafNhNgA4/17e5/N2GfFzLVYCRM/nFxRZ9NaxIRrJsWv40ZifXNOVyb1Po40uItR
|
||||
oC31ji1jYx4MWRoVAd/6VF11MK4wvrev7fIRVXsXI+LaJDk02qA+YwU9/EWncmN8
|
||||
JJz2g9cYUVfSQCNxVbQmWKT5SCWVaGTnObBCYQIDAQABAoIBACb8dkt+2mjtLlp9
|
||||
R2BxjmvOhgjr/t3srDff+XENWBWzWp+5kIHO8PzXUJFOSVJpsYA2jMehMfiz4Mju
|
||||
3u2IxPsfFLv6VQ6Z+soi2trmWUi2SUcqHgKsQr65kPdzMAzpdQ22PTcwX+Ai5611
|
||||
HfoVCDVxNcEdCQtJmGGgGBSAgz4g3MrT9yPsce3iJZOM+05cJxZ1kIUrRQ4mHd5m
|
||||
yztynYnTsr8l9hcg2EC+vUlYg7WfUS91rVxEdcYKA7rOXhYexWBu679XAGEYbafZ
|
||||
e4wsi9nhVTcPdatHPvuLp2BcIlxMdJxyNWx3RqAv6NLJvOsrw1rNMpzlCSe5DCR4
|
||||
uosfRMECgYEA1dliAX6TSI/0jzk8YWvt32Nf/IlKL+psDxUygjRwzVvJdUPAlKf2
|
||||
KBfrtn5r+vnD5J6gIPp4MCDpbWoDBsZv5N0EFGBmeC96vybdulUrNgLnolZPrjpt
|
||||
iS5ZVMFFMpW37vE7c8cEtIS0iQNFZe8E4mUK4V+kUO9KMxdfJvd470kCgYEA3X8t
|
||||
6qWUg0gzHVJjijt0zSHC5aHlNf9WkJEpcgVkuL6F0XFT8l7yIzGfIvo7vvYJpPmp
|
||||
/jRnvceW8azo827ejO0SGhQryqIoLUXtNrE6PaACKs7cLoN2wkHCwIzKw9obunPx
|
||||
EWsiLvxmX7jOmH8CJb3Mq6gNBZ6Tt1f1U1QSglkCgYABvhG0XWmpz7J4cEjzqkN3
|
||||
7IFdt2ipV0mmHdAZi3/XzIWptPGexHeXAArlo8YRd3OHK1u2qRPNoJcGUzTPG1LS
|
||||
FJLx748mL4zafeCUohkGCaQFiJqBmuxFj+EedaywqtOi2MhZOyfoqKQn8aThHb92
|
||||
cMhT6cmW9zwtimU2FhIgMQKBgC30PfWJ5vcZ2qkBt+8tCL2qfIIiBakfUblqtJuY
|
||||
bN47gQ4EIjON6VTN7cNXAWBMMZINzmwUOVXRfAqmIiqnXPsGEJRijPdcj1NdR6rq
|
||||
ODgi43A4PMxVsCT7eclzLHpX3RrhBSnk/VGcQi0n7Y0MBMkJyNXwZss8rE8Eq7xf
|
||||
G/v5AoGAE5N6SK387AEF9uhFBykJKyfiXMezDWBrOMvZLLJrOJXuwsyiKg7z37pu
|
||||
eb2SVPobBEGhWjrAzG+E3yl6b62Kl/hucXN4CGGJAFtlIwgNAGnu0Fu+h0Qd6BFj
|
||||
+wct5WyMCIpLMKJDxfmgCZt4KDoeai91oZNM9JLdSNRDjHG3eJ4=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDCTCCAfGgAwIBAgIIWl1gPnP5KdIwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
|
||||
AxMVbWluaWNhIHJvb3QgY2EgNWE1ZDYwMCAXDTE4MDEwMzIxNTQwMFoYDzIxMTgw
|
||||
MTAzMjE1NDAwWjAgMR4wHAYDVQQDExVtaW5pY2Egcm9vdCBjYSA1YTVkNjAwggEi
|
||||
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5BubOIkH01Qha1R4ewR1MOta0
|
||||
RS6pBtfpPPX9WFISRMjLHN5ztTrbK1nUyKMBL8893Ubp4gi/k1EonJyfNEUcKU0o
|
||||
rMycE9M2enwOVYppGyiun2q91zRHV6nZ7KxpQNQ3AnIc/KCN1cP6hvzjotSJI1aZ
|
||||
lrQXHGng06stonMGjX+6iM2Rp82E2ADj/Xt7n83YZ8XMtVgJEz+cXFFn01rEhGsm
|
||||
xa/jRmJ9c05XJvU+jjS4i1GgLfWOLWNjHgxZGhUB3/pUXXUwrjC+t6/t8hFVexcj
|
||||
4tokOTTaoD5jBT38RadyY3wknPaD1xhRV9JAI3FVtCZYpPlIJZVoZOc5sEJhAgMB
|
||||
AAGjRTBDMA4GA1UdDwEB/wQEAwIChDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
|
||||
BQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEAJqPB
|
||||
eVGD4CpjlXBd+7XBSZBoy0r59sEtkNyireZuyyjJ/SOErfu3Y1eKJYaqe7RhZYBx
|
||||
TahSkpFGIHRMHYJicxVdVld2CotNGqkyv/54HeHu0o3FfTEkwX6dimZmVa3nMhzK
|
||||
nqc9CFL5MVPF+EQ6FdXHL5mMXR+rFWjASt2I3Fd+VWKwztkqTPOBvj9HHRyMb6jM
|
||||
KOME5Mh3PreRL0xx3cWA6yV4j0d1SxSKQyoC8DCCJs9/5oJLobFOB/fctCh8e2NR
|
||||
+RcgVreA0BiEjFKrJjtzV1ODafAfQKTvR/UjO5133HPHkbVXdt4H0NlGQvfRD0z0
|
||||
ZWTX1uJOxI1HyhHb5A==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -370,9 +370,9 @@ func setupWFE(t *testing.T) (WebFrontEndImpl, clock.FakeClock, requestSigner) {
|
|||
rc := bredis.Config{
|
||||
Username: "unittest-rw",
|
||||
TLS: cmd.TLSConfig{
|
||||
CACertFile: "../test/redis-tls/minica.pem",
|
||||
CertFile: "../test/redis-tls/boulder/cert.pem",
|
||||
KeyFile: "../test/redis-tls/boulder/key.pem",
|
||||
CACertFile: "../test/certs/ipki/minica.pem",
|
||||
CertFile: "../test/certs/ipki/localhost/cert.pem",
|
||||
KeyFile: "../test/certs/ipki/localhost/key.pem",
|
||||
},
|
||||
Lookups: []cmd.ServiceDomain{
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in New Issue