Skip to content

Commit

Permalink
Feat: TLSv1.3 support (#146)
Browse files Browse the repository at this point in the history 
Co-authored-by: Rob Bavey <rob.bavey@elastic.co>
  • Loading branch information
@kares @robbavey
kares and robbavey authored Mar 17, 2022
1 parent 22534b1 commit 620aa58
Show file tree
Hide file tree
Showing 23 changed files with 660 additions and 49 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
## 3.5.0
- Feat: TLSv1.3 support [#146](https://github.com/logstash-plugins/logstash-input-http/pull/146)

## 3.4.5
- Build: do not package log4j-api dependency [#149](https://github.com/logstash-plugins/logstash-input-http/pull/149).
Logstash provides the log4j framework and the dependency is not needed except testing and compiling.
Expand Down
2 changes: 1 addition & 1 deletion VERSION
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
3.4.5
3.5.0
18 changes: 10 additions & 8 deletions docs/index.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,9 +134,11 @@ and no codec for the request's content-type is found
===== `cipher_suites`

* Value type is <<array,array>>
* Default value is `java.lang.String[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256]@459cfcca`
* Default value is `[TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256]`

The list of ciphers suite to use, listed by priorities.
The default values applies for OpenJDK 11.0.14 and higher, for older versions the list does not include suites
not supported by the JDK, such as the ChaCha20 family of ciphers.

[id="plugins-{type}s-{plugin}-ecs_compatibility"]
===== `ecs_compatibility`
Expand Down Expand Up @@ -357,7 +359,7 @@ Time in milliseconds for an incomplete ssl handshake to timeout
* There is no default value for this setting.

SSL key to use.
NOTE: This key need to be in the PKCS8 format, you can convert it with https://www.openssl.org/docs/man1.1.0/apps/pkcs8.html[OpenSSL]
NOTE: This key need to be in the PKCS8 format, you can convert it with https://www.openssl.org/docs/man1.1.1/man1/openssl-pkcs8.html[OpenSSL]
for more information.

[id="plugins-{type}s-{plugin}-ssl_key_passphrase"]
Expand Down Expand Up @@ -396,19 +398,19 @@ Number of threads to use for both accepting connections and handling requests
===== `tls_max_version`

* Value type is <<number,number>>
* Default value is `1.2`
* Default value is `1.3`

The maximum TLS version allowed for the encrypted connections. The value must be the one of the following:
1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
The maximum TLS version allowed for the encrypted connections.
The value must be the one of the following: 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLSv1.3

[id="plugins-{type}s-{plugin}-tls_min_version"]
===== `tls_min_version`

* Value type is <<number,number>>
* Default value is `1`
* Default value is `1.2`

The minimum TLS version allowed for the encrypted connections. The value must be one of the following:
1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
The minimum TLS version allowed for the encrypted connections.
The value must be one of the following: 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLSv1.3

[id="plugins-{type}s-{plugin}-user"]
===== `user`
Expand Down
4 changes: 2 additions & 2 deletions lib/logstash/inputs/http.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,11 +87,11 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
config :ssl_handshake_timeout, :validate => :number, :default => 10000

# The minimum TLS version allowed for the encrypted connections. The value must be one of the following:
# 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
# 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLS 1.3
config :tls_min_version, :validate => :number, :default => TLS.min.version

# The maximum TLS version allowed for the encrypted connections. The value must be the one of the following:
# 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
# 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLS 1.3
config :tls_max_version, :validate => :number, :default => TLS.max.version

# The list of ciphers suite to use, listed by priorities.
Expand Down
3 changes: 2 additions & 1 deletion lib/logstash/inputs/http/tls.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,8 @@ def <=>(other)
TLS_PROTOCOL_OPTIONS = [
TLSOption.new("TLSv1", 1),
TLSOption.new("TLSv1.1", 1.1),
TLSOption.new("TLSv1.2", 1.2)
TLSOption.new("TLSv1.2", 1.2),
TLSOption.new("TLSv1.3", 1.3)
]

def self.min
Expand Down
2 changes: 1 addition & 1 deletion logstash-input-http.gemspec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ HTTP_INPUT_VERSION = File.read(File.expand_path(File.join(File.dirname(__FILE__)

Gem::Specification.new do |s|
s.name = 'logstash-input-http'
s.version = HTTP_INPUT_VERSION
s.version = HTTP_INPUT_VERSION
s.licenses = ['Apache License (2.0)']
s.summary = "Receives events over HTTP or HTTPS"
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
Expand Down
40 changes: 40 additions & 0 deletions spec/fixtures/certs/generate.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
# warning: do not use the certificates produced by this tool in production.
# This is for testing purposes only
set -e

rm -rf generated
mkdir generated
cd generated

echo "GENERATED CERTIFICATES FOR TESTING ONLY." >> ./README.txt
echo "DO NOT USE THESE CERTIFICATES IN PRODUCTION" >> ./README.txt

# certificate authority
openssl genrsa -out root.key 4096
openssl req -new -x509 -days 1826 -extensions ca -key root.key -out root.crt -subj "/C=LS/ST=NA/L=Http Input/O=Logstash/CN=root" -config ../openssl.cnf

# server certificate from root
openssl genrsa -out server_from_root.key 4096
openssl req -new -key server_from_root.key -out server_from_root.csr -subj "/C=LS/ST=NA/L=Http Input/O=Logstash/CN=server" -config ../openssl.cnf
openssl x509 -req -extensions server_cert -extfile ../openssl.cnf -days 1096 -in server_from_root.csr -CA root.crt -CAkey root.key -set_serial 03 -out server_from_root.crt

# client certificate from root
openssl genrsa -out client_from_root.key 4096
openssl req -new -key client_from_root.key -out client_from_root.csr -subj "/C=LS/ST=NA/L=Http Input/O=Logstash/CN=client" -config ../openssl.cnf
openssl x509 -req -extensions client_cert -extfile ../openssl.cnf -days 1096 -in client_from_root.csr -CA root.crt -CAkey root.key -set_serial 04 -out client_from_root.crt

# verify :allthethings
openssl verify -CAfile root.crt server_from_root.crt

# create pkcs8 versions of all keys
openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in client_from_root.key -out client_from_root.key.pkcs8
openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in server_from_root.key -out server_from_root.key.pkcs8

# create pkcs12 keystores (pass:12345678)
openssl pkcs12 -export -in client_from_root.crt -inkey client_from_root.key -out client_from_root.p12 -name "client_from_root" -passout 'pass:12345678'

# use java keytool to convert all pkcs12 keystores to jks-format keystores (pass:12345678)
keytool -importkeystore -srckeystore client_from_root.p12 -srcstoretype pkcs12 -srcstorepass 12345678 -destkeystore client_from_root.jks -deststorepass 12345678 -alias client_from_root

# cleanup csr, we don't need them
rm -rf *.csr
2 changes: 2 additions & 0 deletions spec/fixtures/certs/generated/README.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
GENERATED CERTIFICATES FOR TESTING ONLY.
DO NOT USE THESE CERTIFICATES IN PRODUCTION
35 changes: 35 additions & 0 deletions spec/fixtures/certs/generated/client_from_root.crt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
-----BEGIN CERTIFICATE-----
MIIGATCCA+mgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJMUzEL
MAkGA1UECAwCTkExEzARBgNVBAcMCkh0dHAgSW5wdXQxETAPBgNVBAoMCExvZ3N0
YXNoMQ0wCwYDVQQDDARyb290MB4XDTIxMTEyNDEwMjEzMloXDTI0MTEyNDEwMjEz
MlowUzELMAkGA1UEBhMCTFMxCzAJBgNVBAgMAk5BMRMwEQYDVQQHDApIdHRwIElu
cHV0MREwDwYDVQQKDAhMb2dzdGFzaDEPMA0GA1UEAwwGY2xpZW50MIICIjANBgkq
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzz7tc52SXN84bP8/009HnfkDMGhqvNgi
oO+kza7PT1O7jcA3i0hh1r2N4xUIllc3cSvcfFK/sw8mAFPGE6lMIPAWHnsFipd1
6rrk7jIVEgBE7ZUYuqWRRQ7ULV1a3LTxCn7XUrtk1bbrLgPRcoUev81L19AQZQ6R
DGv9MyFE2X71lvchj09eLh4RcR7/5Myj6ODtz5mYOIn8hqAaYCa6Zu0A54WbQd4p
xc/iuEQqpUJNcXdVJyNAzhDQq/oMImWgWs/nuMIrCV0WXttGsOnztxsftytsNtnP
SOBuULhRdDrkV16u7zMftANBWdoWIcdbc6ipr17ZrqySmioSWHk5YcsRwP6Em9Hq
SHgNXSDkb3+TPQX/XG2cmaPI+a8yTvgV1igMbzDYEznfqOhNG/28jTGo36iMt+R1
ZrDWoIxRqSKq7WAiGmnKZKiy4xV4Ze3zekx7xse/S/OxmWvOCYN0+aLFgxNuizX5
PpY6PhwJ/+I5JpbH2pXwuPsFMAyt5vwmcrS6k7O3vvUml7mwHQVQTqrNEvPHDwxe
H6n2LiW7Bbana12rkdMU5mXwBMMTVz1sjOZnzM1M+JEoce3UXfGuflhG7amOhPJf
Aj7vMR6kilzATFjmx1hdqqHzNARkeuxLhUzpdgKnk3nEmYPKx1MB7Y4FvpSEoTPV
K3rPkMHQm6UCAwEAAaOB4TCB3jAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIF
oDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRp
ZmljYXRlMB0GA1UdDgQWBBTXHNdFAtzeVD56PI6/Mu/wVzDCyzAfBgNVHSMEGDAW
gBSn18dv3u0R/O/LDPC7h+wHlcpFqDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYw
FAYIKwYBBQUHAwIGCCsGAQUFBwMEMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAA
ATANBgkqhkiG9w0BAQsFAAOCAgEAE23qZ7HfFubCXYCzGxTq+zzMAId5rUn8Cnav
9eEGdofjkRRHJnW1yM8AmblbwxM8fs6SrQtujhGNFWEsGuXDoFFG6ID06eFsC1yC
RpKme0PRsKruBn8Na5Z2jeZ0SWKvW+1ZlvosMhQQh6QaNf7VTNVizJD+J34QxFeH
N66/Fh8/sh0ZooFy791japEtec8HJIBHNPrJprqYnzosKTRnYSLJpiCP9ksordMS
rTHWGDRnUXu1ggWanopt5wZfICG92gi8rROEk4fwFUy93E+WEzv8XCXpRxZqhdJf
V+jPoUHo4ZOnM8uFna5Y/o+DiVOdPXgn9xspe5qhEvU8upsvKRVNlfAXVGWjiG13
ZdR3PvGITplFhNkBAuPIf1Z/xTF0e8JzQSSC2CtThGuCJz9uSB6zpnxjODKxAqFX
IbbH8Tnf8q6nEJm0RbMOyAc/HvX2eei1TV1XD9StL/M/2n0bCn/+s4peT4/qOy2T
zqQYTe45RknishUiMiv00//W5LNImjb0THHxQ1kQxi7Tlk0dZ5CPUjMfBVCt+Gdo
EQMjeGjvjfRvKtGzhtMDmkA3Oc8iOiaaR7mSU+ZjslDlRYnPKicbls673ttL3rx8
R//PwWeZcBWkbowOYNJnjaiySpoO3WVEGMA8mUw4SEtlga6760cN4+e4pKnzo1sR
P1W1gRQ=
-----END CERTIFICATE-----
Binary file added spec/fixtures/certs/generated/client_from_root.jks
View file
Binary file not shown.
51 changes: 51 additions & 0 deletions spec/fixtures/certs/generated/client_from_root.key
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAzz7tc52SXN84bP8/009HnfkDMGhqvNgioO+kza7PT1O7jcA3
i0hh1r2N4xUIllc3cSvcfFK/sw8mAFPGE6lMIPAWHnsFipd16rrk7jIVEgBE7ZUY
uqWRRQ7ULV1a3LTxCn7XUrtk1bbrLgPRcoUev81L19AQZQ6RDGv9MyFE2X71lvch
j09eLh4RcR7/5Myj6ODtz5mYOIn8hqAaYCa6Zu0A54WbQd4pxc/iuEQqpUJNcXdV
JyNAzhDQq/oMImWgWs/nuMIrCV0WXttGsOnztxsftytsNtnPSOBuULhRdDrkV16u
7zMftANBWdoWIcdbc6ipr17ZrqySmioSWHk5YcsRwP6Em9HqSHgNXSDkb3+TPQX/
XG2cmaPI+a8yTvgV1igMbzDYEznfqOhNG/28jTGo36iMt+R1ZrDWoIxRqSKq7WAi
GmnKZKiy4xV4Ze3zekx7xse/S/OxmWvOCYN0+aLFgxNuizX5PpY6PhwJ/+I5JpbH
2pXwuPsFMAyt5vwmcrS6k7O3vvUml7mwHQVQTqrNEvPHDwxeH6n2LiW7Bbana12r
kdMU5mXwBMMTVz1sjOZnzM1M+JEoce3UXfGuflhG7amOhPJfAj7vMR6kilzATFjm
x1hdqqHzNARkeuxLhUzpdgKnk3nEmYPKx1MB7Y4FvpSEoTPVK3rPkMHQm6UCAwEA
AQKCAgBbiP2zvPryTh1L9wknubJ2EY/ZB6VtN0FEN9RgjD9AWElUeHuP5y5ffGV4
0Md0L51rPOYrexj0a1JrfpTUBkh7m88JM2jlJ7SLMnT+x9wKkVfgX6QGfC5HhB8u
0jbZmImGCzPrdJ06z4ncTw9pN2a3bGN9NIapO9/QzrmMpbsVHUA3p3uJIpMEZ39o
qTp4wfH7X61prftPrZJ9m6VKppBZ+YAWwioq04c7uW/31xPG3hv6a6yOlsF+wmqI
Ku7FGoHS2lUMg6Yigpzo1IzKguqEC1TcwC8Rou4s0AOpX1+KqKBF/qnhOIFeLrnk
h7CSxsybrvkTXh9jSRGPSdnEffZbcZtw9XagD+fg6mYrqQH95Tfp83pDEAMtoe5e
cSGoLbt9c1Et9rtWcosFTxzLTWSOjme5qomsDZxlZpFt5YML14aCgMafMnWLGhwB
hX9NfdYGJ1Sqit5CM1MCoLAvWfW+5OeR28Wn9n5P3gBsvw+2aPLrdD6EeCJHMq9k
jDJXJsuWQhbZqapnIGn6kiOqHpQxPf2Q4VkkA6zDbtcy9e9QsKNFFcP4z1p2crBg
QhVvdLw3tOqoleJZV5Nn7wv0tzHSV4ccyoFl2j3CNFl6qG39J3Xtkm+ecWQyaZYt
vAF4hK7LsoLbJi2EYLRXsQj9H/LocD7D1AHLgwT0mK0ZwEfRAQKCAQEA7MWkosMJ
MITK0nsQStNq2UV+BI2Hfou1q65KAQQOgrOgSFmb/rijSSkZknlU20iEBWaJebep
i9fCzDdJLkjZ6ISzMyxIfhS0//mlYE4Xcz0APcT54tnhQ8n38qId1CkC7K3sViY7
3ufwr6ALExrRZ/0paNtuLA0bvIIyPXA28DbGThdpjPGS5rCwMWAnT81RWN7uvEyO
0dt4oCunLgjrP+22NpQbnQvVN6kgW8tPVl8p2w3fRY3JINjRlJDZeACzV1zQ/tVy
ZlbLsfoMUOsR93Dt+lCZua4Tdt3DCiB3C0yJt05FYqS8ZFJwq0Yoynrdo1bxi9Rt
dp8S5N+0nu3RIQKCAQEA4BNzZMNYhTO+nNv8/9TIO+lSBFNwVtKB95vlA7OpX0I8
0W+0eOqy1nf7Df60B58kZ3Dop+VAzIooGmeVkW1+9BVn1b929XwUcvEjhBdWDran
XMg5ai/JKbrTw2bAPdFcIRDTQZgDz4DlOEQIsbFHIPxumloVXVv824qfLolhgFpS
y7uYGJ9/tsncdWtbPJNIKCTOxmp7KZyAsaVLpjjK9MVv8poHwTrFv5ziJyoo460/
hD8L3E4uzXe6ydTzgtYpTfyFwVyvLathx4aVjGWGtdWcvApB6rivFaP6ZRdZGU2n
9g34mQAumkJzg0XlVJzZulSgVEpkw2prvaG6TezGBQKCAQBi/Z7/jZth9aL2rQz6
u7mIbU1qieGEPtUNmijGk/OdIYx5sz1NGdTq2YwfeSrJI2BPAbeoc+km1mZTCypF
d5/jXtetJW6JiA7ElpNV2FBllbNsH9Z5ya4ssVxAzRa7hQn7+hs9SW7umvo98yOu
MSAr4eRWOqetMy3NeoGWvju54qy2KYOvsbBBUs3XVuQYsTa5eTtG7psnkiK0lIuo
64GvkKsF1pZU6oWSZ9tnhXD+I3tUYlBevBDC8uNswcKqMWDJvbyDTqotr0wqdOiB
TEaOtWBJrzkWMHli0QSiT0B2MOHDCa5ot4csSmtgsEyNmyDfEZKba4z4czlrBzx0
1ekBAoIBABxGmBMpC2yToQQORpjJ8xKMWMsu9EggfEIQrA+Rhlf89cu/+tgfVb32
mfmkIHetv1xGRTWamli1PmZGl/soBBMs+FNiu9IyfCoc/8xVXYixx+DPa19Y9FuN
tdc8ihnC54tMojvuwNxYeZRmEWrK4hzpfdOAdp23U+soTPoEYAdgXn5TB9hjmCwq
wOUYTQUR2NMoAefL3AreMuc34pnxJLtKhtvoT/40Omv5khg7G7nPTOqVQhvkyccn
yqxZcPkbqU6sBPzngzuSGt6gvxJeZWdgs0yPRs4lzAJBFQHYtmeZAw7rqGk2OqtA
o273TP8mY9s9fpXkZV67eSkO1YGr1TkCggEBAIQ3aI6TqDd5Wp52IM/beSxhg5+A
Vt+hI4Gdc0mNLJTm8/l3nd+uQpPVmuVBosfaXQK+IWDLDP4II6qBFUfOD95eK76O
Y4LJNvO3urQOh56bujnZ1ZgeKeUU36itgtp+YbYUHMSUA9BFlUr0n00POovili/M
BfHy8pcAB0EvY/B2k00v/Uj8kwbBvu1NNhUDzhUCVQM06b6SqLIA7/UeDHUYnYMJ
s3w6Eqo8yaHQJkY5DlJfO4JoXe1pZQNm3d2bAQG4vzIbyHFk2yShXTQuV5YNIATh
cKLW7xpRoDIciZVu6m4aiYw1kABty9UTSk0jKu86RjM0Epb/LnUG1qtSpPI=
-----END RSA PRIVATE KEY-----
52 changes: 52 additions & 0 deletions spec/fixtures/certs/generated/client_from_root.key.pkcs8
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDPPu1znZJc3zhs
/z/TT0ed+QMwaGq82CKg76TNrs9PU7uNwDeLSGHWvY3jFQiWVzdxK9x8Ur+zDyYA
U8YTqUwg8BYeewWKl3XquuTuMhUSAETtlRi6pZFFDtQtXVrctPEKftdSu2TVtusu
A9FyhR6/zUvX0BBlDpEMa/0zIUTZfvWW9yGPT14uHhFxHv/kzKPo4O3PmZg4ifyG
oBpgJrpm7QDnhZtB3inFz+K4RCqlQk1xd1UnI0DOENCr+gwiZaBaz+e4wisJXRZe
20aw6fO3Gx+3K2w22c9I4G5QuFF0OuRXXq7vMx+0A0FZ2hYhx1tzqKmvXtmurJKa
KhJYeTlhyxHA/oSb0epIeA1dIORvf5M9Bf9cbZyZo8j5rzJO+BXWKAxvMNgTOd+o
6E0b/byNMajfqIy35HVmsNagjFGpIqrtYCIaacpkqLLjFXhl7fN6THvGx79L87GZ
a84Jg3T5osWDE26LNfk+ljo+HAn/4jkmlsfalfC4+wUwDK3m/CZytLqTs7e+9SaX
ubAdBVBOqs0S88cPDF4fqfYuJbsFtqdrXauR0xTmZfAEwxNXPWyM5mfMzUz4kShx
7dRd8a5+WEbtqY6E8l8CPu8xHqSKXMBMWObHWF2qofM0BGR67EuFTOl2AqeTecSZ
g8rHUwHtjgW+lIShM9Ures+QwdCbpQIDAQABAoICAFuI/bO8+vJOHUv3CSe5snYR
j9kHpW03QUQ31GCMP0BYSVR4e4/nLl98ZXjQx3QvnWs85it7GPRrUmt+lNQGSHub
zwkzaOUntIsydP7H3AqRV+BfpAZ8LkeEHy7SNtmYiYYLM+t0nTrPidxPD2k3Zrds
Y300hqk739DOuYyluxUdQDene4kikwRnf2ipOnjB8ftfrWmt+0+tkn2bpUqmkFn5
gBbCKirThzu5b/fXE8beG/prrI6WwX7Caogq7sUagdLaVQyDpiKCnOjUjMqC6oQL
VNzALxGi7izQA6lfX4qooEX+qeE4gV4uueSHsJLGzJuu+RNeH2NJEY9J2cR99ltx
m3D1dqAP5+DqZiupAf3lN+nzekMQAy2h7l5xIagtu31zUS32u1ZyiwVPHMtNZI6O
Z7mqiawNnGVmkW3lgwvXhoKAxp8ydYsaHAGFf0191gYnVKqK3kIzUwKgsC9Z9b7k
55Hbxaf2fk/eAGy/D7Zo8ut0PoR4Ikcyr2SMMlcmy5ZCFtmpqmcgafqSI6oelDE9
/ZDhWSQDrMNu1zL171Cwo0UVw/jPWnZysGBCFW90vDe06qiV4llXk2fvC/S3MdJX
hxzKgWXaPcI0WXqobf0nde2Sb55xZDJpli28AXiErsuygtsmLYRgtFexCP0f8uhw
PsPUAcuDBPSYrRnAR9EBAoIBAQDsxaSiwwkwhMrSexBK02rZRX4EjYd+i7WrrkoB
BA6Cs6BIWZv+uKNJKRmSeVTbSIQFZol5t6mL18LMN0kuSNnohLMzLEh+FLT/+aVg
ThdzPQA9xPni2eFDyffyoh3UKQLsrexWJjve5/CvoAsTGtFn/Slo224sDRu8gjI9
cDbwNsZOF2mM8ZLmsLAxYCdPzVFY3u68TI7R23igK6cuCOs/7bY2lBudC9U3qSBb
y09WXynbDd9Fjckg2NGUkNl4ALNXXND+1XJmVsux+gxQ6xH3cO36UJm5rhN23cMK
IHcLTIm3TkVipLxkUnCrRijKet2jVvGL1G12nxLk37Se7dEhAoIBAQDgE3Nkw1iF
M76c2/z/1Mg76VIEU3BW0oH3m+UDs6lfQjzRb7R46rLWd/sN/rQHnyRncOin5UDM
iigaZ5WRbX70FWfVv3b1fBRy8SOEF1YOtqdcyDlqL8kputPDZsA90VwhENNBmAPP
gOU4RAixsUcg/G6aWhVdW/zbip8uiWGAWlLLu5gYn3+2ydx1a1s8k0goJM7Gansp
nICxpUumOMr0xW/ymgfBOsW/nOInKijjrT+EPwvcTi7Nd7rJ1POC1ilN/IXBXK8t
q2HHhpWMZYa11Zy8CkHquK8Vo/plF1kZTaf2DfiZAC6aQnODReVUnNm6VKBUSmTD
amu9obpN7MYFAoIBAGL9nv+Nm2H1ovatDPq7uYhtTWqJ4YQ+1Q2aKMaT850hjHmz
PU0Z1OrZjB95KskjYE8Bt6hz6SbWZlMLKkV3n+Ne160lbomIDsSWk1XYUGWVs2wf
1nnJriyxXEDNFruFCfv6Gz1Jbu6a+j3zI64xICvh5FY6p60zLc16gZa+O7nirLYp
g6+xsEFSzddW5BixNrl5O0bumyeSIrSUi6jrga+QqwXWllTqhZJn22eFcP4je1Ri
UF68EMLy42zBwqoxYMm9vINOqi2vTCp06IFMRo61YEmvORYweWLRBKJPQHYw4cMJ
rmi3hyxKa2CwTI2bIN8RkptrjPhzOWsHPHTV6QECggEAHEaYEykLbJOhBA5GmMnz
EoxYyy70SCB8QhCsD5GGV/z1y7/62B9VvfaZ+aQgd62/XEZFNZqaWLU+ZkaX+ygE
Eyz4U2K70jJ8Khz/zFVdiLHH4M9rX1j0W4211zyKGcLni0yiO+7A3Fh5lGYRasri
HOl904B2nbdT6yhM+gRgB2BeflMH2GOYLCrA5RhNBRHY0ygB58vcCt4y5zfimfEk
u0qG2+hP/jQ6a/mSGDsbuc9M6pVCG+TJxyfKrFlw+RupTqwE/OeDO5Ia3qC/El5l
Z2CzTI9GziXMAkEVAdi2Z5kDDuuoaTY6q0CjbvdM/yZj2z1+leRlXrt5KQ7VgavV
OQKCAQEAhDdojpOoN3lannYgz9t5LGGDn4BW36EjgZ1zSY0slObz+Xed365Ck9Wa
5UGix9pdAr4hYMsM/ggjqoEVR84P3l4rvo5jgsk287e6tA6Hnpu6OdnVmB4p5RTf
qK2C2n5hthQcxJQD0EWVSvSfTQ86i+KWL8wF8fLylwAHQS9j8HaTTS/9SPyTBsG+
7U02FQPOFQJVAzTpvpKosgDv9R4MdRidgwmzfDoSqjzJodAmRjkOUl87gmhd7Wll
A2bd3ZsBAbi/MhvIcWTbJKFdNC5Xlg0gBOFwotbvGlGgMhyJlW7qbhqJjDWQAG3L
1RNKTSMq7zpGMzQSlv8udQbWq1Kk8g==
-----END PRIVATE KEY-----
Binary file added spec/fixtures/certs/generated/client_from_root.p12
View file
Binary file not shown.
32 changes: 32 additions & 0 deletions spec/fixtures/certs/generated/root.crt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
-----BEGIN CERTIFICATE-----
MIIFkzCCA3ugAwIBAgIUaxaJxbTdJbY8LgQDDEur7n4wqoUwDQYJKoZIhvcNAQEL
BQAwUTELMAkGA1UEBhMCTFMxCzAJBgNVBAgMAk5BMRMwEQYDVQQHDApIdHRwIElu
cHV0MREwDwYDVQQKDAhMb2dzdGFzaDENMAsGA1UEAwwEcm9vdDAeFw0yMTExMjQx
MDIxMjlaFw0yNjExMjQxMDIxMjlaMFExCzAJBgNVBAYTAkxTMQswCQYDVQQIDAJO
QTETMBEGA1UEBwwKSHR0cCBJbnB1dDERMA8GA1UECgwITG9nc3Rhc2gxDTALBgNV
BAMMBHJvb3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwVfl113eq
oUSLcw0Xrp1H0UoRLrQoo4h88HtspnJwuTok2PiEIbhUebufzK0nF2ZybVJYiC0Z
JJuSqicMCm9VpznJVRNNT/a7gMcF4j0lYdT2Yuxw2yaCZcvCffVIRU0LIUjj2bXa
83ibuuphfwcm+C3bJ5xWN65F0Txe7mCh8PQ+X0v0peNjkdGHt1LFP3qFV67ssNtx
jeVB35rmKL/OD8gr9fNHFF5B5A8DXniLpohJZLrVFLw455Fyhx+GS+ZQpaHxfneI
hMfftflfabXZNO/pzbSHJShKhIboAfM/bXX5cnilIeLBwko/WPtO81M13rX+e3VF
UFxtXor2z1MhoV01+PfVtTem0iinkYJUtulfrGvolgaQhV+UhgoOuvmYQkj7pmd/
41pRarhxKp5jRjz3TEfY6PZjGV7vF2Q9IAk2yAUvAhY8qER+eGZe5krUKBV1gLww
zOplQMerG3+Jrm1Fk6sDGw0wJIQUCu3P3nhQTqyqx8z5Sk5dWPMQBkbJMtUIdFOD
/JxJWb171xkH1VNH9zXJfAzHVpk1cgVruF1VtepceQh0rW6E7Lc+Avbg23Zr06fj
kklKNaKabScl7uE7LiGhSpV6N2MJURtJB9jI9oRdYDCBhLihDbn33MrdseOzuWgd
uWZtvUzPKWuzTLpFnnF3krwgUm8TZW81MQIDAQABo2MwYTAdBgNVHQ4EFgQUp9fH
b97tEfzvywzwu4fsB5XKRagwHwYDVR0jBBgwFoAUp9fHb97tEfzvywzwu4fsB5XK
RagwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEL
BQADggIBAEC17d/UJpmABMNmV9PMbt5NjiD+dDi8rnE05zXQXhJWm2vZh0nLC3sc
QAJCep5xEHRzOSYSrOihzHF/Pk1Zdl4ly0SZHPtNdipphqWE/Vl9GaQahq8HZg1Y
CjGQvr0MFe4ikOGRkGw9Vp8lR4XXUJxv4VegpX3BRy2+hTgi21kV4X0a5eZ17Li9
MTljj22vxlypRIu0Jw4BPT0iayc8DivPI4vshUUFc+MLB/1h8OdY19KtoscMaIjk
90xDyAeL6/xxL4ZWDrXEUsxxoakt4vRJaCQ2hCLSVk8isQfzJhkSDqEkK5Ypo+D0
qDn8eL3w06qA1SvvtxVvKOAHHBLlb8ENoRUtBjTzBNQa2t/zDULogwTQbcY7JpwH
FAVXBfqKQ0pLuVuPeTaE6K7eE0p0/upE78FFOsmfoOL34ziw6imTyOgnmYNsmY19
Q8rE4n3hKCd4S/Vl2In9Ly8XAQpj5BYLRqxuMkx57oYQ4byr1vVas7iUIXAZSRIi
W9f+9wZ+L99tgXVIKWaA2xD24lGKfr6WKnazUJYRRJifBE3VFgydbewVePRmPbMC
P4OAVX4ERUZXuP6zpfm5rZvgesoe0ZCDIPT2U+im8OnUq1saODBuh8Frx3BXIGVx
zUQzkIYc5+zF5a4LGN2AlCr3kTEJuE3rgEKwA/gGFqYBw3CfOrhH
-----END CERTIFICATE-----
Loading

0 comments on commit 620aa58

Please sign in to comment.