tttls1.3 0.2.10 → 0.2.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +32 -0
- data/.rubocop.yml +6 -3
- data/Gemfile +3 -4
- data/README.md +5 -1
- data/Rakefile +66 -7
- data/example/helper.rb +3 -3
- data/example/https_client.rb +1 -1
- data/example/https_client_using_0rtt.rb +3 -3
- data/example/https_client_using_hrr.rb +1 -1
- data/example/https_client_using_hrr_and_ticket.rb +2 -2
- data/example/https_client_using_status_request.rb +31 -0
- data/example/https_client_using_ticket.rb +2 -2
- data/example/https_server.rb +3 -2
- data/interop/client_spec.rb +6 -6
- data/interop/server_spec.rb +6 -6
- data/lib/tttls1.3.rb +1 -0
- data/lib/tttls1.3/client.rb +97 -12
- data/lib/tttls1.3/connection.rb +44 -11
- data/lib/tttls1.3/cryptograph.rb +1 -1
- data/lib/tttls1.3/cryptograph/aead.rb +20 -7
- data/lib/tttls1.3/message.rb +1 -1
- data/lib/tttls1.3/message/alert.rb +2 -2
- data/lib/tttls1.3/message/extension/signature_algorithms.rb +13 -3
- data/lib/tttls1.3/message/extension/signature_algorithms_cert.rb +5 -4
- data/lib/tttls1.3/message/extension/status_request.rb +73 -17
- data/lib/tttls1.3/message/extensions.rb +33 -11
- data/lib/tttls1.3/server.rb +40 -13
- data/lib/tttls1.3/utils.rb +15 -0
- data/lib/tttls1.3/version.rb +1 -1
- data/spec/extensions_spec.rb +16 -0
- data/spec/fixtures/rsa_rsa.crt +15 -15
- data/spec/fixtures/rsa_rsa.key +25 -25
- data/spec/fixtures/rsa_rsa_ocsp.crt +18 -0
- data/spec/fixtures/rsa_rsa_ocsp.key +27 -0
- data/spec/server_hello_spec.rb +1 -1
- data/spec/signature_algorithms_cert_spec.rb +4 -0
- data/spec/signature_algorithms_spec.rb +4 -0
- data/spec/spec_helper.rb +35 -1
- data/spec/status_request_spec.rb +77 -10
- data/tttls1.3.gemspec +0 -1
- metadata +12 -7
- data/.github/workflows/main.yml +0 -25
@@ -44,10 +44,11 @@ module TTTLS13
|
|
44
44
|
#
|
45
45
|
# @return [TTTLS13::Message::Extensions]
|
46
46
|
# rubocop: disable Metrics/CyclomaticComplexity
|
47
|
+
# rubocop: disable Metrics/PerceivedComplexity
|
47
48
|
def self.deserialize(binary, msg_type)
|
48
49
|
raise Error::ErrorAlerts, :internal_error if binary.nil?
|
49
50
|
|
50
|
-
|
51
|
+
exs = Extensions.new
|
51
52
|
i = 0
|
52
53
|
while i < binary.length
|
53
54
|
raise Error::ErrorAlerts, :decode_error if i + 4 > binary.length
|
@@ -66,32 +67,41 @@ module TTTLS13
|
|
66
67
|
ex = Extension::UnknownExtension.new(extension_type: extension_type,
|
67
68
|
extension_data: ex_bin)
|
68
69
|
end
|
69
|
-
|
70
|
+
|
71
|
+
# There MUST NOT be more than one extension of the same type in a
|
72
|
+
# given extension block.
|
73
|
+
raise Error::ErrorAlerts, :unsupported_extension \
|
74
|
+
if exs.include?(extension_type)
|
75
|
+
|
76
|
+
exs[extension_type] = ex
|
70
77
|
i += ex_len
|
71
78
|
end
|
72
79
|
raise Error::ErrorAlerts, :decode_error unless i == binary.length
|
73
80
|
|
74
|
-
|
81
|
+
exs
|
75
82
|
end
|
76
83
|
# rubocop: enable Metrics/CyclomaticComplexity
|
84
|
+
# rubocop: enable Metrics/PerceivedComplexity
|
77
85
|
|
78
86
|
# @param key [TTTLS13::Message::ExtensionType]
|
87
|
+
# @param default
|
79
88
|
#
|
80
89
|
# @return [TTTLS13::Message::Extension::$Object]
|
81
|
-
def
|
90
|
+
def fetch(key, default = nil)
|
82
91
|
return nil if super_fetch(key, nil).is_a?(Extension::UnknownExtension)
|
83
92
|
|
84
|
-
super_fetch(key,
|
93
|
+
super_fetch(key, default)
|
85
94
|
end
|
86
95
|
|
87
|
-
|
88
|
-
|
96
|
+
def [](key)
|
97
|
+
fetch(key)
|
98
|
+
end
|
99
|
+
|
100
|
+
# @param ex [TTTLS13::Message::Extension::$Object]
|
89
101
|
#
|
90
102
|
# @return [TTTLS13::Message::Extension::$Object]
|
91
|
-
def
|
92
|
-
|
93
|
-
|
94
|
-
super_fetch(key, default)
|
103
|
+
def <<(ex)
|
104
|
+
store(ex.extension_type, ex)
|
95
105
|
end
|
96
106
|
|
97
107
|
class << self
|
@@ -110,12 +120,23 @@ module TTTLS13
|
|
110
120
|
#
|
111
121
|
# @return [TTTLS13::Message::Extension::$Object, nil]
|
112
122
|
# rubocop: disable Metrics/CyclomaticComplexity
|
123
|
+
# rubocop: disable Metrics/MethodLength
|
113
124
|
def deserialize_extension(binary, extension_type, msg_type)
|
114
125
|
raise Error::ErrorAlerts, :internal_error if binary.nil?
|
115
126
|
|
116
127
|
case extension_type
|
117
128
|
when ExtensionType::SERVER_NAME
|
118
129
|
Extension::ServerName.deserialize(binary)
|
130
|
+
when ExtensionType::STATUS_REQUEST
|
131
|
+
if msg_type == HandshakeType::CLIENT_HELLO
|
132
|
+
return Extension::OCSPStatusRequest.deserialize(binary)
|
133
|
+
end
|
134
|
+
|
135
|
+
if msg_type == HandshakeType::CERTIFICATE
|
136
|
+
return Extension::OCSPResponse.deserialize(binary)
|
137
|
+
end
|
138
|
+
|
139
|
+
Extension::UnknownExtension.deserialize(binary, extension_type)
|
119
140
|
when ExtensionType::SUPPORTED_GROUPS
|
120
141
|
Extension::SupportedGroups.deserialize(binary)
|
121
142
|
when ExtensionType::SIGNATURE_ALGORITHMS
|
@@ -143,6 +164,7 @@ module TTTLS13
|
|
143
164
|
end
|
144
165
|
end
|
145
166
|
# rubocop: enable Metrics/CyclomaticComplexity
|
167
|
+
# rubocop: enable Metrics/MethodLength
|
146
168
|
end
|
147
169
|
end
|
148
170
|
end
|
data/lib/tttls1.3/server.rb
CHANGED
@@ -46,11 +46,13 @@ module TTTLS13
|
|
46
46
|
|
47
47
|
DEFAULT_SERVER_SETTINGS = {
|
48
48
|
crt_file: nil,
|
49
|
+
chain_files: nil,
|
49
50
|
key_file: nil,
|
50
51
|
cipher_suites: DEFAULT_SP_CIPHER_SUITES,
|
51
52
|
signature_algorithms: DEFAULT_SP_SIGNATURE_ALGORITHMS,
|
52
53
|
supported_groups: DEFAULT_SP_NAMED_GROUP_LIST,
|
53
54
|
alpn: nil,
|
55
|
+
process_ocsp_response: nil,
|
54
56
|
compatibility_mode: true,
|
55
57
|
loglevel: Logger::WARN
|
56
58
|
}.freeze
|
@@ -75,6 +77,14 @@ module TTTLS13
|
|
75
77
|
klass = @crt.public_key.class
|
76
78
|
@key = klass.new(File.read(@settings[:key_file]))
|
77
79
|
raise Error::ConfigError unless @crt.check_private_key(@key)
|
80
|
+
|
81
|
+
@chain = @settings[:chain_files]&.map do |f|
|
82
|
+
OpenSSL::X509::Certificate.new(File.read(f))
|
83
|
+
end
|
84
|
+
@chain ||= []
|
85
|
+
([@crt] + @chain).each_cons(2) do |cert, sign|
|
86
|
+
raise Error::ConfigError unless cert.verify(sign.public_key)
|
87
|
+
end
|
78
88
|
end
|
79
89
|
|
80
90
|
# NOTE:
|
@@ -227,10 +237,14 @@ module TTTLS13
|
|
227
237
|
|
228
238
|
ch = transcript[CH]
|
229
239
|
rsl = @send_record_size \
|
230
|
-
|
240
|
+
if ch.extensions.include?(Message::ExtensionType::RECORD_SIZE_LIMIT)
|
231
241
|
ee = transcript[EE] = gen_encrypted_extensions(ch, @alpn, rsl)
|
232
242
|
# TODO: [Send CertificateRequest]
|
233
|
-
|
243
|
+
|
244
|
+
# status_request
|
245
|
+
ocsp_response = fetch_ocsp_response \
|
246
|
+
if ch.extensions.include?(Message::ExtensionType::STATUS_REQUEST)
|
247
|
+
ct = transcript[CT] = gen_certificate(@crt, @chain, ocsp_response)
|
234
248
|
digest = CipherSuite.digest(@cipher_suite)
|
235
249
|
cv = transcript[CV] = gen_certificate_verify(
|
236
250
|
@key,
|
@@ -341,7 +355,7 @@ module TTTLS13
|
|
341
355
|
#
|
342
356
|
# @return [TTTLS13::Message::ServerHello]
|
343
357
|
def send_hello_retry_request(ch1, cipher_suite)
|
344
|
-
exs =
|
358
|
+
exs = Message::Extensions.new
|
345
359
|
# supported_versions
|
346
360
|
exs << Message::Extension::SupportedVersions.new(
|
347
361
|
msg_type: Message::HandshakeType::SERVER_HELLO
|
@@ -363,7 +377,7 @@ module TTTLS13
|
|
363
377
|
random: Message::HRR_RANDOM,
|
364
378
|
legacy_session_id_echo: ch1.legacy_session_id,
|
365
379
|
cipher_suite: cipher_suite,
|
366
|
-
extensions:
|
380
|
+
extensions: exs
|
367
381
|
)
|
368
382
|
send_handshakes(Message::ContentType::HANDSHAKE, [sh],
|
369
383
|
Cryptograph::Passer.new)
|
@@ -394,11 +408,18 @@ module TTTLS13
|
|
394
408
|
end
|
395
409
|
|
396
410
|
# @param crt [OpenSSL::X509::Certificate]
|
411
|
+
# @param chain [Array of OpenSSL::X509::Certificate]
|
412
|
+
# @param ocsp_response [OpenSSL::OCSP::Response]
|
397
413
|
#
|
398
414
|
# @return [TTTLS13::Message::Certificate, nil]
|
399
|
-
def gen_certificate(crt)
|
400
|
-
|
401
|
-
|
415
|
+
def gen_certificate(crt, chain = [], ocsp_response = nil)
|
416
|
+
exs = Message::Extensions.new
|
417
|
+
# status_request
|
418
|
+
exs << Message::Extension::OCSPResponse.new(ocsp_response) \
|
419
|
+
unless ocsp_response.nil?
|
420
|
+
ces = [Message::CertificateEntry.new(crt, exs)] \
|
421
|
+
+ (chain || []).map { |c| Message::CertificateEntry.new(c) }
|
422
|
+
Message::Certificate.new(certificate_list: ces)
|
402
423
|
end
|
403
424
|
|
404
425
|
# @param key [OpenSSL::PKey::PKey]
|
@@ -433,7 +454,7 @@ module TTTLS13
|
|
433
454
|
# @return [TTTLS13::Message::Extensions]
|
434
455
|
# @return [OpenSSL::PKey::EC.$Object]
|
435
456
|
def gen_sh_extensions(named_group)
|
436
|
-
exs =
|
457
|
+
exs = Message::Extensions.new
|
437
458
|
# supported_versions: only TLS 1.3
|
438
459
|
exs << Message::Extension::SupportedVersions.new(
|
439
460
|
msg_type: Message::HandshakeType::SERVER_HELLO
|
@@ -444,7 +465,7 @@ module TTTLS13
|
|
444
465
|
= Message::Extension::KeyShare.gen_sh_key_share(named_group)
|
445
466
|
exs << key_share
|
446
467
|
|
447
|
-
[
|
468
|
+
[exs, priv_key]
|
448
469
|
end
|
449
470
|
|
450
471
|
# @param ch [TTTLS13::Message::ClientHello]
|
@@ -453,15 +474,16 @@ module TTTLS13
|
|
453
474
|
#
|
454
475
|
# @return [TTTLS13::Message::Extensions]
|
455
476
|
def gen_ee_extensions(ch, alpn, record_size_limit)
|
456
|
-
exs =
|
477
|
+
exs = Message::Extensions.new
|
457
478
|
|
458
479
|
# server_name
|
459
480
|
exs << Message::Extension::ServerName.new('') \
|
460
481
|
if ch.extensions.include?(Message::ExtensionType::SERVER_NAME)
|
461
482
|
|
462
483
|
# supported_groups
|
463
|
-
exs
|
464
|
-
|
484
|
+
exs << Message::Extension::SupportedGroups.new(
|
485
|
+
@settings[:supported_groups]
|
486
|
+
)
|
465
487
|
|
466
488
|
# alpn
|
467
489
|
exs << Message::Extension::Alpn.new([alpn]) unless alpn.nil?
|
@@ -470,7 +492,7 @@ module TTTLS13
|
|
470
492
|
exs << Message::Extension::RecordSizeLimit.new(record_size_limit) \
|
471
493
|
unless record_size_limit.nil?
|
472
494
|
|
473
|
-
|
495
|
+
exs
|
474
496
|
end
|
475
497
|
|
476
498
|
# @param key [OpenSSL::PKey::PKey]
|
@@ -532,6 +554,11 @@ module TTTLS13
|
|
532
554
|
|
533
555
|
matching_san?(crt, server_name)
|
534
556
|
end
|
557
|
+
|
558
|
+
# @return [OpenSSL::OCSP::Response, nil]
|
559
|
+
def fetch_ocsp_response
|
560
|
+
@settings[:process_ocsp_response]&.call
|
561
|
+
end
|
535
562
|
end
|
536
563
|
# rubocop: enable Metrics/ClassLength
|
537
564
|
end
|
data/lib/tttls1.3/utils.rb
CHANGED
@@ -61,6 +61,21 @@ module TTTLS13
|
|
61
61
|
length.to_uint64 + self
|
62
62
|
end
|
63
63
|
end
|
64
|
+
|
65
|
+
refine OpenSSL::X509::Certificate do
|
66
|
+
unless method_defined?(:ocsp_uris)
|
67
|
+
define_method(:ocsp_uris) do
|
68
|
+
aia = extensions.find { |ex| ex.oid == 'authorityInfoAccess' }
|
69
|
+
return nil if aia.nil?
|
70
|
+
|
71
|
+
ostr = OpenSSL::ASN1.decode(aia.to_der).value.last
|
72
|
+
ocsp = OpenSSL::ASN1.decode(ostr.value)
|
73
|
+
.map(&:value)
|
74
|
+
.select { |des| des.first.value == 'OCSP' }
|
75
|
+
ocsp&.map { |o| o[1].value }
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
64
79
|
end
|
65
80
|
|
66
81
|
module Convert
|
data/lib/tttls1.3/version.rb
CHANGED
data/spec/extensions_spec.rb
CHANGED
@@ -2,6 +2,7 @@
|
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require_relative 'spec_helper'
|
5
|
+
using Refinements
|
5
6
|
|
6
7
|
RSpec.describe Extensions do
|
7
8
|
context 'empty extensions' do
|
@@ -167,4 +168,19 @@ RSpec.describe Extensions do
|
|
167
168
|
expect(extensions).to include ExtensionType::RECORD_SIZE_LIMIT
|
168
169
|
end
|
169
170
|
end
|
171
|
+
|
172
|
+
context 'duplicated extension_type' do
|
173
|
+
let(:server_name) do
|
174
|
+
ServerName.new('example.com')
|
175
|
+
end
|
176
|
+
|
177
|
+
let(:testbinary) do
|
178
|
+
server_name.serialize * 2
|
179
|
+
end
|
180
|
+
|
181
|
+
it 'should raise error, if extension_type get duplicated' do
|
182
|
+
expect { Extensions.deserialize(testbinary, HandshakeType::CLIENT_HELLO) }
|
183
|
+
.to raise_error(ErrorAlerts)
|
184
|
+
end
|
185
|
+
end
|
170
186
|
end
|
data/spec/fixtures/rsa_rsa.crt
CHANGED
@@ -1,18 +1,18 @@
|
|
1
1
|
-----BEGIN CERTIFICATE-----
|
2
|
-
|
3
|
-
|
2
|
+
MIIC2TCCAcGgAwIBAgIJALo0YKZBVqYnMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNV
|
3
|
+
BAMMB3Rlc3QtY2EwHhcNMjAwNzE1MTU0NTE4WhcNMzAwNzEzMTU0NTE4WjAUMRIw
|
4
4
|
EAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
5
|
+
AQC65xzvPQrsXXRVsQ4rcrmvOF0gdWV38JKlhHUrS50//T0S55FUSBkuVXUDCZDx
|
6
|
+
dOf0y/5HaMb3hm68+ld5B/oNtoPlJWW6Sgc8OLERQy9qGpwR0mXND4SnZ9or7RDV
|
7
|
+
8tAEg/Hzq5rm6Xy2WClSR+nHg2tVh2Szde39j7o8ivJpHPzfEyZh37y9oIiY2/FP
|
8
|
+
QpbAe8n3Ses04D3jhZRoysdcuneWuG3h5DJ9X4IhZUBM54nEO5IQElyYnF6xY/Lt
|
9
|
+
Gykf8+ydiuAZpZF5FGGfoiKB7XdIwhSlK1XRFeBbHRqyAFjpSNtqy6RPdJINLseb
|
10
|
+
wG6DNSxcLm91C6ZJaaqu7Qp1AgMBAAGjMDAuMAkGA1UdEwQCMAAwCwYDVR0PBAQD
|
11
|
+
AgWgMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEALqaQ
|
12
|
+
J5H9jB2VmIEDxhXAQTeqW1Hmp0oHhL1XcAvNS+JILjFfAdjMe/3Kei3hQJv8j8sE
|
13
|
+
uck3o7iA4kcE0ydUzO7TM7efjqcksyZrmWSB0xj+NHjcybwhD4Selr1vBSCU0IHN
|
14
|
+
Ap+zYbBX7eQawm2lIzniBvS6MmP+dgZjhy73FVQ4oSz+wTcg1iPkhulYL4iV/HSG
|
15
|
+
fND5gUvlRbLHGTETpCdq7iJNOpNl/OYboJLPvVpx8H7Jc+L2bQl05fj/koO35xaL
|
16
|
+
JuZGj5aVOKw45WvqERpe1RI3077dWE6bAr9DzrW13IqmFMbPD817pcB6+ILZnMAF
|
17
|
+
RhobWRU6PA4TdDP8bg==
|
18
18
|
-----END CERTIFICATE-----
|
data/spec/fixtures/rsa_rsa.key
CHANGED
@@ -1,27 +1,27 @@
|
|
1
1
|
-----BEGIN RSA PRIVATE KEY-----
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
/
|
25
|
-
|
26
|
-
|
2
|
+
MIIEowIBAAKCAQEAuucc7z0K7F10VbEOK3K5rzhdIHVld/CSpYR1K0udP/09EueR
|
3
|
+
VEgZLlV1AwmQ8XTn9Mv+R2jG94ZuvPpXeQf6DbaD5SVlukoHPDixEUMvahqcEdJl
|
4
|
+
zQ+Ep2faK+0Q1fLQBIPx86ua5ul8tlgpUkfpx4NrVYdks3Xt/Y+6PIryaRz83xMm
|
5
|
+
Yd+8vaCImNvxT0KWwHvJ90nrNOA944WUaMrHXLp3lrht4eQyfV+CIWVATOeJxDuS
|
6
|
+
EBJcmJxesWPy7RspH/PsnYrgGaWReRRhn6Iige13SMIUpStV0RXgWx0asgBY6Ujb
|
7
|
+
asukT3SSDS7Hm8BugzUsXC5vdQumSWmqru0KdQIDAQABAoIBABPIjNaB9psIVV0Q
|
8
|
+
rbhJn3/9jlX2NzRX4Z3lhGV9znpMet96ZXavXwL5hrY4mAAG6NqPkS3L2Guw7h3Q
|
9
|
+
vduQzZYQAKwLplXuqg9kzNFP9D/d6zEzvRTUlK0HoB9QK50J45zmvoCVZIMWqd2/
|
10
|
+
PTh5ZjR5I65c83rPe86AHS11Y61edr+vvGtI07kvj7EzR3jie0Lzzpj7TbmjTt5U
|
11
|
+
v9rskcxjulQOmp8t/3ouptUhi16PRXPof0yzRGo6rrCUoQ7Cuy1dbFZ96dIBxrt4
|
12
|
+
h9suE6MtpXdsGfI5FZPOKHqUcw8hZfUgeOYm4OTV3vBYie0xJ77i9YgqR+UwymjA
|
13
|
+
NK4AOY0CgYEA553JtUvl8py76HjL3DxfbU38Dq22AF9sdUAs9Xwy9B8Y6R9SyrPI
|
14
|
+
nab+3EE0gz5NnFLFCILK4A7ewe3OB3bE7/P4mc7JlUWM2LAcBz7K50seIKD3r+cj
|
15
|
+
VzLHarOBi/VZ0pe1lDj/cuQ6cXTLHbKtk2XGCRnCBMJlog4ruFMYJ+sCgYEAzpRD
|
16
|
+
3YtuQcT0rtvK05BcdWD3nGgsrAauLvKz80LIu4zX9nfz/H6lNRpZYJ2jrLR1ikbX
|
17
|
+
XVWIsNlWizAuWEbGokUEYDTuhkh3591nrdPyB6/0Lm2Snl+q7mKIUFrZ08MXe7U8
|
18
|
+
Z/qPq2VLVSzCyoGX0l4GuNymgDH6NVR/i5yQXx8CgYBNJ1OUz+aWbb1ukCagg3/q
|
19
|
+
QksPfLAe6aqQWENhtvCmP2Gl7mg+26qdUY6eQh5DBdMGms/FqQP5pRpxEU1LUTYD
|
20
|
+
FIsgeTDPR67GU8vSYglnCK/NgLFhaCZumpyxH4Cs5Zr5Os4ixOXbGMmbF6O9jdKi
|
21
|
+
Qgm46FqoCTWfyQapTQzD5wKBgGQV4WuNCjZDPmkZhANMhf84o77bmgkek3WbkSPi
|
22
|
+
z25OprN7GnLSySgZRARTW+Fo7Sm5eM53impkYlG9XjbW05X66kvSWV4l7jIgSwMl
|
23
|
+
FLY0wZFc9RRWNXKZuoF0AuVeOBpvjHy0ILdhtEXoEdgbQXtios8d2G1zyU3dSo5R
|
24
|
+
pIDxAoGBAIlXeI9tB0X9ywXKylI3CyHi8ex/k6o4WTj/5fH4bYp4faHBRm78Ho81
|
25
|
+
Ih9rewMw7fMC3YUN3rcyvHRQqbJ2Wcxpyf0k45GMxTRasoVXCXgV/sMNCHh/ddZM
|
26
|
+
Gf5ZTeq10gJPofBlPObg5VrlCLRnIFaNI4izpq2A+/FqTrEvSGlf
|
27
27
|
-----END RSA PRIVATE KEY-----
|
@@ -0,0 +1,18 @@
|
|
1
|
+
-----BEGIN CERTIFICATE-----
|
2
|
+
MIIC4TCCAcmgAwIBAgIJALkL6IyOlMwWMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNV
|
3
|
+
BAMMB3Rlc3QtY2EwHhcNMTkxMTI2MDczMzExWhcNMjkxMTIzMDczMzExWjAUMRIw
|
4
|
+
EAYDVQQDDAl0ZXN0LW9jc3AwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
|
5
|
+
AQDapLrB5S2yXQ9Wt/O9SZzoMW8IChsPgtZYC8h4Z/bcbqRb/6Bq5YfcYxq84cD/
|
6
|
+
8xn7e8R2OCNgva8GBlMy7d0czt3ysLnNlZ+dPu7MU4yS/R40LOhMGEf71mf6PLqj
|
7
|
+
1ecaEclgbIhyIGHlUXQIAnhhpAwzHxKVAhcgBgQFs8NgNViAE3BpjyUW0qXE5RUY
|
8
|
+
BQ7V9/Kn/fnsfOk6jMF20V2Kxn5Sj/c+D59+vFX3FmQyqsTKoAKoUuNsFOvHGV0d
|
9
|
+
gxLggE5wq4AodrA40MY95HgCZ2rDfEKgfc9rKhLGz6s0etGFMVtjqK6YvpQYUOaS
|
10
|
+
8JStLrGF1eINoJJFibIf69v9AgMBAAGjODA2MAkGA1UdEwQCMAAwEwYDVR0lBAww
|
11
|
+
CgYIKwYBBQUHAwkwFAYDVR0RBA0wC4IJdGVzdC1vY3NwMA0GCSqGSIb3DQEBCwUA
|
12
|
+
A4IBAQBHC6jRQyZhBJIdfP9CGpNO1dNHicwpFJ61ofwgzW1jEkVfBtVpqvEaEbYE
|
13
|
+
LVxru1s8VY281trhwRuZkDRv5hB/CUUbdPICwQlkyCdUoYURrJEm/mirK9494AGh
|
14
|
+
f33S+bMXZGAYLYoPYlSGj8EpL1Do3nvJK8//coRJlTEBcfgIIUlRMaeOiGrg3zpM
|
15
|
+
1KGxO3GtG1mpod7BEMv3ZGI85p8wXF4N2Z+phBoAyRGW+R4VW3tF5bbqiKlRr3Lt
|
16
|
+
HNsuXHSQykKpxD085eeQLTZGVESrCcmNv8XvVxwGE1r0kmlwexADNvP3HDXseie+
|
17
|
+
8QFIt+zvJb/lDy4xbCT/M4a7L9Gn
|
18
|
+
-----END CERTIFICATE-----
|
@@ -0,0 +1,27 @@
|
|
1
|
+
-----BEGIN RSA PRIVATE KEY-----
|
2
|
+
MIIEpAIBAAKCAQEA2qS6weUtsl0PVrfzvUmc6DFvCAobD4LWWAvIeGf23G6kW/+g
|
3
|
+
auWH3GMavOHA//MZ+3vEdjgjYL2vBgZTMu3dHM7d8rC5zZWfnT7uzFOMkv0eNCzo
|
4
|
+
TBhH+9Zn+jy6o9XnGhHJYGyIciBh5VF0CAJ4YaQMMx8SlQIXIAYEBbPDYDVYgBNw
|
5
|
+
aY8lFtKlxOUVGAUO1ffyp/357HzpOozBdtFdisZ+Uo/3Pg+ffrxV9xZkMqrEyqAC
|
6
|
+
qFLjbBTrxxldHYMS4IBOcKuAKHawONDGPeR4Amdqw3xCoH3PayoSxs+rNHrRhTFb
|
7
|
+
Y6iumL6UGFDmkvCUrS6xhdXiDaCSRYmyH+vb/QIDAQABAoIBAQC/s1D/siYHzeol
|
8
|
+
+XFelI1bVARqwxmI1wmB9wrU7yqViPjYpN+M+iTNyaLm2vUyNH6ibZkKohv6tTUh
|
9
|
+
DiiibcXBfWtCX0r5gueIomYThmmpcv6pdnpSRbPPjeRqlhZ6kZBn3hJ3VZGoptXO
|
10
|
+
j0UxxKCx03jS1bqgJU4LSNr7+OojjeKh8D9bxwCizhGx9239QwChtQTPr4U3aeTb
|
11
|
+
Qwx8WtNH/2zvpdylyXW/eg8MO4WPYXpxWSGQnRJG5knPa7hF+iRnszysbUPNBVUd
|
12
|
+
TUQJHBdtukt+7hDbPyMpMu0DwpqhOqsEk2avacWuCYEEE/SWmJ/mvLokbfECSUpy
|
13
|
+
ZqfXJPLNAoGBAPtd+m2YVmLJmjO2skv+zGG5KhHNF2cY6xLQWuHW/yChNjSzpLYm
|
14
|
+
YygyOd4hBH39ieQkBRs0QOX9S5Dzv6ERU1cr0CVDJeb9TQ9UTxXc01paJ+aoZNr5
|
15
|
+
uHoGO16xBR4tmidc4HmbHDFSwmRAFhkooHM9MVACUFABIdWqwEwSZa/HAoGBAN6s
|
16
|
+
WhPrsDyRAfKFV9bwD1P5aMPu6pjWOFO3bRIisPRtVzilamCkKvXCh1SyYHaNRjjG
|
17
|
+
fQYEZeCZTxHi7GxZltRG5DRsmm8rDz6E4OrTQMHfQNDiuw78uZZ9+YYwaIM3nt1i
|
18
|
+
/lN2hs79zj/HPf5qX9rw+CarOL0bdW97a/Monx4bAoGAeMqXXfT3hi9E15bypQxD
|
19
|
+
IK6/JaC9n0BdLkRLd/09ymtNxhORkipuOdGw9yo8o2Kj0arxfTol+Z83oedP7dGK
|
20
|
+
j/gw5McYvqB4WGZ2PpZIRkHOrMu883FPEexOuVktkWvuiP3brPQ5nwYa/dvCAsMA
|
21
|
+
H4CHYuBJwbhZjvinwaaRkN8CgYA9sQh/zmOUVCRy+Yh9jyLgBBCHgDDUyTzvzLjW
|
22
|
+
NnBKN+TbV9DiF3mjfxKZX5YkIj3bSvqmaR+Em1Txwqn31tZX15AwCgq7U/W0P4JE
|
23
|
+
7ORbEixV8wsaOuB8FkjEabL677T+5wdJPmRZAq5asyu0yenmsa4+oF9m3S2rBknB
|
24
|
+
I3b6EwKBgQD1+0+xdGomMeKHg8jWuDytdlWmNXmbiV0g2yOm533jG67vGDPfgd0H
|
25
|
+
PNC62d7r5EhIVJwQZmW/GdOfZ7tI91XN+GjNyslr9t299hoMeRMT+Db2U+mQvKuS
|
26
|
+
Oz+MHhO8YnOz9GFbQShqiCFj4zTU/0Ga/BY8Y52lURftt/QIXo+7Vg==
|
27
|
+
-----END RSA PRIVATE KEY-----
|
data/spec/server_hello_spec.rb
CHANGED
@@ -187,7 +187,7 @@ RSpec.describe ServerHello do
|
|
187
187
|
let(:message) do
|
188
188
|
sh = ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
|
189
189
|
extensions = sh.instance_variable_get(:@extensions)
|
190
|
-
extensions
|
190
|
+
extensions.delete(ExtensionType::SUPPORTED_VERSIONS)
|
191
191
|
sh.instance_variable_set(:@extensions, extensions)
|
192
192
|
sh
|
193
193
|
end
|
@@ -24,6 +24,8 @@ RSpec.describe SignatureAlgorithmsCert do
|
|
24
24
|
end
|
25
25
|
|
26
26
|
it 'should be generated' do
|
27
|
+
expect(extension).to be_a(SignatureAlgorithmsCert)
|
28
|
+
|
27
29
|
expect(extension.extension_type)
|
28
30
|
.to eq ExtensionType::SIGNATURE_ALGORITHMS_CERT
|
29
31
|
expect(extension.supported_signature_algorithms)
|
@@ -58,6 +60,8 @@ RSpec.describe SignatureAlgorithmsCert do
|
|
58
60
|
end
|
59
61
|
|
60
62
|
it 'should generate valid object' do
|
63
|
+
expect(extension).to be_a(SignatureAlgorithmsCert)
|
64
|
+
|
61
65
|
expect(extension.extension_type)
|
62
66
|
.to eq ExtensionType::SIGNATURE_ALGORITHMS_CERT
|
63
67
|
expect(extension.supported_signature_algorithms)
|