couchbase 4.4.0 → 4.4.1-dev.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (14) hide show
  1. package/deps/couchbase-cxx-cache/mozilla-ca-bundle.crt +19 -32
  2. package/deps/couchbase-cxx-cache/mozilla-ca-bundle.sha256 +1 -1
  3. package/package.json +8 -7
  4. package/deps/couchbase-cxx-cache/asio/41f31469d0dd420500b334dc8c2fd3ffe7320d8e/asio/asio/COPYING +0 -4
  5. package/deps/couchbase-cxx-cache/asio/41f31469d0dd420500b334dc8c2fd3ffe7320d8e/asio/asio/README +0 -4
  6. package/deps/couchbase-cxx-cache/boringssl/e31ea00c1ea52052d2d78d44006cc88c80fa24a9/boringssl/src/crypto/obj/README +0 -15
  7. package/deps/couchbase-cxx-cache/boringssl/e31ea00c1ea52052d2d78d44006cc88c80fa24a9/boringssl/src/crypto/perlasm/readme +0 -100
  8. package/deps/couchbase-cxx-cache/boringssl/e31ea00c1ea52052d2d78d44006cc88c80fa24a9/boringssl/src/pki/testdata/nist-pkits/README.chromium +0 -19
  9. package/deps/couchbase-cxx-cache/boringssl/e31ea00c1ea52052d2d78d44006cc88c80fa24a9/boringssl/src/pki/testdata/ssl/certificates/README +0 -318
  10. package/deps/couchbase-cxx-cache/boringssl/e31ea00c1ea52052d2d78d44006cc88c80fa24a9/boringssl/src/pki/testdata/verify_certificate_chain_unittest/README +0 -87
  11. package/deps/couchbase-cxx-cache/boringssl/e31ea00c1ea52052d2d78d44006cc88c80fa24a9/boringssl/src/pki/testdata/verify_signed_data_unittest/README +0 -35
  12. package/deps/couchbase-cxx-cache/boringssl/e31ea00c1ea52052d2d78d44006cc88c80fa24a9/boringssl/src/third_party/fiat/README.chromium +0 -11
  13. package/deps/couchbase-cxx-cache/boringssl/e31ea00c1ea52052d2d78d44006cc88c80fa24a9/boringssl/src/util/bot/README +0 -3
  14. package/deps/couchbase-cxx-cache/fmt/d3c862243fcf1c41b4c09903f35479bd42f135b7/fmt/support/README +0 -4
@@ -1,7 +1,7 @@
1
1
  ##
2
2
  ## Bundle of CA Root Certificates
3
3
  ##
4
- ## Certificate data from Mozilla as of: Mon Mar 11 15:25:27 2024 GMT
4
+ ## Certificate data from Mozilla as of: Tue Jul 2 03:12:04 2024 GMT
5
5
  ##
6
6
  ## This is a bundle of X.509 certificates of public Certificate Authorities
7
7
  ## (CA). These were automatically extracted from Mozilla's root certificates
@@ -14,7 +14,7 @@
14
14
  ## Just configure this file as the SSLCACertificateFile.
15
15
  ##
16
16
  ## Conversion done with mk-ca-bundle.pl version 1.29.
17
- ## SHA256: 4d96bd539f4719e9ace493757afbe4a23ee8579de1c97fbebc50bba3c12e8c1e
17
+ ## SHA256: 456ff095dde6dd73354c5c28c73d9c06f53b61a803963414cb91a1d92945cdd3
18
18
  ##
19
19
 
20
20
 
@@ -2600,36 +2600,6 @@ vLtoURMMA/cVi4RguYv/Uo7njLwcAjA8+RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+
2600
2600
  CAezNIm8BZ/3Hobui3A=
2601
2601
  -----END CERTIFICATE-----
2602
2602
 
2603
- GLOBALTRUST 2020
2604
- ================
2605
- -----BEGIN CERTIFICATE-----
2606
- MIIFgjCCA2qgAwIBAgILWku9WvtPilv6ZeUwDQYJKoZIhvcNAQELBQAwTTELMAkGA1UEBhMCQVQx
2607
- IzAhBgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVT
2608
- VCAyMDIwMB4XDTIwMDIxMDAwMDAwMFoXDTQwMDYxMDAwMDAwMFowTTELMAkGA1UEBhMCQVQxIzAh
2609
- BgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVTVCAy
2610
- MDIwMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAri5WrRsc7/aVj6B3GyvTY4+ETUWi
2611
- D59bRatZe1E0+eyLinjF3WuvvcTfk0Uev5E4C64OFudBc/jbu9G4UeDLgztzOG53ig9ZYybNpyrO
2612
- VPu44sB8R85gfD+yc/LAGbaKkoc1DZAoouQVBGM+uq/ufF7MpotQsjj3QWPKzv9pj2gOlTblzLmM
2613
- CcpL3TGQlsjMH/1WljTbjhzqLL6FLmPdqqmV0/0plRPwyJiT2S0WR5ARg6I6IqIoV6Lr/sCMKKCm
2614
- fecqQjuCgGOlYx8ZzHyyZqjC0203b+J+BlHZRYQfEs4kUmSFC0iAToexIiIwquuuvuAC4EDosEKA
2615
- A1GqtH6qRNdDYfOiaxaJSaSjpCuKAsR49GiKweR6NrFvG5Ybd0mN1MkGco/PU+PcF4UgStyYJ9OR
2616
- JitHHmkHr96i5OTUawuzXnzUJIBHKWk7buis/UDr2O1xcSvy6Fgd60GXIsUf1DnQJ4+H4xj04KlG
2617
- DfV0OoIu0G4skaMxXDtG6nsEEFZegB31pWXogvziB4xiRfUg3kZwhqG8k9MedKZssCz3AwyIDMvU
2618
- clOGvGBG85hqwvG/Q/lwIHfKN0F5VVJjjVsSn8VoxIidrPIwq7ejMZdnrY8XD2zHc+0klGvIg5rQ
2619
- mjdJBKuxFshsSUktq6HQjJLyQUp5ISXbY9e2nKd+Qmn7OmMCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
2620
- AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNwuH9FhN3nkq9XVsxJxaD1qaJwiMB8GA1Ud
2621
- IwQYMBaAFNwuH9FhN3nkq9XVsxJxaD1qaJwiMA0GCSqGSIb3DQEBCwUAA4ICAQCR8EICaEDuw2jA
2622
- VC/f7GLDw56KoDEoqoOOpFaWEhCGVrqXctJUMHytGdUdaG/7FELYjQ7ztdGl4wJCXtzoRlgHNQIw
2623
- 4Lx0SsFDKv/bGtCwr2zD/cuz9X9tAy5ZVp0tLTWMstZDFyySCstd6IwPS3BD0IL/qMy/pJTAvoe9
2624
- iuOTe8aPmxadJ2W8esVCgmxcB9CpwYhgROmYhRZf+I/KARDOJcP5YBugxZfD0yyIMaK9MOzQ0MAS
2625
- 8cE54+X1+NZK3TTN+2/BT+MAi1bikvcoskJ3ciNnxz8RFbLEAwW+uxF7Cr+obuf/WEPPm2eggAe2
2626
- HcqtbepBEX4tdJP7wry+UUTF72glJ4DjyKDUEuzZpTcdN3y0kcra1LGWge9oXHYQSa9+pTeAsRxS
2627
- vTOBTI/53WXZFM2KJVj04sWDpQmQ1GwUY7VA3+vA/MRYfg0UFodUJ25W5HCEuGwyEn6CMUO+1918
2628
- oa2u1qsgEu8KwxCMSZY13At1XrFP1U80DhEgB3VDRemjEdqso5nCtnkn4rnvyOL2NSl6dPrFf4IF
2629
- YqYK6miyeUcGbvJXqBUzxvd4Sj1Ce2t+/vdG6tHrju+IaFvowdlxfv1k7/9nR4hYJS8+hge9+6jl
2630
- gqispdNpQ80xiEmEU5LAsTkbOYMBMMTyqfrQA71yN2BWHzZ8vTmR9W0Nv3vXkg==
2631
- -----END CERTIFICATE-----
2632
-
2633
2603
  ANF Secure Server Root CA
2634
2604
  =========================
2635
2605
  -----BEGIN CERTIFICATE-----
@@ -3579,3 +3549,20 @@ wPfc5+pbrrLMtTWGS9DiP7bY+A4A7l3j941Y/8+LN+ljX273CXE2whJdV/LItM3z7gLfEdxquVeE
3579
3549
  HVlNjM7IDiPCtyaaEBRx/pOyiriA8A4QntOoUAw3gi/q4Iqd4Sw5/7W0cwDk90imc6y/st53BIe0
3580
3550
  o82bNSQ3+pCTE4FCxpgmdTdmQRCsu/WU48IxK63nI1bMNSWSs1A=
3581
3551
  -----END CERTIFICATE-----
3552
+
3553
+ FIRMAPROFESIONAL CA ROOT-A WEB
3554
+ ==============================
3555
+ -----BEGIN CERTIFICATE-----
3556
+ MIICejCCAgCgAwIBAgIQMZch7a+JQn81QYehZ1ZMbTAKBggqhkjOPQQDAzBuMQswCQYDVQQGEwJF
3557
+ UzEcMBoGA1UECgwTRmlybWFwcm9mZXNpb25hbCBTQTEYMBYGA1UEYQwPVkFURVMtQTYyNjM0MDY4
3558
+ MScwJQYDVQQDDB5GSVJNQVBST0ZFU0lPTkFMIENBIFJPT1QtQSBXRUIwHhcNMjIwNDA2MDkwMTM2
3559
+ WhcNNDcwMzMxMDkwMTM2WjBuMQswCQYDVQQGEwJFUzEcMBoGA1UECgwTRmlybWFwcm9mZXNpb25h
3560
+ bCBTQTEYMBYGA1UEYQwPVkFURVMtQTYyNjM0MDY4MScwJQYDVQQDDB5GSVJNQVBST0ZFU0lPTkFM
3561
+ IENBIFJPT1QtQSBXRUIwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARHU+osEaR3xyrq89Zfe9MEkVz6
3562
+ iMYiuYMQYneEMy3pA4jU4DP37XcsSmDq5G+tbbT4TIqk5B/K6k84Si6CcyvHZpsKjECcfIr28jlg
3563
+ st7L7Ljkb+qbXbdTkBgyVcUgt5SjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUk+FD
3564
+ Y1w8ndYn81LsF7Kpryz3dvgwHQYDVR0OBBYEFJPhQ2NcPJ3WJ/NS7Beyqa8s93b4MA4GA1UdDwEB
3565
+ /wQEAwIBBjAKBggqhkjOPQQDAwNoADBlAjAdfKR7w4l1M+E7qUW/Runpod3JIha3RxEL2Jq68cgL
3566
+ cFBTApFwhVmpHqTm6iMxoAACMQD94vizrxa5HnPEluPBMBnYfubDl94cT7iJLzPrSA8Z94dGXSaQ
3567
+ pYXFuXqUPoeovQA=
3568
+ -----END CERTIFICATE-----
@@ -1 +1 @@
1
- 1794c1d4f7055b7d02c2170337b61b48a2ef6c90d77e95444fd2596f4cac609f cacert.pem
1
+ 1bf458412568e134a4514f5e170a328d11091e071c7110955c9884ed87972ac9 cacert.pem
package/package.json CHANGED
@@ -54,7 +54,7 @@
54
54
  "type": "git",
55
55
  "url": "http://github.com/couchbase/couchnode.git"
56
56
  },
57
- "version": "4.4.0",
57
+ "version": "4.4.1-dev.1",
58
58
  "config": {
59
59
  "native": false
60
60
  },
@@ -79,12 +79,13 @@
79
79
  ]
80
80
  },
81
81
  "optionalDependencies": {
82
- "@couchbase/couchbase-darwin-arm64-napi": "4.4.0",
83
- "@couchbase/couchbase-darwin-x64-napi": "4.4.0",
84
- "@couchbase/couchbase-linux-arm64-napi": "4.4.0",
85
- "@couchbase/couchbase-linuxmusl-x64-napi": "4.4.0",
86
- "@couchbase/couchbase-linux-x64-napi": "4.4.0",
87
- "@couchbase/couchbase-win32-x64-napi": "4.4.0"
82
+ "@couchbase/couchbase-darwin-arm64-napi": "4.4.1-dev.1",
83
+ "@couchbase/couchbase-darwin-x64-napi": "4.4.1-dev.1",
84
+ "@couchbase/couchbase-linux-arm64-napi": "4.4.1-dev.1",
85
+ "@couchbase/couchbase-linuxmusl-arm64-napi": "4.4.1-dev.1",
86
+ "@couchbase/couchbase-linuxmusl-x64-napi": "4.4.1-dev.1",
87
+ "@couchbase/couchbase-linux-x64-napi": "4.4.1-dev.1",
88
+ "@couchbase/couchbase-win32-x64-napi": "4.4.1-dev.1"
88
89
  },
89
90
  "files": [
90
91
  "LICENSE",
@@ -1,4 +0,0 @@
1
- Copyright (c) 2003-2023 Christopher M. Kohlhoff (chris at kohlhoff dot com)
2
-
3
- Distributed under the Boost Software License, Version 1.0. (See accompanying
4
- file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
@@ -1,4 +0,0 @@
1
- asio version 1.29.0
2
- Released Thursday, 09 November 2023.
3
-
4
- See doc/index.html for API documentation and a tutorial.
@@ -1,15 +0,0 @@
1
- The files nid.h, obj_mac.num, and obj_dat.h are generated from objects.txt and
2
- obj_mac.num. To regenerate them, run:
3
-
4
- go run objects.go
5
-
6
- objects.txt contains the list of all built-in OIDs. It is processed by
7
- objects.go to output obj_mac.num, obj_dat.h, and nid.h.
8
-
9
- obj_mac.num is the list of NID values for each OID. This is an input/output
10
- file so NID values are stable across regenerations.
11
-
12
- nid.h is the header which defines macros for all the built-in OIDs in C.
13
-
14
- obj_dat.h contains the ASN1_OBJECTs corresponding to built-in OIDs themselves
15
- along with lookup tables for search by short name, OID, etc.
@@ -1,100 +0,0 @@
1
- The perl scripts in this directory are my 'hack' to generate
2
- multiple different assembler formats via the one origional script.
3
-
4
- The way to use this library is to start with adding the path to this directory
5
- and then include it.
6
-
7
- push(@INC,"perlasm","../../perlasm");
8
- require "x86asm.pl";
9
-
10
- The first thing we do is setup the file and type of assembler
11
-
12
- &asm_init($ARGV[0]);
13
-
14
- The first argument is the 'type'. Currently
15
- 'cpp', 'sol', 'a.out', 'elf' or 'win32'.
16
- Argument 2 is the file name.
17
-
18
- The reciprocal function is
19
- &asm_finish() which should be called at the end.
20
-
21
- There are 2 main 'packages'. x86ms.pl, which is the Microsoft assembler,
22
- and x86unix.pl which is the unix (gas) version.
23
-
24
- Functions of interest are:
25
- &external_label("des_SPtrans"); declare and external variable
26
- &LB(reg); Low byte for a register
27
- &HB(reg); High byte for a register
28
- &BP(off,base,index,scale) Byte pointer addressing
29
- &DWP(off,base,index,scale) Word pointer addressing
30
- &stack_push(num) Basically a 'sub esp, num*4' with extra
31
- &stack_pop(num) inverse of stack_push
32
- &function_begin(name,extra) Start a function with pushing of
33
- edi, esi, ebx and ebp. extra is extra win32
34
- external info that may be required.
35
- &function_begin_B(name,extra) Same as normal function_begin but no pushing.
36
- &function_end(name) Call at end of function.
37
- &function_end_A(name) Standard pop and ret, for use inside functions
38
- &function_end_B(name) Call at end but with poping or 'ret'.
39
- &swtmp(num) Address on stack temp word.
40
- &wparam(num) Parameter number num, that was push
41
- in C convention. This all works over pushes
42
- and pops.
43
- &comment("hello there") Put in a comment.
44
- &label("loop") Refer to a label, normally a jmp target.
45
- &set_label("loop") Set a label at this point.
46
- &data_word(word) Put in a word of data.
47
-
48
- So how does this all hold together? Given
49
-
50
- int calc(int len, int *data)
51
- {
52
- int i,j=0;
53
-
54
- for (i=0; i<len; i++)
55
- {
56
- j+=other(data[i]);
57
- }
58
- }
59
-
60
- So a very simple version of this function could be coded as
61
-
62
- push(@INC,"perlasm","../../perlasm");
63
- require "x86asm.pl";
64
-
65
- &asm_init($ARGV[0]);
66
-
67
- &external_label("other");
68
-
69
- $tmp1= "eax";
70
- $j= "edi";
71
- $data= "esi";
72
- $i= "ebp";
73
-
74
- &comment("a simple function");
75
- &function_begin("calc");
76
- &mov( $data, &wparam(1)); # data
77
- &xor( $j, $j);
78
- &xor( $i, $i);
79
-
80
- &set_label("loop");
81
- &cmp( $i, &wparam(0));
82
- &jge( &label("end"));
83
-
84
- &mov( $tmp1, &DWP(0,$data,$i,4));
85
- &push( $tmp1);
86
- &call( "other");
87
- &add( $j, "eax");
88
- &pop( $tmp1);
89
- &inc( $i);
90
- &jmp( &label("loop"));
91
-
92
- &set_label("end");
93
- &mov( "eax", $j);
94
-
95
- &function_end("calc");
96
-
97
- &asm_finish();
98
-
99
- The above example is very very unoptimised but gives an idea of how
100
- things work.
@@ -1,19 +0,0 @@
1
- Name: NIST Public Key Interoperability Test Suite
2
- Short Name: NIST PKITS
3
- URL: http://csrc.nist.gov/groups/ST/crypto_apps_infra/pki/pkitesting.html
4
- Version: 1.0.1
5
- Date: April 14, 2011
6
- License: Public Domain: United States Government Work under 17 U.S.C. 105
7
- Shipped: no
8
-
9
- Description:
10
- The Public Key Interoperability Test Suite (PKITS) is a comprehensive X.509
11
- path validation test suite that was developed by NIST in conjunction with BAE
12
- Systems and NSA. The PKITS path validation test suite is designed to cover
13
- most of the features specified in X.509 and RFC 3280.
14
-
15
- Local Modifications:
16
- Only the certs/ and crls/ directories were extracted from PKITS_data.zip.
17
-
18
- pkits_testcases-inl.h is generated from the test descriptions in PKITS.pdf
19
- using generate_tests.py.
@@ -1,318 +0,0 @@
1
- This directory contains various certificates for use with SSL-related
2
- unit tests.
3
-
4
- ===== Real-world certificates that need manual updating
5
- - google.binary.p7b
6
- - google.chain.pem
7
- - google.pem_cert.p7b
8
- - google.pem_pkcs7.p7b
9
- - google.pkcs7.p7b
10
- - google.single.der
11
- - google.single.pem : Certificates for testing parsing of different formats.
12
-
13
- - mit.davidben.der : An expired MIT client certificate.
14
-
15
- - foaf.me.chromium-test-cert.der : A client certificate for a FOAF.ME identity
16
- created for testing.
17
-
18
- - google_diginotar.pem
19
- - diginotar_public_ca_2025.pem : A certificate chain for the regression test
20
- of http://crbug.com/94673
21
-
22
- - salesforce_com_test.pem
23
- - verisign_intermediate_ca_2011.pem
24
- - verisign_intermediate_ca_2016.pem : Certificates for testing two
25
- X509Certificate objects that contain the same server certificate but
26
- different intermediate CA certificates. The two intermediate CA
27
- certificates actually represent the same intermediate CA but have
28
- different validity periods.
29
-
30
- - ndn.ca.crt: "New Dream Network Certificate Authority" root certificate.
31
- This is an X.509 v1 certificate that omits the version field. Used to
32
- test that the certificate version gets the default value v1.
33
-
34
- - ct-test-embedded-cert.pem
35
- - ct-test-embedded-with-intermediate-chain.pem
36
- - ct-test-embedded-with-intermediate-preca-chain.pem
37
- - ct-test-embedded-with-preca-chain.pem
38
- Test certificate chains for Certificate Transparency: Each of these
39
- files contains a leaf certificate as the first certificate, which has
40
- embedded SCTs, followed by the issuer certificates chain.
41
- All files are from the src/test/testdada directory in
42
- https://code.google.com/p/certificate-transparency/
43
-
44
- - leaf_from_known_root.pem : A certificate issued by a public trust anchor,
45
- used for CertVerifyProcInternalTest.TestKnownRoot. Using for other
46
- purposes is not recommended. This needs to be updated periodically so the
47
- server name the cert is valid for may change.
48
-
49
- - lets-encrypt-dst-x3-root.pem: A chain that ends in the Lets encrypt DST X3
50
- root (https://crt.sh/?id=8395). Has the same leaf as
51
- lets-encrypt-isrg-x1-root.pem.
52
- - lets-encrypt-isrg-x1-root.pem: A chain that ends in the Lets encrypt ISRG X1
53
- root (https://crt.sh/?id=9314791). Has the same leaf as
54
- lets-encrypt-dst-x3-root.pem.
55
-
56
- ===== Manually generated certificates
57
- - client.p12 : A PKCS #12 file containing a client certificate and a private
58
- key created for testing. The password is "12345".
59
-
60
- - client-nokey.p12 : A PKCS #12 file containing a client certificate (the same
61
- as the one in client.p12) but no private key. The password is "12345".
62
-
63
- - client-empty-password.p12 : A PKCS #12 file containing an unencrypted client
64
- certificate and a encrypted private key. The password is the empty string,
65
- encoded as two zero bytes. (PKCS#12 passwords are encoded as
66
- NUL-terminated UTF-16.)
67
-
68
- - client-null-password.p12 : A PKCS #12 file containing an unencrypted client
69
- certificate and a encrypted private key. The password is the empty string,
70
- encoded as the empty byte string.
71
-
72
- - unittest.selfsigned.der : A self-signed certificate generated using private
73
- key in unittest.key.bin. The common name is "unittest".
74
-
75
- - unittest.key.bin : private key stored unencrypted.
76
-
77
- - multivalue_rdn.pem : A regression test for http://crbug.com/101009. A
78
- certificate with all of the AttributeTypeAndValues stored within a single
79
- RelativeDistinguishedName, rather than one AVA per RDN as normally seen.
80
-
81
- - unescaped.pem : Regression test for http://crbug.com/102839. Contains
82
- characters such as '=' and '"' that would normally be escaped when
83
- converting a subject/issuer name to their stringized form.
84
-
85
- - websocket_cacert.pem : The testing root CA for testing WebSocket client
86
- certificate authentication.
87
- This file is used in SSLUITest.TestWSSClientCert.
88
-
89
- - websocket_client_cert.p12 : A PKCS #12 file containing a client certificate
90
- and a private key created for WebSocket testing. The password is "".
91
- This file is used in SSLUITest.TestWSSClientCert.
92
-
93
- - no_subject_common_name_cert.pem: Used to test the function that generates a
94
- NSS certificate nickname for a user certificate. This certificate's Subject
95
- field doesn't have a common name.
96
-
97
- - ct-test-embedded-with-uids.pem: A certificate with embedded SCT and
98
- issuer/subject unique IDs. This certificate should only be used in parsing
99
- tests and otherwise kept fixed. The signature, etc., are intentionally
100
- invalid.
101
-
102
- - name_constrained_key.pem
103
- The private key matching the public_key_hash of the kDomainsTest constraint
104
- in CertVerifyProc::HasNameConstraintsViolation.
105
-
106
- ===== From net/data/ssl/scripts/generate-quic-chain.sh
107
- - quic-chain.pem
108
- - quic-leaf-cert.key
109
- - quic-leaf-cert.key.pkcs8.pem
110
- - quic-root.pem
111
- These certificates are used by integration tests that use QUIC.
112
-
113
- - quic-leaf-cert.key.sct
114
- This isn't generated and just contains a simple text file (the contents
115
- don't actually matter, just the presence of the file).
116
-
117
- ===== From net/data/ssl/scripts/generate-test-certs.sh
118
- - expired_cert.pem
119
- - ok_cert.pem
120
- - root_ca_cert.pem
121
- These certificates are the common certificates used by the Python test
122
- server for simulating HTTPS connections.
123
-
124
- - intermediate_ca_cert.pem
125
- - ok_cert_by_intermediate.pem
126
- These certificates simulate a more common chain of root (root_ca_cert.pem)
127
- to intermediate (intermediate_ca_cert.pem) to leaf
128
- (ok_cert_by_intermediate.pem).
129
-
130
- - wildcard_.pem
131
- A certificate and private key valid for *.example.org, used in various
132
- net unit tests.
133
-
134
- - test_names.pem
135
- A certificate and private key valid for a number of test names. See
136
- [test_names] in ee.cnf. Other names may be added as needed.
137
-
138
- - bad_validity.pem
139
- A certificate and private key only valid on 0001-01-01. Windows refuses to
140
- parse this certificate.
141
-
142
- - spdy_pooling.pem : Used to test the handling of spdy IP connection pooling
143
-
144
- - subjectAltName_sanity_check.pem : Used to test the handling of various types
145
- within the subjectAltName extension of a certificate.
146
-
147
- - policies_sanity_check.pem : Used to test the parsing of various types of
148
- certificatePolicies extension policyQualifiers.
149
-
150
- - punycodetest.pem : A test self-signed server certificate with punycode name.
151
- The common name is "xn--wgv71a119e.com" (日本語.com)
152
-
153
- - sha1_2016.pem
154
- Used to test the handling of SHA1 certificates expiring in 2016.
155
-
156
- - 10_year_validity.pem
157
- - 11_year_validity.pem
158
- - 39_months_after_2015_04.pem
159
- - 40_months_after_2015_04.pem
160
- - 60_months_after_2012_07.pem
161
- - 61_months_after_2012_07.pem
162
- - pre_br_validity_bad_121.pem
163
- - pre_br_validity_bad_2020.pem
164
- - pre_br_validity_ok.pem
165
- - start_after_expiry.pem
166
- Certs to test that the maximum validity durations set by the CA/Browser
167
- Forum Baseline Requirements are enforced.
168
-
169
- - pre_june_2016.pem
170
- - post_june_2016.pem
171
- - dec_2017.pem
172
- Certs to test that policies related to enforcing CT on Symantec are
173
- properly gated on the issuance date. See
174
- https://g.co/chrome/symantecpkicerts. (Note, however, that the leaf and
175
- root do not actually form a chain.)
176
-
177
- - may_2018.pem
178
- An 825-day certificate issued on May 1, 2018, the official start of
179
- enforcement requiring Certificate Transparency for new certificates. This
180
- certificate does not have any embedded SCTs.
181
-
182
- - x509_verify_results.chain.pem : A simple certificate chain used to test that
183
- the correctly ordered, filtered certificate chain is returned during
184
- verification, regardless of the order in which the intermediate/root CA
185
- certificates are provided.
186
-
187
- - ev_test.pem
188
- - ev_test_state_only.pem
189
- Certificates for testing EV display (including regression test for
190
- https://crbug.com/1069113).
191
-
192
- ===== From net/data/ssl/scripts/generate-test-keys.sh
193
- - rsa-{768,1024,2048}-{1..3}.key
194
- - ec-prime256v1-{1..3}.key
195
- Pre-generated keys of various types/sizes.
196
- Useful for tests that generate RSA certificates with CertBuilder without
197
- having to pay the cost of generating RSA keys at runtime. Multiple keys
198
- of each size are provided. (EC keys are cheap to generate at runtime, but
199
- having some as files simplifies test logic in cases where the test is
200
- reading both RSA and EC keys from files.)
201
-
202
- ===== From net/data/ssl/scripts/generate-redundant-test-chains.sh
203
- - redundant-validated-chain.pem
204
- - redundant-server-chain.pem
205
- - redundant-validated-chain-root.pem
206
-
207
- Two chains, A -> B -> C -> D and A -> B -> C2 (C and C2 share the same
208
- public key) to test that SSLInfo gets the reconstructed, re-ordered
209
- chain instead of the chain as served. See
210
- SSLClientSocketTest.VerifyReturnChainProperlyOrdered in
211
- net/socket/ssl_client_socket_unittest.cc. These chains are valid until
212
- 26 Feb 2022 and are generated by
213
- net/data/ssl/scripts/generate-redundant-test-chains.sh.
214
-
215
- ===== From net/data/ssl/scripts/generate-client-certificates.sh
216
- - client_1.pem
217
- - client_1.key
218
- - client_1.pk8
219
- - client_1_ca.pem
220
- - client_2.pem
221
- - client_2.key
222
- - client_2.pk8
223
- - client_2_ca.pem
224
- - client_3.pem
225
- - client_3.key
226
- - client_3.pk8
227
- - client_3_ca.pem
228
- - client_4.pem
229
- - client_4.key
230
- - client_4.pk8
231
- - client_4_ca.pem
232
- - client_5.pem
233
- - client_5.key
234
- - client_5.pk8
235
- - client_5_ca.pem
236
- - client_6.pem
237
- - client_6.key
238
- - client_6.pk8
239
- - client_6_ca.pem
240
- - client_root_ca.pem
241
- This is a set of files used to unit test SSL client certificate
242
- authentication.
243
- - client_1_ca.pem and client_2_ca.pem are the certificates of
244
- two distinct signing CAs.
245
- - client_1.pem and client_1.key correspond to the certificate and
246
- private key for a first certificate signed by client_1_ca.pem.
247
- - client_2.pem and client_2.key correspond to the certificate and
248
- private key for a second certificate signed by client_2_ca.pem.
249
- - each .pk8 file contains the same key as the corresponding .key file
250
- as PKCS#8 PrivateKeyInfo in DER encoding.
251
- - client_3.pem is nearly identical to client_2.pem, except it is used
252
- to test wifi EAP-TLS authentication so it uses a different set
253
- of X509v3 extensions. Specifically it includes two Subject
254
- Alternative Name fields recognized by Chrome OS.
255
- - client_4.pem is similar to client_2.pem but is a P-256 ECDSA key rather
256
- than RSA.
257
- - client_5.pem is similar to client_2.pem but is a P-384 ECDSA key rather
258
- than RSA.
259
- - client_6.pem is similar to client_2.pem but is a P-521 ECDSA key rather
260
- than RSA.
261
- - client_root_ca.pem is the CA certificate which signed client_*_ca.pem.
262
-
263
- ===== From net/data/ssl/scripts/generate-bad-eku-certs.sh
264
- - eku-test-root.pem
265
- - non-crit-codeSigning-chain.pem
266
- - crit-codeSigning-chain.pem
267
- Two code-signing certificates (eKU: codeSigning; eKU: critical,
268
- codeSigning) which we use to test that clients are making sure that web
269
- server certs are checked for correct eKU fields (when an eKU field is
270
- present). Since codeSigning is not valid for web server auth, the checks
271
- should fail.
272
-
273
- ===== From net/data/ssl/scripts/generate-multi-root-test-chains.sh
274
- - multi-root-chain1.pem
275
- - multi-root-chain2.pem
276
- Two chains, A -> B -> C -> D and A -> B -> C2 -> E (C and C2 share the
277
- same public key) to test that certificate validation caching does not
278
- interfere with the chain_verify_callback used by CertVerifyProcChromeOS.
279
- See CertVerifyProcChromeOSTest.
280
-
281
- ===== From net/data/ssl/scripts/generate-multi-root-keychain.sh
282
- - multi-root.keychain: An OSX Keychain containing the generated
283
- certificates multi-root-*-by-*.pem
284
-
285
- ===== From net/data/ssl/scripts/generate-duplicate-cn-certs.sh
286
- - duplicate_cn_1.p12
287
- - duplicate_cn_1.pem
288
- - duplicate_cn_2.p12
289
- - duplicate_cn_2.pem
290
- Two certificates from the same issuer that share the same common name,
291
- but have distinct subject names (namely, their O fields differ). NSS
292
- requires that certificates have unique nicknames if they do not share the
293
- same subject, and these certificates are used to test that the nickname
294
- generation algorithm generates unique nicknames.
295
- The .pem versions contain just the certs, while the .p12 versions contain
296
- both the cert and a private key, since there are multiple ways to import
297
- certificates into NSS.
298
-
299
- ===== From net/data/ssl/scripts/generate-self-signed-certs.sh
300
- - self-signed-invalid-name.pem
301
- - self-signed-invalid-sig.pem
302
- Two "self-signed" certificates with mismatched names or an invalid
303
- signature, respectively.
304
-
305
- ===== From net/data/ssl/scripts/generate-key-usage-certs.sh
306
- - key_usage_rsa_no_extension.pem
307
- - key_usage_rsa_keyencipherment.pem
308
- - key_usage_rsa_digitalsignature.pem
309
- - key_usage_rsa_both.pem
310
- Self-signed RSA certificates with various combinations of keyUsage
311
- flags. Their private key is key_usage_rsa.key.
312
-
313
- - key_usage_p256_no_extension.pem
314
- - key_usage_p256_keyagreement.pem
315
- - key_usage_p256_digitalsignature.pem
316
- - key_usage_p256_both.pem
317
- Self-signed P-256 certificates with various combinations of keyUsage
318
- flags. Their private key is key_usage_p256.key.
@@ -1,87 +0,0 @@
1
- This directory contains test data for verifying certificate chains.
2
-
3
- Tests are grouped into directories that contain the keys, python to generate
4
- chains, and test expectations. "DIR" is used as a generic placeholder below to
5
- identify such a directory.
6
-
7
- ===============================
8
- DIR/generate-chains.py
9
- ===============================
10
-
11
- Python script that generates one or more ".pem" file containing a sequence of
12
- CERTIFICATE blocks. In most cases it will generate a single chain called
13
- "chain.pem".
14
-
15
- ===============================
16
- DIR/keys/*.key
17
- ===============================
18
-
19
- The keys used (as well as generated) by the .py file generate-chains.py. The
20
- private keys shouldn't be needed to run the tests, however are useful when
21
- re-generating the test data to have stable results (at least for signature
22
- types which are deterministic, like RSASSA PKCS#1 which is used by most of the
23
- certificates data).
24
-
25
- ===============================
26
- DIR/*.pem
27
- ===============================
28
-
29
- A sequence of CERTIFICATE blocks that was created by the generate-chains.py
30
- script. (Although in a few cases there are manually created .pem files that
31
- lack a generator script).
32
-
33
- ===============================
34
- DIR/*.test
35
- ===============================
36
-
37
- A sequence of key-value pairs that identify the inputs to certificate
38
- verification, as well as the expected outputs. The format is essentially a
39
- newline separated sequence of key/value pairs:
40
-
41
- key: value\n
42
-
43
- All keys must be specified by tests, although they can be in any order.
44
- The possible keys are:
45
-
46
- "chain" - The value is a file path (relative to the test file) to a .pem
47
- containing the CERTIFICATE chain.
48
-
49
- "last_cert_trust" - The value identifies the trustedness of the last
50
- certificate in the chain (i.e. whether it is a trust anchor or not). This
51
- maps to the CertificateTrustType enum. Possible values are:
52
- "TRUSTED_ANCHOR"
53
- "TRUSTED_ANCHOR_WITH_EXPIRATION"
54
- "TRUSTED_ANCHOR_WITH_CONSTRAINTS"
55
- "UNSPECIFIED"
56
- "DISTRUSTED"
57
-
58
- "utc_time" - A string encoding for the generalized time at which verification
59
- should be done. Example "150302120000Z"
60
-
61
- "key_purpose" - The expected EKU to use when verifying. Maps to
62
- KeyPurpose enum. Possible values are:
63
- "ANY_EKU"
64
- "SERVER_AUTH"
65
- "CLIENT_AUTH"
66
-
67
- "errors" - This has special parsing rules: it is interpreted as the
68
- final key in the file. All lines after "errors:\n" are read as being the
69
- error string (this allows embedding newlines in it).
70
-
71
- Additionally, it is possible to add python-style comments by starting a line
72
- with "#".
73
-
74
- ===============================
75
- pkits_errors/*.txt
76
- ===============================
77
-
78
- These files contain the expected errors for PKITS tests
79
- (third_party/nist-pkits). The file name correspond so the PKITS tests number.
80
- They are baselined specifically for VerifyCertificateChain().
81
-
82
- ===============================
83
- generate-all.sh
84
- ===============================
85
-
86
- Runs all of the generate-chains.py scripts and cleans up the temp files
87
- afterwards.
@@ -1,35 +0,0 @@
1
- This directory contains test data for testing net::VerifySignedData().
2
-
3
- When adding or changing test data, run the script
4
- $ python annotate_test_data.py
5
-
6
- This script will apply a uniform formatting. For instance it will add a
7
- comment showing what the parsed ASN.1 looks like, and reformat the base64 to
8
- have consistent line breaks.
9
-
10
- The general format for the test files is as follows:
11
-
12
-
13
- <A description of the test>
14
-
15
- -----BEGIN PUBLIC KEY-----
16
- <base64-encoded, DER-encoded, SPKI>
17
- -----END PUBLIC KEY-----
18
-
19
- -----BEGIN ALGORITHM-----
20
- <base64-encoded, DER-encoded, AlgorithmIdentifier for the signature.>
21
- -----END ALGORITHM-----
22
-
23
- -----BEGIN DATA-----
24
- <base64-encoded data that is being verified>
25
- -----END DATA-----
26
-
27
- -----BEGIN SIGNATURE-----
28
- <base64-encoded, DER-encoded, BIT STRING of the signature>
29
- -----END SIGNATURE-----
30
-
31
-
32
- Comments for a PEM block should be placed immediately below that block.
33
- The script will also insert a comment after the block describing its parsed
34
- ASN.1 structure (your extra comments need to be above the script-generated
35
- comments or they will be stripped).
@@ -1,11 +0,0 @@
1
- Name: Fiat-Crypto: Synthesizing Correct-by-Construction Code for Cryptographic Primitives
2
- Short Name: fiat-crypto
3
- URL: https://github.com/mit-plv/fiat-crypto
4
- Version: git (see METADATA)
5
- License: MIT
6
- License File: LICENSE
7
- Security Critical: yes
8
- Shipped: yes
9
-
10
- Description:
11
- See README.md and METADATA.
@@ -1,3 +0,0 @@
1
- This directory contains tools for setting up a hermetic toolchain on the
2
- continuous integration bots. It is in the repository for convenience and can be
3
- ignored in development.
@@ -1,4 +0,0 @@
1
- This directory contains build support files such as
2
-
3
- * CMake modules
4
- * Build scripts