Merge pull request #1680 from drwetter/badocspcert

Implementation of hanno's bad OCSP intermediate CA detector
This commit is contained in:
Dirk Wetter 2020-07-15 11:51:34 +02:00 committed by GitHub
commit 19f2c2872a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 328 additions and 1 deletions

293
etc/bad_ocsp_certs.txt Normal file
View File

@ -0,0 +1,293 @@
wXYR23sxE2HiDXuCMarfR4vLf/oL5YXAbeIwkiPC74o=
/bNF0mk3ftnTQwi7eIVjKzDmH46vt+tedfgCTV/U4Yc=
16BtRir8gNcRg9lKOYstzIJYNefGbaXkVAVXLwSwWl0=
gptouX8R3uNEhXrBLrQM5QLuUmARIwFv3r8UIAkaQEg=
VEULJ4BS+pGRFgDLmPMQCg+1gVKNj+q5i2/++KSMmY4=
c50MOnG2w3fL0cQIrnzBlzLCy++GINY7Fsn9AYXfmnE=
VQdJ/141xAfVFdmLMnUEvEhP2q4opxOv5OIoKYa+BOg=
Qavo+alRqJkPvc0+FM9HnUJkAbEV8BcBibZl6UDDYyw=
iKuWH2T5No9MTRMH9Z1OWcXlcPhSpsUROo/yjgQxUVc=
zXQZjUwj5HAd6leYkjIbnk9HoIvYN0cQuJmq0UlaSzU=
vEicbcK94lP1hto0E01mQLi1g6MSCJzhCTPEvAP8XzM=
89kW0bcyAfBJ7afll/4KXM1XEaaVj7wLem9/pk96/kc=
h6rZeKX+LulB5AaPmWPqKb2qWIeNJBIkmoLNIvgSbYI=
REzv7dg/YxXF7Iay8c1jsdvyOHz6K+sPtAAVPyr5QI8=
6keT4uuBTUMmH4Borv3ng7g358AhrBnI6bCFUfLWyD8=
DLZoT2AcQW+ZKolAmRSjKgwgmXFodfX3jsDEaxtXCZw=
fTW/BMhXKCtCLoUeqKYit10uzLq2XVumJZjB2koR1QI=
TefMrLUJmUJkSVDyzIYTQBJWXGFNUap9MIf6wZaVihQ=
kO5UjrrKyrQCB6YaN4zhhrlNJK58Vb/IMGXqlgcuKzg=
EaJ2cYciZURctyWOsoRO5hTRR3e59vc76VMhIvIfrQ0=
HLRwcoz1bzAgA7sOTrBiQU+hHU+X4/BhFwyWyIBx1xE=
ysBfTwUIEJkybc8nxNlwqKPqkU5nkq2swQSWEcntQ7o=
7AICWhoVeywCrEn1Wai2zwchJvg3lJn658Uu0YPakBI=
VvMhZ/AD2PLLc4qzhsNcoVJlzCmpjuEGbNPhrFVsoVw=
7r7fhG8dug6Iqba5qw/2Xwl/KEwGpkqTnujFyebzE/Q=
U1cNBeQNxi+d+R0Vr7AVtWqqaAwgzBaObVfZRsnOJoQ=
9kDlZDxAwfMp4QBDjijJV2ka+opT5AWjJvev63DCO8E=
GwRlNTeOB9EKzaok7vziBCC7mllhFOtHXKaWNXdT6SU=
fTOuYYzWJVM3fSU9LryihdhOmKkk2J+Y1L5P7jH5Kqg=
wC2KMO1psvhk7Y+xpjo+clUoiSDKKUvcow9jiY+5GVw=
BOy6j5K/90WMSl58aSYfx+LvUtWvVPvdkrFxQbvgZR8=
48UkTRX44LA09QCQO32hHFfBZWF1uGYIx/zcVh0IG/Y=
lA0vISoqOcyEvULQ9txPe6TEd+elqZIslrn17BTkpsg=
WXK5vUcQF9XzJwW+6RVwNiZXX4snCjnBwxLH+SRsENQ=
q/OAPNKTniaAPlIoCoH2fEbD4O51/Nux4w+wOjIaz60=
N9IgpsdSJ5kCEZE0nBg/kXvhvoYmz5JrD9bgqGge4DE=
QqtNnxgJRU6+wkXY2wb/YaqCibBaJj3+6WYtrJFmYEM=
Bb+2YF1IUWpXG6+af/dTdhMEcNpe5/9oTCZy6qDAyK0=
/UwrmT4DVukNT5+9I2He8aSYN4zuzrkt12/grX4sexY=
k5BxSx2Qn6PXDdx2gbOPB+1OY1bLXHGRXRvc1I/jNfg=
MafFefJNVWLNsgP6Fanyw/9dwfLmv3wL2V+8sBFMjSE=
jlzqHRASUhwnpOEScHArx8mhFW8TUHPWyk5C7ugmJJ4=
Irbr3umwptpcn6ztJ7+dzgmAPCr8EfdrXAvPR7f31WA=
gP3kKCEq8MoKxTHu5u0t89PCpFV9/OhXBw/JR5IumyQ=
P+i+OSoIaEuZ9JfmGMfd9aAqQom/nQjllQRZMb+6gU8=
3Ist7lDdR4qxNcrCac6miFFVepEpq82Y31ITsj2/s80=
UCx6hwNB175n2ybb+s+WR6/YmoVL+IEvpO9ww1bsE+U=
vzmkJB9C1SI2iUSz3FPtnqpax3NeJC4GJ8DdW7pxRIQ=
OuaZ2U6P69rLhtT5DUCQMzNHjmXgZVxDJFEZfjP6B/I=
oloZVGgZ0EgADvnGV3xLzY0hVbHkNGpFmdbIt5eZ1KE=
8YRCvt9wtNFSETVscrZZMyvtA//Tu6evqqvm3p1yMAI=
2IiPSoT3TJdN/7Vzob9bu6zRcTuQUJb46wFQYr85bE0=
BkNqyNDI4SCltfqMK83LLx+AWF55x3t+D40PYWjZxF4=
Uk5bOlWNX/AafEYCahS1jHfPne+6aR6sjkoX+sKjo7Y=
1B0jxRVZ9l5cIlA9enq/XNll7DnGHGmKfZjXl69we0g=
XIDlafzuk/FaK8BDUQKyagT1qh7JkSwToFiBwarVAtI=
3gqS5UNbYTII3ENezHFYvyj0IKk+CpHVlllyBT9SNUk=
IcrbfNgi6hO0luJau4FRx/sA77se5FijtKTzwWvDwW8=
7T23SNbXju/wuUUrxqAuA5A5xVB1pDkyO4uoX7Ibndo=
SyTFIcR2AOg4AKP/DC1Y3ALIF3732ml8WoDB1IZ6Zt0=
XbHSLXBmhPBxnokC+4azRrP8nk0aH5IoOkiLw9GgSEs=
P3hQJbzPrKRwGhc0zg97MM5BBpQsjZL0G3CwZ+1l01Q=
FQc8a73HRpmohRjCelfJVuXiPWypYZ5SGkaMeHPeT4o=
qbVpjFJjvv89YHINwYRMuV0W8G4EJovOO+TWAoKwHvk=
o38cCp3HIpi2H5M8tUxlQ4Y3sm2+29HmuAgnnz2tMOU=
Pq1PcvBvEFSIHSco3gM6jhP63mvRZQhAGOuUPBc3jao=
2FU6KIDpa3qkx0E92QOv09WAUEaV3SahaP1IzOexR0o=
UH22DSY9PQnSg94uOqQ139h3XlK8M1cC44Mru1fsHL0=
Uz/pfrRfztJASeQe/p2yVKXdnZDf1TyVEsYgftsh2Cw=
0o20NeMSEqO9zPh2IPZUS5mpwCMov5g+iC/QYnodEw8=
X2yqRKRmPEQd2SyLZlX7+Xz24daTTbj1+Nl633Az+qw=
X79u1PD4etpl+ueqq0rZ4bWlhpOa7fs5pJJr5/ZcZQw=
hTY6JMsbZubPYkTofSQ9u4MG9gc1fGFMucTCJKDgQ1g=
fggrvFaXaxWdRpZUCpa2AUhhS6m14psgNfeJvs+/Blc=
vs/eEkzt00TZJctV7dpmLZqcBoj6mghwzj27baQxPk4=
T/QE8C4s0AGI8V0cAPS20eOLWjlc+FMU6uuoVbamS3U=
8i22V6GpKYQavKxSZxpc7op9BpWGr4XOFt4rBd2iIlI=
ON7T/2gnV5AIr0iH65aYo8+pJ/qO1Z8GugkPuaY+LXc=
cFYQcjyWE/ZBMYHK33PVEHG9dh/aSRQj4avQAVAbZPM=
lylXMEAxI07Rdnn9y5dVbWFz1fK/Dm5m1hJoDKbndoU=
VnmkMeedTrnulnxg2HA8fHj0Q/cduXFX5DBZ3kLYUN8=
ziMyOQIIdCoaymUTl0xMnbJpHq9FaLUz5KF+1d2pc+Y=
x0It4hzryS7K5r6dzX5xHuZQ0wrtcR+7Dfayx4S2xPs=
OUzLvAs1lcoN7UAHL6+YY27QIWma0olFZIeRZbW11Mk=
xhkwd8YYnR37v4E7h9x8vwSYrPcniHvH7FQyCQbem8g=
ApN5EY5XdSJsVNcYKjZ6JAtRdw9QEbs1F3z9F9myRFo=
ThB8mBtCrL5BwBBn4W1E22SBTUGT5XIxfqBLh8ecR18=
1Ia/o/ANFl7iz2Jw/afQCBfljNot9Polbg8usSLPjwI=
6+h7tBiFAnCfREBVJZq7IrxRuIyQhBmhNVnfyO9mMNE=
rxiY1/Bjh1HAddAULU4qDqcx/GIjJPFT/hvztq/ZrxM=
LgGRdRygy6gcOmM43uGgK41rzE8fgmG4CbzOerrxpD0=
TCQc/j0/+2DKiNawalUqsc8O99jS4I2hUoK1UZLrvSk=
Yy/Wl7rK8e0jJRfsm3Yit8JeFEiwzGJrMyhnGeNRzoo=
OALkJFFveO6sMpqumx9gpBLb4dWwldesncDc3ePB9fs=
8DdiFAXg81ZQfiOfrdZHhC07UIV8PP+ECFkXT3L2/Rg=
OTuLFcq8OIb7LkFkldY8i63Y3K+HVSB2yKCpY3wk3kc=
d+rEdkU8tzIlf/FmpevRZWyx9nO2jijfQXdBM5efoqQ=
X/rEPg3cW0rytpb2vE236R3zFLuP4NBxOgsaetKmj6w=
FHxEf+64YgK1AzFPyvADa+qu9DfDm1azWOxEap0gOH8=
Qs/dpvZguOW0wcQRllpFGTElWeMmL422nS2uF7JrO6M=
e0ZNw4T9saUlwswnntDHz60kvs9yxGp9cJPRV8IXYH4=
rgO5rRcQaih4WDCx3NY2eXxMZNgcuNFhWV26+DQz5kw=
rkGVTarL/T5bn9cHj3tvquYbVZ7Oee+O2FitjAIqejw=
Fmz4lA9HJR1VUo7Z5Z4melkqToo43T1on43LpknpS3M=
0Dnu/3EIjMDxagWo/zxhYQ4UHR6FCsfhH3cT7uiMuVE=
gxB49+Ifpx/iT5HXGOSlcynv5vSHGxJhFdXSc7+tn3Y=
YmQD4Ho5PnB8iKRwRQSRcEsSK2TRGDI5F91NQfwGPDg=
V0k5vjI5lVaapElYqzCJ9jmpyG45ezg+9g6ZRGSbQwo=
8O5ZFO2UxyUtBYtOOYCK7m+o9izwl0+31tKp3xbjqH8=
2/EmjBPmRa31jRYmxDNr0/qFoaTRAyDDHqDn0KZgiJY=
zYmOTBarGJLzY6Rh4RAzPHTp3Us+Z+IjZMzAMOu1718=
5UEx8Tn8I8Kcm9MiLhrnEVYZTK3SgXIt3mEwOXl46GE=
EcYS0zK0wSJCUqb+L4o5bbr0A9+cy2IFbeOZWIBKuC8=
nHyngZxD4CplRlj7NmUL2KPyKpuFNe81fiu8i5IakOI=
v1SpOD9EZi517KIusOR/LCNeXRGKfoluyLZFkWy6aOk=
AaBwYTqusQLERGiiMVWeO2bRmC7GQ1iRkJqeazZkI9I=
prt/LZfwpe6H5EaWrtD6IQWjOw73Dc9ocygcbroIE84=
lu8zwkqLHxbPFw9DIh4X5ir/aQqLAU8kUpv+s49AoNo=
YOh1YzkH5QH7JqEK+9lzAhxTri9gGHFFhxYOg9UuGaI=
3YcG9HnxHbxsapDBI1j/oAo3MfC+0rG2UpBIMI3MEuM=
nk5sCNP756rPK3o/wrrD1swblHU/PJYVIj1qj2txcj4=
JTTsG9dMPBt2YaDnzCjxvfKoLM05Q+6q3Nj+2VBV6tE=
z2TrVpvtIKtWfKZcicZOoeeIxmBHoO8exeS9LlbKwnE=
rUcj6rVaV0U6X1W/W/dvygi1p/I5tCabOqm44Uk1MB0=
nM3gEf9hnDId/o1kkM2N4Thn0ZOpte5qb1rED2HXEcU=
gFp7gGAab/tKveY170dwXq4XYg3vnPr2FGK2LXxLiGo=
cWCg2EGxxcEgoIyS3iMmSD2Q2b/OGYS91v9KtrfSc8M=
qQ+X1rXHYS4CDLvPB0YgDJZ24YKMWoUL5ryIjDRfpLU=
nACcovl+osvygXNgDe9velTFZkWZuKtQDuGIWlbk8nA=
rJWg/X4L9eG+bwKgQvDwmmV6euEnLt7FBatrmmEWeCw=
ZAF9eLXwwExBlzXWpKbVLsHSARUkOw18dFB+JX/6SkA=
OGTWwQAfAMSqgdzbN14qC0348ooaqZ+h84t0vOgtWxg=
Yv3R3U29JpQAZqoDD82kUbK8IUP+zmWoqgP8C9MR8P0=
vL0E1K7ZYsnSWv4M+vhjjOFDFlKYjsUhcynnVZrDxnE=
z4mkHf7l9xdA3vYCc13b8d6+DLgW1zmA2aWDxYgc53g=
OoglMMA+phXl702tvXyGYJEvqT+vUIhxb7Rqjh/6khg=
HJJmkCoxw5QbUG1E0NTQbsnbdlXmX5VXZZ+rdospCxs=
fLiI73QNy/wMIL2kTywmGfbQ1FmPuTLQN9ryeAd3c6U=
WONo7k1hW4iOEcVSsss7Rp8wrEv0jYs3m1EAnAgmQ+w=
yXgWNowrekYIszRNvmhI2L0SEmDC952siskMrhfI5Xw=
O/HkFQPH8CPQ1Mr/vo5RJiwscxC8bZbozI0UOmAK7oA=
PoS6Q0KQhRbndXPAmS8JecoITkaFaB/xlcy6iiKbinY=
jZz9mPUrHCxvTpztPR2ZWSfvsNVjj73wiDTQ9yyikRg=
s5YnQBRBzrQv9sf5g+DyqSMNGHdAPJ9AllyHV86/19Y=
ePE8SR4TAgaDfDqu2lXFby1dYN0NGXkQhD9G1freNek=
4qtqY+hkbg8jKCDtBH29RICWdFYhFJHJGvonr1qVVbk=
AFHJiSTyOb1Jq4yPaAL4uc9K1B6zJy8aNMDNbWHcs9Q=
j0FFvUjMm/ciklkj59LQnMy+mXOlODjKNvlWH3TownE=
LAlx85e6hzewM1hFVpBllJNqzhdTpaS+Xi8RtCukt1k=
UVh8hnv2bzXs5VSgjgpBwTuLvZtZ0mLSBKcDCaZyvuY=
VbDNLMrRjiWXfZBtrJ+ouGQ9eiWOezg38RV6E6wZ0Yc=
/T5EKAyNy+jPjPVVEeBmnIU3lF2h+nRowOpStobdW2g=
dNmS05ELz340uLXNKPkerrT0Hz2mOU14uMQ2ctQ/Tw8=
CrEV3p0Saj1OoQ3fCGPMnYlWdE63tMzat+V9agblhRg=
e4X20IWbJAozYzdKEYHgEgIQR9ztI1KoQfblW10HfqU=
QlIC1Lv9qbeZ0Peqkn2UT0LMpCN8L8GYdbkHXes1piE=
D3UQNcGOHTkunMVXxX6UpV0S+7CG8mpFKeJhNiW/0Tw=
yErgHs0gLa++7h8OZ5ZG3ozNZT14RnGKO19OEpMkKYo=
UrY9G9COg73HI9ex/pYs7BgG5/U/dvLHCFjKNSk6HcE=
4KZw9PEFfpF56dtF4zPON+PuMcNJnxxYSlh72aX1NkA=
oBmBHkNpykxiqqgKFUlhPmD2xc7Tg6+ded+Pjxk/Hf4=
Af1hSHk5SzrhSSUvwVaYZ0FZzlVQZp/5EokuGYNaHkw=
gyJm1rqMv8vyjgYUoB2fTDm45B98h9IHfbtsA4QMqcI=
5z8fGaRFmmBnpF6E21hdbB348SpznXM/WyiZZUbxh1o=
jAFyH2+p0h38KDZvUkNOqLRL+IQ/HEM7llv2WTNE6zY=
+Hiz3yE7CBe/8eXvTozXybV8gP/J+KcwnqRqr1QLrhg=
tA1oOJ/QQcVuKT+j1X19t5LdALYuvf8ZCw4mRAcsk0o=
Q9tljdTkAg+LXGvXEH4V4jNFmiJs0Nd++PcrKxzCmv4=
oK8UGM0U9rJBXsYxbH1Yi7JdQwo9bQJvV94g+WXqvdw=
weRTSNcUy0fbssC5uvm6HyfkIAR82nqLaTVkMATKq5c=
jmkw14oTnzgnFGpZRu+f46dzmbL9DOuwsu0I7hih11g=
2FLeXQmAht/ppvPXKNUmGGVYfEid5nV1PScjdKXW6fw=
6Mpy7LmIXCTqKd4OrJdwQnjSoeWbZmZtMn+wzGvdkS8=
SHR1jWVj4EM7HtzufMxdnCqtjroSvLBwRFS7Tvjq95k=
tc/msLKqhhoLNnwMBTlaU4rUk6nfARVEqO/EaH/bLMg=
uWj7/D7KKFqtw40jZ3JyQf99NzPxJ4+KT1DsyMDvHoA=
/x3SHxpdC0Us2WnPSqVTg1yr4Ck8bHsAnxRaogLALIs=
gGoqp37b08dtj9Bm37XMMxDzWbAQLOksD67BaqQ//wo=
M81TfgCducdYpWhDXAZwb58BE4BU4gud3JPgOXE4qms=
jZkhf/gtYOTfWb6KESFiXN/8TyLyHhJjod8G0twLVA4=
xrclJq9F1orhZnHp8cJFMECNk4+PBEfhEG4vKnDTrSE=
YPBm3Hik4ukpocjtEC7bcH3wMYH4L99Q1TpS2sNVxls=
dkoNhNVVLNWHLHNGTzfwIXXNpwWIECsTraKgGZ/EA+k=
Ko2+vTr9uXK8H3fP576FBoiM/tNe38VMuqY446WrPv8=
W9DA1XmAFWfzOI/mRO95CrMeLbIkbq9MiB5aV9mgpYI=
xbZ5EGlYFS+D+1iG3cQfB4UZPvZ8aXW+PlCfF/KbeoY=
kFjVBl+PPppjqv5c6Jp2RHCw3vnc87nsfQWH+riP66A=
1WAk8MXZI31+CyOFBn2O+I7dro7BmZafXKoszClp2YI=
rCiRmOxpliiAP4hD3WPHZOhWuCdM957bjtjpmXlpf5U=
x0eO33MQG6Eu7N3zSMd0f/94nvtAHMjcrfrglClUPlQ=
4P+T6QVsSO3ca2jpTzFcOiIp6c4krzNjTTTV7wMjMok=
Qf2VNoVpPOZ9DSPMkcoXkmHWuZSLIdO75fet++U5gt4=
3oPj/CRfawSJMeHIE06qypb6p7HvHROV86Ys4BSwUYI=
BmTx7u7RpzVXACAdL0Qx3EOwvOqxKajKv9Tth9BDQe8=
cbPtjO7MwGOM0gIrQm6SF2YnHeYjZ8fNhS7C8eERHnY=
zgJQ8qnxj2jV/5RKTGWfZpL3PgNpzswhX18lfjIlmHg=
t3h0inkrj5HwSwG6/DGjHtfvanEq/4C2YQ2are4get8=
iGWwLhQDkWdWEyLIwewud8R89763MdL+HLusv3LRdyw=
6Va4oVaHH3HUNMrHjr0j1Q79GrkHYc5DbnnQOu0TZkw=
wXOXph2a+dKiKczyYqsdMrSph6E0rlvZ3k/BVfAN0W4=
TzBNg2b/kJHt121TO+1Vko5zt6qtUuNbhudip38EaU4=
DzMgaSsXqRbOVPfk2nv+Ui+zGxrCHgiHdrN8B6NO4qg=
4MJ6zLmueGBbYeeCbAIdkczS92mljEvW2lRgC5njVDg=
FslKjMwVyYOCW1vT8txo1pTIoyDyMo7NjJylfeUdoOU=
AfiXESH0ED0wvkI1zX3A7ubGrhL8p3UISOoOLhP8JCg=
JbrMQKU5K4Kq3qBJA5BaRnEh8oIg5vL34P6YKq/BT6Y=
+5U8T8AEWEbQJJHI7M84e6NDR8F6uw6m1Z9t5NLx6gQ=
+1Tuqbzo6eqXghVPPUFCd/twn0m5R9c5eKwnhUbCzgM=
yKk01qjoRfemX1yPcf5E9Si4XjJldaDWeTnHTYDNF9g=
HJQqIqAWoeVVna537FzoZx+YrgukrC3CWUGOjh6flK0=
z3O1LQQbcwm0OdFiR0FLkMnSbkTjh0ijZQDVgptRh/k=
v17fvuuFmZxRacvz9NtjtnmtLh4icvw3lfn5kh5tBIc=
oBM75bFOAjEKLUvqtgEJTxGU7ovW/Snd/nuTR0Z8Luw=
ygBap14zWUvR3txYTh505RmOux3oiSntTz4un/zjhzs=
I6dHBNd6A8/T/xnmLFAISCFObGD9Kq733Oeo+e6fkjI=
O5Zo9Z9V+jg4/Co7gLf5tbE9Gkbx6qbgvP8ExUGYBWw=
WkBVNcESoKga8NKsyjw/m8Gmd1hs28Yzy09fd44aNVA=
kVPkQg3cfrTm6GSqA3fa30CC7NNQUhE2OOBdPClrwAY=
3QOOh+C00sNpaA0954Y4qzn8HX5QYymWkhEBdo241Ng=
TmPxQkAahPikc9bd7jQaFh+tqG00MMjCxTRTZBPZ25c=
cW824XTQWVrowV39agxJjpe2plWz8g/lSIyo+exgktY=
mk45jSqmA/7RCGPANi4TkNl+wS+gJ4/XgqqzzdV9wh0=
O7YMQ5NGQUpA4twtHW9WYiV40rHygyR2fBSQFaY/80o=
9dLSumgXp6mqDiE1S78Ob5XF4ofuiM8vJ58P/sTtrBU=
cBtDKsDN1NnPlbS4hMMr9cypDUTgFhq9E7k01o44BHI=
xMfENr2I6OaNsAKX34OsyBnhmGOboAUiyOMkWHaJhSM=
XN2AnPRPX4Zl6sFQVVBMWwa3h6wYKUUFvbq0p35Q13Y=
RgOPYyYijNtWYZxSJmYT2gTIykmeDQOw7c/8EQ1c/HA=
7cc0xQFQHceidEj6AsdJMfhXi/KXsXPzS4QegsZpGSY=
J9b9r4ApeEbf7/guf1i5pIrJ4+6ToRKxu+JD7hqXRHw=
yBksMve0nH8yocoAFZWn+eNsnnIFjW6qG6t3UqjBZxg=
vkCBOGmrJ6Bx0SrWqIMFg+vDthjj8jRjWfSxGhyUNO4=
HoZCeMIIgbZxwMbS4UthFQrR8Tz5LG7BS1UNy8R+FUE=
VMN6joU/0dY3jTeLk5MH7DIaMcwaWonnGAYzvBPxh2I=
nomO0D+kaWlpDa1zxylmdQRf+bWgEAo5m+uENamPUYU=
Sw0TktORVzUyB6ZMyxRoPd6dLO0ftYsW4Di+VwfCeBM=
eqRdb1sU2rHGhEwZwoBOFLWBHm7eHwKwrvBlp7NZxo8=
lMZj6epcJ+5PZBJ/m0JYY+mRqeFWwH3xoAgDrjF2QWI=
Logg3A6vrj1tKFwFfs4URws3dDiwAs7dTHK080OlT0M=
TnB4Z5RqwFNDxrqP8SHqZqdYA3kTJXqO5JdDUNOaEDQ=
wlxO28NuP7fD2Te+6fLSnjavsHz6MYgmLg1f3JGeDXc=
Xn/LnJe9pWmTsWWNEgIydh1mWjZEU0MA+mpb7F4NV5U=
ETE43XshZyWEAjji1+7ss3ONsTkGSyTLhT/CcKSeYFc=
vjPRxX693ZJ7V722BL5Fe1Uv5Wjn89y6CTw57Rwwojk=
g/yJGzUNng1+vm3Spr/j0LD0ZT/KBIYVpd7rvAOaP2Y=
VyZLgqhk26HBHvP4CruUysNmBmKwwi9XH/mTs/vPdvs=
dKvl5czrdUkf9yxM8yVAXYrb/jkOGJz0MLpg5ieYh44=
wv6s1nSHjHsMIyWi7O0KMz23eAqG3+w3WBAO/AEBxmU=
ndwuDVW0YeDHMigoLfVrK+8iTKI4VoHRe26MB3hSVzw=
MG6XOeNFj/RUaHe3BLLjkF5YsjXWTjL08CaskbcpXRU=
/ToPPdRIAJK21FBHPeuSAaCzCKiAeDOjxzj4oH64HtM=
Cqny59lccYt9HrfM29AWToYFeunWaSK8YPmQP5Sg8O8=
9XCaLS9otTv29kW7F4rflTRvif2lxjv94IBComSSqrI=
66NMexCWcWFMNn4d4HUSTDlUzhn4X6z2EJDsMZ9/Gn8=
Eo3tGorWDCS0JU4x25T8Q5K/k+1UNEcqpDoLmFYQYGg=
txawif5OU9Gi73ulesheaOxyLPYQUsJaWWJq07FcX0A=
al9MFnjKZeWfBg1Xzf9mUGUxSGHVOo59FFDKktlsoQI=
q8hnBsmNa/ZzcvkI7AGt9jGxkdczron4ND6wR7EIFEs=
QEfJ1pJgwHITvLhgin7F4oOKVrefZ4R4EurAd40NJ/E=
kl7n1aIq1/vpurVNfI0LmnT341qK9q9kXi6MNRmnCS8=
8GjeqhjMAtWovjXLgzgyeRApH25i5yFqk0dkoaukqAA=
sf466/ljp4gOdLCwVWaB6osczOPmmn07EKaKy+huSKE=
//4HdQP9cvDlM4sKe04hjn0f+C5JPn6FKuUaocdYXRc=
lcanR90Lx1WhlBgn6JS4CDWSJBt5JUHi6xsw+5sT9X8=
DTF2xY8yGqNMV8jffBfR9OdseX7BFsnx1pd0jtH859k=
DW5GeE87aU6cdQZ4ZBe8b4f50vc9GbXoCBYSshE3t2Y=
l4vPOcPDqs7+EEj6A2AoPcLr+lFQAkxeN4UU0+decpU=
LYGa85fiidxBcJxKr22jsZBHScN6mVhgdFgDcW19VpA=
oaBOTPxW/RkX60gfxGYpouRmVnVvoI4iSH9Utk4co+c=
Zj/elPiDah/r2DvoMQl5MS1l/4wbcWOU5o9B2COWwfg=
SDlfccwm9kJ0vQbH6xWR+dTsYrZPpsFlMfPLcsJGnYI=
+AhlYjZyW1ZvByHFGBWKZ1bJaQPLcetI3dqO3f6g8mw=
TngnF2hJQIjtH5uycSUxq10TjGxZtGZQ0oWzWFjmexM=
QqIfNyhYBPLnNgdctUh0Nozw4hEAiLPxOEEu7IhZCVQ=
RnFuv2oirqHfH5fmKl73CVEnzkVQtiQuumkHr8XEgs8=
iH1/Het/BxLIWvq/UMrfib8C6xPlUsv1LXtd8/IdsNo=
VbgN72B/iOMcWEBn0J1DNE2UEXuvZINlhHsc5bZ2d8k=
/DqYk44u07024NQfGFF2STIpBrLmszaQiRMlquzRlkQ=
UjV1BHNxu6iCY+WrXe2PawaVxdKhkqbdEUBsR2ujxy8=
KlCKX+YXPE6PASZpShpqcdkABFH6MdsDO4cFiQRB7MU=
/S8zJI85ZFZGh5gCNaXwvLOrVi5H9AT3QuUzQsU3UoA=
U4pFqvkAPU05iLv8+fhZsyXOX3ddwGASBQWFF/m8FeU=
50rUSw1W7r45uxhcUqub7+T3WJm2qBQW6RA9XCm/J/s=
53rALbbqoOmmtXOpmHDG3029uDOd2jvEB4b3DivX9/Y=
HpU+FRI6leRwRL+vBrGXT7mXa4T0Nx69d/itge/QXAA=
5Xu/UHn5gpO0FC80iXLmjjUeUrkDc/BfRvCcyzCvW/A=
vUQgxZKm9/JSromBJOAC8bnP4fJTiGTVazSntN+zH8g=
CE7KcKm0Dk4VY+NXdrcW5BCpcrsn7VHCSMSNMkL6ja8=
bsjTVRvQRUsMxLnbh2Nmrgh2TF/PFbAPlBG94w1TNq4=
qONS2wyOJ7rlg9AVFG6Led7gkdVjj1g6DEQvO/Vd7rM=
LRskT6zq+tlHVbXpmqv3rJHFmdpzv6Rh7uuvtLlptck=
6tyA999jBWDMGzU/aOpmAVnOlm4i1ARYh4B4fAR20OQ=
IuXm21yuQo7alq7QVk4rl3DsoswCUVjjep3e7eMfReU=

View File

@ -8314,13 +8314,14 @@ certificate_info() {
local certificate_list_ordering_problem="${12}"
local cert_sig_algo cert_sig_hash_algo cert_key_algo cert_spki_info
local common_primes_file="$TESTSSL_INSTALL_DIR/etc/common-primes.txt"
local badocspcerts="${TESTSSL_INSTALL_DIR}/etc/bad_ocsp_certs.txt"
local -i lineno_matched=0
local cert_keyusage cert_ext_keyusage short_keyAlgo
local outok=true
local expire days2expire secs2warn ocsp_uri crl
local startdate enddate issuer_CN issuer_C issuer_O issuer sans san all_san="" cn
local issuer_DC issuerfinding cn_nosni=""
local cert_fingerprint_sha1 cert_fingerprint_sha2 cert_serial
local cert_fingerprint_sha1 cert_fingerprint_sha2 cert_serial cert
local policy_oid
local spaces=""
local -i trust_sni=0 trust_nosni=0 diffseconds=0
@ -8342,6 +8343,7 @@ certificate_info() {
local response=""
local yearstart yearend clockstart clockend y m d
local gt_825=false gt_825warn=false
local badocsp=1
if [[ $number_of_certificates -gt 1 ]]; then
[[ $certificate_number -eq 1 ]] && outln
@ -8965,6 +8967,38 @@ certificate_info() {
# https://certs.opera.com/03/ev-oids.xml
# see #967
# courtesy Hanno Boeck (see https://github.com/hannob/badocspcert)
out "$indent"; pr_bold " Bad OCSP intermediate"
out " (exp.) "
jsonID="cert_bad_ocsp"
# There might be >1 certificate, so we split intermediatecerts.pem e.g. into
# intermediatecert1.crt, intermediatecert2.cert.
#FIXME: This is redundant code. We do that elsewhere, e.g. before in extract_certificates()
# and run_hpkp() at least but didn't keep the result
#
#FIXME: We just raise the flag saying the chain is bad w/o naming the intermediate
# cert to blame.
awk -v n=-1 "{start=1}
/-----BEGIN CERTIFICATE-----/{ if (start) {inc=1; n++} }
inc { print > (\"$TEMPDIR/intermediatecert\" n \".crt\") }
/---END CERTIFICATE-----/{ inc=0 }" "$TEMPDIR/intermediatecerts.pem"
for cert in $TEMPDIR/intermediatecert?.crt; do
hash=$($OPENSSL x509 -in "$cert" -outform der 2>/dev/null | $OPENSSL dgst -sha256 -binary | $OPENSSL base64)
grep -q "$hash" "$badocspcerts"
badocsp=$?
[[ $badocsp -eq 0 ]] && break
done
if [[ $badocsp -eq 0 ]]; then
prln_svrty_medium "NOT ok"
fileout "${jsonID}${json_postfix}" "MEDIUM" "NOT ok is/are intermediate certificate(s)"
else
prln_svrty_good "Ok"
fileout "${jsonID}${json_postfix}" "OK" "intermediate certificate(s) is/are ok"
fi
out "$indent"; pr_bold " ETS/\"eTLS\""
out ", visibility info "
jsonID="cert_eTLS"