diff options
54 files changed, 3243 insertions, 29 deletions
diff --git a/bin/bbackupd/bbackupd-config.in b/bin/bbackupd/bbackupd-config.in index 1fc224c2..52dd38df 100755 --- a/bin/bbackupd/bbackupd-config.in +++ b/bin/bbackupd/bbackupd-config.in @@ -169,7 +169,7 @@ if(!-f $private_key) if(!-f $certificate_request) { die "Couldn't run openssl for CSR generation" unless - open(CSR,"|openssl req -new -key $private_key -sha1 -out $certificate_request"); + open(CSR,"|openssl req -new -key $private_key -sha256 -out $certificate_request"); print CSR <<__E; . . diff --git a/bin/bbstored/bbstored-certs.in b/bin/bbstored/bbstored-certs.in index 00085662..10072a87 100755 --- a/bin/bbstored/bbstored-certs.in +++ b/bin/bbstored/bbstored-certs.in @@ -122,7 +122,7 @@ sub cmd_init_create_root # make CSR die "Couldn't run openssl for CSR generation" unless - open(CSR,"|openssl req -new -key $key -sha1 -out $csr"); + open(CSR,"|openssl req -new -key $key -sha256 -out $csr"); print CSR <<__E; . . @@ -140,7 +140,7 @@ __E die "Certificate request wasn't created.\n" unless -f $csr; # sign it to make a self-signed root CA key - if(system("openssl x509 -req -in $csr -sha1 -extensions v3_ca -signkey $key -out $cert -days $root_sign_period") != 0) + if(system("openssl x509 -req -in $csr -sha256 -extensions v3_ca -signkey $key -out $cert -days $root_sign_period") != 0) { die "Couldn't generate root certificate." } @@ -201,7 +201,7 @@ __E my $out_cert = "$cert_dir/clients/$acc"."-cert.pem"; # sign it! - if(system("openssl x509 -req -in $csr -sha1 -extensions usr_crt -CA $cert_dir/roots/clientCA.pem -CAkey $cert_dir/keys/clientRootKey.pem -out $out_cert -days $sign_period") != 0) + if(system("openssl x509 -req -in $csr -sha256 -extensions usr_crt -CA $cert_dir/roots/clientCA.pem -CAkey $cert_dir/keys/clientRootKey.pem -out $out_cert -days $sign_period") != 0) { die "Signing failed" } @@ -257,7 +257,7 @@ __E my $out_cert = "$cert_dir/servers/$common_name"."-cert.pem"; # sign it! - if(system("openssl x509 -req -in $csr -sha1 -extensions usr_crt -CA $cert_dir/roots/serverCA.pem -CAkey $cert_dir/keys/serverRootKey.pem -out $out_cert -days $sign_period") != 0) + if(system("openssl x509 -req -in $csr -sha256 -extensions usr_crt -CA $cert_dir/roots/serverCA.pem -CAkey $cert_dir/keys/serverRootKey.pem -out $out_cert -days $sign_period") != 0) { die "Signing failed" } diff --git a/debian/changelog b/debian/changelog index ee4c621a..67d2b66b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +boxbackup (0.13~~git20180313.g16a11e86-2) unstable; urgency=medium + + * QA upload. + * debian/control: Point Vcs headers to salsa + * Bugfix compile against openssl1.1 (Closes: #907135). + + -- Reinhard Tartler <siretart@tauware.de> Fri, 07 Jun 2019 05:55:39 -0400 + boxbackup (0.13~~git20180313.g16a11e86-1) unstable; urgency=medium * New upstream pre-release (requested by upstream) diff --git a/debian/control b/debian/control index 59f211a7..7c840360 100644 --- a/debian/control +++ b/debian/control @@ -17,8 +17,8 @@ Build-Depends: zlib1g-dev Standards-Version: 3.9.8 Homepage: http://boxbackup.org -Vcs-Git: git://anonscm.debian.org/collab-maint/boxbackup.git -Vcs-Browser: https://anonscm.debian.org/git/collab-maint/boxbackup.git +Vcs-Git: https://salsa.debian.org/debian/boxbackup.git +Vcs-Browser: https://salsa.debian.org/debian/boxbackup Package: boxbackup-server Architecture: any diff --git a/debian/patches/openssl1.1.patch b/debian/patches/openssl1.1.patch new file mode 100644 index 00000000..b8461936 --- /dev/null +++ b/debian/patches/openssl1.1.patch @@ -0,0 +1,1857 @@ +From 20a2318b384c08dd100f81d998c11410adfa2c6b Mon Sep 17 00:00:00 2001 +From: Chris Wilson <chris+github@qwirx.com> +Date: Sun, 2 Jun 2019 21:51:27 +0100 +Subject: [PATCH] Minimal fix for Debian bug 907135 [#36] + +Unfortunately, the changes required to implement the full solution to Debian +bug 907135 were quite large and could not be reviewed in time for Debian 10's +release date. This would have meant that Box Backup was not available at all in +Debian 10. + +Therefore we have developed a workaround specifically for Debian 10 users +(this patch), which contains only the minimal changes needed to: + +* reduce the security level for Box Backup to 1 (the previous default), +* overriding the system default; ensure that all newly generated certificates +* meet the new security requirements that will later be imposed. + +This interim version will hopefully be replaced by a version from the master +branch that supports the SSLSecurityLevel configuration option, which we hope +to see in debian-backports as soon as possible, and we recommend that anyone +using the interim version upgrade to this master version as soon as possible. + +See +https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates#workaround-2 +for more details. +--- + bin/bbackupd/bbackupd-config.in | 2 +- + bin/bbstored/bbstored-certs.in | 8 +- + infrastructure/cmake/CMakeLists.txt | 19 +- + infrastructure/m4/boxbackup_tests.m4 | 3 +- + lib/common/BoxPortsAndFiles.h.in | 4 + + lib/common/Test.h | 2 + + lib/server/TLSContext.cpp | 9 + + test/backupstorefix/testbackupstorefix.cpp | 9 +- + .../testfiles/testbackupstorefix.pl.in | 16 +- + test/basicserver/testbasicserver.cpp | 97 +++++++++ + .../testfiles/seclevel2-sha1/bbackupd.conf | 196 ++++++++++++++++++ + .../seclevel2-sha1/bbackupd/1234567-csr.pem | 15 ++ + .../seclevel2-sha1/bbackupd/1234567-key.pem | 27 +++ + .../seclevel2-sha1/bbackupd/NotifySysadmin.sh | 70 +++++++ + .../testfiles/seclevel2-sha1/bbstored.conf | 23 ++ + .../seclevel2-sha1/bbstored/localhost-csr.pem | 15 ++ + .../seclevel2-sha1/bbstored/localhost-key.pem | 27 +++ + .../ca/clients/1234567-cert.pem | 17 ++ + .../seclevel2-sha1/ca/keys/clientRootCSR.pem | 15 ++ + .../seclevel2-sha1/ca/keys/clientRootKey.pem | 27 +++ + .../seclevel2-sha1/ca/keys/serverRootCSR.pem | 15 ++ + .../seclevel2-sha1/ca/keys/serverRootKey.pem | 27 +++ + .../seclevel2-sha1/ca/roots/clientCA.pem | 18 ++ + .../seclevel2-sha1/ca/roots/clientCA.srl | 1 + + .../seclevel2-sha1/ca/roots/serverCA.pem | 18 ++ + .../seclevel2-sha1/ca/roots/serverCA.srl | 1 + + .../ca/servers/localhost-cert.pem | 17 ++ + .../testfiles/seclevel2-sha1/raidfile.conf | 10 + + .../testfiles/seclevel2-sha256/bbackupd.conf | 195 +++++++++++++++++ + .../seclevel2-sha256/bbackupd/1234567-csr.pem | 15 ++ + .../seclevel2-sha256/bbackupd/1234567-key.pem | 27 +++ + .../bbackupd/NotifySysadmin.sh | 70 +++++++ + .../testfiles/seclevel2-sha256/bbstored.conf | 23 ++ + .../bbstored/localhost-csr.pem | 15 ++ + .../bbstored/localhost-key.pem | 27 +++ + .../ca/clients/1234567-cert.pem | 17 ++ + .../ca/keys/clientRootCSR.pem | 15 ++ + .../ca/keys/clientRootKey.pem | 27 +++ + .../ca/keys/serverRootCSR.pem | 15 ++ + .../ca/keys/serverRootKey.pem | 27 +++ + .../seclevel2-sha256/ca/roots/clientCA.pem | 18 ++ + .../seclevel2-sha256/ca/roots/clientCA.srl | 1 + + .../seclevel2-sha256/ca/roots/serverCA.pem | 18 ++ + .../seclevel2-sha256/ca/roots/serverCA.srl | 1 + + .../ca/servers/localhost-cert-sha1.pem | 17 ++ + .../ca/servers/localhost-cert.pem | 17 ++ + .../testfiles/seclevel2-sha256/raidfile.conf | 10 + + .../testfiles/srv3-seclevel2-sha1.conf | 8 + + .../testfiles/srv3-seclevel2-sha256.conf | 8 + + test/bbackupd/testbbackupd.cpp | 123 ++++++++++- + 50 files changed, 1375 insertions(+), 27 deletions(-) + create mode 100644 test/basicserver/testfiles/seclevel2-sha1/bbackupd.conf + create mode 100644 test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-csr.pem + create mode 100644 test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-key.pem + create mode 100755 test/basicserver/testfiles/seclevel2-sha1/bbackupd/NotifySysadmin.sh + create mode 100644 test/basicserver/testfiles/seclevel2-sha1/bbstored.conf + create mode 100644 test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-csr.pem + create mode 100644 test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-key.pem + create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/clients/1234567-cert.pem + create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootCSR.pem + create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootKey.pem + create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootCSR.pem + create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootKey.pem + create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.pem + create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.srl + create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.pem + create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.srl + create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/servers/localhost-cert.pem + create mode 100644 test/basicserver/testfiles/seclevel2-sha1/raidfile.conf + create mode 100644 test/basicserver/testfiles/seclevel2-sha256/bbackupd.conf + create mode 100644 test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-csr.pem + create mode 100644 test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-key.pem + create mode 100755 test/basicserver/testfiles/seclevel2-sha256/bbackupd/NotifySysadmin.sh + create mode 100644 test/basicserver/testfiles/seclevel2-sha256/bbstored.conf + create mode 100644 test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-csr.pem + create mode 100644 test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-key.pem + create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/clients/1234567-cert.pem + create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootCSR.pem + create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootKey.pem + create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootCSR.pem + create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootKey.pem + create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.pem + create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.srl + create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.pem + create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.srl + create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert-sha1.pem + create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert.pem + create mode 100644 test/basicserver/testfiles/seclevel2-sha256/raidfile.conf + create mode 100644 test/basicserver/testfiles/srv3-seclevel2-sha1.conf + create mode 100644 test/basicserver/testfiles/srv3-seclevel2-sha256.conf + +--- a/bin/bbackupd/bbackupd-config.in ++++ b/bin/bbackupd/bbackupd-config.in +@@ -169,7 +169,7 @@ if(!-f $private_key) + if(!-f $certificate_request) + { + die "Couldn't run openssl for CSR generation" unless +- open(CSR,"|openssl req -new -key $private_key -sha1 -out $certificate_request"); ++ open(CSR,"|openssl req -new -key $private_key -sha256 -out $certificate_request"); + print CSR <<__E; + . + . +--- a/bin/bbstored/bbstored-certs.in ++++ b/bin/bbstored/bbstored-certs.in +@@ -122,7 +122,7 @@ sub cmd_init_create_root + + # make CSR + die "Couldn't run openssl for CSR generation" unless +- open(CSR,"|openssl req -new -key $key -sha1 -out $csr"); ++ open(CSR,"|openssl req -new -key $key -sha256 -out $csr"); + print CSR <<__E; + . + . +@@ -140,7 +140,7 @@ __E + die "Certificate request wasn't created.\n" unless -f $csr; + + # sign it to make a self-signed root CA key +- if(system("openssl x509 -req -in $csr -sha1 -extensions v3_ca -signkey $key -out $cert -days $root_sign_period") != 0) ++ if(system("openssl x509 -req -in $csr -sha256 -extensions v3_ca -signkey $key -out $cert -days $root_sign_period") != 0) + { + die "Couldn't generate root certificate." + } +@@ -201,7 +201,7 @@ __E + my $out_cert = "$cert_dir/clients/$acc"."-cert.pem"; + + # sign it! +- if(system("openssl x509 -req -in $csr -sha1 -extensions usr_crt -CA $cert_dir/roots/clientCA.pem -CAkey $cert_dir/keys/clientRootKey.pem -out $out_cert -days $sign_period") != 0) ++ if(system("openssl x509 -req -in $csr -sha256 -extensions usr_crt -CA $cert_dir/roots/clientCA.pem -CAkey $cert_dir/keys/clientRootKey.pem -out $out_cert -days $sign_period") != 0) + { + die "Signing failed" + } +@@ -257,7 +257,7 @@ __E + my $out_cert = "$cert_dir/servers/$common_name"."-cert.pem"; + + # sign it! +- if(system("openssl x509 -req -in $csr -sha1 -extensions usr_crt -CA $cert_dir/roots/serverCA.pem -CAkey $cert_dir/keys/serverRootKey.pem -out $out_cert -days $sign_period") != 0) ++ if(system("openssl x509 -req -in $csr -sha256 -extensions usr_crt -CA $cert_dir/roots/serverCA.pem -CAkey $cert_dir/keys/serverRootKey.pem -out $out_cert -days $sign_period") != 0) + { + die "Signing failed" + } +--- a/infrastructure/cmake/CMakeLists.txt ++++ b/infrastructure/cmake/CMakeLists.txt +@@ -71,13 +71,6 @@ function(move_file_if_exists source_file + endif() + endfunction() + +-foreach(file_to_configure ${files_to_configure}) +- configure_file("${base_dir}/${file_to_configure}.in" "${base_dir}/${file_to_configure}.out" @ONLY) +- replace_file_if_different( +- "${base_dir}/${file_to_configure}" +- "${base_dir}/${file_to_configure}.out") +-endforeach() +- + # If BOXBACKUP_VERSION is defined when running CMake (as the AppVeyor config does), use it + # as-is, since it contains the full version number, branch, and platform (Win32/Win64): + if(BOXBACKUP_VERSION) +@@ -375,6 +368,7 @@ file(WRITE "${boxconfig_h_file}" "// Aut + + if(WIN32) + target_link_libraries(lib_common PUBLIC ws2_32 gdi32) ++ list(APPEND CMAKE_REQUIRED_LIBRARIES ws2_32 gdi32) + endif() + + # On Windows we want to statically link zlib to make debugging and distribution easier, +@@ -430,6 +424,7 @@ else() + endif() + include_directories(${OPENSSL_INCLUDE_DIR}) + target_link_libraries(lib_crypto PUBLIC ${OPENSSL_LIBRARIES}) ++list(APPEND CMAKE_REQUIRED_LIBRARIES ${OPENSSL_LIBRARIES}) + + # Link to PCRE + if (WIN32) +@@ -608,6 +603,9 @@ foreach(function_name ${detect_functions + file(APPEND "${boxconfig_h_file}" "#cmakedefine HAVE_${platform_var_name}\n") + endforeach() + ++check_function_exists(SSL_CTX_set_security_level HAVE_SSL_CTX_SET_SECURITY_LEVEL) ++file(APPEND "${boxconfig_h_file}" "#cmakedefine HAVE_SSL_CTX_SET_SECURITY_LEVEL\n") ++ + check_symbol_exists(dirfd "dirent.h" HAVE_DECL_DIRFD) + file(APPEND "${boxconfig_h_file}" "#cmakedefine01 HAVE_DECL_DIRFD\n") + +@@ -824,6 +822,13 @@ file(TO_NATIVE_PATH "${PERL_EXECUTABLE}" + string(REPLACE "\\" "\\\\" perl_path_escaped ${perl_executable_native}) + target_compile_definitions(test_backupstorefix PRIVATE -DPERL_EXECUTABLE="${perl_path_escaped}") + ++foreach(file_to_configure ${files_to_configure}) ++ configure_file("${base_dir}/${file_to_configure}.in" "${base_dir}/${file_to_configure}.out" @ONLY) ++ replace_file_if_different( ++ "${base_dir}/${file_to_configure}" ++ "${base_dir}/${file_to_configure}.out") ++endforeach() ++ + # Configure test timeouts: + # I've set the timeout to 4 times as long as it took to run on a particular run on Appveyor: + # https://ci.appveyor.com/project/qris/boxbackup/build/job/xm10itascygtu93j +--- a/infrastructure/m4/boxbackup_tests.m4 ++++ b/infrastructure/m4/boxbackup_tests.m4 +@@ -142,7 +142,8 @@ AC_SEARCH_LIBS( + Upgrade or read the documentation for alternatives]]) + fi + ]) +- ++AC_CHECK_FUNCS([SSL_CTX_set_security_level], [HAVE_SSL_CTX_SET_SECURITY_LEVEL=1]) ++AC_SUBST([HAVE_SSL_CTX_SET_SECURITY_LEVEL]) + + ### Checks for header files. + +--- a/lib/common/BoxPortsAndFiles.h.in ++++ b/lib/common/BoxPortsAndFiles.h.in +@@ -20,6 +20,10 @@ + // directory within the RAIDFILE root for the backup store daemon + #define BOX_RAIDFILE_ROOT_BBSTORED "backup" + ++// default security level if SSLSecurityLevel is not specified: see ++// https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates ++const int BOX_DEFAULT_SSL_SECURITY_LEVEL = 1; ++ + // configuration file paths + #ifdef WIN32 + // no default config file path, use these macros to call +--- a/lib/common/Test.h ++++ b/lib/common/Test.h +@@ -23,6 +23,7 @@ + #define BBACKUPQUERY "..\\..\\bin\\bbackupquery\\bbackupquery.exe" + #define BBSTOREACCOUNTS "..\\..\\bin\\bbstoreaccounts\\bbstoreaccounts.exe" + #define TEST_RETURN(actual, expected) TEST_EQUAL(expected, actual); ++#define TEST_RETURN_COMMAND(actual, expected, command) TEST_EQUAL_LINE(expected, actual, command); + #else + #define BBACKUPCTL "../../bin/bbackupctl/bbackupctl" + #define BBACKUPD "../../bin/bbackupd/bbackupd" +@@ -30,6 +31,7 @@ + #define BBACKUPQUERY "../../bin/bbackupquery/bbackupquery" + #define BBSTOREACCOUNTS "../../bin/bbstoreaccounts/bbstoreaccounts" + #define TEST_RETURN(actual, expected) TEST_EQUAL((expected << 8), actual); ++#define TEST_RETURN_COMMAND(actual, expected, command) TEST_EQUAL_LINE((expected << 8), actual, command); + #endif + + extern int num_failures; +--- a/lib/server/TLSContext.cpp ++++ b/lib/server/TLSContext.cpp +@@ -14,6 +14,7 @@ + + #include "autogen_ConnectionException.h" + #include "autogen_ServerException.h" ++#include "BoxPortsAndFiles.h" + #include "CryptoUtils.h" + #include "SSLLib.h" + #include "TLSContext.h" +@@ -84,6 +85,14 @@ void TLSContext::Initialise(bool AsServe + THROW_EXCEPTION(ServerException, TLSAllocationFailed) + } + ++#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL ++ BOX_WARNING("This version of Box Backup overrides the system-wide SSLSecurityLevel for " ++ "backwards compatibility. Please upgrade as soon as possible. See " ++ "https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates#workaround-2 " ++ "for details"); ++ SSL_CTX_set_security_level(mpContext, BOX_DEFAULT_SSL_SECURITY_LEVEL); ++#endif ++ + // Setup our identity + if(::SSL_CTX_use_certificate_chain_file(mpContext, CertificatesFile) != 1) + { +--- a/test/backupstorefix/testbackupstorefix.cpp ++++ b/test/backupstorefix/testbackupstorefix.cpp +@@ -671,8 +671,13 @@ int test(int argc, const char *argv[]) + char name[256]; + while(::fgets(line, sizeof(line), f) != 0) + { +- TEST_THAT(::sscanf(line, "%x %s %s", &id, +- flags, name) == 3); ++ if(StartsWith("WARNING: This version of Box Backup overrides the " ++ "system-wide SSLSecurityLevel", line)) ++ { ++ continue; ++ } ++ TEST_EQUAL_LINE(3, ::sscanf(line, "%x %s %s", &id, flags, name), ++ "Unexpected format in initial-listing.txt: <" << line << ">"); + bool isDir = (::strcmp(flags, "-d---") == 0); + //TRACE3("%x,%d,%s\n", id, isDir, name); + MEMLEAKFINDER_NO_LEAKS; +--- a/test/backupstorefix/testfiles/testbackupstorefix.pl.in ++++ b/test/backupstorefix/testfiles/testbackupstorefix.pl.in +@@ -148,18 +148,20 @@ elsif($ARGV[0] eq 'reroot') + or die "can't open copy listing file"; + my $err = 0; + my $count = 0; +- while(<LISTING>) ++ while(my $line = <LISTING>) + { +- print LISTING_COPY; +- chomp; +- s/\[FILENAME NOT ENCRYPTED\]//; +- next if /^WARNING: \*\*\*\* BackupStoreFilename encoded with Clear encoding \*\*\*\*/; +- my ($id,$type,$name) = split / /; ++ print LISTING_COPY $line; ++ chomp $line; ++ $line =~s/\[FILENAME NOT ENCRYPTED\]//; ++ next if $line =~ /^WARNING: \*\*\*\* BackupStoreFilename encoded with Clear encoding \*\*\*\*/; ++ next if $line =~ /^WARNING: This version of Box Backup overrides the system-wide SSLSecurityLevel/; ++ my ($id,$type,$name) = split / /, $line; + $count++; + if($name !~ /\Alost\+found0/) + { + # everything must be in a lost and found dir +- $err = 1 ++ print "Expected '$name' to be in a lost+found directory, but it was not ($line)"; ++ $err = 1; + } + } + close LISTING_COPY; +--- a/test/basicserver/testbasicserver.cpp ++++ b/test/basicserver/testbasicserver.cpp +@@ -449,6 +449,80 @@ void TestStreamReceive(TestProtocolClien + TEST_THAT(count == (24273*3)); // over 64 k of data, definately + } + ++bool test_security_level(int cert_level) ++{ ++ int old_num_failures = num_failures; ++ ++ // Context first ++ TLSContext context; ++ if(cert_level == 0) ++ { ++ context.Initialise(false /* client */, ++ "testfiles/clientCerts.pem", ++ "testfiles/clientPrivKey.pem", ++ "testfiles/clientTrustedCAs.pem"); ++ } ++ else if(cert_level == 1) ++ { ++ context.Initialise(false /* client */, ++ "testfiles/seclevel2-sha1/ca/clients/1234567-cert.pem", ++ "testfiles/seclevel2-sha1/bbackupd/1234567-key.pem", ++ "testfiles/seclevel2-sha1/ca/roots/serverCA.pem"); ++ } ++ else if(cert_level == 2) ++ { ++ context.Initialise(false /* client */, ++ "testfiles/seclevel2-sha256/ca/clients/1234567-cert.pem", ++ "testfiles/seclevel2-sha256/bbackupd/1234567-key.pem", ++ "testfiles/seclevel2-sha256/ca/roots/serverCA.pem"); ++ } ++ else ++ { ++ TEST_FAIL_WITH_MESSAGE("No certificates generated for level " << cert_level); ++ return false; ++ } ++ ++ SocketStreamTLS conn; ++ conn.Open(context, Socket::TypeINET, "localhost", 2003); ++ ++ return (num_failures == old_num_failures); // no new failures -> good ++} ++ ++// Test the certificates that were distributed with the Box Backup source since ancient times, ++// which have only 1024-bit keys, and thus fail with "ee key too small". ++bool test_ancient_certificates() ++{ ++ int old_num_failures = num_failures; ++ ++ // Level -1 (allow weaker, with warning) should pass with any certificates: ++ TEST_THAT(test_security_level(0)); // cert_level ++ ++ return (num_failures == old_num_failures); // no new failures -> good ++} ++ ++// Test a set of more recent certificates, which have a longer key but are signed using the SHA1 ++// algorithm instead of SHA256, which fail with "ca md too weak" instead. ++bool test_old_certificates() ++{ ++ int old_num_failures = num_failures; ++ ++ // Level -1 (allow weaker, with warning) should pass with any certificates: ++ TEST_THAT(test_security_level(1)); // cert_level ++ ++ return (num_failures == old_num_failures); // no new failures -> good ++} ++ ++ ++bool test_new_certificates() ++{ ++ int old_num_failures = num_failures; ++ ++ // Level -1 (allow weaker, with warning) should pass with any certificates: ++ TEST_THAT(test_security_level(2)); // cert_level ++ ++ return (num_failures == old_num_failures); // no new failures -> good ++} ++ + + int test(int argc, const char *argv[]) + { +@@ -682,6 +756,11 @@ int test(int argc, const char *argv[]) + TEST_THAT(ServerIsAlive(pid)); + #endif + ++ // Try testing with different security levels, check that the behaviour is ++ // as documented at: ++ // https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates ++ TEST_THAT(test_ancient_certificates()); ++ + // Kill it + TEST_THAT(KillServer(pid)); + ::sleep(1); +@@ -691,6 +770,24 @@ int test(int argc, const char *argv[]) + TestRemoteProcessMemLeaks("test-srv3.memleaks"); + #endif + } ++ ++ cmd = TEST_EXECUTABLE " --test-daemon-args="; ++ cmd += test_args; ++ cmd += " srv3 testfiles/srv3-seclevel2-sha1.conf"; ++ pid = LaunchServer(cmd, "testfiles/srv3.pid"); ++ ++ TEST_THAT(pid != -1 && pid != 0); ++ TEST_THAT(test_old_certificates()); ++ TEST_THAT(KillServer(pid)); ++ ++ cmd = TEST_EXECUTABLE " --test-daemon-args="; ++ cmd += test_args; ++ cmd += " srv3 testfiles/srv3-seclevel2-sha256.conf"; ++ pid = LaunchServer(cmd, "testfiles/srv3.pid"); ++ ++ TEST_THAT(pid != -1 && pid != 0); ++ TEST_THAT(test_new_certificates()); ++ TEST_THAT(KillServer(pid)); + } + + //protocolserver: +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha1/bbackupd.conf +@@ -0,0 +1,196 @@ ++ ++StoreHostname = localhost ++AccountNumber = 0x1234567 ++KeysFile = ./bbackupd/1234567-FileEncKeys.raw ++ ++CertificateFile = ./bbackupd/1234567-cert.pem ++PrivateKeyFile = ./bbackupd/1234567-key.pem ++TrustedCAsFile = ./bbackupd/serverCA.pem ++SSLSecurityLevel = 2 ++ ++DataDirectory = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1 ++ ++ ++# This script is run whenever bbackupd changes state or encounters a ++# problem which requires the system administrator to assist: ++# ++# 1) The store is full, and no more data can be uploaded. ++# 2) Some files or directories were not readable. ++# 3) A backup run starts or finishes. ++# ++# The default script emails the system administrator, except for backups ++# starting and stopping, where it does nothing. ++ ++NotifyScript = ./bbackupd/NotifySysadmin.sh ++ ++ ++# The number of seconds between backup runs under normal conditions. To avoid ++# cycles of load on the server, this time is randomly adjusted by a small ++# percentage as the daemon runs. ++ ++UpdateStoreInterval = 3600 ++ ++ ++# The minimum age of a file, in seconds, that will be uploaded. Avoids ++# repeated uploads of a file which is constantly being modified. ++ ++MinimumFileAge = 21600 ++ ++ ++# If a file is modified repeated, it won't be uploaded immediately in case ++# it's modified again, due to the MinimumFileAge specified above. However, it ++# should be uploaded eventually even if it is being modified repeatedly. This ++# is how long we should wait, in seconds, after first noticing a change. ++# (86400 seconds = 1 day) ++ ++MaxUploadWait = 86400 ++ ++# If the connection is idle for some time (e.g. over 10 minutes or 600 ++# seconds, not sure exactly how long) then the server will give up and ++# disconnect the client, resulting in Connection Protocol_Timeout errors ++# on the server and TLSReadFailed or TLSWriteFailed errors on the client. ++# Also, some firewalls and NAT gateways will kill idle connections after ++# similar lengths of time. ++# ++# This can happen for example when most files are backed up already and ++# don't need to be sent to the store again, while scanning a large ++# directory, or while calculating diffs of a large file. To avoid this, ++# KeepAliveTime specifies that special keep-alive messages should be sent ++# when the connection is otherwise idle for a certain length of time, ++# specified here in seconds. ++# ++# The default is that these messages are never sent, equivalent to setting ++# this option to zero, but we recommend that all users enable this. ++ ++KeepAliveTime = 120 ++ ++ ++# Files above this size (in bytes) are tracked, and if they are renamed they will simply be ++# renamed on the server, rather than being uploaded again. (64k - 1) ++ ++FileTrackingSizeThreshold = 65535 ++ ++ ++# The daemon does "changes only" uploads for files above this size (in bytes). ++# Files less than it are uploaded whole without this extra processing. ++ ++DiffingUploadSizeThreshold = 8192 ++ ++ ++# The limit on how much time is spent diffing files, in seconds. Most files ++# shouldn't take very long, but if you have really big files you can use this ++# to limit the time spent diffing them. ++# ++# * Reduce if you are having problems with processor usage. ++# ++# * Increase if you have large files, and think the upload of changes is too ++# large and you want bbackupd to spend more time searching for unchanged ++# blocks. ++ ++MaximumDiffingTime = 120 ++ ++ ++# Uncomment this line to see exactly what the daemon is going when it's connected to the server. ++ ++# ExtendedLogging = yes ++ ++ ++# This specifies a program or script script which is run just before each ++# sync, and ideally the full path to the interpreter. It will be run as the ++# same user bbackupd is running as, usually root. ++# ++# The script must output (print) either "now" or a number to STDOUT (and a ++# terminating newline, no quotes). ++# ++# If the result was "now", then the sync will happen. If it's a number, then ++# no backup will happen for that number of seconds (bbackupd will pause) and ++# then the script will be run again. ++# ++# Use this to temporarily stop bbackupd from syncronising or connecting to the ++# store. For example, you could use this on a laptop to only backup when on a ++# specific network, or when it has a working Internet connection. ++ ++# SyncAllowScript = /path/to/intepreter/or/exe script-name parameters etc ++ ++ ++# Where the command socket is created in the filesystem. ++ ++CommandSocket = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1/bbackupd.sock ++ ++# Uncomment the StoreObjectInfoFile to enable the experimental archiving ++# of the daemon's state (including client store marker and configuration) ++# between backup runs. This saves time and increases efficiency when ++# bbackupd is frequently stopped and started, since it removes the need ++# to rescan all directories on the remote server. However, it is new and ++# not yet heavily tested, so use with caution. ++ ++# StoreObjectInfoFile = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1/bbackupd.state ++ ++Server ++{ ++ PidFile = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1/bbackupd.pid ++} ++ ++ ++# BackupLocations specifies which locations on disc should be backed up. Each ++# directory is in the format ++# ++# name ++# { ++# Path = /path/of/directory ++# (optional exclude directives) ++# } ++# ++# 'name' is derived from the Path by the config script, but should merely be ++# unique. ++# ++# The exclude directives are of the form ++# ++# [Exclude|AlwaysInclude][File|Dir][|sRegex] = regex or full pathname ++# ++# (The regex suffix is shown as 'sRegex' to make File or Dir plural) ++# ++# For example: ++# ++# ExcludeDir = /home/guest-user ++# ExcludeFilesRegex = .(mp3|MP3)$ ++# AlwaysIncludeFile = /home/username/veryimportant.mp3 ++# ++# This excludes the directory /home/guest-user from the backup along with all mp3 ++# files, except one MP3 file in particular. ++# ++# In general, Exclude excludes a file or directory, unless the directory is ++# explicitly mentioned in a AlwaysInclude directive. However, Box Backup ++# does NOT scan inside excluded directories and will never back up an ++# AlwaysIncluded file or directory inside an excluded directory or any ++# subdirectory thereof. ++# ++# To back up a directory inside an excluded directory, use a configuration ++# like this, to ensure that each directory in the path to the important ++# files is included, but none of their contents will be backed up except ++# the directories further down that path to the important one. ++# ++# ExcludeDirsRegex = ^/home/user/bigfiles/ ++# ExcludeFilesRegex = ^/home/user/bigfiles/ ++# AlwaysIncludeDir = /home/user/bigfiles/path ++# AlwaysIncludeDir = /home/user/bigfiles/path/to ++# AlwaysIncludeDir = /home/user/bigfiles/path/important ++# AlwaysIncludeDir = /home/user/bigfiles/path/important/files ++# AlwaysIncludeDirsRegex = ^/home/user/bigfiles/path/important/files/ ++# AlwaysIncludeFilesRegex = ^/home/user/bigfiles/path/important/files/ ++# ++# If a directive ends in Regex, then it is a regular expression rather than a ++# explicit full pathname. See ++# ++# man 7 re_format ++# ++# for the regex syntax on your platform. ++ ++BackupLocations ++{ ++ home-chris-boxbackup-test-basicserver-testfiles-seclevel2-sha1 ++ { ++ Path = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1 ++ } ++} ++ +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-csr.pem +@@ -0,0 +1,15 @@ ++-----BEGIN CERTIFICATE REQUEST----- ++MIICXjCCAUYCAQAwGTEXMBUGA1UEAwwOQkFDS1VQLTEyMzQ1NjcwggEiMA0GCSqG ++SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrSHZEUGZxLnDFr0B02Utd5rF6YwYmhzLG ++WNBnC0FBrCN0qJgjEHpQ0jqMGA9vIvBuesYhBmk8hOyJFHNtJB8MJyeHvKSwdwlF ++Isz+gr60RGAKj290nSdFgMvMgkdqz6Vg4R9t94fzhxjk/BJyNjr8r+64hffIOQmM ++YlmADLX38BLRLAfbVVkq/bRgqBFtmvFYTZKl6of1jVSWQLcXGShWE45lc5Hpd+qv ++DRjzsQukb3gJmKU4DMW1BCaS8W6v7R0MG/5CooiwMRrct8puH4IeIDrByBz/0mRP ++fMPjR2qpjx4EmLRcC39lGVBTnXLYM1XGIYsX7f1ssYZZXSSajUp9AgMBAAGgADAN ++BgkqhkiG9w0BAQUFAAOCAQEAbDRc2PW9WnUu7F1g/mWQW8aGhyzMcYTp28kVEtMC ++dvvbNLFWtWPXktM9PjR6F+3QRQktdXwYXsTctmGL4vvSKFd66gw4HklGe+Opiiw/ ++o9F6E2PAFzRYbMio7UYevs/RhktaJRkVyd81e8LtFHuUD3vqBY84NVeKwmxnbdoK ++jzBj3x3COkLLiPTWjb+RgxnPWcNtXhLAcATZeCKBo4U0gvRL1NTMCslIumdhtD8h ++BQOdEaSP2sB8o3mMEh8W5tgja4zWv1GszJK9sJNL/EZag331/++5H06yf8vPhQW7 ++rqRHA33CUe7XiqAkXp+Rgq5W97qcKIlo4uKRzCsTYC/QUg== ++-----END CERTIFICATE REQUEST----- +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-key.pem +@@ -0,0 +1,27 @@ ++-----BEGIN RSA PRIVATE KEY----- ++MIIEpAIBAAKCAQEAq0h2RFBmcS5wxa9AdNlLXeaxemMGJocyxljQZwtBQawjdKiY ++IxB6UNI6jBgPbyLwbnrGIQZpPITsiRRzbSQfDCcnh7yksHcJRSLM/oK+tERgCo9v ++dJ0nRYDLzIJHas+lYOEfbfeH84cY5PwScjY6/K/uuIX3yDkJjGJZgAy19/AS0SwH ++21VZKv20YKgRbZrxWE2SpeqH9Y1UlkC3FxkoVhOOZXOR6Xfqrw0Y87ELpG94CZil ++OAzFtQQmkvFur+0dDBv+QqKIsDEa3LfKbh+CHiA6wcgc/9JkT3zD40dqqY8eBJi0 ++XAt/ZRlQU51y2DNVxiGLF+39bLGGWV0kmo1KfQIDAQABAoIBAHLetfI6uXlOW/M4 ++BVJYKGNhQ8WAg69zHGpJRfrVYX5Zo62pI97gPifV1c3+lNtD41s0m4uqcQlVXAzS ++2lZn0yqjV6+ApDJ0opLrM++8X4kmEgMDDwx2GNBUAFm3RY4slAzU7e8iAtsfz2JC ++a1yNYiH1G3RE5FgzaGPt0Xg/DgqorT6uR5/jIzlSpqRse9sXG4/uGEmfkogMwvU+ ++gmcMOs+Jm7HbLMIGxzBydNTFoup1YUVSCuIjdJBpWRCbBaeYeTSoQgdAPALtwJgz ++v8quFaJOkJMKIaXOF+1VN8w5rPTJJdfHtYITz6i0V5A7qSHR5jckbm0UWcXnEdaZ ++YvkKRUECgYEA4krb4xrXLuSbUv70dKXybyNxEFK+IVG6NZG4+iaW8B8oU8+q8FzM ++HPYAdppYKkYrjslKWIOwZdTsYa4Z8U/uhmMv4OpcCq7nYv6W/g1N/AMd8pEJvV9m ++EQ5hY1uMg3rgorYWGDyh3HcYl2q4/9EJiPKUVoZb9IPeO3Po3TgK8A8CgYEAwcTf ++EHJVs5F2mnetRhETpC5IGUB9OKbPm+JR6+BNFsh1vaPosobfYOzO6PJm0H/z4jMN ++n29oc1SAphUXegE6gbVO8/hd9S4OhTq8egFO9Y/BN3/lHUYe/RPs2BZ+Foh70PH7 ++9l6K/UDrwJ458hBrFM/DCcjRRcw12GBPUZ8xkLMCgYEAlND8GDc/igQnLYajhs7X ++R0V8hmqTxN+1YKNLjZ6xJoqm/68TUG0Ggok5NsY78tkgrg8sSFeaOu2y4m4Xe33A ++dDpoczZMf24UlyKsc7iWL4RxPmMpj5NcUR0u6KN9Hb5CWl762seM/qqHzpQNw5ZZ +++ejlqp1DfeL21Axe+JRxhPsCgYEAiYEWtoocbRhd7RHeYWl+4bSCL4FHG2usyjdZ ++4SREMFXCz/fACuiRHiwOTNqvwWf7ftqx4SFjIuylerZe+ZJjnWY3iAQJURME9OCQ ++nZfOG46PE75rrVF0bi20lken5H+oNcdzAQtoYH2wjvj5r+CczKD/DDN45qoaz9jQ ++kOCCgOcCgYBDeOUq+6UoZMmx1c/H4MnRWMpHu0hNfivDEeJMYkxLMA98clstohc7 ++T4B4gaoCewJ5XVR72k+Oqgvy++d4g5EpRjFE8hVNjw7Vo3WP0+X5iI+TmBuLKh/c ++Wl10t7jLE25vyLJs4nmQd4hav9gWMbP5l99sVq61DM6bMuRcQnyeIA== ++-----END RSA PRIVATE KEY----- +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/NotifySysadmin.sh +@@ -0,0 +1,70 @@ ++#!/bin/sh ++ ++# This script is run whenever bbackupd changes state or encounters a ++# problem which requires the system administrator to assist: ++# ++# 1) The store is full, and no more data can be uploaded. ++# 2) Some files or directories were not readable. ++# 3) A backup run starts or finishes. ++# ++# The default script emails the system administrator, except for backups ++# starting and stopping, where it does nothing. ++ ++SUBJECT="BACKUP PROBLEM on host debian-unstable" ++SENDTO="chris" ++ ++if [ "$1" = "" ]; then ++ echo "Usage: $0 <store-full|read-error|backup-ok|backup-error|backup-start|backup-finish>" >&2 ++ exit 2 ++elif [ "$1" = store-full ]; then ++ sendmail: $SENDTO <<EOM ++Subject: $SUBJECT (store full) ++To: $SENDTO ++ ++ ++The store account for debian-unstable is full. ++ ++============================= ++FILES ARE NOT BEING BACKED UP ++============================= ++ ++Please adjust the limits on account 1234567 on server localhost. ++ ++EOM ++elif [ "$1" = read-error ]; then ++sendmail: $SENDTO <<EOM ++Subject: $SUBJECT (read errors) ++To: $SENDTO ++ ++ ++Errors occured reading some files or directories for backup on debian-unstable. ++ ++=================================== ++THESE FILES ARE NOT BEING BACKED UP ++=================================== ++ ++Check the logs on debian-unstable for the files and directories which caused ++these errors, and take appropriate action. ++ ++Other files are being backed up. ++ ++EOM ++elif [ "$1" = backup-start -o "$1" = backup-finish -o "$1" = backup-ok ]; then ++ # do nothing by default ++ true ++else ++sendmail: $SENDTO <<EOM ++Subject: $SUBJECT (unknown) ++To: $SENDTO ++ ++ ++The backup daemon on debian-unstable reported an unknown error ($1). ++ ++========================== ++FILES MAY NOT BE BACKED UP ++========================== ++ ++Please check the logs on debian-unstable. ++ ++EOM ++fi +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha1/bbstored.conf +@@ -0,0 +1,23 @@ ++ ++RaidFileConf = ./raidfile.conf ++AccountDatabase = ./bbstored/accounts.txt ++ ++# Uncomment this line to see exactly what commands are being received from clients. ++# ExtendedLogging = yes ++ ++# scan all accounts for files which need deleting every 15 minutes. ++ ++TimeBetweenHousekeeping = 900 ++ ++Server ++{ ++ PidFile = /var/run/bbstored.pid ++ User = chris ++ ListenAddresses = inet:localhost ++ CertificateFile = ./bbstored/localhost-cert.pem ++ PrivateKeyFile = ./bbstored/localhost-key.pem ++ TrustedCAsFile = ./bbstored/clientCA.pem ++ SSLSecurityLevel = 2 ++} ++ ++ +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-csr.pem +@@ -0,0 +1,15 @@ ++-----BEGIN CERTIFICATE REQUEST----- ++MIICWTCCAUECAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B ++AQEFAAOCAQ8AMIIBCgKCAQEAyzNFMI4BCpd/vGvPseb8U/NZYDQZ6nV7nFwDPsyr ++/yoUBQz7/gEAFP9Zo+8C9h89N2dPuxVNgylybiXO1icy8NsH+xkTtJXPSqi/Q87M ++36V5/k7wfF6Kx9ayuB2e1xg844fuY3llYacOyoA1NWP3DaQP+MztxuvKqK4JnodU ++oqysEK3DF4F1qFSHh1fum5nY+GBPaZjhn6ns/prQP8De6bctEjUAEYSKqUjNJpYa ++sP0KqFH8CoY1ZGa/f5n0CZ/9VT5N+Nm0TA1HwX2QeH0h1yp/LH52tD6/8T9XqgK4 ++iuekRol6dkj63jXPnVSK4NSFksTzJsQCABOUz4kXKZucQQIDAQABoAAwDQYJKoZI ++hvcNAQEFBQADggEBACN8kdjf8P/OBMVytAKxWlXDAtG5A8qZz4e+aNM4JfXF//fP ++pS5c+m0rpt6aop4N5n5MWyL54eJlhh+yyNdm2RmHvybJKHLTRCPzP3gtHaVZ4v2V ++xWbDW+LuLMhDp70Ci1/CGWv+fQ2jmKPAtXGcbIsvjI+swLRtJDTwNV6B/dbS5QyF ++6n8O+pSLS6l7vsXginavB+VLAWWdtCbZAgId9Io0BePN/LpVb2bLgzGfzBInSCFl ++4bBN3dqC7nFkXdk+EXseA0L1NYUpXZoperzxMgDG74IMPwIomkb3elNP7xpz3Zgg ++Y5xwL05H5Jj5aW3Ao9mY3LKK8ZmAQnljOsyQsKc= ++-----END CERTIFICATE REQUEST----- +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-key.pem +@@ -0,0 +1,27 @@ ++-----BEGIN RSA PRIVATE KEY----- ++MIIEowIBAAKCAQEAyzNFMI4BCpd/vGvPseb8U/NZYDQZ6nV7nFwDPsyr/yoUBQz7 ++/gEAFP9Zo+8C9h89N2dPuxVNgylybiXO1icy8NsH+xkTtJXPSqi/Q87M36V5/k7w ++fF6Kx9ayuB2e1xg844fuY3llYacOyoA1NWP3DaQP+MztxuvKqK4JnodUoqysEK3D ++F4F1qFSHh1fum5nY+GBPaZjhn6ns/prQP8De6bctEjUAEYSKqUjNJpYasP0KqFH8 ++CoY1ZGa/f5n0CZ/9VT5N+Nm0TA1HwX2QeH0h1yp/LH52tD6/8T9XqgK4iuekRol6 ++dkj63jXPnVSK4NSFksTzJsQCABOUz4kXKZucQQIDAQABAoIBACvo7mCprwvs5QuA ++eKdG9OvnQD8LwzXpIUcOkxz0+Y3wN9dHkQS4jp36+BH2yjsJUR8x0gbpeZCIWlP3 ++E5Uvb1Cg5D6ckqeJX/wQLxSmEZualJwhztHxVCgO+xvSOsrcT/wTGa6hQwkxIn8b ++6WOaMH7gHxtynUdJGMgOo8GAGQf1yVganOo8hk/jARjln3Cyg+0018a8P0bZHI5L ++2EJgXSvVo5N4s0sVxMTDUX80YMmpH5M1duCYRitJwZCDMg5xOjootvfzw9pDD40/ ++JsQHxdCfotDEBOVym7mKqxOUowwA+8vKG5yOkG7Fb7QmO9UkujqBCQs7n9q+0wj5 ++3OV872ECgYEA+YwqJ+vk8EK6Eo4ZJmYNhreKDtfTCiv4CRpxWimyf8fShhPSpcur ++JSMl7OLuJhqsWIoGs5v1QSMhaSckLVq5lSZ7czVyC/ZFmhXN8LmfdYJ3LuSfEhG/ ++ma9c2qXXC9EbTgdRg5lFSIugBFEHv+656Jn6Oj4hN/V8bd0EDgSY7Q0CgYEA0HRR ++esMH2YSGztoauzl0FmOHrH53diTpCNBzh2ZEwQgHcTbHK3VfDqN0bsUx4SwZW/Wj ++o7elnrBDHdVa8LMbUq7DH5YzRnfbGJHcKhUCTI3eT0wfpKvnyptIwRaKozS313rx +++5ZePf51krnYTs6p73Nvu7ALUwTLLi57PZQKJwUCgYB2B0JlEWB99sF1RzpD/B7H ++qgWlUZUiiXtOKvCT+YbQgx1ihvupqTPwY7hrW0XSRelgEyBqUQhl34zM5FNrFC8U ++iVf4PL4NRFTVNRzrj5AJD0T5q+5EqJpbwSKE081rbGKivDlkqdioIEn14LFuqSXL ++CxDb/UjO49APUmq5ipkd/QKBgQCfSxPsrNb1yMk/jvn4coochchq72WYudH+c1Sl ++dmg53knZoROISTPvusbB0x0vxgRG+qom9LKyVl2jkaPh5eyOPZBMNfpO8k5SMzw8 ++SDuuhocIr9JKgzco44swSmp9F08ZchEywZCY7TepfS0n49OGcP9EPN4afcJKMyjo ++QJWVhQKBgH47nr45MgQJIoeUzmDPL/N9jAlG4+MvfsGvZxtGeRij68TYFStPEccO ++GJH09GQZgxvz8YbamC4KEA67PlwOdm/4ITs4HAE+tX6gaYeXG8XTw/azQdx0ZhXu ++EIhyRvSeCfXq/hi4Qef2yIx3YLarPXw1E38Xtl0MOl+yGg827Imt ++-----END RSA PRIVATE KEY----- +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha1/ca/clients/1234567-cert.pem +@@ -0,0 +1,17 @@ ++-----BEGIN CERTIFICATE----- ++MIICsTCCAZkCAQEwDQYJKoZIhvcNAQEFBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5 ++c3RlbSBjbGllbnQgcm9vdDAeFw0xOTA0MjgyMDU3NDBaFw0zMzAxMDQyMDU3NDBa ++MBkxFzAVBgNVBAMMDkJBQ0tVUC0xMjM0NTY3MIIBIjANBgkqhkiG9w0BAQEFAAOC ++AQ8AMIIBCgKCAQEAq0h2RFBmcS5wxa9AdNlLXeaxemMGJocyxljQZwtBQawjdKiY ++IxB6UNI6jBgPbyLwbnrGIQZpPITsiRRzbSQfDCcnh7yksHcJRSLM/oK+tERgCo9v ++dJ0nRYDLzIJHas+lYOEfbfeH84cY5PwScjY6/K/uuIX3yDkJjGJZgAy19/AS0SwH ++21VZKv20YKgRbZrxWE2SpeqH9Y1UlkC3FxkoVhOOZXOR6Xfqrw0Y87ELpG94CZil ++OAzFtQQmkvFur+0dDBv+QqKIsDEa3LfKbh+CHiA6wcgc/9JkT3zD40dqqY8eBJi0 ++XAt/ZRlQU51y2DNVxiGLF+39bLGGWV0kmo1KfQIDAQABMA0GCSqGSIb3DQEBBQUA ++A4IBAQBvwLWvNs2FhwNhjCA0A4r6hbKcdZDqmHT+EJpf1Os/f5A1fTah5u2UvNiQ ++jYkI7u5dds/pSRDQ+1itbq2ltHq59QolMDN80xbrqgW2SCYIzBqR5i+plIIlGaM+ ++Cih9QUrbZO1qBSA9nvuqFOGdi4tca+rkkuogWWNsngEydS32EmcI/cTcrubMKnYT ++aW3+z46D42uZwljlhjnDDRbbvwpqd1h4NPbJcadelZnG3fsO0MCWi8LLp8Sepot7 ++oDoseZ55JtYSjQuLFzfvgbvdkl/AQS1J+0Tjf2pq1zjIJmZ8qCuCP694z2BzRMTp ++y0vJrXoCFTpVaNZZJx+x8ZqKjp3J ++-----END CERTIFICATE----- +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootCSR.pem +@@ -0,0 +1,15 @@ ++-----BEGIN CERTIFICATE REQUEST----- ++MIICaTCCAVECAQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5c3RlbSBjbGllbnQgcm9v ++dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcxnm27tjpmhPdI23hV ++VLerRKdYRutug9EaVwoegRzsnx/+6vBrnXQFbqenA2MR9yMhje+CJqZJcKoEyN6o ++hSuv2vpMUOxLquUjhzv184rxp8dVcz1E6zpnxo5vJw8NoxN65SEjMKxFcO8e/RwQ ++Pb8Yot1wEantMZKUu9qQ45lPCJH1VdPES09D6yMc62P7gOkybR4MZE7t2Wm9Bbx6 ++H3Ag9OaSuYJOhf3614SvZQFmUlr07X/RFGsAixXi7CWqMjPKZDpG0PALVnKeKrfj ++5gftcEUVVh2jRtfwN7DcTQu1f0Cv3Ixvv7T0lOK1BXGt5S8/l1RLeCNkzzIDyyEM ++92UCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQB9d+4iZAtngEGpbtuHEhWssZKP ++fisCUA+XokqrQ5Bw8wpE/zh4WHBfKDE0mrXARiJABKJqTVUI/fI9cGVWvRj17yxv ++aIuZdYsZgAWhy6U2u0I8Kyul4URnDJq+JiqKOwYDjduZRi6axsjqVoWqeyRn0M1o ++05d5O+TzS6uH9JhdYzpBeQVRweH4Dq374ApJu55RW+RQ7CpFQpW1cCqm3nMybNoM ++uMMDTXeV09jh8DE63VE5GLi2N9/DaAD8VrrGuZWRFUhEvxHe8Qs8gCX7ep+9rUlS +++Vn0880ItjjBRQwDaSkJqQaGL0Wq4eBSTx9WcvIer9XFfwUYKOFVIPwQqDqn ++-----END CERTIFICATE REQUEST----- +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootKey.pem +@@ -0,0 +1,27 @@ ++-----BEGIN RSA PRIVATE KEY----- ++MIIEowIBAAKCAQEAxzGebbu2OmaE90jbeFVUt6tEp1hG626D0RpXCh6BHOyfH/7q ++8GuddAVup6cDYxH3IyGN74ImpklwqgTI3qiFK6/a+kxQ7Euq5SOHO/XzivGnx1Vz ++PUTrOmfGjm8nDw2jE3rlISMwrEVw7x79HBA9vxii3XARqe0xkpS72pDjmU8IkfVV ++08RLT0PrIxzrY/uA6TJtHgxkTu3Zab0FvHofcCD05pK5gk6F/frXhK9lAWZSWvTt ++f9EUawCLFeLsJaoyM8pkOkbQ8AtWcp4qt+PmB+1wRRVWHaNG1/A3sNxNC7V/QK/c ++jG+/tPSU4rUFca3lLz+XVEt4I2TPMgPLIQz3ZQIDAQABAoIBAQC1TQJIGmw4J4uq ++j5PCqNgc/DPWpNCYBNTRg8npGe6mZvBGbP1lqm17Zl5bFfZNO9LXFPldH/cRrxJu ++jUBO+M+M/divrLqS+CQpvvadqrTqqBzvn2TuRUZcuIvOpHjGiMD/QAJA8QiiI+ow ++muIBov6wajoClrhdE9jk858vxmSB6gE4czdTrXvZQXC+9EyuaqrLQeTuJbz1JNGN ++jR61iSZWBfI6Ige+PSKpIQW/pU1+2QHyUNhTqN9V8Cxw0tVnOCZxNlWbXIaqsowa ++s4lzfYVvK1NsHitX3wIRJv3gPt3JYN8VIwpq86w1CDxvmEQUuj6VYGDj1n278z4h ++4CaZGNFBAoGBAP/b++wVZ1D0glBRhXghCMqGi/bzBySD+XDzd2DwVRM6jkX4Krof ++MPflg2AMGXOvYYEoDtNWPHYzLts45zpOY111DA4OKqLL1QgTOOtjjd4b/+AaQOKt ++m/Gvr9WFdqCjtO2rcv4546nB4M6bf6umHqoeKK947mi08jmW9VvZhaC5AoGBAMdN ++qIYmnR17s9He9/jgU9zfp+21fC9GSDI9MrdaGP9E4EAeg95Sn3ppplzVeIW+c2b/ ++0MuhdbR2dn7JoXcJKlO2qcadvsRWURvR0ofWbjcKoKdAHlShsNIfT8cWfk7E1DL3 ++04JTWFcLA7M5RkdT9y2/N4NNKAZ37ZWO10r5jz4NAoGAXWh8gmYV//IkGRqJ9Z9p ++zDZupst20hf0Ww4niRZ0mL6J7nV5c9WrVPVPjyMbr6ZZnIN5ViJnlGd/Nb2CfUDc +++eOfcQou+pwbvAT4hMclpe7m7XPoOFlVU1jmgrdk5aSeix5KrxGHUhRb9FHEvG+7 ++RjQYemdV8pgMzoWUMeIp7NECgYB/39rN3/6UySbR9E6EF2KXZ8T2Jqh8KIrv+QYO ++UDeTqVx8p1eSkM6UGy9LhwfiQBUJM/+Cd6Du3ccfiD0aA/5tYdjCf7nDfWJjCBgd ++Yb6rgB0d0mzjfi7WUpK8OTlnTrCb1xiVGOaoSn/gQVJPN5dzeamjjCCvLcl5WQHX ++sBFxDQKBgAYnvJcaXYiyDW2fpdKodzf0AwPBaR2yUJsO2Zm2RpigrpAkpSo5lk5N ++GTWEbWUeENlgapQot5pxKbX07wSpifG3eAULusJuwd9+Ys04GZMYR9T+JXxjLQq7 ++hxlWFoj/8o8zh5tGWocqvmTgIiFngwLpHRFStrAhmFSWtHlsgruV ++-----END RSA PRIVATE KEY----- +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootCSR.pem +@@ -0,0 +1,15 @@ ++-----BEGIN CERTIFICATE REQUEST----- ++MIICaTCCAVECAQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5c3RlbSBzZXJ2ZXIgcm9v ++dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmT9t4A51xpeJ3h6ddg ++l2wYFYSp2YdquKX85hipesYp0EIlrPHDdHXFjDS50ZhI62+2hxr/qCtSWwsAiNoK ++xSopXMVd6BO6eYPM0KqW4BMnqsKewv39uDiIHVQblB/3/4nd2Jx3sxGIdFivCDuo ++nqYm4BT5vEvHWG1Z+FtGqdPGZk4UG53Rx6ewHCYwpXUgCxJE814fruw+aWXPI0U3 ++QYCgehOTP5+zcONaFP9aSVd5GXqCtF+MgZYSSK4exL33gKsaDXwhiTJ2IgOs4YpN ++HG4fu/ct4ppwArHvaHMuLKS6IgFjCHYCqMD/N2+ZpszPWzI5KGprfHZxl0uTLGTd ++HdsCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQCflWlk+xCivLP+EK8oh0VCuTo2 ++qLMuPOR8GU+gVUN1z68T4j/ZsI0NKox++9NOzGwTE/cSpN+nfLNdhPwOM+TrRtS/ ++iDrTSDMSVK4SjIQ9iEaINbfOZOv52l9vkyCR/u0TrnnkjXknzU9ZQmnDvj2e8K/B ++lq7LjvxeMxvLeZKfISr5XGcnUvhGcJkG6Cdkk6OIYUL7oDmBjS3IBzNTVTVmMB/U ++fHMURt/+ljmYKwNN8J7bG8nsMc/UnqqSLqBpPovup/+Ol8pbAjPNaLrQTz5PrN/k ++0PwqzbSJ52HEQY+kwpWLpx47p8ArQhD+YTaCUxyqzBWAI573rMdiAh/ZKVVi ++-----END CERTIFICATE REQUEST----- +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootKey.pem +@@ -0,0 +1,27 @@ ++-----BEGIN RSA PRIVATE KEY----- ++MIIEpAIBAAKCAQEAyZP23gDnXGl4neHp12CXbBgVhKnZh2q4pfzmGKl6xinQQiWs ++8cN0dcWMNLnRmEjrb7aHGv+oK1JbCwCI2grFKilcxV3oE7p5g8zQqpbgEyeqwp7C ++/f24OIgdVBuUH/f/id3YnHezEYh0WK8IO6iepibgFPm8S8dYbVn4W0ap08ZmThQb ++ndHHp7AcJjCldSALEkTzXh+u7D5pZc8jRTdBgKB6E5M/n7Nw41oU/1pJV3kZeoK0 ++X4yBlhJIrh7EvfeAqxoNfCGJMnYiA6zhik0cbh+79y3imnACse9ocy4spLoiAWMI ++dgKowP83b5mmzM9bMjkoamt8dnGXS5MsZN0d2wIDAQABAoIBAQCKVJ3+74PV6RM6 ++1YORp9mB9m0d4ylCQryAPDLzDasRPjSKkCxEpKrQ/0YeEL6C0NewjAPfRT50rEmK ++HU3Mw8NWEZh2YOEYWMl25yDzUCJpQrluYWDSyECZmt71jw9xeNDGHZW+mm4qRAgD ++q+nsduSYhOkVu+O55Q0Lzcgfaziz+KNlZNFyjQpyrwCoj9lssL+ZYfhFZV2OnPof ++QLQpCEmrqzFaE9oFDjXxRkvmEBgtxPqSHNg2ZoFuVRAwcal8WHJbf7twCyQKB4i4 ++UFV/SX70qw4pfX53rfUoxUNEJgnnJIpOV0q2N/FO3CPYMjvdSoqkhbaIa2D4c37h ++8aB0HCjxAoGBAPukpme3nRy7ybr5P8XomkIy+36sH8hLRoDZCNnz8UJa1OmrA8tG ++yKch9vlBMDXjzDQ0Uq8OFSjFN7uQF5zLx4UU2eL/ptEWEmDpPZui7YmI5Ep/ZK4k ++reK4op0tJ2fy7Fhq6IoBKvUVN3waWXzmObq77IKIQ5t1Z+MyfHEAtvKHAoGBAM0R ++aXluyt3+RwOE2RdlwgSDnHYNvKAUfmkOIVprFEb13LQABbna5BmNIa/rZ+RDtNza ++2/Tzqpmq8OVQkF9ATqjba+Y6GAoDwaAcvVwDrjoYtlI8zjnFEhhgVl455QlEZc5O ++qxOPYx4Kt60Cc6ee8L9gPvJUIAQLyyCjv1IWYQsNAoGBANWkPALiSGkUpXgwFIyZ ++ph192zb4OyN5hSnvGSyxhqqnIwwfPOFf/wqmM1/6kEuwUrYflfM5KY2rol2DQAjG ++mWXLBhFKqv3ol0Hfw4ZXFQQnTGpTLc8LJPXPe3+lzkbaXv3SBgrkYuwgTzL1y/PW ++Ijz/PxSzS3K4grLJMg1eZfQRAoGAOuatbPutuWW38ALQeC/6MmG7Jw17CF/aj0JH ++wjjPcjJcWjdHbcK5kb0/18+934qzAFy8oPb8IXdACh3B2hoWfdnIfDBjhzzc+KhI ++m41TFczTUXu1oFJCiE3jgN0QNEE5HLDr4opk5dQePctefN7iN5XlfqU7LO5WQeHG ++qkVTSmECgYB+pEKVBHyKyJtdnWhrVr8vhlJH7fh6VUkL4gnuoiFcfPn2gyw6UX7E ++9tls3aoxx47jvaJuoaNjiaT8ZZ4C0mx/L7XNHxiQHRb89nPC+WvapplDw+1XA0JK ++k/JenbDUXuEPrdoJh30lwwYqNBEJTstFbYILDhbaw4Ud6hRUrIfQOA== ++-----END RSA PRIVATE KEY----- +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.pem +@@ -0,0 +1,18 @@ ++-----BEGIN CERTIFICATE----- ++MIICzzCCAbcCFDMFGbY+8snuTNZA311AVJo5GvwmMA0GCSqGSIb3DQEBBQUAMCQx ++IjAgBgNVBAMMGUJhY2t1cCBzeXN0ZW0gY2xpZW50IHJvb3QwHhcNMTkwNDI4MjA1 ++NzM1WhcNMzgwMTE4MjA1NzM1WjAkMSIwIAYDVQQDDBlCYWNrdXAgc3lzdGVtIGNs ++aWVudCByb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzGebbu2 ++OmaE90jbeFVUt6tEp1hG626D0RpXCh6BHOyfH/7q8GuddAVup6cDYxH3IyGN74Im ++pklwqgTI3qiFK6/a+kxQ7Euq5SOHO/XzivGnx1VzPUTrOmfGjm8nDw2jE3rlISMw ++rEVw7x79HBA9vxii3XARqe0xkpS72pDjmU8IkfVV08RLT0PrIxzrY/uA6TJtHgxk ++Tu3Zab0FvHofcCD05pK5gk6F/frXhK9lAWZSWvTtf9EUawCLFeLsJaoyM8pkOkbQ ++8AtWcp4qt+PmB+1wRRVWHaNG1/A3sNxNC7V/QK/cjG+/tPSU4rUFca3lLz+XVEt4 ++I2TPMgPLIQz3ZQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCUifYeul9/GHa2LV6/ ++k9ZKOjcSmmDud8sTwfum3CuHLb9ODcKMaNz/vzPYeVyN7MZvXJIAqxaxrrToye46 ++pDRQnguPNI5XU+Vb2l3Xvm7WBRGcxkAInkYBB7GwxmfffPS9/JrdPzxD6h3z8IOT ++jwzULNmNDse7Wf1hrgS1qKcCzJA1b1rLnZcrU+z3OUvLiR/8Bo/IuwXZVoNqDdq7 ++NzrqYT4x0J4P5PuBQHPB/fHMFDc1HoCgLG9b42th71kDoxG7IH2r02FzVjF8qIvD ++eQes3VbI7BDT/f0L2r1FHcA7FVRUqTWnEWby/PjTZiRCSPKUG7RqAplrOKmk9JuN ++PkkW ++-----END CERTIFICATE----- +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.srl +@@ -0,0 +1 @@ ++01 +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.pem +@@ -0,0 +1,18 @@ ++-----BEGIN CERTIFICATE----- ++MIICzzCCAbcCFGAQPLcwEruVZrE+h1tmI7s9CffgMA0GCSqGSIb3DQEBBQUAMCQx ++IjAgBgNVBAMMGUJhY2t1cCBzeXN0ZW0gc2VydmVyIHJvb3QwHhcNMTkwNDI4MjA1 ++NzM1WhcNMzgwMTE4MjA1NzM1WjAkMSIwIAYDVQQDDBlCYWNrdXAgc3lzdGVtIHNl ++cnZlciByb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZP23gDn ++XGl4neHp12CXbBgVhKnZh2q4pfzmGKl6xinQQiWs8cN0dcWMNLnRmEjrb7aHGv+o ++K1JbCwCI2grFKilcxV3oE7p5g8zQqpbgEyeqwp7C/f24OIgdVBuUH/f/id3YnHez ++EYh0WK8IO6iepibgFPm8S8dYbVn4W0ap08ZmThQbndHHp7AcJjCldSALEkTzXh+u ++7D5pZc8jRTdBgKB6E5M/n7Nw41oU/1pJV3kZeoK0X4yBlhJIrh7EvfeAqxoNfCGJ ++MnYiA6zhik0cbh+79y3imnACse9ocy4spLoiAWMIdgKowP83b5mmzM9bMjkoamt8 ++dnGXS5MsZN0d2wIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCHI5RDuqx9hu0anQRC ++dREc+3agRxq4C+Fo0mrsF1CWooO9lGyWvJqygiBGqOSjMi3D8AoyQXhxcvf1EniP ++CHCpqlP+h+6qILbtBizTTtHhceTpXiU5Se/yJvm9814jJrXVp10akShXzBlc4W/2 ++O0NX6b1B0De2z+YJydB+meZws7wgGD3eZCBr2uF2seYTNitKmNfUfq9UXxxCKcMu ++eeRzWGM1UDFaRbN7FKNo6YpUE21olZEjxF8xOfyuWOYxv8qNTck89SurOwj4as/o ++CLJLVQ7i/keqt1XXXOSpp46CkRoEmmuxHuql44dToQOLZH1RcZLOMHSPO3OdNo5Z ++o2Do ++-----END CERTIFICATE----- +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.srl +@@ -0,0 +1 @@ ++01 +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha1/ca/servers/localhost-cert.pem +@@ -0,0 +1,17 @@ ++-----BEGIN CERTIFICATE----- ++MIICrDCCAZQCAQEwDQYJKoZIhvcNAQEFBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5 ++c3RlbSBzZXJ2ZXIgcm9vdDAeFw0xOTA0MjgyMDU3MzhaFw0zMzAxMDQyMDU3Mzha ++MBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC ++AQoCggEBAMszRTCOAQqXf7xrz7Hm/FPzWWA0Gep1e5xcAz7Mq/8qFAUM+/4BABT/ ++WaPvAvYfPTdnT7sVTYMpcm4lztYnMvDbB/sZE7SVz0qov0POzN+lef5O8HxeisfW ++srgdntcYPOOH7mN5ZWGnDsqANTVj9w2kD/jM7cbryqiuCZ6HVKKsrBCtwxeBdahU ++h4dX7puZ2PhgT2mY4Z+p7P6a0D/A3um3LRI1ABGEiqlIzSaWGrD9CqhR/AqGNWRm ++v3+Z9Amf/VU+TfjZtEwNR8F9kHh9Idcqfyx+drQ+v/E/V6oCuIrnpEaJenZI+t41 ++z51UiuDUhZLE8ybEAgATlM+JFymbnEECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA ++dYM0WTSCb0AN6eGhlbyNsENnUwLYjDE7ojVD2pY0Ab4ik04DIfTm5piqEkz5HBaI ++1ZIEtYlImnvQ9cax1m+8LrVS2tflPpZ0CqWT+In7EncuI1lONZJfYELITDgU3LWx ++FEfNQJaOv0Uc8u8GG29d22a50/jTfZr20puM7mYQkLaUJLHgoTImYg6M8W3Ggkyt ++DO/yrtPUWm424wCYx+f3DgOrraFtiRLdqUpy5+bRqmzTuEFMAARqt4uudF6MR36n ++hBIXg1jYKGrZMLwi60vfdtwe+zpAV/7SRGLbekhB6iAcVIXuom2aD7rlIcJHW/wd ++hk9u7ie0JVDdu0R4I5Z9vw== ++-----END CERTIFICATE----- +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha1/raidfile.conf +@@ -0,0 +1,10 @@ ++ ++disc0 ++{ ++ SetNumber = 0 ++ BlockSize = 1024 ++ Dir0 = . ++ Dir1 = . ++ Dir2 = . ++} ++ +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha256/bbackupd.conf +@@ -0,0 +1,195 @@ ++ ++StoreHostname = localhost ++AccountNumber = 0x1234567 ++KeysFile = ./bbackupd/1234567-FileEncKeys.raw ++ ++CertificateFile = ./bbackupd/1234567-cert.pem ++PrivateKeyFile = ./bbackupd/1234567-key.pem ++TrustedCAsFile = ./bbackupd/serverCA.pem ++ ++DataDirectory = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2 ++ ++ ++# This script is run whenever bbackupd changes state or encounters a ++# problem which requires the system administrator to assist: ++# ++# 1) The store is full, and no more data can be uploaded. ++# 2) Some files or directories were not readable. ++# 3) A backup run starts or finishes. ++# ++# The default script emails the system administrator, except for backups ++# starting and stopping, where it does nothing. ++ ++NotifyScript = ./bbackupd/NotifySysadmin.sh ++ ++ ++# The number of seconds between backup runs under normal conditions. To avoid ++# cycles of load on the server, this time is randomly adjusted by a small ++# percentage as the daemon runs. ++ ++UpdateStoreInterval = 3600 ++ ++ ++# The minimum age of a file, in seconds, that will be uploaded. Avoids ++# repeated uploads of a file which is constantly being modified. ++ ++MinimumFileAge = 21600 ++ ++ ++# If a file is modified repeated, it won't be uploaded immediately in case ++# it's modified again, due to the MinimumFileAge specified above. However, it ++# should be uploaded eventually even if it is being modified repeatedly. This ++# is how long we should wait, in seconds, after first noticing a change. ++# (86400 seconds = 1 day) ++ ++MaxUploadWait = 86400 ++ ++# If the connection is idle for some time (e.g. over 10 minutes or 600 ++# seconds, not sure exactly how long) then the server will give up and ++# disconnect the client, resulting in Connection Protocol_Timeout errors ++# on the server and TLSReadFailed or TLSWriteFailed errors on the client. ++# Also, some firewalls and NAT gateways will kill idle connections after ++# similar lengths of time. ++# ++# This can happen for example when most files are backed up already and ++# don't need to be sent to the store again, while scanning a large ++# directory, or while calculating diffs of a large file. To avoid this, ++# KeepAliveTime specifies that special keep-alive messages should be sent ++# when the connection is otherwise idle for a certain length of time, ++# specified here in seconds. ++# ++# The default is that these messages are never sent, equivalent to setting ++# this option to zero, but we recommend that all users enable this. ++ ++KeepAliveTime = 120 ++ ++ ++# Files above this size (in bytes) are tracked, and if they are renamed they will simply be ++# renamed on the server, rather than being uploaded again. (64k - 1) ++ ++FileTrackingSizeThreshold = 65535 ++ ++ ++# The daemon does "changes only" uploads for files above this size (in bytes). ++# Files less than it are uploaded whole without this extra processing. ++ ++DiffingUploadSizeThreshold = 8192 ++ ++ ++# The limit on how much time is spent diffing files, in seconds. Most files ++# shouldn't take very long, but if you have really big files you can use this ++# to limit the time spent diffing them. ++# ++# * Reduce if you are having problems with processor usage. ++# ++# * Increase if you have large files, and think the upload of changes is too ++# large and you want bbackupd to spend more time searching for unchanged ++# blocks. ++ ++MaximumDiffingTime = 120 ++ ++ ++# Uncomment this line to see exactly what the daemon is going when it's connected to the server. ++ ++# ExtendedLogging = yes ++ ++ ++# This specifies a program or script script which is run just before each ++# sync, and ideally the full path to the interpreter. It will be run as the ++# same user bbackupd is running as, usually root. ++# ++# The script must output (print) either "now" or a number to STDOUT (and a ++# terminating newline, no quotes). ++# ++# If the result was "now", then the sync will happen. If it's a number, then ++# no backup will happen for that number of seconds (bbackupd will pause) and ++# then the script will be run again. ++# ++# Use this to temporarily stop bbackupd from syncronising or connecting to the ++# store. For example, you could use this on a laptop to only backup when on a ++# specific network, or when it has a working Internet connection. ++ ++# SyncAllowScript = /path/to/intepreter/or/exe script-name parameters etc ++ ++ ++# Where the command socket is created in the filesystem. ++ ++CommandSocket = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2/bbackupd.sock ++ ++# Uncomment the StoreObjectInfoFile to enable the experimental archiving ++# of the daemon's state (including client store marker and configuration) ++# between backup runs. This saves time and increases efficiency when ++# bbackupd is frequently stopped and started, since it removes the need ++# to rescan all directories on the remote server. However, it is new and ++# not yet heavily tested, so use with caution. ++ ++# StoreObjectInfoFile = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2/bbackupd.state ++ ++Server ++{ ++ PidFile = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2/bbackupd.pid ++} ++ ++ ++# BackupLocations specifies which locations on disc should be backed up. Each ++# directory is in the format ++# ++# name ++# { ++# Path = /path/of/directory ++# (optional exclude directives) ++# } ++# ++# 'name' is derived from the Path by the config script, but should merely be ++# unique. ++# ++# The exclude directives are of the form ++# ++# [Exclude|AlwaysInclude][File|Dir][|sRegex] = regex or full pathname ++# ++# (The regex suffix is shown as 'sRegex' to make File or Dir plural) ++# ++# For example: ++# ++# ExcludeDir = /home/guest-user ++# ExcludeFilesRegex = .(mp3|MP3)$ ++# AlwaysIncludeFile = /home/username/veryimportant.mp3 ++# ++# This excludes the directory /home/guest-user from the backup along with all mp3 ++# files, except one MP3 file in particular. ++# ++# In general, Exclude excludes a file or directory, unless the directory is ++# explicitly mentioned in a AlwaysInclude directive. However, Box Backup ++# does NOT scan inside excluded directories and will never back up an ++# AlwaysIncluded file or directory inside an excluded directory or any ++# subdirectory thereof. ++# ++# To back up a directory inside an excluded directory, use a configuration ++# like this, to ensure that each directory in the path to the important ++# files is included, but none of their contents will be backed up except ++# the directories further down that path to the important one. ++# ++# ExcludeDirsRegex = ^/home/user/bigfiles/ ++# ExcludeFilesRegex = ^/home/user/bigfiles/ ++# AlwaysIncludeDir = /home/user/bigfiles/path ++# AlwaysIncludeDir = /home/user/bigfiles/path/to ++# AlwaysIncludeDir = /home/user/bigfiles/path/important ++# AlwaysIncludeDir = /home/user/bigfiles/path/important/files ++# AlwaysIncludeDirsRegex = ^/home/user/bigfiles/path/important/files/ ++# AlwaysIncludeFilesRegex = ^/home/user/bigfiles/path/important/files/ ++# ++# If a directive ends in Regex, then it is a regular expression rather than a ++# explicit full pathname. See ++# ++# man 7 re_format ++# ++# for the regex syntax on your platform. ++ ++BackupLocations ++{ ++ home-chris-boxbackup-test-basicserver-testfiles-seclevel2 ++ { ++ Path = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2 ++ } ++} ++ +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-csr.pem +@@ -0,0 +1,15 @@ ++-----BEGIN CERTIFICATE REQUEST----- ++MIICXjCCAUYCAQAwGTEXMBUGA1UEAwwOQkFDS1VQLTEyMzQ1NjcwggEiMA0GCSqG ++SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeKRy4ppAb1cByCRkt2f1j+6iv7AWdF92p ++nPlzXPbLhP/edfuyVPFyBY46p+z6j4p9TrccMjUi4RPMx6dqyL2/o3Qzg3PhoHPq ++2fexEkrBSJ1bbL6hXjadzE53wiONj/8nSzFyzqR3/IhKNM0ssR10cqq64VgoiWOR ++GHYTTEbQy1k9WvoReC+diTEqIDBLif1EQJ+c/3iUopqtaVZWNS1LV5DX/u2Y1anX ++gO1s8jQaYlTtyNZyOi9lwXYXj4mH0mil2Hfh3IKD6GqB4HpFDUZ0/NHFRDvjdwfW ++4RTad55l8dWparOyie/QzFRj6Ua1746FsbUw2pERdmHAMshLpxkNAgMBAAGgADAN ++BgkqhkiG9w0BAQsFAAOCAQEAuW/o02Ga2yICJSJIrq44T+dIddakxhUPfIvAEWXs ++7Cap9qzmBNOAfzFqvbdVgsqC9/WCnpumf9ZpjkXvUy/6EB77HbtiJAXukT2DvFbo ++7mvbuh10YGv/AdZxLR2tMXmk9YqV6kgXdXFn18u8Vv35aYa4hru5q16m9QVhkeW+ ++UAJCsjhYVISVWW5Pss5mgL058viMHt3T5X3+2ybMdsfLe5BfRbsPxnFClKfBg6QS ++3yH5JxQdfJlg64z4uQNHNbsWJ5mRBPEYawZ2ge+HmWb6xnuGLR3Dg5ZbbB0hvAO6 ++kw7sZ1at9bX+MWz7rTvgKyxFXcGVXZ40/UQlgfzMiLEAHg== ++-----END CERTIFICATE REQUEST----- +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-key.pem +@@ -0,0 +1,27 @@ ++-----BEGIN RSA PRIVATE KEY----- ++MIIEpAIBAAKCAQEA3ikcuKaQG9XAcgkZLdn9Y/uor+wFnRfdqZz5c1z2y4T/3nX7 ++slTxcgWOOqfs+o+KfU63HDI1IuETzMenasi9v6N0M4Nz4aBz6tn3sRJKwUidW2y+ ++oV42ncxOd8IjjY//J0sxcs6kd/yISjTNLLEddHKquuFYKIljkRh2E0xG0MtZPVr6 ++EXgvnYkxKiAwS4n9RECfnP94lKKarWlWVjUtS1eQ1/7tmNWp14DtbPI0GmJU7cjW ++cjovZcF2F4+Jh9Jopdh34dyCg+hqgeB6RQ1GdPzRxUQ743cH1uEU2neeZfHVqWqz ++sonv0MxUY+lGte+OhbG1MNqREXZhwDLIS6cZDQIDAQABAoIBAF1cH5LFhGf+ItqJ ++Ukh/hEnBFzme0RkcT22Y5weA+MG8SZ6eLEDcC38kMIobya3eJo/URYUW4FehCKYU ++/RkV9Q+UzB9dzZPyzuPR55JFIp8pOd+SymWb5w3XLt6K+k/iRJKpucUKa/l0aX3t ++xI9UexFVosPYMSkP24S9J9miQ1w4X8D1laJPi5KWrbdzDZxy5geoNmS0veQl6mRf ++91Owxsa15wQpxNoVesAiGbrHb5ljMsBovYgljRL6rqA9THXPXfcDkWkabfGai/kD ++AktxqPGUELxjD7gSO5G4ygCcGTeIEJbOfwgDtr59V518kVzwVNAxOKb7lfDM/l4D ++v0H3liECgYEA+nh1RjwOm2db+yW0hQ2DTCA84by2AyKP7nCwD7CjrGaXrm7zfQ+U ++VqSgpDg+xH9/Caa9P1n6zSZSEiXrCePQL6UsREj8sd+st7Uah9eQOc3vywxizGN6 ++VMqqmctn+gKKxkmv8T6YtWblDDqOA/7yYlCaH0l7WUO+HKAl7MhaGgUCgYEA4xCo ++2bGwbaT7lLdFtOU2+erM2lbA4NzBkR7Mjpq16JiPPFdSF680XBRL0uNR0r2GFucM ++gG8Z+ktV1QosY22546Z3fl7+jcyZC4uramDicpAxnmEGIdPnqIkEPhZzKvV0uRGj ++tXs2qnJ9ztK7hf+PRwdQEvqCNLkoy+pQPG/bSWkCgYAvH36g6ietYTLS+3MNHU+4 ++gNAzgDeWO2hs6dKWARuqEdszvDgfLVExQ+PdQZ+9hGc4P6CXTKx88Fq8g1nHEI9Y ++h3DeoAS6ymRKY85MBGhkF7SntPrZjVW0ojSansQ/Kz9EsxRhBO/iISuys0mIwuyD ++RrrYbBDC6JXZ+N9pvwAEqQKBgQCI4DgI0pY54iRN55S7kRjs2l+Wlok6g5ijtF82 ++74gMqDpf83tnD5SOlSWIAMQIN3snPyxIF7EfMl6RR8quPSy7UFPj97uXGuh/DzjL ++rY+T49wlTvN1XNnevIm0K7BNCx3LmhiHg7jWUqIIFPw5sG5cMMpSRnRK9/rhwWOQ ++qxUTUQKBgQDYUi6255mUI23dYxCyY7P6rIcGiKqhiAJ5HbGShMFhpA94WS3m6YmJ ++sQTip0kykY168klOcRqt8y3RLS5UB1aYBMYvtFuk5wbUcuXFeGcIsuUIZeR3iueg ++G0MEhf9hgmBK/xkpfoiLJ+E0hFHqER57N6KCuEK0NWC1Vgqo8X79MQ== ++-----END RSA PRIVATE KEY----- +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/NotifySysadmin.sh +@@ -0,0 +1,70 @@ ++#!/bin/sh ++ ++# This script is run whenever bbackupd changes state or encounters a ++# problem which requires the system administrator to assist: ++# ++# 1) The store is full, and no more data can be uploaded. ++# 2) Some files or directories were not readable. ++# 3) A backup run starts or finishes. ++# ++# The default script emails the system administrator, except for backups ++# starting and stopping, where it does nothing. ++ ++SUBJECT="BACKUP PROBLEM on host debian-unstable" ++SENDTO="chris" ++ ++if [ "$1" = "" ]; then ++ echo "Usage: $0 <store-full|read-error|backup-ok|backup-error|backup-start|backup-finish>" >&2 ++ exit 2 ++elif [ "$1" = store-full ]; then ++ sendmail: $SENDTO <<EOM ++Subject: $SUBJECT (store full) ++To: $SENDTO ++ ++ ++The store account for debian-unstable is full. ++ ++============================= ++FILES ARE NOT BEING BACKED UP ++============================= ++ ++Please adjust the limits on account 1234567 on server localhost. ++ ++EOM ++elif [ "$1" = read-error ]; then ++sendmail: $SENDTO <<EOM ++Subject: $SUBJECT (read errors) ++To: $SENDTO ++ ++ ++Errors occured reading some files or directories for backup on debian-unstable. ++ ++=================================== ++THESE FILES ARE NOT BEING BACKED UP ++=================================== ++ ++Check the logs on debian-unstable for the files and directories which caused ++these errors, and take appropriate action. ++ ++Other files are being backed up. ++ ++EOM ++elif [ "$1" = backup-start -o "$1" = backup-finish -o "$1" = backup-ok ]; then ++ # do nothing by default ++ true ++else ++sendmail: $SENDTO <<EOM ++Subject: $SUBJECT (unknown) ++To: $SENDTO ++ ++ ++The backup daemon on debian-unstable reported an unknown error ($1). ++ ++========================== ++FILES MAY NOT BE BACKED UP ++========================== ++ ++Please check the logs on debian-unstable. ++ ++EOM ++fi +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha256/bbstored.conf +@@ -0,0 +1,23 @@ ++ ++RaidFileConf = ./raidfile.conf ++AccountDatabase = ./bbstored/accounts.txt ++ ++# Uncomment this line to see exactly what commands are being received from clients. ++# ExtendedLogging = yes ++ ++# scan all accounts for files which need deleting every 15 minutes. ++ ++TimeBetweenHousekeeping = 900 ++ ++Server ++{ ++ PidFile = /var/run/bbstored.pid ++ User = chris ++ ListenAddresses = inet:localhost ++ CertificateFile = ./bbstored/localhost-cert.pem ++ PrivateKeyFile = ./bbstored/localhost-key.pem ++ TrustedCAsFile = ./bbstored/clientCA.pem ++ SSLSecurityLevel = 2 ++} ++ ++ +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-csr.pem +@@ -0,0 +1,15 @@ ++-----BEGIN CERTIFICATE REQUEST----- ++MIICWTCCAUECAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B ++AQEFAAOCAQ8AMIIBCgKCAQEA9Uk3V+oultps1qwaJwo+w332tal2trjr5LCXoTuX ++UrO4+xJIBYKC2D7a+Nl2VUZw+Kr6UEI/wc7ROwM84s9l1jCZ5iXVrz/8XHYJvJXw ++uw3IDQESFbxZsrNg0FC8U7GEtVlCRnVr6B2RkciPkDXK3TVqdf43fv4rripPSE/d ++4hbAq/uPd5LZNUQdy6yFsMywG4cSqiaHw3hg4aLgF6EKXj29s8IFTiNhM1h8XrCB ++i0MfyCIq2jHVM1/ZRL10HA6cMvu/2E+ofrLETl6FlTzyC4WFQBqv0onFmKFIM5bt ++AVIok/NIWX5vpk1rqGnSOuW/6lhUO4yczExZadgDwx7YiwIDAQABoAAwDQYJKoZI ++hvcNAQEFBQADggEBAJVk9eAleSiTsV3Pdq3L01WEyndnmpbU1FcExJWg5xb95xbX ++Ojxi6g/NhBodAWl6GHJEUTQ+eJHrZ/hTLD6ZHeX9CGxmxOIvpKJCoOiQU7zamLaq ++K6aP8BoG21h2MccnbKlrSFF/c89SzH78r2fgWpUqFUCxobemKfvUbdHSaNlOWxh9 ++yO3q1P/ZK0wl/V0CG9kdkUfpl9OLATilBiJayrpX92Ef/U6JkX3ZFEG9vTGBSXXU ++5QQM7BrPDgMsaTNDv9N1oPCVrUKfQ7Ts2pTEKU/oMA8fYZKX2GFZ/LDXj4C7clQ4 ++LJakbh26NhrohTjecHvJCxIDAk2xLipwmXLmVoU= ++-----END CERTIFICATE REQUEST----- +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-key.pem +@@ -0,0 +1,27 @@ ++-----BEGIN RSA PRIVATE KEY----- ++MIIEowIBAAKCAQEA9Uk3V+oultps1qwaJwo+w332tal2trjr5LCXoTuXUrO4+xJI ++BYKC2D7a+Nl2VUZw+Kr6UEI/wc7ROwM84s9l1jCZ5iXVrz/8XHYJvJXwuw3IDQES ++FbxZsrNg0FC8U7GEtVlCRnVr6B2RkciPkDXK3TVqdf43fv4rripPSE/d4hbAq/uP ++d5LZNUQdy6yFsMywG4cSqiaHw3hg4aLgF6EKXj29s8IFTiNhM1h8XrCBi0MfyCIq ++2jHVM1/ZRL10HA6cMvu/2E+ofrLETl6FlTzyC4WFQBqv0onFmKFIM5btAVIok/NI ++WX5vpk1rqGnSOuW/6lhUO4yczExZadgDwx7YiwIDAQABAoIBAGc/FF6bIlU5R8rs ++0m1QcK7VHL3GwUOUfybZ9llVvhJ/uANm5I39K5peislor9ihN/hT791MpY2swoF2 ++kXBfIFySRJWNo26LHmzE+sA41QXHfUeMBdLEX3VK8Bt/gGYyOMwk8DK8RlmD6LxW ++kaeAHQ4T5+YWxcFct4IuKQUlKR565lHr6LRDaYmlDHzjksi/fx0ceMlD/RBje7YD ++HXPDdetNkSBvpHEcH2lINnrY0kBb5HQv57ipOdA8MfQ+Xf06SjqjhA6ZUOdsMjsn ++QVleXQsT1HQ5Ji///JbqVL5j68qkjza2HroyXgOgQdu+fuksHTXvMjvAnW7/z3u2 ++SpUd6WECgYEA/aBM7DKWeQdzlRCfosgv6SZ+ME0Lt5oBaHbbUYizi8DuylB196MJ ++xnP1QLa7MAYna6ASxDXIClqxG4x+d4lHpErmbYR4F0pa8/9teSbtUw3OXGe9ahZy ++HcpK3LSVV5ns8CjRsclNX86cn/Gxubw48gxjcjIA4qKUJv9KxCSAdoMCgYEA95Tu ++qhkXDGhBSSTqs51K8mHbTS4CrpCK6+5J++NP7AT4t2IHIaaQ7DtttAI9xFvwxD9U ++zFP2/lZVq1KSFATAoDhItUoC0SMlaFcrIxsIyq/UOqTTluf3in29rFHq3UN1rz9M ++X90Tfl5EhUvruVJOiJ5iYt97DJeVgOlWkU7qt1kCgYACEwWOCPviEYWIepJTqn95 ++0K7HhlnKLqBEUnSIvi15vyI01WOhmtvBm8EtvlDZm7NG1hBROn9gVk2MhCGkqKLF ++XTd1PdgdmKYVyMkEbKUUQNCnQNHzxCs6wyTJmVB/XurpK+xLH/JaDj6JsFhbxIZS ++tHc7v9zx/ZJonz3lTMcgMQKBgG+WPqOHv22mJ5ax/t6JjFgGZvM4Q5kuKI8BzXKs ++Fz+HVhpBInm2Oydd+aniQLiZv8CT0sJtLaugeehHxPMk2TTdaVfcTby5HIkUkKq3 ++6pR//yWXWI5xao6O8cgS+8pSN16PJvsmBz0ze6qgd1QFlsPYrvtlQm6Ae6+oe43u ++hbexAoGBAIKGmPAoQsBPEWkSs3nWyAPDHQ45NBoB23G0j01amf11Y/sQWhH+Mqfp ++mcU40xr/XwMlTVgALfW1Q048ftJ4D2oYPsUEG3Yiayqe8epl6V55QjGMpdEe/+mQ ++5VpndGimuUwxr9cyNShn6dngEg6D0hXfNqu4NFmt/2PH3x0D8eer ++-----END RSA PRIVATE KEY----- +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha256/ca/clients/1234567-cert.pem +@@ -0,0 +1,17 @@ ++-----BEGIN CERTIFICATE----- ++MIICsTCCAZkCAQEwDQYJKoZIhvcNAQELBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5 ++c3RlbSBjbGllbnQgcm9vdDAeFw0xOTA0MjgyMDUxNTlaFw0zMzAxMDQyMDUxNTla ++MBkxFzAVBgNVBAMMDkJBQ0tVUC0xMjM0NTY3MIIBIjANBgkqhkiG9w0BAQEFAAOC ++AQ8AMIIBCgKCAQEA3ikcuKaQG9XAcgkZLdn9Y/uor+wFnRfdqZz5c1z2y4T/3nX7 ++slTxcgWOOqfs+o+KfU63HDI1IuETzMenasi9v6N0M4Nz4aBz6tn3sRJKwUidW2y+ ++oV42ncxOd8IjjY//J0sxcs6kd/yISjTNLLEddHKquuFYKIljkRh2E0xG0MtZPVr6 ++EXgvnYkxKiAwS4n9RECfnP94lKKarWlWVjUtS1eQ1/7tmNWp14DtbPI0GmJU7cjW ++cjovZcF2F4+Jh9Jopdh34dyCg+hqgeB6RQ1GdPzRxUQ743cH1uEU2neeZfHVqWqz ++sonv0MxUY+lGte+OhbG1MNqREXZhwDLIS6cZDQIDAQABMA0GCSqGSIb3DQEBCwUA ++A4IBAQAEpEobzo6qm+GJw3Jgi7Gc/XBVBbib5Tp7fH0oyyzX7sSnbUWNUYNHLjMH ++CFFmeNsj2/x4P7JFK2shVy7lRnBt6RUi5zLtQyjhEF8OqV1rxb74hQHl4+7CiRUP ++Q1SRTJpdbdDwwAzd5UyDTAX3Glg73krDEHY+k0UCr0kczqcffVzgNmCklMzrCzZk ++Nz9KkUF+cMkFDz/5BRBj6I4M9b5ebkVYM32Gz0mAh/G/DcL5KGzWPL9KJ31pgkAP ++P8yrvZe2HwscKTJKnAK78M+75zzNv3539/V3y55lNNiyKF2q9Up4k3BE5PY9LDFJ ++fVZvMdAltZlFV1tlZksrsRoq3jsc ++-----END CERTIFICATE----- +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootCSR.pem +@@ -0,0 +1,15 @@ ++-----BEGIN CERTIFICATE REQUEST----- ++MIICaTCCAVECAQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5c3RlbSBjbGllbnQgcm9v ++dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKWLP1hzvhUgHs8gp6+w ++v3aIbsEHXjWOKfTpB4u+eubM4oA9XtXT0NiCLZQPy2BAtIOkazJ6sae6w2Qq2naj ++MDyTBclAgok3TLVI6whMkgxdB878uaKQb3sk7xg6yNI6iI7S70cTRM9JKF8ZPBMZ ++6ftPgoPooe1ka2kFTjhNgE6jO/DjAyWGpf7Q4cb2ELBdgrU+ehbz4Zz0hHZ0Ts5p ++KO8SxEkBX4FRP4sUkbuDM92UNcxyBxlrLg21ktDlIciftef9J94qQyx5HnotMWWp ++rj4Zi2mA8/i14op90CXPq/figj8zYkPyyx9KytKDSKcGgByxjNMBWzIAZ17doRgq ++1KkCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBVUqpA7BizyLkDut8sLYI4qyJA ++8Os+6IiSDyjyjf3C/hTbrbA31mtF0g3gbZFXnehVhop04zQYy3071OBYzuMx+/2F ++olylk7HWrScaKE0MDSSamfVTlSGiO2P+zPg32WKoZsOPPjSyrGF/l+A4TlTQJmFK ++SgapRRQVm3VDlkWO77c4EjpqoREPeSHVt+0m2490BY7aUT+kRlXl2nViSV52SS5j ++EDnb4N/9t60NRS2zaLtAr0DcRWemR+PzVKqKdNyhXdCeieQ9xzGGHK1vXpW/6kCo ++OHi/Xt4MHkt3hHxQQKOrK5dcsoqP9WxlnwOuuy9m9mVH4HUhi+S0KFtOytoX ++-----END CERTIFICATE REQUEST----- +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootKey.pem +@@ -0,0 +1,27 @@ ++-----BEGIN RSA PRIVATE KEY----- ++MIIEowIBAAKCAQEApYs/WHO+FSAezyCnr7C/dohuwQdeNY4p9OkHi7565szigD1e ++1dPQ2IItlA/LYEC0g6RrMnqxp7rDZCradqMwPJMFyUCCiTdMtUjrCEySDF0Hzvy5 ++opBveyTvGDrI0jqIjtLvRxNEz0koXxk8Exnp+0+Cg+ih7WRraQVOOE2ATqM78OMD ++JYal/tDhxvYQsF2CtT56FvPhnPSEdnROzmko7xLESQFfgVE/ixSRu4Mz3ZQ1zHIH ++GWsuDbWS0OUhyJ+15/0n3ipDLHkeei0xZamuPhmLaYDz+LXiin3QJc+r9+KCPzNi ++Q/LLH0rK0oNIpwaAHLGM0wFbMgBnXt2hGCrUqQIDAQABAoIBAFOJ4X2RaureOq3r ++nLNcTkJStxFR1ojQJPwiXFx40yyFWAe+8IyXR1z61GVTUx5PiMilwDLJF7280b1K ++otQbpcvrpY/ZrgXwkhUppvGZMlpq1/XsMwGGQbuy97USdSUhxKfOalFDuAWitWzI ++HzjEav8XMJXAX3acpldpBgADnCwSA5izEfwt2oGNtcYTHjxG4tR96UvgAxbVbxrU ++jg6zd0/Q7eI4MGYc5l2mGFcbAUbeqCOQmTB8eQY9cdXCotXgQSa2EKEt1aG7dEbA ++omwwm8+hGYIX4i/E3crFHO5qlbQqtqktvic1Axj3I4NEy+a4Gpja3y6k8gY4TWbS ++4+0BZMECgYEA2o6mRCyDNI13VhRdlAO6VDSAdf//8EMeMrANvAGl70de0Ri10ZL6 ++GdJLx31le94tVa5Dy+Qi9d9eYci9qIjMK1kUrLcVgvF63tbbOSpz37gESJe+wJYc ++xEW2eGRTUwHoYVqRjEi36kAKeWL4mxXeqzJE/ZUQZt2felr4dBJPyBsCgYEAweeS ++vV5TJsPlEazUZcRA2dMY8JG9tD1JFVVrlSC4xnLBOEXsC4dw74RsOhoMr69lBn6X ++xwcKtzsrx/s9NHI1s2AJXlz310Uj+gRB6/6foyyQDOtijfweZpm3zUNY5OwQ1VBZ ++M9J1YVI6xaa3BehQ0PHvx4U/WM9oFMc0upXaaosCgYEAmfo+MXGazn+MP90BQLKP ++p5uFlZzSWBcxQ0y9oGMY4MdLicz667e89Ewwj09NHEOfdOndYdxMtSS1ffbLh904 ++2qFb64LhaOtwQWbl9BRwpoEio3IlNdGMWssyjwc/nQ+PBGeme0sQJ70OpA6ST9DM ++m5hC+tT2RUKGhNFqkXwFMVkCgYBY3Jlg82ND9q55xSypXqEhsh5R0ViQyy08+6KL +++yzytRBbi5+7QNy+x38ZuWpq8QRpT4abDV0Zz6Imybqo2FZH2BEzD4P9QZBVObJE ++RrI+A2QYp57I1uvPtU6IYP7SGmU0fNgEacSlTxvkDJz/thGjT9zFIQmA17wpGYnO ++oHIyNQKBgEbA0apflhYExq2OZP3mjUM7Baf8MhGylUFnND68YKEr2aR5ihYuWxME ++yLSGIDORaVQBiVklze9MXPvJv6WF0nE3VrR5j0AsSoAF0MZBcCJcn5bod0pFRZXG ++PkxibqTmzJXJjGRuAKxbNR2+WFxKqc2hsev3hwOSXKYH4DbdCxQg ++-----END RSA PRIVATE KEY----- +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootCSR.pem +@@ -0,0 +1,15 @@ ++-----BEGIN CERTIFICATE REQUEST----- ++MIICaTCCAVECAQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5c3RlbSBzZXJ2ZXIgcm9v ++dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMqKzGuRMYTGC4GtM4Y ++sa/EcpfgdRDt1V54c7Qjarfz/6Uvb7dn+21IDgnSMImnBzKuE11KBS2WAPPSxyF9 ++Z+rNlry38pAVprnVv40dAUaohShxrkzgIYlZ866RonFYQ9mujMdynzGHB0jKH66T ++/enqFhEYzOuBcHyb7obgX+HmT95yAVhm6TvMuF8FR5CvrSqdnj141qJWdRmNeXH/ ++Eonz1mcFizHRuFZ0ymxjoegwxQkeSnoYyH2vUh3RkQ/iNZPhu9DdDjgZ6Z0m8mUc ++xMGqtwTqiYS8KEcAHvcEPoS44BO1aGTnJEwhABTLuEkTPCXl1HkRoq50ts+Cr9w6 ++vu8CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAhVOO7/mqt2AWFaOlMrXICPm5n ++judbMjQhOzaTmYr+Tb2lDlsQyiSm/EONpjC1F8PP6ig3oK8dzmIn9/qLOau6xM2Y ++JiaTTJXRX+/JC/AaZvvaiA0etc2JwAcfBijAudEKivA/qKh01SvCgB+IEx5rlR6S ++TPjLRO4ygig3qGHeHUsiPBzR4PZA669Is3/P4W8pIlDbCQHI91brQV4TlHJET2V5 +++y4et7ZduWvS6yEn29aiPq5UT36kWtJ9rhBFIiu2oUNnDiL7YUDIbdsl0I9LDPjw ++equwfb+dwjjO/bFQKB1RX4j5jUXj25bpe9FdB6iy36+3tLd1a0Oh4j6SEn2n ++-----END CERTIFICATE REQUEST----- +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootKey.pem +@@ -0,0 +1,27 @@ ++-----BEGIN RSA PRIVATE KEY----- ++MIIEowIBAAKCAQEA0yorMa5ExhMYLga0zhixr8Ryl+B1EO3VXnhztCNqt/P/pS9v ++t2f7bUgOCdIwiacHMq4TXUoFLZYA89LHIX1n6s2WvLfykBWmudW/jR0BRqiFKHGu ++TOAhiVnzrpGicVhD2a6Mx3KfMYcHSMofrpP96eoWERjM64FwfJvuhuBf4eZP3nIB ++WGbpO8y4XwVHkK+tKp2ePXjWolZ1GY15cf8SifPWZwWLMdG4VnTKbGOh6DDFCR5K ++ehjIfa9SHdGRD+I1k+G70N0OOBnpnSbyZRzEwaq3BOqJhLwoRwAe9wQ+hLjgE7Vo ++ZOckTCEAFMu4SRM8JeXUeRGirnS2z4Kv3Dq+7wIDAQABAoIBADUc0ih40MuRWe+Z ++uDhudaLkIn6Y8lkDuTs9yLxyfBEwygheWhcjjFX8XauStqqo3GKe7jf0ukCxDiRF ++y9hclpq0g0mMavJav8jWPovb08pV8Mgvb8veRBEsEuLBtr4TmV1TTg2MgwYOFIL2 ++c+mRR7hiLJK4TjKeKBDvl5tNLFDBC/2clHXnLCRb8rOKqwmseoPavi992QZ7+Yyq ++n0Dx5DOpr1cOcJEr4va8Sornd3LjLuNMjm7XzgIryR5pvLM0ns8Fy2ihyKl7Hd3s ++ek9c5fh0jbhz6s28K8laWm9bhozdMQ12y1U5z0PJV+VOwTX/M9UCK1+CpvmjTim5 ++NeD93QECgYEA924yXRdUXpOlxJifJ49n88gytHOVcgitrdlZNCAE7aKdYcQW7VSY ++7IjUyXH/Mi2zlWKpXYGllOoDW71PhLiMuEtaNfLdToXgHEMGvj+vGw9ZRqs6HY2w ++wGyOrxg5VcSOfSpAom4gCGRqxWhHtY/rzFOy7oZePJuRbjcqrAeGQmECgYEA2npt ++dGHwp20S5tyd7n1H6Fe2m1t/vjxGsGFfwbFggGIu9lVQxgAQiimzHgBDOjSzs163 ++PmuWWUDmHllB9AmJw4wrbAyiHNOmdi4rgY0ez5G6Q9sviFQeFJZzHhe6G1+CcafL +++oSU+Ej7zznMpyU85vcxFz70JvRZ4BeD0PtZI08CgYEAsXEGjzoG2Fh8PdPR91Xh ++j7NXoY9ucjwFCbLgRQBdaGoBAbbVVlgf3yl1qA2nnL2nlw8NNLCgJX348JZ/60dK ++K3Rmel/0E7bwdHQg5tjW48oLFSIAaGdPhX+Uh78QhxCRuvNNLO9a64nQBEf3fR58 ++VKkFngcgl8hc8DSB1qMCxqECgYAOZ54J219DmrRxVkBvdgEkt4vJqHm+sDi07mai ++3bAQJukTwsJFm8F7ao5tvvSvxMPIYslQK0XJcrb5b0ci8PINW5ONVzPlFKtYBWlG ++7GgIpYITcUMsCOfG0bibVlMl9OEj3z1ash0kVaOMoTH2H0VpsQiikLsGSnwWg1Zk ++k/3njwKBgD6Nu6kj4BSWGZacLtePJQzxlsnYiDm9SSmrtqJ1lnpbqo4/Zp5bCHS9 ++qMOUv+Hcwpsb3IYI8np1ekZfKi7xFXcRjxKRYnDURQgQKwPeHZ06ht7X0DdTXuiY ++K97byeb9hks3QNE1k1EuXue7IXS657Fq5IZrN+NQ6vkqq/X7e91X ++-----END RSA PRIVATE KEY----- +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.pem +@@ -0,0 +1,18 @@ ++-----BEGIN CERTIFICATE----- ++MIICzzCCAbcCFAiy3jWfhXnxRqZJCbjzFQzsU3p/MA0GCSqGSIb3DQEBCwUAMCQx ++IjAgBgNVBAMMGUJhY2t1cCBzeXN0ZW0gY2xpZW50IHJvb3QwHhcNMTkwNDI4MjA1 ++MTU1WhcNMzgwMTE4MjA1MTU1WjAkMSIwIAYDVQQDDBlCYWNrdXAgc3lzdGVtIGNs ++aWVudCByb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYs/WHO+ ++FSAezyCnr7C/dohuwQdeNY4p9OkHi7565szigD1e1dPQ2IItlA/LYEC0g6RrMnqx ++p7rDZCradqMwPJMFyUCCiTdMtUjrCEySDF0Hzvy5opBveyTvGDrI0jqIjtLvRxNE ++z0koXxk8Exnp+0+Cg+ih7WRraQVOOE2ATqM78OMDJYal/tDhxvYQsF2CtT56FvPh ++nPSEdnROzmko7xLESQFfgVE/ixSRu4Mz3ZQ1zHIHGWsuDbWS0OUhyJ+15/0n3ipD ++LHkeei0xZamuPhmLaYDz+LXiin3QJc+r9+KCPzNiQ/LLH0rK0oNIpwaAHLGM0wFb ++MgBnXt2hGCrUqQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAvHW8APi1lhEguSXDc ++X/k5ETL1YJzlEfIn4HKL7kcKo5IOdyHaIigGCWM7atwKeGBtTRl8CTY4wt1L7d+A ++LDzF07MlKL/KiX1yPw9ZzHBhKNLYgmKsRL5cgW/YLYEAGD0lTwW7llsqZ40jJ1+X ++CWomYEzVpGW76MprYge4Oj+4PRXaZikkn7pzlZVcGJbzr1Q+JaFNLRkAMPK4pRXj ++AOSLQpIuc0DzftzC8tHbyLMifrHYdibHaujsvu1mV4NeYhO63ZB8S5Xyz1JlpsEQ ++rieLH1/9dnWue7yBCpI+QMRq+zK92HxiCCaM0d6xpSsbI5IawkqmoWj9gYol0EnX ++ImLj ++-----END CERTIFICATE----- +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.srl +@@ -0,0 +1 @@ ++01 +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.pem +@@ -0,0 +1,18 @@ ++-----BEGIN CERTIFICATE----- ++MIICzzCCAbcCFFv62JnwctULelqlEY+sZTPEb7ekMA0GCSqGSIb3DQEBCwUAMCQx ++IjAgBgNVBAMMGUJhY2t1cCBzeXN0ZW0gc2VydmVyIHJvb3QwHhcNMTkwNDI4MjA1 ++MTU1WhcNMzgwMTE4MjA1MTU1WjAkMSIwIAYDVQQDDBlCYWNrdXAgc3lzdGVtIHNl ++cnZlciByb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0yorMa5E ++xhMYLga0zhixr8Ryl+B1EO3VXnhztCNqt/P/pS9vt2f7bUgOCdIwiacHMq4TXUoF ++LZYA89LHIX1n6s2WvLfykBWmudW/jR0BRqiFKHGuTOAhiVnzrpGicVhD2a6Mx3Kf ++MYcHSMofrpP96eoWERjM64FwfJvuhuBf4eZP3nIBWGbpO8y4XwVHkK+tKp2ePXjW ++olZ1GY15cf8SifPWZwWLMdG4VnTKbGOh6DDFCR5KehjIfa9SHdGRD+I1k+G70N0O ++OBnpnSbyZRzEwaq3BOqJhLwoRwAe9wQ+hLjgE7VoZOckTCEAFMu4SRM8JeXUeRGi ++rnS2z4Kv3Dq+7wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAI6THIONT6lgNq3Bvg ++TCBqkBA1W/k372Pktt6IDFW44dT0J9/oq2o6ZNHycpKS3VwS4C05XbU/v5hE/k2O ++Cu3/y3en+dJIv4Wl2JTPaSRF/4J46sXNtizVAJDKoE3ZHt1viCjsWyllGXoaavce ++fWYppf3g6ImhyAkzlCfyVph2F0vmLZL41K3C040e+GpXdzG1Yy1+2USPhz0Ch+kd ++jqIErNp9OnPRd1yRb1YD+dQ7Wei5vB3OXMk3UQiG9AJ2qmxlEem5lTSpt9fTvWfU ++OAjTynvWbHTULjxvOeenW7cD5ILSr2zVDYQ53KTWjP9NfmsQTAFzkqJztPpB2A0o ++CKG2 ++-----END CERTIFICATE----- +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.srl +@@ -0,0 +1 @@ ++02 +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert-sha1.pem +@@ -0,0 +1,17 @@ ++-----BEGIN CERTIFICATE----- ++MIICrDCCAZQCAQIwDQYJKoZIhvcNAQEFBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5 ++c3RlbSBzZXJ2ZXIgcm9vdDAeFw0xOTA0MjkxOTI3NDRaFw0zMzAxMDUxOTI3NDRa ++MBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC ++AQoCggEBAPVJN1fqLpbabNasGicKPsN99rWpdra46+Swl6E7l1KzuPsSSAWCgtg+ ++2vjZdlVGcPiq+lBCP8HO0TsDPOLPZdYwmeYl1a8//Fx2CbyV8LsNyA0BEhW8WbKz ++YNBQvFOxhLVZQkZ1a+gdkZHIj5A1yt01anX+N37+K64qT0hP3eIWwKv7j3eS2TVE ++HcushbDMsBuHEqomh8N4YOGi4BehCl49vbPCBU4jYTNYfF6wgYtDH8giKtox1TNf ++2US9dBwOnDL7v9hPqH6yxE5ehZU88guFhUAar9KJxZihSDOW7QFSKJPzSFl+b6ZN ++a6hp0jrlv+pYVDuMnMxMWWnYA8Me2IsCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA ++E8KZNWzkbNwhcVEHR34IxVYPy1uppI/jtVOsQGGSVC1UscAWyGiQWPxqMhwYxsVn ++gz7QYj1oKye1VRuJNTekARvBRFZzWhAi0qGlpiC5yilZB8IlhYUABmgPjg+PuhAF ++xSd+IGVlm/+sisClsPG9DpesyK6+C2ukpVXyaXWR+1/IrQuUpWKLT1pPamVH3zWK ++anT+62bbk0XuxsVqCkGx+aPLesCHAfTNuAxWfkbXXcA+HoGNy3IpmpJGhyCnf1je ++eL6Wf6sAY44y7wQlwHimbi4kOge+UFLIKkqhHSDO2pzyPc02Gs1bBRd94+v2z5h7 ++OkIcTqwiJLjLLIWV4WsdwA== ++-----END CERTIFICATE----- +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert.pem +@@ -0,0 +1,17 @@ ++-----BEGIN CERTIFICATE----- ++MIICrDCCAZQCAQEwDQYJKoZIhvcNAQELBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5 ++c3RlbSBzZXJ2ZXIgcm9vdDAeFw0xOTA0MjgyMDUxNTdaFw0zMzAxMDQyMDUxNTda ++MBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC ++AQoCggEBAPVJN1fqLpbabNasGicKPsN99rWpdra46+Swl6E7l1KzuPsSSAWCgtg+ ++2vjZdlVGcPiq+lBCP8HO0TsDPOLPZdYwmeYl1a8//Fx2CbyV8LsNyA0BEhW8WbKz ++YNBQvFOxhLVZQkZ1a+gdkZHIj5A1yt01anX+N37+K64qT0hP3eIWwKv7j3eS2TVE ++HcushbDMsBuHEqomh8N4YOGi4BehCl49vbPCBU4jYTNYfF6wgYtDH8giKtox1TNf ++2US9dBwOnDL7v9hPqH6yxE5ehZU88guFhUAar9KJxZihSDOW7QFSKJPzSFl+b6ZN ++a6hp0jrlv+pYVDuMnMxMWWnYA8Me2IsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA ++fu1wVNuZLkO0e8+oYAnznL7oknE8QJGAd/P2/MqgfsnBXHS0UVl+5L8DQdvCBarr ++vDO/CVL9/ZGj30CipA556cz1pYDtx5TV2GLtfKHKJhoftbgswmt1pPowIIa8zlBA ++SOERy2ooXGnrA5kii+fifkiWy1R0FmJTKZ2jX41Xq60FwXWX7cyCq/xRI+V08HrY ++mNJ2rmAjyWpWZpPNOtQ/SYIX1s2KoPw4XMxfiP5fiMOl3RqEVBkW0h9Hxikl8wKY ++EmA/ESm1F6lnRXvGXWDGQIFCRf2Rv0KlPvNPA/GLZMr0ibYIjc4KnIxKFg//GQF3 ++LUYpyJyToT8hE49ypG18mQ== ++-----END CERTIFICATE----- +--- /dev/null ++++ b/test/basicserver/testfiles/seclevel2-sha256/raidfile.conf +@@ -0,0 +1,10 @@ ++ ++disc0 ++{ ++ SetNumber = 0 ++ BlockSize = 1024 ++ Dir0 = . ++ Dir1 = . ++ Dir2 = . ++} ++ +--- /dev/null ++++ b/test/basicserver/testfiles/srv3-seclevel2-sha1.conf +@@ -0,0 +1,8 @@ ++Server ++{ ++ PidFile = testfiles/srv3.pid ++ ListenAddresses = inet:localhost,unix:testfiles/srv3.sock ++ CertificateFile = testfiles/seclevel2-sha1/ca/servers/localhost-cert.pem ++ PrivateKeyFile = testfiles/seclevel2-sha1/bbstored/localhost-key.pem ++ TrustedCAsFile = testfiles/seclevel2-sha1/ca/roots/clientCA.pem ++} +--- /dev/null ++++ b/test/basicserver/testfiles/srv3-seclevel2-sha256.conf +@@ -0,0 +1,8 @@ ++Server ++{ ++ PidFile = testfiles/srv3.pid ++ ListenAddresses = inet:localhost,unix:testfiles/srv3.sock ++ CertificateFile = testfiles/seclevel2-sha256/ca/servers/localhost-cert.pem ++ PrivateKeyFile = testfiles/seclevel2-sha256/bbstored/localhost-key.pem ++ TrustedCAsFile = testfiles/seclevel2-sha256/ca/roots/clientCA.pem ++} +--- a/test/bbackupd/testbbackupd.cpp ++++ b/test/bbackupd/testbbackupd.cpp +@@ -26,6 +26,10 @@ + #include <sys/wait.h> + #endif + ++#ifdef HAVE_PWD_H ++ #include <pwd.h> ++#endif ++ + #ifdef HAVE_SYS_XATTR_H + #include <cerrno> + #include <sys/xattr.h> +@@ -428,7 +432,8 @@ bool kill_running_daemons() + } + + bool setup_test_bbackupd(BackupDaemon& bbackupd, bool do_unpack_files = true, +- bool do_start_bbstored = true) ++ bool do_start_bbstored = true, ++ const std::string& bbackupd_conf_file = "testfiles/bbackupd.conf") + { + Timers::Cleanup(false); // don't throw exception if not initialised + Timers::Init(); +@@ -469,8 +474,7 @@ bool setup_test_bbackupd(BackupDaemon& b + #endif + } + +- TEST_THAT_OR(configure_bbackupd(bbackupd, "testfiles/bbackupd.conf"), +- FAIL); ++ TEST_THAT_OR(configure_bbackupd(bbackupd, bbackupd_conf_file), FAIL); + spDaemon = &bbackupd; + return true; + } +@@ -985,13 +989,14 @@ bool test_entry_deleted(BackupStoreDirec + + bool compare(BackupQueries::ReturnCode::Type expected_status, + const std::string& bbackupquery_options = "", +- const std::string& compare_options = "-acQ") ++ const std::string& compare_options = "-acQ", ++ const std::string& bbackupd_conf_file = "testfiles/bbackupd.conf") + { + std::string cmd = BBACKUPQUERY; + cmd += " "; + cmd += (expected_status == BackupQueries::ReturnCode::Compare_Same) + ? "-Wwarning" : "-Werror"; +- cmd += " -c testfiles/bbackupd.conf "; ++ cmd += " -c " + bbackupd_conf_file; + cmd += " " + bbackupquery_options; + cmd += " \"compare " + compare_options + "\" quit"; + +@@ -4039,6 +4044,113 @@ bool test_parse_syncallowscript_output() + TEARDOWN_TEST_BBACKUPD(); + } + ++ ++bool test_bbackupd_config_script() ++{ ++ SETUP_TEST_BBACKUPD(); ++ ++#ifdef WIN32 ++ BOX_NOTICE("skipping test on this platform"); // TODO: write a PowerShell version ++#else ++ char buf[PATH_MAX]; ++ if (getcwd(buf, sizeof(buf)) == NULL) ++ { ++ BOX_LOG_SYS_ERROR("getcwd"); ++ } ++ std::string current_dir = buf; ++ ++ TEST_THAT(mkdir("testfiles/tmp", 0777) == 0); ++ TEST_THAT(mkdir("testfiles/TestDir1", 0777) == 0); ++ ++ // Generate a new configuration for our test bbackupd, from scratch: ++ std::string cmd = "../../../bin/bbackupd/bbackupd-config " + ++ current_dir + "/testfiles/tmp " // config-dir ++ "lazy " // backup-mode ++ "12345 " // account-num ++ "localhost " + // server-hostname ++ current_dir + "/testfiles " + // working-dir ++ current_dir + "/testfiles/TestDir1"; // backup directories ++ TEST_RETURN(system(cmd.c_str()), 0) ++ ++ // Open the generated config file and add a StorePort line: ++ { ++ FileStream conf_file("testfiles/tmp/bbackupd.conf", O_WRONLY | O_APPEND); ++ conf_file.IOStream::Write("StorePort = 22011\n"); ++ conf_file.Close(); ++ } ++ ++ // Generate a new configuration for our test bbstored, from scratch: ++ struct passwd *result = getpwuid(getuid()); ++ TEST_THAT_OR(result != NULL, FAIL); // failed to get username for current user ++ std::string username = result->pw_name; ++ ++ cmd = "../../../bin/bbstored/bbstored-config testfiles/tmp localhost " + username + " " ++ "testfiles/raidfile.conf"; ++ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) ++ ++ cmd = "sed -i.orig -e 's/\\(ListenAddresses = inet:localhost\\)/\\1:22011/' " ++ "-e 's@PidFile = .*/run/bbstored.pid@PidFile = testfiles/bbstored.pid@' " ++ "testfiles/tmp/bbstored.conf"; ++ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) ++ ++ // Create a server certificate authority, and sign the client and server certificates: ++ cmd = "../../../bin/bbstored/bbstored-certs testfiles/tmp/ca init"; ++ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) ++ ++ cmd = "echo yes | ../../../bin/bbstored/bbstored-certs testfiles/tmp/ca sign " ++ "testfiles/tmp/bbackupd/12345-csr.pem"; ++ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) ++ ++ cmd = "echo yes | ../../../bin/bbstored/bbstored-certs testfiles/tmp/ca sign-server " ++ "testfiles/tmp/bbstored/localhost-csr.pem"; ++ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) ++ ++ // Copy the certificate files into the right places ++ cmd = "cp testfiles/tmp/ca/clients/12345-cert.pem testfiles/tmp/bbackupd"; ++ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) ++ ++ cmd = "cp testfiles/tmp/ca/roots/serverCA.pem testfiles/tmp/bbackupd"; ++ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) ++ ++ cmd = "cp testfiles/tmp/ca/servers/localhost-cert.pem testfiles/tmp/bbstored"; ++ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) ++ ++ cmd = "cp testfiles/tmp/ca/roots/clientCA.pem testfiles/tmp/bbstored"; ++ TEST_RETURN(system(cmd.c_str()), 0) ++ ++ cmd = BBSTOREACCOUNTS " -c testfiles/tmp/bbstored.conf create 12345 0 1M 2M"; ++ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) ++ ++ bbstored_pid = StartDaemon(bbstored_pid, BBSTORED " " + bbstored_args + ++ " -o testfiles/tmp/bbstored.log testfiles/tmp/bbstored.conf", ++ "testfiles/bbstored.pid"); ++ ++ { ++ Capture capture; ++ Logging::TempLoggerGuard guard(&capture); ++ ++ BackupDaemon bbackupd; ++ TEST_THAT( ++ setup_test_bbackupd( ++ bbackupd, ++ true, // do_unpack_files ++ false, // !do_start_bbstored ++ "testfiles/tmp/bbackupd.conf") ++ ); ++ ++ bbackupd.RunSyncNow(); ++ } ++ ++ TEST_THAT(compare(BackupQueries::ReturnCode::Compare_Same, ++ "-otestfiles/tmp/bbackupquery.log", "-acQ", "testfiles/tmp/bbackupd.conf")); ++ ++ TEST_THAT(StopServer()); ++#endif // !WIN32 ++ ++ TEARDOWN_TEST_BBACKUPD(); ++} ++ ++ + int test(int argc, const char *argv[]) + { + // SSL library +@@ -4104,6 +4216,7 @@ int test(int argc, const char *argv[]) + TEST_THAT(test_backup_many_files()); + TEST_THAT(test_parse_incomplete_command()); + TEST_THAT(test_parse_syncallowscript_output()); ++ TEST_THAT(test_bbackupd_config_script()); + + TEST_THAT(kill_running_daemons()); + diff --git a/debian/patches/series b/debian/patches/series index f52e7b08..2e1b5c86 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,2 +1,3 @@ 03-adjust-syslog-facility.diff 05-dont_use_net_for_docs.diff +openssl1.1.patch diff --git a/infrastructure/cmake/CMakeLists.txt b/infrastructure/cmake/CMakeLists.txt index e6f46148..e98ef4c2 100644 --- a/infrastructure/cmake/CMakeLists.txt +++ b/infrastructure/cmake/CMakeLists.txt @@ -71,13 +71,6 @@ function(move_file_if_exists source_file dest_file) endif() endfunction() -foreach(file_to_configure ${files_to_configure}) - configure_file("${base_dir}/${file_to_configure}.in" "${base_dir}/${file_to_configure}.out" @ONLY) - replace_file_if_different( - "${base_dir}/${file_to_configure}" - "${base_dir}/${file_to_configure}.out") -endforeach() - # If BOXBACKUP_VERSION is defined when running CMake (as the AppVeyor config does), use it # as-is, since it contains the full version number, branch, and platform (Win32/Win64): if(BOXBACKUP_VERSION) @@ -375,6 +368,7 @@ file(WRITE "${boxconfig_h_file}" "// Auto-generated by CMake. Do not edit.\n") if(WIN32) target_link_libraries(lib_common PUBLIC ws2_32 gdi32) + list(APPEND CMAKE_REQUIRED_LIBRARIES ws2_32 gdi32) endif() # On Windows we want to statically link zlib to make debugging and distribution easier, @@ -430,6 +424,7 @@ else() endif() include_directories(${OPENSSL_INCLUDE_DIR}) target_link_libraries(lib_crypto PUBLIC ${OPENSSL_LIBRARIES}) +list(APPEND CMAKE_REQUIRED_LIBRARIES ${OPENSSL_LIBRARIES}) # Link to PCRE if (WIN32) @@ -608,6 +603,9 @@ foreach(function_name ${detect_functions}) file(APPEND "${boxconfig_h_file}" "#cmakedefine HAVE_${platform_var_name}\n") endforeach() +check_function_exists(SSL_CTX_set_security_level HAVE_SSL_CTX_SET_SECURITY_LEVEL) +file(APPEND "${boxconfig_h_file}" "#cmakedefine HAVE_SSL_CTX_SET_SECURITY_LEVEL\n") + check_symbol_exists(dirfd "dirent.h" HAVE_DECL_DIRFD) file(APPEND "${boxconfig_h_file}" "#cmakedefine01 HAVE_DECL_DIRFD\n") @@ -824,6 +822,13 @@ file(TO_NATIVE_PATH "${PERL_EXECUTABLE}" perl_executable_native) string(REPLACE "\\" "\\\\" perl_path_escaped ${perl_executable_native}) target_compile_definitions(test_backupstorefix PRIVATE -DPERL_EXECUTABLE="${perl_path_escaped}") +foreach(file_to_configure ${files_to_configure}) + configure_file("${base_dir}/${file_to_configure}.in" "${base_dir}/${file_to_configure}.out" @ONLY) + replace_file_if_different( + "${base_dir}/${file_to_configure}" + "${base_dir}/${file_to_configure}.out") +endforeach() + # Configure test timeouts: # I've set the timeout to 4 times as long as it took to run on a particular run on Appveyor: # https://ci.appveyor.com/project/qris/boxbackup/build/job/xm10itascygtu93j diff --git a/infrastructure/m4/boxbackup_tests.m4 b/infrastructure/m4/boxbackup_tests.m4 index 86aa560a..f2b44ff0 100644 --- a/infrastructure/m4/boxbackup_tests.m4 +++ b/infrastructure/m4/boxbackup_tests.m4 @@ -142,7 +142,8 @@ AC_SEARCH_LIBS( Upgrade or read the documentation for alternatives]]) fi ]) - +AC_CHECK_FUNCS([SSL_CTX_set_security_level], [HAVE_SSL_CTX_SET_SECURITY_LEVEL=1]) +AC_SUBST([HAVE_SSL_CTX_SET_SECURITY_LEVEL]) ### Checks for header files. diff --git a/lib/common/BoxPortsAndFiles.h.in b/lib/common/BoxPortsAndFiles.h.in index 047a828f..8978cd4c 100644 --- a/lib/common/BoxPortsAndFiles.h.in +++ b/lib/common/BoxPortsAndFiles.h.in @@ -20,6 +20,10 @@ // directory within the RAIDFILE root for the backup store daemon #define BOX_RAIDFILE_ROOT_BBSTORED "backup" +// default security level if SSLSecurityLevel is not specified: see +// https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates +const int BOX_DEFAULT_SSL_SECURITY_LEVEL = 1; + // configuration file paths #ifdef WIN32 // no default config file path, use these macros to call diff --git a/lib/common/Test.h b/lib/common/Test.h index 4b5cef61..32f8220d 100644 --- a/lib/common/Test.h +++ b/lib/common/Test.h @@ -23,6 +23,7 @@ #define BBACKUPQUERY "..\\..\\bin\\bbackupquery\\bbackupquery.exe" #define BBSTOREACCOUNTS "..\\..\\bin\\bbstoreaccounts\\bbstoreaccounts.exe" #define TEST_RETURN(actual, expected) TEST_EQUAL(expected, actual); +#define TEST_RETURN_COMMAND(actual, expected, command) TEST_EQUAL_LINE(expected, actual, command); #else #define BBACKUPCTL "../../bin/bbackupctl/bbackupctl" #define BBACKUPD "../../bin/bbackupd/bbackupd" @@ -30,6 +31,7 @@ #define BBACKUPQUERY "../../bin/bbackupquery/bbackupquery" #define BBSTOREACCOUNTS "../../bin/bbstoreaccounts/bbstoreaccounts" #define TEST_RETURN(actual, expected) TEST_EQUAL((expected << 8), actual); +#define TEST_RETURN_COMMAND(actual, expected, command) TEST_EQUAL_LINE((expected << 8), actual, command); #endif extern int num_failures; diff --git a/lib/server/TLSContext.cpp b/lib/server/TLSContext.cpp index 1a6d4a53..d3f41f45 100644 --- a/lib/server/TLSContext.cpp +++ b/lib/server/TLSContext.cpp @@ -14,6 +14,7 @@ #include "autogen_ConnectionException.h" #include "autogen_ServerException.h" +#include "BoxPortsAndFiles.h" #include "CryptoUtils.h" #include "SSLLib.h" #include "TLSContext.h" @@ -84,6 +85,14 @@ void TLSContext::Initialise(bool AsServer, const char *CertificatesFile, const c THROW_EXCEPTION(ServerException, TLSAllocationFailed) } +#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL + BOX_WARNING("This version of Box Backup overrides the system-wide SSLSecurityLevel for " + "backwards compatibility. Please upgrade as soon as possible. See " + "https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates#workaround-2 " + "for details"); + SSL_CTX_set_security_level(mpContext, BOX_DEFAULT_SSL_SECURITY_LEVEL); +#endif + // Setup our identity if(::SSL_CTX_use_certificate_chain_file(mpContext, CertificatesFile) != 1) { diff --git a/test/backupstorefix/testbackupstorefix.cpp b/test/backupstorefix/testbackupstorefix.cpp index 38492bd1..6099f133 100644 --- a/test/backupstorefix/testbackupstorefix.cpp +++ b/test/backupstorefix/testbackupstorefix.cpp @@ -671,8 +671,13 @@ int test(int argc, const char *argv[]) char name[256]; while(::fgets(line, sizeof(line), f) != 0) { - TEST_THAT(::sscanf(line, "%x %s %s", &id, - flags, name) == 3); + if(StartsWith("WARNING: This version of Box Backup overrides the " + "system-wide SSLSecurityLevel", line)) + { + continue; + } + TEST_EQUAL_LINE(3, ::sscanf(line, "%x %s %s", &id, flags, name), + "Unexpected format in initial-listing.txt: <" << line << ">"); bool isDir = (::strcmp(flags, "-d---") == 0); //TRACE3("%x,%d,%s\n", id, isDir, name); MEMLEAKFINDER_NO_LEAKS; diff --git a/test/backupstorefix/testfiles/testbackupstorefix.pl.in b/test/backupstorefix/testfiles/testbackupstorefix.pl.in index fc807155..177b3b70 100755 --- a/test/backupstorefix/testfiles/testbackupstorefix.pl.in +++ b/test/backupstorefix/testfiles/testbackupstorefix.pl.in @@ -148,18 +148,20 @@ elsif($ARGV[0] eq 'reroot') or die "can't open copy listing file"; my $err = 0; my $count = 0; - while(<LISTING>) + while(my $line = <LISTING>) { - print LISTING_COPY; - chomp; - s/\[FILENAME NOT ENCRYPTED\]//; - next if /^WARNING: \*\*\*\* BackupStoreFilename encoded with Clear encoding \*\*\*\*/; - my ($id,$type,$name) = split / /; + print LISTING_COPY $line; + chomp $line; + $line =~s/\[FILENAME NOT ENCRYPTED\]//; + next if $line =~ /^WARNING: \*\*\*\* BackupStoreFilename encoded with Clear encoding \*\*\*\*/; + next if $line =~ /^WARNING: This version of Box Backup overrides the system-wide SSLSecurityLevel/; + my ($id,$type,$name) = split / /, $line; $count++; if($name !~ /\Alost\+found0/) { # everything must be in a lost and found dir - $err = 1 + print "Expected '$name' to be in a lost+found directory, but it was not ($line)"; + $err = 1; } } close LISTING_COPY; diff --git a/test/basicserver/testbasicserver.cpp b/test/basicserver/testbasicserver.cpp index 6f2def54..4aeded6c 100644 --- a/test/basicserver/testbasicserver.cpp +++ b/test/basicserver/testbasicserver.cpp @@ -449,6 +449,80 @@ void TestStreamReceive(TestProtocolClient &protocol, int value, bool uncertainst TEST_THAT(count == (24273*3)); // over 64 k of data, definately } +bool test_security_level(int cert_level) +{ + int old_num_failures = num_failures; + + // Context first + TLSContext context; + if(cert_level == 0) + { + context.Initialise(false /* client */, + "testfiles/clientCerts.pem", + "testfiles/clientPrivKey.pem", + "testfiles/clientTrustedCAs.pem"); + } + else if(cert_level == 1) + { + context.Initialise(false /* client */, + "testfiles/seclevel2-sha1/ca/clients/1234567-cert.pem", + "testfiles/seclevel2-sha1/bbackupd/1234567-key.pem", + "testfiles/seclevel2-sha1/ca/roots/serverCA.pem"); + } + else if(cert_level == 2) + { + context.Initialise(false /* client */, + "testfiles/seclevel2-sha256/ca/clients/1234567-cert.pem", + "testfiles/seclevel2-sha256/bbackupd/1234567-key.pem", + "testfiles/seclevel2-sha256/ca/roots/serverCA.pem"); + } + else + { + TEST_FAIL_WITH_MESSAGE("No certificates generated for level " << cert_level); + return false; + } + + SocketStreamTLS conn; + conn.Open(context, Socket::TypeINET, "localhost", 2003); + + return (num_failures == old_num_failures); // no new failures -> good +} + +// Test the certificates that were distributed with the Box Backup source since ancient times, +// which have only 1024-bit keys, and thus fail with "ee key too small". +bool test_ancient_certificates() +{ + int old_num_failures = num_failures; + + // Level -1 (allow weaker, with warning) should pass with any certificates: + TEST_THAT(test_security_level(0)); // cert_level + + return (num_failures == old_num_failures); // no new failures -> good +} + +// Test a set of more recent certificates, which have a longer key but are signed using the SHA1 +// algorithm instead of SHA256, which fail with "ca md too weak" instead. +bool test_old_certificates() +{ + int old_num_failures = num_failures; + + // Level -1 (allow weaker, with warning) should pass with any certificates: + TEST_THAT(test_security_level(1)); // cert_level + + return (num_failures == old_num_failures); // no new failures -> good +} + + +bool test_new_certificates() +{ + int old_num_failures = num_failures; + + // Level -1 (allow weaker, with warning) should pass with any certificates: + TEST_THAT(test_security_level(2)); // cert_level + + return (num_failures == old_num_failures); // no new failures -> good +} + int test(int argc, const char *argv[]) { @@ -682,6 +756,11 @@ int test(int argc, const char *argv[]) TEST_THAT(ServerIsAlive(pid)); #endif + // Try testing with different security levels, check that the behaviour is + // as documented at: + // https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates + TEST_THAT(test_ancient_certificates()); + // Kill it TEST_THAT(KillServer(pid)); ::sleep(1); @@ -691,6 +770,24 @@ int test(int argc, const char *argv[]) TestRemoteProcessMemLeaks("test-srv3.memleaks"); #endif } + + cmd = TEST_EXECUTABLE " --test-daemon-args="; + cmd += test_args; + cmd += " srv3 testfiles/srv3-seclevel2-sha1.conf"; + pid = LaunchServer(cmd, "testfiles/srv3.pid"); + + TEST_THAT(pid != -1 && pid != 0); + TEST_THAT(test_old_certificates()); + TEST_THAT(KillServer(pid)); + + cmd = TEST_EXECUTABLE " --test-daemon-args="; + cmd += test_args; + cmd += " srv3 testfiles/srv3-seclevel2-sha256.conf"; + pid = LaunchServer(cmd, "testfiles/srv3.pid"); + + TEST_THAT(pid != -1 && pid != 0); + TEST_THAT(test_new_certificates()); + TEST_THAT(KillServer(pid)); } //protocolserver: diff --git a/test/basicserver/testfiles/seclevel2-sha1/bbackupd.conf b/test/basicserver/testfiles/seclevel2-sha1/bbackupd.conf new file mode 100644 index 00000000..eb37d9ab --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/bbackupd.conf @@ -0,0 +1,196 @@ + +StoreHostname = localhost +AccountNumber = 0x1234567 +KeysFile = ./bbackupd/1234567-FileEncKeys.raw + +CertificateFile = ./bbackupd/1234567-cert.pem +PrivateKeyFile = ./bbackupd/1234567-key.pem +TrustedCAsFile = ./bbackupd/serverCA.pem +SSLSecurityLevel = 2 + +DataDirectory = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1 + + +# This script is run whenever bbackupd changes state or encounters a +# problem which requires the system administrator to assist: +# +# 1) The store is full, and no more data can be uploaded. +# 2) Some files or directories were not readable. +# 3) A backup run starts or finishes. +# +# The default script emails the system administrator, except for backups +# starting and stopping, where it does nothing. + +NotifyScript = ./bbackupd/NotifySysadmin.sh + + +# The number of seconds between backup runs under normal conditions. To avoid +# cycles of load on the server, this time is randomly adjusted by a small +# percentage as the daemon runs. + +UpdateStoreInterval = 3600 + + +# The minimum age of a file, in seconds, that will be uploaded. Avoids +# repeated uploads of a file which is constantly being modified. + +MinimumFileAge = 21600 + + +# If a file is modified repeated, it won't be uploaded immediately in case +# it's modified again, due to the MinimumFileAge specified above. However, it +# should be uploaded eventually even if it is being modified repeatedly. This +# is how long we should wait, in seconds, after first noticing a change. +# (86400 seconds = 1 day) + +MaxUploadWait = 86400 + +# If the connection is idle for some time (e.g. over 10 minutes or 600 +# seconds, not sure exactly how long) then the server will give up and +# disconnect the client, resulting in Connection Protocol_Timeout errors +# on the server and TLSReadFailed or TLSWriteFailed errors on the client. +# Also, some firewalls and NAT gateways will kill idle connections after +# similar lengths of time. +# +# This can happen for example when most files are backed up already and +# don't need to be sent to the store again, while scanning a large +# directory, or while calculating diffs of a large file. To avoid this, +# KeepAliveTime specifies that special keep-alive messages should be sent +# when the connection is otherwise idle for a certain length of time, +# specified here in seconds. +# +# The default is that these messages are never sent, equivalent to setting +# this option to zero, but we recommend that all users enable this. + +KeepAliveTime = 120 + + +# Files above this size (in bytes) are tracked, and if they are renamed they will simply be +# renamed on the server, rather than being uploaded again. (64k - 1) + +FileTrackingSizeThreshold = 65535 + + +# The daemon does "changes only" uploads for files above this size (in bytes). +# Files less than it are uploaded whole without this extra processing. + +DiffingUploadSizeThreshold = 8192 + + +# The limit on how much time is spent diffing files, in seconds. Most files +# shouldn't take very long, but if you have really big files you can use this +# to limit the time spent diffing them. +# +# * Reduce if you are having problems with processor usage. +# +# * Increase if you have large files, and think the upload of changes is too +# large and you want bbackupd to spend more time searching for unchanged +# blocks. + +MaximumDiffingTime = 120 + + +# Uncomment this line to see exactly what the daemon is going when it's connected to the server. + +# ExtendedLogging = yes + + +# This specifies a program or script script which is run just before each +# sync, and ideally the full path to the interpreter. It will be run as the +# same user bbackupd is running as, usually root. +# +# The script must output (print) either "now" or a number to STDOUT (and a +# terminating newline, no quotes). +# +# If the result was "now", then the sync will happen. If it's a number, then +# no backup will happen for that number of seconds (bbackupd will pause) and +# then the script will be run again. +# +# Use this to temporarily stop bbackupd from syncronising or connecting to the +# store. For example, you could use this on a laptop to only backup when on a +# specific network, or when it has a working Internet connection. + +# SyncAllowScript = /path/to/intepreter/or/exe script-name parameters etc + + +# Where the command socket is created in the filesystem. + +CommandSocket = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1/bbackupd.sock + +# Uncomment the StoreObjectInfoFile to enable the experimental archiving +# of the daemon's state (including client store marker and configuration) +# between backup runs. This saves time and increases efficiency when +# bbackupd is frequently stopped and started, since it removes the need +# to rescan all directories on the remote server. However, it is new and +# not yet heavily tested, so use with caution. + +# StoreObjectInfoFile = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1/bbackupd.state + +Server +{ + PidFile = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1/bbackupd.pid +} + + +# BackupLocations specifies which locations on disc should be backed up. Each +# directory is in the format +# +# name +# { +# Path = /path/of/directory +# (optional exclude directives) +# } +# +# 'name' is derived from the Path by the config script, but should merely be +# unique. +# +# The exclude directives are of the form +# +# [Exclude|AlwaysInclude][File|Dir][|sRegex] = regex or full pathname +# +# (The regex suffix is shown as 'sRegex' to make File or Dir plural) +# +# For example: +# +# ExcludeDir = /home/guest-user +# ExcludeFilesRegex = .(mp3|MP3)$ +# AlwaysIncludeFile = /home/username/veryimportant.mp3 +# +# This excludes the directory /home/guest-user from the backup along with all mp3 +# files, except one MP3 file in particular. +# +# In general, Exclude excludes a file or directory, unless the directory is +# explicitly mentioned in a AlwaysInclude directive. However, Box Backup +# does NOT scan inside excluded directories and will never back up an +# AlwaysIncluded file or directory inside an excluded directory or any +# subdirectory thereof. +# +# To back up a directory inside an excluded directory, use a configuration +# like this, to ensure that each directory in the path to the important +# files is included, but none of their contents will be backed up except +# the directories further down that path to the important one. +# +# ExcludeDirsRegex = ^/home/user/bigfiles/ +# ExcludeFilesRegex = ^/home/user/bigfiles/ +# AlwaysIncludeDir = /home/user/bigfiles/path +# AlwaysIncludeDir = /home/user/bigfiles/path/to +# AlwaysIncludeDir = /home/user/bigfiles/path/important +# AlwaysIncludeDir = /home/user/bigfiles/path/important/files +# AlwaysIncludeDirsRegex = ^/home/user/bigfiles/path/important/files/ +# AlwaysIncludeFilesRegex = ^/home/user/bigfiles/path/important/files/ +# +# If a directive ends in Regex, then it is a regular expression rather than a +# explicit full pathname. See +# +# man 7 re_format +# +# for the regex syntax on your platform. + +BackupLocations +{ + home-chris-boxbackup-test-basicserver-testfiles-seclevel2-sha1 + { + Path = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1 + } +} + diff --git a/test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-csr.pem b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-csr.pem new file mode 100644 index 00000000..340116ed --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-csr.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICXjCCAUYCAQAwGTEXMBUGA1UEAwwOQkFDS1VQLTEyMzQ1NjcwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrSHZEUGZxLnDFr0B02Utd5rF6YwYmhzLG +WNBnC0FBrCN0qJgjEHpQ0jqMGA9vIvBuesYhBmk8hOyJFHNtJB8MJyeHvKSwdwlF +Isz+gr60RGAKj290nSdFgMvMgkdqz6Vg4R9t94fzhxjk/BJyNjr8r+64hffIOQmM +YlmADLX38BLRLAfbVVkq/bRgqBFtmvFYTZKl6of1jVSWQLcXGShWE45lc5Hpd+qv +DRjzsQukb3gJmKU4DMW1BCaS8W6v7R0MG/5CooiwMRrct8puH4IeIDrByBz/0mRP +fMPjR2qpjx4EmLRcC39lGVBTnXLYM1XGIYsX7f1ssYZZXSSajUp9AgMBAAGgADAN +BgkqhkiG9w0BAQUFAAOCAQEAbDRc2PW9WnUu7F1g/mWQW8aGhyzMcYTp28kVEtMC +dvvbNLFWtWPXktM9PjR6F+3QRQktdXwYXsTctmGL4vvSKFd66gw4HklGe+Opiiw/ +o9F6E2PAFzRYbMio7UYevs/RhktaJRkVyd81e8LtFHuUD3vqBY84NVeKwmxnbdoK +jzBj3x3COkLLiPTWjb+RgxnPWcNtXhLAcATZeCKBo4U0gvRL1NTMCslIumdhtD8h +BQOdEaSP2sB8o3mMEh8W5tgja4zWv1GszJK9sJNL/EZag331/++5H06yf8vPhQW7 +rqRHA33CUe7XiqAkXp+Rgq5W97qcKIlo4uKRzCsTYC/QUg== +-----END CERTIFICATE REQUEST----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-key.pem b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-key.pem new file mode 100644 index 00000000..9ee696ee --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAq0h2RFBmcS5wxa9AdNlLXeaxemMGJocyxljQZwtBQawjdKiY +IxB6UNI6jBgPbyLwbnrGIQZpPITsiRRzbSQfDCcnh7yksHcJRSLM/oK+tERgCo9v +dJ0nRYDLzIJHas+lYOEfbfeH84cY5PwScjY6/K/uuIX3yDkJjGJZgAy19/AS0SwH +21VZKv20YKgRbZrxWE2SpeqH9Y1UlkC3FxkoVhOOZXOR6Xfqrw0Y87ELpG94CZil +OAzFtQQmkvFur+0dDBv+QqKIsDEa3LfKbh+CHiA6wcgc/9JkT3zD40dqqY8eBJi0 +XAt/ZRlQU51y2DNVxiGLF+39bLGGWV0kmo1KfQIDAQABAoIBAHLetfI6uXlOW/M4 +BVJYKGNhQ8WAg69zHGpJRfrVYX5Zo62pI97gPifV1c3+lNtD41s0m4uqcQlVXAzS +2lZn0yqjV6+ApDJ0opLrM++8X4kmEgMDDwx2GNBUAFm3RY4slAzU7e8iAtsfz2JC +a1yNYiH1G3RE5FgzaGPt0Xg/DgqorT6uR5/jIzlSpqRse9sXG4/uGEmfkogMwvU+ +gmcMOs+Jm7HbLMIGxzBydNTFoup1YUVSCuIjdJBpWRCbBaeYeTSoQgdAPALtwJgz +v8quFaJOkJMKIaXOF+1VN8w5rPTJJdfHtYITz6i0V5A7qSHR5jckbm0UWcXnEdaZ +YvkKRUECgYEA4krb4xrXLuSbUv70dKXybyNxEFK+IVG6NZG4+iaW8B8oU8+q8FzM +HPYAdppYKkYrjslKWIOwZdTsYa4Z8U/uhmMv4OpcCq7nYv6W/g1N/AMd8pEJvV9m +EQ5hY1uMg3rgorYWGDyh3HcYl2q4/9EJiPKUVoZb9IPeO3Po3TgK8A8CgYEAwcTf +EHJVs5F2mnetRhETpC5IGUB9OKbPm+JR6+BNFsh1vaPosobfYOzO6PJm0H/z4jMN +n29oc1SAphUXegE6gbVO8/hd9S4OhTq8egFO9Y/BN3/lHUYe/RPs2BZ+Foh70PH7 +9l6K/UDrwJ458hBrFM/DCcjRRcw12GBPUZ8xkLMCgYEAlND8GDc/igQnLYajhs7X +R0V8hmqTxN+1YKNLjZ6xJoqm/68TUG0Ggok5NsY78tkgrg8sSFeaOu2y4m4Xe33A +dDpoczZMf24UlyKsc7iWL4RxPmMpj5NcUR0u6KN9Hb5CWl762seM/qqHzpQNw5ZZ ++ejlqp1DfeL21Axe+JRxhPsCgYEAiYEWtoocbRhd7RHeYWl+4bSCL4FHG2usyjdZ +4SREMFXCz/fACuiRHiwOTNqvwWf7ftqx4SFjIuylerZe+ZJjnWY3iAQJURME9OCQ +nZfOG46PE75rrVF0bi20lken5H+oNcdzAQtoYH2wjvj5r+CczKD/DDN45qoaz9jQ +kOCCgOcCgYBDeOUq+6UoZMmx1c/H4MnRWMpHu0hNfivDEeJMYkxLMA98clstohc7 +T4B4gaoCewJ5XVR72k+Oqgvy++d4g5EpRjFE8hVNjw7Vo3WP0+X5iI+TmBuLKh/c +Wl10t7jLE25vyLJs4nmQd4hav9gWMbP5l99sVq61DM6bMuRcQnyeIA== +-----END RSA PRIVATE KEY----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/bbackupd/NotifySysadmin.sh b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/NotifySysadmin.sh new file mode 100644 index 00000000..48e8cf8e --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/NotifySysadmin.sh @@ -0,0 +1,70 @@ +#!/bin/sh + +# This script is run whenever bbackupd changes state or encounters a +# problem which requires the system administrator to assist: +# +# 1) The store is full, and no more data can be uploaded. +# 2) Some files or directories were not readable. +# 3) A backup run starts or finishes. +# +# The default script emails the system administrator, except for backups +# starting and stopping, where it does nothing. + +SUBJECT="BACKUP PROBLEM on host debian-unstable" +SENDTO="chris" + +if [ "$1" = "" ]; then + echo "Usage: $0 <store-full|read-error|backup-ok|backup-error|backup-start|backup-finish>" >&2 + exit 2 +elif [ "$1" = store-full ]; then + sendmail: $SENDTO <<EOM +Subject: $SUBJECT (store full) +To: $SENDTO + + +The store account for debian-unstable is full. + +============================= +FILES ARE NOT BEING BACKED UP +============================= + +Please adjust the limits on account 1234567 on server localhost. + +EOM +elif [ "$1" = read-error ]; then +sendmail: $SENDTO <<EOM +Subject: $SUBJECT (read errors) +To: $SENDTO + + +Errors occured reading some files or directories for backup on debian-unstable. + +=================================== +THESE FILES ARE NOT BEING BACKED UP +=================================== + +Check the logs on debian-unstable for the files and directories which caused +these errors, and take appropriate action. + +Other files are being backed up. + +EOM +elif [ "$1" = backup-start -o "$1" = backup-finish -o "$1" = backup-ok ]; then + # do nothing by default + true +else +sendmail: $SENDTO <<EOM +Subject: $SUBJECT (unknown) +To: $SENDTO + + +The backup daemon on debian-unstable reported an unknown error ($1). + +========================== +FILES MAY NOT BE BACKED UP +========================== + +Please check the logs on debian-unstable. + +EOM +fi diff --git a/test/basicserver/testfiles/seclevel2-sha1/bbstored.conf b/test/basicserver/testfiles/seclevel2-sha1/bbstored.conf new file mode 100644 index 00000000..25425dfa --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/bbstored.conf @@ -0,0 +1,23 @@ + +RaidFileConf = ./raidfile.conf +AccountDatabase = ./bbstored/accounts.txt + +# Uncomment this line to see exactly what commands are being received from clients. +# ExtendedLogging = yes + +# scan all accounts for files which need deleting every 15 minutes. + +TimeBetweenHousekeeping = 900 + +Server +{ + PidFile = /var/run/bbstored.pid + User = chris + ListenAddresses = inet:localhost + CertificateFile = ./bbstored/localhost-cert.pem + PrivateKeyFile = ./bbstored/localhost-key.pem + TrustedCAsFile = ./bbstored/clientCA.pem + SSLSecurityLevel = 2 +} + + diff --git a/test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-csr.pem b/test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-csr.pem new file mode 100644 index 00000000..db9fe3f7 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-csr.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICWTCCAUECAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAyzNFMI4BCpd/vGvPseb8U/NZYDQZ6nV7nFwDPsyr +/yoUBQz7/gEAFP9Zo+8C9h89N2dPuxVNgylybiXO1icy8NsH+xkTtJXPSqi/Q87M +36V5/k7wfF6Kx9ayuB2e1xg844fuY3llYacOyoA1NWP3DaQP+MztxuvKqK4JnodU +oqysEK3DF4F1qFSHh1fum5nY+GBPaZjhn6ns/prQP8De6bctEjUAEYSKqUjNJpYa +sP0KqFH8CoY1ZGa/f5n0CZ/9VT5N+Nm0TA1HwX2QeH0h1yp/LH52tD6/8T9XqgK4 +iuekRol6dkj63jXPnVSK4NSFksTzJsQCABOUz4kXKZucQQIDAQABoAAwDQYJKoZI +hvcNAQEFBQADggEBACN8kdjf8P/OBMVytAKxWlXDAtG5A8qZz4e+aNM4JfXF//fP +pS5c+m0rpt6aop4N5n5MWyL54eJlhh+yyNdm2RmHvybJKHLTRCPzP3gtHaVZ4v2V +xWbDW+LuLMhDp70Ci1/CGWv+fQ2jmKPAtXGcbIsvjI+swLRtJDTwNV6B/dbS5QyF +6n8O+pSLS6l7vsXginavB+VLAWWdtCbZAgId9Io0BePN/LpVb2bLgzGfzBInSCFl +4bBN3dqC7nFkXdk+EXseA0L1NYUpXZoperzxMgDG74IMPwIomkb3elNP7xpz3Zgg +Y5xwL05H5Jj5aW3Ao9mY3LKK8ZmAQnljOsyQsKc= +-----END CERTIFICATE REQUEST----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-key.pem b/test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-key.pem new file mode 100644 index 00000000..885892b3 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAyzNFMI4BCpd/vGvPseb8U/NZYDQZ6nV7nFwDPsyr/yoUBQz7 +/gEAFP9Zo+8C9h89N2dPuxVNgylybiXO1icy8NsH+xkTtJXPSqi/Q87M36V5/k7w +fF6Kx9ayuB2e1xg844fuY3llYacOyoA1NWP3DaQP+MztxuvKqK4JnodUoqysEK3D +F4F1qFSHh1fum5nY+GBPaZjhn6ns/prQP8De6bctEjUAEYSKqUjNJpYasP0KqFH8 +CoY1ZGa/f5n0CZ/9VT5N+Nm0TA1HwX2QeH0h1yp/LH52tD6/8T9XqgK4iuekRol6 +dkj63jXPnVSK4NSFksTzJsQCABOUz4kXKZucQQIDAQABAoIBACvo7mCprwvs5QuA +eKdG9OvnQD8LwzXpIUcOkxz0+Y3wN9dHkQS4jp36+BH2yjsJUR8x0gbpeZCIWlP3 +E5Uvb1Cg5D6ckqeJX/wQLxSmEZualJwhztHxVCgO+xvSOsrcT/wTGa6hQwkxIn8b +6WOaMH7gHxtynUdJGMgOo8GAGQf1yVganOo8hk/jARjln3Cyg+0018a8P0bZHI5L +2EJgXSvVo5N4s0sVxMTDUX80YMmpH5M1duCYRitJwZCDMg5xOjootvfzw9pDD40/ +JsQHxdCfotDEBOVym7mKqxOUowwA+8vKG5yOkG7Fb7QmO9UkujqBCQs7n9q+0wj5 +3OV872ECgYEA+YwqJ+vk8EK6Eo4ZJmYNhreKDtfTCiv4CRpxWimyf8fShhPSpcur +JSMl7OLuJhqsWIoGs5v1QSMhaSckLVq5lSZ7czVyC/ZFmhXN8LmfdYJ3LuSfEhG/ +ma9c2qXXC9EbTgdRg5lFSIugBFEHv+656Jn6Oj4hN/V8bd0EDgSY7Q0CgYEA0HRR +esMH2YSGztoauzl0FmOHrH53diTpCNBzh2ZEwQgHcTbHK3VfDqN0bsUx4SwZW/Wj +o7elnrBDHdVa8LMbUq7DH5YzRnfbGJHcKhUCTI3eT0wfpKvnyptIwRaKozS313rx ++5ZePf51krnYTs6p73Nvu7ALUwTLLi57PZQKJwUCgYB2B0JlEWB99sF1RzpD/B7H +qgWlUZUiiXtOKvCT+YbQgx1ihvupqTPwY7hrW0XSRelgEyBqUQhl34zM5FNrFC8U +iVf4PL4NRFTVNRzrj5AJD0T5q+5EqJpbwSKE081rbGKivDlkqdioIEn14LFuqSXL +CxDb/UjO49APUmq5ipkd/QKBgQCfSxPsrNb1yMk/jvn4coochchq72WYudH+c1Sl +dmg53knZoROISTPvusbB0x0vxgRG+qom9LKyVl2jkaPh5eyOPZBMNfpO8k5SMzw8 +SDuuhocIr9JKgzco44swSmp9F08ZchEywZCY7TepfS0n49OGcP9EPN4afcJKMyjo +QJWVhQKBgH47nr45MgQJIoeUzmDPL/N9jAlG4+MvfsGvZxtGeRij68TYFStPEccO +GJH09GQZgxvz8YbamC4KEA67PlwOdm/4ITs4HAE+tX6gaYeXG8XTw/azQdx0ZhXu +EIhyRvSeCfXq/hi4Qef2yIx3YLarPXw1E38Xtl0MOl+yGg827Imt +-----END RSA PRIVATE KEY----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/clients/1234567-cert.pem b/test/basicserver/testfiles/seclevel2-sha1/ca/clients/1234567-cert.pem new file mode 100644 index 00000000..d3f3acba --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/clients/1234567-cert.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICsTCCAZkCAQEwDQYJKoZIhvcNAQEFBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5 +c3RlbSBjbGllbnQgcm9vdDAeFw0xOTA0MjgyMDU3NDBaFw0zMzAxMDQyMDU3NDBa +MBkxFzAVBgNVBAMMDkJBQ0tVUC0xMjM0NTY3MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAq0h2RFBmcS5wxa9AdNlLXeaxemMGJocyxljQZwtBQawjdKiY +IxB6UNI6jBgPbyLwbnrGIQZpPITsiRRzbSQfDCcnh7yksHcJRSLM/oK+tERgCo9v +dJ0nRYDLzIJHas+lYOEfbfeH84cY5PwScjY6/K/uuIX3yDkJjGJZgAy19/AS0SwH +21VZKv20YKgRbZrxWE2SpeqH9Y1UlkC3FxkoVhOOZXOR6Xfqrw0Y87ELpG94CZil +OAzFtQQmkvFur+0dDBv+QqKIsDEa3LfKbh+CHiA6wcgc/9JkT3zD40dqqY8eBJi0 +XAt/ZRlQU51y2DNVxiGLF+39bLGGWV0kmo1KfQIDAQABMA0GCSqGSIb3DQEBBQUA +A4IBAQBvwLWvNs2FhwNhjCA0A4r6hbKcdZDqmHT+EJpf1Os/f5A1fTah5u2UvNiQ +jYkI7u5dds/pSRDQ+1itbq2ltHq59QolMDN80xbrqgW2SCYIzBqR5i+plIIlGaM+ +Cih9QUrbZO1qBSA9nvuqFOGdi4tca+rkkuogWWNsngEydS32EmcI/cTcrubMKnYT +aW3+z46D42uZwljlhjnDDRbbvwpqd1h4NPbJcadelZnG3fsO0MCWi8LLp8Sepot7 +oDoseZ55JtYSjQuLFzfvgbvdkl/AQS1J+0Tjf2pq1zjIJmZ8qCuCP694z2BzRMTp +y0vJrXoCFTpVaNZZJx+x8ZqKjp3J +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootCSR.pem b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootCSR.pem new file mode 100644 index 00000000..e5bb872b --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootCSR.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICaTCCAVECAQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5c3RlbSBjbGllbnQgcm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcxnm27tjpmhPdI23hV +VLerRKdYRutug9EaVwoegRzsnx/+6vBrnXQFbqenA2MR9yMhje+CJqZJcKoEyN6o +hSuv2vpMUOxLquUjhzv184rxp8dVcz1E6zpnxo5vJw8NoxN65SEjMKxFcO8e/RwQ +Pb8Yot1wEantMZKUu9qQ45lPCJH1VdPES09D6yMc62P7gOkybR4MZE7t2Wm9Bbx6 +H3Ag9OaSuYJOhf3614SvZQFmUlr07X/RFGsAixXi7CWqMjPKZDpG0PALVnKeKrfj +5gftcEUVVh2jRtfwN7DcTQu1f0Cv3Ixvv7T0lOK1BXGt5S8/l1RLeCNkzzIDyyEM +92UCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQB9d+4iZAtngEGpbtuHEhWssZKP +fisCUA+XokqrQ5Bw8wpE/zh4WHBfKDE0mrXARiJABKJqTVUI/fI9cGVWvRj17yxv +aIuZdYsZgAWhy6U2u0I8Kyul4URnDJq+JiqKOwYDjduZRi6axsjqVoWqeyRn0M1o +05d5O+TzS6uH9JhdYzpBeQVRweH4Dq374ApJu55RW+RQ7CpFQpW1cCqm3nMybNoM +uMMDTXeV09jh8DE63VE5GLi2N9/DaAD8VrrGuZWRFUhEvxHe8Qs8gCX7ep+9rUlS ++Vn0880ItjjBRQwDaSkJqQaGL0Wq4eBSTx9WcvIer9XFfwUYKOFVIPwQqDqn +-----END CERTIFICATE REQUEST----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootKey.pem b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootKey.pem new file mode 100644 index 00000000..0ccfd83c --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAxzGebbu2OmaE90jbeFVUt6tEp1hG626D0RpXCh6BHOyfH/7q +8GuddAVup6cDYxH3IyGN74ImpklwqgTI3qiFK6/a+kxQ7Euq5SOHO/XzivGnx1Vz +PUTrOmfGjm8nDw2jE3rlISMwrEVw7x79HBA9vxii3XARqe0xkpS72pDjmU8IkfVV +08RLT0PrIxzrY/uA6TJtHgxkTu3Zab0FvHofcCD05pK5gk6F/frXhK9lAWZSWvTt +f9EUawCLFeLsJaoyM8pkOkbQ8AtWcp4qt+PmB+1wRRVWHaNG1/A3sNxNC7V/QK/c +jG+/tPSU4rUFca3lLz+XVEt4I2TPMgPLIQz3ZQIDAQABAoIBAQC1TQJIGmw4J4uq +j5PCqNgc/DPWpNCYBNTRg8npGe6mZvBGbP1lqm17Zl5bFfZNO9LXFPldH/cRrxJu +jUBO+M+M/divrLqS+CQpvvadqrTqqBzvn2TuRUZcuIvOpHjGiMD/QAJA8QiiI+ow +muIBov6wajoClrhdE9jk858vxmSB6gE4czdTrXvZQXC+9EyuaqrLQeTuJbz1JNGN +jR61iSZWBfI6Ige+PSKpIQW/pU1+2QHyUNhTqN9V8Cxw0tVnOCZxNlWbXIaqsowa +s4lzfYVvK1NsHitX3wIRJv3gPt3JYN8VIwpq86w1CDxvmEQUuj6VYGDj1n278z4h +4CaZGNFBAoGBAP/b++wVZ1D0glBRhXghCMqGi/bzBySD+XDzd2DwVRM6jkX4Krof +MPflg2AMGXOvYYEoDtNWPHYzLts45zpOY111DA4OKqLL1QgTOOtjjd4b/+AaQOKt +m/Gvr9WFdqCjtO2rcv4546nB4M6bf6umHqoeKK947mi08jmW9VvZhaC5AoGBAMdN +qIYmnR17s9He9/jgU9zfp+21fC9GSDI9MrdaGP9E4EAeg95Sn3ppplzVeIW+c2b/ +0MuhdbR2dn7JoXcJKlO2qcadvsRWURvR0ofWbjcKoKdAHlShsNIfT8cWfk7E1DL3 +04JTWFcLA7M5RkdT9y2/N4NNKAZ37ZWO10r5jz4NAoGAXWh8gmYV//IkGRqJ9Z9p +zDZupst20hf0Ww4niRZ0mL6J7nV5c9WrVPVPjyMbr6ZZnIN5ViJnlGd/Nb2CfUDc ++eOfcQou+pwbvAT4hMclpe7m7XPoOFlVU1jmgrdk5aSeix5KrxGHUhRb9FHEvG+7 +RjQYemdV8pgMzoWUMeIp7NECgYB/39rN3/6UySbR9E6EF2KXZ8T2Jqh8KIrv+QYO +UDeTqVx8p1eSkM6UGy9LhwfiQBUJM/+Cd6Du3ccfiD0aA/5tYdjCf7nDfWJjCBgd +Yb6rgB0d0mzjfi7WUpK8OTlnTrCb1xiVGOaoSn/gQVJPN5dzeamjjCCvLcl5WQHX +sBFxDQKBgAYnvJcaXYiyDW2fpdKodzf0AwPBaR2yUJsO2Zm2RpigrpAkpSo5lk5N +GTWEbWUeENlgapQot5pxKbX07wSpifG3eAULusJuwd9+Ys04GZMYR9T+JXxjLQq7 +hxlWFoj/8o8zh5tGWocqvmTgIiFngwLpHRFStrAhmFSWtHlsgruV +-----END RSA PRIVATE KEY----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootCSR.pem b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootCSR.pem new file mode 100644 index 00000000..5b6688f4 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootCSR.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICaTCCAVECAQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5c3RlbSBzZXJ2ZXIgcm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmT9t4A51xpeJ3h6ddg +l2wYFYSp2YdquKX85hipesYp0EIlrPHDdHXFjDS50ZhI62+2hxr/qCtSWwsAiNoK +xSopXMVd6BO6eYPM0KqW4BMnqsKewv39uDiIHVQblB/3/4nd2Jx3sxGIdFivCDuo +nqYm4BT5vEvHWG1Z+FtGqdPGZk4UG53Rx6ewHCYwpXUgCxJE814fruw+aWXPI0U3 +QYCgehOTP5+zcONaFP9aSVd5GXqCtF+MgZYSSK4exL33gKsaDXwhiTJ2IgOs4YpN +HG4fu/ct4ppwArHvaHMuLKS6IgFjCHYCqMD/N2+ZpszPWzI5KGprfHZxl0uTLGTd +HdsCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQCflWlk+xCivLP+EK8oh0VCuTo2 +qLMuPOR8GU+gVUN1z68T4j/ZsI0NKox++9NOzGwTE/cSpN+nfLNdhPwOM+TrRtS/ +iDrTSDMSVK4SjIQ9iEaINbfOZOv52l9vkyCR/u0TrnnkjXknzU9ZQmnDvj2e8K/B +lq7LjvxeMxvLeZKfISr5XGcnUvhGcJkG6Cdkk6OIYUL7oDmBjS3IBzNTVTVmMB/U +fHMURt/+ljmYKwNN8J7bG8nsMc/UnqqSLqBpPovup/+Ol8pbAjPNaLrQTz5PrN/k +0PwqzbSJ52HEQY+kwpWLpx47p8ArQhD+YTaCUxyqzBWAI573rMdiAh/ZKVVi +-----END CERTIFICATE REQUEST----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootKey.pem b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootKey.pem new file mode 100644 index 00000000..21dfb204 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAyZP23gDnXGl4neHp12CXbBgVhKnZh2q4pfzmGKl6xinQQiWs +8cN0dcWMNLnRmEjrb7aHGv+oK1JbCwCI2grFKilcxV3oE7p5g8zQqpbgEyeqwp7C +/f24OIgdVBuUH/f/id3YnHezEYh0WK8IO6iepibgFPm8S8dYbVn4W0ap08ZmThQb +ndHHp7AcJjCldSALEkTzXh+u7D5pZc8jRTdBgKB6E5M/n7Nw41oU/1pJV3kZeoK0 +X4yBlhJIrh7EvfeAqxoNfCGJMnYiA6zhik0cbh+79y3imnACse9ocy4spLoiAWMI +dgKowP83b5mmzM9bMjkoamt8dnGXS5MsZN0d2wIDAQABAoIBAQCKVJ3+74PV6RM6 +1YORp9mB9m0d4ylCQryAPDLzDasRPjSKkCxEpKrQ/0YeEL6C0NewjAPfRT50rEmK +HU3Mw8NWEZh2YOEYWMl25yDzUCJpQrluYWDSyECZmt71jw9xeNDGHZW+mm4qRAgD +q+nsduSYhOkVu+O55Q0Lzcgfaziz+KNlZNFyjQpyrwCoj9lssL+ZYfhFZV2OnPof +QLQpCEmrqzFaE9oFDjXxRkvmEBgtxPqSHNg2ZoFuVRAwcal8WHJbf7twCyQKB4i4 +UFV/SX70qw4pfX53rfUoxUNEJgnnJIpOV0q2N/FO3CPYMjvdSoqkhbaIa2D4c37h +8aB0HCjxAoGBAPukpme3nRy7ybr5P8XomkIy+36sH8hLRoDZCNnz8UJa1OmrA8tG +yKch9vlBMDXjzDQ0Uq8OFSjFN7uQF5zLx4UU2eL/ptEWEmDpPZui7YmI5Ep/ZK4k +reK4op0tJ2fy7Fhq6IoBKvUVN3waWXzmObq77IKIQ5t1Z+MyfHEAtvKHAoGBAM0R +aXluyt3+RwOE2RdlwgSDnHYNvKAUfmkOIVprFEb13LQABbna5BmNIa/rZ+RDtNza +2/Tzqpmq8OVQkF9ATqjba+Y6GAoDwaAcvVwDrjoYtlI8zjnFEhhgVl455QlEZc5O +qxOPYx4Kt60Cc6ee8L9gPvJUIAQLyyCjv1IWYQsNAoGBANWkPALiSGkUpXgwFIyZ +ph192zb4OyN5hSnvGSyxhqqnIwwfPOFf/wqmM1/6kEuwUrYflfM5KY2rol2DQAjG +mWXLBhFKqv3ol0Hfw4ZXFQQnTGpTLc8LJPXPe3+lzkbaXv3SBgrkYuwgTzL1y/PW +Ijz/PxSzS3K4grLJMg1eZfQRAoGAOuatbPutuWW38ALQeC/6MmG7Jw17CF/aj0JH +wjjPcjJcWjdHbcK5kb0/18+934qzAFy8oPb8IXdACh3B2hoWfdnIfDBjhzzc+KhI +m41TFczTUXu1oFJCiE3jgN0QNEE5HLDr4opk5dQePctefN7iN5XlfqU7LO5WQeHG +qkVTSmECgYB+pEKVBHyKyJtdnWhrVr8vhlJH7fh6VUkL4gnuoiFcfPn2gyw6UX7E +9tls3aoxx47jvaJuoaNjiaT8ZZ4C0mx/L7XNHxiQHRb89nPC+WvapplDw+1XA0JK +k/JenbDUXuEPrdoJh30lwwYqNBEJTstFbYILDhbaw4Ud6hRUrIfQOA== +-----END RSA PRIVATE KEY----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.pem b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.pem new file mode 100644 index 00000000..79df3946 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzzCCAbcCFDMFGbY+8snuTNZA311AVJo5GvwmMA0GCSqGSIb3DQEBBQUAMCQx +IjAgBgNVBAMMGUJhY2t1cCBzeXN0ZW0gY2xpZW50IHJvb3QwHhcNMTkwNDI4MjA1 +NzM1WhcNMzgwMTE4MjA1NzM1WjAkMSIwIAYDVQQDDBlCYWNrdXAgc3lzdGVtIGNs +aWVudCByb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzGebbu2 +OmaE90jbeFVUt6tEp1hG626D0RpXCh6BHOyfH/7q8GuddAVup6cDYxH3IyGN74Im +pklwqgTI3qiFK6/a+kxQ7Euq5SOHO/XzivGnx1VzPUTrOmfGjm8nDw2jE3rlISMw +rEVw7x79HBA9vxii3XARqe0xkpS72pDjmU8IkfVV08RLT0PrIxzrY/uA6TJtHgxk +Tu3Zab0FvHofcCD05pK5gk6F/frXhK9lAWZSWvTtf9EUawCLFeLsJaoyM8pkOkbQ +8AtWcp4qt+PmB+1wRRVWHaNG1/A3sNxNC7V/QK/cjG+/tPSU4rUFca3lLz+XVEt4 +I2TPMgPLIQz3ZQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCUifYeul9/GHa2LV6/ +k9ZKOjcSmmDud8sTwfum3CuHLb9ODcKMaNz/vzPYeVyN7MZvXJIAqxaxrrToye46 +pDRQnguPNI5XU+Vb2l3Xvm7WBRGcxkAInkYBB7GwxmfffPS9/JrdPzxD6h3z8IOT +jwzULNmNDse7Wf1hrgS1qKcCzJA1b1rLnZcrU+z3OUvLiR/8Bo/IuwXZVoNqDdq7 +NzrqYT4x0J4P5PuBQHPB/fHMFDc1HoCgLG9b42th71kDoxG7IH2r02FzVjF8qIvD +eQes3VbI7BDT/f0L2r1FHcA7FVRUqTWnEWby/PjTZiRCSPKUG7RqAplrOKmk9JuN +PkkW +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.srl b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.srl new file mode 100644 index 00000000..8a0f05e1 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.srl @@ -0,0 +1 @@ +01 diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.pem b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.pem new file mode 100644 index 00000000..31ae4ecd --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzzCCAbcCFGAQPLcwEruVZrE+h1tmI7s9CffgMA0GCSqGSIb3DQEBBQUAMCQx +IjAgBgNVBAMMGUJhY2t1cCBzeXN0ZW0gc2VydmVyIHJvb3QwHhcNMTkwNDI4MjA1 +NzM1WhcNMzgwMTE4MjA1NzM1WjAkMSIwIAYDVQQDDBlCYWNrdXAgc3lzdGVtIHNl +cnZlciByb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZP23gDn +XGl4neHp12CXbBgVhKnZh2q4pfzmGKl6xinQQiWs8cN0dcWMNLnRmEjrb7aHGv+o +K1JbCwCI2grFKilcxV3oE7p5g8zQqpbgEyeqwp7C/f24OIgdVBuUH/f/id3YnHez +EYh0WK8IO6iepibgFPm8S8dYbVn4W0ap08ZmThQbndHHp7AcJjCldSALEkTzXh+u +7D5pZc8jRTdBgKB6E5M/n7Nw41oU/1pJV3kZeoK0X4yBlhJIrh7EvfeAqxoNfCGJ +MnYiA6zhik0cbh+79y3imnACse9ocy4spLoiAWMIdgKowP83b5mmzM9bMjkoamt8 +dnGXS5MsZN0d2wIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCHI5RDuqx9hu0anQRC +dREc+3agRxq4C+Fo0mrsF1CWooO9lGyWvJqygiBGqOSjMi3D8AoyQXhxcvf1EniP +CHCpqlP+h+6qILbtBizTTtHhceTpXiU5Se/yJvm9814jJrXVp10akShXzBlc4W/2 +O0NX6b1B0De2z+YJydB+meZws7wgGD3eZCBr2uF2seYTNitKmNfUfq9UXxxCKcMu +eeRzWGM1UDFaRbN7FKNo6YpUE21olZEjxF8xOfyuWOYxv8qNTck89SurOwj4as/o +CLJLVQ7i/keqt1XXXOSpp46CkRoEmmuxHuql44dToQOLZH1RcZLOMHSPO3OdNo5Z +o2Do +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.srl b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.srl new file mode 100644 index 00000000..8a0f05e1 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.srl @@ -0,0 +1 @@ +01 diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/servers/localhost-cert.pem b/test/basicserver/testfiles/seclevel2-sha1/ca/servers/localhost-cert.pem new file mode 100644 index 00000000..c3c6459b --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/servers/localhost-cert.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrDCCAZQCAQEwDQYJKoZIhvcNAQEFBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5 +c3RlbSBzZXJ2ZXIgcm9vdDAeFw0xOTA0MjgyMDU3MzhaFw0zMzAxMDQyMDU3Mzha +MBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAMszRTCOAQqXf7xrz7Hm/FPzWWA0Gep1e5xcAz7Mq/8qFAUM+/4BABT/ +WaPvAvYfPTdnT7sVTYMpcm4lztYnMvDbB/sZE7SVz0qov0POzN+lef5O8HxeisfW +srgdntcYPOOH7mN5ZWGnDsqANTVj9w2kD/jM7cbryqiuCZ6HVKKsrBCtwxeBdahU +h4dX7puZ2PhgT2mY4Z+p7P6a0D/A3um3LRI1ABGEiqlIzSaWGrD9CqhR/AqGNWRm +v3+Z9Amf/VU+TfjZtEwNR8F9kHh9Idcqfyx+drQ+v/E/V6oCuIrnpEaJenZI+t41 +z51UiuDUhZLE8ybEAgATlM+JFymbnEECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA +dYM0WTSCb0AN6eGhlbyNsENnUwLYjDE7ojVD2pY0Ab4ik04DIfTm5piqEkz5HBaI +1ZIEtYlImnvQ9cax1m+8LrVS2tflPpZ0CqWT+In7EncuI1lONZJfYELITDgU3LWx +FEfNQJaOv0Uc8u8GG29d22a50/jTfZr20puM7mYQkLaUJLHgoTImYg6M8W3Ggkyt +DO/yrtPUWm424wCYx+f3DgOrraFtiRLdqUpy5+bRqmzTuEFMAARqt4uudF6MR36n +hBIXg1jYKGrZMLwi60vfdtwe+zpAV/7SRGLbekhB6iAcVIXuom2aD7rlIcJHW/wd +hk9u7ie0JVDdu0R4I5Z9vw== +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/raidfile.conf b/test/basicserver/testfiles/seclevel2-sha1/raidfile.conf new file mode 100644 index 00000000..6e235b24 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/raidfile.conf @@ -0,0 +1,10 @@ + +disc0 +{ + SetNumber = 0 + BlockSize = 1024 + Dir0 = . + Dir1 = . + Dir2 = . +} + diff --git a/test/basicserver/testfiles/seclevel2-sha256/bbackupd.conf b/test/basicserver/testfiles/seclevel2-sha256/bbackupd.conf new file mode 100644 index 00000000..e8f2c104 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/bbackupd.conf @@ -0,0 +1,195 @@ + +StoreHostname = localhost +AccountNumber = 0x1234567 +KeysFile = ./bbackupd/1234567-FileEncKeys.raw + +CertificateFile = ./bbackupd/1234567-cert.pem +PrivateKeyFile = ./bbackupd/1234567-key.pem +TrustedCAsFile = ./bbackupd/serverCA.pem + +DataDirectory = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2 + + +# This script is run whenever bbackupd changes state or encounters a +# problem which requires the system administrator to assist: +# +# 1) The store is full, and no more data can be uploaded. +# 2) Some files or directories were not readable. +# 3) A backup run starts or finishes. +# +# The default script emails the system administrator, except for backups +# starting and stopping, where it does nothing. + +NotifyScript = ./bbackupd/NotifySysadmin.sh + + +# The number of seconds between backup runs under normal conditions. To avoid +# cycles of load on the server, this time is randomly adjusted by a small +# percentage as the daemon runs. + +UpdateStoreInterval = 3600 + + +# The minimum age of a file, in seconds, that will be uploaded. Avoids +# repeated uploads of a file which is constantly being modified. + +MinimumFileAge = 21600 + + +# If a file is modified repeated, it won't be uploaded immediately in case +# it's modified again, due to the MinimumFileAge specified above. However, it +# should be uploaded eventually even if it is being modified repeatedly. This +# is how long we should wait, in seconds, after first noticing a change. +# (86400 seconds = 1 day) + +MaxUploadWait = 86400 + +# If the connection is idle for some time (e.g. over 10 minutes or 600 +# seconds, not sure exactly how long) then the server will give up and +# disconnect the client, resulting in Connection Protocol_Timeout errors +# on the server and TLSReadFailed or TLSWriteFailed errors on the client. +# Also, some firewalls and NAT gateways will kill idle connections after +# similar lengths of time. +# +# This can happen for example when most files are backed up already and +# don't need to be sent to the store again, while scanning a large +# directory, or while calculating diffs of a large file. To avoid this, +# KeepAliveTime specifies that special keep-alive messages should be sent +# when the connection is otherwise idle for a certain length of time, +# specified here in seconds. +# +# The default is that these messages are never sent, equivalent to setting +# this option to zero, but we recommend that all users enable this. + +KeepAliveTime = 120 + + +# Files above this size (in bytes) are tracked, and if they are renamed they will simply be +# renamed on the server, rather than being uploaded again. (64k - 1) + +FileTrackingSizeThreshold = 65535 + + +# The daemon does "changes only" uploads for files above this size (in bytes). +# Files less than it are uploaded whole without this extra processing. + +DiffingUploadSizeThreshold = 8192 + + +# The limit on how much time is spent diffing files, in seconds. Most files +# shouldn't take very long, but if you have really big files you can use this +# to limit the time spent diffing them. +# +# * Reduce if you are having problems with processor usage. +# +# * Increase if you have large files, and think the upload of changes is too +# large and you want bbackupd to spend more time searching for unchanged +# blocks. + +MaximumDiffingTime = 120 + + +# Uncomment this line to see exactly what the daemon is going when it's connected to the server. + +# ExtendedLogging = yes + + +# This specifies a program or script script which is run just before each +# sync, and ideally the full path to the interpreter. It will be run as the +# same user bbackupd is running as, usually root. +# +# The script must output (print) either "now" or a number to STDOUT (and a +# terminating newline, no quotes). +# +# If the result was "now", then the sync will happen. If it's a number, then +# no backup will happen for that number of seconds (bbackupd will pause) and +# then the script will be run again. +# +# Use this to temporarily stop bbackupd from syncronising or connecting to the +# store. For example, you could use this on a laptop to only backup when on a +# specific network, or when it has a working Internet connection. + +# SyncAllowScript = /path/to/intepreter/or/exe script-name parameters etc + + +# Where the command socket is created in the filesystem. + +CommandSocket = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2/bbackupd.sock + +# Uncomment the StoreObjectInfoFile to enable the experimental archiving +# of the daemon's state (including client store marker and configuration) +# between backup runs. This saves time and increases efficiency when +# bbackupd is frequently stopped and started, since it removes the need +# to rescan all directories on the remote server. However, it is new and +# not yet heavily tested, so use with caution. + +# StoreObjectInfoFile = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2/bbackupd.state + +Server +{ + PidFile = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2/bbackupd.pid +} + + +# BackupLocations specifies which locations on disc should be backed up. Each +# directory is in the format +# +# name +# { +# Path = /path/of/directory +# (optional exclude directives) +# } +# +# 'name' is derived from the Path by the config script, but should merely be +# unique. +# +# The exclude directives are of the form +# +# [Exclude|AlwaysInclude][File|Dir][|sRegex] = regex or full pathname +# +# (The regex suffix is shown as 'sRegex' to make File or Dir plural) +# +# For example: +# +# ExcludeDir = /home/guest-user +# ExcludeFilesRegex = .(mp3|MP3)$ +# AlwaysIncludeFile = /home/username/veryimportant.mp3 +# +# This excludes the directory /home/guest-user from the backup along with all mp3 +# files, except one MP3 file in particular. +# +# In general, Exclude excludes a file or directory, unless the directory is +# explicitly mentioned in a AlwaysInclude directive. However, Box Backup +# does NOT scan inside excluded directories and will never back up an +# AlwaysIncluded file or directory inside an excluded directory or any +# subdirectory thereof. +# +# To back up a directory inside an excluded directory, use a configuration +# like this, to ensure that each directory in the path to the important +# files is included, but none of their contents will be backed up except +# the directories further down that path to the important one. +# +# ExcludeDirsRegex = ^/home/user/bigfiles/ +# ExcludeFilesRegex = ^/home/user/bigfiles/ +# AlwaysIncludeDir = /home/user/bigfiles/path +# AlwaysIncludeDir = /home/user/bigfiles/path/to +# AlwaysIncludeDir = /home/user/bigfiles/path/important +# AlwaysIncludeDir = /home/user/bigfiles/path/important/files +# AlwaysIncludeDirsRegex = ^/home/user/bigfiles/path/important/files/ +# AlwaysIncludeFilesRegex = ^/home/user/bigfiles/path/important/files/ +# +# If a directive ends in Regex, then it is a regular expression rather than a +# explicit full pathname. See +# +# man 7 re_format +# +# for the regex syntax on your platform. + +BackupLocations +{ + home-chris-boxbackup-test-basicserver-testfiles-seclevel2 + { + Path = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2 + } +} + diff --git a/test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-csr.pem b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-csr.pem new file mode 100644 index 00000000..4f228021 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-csr.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICXjCCAUYCAQAwGTEXMBUGA1UEAwwOQkFDS1VQLTEyMzQ1NjcwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeKRy4ppAb1cByCRkt2f1j+6iv7AWdF92p +nPlzXPbLhP/edfuyVPFyBY46p+z6j4p9TrccMjUi4RPMx6dqyL2/o3Qzg3PhoHPq +2fexEkrBSJ1bbL6hXjadzE53wiONj/8nSzFyzqR3/IhKNM0ssR10cqq64VgoiWOR +GHYTTEbQy1k9WvoReC+diTEqIDBLif1EQJ+c/3iUopqtaVZWNS1LV5DX/u2Y1anX +gO1s8jQaYlTtyNZyOi9lwXYXj4mH0mil2Hfh3IKD6GqB4HpFDUZ0/NHFRDvjdwfW +4RTad55l8dWparOyie/QzFRj6Ua1746FsbUw2pERdmHAMshLpxkNAgMBAAGgADAN +BgkqhkiG9w0BAQsFAAOCAQEAuW/o02Ga2yICJSJIrq44T+dIddakxhUPfIvAEWXs +7Cap9qzmBNOAfzFqvbdVgsqC9/WCnpumf9ZpjkXvUy/6EB77HbtiJAXukT2DvFbo +7mvbuh10YGv/AdZxLR2tMXmk9YqV6kgXdXFn18u8Vv35aYa4hru5q16m9QVhkeW+ +UAJCsjhYVISVWW5Pss5mgL058viMHt3T5X3+2ybMdsfLe5BfRbsPxnFClKfBg6QS +3yH5JxQdfJlg64z4uQNHNbsWJ5mRBPEYawZ2ge+HmWb6xnuGLR3Dg5ZbbB0hvAO6 +kw7sZ1at9bX+MWz7rTvgKyxFXcGVXZ40/UQlgfzMiLEAHg== +-----END CERTIFICATE REQUEST----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-key.pem b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-key.pem new file mode 100644 index 00000000..e5b132b6 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA3ikcuKaQG9XAcgkZLdn9Y/uor+wFnRfdqZz5c1z2y4T/3nX7 +slTxcgWOOqfs+o+KfU63HDI1IuETzMenasi9v6N0M4Nz4aBz6tn3sRJKwUidW2y+ +oV42ncxOd8IjjY//J0sxcs6kd/yISjTNLLEddHKquuFYKIljkRh2E0xG0MtZPVr6 +EXgvnYkxKiAwS4n9RECfnP94lKKarWlWVjUtS1eQ1/7tmNWp14DtbPI0GmJU7cjW +cjovZcF2F4+Jh9Jopdh34dyCg+hqgeB6RQ1GdPzRxUQ743cH1uEU2neeZfHVqWqz +sonv0MxUY+lGte+OhbG1MNqREXZhwDLIS6cZDQIDAQABAoIBAF1cH5LFhGf+ItqJ +Ukh/hEnBFzme0RkcT22Y5weA+MG8SZ6eLEDcC38kMIobya3eJo/URYUW4FehCKYU +/RkV9Q+UzB9dzZPyzuPR55JFIp8pOd+SymWb5w3XLt6K+k/iRJKpucUKa/l0aX3t +xI9UexFVosPYMSkP24S9J9miQ1w4X8D1laJPi5KWrbdzDZxy5geoNmS0veQl6mRf +91Owxsa15wQpxNoVesAiGbrHb5ljMsBovYgljRL6rqA9THXPXfcDkWkabfGai/kD +AktxqPGUELxjD7gSO5G4ygCcGTeIEJbOfwgDtr59V518kVzwVNAxOKb7lfDM/l4D +v0H3liECgYEA+nh1RjwOm2db+yW0hQ2DTCA84by2AyKP7nCwD7CjrGaXrm7zfQ+U +VqSgpDg+xH9/Caa9P1n6zSZSEiXrCePQL6UsREj8sd+st7Uah9eQOc3vywxizGN6 +VMqqmctn+gKKxkmv8T6YtWblDDqOA/7yYlCaH0l7WUO+HKAl7MhaGgUCgYEA4xCo +2bGwbaT7lLdFtOU2+erM2lbA4NzBkR7Mjpq16JiPPFdSF680XBRL0uNR0r2GFucM +gG8Z+ktV1QosY22546Z3fl7+jcyZC4uramDicpAxnmEGIdPnqIkEPhZzKvV0uRGj +tXs2qnJ9ztK7hf+PRwdQEvqCNLkoy+pQPG/bSWkCgYAvH36g6ietYTLS+3MNHU+4 +gNAzgDeWO2hs6dKWARuqEdszvDgfLVExQ+PdQZ+9hGc4P6CXTKx88Fq8g1nHEI9Y +h3DeoAS6ymRKY85MBGhkF7SntPrZjVW0ojSansQ/Kz9EsxRhBO/iISuys0mIwuyD +RrrYbBDC6JXZ+N9pvwAEqQKBgQCI4DgI0pY54iRN55S7kRjs2l+Wlok6g5ijtF82 +74gMqDpf83tnD5SOlSWIAMQIN3snPyxIF7EfMl6RR8quPSy7UFPj97uXGuh/DzjL +rY+T49wlTvN1XNnevIm0K7BNCx3LmhiHg7jWUqIIFPw5sG5cMMpSRnRK9/rhwWOQ +qxUTUQKBgQDYUi6255mUI23dYxCyY7P6rIcGiKqhiAJ5HbGShMFhpA94WS3m6YmJ +sQTip0kykY168klOcRqt8y3RLS5UB1aYBMYvtFuk5wbUcuXFeGcIsuUIZeR3iueg +G0MEhf9hgmBK/xkpfoiLJ+E0hFHqER57N6KCuEK0NWC1Vgqo8X79MQ== +-----END RSA PRIVATE KEY----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/bbackupd/NotifySysadmin.sh b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/NotifySysadmin.sh new file mode 100644 index 00000000..48e8cf8e --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/NotifySysadmin.sh @@ -0,0 +1,70 @@ +#!/bin/sh + +# This script is run whenever bbackupd changes state or encounters a +# problem which requires the system administrator to assist: +# +# 1) The store is full, and no more data can be uploaded. +# 2) Some files or directories were not readable. +# 3) A backup run starts or finishes. +# +# The default script emails the system administrator, except for backups +# starting and stopping, where it does nothing. + +SUBJECT="BACKUP PROBLEM on host debian-unstable" +SENDTO="chris" + +if [ "$1" = "" ]; then + echo "Usage: $0 <store-full|read-error|backup-ok|backup-error|backup-start|backup-finish>" >&2 + exit 2 +elif [ "$1" = store-full ]; then + sendmail: $SENDTO <<EOM +Subject: $SUBJECT (store full) +To: $SENDTO + + +The store account for debian-unstable is full. + +============================= +FILES ARE NOT BEING BACKED UP +============================= + +Please adjust the limits on account 1234567 on server localhost. + +EOM +elif [ "$1" = read-error ]; then +sendmail: $SENDTO <<EOM +Subject: $SUBJECT (read errors) +To: $SENDTO + + +Errors occured reading some files or directories for backup on debian-unstable. + +=================================== +THESE FILES ARE NOT BEING BACKED UP +=================================== + +Check the logs on debian-unstable for the files and directories which caused +these errors, and take appropriate action. + +Other files are being backed up. + +EOM +elif [ "$1" = backup-start -o "$1" = backup-finish -o "$1" = backup-ok ]; then + # do nothing by default + true +else +sendmail: $SENDTO <<EOM +Subject: $SUBJECT (unknown) +To: $SENDTO + + +The backup daemon on debian-unstable reported an unknown error ($1). + +========================== +FILES MAY NOT BE BACKED UP +========================== + +Please check the logs on debian-unstable. + +EOM +fi diff --git a/test/basicserver/testfiles/seclevel2-sha256/bbstored.conf b/test/basicserver/testfiles/seclevel2-sha256/bbstored.conf new file mode 100644 index 00000000..25425dfa --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/bbstored.conf @@ -0,0 +1,23 @@ + +RaidFileConf = ./raidfile.conf +AccountDatabase = ./bbstored/accounts.txt + +# Uncomment this line to see exactly what commands are being received from clients. +# ExtendedLogging = yes + +# scan all accounts for files which need deleting every 15 minutes. + +TimeBetweenHousekeeping = 900 + +Server +{ + PidFile = /var/run/bbstored.pid + User = chris + ListenAddresses = inet:localhost + CertificateFile = ./bbstored/localhost-cert.pem + PrivateKeyFile = ./bbstored/localhost-key.pem + TrustedCAsFile = ./bbstored/clientCA.pem + SSLSecurityLevel = 2 +} + + diff --git a/test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-csr.pem b/test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-csr.pem new file mode 100644 index 00000000..b3ff3f1f --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-csr.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICWTCCAUECAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA9Uk3V+oultps1qwaJwo+w332tal2trjr5LCXoTuX +UrO4+xJIBYKC2D7a+Nl2VUZw+Kr6UEI/wc7ROwM84s9l1jCZ5iXVrz/8XHYJvJXw +uw3IDQESFbxZsrNg0FC8U7GEtVlCRnVr6B2RkciPkDXK3TVqdf43fv4rripPSE/d +4hbAq/uPd5LZNUQdy6yFsMywG4cSqiaHw3hg4aLgF6EKXj29s8IFTiNhM1h8XrCB +i0MfyCIq2jHVM1/ZRL10HA6cMvu/2E+ofrLETl6FlTzyC4WFQBqv0onFmKFIM5bt +AVIok/NIWX5vpk1rqGnSOuW/6lhUO4yczExZadgDwx7YiwIDAQABoAAwDQYJKoZI +hvcNAQEFBQADggEBAJVk9eAleSiTsV3Pdq3L01WEyndnmpbU1FcExJWg5xb95xbX +Ojxi6g/NhBodAWl6GHJEUTQ+eJHrZ/hTLD6ZHeX9CGxmxOIvpKJCoOiQU7zamLaq +K6aP8BoG21h2MccnbKlrSFF/c89SzH78r2fgWpUqFUCxobemKfvUbdHSaNlOWxh9 +yO3q1P/ZK0wl/V0CG9kdkUfpl9OLATilBiJayrpX92Ef/U6JkX3ZFEG9vTGBSXXU +5QQM7BrPDgMsaTNDv9N1oPCVrUKfQ7Ts2pTEKU/oMA8fYZKX2GFZ/LDXj4C7clQ4 +LJakbh26NhrohTjecHvJCxIDAk2xLipwmXLmVoU= +-----END CERTIFICATE REQUEST----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-key.pem b/test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-key.pem new file mode 100644 index 00000000..c6acc692 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA9Uk3V+oultps1qwaJwo+w332tal2trjr5LCXoTuXUrO4+xJI +BYKC2D7a+Nl2VUZw+Kr6UEI/wc7ROwM84s9l1jCZ5iXVrz/8XHYJvJXwuw3IDQES +FbxZsrNg0FC8U7GEtVlCRnVr6B2RkciPkDXK3TVqdf43fv4rripPSE/d4hbAq/uP +d5LZNUQdy6yFsMywG4cSqiaHw3hg4aLgF6EKXj29s8IFTiNhM1h8XrCBi0MfyCIq +2jHVM1/ZRL10HA6cMvu/2E+ofrLETl6FlTzyC4WFQBqv0onFmKFIM5btAVIok/NI +WX5vpk1rqGnSOuW/6lhUO4yczExZadgDwx7YiwIDAQABAoIBAGc/FF6bIlU5R8rs +0m1QcK7VHL3GwUOUfybZ9llVvhJ/uANm5I39K5peislor9ihN/hT791MpY2swoF2 +kXBfIFySRJWNo26LHmzE+sA41QXHfUeMBdLEX3VK8Bt/gGYyOMwk8DK8RlmD6LxW +kaeAHQ4T5+YWxcFct4IuKQUlKR565lHr6LRDaYmlDHzjksi/fx0ceMlD/RBje7YD +HXPDdetNkSBvpHEcH2lINnrY0kBb5HQv57ipOdA8MfQ+Xf06SjqjhA6ZUOdsMjsn +QVleXQsT1HQ5Ji///JbqVL5j68qkjza2HroyXgOgQdu+fuksHTXvMjvAnW7/z3u2 +SpUd6WECgYEA/aBM7DKWeQdzlRCfosgv6SZ+ME0Lt5oBaHbbUYizi8DuylB196MJ +xnP1QLa7MAYna6ASxDXIClqxG4x+d4lHpErmbYR4F0pa8/9teSbtUw3OXGe9ahZy +HcpK3LSVV5ns8CjRsclNX86cn/Gxubw48gxjcjIA4qKUJv9KxCSAdoMCgYEA95Tu +qhkXDGhBSSTqs51K8mHbTS4CrpCK6+5J++NP7AT4t2IHIaaQ7DtttAI9xFvwxD9U +zFP2/lZVq1KSFATAoDhItUoC0SMlaFcrIxsIyq/UOqTTluf3in29rFHq3UN1rz9M +X90Tfl5EhUvruVJOiJ5iYt97DJeVgOlWkU7qt1kCgYACEwWOCPviEYWIepJTqn95 +0K7HhlnKLqBEUnSIvi15vyI01WOhmtvBm8EtvlDZm7NG1hBROn9gVk2MhCGkqKLF +XTd1PdgdmKYVyMkEbKUUQNCnQNHzxCs6wyTJmVB/XurpK+xLH/JaDj6JsFhbxIZS +tHc7v9zx/ZJonz3lTMcgMQKBgG+WPqOHv22mJ5ax/t6JjFgGZvM4Q5kuKI8BzXKs +Fz+HVhpBInm2Oydd+aniQLiZv8CT0sJtLaugeehHxPMk2TTdaVfcTby5HIkUkKq3 +6pR//yWXWI5xao6O8cgS+8pSN16PJvsmBz0ze6qgd1QFlsPYrvtlQm6Ae6+oe43u +hbexAoGBAIKGmPAoQsBPEWkSs3nWyAPDHQ45NBoB23G0j01amf11Y/sQWhH+Mqfp +mcU40xr/XwMlTVgALfW1Q048ftJ4D2oYPsUEG3Yiayqe8epl6V55QjGMpdEe/+mQ +5VpndGimuUwxr9cyNShn6dngEg6D0hXfNqu4NFmt/2PH3x0D8eer +-----END RSA PRIVATE KEY----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/clients/1234567-cert.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/clients/1234567-cert.pem new file mode 100644 index 00000000..e1cb932c --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/clients/1234567-cert.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICsTCCAZkCAQEwDQYJKoZIhvcNAQELBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5 +c3RlbSBjbGllbnQgcm9vdDAeFw0xOTA0MjgyMDUxNTlaFw0zMzAxMDQyMDUxNTla +MBkxFzAVBgNVBAMMDkJBQ0tVUC0xMjM0NTY3MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA3ikcuKaQG9XAcgkZLdn9Y/uor+wFnRfdqZz5c1z2y4T/3nX7 +slTxcgWOOqfs+o+KfU63HDI1IuETzMenasi9v6N0M4Nz4aBz6tn3sRJKwUidW2y+ +oV42ncxOd8IjjY//J0sxcs6kd/yISjTNLLEddHKquuFYKIljkRh2E0xG0MtZPVr6 +EXgvnYkxKiAwS4n9RECfnP94lKKarWlWVjUtS1eQ1/7tmNWp14DtbPI0GmJU7cjW +cjovZcF2F4+Jh9Jopdh34dyCg+hqgeB6RQ1GdPzRxUQ743cH1uEU2neeZfHVqWqz +sonv0MxUY+lGte+OhbG1MNqREXZhwDLIS6cZDQIDAQABMA0GCSqGSIb3DQEBCwUA +A4IBAQAEpEobzo6qm+GJw3Jgi7Gc/XBVBbib5Tp7fH0oyyzX7sSnbUWNUYNHLjMH +CFFmeNsj2/x4P7JFK2shVy7lRnBt6RUi5zLtQyjhEF8OqV1rxb74hQHl4+7CiRUP +Q1SRTJpdbdDwwAzd5UyDTAX3Glg73krDEHY+k0UCr0kczqcffVzgNmCklMzrCzZk +Nz9KkUF+cMkFDz/5BRBj6I4M9b5ebkVYM32Gz0mAh/G/DcL5KGzWPL9KJ31pgkAP +P8yrvZe2HwscKTJKnAK78M+75zzNv3539/V3y55lNNiyKF2q9Up4k3BE5PY9LDFJ +fVZvMdAltZlFV1tlZksrsRoq3jsc +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootCSR.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootCSR.pem new file mode 100644 index 00000000..c4d2be66 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootCSR.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICaTCCAVECAQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5c3RlbSBjbGllbnQgcm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKWLP1hzvhUgHs8gp6+w +v3aIbsEHXjWOKfTpB4u+eubM4oA9XtXT0NiCLZQPy2BAtIOkazJ6sae6w2Qq2naj +MDyTBclAgok3TLVI6whMkgxdB878uaKQb3sk7xg6yNI6iI7S70cTRM9JKF8ZPBMZ +6ftPgoPooe1ka2kFTjhNgE6jO/DjAyWGpf7Q4cb2ELBdgrU+ehbz4Zz0hHZ0Ts5p +KO8SxEkBX4FRP4sUkbuDM92UNcxyBxlrLg21ktDlIciftef9J94qQyx5HnotMWWp +rj4Zi2mA8/i14op90CXPq/figj8zYkPyyx9KytKDSKcGgByxjNMBWzIAZ17doRgq +1KkCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBVUqpA7BizyLkDut8sLYI4qyJA +8Os+6IiSDyjyjf3C/hTbrbA31mtF0g3gbZFXnehVhop04zQYy3071OBYzuMx+/2F +olylk7HWrScaKE0MDSSamfVTlSGiO2P+zPg32WKoZsOPPjSyrGF/l+A4TlTQJmFK +SgapRRQVm3VDlkWO77c4EjpqoREPeSHVt+0m2490BY7aUT+kRlXl2nViSV52SS5j +EDnb4N/9t60NRS2zaLtAr0DcRWemR+PzVKqKdNyhXdCeieQ9xzGGHK1vXpW/6kCo +OHi/Xt4MHkt3hHxQQKOrK5dcsoqP9WxlnwOuuy9m9mVH4HUhi+S0KFtOytoX +-----END CERTIFICATE REQUEST----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootKey.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootKey.pem new file mode 100644 index 00000000..c81b607b --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEApYs/WHO+FSAezyCnr7C/dohuwQdeNY4p9OkHi7565szigD1e +1dPQ2IItlA/LYEC0g6RrMnqxp7rDZCradqMwPJMFyUCCiTdMtUjrCEySDF0Hzvy5 +opBveyTvGDrI0jqIjtLvRxNEz0koXxk8Exnp+0+Cg+ih7WRraQVOOE2ATqM78OMD +JYal/tDhxvYQsF2CtT56FvPhnPSEdnROzmko7xLESQFfgVE/ixSRu4Mz3ZQ1zHIH +GWsuDbWS0OUhyJ+15/0n3ipDLHkeei0xZamuPhmLaYDz+LXiin3QJc+r9+KCPzNi +Q/LLH0rK0oNIpwaAHLGM0wFbMgBnXt2hGCrUqQIDAQABAoIBAFOJ4X2RaureOq3r +nLNcTkJStxFR1ojQJPwiXFx40yyFWAe+8IyXR1z61GVTUx5PiMilwDLJF7280b1K +otQbpcvrpY/ZrgXwkhUppvGZMlpq1/XsMwGGQbuy97USdSUhxKfOalFDuAWitWzI +HzjEav8XMJXAX3acpldpBgADnCwSA5izEfwt2oGNtcYTHjxG4tR96UvgAxbVbxrU +jg6zd0/Q7eI4MGYc5l2mGFcbAUbeqCOQmTB8eQY9cdXCotXgQSa2EKEt1aG7dEbA +omwwm8+hGYIX4i/E3crFHO5qlbQqtqktvic1Axj3I4NEy+a4Gpja3y6k8gY4TWbS +4+0BZMECgYEA2o6mRCyDNI13VhRdlAO6VDSAdf//8EMeMrANvAGl70de0Ri10ZL6 +GdJLx31le94tVa5Dy+Qi9d9eYci9qIjMK1kUrLcVgvF63tbbOSpz37gESJe+wJYc +xEW2eGRTUwHoYVqRjEi36kAKeWL4mxXeqzJE/ZUQZt2felr4dBJPyBsCgYEAweeS +vV5TJsPlEazUZcRA2dMY8JG9tD1JFVVrlSC4xnLBOEXsC4dw74RsOhoMr69lBn6X +xwcKtzsrx/s9NHI1s2AJXlz310Uj+gRB6/6foyyQDOtijfweZpm3zUNY5OwQ1VBZ +M9J1YVI6xaa3BehQ0PHvx4U/WM9oFMc0upXaaosCgYEAmfo+MXGazn+MP90BQLKP +p5uFlZzSWBcxQ0y9oGMY4MdLicz667e89Ewwj09NHEOfdOndYdxMtSS1ffbLh904 +2qFb64LhaOtwQWbl9BRwpoEio3IlNdGMWssyjwc/nQ+PBGeme0sQJ70OpA6ST9DM +m5hC+tT2RUKGhNFqkXwFMVkCgYBY3Jlg82ND9q55xSypXqEhsh5R0ViQyy08+6KL ++yzytRBbi5+7QNy+x38ZuWpq8QRpT4abDV0Zz6Imybqo2FZH2BEzD4P9QZBVObJE +RrI+A2QYp57I1uvPtU6IYP7SGmU0fNgEacSlTxvkDJz/thGjT9zFIQmA17wpGYnO +oHIyNQKBgEbA0apflhYExq2OZP3mjUM7Baf8MhGylUFnND68YKEr2aR5ihYuWxME +yLSGIDORaVQBiVklze9MXPvJv6WF0nE3VrR5j0AsSoAF0MZBcCJcn5bod0pFRZXG +PkxibqTmzJXJjGRuAKxbNR2+WFxKqc2hsev3hwOSXKYH4DbdCxQg +-----END RSA PRIVATE KEY----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootCSR.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootCSR.pem new file mode 100644 index 00000000..b204952d --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootCSR.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICaTCCAVECAQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5c3RlbSBzZXJ2ZXIgcm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMqKzGuRMYTGC4GtM4Y +sa/EcpfgdRDt1V54c7Qjarfz/6Uvb7dn+21IDgnSMImnBzKuE11KBS2WAPPSxyF9 +Z+rNlry38pAVprnVv40dAUaohShxrkzgIYlZ866RonFYQ9mujMdynzGHB0jKH66T +/enqFhEYzOuBcHyb7obgX+HmT95yAVhm6TvMuF8FR5CvrSqdnj141qJWdRmNeXH/ +Eonz1mcFizHRuFZ0ymxjoegwxQkeSnoYyH2vUh3RkQ/iNZPhu9DdDjgZ6Z0m8mUc +xMGqtwTqiYS8KEcAHvcEPoS44BO1aGTnJEwhABTLuEkTPCXl1HkRoq50ts+Cr9w6 +vu8CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAhVOO7/mqt2AWFaOlMrXICPm5n +judbMjQhOzaTmYr+Tb2lDlsQyiSm/EONpjC1F8PP6ig3oK8dzmIn9/qLOau6xM2Y +JiaTTJXRX+/JC/AaZvvaiA0etc2JwAcfBijAudEKivA/qKh01SvCgB+IEx5rlR6S +TPjLRO4ygig3qGHeHUsiPBzR4PZA669Is3/P4W8pIlDbCQHI91brQV4TlHJET2V5 ++y4et7ZduWvS6yEn29aiPq5UT36kWtJ9rhBFIiu2oUNnDiL7YUDIbdsl0I9LDPjw +equwfb+dwjjO/bFQKB1RX4j5jUXj25bpe9FdB6iy36+3tLd1a0Oh4j6SEn2n +-----END CERTIFICATE REQUEST----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootKey.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootKey.pem new file mode 100644 index 00000000..7eb1ac20 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA0yorMa5ExhMYLga0zhixr8Ryl+B1EO3VXnhztCNqt/P/pS9v +t2f7bUgOCdIwiacHMq4TXUoFLZYA89LHIX1n6s2WvLfykBWmudW/jR0BRqiFKHGu +TOAhiVnzrpGicVhD2a6Mx3KfMYcHSMofrpP96eoWERjM64FwfJvuhuBf4eZP3nIB +WGbpO8y4XwVHkK+tKp2ePXjWolZ1GY15cf8SifPWZwWLMdG4VnTKbGOh6DDFCR5K +ehjIfa9SHdGRD+I1k+G70N0OOBnpnSbyZRzEwaq3BOqJhLwoRwAe9wQ+hLjgE7Vo +ZOckTCEAFMu4SRM8JeXUeRGirnS2z4Kv3Dq+7wIDAQABAoIBADUc0ih40MuRWe+Z +uDhudaLkIn6Y8lkDuTs9yLxyfBEwygheWhcjjFX8XauStqqo3GKe7jf0ukCxDiRF +y9hclpq0g0mMavJav8jWPovb08pV8Mgvb8veRBEsEuLBtr4TmV1TTg2MgwYOFIL2 +c+mRR7hiLJK4TjKeKBDvl5tNLFDBC/2clHXnLCRb8rOKqwmseoPavi992QZ7+Yyq +n0Dx5DOpr1cOcJEr4va8Sornd3LjLuNMjm7XzgIryR5pvLM0ns8Fy2ihyKl7Hd3s +ek9c5fh0jbhz6s28K8laWm9bhozdMQ12y1U5z0PJV+VOwTX/M9UCK1+CpvmjTim5 +NeD93QECgYEA924yXRdUXpOlxJifJ49n88gytHOVcgitrdlZNCAE7aKdYcQW7VSY +7IjUyXH/Mi2zlWKpXYGllOoDW71PhLiMuEtaNfLdToXgHEMGvj+vGw9ZRqs6HY2w +wGyOrxg5VcSOfSpAom4gCGRqxWhHtY/rzFOy7oZePJuRbjcqrAeGQmECgYEA2npt +dGHwp20S5tyd7n1H6Fe2m1t/vjxGsGFfwbFggGIu9lVQxgAQiimzHgBDOjSzs163 +PmuWWUDmHllB9AmJw4wrbAyiHNOmdi4rgY0ez5G6Q9sviFQeFJZzHhe6G1+CcafL ++oSU+Ej7zznMpyU85vcxFz70JvRZ4BeD0PtZI08CgYEAsXEGjzoG2Fh8PdPR91Xh +j7NXoY9ucjwFCbLgRQBdaGoBAbbVVlgf3yl1qA2nnL2nlw8NNLCgJX348JZ/60dK +K3Rmel/0E7bwdHQg5tjW48oLFSIAaGdPhX+Uh78QhxCRuvNNLO9a64nQBEf3fR58 +VKkFngcgl8hc8DSB1qMCxqECgYAOZ54J219DmrRxVkBvdgEkt4vJqHm+sDi07mai +3bAQJukTwsJFm8F7ao5tvvSvxMPIYslQK0XJcrb5b0ci8PINW5ONVzPlFKtYBWlG +7GgIpYITcUMsCOfG0bibVlMl9OEj3z1ash0kVaOMoTH2H0VpsQiikLsGSnwWg1Zk +k/3njwKBgD6Nu6kj4BSWGZacLtePJQzxlsnYiDm9SSmrtqJ1lnpbqo4/Zp5bCHS9 +qMOUv+Hcwpsb3IYI8np1ekZfKi7xFXcRjxKRYnDURQgQKwPeHZ06ht7X0DdTXuiY +K97byeb9hks3QNE1k1EuXue7IXS657Fq5IZrN+NQ6vkqq/X7e91X +-----END RSA PRIVATE KEY----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.pem new file mode 100644 index 00000000..a9302167 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzzCCAbcCFAiy3jWfhXnxRqZJCbjzFQzsU3p/MA0GCSqGSIb3DQEBCwUAMCQx +IjAgBgNVBAMMGUJhY2t1cCBzeXN0ZW0gY2xpZW50IHJvb3QwHhcNMTkwNDI4MjA1 +MTU1WhcNMzgwMTE4MjA1MTU1WjAkMSIwIAYDVQQDDBlCYWNrdXAgc3lzdGVtIGNs +aWVudCByb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYs/WHO+ +FSAezyCnr7C/dohuwQdeNY4p9OkHi7565szigD1e1dPQ2IItlA/LYEC0g6RrMnqx +p7rDZCradqMwPJMFyUCCiTdMtUjrCEySDF0Hzvy5opBveyTvGDrI0jqIjtLvRxNE +z0koXxk8Exnp+0+Cg+ih7WRraQVOOE2ATqM78OMDJYal/tDhxvYQsF2CtT56FvPh +nPSEdnROzmko7xLESQFfgVE/ixSRu4Mz3ZQ1zHIHGWsuDbWS0OUhyJ+15/0n3ipD +LHkeei0xZamuPhmLaYDz+LXiin3QJc+r9+KCPzNiQ/LLH0rK0oNIpwaAHLGM0wFb +MgBnXt2hGCrUqQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAvHW8APi1lhEguSXDc +X/k5ETL1YJzlEfIn4HKL7kcKo5IOdyHaIigGCWM7atwKeGBtTRl8CTY4wt1L7d+A +LDzF07MlKL/KiX1yPw9ZzHBhKNLYgmKsRL5cgW/YLYEAGD0lTwW7llsqZ40jJ1+X +CWomYEzVpGW76MprYge4Oj+4PRXaZikkn7pzlZVcGJbzr1Q+JaFNLRkAMPK4pRXj +AOSLQpIuc0DzftzC8tHbyLMifrHYdibHaujsvu1mV4NeYhO63ZB8S5Xyz1JlpsEQ +rieLH1/9dnWue7yBCpI+QMRq+zK92HxiCCaM0d6xpSsbI5IawkqmoWj9gYol0EnX +ImLj +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.srl b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.srl new file mode 100644 index 00000000..8a0f05e1 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.srl @@ -0,0 +1 @@ +01 diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.pem new file mode 100644 index 00000000..e26b6e1a --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzzCCAbcCFFv62JnwctULelqlEY+sZTPEb7ekMA0GCSqGSIb3DQEBCwUAMCQx +IjAgBgNVBAMMGUJhY2t1cCBzeXN0ZW0gc2VydmVyIHJvb3QwHhcNMTkwNDI4MjA1 +MTU1WhcNMzgwMTE4MjA1MTU1WjAkMSIwIAYDVQQDDBlCYWNrdXAgc3lzdGVtIHNl +cnZlciByb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0yorMa5E +xhMYLga0zhixr8Ryl+B1EO3VXnhztCNqt/P/pS9vt2f7bUgOCdIwiacHMq4TXUoF +LZYA89LHIX1n6s2WvLfykBWmudW/jR0BRqiFKHGuTOAhiVnzrpGicVhD2a6Mx3Kf +MYcHSMofrpP96eoWERjM64FwfJvuhuBf4eZP3nIBWGbpO8y4XwVHkK+tKp2ePXjW +olZ1GY15cf8SifPWZwWLMdG4VnTKbGOh6DDFCR5KehjIfa9SHdGRD+I1k+G70N0O +OBnpnSbyZRzEwaq3BOqJhLwoRwAe9wQ+hLjgE7VoZOckTCEAFMu4SRM8JeXUeRGi +rnS2z4Kv3Dq+7wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAI6THIONT6lgNq3Bvg +TCBqkBA1W/k372Pktt6IDFW44dT0J9/oq2o6ZNHycpKS3VwS4C05XbU/v5hE/k2O +Cu3/y3en+dJIv4Wl2JTPaSRF/4J46sXNtizVAJDKoE3ZHt1viCjsWyllGXoaavce +fWYppf3g6ImhyAkzlCfyVph2F0vmLZL41K3C040e+GpXdzG1Yy1+2USPhz0Ch+kd +jqIErNp9OnPRd1yRb1YD+dQ7Wei5vB3OXMk3UQiG9AJ2qmxlEem5lTSpt9fTvWfU +OAjTynvWbHTULjxvOeenW7cD5ILSr2zVDYQ53KTWjP9NfmsQTAFzkqJztPpB2A0o +CKG2 +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.srl b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.srl new file mode 100644 index 00000000..9e22bcb8 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.srl @@ -0,0 +1 @@ +02 diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert-sha1.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert-sha1.pem new file mode 100644 index 00000000..19b6ed62 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert-sha1.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrDCCAZQCAQIwDQYJKoZIhvcNAQEFBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5 +c3RlbSBzZXJ2ZXIgcm9vdDAeFw0xOTA0MjkxOTI3NDRaFw0zMzAxMDUxOTI3NDRa +MBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAPVJN1fqLpbabNasGicKPsN99rWpdra46+Swl6E7l1KzuPsSSAWCgtg+ +2vjZdlVGcPiq+lBCP8HO0TsDPOLPZdYwmeYl1a8//Fx2CbyV8LsNyA0BEhW8WbKz +YNBQvFOxhLVZQkZ1a+gdkZHIj5A1yt01anX+N37+K64qT0hP3eIWwKv7j3eS2TVE +HcushbDMsBuHEqomh8N4YOGi4BehCl49vbPCBU4jYTNYfF6wgYtDH8giKtox1TNf +2US9dBwOnDL7v9hPqH6yxE5ehZU88guFhUAar9KJxZihSDOW7QFSKJPzSFl+b6ZN +a6hp0jrlv+pYVDuMnMxMWWnYA8Me2IsCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA +E8KZNWzkbNwhcVEHR34IxVYPy1uppI/jtVOsQGGSVC1UscAWyGiQWPxqMhwYxsVn +gz7QYj1oKye1VRuJNTekARvBRFZzWhAi0qGlpiC5yilZB8IlhYUABmgPjg+PuhAF +xSd+IGVlm/+sisClsPG9DpesyK6+C2ukpVXyaXWR+1/IrQuUpWKLT1pPamVH3zWK +anT+62bbk0XuxsVqCkGx+aPLesCHAfTNuAxWfkbXXcA+HoGNy3IpmpJGhyCnf1je +eL6Wf6sAY44y7wQlwHimbi4kOge+UFLIKkqhHSDO2pzyPc02Gs1bBRd94+v2z5h7 +OkIcTqwiJLjLLIWV4WsdwA== +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert.pem new file mode 100644 index 00000000..40ce8cbf --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrDCCAZQCAQEwDQYJKoZIhvcNAQELBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5 +c3RlbSBzZXJ2ZXIgcm9vdDAeFw0xOTA0MjgyMDUxNTdaFw0zMzAxMDQyMDUxNTda +MBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAPVJN1fqLpbabNasGicKPsN99rWpdra46+Swl6E7l1KzuPsSSAWCgtg+ +2vjZdlVGcPiq+lBCP8HO0TsDPOLPZdYwmeYl1a8//Fx2CbyV8LsNyA0BEhW8WbKz +YNBQvFOxhLVZQkZ1a+gdkZHIj5A1yt01anX+N37+K64qT0hP3eIWwKv7j3eS2TVE +HcushbDMsBuHEqomh8N4YOGi4BehCl49vbPCBU4jYTNYfF6wgYtDH8giKtox1TNf +2US9dBwOnDL7v9hPqH6yxE5ehZU88guFhUAar9KJxZihSDOW7QFSKJPzSFl+b6ZN +a6hp0jrlv+pYVDuMnMxMWWnYA8Me2IsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA +fu1wVNuZLkO0e8+oYAnznL7oknE8QJGAd/P2/MqgfsnBXHS0UVl+5L8DQdvCBarr +vDO/CVL9/ZGj30CipA556cz1pYDtx5TV2GLtfKHKJhoftbgswmt1pPowIIa8zlBA +SOERy2ooXGnrA5kii+fifkiWy1R0FmJTKZ2jX41Xq60FwXWX7cyCq/xRI+V08HrY +mNJ2rmAjyWpWZpPNOtQ/SYIX1s2KoPw4XMxfiP5fiMOl3RqEVBkW0h9Hxikl8wKY +EmA/ESm1F6lnRXvGXWDGQIFCRf2Rv0KlPvNPA/GLZMr0ibYIjc4KnIxKFg//GQF3 +LUYpyJyToT8hE49ypG18mQ== +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/raidfile.conf b/test/basicserver/testfiles/seclevel2-sha256/raidfile.conf new file mode 100644 index 00000000..6e235b24 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/raidfile.conf @@ -0,0 +1,10 @@ + +disc0 +{ + SetNumber = 0 + BlockSize = 1024 + Dir0 = . + Dir1 = . + Dir2 = . +} + diff --git a/test/basicserver/testfiles/srv3-seclevel2-sha1.conf b/test/basicserver/testfiles/srv3-seclevel2-sha1.conf new file mode 100644 index 00000000..01e0fe6d --- /dev/null +++ b/test/basicserver/testfiles/srv3-seclevel2-sha1.conf @@ -0,0 +1,8 @@ +Server +{ + PidFile = testfiles/srv3.pid + ListenAddresses = inet:localhost,unix:testfiles/srv3.sock + CertificateFile = testfiles/seclevel2-sha1/ca/servers/localhost-cert.pem + PrivateKeyFile = testfiles/seclevel2-sha1/bbstored/localhost-key.pem + TrustedCAsFile = testfiles/seclevel2-sha1/ca/roots/clientCA.pem +} diff --git a/test/basicserver/testfiles/srv3-seclevel2-sha256.conf b/test/basicserver/testfiles/srv3-seclevel2-sha256.conf new file mode 100644 index 00000000..4db52361 --- /dev/null +++ b/test/basicserver/testfiles/srv3-seclevel2-sha256.conf @@ -0,0 +1,8 @@ +Server +{ + PidFile = testfiles/srv3.pid + ListenAddresses = inet:localhost,unix:testfiles/srv3.sock + CertificateFile = testfiles/seclevel2-sha256/ca/servers/localhost-cert.pem + PrivateKeyFile = testfiles/seclevel2-sha256/bbstored/localhost-key.pem + TrustedCAsFile = testfiles/seclevel2-sha256/ca/roots/clientCA.pem +} diff --git a/test/bbackupd/testbbackupd.cpp b/test/bbackupd/testbbackupd.cpp index cc602f22..d55b5d8d 100644 --- a/test/bbackupd/testbbackupd.cpp +++ b/test/bbackupd/testbbackupd.cpp @@ -26,6 +26,10 @@ #include <sys/wait.h> #endif +#ifdef HAVE_PWD_H + #include <pwd.h> +#endif + #ifdef HAVE_SYS_XATTR_H #include <cerrno> #include <sys/xattr.h> @@ -428,7 +432,8 @@ bool kill_running_daemons() } bool setup_test_bbackupd(BackupDaemon& bbackupd, bool do_unpack_files = true, - bool do_start_bbstored = true) + bool do_start_bbstored = true, + const std::string& bbackupd_conf_file = "testfiles/bbackupd.conf") { Timers::Cleanup(false); // don't throw exception if not initialised Timers::Init(); @@ -469,8 +474,7 @@ bool setup_test_bbackupd(BackupDaemon& bbackupd, bool do_unpack_files = true, #endif } - TEST_THAT_OR(configure_bbackupd(bbackupd, "testfiles/bbackupd.conf"), - FAIL); + TEST_THAT_OR(configure_bbackupd(bbackupd, bbackupd_conf_file), FAIL); spDaemon = &bbackupd; return true; } @@ -985,13 +989,14 @@ bool test_entry_deleted(BackupStoreDirectory& rDir, bool compare(BackupQueries::ReturnCode::Type expected_status, const std::string& bbackupquery_options = "", - const std::string& compare_options = "-acQ") + const std::string& compare_options = "-acQ", + const std::string& bbackupd_conf_file = "testfiles/bbackupd.conf") { std::string cmd = BBACKUPQUERY; cmd += " "; cmd += (expected_status == BackupQueries::ReturnCode::Compare_Same) ? "-Wwarning" : "-Werror"; - cmd += " -c testfiles/bbackupd.conf "; + cmd += " -c " + bbackupd_conf_file; cmd += " " + bbackupquery_options; cmd += " \"compare " + compare_options + "\" quit"; @@ -4039,6 +4044,113 @@ bool test_parse_syncallowscript_output() TEARDOWN_TEST_BBACKUPD(); } + +bool test_bbackupd_config_script() +{ + SETUP_TEST_BBACKUPD(); + +#ifdef WIN32 + BOX_NOTICE("skipping test on this platform"); // TODO: write a PowerShell version +#else + char buf[PATH_MAX]; + if (getcwd(buf, sizeof(buf)) == NULL) + { + BOX_LOG_SYS_ERROR("getcwd"); + } + std::string current_dir = buf; + + TEST_THAT(mkdir("testfiles/tmp", 0777) == 0); + TEST_THAT(mkdir("testfiles/TestDir1", 0777) == 0); + + // Generate a new configuration for our test bbackupd, from scratch: + std::string cmd = "../../../bin/bbackupd/bbackupd-config " + + current_dir + "/testfiles/tmp " // config-dir + "lazy " // backup-mode + "12345 " // account-num + "localhost " + // server-hostname + current_dir + "/testfiles " + // working-dir + current_dir + "/testfiles/TestDir1"; // backup directories + TEST_RETURN(system(cmd.c_str()), 0) + + // Open the generated config file and add a StorePort line: + { + FileStream conf_file("testfiles/tmp/bbackupd.conf", O_WRONLY | O_APPEND); + conf_file.IOStream::Write("StorePort = 22011\n"); + conf_file.Close(); + } + + // Generate a new configuration for our test bbstored, from scratch: + struct passwd *result = getpwuid(getuid()); + TEST_THAT_OR(result != NULL, FAIL); // failed to get username for current user + std::string username = result->pw_name; + + cmd = "../../../bin/bbstored/bbstored-config testfiles/tmp localhost " + username + " " + "testfiles/raidfile.conf"; + TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) + + cmd = "sed -i.orig -e 's/\\(ListenAddresses = inet:localhost\\)/\\1:22011/' " + "-e 's@PidFile = .*/run/bbstored.pid@PidFile = testfiles/bbstored.pid@' " + "testfiles/tmp/bbstored.conf"; + TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) + + // Create a server certificate authority, and sign the client and server certificates: + cmd = "../../../bin/bbstored/bbstored-certs testfiles/tmp/ca init"; + TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) + + cmd = "echo yes | ../../../bin/bbstored/bbstored-certs testfiles/tmp/ca sign " + "testfiles/tmp/bbackupd/12345-csr.pem"; + TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) + + cmd = "echo yes | ../../../bin/bbstored/bbstored-certs testfiles/tmp/ca sign-server " + "testfiles/tmp/bbstored/localhost-csr.pem"; + TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) + + // Copy the certificate files into the right places + cmd = "cp testfiles/tmp/ca/clients/12345-cert.pem testfiles/tmp/bbackupd"; + TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) + + cmd = "cp testfiles/tmp/ca/roots/serverCA.pem testfiles/tmp/bbackupd"; + TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) + + cmd = "cp testfiles/tmp/ca/servers/localhost-cert.pem testfiles/tmp/bbstored"; + TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) + + cmd = "cp testfiles/tmp/ca/roots/clientCA.pem testfiles/tmp/bbstored"; + TEST_RETURN(system(cmd.c_str()), 0) + + cmd = BBSTOREACCOUNTS " -c testfiles/tmp/bbstored.conf create 12345 0 1M 2M"; + TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) + + bbstored_pid = StartDaemon(bbstored_pid, BBSTORED " " + bbstored_args + + " -o testfiles/tmp/bbstored.log testfiles/tmp/bbstored.conf", + "testfiles/bbstored.pid"); + + { + Capture capture; + Logging::TempLoggerGuard guard(&capture); + + BackupDaemon bbackupd; + TEST_THAT( + setup_test_bbackupd( + bbackupd, + true, // do_unpack_files + false, // !do_start_bbstored + "testfiles/tmp/bbackupd.conf") + ); + + bbackupd.RunSyncNow(); + } + + TEST_THAT(compare(BackupQueries::ReturnCode::Compare_Same, + "-otestfiles/tmp/bbackupquery.log", "-acQ", "testfiles/tmp/bbackupd.conf")); + + TEST_THAT(StopServer()); +#endif // !WIN32 + + TEARDOWN_TEST_BBACKUPD(); +} + + int test(int argc, const char *argv[]) { // SSL library @@ -4104,6 +4216,7 @@ int test(int argc, const char *argv[]) TEST_THAT(test_backup_many_files()); TEST_THAT(test_parse_incomplete_command()); TEST_THAT(test_parse_syncallowscript_output()); + TEST_THAT(test_bbackupd_config_script()); TEST_THAT(kill_running_daemons()); |