diff options
Diffstat (limited to 'debian/patches')
-rw-r--r-- | debian/patches/03-adjust-syslog-facility.diff | 58 | ||||
-rw-r--r-- | debian/patches/05-dont_use_net_for_docs.diff | 5 | ||||
-rwxr-xr-x | debian/patches/c++17.diff | 62 | ||||
-rw-r--r-- | debian/patches/openssl1.1.patch | 1857 | ||||
-rw-r--r-- | debian/patches/series | 2 |
5 files changed, 101 insertions, 1883 deletions
diff --git a/debian/patches/03-adjust-syslog-facility.diff b/debian/patches/03-adjust-syslog-facility.diff index 4856026d..4359f820 100644 --- a/debian/patches/03-adjust-syslog-facility.diff +++ b/debian/patches/03-adjust-syslog-facility.diff @@ -1,30 +1,16 @@ -change default syslog facility from LOG_LOCAL6 to LOG_DAEMON +From: Reinhard Tartler <siretart@tauware.de> +Date: Tue, 31 Mar 2009 21:43:58 +0200 +Subject: change default syslog facility from LOG_LOCAL6 to LOG_DAEMON + +--- + docs/docbook/adminguide.xml | 6 ++++++ + lib/bbstored/BackupStoreDaemon.cpp | 2 +- + lib/common/Logging.cpp | 6 +++--- + 3 files changed, 10 insertions(+), 4 deletions(-) ---- a/lib/common/Logging.cpp -+++ b/lib/common/Logging.cpp -@@ -411,7 +411,7 @@ bool Syslog::Log(Log::Level level, const - return true; - } - --Syslog::Syslog() : mFacility(LOG_LOCAL6) -+Syslog::Syslog() : mFacility(LOG_DAEMON) - { - ::openlog("Box Backup", LOG_PID, mFacility); - } -@@ -454,8 +454,8 @@ int Syslog::GetNamedFacility(const std:: - #undef CASE_RETURN - - BOX_ERROR("Unknown log facility '" << rFacility << "', " -- "using default LOCAL6"); -- return LOG_LOCAL6; -+ "using default DAEMON"); -+ return LOG_DAEMON; - } - - bool FileLogger::Log(Log::Level Level, const std::string& file, int line, --- a/docs/docbook/adminguide.xml +++ b/docs/docbook/adminguide.xml -@@ -286,6 +286,12 @@ local5.info /var +@@ -286,6 +286,12 @@ <para><emphasis role="bold">Note:</emphasis> Separators must be tabs, otherwise these entries will be ignored.</para> @@ -39,7 +25,7 @@ change default syslog facility from LOG_LOCAL6 to LOG_DAEMON --- a/lib/bbstored/BackupStoreDaemon.cpp +++ b/lib/bbstored/BackupStoreDaemon.cpp -@@ -203,7 +203,7 @@ void BackupStoreDaemon::Run() +@@ -203,7 +203,7 @@ SetProcessTitle("housekeeping, idle"); whichSocket = 1; // Change the log name @@ -48,3 +34,25 @@ change default syslog facility from LOG_LOCAL6 to LOG_DAEMON // Log that housekeeping started BOX_INFO("Housekeeping process started"); // Ignore term and hup +--- a/lib/common/Logging.cpp ++++ b/lib/common/Logging.cpp +@@ -411,7 +411,7 @@ + return true; + } + +-Syslog::Syslog() : mFacility(LOG_LOCAL6) ++Syslog::Syslog() : mFacility(LOG_DAEMON) + { + ::openlog("Box Backup", LOG_PID, mFacility); + } +@@ -454,8 +454,8 @@ + #undef CASE_RETURN + + BOX_ERROR("Unknown log facility '" << rFacility << "', " +- "using default LOCAL6"); +- return LOG_LOCAL6; ++ "using default DAEMON"); ++ return LOG_DAEMON; + } + + bool FileLogger::Log(Log::Level Level, const std::string& file, int line, diff --git a/debian/patches/05-dont_use_net_for_docs.diff b/debian/patches/05-dont_use_net_for_docs.diff index 71cb6c25..ac02a5aa 100644 --- a/debian/patches/05-dont_use_net_for_docs.diff +++ b/debian/patches/05-dont_use_net_for_docs.diff @@ -1,3 +1,8 @@ +From: Reinhard Tartler <siretart@tauware.de> +Date: Tue, 5 May 2009 07:34:03 +0200 +Subject: prevent xsltproc from accessing the internet +Forwarded: no + === modified file 'docs/Makefile' --- a/docs/Makefile +++ b/docs/Makefile diff --git a/debian/patches/c++17.diff b/debian/patches/c++17.diff new file mode 100755 index 00000000..1db1f485 --- /dev/null +++ b/debian/patches/c++17.diff @@ -0,0 +1,62 @@ +Description: Mark the comparator object as const callabled + This fixes the build when using C++17 +Author: Simon Chopin <simon.chopin@canonical.com> +--- a/lib/bbackupd/BackupDaemon.cpp ++++ b/lib/bbackupd/BackupDaemon.cpp +@@ -2339,7 +2339,7 @@ + // by code, rather than the OS. + typedef struct + { +- bool operator()(const std::string &s1, const std::string &s2) ++ bool operator()(const std::string &s1, const std::string &s2) const + { + if(s1.size() == s2.size()) + { +--- a/lib/backupstore/HousekeepStoreAccount.cpp ++++ b/lib/backupstore/HousekeepStoreAccount.cpp +@@ -561,7 +561,7 @@ + // Created: 11/12/03 + // + // -------------------------------------------------------------------------- +-bool HousekeepStoreAccount::DelEnCompare::operator()(const HousekeepStoreAccount::DelEn &x, const HousekeepStoreAccount::DelEn &y) ++bool HousekeepStoreAccount::DelEnCompare::operator()(const HousekeepStoreAccount::DelEn &x, const HousekeepStoreAccount::DelEn &y) const + { + // STL spec says this: + // A Strict Weak Ordering is a Binary Predicate that compares two objects, returning true if the first precedes the second. +--- a/lib/backupstore/HousekeepStoreAccount.h ++++ b/lib/backupstore/HousekeepStoreAccount.h +@@ -72,7 +72,7 @@ + + struct DelEnCompare + { +- bool operator()(const DelEn &x, const DelEn &y); ++ bool operator()(const DelEn &x, const DelEn &y) const; + }; + + int mAccountID; +--- a/lib/common/DebugMemLeakFinder.cpp ++++ b/lib/common/DebugMemLeakFinder.cpp +@@ -703,7 +703,7 @@ + } + */ + +-void *operator new[](size_t size) throw (std::bad_alloc) ++void *operator new[](size_t size) noexcept(false) + { + return internal_new(size, "standard libraries", 0); + } +@@ -717,12 +717,12 @@ + //TRACE1("delete[]() called, %08x\n", ptr); + } + +-void operator delete[](void *ptr) throw () ++void operator delete[](void *ptr) noexcept + { + internal_delete(ptr); + } + +-void operator delete(void *ptr) throw () ++void operator delete(void *ptr) noexcept + { + internal_delete(ptr); + } diff --git a/debian/patches/openssl1.1.patch b/debian/patches/openssl1.1.patch deleted file mode 100644 index b8461936..00000000 --- a/debian/patches/openssl1.1.patch +++ /dev/null @@ -1,1857 +0,0 @@ -From 20a2318b384c08dd100f81d998c11410adfa2c6b Mon Sep 17 00:00:00 2001 -From: Chris Wilson <chris+github@qwirx.com> -Date: Sun, 2 Jun 2019 21:51:27 +0100 -Subject: [PATCH] Minimal fix for Debian bug 907135 [#36] - -Unfortunately, the changes required to implement the full solution to Debian -bug 907135 were quite large and could not be reviewed in time for Debian 10's -release date. This would have meant that Box Backup was not available at all in -Debian 10. - -Therefore we have developed a workaround specifically for Debian 10 users -(this patch), which contains only the minimal changes needed to: - -* reduce the security level for Box Backup to 1 (the previous default), -* overriding the system default; ensure that all newly generated certificates -* meet the new security requirements that will later be imposed. - -This interim version will hopefully be replaced by a version from the master -branch that supports the SSLSecurityLevel configuration option, which we hope -to see in debian-backports as soon as possible, and we recommend that anyone -using the interim version upgrade to this master version as soon as possible. - -See -https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates#workaround-2 -for more details. ---- - bin/bbackupd/bbackupd-config.in | 2 +- - bin/bbstored/bbstored-certs.in | 8 +- - infrastructure/cmake/CMakeLists.txt | 19 +- - infrastructure/m4/boxbackup_tests.m4 | 3 +- - lib/common/BoxPortsAndFiles.h.in | 4 + - lib/common/Test.h | 2 + - lib/server/TLSContext.cpp | 9 + - test/backupstorefix/testbackupstorefix.cpp | 9 +- - .../testfiles/testbackupstorefix.pl.in | 16 +- - test/basicserver/testbasicserver.cpp | 97 +++++++++ - .../testfiles/seclevel2-sha1/bbackupd.conf | 196 ++++++++++++++++++ - .../seclevel2-sha1/bbackupd/1234567-csr.pem | 15 ++ - .../seclevel2-sha1/bbackupd/1234567-key.pem | 27 +++ - .../seclevel2-sha1/bbackupd/NotifySysadmin.sh | 70 +++++++ - .../testfiles/seclevel2-sha1/bbstored.conf | 23 ++ - .../seclevel2-sha1/bbstored/localhost-csr.pem | 15 ++ - .../seclevel2-sha1/bbstored/localhost-key.pem | 27 +++ - .../ca/clients/1234567-cert.pem | 17 ++ - .../seclevel2-sha1/ca/keys/clientRootCSR.pem | 15 ++ - .../seclevel2-sha1/ca/keys/clientRootKey.pem | 27 +++ - .../seclevel2-sha1/ca/keys/serverRootCSR.pem | 15 ++ - .../seclevel2-sha1/ca/keys/serverRootKey.pem | 27 +++ - .../seclevel2-sha1/ca/roots/clientCA.pem | 18 ++ - .../seclevel2-sha1/ca/roots/clientCA.srl | 1 + - .../seclevel2-sha1/ca/roots/serverCA.pem | 18 ++ - .../seclevel2-sha1/ca/roots/serverCA.srl | 1 + - .../ca/servers/localhost-cert.pem | 17 ++ - .../testfiles/seclevel2-sha1/raidfile.conf | 10 + - .../testfiles/seclevel2-sha256/bbackupd.conf | 195 +++++++++++++++++ - .../seclevel2-sha256/bbackupd/1234567-csr.pem | 15 ++ - .../seclevel2-sha256/bbackupd/1234567-key.pem | 27 +++ - .../bbackupd/NotifySysadmin.sh | 70 +++++++ - .../testfiles/seclevel2-sha256/bbstored.conf | 23 ++ - .../bbstored/localhost-csr.pem | 15 ++ - .../bbstored/localhost-key.pem | 27 +++ - .../ca/clients/1234567-cert.pem | 17 ++ - .../ca/keys/clientRootCSR.pem | 15 ++ - .../ca/keys/clientRootKey.pem | 27 +++ - .../ca/keys/serverRootCSR.pem | 15 ++ - .../ca/keys/serverRootKey.pem | 27 +++ - .../seclevel2-sha256/ca/roots/clientCA.pem | 18 ++ - .../seclevel2-sha256/ca/roots/clientCA.srl | 1 + - .../seclevel2-sha256/ca/roots/serverCA.pem | 18 ++ - .../seclevel2-sha256/ca/roots/serverCA.srl | 1 + - .../ca/servers/localhost-cert-sha1.pem | 17 ++ - .../ca/servers/localhost-cert.pem | 17 ++ - .../testfiles/seclevel2-sha256/raidfile.conf | 10 + - .../testfiles/srv3-seclevel2-sha1.conf | 8 + - .../testfiles/srv3-seclevel2-sha256.conf | 8 + - test/bbackupd/testbbackupd.cpp | 123 ++++++++++- - 50 files changed, 1375 insertions(+), 27 deletions(-) - create mode 100644 test/basicserver/testfiles/seclevel2-sha1/bbackupd.conf - create mode 100644 test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-csr.pem - create mode 100644 test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-key.pem - create mode 100755 test/basicserver/testfiles/seclevel2-sha1/bbackupd/NotifySysadmin.sh - create mode 100644 test/basicserver/testfiles/seclevel2-sha1/bbstored.conf - create mode 100644 test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-csr.pem - create mode 100644 test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-key.pem - create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/clients/1234567-cert.pem - create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootCSR.pem - create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootKey.pem - create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootCSR.pem - create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootKey.pem - create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.pem - create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.srl - create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.pem - create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.srl - create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/servers/localhost-cert.pem - create mode 100644 test/basicserver/testfiles/seclevel2-sha1/raidfile.conf - create mode 100644 test/basicserver/testfiles/seclevel2-sha256/bbackupd.conf - create mode 100644 test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-csr.pem - create mode 100644 test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-key.pem - create mode 100755 test/basicserver/testfiles/seclevel2-sha256/bbackupd/NotifySysadmin.sh - create mode 100644 test/basicserver/testfiles/seclevel2-sha256/bbstored.conf - create mode 100644 test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-csr.pem - create mode 100644 test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-key.pem - create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/clients/1234567-cert.pem - create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootCSR.pem - create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootKey.pem - create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootCSR.pem - create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootKey.pem - create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.pem - create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.srl - create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.pem - create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.srl - create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert-sha1.pem - create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert.pem - create mode 100644 test/basicserver/testfiles/seclevel2-sha256/raidfile.conf - create mode 100644 test/basicserver/testfiles/srv3-seclevel2-sha1.conf - create mode 100644 test/basicserver/testfiles/srv3-seclevel2-sha256.conf - ---- a/bin/bbackupd/bbackupd-config.in -+++ b/bin/bbackupd/bbackupd-config.in -@@ -169,7 +169,7 @@ if(!-f $private_key) - if(!-f $certificate_request) - { - die "Couldn't run openssl for CSR generation" unless -- open(CSR,"|openssl req -new -key $private_key -sha1 -out $certificate_request"); -+ open(CSR,"|openssl req -new -key $private_key -sha256 -out $certificate_request"); - print CSR <<__E; - . - . ---- a/bin/bbstored/bbstored-certs.in -+++ b/bin/bbstored/bbstored-certs.in -@@ -122,7 +122,7 @@ sub cmd_init_create_root - - # make CSR - die "Couldn't run openssl for CSR generation" unless -- open(CSR,"|openssl req -new -key $key -sha1 -out $csr"); -+ open(CSR,"|openssl req -new -key $key -sha256 -out $csr"); - print CSR <<__E; - . - . -@@ -140,7 +140,7 @@ __E - die "Certificate request wasn't created.\n" unless -f $csr; - - # sign it to make a self-signed root CA key -- if(system("openssl x509 -req -in $csr -sha1 -extensions v3_ca -signkey $key -out $cert -days $root_sign_period") != 0) -+ if(system("openssl x509 -req -in $csr -sha256 -extensions v3_ca -signkey $key -out $cert -days $root_sign_period") != 0) - { - die "Couldn't generate root certificate." - } -@@ -201,7 +201,7 @@ __E - my $out_cert = "$cert_dir/clients/$acc"."-cert.pem"; - - # sign it! -- if(system("openssl x509 -req -in $csr -sha1 -extensions usr_crt -CA $cert_dir/roots/clientCA.pem -CAkey $cert_dir/keys/clientRootKey.pem -out $out_cert -days $sign_period") != 0) -+ if(system("openssl x509 -req -in $csr -sha256 -extensions usr_crt -CA $cert_dir/roots/clientCA.pem -CAkey $cert_dir/keys/clientRootKey.pem -out $out_cert -days $sign_period") != 0) - { - die "Signing failed" - } -@@ -257,7 +257,7 @@ __E - my $out_cert = "$cert_dir/servers/$common_name"."-cert.pem"; - - # sign it! -- if(system("openssl x509 -req -in $csr -sha1 -extensions usr_crt -CA $cert_dir/roots/serverCA.pem -CAkey $cert_dir/keys/serverRootKey.pem -out $out_cert -days $sign_period") != 0) -+ if(system("openssl x509 -req -in $csr -sha256 -extensions usr_crt -CA $cert_dir/roots/serverCA.pem -CAkey $cert_dir/keys/serverRootKey.pem -out $out_cert -days $sign_period") != 0) - { - die "Signing failed" - } ---- a/infrastructure/cmake/CMakeLists.txt -+++ b/infrastructure/cmake/CMakeLists.txt -@@ -71,13 +71,6 @@ function(move_file_if_exists source_file - endif() - endfunction() - --foreach(file_to_configure ${files_to_configure}) -- configure_file("${base_dir}/${file_to_configure}.in" "${base_dir}/${file_to_configure}.out" @ONLY) -- replace_file_if_different( -- "${base_dir}/${file_to_configure}" -- "${base_dir}/${file_to_configure}.out") --endforeach() -- - # If BOXBACKUP_VERSION is defined when running CMake (as the AppVeyor config does), use it - # as-is, since it contains the full version number, branch, and platform (Win32/Win64): - if(BOXBACKUP_VERSION) -@@ -375,6 +368,7 @@ file(WRITE "${boxconfig_h_file}" "// Aut - - if(WIN32) - target_link_libraries(lib_common PUBLIC ws2_32 gdi32) -+ list(APPEND CMAKE_REQUIRED_LIBRARIES ws2_32 gdi32) - endif() - - # On Windows we want to statically link zlib to make debugging and distribution easier, -@@ -430,6 +424,7 @@ else() - endif() - include_directories(${OPENSSL_INCLUDE_DIR}) - target_link_libraries(lib_crypto PUBLIC ${OPENSSL_LIBRARIES}) -+list(APPEND CMAKE_REQUIRED_LIBRARIES ${OPENSSL_LIBRARIES}) - - # Link to PCRE - if (WIN32) -@@ -608,6 +603,9 @@ foreach(function_name ${detect_functions - file(APPEND "${boxconfig_h_file}" "#cmakedefine HAVE_${platform_var_name}\n") - endforeach() - -+check_function_exists(SSL_CTX_set_security_level HAVE_SSL_CTX_SET_SECURITY_LEVEL) -+file(APPEND "${boxconfig_h_file}" "#cmakedefine HAVE_SSL_CTX_SET_SECURITY_LEVEL\n") -+ - check_symbol_exists(dirfd "dirent.h" HAVE_DECL_DIRFD) - file(APPEND "${boxconfig_h_file}" "#cmakedefine01 HAVE_DECL_DIRFD\n") - -@@ -824,6 +822,13 @@ file(TO_NATIVE_PATH "${PERL_EXECUTABLE}" - string(REPLACE "\\" "\\\\" perl_path_escaped ${perl_executable_native}) - target_compile_definitions(test_backupstorefix PRIVATE -DPERL_EXECUTABLE="${perl_path_escaped}") - -+foreach(file_to_configure ${files_to_configure}) -+ configure_file("${base_dir}/${file_to_configure}.in" "${base_dir}/${file_to_configure}.out" @ONLY) -+ replace_file_if_different( -+ "${base_dir}/${file_to_configure}" -+ "${base_dir}/${file_to_configure}.out") -+endforeach() -+ - # Configure test timeouts: - # I've set the timeout to 4 times as long as it took to run on a particular run on Appveyor: - # https://ci.appveyor.com/project/qris/boxbackup/build/job/xm10itascygtu93j ---- a/infrastructure/m4/boxbackup_tests.m4 -+++ b/infrastructure/m4/boxbackup_tests.m4 -@@ -142,7 +142,8 @@ AC_SEARCH_LIBS( - Upgrade or read the documentation for alternatives]]) - fi - ]) -- -+AC_CHECK_FUNCS([SSL_CTX_set_security_level], [HAVE_SSL_CTX_SET_SECURITY_LEVEL=1]) -+AC_SUBST([HAVE_SSL_CTX_SET_SECURITY_LEVEL]) - - ### Checks for header files. - ---- a/lib/common/BoxPortsAndFiles.h.in -+++ b/lib/common/BoxPortsAndFiles.h.in -@@ -20,6 +20,10 @@ - // directory within the RAIDFILE root for the backup store daemon - #define BOX_RAIDFILE_ROOT_BBSTORED "backup" - -+// default security level if SSLSecurityLevel is not specified: see -+// https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates -+const int BOX_DEFAULT_SSL_SECURITY_LEVEL = 1; -+ - // configuration file paths - #ifdef WIN32 - // no default config file path, use these macros to call ---- a/lib/common/Test.h -+++ b/lib/common/Test.h -@@ -23,6 +23,7 @@ - #define BBACKUPQUERY "..\\..\\bin\\bbackupquery\\bbackupquery.exe" - #define BBSTOREACCOUNTS "..\\..\\bin\\bbstoreaccounts\\bbstoreaccounts.exe" - #define TEST_RETURN(actual, expected) TEST_EQUAL(expected, actual); -+#define TEST_RETURN_COMMAND(actual, expected, command) TEST_EQUAL_LINE(expected, actual, command); - #else - #define BBACKUPCTL "../../bin/bbackupctl/bbackupctl" - #define BBACKUPD "../../bin/bbackupd/bbackupd" -@@ -30,6 +31,7 @@ - #define BBACKUPQUERY "../../bin/bbackupquery/bbackupquery" - #define BBSTOREACCOUNTS "../../bin/bbstoreaccounts/bbstoreaccounts" - #define TEST_RETURN(actual, expected) TEST_EQUAL((expected << 8), actual); -+#define TEST_RETURN_COMMAND(actual, expected, command) TEST_EQUAL_LINE((expected << 8), actual, command); - #endif - - extern int num_failures; ---- a/lib/server/TLSContext.cpp -+++ b/lib/server/TLSContext.cpp -@@ -14,6 +14,7 @@ - - #include "autogen_ConnectionException.h" - #include "autogen_ServerException.h" -+#include "BoxPortsAndFiles.h" - #include "CryptoUtils.h" - #include "SSLLib.h" - #include "TLSContext.h" -@@ -84,6 +85,14 @@ void TLSContext::Initialise(bool AsServe - THROW_EXCEPTION(ServerException, TLSAllocationFailed) - } - -+#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL -+ BOX_WARNING("This version of Box Backup overrides the system-wide SSLSecurityLevel for " -+ "backwards compatibility. Please upgrade as soon as possible. See " -+ "https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates#workaround-2 " -+ "for details"); -+ SSL_CTX_set_security_level(mpContext, BOX_DEFAULT_SSL_SECURITY_LEVEL); -+#endif -+ - // Setup our identity - if(::SSL_CTX_use_certificate_chain_file(mpContext, CertificatesFile) != 1) - { ---- a/test/backupstorefix/testbackupstorefix.cpp -+++ b/test/backupstorefix/testbackupstorefix.cpp -@@ -671,8 +671,13 @@ int test(int argc, const char *argv[]) - char name[256]; - while(::fgets(line, sizeof(line), f) != 0) - { -- TEST_THAT(::sscanf(line, "%x %s %s", &id, -- flags, name) == 3); -+ if(StartsWith("WARNING: This version of Box Backup overrides the " -+ "system-wide SSLSecurityLevel", line)) -+ { -+ continue; -+ } -+ TEST_EQUAL_LINE(3, ::sscanf(line, "%x %s %s", &id, flags, name), -+ "Unexpected format in initial-listing.txt: <" << line << ">"); - bool isDir = (::strcmp(flags, "-d---") == 0); - //TRACE3("%x,%d,%s\n", id, isDir, name); - MEMLEAKFINDER_NO_LEAKS; ---- a/test/backupstorefix/testfiles/testbackupstorefix.pl.in -+++ b/test/backupstorefix/testfiles/testbackupstorefix.pl.in -@@ -148,18 +148,20 @@ elsif($ARGV[0] eq 'reroot') - or die "can't open copy listing file"; - my $err = 0; - my $count = 0; -- while(<LISTING>) -+ while(my $line = <LISTING>) - { -- print LISTING_COPY; -- chomp; -- s/\[FILENAME NOT ENCRYPTED\]//; -- next if /^WARNING: \*\*\*\* BackupStoreFilename encoded with Clear encoding \*\*\*\*/; -- my ($id,$type,$name) = split / /; -+ print LISTING_COPY $line; -+ chomp $line; -+ $line =~s/\[FILENAME NOT ENCRYPTED\]//; -+ next if $line =~ /^WARNING: \*\*\*\* BackupStoreFilename encoded with Clear encoding \*\*\*\*/; -+ next if $line =~ /^WARNING: This version of Box Backup overrides the system-wide SSLSecurityLevel/; -+ my ($id,$type,$name) = split / /, $line; - $count++; - if($name !~ /\Alost\+found0/) - { - # everything must be in a lost and found dir -- $err = 1 -+ print "Expected '$name' to be in a lost+found directory, but it was not ($line)"; -+ $err = 1; - } - } - close LISTING_COPY; ---- a/test/basicserver/testbasicserver.cpp -+++ b/test/basicserver/testbasicserver.cpp -@@ -449,6 +449,80 @@ void TestStreamReceive(TestProtocolClien - TEST_THAT(count == (24273*3)); // over 64 k of data, definately - } - -+bool test_security_level(int cert_level) -+{ -+ int old_num_failures = num_failures; -+ -+ // Context first -+ TLSContext context; -+ if(cert_level == 0) -+ { -+ context.Initialise(false /* client */, -+ "testfiles/clientCerts.pem", -+ "testfiles/clientPrivKey.pem", -+ "testfiles/clientTrustedCAs.pem"); -+ } -+ else if(cert_level == 1) -+ { -+ context.Initialise(false /* client */, -+ "testfiles/seclevel2-sha1/ca/clients/1234567-cert.pem", -+ "testfiles/seclevel2-sha1/bbackupd/1234567-key.pem", -+ "testfiles/seclevel2-sha1/ca/roots/serverCA.pem"); -+ } -+ else if(cert_level == 2) -+ { -+ context.Initialise(false /* client */, -+ "testfiles/seclevel2-sha256/ca/clients/1234567-cert.pem", -+ "testfiles/seclevel2-sha256/bbackupd/1234567-key.pem", -+ "testfiles/seclevel2-sha256/ca/roots/serverCA.pem"); -+ } -+ else -+ { -+ TEST_FAIL_WITH_MESSAGE("No certificates generated for level " << cert_level); -+ return false; -+ } -+ -+ SocketStreamTLS conn; -+ conn.Open(context, Socket::TypeINET, "localhost", 2003); -+ -+ return (num_failures == old_num_failures); // no new failures -> good -+} -+ -+// Test the certificates that were distributed with the Box Backup source since ancient times, -+// which have only 1024-bit keys, and thus fail with "ee key too small". -+bool test_ancient_certificates() -+{ -+ int old_num_failures = num_failures; -+ -+ // Level -1 (allow weaker, with warning) should pass with any certificates: -+ TEST_THAT(test_security_level(0)); // cert_level -+ -+ return (num_failures == old_num_failures); // no new failures -> good -+} -+ -+// Test a set of more recent certificates, which have a longer key but are signed using the SHA1 -+// algorithm instead of SHA256, which fail with "ca md too weak" instead. -+bool test_old_certificates() -+{ -+ int old_num_failures = num_failures; -+ -+ // Level -1 (allow weaker, with warning) should pass with any certificates: -+ TEST_THAT(test_security_level(1)); // cert_level -+ -+ return (num_failures == old_num_failures); // no new failures -> good -+} -+ -+ -+bool test_new_certificates() -+{ -+ int old_num_failures = num_failures; -+ -+ // Level -1 (allow weaker, with warning) should pass with any certificates: -+ TEST_THAT(test_security_level(2)); // cert_level -+ -+ return (num_failures == old_num_failures); // no new failures -> good -+} -+ - - int test(int argc, const char *argv[]) - { -@@ -682,6 +756,11 @@ int test(int argc, const char *argv[]) - TEST_THAT(ServerIsAlive(pid)); - #endif - -+ // Try testing with different security levels, check that the behaviour is -+ // as documented at: -+ // https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates -+ TEST_THAT(test_ancient_certificates()); -+ - // Kill it - TEST_THAT(KillServer(pid)); - ::sleep(1); -@@ -691,6 +770,24 @@ int test(int argc, const char *argv[]) - TestRemoteProcessMemLeaks("test-srv3.memleaks"); - #endif - } -+ -+ cmd = TEST_EXECUTABLE " --test-daemon-args="; -+ cmd += test_args; -+ cmd += " srv3 testfiles/srv3-seclevel2-sha1.conf"; -+ pid = LaunchServer(cmd, "testfiles/srv3.pid"); -+ -+ TEST_THAT(pid != -1 && pid != 0); -+ TEST_THAT(test_old_certificates()); -+ TEST_THAT(KillServer(pid)); -+ -+ cmd = TEST_EXECUTABLE " --test-daemon-args="; -+ cmd += test_args; -+ cmd += " srv3 testfiles/srv3-seclevel2-sha256.conf"; -+ pid = LaunchServer(cmd, "testfiles/srv3.pid"); -+ -+ TEST_THAT(pid != -1 && pid != 0); -+ TEST_THAT(test_new_certificates()); -+ TEST_THAT(KillServer(pid)); - } - - //protocolserver: ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha1/bbackupd.conf -@@ -0,0 +1,196 @@ -+ -+StoreHostname = localhost -+AccountNumber = 0x1234567 -+KeysFile = ./bbackupd/1234567-FileEncKeys.raw -+ -+CertificateFile = ./bbackupd/1234567-cert.pem -+PrivateKeyFile = ./bbackupd/1234567-key.pem -+TrustedCAsFile = ./bbackupd/serverCA.pem -+SSLSecurityLevel = 2 -+ -+DataDirectory = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1 -+ -+ -+# This script is run whenever bbackupd changes state or encounters a -+# problem which requires the system administrator to assist: -+# -+# 1) The store is full, and no more data can be uploaded. -+# 2) Some files or directories were not readable. -+# 3) A backup run starts or finishes. -+# -+# The default script emails the system administrator, except for backups -+# starting and stopping, where it does nothing. -+ -+NotifyScript = ./bbackupd/NotifySysadmin.sh -+ -+ -+# The number of seconds between backup runs under normal conditions. To avoid -+# cycles of load on the server, this time is randomly adjusted by a small -+# percentage as the daemon runs. -+ -+UpdateStoreInterval = 3600 -+ -+ -+# The minimum age of a file, in seconds, that will be uploaded. Avoids -+# repeated uploads of a file which is constantly being modified. -+ -+MinimumFileAge = 21600 -+ -+ -+# If a file is modified repeated, it won't be uploaded immediately in case -+# it's modified again, due to the MinimumFileAge specified above. However, it -+# should be uploaded eventually even if it is being modified repeatedly. This -+# is how long we should wait, in seconds, after first noticing a change. -+# (86400 seconds = 1 day) -+ -+MaxUploadWait = 86400 -+ -+# If the connection is idle for some time (e.g. over 10 minutes or 600 -+# seconds, not sure exactly how long) then the server will give up and -+# disconnect the client, resulting in Connection Protocol_Timeout errors -+# on the server and TLSReadFailed or TLSWriteFailed errors on the client. -+# Also, some firewalls and NAT gateways will kill idle connections after -+# similar lengths of time. -+# -+# This can happen for example when most files are backed up already and -+# don't need to be sent to the store again, while scanning a large -+# directory, or while calculating diffs of a large file. To avoid this, -+# KeepAliveTime specifies that special keep-alive messages should be sent -+# when the connection is otherwise idle for a certain length of time, -+# specified here in seconds. -+# -+# The default is that these messages are never sent, equivalent to setting -+# this option to zero, but we recommend that all users enable this. -+ -+KeepAliveTime = 120 -+ -+ -+# Files above this size (in bytes) are tracked, and if they are renamed they will simply be -+# renamed on the server, rather than being uploaded again. (64k - 1) -+ -+FileTrackingSizeThreshold = 65535 -+ -+ -+# The daemon does "changes only" uploads for files above this size (in bytes). -+# Files less than it are uploaded whole without this extra processing. -+ -+DiffingUploadSizeThreshold = 8192 -+ -+ -+# The limit on how much time is spent diffing files, in seconds. Most files -+# shouldn't take very long, but if you have really big files you can use this -+# to limit the time spent diffing them. -+# -+# * Reduce if you are having problems with processor usage. -+# -+# * Increase if you have large files, and think the upload of changes is too -+# large and you want bbackupd to spend more time searching for unchanged -+# blocks. -+ -+MaximumDiffingTime = 120 -+ -+ -+# Uncomment this line to see exactly what the daemon is going when it's connected to the server. -+ -+# ExtendedLogging = yes -+ -+ -+# This specifies a program or script script which is run just before each -+# sync, and ideally the full path to the interpreter. It will be run as the -+# same user bbackupd is running as, usually root. -+# -+# The script must output (print) either "now" or a number to STDOUT (and a -+# terminating newline, no quotes). -+# -+# If the result was "now", then the sync will happen. If it's a number, then -+# no backup will happen for that number of seconds (bbackupd will pause) and -+# then the script will be run again. -+# -+# Use this to temporarily stop bbackupd from syncronising or connecting to the -+# store. For example, you could use this on a laptop to only backup when on a -+# specific network, or when it has a working Internet connection. -+ -+# SyncAllowScript = /path/to/intepreter/or/exe script-name parameters etc -+ -+ -+# Where the command socket is created in the filesystem. -+ -+CommandSocket = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1/bbackupd.sock -+ -+# Uncomment the StoreObjectInfoFile to enable the experimental archiving -+# of the daemon's state (including client store marker and configuration) -+# between backup runs. This saves time and increases efficiency when -+# bbackupd is frequently stopped and started, since it removes the need -+# to rescan all directories on the remote server. However, it is new and -+# not yet heavily tested, so use with caution. -+ -+# StoreObjectInfoFile = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1/bbackupd.state -+ -+Server -+{ -+ PidFile = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1/bbackupd.pid -+} -+ -+ -+# BackupLocations specifies which locations on disc should be backed up. Each -+# directory is in the format -+# -+# name -+# { -+# Path = /path/of/directory -+# (optional exclude directives) -+# } -+# -+# 'name' is derived from the Path by the config script, but should merely be -+# unique. -+# -+# The exclude directives are of the form -+# -+# [Exclude|AlwaysInclude][File|Dir][|sRegex] = regex or full pathname -+# -+# (The regex suffix is shown as 'sRegex' to make File or Dir plural) -+# -+# For example: -+# -+# ExcludeDir = /home/guest-user -+# ExcludeFilesRegex = .(mp3|MP3)$ -+# AlwaysIncludeFile = /home/username/veryimportant.mp3 -+# -+# This excludes the directory /home/guest-user from the backup along with all mp3 -+# files, except one MP3 file in particular. -+# -+# In general, Exclude excludes a file or directory, unless the directory is -+# explicitly mentioned in a AlwaysInclude directive. However, Box Backup -+# does NOT scan inside excluded directories and will never back up an -+# AlwaysIncluded file or directory inside an excluded directory or any -+# subdirectory thereof. -+# -+# To back up a directory inside an excluded directory, use a configuration -+# like this, to ensure that each directory in the path to the important -+# files is included, but none of their contents will be backed up except -+# the directories further down that path to the important one. -+# -+# ExcludeDirsRegex = ^/home/user/bigfiles/ -+# ExcludeFilesRegex = ^/home/user/bigfiles/ -+# AlwaysIncludeDir = /home/user/bigfiles/path -+# AlwaysIncludeDir = /home/user/bigfiles/path/to -+# AlwaysIncludeDir = /home/user/bigfiles/path/important -+# AlwaysIncludeDir = /home/user/bigfiles/path/important/files -+# AlwaysIncludeDirsRegex = ^/home/user/bigfiles/path/important/files/ -+# AlwaysIncludeFilesRegex = ^/home/user/bigfiles/path/important/files/ -+# -+# If a directive ends in Regex, then it is a regular expression rather than a -+# explicit full pathname. See -+# -+# man 7 re_format -+# -+# for the regex syntax on your platform. -+ -+BackupLocations -+{ -+ home-chris-boxbackup-test-basicserver-testfiles-seclevel2-sha1 -+ { -+ Path = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1 -+ } -+} -+ ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-csr.pem -@@ -0,0 +1,15 @@ -+-----BEGIN CERTIFICATE REQUEST----- -+MIICXjCCAUYCAQAwGTEXMBUGA1UEAwwOQkFDS1VQLTEyMzQ1NjcwggEiMA0GCSqG -+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrSHZEUGZxLnDFr0B02Utd5rF6YwYmhzLG -+WNBnC0FBrCN0qJgjEHpQ0jqMGA9vIvBuesYhBmk8hOyJFHNtJB8MJyeHvKSwdwlF -+Isz+gr60RGAKj290nSdFgMvMgkdqz6Vg4R9t94fzhxjk/BJyNjr8r+64hffIOQmM -+YlmADLX38BLRLAfbVVkq/bRgqBFtmvFYTZKl6of1jVSWQLcXGShWE45lc5Hpd+qv -+DRjzsQukb3gJmKU4DMW1BCaS8W6v7R0MG/5CooiwMRrct8puH4IeIDrByBz/0mRP -+fMPjR2qpjx4EmLRcC39lGVBTnXLYM1XGIYsX7f1ssYZZXSSajUp9AgMBAAGgADAN -+BgkqhkiG9w0BAQUFAAOCAQEAbDRc2PW9WnUu7F1g/mWQW8aGhyzMcYTp28kVEtMC -+dvvbNLFWtWPXktM9PjR6F+3QRQktdXwYXsTctmGL4vvSKFd66gw4HklGe+Opiiw/ -+o9F6E2PAFzRYbMio7UYevs/RhktaJRkVyd81e8LtFHuUD3vqBY84NVeKwmxnbdoK -+jzBj3x3COkLLiPTWjb+RgxnPWcNtXhLAcATZeCKBo4U0gvRL1NTMCslIumdhtD8h -+BQOdEaSP2sB8o3mMEh8W5tgja4zWv1GszJK9sJNL/EZag331/++5H06yf8vPhQW7 -+rqRHA33CUe7XiqAkXp+Rgq5W97qcKIlo4uKRzCsTYC/QUg== -+-----END CERTIFICATE REQUEST----- ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-key.pem -@@ -0,0 +1,27 @@ -+-----BEGIN RSA PRIVATE KEY----- -+MIIEpAIBAAKCAQEAq0h2RFBmcS5wxa9AdNlLXeaxemMGJocyxljQZwtBQawjdKiY -+IxB6UNI6jBgPbyLwbnrGIQZpPITsiRRzbSQfDCcnh7yksHcJRSLM/oK+tERgCo9v -+dJ0nRYDLzIJHas+lYOEfbfeH84cY5PwScjY6/K/uuIX3yDkJjGJZgAy19/AS0SwH -+21VZKv20YKgRbZrxWE2SpeqH9Y1UlkC3FxkoVhOOZXOR6Xfqrw0Y87ELpG94CZil -+OAzFtQQmkvFur+0dDBv+QqKIsDEa3LfKbh+CHiA6wcgc/9JkT3zD40dqqY8eBJi0 -+XAt/ZRlQU51y2DNVxiGLF+39bLGGWV0kmo1KfQIDAQABAoIBAHLetfI6uXlOW/M4 -+BVJYKGNhQ8WAg69zHGpJRfrVYX5Zo62pI97gPifV1c3+lNtD41s0m4uqcQlVXAzS -+2lZn0yqjV6+ApDJ0opLrM++8X4kmEgMDDwx2GNBUAFm3RY4slAzU7e8iAtsfz2JC -+a1yNYiH1G3RE5FgzaGPt0Xg/DgqorT6uR5/jIzlSpqRse9sXG4/uGEmfkogMwvU+ -+gmcMOs+Jm7HbLMIGxzBydNTFoup1YUVSCuIjdJBpWRCbBaeYeTSoQgdAPALtwJgz -+v8quFaJOkJMKIaXOF+1VN8w5rPTJJdfHtYITz6i0V5A7qSHR5jckbm0UWcXnEdaZ -+YvkKRUECgYEA4krb4xrXLuSbUv70dKXybyNxEFK+IVG6NZG4+iaW8B8oU8+q8FzM -+HPYAdppYKkYrjslKWIOwZdTsYa4Z8U/uhmMv4OpcCq7nYv6W/g1N/AMd8pEJvV9m -+EQ5hY1uMg3rgorYWGDyh3HcYl2q4/9EJiPKUVoZb9IPeO3Po3TgK8A8CgYEAwcTf -+EHJVs5F2mnetRhETpC5IGUB9OKbPm+JR6+BNFsh1vaPosobfYOzO6PJm0H/z4jMN -+n29oc1SAphUXegE6gbVO8/hd9S4OhTq8egFO9Y/BN3/lHUYe/RPs2BZ+Foh70PH7 -+9l6K/UDrwJ458hBrFM/DCcjRRcw12GBPUZ8xkLMCgYEAlND8GDc/igQnLYajhs7X -+R0V8hmqTxN+1YKNLjZ6xJoqm/68TUG0Ggok5NsY78tkgrg8sSFeaOu2y4m4Xe33A -+dDpoczZMf24UlyKsc7iWL4RxPmMpj5NcUR0u6KN9Hb5CWl762seM/qqHzpQNw5ZZ -++ejlqp1DfeL21Axe+JRxhPsCgYEAiYEWtoocbRhd7RHeYWl+4bSCL4FHG2usyjdZ -+4SREMFXCz/fACuiRHiwOTNqvwWf7ftqx4SFjIuylerZe+ZJjnWY3iAQJURME9OCQ -+nZfOG46PE75rrVF0bi20lken5H+oNcdzAQtoYH2wjvj5r+CczKD/DDN45qoaz9jQ -+kOCCgOcCgYBDeOUq+6UoZMmx1c/H4MnRWMpHu0hNfivDEeJMYkxLMA98clstohc7 -+T4B4gaoCewJ5XVR72k+Oqgvy++d4g5EpRjFE8hVNjw7Vo3WP0+X5iI+TmBuLKh/c -+Wl10t7jLE25vyLJs4nmQd4hav9gWMbP5l99sVq61DM6bMuRcQnyeIA== -+-----END RSA PRIVATE KEY----- ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/NotifySysadmin.sh -@@ -0,0 +1,70 @@ -+#!/bin/sh -+ -+# This script is run whenever bbackupd changes state or encounters a -+# problem which requires the system administrator to assist: -+# -+# 1) The store is full, and no more data can be uploaded. -+# 2) Some files or directories were not readable. -+# 3) A backup run starts or finishes. -+# -+# The default script emails the system administrator, except for backups -+# starting and stopping, where it does nothing. -+ -+SUBJECT="BACKUP PROBLEM on host debian-unstable" -+SENDTO="chris" -+ -+if [ "$1" = "" ]; then -+ echo "Usage: $0 <store-full|read-error|backup-ok|backup-error|backup-start|backup-finish>" >&2 -+ exit 2 -+elif [ "$1" = store-full ]; then -+ sendmail: $SENDTO <<EOM -+Subject: $SUBJECT (store full) -+To: $SENDTO -+ -+ -+The store account for debian-unstable is full. -+ -+============================= -+FILES ARE NOT BEING BACKED UP -+============================= -+ -+Please adjust the limits on account 1234567 on server localhost. -+ -+EOM -+elif [ "$1" = read-error ]; then -+sendmail: $SENDTO <<EOM -+Subject: $SUBJECT (read errors) -+To: $SENDTO -+ -+ -+Errors occured reading some files or directories for backup on debian-unstable. -+ -+=================================== -+THESE FILES ARE NOT BEING BACKED UP -+=================================== -+ -+Check the logs on debian-unstable for the files and directories which caused -+these errors, and take appropriate action. -+ -+Other files are being backed up. -+ -+EOM -+elif [ "$1" = backup-start -o "$1" = backup-finish -o "$1" = backup-ok ]; then -+ # do nothing by default -+ true -+else -+sendmail: $SENDTO <<EOM -+Subject: $SUBJECT (unknown) -+To: $SENDTO -+ -+ -+The backup daemon on debian-unstable reported an unknown error ($1). -+ -+========================== -+FILES MAY NOT BE BACKED UP -+========================== -+ -+Please check the logs on debian-unstable. -+ -+EOM -+fi ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha1/bbstored.conf -@@ -0,0 +1,23 @@ -+ -+RaidFileConf = ./raidfile.conf -+AccountDatabase = ./bbstored/accounts.txt -+ -+# Uncomment this line to see exactly what commands are being received from clients. -+# ExtendedLogging = yes -+ -+# scan all accounts for files which need deleting every 15 minutes. -+ -+TimeBetweenHousekeeping = 900 -+ -+Server -+{ -+ PidFile = /var/run/bbstored.pid -+ User = chris -+ ListenAddresses = inet:localhost -+ CertificateFile = ./bbstored/localhost-cert.pem -+ PrivateKeyFile = ./bbstored/localhost-key.pem -+ TrustedCAsFile = ./bbstored/clientCA.pem -+ SSLSecurityLevel = 2 -+} -+ -+ ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-csr.pem -@@ -0,0 +1,15 @@ -+-----BEGIN CERTIFICATE REQUEST----- -+MIICWTCCAUECAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B -+AQEFAAOCAQ8AMIIBCgKCAQEAyzNFMI4BCpd/vGvPseb8U/NZYDQZ6nV7nFwDPsyr -+/yoUBQz7/gEAFP9Zo+8C9h89N2dPuxVNgylybiXO1icy8NsH+xkTtJXPSqi/Q87M -+36V5/k7wfF6Kx9ayuB2e1xg844fuY3llYacOyoA1NWP3DaQP+MztxuvKqK4JnodU -+oqysEK3DF4F1qFSHh1fum5nY+GBPaZjhn6ns/prQP8De6bctEjUAEYSKqUjNJpYa -+sP0KqFH8CoY1ZGa/f5n0CZ/9VT5N+Nm0TA1HwX2QeH0h1yp/LH52tD6/8T9XqgK4 -+iuekRol6dkj63jXPnVSK4NSFksTzJsQCABOUz4kXKZucQQIDAQABoAAwDQYJKoZI -+hvcNAQEFBQADggEBACN8kdjf8P/OBMVytAKxWlXDAtG5A8qZz4e+aNM4JfXF//fP -+pS5c+m0rpt6aop4N5n5MWyL54eJlhh+yyNdm2RmHvybJKHLTRCPzP3gtHaVZ4v2V -+xWbDW+LuLMhDp70Ci1/CGWv+fQ2jmKPAtXGcbIsvjI+swLRtJDTwNV6B/dbS5QyF -+6n8O+pSLS6l7vsXginavB+VLAWWdtCbZAgId9Io0BePN/LpVb2bLgzGfzBInSCFl -+4bBN3dqC7nFkXdk+EXseA0L1NYUpXZoperzxMgDG74IMPwIomkb3elNP7xpz3Zgg -+Y5xwL05H5Jj5aW3Ao9mY3LKK8ZmAQnljOsyQsKc= -+-----END CERTIFICATE REQUEST----- ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-key.pem -@@ -0,0 +1,27 @@ -+-----BEGIN RSA PRIVATE KEY----- -+MIIEowIBAAKCAQEAyzNFMI4BCpd/vGvPseb8U/NZYDQZ6nV7nFwDPsyr/yoUBQz7 -+/gEAFP9Zo+8C9h89N2dPuxVNgylybiXO1icy8NsH+xkTtJXPSqi/Q87M36V5/k7w -+fF6Kx9ayuB2e1xg844fuY3llYacOyoA1NWP3DaQP+MztxuvKqK4JnodUoqysEK3D -+F4F1qFSHh1fum5nY+GBPaZjhn6ns/prQP8De6bctEjUAEYSKqUjNJpYasP0KqFH8 -+CoY1ZGa/f5n0CZ/9VT5N+Nm0TA1HwX2QeH0h1yp/LH52tD6/8T9XqgK4iuekRol6 -+dkj63jXPnVSK4NSFksTzJsQCABOUz4kXKZucQQIDAQABAoIBACvo7mCprwvs5QuA -+eKdG9OvnQD8LwzXpIUcOkxz0+Y3wN9dHkQS4jp36+BH2yjsJUR8x0gbpeZCIWlP3 -+E5Uvb1Cg5D6ckqeJX/wQLxSmEZualJwhztHxVCgO+xvSOsrcT/wTGa6hQwkxIn8b -+6WOaMH7gHxtynUdJGMgOo8GAGQf1yVganOo8hk/jARjln3Cyg+0018a8P0bZHI5L -+2EJgXSvVo5N4s0sVxMTDUX80YMmpH5M1duCYRitJwZCDMg5xOjootvfzw9pDD40/ -+JsQHxdCfotDEBOVym7mKqxOUowwA+8vKG5yOkG7Fb7QmO9UkujqBCQs7n9q+0wj5 -+3OV872ECgYEA+YwqJ+vk8EK6Eo4ZJmYNhreKDtfTCiv4CRpxWimyf8fShhPSpcur -+JSMl7OLuJhqsWIoGs5v1QSMhaSckLVq5lSZ7czVyC/ZFmhXN8LmfdYJ3LuSfEhG/ -+ma9c2qXXC9EbTgdRg5lFSIugBFEHv+656Jn6Oj4hN/V8bd0EDgSY7Q0CgYEA0HRR -+esMH2YSGztoauzl0FmOHrH53diTpCNBzh2ZEwQgHcTbHK3VfDqN0bsUx4SwZW/Wj -+o7elnrBDHdVa8LMbUq7DH5YzRnfbGJHcKhUCTI3eT0wfpKvnyptIwRaKozS313rx -++5ZePf51krnYTs6p73Nvu7ALUwTLLi57PZQKJwUCgYB2B0JlEWB99sF1RzpD/B7H -+qgWlUZUiiXtOKvCT+YbQgx1ihvupqTPwY7hrW0XSRelgEyBqUQhl34zM5FNrFC8U -+iVf4PL4NRFTVNRzrj5AJD0T5q+5EqJpbwSKE081rbGKivDlkqdioIEn14LFuqSXL -+CxDb/UjO49APUmq5ipkd/QKBgQCfSxPsrNb1yMk/jvn4coochchq72WYudH+c1Sl -+dmg53knZoROISTPvusbB0x0vxgRG+qom9LKyVl2jkaPh5eyOPZBMNfpO8k5SMzw8 -+SDuuhocIr9JKgzco44swSmp9F08ZchEywZCY7TepfS0n49OGcP9EPN4afcJKMyjo -+QJWVhQKBgH47nr45MgQJIoeUzmDPL/N9jAlG4+MvfsGvZxtGeRij68TYFStPEccO -+GJH09GQZgxvz8YbamC4KEA67PlwOdm/4ITs4HAE+tX6gaYeXG8XTw/azQdx0ZhXu -+EIhyRvSeCfXq/hi4Qef2yIx3YLarPXw1E38Xtl0MOl+yGg827Imt -+-----END RSA PRIVATE KEY----- ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha1/ca/clients/1234567-cert.pem -@@ -0,0 +1,17 @@ -+-----BEGIN CERTIFICATE----- -+MIICsTCCAZkCAQEwDQYJKoZIhvcNAQEFBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5 -+c3RlbSBjbGllbnQgcm9vdDAeFw0xOTA0MjgyMDU3NDBaFw0zMzAxMDQyMDU3NDBa -+MBkxFzAVBgNVBAMMDkJBQ0tVUC0xMjM0NTY3MIIBIjANBgkqhkiG9w0BAQEFAAOC -+AQ8AMIIBCgKCAQEAq0h2RFBmcS5wxa9AdNlLXeaxemMGJocyxljQZwtBQawjdKiY -+IxB6UNI6jBgPbyLwbnrGIQZpPITsiRRzbSQfDCcnh7yksHcJRSLM/oK+tERgCo9v -+dJ0nRYDLzIJHas+lYOEfbfeH84cY5PwScjY6/K/uuIX3yDkJjGJZgAy19/AS0SwH -+21VZKv20YKgRbZrxWE2SpeqH9Y1UlkC3FxkoVhOOZXOR6Xfqrw0Y87ELpG94CZil -+OAzFtQQmkvFur+0dDBv+QqKIsDEa3LfKbh+CHiA6wcgc/9JkT3zD40dqqY8eBJi0 -+XAt/ZRlQU51y2DNVxiGLF+39bLGGWV0kmo1KfQIDAQABMA0GCSqGSIb3DQEBBQUA -+A4IBAQBvwLWvNs2FhwNhjCA0A4r6hbKcdZDqmHT+EJpf1Os/f5A1fTah5u2UvNiQ -+jYkI7u5dds/pSRDQ+1itbq2ltHq59QolMDN80xbrqgW2SCYIzBqR5i+plIIlGaM+ -+Cih9QUrbZO1qBSA9nvuqFOGdi4tca+rkkuogWWNsngEydS32EmcI/cTcrubMKnYT -+aW3+z46D42uZwljlhjnDDRbbvwpqd1h4NPbJcadelZnG3fsO0MCWi8LLp8Sepot7 -+oDoseZ55JtYSjQuLFzfvgbvdkl/AQS1J+0Tjf2pq1zjIJmZ8qCuCP694z2BzRMTp -+y0vJrXoCFTpVaNZZJx+x8ZqKjp3J -+-----END CERTIFICATE----- ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootCSR.pem -@@ -0,0 +1,15 @@ -+-----BEGIN CERTIFICATE REQUEST----- -+MIICaTCCAVECAQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5c3RlbSBjbGllbnQgcm9v -+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcxnm27tjpmhPdI23hV -+VLerRKdYRutug9EaVwoegRzsnx/+6vBrnXQFbqenA2MR9yMhje+CJqZJcKoEyN6o -+hSuv2vpMUOxLquUjhzv184rxp8dVcz1E6zpnxo5vJw8NoxN65SEjMKxFcO8e/RwQ -+Pb8Yot1wEantMZKUu9qQ45lPCJH1VdPES09D6yMc62P7gOkybR4MZE7t2Wm9Bbx6 -+H3Ag9OaSuYJOhf3614SvZQFmUlr07X/RFGsAixXi7CWqMjPKZDpG0PALVnKeKrfj -+5gftcEUVVh2jRtfwN7DcTQu1f0Cv3Ixvv7T0lOK1BXGt5S8/l1RLeCNkzzIDyyEM -+92UCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQB9d+4iZAtngEGpbtuHEhWssZKP -+fisCUA+XokqrQ5Bw8wpE/zh4WHBfKDE0mrXARiJABKJqTVUI/fI9cGVWvRj17yxv -+aIuZdYsZgAWhy6U2u0I8Kyul4URnDJq+JiqKOwYDjduZRi6axsjqVoWqeyRn0M1o -+05d5O+TzS6uH9JhdYzpBeQVRweH4Dq374ApJu55RW+RQ7CpFQpW1cCqm3nMybNoM -+uMMDTXeV09jh8DE63VE5GLi2N9/DaAD8VrrGuZWRFUhEvxHe8Qs8gCX7ep+9rUlS -++Vn0880ItjjBRQwDaSkJqQaGL0Wq4eBSTx9WcvIer9XFfwUYKOFVIPwQqDqn -+-----END CERTIFICATE REQUEST----- ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootKey.pem -@@ -0,0 +1,27 @@ -+-----BEGIN RSA PRIVATE KEY----- -+MIIEowIBAAKCAQEAxzGebbu2OmaE90jbeFVUt6tEp1hG626D0RpXCh6BHOyfH/7q -+8GuddAVup6cDYxH3IyGN74ImpklwqgTI3qiFK6/a+kxQ7Euq5SOHO/XzivGnx1Vz -+PUTrOmfGjm8nDw2jE3rlISMwrEVw7x79HBA9vxii3XARqe0xkpS72pDjmU8IkfVV -+08RLT0PrIxzrY/uA6TJtHgxkTu3Zab0FvHofcCD05pK5gk6F/frXhK9lAWZSWvTt -+f9EUawCLFeLsJaoyM8pkOkbQ8AtWcp4qt+PmB+1wRRVWHaNG1/A3sNxNC7V/QK/c -+jG+/tPSU4rUFca3lLz+XVEt4I2TPMgPLIQz3ZQIDAQABAoIBAQC1TQJIGmw4J4uq -+j5PCqNgc/DPWpNCYBNTRg8npGe6mZvBGbP1lqm17Zl5bFfZNO9LXFPldH/cRrxJu -+jUBO+M+M/divrLqS+CQpvvadqrTqqBzvn2TuRUZcuIvOpHjGiMD/QAJA8QiiI+ow -+muIBov6wajoClrhdE9jk858vxmSB6gE4czdTrXvZQXC+9EyuaqrLQeTuJbz1JNGN -+jR61iSZWBfI6Ige+PSKpIQW/pU1+2QHyUNhTqN9V8Cxw0tVnOCZxNlWbXIaqsowa -+s4lzfYVvK1NsHitX3wIRJv3gPt3JYN8VIwpq86w1CDxvmEQUuj6VYGDj1n278z4h -+4CaZGNFBAoGBAP/b++wVZ1D0glBRhXghCMqGi/bzBySD+XDzd2DwVRM6jkX4Krof -+MPflg2AMGXOvYYEoDtNWPHYzLts45zpOY111DA4OKqLL1QgTOOtjjd4b/+AaQOKt -+m/Gvr9WFdqCjtO2rcv4546nB4M6bf6umHqoeKK947mi08jmW9VvZhaC5AoGBAMdN -+qIYmnR17s9He9/jgU9zfp+21fC9GSDI9MrdaGP9E4EAeg95Sn3ppplzVeIW+c2b/ -+0MuhdbR2dn7JoXcJKlO2qcadvsRWURvR0ofWbjcKoKdAHlShsNIfT8cWfk7E1DL3 -+04JTWFcLA7M5RkdT9y2/N4NNKAZ37ZWO10r5jz4NAoGAXWh8gmYV//IkGRqJ9Z9p -+zDZupst20hf0Ww4niRZ0mL6J7nV5c9WrVPVPjyMbr6ZZnIN5ViJnlGd/Nb2CfUDc -++eOfcQou+pwbvAT4hMclpe7m7XPoOFlVU1jmgrdk5aSeix5KrxGHUhRb9FHEvG+7 -+RjQYemdV8pgMzoWUMeIp7NECgYB/39rN3/6UySbR9E6EF2KXZ8T2Jqh8KIrv+QYO -+UDeTqVx8p1eSkM6UGy9LhwfiQBUJM/+Cd6Du3ccfiD0aA/5tYdjCf7nDfWJjCBgd -+Yb6rgB0d0mzjfi7WUpK8OTlnTrCb1xiVGOaoSn/gQVJPN5dzeamjjCCvLcl5WQHX -+sBFxDQKBgAYnvJcaXYiyDW2fpdKodzf0AwPBaR2yUJsO2Zm2RpigrpAkpSo5lk5N -+GTWEbWUeENlgapQot5pxKbX07wSpifG3eAULusJuwd9+Ys04GZMYR9T+JXxjLQq7 -+hxlWFoj/8o8zh5tGWocqvmTgIiFngwLpHRFStrAhmFSWtHlsgruV -+-----END RSA PRIVATE KEY----- ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootCSR.pem -@@ -0,0 +1,15 @@ -+-----BEGIN CERTIFICATE REQUEST----- -+MIICaTCCAVECAQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5c3RlbSBzZXJ2ZXIgcm9v -+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmT9t4A51xpeJ3h6ddg -+l2wYFYSp2YdquKX85hipesYp0EIlrPHDdHXFjDS50ZhI62+2hxr/qCtSWwsAiNoK -+xSopXMVd6BO6eYPM0KqW4BMnqsKewv39uDiIHVQblB/3/4nd2Jx3sxGIdFivCDuo -+nqYm4BT5vEvHWG1Z+FtGqdPGZk4UG53Rx6ewHCYwpXUgCxJE814fruw+aWXPI0U3 -+QYCgehOTP5+zcONaFP9aSVd5GXqCtF+MgZYSSK4exL33gKsaDXwhiTJ2IgOs4YpN -+HG4fu/ct4ppwArHvaHMuLKS6IgFjCHYCqMD/N2+ZpszPWzI5KGprfHZxl0uTLGTd -+HdsCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQCflWlk+xCivLP+EK8oh0VCuTo2 -+qLMuPOR8GU+gVUN1z68T4j/ZsI0NKox++9NOzGwTE/cSpN+nfLNdhPwOM+TrRtS/ -+iDrTSDMSVK4SjIQ9iEaINbfOZOv52l9vkyCR/u0TrnnkjXknzU9ZQmnDvj2e8K/B -+lq7LjvxeMxvLeZKfISr5XGcnUvhGcJkG6Cdkk6OIYUL7oDmBjS3IBzNTVTVmMB/U -+fHMURt/+ljmYKwNN8J7bG8nsMc/UnqqSLqBpPovup/+Ol8pbAjPNaLrQTz5PrN/k -+0PwqzbSJ52HEQY+kwpWLpx47p8ArQhD+YTaCUxyqzBWAI573rMdiAh/ZKVVi -+-----END CERTIFICATE REQUEST----- ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootKey.pem -@@ -0,0 +1,27 @@ -+-----BEGIN RSA PRIVATE KEY----- -+MIIEpAIBAAKCAQEAyZP23gDnXGl4neHp12CXbBgVhKnZh2q4pfzmGKl6xinQQiWs -+8cN0dcWMNLnRmEjrb7aHGv+oK1JbCwCI2grFKilcxV3oE7p5g8zQqpbgEyeqwp7C -+/f24OIgdVBuUH/f/id3YnHezEYh0WK8IO6iepibgFPm8S8dYbVn4W0ap08ZmThQb -+ndHHp7AcJjCldSALEkTzXh+u7D5pZc8jRTdBgKB6E5M/n7Nw41oU/1pJV3kZeoK0 -+X4yBlhJIrh7EvfeAqxoNfCGJMnYiA6zhik0cbh+79y3imnACse9ocy4spLoiAWMI -+dgKowP83b5mmzM9bMjkoamt8dnGXS5MsZN0d2wIDAQABAoIBAQCKVJ3+74PV6RM6 -+1YORp9mB9m0d4ylCQryAPDLzDasRPjSKkCxEpKrQ/0YeEL6C0NewjAPfRT50rEmK -+HU3Mw8NWEZh2YOEYWMl25yDzUCJpQrluYWDSyECZmt71jw9xeNDGHZW+mm4qRAgD -+q+nsduSYhOkVu+O55Q0Lzcgfaziz+KNlZNFyjQpyrwCoj9lssL+ZYfhFZV2OnPof -+QLQpCEmrqzFaE9oFDjXxRkvmEBgtxPqSHNg2ZoFuVRAwcal8WHJbf7twCyQKB4i4 -+UFV/SX70qw4pfX53rfUoxUNEJgnnJIpOV0q2N/FO3CPYMjvdSoqkhbaIa2D4c37h -+8aB0HCjxAoGBAPukpme3nRy7ybr5P8XomkIy+36sH8hLRoDZCNnz8UJa1OmrA8tG -+yKch9vlBMDXjzDQ0Uq8OFSjFN7uQF5zLx4UU2eL/ptEWEmDpPZui7YmI5Ep/ZK4k -+reK4op0tJ2fy7Fhq6IoBKvUVN3waWXzmObq77IKIQ5t1Z+MyfHEAtvKHAoGBAM0R -+aXluyt3+RwOE2RdlwgSDnHYNvKAUfmkOIVprFEb13LQABbna5BmNIa/rZ+RDtNza -+2/Tzqpmq8OVQkF9ATqjba+Y6GAoDwaAcvVwDrjoYtlI8zjnFEhhgVl455QlEZc5O -+qxOPYx4Kt60Cc6ee8L9gPvJUIAQLyyCjv1IWYQsNAoGBANWkPALiSGkUpXgwFIyZ -+ph192zb4OyN5hSnvGSyxhqqnIwwfPOFf/wqmM1/6kEuwUrYflfM5KY2rol2DQAjG -+mWXLBhFKqv3ol0Hfw4ZXFQQnTGpTLc8LJPXPe3+lzkbaXv3SBgrkYuwgTzL1y/PW -+Ijz/PxSzS3K4grLJMg1eZfQRAoGAOuatbPutuWW38ALQeC/6MmG7Jw17CF/aj0JH -+wjjPcjJcWjdHbcK5kb0/18+934qzAFy8oPb8IXdACh3B2hoWfdnIfDBjhzzc+KhI -+m41TFczTUXu1oFJCiE3jgN0QNEE5HLDr4opk5dQePctefN7iN5XlfqU7LO5WQeHG -+qkVTSmECgYB+pEKVBHyKyJtdnWhrVr8vhlJH7fh6VUkL4gnuoiFcfPn2gyw6UX7E -+9tls3aoxx47jvaJuoaNjiaT8ZZ4C0mx/L7XNHxiQHRb89nPC+WvapplDw+1XA0JK -+k/JenbDUXuEPrdoJh30lwwYqNBEJTstFbYILDhbaw4Ud6hRUrIfQOA== -+-----END RSA PRIVATE KEY----- ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.pem -@@ -0,0 +1,18 @@ -+-----BEGIN CERTIFICATE----- -+MIICzzCCAbcCFDMFGbY+8snuTNZA311AVJo5GvwmMA0GCSqGSIb3DQEBBQUAMCQx -+IjAgBgNVBAMMGUJhY2t1cCBzeXN0ZW0gY2xpZW50IHJvb3QwHhcNMTkwNDI4MjA1 -+NzM1WhcNMzgwMTE4MjA1NzM1WjAkMSIwIAYDVQQDDBlCYWNrdXAgc3lzdGVtIGNs -+aWVudCByb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzGebbu2 -+OmaE90jbeFVUt6tEp1hG626D0RpXCh6BHOyfH/7q8GuddAVup6cDYxH3IyGN74Im -+pklwqgTI3qiFK6/a+kxQ7Euq5SOHO/XzivGnx1VzPUTrOmfGjm8nDw2jE3rlISMw -+rEVw7x79HBA9vxii3XARqe0xkpS72pDjmU8IkfVV08RLT0PrIxzrY/uA6TJtHgxk -+Tu3Zab0FvHofcCD05pK5gk6F/frXhK9lAWZSWvTtf9EUawCLFeLsJaoyM8pkOkbQ -+8AtWcp4qt+PmB+1wRRVWHaNG1/A3sNxNC7V/QK/cjG+/tPSU4rUFca3lLz+XVEt4 -+I2TPMgPLIQz3ZQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCUifYeul9/GHa2LV6/ -+k9ZKOjcSmmDud8sTwfum3CuHLb9ODcKMaNz/vzPYeVyN7MZvXJIAqxaxrrToye46 -+pDRQnguPNI5XU+Vb2l3Xvm7WBRGcxkAInkYBB7GwxmfffPS9/JrdPzxD6h3z8IOT -+jwzULNmNDse7Wf1hrgS1qKcCzJA1b1rLnZcrU+z3OUvLiR/8Bo/IuwXZVoNqDdq7 -+NzrqYT4x0J4P5PuBQHPB/fHMFDc1HoCgLG9b42th71kDoxG7IH2r02FzVjF8qIvD -+eQes3VbI7BDT/f0L2r1FHcA7FVRUqTWnEWby/PjTZiRCSPKUG7RqAplrOKmk9JuN -+PkkW -+-----END CERTIFICATE----- ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.srl -@@ -0,0 +1 @@ -+01 ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.pem -@@ -0,0 +1,18 @@ -+-----BEGIN CERTIFICATE----- -+MIICzzCCAbcCFGAQPLcwEruVZrE+h1tmI7s9CffgMA0GCSqGSIb3DQEBBQUAMCQx -+IjAgBgNVBAMMGUJhY2t1cCBzeXN0ZW0gc2VydmVyIHJvb3QwHhcNMTkwNDI4MjA1 -+NzM1WhcNMzgwMTE4MjA1NzM1WjAkMSIwIAYDVQQDDBlCYWNrdXAgc3lzdGVtIHNl -+cnZlciByb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZP23gDn -+XGl4neHp12CXbBgVhKnZh2q4pfzmGKl6xinQQiWs8cN0dcWMNLnRmEjrb7aHGv+o -+K1JbCwCI2grFKilcxV3oE7p5g8zQqpbgEyeqwp7C/f24OIgdVBuUH/f/id3YnHez -+EYh0WK8IO6iepibgFPm8S8dYbVn4W0ap08ZmThQbndHHp7AcJjCldSALEkTzXh+u -+7D5pZc8jRTdBgKB6E5M/n7Nw41oU/1pJV3kZeoK0X4yBlhJIrh7EvfeAqxoNfCGJ -+MnYiA6zhik0cbh+79y3imnACse9ocy4spLoiAWMIdgKowP83b5mmzM9bMjkoamt8 -+dnGXS5MsZN0d2wIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCHI5RDuqx9hu0anQRC -+dREc+3agRxq4C+Fo0mrsF1CWooO9lGyWvJqygiBGqOSjMi3D8AoyQXhxcvf1EniP -+CHCpqlP+h+6qILbtBizTTtHhceTpXiU5Se/yJvm9814jJrXVp10akShXzBlc4W/2 -+O0NX6b1B0De2z+YJydB+meZws7wgGD3eZCBr2uF2seYTNitKmNfUfq9UXxxCKcMu -+eeRzWGM1UDFaRbN7FKNo6YpUE21olZEjxF8xOfyuWOYxv8qNTck89SurOwj4as/o -+CLJLVQ7i/keqt1XXXOSpp46CkRoEmmuxHuql44dToQOLZH1RcZLOMHSPO3OdNo5Z -+o2Do -+-----END CERTIFICATE----- ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.srl -@@ -0,0 +1 @@ -+01 ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha1/ca/servers/localhost-cert.pem -@@ -0,0 +1,17 @@ -+-----BEGIN CERTIFICATE----- -+MIICrDCCAZQCAQEwDQYJKoZIhvcNAQEFBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5 -+c3RlbSBzZXJ2ZXIgcm9vdDAeFw0xOTA0MjgyMDU3MzhaFw0zMzAxMDQyMDU3Mzha -+MBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -+AQoCggEBAMszRTCOAQqXf7xrz7Hm/FPzWWA0Gep1e5xcAz7Mq/8qFAUM+/4BABT/ -+WaPvAvYfPTdnT7sVTYMpcm4lztYnMvDbB/sZE7SVz0qov0POzN+lef5O8HxeisfW -+srgdntcYPOOH7mN5ZWGnDsqANTVj9w2kD/jM7cbryqiuCZ6HVKKsrBCtwxeBdahU -+h4dX7puZ2PhgT2mY4Z+p7P6a0D/A3um3LRI1ABGEiqlIzSaWGrD9CqhR/AqGNWRm -+v3+Z9Amf/VU+TfjZtEwNR8F9kHh9Idcqfyx+drQ+v/E/V6oCuIrnpEaJenZI+t41 -+z51UiuDUhZLE8ybEAgATlM+JFymbnEECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA -+dYM0WTSCb0AN6eGhlbyNsENnUwLYjDE7ojVD2pY0Ab4ik04DIfTm5piqEkz5HBaI -+1ZIEtYlImnvQ9cax1m+8LrVS2tflPpZ0CqWT+In7EncuI1lONZJfYELITDgU3LWx -+FEfNQJaOv0Uc8u8GG29d22a50/jTfZr20puM7mYQkLaUJLHgoTImYg6M8W3Ggkyt -+DO/yrtPUWm424wCYx+f3DgOrraFtiRLdqUpy5+bRqmzTuEFMAARqt4uudF6MR36n -+hBIXg1jYKGrZMLwi60vfdtwe+zpAV/7SRGLbekhB6iAcVIXuom2aD7rlIcJHW/wd -+hk9u7ie0JVDdu0R4I5Z9vw== -+-----END CERTIFICATE----- ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha1/raidfile.conf -@@ -0,0 +1,10 @@ -+ -+disc0 -+{ -+ SetNumber = 0 -+ BlockSize = 1024 -+ Dir0 = . -+ Dir1 = . -+ Dir2 = . -+} -+ ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha256/bbackupd.conf -@@ -0,0 +1,195 @@ -+ -+StoreHostname = localhost -+AccountNumber = 0x1234567 -+KeysFile = ./bbackupd/1234567-FileEncKeys.raw -+ -+CertificateFile = ./bbackupd/1234567-cert.pem -+PrivateKeyFile = ./bbackupd/1234567-key.pem -+TrustedCAsFile = ./bbackupd/serverCA.pem -+ -+DataDirectory = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2 -+ -+ -+# This script is run whenever bbackupd changes state or encounters a -+# problem which requires the system administrator to assist: -+# -+# 1) The store is full, and no more data can be uploaded. -+# 2) Some files or directories were not readable. -+# 3) A backup run starts or finishes. -+# -+# The default script emails the system administrator, except for backups -+# starting and stopping, where it does nothing. -+ -+NotifyScript = ./bbackupd/NotifySysadmin.sh -+ -+ -+# The number of seconds between backup runs under normal conditions. To avoid -+# cycles of load on the server, this time is randomly adjusted by a small -+# percentage as the daemon runs. -+ -+UpdateStoreInterval = 3600 -+ -+ -+# The minimum age of a file, in seconds, that will be uploaded. Avoids -+# repeated uploads of a file which is constantly being modified. -+ -+MinimumFileAge = 21600 -+ -+ -+# If a file is modified repeated, it won't be uploaded immediately in case -+# it's modified again, due to the MinimumFileAge specified above. However, it -+# should be uploaded eventually even if it is being modified repeatedly. This -+# is how long we should wait, in seconds, after first noticing a change. -+# (86400 seconds = 1 day) -+ -+MaxUploadWait = 86400 -+ -+# If the connection is idle for some time (e.g. over 10 minutes or 600 -+# seconds, not sure exactly how long) then the server will give up and -+# disconnect the client, resulting in Connection Protocol_Timeout errors -+# on the server and TLSReadFailed or TLSWriteFailed errors on the client. -+# Also, some firewalls and NAT gateways will kill idle connections after -+# similar lengths of time. -+# -+# This can happen for example when most files are backed up already and -+# don't need to be sent to the store again, while scanning a large -+# directory, or while calculating diffs of a large file. To avoid this, -+# KeepAliveTime specifies that special keep-alive messages should be sent -+# when the connection is otherwise idle for a certain length of time, -+# specified here in seconds. -+# -+# The default is that these messages are never sent, equivalent to setting -+# this option to zero, but we recommend that all users enable this. -+ -+KeepAliveTime = 120 -+ -+ -+# Files above this size (in bytes) are tracked, and if they are renamed they will simply be -+# renamed on the server, rather than being uploaded again. (64k - 1) -+ -+FileTrackingSizeThreshold = 65535 -+ -+ -+# The daemon does "changes only" uploads for files above this size (in bytes). -+# Files less than it are uploaded whole without this extra processing. -+ -+DiffingUploadSizeThreshold = 8192 -+ -+ -+# The limit on how much time is spent diffing files, in seconds. Most files -+# shouldn't take very long, but if you have really big files you can use this -+# to limit the time spent diffing them. -+# -+# * Reduce if you are having problems with processor usage. -+# -+# * Increase if you have large files, and think the upload of changes is too -+# large and you want bbackupd to spend more time searching for unchanged -+# blocks. -+ -+MaximumDiffingTime = 120 -+ -+ -+# Uncomment this line to see exactly what the daemon is going when it's connected to the server. -+ -+# ExtendedLogging = yes -+ -+ -+# This specifies a program or script script which is run just before each -+# sync, and ideally the full path to the interpreter. It will be run as the -+# same user bbackupd is running as, usually root. -+# -+# The script must output (print) either "now" or a number to STDOUT (and a -+# terminating newline, no quotes). -+# -+# If the result was "now", then the sync will happen. If it's a number, then -+# no backup will happen for that number of seconds (bbackupd will pause) and -+# then the script will be run again. -+# -+# Use this to temporarily stop bbackupd from syncronising or connecting to the -+# store. For example, you could use this on a laptop to only backup when on a -+# specific network, or when it has a working Internet connection. -+ -+# SyncAllowScript = /path/to/intepreter/or/exe script-name parameters etc -+ -+ -+# Where the command socket is created in the filesystem. -+ -+CommandSocket = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2/bbackupd.sock -+ -+# Uncomment the StoreObjectInfoFile to enable the experimental archiving -+# of the daemon's state (including client store marker and configuration) -+# between backup runs. This saves time and increases efficiency when -+# bbackupd is frequently stopped and started, since it removes the need -+# to rescan all directories on the remote server. However, it is new and -+# not yet heavily tested, so use with caution. -+ -+# StoreObjectInfoFile = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2/bbackupd.state -+ -+Server -+{ -+ PidFile = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2/bbackupd.pid -+} -+ -+ -+# BackupLocations specifies which locations on disc should be backed up. Each -+# directory is in the format -+# -+# name -+# { -+# Path = /path/of/directory -+# (optional exclude directives) -+# } -+# -+# 'name' is derived from the Path by the config script, but should merely be -+# unique. -+# -+# The exclude directives are of the form -+# -+# [Exclude|AlwaysInclude][File|Dir][|sRegex] = regex or full pathname -+# -+# (The regex suffix is shown as 'sRegex' to make File or Dir plural) -+# -+# For example: -+# -+# ExcludeDir = /home/guest-user -+# ExcludeFilesRegex = .(mp3|MP3)$ -+# AlwaysIncludeFile = /home/username/veryimportant.mp3 -+# -+# This excludes the directory /home/guest-user from the backup along with all mp3 -+# files, except one MP3 file in particular. -+# -+# In general, Exclude excludes a file or directory, unless the directory is -+# explicitly mentioned in a AlwaysInclude directive. However, Box Backup -+# does NOT scan inside excluded directories and will never back up an -+# AlwaysIncluded file or directory inside an excluded directory or any -+# subdirectory thereof. -+# -+# To back up a directory inside an excluded directory, use a configuration -+# like this, to ensure that each directory in the path to the important -+# files is included, but none of their contents will be backed up except -+# the directories further down that path to the important one. -+# -+# ExcludeDirsRegex = ^/home/user/bigfiles/ -+# ExcludeFilesRegex = ^/home/user/bigfiles/ -+# AlwaysIncludeDir = /home/user/bigfiles/path -+# AlwaysIncludeDir = /home/user/bigfiles/path/to -+# AlwaysIncludeDir = /home/user/bigfiles/path/important -+# AlwaysIncludeDir = /home/user/bigfiles/path/important/files -+# AlwaysIncludeDirsRegex = ^/home/user/bigfiles/path/important/files/ -+# AlwaysIncludeFilesRegex = ^/home/user/bigfiles/path/important/files/ -+# -+# If a directive ends in Regex, then it is a regular expression rather than a -+# explicit full pathname. See -+# -+# man 7 re_format -+# -+# for the regex syntax on your platform. -+ -+BackupLocations -+{ -+ home-chris-boxbackup-test-basicserver-testfiles-seclevel2 -+ { -+ Path = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2 -+ } -+} -+ ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-csr.pem -@@ -0,0 +1,15 @@ -+-----BEGIN CERTIFICATE REQUEST----- -+MIICXjCCAUYCAQAwGTEXMBUGA1UEAwwOQkFDS1VQLTEyMzQ1NjcwggEiMA0GCSqG -+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeKRy4ppAb1cByCRkt2f1j+6iv7AWdF92p -+nPlzXPbLhP/edfuyVPFyBY46p+z6j4p9TrccMjUi4RPMx6dqyL2/o3Qzg3PhoHPq -+2fexEkrBSJ1bbL6hXjadzE53wiONj/8nSzFyzqR3/IhKNM0ssR10cqq64VgoiWOR -+GHYTTEbQy1k9WvoReC+diTEqIDBLif1EQJ+c/3iUopqtaVZWNS1LV5DX/u2Y1anX -+gO1s8jQaYlTtyNZyOi9lwXYXj4mH0mil2Hfh3IKD6GqB4HpFDUZ0/NHFRDvjdwfW -+4RTad55l8dWparOyie/QzFRj6Ua1746FsbUw2pERdmHAMshLpxkNAgMBAAGgADAN -+BgkqhkiG9w0BAQsFAAOCAQEAuW/o02Ga2yICJSJIrq44T+dIddakxhUPfIvAEWXs -+7Cap9qzmBNOAfzFqvbdVgsqC9/WCnpumf9ZpjkXvUy/6EB77HbtiJAXukT2DvFbo -+7mvbuh10YGv/AdZxLR2tMXmk9YqV6kgXdXFn18u8Vv35aYa4hru5q16m9QVhkeW+ -+UAJCsjhYVISVWW5Pss5mgL058viMHt3T5X3+2ybMdsfLe5BfRbsPxnFClKfBg6QS -+3yH5JxQdfJlg64z4uQNHNbsWJ5mRBPEYawZ2ge+HmWb6xnuGLR3Dg5ZbbB0hvAO6 -+kw7sZ1at9bX+MWz7rTvgKyxFXcGVXZ40/UQlgfzMiLEAHg== -+-----END CERTIFICATE REQUEST----- ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-key.pem -@@ -0,0 +1,27 @@ -+-----BEGIN RSA PRIVATE KEY----- -+MIIEpAIBAAKCAQEA3ikcuKaQG9XAcgkZLdn9Y/uor+wFnRfdqZz5c1z2y4T/3nX7 -+slTxcgWOOqfs+o+KfU63HDI1IuETzMenasi9v6N0M4Nz4aBz6tn3sRJKwUidW2y+ -+oV42ncxOd8IjjY//J0sxcs6kd/yISjTNLLEddHKquuFYKIljkRh2E0xG0MtZPVr6 -+EXgvnYkxKiAwS4n9RECfnP94lKKarWlWVjUtS1eQ1/7tmNWp14DtbPI0GmJU7cjW -+cjovZcF2F4+Jh9Jopdh34dyCg+hqgeB6RQ1GdPzRxUQ743cH1uEU2neeZfHVqWqz -+sonv0MxUY+lGte+OhbG1MNqREXZhwDLIS6cZDQIDAQABAoIBAF1cH5LFhGf+ItqJ -+Ukh/hEnBFzme0RkcT22Y5weA+MG8SZ6eLEDcC38kMIobya3eJo/URYUW4FehCKYU -+/RkV9Q+UzB9dzZPyzuPR55JFIp8pOd+SymWb5w3XLt6K+k/iRJKpucUKa/l0aX3t -+xI9UexFVosPYMSkP24S9J9miQ1w4X8D1laJPi5KWrbdzDZxy5geoNmS0veQl6mRf -+91Owxsa15wQpxNoVesAiGbrHb5ljMsBovYgljRL6rqA9THXPXfcDkWkabfGai/kD -+AktxqPGUELxjD7gSO5G4ygCcGTeIEJbOfwgDtr59V518kVzwVNAxOKb7lfDM/l4D -+v0H3liECgYEA+nh1RjwOm2db+yW0hQ2DTCA84by2AyKP7nCwD7CjrGaXrm7zfQ+U -+VqSgpDg+xH9/Caa9P1n6zSZSEiXrCePQL6UsREj8sd+st7Uah9eQOc3vywxizGN6 -+VMqqmctn+gKKxkmv8T6YtWblDDqOA/7yYlCaH0l7WUO+HKAl7MhaGgUCgYEA4xCo -+2bGwbaT7lLdFtOU2+erM2lbA4NzBkR7Mjpq16JiPPFdSF680XBRL0uNR0r2GFucM -+gG8Z+ktV1QosY22546Z3fl7+jcyZC4uramDicpAxnmEGIdPnqIkEPhZzKvV0uRGj -+tXs2qnJ9ztK7hf+PRwdQEvqCNLkoy+pQPG/bSWkCgYAvH36g6ietYTLS+3MNHU+4 -+gNAzgDeWO2hs6dKWARuqEdszvDgfLVExQ+PdQZ+9hGc4P6CXTKx88Fq8g1nHEI9Y -+h3DeoAS6ymRKY85MBGhkF7SntPrZjVW0ojSansQ/Kz9EsxRhBO/iISuys0mIwuyD -+RrrYbBDC6JXZ+N9pvwAEqQKBgQCI4DgI0pY54iRN55S7kRjs2l+Wlok6g5ijtF82 -+74gMqDpf83tnD5SOlSWIAMQIN3snPyxIF7EfMl6RR8quPSy7UFPj97uXGuh/DzjL -+rY+T49wlTvN1XNnevIm0K7BNCx3LmhiHg7jWUqIIFPw5sG5cMMpSRnRK9/rhwWOQ -+qxUTUQKBgQDYUi6255mUI23dYxCyY7P6rIcGiKqhiAJ5HbGShMFhpA94WS3m6YmJ -+sQTip0kykY168klOcRqt8y3RLS5UB1aYBMYvtFuk5wbUcuXFeGcIsuUIZeR3iueg -+G0MEhf9hgmBK/xkpfoiLJ+E0hFHqER57N6KCuEK0NWC1Vgqo8X79MQ== -+-----END RSA PRIVATE KEY----- ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/NotifySysadmin.sh -@@ -0,0 +1,70 @@ -+#!/bin/sh -+ -+# This script is run whenever bbackupd changes state or encounters a -+# problem which requires the system administrator to assist: -+# -+# 1) The store is full, and no more data can be uploaded. -+# 2) Some files or directories were not readable. -+# 3) A backup run starts or finishes. -+# -+# The default script emails the system administrator, except for backups -+# starting and stopping, where it does nothing. -+ -+SUBJECT="BACKUP PROBLEM on host debian-unstable" -+SENDTO="chris" -+ -+if [ "$1" = "" ]; then -+ echo "Usage: $0 <store-full|read-error|backup-ok|backup-error|backup-start|backup-finish>" >&2 -+ exit 2 -+elif [ "$1" = store-full ]; then -+ sendmail: $SENDTO <<EOM -+Subject: $SUBJECT (store full) -+To: $SENDTO -+ -+ -+The store account for debian-unstable is full. -+ -+============================= -+FILES ARE NOT BEING BACKED UP -+============================= -+ -+Please adjust the limits on account 1234567 on server localhost. -+ -+EOM -+elif [ "$1" = read-error ]; then -+sendmail: $SENDTO <<EOM -+Subject: $SUBJECT (read errors) -+To: $SENDTO -+ -+ -+Errors occured reading some files or directories for backup on debian-unstable. -+ -+=================================== -+THESE FILES ARE NOT BEING BACKED UP -+=================================== -+ -+Check the logs on debian-unstable for the files and directories which caused -+these errors, and take appropriate action. -+ -+Other files are being backed up. -+ -+EOM -+elif [ "$1" = backup-start -o "$1" = backup-finish -o "$1" = backup-ok ]; then -+ # do nothing by default -+ true -+else -+sendmail: $SENDTO <<EOM -+Subject: $SUBJECT (unknown) -+To: $SENDTO -+ -+ -+The backup daemon on debian-unstable reported an unknown error ($1). -+ -+========================== -+FILES MAY NOT BE BACKED UP -+========================== -+ -+Please check the logs on debian-unstable. -+ -+EOM -+fi ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha256/bbstored.conf -@@ -0,0 +1,23 @@ -+ -+RaidFileConf = ./raidfile.conf -+AccountDatabase = ./bbstored/accounts.txt -+ -+# Uncomment this line to see exactly what commands are being received from clients. -+# ExtendedLogging = yes -+ -+# scan all accounts for files which need deleting every 15 minutes. -+ -+TimeBetweenHousekeeping = 900 -+ -+Server -+{ -+ PidFile = /var/run/bbstored.pid -+ User = chris -+ ListenAddresses = inet:localhost -+ CertificateFile = ./bbstored/localhost-cert.pem -+ PrivateKeyFile = ./bbstored/localhost-key.pem -+ TrustedCAsFile = ./bbstored/clientCA.pem -+ SSLSecurityLevel = 2 -+} -+ -+ ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-csr.pem -@@ -0,0 +1,15 @@ -+-----BEGIN CERTIFICATE REQUEST----- -+MIICWTCCAUECAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B -+AQEFAAOCAQ8AMIIBCgKCAQEA9Uk3V+oultps1qwaJwo+w332tal2trjr5LCXoTuX -+UrO4+xJIBYKC2D7a+Nl2VUZw+Kr6UEI/wc7ROwM84s9l1jCZ5iXVrz/8XHYJvJXw -+uw3IDQESFbxZsrNg0FC8U7GEtVlCRnVr6B2RkciPkDXK3TVqdf43fv4rripPSE/d -+4hbAq/uPd5LZNUQdy6yFsMywG4cSqiaHw3hg4aLgF6EKXj29s8IFTiNhM1h8XrCB -+i0MfyCIq2jHVM1/ZRL10HA6cMvu/2E+ofrLETl6FlTzyC4WFQBqv0onFmKFIM5bt -+AVIok/NIWX5vpk1rqGnSOuW/6lhUO4yczExZadgDwx7YiwIDAQABoAAwDQYJKoZI -+hvcNAQEFBQADggEBAJVk9eAleSiTsV3Pdq3L01WEyndnmpbU1FcExJWg5xb95xbX -+Ojxi6g/NhBodAWl6GHJEUTQ+eJHrZ/hTLD6ZHeX9CGxmxOIvpKJCoOiQU7zamLaq -+K6aP8BoG21h2MccnbKlrSFF/c89SzH78r2fgWpUqFUCxobemKfvUbdHSaNlOWxh9 -+yO3q1P/ZK0wl/V0CG9kdkUfpl9OLATilBiJayrpX92Ef/U6JkX3ZFEG9vTGBSXXU -+5QQM7BrPDgMsaTNDv9N1oPCVrUKfQ7Ts2pTEKU/oMA8fYZKX2GFZ/LDXj4C7clQ4 -+LJakbh26NhrohTjecHvJCxIDAk2xLipwmXLmVoU= -+-----END CERTIFICATE REQUEST----- ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-key.pem -@@ -0,0 +1,27 @@ -+-----BEGIN RSA PRIVATE KEY----- -+MIIEowIBAAKCAQEA9Uk3V+oultps1qwaJwo+w332tal2trjr5LCXoTuXUrO4+xJI -+BYKC2D7a+Nl2VUZw+Kr6UEI/wc7ROwM84s9l1jCZ5iXVrz/8XHYJvJXwuw3IDQES -+FbxZsrNg0FC8U7GEtVlCRnVr6B2RkciPkDXK3TVqdf43fv4rripPSE/d4hbAq/uP -+d5LZNUQdy6yFsMywG4cSqiaHw3hg4aLgF6EKXj29s8IFTiNhM1h8XrCBi0MfyCIq -+2jHVM1/ZRL10HA6cMvu/2E+ofrLETl6FlTzyC4WFQBqv0onFmKFIM5btAVIok/NI -+WX5vpk1rqGnSOuW/6lhUO4yczExZadgDwx7YiwIDAQABAoIBAGc/FF6bIlU5R8rs -+0m1QcK7VHL3GwUOUfybZ9llVvhJ/uANm5I39K5peislor9ihN/hT791MpY2swoF2 -+kXBfIFySRJWNo26LHmzE+sA41QXHfUeMBdLEX3VK8Bt/gGYyOMwk8DK8RlmD6LxW -+kaeAHQ4T5+YWxcFct4IuKQUlKR565lHr6LRDaYmlDHzjksi/fx0ceMlD/RBje7YD -+HXPDdetNkSBvpHEcH2lINnrY0kBb5HQv57ipOdA8MfQ+Xf06SjqjhA6ZUOdsMjsn -+QVleXQsT1HQ5Ji///JbqVL5j68qkjza2HroyXgOgQdu+fuksHTXvMjvAnW7/z3u2 -+SpUd6WECgYEA/aBM7DKWeQdzlRCfosgv6SZ+ME0Lt5oBaHbbUYizi8DuylB196MJ -+xnP1QLa7MAYna6ASxDXIClqxG4x+d4lHpErmbYR4F0pa8/9teSbtUw3OXGe9ahZy -+HcpK3LSVV5ns8CjRsclNX86cn/Gxubw48gxjcjIA4qKUJv9KxCSAdoMCgYEA95Tu -+qhkXDGhBSSTqs51K8mHbTS4CrpCK6+5J++NP7AT4t2IHIaaQ7DtttAI9xFvwxD9U -+zFP2/lZVq1KSFATAoDhItUoC0SMlaFcrIxsIyq/UOqTTluf3in29rFHq3UN1rz9M -+X90Tfl5EhUvruVJOiJ5iYt97DJeVgOlWkU7qt1kCgYACEwWOCPviEYWIepJTqn95 -+0K7HhlnKLqBEUnSIvi15vyI01WOhmtvBm8EtvlDZm7NG1hBROn9gVk2MhCGkqKLF -+XTd1PdgdmKYVyMkEbKUUQNCnQNHzxCs6wyTJmVB/XurpK+xLH/JaDj6JsFhbxIZS -+tHc7v9zx/ZJonz3lTMcgMQKBgG+WPqOHv22mJ5ax/t6JjFgGZvM4Q5kuKI8BzXKs -+Fz+HVhpBInm2Oydd+aniQLiZv8CT0sJtLaugeehHxPMk2TTdaVfcTby5HIkUkKq3 -+6pR//yWXWI5xao6O8cgS+8pSN16PJvsmBz0ze6qgd1QFlsPYrvtlQm6Ae6+oe43u -+hbexAoGBAIKGmPAoQsBPEWkSs3nWyAPDHQ45NBoB23G0j01amf11Y/sQWhH+Mqfp -+mcU40xr/XwMlTVgALfW1Q048ftJ4D2oYPsUEG3Yiayqe8epl6V55QjGMpdEe/+mQ -+5VpndGimuUwxr9cyNShn6dngEg6D0hXfNqu4NFmt/2PH3x0D8eer -+-----END RSA PRIVATE KEY----- ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha256/ca/clients/1234567-cert.pem -@@ -0,0 +1,17 @@ -+-----BEGIN CERTIFICATE----- -+MIICsTCCAZkCAQEwDQYJKoZIhvcNAQELBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5 -+c3RlbSBjbGllbnQgcm9vdDAeFw0xOTA0MjgyMDUxNTlaFw0zMzAxMDQyMDUxNTla -+MBkxFzAVBgNVBAMMDkJBQ0tVUC0xMjM0NTY3MIIBIjANBgkqhkiG9w0BAQEFAAOC -+AQ8AMIIBCgKCAQEA3ikcuKaQG9XAcgkZLdn9Y/uor+wFnRfdqZz5c1z2y4T/3nX7 -+slTxcgWOOqfs+o+KfU63HDI1IuETzMenasi9v6N0M4Nz4aBz6tn3sRJKwUidW2y+ -+oV42ncxOd8IjjY//J0sxcs6kd/yISjTNLLEddHKquuFYKIljkRh2E0xG0MtZPVr6 -+EXgvnYkxKiAwS4n9RECfnP94lKKarWlWVjUtS1eQ1/7tmNWp14DtbPI0GmJU7cjW -+cjovZcF2F4+Jh9Jopdh34dyCg+hqgeB6RQ1GdPzRxUQ743cH1uEU2neeZfHVqWqz -+sonv0MxUY+lGte+OhbG1MNqREXZhwDLIS6cZDQIDAQABMA0GCSqGSIb3DQEBCwUA -+A4IBAQAEpEobzo6qm+GJw3Jgi7Gc/XBVBbib5Tp7fH0oyyzX7sSnbUWNUYNHLjMH -+CFFmeNsj2/x4P7JFK2shVy7lRnBt6RUi5zLtQyjhEF8OqV1rxb74hQHl4+7CiRUP -+Q1SRTJpdbdDwwAzd5UyDTAX3Glg73krDEHY+k0UCr0kczqcffVzgNmCklMzrCzZk -+Nz9KkUF+cMkFDz/5BRBj6I4M9b5ebkVYM32Gz0mAh/G/DcL5KGzWPL9KJ31pgkAP -+P8yrvZe2HwscKTJKnAK78M+75zzNv3539/V3y55lNNiyKF2q9Up4k3BE5PY9LDFJ -+fVZvMdAltZlFV1tlZksrsRoq3jsc -+-----END CERTIFICATE----- ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootCSR.pem -@@ -0,0 +1,15 @@ -+-----BEGIN CERTIFICATE REQUEST----- -+MIICaTCCAVECAQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5c3RlbSBjbGllbnQgcm9v -+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKWLP1hzvhUgHs8gp6+w -+v3aIbsEHXjWOKfTpB4u+eubM4oA9XtXT0NiCLZQPy2BAtIOkazJ6sae6w2Qq2naj -+MDyTBclAgok3TLVI6whMkgxdB878uaKQb3sk7xg6yNI6iI7S70cTRM9JKF8ZPBMZ -+6ftPgoPooe1ka2kFTjhNgE6jO/DjAyWGpf7Q4cb2ELBdgrU+ehbz4Zz0hHZ0Ts5p -+KO8SxEkBX4FRP4sUkbuDM92UNcxyBxlrLg21ktDlIciftef9J94qQyx5HnotMWWp -+rj4Zi2mA8/i14op90CXPq/figj8zYkPyyx9KytKDSKcGgByxjNMBWzIAZ17doRgq -+1KkCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBVUqpA7BizyLkDut8sLYI4qyJA -+8Os+6IiSDyjyjf3C/hTbrbA31mtF0g3gbZFXnehVhop04zQYy3071OBYzuMx+/2F -+olylk7HWrScaKE0MDSSamfVTlSGiO2P+zPg32WKoZsOPPjSyrGF/l+A4TlTQJmFK -+SgapRRQVm3VDlkWO77c4EjpqoREPeSHVt+0m2490BY7aUT+kRlXl2nViSV52SS5j -+EDnb4N/9t60NRS2zaLtAr0DcRWemR+PzVKqKdNyhXdCeieQ9xzGGHK1vXpW/6kCo -+OHi/Xt4MHkt3hHxQQKOrK5dcsoqP9WxlnwOuuy9m9mVH4HUhi+S0KFtOytoX -+-----END CERTIFICATE REQUEST----- ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootKey.pem -@@ -0,0 +1,27 @@ -+-----BEGIN RSA PRIVATE KEY----- -+MIIEowIBAAKCAQEApYs/WHO+FSAezyCnr7C/dohuwQdeNY4p9OkHi7565szigD1e -+1dPQ2IItlA/LYEC0g6RrMnqxp7rDZCradqMwPJMFyUCCiTdMtUjrCEySDF0Hzvy5 -+opBveyTvGDrI0jqIjtLvRxNEz0koXxk8Exnp+0+Cg+ih7WRraQVOOE2ATqM78OMD -+JYal/tDhxvYQsF2CtT56FvPhnPSEdnROzmko7xLESQFfgVE/ixSRu4Mz3ZQ1zHIH -+GWsuDbWS0OUhyJ+15/0n3ipDLHkeei0xZamuPhmLaYDz+LXiin3QJc+r9+KCPzNi -+Q/LLH0rK0oNIpwaAHLGM0wFbMgBnXt2hGCrUqQIDAQABAoIBAFOJ4X2RaureOq3r -+nLNcTkJStxFR1ojQJPwiXFx40yyFWAe+8IyXR1z61GVTUx5PiMilwDLJF7280b1K -+otQbpcvrpY/ZrgXwkhUppvGZMlpq1/XsMwGGQbuy97USdSUhxKfOalFDuAWitWzI -+HzjEav8XMJXAX3acpldpBgADnCwSA5izEfwt2oGNtcYTHjxG4tR96UvgAxbVbxrU -+jg6zd0/Q7eI4MGYc5l2mGFcbAUbeqCOQmTB8eQY9cdXCotXgQSa2EKEt1aG7dEbA -+omwwm8+hGYIX4i/E3crFHO5qlbQqtqktvic1Axj3I4NEy+a4Gpja3y6k8gY4TWbS -+4+0BZMECgYEA2o6mRCyDNI13VhRdlAO6VDSAdf//8EMeMrANvAGl70de0Ri10ZL6 -+GdJLx31le94tVa5Dy+Qi9d9eYci9qIjMK1kUrLcVgvF63tbbOSpz37gESJe+wJYc -+xEW2eGRTUwHoYVqRjEi36kAKeWL4mxXeqzJE/ZUQZt2felr4dBJPyBsCgYEAweeS -+vV5TJsPlEazUZcRA2dMY8JG9tD1JFVVrlSC4xnLBOEXsC4dw74RsOhoMr69lBn6X -+xwcKtzsrx/s9NHI1s2AJXlz310Uj+gRB6/6foyyQDOtijfweZpm3zUNY5OwQ1VBZ -+M9J1YVI6xaa3BehQ0PHvx4U/WM9oFMc0upXaaosCgYEAmfo+MXGazn+MP90BQLKP -+p5uFlZzSWBcxQ0y9oGMY4MdLicz667e89Ewwj09NHEOfdOndYdxMtSS1ffbLh904 -+2qFb64LhaOtwQWbl9BRwpoEio3IlNdGMWssyjwc/nQ+PBGeme0sQJ70OpA6ST9DM -+m5hC+tT2RUKGhNFqkXwFMVkCgYBY3Jlg82ND9q55xSypXqEhsh5R0ViQyy08+6KL -++yzytRBbi5+7QNy+x38ZuWpq8QRpT4abDV0Zz6Imybqo2FZH2BEzD4P9QZBVObJE -+RrI+A2QYp57I1uvPtU6IYP7SGmU0fNgEacSlTxvkDJz/thGjT9zFIQmA17wpGYnO -+oHIyNQKBgEbA0apflhYExq2OZP3mjUM7Baf8MhGylUFnND68YKEr2aR5ihYuWxME -+yLSGIDORaVQBiVklze9MXPvJv6WF0nE3VrR5j0AsSoAF0MZBcCJcn5bod0pFRZXG -+PkxibqTmzJXJjGRuAKxbNR2+WFxKqc2hsev3hwOSXKYH4DbdCxQg -+-----END RSA PRIVATE KEY----- ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootCSR.pem -@@ -0,0 +1,15 @@ -+-----BEGIN CERTIFICATE REQUEST----- -+MIICaTCCAVECAQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5c3RlbSBzZXJ2ZXIgcm9v -+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMqKzGuRMYTGC4GtM4Y -+sa/EcpfgdRDt1V54c7Qjarfz/6Uvb7dn+21IDgnSMImnBzKuE11KBS2WAPPSxyF9 -+Z+rNlry38pAVprnVv40dAUaohShxrkzgIYlZ866RonFYQ9mujMdynzGHB0jKH66T -+/enqFhEYzOuBcHyb7obgX+HmT95yAVhm6TvMuF8FR5CvrSqdnj141qJWdRmNeXH/ -+Eonz1mcFizHRuFZ0ymxjoegwxQkeSnoYyH2vUh3RkQ/iNZPhu9DdDjgZ6Z0m8mUc -+xMGqtwTqiYS8KEcAHvcEPoS44BO1aGTnJEwhABTLuEkTPCXl1HkRoq50ts+Cr9w6 -+vu8CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAhVOO7/mqt2AWFaOlMrXICPm5n -+judbMjQhOzaTmYr+Tb2lDlsQyiSm/EONpjC1F8PP6ig3oK8dzmIn9/qLOau6xM2Y -+JiaTTJXRX+/JC/AaZvvaiA0etc2JwAcfBijAudEKivA/qKh01SvCgB+IEx5rlR6S -+TPjLRO4ygig3qGHeHUsiPBzR4PZA669Is3/P4W8pIlDbCQHI91brQV4TlHJET2V5 -++y4et7ZduWvS6yEn29aiPq5UT36kWtJ9rhBFIiu2oUNnDiL7YUDIbdsl0I9LDPjw -+equwfb+dwjjO/bFQKB1RX4j5jUXj25bpe9FdB6iy36+3tLd1a0Oh4j6SEn2n -+-----END CERTIFICATE REQUEST----- ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootKey.pem -@@ -0,0 +1,27 @@ -+-----BEGIN RSA PRIVATE KEY----- -+MIIEowIBAAKCAQEA0yorMa5ExhMYLga0zhixr8Ryl+B1EO3VXnhztCNqt/P/pS9v -+t2f7bUgOCdIwiacHMq4TXUoFLZYA89LHIX1n6s2WvLfykBWmudW/jR0BRqiFKHGu -+TOAhiVnzrpGicVhD2a6Mx3KfMYcHSMofrpP96eoWERjM64FwfJvuhuBf4eZP3nIB -+WGbpO8y4XwVHkK+tKp2ePXjWolZ1GY15cf8SifPWZwWLMdG4VnTKbGOh6DDFCR5K -+ehjIfa9SHdGRD+I1k+G70N0OOBnpnSbyZRzEwaq3BOqJhLwoRwAe9wQ+hLjgE7Vo -+ZOckTCEAFMu4SRM8JeXUeRGirnS2z4Kv3Dq+7wIDAQABAoIBADUc0ih40MuRWe+Z -+uDhudaLkIn6Y8lkDuTs9yLxyfBEwygheWhcjjFX8XauStqqo3GKe7jf0ukCxDiRF -+y9hclpq0g0mMavJav8jWPovb08pV8Mgvb8veRBEsEuLBtr4TmV1TTg2MgwYOFIL2 -+c+mRR7hiLJK4TjKeKBDvl5tNLFDBC/2clHXnLCRb8rOKqwmseoPavi992QZ7+Yyq -+n0Dx5DOpr1cOcJEr4va8Sornd3LjLuNMjm7XzgIryR5pvLM0ns8Fy2ihyKl7Hd3s -+ek9c5fh0jbhz6s28K8laWm9bhozdMQ12y1U5z0PJV+VOwTX/M9UCK1+CpvmjTim5 -+NeD93QECgYEA924yXRdUXpOlxJifJ49n88gytHOVcgitrdlZNCAE7aKdYcQW7VSY -+7IjUyXH/Mi2zlWKpXYGllOoDW71PhLiMuEtaNfLdToXgHEMGvj+vGw9ZRqs6HY2w -+wGyOrxg5VcSOfSpAom4gCGRqxWhHtY/rzFOy7oZePJuRbjcqrAeGQmECgYEA2npt -+dGHwp20S5tyd7n1H6Fe2m1t/vjxGsGFfwbFggGIu9lVQxgAQiimzHgBDOjSzs163 -+PmuWWUDmHllB9AmJw4wrbAyiHNOmdi4rgY0ez5G6Q9sviFQeFJZzHhe6G1+CcafL -++oSU+Ej7zznMpyU85vcxFz70JvRZ4BeD0PtZI08CgYEAsXEGjzoG2Fh8PdPR91Xh -+j7NXoY9ucjwFCbLgRQBdaGoBAbbVVlgf3yl1qA2nnL2nlw8NNLCgJX348JZ/60dK -+K3Rmel/0E7bwdHQg5tjW48oLFSIAaGdPhX+Uh78QhxCRuvNNLO9a64nQBEf3fR58 -+VKkFngcgl8hc8DSB1qMCxqECgYAOZ54J219DmrRxVkBvdgEkt4vJqHm+sDi07mai -+3bAQJukTwsJFm8F7ao5tvvSvxMPIYslQK0XJcrb5b0ci8PINW5ONVzPlFKtYBWlG -+7GgIpYITcUMsCOfG0bibVlMl9OEj3z1ash0kVaOMoTH2H0VpsQiikLsGSnwWg1Zk -+k/3njwKBgD6Nu6kj4BSWGZacLtePJQzxlsnYiDm9SSmrtqJ1lnpbqo4/Zp5bCHS9 -+qMOUv+Hcwpsb3IYI8np1ekZfKi7xFXcRjxKRYnDURQgQKwPeHZ06ht7X0DdTXuiY -+K97byeb9hks3QNE1k1EuXue7IXS657Fq5IZrN+NQ6vkqq/X7e91X -+-----END RSA PRIVATE KEY----- ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.pem -@@ -0,0 +1,18 @@ -+-----BEGIN CERTIFICATE----- -+MIICzzCCAbcCFAiy3jWfhXnxRqZJCbjzFQzsU3p/MA0GCSqGSIb3DQEBCwUAMCQx -+IjAgBgNVBAMMGUJhY2t1cCBzeXN0ZW0gY2xpZW50IHJvb3QwHhcNMTkwNDI4MjA1 -+MTU1WhcNMzgwMTE4MjA1MTU1WjAkMSIwIAYDVQQDDBlCYWNrdXAgc3lzdGVtIGNs -+aWVudCByb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYs/WHO+ -+FSAezyCnr7C/dohuwQdeNY4p9OkHi7565szigD1e1dPQ2IItlA/LYEC0g6RrMnqx -+p7rDZCradqMwPJMFyUCCiTdMtUjrCEySDF0Hzvy5opBveyTvGDrI0jqIjtLvRxNE -+z0koXxk8Exnp+0+Cg+ih7WRraQVOOE2ATqM78OMDJYal/tDhxvYQsF2CtT56FvPh -+nPSEdnROzmko7xLESQFfgVE/ixSRu4Mz3ZQ1zHIHGWsuDbWS0OUhyJ+15/0n3ipD -+LHkeei0xZamuPhmLaYDz+LXiin3QJc+r9+KCPzNiQ/LLH0rK0oNIpwaAHLGM0wFb -+MgBnXt2hGCrUqQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAvHW8APi1lhEguSXDc -+X/k5ETL1YJzlEfIn4HKL7kcKo5IOdyHaIigGCWM7atwKeGBtTRl8CTY4wt1L7d+A -+LDzF07MlKL/KiX1yPw9ZzHBhKNLYgmKsRL5cgW/YLYEAGD0lTwW7llsqZ40jJ1+X -+CWomYEzVpGW76MprYge4Oj+4PRXaZikkn7pzlZVcGJbzr1Q+JaFNLRkAMPK4pRXj -+AOSLQpIuc0DzftzC8tHbyLMifrHYdibHaujsvu1mV4NeYhO63ZB8S5Xyz1JlpsEQ -+rieLH1/9dnWue7yBCpI+QMRq+zK92HxiCCaM0d6xpSsbI5IawkqmoWj9gYol0EnX -+ImLj -+-----END CERTIFICATE----- ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.srl -@@ -0,0 +1 @@ -+01 ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.pem -@@ -0,0 +1,18 @@ -+-----BEGIN CERTIFICATE----- -+MIICzzCCAbcCFFv62JnwctULelqlEY+sZTPEb7ekMA0GCSqGSIb3DQEBCwUAMCQx -+IjAgBgNVBAMMGUJhY2t1cCBzeXN0ZW0gc2VydmVyIHJvb3QwHhcNMTkwNDI4MjA1 -+MTU1WhcNMzgwMTE4MjA1MTU1WjAkMSIwIAYDVQQDDBlCYWNrdXAgc3lzdGVtIHNl -+cnZlciByb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0yorMa5E -+xhMYLga0zhixr8Ryl+B1EO3VXnhztCNqt/P/pS9vt2f7bUgOCdIwiacHMq4TXUoF -+LZYA89LHIX1n6s2WvLfykBWmudW/jR0BRqiFKHGuTOAhiVnzrpGicVhD2a6Mx3Kf -+MYcHSMofrpP96eoWERjM64FwfJvuhuBf4eZP3nIBWGbpO8y4XwVHkK+tKp2ePXjW -+olZ1GY15cf8SifPWZwWLMdG4VnTKbGOh6DDFCR5KehjIfa9SHdGRD+I1k+G70N0O -+OBnpnSbyZRzEwaq3BOqJhLwoRwAe9wQ+hLjgE7VoZOckTCEAFMu4SRM8JeXUeRGi -+rnS2z4Kv3Dq+7wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAI6THIONT6lgNq3Bvg -+TCBqkBA1W/k372Pktt6IDFW44dT0J9/oq2o6ZNHycpKS3VwS4C05XbU/v5hE/k2O -+Cu3/y3en+dJIv4Wl2JTPaSRF/4J46sXNtizVAJDKoE3ZHt1viCjsWyllGXoaavce -+fWYppf3g6ImhyAkzlCfyVph2F0vmLZL41K3C040e+GpXdzG1Yy1+2USPhz0Ch+kd -+jqIErNp9OnPRd1yRb1YD+dQ7Wei5vB3OXMk3UQiG9AJ2qmxlEem5lTSpt9fTvWfU -+OAjTynvWbHTULjxvOeenW7cD5ILSr2zVDYQ53KTWjP9NfmsQTAFzkqJztPpB2A0o -+CKG2 -+-----END CERTIFICATE----- ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.srl -@@ -0,0 +1 @@ -+02 ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert-sha1.pem -@@ -0,0 +1,17 @@ -+-----BEGIN CERTIFICATE----- -+MIICrDCCAZQCAQIwDQYJKoZIhvcNAQEFBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5 -+c3RlbSBzZXJ2ZXIgcm9vdDAeFw0xOTA0MjkxOTI3NDRaFw0zMzAxMDUxOTI3NDRa -+MBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -+AQoCggEBAPVJN1fqLpbabNasGicKPsN99rWpdra46+Swl6E7l1KzuPsSSAWCgtg+ -+2vjZdlVGcPiq+lBCP8HO0TsDPOLPZdYwmeYl1a8//Fx2CbyV8LsNyA0BEhW8WbKz -+YNBQvFOxhLVZQkZ1a+gdkZHIj5A1yt01anX+N37+K64qT0hP3eIWwKv7j3eS2TVE -+HcushbDMsBuHEqomh8N4YOGi4BehCl49vbPCBU4jYTNYfF6wgYtDH8giKtox1TNf -+2US9dBwOnDL7v9hPqH6yxE5ehZU88guFhUAar9KJxZihSDOW7QFSKJPzSFl+b6ZN -+a6hp0jrlv+pYVDuMnMxMWWnYA8Me2IsCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA -+E8KZNWzkbNwhcVEHR34IxVYPy1uppI/jtVOsQGGSVC1UscAWyGiQWPxqMhwYxsVn -+gz7QYj1oKye1VRuJNTekARvBRFZzWhAi0qGlpiC5yilZB8IlhYUABmgPjg+PuhAF -+xSd+IGVlm/+sisClsPG9DpesyK6+C2ukpVXyaXWR+1/IrQuUpWKLT1pPamVH3zWK -+anT+62bbk0XuxsVqCkGx+aPLesCHAfTNuAxWfkbXXcA+HoGNy3IpmpJGhyCnf1je -+eL6Wf6sAY44y7wQlwHimbi4kOge+UFLIKkqhHSDO2pzyPc02Gs1bBRd94+v2z5h7 -+OkIcTqwiJLjLLIWV4WsdwA== -+-----END CERTIFICATE----- ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert.pem -@@ -0,0 +1,17 @@ -+-----BEGIN CERTIFICATE----- -+MIICrDCCAZQCAQEwDQYJKoZIhvcNAQELBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5 -+c3RlbSBzZXJ2ZXIgcm9vdDAeFw0xOTA0MjgyMDUxNTdaFw0zMzAxMDQyMDUxNTda -+MBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -+AQoCggEBAPVJN1fqLpbabNasGicKPsN99rWpdra46+Swl6E7l1KzuPsSSAWCgtg+ -+2vjZdlVGcPiq+lBCP8HO0TsDPOLPZdYwmeYl1a8//Fx2CbyV8LsNyA0BEhW8WbKz -+YNBQvFOxhLVZQkZ1a+gdkZHIj5A1yt01anX+N37+K64qT0hP3eIWwKv7j3eS2TVE -+HcushbDMsBuHEqomh8N4YOGi4BehCl49vbPCBU4jYTNYfF6wgYtDH8giKtox1TNf -+2US9dBwOnDL7v9hPqH6yxE5ehZU88guFhUAar9KJxZihSDOW7QFSKJPzSFl+b6ZN -+a6hp0jrlv+pYVDuMnMxMWWnYA8Me2IsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA -+fu1wVNuZLkO0e8+oYAnznL7oknE8QJGAd/P2/MqgfsnBXHS0UVl+5L8DQdvCBarr -+vDO/CVL9/ZGj30CipA556cz1pYDtx5TV2GLtfKHKJhoftbgswmt1pPowIIa8zlBA -+SOERy2ooXGnrA5kii+fifkiWy1R0FmJTKZ2jX41Xq60FwXWX7cyCq/xRI+V08HrY -+mNJ2rmAjyWpWZpPNOtQ/SYIX1s2KoPw4XMxfiP5fiMOl3RqEVBkW0h9Hxikl8wKY -+EmA/ESm1F6lnRXvGXWDGQIFCRf2Rv0KlPvNPA/GLZMr0ibYIjc4KnIxKFg//GQF3 -+LUYpyJyToT8hE49ypG18mQ== -+-----END CERTIFICATE----- ---- /dev/null -+++ b/test/basicserver/testfiles/seclevel2-sha256/raidfile.conf -@@ -0,0 +1,10 @@ -+ -+disc0 -+{ -+ SetNumber = 0 -+ BlockSize = 1024 -+ Dir0 = . -+ Dir1 = . -+ Dir2 = . -+} -+ ---- /dev/null -+++ b/test/basicserver/testfiles/srv3-seclevel2-sha1.conf -@@ -0,0 +1,8 @@ -+Server -+{ -+ PidFile = testfiles/srv3.pid -+ ListenAddresses = inet:localhost,unix:testfiles/srv3.sock -+ CertificateFile = testfiles/seclevel2-sha1/ca/servers/localhost-cert.pem -+ PrivateKeyFile = testfiles/seclevel2-sha1/bbstored/localhost-key.pem -+ TrustedCAsFile = testfiles/seclevel2-sha1/ca/roots/clientCA.pem -+} ---- /dev/null -+++ b/test/basicserver/testfiles/srv3-seclevel2-sha256.conf -@@ -0,0 +1,8 @@ -+Server -+{ -+ PidFile = testfiles/srv3.pid -+ ListenAddresses = inet:localhost,unix:testfiles/srv3.sock -+ CertificateFile = testfiles/seclevel2-sha256/ca/servers/localhost-cert.pem -+ PrivateKeyFile = testfiles/seclevel2-sha256/bbstored/localhost-key.pem -+ TrustedCAsFile = testfiles/seclevel2-sha256/ca/roots/clientCA.pem -+} ---- a/test/bbackupd/testbbackupd.cpp -+++ b/test/bbackupd/testbbackupd.cpp -@@ -26,6 +26,10 @@ - #include <sys/wait.h> - #endif - -+#ifdef HAVE_PWD_H -+ #include <pwd.h> -+#endif -+ - #ifdef HAVE_SYS_XATTR_H - #include <cerrno> - #include <sys/xattr.h> -@@ -428,7 +432,8 @@ bool kill_running_daemons() - } - - bool setup_test_bbackupd(BackupDaemon& bbackupd, bool do_unpack_files = true, -- bool do_start_bbstored = true) -+ bool do_start_bbstored = true, -+ const std::string& bbackupd_conf_file = "testfiles/bbackupd.conf") - { - Timers::Cleanup(false); // don't throw exception if not initialised - Timers::Init(); -@@ -469,8 +474,7 @@ bool setup_test_bbackupd(BackupDaemon& b - #endif - } - -- TEST_THAT_OR(configure_bbackupd(bbackupd, "testfiles/bbackupd.conf"), -- FAIL); -+ TEST_THAT_OR(configure_bbackupd(bbackupd, bbackupd_conf_file), FAIL); - spDaemon = &bbackupd; - return true; - } -@@ -985,13 +989,14 @@ bool test_entry_deleted(BackupStoreDirec - - bool compare(BackupQueries::ReturnCode::Type expected_status, - const std::string& bbackupquery_options = "", -- const std::string& compare_options = "-acQ") -+ const std::string& compare_options = "-acQ", -+ const std::string& bbackupd_conf_file = "testfiles/bbackupd.conf") - { - std::string cmd = BBACKUPQUERY; - cmd += " "; - cmd += (expected_status == BackupQueries::ReturnCode::Compare_Same) - ? "-Wwarning" : "-Werror"; -- cmd += " -c testfiles/bbackupd.conf "; -+ cmd += " -c " + bbackupd_conf_file; - cmd += " " + bbackupquery_options; - cmd += " \"compare " + compare_options + "\" quit"; - -@@ -4039,6 +4044,113 @@ bool test_parse_syncallowscript_output() - TEARDOWN_TEST_BBACKUPD(); - } - -+ -+bool test_bbackupd_config_script() -+{ -+ SETUP_TEST_BBACKUPD(); -+ -+#ifdef WIN32 -+ BOX_NOTICE("skipping test on this platform"); // TODO: write a PowerShell version -+#else -+ char buf[PATH_MAX]; -+ if (getcwd(buf, sizeof(buf)) == NULL) -+ { -+ BOX_LOG_SYS_ERROR("getcwd"); -+ } -+ std::string current_dir = buf; -+ -+ TEST_THAT(mkdir("testfiles/tmp", 0777) == 0); -+ TEST_THAT(mkdir("testfiles/TestDir1", 0777) == 0); -+ -+ // Generate a new configuration for our test bbackupd, from scratch: -+ std::string cmd = "../../../bin/bbackupd/bbackupd-config " + -+ current_dir + "/testfiles/tmp " // config-dir -+ "lazy " // backup-mode -+ "12345 " // account-num -+ "localhost " + // server-hostname -+ current_dir + "/testfiles " + // working-dir -+ current_dir + "/testfiles/TestDir1"; // backup directories -+ TEST_RETURN(system(cmd.c_str()), 0) -+ -+ // Open the generated config file and add a StorePort line: -+ { -+ FileStream conf_file("testfiles/tmp/bbackupd.conf", O_WRONLY | O_APPEND); -+ conf_file.IOStream::Write("StorePort = 22011\n"); -+ conf_file.Close(); -+ } -+ -+ // Generate a new configuration for our test bbstored, from scratch: -+ struct passwd *result = getpwuid(getuid()); -+ TEST_THAT_OR(result != NULL, FAIL); // failed to get username for current user -+ std::string username = result->pw_name; -+ -+ cmd = "../../../bin/bbstored/bbstored-config testfiles/tmp localhost " + username + " " -+ "testfiles/raidfile.conf"; -+ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) -+ -+ cmd = "sed -i.orig -e 's/\\(ListenAddresses = inet:localhost\\)/\\1:22011/' " -+ "-e 's@PidFile = .*/run/bbstored.pid@PidFile = testfiles/bbstored.pid@' " -+ "testfiles/tmp/bbstored.conf"; -+ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) -+ -+ // Create a server certificate authority, and sign the client and server certificates: -+ cmd = "../../../bin/bbstored/bbstored-certs testfiles/tmp/ca init"; -+ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) -+ -+ cmd = "echo yes | ../../../bin/bbstored/bbstored-certs testfiles/tmp/ca sign " -+ "testfiles/tmp/bbackupd/12345-csr.pem"; -+ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) -+ -+ cmd = "echo yes | ../../../bin/bbstored/bbstored-certs testfiles/tmp/ca sign-server " -+ "testfiles/tmp/bbstored/localhost-csr.pem"; -+ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) -+ -+ // Copy the certificate files into the right places -+ cmd = "cp testfiles/tmp/ca/clients/12345-cert.pem testfiles/tmp/bbackupd"; -+ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) -+ -+ cmd = "cp testfiles/tmp/ca/roots/serverCA.pem testfiles/tmp/bbackupd"; -+ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) -+ -+ cmd = "cp testfiles/tmp/ca/servers/localhost-cert.pem testfiles/tmp/bbstored"; -+ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) -+ -+ cmd = "cp testfiles/tmp/ca/roots/clientCA.pem testfiles/tmp/bbstored"; -+ TEST_RETURN(system(cmd.c_str()), 0) -+ -+ cmd = BBSTOREACCOUNTS " -c testfiles/tmp/bbstored.conf create 12345 0 1M 2M"; -+ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) -+ -+ bbstored_pid = StartDaemon(bbstored_pid, BBSTORED " " + bbstored_args + -+ " -o testfiles/tmp/bbstored.log testfiles/tmp/bbstored.conf", -+ "testfiles/bbstored.pid"); -+ -+ { -+ Capture capture; -+ Logging::TempLoggerGuard guard(&capture); -+ -+ BackupDaemon bbackupd; -+ TEST_THAT( -+ setup_test_bbackupd( -+ bbackupd, -+ true, // do_unpack_files -+ false, // !do_start_bbstored -+ "testfiles/tmp/bbackupd.conf") -+ ); -+ -+ bbackupd.RunSyncNow(); -+ } -+ -+ TEST_THAT(compare(BackupQueries::ReturnCode::Compare_Same, -+ "-otestfiles/tmp/bbackupquery.log", "-acQ", "testfiles/tmp/bbackupd.conf")); -+ -+ TEST_THAT(StopServer()); -+#endif // !WIN32 -+ -+ TEARDOWN_TEST_BBACKUPD(); -+} -+ -+ - int test(int argc, const char *argv[]) - { - // SSL library -@@ -4104,6 +4216,7 @@ int test(int argc, const char *argv[]) - TEST_THAT(test_backup_many_files()); - TEST_THAT(test_parse_incomplete_command()); - TEST_THAT(test_parse_syncallowscript_output()); -+ TEST_THAT(test_bbackupd_config_script()); - - TEST_THAT(kill_running_daemons()); - diff --git a/debian/patches/series b/debian/patches/series index 2e1b5c86..c14c90e2 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,3 @@ 03-adjust-syslog-facility.diff 05-dont_use_net_for_docs.diff -openssl1.1.patch +c++17.diff |