diff options
Diffstat (limited to 'test/basicserver')
45 files changed, 1338 insertions, 11 deletions
diff --git a/test/basicserver/testbasicserver.cpp b/test/basicserver/testbasicserver.cpp index 6f2def54..9285dfc9 100644 --- a/test/basicserver/testbasicserver.cpp +++ b/test/basicserver/testbasicserver.cpp @@ -15,18 +15,17 @@ #include <typeinfo> -#include "Test.h" -#include "Daemon.h" +#include "CollectInBufferStream.h" #include "Configuration.h" -#include "ServerStream.h" -#include "SocketStream.h" +#include "Daemon.h" #include "IOStreamGetLine.h" +#include "ServerControl.h" +#include "ServerStream.h" #include "ServerTLS.h" -#include "CollectInBufferStream.h" - +#include "SocketStream.h" +#include "Test.h" #include "TestContext.h" #include "autogen_TestProtocol.h" -#include "ServerControl.h" #include "MemLeakFindOn.h" @@ -98,7 +97,7 @@ void testservers_connection(SocketStream &rStream) while(!getline.IsEOF()) { std::string line; - while(!getline.GetLine(line)) + while(!getline.GetLine(line, false, SHORT_TIMEOUT)) ; if(line == "QUIT") { @@ -208,11 +207,16 @@ const ConfigurationVerify *testserver::GetConfigVerify() const } }; + static ConfigurationVerifyKey root_keys[] = + { + ssl_security_level_key, + }; + static ConfigurationVerify verify = { "root", /* mName */ verifyserver, /* mpSubConfigurations */ - 0, /* mpKeys */ + root_keys, // mpKeys ConfigTest_Exists | ConfigTest_LastEntry, 0 }; @@ -449,6 +453,151 @@ void TestStreamReceive(TestProtocolClient &protocol, int value, bool uncertainst TEST_THAT(count == (24273*3)); // over 64 k of data, definately } +bool test_security_level(int cert_level, int test_level, bool expect_failure_on_connect = false) +{ + int old_num_failures = num_failures; + + // Context first + TLSContext context; + if(cert_level == 0) + { + context.Initialise(false /* client */, + "testfiles/clientCerts.pem", + "testfiles/clientPrivKey.pem", + "testfiles/clientTrustedCAs.pem", + test_level); // SecurityLevel + } + else if(cert_level == 1) + { + context.Initialise(false /* client */, + "testfiles/seclevel2-sha1/ca/clients/1234567-cert.pem", + "testfiles/seclevel2-sha1/bbackupd/1234567-key.pem", + "testfiles/seclevel2-sha1/ca/roots/serverCA.pem", + test_level); // SecurityLevel + } + else if(cert_level == 2) + { + context.Initialise(false /* client */, + "testfiles/seclevel2-sha256/ca/clients/1234567-cert.pem", + "testfiles/seclevel2-sha256/bbackupd/1234567-key.pem", + "testfiles/seclevel2-sha256/ca/roots/serverCA.pem", + test_level); // SecurityLevel + } + else + { + TEST_FAIL_WITH_MESSAGE("No certificates generated for level " << cert_level); + return false; + } + + SocketStreamTLS conn; + + if(expect_failure_on_connect) + { + TEST_CHECK_THROWS( + conn.Open(context, Socket::TypeINET, "localhost", 2003), + ConnectionException, TLSPeerWeakCertificate); + } + else + { + conn.Open(context, Socket::TypeINET, "localhost", 2003); + } + + return (num_failures == old_num_failures); // no new failures -> good +} + +// Test the certificates that were distributed with the Box Backup source since ancient times, +// which have only 1024-bit keys, and thus fail with "ee key too small". +bool test_ancient_certificates() +{ + int old_num_failures = num_failures; + + // Level -1 (allow weaker, with warning) should pass with any certificates: + TEST_THAT(test_security_level(0, -1)); // cert_level, test_level + + // We do not test level 0 (system-wide default) because the system + // may have it set high, and our old certificate will not be usable + // in that case, and the user has no way to fix that, so it's not a + // useful test. + + // Level 1 (allow weaker, without a warning) should pass with any certificates: + TEST_THAT(test_security_level(0, 1)); // cert_level, test_level + +#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL + // Level 2 (disallow weaker, without a warning) should NOT pass with old certificates: + TEST_CHECK_THROWS( + test_security_level(0, 2), // cert_level, test_level + ServerException, TLSServerWeakCertificate); +#else + // We have no way to increase the security level, so it should still pass: + test_security_level(0, 2); // cert_level, test_level +#endif + + return (num_failures == old_num_failures); // no new failures -> good +} + +// Test a set of more recent certificates, which have a longer key but are signed using the SHA1 +// algorithm instead of SHA256, which fail with "ca md too weak" instead. +bool test_old_certificates() +{ + int old_num_failures = num_failures; + + // Level -1 (allow weaker, with warning) should pass with any certificates: + TEST_THAT(test_security_level(1, -1)); // cert_level, test_level + + // We do not test level 0 (system-wide default) because the system + // may have it set high, and our old certificate will not be usable + // in that case, and the user has no way to fix that, so it's not a + // useful test. + + // Level 1 (allow weaker, without a warning) should pass with any certificates: + TEST_THAT(test_security_level(1, 1)); // cert_level, test_level + +#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL + // Level 2 (disallow weaker, without a warning) should NOT pass with old certificates: + TEST_CHECK_THROWS( + test_security_level(1, 2), // cert_level, test_level + ServerException, TLSServerWeakCertificate); +#else + // We have no way to increase the security level, so it should still pass: + test_security_level(1, 2); // cert_level, test_level +#endif + + return (num_failures == old_num_failures); // no new failures -> good +} + + +bool test_new_certificates(bool expect_failure_level_2) +{ + int old_num_failures = num_failures; + + // Level -1 (allow weaker, with warning) should pass with any certificates: + TEST_THAT(test_security_level(2, -1)); // cert_level, test_level + + // Level 0 (system dependent). This will fail if the user (or their + // distro) sets the system-wide security level very high. We check + // this because *we* may need to update Box Backup if this happens + // again, as it did when Debian increased the default level. + // Newly generated certificates may need to be strengthened. + // And we may need to update the documentation. + TEST_THAT(test_security_level(2, 0)); // cert_level, test_level + + // Level 1 (allow weaker, without a warning) should pass with any certificates: + TEST_THAT(test_security_level(2, 1)); // cert_level, test_level + +#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL + // Level 2 (disallow weaker, without a warning) should pass with new certificates, + // but might fail to connect to a peer with weak (insecure) certificates: + TEST_THAT(test_security_level(2, 2, expect_failure_level_2)); + // cert_level, test_level, expect_failure +#else + // We have no way to increase the security level, so it should not fail to connect to a + // daemon with weak certificates: + test_security_level(2, 2, false); // cert_level, test_level, expect_failure +#endif + + return (num_failures == old_num_failures); // no new failures -> good +} + int test(int argc, const char *argv[]) { @@ -644,6 +793,7 @@ int test(int argc, const char *argv[]) "testfiles/clientCerts.pem", "testfiles/clientPrivKey.pem", "testfiles/clientTrustedCAs.pem"); + // SecurityLevel == -1 by default (old security + warnings) SocketStreamTLS conn1; conn1.Open(context, Socket::TypeINET, "localhost", 2003); @@ -682,6 +832,11 @@ int test(int argc, const char *argv[]) TEST_THAT(ServerIsAlive(pid)); #endif + // Try testing with different security levels, check that the behaviour is + // as documented at: + // https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates + TEST_THAT(test_ancient_certificates()); + // Kill it TEST_THAT(KillServer(pid)); ::sleep(1); @@ -691,6 +846,36 @@ int test(int argc, const char *argv[]) TestRemoteProcessMemLeaks("test-srv3.memleaks"); #endif } + + cmd = TEST_EXECUTABLE " --test-daemon-args="; + cmd += test_args; + cmd += " srv3 testfiles/srv3-seclevel2-sha1.conf"; + pid = LaunchServer(cmd, "testfiles/srv3.pid"); + + TEST_THAT(pid != -1 && pid != 0); + TEST_THAT(test_old_certificates()); + TEST_THAT(KillServer(pid)); + + cmd = TEST_EXECUTABLE " --test-daemon-args="; + cmd += test_args; + cmd += " srv3 testfiles/srv3-seclevel2-sha256.conf"; + pid = LaunchServer(cmd, "testfiles/srv3.pid"); + + TEST_THAT(pid != -1 && pid != 0); + TEST_THAT(test_new_certificates(false)); // !expect_failure_level_2 + TEST_THAT(KillServer(pid)); + + // Start a daemon using old, insecure certificates. We should get an error when we + // try to connect to it: + + cmd = TEST_EXECUTABLE " --test-daemon-args="; + cmd += test_args; + cmd += " srv3 testfiles/srv3-insecure-daemon.conf"; + pid = LaunchServer(cmd, "testfiles/srv3.pid"); + + TEST_THAT(pid != -1 && pid != 0); + TEST_THAT(test_new_certificates(true)); // expect_failure_level_2 + TEST_THAT(KillServer(pid)); } //protocolserver: @@ -698,7 +883,7 @@ int test(int argc, const char *argv[]) { std::string cmd = TEST_EXECUTABLE " --test-daemon-args="; cmd += test_args; - cmd += " srv4 testfiles/srv4.conf"; + cmd += " srv4 testfiles/srv4-seclevel1.conf"; int pid = LaunchServer(cmd, "testfiles/srv4.pid"); TEST_THAT(pid != -1 && pid != 0); diff --git a/test/basicserver/testfiles/seclevel2-sha1/bbackupd.conf b/test/basicserver/testfiles/seclevel2-sha1/bbackupd.conf new file mode 100644 index 00000000..eb37d9ab --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/bbackupd.conf @@ -0,0 +1,196 @@ + +StoreHostname = localhost +AccountNumber = 0x1234567 +KeysFile = ./bbackupd/1234567-FileEncKeys.raw + +CertificateFile = ./bbackupd/1234567-cert.pem +PrivateKeyFile = ./bbackupd/1234567-key.pem +TrustedCAsFile = ./bbackupd/serverCA.pem +SSLSecurityLevel = 2 + +DataDirectory = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1 + + +# This script is run whenever bbackupd changes state or encounters a +# problem which requires the system administrator to assist: +# +# 1) The store is full, and no more data can be uploaded. +# 2) Some files or directories were not readable. +# 3) A backup run starts or finishes. +# +# The default script emails the system administrator, except for backups +# starting and stopping, where it does nothing. + +NotifyScript = ./bbackupd/NotifySysadmin.sh + + +# The number of seconds between backup runs under normal conditions. To avoid +# cycles of load on the server, this time is randomly adjusted by a small +# percentage as the daemon runs. + +UpdateStoreInterval = 3600 + + +# The minimum age of a file, in seconds, that will be uploaded. Avoids +# repeated uploads of a file which is constantly being modified. + +MinimumFileAge = 21600 + + +# If a file is modified repeated, it won't be uploaded immediately in case +# it's modified again, due to the MinimumFileAge specified above. However, it +# should be uploaded eventually even if it is being modified repeatedly. This +# is how long we should wait, in seconds, after first noticing a change. +# (86400 seconds = 1 day) + +MaxUploadWait = 86400 + +# If the connection is idle for some time (e.g. over 10 minutes or 600 +# seconds, not sure exactly how long) then the server will give up and +# disconnect the client, resulting in Connection Protocol_Timeout errors +# on the server and TLSReadFailed or TLSWriteFailed errors on the client. +# Also, some firewalls and NAT gateways will kill idle connections after +# similar lengths of time. +# +# This can happen for example when most files are backed up already and +# don't need to be sent to the store again, while scanning a large +# directory, or while calculating diffs of a large file. To avoid this, +# KeepAliveTime specifies that special keep-alive messages should be sent +# when the connection is otherwise idle for a certain length of time, +# specified here in seconds. +# +# The default is that these messages are never sent, equivalent to setting +# this option to zero, but we recommend that all users enable this. + +KeepAliveTime = 120 + + +# Files above this size (in bytes) are tracked, and if they are renamed they will simply be +# renamed on the server, rather than being uploaded again. (64k - 1) + +FileTrackingSizeThreshold = 65535 + + +# The daemon does "changes only" uploads for files above this size (in bytes). +# Files less than it are uploaded whole without this extra processing. + +DiffingUploadSizeThreshold = 8192 + + +# The limit on how much time is spent diffing files, in seconds. Most files +# shouldn't take very long, but if you have really big files you can use this +# to limit the time spent diffing them. +# +# * Reduce if you are having problems with processor usage. +# +# * Increase if you have large files, and think the upload of changes is too +# large and you want bbackupd to spend more time searching for unchanged +# blocks. + +MaximumDiffingTime = 120 + + +# Uncomment this line to see exactly what the daemon is going when it's connected to the server. + +# ExtendedLogging = yes + + +# This specifies a program or script script which is run just before each +# sync, and ideally the full path to the interpreter. It will be run as the +# same user bbackupd is running as, usually root. +# +# The script must output (print) either "now" or a number to STDOUT (and a +# terminating newline, no quotes). +# +# If the result was "now", then the sync will happen. If it's a number, then +# no backup will happen for that number of seconds (bbackupd will pause) and +# then the script will be run again. +# +# Use this to temporarily stop bbackupd from syncronising or connecting to the +# store. For example, you could use this on a laptop to only backup when on a +# specific network, or when it has a working Internet connection. + +# SyncAllowScript = /path/to/intepreter/or/exe script-name parameters etc + + +# Where the command socket is created in the filesystem. + +CommandSocket = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1/bbackupd.sock + +# Uncomment the StoreObjectInfoFile to enable the experimental archiving +# of the daemon's state (including client store marker and configuration) +# between backup runs. This saves time and increases efficiency when +# bbackupd is frequently stopped and started, since it removes the need +# to rescan all directories on the remote server. However, it is new and +# not yet heavily tested, so use with caution. + +# StoreObjectInfoFile = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1/bbackupd.state + +Server +{ + PidFile = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1/bbackupd.pid +} + + +# BackupLocations specifies which locations on disc should be backed up. Each +# directory is in the format +# +# name +# { +# Path = /path/of/directory +# (optional exclude directives) +# } +# +# 'name' is derived from the Path by the config script, but should merely be +# unique. +# +# The exclude directives are of the form +# +# [Exclude|AlwaysInclude][File|Dir][|sRegex] = regex or full pathname +# +# (The regex suffix is shown as 'sRegex' to make File or Dir plural) +# +# For example: +# +# ExcludeDir = /home/guest-user +# ExcludeFilesRegex = .(mp3|MP3)$ +# AlwaysIncludeFile = /home/username/veryimportant.mp3 +# +# This excludes the directory /home/guest-user from the backup along with all mp3 +# files, except one MP3 file in particular. +# +# In general, Exclude excludes a file or directory, unless the directory is +# explicitly mentioned in a AlwaysInclude directive. However, Box Backup +# does NOT scan inside excluded directories and will never back up an +# AlwaysIncluded file or directory inside an excluded directory or any +# subdirectory thereof. +# +# To back up a directory inside an excluded directory, use a configuration +# like this, to ensure that each directory in the path to the important +# files is included, but none of their contents will be backed up except +# the directories further down that path to the important one. +# +# ExcludeDirsRegex = ^/home/user/bigfiles/ +# ExcludeFilesRegex = ^/home/user/bigfiles/ +# AlwaysIncludeDir = /home/user/bigfiles/path +# AlwaysIncludeDir = /home/user/bigfiles/path/to +# AlwaysIncludeDir = /home/user/bigfiles/path/important +# AlwaysIncludeDir = /home/user/bigfiles/path/important/files +# AlwaysIncludeDirsRegex = ^/home/user/bigfiles/path/important/files/ +# AlwaysIncludeFilesRegex = ^/home/user/bigfiles/path/important/files/ +# +# If a directive ends in Regex, then it is a regular expression rather than a +# explicit full pathname. See +# +# man 7 re_format +# +# for the regex syntax on your platform. + +BackupLocations +{ + home-chris-boxbackup-test-basicserver-testfiles-seclevel2-sha1 + { + Path = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1 + } +} + diff --git a/test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-csr.pem b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-csr.pem new file mode 100644 index 00000000..340116ed --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-csr.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICXjCCAUYCAQAwGTEXMBUGA1UEAwwOQkFDS1VQLTEyMzQ1NjcwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrSHZEUGZxLnDFr0B02Utd5rF6YwYmhzLG +WNBnC0FBrCN0qJgjEHpQ0jqMGA9vIvBuesYhBmk8hOyJFHNtJB8MJyeHvKSwdwlF +Isz+gr60RGAKj290nSdFgMvMgkdqz6Vg4R9t94fzhxjk/BJyNjr8r+64hffIOQmM +YlmADLX38BLRLAfbVVkq/bRgqBFtmvFYTZKl6of1jVSWQLcXGShWE45lc5Hpd+qv +DRjzsQukb3gJmKU4DMW1BCaS8W6v7R0MG/5CooiwMRrct8puH4IeIDrByBz/0mRP +fMPjR2qpjx4EmLRcC39lGVBTnXLYM1XGIYsX7f1ssYZZXSSajUp9AgMBAAGgADAN +BgkqhkiG9w0BAQUFAAOCAQEAbDRc2PW9WnUu7F1g/mWQW8aGhyzMcYTp28kVEtMC +dvvbNLFWtWPXktM9PjR6F+3QRQktdXwYXsTctmGL4vvSKFd66gw4HklGe+Opiiw/ +o9F6E2PAFzRYbMio7UYevs/RhktaJRkVyd81e8LtFHuUD3vqBY84NVeKwmxnbdoK +jzBj3x3COkLLiPTWjb+RgxnPWcNtXhLAcATZeCKBo4U0gvRL1NTMCslIumdhtD8h +BQOdEaSP2sB8o3mMEh8W5tgja4zWv1GszJK9sJNL/EZag331/++5H06yf8vPhQW7 +rqRHA33CUe7XiqAkXp+Rgq5W97qcKIlo4uKRzCsTYC/QUg== +-----END CERTIFICATE REQUEST----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-key.pem b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-key.pem new file mode 100644 index 00000000..9ee696ee --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAq0h2RFBmcS5wxa9AdNlLXeaxemMGJocyxljQZwtBQawjdKiY +IxB6UNI6jBgPbyLwbnrGIQZpPITsiRRzbSQfDCcnh7yksHcJRSLM/oK+tERgCo9v +dJ0nRYDLzIJHas+lYOEfbfeH84cY5PwScjY6/K/uuIX3yDkJjGJZgAy19/AS0SwH +21VZKv20YKgRbZrxWE2SpeqH9Y1UlkC3FxkoVhOOZXOR6Xfqrw0Y87ELpG94CZil +OAzFtQQmkvFur+0dDBv+QqKIsDEa3LfKbh+CHiA6wcgc/9JkT3zD40dqqY8eBJi0 +XAt/ZRlQU51y2DNVxiGLF+39bLGGWV0kmo1KfQIDAQABAoIBAHLetfI6uXlOW/M4 +BVJYKGNhQ8WAg69zHGpJRfrVYX5Zo62pI97gPifV1c3+lNtD41s0m4uqcQlVXAzS +2lZn0yqjV6+ApDJ0opLrM++8X4kmEgMDDwx2GNBUAFm3RY4slAzU7e8iAtsfz2JC +a1yNYiH1G3RE5FgzaGPt0Xg/DgqorT6uR5/jIzlSpqRse9sXG4/uGEmfkogMwvU+ +gmcMOs+Jm7HbLMIGxzBydNTFoup1YUVSCuIjdJBpWRCbBaeYeTSoQgdAPALtwJgz +v8quFaJOkJMKIaXOF+1VN8w5rPTJJdfHtYITz6i0V5A7qSHR5jckbm0UWcXnEdaZ +YvkKRUECgYEA4krb4xrXLuSbUv70dKXybyNxEFK+IVG6NZG4+iaW8B8oU8+q8FzM +HPYAdppYKkYrjslKWIOwZdTsYa4Z8U/uhmMv4OpcCq7nYv6W/g1N/AMd8pEJvV9m +EQ5hY1uMg3rgorYWGDyh3HcYl2q4/9EJiPKUVoZb9IPeO3Po3TgK8A8CgYEAwcTf +EHJVs5F2mnetRhETpC5IGUB9OKbPm+JR6+BNFsh1vaPosobfYOzO6PJm0H/z4jMN +n29oc1SAphUXegE6gbVO8/hd9S4OhTq8egFO9Y/BN3/lHUYe/RPs2BZ+Foh70PH7 +9l6K/UDrwJ458hBrFM/DCcjRRcw12GBPUZ8xkLMCgYEAlND8GDc/igQnLYajhs7X +R0V8hmqTxN+1YKNLjZ6xJoqm/68TUG0Ggok5NsY78tkgrg8sSFeaOu2y4m4Xe33A +dDpoczZMf24UlyKsc7iWL4RxPmMpj5NcUR0u6KN9Hb5CWl762seM/qqHzpQNw5ZZ ++ejlqp1DfeL21Axe+JRxhPsCgYEAiYEWtoocbRhd7RHeYWl+4bSCL4FHG2usyjdZ +4SREMFXCz/fACuiRHiwOTNqvwWf7ftqx4SFjIuylerZe+ZJjnWY3iAQJURME9OCQ +nZfOG46PE75rrVF0bi20lken5H+oNcdzAQtoYH2wjvj5r+CczKD/DDN45qoaz9jQ +kOCCgOcCgYBDeOUq+6UoZMmx1c/H4MnRWMpHu0hNfivDEeJMYkxLMA98clstohc7 +T4B4gaoCewJ5XVR72k+Oqgvy++d4g5EpRjFE8hVNjw7Vo3WP0+X5iI+TmBuLKh/c +Wl10t7jLE25vyLJs4nmQd4hav9gWMbP5l99sVq61DM6bMuRcQnyeIA== +-----END RSA PRIVATE KEY----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/bbackupd/NotifySysadmin.sh b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/NotifySysadmin.sh new file mode 100755 index 00000000..48e8cf8e --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/NotifySysadmin.sh @@ -0,0 +1,70 @@ +#!/bin/sh + +# This script is run whenever bbackupd changes state or encounters a +# problem which requires the system administrator to assist: +# +# 1) The store is full, and no more data can be uploaded. +# 2) Some files or directories were not readable. +# 3) A backup run starts or finishes. +# +# The default script emails the system administrator, except for backups +# starting and stopping, where it does nothing. + +SUBJECT="BACKUP PROBLEM on host debian-unstable" +SENDTO="chris" + +if [ "$1" = "" ]; then + echo "Usage: $0 <store-full|read-error|backup-ok|backup-error|backup-start|backup-finish>" >&2 + exit 2 +elif [ "$1" = store-full ]; then + sendmail: $SENDTO <<EOM +Subject: $SUBJECT (store full) +To: $SENDTO + + +The store account for debian-unstable is full. + +============================= +FILES ARE NOT BEING BACKED UP +============================= + +Please adjust the limits on account 1234567 on server localhost. + +EOM +elif [ "$1" = read-error ]; then +sendmail: $SENDTO <<EOM +Subject: $SUBJECT (read errors) +To: $SENDTO + + +Errors occured reading some files or directories for backup on debian-unstable. + +=================================== +THESE FILES ARE NOT BEING BACKED UP +=================================== + +Check the logs on debian-unstable for the files and directories which caused +these errors, and take appropriate action. + +Other files are being backed up. + +EOM +elif [ "$1" = backup-start -o "$1" = backup-finish -o "$1" = backup-ok ]; then + # do nothing by default + true +else +sendmail: $SENDTO <<EOM +Subject: $SUBJECT (unknown) +To: $SENDTO + + +The backup daemon on debian-unstable reported an unknown error ($1). + +========================== +FILES MAY NOT BE BACKED UP +========================== + +Please check the logs on debian-unstable. + +EOM +fi diff --git a/test/basicserver/testfiles/seclevel2-sha1/bbstored.conf b/test/basicserver/testfiles/seclevel2-sha1/bbstored.conf new file mode 100644 index 00000000..25425dfa --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/bbstored.conf @@ -0,0 +1,23 @@ + +RaidFileConf = ./raidfile.conf +AccountDatabase = ./bbstored/accounts.txt + +# Uncomment this line to see exactly what commands are being received from clients. +# ExtendedLogging = yes + +# scan all accounts for files which need deleting every 15 minutes. + +TimeBetweenHousekeeping = 900 + +Server +{ + PidFile = /var/run/bbstored.pid + User = chris + ListenAddresses = inet:localhost + CertificateFile = ./bbstored/localhost-cert.pem + PrivateKeyFile = ./bbstored/localhost-key.pem + TrustedCAsFile = ./bbstored/clientCA.pem + SSLSecurityLevel = 2 +} + + diff --git a/test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-csr.pem b/test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-csr.pem new file mode 100644 index 00000000..db9fe3f7 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-csr.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICWTCCAUECAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAyzNFMI4BCpd/vGvPseb8U/NZYDQZ6nV7nFwDPsyr +/yoUBQz7/gEAFP9Zo+8C9h89N2dPuxVNgylybiXO1icy8NsH+xkTtJXPSqi/Q87M +36V5/k7wfF6Kx9ayuB2e1xg844fuY3llYacOyoA1NWP3DaQP+MztxuvKqK4JnodU +oqysEK3DF4F1qFSHh1fum5nY+GBPaZjhn6ns/prQP8De6bctEjUAEYSKqUjNJpYa +sP0KqFH8CoY1ZGa/f5n0CZ/9VT5N+Nm0TA1HwX2QeH0h1yp/LH52tD6/8T9XqgK4 +iuekRol6dkj63jXPnVSK4NSFksTzJsQCABOUz4kXKZucQQIDAQABoAAwDQYJKoZI +hvcNAQEFBQADggEBACN8kdjf8P/OBMVytAKxWlXDAtG5A8qZz4e+aNM4JfXF//fP +pS5c+m0rpt6aop4N5n5MWyL54eJlhh+yyNdm2RmHvybJKHLTRCPzP3gtHaVZ4v2V +xWbDW+LuLMhDp70Ci1/CGWv+fQ2jmKPAtXGcbIsvjI+swLRtJDTwNV6B/dbS5QyF +6n8O+pSLS6l7vsXginavB+VLAWWdtCbZAgId9Io0BePN/LpVb2bLgzGfzBInSCFl +4bBN3dqC7nFkXdk+EXseA0L1NYUpXZoperzxMgDG74IMPwIomkb3elNP7xpz3Zgg +Y5xwL05H5Jj5aW3Ao9mY3LKK8ZmAQnljOsyQsKc= +-----END CERTIFICATE REQUEST----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-key.pem b/test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-key.pem new file mode 100644 index 00000000..885892b3 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAyzNFMI4BCpd/vGvPseb8U/NZYDQZ6nV7nFwDPsyr/yoUBQz7 +/gEAFP9Zo+8C9h89N2dPuxVNgylybiXO1icy8NsH+xkTtJXPSqi/Q87M36V5/k7w +fF6Kx9ayuB2e1xg844fuY3llYacOyoA1NWP3DaQP+MztxuvKqK4JnodUoqysEK3D +F4F1qFSHh1fum5nY+GBPaZjhn6ns/prQP8De6bctEjUAEYSKqUjNJpYasP0KqFH8 +CoY1ZGa/f5n0CZ/9VT5N+Nm0TA1HwX2QeH0h1yp/LH52tD6/8T9XqgK4iuekRol6 +dkj63jXPnVSK4NSFksTzJsQCABOUz4kXKZucQQIDAQABAoIBACvo7mCprwvs5QuA +eKdG9OvnQD8LwzXpIUcOkxz0+Y3wN9dHkQS4jp36+BH2yjsJUR8x0gbpeZCIWlP3 +E5Uvb1Cg5D6ckqeJX/wQLxSmEZualJwhztHxVCgO+xvSOsrcT/wTGa6hQwkxIn8b +6WOaMH7gHxtynUdJGMgOo8GAGQf1yVganOo8hk/jARjln3Cyg+0018a8P0bZHI5L +2EJgXSvVo5N4s0sVxMTDUX80YMmpH5M1duCYRitJwZCDMg5xOjootvfzw9pDD40/ +JsQHxdCfotDEBOVym7mKqxOUowwA+8vKG5yOkG7Fb7QmO9UkujqBCQs7n9q+0wj5 +3OV872ECgYEA+YwqJ+vk8EK6Eo4ZJmYNhreKDtfTCiv4CRpxWimyf8fShhPSpcur +JSMl7OLuJhqsWIoGs5v1QSMhaSckLVq5lSZ7czVyC/ZFmhXN8LmfdYJ3LuSfEhG/ +ma9c2qXXC9EbTgdRg5lFSIugBFEHv+656Jn6Oj4hN/V8bd0EDgSY7Q0CgYEA0HRR +esMH2YSGztoauzl0FmOHrH53diTpCNBzh2ZEwQgHcTbHK3VfDqN0bsUx4SwZW/Wj +o7elnrBDHdVa8LMbUq7DH5YzRnfbGJHcKhUCTI3eT0wfpKvnyptIwRaKozS313rx ++5ZePf51krnYTs6p73Nvu7ALUwTLLi57PZQKJwUCgYB2B0JlEWB99sF1RzpD/B7H +qgWlUZUiiXtOKvCT+YbQgx1ihvupqTPwY7hrW0XSRelgEyBqUQhl34zM5FNrFC8U +iVf4PL4NRFTVNRzrj5AJD0T5q+5EqJpbwSKE081rbGKivDlkqdioIEn14LFuqSXL +CxDb/UjO49APUmq5ipkd/QKBgQCfSxPsrNb1yMk/jvn4coochchq72WYudH+c1Sl +dmg53knZoROISTPvusbB0x0vxgRG+qom9LKyVl2jkaPh5eyOPZBMNfpO8k5SMzw8 +SDuuhocIr9JKgzco44swSmp9F08ZchEywZCY7TepfS0n49OGcP9EPN4afcJKMyjo +QJWVhQKBgH47nr45MgQJIoeUzmDPL/N9jAlG4+MvfsGvZxtGeRij68TYFStPEccO +GJH09GQZgxvz8YbamC4KEA67PlwOdm/4ITs4HAE+tX6gaYeXG8XTw/azQdx0ZhXu +EIhyRvSeCfXq/hi4Qef2yIx3YLarPXw1E38Xtl0MOl+yGg827Imt +-----END RSA PRIVATE KEY----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/clients/1234567-cert.pem b/test/basicserver/testfiles/seclevel2-sha1/ca/clients/1234567-cert.pem new file mode 100644 index 00000000..d3f3acba --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/clients/1234567-cert.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICsTCCAZkCAQEwDQYJKoZIhvcNAQEFBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5 +c3RlbSBjbGllbnQgcm9vdDAeFw0xOTA0MjgyMDU3NDBaFw0zMzAxMDQyMDU3NDBa +MBkxFzAVBgNVBAMMDkJBQ0tVUC0xMjM0NTY3MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAq0h2RFBmcS5wxa9AdNlLXeaxemMGJocyxljQZwtBQawjdKiY +IxB6UNI6jBgPbyLwbnrGIQZpPITsiRRzbSQfDCcnh7yksHcJRSLM/oK+tERgCo9v +dJ0nRYDLzIJHas+lYOEfbfeH84cY5PwScjY6/K/uuIX3yDkJjGJZgAy19/AS0SwH +21VZKv20YKgRbZrxWE2SpeqH9Y1UlkC3FxkoVhOOZXOR6Xfqrw0Y87ELpG94CZil +OAzFtQQmkvFur+0dDBv+QqKIsDEa3LfKbh+CHiA6wcgc/9JkT3zD40dqqY8eBJi0 +XAt/ZRlQU51y2DNVxiGLF+39bLGGWV0kmo1KfQIDAQABMA0GCSqGSIb3DQEBBQUA +A4IBAQBvwLWvNs2FhwNhjCA0A4r6hbKcdZDqmHT+EJpf1Os/f5A1fTah5u2UvNiQ +jYkI7u5dds/pSRDQ+1itbq2ltHq59QolMDN80xbrqgW2SCYIzBqR5i+plIIlGaM+ +Cih9QUrbZO1qBSA9nvuqFOGdi4tca+rkkuogWWNsngEydS32EmcI/cTcrubMKnYT +aW3+z46D42uZwljlhjnDDRbbvwpqd1h4NPbJcadelZnG3fsO0MCWi8LLp8Sepot7 +oDoseZ55JtYSjQuLFzfvgbvdkl/AQS1J+0Tjf2pq1zjIJmZ8qCuCP694z2BzRMTp +y0vJrXoCFTpVaNZZJx+x8ZqKjp3J +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootCSR.pem b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootCSR.pem new file mode 100644 index 00000000..e5bb872b --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootCSR.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICaTCCAVECAQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5c3RlbSBjbGllbnQgcm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcxnm27tjpmhPdI23hV +VLerRKdYRutug9EaVwoegRzsnx/+6vBrnXQFbqenA2MR9yMhje+CJqZJcKoEyN6o +hSuv2vpMUOxLquUjhzv184rxp8dVcz1E6zpnxo5vJw8NoxN65SEjMKxFcO8e/RwQ +Pb8Yot1wEantMZKUu9qQ45lPCJH1VdPES09D6yMc62P7gOkybR4MZE7t2Wm9Bbx6 +H3Ag9OaSuYJOhf3614SvZQFmUlr07X/RFGsAixXi7CWqMjPKZDpG0PALVnKeKrfj +5gftcEUVVh2jRtfwN7DcTQu1f0Cv3Ixvv7T0lOK1BXGt5S8/l1RLeCNkzzIDyyEM +92UCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQB9d+4iZAtngEGpbtuHEhWssZKP +fisCUA+XokqrQ5Bw8wpE/zh4WHBfKDE0mrXARiJABKJqTVUI/fI9cGVWvRj17yxv +aIuZdYsZgAWhy6U2u0I8Kyul4URnDJq+JiqKOwYDjduZRi6axsjqVoWqeyRn0M1o +05d5O+TzS6uH9JhdYzpBeQVRweH4Dq374ApJu55RW+RQ7CpFQpW1cCqm3nMybNoM +uMMDTXeV09jh8DE63VE5GLi2N9/DaAD8VrrGuZWRFUhEvxHe8Qs8gCX7ep+9rUlS ++Vn0880ItjjBRQwDaSkJqQaGL0Wq4eBSTx9WcvIer9XFfwUYKOFVIPwQqDqn +-----END CERTIFICATE REQUEST----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootKey.pem b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootKey.pem new file mode 100644 index 00000000..0ccfd83c --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAxzGebbu2OmaE90jbeFVUt6tEp1hG626D0RpXCh6BHOyfH/7q +8GuddAVup6cDYxH3IyGN74ImpklwqgTI3qiFK6/a+kxQ7Euq5SOHO/XzivGnx1Vz +PUTrOmfGjm8nDw2jE3rlISMwrEVw7x79HBA9vxii3XARqe0xkpS72pDjmU8IkfVV +08RLT0PrIxzrY/uA6TJtHgxkTu3Zab0FvHofcCD05pK5gk6F/frXhK9lAWZSWvTt +f9EUawCLFeLsJaoyM8pkOkbQ8AtWcp4qt+PmB+1wRRVWHaNG1/A3sNxNC7V/QK/c +jG+/tPSU4rUFca3lLz+XVEt4I2TPMgPLIQz3ZQIDAQABAoIBAQC1TQJIGmw4J4uq +j5PCqNgc/DPWpNCYBNTRg8npGe6mZvBGbP1lqm17Zl5bFfZNO9LXFPldH/cRrxJu +jUBO+M+M/divrLqS+CQpvvadqrTqqBzvn2TuRUZcuIvOpHjGiMD/QAJA8QiiI+ow +muIBov6wajoClrhdE9jk858vxmSB6gE4czdTrXvZQXC+9EyuaqrLQeTuJbz1JNGN +jR61iSZWBfI6Ige+PSKpIQW/pU1+2QHyUNhTqN9V8Cxw0tVnOCZxNlWbXIaqsowa +s4lzfYVvK1NsHitX3wIRJv3gPt3JYN8VIwpq86w1CDxvmEQUuj6VYGDj1n278z4h +4CaZGNFBAoGBAP/b++wVZ1D0glBRhXghCMqGi/bzBySD+XDzd2DwVRM6jkX4Krof +MPflg2AMGXOvYYEoDtNWPHYzLts45zpOY111DA4OKqLL1QgTOOtjjd4b/+AaQOKt +m/Gvr9WFdqCjtO2rcv4546nB4M6bf6umHqoeKK947mi08jmW9VvZhaC5AoGBAMdN +qIYmnR17s9He9/jgU9zfp+21fC9GSDI9MrdaGP9E4EAeg95Sn3ppplzVeIW+c2b/ +0MuhdbR2dn7JoXcJKlO2qcadvsRWURvR0ofWbjcKoKdAHlShsNIfT8cWfk7E1DL3 +04JTWFcLA7M5RkdT9y2/N4NNKAZ37ZWO10r5jz4NAoGAXWh8gmYV//IkGRqJ9Z9p +zDZupst20hf0Ww4niRZ0mL6J7nV5c9WrVPVPjyMbr6ZZnIN5ViJnlGd/Nb2CfUDc ++eOfcQou+pwbvAT4hMclpe7m7XPoOFlVU1jmgrdk5aSeix5KrxGHUhRb9FHEvG+7 +RjQYemdV8pgMzoWUMeIp7NECgYB/39rN3/6UySbR9E6EF2KXZ8T2Jqh8KIrv+QYO +UDeTqVx8p1eSkM6UGy9LhwfiQBUJM/+Cd6Du3ccfiD0aA/5tYdjCf7nDfWJjCBgd +Yb6rgB0d0mzjfi7WUpK8OTlnTrCb1xiVGOaoSn/gQVJPN5dzeamjjCCvLcl5WQHX +sBFxDQKBgAYnvJcaXYiyDW2fpdKodzf0AwPBaR2yUJsO2Zm2RpigrpAkpSo5lk5N +GTWEbWUeENlgapQot5pxKbX07wSpifG3eAULusJuwd9+Ys04GZMYR9T+JXxjLQq7 +hxlWFoj/8o8zh5tGWocqvmTgIiFngwLpHRFStrAhmFSWtHlsgruV +-----END RSA PRIVATE KEY----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootCSR.pem b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootCSR.pem new file mode 100644 index 00000000..5b6688f4 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootCSR.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICaTCCAVECAQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5c3RlbSBzZXJ2ZXIgcm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmT9t4A51xpeJ3h6ddg +l2wYFYSp2YdquKX85hipesYp0EIlrPHDdHXFjDS50ZhI62+2hxr/qCtSWwsAiNoK +xSopXMVd6BO6eYPM0KqW4BMnqsKewv39uDiIHVQblB/3/4nd2Jx3sxGIdFivCDuo +nqYm4BT5vEvHWG1Z+FtGqdPGZk4UG53Rx6ewHCYwpXUgCxJE814fruw+aWXPI0U3 +QYCgehOTP5+zcONaFP9aSVd5GXqCtF+MgZYSSK4exL33gKsaDXwhiTJ2IgOs4YpN +HG4fu/ct4ppwArHvaHMuLKS6IgFjCHYCqMD/N2+ZpszPWzI5KGprfHZxl0uTLGTd +HdsCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQCflWlk+xCivLP+EK8oh0VCuTo2 +qLMuPOR8GU+gVUN1z68T4j/ZsI0NKox++9NOzGwTE/cSpN+nfLNdhPwOM+TrRtS/ +iDrTSDMSVK4SjIQ9iEaINbfOZOv52l9vkyCR/u0TrnnkjXknzU9ZQmnDvj2e8K/B +lq7LjvxeMxvLeZKfISr5XGcnUvhGcJkG6Cdkk6OIYUL7oDmBjS3IBzNTVTVmMB/U +fHMURt/+ljmYKwNN8J7bG8nsMc/UnqqSLqBpPovup/+Ol8pbAjPNaLrQTz5PrN/k +0PwqzbSJ52HEQY+kwpWLpx47p8ArQhD+YTaCUxyqzBWAI573rMdiAh/ZKVVi +-----END CERTIFICATE REQUEST----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootKey.pem b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootKey.pem new file mode 100644 index 00000000..21dfb204 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAyZP23gDnXGl4neHp12CXbBgVhKnZh2q4pfzmGKl6xinQQiWs +8cN0dcWMNLnRmEjrb7aHGv+oK1JbCwCI2grFKilcxV3oE7p5g8zQqpbgEyeqwp7C +/f24OIgdVBuUH/f/id3YnHezEYh0WK8IO6iepibgFPm8S8dYbVn4W0ap08ZmThQb +ndHHp7AcJjCldSALEkTzXh+u7D5pZc8jRTdBgKB6E5M/n7Nw41oU/1pJV3kZeoK0 +X4yBlhJIrh7EvfeAqxoNfCGJMnYiA6zhik0cbh+79y3imnACse9ocy4spLoiAWMI +dgKowP83b5mmzM9bMjkoamt8dnGXS5MsZN0d2wIDAQABAoIBAQCKVJ3+74PV6RM6 +1YORp9mB9m0d4ylCQryAPDLzDasRPjSKkCxEpKrQ/0YeEL6C0NewjAPfRT50rEmK +HU3Mw8NWEZh2YOEYWMl25yDzUCJpQrluYWDSyECZmt71jw9xeNDGHZW+mm4qRAgD +q+nsduSYhOkVu+O55Q0Lzcgfaziz+KNlZNFyjQpyrwCoj9lssL+ZYfhFZV2OnPof +QLQpCEmrqzFaE9oFDjXxRkvmEBgtxPqSHNg2ZoFuVRAwcal8WHJbf7twCyQKB4i4 +UFV/SX70qw4pfX53rfUoxUNEJgnnJIpOV0q2N/FO3CPYMjvdSoqkhbaIa2D4c37h +8aB0HCjxAoGBAPukpme3nRy7ybr5P8XomkIy+36sH8hLRoDZCNnz8UJa1OmrA8tG +yKch9vlBMDXjzDQ0Uq8OFSjFN7uQF5zLx4UU2eL/ptEWEmDpPZui7YmI5Ep/ZK4k +reK4op0tJ2fy7Fhq6IoBKvUVN3waWXzmObq77IKIQ5t1Z+MyfHEAtvKHAoGBAM0R +aXluyt3+RwOE2RdlwgSDnHYNvKAUfmkOIVprFEb13LQABbna5BmNIa/rZ+RDtNza +2/Tzqpmq8OVQkF9ATqjba+Y6GAoDwaAcvVwDrjoYtlI8zjnFEhhgVl455QlEZc5O +qxOPYx4Kt60Cc6ee8L9gPvJUIAQLyyCjv1IWYQsNAoGBANWkPALiSGkUpXgwFIyZ +ph192zb4OyN5hSnvGSyxhqqnIwwfPOFf/wqmM1/6kEuwUrYflfM5KY2rol2DQAjG +mWXLBhFKqv3ol0Hfw4ZXFQQnTGpTLc8LJPXPe3+lzkbaXv3SBgrkYuwgTzL1y/PW +Ijz/PxSzS3K4grLJMg1eZfQRAoGAOuatbPutuWW38ALQeC/6MmG7Jw17CF/aj0JH +wjjPcjJcWjdHbcK5kb0/18+934qzAFy8oPb8IXdACh3B2hoWfdnIfDBjhzzc+KhI +m41TFczTUXu1oFJCiE3jgN0QNEE5HLDr4opk5dQePctefN7iN5XlfqU7LO5WQeHG +qkVTSmECgYB+pEKVBHyKyJtdnWhrVr8vhlJH7fh6VUkL4gnuoiFcfPn2gyw6UX7E +9tls3aoxx47jvaJuoaNjiaT8ZZ4C0mx/L7XNHxiQHRb89nPC+WvapplDw+1XA0JK +k/JenbDUXuEPrdoJh30lwwYqNBEJTstFbYILDhbaw4Ud6hRUrIfQOA== +-----END RSA PRIVATE KEY----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.pem b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.pem new file mode 100644 index 00000000..79df3946 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzzCCAbcCFDMFGbY+8snuTNZA311AVJo5GvwmMA0GCSqGSIb3DQEBBQUAMCQx +IjAgBgNVBAMMGUJhY2t1cCBzeXN0ZW0gY2xpZW50IHJvb3QwHhcNMTkwNDI4MjA1 +NzM1WhcNMzgwMTE4MjA1NzM1WjAkMSIwIAYDVQQDDBlCYWNrdXAgc3lzdGVtIGNs +aWVudCByb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzGebbu2 +OmaE90jbeFVUt6tEp1hG626D0RpXCh6BHOyfH/7q8GuddAVup6cDYxH3IyGN74Im +pklwqgTI3qiFK6/a+kxQ7Euq5SOHO/XzivGnx1VzPUTrOmfGjm8nDw2jE3rlISMw +rEVw7x79HBA9vxii3XARqe0xkpS72pDjmU8IkfVV08RLT0PrIxzrY/uA6TJtHgxk +Tu3Zab0FvHofcCD05pK5gk6F/frXhK9lAWZSWvTtf9EUawCLFeLsJaoyM8pkOkbQ +8AtWcp4qt+PmB+1wRRVWHaNG1/A3sNxNC7V/QK/cjG+/tPSU4rUFca3lLz+XVEt4 +I2TPMgPLIQz3ZQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCUifYeul9/GHa2LV6/ +k9ZKOjcSmmDud8sTwfum3CuHLb9ODcKMaNz/vzPYeVyN7MZvXJIAqxaxrrToye46 +pDRQnguPNI5XU+Vb2l3Xvm7WBRGcxkAInkYBB7GwxmfffPS9/JrdPzxD6h3z8IOT +jwzULNmNDse7Wf1hrgS1qKcCzJA1b1rLnZcrU+z3OUvLiR/8Bo/IuwXZVoNqDdq7 +NzrqYT4x0J4P5PuBQHPB/fHMFDc1HoCgLG9b42th71kDoxG7IH2r02FzVjF8qIvD +eQes3VbI7BDT/f0L2r1FHcA7FVRUqTWnEWby/PjTZiRCSPKUG7RqAplrOKmk9JuN +PkkW +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.srl b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.srl new file mode 100644 index 00000000..8a0f05e1 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.srl @@ -0,0 +1 @@ +01 diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.pem b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.pem new file mode 100644 index 00000000..31ae4ecd --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzzCCAbcCFGAQPLcwEruVZrE+h1tmI7s9CffgMA0GCSqGSIb3DQEBBQUAMCQx +IjAgBgNVBAMMGUJhY2t1cCBzeXN0ZW0gc2VydmVyIHJvb3QwHhcNMTkwNDI4MjA1 +NzM1WhcNMzgwMTE4MjA1NzM1WjAkMSIwIAYDVQQDDBlCYWNrdXAgc3lzdGVtIHNl +cnZlciByb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZP23gDn +XGl4neHp12CXbBgVhKnZh2q4pfzmGKl6xinQQiWs8cN0dcWMNLnRmEjrb7aHGv+o +K1JbCwCI2grFKilcxV3oE7p5g8zQqpbgEyeqwp7C/f24OIgdVBuUH/f/id3YnHez +EYh0WK8IO6iepibgFPm8S8dYbVn4W0ap08ZmThQbndHHp7AcJjCldSALEkTzXh+u +7D5pZc8jRTdBgKB6E5M/n7Nw41oU/1pJV3kZeoK0X4yBlhJIrh7EvfeAqxoNfCGJ +MnYiA6zhik0cbh+79y3imnACse9ocy4spLoiAWMIdgKowP83b5mmzM9bMjkoamt8 +dnGXS5MsZN0d2wIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCHI5RDuqx9hu0anQRC +dREc+3agRxq4C+Fo0mrsF1CWooO9lGyWvJqygiBGqOSjMi3D8AoyQXhxcvf1EniP +CHCpqlP+h+6qILbtBizTTtHhceTpXiU5Se/yJvm9814jJrXVp10akShXzBlc4W/2 +O0NX6b1B0De2z+YJydB+meZws7wgGD3eZCBr2uF2seYTNitKmNfUfq9UXxxCKcMu +eeRzWGM1UDFaRbN7FKNo6YpUE21olZEjxF8xOfyuWOYxv8qNTck89SurOwj4as/o +CLJLVQ7i/keqt1XXXOSpp46CkRoEmmuxHuql44dToQOLZH1RcZLOMHSPO3OdNo5Z +o2Do +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.srl b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.srl new file mode 100644 index 00000000..8a0f05e1 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.srl @@ -0,0 +1 @@ +01 diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/servers/localhost-cert.pem b/test/basicserver/testfiles/seclevel2-sha1/ca/servers/localhost-cert.pem new file mode 100644 index 00000000..c3c6459b --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/servers/localhost-cert.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrDCCAZQCAQEwDQYJKoZIhvcNAQEFBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5 +c3RlbSBzZXJ2ZXIgcm9vdDAeFw0xOTA0MjgyMDU3MzhaFw0zMzAxMDQyMDU3Mzha +MBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAMszRTCOAQqXf7xrz7Hm/FPzWWA0Gep1e5xcAz7Mq/8qFAUM+/4BABT/ +WaPvAvYfPTdnT7sVTYMpcm4lztYnMvDbB/sZE7SVz0qov0POzN+lef5O8HxeisfW +srgdntcYPOOH7mN5ZWGnDsqANTVj9w2kD/jM7cbryqiuCZ6HVKKsrBCtwxeBdahU +h4dX7puZ2PhgT2mY4Z+p7P6a0D/A3um3LRI1ABGEiqlIzSaWGrD9CqhR/AqGNWRm +v3+Z9Amf/VU+TfjZtEwNR8F9kHh9Idcqfyx+drQ+v/E/V6oCuIrnpEaJenZI+t41 +z51UiuDUhZLE8ybEAgATlM+JFymbnEECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA +dYM0WTSCb0AN6eGhlbyNsENnUwLYjDE7ojVD2pY0Ab4ik04DIfTm5piqEkz5HBaI +1ZIEtYlImnvQ9cax1m+8LrVS2tflPpZ0CqWT+In7EncuI1lONZJfYELITDgU3LWx +FEfNQJaOv0Uc8u8GG29d22a50/jTfZr20puM7mYQkLaUJLHgoTImYg6M8W3Ggkyt +DO/yrtPUWm424wCYx+f3DgOrraFtiRLdqUpy5+bRqmzTuEFMAARqt4uudF6MR36n +hBIXg1jYKGrZMLwi60vfdtwe+zpAV/7SRGLbekhB6iAcVIXuom2aD7rlIcJHW/wd +hk9u7ie0JVDdu0R4I5Z9vw== +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/raidfile.conf b/test/basicserver/testfiles/seclevel2-sha1/raidfile.conf new file mode 100644 index 00000000..6e235b24 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/raidfile.conf @@ -0,0 +1,10 @@ + +disc0 +{ + SetNumber = 0 + BlockSize = 1024 + Dir0 = . + Dir1 = . + Dir2 = . +} + diff --git a/test/basicserver/testfiles/seclevel2-sha256/bbackupd.conf b/test/basicserver/testfiles/seclevel2-sha256/bbackupd.conf new file mode 100644 index 00000000..671a13ac --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/bbackupd.conf @@ -0,0 +1,196 @@ + +StoreHostname = localhost +AccountNumber = 0x1234567 +KeysFile = ./bbackupd/1234567-FileEncKeys.raw + +CertificateFile = ./bbackupd/1234567-cert.pem +PrivateKeyFile = ./bbackupd/1234567-key.pem +TrustedCAsFile = ./bbackupd/serverCA.pem +SSLSecurityLevel = 2 + +DataDirectory = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2 + + +# This script is run whenever bbackupd changes state or encounters a +# problem which requires the system administrator to assist: +# +# 1) The store is full, and no more data can be uploaded. +# 2) Some files or directories were not readable. +# 3) A backup run starts or finishes. +# +# The default script emails the system administrator, except for backups +# starting and stopping, where it does nothing. + +NotifyScript = ./bbackupd/NotifySysadmin.sh + + +# The number of seconds between backup runs under normal conditions. To avoid +# cycles of load on the server, this time is randomly adjusted by a small +# percentage as the daemon runs. + +UpdateStoreInterval = 3600 + + +# The minimum age of a file, in seconds, that will be uploaded. Avoids +# repeated uploads of a file which is constantly being modified. + +MinimumFileAge = 21600 + + +# If a file is modified repeated, it won't be uploaded immediately in case +# it's modified again, due to the MinimumFileAge specified above. However, it +# should be uploaded eventually even if it is being modified repeatedly. This +# is how long we should wait, in seconds, after first noticing a change. +# (86400 seconds = 1 day) + +MaxUploadWait = 86400 + +# If the connection is idle for some time (e.g. over 10 minutes or 600 +# seconds, not sure exactly how long) then the server will give up and +# disconnect the client, resulting in Connection Protocol_Timeout errors +# on the server and TLSReadFailed or TLSWriteFailed errors on the client. +# Also, some firewalls and NAT gateways will kill idle connections after +# similar lengths of time. +# +# This can happen for example when most files are backed up already and +# don't need to be sent to the store again, while scanning a large +# directory, or while calculating diffs of a large file. To avoid this, +# KeepAliveTime specifies that special keep-alive messages should be sent +# when the connection is otherwise idle for a certain length of time, +# specified here in seconds. +# +# The default is that these messages are never sent, equivalent to setting +# this option to zero, but we recommend that all users enable this. + +KeepAliveTime = 120 + + +# Files above this size (in bytes) are tracked, and if they are renamed they will simply be +# renamed on the server, rather than being uploaded again. (64k - 1) + +FileTrackingSizeThreshold = 65535 + + +# The daemon does "changes only" uploads for files above this size (in bytes). +# Files less than it are uploaded whole without this extra processing. + +DiffingUploadSizeThreshold = 8192 + + +# The limit on how much time is spent diffing files, in seconds. Most files +# shouldn't take very long, but if you have really big files you can use this +# to limit the time spent diffing them. +# +# * Reduce if you are having problems with processor usage. +# +# * Increase if you have large files, and think the upload of changes is too +# large and you want bbackupd to spend more time searching for unchanged +# blocks. + +MaximumDiffingTime = 120 + + +# Uncomment this line to see exactly what the daemon is going when it's connected to the server. + +# ExtendedLogging = yes + + +# This specifies a program or script script which is run just before each +# sync, and ideally the full path to the interpreter. It will be run as the +# same user bbackupd is running as, usually root. +# +# The script must output (print) either "now" or a number to STDOUT (and a +# terminating newline, no quotes). +# +# If the result was "now", then the sync will happen. If it's a number, then +# no backup will happen for that number of seconds (bbackupd will pause) and +# then the script will be run again. +# +# Use this to temporarily stop bbackupd from syncronising or connecting to the +# store. For example, you could use this on a laptop to only backup when on a +# specific network, or when it has a working Internet connection. + +# SyncAllowScript = /path/to/intepreter/or/exe script-name parameters etc + + +# Where the command socket is created in the filesystem. + +CommandSocket = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2/bbackupd.sock + +# Uncomment the StoreObjectInfoFile to enable the experimental archiving +# of the daemon's state (including client store marker and configuration) +# between backup runs. This saves time and increases efficiency when +# bbackupd is frequently stopped and started, since it removes the need +# to rescan all directories on the remote server. However, it is new and +# not yet heavily tested, so use with caution. + +# StoreObjectInfoFile = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2/bbackupd.state + +Server +{ + PidFile = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2/bbackupd.pid +} + + +# BackupLocations specifies which locations on disc should be backed up. Each +# directory is in the format +# +# name +# { +# Path = /path/of/directory +# (optional exclude directives) +# } +# +# 'name' is derived from the Path by the config script, but should merely be +# unique. +# +# The exclude directives are of the form +# +# [Exclude|AlwaysInclude][File|Dir][|sRegex] = regex or full pathname +# +# (The regex suffix is shown as 'sRegex' to make File or Dir plural) +# +# For example: +# +# ExcludeDir = /home/guest-user +# ExcludeFilesRegex = .(mp3|MP3)$ +# AlwaysIncludeFile = /home/username/veryimportant.mp3 +# +# This excludes the directory /home/guest-user from the backup along with all mp3 +# files, except one MP3 file in particular. +# +# In general, Exclude excludes a file or directory, unless the directory is +# explicitly mentioned in a AlwaysInclude directive. However, Box Backup +# does NOT scan inside excluded directories and will never back up an +# AlwaysIncluded file or directory inside an excluded directory or any +# subdirectory thereof. +# +# To back up a directory inside an excluded directory, use a configuration +# like this, to ensure that each directory in the path to the important +# files is included, but none of their contents will be backed up except +# the directories further down that path to the important one. +# +# ExcludeDirsRegex = ^/home/user/bigfiles/ +# ExcludeFilesRegex = ^/home/user/bigfiles/ +# AlwaysIncludeDir = /home/user/bigfiles/path +# AlwaysIncludeDir = /home/user/bigfiles/path/to +# AlwaysIncludeDir = /home/user/bigfiles/path/important +# AlwaysIncludeDir = /home/user/bigfiles/path/important/files +# AlwaysIncludeDirsRegex = ^/home/user/bigfiles/path/important/files/ +# AlwaysIncludeFilesRegex = ^/home/user/bigfiles/path/important/files/ +# +# If a directive ends in Regex, then it is a regular expression rather than a +# explicit full pathname. See +# +# man 7 re_format +# +# for the regex syntax on your platform. + +BackupLocations +{ + home-chris-boxbackup-test-basicserver-testfiles-seclevel2 + { + Path = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2 + } +} + diff --git a/test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-csr.pem b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-csr.pem new file mode 100644 index 00000000..4f228021 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-csr.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICXjCCAUYCAQAwGTEXMBUGA1UEAwwOQkFDS1VQLTEyMzQ1NjcwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeKRy4ppAb1cByCRkt2f1j+6iv7AWdF92p +nPlzXPbLhP/edfuyVPFyBY46p+z6j4p9TrccMjUi4RPMx6dqyL2/o3Qzg3PhoHPq +2fexEkrBSJ1bbL6hXjadzE53wiONj/8nSzFyzqR3/IhKNM0ssR10cqq64VgoiWOR +GHYTTEbQy1k9WvoReC+diTEqIDBLif1EQJ+c/3iUopqtaVZWNS1LV5DX/u2Y1anX +gO1s8jQaYlTtyNZyOi9lwXYXj4mH0mil2Hfh3IKD6GqB4HpFDUZ0/NHFRDvjdwfW +4RTad55l8dWparOyie/QzFRj6Ua1746FsbUw2pERdmHAMshLpxkNAgMBAAGgADAN +BgkqhkiG9w0BAQsFAAOCAQEAuW/o02Ga2yICJSJIrq44T+dIddakxhUPfIvAEWXs +7Cap9qzmBNOAfzFqvbdVgsqC9/WCnpumf9ZpjkXvUy/6EB77HbtiJAXukT2DvFbo +7mvbuh10YGv/AdZxLR2tMXmk9YqV6kgXdXFn18u8Vv35aYa4hru5q16m9QVhkeW+ +UAJCsjhYVISVWW5Pss5mgL058viMHt3T5X3+2ybMdsfLe5BfRbsPxnFClKfBg6QS +3yH5JxQdfJlg64z4uQNHNbsWJ5mRBPEYawZ2ge+HmWb6xnuGLR3Dg5ZbbB0hvAO6 +kw7sZ1at9bX+MWz7rTvgKyxFXcGVXZ40/UQlgfzMiLEAHg== +-----END CERTIFICATE REQUEST----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-key.pem b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-key.pem new file mode 100644 index 00000000..e5b132b6 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA3ikcuKaQG9XAcgkZLdn9Y/uor+wFnRfdqZz5c1z2y4T/3nX7 +slTxcgWOOqfs+o+KfU63HDI1IuETzMenasi9v6N0M4Nz4aBz6tn3sRJKwUidW2y+ +oV42ncxOd8IjjY//J0sxcs6kd/yISjTNLLEddHKquuFYKIljkRh2E0xG0MtZPVr6 +EXgvnYkxKiAwS4n9RECfnP94lKKarWlWVjUtS1eQ1/7tmNWp14DtbPI0GmJU7cjW +cjovZcF2F4+Jh9Jopdh34dyCg+hqgeB6RQ1GdPzRxUQ743cH1uEU2neeZfHVqWqz +sonv0MxUY+lGte+OhbG1MNqREXZhwDLIS6cZDQIDAQABAoIBAF1cH5LFhGf+ItqJ +Ukh/hEnBFzme0RkcT22Y5weA+MG8SZ6eLEDcC38kMIobya3eJo/URYUW4FehCKYU +/RkV9Q+UzB9dzZPyzuPR55JFIp8pOd+SymWb5w3XLt6K+k/iRJKpucUKa/l0aX3t +xI9UexFVosPYMSkP24S9J9miQ1w4X8D1laJPi5KWrbdzDZxy5geoNmS0veQl6mRf +91Owxsa15wQpxNoVesAiGbrHb5ljMsBovYgljRL6rqA9THXPXfcDkWkabfGai/kD +AktxqPGUELxjD7gSO5G4ygCcGTeIEJbOfwgDtr59V518kVzwVNAxOKb7lfDM/l4D +v0H3liECgYEA+nh1RjwOm2db+yW0hQ2DTCA84by2AyKP7nCwD7CjrGaXrm7zfQ+U +VqSgpDg+xH9/Caa9P1n6zSZSEiXrCePQL6UsREj8sd+st7Uah9eQOc3vywxizGN6 +VMqqmctn+gKKxkmv8T6YtWblDDqOA/7yYlCaH0l7WUO+HKAl7MhaGgUCgYEA4xCo +2bGwbaT7lLdFtOU2+erM2lbA4NzBkR7Mjpq16JiPPFdSF680XBRL0uNR0r2GFucM +gG8Z+ktV1QosY22546Z3fl7+jcyZC4uramDicpAxnmEGIdPnqIkEPhZzKvV0uRGj +tXs2qnJ9ztK7hf+PRwdQEvqCNLkoy+pQPG/bSWkCgYAvH36g6ietYTLS+3MNHU+4 +gNAzgDeWO2hs6dKWARuqEdszvDgfLVExQ+PdQZ+9hGc4P6CXTKx88Fq8g1nHEI9Y +h3DeoAS6ymRKY85MBGhkF7SntPrZjVW0ojSansQ/Kz9EsxRhBO/iISuys0mIwuyD +RrrYbBDC6JXZ+N9pvwAEqQKBgQCI4DgI0pY54iRN55S7kRjs2l+Wlok6g5ijtF82 +74gMqDpf83tnD5SOlSWIAMQIN3snPyxIF7EfMl6RR8quPSy7UFPj97uXGuh/DzjL +rY+T49wlTvN1XNnevIm0K7BNCx3LmhiHg7jWUqIIFPw5sG5cMMpSRnRK9/rhwWOQ +qxUTUQKBgQDYUi6255mUI23dYxCyY7P6rIcGiKqhiAJ5HbGShMFhpA94WS3m6YmJ +sQTip0kykY168klOcRqt8y3RLS5UB1aYBMYvtFuk5wbUcuXFeGcIsuUIZeR3iueg +G0MEhf9hgmBK/xkpfoiLJ+E0hFHqER57N6KCuEK0NWC1Vgqo8X79MQ== +-----END RSA PRIVATE KEY----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/bbackupd/NotifySysadmin.sh b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/NotifySysadmin.sh new file mode 100755 index 00000000..48e8cf8e --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/NotifySysadmin.sh @@ -0,0 +1,70 @@ +#!/bin/sh + +# This script is run whenever bbackupd changes state or encounters a +# problem which requires the system administrator to assist: +# +# 1) The store is full, and no more data can be uploaded. +# 2) Some files or directories were not readable. +# 3) A backup run starts or finishes. +# +# The default script emails the system administrator, except for backups +# starting and stopping, where it does nothing. + +SUBJECT="BACKUP PROBLEM on host debian-unstable" +SENDTO="chris" + +if [ "$1" = "" ]; then + echo "Usage: $0 <store-full|read-error|backup-ok|backup-error|backup-start|backup-finish>" >&2 + exit 2 +elif [ "$1" = store-full ]; then + sendmail: $SENDTO <<EOM +Subject: $SUBJECT (store full) +To: $SENDTO + + +The store account for debian-unstable is full. + +============================= +FILES ARE NOT BEING BACKED UP +============================= + +Please adjust the limits on account 1234567 on server localhost. + +EOM +elif [ "$1" = read-error ]; then +sendmail: $SENDTO <<EOM +Subject: $SUBJECT (read errors) +To: $SENDTO + + +Errors occured reading some files or directories for backup on debian-unstable. + +=================================== +THESE FILES ARE NOT BEING BACKED UP +=================================== + +Check the logs on debian-unstable for the files and directories which caused +these errors, and take appropriate action. + +Other files are being backed up. + +EOM +elif [ "$1" = backup-start -o "$1" = backup-finish -o "$1" = backup-ok ]; then + # do nothing by default + true +else +sendmail: $SENDTO <<EOM +Subject: $SUBJECT (unknown) +To: $SENDTO + + +The backup daemon on debian-unstable reported an unknown error ($1). + +========================== +FILES MAY NOT BE BACKED UP +========================== + +Please check the logs on debian-unstable. + +EOM +fi diff --git a/test/basicserver/testfiles/seclevel2-sha256/bbstored.conf b/test/basicserver/testfiles/seclevel2-sha256/bbstored.conf new file mode 100644 index 00000000..25425dfa --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/bbstored.conf @@ -0,0 +1,23 @@ + +RaidFileConf = ./raidfile.conf +AccountDatabase = ./bbstored/accounts.txt + +# Uncomment this line to see exactly what commands are being received from clients. +# ExtendedLogging = yes + +# scan all accounts for files which need deleting every 15 minutes. + +TimeBetweenHousekeeping = 900 + +Server +{ + PidFile = /var/run/bbstored.pid + User = chris + ListenAddresses = inet:localhost + CertificateFile = ./bbstored/localhost-cert.pem + PrivateKeyFile = ./bbstored/localhost-key.pem + TrustedCAsFile = ./bbstored/clientCA.pem + SSLSecurityLevel = 2 +} + + diff --git a/test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-csr.pem b/test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-csr.pem new file mode 100644 index 00000000..b3ff3f1f --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-csr.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICWTCCAUECAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA9Uk3V+oultps1qwaJwo+w332tal2trjr5LCXoTuX +UrO4+xJIBYKC2D7a+Nl2VUZw+Kr6UEI/wc7ROwM84s9l1jCZ5iXVrz/8XHYJvJXw +uw3IDQESFbxZsrNg0FC8U7GEtVlCRnVr6B2RkciPkDXK3TVqdf43fv4rripPSE/d +4hbAq/uPd5LZNUQdy6yFsMywG4cSqiaHw3hg4aLgF6EKXj29s8IFTiNhM1h8XrCB +i0MfyCIq2jHVM1/ZRL10HA6cMvu/2E+ofrLETl6FlTzyC4WFQBqv0onFmKFIM5bt +AVIok/NIWX5vpk1rqGnSOuW/6lhUO4yczExZadgDwx7YiwIDAQABoAAwDQYJKoZI +hvcNAQEFBQADggEBAJVk9eAleSiTsV3Pdq3L01WEyndnmpbU1FcExJWg5xb95xbX +Ojxi6g/NhBodAWl6GHJEUTQ+eJHrZ/hTLD6ZHeX9CGxmxOIvpKJCoOiQU7zamLaq +K6aP8BoG21h2MccnbKlrSFF/c89SzH78r2fgWpUqFUCxobemKfvUbdHSaNlOWxh9 +yO3q1P/ZK0wl/V0CG9kdkUfpl9OLATilBiJayrpX92Ef/U6JkX3ZFEG9vTGBSXXU +5QQM7BrPDgMsaTNDv9N1oPCVrUKfQ7Ts2pTEKU/oMA8fYZKX2GFZ/LDXj4C7clQ4 +LJakbh26NhrohTjecHvJCxIDAk2xLipwmXLmVoU= +-----END CERTIFICATE REQUEST----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-key.pem b/test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-key.pem new file mode 100644 index 00000000..c6acc692 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA9Uk3V+oultps1qwaJwo+w332tal2trjr5LCXoTuXUrO4+xJI +BYKC2D7a+Nl2VUZw+Kr6UEI/wc7ROwM84s9l1jCZ5iXVrz/8XHYJvJXwuw3IDQES +FbxZsrNg0FC8U7GEtVlCRnVr6B2RkciPkDXK3TVqdf43fv4rripPSE/d4hbAq/uP +d5LZNUQdy6yFsMywG4cSqiaHw3hg4aLgF6EKXj29s8IFTiNhM1h8XrCBi0MfyCIq +2jHVM1/ZRL10HA6cMvu/2E+ofrLETl6FlTzyC4WFQBqv0onFmKFIM5btAVIok/NI +WX5vpk1rqGnSOuW/6lhUO4yczExZadgDwx7YiwIDAQABAoIBAGc/FF6bIlU5R8rs +0m1QcK7VHL3GwUOUfybZ9llVvhJ/uANm5I39K5peislor9ihN/hT791MpY2swoF2 +kXBfIFySRJWNo26LHmzE+sA41QXHfUeMBdLEX3VK8Bt/gGYyOMwk8DK8RlmD6LxW +kaeAHQ4T5+YWxcFct4IuKQUlKR565lHr6LRDaYmlDHzjksi/fx0ceMlD/RBje7YD +HXPDdetNkSBvpHEcH2lINnrY0kBb5HQv57ipOdA8MfQ+Xf06SjqjhA6ZUOdsMjsn +QVleXQsT1HQ5Ji///JbqVL5j68qkjza2HroyXgOgQdu+fuksHTXvMjvAnW7/z3u2 +SpUd6WECgYEA/aBM7DKWeQdzlRCfosgv6SZ+ME0Lt5oBaHbbUYizi8DuylB196MJ +xnP1QLa7MAYna6ASxDXIClqxG4x+d4lHpErmbYR4F0pa8/9teSbtUw3OXGe9ahZy +HcpK3LSVV5ns8CjRsclNX86cn/Gxubw48gxjcjIA4qKUJv9KxCSAdoMCgYEA95Tu +qhkXDGhBSSTqs51K8mHbTS4CrpCK6+5J++NP7AT4t2IHIaaQ7DtttAI9xFvwxD9U +zFP2/lZVq1KSFATAoDhItUoC0SMlaFcrIxsIyq/UOqTTluf3in29rFHq3UN1rz9M +X90Tfl5EhUvruVJOiJ5iYt97DJeVgOlWkU7qt1kCgYACEwWOCPviEYWIepJTqn95 +0K7HhlnKLqBEUnSIvi15vyI01WOhmtvBm8EtvlDZm7NG1hBROn9gVk2MhCGkqKLF +XTd1PdgdmKYVyMkEbKUUQNCnQNHzxCs6wyTJmVB/XurpK+xLH/JaDj6JsFhbxIZS +tHc7v9zx/ZJonz3lTMcgMQKBgG+WPqOHv22mJ5ax/t6JjFgGZvM4Q5kuKI8BzXKs +Fz+HVhpBInm2Oydd+aniQLiZv8CT0sJtLaugeehHxPMk2TTdaVfcTby5HIkUkKq3 +6pR//yWXWI5xao6O8cgS+8pSN16PJvsmBz0ze6qgd1QFlsPYrvtlQm6Ae6+oe43u +hbexAoGBAIKGmPAoQsBPEWkSs3nWyAPDHQ45NBoB23G0j01amf11Y/sQWhH+Mqfp +mcU40xr/XwMlTVgALfW1Q048ftJ4D2oYPsUEG3Yiayqe8epl6V55QjGMpdEe/+mQ +5VpndGimuUwxr9cyNShn6dngEg6D0hXfNqu4NFmt/2PH3x0D8eer +-----END RSA PRIVATE KEY----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/clients/1234567-cert.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/clients/1234567-cert.pem new file mode 100644 index 00000000..e1cb932c --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/clients/1234567-cert.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICsTCCAZkCAQEwDQYJKoZIhvcNAQELBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5 +c3RlbSBjbGllbnQgcm9vdDAeFw0xOTA0MjgyMDUxNTlaFw0zMzAxMDQyMDUxNTla +MBkxFzAVBgNVBAMMDkJBQ0tVUC0xMjM0NTY3MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA3ikcuKaQG9XAcgkZLdn9Y/uor+wFnRfdqZz5c1z2y4T/3nX7 +slTxcgWOOqfs+o+KfU63HDI1IuETzMenasi9v6N0M4Nz4aBz6tn3sRJKwUidW2y+ +oV42ncxOd8IjjY//J0sxcs6kd/yISjTNLLEddHKquuFYKIljkRh2E0xG0MtZPVr6 +EXgvnYkxKiAwS4n9RECfnP94lKKarWlWVjUtS1eQ1/7tmNWp14DtbPI0GmJU7cjW +cjovZcF2F4+Jh9Jopdh34dyCg+hqgeB6RQ1GdPzRxUQ743cH1uEU2neeZfHVqWqz +sonv0MxUY+lGte+OhbG1MNqREXZhwDLIS6cZDQIDAQABMA0GCSqGSIb3DQEBCwUA +A4IBAQAEpEobzo6qm+GJw3Jgi7Gc/XBVBbib5Tp7fH0oyyzX7sSnbUWNUYNHLjMH +CFFmeNsj2/x4P7JFK2shVy7lRnBt6RUi5zLtQyjhEF8OqV1rxb74hQHl4+7CiRUP +Q1SRTJpdbdDwwAzd5UyDTAX3Glg73krDEHY+k0UCr0kczqcffVzgNmCklMzrCzZk +Nz9KkUF+cMkFDz/5BRBj6I4M9b5ebkVYM32Gz0mAh/G/DcL5KGzWPL9KJ31pgkAP +P8yrvZe2HwscKTJKnAK78M+75zzNv3539/V3y55lNNiyKF2q9Up4k3BE5PY9LDFJ +fVZvMdAltZlFV1tlZksrsRoq3jsc +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootCSR.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootCSR.pem new file mode 100644 index 00000000..c4d2be66 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootCSR.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICaTCCAVECAQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5c3RlbSBjbGllbnQgcm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKWLP1hzvhUgHs8gp6+w +v3aIbsEHXjWOKfTpB4u+eubM4oA9XtXT0NiCLZQPy2BAtIOkazJ6sae6w2Qq2naj +MDyTBclAgok3TLVI6whMkgxdB878uaKQb3sk7xg6yNI6iI7S70cTRM9JKF8ZPBMZ +6ftPgoPooe1ka2kFTjhNgE6jO/DjAyWGpf7Q4cb2ELBdgrU+ehbz4Zz0hHZ0Ts5p +KO8SxEkBX4FRP4sUkbuDM92UNcxyBxlrLg21ktDlIciftef9J94qQyx5HnotMWWp +rj4Zi2mA8/i14op90CXPq/figj8zYkPyyx9KytKDSKcGgByxjNMBWzIAZ17doRgq +1KkCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBVUqpA7BizyLkDut8sLYI4qyJA +8Os+6IiSDyjyjf3C/hTbrbA31mtF0g3gbZFXnehVhop04zQYy3071OBYzuMx+/2F +olylk7HWrScaKE0MDSSamfVTlSGiO2P+zPg32WKoZsOPPjSyrGF/l+A4TlTQJmFK +SgapRRQVm3VDlkWO77c4EjpqoREPeSHVt+0m2490BY7aUT+kRlXl2nViSV52SS5j +EDnb4N/9t60NRS2zaLtAr0DcRWemR+PzVKqKdNyhXdCeieQ9xzGGHK1vXpW/6kCo +OHi/Xt4MHkt3hHxQQKOrK5dcsoqP9WxlnwOuuy9m9mVH4HUhi+S0KFtOytoX +-----END CERTIFICATE REQUEST----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootKey.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootKey.pem new file mode 100644 index 00000000..c81b607b --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEApYs/WHO+FSAezyCnr7C/dohuwQdeNY4p9OkHi7565szigD1e +1dPQ2IItlA/LYEC0g6RrMnqxp7rDZCradqMwPJMFyUCCiTdMtUjrCEySDF0Hzvy5 +opBveyTvGDrI0jqIjtLvRxNEz0koXxk8Exnp+0+Cg+ih7WRraQVOOE2ATqM78OMD +JYal/tDhxvYQsF2CtT56FvPhnPSEdnROzmko7xLESQFfgVE/ixSRu4Mz3ZQ1zHIH +GWsuDbWS0OUhyJ+15/0n3ipDLHkeei0xZamuPhmLaYDz+LXiin3QJc+r9+KCPzNi +Q/LLH0rK0oNIpwaAHLGM0wFbMgBnXt2hGCrUqQIDAQABAoIBAFOJ4X2RaureOq3r +nLNcTkJStxFR1ojQJPwiXFx40yyFWAe+8IyXR1z61GVTUx5PiMilwDLJF7280b1K +otQbpcvrpY/ZrgXwkhUppvGZMlpq1/XsMwGGQbuy97USdSUhxKfOalFDuAWitWzI +HzjEav8XMJXAX3acpldpBgADnCwSA5izEfwt2oGNtcYTHjxG4tR96UvgAxbVbxrU +jg6zd0/Q7eI4MGYc5l2mGFcbAUbeqCOQmTB8eQY9cdXCotXgQSa2EKEt1aG7dEbA +omwwm8+hGYIX4i/E3crFHO5qlbQqtqktvic1Axj3I4NEy+a4Gpja3y6k8gY4TWbS +4+0BZMECgYEA2o6mRCyDNI13VhRdlAO6VDSAdf//8EMeMrANvAGl70de0Ri10ZL6 +GdJLx31le94tVa5Dy+Qi9d9eYci9qIjMK1kUrLcVgvF63tbbOSpz37gESJe+wJYc +xEW2eGRTUwHoYVqRjEi36kAKeWL4mxXeqzJE/ZUQZt2felr4dBJPyBsCgYEAweeS +vV5TJsPlEazUZcRA2dMY8JG9tD1JFVVrlSC4xnLBOEXsC4dw74RsOhoMr69lBn6X +xwcKtzsrx/s9NHI1s2AJXlz310Uj+gRB6/6foyyQDOtijfweZpm3zUNY5OwQ1VBZ +M9J1YVI6xaa3BehQ0PHvx4U/WM9oFMc0upXaaosCgYEAmfo+MXGazn+MP90BQLKP +p5uFlZzSWBcxQ0y9oGMY4MdLicz667e89Ewwj09NHEOfdOndYdxMtSS1ffbLh904 +2qFb64LhaOtwQWbl9BRwpoEio3IlNdGMWssyjwc/nQ+PBGeme0sQJ70OpA6ST9DM +m5hC+tT2RUKGhNFqkXwFMVkCgYBY3Jlg82ND9q55xSypXqEhsh5R0ViQyy08+6KL ++yzytRBbi5+7QNy+x38ZuWpq8QRpT4abDV0Zz6Imybqo2FZH2BEzD4P9QZBVObJE +RrI+A2QYp57I1uvPtU6IYP7SGmU0fNgEacSlTxvkDJz/thGjT9zFIQmA17wpGYnO +oHIyNQKBgEbA0apflhYExq2OZP3mjUM7Baf8MhGylUFnND68YKEr2aR5ihYuWxME +yLSGIDORaVQBiVklze9MXPvJv6WF0nE3VrR5j0AsSoAF0MZBcCJcn5bod0pFRZXG +PkxibqTmzJXJjGRuAKxbNR2+WFxKqc2hsev3hwOSXKYH4DbdCxQg +-----END RSA PRIVATE KEY----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootCSR.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootCSR.pem new file mode 100644 index 00000000..b204952d --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootCSR.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICaTCCAVECAQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5c3RlbSBzZXJ2ZXIgcm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMqKzGuRMYTGC4GtM4Y +sa/EcpfgdRDt1V54c7Qjarfz/6Uvb7dn+21IDgnSMImnBzKuE11KBS2WAPPSxyF9 +Z+rNlry38pAVprnVv40dAUaohShxrkzgIYlZ866RonFYQ9mujMdynzGHB0jKH66T +/enqFhEYzOuBcHyb7obgX+HmT95yAVhm6TvMuF8FR5CvrSqdnj141qJWdRmNeXH/ +Eonz1mcFizHRuFZ0ymxjoegwxQkeSnoYyH2vUh3RkQ/iNZPhu9DdDjgZ6Z0m8mUc +xMGqtwTqiYS8KEcAHvcEPoS44BO1aGTnJEwhABTLuEkTPCXl1HkRoq50ts+Cr9w6 +vu8CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAhVOO7/mqt2AWFaOlMrXICPm5n +judbMjQhOzaTmYr+Tb2lDlsQyiSm/EONpjC1F8PP6ig3oK8dzmIn9/qLOau6xM2Y +JiaTTJXRX+/JC/AaZvvaiA0etc2JwAcfBijAudEKivA/qKh01SvCgB+IEx5rlR6S +TPjLRO4ygig3qGHeHUsiPBzR4PZA669Is3/P4W8pIlDbCQHI91brQV4TlHJET2V5 ++y4et7ZduWvS6yEn29aiPq5UT36kWtJ9rhBFIiu2oUNnDiL7YUDIbdsl0I9LDPjw +equwfb+dwjjO/bFQKB1RX4j5jUXj25bpe9FdB6iy36+3tLd1a0Oh4j6SEn2n +-----END CERTIFICATE REQUEST----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootKey.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootKey.pem new file mode 100644 index 00000000..7eb1ac20 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA0yorMa5ExhMYLga0zhixr8Ryl+B1EO3VXnhztCNqt/P/pS9v +t2f7bUgOCdIwiacHMq4TXUoFLZYA89LHIX1n6s2WvLfykBWmudW/jR0BRqiFKHGu +TOAhiVnzrpGicVhD2a6Mx3KfMYcHSMofrpP96eoWERjM64FwfJvuhuBf4eZP3nIB +WGbpO8y4XwVHkK+tKp2ePXjWolZ1GY15cf8SifPWZwWLMdG4VnTKbGOh6DDFCR5K +ehjIfa9SHdGRD+I1k+G70N0OOBnpnSbyZRzEwaq3BOqJhLwoRwAe9wQ+hLjgE7Vo +ZOckTCEAFMu4SRM8JeXUeRGirnS2z4Kv3Dq+7wIDAQABAoIBADUc0ih40MuRWe+Z +uDhudaLkIn6Y8lkDuTs9yLxyfBEwygheWhcjjFX8XauStqqo3GKe7jf0ukCxDiRF +y9hclpq0g0mMavJav8jWPovb08pV8Mgvb8veRBEsEuLBtr4TmV1TTg2MgwYOFIL2 +c+mRR7hiLJK4TjKeKBDvl5tNLFDBC/2clHXnLCRb8rOKqwmseoPavi992QZ7+Yyq +n0Dx5DOpr1cOcJEr4va8Sornd3LjLuNMjm7XzgIryR5pvLM0ns8Fy2ihyKl7Hd3s +ek9c5fh0jbhz6s28K8laWm9bhozdMQ12y1U5z0PJV+VOwTX/M9UCK1+CpvmjTim5 +NeD93QECgYEA924yXRdUXpOlxJifJ49n88gytHOVcgitrdlZNCAE7aKdYcQW7VSY +7IjUyXH/Mi2zlWKpXYGllOoDW71PhLiMuEtaNfLdToXgHEMGvj+vGw9ZRqs6HY2w +wGyOrxg5VcSOfSpAom4gCGRqxWhHtY/rzFOy7oZePJuRbjcqrAeGQmECgYEA2npt +dGHwp20S5tyd7n1H6Fe2m1t/vjxGsGFfwbFggGIu9lVQxgAQiimzHgBDOjSzs163 +PmuWWUDmHllB9AmJw4wrbAyiHNOmdi4rgY0ez5G6Q9sviFQeFJZzHhe6G1+CcafL ++oSU+Ej7zznMpyU85vcxFz70JvRZ4BeD0PtZI08CgYEAsXEGjzoG2Fh8PdPR91Xh +j7NXoY9ucjwFCbLgRQBdaGoBAbbVVlgf3yl1qA2nnL2nlw8NNLCgJX348JZ/60dK +K3Rmel/0E7bwdHQg5tjW48oLFSIAaGdPhX+Uh78QhxCRuvNNLO9a64nQBEf3fR58 +VKkFngcgl8hc8DSB1qMCxqECgYAOZ54J219DmrRxVkBvdgEkt4vJqHm+sDi07mai +3bAQJukTwsJFm8F7ao5tvvSvxMPIYslQK0XJcrb5b0ci8PINW5ONVzPlFKtYBWlG +7GgIpYITcUMsCOfG0bibVlMl9OEj3z1ash0kVaOMoTH2H0VpsQiikLsGSnwWg1Zk +k/3njwKBgD6Nu6kj4BSWGZacLtePJQzxlsnYiDm9SSmrtqJ1lnpbqo4/Zp5bCHS9 +qMOUv+Hcwpsb3IYI8np1ekZfKi7xFXcRjxKRYnDURQgQKwPeHZ06ht7X0DdTXuiY +K97byeb9hks3QNE1k1EuXue7IXS657Fq5IZrN+NQ6vkqq/X7e91X +-----END RSA PRIVATE KEY----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.pem new file mode 100644 index 00000000..a9302167 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzzCCAbcCFAiy3jWfhXnxRqZJCbjzFQzsU3p/MA0GCSqGSIb3DQEBCwUAMCQx +IjAgBgNVBAMMGUJhY2t1cCBzeXN0ZW0gY2xpZW50IHJvb3QwHhcNMTkwNDI4MjA1 +MTU1WhcNMzgwMTE4MjA1MTU1WjAkMSIwIAYDVQQDDBlCYWNrdXAgc3lzdGVtIGNs +aWVudCByb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYs/WHO+ +FSAezyCnr7C/dohuwQdeNY4p9OkHi7565szigD1e1dPQ2IItlA/LYEC0g6RrMnqx +p7rDZCradqMwPJMFyUCCiTdMtUjrCEySDF0Hzvy5opBveyTvGDrI0jqIjtLvRxNE +z0koXxk8Exnp+0+Cg+ih7WRraQVOOE2ATqM78OMDJYal/tDhxvYQsF2CtT56FvPh +nPSEdnROzmko7xLESQFfgVE/ixSRu4Mz3ZQ1zHIHGWsuDbWS0OUhyJ+15/0n3ipD +LHkeei0xZamuPhmLaYDz+LXiin3QJc+r9+KCPzNiQ/LLH0rK0oNIpwaAHLGM0wFb +MgBnXt2hGCrUqQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAvHW8APi1lhEguSXDc +X/k5ETL1YJzlEfIn4HKL7kcKo5IOdyHaIigGCWM7atwKeGBtTRl8CTY4wt1L7d+A +LDzF07MlKL/KiX1yPw9ZzHBhKNLYgmKsRL5cgW/YLYEAGD0lTwW7llsqZ40jJ1+X +CWomYEzVpGW76MprYge4Oj+4PRXaZikkn7pzlZVcGJbzr1Q+JaFNLRkAMPK4pRXj +AOSLQpIuc0DzftzC8tHbyLMifrHYdibHaujsvu1mV4NeYhO63ZB8S5Xyz1JlpsEQ +rieLH1/9dnWue7yBCpI+QMRq+zK92HxiCCaM0d6xpSsbI5IawkqmoWj9gYol0EnX +ImLj +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.srl b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.srl new file mode 100644 index 00000000..8a0f05e1 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.srl @@ -0,0 +1 @@ +01 diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.pem new file mode 100644 index 00000000..e26b6e1a --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzzCCAbcCFFv62JnwctULelqlEY+sZTPEb7ekMA0GCSqGSIb3DQEBCwUAMCQx +IjAgBgNVBAMMGUJhY2t1cCBzeXN0ZW0gc2VydmVyIHJvb3QwHhcNMTkwNDI4MjA1 +MTU1WhcNMzgwMTE4MjA1MTU1WjAkMSIwIAYDVQQDDBlCYWNrdXAgc3lzdGVtIHNl +cnZlciByb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0yorMa5E +xhMYLga0zhixr8Ryl+B1EO3VXnhztCNqt/P/pS9vt2f7bUgOCdIwiacHMq4TXUoF +LZYA89LHIX1n6s2WvLfykBWmudW/jR0BRqiFKHGuTOAhiVnzrpGicVhD2a6Mx3Kf +MYcHSMofrpP96eoWERjM64FwfJvuhuBf4eZP3nIBWGbpO8y4XwVHkK+tKp2ePXjW +olZ1GY15cf8SifPWZwWLMdG4VnTKbGOh6DDFCR5KehjIfa9SHdGRD+I1k+G70N0O +OBnpnSbyZRzEwaq3BOqJhLwoRwAe9wQ+hLjgE7VoZOckTCEAFMu4SRM8JeXUeRGi +rnS2z4Kv3Dq+7wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAI6THIONT6lgNq3Bvg +TCBqkBA1W/k372Pktt6IDFW44dT0J9/oq2o6ZNHycpKS3VwS4C05XbU/v5hE/k2O +Cu3/y3en+dJIv4Wl2JTPaSRF/4J46sXNtizVAJDKoE3ZHt1viCjsWyllGXoaavce +fWYppf3g6ImhyAkzlCfyVph2F0vmLZL41K3C040e+GpXdzG1Yy1+2USPhz0Ch+kd +jqIErNp9OnPRd1yRb1YD+dQ7Wei5vB3OXMk3UQiG9AJ2qmxlEem5lTSpt9fTvWfU +OAjTynvWbHTULjxvOeenW7cD5ILSr2zVDYQ53KTWjP9NfmsQTAFzkqJztPpB2A0o +CKG2 +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.srl b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.srl new file mode 100644 index 00000000..9e22bcb8 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.srl @@ -0,0 +1 @@ +02 diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert-sha1.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert-sha1.pem new file mode 100644 index 00000000..19b6ed62 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert-sha1.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrDCCAZQCAQIwDQYJKoZIhvcNAQEFBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5 +c3RlbSBzZXJ2ZXIgcm9vdDAeFw0xOTA0MjkxOTI3NDRaFw0zMzAxMDUxOTI3NDRa +MBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAPVJN1fqLpbabNasGicKPsN99rWpdra46+Swl6E7l1KzuPsSSAWCgtg+ +2vjZdlVGcPiq+lBCP8HO0TsDPOLPZdYwmeYl1a8//Fx2CbyV8LsNyA0BEhW8WbKz +YNBQvFOxhLVZQkZ1a+gdkZHIj5A1yt01anX+N37+K64qT0hP3eIWwKv7j3eS2TVE +HcushbDMsBuHEqomh8N4YOGi4BehCl49vbPCBU4jYTNYfF6wgYtDH8giKtox1TNf +2US9dBwOnDL7v9hPqH6yxE5ehZU88guFhUAar9KJxZihSDOW7QFSKJPzSFl+b6ZN +a6hp0jrlv+pYVDuMnMxMWWnYA8Me2IsCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA +E8KZNWzkbNwhcVEHR34IxVYPy1uppI/jtVOsQGGSVC1UscAWyGiQWPxqMhwYxsVn +gz7QYj1oKye1VRuJNTekARvBRFZzWhAi0qGlpiC5yilZB8IlhYUABmgPjg+PuhAF +xSd+IGVlm/+sisClsPG9DpesyK6+C2ukpVXyaXWR+1/IrQuUpWKLT1pPamVH3zWK +anT+62bbk0XuxsVqCkGx+aPLesCHAfTNuAxWfkbXXcA+HoGNy3IpmpJGhyCnf1je +eL6Wf6sAY44y7wQlwHimbi4kOge+UFLIKkqhHSDO2pzyPc02Gs1bBRd94+v2z5h7 +OkIcTqwiJLjLLIWV4WsdwA== +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert.pem new file mode 100644 index 00000000..40ce8cbf --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrDCCAZQCAQEwDQYJKoZIhvcNAQELBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5 +c3RlbSBzZXJ2ZXIgcm9vdDAeFw0xOTA0MjgyMDUxNTdaFw0zMzAxMDQyMDUxNTda +MBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAPVJN1fqLpbabNasGicKPsN99rWpdra46+Swl6E7l1KzuPsSSAWCgtg+ +2vjZdlVGcPiq+lBCP8HO0TsDPOLPZdYwmeYl1a8//Fx2CbyV8LsNyA0BEhW8WbKz +YNBQvFOxhLVZQkZ1a+gdkZHIj5A1yt01anX+N37+K64qT0hP3eIWwKv7j3eS2TVE +HcushbDMsBuHEqomh8N4YOGi4BehCl49vbPCBU4jYTNYfF6wgYtDH8giKtox1TNf +2US9dBwOnDL7v9hPqH6yxE5ehZU88guFhUAar9KJxZihSDOW7QFSKJPzSFl+b6ZN +a6hp0jrlv+pYVDuMnMxMWWnYA8Me2IsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA +fu1wVNuZLkO0e8+oYAnznL7oknE8QJGAd/P2/MqgfsnBXHS0UVl+5L8DQdvCBarr +vDO/CVL9/ZGj30CipA556cz1pYDtx5TV2GLtfKHKJhoftbgswmt1pPowIIa8zlBA +SOERy2ooXGnrA5kii+fifkiWy1R0FmJTKZ2jX41Xq60FwXWX7cyCq/xRI+V08HrY +mNJ2rmAjyWpWZpPNOtQ/SYIX1s2KoPw4XMxfiP5fiMOl3RqEVBkW0h9Hxikl8wKY +EmA/ESm1F6lnRXvGXWDGQIFCRf2Rv0KlPvNPA/GLZMr0ibYIjc4KnIxKFg//GQF3 +LUYpyJyToT8hE49ypG18mQ== +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/raidfile.conf b/test/basicserver/testfiles/seclevel2-sha256/raidfile.conf new file mode 100644 index 00000000..6e235b24 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/raidfile.conf @@ -0,0 +1,10 @@ + +disc0 +{ + SetNumber = 0 + BlockSize = 1024 + Dir0 = . + Dir1 = . + Dir2 = . +} + diff --git a/test/basicserver/testfiles/srv3-insecure-daemon.conf b/test/basicserver/testfiles/srv3-insecure-daemon.conf new file mode 100644 index 00000000..09cf352d --- /dev/null +++ b/test/basicserver/testfiles/srv3-insecure-daemon.conf @@ -0,0 +1,9 @@ +Server +{ + PidFile = testfiles/srv3.pid + ListenAddresses = inet:localhost,unix:testfiles/srv3.sock + CertificateFile = testfiles/seclevel2-sha256/ca/servers/localhost-cert-sha1.pem + PrivateKeyFile = testfiles/seclevel2-sha256/bbstored/localhost-key.pem + TrustedCAsFile = testfiles/seclevel2-sha256/ca/roots/clientCA.pem +} + diff --git a/test/basicserver/testfiles/srv3-seclevel2-sha1.conf b/test/basicserver/testfiles/srv3-seclevel2-sha1.conf new file mode 100644 index 00000000..93c0f99f --- /dev/null +++ b/test/basicserver/testfiles/srv3-seclevel2-sha1.conf @@ -0,0 +1,9 @@ +Server +{ + PidFile = testfiles/srv3.pid + ListenAddresses = inet:localhost,unix:testfiles/srv3.sock + CertificateFile = testfiles/seclevel2-sha1/ca/servers/localhost-cert.pem + PrivateKeyFile = testfiles/seclevel2-sha1/bbstored/localhost-key.pem + TrustedCAsFile = testfiles/seclevel2-sha1/ca/roots/clientCA.pem +} + diff --git a/test/basicserver/testfiles/srv3-seclevel2-sha256.conf b/test/basicserver/testfiles/srv3-seclevel2-sha256.conf new file mode 100644 index 00000000..58c267d4 --- /dev/null +++ b/test/basicserver/testfiles/srv3-seclevel2-sha256.conf @@ -0,0 +1,9 @@ +Server +{ + PidFile = testfiles/srv3.pid + ListenAddresses = inet:localhost,unix:testfiles/srv3.sock + CertificateFile = testfiles/seclevel2-sha256/ca/servers/localhost-cert.pem + PrivateKeyFile = testfiles/seclevel2-sha256/bbstored/localhost-key.pem + TrustedCAsFile = testfiles/seclevel2-sha256/ca/roots/clientCA.pem +} + diff --git a/test/basicserver/testfiles/srv4.conf b/test/basicserver/testfiles/srv4-noseclevel.conf index f05dff75..db22e95f 100644 --- a/test/basicserver/testfiles/srv4.conf +++ b/test/basicserver/testfiles/srv4-noseclevel.conf @@ -3,4 +3,3 @@ Server PidFile = testfiles/srv4.pid ListenAddresses = unix:testfiles/srv4.sock,inet:localhost } - diff --git a/test/basicserver/testfiles/srv4-seclevel1.conf b/test/basicserver/testfiles/srv4-seclevel1.conf new file mode 100644 index 00000000..cd90566c --- /dev/null +++ b/test/basicserver/testfiles/srv4-seclevel1.conf @@ -0,0 +1,7 @@ +Server +{ + PidFile = testfiles/srv4.pid + ListenAddresses = unix:testfiles/srv4.sock,inet:localhost +} + +SSLSecurityLevel = 1 diff --git a/test/basicserver/testfiles/srv4-seclevel2-insecure.conf b/test/basicserver/testfiles/srv4-seclevel2-insecure.conf new file mode 100644 index 00000000..5d8b1149 --- /dev/null +++ b/test/basicserver/testfiles/srv4-seclevel2-insecure.conf @@ -0,0 +1,7 @@ +Server +{ + PidFile = testfiles/srv4.pid + ListenAddresses = unix:testfiles/srv4.sock,inet:localhost +} + +SSLSecurityLevel = 2 diff --git a/test/basicserver/testfiles/srv4-seclevel2-secure.conf b/test/basicserver/testfiles/srv4-seclevel2-secure.conf new file mode 100644 index 00000000..5d8b1149 --- /dev/null +++ b/test/basicserver/testfiles/srv4-seclevel2-secure.conf @@ -0,0 +1,7 @@ +Server +{ + PidFile = testfiles/srv4.pid + ListenAddresses = unix:testfiles/srv4.sock,inet:localhost +} + +SSLSecurityLevel = 2 |