Codebase list ocaml-ca-certs / fresh-snapshots/main
New upstream release. Debian Janitor 1 year, 4 months ago
8 changed file(s) with 147 addition(s) and 128 deletion(s). Raw diff Collapse all Expand all
+0
-24
.github/workflows/test.yml less more
0 name: ca-certs
1
2 on: [push, pull_request]
3
4 jobs:
5 tests:
6 name: Tests
7
8 strategy:
9 fail-fast: false
10 matrix:
11 ocaml-version: ["4.13.1", "4.12.1", "4.11.2"]
12 operating-system: [macos-latest, ubuntu-latest, windows-latest]
13
14 runs-on: ${{ matrix.operating-system }}
15
16 steps:
17 - name: Checkout code
18 uses: actions/checkout@v2
19
20 - name: Use OCaml ${{ matrix.ocaml-version }}
21 uses: ocaml/setup-ocaml@v2
22 with:
23 ocaml-version: ${{ matrix.ocaml-version }}
+0
-3
.gitignore less more
0 _build
1 _opam
2 .merlin
+1
-1
.ocamlformat less more
0 version = 0.19.0
0 version = 0.23.0
11 profile=conventional
+6
-0
CHANGES.md less more
0 # v0.2.3 (2022-09-02)
1
2 * Respect the environment variable SSL_CERT_FILE as well (suggested in #22 by
3 @Konubinix, fixed in #23 by @hannesm, ok'ed by @sternenseemann)
4 * Update tests for recent alpine releases (#24 @hannesm, likely fixes #21)
5
06 # v0.2.2 (2021-10-27)
17
28 * Filter trailing certificate (if the data does not contain
+3
-2
debian/changelog less more
0 ocaml-ca-certs (0.2.2+git20211209.1.39d203d-1) UNRELEASED; urgency=low
0 ocaml-ca-certs (0.2.3-1) UNRELEASED; urgency=low
11
22 * New upstream snapshot.
3 * New upstream release.
34
4 -- Debian Janitor <janitor@jelmer.uk> Sat, 09 Apr 2022 09:42:09 -0000
5 -- Debian Janitor <janitor@jelmer.uk> Mon, 19 Dec 2022 08:39:57 -0000
56
67 ocaml-ca-certs (0.2.2-2) unstable; urgency=medium
78
+8
-4
lib/ca_certs.ml less more
4343
4444 (* from https://golang.org/src/crypto/x509/root_bsd.go *)
4545 let openbsd_location = "/etc/ssl/cert.pem"
46
4746 let freebsd_location = "/usr/local/share/certs/ca-root-nss.crt"
4847
4948 let macos_keychain_location =
8281 if Sys.win32 then windows_trust_anchors ()
8382 else
8483 (* NixOS is special and sets "NIX_SSL_CERT_FILE" as location during builds *)
85 match Sys.getenv_opt "NIX_SSL_CERT_FILE" with
86 | Some x ->
84 match
85 (Sys.getenv_opt "SSL_CERT_FILE", Sys.getenv_opt "NIX_SSL_CERT_FILE")
86 with
87 | Some x, _ ->
88 Log.info (fun m -> m "using %s (from SSL_CERT_FILE)" x);
89 detect_one x
90 | _, Some x ->
8791 Log.info (fun m -> m "using %s (from NIX_SSL_CERT_FILE)" x);
8892 detect_one x
89 | None -> (
93 | None, None -> (
9094 let cmd = Bos.Cmd.(v "uname" % "-s") in
9195 let* os = Bos.OS.Cmd.(run_out cmd |> out_string |> success) in
9296 match os with
+2
-1
lib/ca_certs.mli less more
1212 val trust_anchors : unit -> (string, [> `Msg of string ]) result
1313 (** [trust_anchors ()] detects the root CAs (trust anchors) in the operating
1414 system's trust store. On Unix systems, if the environment variable
15 [NIX_SSL_CERT_FILE] is set, its value is used as path to the trust anchors.
15 [SSL_CERT_FILE] is set, its value is used as path to the trust anchors.
16 Otherwise, if [NIX_SSL_CERT_FILE] is set, its value is used.
1617 The successful result is a list of pem-encoded X509 certificates. *)
+127
-93
test/tests.ml less more
1717 type t = X509.Validation.validation_error
1818
1919 let pp = X509.Validation.pp_validation_error
20
2120 let equal a b = compare a b = 0 (* TODO relies on polymorphic equality *)
2221 end in
2322 (module M : Alcotest.TESTABLE with type t = M.t)
4342 let r = Alcotest.result ok err
4443
4544 let test_one ?time anchors result host chain () =
46 let time () = match time with None -> Some now | Some t -> Some t
45 let time () = Some (Option.value ~default:now time)
4746 and name = Domain_name.to_string host
4847 and host = Some host in
4948 Alcotest.check r ("test one " ^ name) result
5150
5251 let google =
5352 {|
54 CONNECTED(00000003)
53 CONNECTED(00000004)
5554 ---
5655 Certificate chain
57 0 s:C = US, ST = California, L = Mountain View, O = Google LLC, CN = *.google.com
58 i:C = US, O = Google Trust Services, CN = GTS CA 1O1
59 -----BEGIN CERTIFICATE-----
60 MIIJcTCCCFmgAwIBAgIRAOzqbxiPVrFyAgAAAAB8NQswDQYJKoZIhvcNAQELBQAw
61 QjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET
62 MBEGA1UEAxMKR1RTIENBIDFPMTAeFw0yMDA5MjIxNTIyMTlaFw0yMDEyMTUxNTIy
63 MTlaMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
64 Ew1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRUwEwYDVQQDDAwq
65 Lmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARomdmWq6BlO0yH
66 z9Xb08PTWbhcMw4YF14cQRiDKnigLYp3bGxUCDtu5dAdccM0mqQdzK0cMnYMXqEC
67 2T3Hw647o4IHBzCCBwMwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF
68 BwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEN+puKWN1FY2tdecjOJANtw/Sak
69 MB8GA1UdIwQYMBaAFJjR+G4Q68+b7GCfGJAboOt9Cf0rMGgGCCsGAQUFBwEBBFww
70 WjArBggrBgEFBQcwAYYfaHR0cDovL29jc3AucGtpLmdvb2cvZ3RzMW8xY29yZTAr
71 BggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nL2dzcjIvR1RTMU8xLmNydDCCBMIG
72 A1UdEQSCBLkwggS1ggwqLmdvb2dsZS5jb22CDSouYW5kcm9pZC5jb22CFiouYXBw
73 ZW5naW5lLmdvb2dsZS5jb22CCSouYmRuLmRldoISKi5jbG91ZC5nb29nbGUuY29t
74 ghgqLmNyb3dkc291cmNlLmdvb2dsZS5jb22CGCouZGF0YWNvbXB1dGUuZ29vZ2xl
75 LmNvbYIGKi5nLmNvgg4qLmdjcC5ndnQyLmNvbYIRKi5nY3BjZG4uZ3Z0MS5jb22C
76 CiouZ2dwaHQuY26CDiouZ2tlY25hcHBzLmNughYqLmdvb2dsZS1hbmFseXRpY3Mu
77 Y29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUuY2yCDiouZ29vZ2xlLmNvLmlugg4q
78 Lmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28udWuCDyouZ29vZ2xlLmNvbS5hcoIP
79 Ki5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5jb20uYnKCDyouZ29vZ2xlLmNvbS5j
80 b4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20udHKCDyouZ29vZ2xlLmNv
81 bS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xlLmVzggsqLmdvb2dsZS5mcoILKi5n
82 b29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdvb2dsZS5ubIILKi5nb29nbGUucGyC
83 CyouZ29vZ2xlLnB0ghIqLmdvb2dsZWFkYXBpcy5jb22CDyouZ29vZ2xlYXBpcy5j
84 boIRKi5nb29nbGVjbmFwcHMuY26CFCouZ29vZ2xlY29tbWVyY2UuY29tghEqLmdv
85 b2dsZXZpZGVvLmNvbYIMKi5nc3RhdGljLmNugg0qLmdzdGF0aWMuY29tghIqLmdz
86 dGF0aWNjbmFwcHMuY26CCiouZ3Z0MS5jb22CCiouZ3Z0Mi5jb22CFCoubWV0cmlj
87 LmdzdGF0aWMuY29tggwqLnVyY2hpbi5jb22CECoudXJsLmdvb2dsZS5jb22CEyou
88 d2Vhci5na2VjbmFwcHMuY26CFioueW91dHViZS1ub2Nvb2tpZS5jb22CDSoueW91
89 dHViZS5jb22CFioueW91dHViZWVkdWNhdGlvbi5jb22CESoueW91dHViZWtpZHMu
90 Y29tggcqLnl0LmJlggsqLnl0aW1nLmNvbYIaYW5kcm9pZC5jbGllbnRzLmdvb2ds
91 ZS5jb22CC2FuZHJvaWQuY29tghtkZXZlbG9wZXIuYW5kcm9pZC5nb29nbGUuY26C
92 HGRldmVsb3BlcnMuYW5kcm9pZC5nb29nbGUuY26CBGcuY2+CCGdncGh0LmNuggxn
93 a2VjbmFwcHMuY26CBmdvby5nbIIUZ29vZ2xlLWFuYWx5dGljcy5jb22CCmdvb2ds
94 ZS5jb22CD2dvb2dsZWNuYXBwcy5jboISZ29vZ2xlY29tbWVyY2UuY29tghhzb3Vy
95 Y2UuYW5kcm9pZC5nb29nbGUuY26CCnVyY2hpbi5jb22CCnd3dy5nb28uZ2yCCHlv
96 dXR1LmJlggt5b3V0dWJlLmNvbYIUeW91dHViZWVkdWNhdGlvbi5jb22CD3lvdXR1
97 YmVraWRzLmNvbYIFeXQuYmUwIQYDVR0gBBowGDAIBgZngQwBAgIwDAYKKwYBBAHW
98 eQIFAzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLnBraS5nb29nL0dUUzFP
99 MWNvcmUuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHUAB7dcG+V9aP/xsMYd
100 IxXHuuZXfFeUt2ruvGE6GmnTohwAAAF0tp+GwAAABAMARjBEAiBis68209UqRM3U
101 pdK8YoCfL8BrZY6+i6ORfGmo7neXTQIgSrcPvX7ZqP3uvT5yoJYFjbpZBwY9cwAV
102 W4n9855SnlcAdwDnEvKwN34aYvuOyQxhhPHqezfLVh0RJlvz4PNL8kFUbgAAAXS2
103 n4TVAAAEAwBIMEYCIQCRyG5B5Www1ro7CxWNLULQ96BNxtNTCko0bNCD5MejPQIh
104 AMNe5UO1cbG7u6oaO7/yRUt2O1OSewKoMddtPB1OUBh+MA0GCSqGSIb3DQEBCwUA
105 A4IBAQAN61JzpCZJVRZrpVJIRy6Hn65b0ZDBXTh3x6OpD3X2Y0Q6FRqaQuPUA7xg
106 DUvVnUUpMGsM2ylzUrtvJhSOCb32FU3g9FwVzTif/PRA5qniYRhysR2aa+NxHg5c
107 rua60gExT/oSHeGKpJUXTCTPypF4wJ1YvKOd7pRfNqlGR4Gfb6BVy/YCA3CW/bk0
108 yQ0k99iL/ancn2qGBn4++Z2XWGZHgo5FTvCtFl6ZrK01T+UeqhLp8kQOvyN58WiM
109 S+c/7a4M2GyzJe+niWodeKFY91N0SpBViX8cl0YmIm6CNmJdRt5AA+C/FmLgxh7F
110 wBPEtuosuW+JHwshTHwwylI7tT1x
111 -----END CERTIFICATE-----
112 1 s:C = US, O = Google Trust Services, CN = GTS CA 1O1
113 i:OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
114 -----BEGIN CERTIFICATE-----
115 MIIESjCCAzKgAwIBAgINAeO0mqGNiqmBJWlQuDANBgkqhkiG9w0BAQsFADBMMSAw
116 HgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs
117 U2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy
118 MTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg
119 U2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUA
120 A4IBDwAwggEKAoIBAQDQGM9F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnv
121 UA0Qk28FgICfKqC9EksC4T2fWBYk/jCfC3R3VZMdS/dN4ZKCEPZRrAzDsiKUDzRr
122 mBBJ5wudgzndIMYcLe/RGGFl5yODIKgjEv/SJH/UL+dEaltN11BmsK+eQmMF++Ac
123 xGNhr59qM/9il71I2dN8FGfcddwuaej4bXhp0LcQBbjxMcI7JP0aM3T4I+DsaxmK
124 FsbjzaTNC9uzpFlgOIg7rR25xoynUxv8vNmkq7zdPGHXkxWY7oG9j+JkRyBABk7X
125 rJfoucBZEqFJJSPk7XA0LKW0Y3z5oz2D0c1tJKwHAgMBAAGjggEzMIIBLzAOBgNV
126 HQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1Ud
127 EwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJjR+G4Q68+b7GCfGJAboOt9Cf0rMB8G
128 A1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd/cGYYuMDUGCCsGAQUFBwEBBCkwJzAl
129 BggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdvb2cvZ3NyMjAyBgNVHR8EKzAp
130 MCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dzcjIvZ3NyMi5jcmwwPwYDVR0g
131 BDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9y
132 ZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAGoA+Nnn78y6pRjd9XlQWNa7H
133 TgiZ/r3RNGkmUmYHPQq6Scti9PEajvwRT2iWTHQr02fesqOqBY2ETUwgZQ+lltoN
134 FvhsO9tvBCOIazpswWC9aJ9xju4tWDQH8NVU6YZZ/XteDSGU9YzJqPjY8q3MDxrz
135 mqepBCf5o8mw/wJ4a2G6xzUr6Fb6T8McDO22PLRL6u3M4Tzs3A2M1j6bykJYi8wW
136 IRdAvKLWZu/axBVbzYmqmwkm5zLSDW5nIAJbELCQCZwMH56t2Dvqofxs6BBcCFIZ
137 USpxu6x6td0V7SvJCCosirSmIatj/9dSSVDQibet8q/7UK4v4ZUN80atnZz1yg==
56 0 s:CN = *.google.com
57 i:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
58 -----BEGIN CERTIFICATE-----
59 MIIN7TCCDNWgAwIBAgIRAOiTWGjouQqZEnfVOliVUgMwDQYJKoZIhvcNAQELBQAw
60 RjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBM
61 TEMxEzARBgNVBAMTCkdUUyBDQSAxQzMwHhcNMjIwODE1MDgxNzU1WhcNMjIxMTA3
62 MDgxNzU0WjAXMRUwEwYDVQQDDAwqLmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggq
63 hkjOPQMBBwNCAAR+WyRr7LUBv9hZwwfLXBL1TKYA7WPZ9M/U0M4hNC4Z/AKlY6uO
64 UfM/EQb7U9EKKx97cFnNeu4NSn91myBj2I9To4ILzjCCC8owDgYDVR0PAQH/BAQD
65 AgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE
66 FBGBZeOKvV1jMa3d+vhUaXt7MXyFMB8GA1UdIwQYMBaAFIp0f6+Fze6VzT2c0OJG
67 FPNxNR0nMGoGCCsGAQUFBwEBBF4wXDAnBggrBgEFBQcwAYYbaHR0cDovL29jc3Au
68 cGtpLmdvb2cvZ3RzMWMzMDEGCCsGAQUFBzAChiVodHRwOi8vcGtpLmdvb2cvcmVw
69 by9jZXJ0cy9ndHMxYzMuZGVyMIIJfwYDVR0RBIIJdjCCCXKCDCouZ29vZ2xlLmNv
70 bYIWKi5hcHBlbmdpbmUuZ29vZ2xlLmNvbYIJKi5iZG4uZGV2ghUqLm9yaWdpbi10
71 ZXN0LmJkbi5kZXaCEiouY2xvdWQuZ29vZ2xlLmNvbYIYKi5jcm93ZHNvdXJjZS5n
72 b29nbGUuY29tghgqLmRhdGFjb21wdXRlLmdvb2dsZS5jb22CCyouZ29vZ2xlLmNh
73 ggsqLmdvb2dsZS5jbIIOKi5nb29nbGUuY28uaW6CDiouZ29vZ2xlLmNvLmpwgg4q
74 Lmdvb2dsZS5jby51a4IPKi5nb29nbGUuY29tLmFygg8qLmdvb2dsZS5jb20uYXWC
75 DyouZ29vZ2xlLmNvbS5icoIPKi5nb29nbGUuY29tLmNvgg8qLmdvb2dsZS5jb20u
76 bXiCDyouZ29vZ2xlLmNvbS50coIPKi5nb29nbGUuY29tLnZuggsqLmdvb2dsZS5k
77 ZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZyggsqLmdvb2dsZS5odYILKi5nb29n
78 bGUuaXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5wbIILKi5nb29nbGUucHSCEiou
79 Z29vZ2xlYWRhcGlzLmNvbYIPKi5nb29nbGVhcGlzLmNughEqLmdvb2dsZXZpZGVv
80 LmNvbYIMKi5nc3RhdGljLmNughAqLmdzdGF0aWMtY24uY29tgg9nb29nbGVjbmFw
81 cHMuY26CESouZ29vZ2xlY25hcHBzLmNughFnb29nbGVhcHBzLWNuLmNvbYITKi5n
82 b29nbGVhcHBzLWNuLmNvbYIMZ2tlY25hcHBzLmNugg4qLmdrZWNuYXBwcy5jboIS
83 Z29vZ2xlZG93bmxvYWRzLmNughQqLmdvb2dsZWRvd25sb2Fkcy5jboIQcmVjYXB0
84 Y2hhLm5ldC5jboISKi5yZWNhcHRjaGEubmV0LmNughByZWNhcHRjaGEtY24ubmV0
85 ghIqLnJlY2FwdGNoYS1jbi5uZXSCC3dpZGV2aW5lLmNugg0qLndpZGV2aW5lLmNu
86 ghFhbXBwcm9qZWN0Lm9yZy5jboITKi5hbXBwcm9qZWN0Lm9yZy5jboIRYW1wcHJv
87 amVjdC5uZXQuY26CEyouYW1wcHJvamVjdC5uZXQuY26CF2dvb2dsZS1hbmFseXRp
88 Y3MtY24uY29tghkqLmdvb2dsZS1hbmFseXRpY3MtY24uY29tghdnb29nbGVhZHNl
89 cnZpY2VzLWNuLmNvbYIZKi5nb29nbGVhZHNlcnZpY2VzLWNuLmNvbYIRZ29vZ2xl
90 dmFkcy1jbi5jb22CEyouZ29vZ2xldmFkcy1jbi5jb22CEWdvb2dsZWFwaXMtY24u
91 Y29tghMqLmdvb2dsZWFwaXMtY24uY29tghVnb29nbGVvcHRpbWl6ZS1jbi5jb22C
92 FyouZ29vZ2xlb3B0aW1pemUtY24uY29tghJkb3VibGVjbGljay1jbi5uZXSCFCou
93 ZG91YmxlY2xpY2stY24ubmV0ghgqLmZscy5kb3VibGVjbGljay1jbi5uZXSCFiou
94 Zy5kb3VibGVjbGljay1jbi5uZXSCDmRvdWJsZWNsaWNrLmNughAqLmRvdWJsZWNs
95 aWNrLmNughQqLmZscy5kb3VibGVjbGljay5jboISKi5nLmRvdWJsZWNsaWNrLmNu
96 ghFkYXJ0c2VhcmNoLWNuLm5ldIITKi5kYXJ0c2VhcmNoLWNuLm5ldIIdZ29vZ2xl
97 dHJhdmVsYWRzZXJ2aWNlcy1jbi5jb22CHyouZ29vZ2xldHJhdmVsYWRzZXJ2aWNl
98 cy1jbi5jb22CGGdvb2dsZXRhZ3NlcnZpY2VzLWNuLmNvbYIaKi5nb29nbGV0YWdz
99 ZXJ2aWNlcy1jbi5jb22CF2dvb2dsZXRhZ21hbmFnZXItY24uY29tghkqLmdvb2ds
100 ZXRhZ21hbmFnZXItY24uY29tghhnb29nbGVzeW5kaWNhdGlvbi1jbi5jb22CGiou
101 Z29vZ2xlc3luZGljYXRpb24tY24uY29tgiQqLnNhZmVmcmFtZS5nb29nbGVzeW5k
102 aWNhdGlvbi1jbi5jb22CFmFwcC1tZWFzdXJlbWVudC1jbi5jb22CGCouYXBwLW1l
103 YXN1cmVtZW50LWNuLmNvbYILZ3Z0MS1jbi5jb22CDSouZ3Z0MS1jbi5jb22CC2d2
104 dDItY24uY29tgg0qLmd2dDItY24uY29tggsybWRuLWNuLm5ldIINKi4ybWRuLWNu
105 Lm5ldIIUZ29vZ2xlZmxpZ2h0cy1jbi5uZXSCFiouZ29vZ2xlZmxpZ2h0cy1jbi5u
106 ZXSCDGFkbW9iLWNuLmNvbYIOKi5hZG1vYi1jbi5jb22CDSouZ3N0YXRpYy5jb22C
107 FCoubWV0cmljLmdzdGF0aWMuY29tggoqLmd2dDEuY29tghEqLmdjcGNkbi5ndnQx
108 LmNvbYIKKi5ndnQyLmNvbYIOKi5nY3AuZ3Z0Mi5jb22CECoudXJsLmdvb2dsZS5j
109 b22CFioueW91dHViZS1ub2Nvb2tpZS5jb22CCyoueXRpbWcuY29tggthbmRyb2lk
110 LmNvbYINKi5hbmRyb2lkLmNvbYITKi5mbGFzaC5hbmRyb2lkLmNvbYIEZy5jboIG
111 Ki5nLmNuggRnLmNvggYqLmcuY2+CBmdvby5nbIIKd3d3Lmdvby5nbIIUZ29vZ2xl
112 LWFuYWx5dGljcy5jb22CFiouZ29vZ2xlLWFuYWx5dGljcy5jb22CCmdvb2dsZS5j
113 b22CEmdvb2dsZWNvbW1lcmNlLmNvbYIUKi5nb29nbGVjb21tZXJjZS5jb22CCGdn
114 cGh0LmNuggoqLmdncGh0LmNuggp1cmNoaW4uY29tggwqLnVyY2hpbi5jb22CCHlv
115 dXR1LmJlggt5b3V0dWJlLmNvbYINKi55b3V0dWJlLmNvbYIUeW91dHViZWVkdWNh
116 dGlvbi5jb22CFioueW91dHViZWVkdWNhdGlvbi5jb22CD3lvdXR1YmVraWRzLmNv
117 bYIRKi55b3V0dWJla2lkcy5jb22CBXl0LmJlggcqLnl0LmJlghphbmRyb2lkLmNs
118 aWVudHMuZ29vZ2xlLmNvbYIbZGV2ZWxvcGVyLmFuZHJvaWQuZ29vZ2xlLmNughxk
119 ZXZlbG9wZXJzLmFuZHJvaWQuZ29vZ2xlLmNughhzb3VyY2UuYW5kcm9pZC5nb29n
120 bGUuY24wIQYDVR0gBBowGDAIBgZngQwBAgEwDAYKKwYBBAHWeQIFAzA8BgNVHR8E
121 NTAzMDGgL6AthitodHRwOi8vY3Jscy5wa2kuZ29vZy9ndHMxYzMvZlZKeGJWLUt0
122 bWsuY3JsMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHYAQcjKsd8iRkoQxqE6CUKH
123 Xk4xixsD6+tLx2jwkGKWBvYAAAGCoMvRfgAABAMARzBFAiBPV0E8HDi+cvjenWQs
124 LDIplbHN7wh5WW4JljdvTDT6VQIhAOHGQ8dvdnvoWlUsaiQCdYXCJJdBgqfjmNjE
125 StIajA4iAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVdx4QAAAGCoMvR
126 QgAABAMARjBEAiAPgjURNB68xW+4M++sKc7+gOHPDWmhhj9u9WrxM/Qg6QIgAVui
127 /sPQD8WI2grIQcvoYKSgBqP+3tzI+BKC1bt74/IwDQYJKoZIhvcNAQELBQADggEB
128 AKgGzIajsJI5BWB15oKyo5XBHWWY4tkT4s0XIQh1GOZVM/iu4QcDDmjpD0sAexXe
129 fRXT7m+58x8WT1nf1M+U/eAtSullmLHh/OAVFAhW9xMwu5HiteEyBQrYHA0wQ92V
130 Fj9zce9Ps7oOcI79YACdyMtq1mwoWoqDsLxXINJROb2tYpIY75ASaqeN81fCznYS
131 sy6o5bVgPOuzZGn9V/PHDx4+10m1sGtWhcBstqteT3G5xnXekrsZlIm+vugtTnMX
132 RGgpPtZqE8q47tO5m2WsfzaNJSQPlxvm0ccthevPqh/BlD+UNl1uLa2I+/HjBhgo
133 tDTg697Ek5DAKVWvnQwmskU=
134 -----END CERTIFICATE-----
135 1 s:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
136 i:C = US, O = Google Trust Services LLC, CN = GTS Root R1
137 -----BEGIN CERTIFICATE-----
138 MIIFljCCA36gAwIBAgINAgO8U1lrNMcY9QFQZjANBgkqhkiG9w0BAQsFADBHMQsw
139 CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU
140 MBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMjAwODEzMDAwMDQyWhcNMjcwOTMwMDAw
141 MDQyWjBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp
142 Y2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDFDMzCCASIwDQYJKoZIhvcNAQEBBQAD
143 ggEPADCCAQoCggEBAPWI3+dijB43+DdCkH9sh9D7ZYIl/ejLa6T/belaI+KZ9hzp
144 kgOZE3wJCor6QtZeViSqejOEH9Hpabu5dOxXTGZok3c3VVP+ORBNtzS7XyV3NzsX
145 lOo85Z3VvMO0Q+sup0fvsEQRY9i0QYXdQTBIkxu/t/bgRQIh4JZCF8/ZK2VWNAcm
146 BA2o/X3KLu/qSHw3TT8An4Pf73WELnlXXPxXbhqW//yMmqaZviXZf5YsBvcRKgKA
147 gOtjGDxQSYflispfGStZloEAoPtR28p3CwvJlk/vcEnHXG0g/Zm0tOLKLnf9LdwL
148 tmsTDIwZKxeWmLnwi/agJ7u2441Rj72ux5uxiZ0CAwEAAaOCAYAwggF8MA4GA1Ud
149 DwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0T
150 AQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUinR/r4XN7pXNPZzQ4kYU83E1HScwHwYD
151 VR0jBBgwFoAU5K8rJnEaK0gnhS9SZizv8IkTcT4waAYIKwYBBQUHAQEEXDBaMCYG
152 CCsGAQUFBzABhhpodHRwOi8vb2NzcC5wa2kuZ29vZy9ndHNyMTAwBggrBgEFBQcw
153 AoYkaHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMvZ3RzcjEuZGVyMDQGA1UdHwQt
154 MCswKaAnoCWGI2h0dHA6Ly9jcmwucGtpLmdvb2cvZ3RzcjEvZ3RzcjEuY3JsMFcG
155 A1UdIARQME4wOAYKKwYBBAHWeQIFAzAqMCgGCCsGAQUFBwIBFhxodHRwczovL3Br
156 aS5nb29nL3JlcG9zaXRvcnkvMAgGBmeBDAECATAIBgZngQwBAgIwDQYJKoZIhvcN
157 AQELBQADggIBAIl9rCBcDDy+mqhXlRu0rvqrpXJxtDaV/d9AEQNMwkYUuxQkq/BQ
158 cSLbrcRuf8/xam/IgxvYzolfh2yHuKkMo5uhYpSTld9brmYZCwKWnvy15xBpPnrL
159 RklfRuFBsdeYTWU0AIAaP0+fbH9JAIFTQaSSIYKCGvGjRFsqUBITTcFTNvNCCK9U
160 +o53UxtkOCcXCb1YyRt8OS1b887U7ZfbFAO/CVMkH8IMBHmYJvJh8VNS/UKMG2Yr
161 PxWhu//2m+OBmgEGcYk1KCTd4b3rGS3hSMs9WYNRtHTGnXzGsYZbr8w0xNPM1IER
162 lQCh9BIiAfq0g3GvjLeMcySsN1PCAJA/Ef5c7TaUEDu9Ka7ixzpiO2xj2YC/WXGs
163 Yye5TBeg2vZzFb8q3o/zpWwygTMD0IZRcZk0upONXbVRWPeyk+gB9lm+cZv9TSjO
164 z23HFtz30dZGm6fKa+l3D/2gthsjgx0QGtkJAITgRNOidSOzNIb2ILCkXhAd4FJG
165 AJ2xDx8hcFH1mt0G/FX0Kw4zd8NLQsLxdxP8c4CU6x+7Nz/OAipmsHMdMqUybDKw
166 juDEI/9bfU1lcKwrmz3O2+BtjjKAvpafkmO8l7tdufThcV4q5O8DIrGKZTqPwJNl
167 1IXNDw9bg1kWRxYtnCQ6yICmJhSFm/Y3m6xv+cXDBlHz4n/FsRC6UfTd
138168 -----END CERTIFICATE-----
139169 ---
140170 Server certificate
141 subject=C = US, ST = California, L = Mountain View, O = Google LLC, CN = *.google.com
142
143 issuer=C = US, O = Google Trust Services, CN = GTS CA 1O1
171 subject=CN = *.google.com
172
173 issuer=C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
144174
145175 ---
146176 No client certificate CA names sent
148178 Peer signature type: ECDSA
149179 Server Temp Key: X25519, 253 bits
150180 ---
151 SSL handshake has read 3832 bytes and written 390 bytes
181 SSL handshake has read 6700 bytes and written 388 bytes
152182 Verification: OK
153183 ---
154184 New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
280310
281311 let ok_tests =
282312 [
283 ("google.com", google);
284 ("extended-validation.badssl.com", extended_validation_badssl);
313 ( "google.com",
314 google,
315 Ptime.of_date_time ((2022, 09, 02), ((14, 00, 00), 00)) );
316 ("extended-validation.badssl.com", extended_validation_badssl, None);
285317 ]
286318
287319 let self_signed_badssl =
931963 ( "wrong.host.google.com",
932964 (fun h c -> `LeafInvalidName (List.hd c, Some h)),
933965 google,
934 None );
966 Ptime.of_date_time ((2022, 09, 02), ((14, 00, 00), 00)) );
935967 ]
936968
937969 let tests tas =
938970 List.map
939 (fun (name, data) ->
971 (fun (name, data, time) ->
940972 let host = Domain_name.(of_string_exn name |> host_exn)
941973 and chain =
942974 Result.get_ok
943975 (X509.Certificate.decode_pem_multiple (Cstruct.of_string data))
944976 in
945 (name, `Quick, test_one tas (Ok (Some (chain, List.hd chain))) host chain))
977 ( name,
978 `Quick,
979 test_one ?time tas (Ok (Some (chain, List.hd chain))) host chain ))
946980 ok_tests
947981 @ List.map
948982 (fun (name, result, data, time) ->